- ccache-cache-{{ arch }}-<< parameters.product >>-{{ .Branch }}
- ccache-cache-{{ arch }}-<< parameters.product >>-
+ install-doc-deps:
+ description: Install dependencies needed to build the documentation
+ steps:
+ - run:
+ name: Install dependencies
+ command: |
+ apt-get update && apt-get -qq -y install \
+ autoconf \
+ automake \
+ bison \
+ curl \
+ flex \
+ g++ \
+ git \
+ latexmk \
+ libboost-all-dev \
+ libedit-dev \
+ libluajit-5.1-dev \
+ libssl-dev \
+ make \
+ pkg-config \
+ ragel \
+ virtualenv
+ if [ "${CIRCLE_PROJECT_USERNAME}" = "PowerDNS" -a "${CIRCLE_PROJECT_REPONAME}" = "pdns" -a "${CIRCLE_BRANCH}" = "master" ]; then
+ apt-get update && apt-get -qq -y install \
+ texlive-full
+ fi
+
+ build-auth-docs:
+ description: Build documentation
+ steps:
+ - run:
+ name: autoconf
+ command: |
+ BUILDER_VERSION=0.0.0-git1 autoreconf -vfi
+ - run:
+ name: configure
+ command: |
+ ./configure \
+ --disable-lua-records \
+ --disable-unit-tests \
+ --without-dynmodules \
+ --without-modules
+ - run:
+ name: build docs
+ command: |
+ make -C docs html-docs
+ if [ "${CIRCLE_PROJECT_USERNAME}" = "PowerDNS" -a "${CIRCLE_PROJECT_REPONAME}" = "pdns" -a "${CIRCLE_BRANCH}" = "master" ]; then
+ make -C docs all-docs
+ fi
+ - run:
+ name: Upload documents
+ command: |
+ if [ "${CIRCLE_PROJECT_USERNAME}" = "PowerDNS" -a "${CIRCLE_PROJECT_REPONAME}" = "pdns" -a "${CIRCLE_BRANCH}" = "master" ]; then
+ rsync -crv --delete --no-p --chmod=g=rwX --exclude '*~' ./doc/html-docs/ doc_powerdns_com@web1.powerdns.com:/srv/www/doc.powerdns.com/authoritative/
+ rsync -crv --no-p --chmod=g=rwX --exclude '*~' ./doc/html-docs.tar.bz2 doc_powerdns_com@web1.powerdns.com:/srv/www/doc.powerdns.com/authoritative/
+ rsync -crv --no-p --chmod=g=rwX --exclude '*~' ./doc/PowerDNS-Authoritative.pdf doc_powerdns_com@web1.powerdns.com:/srv/www/doc.powerdns.com/authoritative/
+ fi
+
+ build-recursor-docs:
+ description: Build Recursor documentation
+ steps:
+ - run:
+ name: autoconf
+ command: |
+ BUILDER_VERSION=0.0.0-git1 autoreconf -vfi
+ working_directory: ~/project/pdns/recursordist
+ - run:
+ name: configure
+ command: |
+ ./configure \
+ --disable-unit-tests \
+ --disable-protobuf
+ working_directory: ~/project/pdns/recursordist
+ - run:
+ name: build docs
+ command: |
+ make html-docs
+ if [ "${CIRCLE_PROJECT_USERNAME}" = "PowerDNS" -a "${CIRCLE_PROJECT_REPONAME}" = "pdns" -a "${CIRCLE_BRANCH}" = "master" ]; then
+ make all-docs
+ fi
+ working_directory: ~/project/pdns/recursordist
+ - run:
+ name: Upload documents
+ working_directory: ~/project/pdns/recursordist
+ command: |
+ if [ "${CIRCLE_PROJECT_USERNAME}" = "PowerDNS" -a "${CIRCLE_PROJECT_REPONAME}" = "pdns" -a "${CIRCLE_BRANCH}" = "master" ]; then
+ rsync -crv --delete --no-p --chmod=g=rwX --exclude '*~' html-docs/ doc_powerdns_com@web1.powerdns.com:/srv/www/doc.powerdns.com/recursor/
+ rsync -crv --no-p --chmod=g=rwX --exclude '*~' html-docs.tar.bz2 doc_powerdns_com@web1.powerdns.com:/srv/www/doc.powerdns.com/recursor/
+ rsync -crv --no-p --chmod=g=rwX --exclude '*~' PowerDNS-Recursor.pdf doc_powerdns_com@web1.powerdns.com:/srv/www/doc.powerdns.com/recursor/
+ fi
+
+ build-dnsdist-docs:
+ description: Build dnsdist documentation
+ steps:
+ - run:
+ name: autoconf
+ command: |
+ BUILDER_VERSION=0.0.0-git1 autoreconf -vfi
+ working_directory: ~/project/pdns/dnsdistdist
+ - run:
+ name: configure
+ command: |
+ ./configure \
+ --disable-unit-tests \
+ --disable-protobuf
+ working_directory: ~/project/pdns/dnsdistdist
+ - run:
+ name: build docs
+ command: |
+ make html-docs
+ working_directory: ~/project/pdns/dnsdistdist
+ - run:
+ name: Upload documents
+ working_directory: ~/project/pdns/dnsdistdist
+ command: |
+ if [ "${CIRCLE_PROJECT_USERNAME}" = "PowerDNS" -a "${CIRCLE_PROJECT_REPONAME}" = "pdns" -a "${CIRCLE_BRANCH}" = "master" ]; then
+ rsync -crv --delete --no-p --chmod=g=rwX --exclude '*~' html-docs/ dnsdist_org@web1.powerdns.com:/srv/www/dnsdist.org
+ rsync -crv --no-p --chmod=g=rwX --exclude '*~' html-docs.tar.bz2 dnsdist_org@web1.powerdns.com:/srv/www/dnsdist.org
+ rsync -crv --no-p --chmod=g=rwX --exclude '*~' dnsdist.pdf dnsdist_org@web1.powerdns.com:/srv/www/dnsdist.org
+ fi
+
jobs:
build-auth:
docker:
PDNSRECURSOR="/opt/pdns-recursor/sbin/pdns_recursor" \
./runtests recursor
+ build-auth-docs:
+ docker:
+ - image: debian:stretch
+ steps:
+ - checkout-shallow
+ - install-doc-deps
+ - build-auth-docs
+
+ build-recursor-docs:
+ docker:
+ - image: debian:stretch
+ steps:
+ - checkout-shallow
+ - install-doc-deps
+ - build-recursor-docs
+
+ build-dnsdist-docs:
+ docker:
+ - image: debian:stretch
+ steps:
+ - checkout-shallow
+ - install-doc-deps
+ - build-dnsdist-docs
+
coverity-auth:
docker:
- image: debian:stretch
- test-recursor-api:
requires:
- build-recursor
+
+ build-docs:
+ jobs:
+ - build-auth-docs
+ - build-recursor-docs
+ - build-dnsdist-docs
{ "addAction", true, "DNS rule, DNS action [, {uuid=\"UUID\"}]", "add a rule" },
{ "addBPFFilterDynBlocks", true, "addresses, dynbpf[[, seconds=10], msg]", "This is the eBPF equivalent of addDynBlocks(), blocking a set of addresses for (optionally) a number of seconds, using an eBPF dynamic filter" },
{ "addConsoleACL", true, "netmask", "add a netmask to the console ACL" },
- { "addDNSCryptBind", true, "\"127.0.0.1:8443\", \"provider name\", \"/path/to/resolver.cert\", \"/path/to/resolver.key\", {reusePort=false, tcpFastOpenSize=0, interface=\"\", cpus={}}", "listen to incoming DNSCrypt queries on 127.0.0.1 port 8443, with a provider name of `provider name`, using a resolver certificate and associated key stored respectively in the `resolver.cert` and `resolver.key` files. The fifth optional parameter is a table of parameters" },
+ { "addDNSCryptBind", true, "\"127.0.0.1:8443\", \"provider name\", \"/path/to/resolver.cert\", \"/path/to/resolver.key\", {reusePort=false, tcpFastOpenQueueSize=0, interface=\"\", cpus={}}", "listen to incoming DNSCrypt queries on 127.0.0.1 port 8443, with a provider name of `provider name`, using a resolver certificate and associated key stored respectively in the `resolver.cert` and `resolver.key` files. The fifth optional parameter is a table of parameters" },
{ "addDOHLocal", true, "addr, certFile, keyFile [, urls [, vars]]", "listen to incoming DNS over HTTPS queries on the specified address using the specified certificate and key. The last two parameters are tables" },
{ "addDynBlocks", true, "addresses, message[, seconds[, action]]", "block the set of addresses with message `msg`, for `seconds` seconds (10 by default), applying `action` (default to the one set with `setDynBlocksAction()`)" },
{ "addDynBlockSMT", true, "names, msessage[, seconds [, action]]", "block the set of names with message `msg`, for `seconds` seconds (10 by default), applying `action` (default to the one set with `setDynBlocksAction()`)" },
- { "addLocal", true, "addr [, {doTCP=true, reusePort=false, tcpFastOpenSize=0, interface=\"\", cpus={}}]", "add `addr` to the list of addresses we listen on" },
+ { "addLocal", true, "addr [, {doTCP=true, reusePort=false, tcpFastOpenQueueSize=0, interface=\"\", cpus={}}]", "add `addr` to the list of addresses we listen on" },
{ "addCacheHitResponseAction", true, "DNS rule, DNS response action [, {uuid=\"UUID\"}]", "add a cache hit response rule" },
{ "addResponseAction", true, "DNS rule, DNS response action [, {uuid=\"UUID\"}]", "add a response rule" },
{ "addSelfAnsweredResponseAction", true, "DNS rule, DNS response action [, {uuid=\"UUID\"}]", "add a self-answered response rule" },
{ "setECSSourcePrefixV4", true, "prefix-length", "the EDNS Client Subnet prefix-length used for IPv4 queries" },
{ "setECSSourcePrefixV6", true, "prefix-length", "the EDNS Client Subnet prefix-length used for IPv6 queries" },
{ "setKey", true, "key", "set access key to that key" },
- { "setLocal", true, "addr [, {doTCP=true, reusePort=false, tcpFastOpenSize=0, interface=\"\", cpus={}}]", "reset the list of addresses we listen on to this address" },
+ { "setLocal", true, "addr [, {doTCP=true, reusePort=false, tcpFastOpenQueueSize=0, interface=\"\", cpus={}}]", "reset the list of addresses we listen on to this address" },
{ "setMaxTCPClientThreads", true, "n", "set the maximum of TCP client threads, handling TCP connections" },
{ "setMaxTCPConnectionDuration", true, "n", "set the maximum duration of an incoming TCP connection, in seconds. 0 means unlimited" },
{ "setMaxTCPConnectionsPerClient", true, "n", "set the maximum number of TCP connections per client. 0 means unlimited" },
/depcomp
/dnsdist.1
/dnslabeltext.cc
+/ext/ipcrypt/Makefile
+/ext/ipcrypt/Makefile.in
/ext/yahttp/Makefile
/ext/yahttp/Makefile.in
/ext/yahttp/yahttp/Makefile
:version: 1.4.0-beta1
:released: 6th of June 2019
- .. change::
+ .. change::
:tags: Bug Fixes, DoH
:pullreq: 7814
:tickets: 7810
* ``doTCP=true``: bool - Also bind on TCP on ``address``.
* ``reusePort=false``: bool - Set the ``SO_REUSEPORT`` socket option.
- * ``tcpFastOpenSize=0``: int - Set the TCP Fast Open queue size, enabling TCP Fast Open when available and the value is larger than 0.
+ * ``tcpFastOpenQueueSize=0``: int - Set the TCP Fast Open queue size, enabling TCP Fast Open when available and the value is larger than 0.
* ``interface=""``: str - Set the network interface to use.
* ``cpus={}``: table - Set the CPU affinity for this listener thread, asking the scheduler to run it on a single CPU id, or a set of CPU ids. This parameter is only available if the OS provides the pthread_setaffinity_np() function.
The default port is 443.
:param str certFile(s): The path to a X.509 certificate file in PEM format, or a list of paths to such files.
:param str keyFile(s): The path to the private key file corresponding to the certificate, or a list of paths to such files, whose order should match the certFile(s) ones.
- :param str or list urls: A base URL, or a list of base URLs, to accept queries on. Any query with a path under one of these will be treated as a DoH query. The default is /.
+ :param str-or-list urls: A base URL, or a list of base URLs, to accept queries on. Any query with a path under one of these will be treated as a DoH query. The default is /.
:param table options: A table with key: value pairs with listen options.
Options:
* ``reusePort=false``: bool - Set the ``SO_REUSEPORT`` socket option.
- * ``tcpFastOpenSize=0``: int - Set the TCP Fast Open queue size, enabling TCP Fast Open when available and the value is larger than 0.
+ * ``tcpFastOpenQueueSize=0``: int - Set the TCP Fast Open queue size, enabling TCP Fast Open when available and the value is larger than 0.
* ``interface=""``: str - Set the network interface to use.
* ``cpus={}``: table - Set the CPU affinity for this listener thread, asking the scheduler to run it on a single CPU id, or a set of CPU ids. This parameter is only available if the OS provides the pthread_setaffinity_np() function.
* ``idleTimeout=30``: int - Set the idle timeout, in seconds.
Options:
* ``reusePort=false``: bool - Set the ``SO_REUSEPORT`` socket option.
- * ``tcpFastOpenSize=0``: int - Set the TCP Fast Open queue size, enabling TCP Fast Open when available and the value is larger than 0.
+ * ``tcpFastOpenQueueSize=0``: int - Set the TCP Fast Open queue size, enabling TCP Fast Open when available and the value is larger than 0.
* ``interface=""``: str - Set the network interface to use.
* ``cpus={}``: table - Set the CPU affinity for this listener thread, asking the scheduler to run it on a single CPU id, or a set of CPU ids. This parameter is only available if the OS provides the pthread_setaffinity_np() function.
* ``provider``: str - The TLS library to use between GnuTLS and OpenSSL, if they were available and enabled at compilation time.
If this function exists, it is called every second to so regular tasks.
This can be used for e.g. :doc:`Dynamic Blocks <../guides/dynblocks>`.
-.. function: setAllowEmptyResponse()
+.. function:: setAllowEmptyResponse()
.. versionadded:: 1.4.0
Set to true (defaults to false) to allow empty responses (qdcount=0) with a NoError or NXDomain rcode (default) from backends. dnsdist drops these responses by default because it can't match them against the initial query since they don't contain the qname, qtype and qclass, and therefore the risk of collision is much higher than with regular responses.
+.. function:: makeIPCipherKey(password) -> string
+
+ .. versionadded:: 1.4.0
+
+ Hashes the password to generate a 16-byte key that can be used to pseudonymize IP addresses with IP cipher.
+
DOHFrontend
~~~~~~~~~~~
* ``doTCP=true``: bool - Also bind on TCP on ``address``.
* ``reusePort=false``: bool - Set the ``SO_REUSEPORT`` socket option.
- * ``tcpFastOpenSize=0``: int - Set the TCP Fast Open queue size, enabling TCP Fast Open when available and the value is larger than 0
+ * ``tcpFastOpenQueueSize=0``: int - Set the TCP Fast Open queue size, enabling TCP Fast Open when available and the value is larger than 0
* ``interface=""``: str - Sets the network interface to use
* ``cpus={}``: table - Set the CPU affinity for this listener thread, asking the scheduler to run it on a single CPU id, or a set of CPU ids. This parameter is only available if the OS provides the pthread_setaffinity_np() function.
.. attribute:: DNSQuestion.qclass
QClass (as an unsigned integer) of this question.
- Can be compared against :ref:`DNSQClass`.
+ Can be compared against :ref:`DNSClass`.
.. attribute:: DNSQuestion.qname
All parameters to ``func`` are integers:
- ``section`` is the section in the packet and can be compared to :ref:`DNSSection`
- - ``qclass`` is the QClass of the record. Can be compared to :ref:`DNSQClass`
+ - ``qclass`` is the QClass of the record. Can be compared to :ref:`DNSClass`
- ``qtype`` is the QType of the record. Can be e.g. compared to ``DNSQType.A``, ``DNSQType.AAAA`` :ref:`constants <DNSQType>` and the like.
- ``ttl`` is the current TTL
Options:
* ``serverID=""``: str - Set the Server Identity field.
- * ``ipEncryptKey=""``: str - A key, that can be generated via the :ref:`makeIPCipherKey` function, to encrypt the IP address of the requestor for anonymization purposes. The encryption is done using ipcrypt for IPv4 and a 128-bit AES ECB operation for IPv6.
+ * ``ipEncryptKey=""``: str - A key, that can be generated via the :func:`makeIPCipherKey` function, to encrypt the IP address of the requestor for anonymization purposes. The encryption is done using ipcrypt for IPv4 and a 128-bit AES ECB operation for IPv6.
.. function:: RemoteLogResponseAction(remoteLogger[, alterFunction[, includeCNAME [, options]]])
Options:
* ``serverID=""``: str - Set the Server Identity field.
- * ``ipEncryptKey=""``: str - A key, that can be generated via the :ref:`makeIPCipherKey` function, to encrypt the IP address of the requestor for anonymization purposes. The encryption is done using ipcrypt for IPv4 and a 128-bit AES ECB operation for IPv6.
+ * ``ipEncryptKey=""``: str - A key, that can be generated via the :func:`makeIPCipherKey` function, to encrypt the IP address of the requestor for anonymization purposes. The encryption is done using ipcrypt for IPv4 and a 128-bit AES ECB operation for IPv6.
.. function:: SetECSAction(v4 [, v6])
return "PONG";
}
-string DLShowHandler(const vector<string>&parts, Utility::pid_t ppid)
-try
-{
- extern StatBag S;
- string ret("Wrong number of parameters");
- if(parts.size()==2) {
- if(parts[1]=="*")
- ret=S.directory();
- else
- ret=S.getValueStr(parts[1]);
- }
+string DLShowHandler(const vector<string>&parts, Utility::pid_t ppid) {
+ try {
+ extern StatBag S;
+ string ret("Wrong number of parameters");
+ if (parts.size() == 2) {
+ if (parts[1] == "*")
+ ret = S.directory();
+ else
+ ret = S.getValueStr(parts[1]);
+ }
- return ret;
-}
-catch(...)
-{
- return "Unknown";
+ return ret;
+ }
+ catch (...) {
+ return "Unknown";
+ }
}
void setStatus(const string &str)
}
declareStats();
+ S.blacklist("special-memory-usage");
+
DLOG(g_log<<Logger::Warning<<"Verbose logging in effect"<<endl);
showProductVersion();
ostringstream o;
for(const auto& i: d_stats) {
+ if (d_blacklist.find(i.first) != d_blacklist.end())
+ continue;
o<<i.first<<"="<<*(i.second)<<",";
}
for(const funcstats_t::value_type& val : d_funcstats) {
+ if (d_blacklist.find(val.first) != d_blacklist.end())
+ continue;
o << val.first<<"="<<val.second(val.first)<<",";
}
dir=o.str();
vector<string> ret;
for(const auto& i: d_stats) {
- ret.push_back(i.first);
+ if (d_blacklist.find(i.first) != d_blacklist.end())
+ continue;
+ ret.push_back(i.first);
}
for(const funcstats_t::value_type& val : d_funcstats) {
+ if (d_blacklist.find(val.first) != d_blacklist.end())
+ continue;
ret.push_back(val.first);
}
return d_rings.count(name) || d_comborings.count(name) || d_dnsnameqtyperings.count(name);
}
+void StatBag::blacklist(const string& str) {
+ d_blacklist.insert(str);
+}
+
template class StatRing<std::string, CIStringCompare>;
template class StatRing<SComboAddress>;
template class StatRing<std::tuple<DNSName, QType> >;
typedef map<string, func_t> funcstats_t;
funcstats_t d_funcstats;
bool d_doRings;
+ std::set<string> d_blacklist;
public:
StatBag(); //!< Naked constructor. You need to declare keys before this class becomes useful
AtomicCounter *getPointer(const string &key); //!< get a direct pointer to the value behind a key. Use this for high performance increments
string getValueStr(const string &key); //!< read a value behind a key, and return it as a string
string getValueStrZero(const string &key); //!< read a value behind a key, and return it as a string, and zero afterwards
+ void blacklist(const string &str);
};
inline void StatBag::deposit(const string &key, int value)