]>
git.ipfire.org Git - thirdparty/pdns.git/log
Peter van Dijk [Fri, 20 Mar 2020 23:25:41 +0000 (00:25 +0100)]
Merge pull request #8916 from Habbie/lmdb-namespaces-fbsd
auth lmdb: avoid blanket std import; fixes #8872
Remi Gacogne [Fri, 20 Mar 2020 12:52:29 +0000 (13:52 +0100)]
Merge pull request #8953 from rgacogne/ddist-150a1
dnsdist: Update ChangeLog and secpoll for 1.5.0-alpha1
Remi Gacogne [Fri, 20 Mar 2020 08:09:52 +0000 (09:09 +0100)]
Merge pull request #8952 from rgacogne/ddist-document-xpf-proxy
dnsdist: Add more documentation about XPF and the Proxy Protocol
Remi Gacogne [Fri, 20 Mar 2020 08:08:49 +0000 (09:08 +0100)]
Merge pull request #8954 from rgacogne/ddist-string-ref
dnsdist: Fix compilation issues with older boost::string_ref and string_view
Remi Gacogne [Thu, 19 Mar 2020 16:35:06 +0000 (17:35 +0100)]
dnsdist: Fix compilation issues with older boost::string_ref and string_view
Remi Gacogne [Thu, 19 Mar 2020 16:34:29 +0000 (17:34 +0100)]
dnsdist: Add missing changelog tags to the documentation
Remi Gacogne [Thu, 19 Mar 2020 16:12:02 +0000 (17:12 +0100)]
Update secpoll for dnsdist 1.5.0-alpha1
Remi Gacogne [Thu, 19 Mar 2020 16:11:33 +0000 (17:11 +0100)]
dnsdist: Update ChangeLog for 1.5.0-alpha1
Remi Gacogne [Thu, 19 Mar 2020 14:42:45 +0000 (15:42 +0100)]
dnsdist: Fix a broken reference in the documentation
Remi Gacogne [Thu, 19 Mar 2020 14:42:09 +0000 (15:42 +0100)]
dnsdist: Add more documentation about XPF and the Proxy Protocol
Remi Gacogne [Thu, 19 Mar 2020 12:46:31 +0000 (13:46 +0100)]
Merge pull request #8950 from rgacogne/ddist-warn-low-weight
dnsdist: Warn on startup about low weight values with chashed
Remi Gacogne [Thu, 19 Mar 2020 10:45:10 +0000 (11:45 +0100)]
Merge pull request #8945 from rgacogne/ddist-x-forwarded-for
dnsdist: Add support for the processing of X-Forwarded-For headers
Remi Gacogne [Thu, 19 Mar 2020 10:37:07 +0000 (11:37 +0100)]
dnsdist: Warn on startup about low weight values with chashed
Remi Gacogne [Thu, 19 Mar 2020 09:41:41 +0000 (10:41 +0100)]
Merge pull request #8923 from atoomic/daemon-reload
Reload systemctl service on updates
Remi Gacogne [Thu, 19 Mar 2020 08:58:36 +0000 (09:58 +0100)]
Merge pull request #8947 from rgacogne/ddist-doc-delay
dnsdist: Clarify how DelayResponseAction differs from DelayAction
Remi Gacogne [Thu, 19 Mar 2020 08:58:10 +0000 (09:58 +0100)]
Merge pull request #8948 from rgacogne/ddist-doc-set-smt-rule
dnsdist: Document DynBlockRulesGroup:setSuffixMatchRule
Remi Gacogne [Thu, 19 Mar 2020 08:56:32 +0000 (09:56 +0100)]
Merge pull request #8949 from rgacogne/ddist-doh-rotation-delay
dnsdist: Set the DoH ticket rotation delay before loading tickets
Remi Gacogne [Wed, 18 Mar 2020 16:47:49 +0000 (17:47 +0100)]
dnsdist: Set the DoH ticket rotation delay before loading tickets
Before that change, we could have loaded DoH STEK from a file without
properly setting the next rotation, causing a ticket rotation to
happen during the first TLS session establishment.
This can be prevented by setting `ticketsKeysRotationDelay=0`.
Remi Gacogne [Wed, 18 Mar 2020 15:35:52 +0000 (16:35 +0100)]
dnsdist: Document DynBlockRulesGroup:setSuffixMatchRule
Remi Gacogne [Wed, 18 Mar 2020 14:42:27 +0000 (15:42 +0100)]
dnsdist: Clarify how DelayResponseAction differs from DelayAction
Remi Gacogne [Wed, 18 Mar 2020 14:34:12 +0000 (15:34 +0100)]
Merge pull request #8927 from rgacogne/rec-rpz-tags
rec: Add custom tags to RPZ hits
Otto Moerbeek [Wed, 18 Mar 2020 14:33:33 +0000 (15:33 +0100)]
Merge pull request #8946 from omoerbeek/rec-buildbot-test
rec: test now uses rec_control, so supply location of the executable
Otto Moerbeek [Wed, 18 Mar 2020 14:22:49 +0000 (15:22 +0100)]
Test now uses rec_control, so supply location of the executable
Remi Gacogne [Wed, 18 Mar 2020 13:07:57 +0000 (14:07 +0100)]
dnsdist: Add support for the processing of X-Forwarded-For headers
aerique [Wed, 18 Mar 2020 11:54:02 +0000 (12:54 +0100)]
Merge pull request #8938 from Habbie/auth-4.3.0-rc2-docs
auth: secpoll&changelog for 4.3.0-rc2
Remi Gacogne [Tue, 17 Mar 2020 13:08:30 +0000 (14:08 +0100)]
rec: Only account RPZ truncation actions over UDP
Since they will be ignored over TCP anyway.
Remi Gacogne [Tue, 17 Mar 2020 10:12:52 +0000 (11:12 +0100)]
rec: Fix const-ness in DNSFilterEngine
Co-Authored-By: Otto Moerbeek <otto.moerbeek@open-xchange.com>
Remi Gacogne [Tue, 17 Mar 2020 10:12:35 +0000 (11:12 +0100)]
rec: Fix const-ness in DNSFilterEngine
Co-Authored-By: Otto Moerbeek <otto.moerbeek@open-xchange.com>
Remi Gacogne [Fri, 13 Mar 2020 14:33:47 +0000 (15:33 +0100)]
rec: Add custom tags to RPZ hits
This commit adds the possibility to set custom tags to a RPZ zone,
adding these tags to the policy ones (that can be set with Lua)
when a policy matches.
It does so by creating a new PolicyZoneData object that is shared
between the zone and all the policies that it holds, in order to
- avoid duplicating the name, priority and tags for each policy ;
- prevent a circular dependency between shared pointers for the zone
and its policies.
It also refactors the handling of RPZ policy hits in `startDoResolve()`
to remove some code duplication.
Remi Gacogne [Wed, 18 Mar 2020 08:43:14 +0000 (09:43 +0100)]
Merge pull request #8944 from Leo-Neat/master
Turning dry_run off for CIFuzz
Leo Neat [Tue, 17 Mar 2020 23:14:00 +0000 (16:14 -0700)]
Turning dry_run off for CIFuzz
Remi Gacogne [Tue, 17 Mar 2020 15:55:22 +0000 (16:55 +0100)]
Merge pull request #8874 from rgacogne/ddist-proxy-protocol
Add support for Proxy Protocol between dnsdist and the recursor
Nicolas R [Thu, 12 Mar 2020 16:48:39 +0000 (10:48 -0600)]
Reload systemctl service on install and updates
Fix GH #8922
Make sure systemd is reloading the updated definition
of a service on updates and first installation.
Remi Gacogne [Mon, 16 Mar 2020 10:31:59 +0000 (11:31 +0100)]
rec: Clarify the behavior of the Proxy Protocol feature
Co-Authored-By: Otto Moerbeek <otto.moerbeek@open-xchange.com>
Remi Gacogne [Mon, 16 Mar 2020 10:31:18 +0000 (11:31 +0100)]
rec: Fix a typo in the `proxy-protocol-from` documentation
Co-Authored-By: Otto Moerbeek <otto.moerbeek@open-xchange.com>
Remi Gacogne [Mon, 16 Mar 2020 10:29:33 +0000 (11:29 +0100)]
Add fuzz_target_proxyprotocol to the git ignore list
Remi Gacogne [Fri, 13 Mar 2020 18:07:02 +0000 (19:07 +0100)]
Add a fuzzing target for the Proxy Protocol v2 parser
Remi Gacogne [Fri, 13 Mar 2020 15:58:29 +0000 (16:58 +0100)]
sdig: Document Proxy Protocol options
Remi Gacogne [Fri, 13 Mar 2020 15:52:37 +0000 (16:52 +0100)]
rec: Clarify interactions between 'allow-from' and the proxy protocol
Remi Gacogne [Fri, 13 Mar 2020 15:51:58 +0000 (16:51 +0100)]
rec: Apply Otto's suggestions made during code review
Remi Gacogne [Fri, 13 Mar 2020 15:39:21 +0000 (16:39 +0100)]
rec: Fix the version when for proxy protocol values were added to gettag
Remi Gacogne [Fri, 13 Mar 2020 15:38:24 +0000 (16:38 +0100)]
Fix Lua proxy protocol values syntax in the documentation
Remi Gacogne [Fri, 13 Mar 2020 15:34:48 +0000 (16:34 +0100)]
rec: Remove duplicate DNSQuestion:getPolicyTags() entry in the doc
Remi Gacogne [Fri, 13 Mar 2020 15:32:40 +0000 (16:32 +0100)]
Prevent an overflow of the proxy protocol header size
Remi Gacogne [Wed, 4 Mar 2020 13:03:32 +0000 (14:03 +0100)]
dnsdist: Only reuse an existing TCP connection if the same server was selected
Remi Gacogne [Tue, 3 Mar 2020 15:45:39 +0000 (16:45 +0100)]
dnsdist: Keep the TCP connection to a backend when there is no TLV
Remi Gacogne [Mon, 2 Mar 2020 16:17:46 +0000 (17:17 +0100)]
rec: Keep Proxy Protocol values between queries on the same connection
Remi Gacogne [Mon, 2 Mar 2020 15:46:46 +0000 (16:46 +0100)]
dnsdist: Don't reuse Proxy Protocol-enabled TCP connections to backends
Remi Gacogne [Fri, 28 Feb 2020 14:24:19 +0000 (15:24 +0100)]
rec: Fix a typo in one of the comment, reported by Habbie (thx!)
Remi Gacogne [Thu, 27 Feb 2020 11:34:23 +0000 (12:34 +0100)]
rec: Enforce 'proxy-protocol-maximum-size'
Remi Gacogne [Wed, 26 Feb 2020 11:20:00 +0000 (12:20 +0100)]
rec: Add regression tests for the proxy protocol
Remi Gacogne [Tue, 25 Feb 2020 10:04:59 +0000 (11:04 +0100)]
dnsdist: Make the Proxy Protocol tests compatible with Python 2
Remi Gacogne [Mon, 24 Feb 2020 15:28:15 +0000 (16:28 +0100)]
dnsdist: Add setProxyProtocolValuesAction()
Remi Gacogne [Mon, 24 Feb 2020 14:40:22 +0000 (15:40 +0100)]
dnsdist: Add regression tests for the proxy protocol
Remi Gacogne [Fri, 21 Feb 2020 18:07:26 +0000 (19:07 +0100)]
dnsdist: Add a proxy protocol header to DoH queries as well
Remi Gacogne [Thu, 27 Feb 2020 13:37:30 +0000 (14:37 +0100)]
rec: Add documentation for the new settings and Lua bindings
Remi Gacogne [Wed, 26 Feb 2020 17:25:24 +0000 (18:25 +0100)]
rec: Export Proxy Protocol values to gettag hooks
Remi Gacogne [Thu, 20 Feb 2020 11:12:15 +0000 (12:12 +0100)]
rec: Drop truncated UDP dgrams. Only accept large packets w/ proxy
Remi Gacogne [Thu, 20 Feb 2020 11:11:34 +0000 (12:11 +0100)]
Add proxy protocol unit tests, fix some parsing issues
Remi Gacogne [Wed, 19 Feb 2020 14:15:38 +0000 (15:15 +0100)]
Implement support for 'LOCAL' proxy protocol command
Remi Gacogne [Thu, 20 Feb 2020 11:13:55 +0000 (12:13 +0100)]
dnsdist: Run the proxy protocol unit tests
Remi Gacogne [Thu, 27 Feb 2020 13:40:30 +0000 (14:40 +0100)]
rec: Add support for TLV values
Remi Gacogne [Thu, 27 Feb 2020 13:40:23 +0000 (14:40 +0100)]
dnsdist: Add TLV support
Remi Gacogne [Thu, 27 Feb 2020 13:40:14 +0000 (14:40 +0100)]
rec: Parse incoming proxy protocol
Remi Gacogne [Thu, 20 Feb 2020 14:13:00 +0000 (15:13 +0100)]
dnsdist: Initial implementation of outgoing proxy protocol
Peter van Dijk [Wed, 5 Feb 2020 12:47:52 +0000 (13:47 +0100)]
sdig stdin: attempt to decode proxy headers
Peter van Dijk [Wed, 5 Feb 2020 12:10:41 +0000 (13:10 +0100)]
sdig: add basic TCP support to stdin packet parsing
Peter van Dijk [Tue, 22 Oct 2019 17:58:50 +0000 (19:58 +0200)]
proxy protocol first steps
Peter van Dijk [Tue, 22 Oct 2019 17:01:49 +0000 (19:01 +0200)]
sdig manpage: fix typo
Remi Gacogne [Tue, 17 Mar 2020 10:51:33 +0000 (11:51 +0100)]
Merge pull request #8937 from rgacogne/ddist-fstrm-options
dnsdist: Make FrameStream IO parameters configurable
Peter van Dijk [Mon, 16 Mar 2020 11:51:19 +0000 (12:51 +0100)]
auth: secpoll&changelog for 4.3.0-rc2
Remi Gacogne [Mon, 16 Mar 2020 10:24:06 +0000 (11:24 +0100)]
rec: Fix typos in the documentation of the FrameStream configuration
Remi Gacogne [Mon, 16 Mar 2020 10:23:11 +0000 (11:23 +0100)]
dnsdist: Make FrameStream IO parameters configurable
Peter van Dijk [Mon, 16 Mar 2020 09:04:41 +0000 (10:04 +0100)]
Merge pull request #8925 from RobinGeuze/fixNSEC3ForUnpublishedDNSKEYs
Fix it so NSEC and NSEC3 records if there are no published DNSKEY's
Peter van Dijk [Sun, 15 Mar 2020 21:16:39 +0000 (22:16 +0100)]
Merge pull request #8933 from yantarou/typo_fix
Fix typo
Jan Hilberath [Sun, 15 Mar 2020 10:51:09 +0000 (19:51 +0900)]
Fix typo
Robin Geuze [Sat, 14 Mar 2020 11:24:35 +0000 (12:24 +0100)]
Also only add CDS and CDNSKEY to the type map in case we have published DNSKEY's
Peter van Dijk [Fri, 13 Mar 2020 20:51:51 +0000 (21:51 +0100)]
Merge pull request #8929 from mind04/pdns-cache-clean
auth: make sure we look at 10% of all cached items during cleanup
Kees Monshouwer [Thu, 12 Mar 2020 18:17:19 +0000 (19:17 +0100)]
auth: make sure we look at 10% of all cached items during cleanup
Robin Geuze [Fri, 13 Mar 2020 12:09:10 +0000 (13:09 +0100)]
Fix it so NSEC and NSEC3 records will not include DNSKEY in the typemap if there are no published DNSKEY records
Remi Gacogne [Thu, 12 Mar 2020 09:31:41 +0000 (10:31 +0100)]
Merge pull request #8909 from rgacogne/ddist-bounded-load-weight
dnsdist: Implement bounded loads for the whashed and wrandom policies
Peter van Dijk [Mon, 9 Mar 2020 18:10:00 +0000 (19:10 +0100)]
auth lmdb: avoid blanket std import; fixes #8872
Peter van Dijk [Mon, 9 Mar 2020 16:59:01 +0000 (17:59 +0100)]
Merge pull request #8908 from Habbie/auth-malloc-arena
auth docs: talk about glibc & MALLOC_ARENA_MAX
Remi Gacogne [Mon, 9 Mar 2020 10:32:54 +0000 (11:32 +0100)]
Merge pull request #8900 from rgacogne/openssl-libssl-detection
Detect {Libre,Open}SSL functions availability during configure
Remi Gacogne [Mon, 9 Mar 2020 09:07:40 +0000 (10:07 +0100)]
Merge pull request #8887 from rgacogne/remote-logger-keep-queueing-reconnect
Better handling of reconnections in Remote Logger (dnsdist, rec)
Remi Gacogne [Fri, 6 Mar 2020 16:26:50 +0000 (17:26 +0100)]
dnsdist: Make sure that the bounded-load factor is >= .0
Remi Gacogne [Fri, 6 Mar 2020 16:18:25 +0000 (17:18 +0100)]
dnsdist: Fix mistake in the bounded-load documentation of chashed
Remi Gacogne [Fri, 6 Mar 2020 11:00:46 +0000 (12:00 +0100)]
dnsdist: Implement bounded loads for the whashed and wrandom policies
Also make sure that the chashed implementation respects the weights,
and properly handle backends that are not available during the
bounds computation.
Remi Gacogne [Fri, 6 Mar 2020 14:17:45 +0000 (15:17 +0100)]
Remote Logger: Add comments and catch() advised by Otto during review
Also remove the now unused d_maxQueuedBytes field.
Remi Gacogne [Tue, 3 Mar 2020 11:24:34 +0000 (12:24 +0100)]
Better handling of reconnections in Remote Logger (dnsdist, rec)
- Do not lock while trying to reconnect ;
- Try to reconnect right away if the disconnection was detected in
the maintenance thread ;
- Keep queueing messages when the connection has been lost, until
the buffer gets full.
Peter van Dijk [Fri, 6 Mar 2020 10:13:54 +0000 (11:13 +0100)]
also note new syntax
Peter van Dijk [Fri, 6 Mar 2020 10:03:18 +0000 (11:03 +0100)]
auth docs: talk about glibc & MALLOC_ARENA_MAX
Otto Moerbeek [Fri, 6 Mar 2020 06:16:11 +0000 (07:16 +0100)]
Merge pull request #8898 from omoerbeek/rec-shared-cache-only
Rec: share record cache between threads
Otto Moerbeek [Fri, 6 Mar 2020 06:10:29 +0000 (07:10 +0100)]
Merge pull request #8902 from Habbie/doc-6373
rec: note dnstap for auth communication in changelog
Remi Gacogne [Thu, 5 Mar 2020 22:04:50 +0000 (23:04 +0100)]
Merge pull request #8901 from rgacogne/ddist-docs-8683
dnsdist: Fix documentation for functions removed in 1.3.0
Remi Gacogne [Thu, 5 Mar 2020 22:04:34 +0000 (23:04 +0100)]
Merge pull request #8903 from rgacogne/ddist-7950-unused-lamba-capture
dnsdist: Fix 'unused lambda capture' warning without DoH or DoT
Remi Gacogne [Thu, 5 Mar 2020 22:04:21 +0000 (23:04 +0100)]
Merge pull request #8905 from rgacogne/ddist-dns-query-default
dnsdist: Change the default DoH path from / to /dns-query
Peter van Dijk [Thu, 5 Mar 2020 21:42:15 +0000 (22:42 +0100)]
Merge pull request #8907 from Habbie/backport-8714-to-auth-4.3.x
auth-4.3: Reduce the number of temporary memory allocations
Remi Gacogne [Mon, 17 Feb 2020 14:08:21 +0000 (15:08 +0100)]
Move the logic of validDNSName to DNSName::has8bitBytes()
(cherry picked from commit
bf7ef5b4ee0ce310db0a3761a8250f86a5fea20d )
Remi Gacogne [Thu, 30 Jan 2020 14:12:57 +0000 (15:12 +0100)]
auth: Skip the construction of a root DNSName when possible
(cherry picked from commit
020b94c9e00434a509b8f46af070afb2f2afa4b5 )