dnsdist: Gracefully handle timeout/response for a closed HTTP stream
The remote end might very well have already closed the HTTP stream
corresponding to the timeout or response we are processing. While
this means we need to discard the event we were processing, it is
not an unexpected event and we should thus not raise an exception
since the caller cannot do anything about it.
dnsdist: Fix a crash when processing timeouts for incoming DoH queries
This commit fixes a double-free triggered by an exception being raised
while we are processing a timeout for an incoming DoH query. The exception
bypasses the call releasing the smart pointer, and thus the destructor
is called when we reach the end of the function since we own the smart
pointer, but unfortunately it has already been destroyed by the function
that raised the exception. The fix is to release the pointer first,
then call the function, so even if an exception is raised we no longer
own the pointer, and it's clear that the function has taken ownership of it.
dnsdist: Be consistent with regard to health-check modes transition
Calling `setAuto()` on a backend used to set the health-check mode
to `active`, even if it had been set to `lazy` before, which was
quite confusing.
This commit introduces a new method, `setAutoActive()` which can
be used to change the health-check mode to `active`, and alters the
behaviour of `setAuto()` to restore the previous health-check mode
instead. This is a breaking change but since the default health-check
mode is `active` I don't expect to break any existing configurations.
It also introduces a new method, `getHealthCheckMode()`, to inspect
the current mode.
dnsdist: Fix spurious failure of the TCP limits regression tests
The "maximum duration" test used to trigger the maximum number of
TCP read IOs, preventing the next test from being run. This commit
sets the maximum number of TCP read IOs to "unlimited" for this test.
dnsdist: Properly handle buffering in the "max read IOs" test
It is completely possible that the entire query will be sent before
the dnsdist process notices that the number of IOs is larger than the
limit, closes the connection, and the test process is notified of the
socket being closed (for example because of buffering).
So we need to detect that the connection is closed during our attempt
to read the response, rather than while we are sending the query.
This commit does that, and also introduces a slight delay after sending
each byte of the query, increasing the likelihood of the dnsdist process
actually reading the query bytes one by one.
dnsdist: Limit the number of concurrent build jobs to 4 on CI
We are experiencing a lot of build failures on GH actions when
building with `meson` and `ASAN+UBSAN`, likely running out of
memory. We could try to be smarter and only reduce the concurrency
when building with `ASAN+UBSAN`, but for now let's see if it makes
the failures go away.
Rearrange confusingly ordered docs on DNS update checks
Structure-wise, the paragraph on the interaction between ``allow-dnsupdate-from``, ``ALLOW-DNSUPDATE-FROM`` and ``TSIG-ALLOW-DNSUPDATE`` wound up in the section of the document on Lua update policies.
That seems unintentional, and it's additionally confusing because the description of the Lua update policy setting explicitly mentions that it causes all other enforcement mechanisms to be disabled. This change attempts to correct that.
By design, a.isPartOf(a) is always true.
Therefore, if a and b compare equal, !a.isPartOf(b) and a != b are both
false and the result of the expression is false, but also
!a.isPartOf(b).
If not, then a != b is true and the result of the expression is
!a.isPartOf(b).
While ZoneName is still equivalent to DNSName, this commit turns it into a
separate class (with the same interface as DNSName), and requires conversion
between these classes to be explicit, so that we can recognize the
DNSName/ZoneName boundaries and change them as needs arise.
It is intended for these explicit conversion requirements to be only temporary,
which would allow all these ".operator const DNSName&()" calls to get removed
eventually, once the dust settles and our trust it proper use of ZoneName versus
DNSName is strong enough.
Miod Vallat [Thu, 20 Mar 2025 13:35:00 +0000 (14:35 +0100)]
Add an API-specific lookup method to DNSBackend.
This method, APILookup(), behaves similarly to lookup() but allows
disabled records to be returned to the caller. Backends with no support
for disabled records (bind, geoip, ldap, lua2, pipe, tinydns) implement
it as a by-default wrapper over lookup(). Other backends override with
their own processing.
SQL-style backends use distinct queries, api-id-query and
api-any-id-query, so as not to penalize non-API workloads.
def checkForwards(self, expected):
attempts = 0
tries = 10
ex = None
while attempts < tries:
try:
with open('configs/' + self._confdir + '/catzone.forward.catz.') as file:
reality = yaml.safe_load(file);
if expected == reality:
return
except Exception as e:
ex = e
attempts = attempts + 1
> sleep(0.1)
E NameError: name 'sleep' is not defined
```
projects / thirdparty / pdns.git / log
