]>
git.ipfire.org Git - thirdparty/pdns.git/log
Otto Moerbeek [Tue, 13 Oct 2020 09:21:47 +0000 (11:21 +0200)]
Merge pull request #9601 from omoerbeek/rec-backport-to-4.1.x-sec-2020-07
Otto Moerbeek [Mon, 12 Oct 2020 08:08:08 +0000 (10:08 +0200)]
Backport of CVE-2020-25829 (any-cache-update) to 4.1.x
Otto Moerbeek [Tue, 30 Jun 2020 14:00:30 +0000 (16:00 +0200)]
Merge pull request #9283 from omoerbeek/rec-acl-backport-to-4.1.x
Otto Moerbeek [Tue, 30 Jun 2020 11:46:54 +0000 (13:46 +0200)]
Backport of acl check to 4.1.x
Remi Gacogne [Tue, 2 Jun 2020 08:58:07 +0000 (10:58 +0200)]
Merge pull request #9129 from rgacogne/rec41-fix-gethostname-no-hostnamemax
Sander Hoentjen [Mon, 16 Dec 2019 21:44:43 +0000 (22:44 +0100)]
Fix build with gcc-10
From an e-mail from Jeff Law <law@redhat.com>:
Subject: Minor problem in pdns, dnsdist and pdns-recursor packages in Fedora
[ All three packages have embedded copies of the same problematic code
and the same patch fixes all three. ]
Red Hat's compiler team continues to try and be proactive in identifying
issues that will arise as a result of the introduction of a new GCC
release into Fedora each spring.
You're being contacted because a package you maintain in Fedora is going
to fail to build with gcc-10 in the spring. Yes, I know that's a few
months away, but it's far easier to fix this stuff proactively now than
wait.
Fixing it now also means that your package will continue to be built
with testing versions of gcc-10 as we proceed through the development
process thus allowing additional issues to be caught early.
Your particular package will fail due to an uninstantiated template for
AsyncLoader<Request>. These kinds of problems are relatively common due to
changes in the tuning of the inliner for gcc-10:
> BUILDSTDERR: /usr/bin/ld: webserver.o: in function `WebServer::serveConnection(std::shared_ptr<Socket>) const':
> BUILDSTDERR: /builddir/build/BUILD/pdns-4.2.1/pdns/webserver.cc:373: undefined reference to `YaHTTP::AsyncLoader<YaHTTP::Request>::feed(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&)'
> BUILDSTDERR: collect2: error: ld returned 1 exit status
> BUILDSTDERR: make[3]: *** [Makefile:2751: ixfrdist] Error 1
>
The attached patch arranges for an instance to be instantiated when
compiling reqresp.cpp and is sufficient to fix this problem. The
choice of reqresp.cpp fairly arbitrary IIRC.
Ideally you'll with upstream to get this fixed, but a Fedora patch is
clearly OK as well. I'll install the attached fix into Fedora in a
week or so if I haven't heard from you.
Jeff
(cherry picked from commit
ffb885e937c27bb1c62dee8f18c58ae0d5d52d39 )
Remi Gacogne [Tue, 19 May 2020 14:46:33 +0000 (16:46 +0200)]
Fix compilation on systems that do not define HOST_NAME_MAX
On FreeBSD at least, HOST_NAME_MAX is not defined and we need to
use sysconf() to get the value at runtime instead.
Based on a work done by @RvdE to make the recursor compile on
FreeBSD (many thanks!).
(cherry picked from commit
4c990a1b82e091d887d873c7da5254de84aabebb )
(cherry picked from commit
5c21b47fbc35ddcb8d939eb8541c6c3bad1080a8 )
(cherry picked from commit
d53b465c08ba7c9e9769c52424d9b1c610d5e1dc )
Remi Gacogne [Mon, 25 May 2020 14:07:33 +0000 (16:07 +0200)]
Merge pull request #9147 from rgacogne/rec41-travis-unbreak-trusty-spellcheck
Josh Soref [Tue, 19 May 2020 17:10:37 +0000 (13:10 -0400)]
Suppress PR based spell check
(cherry picked from commit
16f3f8060ece690049dbf8059cf2f5a2bcc21bc2 )
Peter van Dijk [Mon, 25 May 2020 08:27:01 +0000 (10:27 +0200)]
travis: install pdns package from direct download
(cherry picked from commit
b5b83152b5a56b8095ab0d713a31c3ab5d1ec25b )
Pieter Lexis [Tue, 19 May 2020 08:49:42 +0000 (10:49 +0200)]
Merge pull request #9117 from pieterlexis/rec-4.1.x-may-2020
Remi Gacogne [Mon, 27 Apr 2020 14:48:16 +0000 (16:48 +0200)]
Don't read potentially uninitalized memory if gethostname() failed
If the buffer is smaller than `HOST_NAME_MAX` (64 on Linux but up to
255 bytes in POSIX, which FreeBSD, MacOS etc honor) gethostname()
might return -1 without null-terminating the buffer, causing an
out-of-bounds read.
As we look for the first '.' using `strchr()`, replacing it with a
null byte, we also have a one-byte out-of-bounds write which might
result in a crash or, albeit very unlikely, arbitrary code execution.
(cherry picked from commit
aac6348d56f6f3fdba9dd2455ef06081da507c14 )
(cherry picked from commit
be93bc7da4caddc5a6c84fa7b42e82592e9add49 )
Remi Gacogne [Mon, 27 Apr 2020 12:46:20 +0000 (14:46 +0200)]
rec: Fix DNSSEC validation of completely empty NXDomain answers
If the answer has no SOA and no NSEC inside a DNSSEC-secure zone,
we should go Bogus.
(cherry picked from commit
4d0c0a1002645955d22b5aaaca5a122fa21dff95 )
Remi Gacogne [Wed, 25 Mar 2020 13:15:59 +0000 (14:15 +0100)]
rec: Don't crash on a duplicate RPZ entry received over XFR
Otto Moerbeek [Mon, 23 Mar 2020 14:37:13 +0000 (15:37 +0100)]
rec: backport to 4.1.x: Limit the number of queries sent out to get NS addresses per query
Otto Moerbeek [Wed, 26 Feb 2020 17:13:48 +0000 (18:13 +0100)]
Merge pull request #8868 from omoerbeek/backport-8864
Remi Gacogne [Wed, 26 Feb 2020 10:18:35 +0000 (11:18 +0100)]
rec: Only log qname parsing errors when 'log-common-errors' is set
(cherry picked from commit
4b4566e8d28ff3b18152213e8c8666aa643f8eb9 )
Peter van Dijk [Wed, 12 Feb 2020 19:36:12 +0000 (20:36 +0100)]
Merge pull request #8809 from Habbie/rel-rec-4.1.x-pydeps
Peter van Dijk [Tue, 11 Feb 2020 11:31:31 +0000 (12:31 +0100)]
limit python deps to stuff that still works on py2
Otto Moerbeek [Wed, 29 Jan 2020 09:22:46 +0000 (10:22 +0100)]
Merge pull request #8753 from omoerbeek/backport-8740-to-rec-4.1.x
Pieter Lexis [Wed, 22 Jan 2020 15:03:59 +0000 (16:03 +0100)]
Update boost.m4
This detects boost::context on boost version 1.61 through 1.65 correctly
(cherry picked from commit
c54133a4abccd7228b6898af5cb7b684c6225e97 )
Otto Moerbeek [Wed, 27 Nov 2019 13:31:56 +0000 (14:31 +0100)]
Merge pull request #8554 from omoerbeek/backport-8525-to-rec-4.1.x
Otto Moerbeek [Tue, 19 Nov 2019 10:49:49 +0000 (10:49 +0000)]
Fix merge errors
Otto Moerbeek [Tue, 19 Nov 2019 09:03:17 +0000 (10:03 +0100)]
Avoid looking up an entry twice by using a ref.
(cherry picked from commit
3eba27418a7102a82777b74bd199943b67a93a6e )
Otto Moerbeek [Wed, 13 Nov 2019 09:11:58 +0000 (10:11 +0100)]
ednsmap might be cleared while yielding; so reassign pointer.
Switch away from a ref to a pointer because of above and use modern
init for EDNSStatus.
(cherry picked from commit
90e8ea71abacb8879482fe27a5521d1f4d0ef76d )
Otto Moerbeek [Tue, 12 Nov 2019 16:00:44 +0000 (17:00 +0100)]
If modeSetAt is zero, we never updated the entry and it can go.
(cherry picked from commit
b5788c3649bee0d5c86c6900ee3dd2530a494bd1 )
Otto Moerbeek [Tue, 12 Nov 2019 15:42:10 +0000 (16:42 +0100)]
Also purge t_sstorage.ednsstatus and include edns size in the periodic report.
(cherry picked from commit
bbc7101c05672d91f5131fa5baa884a750e139a4 )
Otto Moerbeek [Tue, 12 Nov 2019 13:09:57 +0000 (14:09 +0100)]
man page bits
(cherry picked from commit
c71d64351b4918e92004691ea534cf8bcbcccbdd )
Otto Moerbeek [Tue, 12 Nov 2019 12:31:28 +0000 (13:31 +0100)]
Purge map of failed auths periodically by keeping a last changed timestamp.
SyncRes thread local storage includes a map of failed auths which was
only cleaned if a specific IP was contacted again and that contact
succeeded. Persistent failing auths or auths that are never tried
again remained in the map.
While here add code to dump the failed servers map. Might (partially?)
solve #7771.
(cherry picked from commit
60e5208a9a20d4cd2153d33b8cd500e9b241373c )
Otto Moerbeek [Mon, 18 Nov 2019 14:43:14 +0000 (15:43 +0100)]
Merge pull request #8544 from omoerbeek/backport-8470-to-rec-4.1.x
Otto Moerbeek [Mon, 18 Nov 2019 14:20:47 +0000 (15:20 +0100)]
Merge pull request #8543 from omoerbeek/backport-8340-to-rec-4.1.x
Otto Moerbeek [Mon, 18 Nov 2019 14:00:14 +0000 (15:00 +0100)]
Merge pull request #8542 from omoerbeek/backport-7068-to-rec-4.1.x
Otto Moerbeek [Wed, 6 Nov 2019 10:15:30 +0000 (11:15 +0100)]
Avoid mthread race when using the set of rootNSZones.
Otto Moerbeek [Mon, 28 Oct 2019 15:57:46 +0000 (16:57 +0100)]
It is better to make sure . entries are not added to the set.
Otto Moerbeek [Mon, 28 Oct 2019 15:35:43 +0000 (16:35 +0100)]
Do not wipe . NS; this can happen with custom hint files that are
Otto Moerbeek [Mon, 28 Oct 2019 12:58:01 +0000 (13:58 +0100)]
Wipe entry form cache before getting a new one to make sure we
actually get fresh records.
(cherry picked from commit
ed1bbac786281f515b4ceaf22afdf6c62bf614b4 )
Otto Moerbeek [Fri, 25 Oct 2019 12:05:22 +0000 (14:05 +0200)]
Add a comment explaining things.
(cherry picked from commit
c16c8fe53cac7473b16c81ca56410c14ad3bf324 )
Otto Moerbeek [Wed, 23 Oct 2019 13:18:08 +0000 (15:18 +0200)]
Also call primeRootNSZones() from syncres (after primeHints())
(cherry picked from commit
159b1242bab07c12620b9c40d3726b752ba0e32e )
Otto Moerbeek [Wed, 23 Oct 2019 12:18:47 +0000 (14:18 +0200)]
prime tld of root name server names
(cherry picked from commit
1b4e0ae09d2d81b70524746293f3e4f16d722ad4 )
Otto Moerbeek [Mon, 23 Sep 2019 12:59:38 +0000 (14:59 +0200)]
Fix #8338: Issue with "zz" abbreviation for IPv6 RPZ triggers
While there, add unittest for translating rpz names into netmasks
(cherry picked from commit
301148e6d77e7cf8aed3b1b174bf6dbbeae7dc67 )
phonedph1 [Tue, 16 Oct 2018 02:07:50 +0000 (02:07 +0000)]
Do the edns dumping harder.
(cherry picked from commit
addde5c1785f040f803bc5154433b0574a197216 )
Otto Moerbeek [Fri, 30 Aug 2019 10:21:37 +0000 (12:21 +0200)]
Merge pull request #8123 from pieterlexis/backport-7951-to-rec-41x
Pieter Lexis [Wed, 24 Jul 2019 10:27:10 +0000 (12:27 +0200)]
Backport #7951
Otto Moerbeek [Wed, 12 Jun 2019 09:25:07 +0000 (11:25 +0200)]
Merge pull request #7912 from omoerbeek/backport-7589
Aki Tuomi [Fri, 15 Mar 2019 19:12:46 +0000 (21:12 +0200)]
lua-recursor4: Add missing getregisteredname Lua function
It was drooped in
4b9a4e966257eb08d4803633f5726b5a144a8e99 and
forgotten in
a3e7b73528a96a3642adb42dc1e729ea2e8765f4
(cherry picked from commit
c2d0a26fecf13a40fa5a74a4cc13d9faef8b1669 )
Otto Moerbeek [Tue, 11 Jun 2019 15:03:41 +0000 (17:03 +0200)]
Merge pull request #7906 from omoerbeek/backport-7298
Otto Moerbeek [Tue, 11 Jun 2019 14:38:38 +0000 (14:38 +0000)]
Mention correct "version added" for the two new counters.
Remi Gacogne [Mon, 24 Dec 2018 09:54:17 +0000 (10:54 +0100)]
rec: Add counters for incoming AD and CD queries
(cherry picked from commit
88c33dca92f68d3c4a0a9dc8cb3c9838f034b94b )
Remi Gacogne [Tue, 14 May 2019 14:18:16 +0000 (16:18 +0200)]
Merge pull request #7816 from rgacogne/rec41-backport-7714
Remi Gacogne [Thu, 11 Apr 2019 13:25:10 +0000 (15:25 +0200)]
rec: Fix DNSSEC validation of wildcards expanded onto themselves
(cherry picked from commit
78cdf5200924d327911345e1053e6e7de26dc34b )
Remi Gacogne [Thu, 25 Apr 2019 08:15:02 +0000 (10:15 +0200)]
rec: Add a 'query for a wildcard-like expanded from a wildcard' test
(cherry picked from commit
3f675ceb96804190951f2bfda1e67b9dfdaab10e )
Remi Gacogne [Thu, 11 Apr 2019 13:24:37 +0000 (15:24 +0200)]
rec: Add a DNSSEC validation unit test for non-expanded wildcards
(cherry picked from commit
eb7a2b0bb57a99eabaad99f1814505b766060e6e )
Otto Moerbeek [Fri, 5 Apr 2019 13:44:08 +0000 (15:44 +0200)]
Merge pull request #7675 from omoerbeek/disable-smap-switch
Otto Moerbeek [Fri, 5 Apr 2019 13:38:34 +0000 (15:38 +0200)]
Fix versionadded line
Otto Moerbeek [Fri, 5 Apr 2019 13:28:41 +0000 (15:28 +0200)]
Merge pull request #7673 from omoerbeek/disable-smap-switch
Otto Moerbeek [Fri, 5 Apr 2019 10:24:32 +0000 (12:24 +0200)]
Add versionadded
Otto Moerbeek [Fri, 5 Apr 2019 10:01:54 +0000 (12:01 +0200)]
Document disable-real-memory-usage.
Otto Moerbeek [Fri, 5 Apr 2019 09:50:20 +0000 (11:50 +0200)]
Add a switch to disable the expense smap based mem stat.
Otto Moerbeek [Tue, 2 Apr 2019 08:37:43 +0000 (10:37 +0200)]
Merge pull request #7651 from omoerbeek/backport-7631
Otto Moerbeek [Tue, 2 Apr 2019 08:08:53 +0000 (08:08 +0000)]
Move the setQuerySource() method to a wrapper in the syncres test code.
Otto Moerbeek [Mon, 1 Apr 2019 19:07:35 +0000 (19:07 +0000)]
Fix do not cache condition (merge error spotted by rcagogne)
Otto Moerbeek [Mon, 1 Apr 2019 15:36:23 +0000 (15:36 +0000)]
Make unit test work.
Otto Moerbeek [Mon, 1 Apr 2019 14:50:34 +0000 (14:50 +0000)]
Resolve merge errors
Otto Moerbeek [Mon, 1 Apr 2019 12:27:27 +0000 (14:27 +0200)]
Reformulate condition and comment to make it more clear.
(cherry picked from commit
73d9bf3ad13de7031a71700d00fb4efbab8ca938 )
Otto Moerbeek [Mon, 1 Apr 2019 09:30:06 +0000 (11:30 +0200)]
Only apply "do not cache" if both limits are set and satisfied. Doc tweaks.
(cherry picked from commit
42f418044c137ae2835f7f6550da093cb8b6ce7c )
Otto Moerbeek [Fri, 29 Mar 2019 10:40:05 +0000 (11:40 +0100)]
New approach. I spelled out the logic to make it more clear.
Points to keep in mind: > vs >=
What do we do if s_ecscachelimitttl is not set? I chose to let the scope determine
cacheability.
(cherry picked from commit
e7861cc408a4984d7c3e2a430825beb22ecf2a6d )
Otto Moerbeek [Wed, 27 Mar 2019 12:17:06 +0000 (13:17 +0100)]
Add tests for ecs-cache-limit-ttl
(cherry picked from commit
2cbe6a45ec0699f5ced3eb45945ce77b3a7fa343 )
Otto Moerbeek [Wed, 27 Mar 2019 11:37:19 +0000 (12:37 +0100)]
Initial code for ecs-cache-limit-ttl.
(cherry picked from commit
ed9019c97a4f81c42c2e45ab4353022540afdf08 )
Remi Gacogne [Tue, 12 Mar 2019 12:22:30 +0000 (13:22 +0100)]
rec: Set ecs-ipv4-cache-bits and ecs-ipv6-cache-bits in the tests
(cherry picked from commit
0cd27a313133139947e6e1b97fe7f1c0164ad40f )
(cherry picked from commit
30974eccedbe5fc90a24762f17b588750926ca2b )
Remi Gacogne [Tue, 12 Mar 2019 11:27:06 +0000 (12:27 +0100)]
rec: Document 'ecs-ipv4-cache-bits' and 'ecs-ipv6-cache-bits'
(cherry picked from commit
4d8c05df7a8fd6045061325693dcf8b17dbd364d )
(cherry picked from commit
216dc60aab0a7ea1a2385d85706bd41721e6ed16 )
Remi Gacogne [Tue, 12 Mar 2019 11:19:13 +0000 (12:19 +0100)]
rec: Add unit tests for the ECS cache limit feature
(cherry picked from commit
a87929c0fdb1675661a9f2fbea46e79530e4157e )
Remi Gacogne [Tue, 12 Mar 2019 11:05:56 +0000 (12:05 +0100)]
rec: Move the ECS cache limit check to the SyncRes
(cherry picked from commit
bdceeb7e8c0e25dfe86f0300fb83d1cdaee3422c )
bert hubert [Tue, 12 Mar 2019 10:27:53 +0000 (11:27 +0100)]
implement a configurable ECS cache limit, defaulting to /24 and /56 of IPv6. So a /25 response will not get cached.
(cherry picked from commit
1dab554571edc88ae625c3997294dbcfb1c3507e )
(cherry picked from commit
fd8898fbb51d8068127ff2fffd6a5f2e9f60be33 )
Remi Gacogne [Mon, 1 Apr 2019 13:57:10 +0000 (15:57 +0200)]
Merge pull request #7634 from rgacogne/rec41-bounded-load-balancing
bert hubert [Mon, 1 Apr 2019 13:56:22 +0000 (15:56 +0200)]
Merge pull request #7647 from ahupowerdns/per-thread-stats
bert hubert [Mon, 1 Apr 2019 13:48:55 +0000 (15:48 +0200)]
add comments
bert hubert [Mon, 1 Apr 2019 12:47:59 +0000 (14:47 +0200)]
This provides CPU usage statistics per thread (worker & distributor).
Remi Gacogne [Fri, 29 Mar 2019 16:20:52 +0000 (17:20 +0100)]
rec: Clarify that the server load should be >= to the pondered avg
Remi Gacogne [Fri, 29 Mar 2019 12:32:46 +0000 (13:32 +0100)]
rec: Keep track of the number of MTasks in a dedicated variable
Remi Gacogne [Thu, 28 Mar 2019 17:30:12 +0000 (18:30 +0100)]
rec: Make sure that distribution-load-factor is >= 1.0 if set
(cherry picked from commit
078be17f3c150abed2ae87dfe771ef479f3137ef )
Remi Gacogne [Wed, 27 Mar 2019 11:10:37 +0000 (12:10 +0100)]
rec: Add a 'rebalanced-queries' metric
(cherry picked from commit
596bf48219cb82379bf872e746dd7f626b582342 )
Remi Gacogne [Wed, 20 Feb 2019 16:47:30 +0000 (17:47 +0100)]
rec: Use a bounded load-balancing algo to distribute queries
(cherry picked from commit
144040bef0b1f65abfb4634f65b1445a84393a1b )
Remi Gacogne [Thu, 21 Feb 2019 09:15:06 +0000 (10:15 +0100)]
Merge pull request #7495 from rgacogne/rec41-ixfr-empty-axfr
Remi Gacogne [Mon, 18 Feb 2019 12:22:07 +0000 (13:22 +0100)]
Correctly interpret an empty AXFR response to an IXFR query
Remi Gacogne [Wed, 30 Jan 2019 14:55:31 +0000 (15:55 +0100)]
Merge pull request #7434 from rgacogne/rec41-protobuf-responses-only
Remi Gacogne [Wed, 30 Jan 2019 10:38:23 +0000 (11:38 +0100)]
rec: Add an option to export only responses over protobuf
bert hubert [Wed, 30 Jan 2019 08:11:57 +0000 (09:11 +0100)]
Merge pull request #7430 from rgacogne/rec41-redo-remotelogger
Remi Gacogne [Tue, 29 Jan 2019 16:10:55 +0000 (17:10 +0100)]
rec-4.1.x: Backport some protobuf regression tests
bert hubert [Tue, 29 Jan 2019 11:15:21 +0000 (12:15 +0100)]
Reduce systemcall usage in protobuf logging
Remi Gacogne [Thu, 24 Jan 2019 17:12:40 +0000 (18:12 +0100)]
Merge pull request #7415 from zeha/backport-7327
Chris Hofstaedtler [Thu, 24 Jan 2019 16:23:31 +0000 (17:23 +0100)]
Backport #7327: rec: Fix a possible timing issue w/ RRSIGs in the SyncRes unit tests
Remi Gacogne [Tue, 22 Jan 2019 08:59:51 +0000 (09:59 +0100)]
Merge pull request #7403 from rgacogne/rec41-dh-no-protobuf
Remi Gacogne [Mon, 21 Jan 2019 15:07:29 +0000 (16:07 +0100)]
rec: Fix compilation in handleRunningTCPQuestion without protobuf support
Remi Gacogne [Mon, 21 Jan 2019 08:50:24 +0000 (09:50 +0100)]
Merge pull request #7397 from rgacogne/rec41-sec-
20190121
rec-4.1.x: Load the Lua script in the distributor thread, check signature for AA=0 answers
Remi Gacogne [Fri, 18 Jan 2019 14:46:36 +0000 (15:46 +0100)]
Merge pull request #7377 from rgacogne/rec41-retry-on-full-pipe
Remi Gacogne [Wed, 16 Jan 2019 14:19:17 +0000 (15:19 +0100)]
rec: Try another worker before failing if the first pipe was full
Remi Gacogne [Wed, 9 Jan 2019 16:08:38 +0000 (17:08 +0100)]
rec: Always check signature for records in ANSWER, even with AA=0
Remi Gacogne [Wed, 9 Jan 2019 08:56:04 +0000 (09:56 +0100)]
rec: Add missing cookiesoption.py for the python regression tests
Remi Gacogne [Tue, 8 Jan 2019 15:05:28 +0000 (16:05 +0100)]
rec: Call the ipfilter hook if any over TCP as well
Remi Gacogne [Tue, 8 Jan 2019 15:00:01 +0000 (16:00 +0100)]
rec: Test our Lua hooks
projects / thirdparty / pdns.git / log
