]>
git.ipfire.org Git - thirdparty/pdns.git/log
Remi Gacogne [Tue, 2 Apr 2024 14:20:14 +0000 (16:20 +0200)]
auth: Properly finalize PKCS11 modules before releasing them
This gets rid of two leaks reported by LeakSanitizer when running our
unit tests:
```
Direct leak of 48 byte(s) in 1 object(s) allocated from:
#0 0x5fe6c6e7d099 in malloc (/pdns/pdns/testrunner+0x220099) (BuildId:
08d4c369b5f2f19f183aa5d6ab931a6653b70ab9 )
#1 0x7e6cdc6a0964 (/usr/lib/libp11-kit.so.0+0x36964) (BuildId:
307da6c0b5c7d87a1b0fd0a63e0bda93c9375e8a )
Indirect leak of 72 byte(s) in 1 object(s) allocated from:
#0 0x5fe6c6e7d401 in calloc (/pdns/pdns/testrunner+0x220401) (BuildId:
08d4c369b5f2f19f183aa5d6ab931a6653b70ab9 )
#1 0x7e6cdc6a09b6 (/usr/lib/libp11-kit.so.0+0x369b6) (BuildId:
307da6c0b5c7d87a1b0fd0a63e0bda93c9375e8a )
```
Remi Gacogne [Fri, 29 Mar 2024 16:28:49 +0000 (17:28 +0100)]
Merge pull request #14001 from rgacogne/ddist-ffi-policy-no-server
dnsdist: Support "no server available" result from Lua FFI LB policies
Remi Gacogne [Fri, 29 Mar 2024 15:54:22 +0000 (16:54 +0100)]
dnsdist: Delint test-dnsdistlbpolicies_cc.cc
Remi Gacogne [Fri, 29 Mar 2024 15:35:55 +0000 (16:35 +0100)]
dnsdist: Fix clang-tidy warnings
Remi Gacogne [Fri, 29 Mar 2024 15:28:15 +0000 (16:28 +0100)]
Merge pull request #13922 from rgacogne/ddist-cachemiss-rule-chain
dnsdist: Add a new query rules chain triggered after a cache miss
Remi Gacogne [Fri, 29 Mar 2024 15:06:47 +0000 (16:06 +0100)]
Merge pull request #14005 from rgacogne/ddist-tcp-incoming-release
dnsdist: Release incoming TCP connection right away on backend failure
Remi Gacogne [Fri, 29 Mar 2024 15:04:10 +0000 (16:04 +0100)]
Merge pull request #14003 from rgacogne/ddist-fix-in-doh-crash
dnsdist: Fix a null-deref in incoming DoH w/ nghttp2
Remi Gacogne [Fri, 29 Mar 2024 15:03:24 +0000 (16:03 +0100)]
Merge pull request #14004 from rgacogne/ddist-tcp-downstream-release
dnsdist: Release failed TCP backend connections more quickly
Remi Gacogne [Fri, 29 Mar 2024 14:57:19 +0000 (15:57 +0100)]
dnsdist: Clarify how to return 'no server available' from the FFI policies
Remi Gacogne [Thu, 14 Mar 2024 15:03:41 +0000 (16:03 +0100)]
dnsdist: Add regression tests for the new cache-miss rules chain
Remi Gacogne [Fri, 8 Mar 2024 15:14:17 +0000 (16:14 +0100)]
dnsdist: Add a new query rules chain triggered after a cache miss
This new chain of rules allows postponing the decision of what to
do with the query to after a cache-lookup has been done. This is
particularly useful when dealing with abuse: we might want to allow
cache hits to be processed normally since they are cheap while dropping/
refusing/routing to a different pool queries that result in a cache
miss.
Remi Gacogne [Fri, 29 Mar 2024 14:08:29 +0000 (15:08 +0100)]
dnsdist: Release failed TCP backend connections more quickly
After a timeout we cannot reuse the TCP connection to the backend
anyway, so let's release it immediately.
Remi Gacogne [Fri, 29 Mar 2024 13:22:40 +0000 (14:22 +0100)]
dnsdist: Release incoming TCP connection right away on backend failure
We used to keep a shared pointer to the incoming TCP connection around
in `TCPConnectionToBackend::d_currentQuery.d_sender` even after all queries
sent to the backend failed, which prevented the incoming TCP connection
from being closed as soon as it should have.
Remi Gacogne [Fri, 29 Mar 2024 13:12:29 +0000 (14:12 +0100)]
dnsdist: Fix a null-deref in incoming DoH w/ nghttp2
When an incoming DoH connection using the `nghttp2` provider is waiting
for a response from a backend that results in a I/O error or timeout,
and the incoming connection also fails due to a I/O error or timeout,
dnsdist could in some cases try to dereference a null pointer, leading
to a crash.
Remi Gacogne [Thu, 28 Mar 2024 16:12:48 +0000 (17:12 +0100)]
dnsdist: Support "no server available" result from Lua FFI LB policies
Remi Gacogne [Thu, 28 Mar 2024 15:51:39 +0000 (16:51 +0100)]
Merge pull request #13923 from rgacogne/ddist-xfr-response-chain
dnsdist: Add a new response chain for XFR responses
Remi Gacogne [Thu, 28 Mar 2024 15:51:19 +0000 (16:51 +0100)]
Merge pull request #13999 from rgacogne/ddist-inc-http1-counter-alpn
dnsdist: Fix DNS over HTTP connections/queries counters with `nghttp2`
Remi Gacogne [Thu, 28 Mar 2024 10:37:59 +0000 (11:37 +0100)]
Merge pull request #13998 from romeroalx/fix-dockerfile-rpmsbom
Dockerfile.rpmsbom: fix grep syntax for authoritative on rhel>7
Remi Gacogne [Thu, 28 Mar 2024 10:37:35 +0000 (11:37 +0100)]
dnsdist: Fix formatting in dnsdist-nghttp2-in.cc
Remi Gacogne [Thu, 28 Mar 2024 10:25:34 +0000 (11:25 +0100)]
dnsdist: Add a regression test for DoH connection counters
Remi Gacogne [Thu, 28 Mar 2024 10:24:44 +0000 (11:24 +0100)]
dnsdist: Properly increase the HTTP connections counter w/ nghttp2
Remi Gacogne [Thu, 28 Mar 2024 09:30:10 +0000 (10:30 +0100)]
dnsdist: Remove commented out include directive
Remi Gacogne [Thu, 28 Mar 2024 09:27:15 +0000 (10:27 +0100)]
dnsdist: Increase the HTTP/1.1 query counter when DoH with 1.1 ALPN
This way we can keep track of how many HTTP/1.1 connections attempt
we see. We will not actually process the DNS over HTTP/1.1 payload
anyway when the `nghttp2` provider is used.
romeroalx [Thu, 28 Mar 2024 08:59:21 +0000 (09:59 +0100)]
fix grep syntax Dockerfile.rpmsbom
Remi Gacogne [Thu, 28 Mar 2024 08:46:51 +0000 (09:46 +0100)]
Merge pull request #13983 from rgacogne/generate-sbom
Generate Software Bill Of Materials (SBOMs) for our RPM packages
Otto Moerbeek [Wed, 27 Mar 2024 10:54:29 +0000 (11:54 +0100)]
Merge pull request #13969 from omoerbeek/rec-nod-threads
rec: use shared NOD (and/or UDR) DB, to avoid multiple copies in memory and on disk
Otto Moerbeek [Wed, 27 Mar 2024 10:08:46 +0000 (11:08 +0100)]
Explain the d_cachedir_mutex is only used for protecting init() calls
Otto Moerbeek [Wed, 27 Mar 2024 07:03:28 +0000 (08:03 +0100)]
Merge pull request #13984 from rgacogne/rec-fix-nsec3s-count-closest-encloser
rec: Correctly count NSEC3s considered when chasing the closest encloser
Otto Moerbeek [Wed, 27 Mar 2024 06:27:54 +0000 (07:27 +0100)]
Merge pull request #13985 from omoerbeek/rec-system-res-fixup
rec: fixup res-system-resolve.cc on FreeBSD: resolve.h needs netinet/in.h
Fred Morcos [Tue, 26 Mar 2024 19:31:35 +0000 (20:31 +0100)]
Merge pull request #13959 from fredmorcos/meson
Add Meson as a build system for auth
Otto Moerbeek [Tue, 26 Mar 2024 15:39:58 +0000 (16:39 +0100)]
rec: fixup res-system-resolve.cc on FreeBSD: resolve.h needs netinet/in.h
Otto Moerbeek [Tue, 26 Mar 2024 15:00:08 +0000 (16:00 +0100)]
Merge pull request #13982 from Habbie/resqueryunderscores
rec: also look for __res_query symbol
Remi Gacogne [Tue, 26 Mar 2024 14:36:07 +0000 (15:36 +0100)]
SBOM: Dynamically generate the list of auth-related packages
Remi Gacogne [Tue, 26 Mar 2024 13:44:15 +0000 (14:44 +0100)]
rec: Correctly count NSEC3s considered when chasing the closest encloser
We need to count the number of NSEC3s that are present in the response,
not the number of times we have to consider possible NSEC3s when
looking for the NSEC3 closest encloser, label by label.
Peter van Dijk [Tue, 26 Mar 2024 10:49:48 +0000 (11:49 +0100)]
rec: also look for __res_query symbol
Remi Gacogne [Tue, 26 Mar 2024 10:25:14 +0000 (11:25 +0100)]
SBOM: Fix the builder target variable
Remi Gacogne [Tue, 26 Mar 2024 09:47:11 +0000 (10:47 +0100)]
Fix syntax errors
Remi Gacogne [Tue, 26 Mar 2024 09:18:40 +0000 (10:18 +0100)]
Disable SBOM generation on el-7 (almost EOL), fix it on el-8
Remi Gacogne [Mon, 25 Mar 2024 19:04:13 +0000 (20:04 +0100)]
Hopefully fix SBOM generation
Remi Gacogne [Mon, 25 Mar 2024 13:51:05 +0000 (14:51 +0100)]
Attempt to generate SBOMs after building packages
Otto Moerbeek [Tue, 26 Mar 2024 06:58:00 +0000 (07:58 +0100)]
Merge pull request #13921 from omoerbeek/rec-system-resolve
Rec: add feature to allow names (resolved by system resolver) in forwarding config
Peter van Dijk [Mon, 25 Mar 2024 18:02:19 +0000 (19:02 +0100)]
Merge pull request #12849 from PowerDNS/dependabot/pip/regression-tests.api/requests-2.31.0
build(deps): bump requests from 2.20.0 to 2.31.0 in /regression-tests.api
Peter van Dijk [Mon, 25 Mar 2024 17:57:09 +0000 (18:57 +0100)]
Merge pull request #13981 from rgacogne/fix-rec-builds
Fix recursor packages builds
Remi Gacogne [Mon, 25 Mar 2024 16:01:19 +0000 (17:01 +0100)]
Fix recursor builds: fix invalid path for builder-support/helpers
Remi Gacogne [Mon, 25 Mar 2024 15:24:47 +0000 (16:24 +0100)]
Fix recursor builds: we now require `jq` during the `dist` phase
dependabot[bot] [Mon, 25 Mar 2024 14:57:28 +0000 (14:57 +0000)]
build(deps): bump requests in /regression-tests.api
Bumps [requests](https://github.com/psf/requests) from 2.20.0 to 2.31.0.
- [Release notes](https://github.com/psf/requests/releases)
- [Changelog](https://github.com/psf/requests/blob/main/HISTORY.md)
- [Commits](https://github.com/psf/requests/compare/v2.20.0...v2.31.0)
---
updated-dependencies:
- dependency-name: requests
dependency-type: direct:production
...
Signed-off-by: dependabot[bot] <support@github.com>
Peter van Dijk [Mon, 25 Mar 2024 14:53:06 +0000 (15:53 +0100)]
Merge pull request #10933 from swegener/64-bit-time-support
m4: Enable 64-bit time_t on 32-bit systems with glibc-2.34
Otto Moerbeek [Mon, 25 Mar 2024 14:40:30 +0000 (15:40 +0100)]
Use FDWrapper, modify its reset() to return the close() return value
Remi Gacogne [Mon, 25 Mar 2024 14:28:37 +0000 (15:28 +0100)]
Merge pull request #13972 from rgacogne/external-libs-to-json
Move the version (and hashes) of external dependencies to JSON files
Otto Moerbeek [Mon, 25 Mar 2024 14:25:27 +0000 (15:25 +0100)]
Update pdns/recursordist/settings/docs-new-preamble-in.rst
Co-authored-by: Remi Gacogne <github@coredump.fr>
Otto Moerbeek [Mon, 25 Mar 2024 13:34:28 +0000 (14:34 +0100)]
Comment fixes, some of them only made sense for the non-shared setup
Otto Moerbeek [Mon, 25 Mar 2024 13:07:54 +0000 (14:07 +0100)]
Merge pull request #13844 from omoerbeek/rec-sl-only
rec: remove the possiblility to disable structured logging
Otto Moerbeek [Mon, 25 Mar 2024 12:33:41 +0000 (13:33 +0100)]
Make resolve check interval and self-resolve check settable
Peter van Dijk [Mon, 25 Mar 2024 11:52:03 +0000 (12:52 +0100)]
Merge pull request #13770 from Assumeru/require-tsig
auth: Add setting to make TSIG required for DNS updates
Otto Moerbeek [Mon, 25 Mar 2024 11:31:26 +0000 (12:31 +0100)]
Remove changes var and releted method, they are unused
Otto Moerbeek [Mon, 25 Mar 2024 11:24:28 +0000 (12:24 +0100)]
Apply suggestions from code review
Co-authored-by: Fred Morcos <fm@fredmorcos.com>
Co-authored-by: Remi Gacogne <github@coredump.fr>
Peter van Dijk [Mon, 25 Mar 2024 11:17:55 +0000 (12:17 +0100)]
more clang-tidy
Otto Moerbeek [Mon, 25 Mar 2024 11:04:44 +0000 (12:04 +0100)]
Merge pull request #13979 from omoerbeek/rec-netmask-docs
rec: fix netmask docs wrt deprecatd isIpX() functions
Remi Gacogne [Mon, 25 Mar 2024 10:57:11 +0000 (11:57 +0100)]
Add license, publisher information to the external deps data
Fred Morcos [Mon, 25 Mar 2024 10:34:03 +0000 (11:34 +0100)]
Meson: Remove unit-tests-verbose and favor meson test --verbose
Fred Morcos [Mon, 25 Mar 2024 10:30:15 +0000 (11:30 +0100)]
Meson: Fix passing thread dependency on platforms that need it
e.g. FreeBSD needs -lpthread
Otto Moerbeek [Mon, 25 Mar 2024 10:24:40 +0000 (11:24 +0100)]
rec: fix netmask docs wrt deprecatd isIpX() functions
Fixes #13978
Peter van Dijk [Mon, 25 Mar 2024 10:00:17 +0000 (11:00 +0100)]
clang-tidy: more descriptive variable name
Otto Moerbeek [Mon, 25 Mar 2024 09:45:08 +0000 (10:45 +0100)]
process review comments; move toTimestampStringMilli() to Logging namespace
Peter van Dijk [Mon, 25 Mar 2024 10:00:55 +0000 (11:00 +0100)]
Merge pull request #12769 from neilcook/patch-1
Update Dynamic DNS Update Docs with GSS-TSIG
Otto Moerbeek [Fri, 1 Mar 2024 14:36:13 +0000 (15:36 +0100)]
remove unused branch in SLOG macro (ifdef RECURSOR)
Otto Moerbeek [Fri, 1 Mar 2024 10:54:35 +0000 (11:54 +0100)]
rec: remove the possiblility to disable structured logging
Otto Moerbeek [Mon, 25 Mar 2024 08:54:18 +0000 (09:54 +0100)]
Sort result vector of getaddrinfo
Otto Moerbeek [Mon, 25 Mar 2024 08:21:49 +0000 (09:21 +0100)]
Apply suggestions from code review: typos in comments
Co-authored-by: Fred Morcos <fm@fredmorcos.com>
Otto Moerbeek [Fri, 15 Mar 2024 15:32:49 +0000 (16:32 +0100)]
Add test to also test changing forwarder. Needs ENABLE_SUDO_TESTS
Todo: modify tasks.py to add ENABLE_SUDO_TESTS to test run, like dnsdist does
Otto Moerbeek [Fri, 15 Mar 2024 13:54:13 +0000 (14:54 +0100)]
Simple test of named forward, a bit ugly as it depends on external servers
Otto Moerbeek [Fri, 15 Mar 2024 11:26:50 +0000 (12:26 +0100)]
Comments & docs
Otto Moerbeek [Wed, 13 Mar 2024 11:55:39 +0000 (12:55 +0100)]
Avoid race setting serverID
Otto Moerbeek [Wed, 13 Mar 2024 11:04:32 +0000 (12:04 +0100)]
Enable explicitly only
Otto Moerbeek [Tue, 12 Mar 2024 07:43:00 +0000 (08:43 +0100)]
Search -lresolv (if applicable) the proper auto* way
Otto Moerbeek [Mon, 11 Mar 2024 16:34:02 +0000 (17:34 +0100)]
selfresolve check wip
Otto Moerbeek [Fri, 23 Feb 2024 13:43:03 +0000 (14:43 +0100)]
rec: facility to resolve names via system resolver
Remi Gacogne [Fri, 22 Mar 2024 14:38:08 +0000 (15:38 +0100)]
Move the version (and hashes) of external dependencies to JSON files
Otto Moerbeek [Mon, 25 Mar 2024 09:05:09 +0000 (10:05 +0100)]
Merge pull request #13975 from omoerbeek/more-if-vs-ifdef-have
Fix the remaining cases of #if vs #ifdef HAVE_XYZ
Otto Moerbeek [Mon, 25 Mar 2024 09:04:44 +0000 (10:04 +0100)]
Merge pull request #12989 from Habbie/stderr
auth, rec: update option text and docs to clarify logging is to stderr, not stdout
Remi Gacogne [Mon, 25 Mar 2024 09:01:52 +0000 (10:01 +0100)]
Merge pull request #13914 from rgacogne/ddist-fix-xsk-error
dnsdist: Fix XSK-enabled check when reconnecting a backend
Otto Moerbeek [Mon, 25 Mar 2024 08:13:50 +0000 (09:13 +0100)]
Fix the remaining cases of #if vs #ifdef HAVE_XYZ
Remi Gacogne [Mon, 25 Mar 2024 07:50:13 +0000 (08:50 +0100)]
Merge pull request #13971 from omoerbeek/check-have-with-ifdef
Always check HAVE_XYZ flags with #ifdef
Remi Gacogne [Mon, 25 Mar 2024 07:49:42 +0000 (08:49 +0100)]
Merge pull request #13973 from jsoref/clarify-job-description
Clarify workflow name
Peter van Dijk [Fri, 22 Mar 2024 18:28:34 +0000 (19:28 +0100)]
Merge pull request #13548 from PowerDNS/dependabot/pip/docs/urllib3-2.0.7
build(deps): bump urllib3 from 2.0.3 to 2.0.7 in /docs
Josh Soref [Fri, 22 Mar 2024 18:17:30 +0000 (14:17 -0400)]
Clarify workflow name
The workflow performs two very unrelated tasks:
* Verify source code formatting
* Check Makefile.am sort order
Peter van Dijk [Wed, 5 Jul 2023 20:07:29 +0000 (22:07 +0200)]
auth, rec: update option text and docs to clarify logging is to stderr, not stdout
Peter van Dijk [Fri, 22 Mar 2024 15:17:53 +0000 (16:17 +0100)]
accept the complexity of this function for now
Peter van Dijk [Fri, 22 Mar 2024 14:59:49 +0000 (15:59 +0100)]
Merge pull request #13970 from jsoref/build-tags-permissions
Allow build-tags to run on forks
Otto Moerbeek [Fri, 22 Mar 2024 14:10:31 +0000 (15:10 +0100)]
Always check HAVE_XYZ flags with #ifdef
Meson uses #define HAVE_FEATURE (without 1), so it matters there
Josh Soref [Fri, 22 Mar 2024 12:33:44 +0000 (08:33 -0400)]
Allow build-tags to run on forks
build-tags uses: PowerDNS/pdns/.github/workflows/build-packages.yml@master
As of
f107ec62467b8779db9bbdb175721ef232ed52e5 , that workflow requires:
permissions:
actions: read # To read the workflow path.
id-token: write # To sign the provenance.
contents: write # To be able to upload assets as release artifacts
Per https://docs.github.com/en/actions/using-workflows/reusing-workflows
in order for this to work, the calling job (in build-tags) needs to
have the maximum required permissions in order for the calling workflow
to be run.
Fred Morcos [Fri, 22 Mar 2024 11:12:31 +0000 (12:12 +0100)]
Revert "Meson: Fix missing dependency for auth testrunner"
This reverts commit
11d125e5cdc5515beeef370e594562f4028bb8b4 .
Peter van Dijk [Fri, 22 Mar 2024 11:05:35 +0000 (12:05 +0100)]
Merge pull request #13968 from PowerDNS/dependabot/github_actions/slsa-framework/slsa-github-generator-1.10.0
build(deps): bump slsa-framework/slsa-github-generator from 1.9.0 to 1.10.0
Fred Morcos [Fri, 22 Mar 2024 10:53:22 +0000 (11:53 +0100)]
Meson: Fix missing dependency for auth testrunner
Fred Morcos [Fri, 22 Mar 2024 09:29:32 +0000 (10:29 +0100)]
Meson: Fix ssqlite3 build on MacOS
Fred Morcos [Fri, 22 Mar 2024 09:28:36 +0000 (10:28 +0100)]
Meson: Silence sign compare warnings for bindlexer and bindparser
Remi Gacogne [Fri, 22 Mar 2024 08:36:39 +0000 (09:36 +0100)]
Merge pull request #13964 from rgacogne/ddist-document-cache-hits-ring-buffer
dnsdist: Document that cache hits go into the ring buffer since 1.8.0
Otto Moerbeek [Wed, 20 Mar 2024 13:52:38 +0000 (14:52 +0100)]
Make snapshot write interval settable
Otto Moerbeek [Fri, 22 Mar 2024 06:46:23 +0000 (07:46 +0100)]
Merge pull request #13966 from dwfreed/patch-1
rec-main: let NetmaskGroup parse dont-throttle-netmasks
Peter van Dijk [Thu, 21 Mar 2024 21:43:25 +0000 (22:43 +0100)]
Merge pull request #13840 from Habbie/daily-auth-4.9
add auth-4.9.x and dnsdist-1.9.x to daily build test