]>
git.ipfire.org Git - thirdparty/pdns.git/log
Peter van Dijk [Tue, 12 Jan 2021 09:04:21 +0000 (10:04 +0100)]
Merge pull request #9944 from Habbie/backport-9831-to-rec-4.2.x
rec-4.2.x el8: PowerTools is now powertools
Peter van Dijk [Mon, 11 Jan 2021 19:06:43 +0000 (20:06 +0100)]
rec-4.2.x el8: PowerTools is now powertools
backport of #9831
Otto Moerbeek [Sun, 15 Nov 2020 17:13:32 +0000 (18:13 +0100)]
Merge pull request #9723 from Habbie/rec-4.2.x-circleci-pager
rec-4.2.x: avoid paging in git
Peter van Dijk [Fri, 13 Nov 2020 17:56:25 +0000 (18:56 +0100)]
rec-4.2.x: avoid paging in git
Otto Moerbeek [Fri, 23 Oct 2020 06:27:02 +0000 (08:27 +0200)]
Merge pull request #9610 from omoerbeek/rec-4.2.x-fix-remaining-placeholders
rec: followup to backport of 9070 to 4.2.x: Previous placeholder fix was incomplete.
Otto Moerbeek [Tue, 13 Oct 2020 12:22:00 +0000 (14:22 +0200)]
Previous placeholders fix was incomplete.
Fix remaining ones.
Otto Moerbeek [Tue, 13 Oct 2020 10:08:36 +0000 (12:08 +0200)]
Merge pull request #9603 from omoerbeek/rec-backport-to-4.2.x-sec-2020-07
rec: Backport of CVE-2020-25829 (any-cache-update) to 4.2.x
Otto Moerbeek [Mon, 12 Oct 2020 08:11:21 +0000 (10:11 +0200)]
Backport of CVE-2020-25829 (any-cache-update) to 4.2.x
Otto Moerbeek [Fri, 25 Sep 2020 07:05:00 +0000 (09:05 +0200)]
Merge pull request #9508 from omoerbeek/rec-backport-9497-to-rec-4.2.x
Rec: minimal backport of 9497 to rec 4.2.x: raise an exception on invalid content in unknown records
Otto Moerbeek [Tue, 22 Sep 2020 11:21:39 +0000 (13:21 +0200)]
Minimal backport of #9497 to rec-4.2.x
Otto Moerbeek [Fri, 25 Sep 2020 06:38:49 +0000 (08:38 +0200)]
Merge pull request #9502 from omoerbeek/rec-boost-bind-to-std-bind-4.2
rec: backport to rec-4.2.x: Boost 1.73 moved boost::bind placeholders to the placeholders namespace
Otto Moerbeek [Tue, 22 Sep 2020 08:49:26 +0000 (10:49 +0200)]
Minimal backport of #9070
Remi Gacogne [Thu, 10 Sep 2020 09:18:20 +0000 (11:18 +0200)]
Merge pull request #9456 from omoerbeek/backport-9454-to-rec-4.2.x
rec: backport to 4.2.x: Parts is reused, so clear the names it might contain.
Otto Moerbeek [Wed, 9 Sep 2020 13:11:26 +0000 (15:11 +0200)]
Parts is reused, so clear the names it might contain.
(cherry picked from commit
bc3d2b7386e058c39872a3aa74101283b6f1af45 )
Otto Moerbeek [Mon, 24 Aug 2020 13:00:27 +0000 (15:00 +0200)]
Merge pull request #9368 from omoerbeek/backport-9343-to-rec-4.2.x
rec: Backport 9343 to rec 4.2.x: Resize hostname to final size in getCarbonHostname()
Aki Tuomi [Tue, 21 Jul 2020 19:04:56 +0000 (22:04 +0300)]
test-misc_hh: Add test for getCarbonHostname
(cherry picked from commit
f19c0ed44619382b41119c8fb3136a3eb11790b8 )
Aki Tuomi [Sun, 19 Jul 2020 15:06:14 +0000 (18:06 +0300)]
misc.cc: Resize hostname to final size in getCarbonHostname()
In
5c21b47fbc35ddcb8d939eb8541c6c3bad1080a8 we change how
hostname is allocated. We allocate getMaxHostNameSize for string,
then give the raw buffer for gethostname function, but forget to
resize the string into actual result length, causing the carbon
output to include trailing NUL bytes after hostname.
(cherry picked from commit
57f8ac68b4fa7063fd2cac4d5b77045e0255c770 )
Otto Moerbeek [Tue, 14 Jul 2020 11:19:52 +0000 (13:19 +0200)]
Merge pull request #9334 from omoerbeek/backport-9309-to-rec-4.2.x
rec: Backport 9309 to rec 4.2.x: Validate cached DNSKEYs against the DSs, not the RRSIGs only
Otto Moerbeek [Tue, 14 Jul 2020 11:19:35 +0000 (13:19 +0200)]
Merge pull request #9333 from omoerbeek/backport-9297-to-rec-4.2.x
rec: Backport 9297 to rec 4.2.x: Ignore cache-only for DNSKEYs/DS retrieval
Otto Moerbeek [Tue, 14 Jul 2020 11:19:16 +0000 (13:19 +0200)]
Merge pull request #9332 from omoerbeek/backport-9292-to-rec-4.2.x
rec: Backport 9292 to rec 4.2.x: A ServFail while retrieving DS/DNSKEY records is just that
Otto Moerbeek [Tue, 14 Jul 2020 11:18:57 +0000 (13:18 +0200)]
Merge pull request #9331 from omoerbeek/backport-9188-to-rec-4.2.x
rec: Backport 9188 to rec 4.2.x: Refuse DS records received from child zones
Remi Gacogne [Mon, 6 Jul 2020 13:00:44 +0000 (15:00 +0200)]
rec: Validate cached DNSKEYs against the DSs, not the RRSIGs only
DNSKEYs might be cached in a non-validated state ("Indeterminate")
when the DNSSEC mode is set to "Process" and the initial query did
not ask for validation.
We would then validate the DNSKEY records against the RRSIGs, like
for regular records, but not against the DSs.
(cherry picked from commit
453f37736a4d372e16755a903f5b5d5ac52b0c17 )
Otto Moerbeek [Mon, 13 Jul 2020 15:01:22 +0000 (17:01 +0200)]
Fix merge
Remi Gacogne [Tue, 7 Jul 2020 07:56:41 +0000 (09:56 +0200)]
rec: Ignore cache-only for DSs retrieval
When the DSs are needed for validation, the initial RD flag should
not prevent us from going to the network.
(cherry picked from commit
68536f5ba1b37b1ab6008ab8842a4eeb676cc3e4 )
Remi Gacogne [Fri, 3 Jul 2020 15:29:33 +0000 (17:29 +0200)]
rec: Ignore cache-only for DNSKEYs retrieval
When the DNSKEYs are needed for validation, the initial RD flag
should not prevent us from going to the network.
(cherry picked from commit
38a7e82df8eaa8bee8fe9b444e81e1d71710d4de )
Otto Moerbeek [Mon, 13 Jul 2020 14:54:34 +0000 (16:54 +0200)]
DIGEST_SHA256 is named SHA256 in 4.2.x
Remi Gacogne [Thu, 2 Jul 2020 08:31:31 +0000 (10:31 +0200)]
rec: A ServFail while retrieving DS/DNSKEY records is just that
Before that commit, failing to get the DS or DNSKEY records needed
during validation because of a network issue would trigger a Bogus
DNSSEC validation result because validation could not be performed,
but that should just be a Server Failure instead.
This is especially an issue because the Bogus result would get
inserted into the cache and could stay there for as long as
'max-cache-bogus-ttl' seconds.
(cherry picked from commit
e122af1cf073cab4bd0b1b346b6e166b49870d70 )
Otto Moerbeek [Mon, 13 Jul 2020 14:47:47 +0000 (16:47 +0200)]
Fix merge
Remi Gacogne [Tue, 7 Jul 2020 12:22:59 +0000 (14:22 +0200)]
rec: Add a 'skip DS from child zone' unit test
(cherry picked from commit
2b4f326914460e3c2a8cb1249fdd535090a355f7 )
Remi Gacogne [Tue, 2 Jun 2020 15:19:42 +0000 (17:19 +0200)]
rec: Refuse DS records received from child zones
(cherry picked from commit
3b8b3a7760b655d078aed24c42b0c48e1115eb55 )
Otto Moerbeek [Mon, 13 Jul 2020 13:58:09 +0000 (15:58 +0200)]
Merge pull request #9306 from omoerbeek/backport-9268-to-rec-4.2.x
rec: backport of 9268 to 4.2.x: Better exception handling in houseKeeping / handlePolicyHit
Otto Moerbeek [Tue, 7 Jul 2020 09:27:22 +0000 (11:27 +0200)]
Fix indentation
Otto Moerbeek [Tue, 7 Jul 2020 08:54:15 +0000 (10:54 +0200)]
rec: backport of 9268 to 4.3.x: Better exception handling in houseKeeping / handlePolicyHit
Otto Moerbeek [Tue, 30 Jun 2020 14:14:48 +0000 (16:14 +0200)]
Merge pull request #9284 from omoerbeek/rec-acl-backport-to-4.2.x
rec: acl backport to 4.2.x
Otto Moerbeek [Tue, 30 Jun 2020 11:48:58 +0000 (13:48 +0200)]
Backport of acl fix to 4.2.x
Otto Moerbeek [Fri, 19 Jun 2020 10:09:41 +0000 (12:09 +0200)]
Merge pull request #9261 from omoerbeek/backport-9251-to-rec-4.2.x
rec: backport 9251 to re 4.2.x: Copy the negative cache entry before validating it
Remi Gacogne [Wed, 17 Jun 2020 12:49:55 +0000 (14:49 +0200)]
rec: Copy the negative cache entry before validating it
Otherwise, in the unlikely case that:
- we need to go to the network in order to validate, for example to
get or a DNSKEY ;
- the negative cache cleaning is run at that exact moment ;
- and the entry we have a pointer to gets wiped during that cleanup
we might trigger a heap-based use-after-free (read), possibly leading
to a crash if the memory has been reused already.
Remi Gacogne [Mon, 25 May 2020 14:07:05 +0000 (16:07 +0200)]
Merge pull request #9146 from rgacogne/rec42-travis-unbreak-trusty-spellcheck
rec-4.2.x: Unbreak travis and remove spell checking
Josh Soref [Tue, 19 May 2020 17:10:37 +0000 (13:10 -0400)]
Suppress PR based spell check
(cherry picked from commit
16f3f8060ece690049dbf8059cf2f5a2bcc21bc2 )
Peter van Dijk [Mon, 25 May 2020 08:27:01 +0000 (10:27 +0200)]
travis: install pdns package from direct download
(cherry picked from commit
b5b83152b5a56b8095ab0d713a31c3ab5d1ec25b )
Remi Gacogne [Mon, 25 May 2020 07:51:38 +0000 (09:51 +0200)]
Merge pull request #9133 from rgacogne/rec42-fix-gethostname-no-hostnamemax
rec-4.2.x: Fix compilation on systems that do not define HOST_NAME_MAX
Remi Gacogne [Tue, 19 May 2020 14:46:33 +0000 (16:46 +0200)]
Fix compilation on systems that do not define HOST_NAME_MAX
On FreeBSD at least, HOST_NAME_MAX is not defined and we need to
use sysconf() to get the value at runtime instead.
Based on a work done by @RvdE to make the recursor compile on
FreeBSD (many thanks!).
(cherry picked from commit
4c990a1b82e091d887d873c7da5254de84aabebb )
(cherry picked from commit
5c21b47fbc35ddcb8d939eb8541c6c3bad1080a8 )
Remi Gacogne [Tue, 19 May 2020 10:51:08 +0000 (12:51 +0200)]
Merge pull request #9123 from rgacogne/rec42-gcc10
rec-4.2.x: Fix build with gcc-10
Sander Hoentjen [Mon, 16 Dec 2019 21:44:43 +0000 (22:44 +0100)]
Fix build with gcc-10
From an e-mail from Jeff Law <law@redhat.com>:
Subject: Minor problem in pdns, dnsdist and pdns-recursor packages in Fedora
[ All three packages have embedded copies of the same problematic code
and the same patch fixes all three. ]
Red Hat's compiler team continues to try and be proactive in identifying
issues that will arise as a result of the introduction of a new GCC
release into Fedora each spring.
You're being contacted because a package you maintain in Fedora is going
to fail to build with gcc-10 in the spring. Yes, I know that's a few
months away, but it's far easier to fix this stuff proactively now than
wait.
Fixing it now also means that your package will continue to be built
with testing versions of gcc-10 as we proceed through the development
process thus allowing additional issues to be caught early.
Your particular package will fail due to an uninstantiated template for
AsyncLoader<Request>. These kinds of problems are relatively common due to
changes in the tuning of the inliner for gcc-10:
> BUILDSTDERR: /usr/bin/ld: webserver.o: in function `WebServer::serveConnection(std::shared_ptr<Socket>) const':
> BUILDSTDERR: /builddir/build/BUILD/pdns-4.2.1/pdns/webserver.cc:373: undefined reference to `YaHTTP::AsyncLoader<YaHTTP::Request>::feed(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&)'
> BUILDSTDERR: collect2: error: ld returned 1 exit status
> BUILDSTDERR: make[3]: *** [Makefile:2751: ixfrdist] Error 1
>
The attached patch arranges for an instance to be instantiated when
compiling reqresp.cpp and is sufficient to fix this problem. The
choice of reqresp.cpp fairly arbitrary IIRC.
Ideally you'll with upstream to get this fixed, but a Fedora patch is
clearly OK as well. I'll install the attached fix into Fedora in a
week or so if I haven't heard from you.
Jeff
(cherry picked from commit
ffb885e937c27bb1c62dee8f18c58ae0d5d52d39 )
Pieter Lexis [Tue, 19 May 2020 08:49:34 +0000 (10:49 +0200)]
Merge pull request #9116 from pieterlexis/rec-4.2.x-may-2020
Recursor 4.2.x fixes May 2020
Remi Gacogne [Mon, 27 Apr 2020 14:48:16 +0000 (16:48 +0200)]
Don't read potentially uninitalized memory if gethostname() failed
If the buffer is smaller than `HOST_NAME_MAX` (64 on Linux but up to
255 bytes in POSIX, which FreeBSD, MacOS etc honor) gethostname()
might return -1 without null-terminating the buffer, causing an
out-of-bounds read.
As we look for the first '.' using `strchr()`, replacing it with a
null byte, we also have a one-byte out-of-bounds write which might
result in a crash or, albeit very unlikely, arbitrary code execution.
(cherry picked from commit
aac6348d56f6f3fdba9dd2455ef06081da507c14 )
(cherry picked from commit
be93bc7da4caddc5a6c84fa7b42e82592e9add49 )
Remi Gacogne [Mon, 27 Apr 2020 12:46:20 +0000 (14:46 +0200)]
rec: Fix DNSSEC validation of completely empty NXDomain answers
If the answer has no SOA and no NSEC inside a DNSSEC-secure zone,
we should go Bogus.
(cherry picked from commit
1c0ee0d118a886857629aa733c23311057f315f9 )
Otto Moerbeek [Wed, 25 Mar 2020 14:34:36 +0000 (15:34 +0100)]
Backport to rex-4.2.x: Don't crash on a duplicate RPZ entry received over XFR
Otto Moerbeek [Mon, 23 Mar 2020 14:30:37 +0000 (15:30 +0100)]
rec: backport Limit the number of queries sent out to get NS addresses per query to 4.2.x
Otto Moerbeek [Fri, 1 May 2020 12:59:57 +0000 (14:59 +0200)]
Merge pull request #9081 from omoerbeek/backport-8972-to-rec-4.2.x
rec: backport to rec 4.2.x: builder: add ubuntu focal target
Peter van Dijk [Wed, 25 Mar 2020 10:41:15 +0000 (11:41 +0100)]
builder: add ubuntu focal target
(cherry picked from commit
b4f4b1ab4ba666fe16f0201b38778fe66dc8e7ae )
Otto Moerbeek [Fri, 3 Apr 2020 07:53:21 +0000 (09:53 +0200)]
Merge pull request #8988 from omoerbeek/rec-backport-gen-version-to-4.2.x
Backport 7822 to rec-4.2.x: Update gen-version to use latest tag for version nunmbers
Otto Moerbeek [Tue, 31 Mar 2020 14:18:52 +0000 (16:18 +0200)]
Update builder
Otto Moerbeek [Tue, 31 Mar 2020 12:04:19 +0000 (14:04 +0200)]
Backport 7822: Update gen-version to use latest tag for version nunmbers
Remi Gacogne [Tue, 24 Mar 2020 09:03:41 +0000 (10:03 +0100)]
Merge pull request #8964 from omoerbeek/backport-8876-to-rec-4.2.x
rec: backport 8876 to rec-4.2.x: Update boost.m4
Pieter Lexis [Fri, 28 Feb 2020 08:27:30 +0000 (09:27 +0100)]
Update boost.m4
Closes #8875
(cherry picked from commit
2bcb6ea0ddc99548d3d7d6d317c5d64d55aac6cc )
Otto Moerbeek [Wed, 26 Feb 2020 17:14:06 +0000 (18:14 +0100)]
Merge pull request #8869 from omoerbeek/backport-8864-to-rec-4.2.x
rec: backport 8864 to rec 4.2.x: Only log qname parsing errors when 'log-common-errors' is set
Remi Gacogne [Wed, 26 Feb 2020 10:18:35 +0000 (11:18 +0100)]
rec: Only log qname parsing errors when 'log-common-errors' is set
(cherry picked from commit
4b4566e8d28ff3b18152213e8c8666aa643f8eb9 )
Otto Moerbeek [Mon, 17 Feb 2020 10:07:07 +0000 (11:07 +0100)]
Merge pull request #8832 from omoerbeek/backport-8826-to-rec-4.2.x
rec: Backport 8825 to rec 4.2.x: Refuse NSEC records with a bitmap length > 32
Remi Gacogne [Fri, 14 Feb 2020 13:40:33 +0000 (14:40 +0100)]
Refuse NSEC records with a bitmap length > 32
(cherry picked from commit
3d51568b456205c9bd60ceeedb4b43af4a33f019 )
Otto Moerbeek [Tue, 11 Feb 2020 10:40:12 +0000 (11:40 +0100)]
Merge pull request #8802 from omoerbeek/backport-8559-to-rec-4.2.x
rec: backport 8559 to rec 4.2.x: Avoid startup race by setting the state of a tread before starting it.
Otto Moerbeek [Wed, 20 Nov 2019 11:26:14 +0000 (12:26 +0100)]
Avoid startup race by setting the state of a tread before starting it.
(cherry picked from commit
ef31b0902fa09fd9a03276b56a51d88d63e68c6f )
Otto Moerbeek [Wed, 29 Jan 2020 09:17:14 +0000 (10:17 +0100)]
Merge pull request #8752 from omoerbeek/backport-8740-to-rec-4.2.x
rec: backport 8740 to rec 4.2.x: Update boost.m4
Pieter Lexis [Wed, 22 Jan 2020 15:03:59 +0000 (16:03 +0100)]
Update boost.m4
This detects boost::context on boost version 1.61 through 1.65 correctly
(cherry picked from commit
c54133a4abccd7228b6898af5cb7b684c6225e97 )
Otto Moerbeek [Tue, 14 Jan 2020 09:40:54 +0000 (10:40 +0100)]
Merge pull request #8696 from omoerbeek/backport-7928-to-rec-4.2.x
rec: Backport 7928 to rec 4.2.x: Better detection of Bogus zone cuts for DNSSEC validation
Pieter Lexis [Tue, 14 Jan 2020 09:11:26 +0000 (10:11 +0100)]
Merge pull request #8674 from omoerbeek/backport-8639-to-rec-4.2.x
rec: backport 8639 to 4.2.x: debian postinst / do not fail on user creation if it already exists
Pieter Lexis [Tue, 14 Jan 2020 09:11:02 +0000 (10:11 +0100)]
Merge pull request #8686 from omoerbeek/backport-8684-to-rec-4.2.x
rec: backport 8684 to 4.2.x: parsing `dont-throttle-names` and `dont-throttle-netmasks` as comma separated lists
Remi Gacogne [Thu, 2 Jan 2020 10:52:14 +0000 (11:52 +0100)]
rec: An Opt-Out NSEC3 RR only proves that there is no secure delegation
(cherry picked from commit
18c8faae6c67f734583c5c881d0d083d3253b49e )
Remi Gacogne [Mon, 17 Jun 2019 08:40:57 +0000 (10:40 +0200)]
rec: Add comments to clarify the no DS case when detecting zone cuts
(cherry picked from commit
46df9251dfbd1d45ee26e410011713f2a550c721 )
Remi Gacogne [Fri, 31 May 2019 16:24:27 +0000 (18:24 +0200)]
rec: Better detection of Bogus zone cuts for DNSSEC validation
(cherry picked from commit
dd359a9fc01c318ef2fc1753d3e8170be5977c05 )
Costy Petrisor [Thu, 9 Jan 2020 10:56:16 +0000 (10:56 +0000)]
parsing `dont-throttle-names` and `dont-throttle-netmasks` as comma separated lists
(cherry picked from commit
5285831402f3f3a209c16cb3bd743eea640cf894 )
Antoine Joubert [Mon, 16 Dec 2019 16:57:13 +0000 (17:57 +0100)]
rec: debian postinst / do not fail on user creation if it already exists
(cherry picked from commit
fddad2718fb994d4fd016c03e1e05ef6c67aae14 )
Otto Moerbeek [Wed, 27 Nov 2019 13:32:19 +0000 (14:32 +0100)]
Merge pull request #8552 from omoerbeek/backport-8525-to-rec-4.2.x
rec: Backport 8525 to rec 4.2.x: Purge map of failed auths periodically by keeping a last changed timestamp.
Otto Moerbeek [Tue, 19 Nov 2019 09:03:17 +0000 (10:03 +0100)]
Avoid looking up an entry twice by using a ref.
(cherry picked from commit
3eba27418a7102a82777b74bd199943b67a93a6e )
Otto Moerbeek [Wed, 13 Nov 2019 09:11:58 +0000 (10:11 +0100)]
ednsmap might be cleared while yielding; so reassign pointer.
Switch away from a ref to a pointer because of above and use modern
init for EDNSStatus.
(cherry picked from commit
90e8ea71abacb8879482fe27a5521d1f4d0ef76d )
Otto Moerbeek [Tue, 12 Nov 2019 16:00:44 +0000 (17:00 +0100)]
If modeSetAt is zero, we never updated the entry and it can go.
(cherry picked from commit
b5788c3649bee0d5c86c6900ee3dd2530a494bd1 )
Otto Moerbeek [Tue, 12 Nov 2019 15:42:10 +0000 (16:42 +0100)]
Also purge t_sstorage.ednsstatus and include edns size in the periodic report.
(cherry picked from commit
bbc7101c05672d91f5131fa5baa884a750e139a4 )
Otto Moerbeek [Tue, 12 Nov 2019 13:09:57 +0000 (14:09 +0100)]
man page bits
(cherry picked from commit
c71d64351b4918e92004691ea534cf8bcbcccbdd )
Otto Moerbeek [Tue, 12 Nov 2019 12:31:28 +0000 (13:31 +0100)]
Purge map of failed auths periodically by keeping a last changed timestamp.
SyncRes thread local storage includes a map of failed auths which was
only cleaned if a specific IP was contacted again and that contact
succeeded. Persistent failing auths or auths that are never tried
again remained in the map.
While here add code to dump the failed servers map. Might (partially?)
solve #7771.
(cherry picked from commit
60e5208a9a20d4cd2153d33b8cd500e9b241373c )
Otto Moerbeek [Wed, 13 Nov 2019 15:34:57 +0000 (16:34 +0100)]
Merge pull request #8528 from omoerbeek/backport-8470-to-rec-4.2.x
rec: Backport 8470 to rec 4.2.x: prime NS records of root-servers.net parent (.net)
Otto Moerbeek [Wed, 6 Nov 2019 10:15:30 +0000 (11:15 +0100)]
Avoid mthread race when using the set of rootNSZones.
Otto Moerbeek [Mon, 28 Oct 2019 15:57:46 +0000 (16:57 +0100)]
It is better to make sure . entries are not added to the set.
Otto Moerbeek [Mon, 28 Oct 2019 15:35:43 +0000 (16:35 +0100)]
Do not wipe . NS; this can happen with custom hint files that are
used by regression tests.
Otto Moerbeek [Mon, 28 Oct 2019 12:58:01 +0000 (13:58 +0100)]
Wipe entry form cache before getting a new one to make sure we
actually get fresh records.
(cherry picked from commit
ed1bbac786281f515b4ceaf22afdf6c62bf614b4 )
Otto Moerbeek [Fri, 25 Oct 2019 12:05:22 +0000 (14:05 +0200)]
Add a comment explaining things.
(cherry picked from commit
c16c8fe53cac7473b16c81ca56410c14ad3bf324 )
Otto Moerbeek [Wed, 23 Oct 2019 13:18:08 +0000 (15:18 +0200)]
Also call primeRootNSZones() from syncres (after primeHints())
(cherry picked from commit
159b1242bab07c12620b9c40d3726b752ba0e32e )
Otto Moerbeek [Wed, 23 Oct 2019 12:18:47 +0000 (14:18 +0200)]
prime tld of root name server names
(cherry picked from commit
1b4e0ae09d2d81b70524746293f3e4f16d722ad4 )
Otto Moerbeek [Fri, 1 Nov 2019 08:43:57 +0000 (09:43 +0100)]
Merge pull request #8427 from pieterlexis/backport-8400-to-rec-4.2.x
Rec 4.2: Add CentOS 8 as builder target
Remi Gacogne [Thu, 31 Oct 2019 08:38:11 +0000 (09:38 +0100)]
Merge pull request #8493 from omoerbeek/backport-8340-to-rec-4.2.x
Rec: backport to 4.2.x: Fix #8338: Issue with "zz" abbreviation for IPv6 RPZ triggers
Remi Gacogne [Thu, 31 Oct 2019 08:38:00 +0000 (09:38 +0100)]
Merge pull request #8495 from omoerbeek/backport-8482-to-rec-4.2.x
rec: backport to 4.2.x: Add generated dnstap.pb.{cc,h} to the 'clean' target
Remi Gacogne [Mon, 28 Oct 2019 17:56:54 +0000 (18:56 +0100)]
rec: Add generated dnstap.pb.{cc,h} to the 'clean' target
(cherry picked from commit
74bdddef039219ef389eaae9731ae0f33b74b142 )
Otto Moerbeek [Mon, 23 Sep 2019 12:59:38 +0000 (14:59 +0200)]
Fix #8338: Issue with "zz" abbreviation for IPv6 RPZ triggers
While there, add unittest for translating rpz names into netmasks
(cherry picked from commit
301148e6d77e7cf8aed3b1b174bf6dbbeae7dc67 )
Pieter Lexis [Fri, 25 Oct 2019 07:08:27 +0000 (09:08 +0200)]
Merge pull request #8452 from omoerbeek/backport-8451-to-rec-4.2.x
rec: Backport 8451 to rec 4.2.x: Basic validation of $GENERATE parameters
Otto Moerbeek [Wed, 23 Oct 2019 08:50:33 +0000 (10:50 +0200)]
Basic validation of $GENERATE parameters
(cherry picked from commit
775a673a1798d01e5e259a00cff7a757f5350f40 )
Pieter Lexis [Thu, 10 Oct 2019 12:03:21 +0000 (14:03 +0200)]
Add CentOS 8 as builder target
(cherry picked from commit
19293f266cf7bb719bd6975b3e06994f49e0e583 )
Otto Moerbeek [Tue, 24 Sep 2019 05:15:01 +0000 (07:15 +0200)]
Merge pull request #8337 from omoerbeek/backport-8332-to-rec-4.2.x
backport to rec -4.2.x: Remove version number in man page footer
Otto Moerbeek [Sat, 21 Sep 2019 08:09:38 +0000 (10:09 +0200)]
Remove version number
(cherry picked from commit
760d679c2a3566dac8001115db95762344cdcbd5 )
Otto Moerbeek [Fri, 30 Aug 2019 10:21:17 +0000 (12:21 +0200)]
Merge pull request #8124 from pieterlexis/backport-7951-to-rec-4.2.x
Backport #7951 to rec 4.2.x
Otto Moerbeek [Wed, 28 Aug 2019 11:58:33 +0000 (13:58 +0200)]
Merge pull request #8244 from PowerDNS/revert-8238-backport-8236-to-rec-4.2.x
Revert "rec: backport 8236: Add missing inc in rpz findClientPolicy loop."
Otto Moerbeek [Wed, 28 Aug 2019 11:53:11 +0000 (13:53 +0200)]
Revert "rec: backport 8236: Add missing inc in rpz findClientPolicy loop."