]>
git.ipfire.org Git - thirdparty/pdns.git/log
aerique [Tue, 6 Nov 2018 14:29:34 +0000 (15:29 +0100)]
Merge pull request #7152 from aerique/rec40-sec-201810
Pieter Lexis [Wed, 31 Oct 2018 22:16:34 +0000 (23:16 +0100)]
Merge pull request #7123 from pieterlexis/rec-40-el6-pkg-fix
Pieter Lexis [Wed, 31 Oct 2018 16:22:26 +0000 (17:22 +0100)]
rec 4.0 el6: switch to devtoolset-7
Remi Gacogne [Thu, 20 Sep 2018 12:46:11 +0000 (14:46 +0200)]
rec: Keep the EDNS status of a server on FormErr with EDNS
Note that the choice of DNAME in the unit test is an arbitrary
choice, we could even have used A here.
(cherry picked from commit
6fb756b6cd49d61eacf7865ce48d0edb62730710 )
(cherry picked from commit
e8cc6a136087c5ede35f55b3a67902dcb0030165 )
Remi Gacogne [Wed, 12 Sep 2018 14:12:46 +0000 (16:12 +0200)]
rec: Refuse queries for rfc6895 section 3.1 meta types
(cherry picked from commit
ab1b5574d15a62e67a133828fc98502de830842c )
(cherry picked from commit
834b326fb0ebda4622360a0e0c40888e6dceb946 )
Remi Gacogne [Thu, 23 Aug 2018 14:21:39 +0000 (16:21 +0200)]
Do full packet comparison in the packet caches in addition to the hash
(cherry picked from commit
c407246da8addf5443c3ac79c692917c3f7b3f35 )
Remi Gacogne [Wed, 23 May 2018 08:35:17 +0000 (10:35 +0200)]
Allocate DNSRecord objects as smart pointers right away
(cherry picked from commit
1339125af5afe6d6ecfe0a500c5fdc76d790459d )
(cherry picked from commit
79c712a3b7a436a0f1bd238e5c3f26df5c55c364 )
Remi Gacogne [Tue, 9 Oct 2018 12:42:06 +0000 (14:42 +0200)]
Merge pull request #7045 from rgacogne/rec40-backport-6376
Pieter Lexis [Wed, 21 Mar 2018 12:00:22 +0000 (13:00 +0100)]
tests: lower dnsbulktest threshold in travis
(cherry picked from commit
280c2f89caaa1726fd02e6315e26f7b683ed6781 )
Remi Gacogne [Fri, 24 Aug 2018 12:22:50 +0000 (14:22 +0200)]
Merge pull request #6878 from Habbie/rec-4.0.x-json-sorting
Peter van Dijk [Sun, 4 Mar 2018 21:24:23 +0000 (22:24 +0100)]
make travis happy about new json sorting?
(cherry picked from commit
c91df3a1425e507b08c5410196833eb80672eab6 )
(cherry picked from commit
f46ec63507517c346fa304c918753007c7c8570a )
Peter van Dijk [Tue, 27 Feb 2018 21:11:12 +0000 (22:11 +0100)]
test: fix comments-in-forward-zones-file sorting?
(cherry picked from commit
ffc999e4a6feb44e8a558049e313b9d676e2c71a )
(cherry picked from commit
a6a1a3b30f40495e12fc834a66661f760ffe2efa )
Remi Gacogne [Fri, 24 Aug 2018 10:22:15 +0000 (12:22 +0200)]
Merge pull request #6875 from rgacogne/rec40-thel-backport
Peter van Dijk [Thu, 10 May 2018 11:42:44 +0000 (13:42 +0200)]
reorder includes to avoid Boost L conflict
(cherry picked from commit
dad05827243a837acbe29d68b6f5a68f47f5889f )
Remi Gacogne [Fri, 5 Jan 2018 09:12:35 +0000 (10:12 +0100)]
Merge pull request #6141 from Habbie/4.0.x-travis-jan2018
Aki Tuomi [Fri, 7 Jul 2017 15:46:47 +0000 (18:46 +0300)]
fix recursor prequery scripts
(cherry picked from commit
c1feb3a819ac425fe535d8c21c0d0f79c6fbf069 )
Peter van Dijk [Thu, 4 Jan 2018 14:13:01 +0000 (15:13 +0100)]
install lua-posix
aerique [Mon, 11 Dec 2017 10:13:50 +0000 (11:13 +0100)]
Merge pull request #6082 from rgacogne/rec40-skip-cache-not-in
Remi Gacogne [Wed, 29 Nov 2017 14:26:12 +0000 (15:26 +0100)]
rec: Don't process records for another class than IN
Remi Gacogne [Wed, 29 Nov 2017 14:20:02 +0000 (15:20 +0100)]
rec: Use getRR<T>() instead of directly using a dynamic cast
Peter van Dijk [Thu, 30 Nov 2017 16:08:21 +0000 (17:08 +0100)]
Merge pull request #6014 from aerique/backport/5930-secpoll-order-agnostic
bert hubert [Wed, 8 Nov 2017 14:57:05 +0000 (15:57 +0100)]
catch all exceptions coming from secpoll, this was a regression of this PR
(cherry picked from commit
47e9b74f9ee097b9bdc029c21c9edfb2f7532102 )
bert hubert [Wed, 8 Nov 2017 14:33:45 +0000 (15:33 +0100)]
in the recursor secpoll code, we ASSumed the TXT record would be the first record we received. Sometimes it was the RRSIG, leading to a silent error, and no secpoll check. Fixed the assumption, added an error.
(cherry picked from commit
581d4ea357effe5b7d61da8cd46cec6ed9cb132e )
aerique [Mon, 27 Nov 2017 08:38:53 +0000 (09:38 +0100)]
Merge pull request #5995 from rgacogne/rec-4.0.x-201711
Remi Gacogne [Wed, 11 Oct 2017 13:28:04 +0000 (15:28 +0200)]
Fix a memory leak when loading an RSA key with an invalid modulus
(cherry picked from commit
5917fffa4864cb3256a40aa03f63d69513e379f3 )
Remi Gacogne [Thu, 13 Jul 2017 14:22:30 +0000 (16:22 +0200)]
Don't leak when the loading a public ECDSA key fails
(cherry picked from commit
5a23b49d6faf7d0d844be0c7bb0ec422733a131f )
Remi Gacogne [Mon, 17 Jul 2017 17:21:01 +0000 (19:21 +0200)]
rec: Sanitize values received from the API before writing them to the conf
(cherry picked from commit
4aabe3c257ecb6d66099b07a7f639dd825b6bd04 )
Remi Gacogne [Fri, 11 Aug 2017 14:51:10 +0000 (16:51 +0200)]
rec: Fix XSS in the web interface
(cherry picked from commit
2d801e832ed07dbbcbe9aa9bb6cca99c077916bf )
Remi Gacogne [Fri, 18 Aug 2017 10:32:51 +0000 (12:32 +0200)]
rec: Guard against out-of-bailiwick signatures
Similar issue to the one fixed in Knot Resolver 1.3.3:
https://gitlab.labs.nic.cz/knot/knot-resolver/commit/
d7d7cae5a339ec4b0a280184af3a46d89c08bc09
Remi Gacogne [Sat, 25 Nov 2017 23:14:52 +0000 (00:14 +0100)]
Merge pull request #5989 from Habbie/4.0.x-5955
Peter van Dijk [Tue, 14 Nov 2017 09:17:58 +0000 (10:17 +0100)]
Backport #5955: recent Apple Xcode headers need this
reference: https://github.com/arvidn/libtorrent/issues/2364#issuecomment-
336175406
(cherry picked from commit
e201675a3aa63712f8d08c27f2cedc10873b8f4c )
aerique [Thu, 23 Nov 2017 11:23:29 +0000 (12:23 +0100)]
Merge pull request #5952 from rgacogne/rec407-backports
Remi Gacogne [Tue, 21 Nov 2017 10:41:46 +0000 (11:41 +0100)]
Backport #5498
Remi Gacogne [Tue, 21 Nov 2017 10:41:11 +0000 (11:41 +0100)]
Backport #5961
Jake Reynolds [Wed, 15 Nov 2017 14:59:43 +0000 (14:59 +0000)]
Edit configname to include the 'config-name' argument
(cherry picked from commit
3e63da83fde2d98ed0739578f7171aa4e70a6f32 )
Kees Monshouwer [Wed, 25 Oct 2017 23:06:54 +0000 (01:06 +0200)]
replace depricated botan.h include
(cherry picked from commit
00f1924bb1900e8c6eab1bd0fe03ff21d41f38eb )
Kees Monshouwer [Wed, 25 Oct 2017 20:43:35 +0000 (22:43 +0200)]
drop botan 1.x support
(cherry picked from commit
e11963ce69059d1fa47e92927ed48bd744b95348 )
Remi Gacogne [Wed, 5 Jul 2017 10:02:17 +0000 (12:02 +0200)]
travis: Build the rec with Botan and libsodium
(cherry picked from commit
18a93d3812bfbf2e2dbc9b6353e3619d626283fd )
Remi Gacogne [Tue, 4 Jul 2017 19:59:00 +0000 (21:59 +0200)]
Add support for Botan 2.x
Initial testing indicates that both 2.0.1 and 2.1.0 work fine,
but signature is 10 times slower with 2.1.0, apparently due to
blinding (callgrind reports a lot of CPU spent in the `RNG`).
(cherry picked from commit
13f34f2e0ccff514cbd5f9ec076c220473da347a )
Remi Gacogne [Mon, 13 Nov 2017 17:06:04 +0000 (18:06 +0100)]
Backport #5921
Remi Gacogne [Mon, 13 Nov 2017 17:05:57 +0000 (18:05 +0100)]
Backport #5762
Remi Gacogne [Mon, 13 Nov 2017 17:05:53 +0000 (18:05 +0100)]
Backport #5739
Remi Gacogne [Mon, 13 Nov 2017 17:05:44 +0000 (18:05 +0100)]
Backport #5599
Remi Gacogne [Mon, 13 Nov 2017 17:05:40 +0000 (18:05 +0100)]
Backport #5598
Remi Gacogne [Mon, 13 Nov 2017 17:05:34 +0000 (18:05 +0100)]
Backport #5525
Remi Gacogne [Mon, 13 Nov 2017 17:05:30 +0000 (18:05 +0100)]
Backport #5523
Remi Gacogne [Mon, 13 Nov 2017 17:05:25 +0000 (18:05 +0100)]
Backport #5488
Remi Gacogne [Mon, 13 Nov 2017 17:05:21 +0000 (18:05 +0100)]
Backport #5406
Remi Gacogne [Mon, 13 Nov 2017 17:05:16 +0000 (18:05 +0100)]
Backport #5320
Remi Gacogne [Mon, 13 Nov 2017 17:05:12 +0000 (18:05 +0100)]
Backport #5261
Remi Gacogne [Mon, 13 Nov 2017 17:05:08 +0000 (18:05 +0100)]
Backport #5078
Remi Gacogne [Mon, 13 Nov 2017 17:05:03 +0000 (18:05 +0100)]
Backport #4960
Remi Gacogne [Mon, 13 Nov 2017 17:04:59 +0000 (18:04 +0100)]
Backport #4824
Remi Gacogne [Mon, 13 Nov 2017 17:04:55 +0000 (18:04 +0100)]
Backport #4646
Remi Gacogne [Mon, 13 Nov 2017 17:04:47 +0000 (18:04 +0100)]
Backport #4561
Remi Gacogne [Mon, 17 Jul 2017 08:29:45 +0000 (10:29 +0200)]
rec: Fix validation at the exact RRSIG inception or expiration time
Reported by Petr Špaček of cz.nic (thanks!).
(cherry picked from commit
179b340d522e36a65e799b048dcdae85c0237fdc )
Remi Gacogne [Tue, 7 Nov 2017 10:40:30 +0000 (11:40 +0100)]
rec: Don't retry security polling too often when it fails
(cherry picked from commit
491d5d97c907be9619910ee22646c8da911d0256 )
Pieter Lexis [Thu, 22 Jun 2017 09:51:08 +0000 (11:51 +0200)]
Rec: create socket-dir from init-script
Closes #5439
(cherry picked from commit
a64a65ba698044926c1bdf9d9fad4a4130c82012 )
Remi Gacogne [Wed, 27 Sep 2017 14:24:39 +0000 (16:24 +0200)]
rec: Remove pdns.PASS and pdns.TRUNCATE
Those values are not documented in a recursor context, and does not
work as expected since `pdns.PASS` resulted in an immediate `ServFail`
and `pdns.TRUNCATE` in a strange status code being sent (showing
up as `RESERVED13` in `dig`).
(cherry picked from commit
9cdfab64ac1750ac234a5b5efa4eba6cabc30257 )
Pieter Lexis [Fri, 11 Aug 2017 12:37:01 +0000 (14:37 +0200)]
Fix libatomic detection on ppc64
Thanks @tjikkun!
Closes #5456
(cherry picked from commit
b16f46605d86a62e4f37bc1e2caab0c52fa9f75c )
Pieter Lexis [Fri, 11 Aug 2017 11:54:21 +0000 (13:54 +0200)]
Add help text on autodetecting systemd support
Closes #5524
(cherry picked from commit
56d30a9c8a1c1754b478de79e823e015e103b5b0 )
Ruben Kerkhof [Fri, 14 Jul 2017 17:55:53 +0000 (19:55 +0200)]
Fix typo in two log messages
(cherry picked from commit
59d26fc8d63fd2ff924be2fa5b3bda3699081914 )
Remi Gacogne [Mon, 3 Jul 2017 11:04:58 +0000 (13:04 +0200)]
rec: Only increase `no-packet-error` on the first read
We try to read as many messages as possible after being woken up,
but only the first read can count as a no-packet error.
(cherry picked from commit
390f1dab05bbbb5d9ba2782e89600ca62c4bec14 )
Remi Gacogne [Wed, 14 Jun 2017 16:16:26 +0000 (18:16 +0200)]
rec: Make more specific Netmask < to less specific ones
Having the most specific ones first, then the less specific ones
then the empty one makes it easier to match the most specific first.
(cherry picked from commit
a009559d3bc4d648edc3b5fff062b622bbde2389 )
bert hubert [Fri, 12 May 2017 19:25:16 +0000 (21:25 +0200)]
Together with Mukund Sivaraman we found out PowerDNS sdig does not truncate
trailing bits of EDNS Client Subnet mask. So if you'd truncate something as
a /9, we'd have to use 2 bytes anyhow, but we would not zero the last 7 bits.
We do now. Thanks Mukund & ISC!
(cherry picked from commit
d7da15c560946cadaadfc173b8964dd6b40932ed )
Patrick Cloke [Sun, 23 Apr 2017 13:11:12 +0000 (09:11 -0400)]
get-remote-ring's "other" report should only have two items.
(cherry picked from commit
d6dcfe36c0d2bb5563322ec90167b5bd4e9efb6b )
Pieter Lexis [Thu, 23 Feb 2017 10:08:16 +0000 (11:08 +0100)]
Throw an error when lua-conf-file can't be loaded
This ensures we cannot start up if the file is unreadable.
Closes #4939
(cherry picked from commit
0f5785a6c441b043564f3ba26a39145aee74b1c2 )
Christian Hofstaedtler [Tue, 31 Jan 2017 11:13:47 +0000 (12:13 +0100)]
recursor: use explicit yes for default-enabled settings
(cherry picked from commit
e498dac1aa762f2ace690e1e7a1631f9611096b6 )
Pieter Lexis [Thu, 29 Dec 2016 17:01:30 +0000 (18:01 +0100)]
Check in the detected OpenSSL/libcrypto for ECDSA
We used to 'just' use the default includes for this detection.
Fixes #4680
(cherry picked from commit
2a4c374451d50e240872cc9907b69c2d2464f2cc )
Peter van Dijk [Fri, 28 Oct 2016 13:31:53 +0000 (15:31 +0200)]
extract nested exception from Luawrapper
Before:
Oct 28 15:30:34 STL error (www.foobar.com/A from 127.0.0.1): Exception thrown by a callback function called by Lua
After:
Oct 28 15:30:34 STL error (www.foobar.com/A from 127.0.0.1): Exception thrown by a callback function called by Lua. Extra info: Found . in wrong position in DNSName www.foobar.com..internal
reported by @elad, thanks!
(cherry picked from commit
068c763422b5830dc15598089f7760e79f5bdf81 )
Winfried Angele [Wed, 12 Oct 2016 12:08:02 +0000 (14:08 +0200)]
Update rec_control.1.md
(cherry picked from commit
2c04bf0c18f5e32ff498529162e71982bd3333bf )
Pieter Lexis [Wed, 25 Oct 2017 13:45:34 +0000 (15:45 +0200)]
Merge pull request #5843 from Habbie/b-root-4.0.x
Peter van Dijk [Wed, 25 Oct 2017 11:11:10 +0000 (13:11 +0200)]
b.root renumbering, effective 2017-10-24
Pieter Lexis [Mon, 16 Oct 2017 15:56:15 +0000 (17:56 +0200)]
Merge pull request #5765 from pieterlexis/rec-40-lowercase-outgoing-all-the-things
Pieter Lexis [Mon, 16 Oct 2017 11:04:43 +0000 (13:04 +0200)]
Merge pull request #5726 from pieterlexis/auth-406-per-cut-validation
Remi Gacogne [Wed, 11 Oct 2017 16:11:53 +0000 (18:11 +0200)]
Merge pull request #5812 from rgacogne/rec40-travis-encrypt-channel
Remi Gacogne [Mon, 9 Oct 2017 08:46:59 +0000 (10:46 +0200)]
Encrypt the IRC channel name so notifications are not sent for forks
(cherry picked from commit
f4614876f16ac3223786b26b18a4386045102f09 )
Remi Gacogne [Wed, 11 Oct 2017 15:23:10 +0000 (17:23 +0200)]
Merge pull request #5813 from rgacogne/rec40-backport-5755
bert hubert [Mon, 2 Oct 2017 07:27:03 +0000 (09:27 +0200)]
we actually resolve 98% by new definition, so can affort upping threshold from 90 to 95%.
(cherry picked from commit
9fb6940f8b1c96c735af3856976ea7a7bc92d3d8 )
bert hubert [Fri, 29 Sep 2017 20:40:53 +0000 (22:40 +0200)]
Improve dnsbulktest experience in travis for more robustness
This commit changes our dnsbulktest source from Alexa to Cisco Umbrella, but this turned out not to be as important as we thought.
In addition, it turns out we had been installing pdns-tools incorrectly because of wrong apt-settings. We now install pdns-tools from the master repo at repo.powerdns.com
This commit also tunes pdns_recursor to use less simultaneous outbound connections during testing, which appears to make Travis NAT happier, leading to less errors.
Finally, we use new features of dnsbulktest to extract more statistics for how well we are doing. Success is now dependent on errors and timeouts, and less on NXDOMAIN.
(cherry picked from commit
8a27076c38e2d399204d41928374e1bb9c45969c )
Pieter Lexis [Tue, 12 Sep 2017 10:28:33 +0000 (12:28 +0200)]
Allow no-EDNS fallback when DNSSEC is needed
Pieter Lexis [Tue, 12 Sep 2017 10:28:19 +0000 (12:28 +0200)]
Stop DNSSEC processing at Insecure
Pieter Lexis [Thu, 28 Sep 2017 11:13:13 +0000 (13:13 +0200)]
Lowercase all outgoing qnames when lowercase-outgoing is set
aerique [Thu, 7 Sep 2017 12:52:56 +0000 (14:52 +0200)]
Merge pull request #5676 from aerique/feature/update-copryright-year-rec-4.0.x
Pieter Lexis [Thu, 16 Feb 2017 13:08:40 +0000 (14:08 +0100)]
Update copyright year in publicly visible output and files
(cherry picked from commit
ff8f70b800e8b81a6d97c2d2568483d03228df2a )
Remi Gacogne [Tue, 22 Aug 2017 08:41:39 +0000 (10:41 +0200)]
Merge pull request #5627 from rgacogne/rec40-remove-syncres-unit-tests
Remi Gacogne [Mon, 21 Aug 2017 08:02:57 +0000 (10:02 +0200)]
Merge pull request #5629 from rgacogne/rec40-travis-build-dir
Remi Gacogne [Wed, 8 Feb 2017 14:33:57 +0000 (15:33 +0100)]
Use `${TRAVIS_BUILD_DIR}` instead of assuming the repo is in `pdns`
Thus avoiding issues when/if the repository is cloned with a different
name.
(cherry picked from commit
1e0253cad96199647f92ef4fa8230f614637e80c )
Remi Gacogne [Fri, 18 Aug 2017 10:37:26 +0000 (12:37 +0200)]
rec: Remove the SyncRes unit tests from the 4.0 branch
test-syncres_cc.cc is not used and was added by mistake in a commit
backporting IXFR tests:
c8f3468f102a4ab17ea1b5a9f408ce2bad3ddeab
Remi Gacogne [Mon, 14 Aug 2017 12:43:59 +0000 (14:43 +0200)]
Merge pull request #5608 from rgacogne/rec40-cache-inttypes
Remi Gacogne [Mon, 14 Aug 2017 10:37:58 +0000 (12:37 +0200)]
rec: Add missing cinttypes include for PRId64
Remi Gacogne [Mon, 14 Aug 2017 08:14:11 +0000 (10:14 +0200)]
Merge pull request #5596 from pieterlexis/rec-dump-rrsigs-from-cache
Pieter Lexis [Mon, 17 Jul 2017 12:14:29 +0000 (14:14 +0200)]
rec: Show auth state recursor cache dump
cherry-picked from commit
ea9831c08f4c54514006efc1c61990963b10080f
Pieter Lexis [Mon, 10 Jul 2017 11:29:49 +0000 (13:29 +0200)]
rec: Dump RRSIGs from record cache
Peter van Dijk [Tue, 4 Jul 2017 13:09:41 +0000 (15:09 +0200)]
Merge pull request #5415 from rgacogne/rec40-ecs-fixes
Remi Gacogne [Wed, 14 Jun 2017 11:31:18 +0000 (13:31 +0200)]
rec: Use the incoming ECS for cache lookup if `use-incoming-edns-subnet` is set
Otherwise we insert into the cache based on the incoming ECS but
later do the lookup based on the query's source IP.
(cherry picked from commit
5736e55e0d2d8cd9a064b8377e87d08a540cb1b1 )
Remi Gacogne [Thu, 15 Jun 2017 14:36:52 +0000 (16:36 +0200)]
Add more tests to the Netmask unit tests
Additional tests:
* getBits()
* isIpv4()
* isIPv6()
* getNetwork()
* getMaskedNetwork()
* check that Netmasks constructed from ComboAddresses with different
ports match
(cherry picked from commit
7f3e6acd659a9fee8ed027e7abe99ea77b3ee691 )
bert hubert [Thu, 15 Jun 2017 01:14:01 +0000 (03:14 +0200)]
when making a netmask from a comboaddress, we neglected to zero the port. This could lead to a proliferation of netmasks.
(cherry picked from commit
0bdabe94e6fd873455d34b88f8954d8cc6034a72 )
Remi Gacogne [Fri, 2 Jun 2017 11:52:00 +0000 (13:52 +0200)]
rec: Don't take the initial ECS source for a scope one if EDNS is off
(cherry picked from commit
fe61f5d87871b56a17612c5a8334a84391f0d962 )
bert hubert [Wed, 14 Jun 2017 06:35:53 +0000 (08:35 +0200)]
with this, EDNS Client Subnet becomes compatible with the packet cache, using the existing variable answer facility.
(cherry picked from commit
8bec43b3a28df7d31a4bb464dd043d7ec9caeab0 )
projects / thirdparty / pdns.git / log
