Remi Gacogne [Fri, 17 Jan 2020 13:56:27 +0000 (14:56 +0100)]
auth: Enforce a strict maximum size for the packet and records caches
Before this change, both the query and packet caches in the authoritative
server can exceed their maximum size by a lot, until the next cleaning
cycle.
This is particularly nasty since the current cleaning algorithm will
never remove entries from the cache until they expire, as opposed to
what we do in the recursor, for example, where we nuke the least-recently
used entries, even if they are still valid, when the cache is full.
This commit changes that by removing the least recently inserted or
updated entry from the cache after inserting a new one when the cache
is full, thus enforcing the maximum size more strictly.
Note that this is really the least recently inserted/updated and not
the least recently used one, as is done in the recursor. Having a
proper LRU in the auth would require acquering a write lock for a
simple lookup, instead of a potentially concurrent read-lock at the
moment. We might want to consider changing that at some point, as
a LRU might be fairer and the lock contention might be very small
since the caches are sharded.
Remi Gacogne [Fri, 13 Dec 2019 10:16:20 +0000 (11:16 +0100)]
dnsdist: Require Python libnacl < 1.7
Otherwise we need libsodium >= 1.0.12 (required by this change:
https://github.com/saltstack/libnacl/commit/8c8b2f8bc05a5b67f39acf9a6bc0bef6fa839166
) and we don't have it in Trusty, which we still use in Travis.
Otto Moerbeek [Mon, 6 Jan 2020 14:04:25 +0000 (15:04 +0100)]
Introduce test for PR 8648.
While there, explicitly init qname-minimization in test-syncres to
false. The current code gave the impression it was turned on by
default for unit tests. We have a lot of test that count queries,
and that is highly depedent on qname minimization being on or off.
Remi Gacogne [Fri, 20 Dec 2019 12:04:23 +0000 (13:04 +0100)]
auth: Clear the TSIG algo between iterations in the API
Otherwise `GSQLBackend::getTSIGKey()` will try to match the
algorithm in `keyAlgo` if it's set, which will prevent retrieving
a key with a different algorithm that the previous one.
Otto Moerbeek [Fri, 20 Dec 2019 09:08:50 +0000 (10:08 +0100)]
QName Minimization consults the cache first to see work needs to
be done. Via doCacheCheck() this can lead to a call to computeZoneCuts()
which might/does not work properly on only cached records, so always
make sure it can go out if needed. Should fix #8642.
Sander Hoentjen [Mon, 16 Dec 2019 21:44:43 +0000 (22:44 +0100)]
Fix build with gcc-10
From an e-mail from Jeff Law <law@redhat.com>:
Subject: Minor problem in pdns, dnsdist and pdns-recursor packages in Fedora
[ All three packages have embedded copies of the same problematic code
and the same patch fixes all three. ]
Red Hat's compiler team continues to try and be proactive in identifying
issues that will arise as a result of the introduction of a new GCC
release into Fedora each spring.
You're being contacted because a package you maintain in Fedora is going
to fail to build with gcc-10 in the spring. Yes, I know that's a few
months away, but it's far easier to fix this stuff proactively now than
wait.
Fixing it now also means that your package will continue to be built
with testing versions of gcc-10 as we proceed through the development
process thus allowing additional issues to be caught early.
Your particular package will fail due to an uninstantiated template for
AsyncLoader<Request>. These kinds of problems are relatively common due to
changes in the tuning of the inliner for gcc-10:
> BUILDSTDERR: /usr/bin/ld: webserver.o: in function `WebServer::serveConnection(std::shared_ptr<Socket>) const':
> BUILDSTDERR: /builddir/build/BUILD/pdns-4.2.1/pdns/webserver.cc:373: undefined reference to `YaHTTP::AsyncLoader<YaHTTP::Request>::feed(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&)'
> BUILDSTDERR: collect2: error: ld returned 1 exit status
> BUILDSTDERR: make[3]: *** [Makefile:2751: ixfrdist] Error 1
>
The attached patch arranges for an instance to be instantiated when
compiling reqresp.cpp and is sufficient to fix this problem. The
choice of reqresp.cpp fairly arbitrary IIRC.
Ideally you'll with upstream to get this fixed, but a Fedora patch is
clearly OK as well. I'll install the attached fix into Fedora in a
week or so if I haven't heard from you.
Remi Gacogne [Fri, 13 Dec 2019 10:16:20 +0000 (11:16 +0100)]
dnsdist: Require Python libnacl < 1.7
Otherwise we need libsodium >= 1.0.12 (required by this change:
https://github.com/saltstack/libnacl/commit/8c8b2f8bc05a5b67f39acf9a6bc0bef6fa839166
) and we don't have it in Trusty, which we still use in Travis.
projects / thirdparty / pdns.git / log
