]>
git.ipfire.org Git - thirdparty/pdns.git/log
Peter van Dijk [Mon, 27 Jan 2020 20:25:12 +0000 (21:25 +0100)]
Merge pull request #8594 from Habbie/default-publish-cds
auth: add default-publish-{cds|cdnskey} options
Peter van Dijk [Mon, 27 Jan 2020 12:00:03 +0000 (13:00 +0100)]
auth: add default-publish-cds test
Peter van Dijk [Mon, 27 Jan 2020 13:53:20 +0000 (14:53 +0100)]
Merge pull request #8744 from zeha/lua-mandatory
Make Lua mandatory for Auth
Peter van Dijk [Mon, 27 Jan 2020 11:03:33 +0000 (12:03 +0100)]
Merge pull request #8680 from rgacogne/auth-bindbackend-records-cleanup
auth: Make it clearer that records are never altered, only replaced
Peter van Dijk [Mon, 27 Jan 2020 09:40:33 +0000 (10:40 +0100)]
Merge pull request #8681 from rgacogne/auth-stats-rings-size
auth: Add metrics about the size of our in-memory rings
Peter van Dijk [Mon, 27 Jan 2020 08:29:01 +0000 (09:29 +0100)]
auth circleci: build with lua2backend and LUA records
Chris Hofstaedtler [Sat, 25 Jan 2020 22:45:45 +0000 (23:45 +0100)]
Update docs
Chris Hofstaedtler [Sat, 25 Jan 2020 22:34:14 +0000 (23:34 +0100)]
Make Lua mandatory for Auth
Peter van Dijk [Fri, 24 Jan 2020 14:48:55 +0000 (15:48 +0100)]
Merge pull request #8659 from rgacogne/auth-dnsseckeeper-clear-static
auth: Make DNSSECKeeper::clear{All,}Caches() static
Peter van Dijk [Fri, 24 Jan 2020 14:46:56 +0000 (15:46 +0100)]
Merge pull request #8628 from mind04/pdns-place
auth: make sure get() is always returning the default value for d_place
Peter van Dijk [Fri, 24 Jan 2020 12:46:08 +0000 (13:46 +0100)]
Merge pull request #8627 from zeha/psql-no-prep
gpgsqlbackend: Avoid actually prepared statements
Pieter Lexis [Fri, 24 Jan 2020 07:43:05 +0000 (08:43 +0100)]
Merge pull request #8735 from Habbie/doc-dnssec-ttls
auth dnssec docs: some notes on TTL usage
Peter van Dijk [Thu, 23 Jan 2020 23:05:52 +0000 (00:05 +0100)]
Merge pull request #8474 from omoerbeek/auth-fix-logging-no-cache
auth: Fix auth logging if no packet cache; from Habbie
Peter van Dijk [Thu, 23 Jan 2020 22:36:28 +0000 (23:36 +0100)]
Merge pull request #8713 from rgacogne/auth-strict-caches-size
auth: Enforce a strict maximum size for the packet and records caches
Remi Gacogne [Wed, 22 Jan 2020 14:59:13 +0000 (15:59 +0100)]
Merge pull request #8733 from rgacogne/ddist-openssl-init
dnsdist: Load an openssl configuration file, if any, during startup
Peter van Dijk [Wed, 22 Jan 2020 12:19:22 +0000 (13:19 +0100)]
auth dnssec docs: some notes on TTL usage
Remi Gacogne [Wed, 22 Jan 2020 12:10:21 +0000 (13:10 +0100)]
dnsdist: LibreSSL introduced automatic thread-specific callbacks
Otto Moerbeek [Wed, 22 Jan 2020 10:29:11 +0000 (11:29 +0100)]
Merge pull request #8729 from omoerbeek/rec-build-dnstap-debian
rec: Explicitly enable dnstap for debian-stretch and buster
Remi Gacogne [Tue, 21 Jan 2020 14:00:01 +0000 (15:00 +0100)]
dnsdist: Load an openssl configuration file, if any, during startup
This way dnsdist will load the default OpenSSL configuration, or a
custom one specified via the OPENSSL_CONF environment variable.
It allows loading an engine or configuration various options supported
by OpenSSL.
This requires OpenSSL >= 1.1.0.
Peter van Dijk [Tue, 21 Jan 2020 13:52:21 +0000 (14:52 +0100)]
Merge pull request #8331 from mind04/pdns-lmdb-cleanup
auth: lmdb-backend, remove duplicate code and some unused variables
Otto Moerbeek [Tue, 21 Jan 2020 10:10:39 +0000 (11:10 +0100)]
Merge pull request #8723 from rgacogne/rec-optout-unit-tests
rec: Add unit tests for the NSEC3 Opt-Out case
Otto Moerbeek [Tue, 21 Jan 2020 10:09:55 +0000 (11:09 +0100)]
Merge pull request #8718 from rgacogne/rec-fix-pb-source-port
Make ComboAddress::setPort() update the current object
Remi Gacogne [Tue, 21 Jan 2020 09:53:15 +0000 (10:53 +0100)]
rec: Bow to formatting gods
Remi Gacogne [Tue, 21 Jan 2020 09:25:40 +0000 (10:25 +0100)]
Fix braces formatting in pdns/recursordist/test-syncres_cc.cc
Co-Authored-By: Otto Moerbeek <otto.moerbeek@open-xchange.com>
Otto Moerbeek [Tue, 21 Jan 2020 09:13:03 +0000 (10:13 +0100)]
- Explcitly enable dnstap for debian-stretch and buster
- Fix inconsistent ref to stretch vs buster in ubuntu-bionic
Remi Gacogne [Mon, 20 Jan 2020 18:24:13 +0000 (19:24 +0100)]
rec: Add unit tests for the NSEC3 Opt-Out case
An Opt-Out NSEC3 only proves that there is no delegation, so we
should not consider a DS NODATA or a NXDOMAIN proved by that RR
secure but insecure.
This was fixed in
18c8faae6c67f734583c5c881d0d083d3253b49e and this
commit adds a few unit tests to cover the fix.
Otto Moerbeek [Mon, 20 Jan 2020 15:23:07 +0000 (16:23 +0100)]
Merge pull request #8720 from omoerbeek/dnsdist-fstrm-elpel8
dnsdist: EPEL 8 now has libfstrm-devel
Remi Gacogne [Mon, 20 Jan 2020 15:22:29 +0000 (16:22 +0100)]
Merge pull request #8556 from rgacogne/dnsdist-spoof-flags
dnsdist: Support setting the value of AA, AD and RA when self-generating answers
Otto Moerbeek [Mon, 20 Jan 2020 15:06:06 +0000 (16:06 +0100)]
EPEL 8 now has libfstrm-devel
Otto Moerbeek [Mon, 20 Jan 2020 14:37:44 +0000 (15:37 +0100)]
Merge pull request #8719 from omoerbeek/rec-fstrm-el8
rec: EPEL 8 now has libfstrm-devel
Otto Moerbeek [Mon, 20 Jan 2020 14:09:48 +0000 (15:09 +0100)]
Explicit--enable-dnstap, as suggested by lieter.
Otto Moerbeek [Mon, 20 Jan 2020 14:12:01 +0000 (15:12 +0100)]
Merge pull request #8688 from omoerbeek/rec-socketdir-message
rec: Give an explcit messsage if something is wrong with socket-dir
Otto Moerbeek [Mon, 20 Jan 2020 13:42:16 +0000 (14:42 +0100)]
Better function name as suggested by rgacogne.
Otto Moerbeek [Mon, 20 Jan 2020 13:04:34 +0000 (14:04 +0100)]
EPEL 8 now has libfstrm-devel
Pieter Lexis [Mon, 20 Jan 2020 12:38:42 +0000 (13:38 +0100)]
Merge pull request #8701 from pieterlexis/remote-support-also-notify
remote: Support ::alsoNotifies
Remi Gacogne [Mon, 20 Jan 2020 11:05:03 +0000 (12:05 +0100)]
Make ComboAddress::setPort() update the current object
Instead of creating a new one.
Remi Gacogne [Tue, 19 Nov 2019 14:18:19 +0000 (15:18 +0100)]
dnsdist: Update tests now that more actions default to RA=RD
Remi Gacogne [Tue, 19 Nov 2019 10:49:25 +0000 (11:49 +0100)]
dnsdist: Add response flags to ERCodeAction, HTTPStatusAction and RCodeAction
Remi Gacogne [Mon, 18 Nov 2019 16:37:07 +0000 (17:37 +0100)]
dnsdist: Add Lua bindings for the AA, AD and RA flags
Remi Gacogne [Mon, 18 Nov 2019 16:31:18 +0000 (17:31 +0100)]
dnsdist: Test setting the value of AA, AD and RA when spoofing
Remi Gacogne [Mon, 18 Nov 2019 16:14:04 +0000 (17:14 +0100)]
dnsdist: Support setting the value of AA, AD and RA when spoofing
Remi Gacogne [Mon, 20 Jan 2020 09:13:46 +0000 (10:13 +0100)]
Merge pull request #8705 from rgacogne/rec-rpz-order
rec: Fix precedence order for RPZ policies rules
Remi Gacogne [Mon, 20 Jan 2020 09:12:40 +0000 (10:12 +0100)]
Merge pull request #8657 from rgacogne/ddist-backend-uuid
dnsdist: Allow retrieving and deleting a backend via its UUID
Remi Gacogne [Mon, 20 Jan 2020 09:11:25 +0000 (10:11 +0100)]
Merge pull request #8491 from rgacogne/ddist-parallel-checks
dnsdist: Implement parallel health checks
Remi Gacogne [Mon, 20 Jan 2020 09:10:09 +0000 (10:10 +0100)]
Merge pull request #8456 from rgacogne/ddist-config-check-test
dnsdist: Separate the check-config and client modes
Remi Gacogne [Mon, 20 Jan 2020 09:09:04 +0000 (10:09 +0100)]
Merge pull request #8274 from rgacogne/dnsdist-rcode-ratio
dnsdist: Implement dynamic blocking on ratio of rcode/total responses
Remi Gacogne [Fri, 17 Jan 2020 14:36:45 +0000 (15:36 +0100)]
rec: Apply Otto's suggestion to distinguish which exact policy matched
Remi Gacogne [Fri, 17 Jan 2020 14:30:20 +0000 (15:30 +0100)]
rec: Remove now useless references to '-2' for RPZ hits
Remi Gacogne [Fri, 17 Jan 2020 13:56:27 +0000 (14:56 +0100)]
auth: Enforce a strict maximum size for the packet and records caches
Before this change, both the query and packet caches in the authoritative
server can exceed their maximum size by a lot, until the next cleaning
cycle.
This is particularly nasty since the current cleaning algorithm will
never remove entries from the cache until they expire, as opposed to
what we do in the recursor, for example, where we nuke the least-recently
used entries, even if they are still valid, when the cache is full.
This commit changes that by removing the least recently inserted or
updated entry from the cache after inserting a new one when the cache
is full, thus enforcing the maximum size more strictly.
Note that this is really the least recently inserted/updated and not
the least recently used one, as is done in the recursor. Having a
proper LRU in the auth would require acquering a write lock for a
simple lookup, instead of a potentially concurrent read-lock at the
moment. We might want to consider changing that at some point, as
a LRU might be fairer and the lock contention might be very small
since the caches are sharded.
Pieter Lexis [Tue, 14 Jan 2020 15:58:59 +0000 (16:58 +0100)]
remote: add ALSO-NOTIFY unit test
Otto Moerbeek [Thu, 16 Jan 2020 10:01:59 +0000 (11:01 +0100)]
Merge pull request #8700 from omoerbeek/rec-prep-4.3.0-beta2
rec: Prepare for recursor 4.3.0-beta2 release
Remi Gacogne [Thu, 16 Jan 2020 08:50:14 +0000 (09:50 +0100)]
Merge pull request #8708 from pieterlexis/dnsdist-doc-syntax-fix
dnsdist: Fix a versionchanged in the docs
Pieter Lexis [Thu, 16 Jan 2020 08:33:11 +0000 (09:33 +0100)]
dnsdist: Fix a versionchanged in the docs
Remi Gacogne [Wed, 15 Jan 2020 14:43:03 +0000 (15:43 +0100)]
rec: Add regression tests for RPZ ordering precedence rules
Remi Gacogne [Wed, 15 Jan 2020 13:38:45 +0000 (14:38 +0100)]
rec: Export the filtering policy type to Lua
Remi Gacogne [Wed, 15 Jan 2020 13:28:25 +0000 (14:28 +0100)]
rec: Only the first filtering policy should match
Subsequent ones should not be applied.
Also make sure that NSDNAME and NSIP triggers really stop the
processing of the query, instead of just causing the current NS to
be skipped.
Otto Moerbeek [Wed, 15 Jan 2020 11:50:10 +0000 (12:50 +0100)]
Merge pull request #8694 from omoerbeek/rec-fix-cxx14-warning
Fix ./syncres.hh:228:20: warning: initialized lambda captures are a C++14 extension
Otto Moerbeek [Wed, 15 Jan 2020 09:23:43 +0000 (10:23 +0100)]
Add PR 8704
Remi Gacogne [Wed, 15 Jan 2020 08:59:54 +0000 (09:59 +0100)]
Merge pull request #8702 from rgacogne/ddist-protobuf-ports
Add the source and destination ports to the protobuf msg
Otto Moerbeek [Wed, 15 Jan 2020 07:57:45 +0000 (08:57 +0100)]
secpoll
Remi Gacogne [Tue, 14 Jan 2020 15:26:23 +0000 (16:26 +0100)]
rec: Fix the evaluation order for filtering policies (RPZ)
Since
272e9a0034e8c5ea29d1ab7d24630424f178e926 we scanned all policies
for an exact match before looking for wildcard matches. It brokes
the promise that filtering policies are evaluated in the order they
are defined.
Pieter Lexis [Tue, 14 Jan 2020 13:59:23 +0000 (14:59 +0100)]
remote: Support ::alsoNotifies
Remi Gacogne [Tue, 14 Jan 2020 09:13:46 +0000 (10:13 +0100)]
Handle source and destination ports in the sample protobuf logger
Remi Gacogne [Tue, 14 Jan 2020 09:12:57 +0000 (10:12 +0100)]
rec: Add the source port to protobuf messages for incoming queries
Otto Moerbeek [Tue, 14 Jan 2020 10:14:59 +0000 (11:14 +0100)]
Prepare for recursor 4.3.0-beta2 release
Remi Gacogne [Tue, 14 Jan 2020 09:12:18 +0000 (10:12 +0100)]
dnsdist: Add the source and destination ports to the protobuf msg
Otto Moerbeek [Mon, 13 Jan 2020 08:48:12 +0000 (09:48 +0100)]
Fix ./syncres.hh:228:20: warning: initialized lambda captures are a C++14 extension
Remi Gacogne [Mon, 13 Jan 2020 08:39:48 +0000 (09:39 +0100)]
Merge pull request #8690 from horazont/feature/docs-typos
Fix various minor typos in the docs
Otto Moerbeek [Mon, 13 Jan 2020 07:01:40 +0000 (08:01 +0100)]
Merge pull request #8665 from rgacogne/rec-nsec3-optout-ad
rec: An Opt-Out NSEC3 RR only proves that there is no secure delegation
Jonas Schäfer [Sun, 12 Jan 2020 09:59:49 +0000 (10:59 +0100)]
Improve checkFunction example for downstreams guide
The check function was defined, but not used, making the example
slightly confusing as to how to use it correctly.
Jonas Schäfer [Sun, 12 Jan 2020 09:58:58 +0000 (10:58 +0100)]
Add paragraph break in load balancer guide
I think this improves readability.
Jonas Schäfer [Sun, 12 Jan 2020 09:58:36 +0000 (10:58 +0100)]
Add missing colons in front of :func: reference
Fixes rendering errors on the load balancer guide page.
Otto Moerbeek [Fri, 10 Jan 2020 11:30:37 +0000 (12:30 +0100)]
Give an explcit messsage if something is wrong with socket-dir.
Otto Moerbeek [Fri, 10 Jan 2020 08:45:55 +0000 (09:45 +0100)]
Merge pull request #8684 from costypetrisor/fix-dont-throttle-settings
parsing `dont-throttle-names` and `dont-throttle-netmasks` as comma separated lists
Costy Petrisor [Thu, 9 Jan 2020 10:56:16 +0000 (10:56 +0000)]
parsing `dont-throttle-names` and `dont-throttle-netmasks` as comma separated lists
Remi Gacogne [Wed, 8 Jan 2020 17:10:22 +0000 (18:10 +0100)]
auth: Update the regression tests with the newly introduced metrics
Remi Gacogne [Wed, 8 Jan 2020 15:54:08 +0000 (16:54 +0100)]
auth: Add metrics about the size of our in-memory rings
Remi Gacogne [Wed, 8 Jan 2020 14:32:25 +0000 (15:32 +0100)]
auth: Make it clearer that records are never altered, only replaced
Otto Moerbeek [Tue, 7 Jan 2020 13:31:42 +0000 (14:31 +0100)]
Merge pull request #8647 from omoerbeek/rec-more-max-qperq
rec: Bump max-qperq default to 60
Otto Moerbeek [Tue, 7 Jan 2020 11:31:22 +0000 (12:31 +0100)]
correct cast
Co-Authored-By: Remi Gacogne <rgacogne@users.noreply.github.com>
Otto Moerbeek [Tue, 7 Jan 2020 11:23:09 +0000 (12:23 +0100)]
Merge pull request #8639 from captainark/rec-postinst
rec: debian postinst / do not fail on user creation if it already exists
Otto Moerbeek [Tue, 7 Jan 2020 11:13:01 +0000 (12:13 +0100)]
Slightly different approach as suggested by rgacogne: if
qname-minimization is active, force maxqperq to be >= 100.
Otto Moerbeek [Tue, 7 Jan 2020 09:28:40 +0000 (10:28 +0100)]
Merge pull request #8640 from tjikkun/gcc10
Fix build with gcc-10
Otto Moerbeek [Tue, 7 Jan 2020 09:27:17 +0000 (10:27 +0100)]
Merge pull request #8672 from omoerbeek/sdig-stdin-is-define
sdig: Fix compilation on OpenBSD where stdin is a define
Remi Gacogne [Tue, 7 Jan 2020 09:24:54 +0000 (10:24 +0100)]
Merge pull request #8671 from omoerbeek/backport-8632-to-rec-4.3.x
rec: backport to 4.3.x: dnsdist: Require Python libnacl < 1.7
Otto Moerbeek [Tue, 7 Jan 2020 09:24:18 +0000 (10:24 +0100)]
Fix compilation on OpenBSD where stdin is a define
Remi Gacogne [Fri, 13 Dec 2019 10:16:20 +0000 (11:16 +0100)]
dnsdist: Require Python libnacl < 1.7
Otherwise we need libsodium >= 1.0.12 (required by this change:
https://github.com/saltstack/libnacl/commit/
8c8b2f8bc05a5b67f39acf9a6bc0bef6fa839166
) and we don't have it in Trusty, which we still use in Travis.
(cherry picked from commit
1f474f69cc45af37646513618badd7bfa06741fd )
Otto Moerbeek [Tue, 7 Jan 2020 07:35:24 +0000 (08:35 +0100)]
Set default maxqperq to 60, and allow for extra if qname-minimization is on.
Remi Gacogne [Mon, 6 Jan 2020 16:14:32 +0000 (17:14 +0100)]
Merge pull request #8567 from rgacogne/ddist-bounded-chash
dnsdist: Add bounded loads to the consistent hashing policy
Otto Moerbeek [Mon, 6 Jan 2020 16:07:08 +0000 (17:07 +0100)]
Merge pull request #8667 from omoerbeek/rec-unittest-for-pr-8648
rec: Introduce test for PR 8648.
Otto Moerbeek [Mon, 6 Jan 2020 14:04:25 +0000 (15:04 +0100)]
Introduce test for PR 8648.
While there, explicitly init qname-minimization in test-syncres to
false. The current code gave the impression it was turned on by
default for unit tests. We have a lot of test that count queries,
and that is highly depedent on qname minimization being on or off.
Remi Gacogne [Mon, 6 Jan 2020 08:55:20 +0000 (09:55 +0100)]
Merge pull request #8654 from phonedph1/logresp
dnsdist: LogResponseAction
Remi Gacogne [Mon, 6 Jan 2020 08:54:08 +0000 (09:54 +0100)]
Merge pull request #8650 from spheron1/master
Fix trusted-notification-proxy port
Remi Gacogne [Mon, 6 Jan 2020 08:53:43 +0000 (09:53 +0100)]
Merge pull request #8658 from rgacogne/ddist-doc-typos
dnsdist: Fix a few typos in the documentation
Remi Gacogne [Thu, 2 Jan 2020 10:52:14 +0000 (11:52 +0100)]
rec: An Opt-Out NSEC3 RR only proves that there is no secure delegation
Remi Gacogne [Thu, 2 Jan 2020 08:24:43 +0000 (09:24 +0100)]
Merge pull request #8662 from rgacogne/ddist-default-tls-provider
dnsdist: Display the correct DoT provider
Remi Gacogne [Tue, 31 Dec 2019 10:15:32 +0000 (11:15 +0100)]
dnsdist: Display the correct DoT provider
Remi Gacogne [Tue, 31 Dec 2019 10:09:45 +0000 (11:09 +0100)]
Merge pull request #8649 from rgacogne/auth-tsig-keys-8645
auth: Clear the TSIG algo between iterations in the API
Remi Gacogne [Tue, 24 Dec 2019 15:27:23 +0000 (16:27 +0100)]
auth: Make DNSSECKeeper::clear{All,}Caches() static
Remi Gacogne [Tue, 24 Dec 2019 15:23:17 +0000 (16:23 +0100)]
dnsdist: Fix a few typos in the documentation