]>
git.ipfire.org Git - thirdparty/pdns.git/log
Otto Moerbeek [Thu, 20 Jul 2023 13:33:36 +0000 (15:33 +0200)]
Backport #13059: Don't check TTLs of records coming out of packet cache
Otto Moerbeek [Thu, 20 Jul 2023 09:42:23 +0000 (11:42 +0200)]
rec: Backport 13021 to rec-4.9.x: fix setting of policy tags
Backport of #13021
Otto Moerbeek [Mon, 10 Jul 2023 08:56:31 +0000 (10:56 +0200)]
Merge pull request #12995 from omoerbeek/backport-12961-to-rec-4.9.x
rec: Backport 12961 to rec-4.9.x: Work around Red Hat 8 pooping the bed in OpenSSL's headers
Otto Moerbeek [Mon, 10 Jul 2023 08:56:18 +0000 (10:56 +0200)]
Merge pull request #12994 from omoerbeek/backport-12935-to-rec-4.9.x
rec: backport of 12935 to rec-4.9.x: Stop using the now deprecated ERR_load_CRYPTO_strings() to detect OpenSSL
Remi Gacogne [Wed, 28 Jun 2023 13:23:35 +0000 (15:23 +0200)]
Work around Red Hat 8 pooping the bed in OpenSSL's headers
The openssl/kdf.h header on EL8 is invalid because someone backported
a work-in-progress feature to an older OpenSSL branch and did not
bother to backport the fixes that were added later.
Red Hat declined to fix their mess and helpfully suggested we do the
work instead in https://bugzilla.redhat.com/show_bug.cgi?id=
2215856
(cherry picked from commit
3dabf2d4a1a478fb00a232259e8043f075eb4d03 )
Remi Gacogne [Wed, 21 Jun 2023 12:58:15 +0000 (14:58 +0200)]
Stop using the now deprecated ERR_load_CRYPTO_strings() to detect OpenSSL
And move to BN_new() instead, which has been present since at least
0.9.6 and is still in 3.1.
(cherry picked from commit
9fcef4932c9323b085984f8a087045fef70103f5 )
Otto Moerbeek [Thu, 29 Jun 2023 13:37:46 +0000 (15:37 +0200)]
Merge pull request #12968 from omoerbeek/backport-12963-to-rec-4.9.x
rec: Backport 12963 to rec 4.9.x: fix qname length getting out-of-sync with qname-minimization iteration count
Otto Moerbeek [Thu, 29 Jun 2023 07:31:46 +0000 (09:31 +0200)]
rec: fix qname length getting out-of-sync with qname-minimization iteration count
Approach two: fall back to non-QM mode if loop detected
Fixes #12956
(cherry picked from commit
7b9450932da11f34a8a729b7b7e47202276fff5f )
Otto Moerbeek [Mon, 26 Jun 2023 10:35:03 +0000 (12:35 +0200)]
Merge pull request #12936 from omoerbeek/backport-12933-to-rec-4.9.x
rec: Backport 12933 to rec 4.9.x: rewrite and fix verifyOne() loop
Otto Moerbeek [Mon, 26 Jun 2023 10:34:49 +0000 (12:34 +0200)]
Merge pull request #12932 from omoerbeek/backport-12836-to-rec-4.9.x
rec: Backport 12928 to rec-4.9.x: fix daemonize()
Otto Moerbeek [Wed, 21 Jun 2023 11:17:01 +0000 (13:17 +0200)]
Typo inc omment
Co-authored-by: Remi Gacogne <github@coredump.fr>
(cherry picked from commit
da6a2d87c8d8cfe49dc6eda3481b82f8faf5a832 )
Otto Moerbeek [Wed, 21 Jun 2023 08:43:26 +0000 (10:43 +0200)]
Followup to #12893: Rewrite and fix verifyOne() loop
Previous version could return true if the first iteration succeeded, but
the second one threw. Spotted by pt01 on IRC.
(cherry picked from commit
891f17371c4e1007f91abb4695c4b0e95c3f2995 )
Otto Moerbeek [Wed, 21 Jun 2023 08:24:45 +0000 (10:24 +0200)]
rec: Backport of 12928 to rec-4.9.x: fix daemonize()
Otto Moerbeek [Tue, 13 Jun 2023 07:07:59 +0000 (09:07 +0200)]
Merge pull request #12907 from omoerbeek/rec-specialize-4.9.x-branch
rec-4.9.x: specialize GH workflows for branch
Otto Moerbeek [Mon, 12 Jun 2023 12:28:37 +0000 (14:28 +0200)]
rec-4.9.x: specialize GH workflows for branch
Otto Moerbeek [Mon, 12 Jun 2023 11:49:37 +0000 (13:49 +0200)]
Merge pull request #12904 from omoerbeek/rec-gid_t-uid_t-can-be-unsigned
rec: uid_t and gid_t can be unsigned, so doing > on an -1 value is tricky
Otto Moerbeek [Mon, 12 Jun 2023 11:49:22 +0000 (13:49 +0200)]
Merge pull request #12906 from omoerbeek/rec-sdjournal-escape
rec: systemd-journal backend: escape keys that are special
Otto Moerbeek [Mon, 12 Jun 2023 11:48:51 +0000 (13:48 +0200)]
Merge pull request #12893 from omoerbeek/rec-dnssec-alg-setting
rec: add feature to switch off unsupported DNSSEC algos
Otto Moerbeek [Wed, 7 Jun 2023 11:11:33 +0000 (13:11 +0200)]
Tidy and process review comments
Remi Gacogne [Mon, 12 Jun 2023 09:49:26 +0000 (11:49 +0200)]
Merge pull request #12905 from rgacogne/ddist-async-test-racy
dnsdist: Remove a racy test in the AsynchronousHolder unit tests
Peter van Dijk [Mon, 12 Jun 2023 09:41:29 +0000 (11:41 +0200)]
Merge pull request #12881 from Habbie/dispatch-bookworm
builder-dispatch: add debian-bookworm target to defaults
Otto Moerbeek [Mon, 12 Jun 2023 09:22:56 +0000 (11:22 +0200)]
Merge pull request #12900 from omoerbeek/rec-serve-stale-dup-cname
rec: Prevent duplicate C/DNAMEs being included when doing serve-stale
Otto Moerbeek [Mon, 12 Jun 2023 09:02:02 +0000 (11:02 +0200)]
Don't double print and delint
Remi Gacogne [Mon, 12 Jun 2023 09:04:51 +0000 (11:04 +0200)]
dnsdist: Remove a racy test in the AsynchronousHolder unit tests
We are adding an expired event so the worker thread of the
AsynchronousHolder can pick it up immediately, even before we come
back from the call to push(), which leads to a racy test.
This was observed on GitHub Actions when running with TSAN:
```
FAIL: testrunner
================
Running 170 test cases...
test-dnsdistasync.cc(156): error: in "test_dnsdistasync/test_AddingExpiredEvent": check !holder->empty() has failed
*** 1 failure is detected in the test module "unit"
FAIL testrunner (exit status: 201)
```
Otto Moerbeek [Mon, 12 Jun 2023 09:03:50 +0000 (11:03 +0200)]
Merge pull request #12896 from omoerbeek/rec-nod-metrics
rec: expose NOD/UDR metrics
Otto Moerbeek [Mon, 12 Jun 2023 08:41:02 +0000 (10:41 +0200)]
rec: uid_t and gid_t can be unsigned, so doing > on and -1 value is tricky
Otto Moerbeek [Mon, 12 Jun 2023 08:35:34 +0000 (10:35 +0200)]
Merge pull request #12883 from omoerbeek/rec-rpz-soa
rec: add SOA to RPZ modified answers if configured to do so
Otto Moerbeek [Mon, 12 Jun 2023 08:33:47 +0000 (10:33 +0200)]
delint
Otto Moerbeek [Mon, 12 Jun 2023 08:14:03 +0000 (10:14 +0200)]
Process review comments
Remi Gacogne [Mon, 12 Jun 2023 08:10:20 +0000 (10:10 +0200)]
Merge pull request #12840 from phonedph1/patch-39
Update dnsdist-console.cc
Otto Moerbeek [Mon, 12 Jun 2023 07:08:10 +0000 (09:08 +0200)]
Add tests to see if CNAME records are not included multiple times
Remi Gacogne [Mon, 12 Jun 2023 08:08:45 +0000 (10:08 +0200)]
Merge pull request #12839 from phonedph1/patch-38
Update rules-actions.rst
Otto Moerbeek [Mon, 12 Jun 2023 07:40:18 +0000 (09:40 +0200)]
rec: Escape (by prepending "PDNS") message keys that are special to systemd-journal
Otto Moerbeek [Fri, 9 Jun 2023 09:51:04 +0000 (11:51 +0200)]
rec: Prevent duplicate C/DNAMEs to be included when doing serve-stale
This can happen if the CNAME record itself was found, but its target not
Otto Moerbeek [Fri, 9 Jun 2023 06:06:06 +0000 (08:06 +0200)]
Merge pull request #12898 from omoerbeek/rec-depth
rec: keep track of max depth reached and report it if !quiet
Otto Moerbeek [Thu, 8 Jun 2023 11:22:43 +0000 (13:22 +0200)]
Prometheus does not like counter names ending in -count
Otto Moerbeek [Thu, 8 Jun 2023 10:49:01 +0000 (12:49 +0200)]
(Partial) Tidy
Otto Moerbeek [Thu, 8 Jun 2023 10:44:17 +0000 (12:44 +0200)]
rec: keep track of max depth reaches and report it if !quiet
This is enough for now, mostly a metric only interesting to devs
Otto Moerbeek [Thu, 8 Jun 2023 10:11:26 +0000 (12:11 +0200)]
Extend SNMP test to include new OIDs
Otto Moerbeek [Thu, 8 Jun 2023 09:52:02 +0000 (11:52 +0200)]
Add Prometheus and SNMP version of NOD/UDR metrics
Otto Moerbeek [Thu, 8 Jun 2023 09:30:01 +0000 (11:30 +0200)]
Keep track of metrics for NOD and UDR events.
While there, change level of ndr logs to Notice, it was Debug before
Otto Moerbeek [Wed, 7 Jun 2023 10:27:30 +0000 (12:27 +0200)]
Add docs
Otto Moerbeek [Wed, 7 Jun 2023 10:10:26 +0000 (12:10 +0200)]
Add rec_control command to list supported algo names
Otto Moerbeek [Wed, 7 Jun 2023 09:42:48 +0000 (11:42 +0200)]
Distinguish auto and manual disabling in logging
Otto Moerbeek [Wed, 7 Jun 2023 08:19:13 +0000 (10:19 +0200)]
Impelement verification of algos 5 and 7
Otto Moerbeek [Tue, 6 Jun 2023 14:11:59 +0000 (16:11 +0200)]
rec: implement a way to disable specific DNSSEC algorithms
This could be needed when runing RHEL9, to avoid having zones signed
with algo 5 or 7 going Bogus. RHEL9 does not support these algorithms,
unless the globalsecurity policy is modified.
Peter van Dijk [Tue, 6 Jun 2023 07:49:02 +0000 (09:49 +0200)]
Merge pull request #12889 from Habbie/auth-4.8-eol-update
auth 4.8: EOL update
Peter van Dijk [Mon, 5 Jun 2023 14:34:15 +0000 (16:34 +0200)]
auth 4.8: EOL update
Otto Moerbeek [Fri, 2 Jun 2023 12:16:40 +0000 (14:16 +0200)]
delint
Otto Moerbeek [Fri, 2 Jun 2023 12:09:10 +0000 (14:09 +0200)]
Merge pull request #12793 from omoerbeek/assorted-delint
Another set of delinting
Otto Moerbeek [Fri, 2 Jun 2023 09:05:33 +0000 (11:05 +0200)]
Merge pull request #12867 from omoerbeek/rec-prep-4.9.0-beta1
rec: Prep for rec-4.9.0-beta1
Otto Moerbeek [Wed, 31 May 2023 08:28:00 +0000 (10:28 +0200)]
Prep for rec-4.9.0-beta1
Peter van Dijk [Thu, 1 Jun 2023 19:13:48 +0000 (21:13 +0200)]
Merge pull request #12880 from Habbie/swagger-no-docker
swagger-syntax-check: run outside of Docker
Peter van Dijk [Thu, 1 Jun 2023 18:39:56 +0000 (20:39 +0200)]
builder-dispatch: add debian-bookworm target to defaults
Peter van Dijk [Thu, 1 Jun 2023 16:57:17 +0000 (18:57 +0200)]
swagger-syntax-check: run outside of Docker
Peter van Dijk [Thu, 1 Jun 2023 16:28:17 +0000 (18:28 +0200)]
Merge pull request #12875 from Habbie/upgrade-notes-46-47-master
auth upgrading: fix 4.6/4.7 header; update LMDB text
romeroalx [Thu, 1 Jun 2023 14:57:59 +0000 (16:57 +0200)]
Merge pull request #12856 from romeroalx/enable-ipv6-actions-container
Enable ipv6 for actions running on docker containers
Peter van Dijk [Thu, 1 Jun 2023 12:03:58 +0000 (14:03 +0200)]
auth upgrading: fix 4.6/4.7 header; update LMDB text
Peter van Dijk [Thu, 1 Jun 2023 11:16:54 +0000 (13:16 +0200)]
Merge pull request #12874 from Habbie/auth-4.8.0-docs-secpoll
auth-4.8.0: docs and secpoll
Peter van Dijk [Thu, 1 Jun 2023 11:04:59 +0000 (13:04 +0200)]
auth-4.8.0: docs and secpoll
aerique [Thu, 1 Jun 2023 10:56:12 +0000 (12:56 +0200)]
Merge pull request #12873 from aerique/feature/add-bookwork-to-repo-test-script
Add Bookworm to repo test script.
Erik Winkels [Thu, 1 Jun 2023 09:41:23 +0000 (11:41 +0200)]
Add Bookworm to repo test script.
Add Debian Bookworm for `auth-master` & `auth-48` to repo test script.
Peter van Dijk [Wed, 31 May 2023 21:14:54 +0000 (23:14 +0200)]
Merge pull request #12866 from Habbie/auth-lmdb-dup-delete
auth lmdb: delete duplicate domain entries in deleteDomain
Otto Moerbeek [Tue, 30 May 2023 12:24:33 +0000 (14:24 +0200)]
Add test and fix TC=1 adding of SOA record
Otto Moerbeek [Tue, 30 May 2023 11:49:03 +0000 (13:49 +0200)]
rec: add SOA to RPZ result if configured to do so
Fixes #8232
Peter van Dijk [Wed, 31 May 2023 11:54:11 +0000 (13:54 +0200)]
Merge pull request #12860 from Habbie/auth-ent-wildcard
auth: do not answer with broken TYPE0 data when expanding an ENT wildcard
Peter van Dijk [Wed, 31 May 2023 11:53:52 +0000 (13:53 +0200)]
Merge pull request #12859 from Habbie/pdnsutil-edit-zone-wrong-key
pdnsutil: if user pushes unknown key in response to "problem with zone" prompt, do not throw away their changes
Peter van Dijk [Sun, 28 May 2023 21:05:35 +0000 (23:05 +0200)]
auth: do not answer with broken TYPE0 data when expanding an ENT wildcard
Otto Moerbeek [Tue, 16 May 2023 10:05:07 +0000 (12:05 +0200)]
Process review comments
Otto Moerbeek [Wed, 10 May 2023 07:44:52 +0000 (09:44 +0200)]
Reformat
Otto Moerbeek [Tue, 9 May 2023 11:15:34 +0000 (13:15 +0200)]
More delinting
A set of random files made clean. During this process .clang-tidy.full
was also amended a bit.
Peter van Dijk [Wed, 31 May 2023 08:33:56 +0000 (10:33 +0200)]
document shards=1 enforcement
Peter van Dijk [Wed, 31 May 2023 08:33:48 +0000 (10:33 +0200)]
format
Peter van Dijk [Wed, 31 May 2023 08:25:12 +0000 (10:25 +0200)]
simplify
Otto Moerbeek [Wed, 31 May 2023 07:52:37 +0000 (09:52 +0200)]
Merge pull request #12862 from omoerbeek/rec-recursion-bound
rec: bound maximum recursion depth to 16.
Otto Moerbeek [Wed, 31 May 2023 07:52:22 +0000 (09:52 +0200)]
Merge pull request #12861 from omoerbeek/rec-no-refresh
rec: Introduce a way to completely disable root-refresh
Peter van Dijk [Wed, 31 May 2023 07:34:02 +0000 (09:34 +0200)]
use d_transactiondomain[id]
Peter van Dijk [Wed, 31 May 2023 07:27:48 +0000 (09:27 +0200)]
Update modules/lmdbbackend/lmdbbackend.cc
Co-authored-by: Otto Moerbeek <otto.moerbeek@open-xchange.com>
Peter van Dijk [Wed, 31 May 2023 07:25:26 +0000 (09:25 +0200)]
only throw when idvec is empty
Otto Moerbeek [Wed, 31 May 2023 06:39:36 +0000 (08:39 +0200)]
Merge pull request #12673 from omoerbeek/rec-origttl
rec: Sanitize d_orig_ttl stored in record cache
Peter van Dijk [Tue, 30 May 2023 16:50:47 +0000 (18:50 +0200)]
auth lmdb: enforce shards=1 when running in lightning-stream mode
Peter van Dijk [Tue, 30 May 2023 15:03:47 +0000 (17:03 +0200)]
auth lmdb: delete duplicate domain entries in deleteDomain
Otto Moerbeek [Tue, 30 May 2023 14:02:15 +0000 (16:02 +0200)]
Add the d_orig_ttl sanitization back, there still is a case where
it can wrap (which I'm unable to spot right now).
Otto Moerbeek [Tue, 30 May 2023 13:04:16 +0000 (15:04 +0200)]
Merge pull request #12863 from omoerbeek/rec-val-log-typo
rec: fix typo in trace message
Otto Moerbeek [Tue, 30 May 2023 13:03:58 +0000 (15:03 +0200)]
Merge pull request #12838 from omoerbeek/delint-rec-tcp
Delint rec-tcp.cc
Otto Moerbeek [Tue, 30 May 2023 13:03:35 +0000 (15:03 +0200)]
Merge pull request #12837 from omoerbeek/nolint-validate
Delint validate.cc and related files
Otto Moerbeek [Tue, 30 May 2023 13:03:06 +0000 (15:03 +0200)]
Merge pull request #12836 from omoerbeek/rec-main-delint-followup
rec: Full delint rec-main.cc
Otto Moerbeek [Tue, 30 May 2023 08:39:10 +0000 (10:39 +0200)]
Fix root-priming test, which now depends on a arg being set.
Otto Moerbeek [Tue, 30 May 2023 08:31:32 +0000 (10:31 +0200)]
rec: fix typo in trace message
Otto Moerbeek [Tue, 30 May 2023 08:16:52 +0000 (10:16 +0200)]
rec: bound maximum recursion depth to 16.
Before #12779, the fixed limit on CNAME chain length (16) effectively
worked as recursion depth limit.
Otto Moerbeek [Tue, 30 May 2023 07:57:13 +0000 (09:57 +0200)]
rec: Introduce a way to completely disable root-refresh
Peter van Dijk [Sun, 28 May 2023 20:39:33 +0000 (22:39 +0200)]
pdnsutil: if user pushes unknown key in response to "problem with zone" prompt, do not throw away their changes
Alexis Romero [Fri, 26 May 2023 13:51:46 +0000 (15:51 +0200)]
gh actions: enable ipv6 in docker containers
phonedph1 [Thu, 18 May 2023 15:23:43 +0000 (09:23 -0600)]
Update dnsdist-console.cc
phonedph1 [Thu, 18 May 2023 15:19:59 +0000 (09:19 -0600)]
Update rules-actions.rst
Remi Gacogne [Thu, 18 May 2023 11:30:26 +0000 (13:30 +0200)]
Merge pull request #12726 from rgacogne/ddist-wait-reconnect
dnsdist: Properly handle reconnection failure for backend UDP sockets
Remi Gacogne [Thu, 18 May 2023 11:29:47 +0000 (13:29 +0200)]
Merge pull request #12819 from rgacogne/ddist-reuseaddr-udp
dnsdist: Stop setting SO_REUSEADDR on outgoing UDP client sockets
Otto Moerbeek [Wed, 17 May 2023 12:16:05 +0000 (14:16 +0200)]
Tweaks
Otto Moerbeek [Wed, 17 May 2023 12:06:17 +0000 (14:06 +0200)]
Reformat
Otto Moerbeek [Wed, 17 May 2023 10:54:01 +0000 (12:54 +0200)]
Delint rec-tcp.cc