]>
git.ipfire.org Git - thirdparty/pdns.git/log
Remi Gacogne [Fri, 16 Mar 2018 08:36:49 +0000 (09:36 +0100)]
rec: Set the visibility of FFI functions to 'default' (external)
This makes the symbols usable across shared object boundary (Lua FFI)
even if the default visibility is set to hidden.
(cherry picked from commit
4d9be0eba19ee15ed2b9c45b508086b9fd31d68a )
Remi Gacogne [Wed, 14 Mar 2018 10:14:34 +0000 (11:14 +0100)]
rec: Constify the methods of RecursorLua4 when possible
(cherry picked from commit
5899ee547f3772a9eac3d37c6c6995056ee74ab9 )
Remi Gacogne [Mon, 12 Mar 2018 16:20:26 +0000 (17:20 +0100)]
rec: Instruct LuaWrapper to stay away from our FFI pdns_ffi_param struct
(cherry picked from commit
4a639c365df629466e4a2916360a41d8a4302144 )
Remi Gacogne [Mon, 12 Mar 2018 10:39:45 +0000 (11:39 +0100)]
rec: Add a new Lua FFI hook, gettag-ffi
(cherry picked from commit
70fb28d91018e174998a024f6bc71f9963d4cd7e )
Pieter Lexis [Mon, 26 Mar 2018 10:28:09 +0000 (12:28 +0200)]
Merge pull request #6383 from rgacogne/rec41-backport-6376
rec-4.1.x: Backport tests: lower dnsbulktest threshold in travis
Pieter Lexis [Wed, 21 Mar 2018 12:00:22 +0000 (13:00 +0100)]
tests: lower dnsbulktest threshold in travis
(cherry picked from commit
280c2f89caaa1726fd02e6315e26f7b683ed6781 )
Remi Gacogne [Tue, 20 Mar 2018 08:59:48 +0000 (09:59 +0100)]
Merge pull request #6336 from pieterlexis/rec-41-backport-rpz-retry
rec: Backport RPZ retry patches
Pieter Lexis [Wed, 21 Feb 2018 16:37:02 +0000 (17:37 +0100)]
rec: Ensure we don't hammer the RPZ master server
Before, if the `refresh` was not set in the lua-config file's
`rpzMaster` statement, we would keep trying to get delta's the whole
time. This commit ensures we update the zone's refresh config to the
value from the AXFR'd zone (if not set in the config).
(cherry picked from commit
2c68abe75d908b4a32a7de229c75af137dc3ec5a )
Erik Winkels [Mon, 29 Jan 2018 15:33:12 +0000 (16:33 +0100)]
Move loading of RPZ zone to RPZIXFRTracker.
(cherry picked from commit
bb8ffe202776f44722fa6333dbfc24c36c1d395e )
Erik Winkels [Fri, 26 Jan 2018 16:07:05 +0000 (17:07 +0100)]
Fix failure to start RPZIXFRTracker tracker thread.
This is an initial commit and needs more work (but it's 17:07 on a
Friday, so yeah...).
(cherry picked from commit
e9112b46b9d972aed25e1f1f9ec46253b6718d5c )
Remi Gacogne [Mon, 26 Feb 2018 10:09:13 +0000 (11:09 +0100)]
Merge pull request #6303 from rgacogne/backport-6302
Backport 6302: ixfrdist: Also respect the AXFR timeout for the chunk's length
Remi Gacogne [Sun, 25 Feb 2018 15:41:36 +0000 (16:41 +0100)]
ixfrdist: Also respect the AXFR timeout for the chunk's length
We used to apply the default timeout of 10s to retrieve the chunk's
length even if we were passed a different one.
(cherry picked from commit
b726c12720f31a6cdd94a06ccb3a427a96f19669 )
Pieter Lexis [Fri, 23 Feb 2018 08:15:27 +0000 (09:15 +0100)]
Merge pull request #6298 from pieterlexis/rec-41-axfr-timeout
Backport: rec: Implement settable AXFR timeout for RPZ
Pieter Lexis [Thu, 22 Feb 2018 09:34:56 +0000 (10:34 +0100)]
rec: Fix AXFR timeout nits
(cherry picked from commit
cb6218d2b539eb225c5d1ec88227fa7136dbcc94 )
Pieter Lexis [Wed, 21 Feb 2018 11:52:54 +0000 (12:52 +0100)]
rec: Implement settable AXFR timeout for RPZ
(cherry picked from commit
ea448a77fd2c664893e961b21d26408879e20360 )
Pieter Lexis [Wed, 14 Feb 2018 12:58:15 +0000 (13:58 +0100)]
resolver.{cc,hh}: Allow setting the inbound AXFR timeout
(cherry picked from commit
99bea744a47e6de2ec399e78c0e43cd1b54537b3 )
aerique [Mon, 22 Jan 2018 13:06:43 +0000 (14:06 +0100)]
Merge pull request #6215 from aerique/bugfix/rec-4.1.x-ancestor-delegation-below
rec: Correctly handle ancestor delegation NSEC{,3} for children
Remi Gacogne [Thu, 11 Jan 2018 14:05:00 +0000 (15:05 +0100)]
rec: Add unit tests for ancestor delegation check in denial
(cherry picked from commit
af37c3062fe016121867e68693d7b9e1ca9f60f2 )
Remi Gacogne [Thu, 11 Jan 2018 14:05:22 +0000 (15:05 +0100)]
rec: Correctly handle ancestor delegation NSEC{,3} for children
(cherry picked from commit
c943eb59dacc1ea2b178a8dcd28d1ecbe160cb7c )
aerique [Mon, 22 Jan 2018 09:41:04 +0000 (10:41 +0100)]
Merge pull request #6212 from pieterlexis/backport-6209
Backport 6209 - Make `primeHints` threadsafe
Chris Hofstaedtler [Fri, 19 Jan 2018 18:57:37 +0000 (19:57 +0100)]
Fix copied code
(cherry picked from commit
e4f772ceb545a883d4683d34dff0a38e023f98ee )
Chris Hofstaedtler [Fri, 19 Jan 2018 18:54:44 +0000 (19:54 +0100)]
Minimal fix to make primeHints threadsafe
(cherry picked from commit
e863a05ab7566450710f8cdc2c08750f00bcde33 )
aerique [Thu, 18 Jan 2018 11:44:06 +0000 (12:44 +0100)]
Merge pull request #6202 from aerique/bugfix/backport-6167
rec: Initialize the result var before calling the preoutquery hook
aerique [Thu, 18 Jan 2018 11:23:25 +0000 (12:23 +0100)]
Merge pull request #6201 from aerique/bugfix/backport-6137
rec: Don't validate signature for "glue" CNAME
aerique [Thu, 18 Jan 2018 11:04:41 +0000 (12:04 +0100)]
Merge pull request #6200 from aerique/bugfix/backport-6095
rec: Pass the correct buffer size to arecvfrom()
aerique [Thu, 18 Jan 2018 10:44:31 +0000 (11:44 +0100)]
Merge pull request #6199 from aerique/bugfix/backport-6092
rec: Fix the computation of the closest encloser for positive answers #6092
aerique [Thu, 18 Jan 2018 09:39:36 +0000 (10:39 +0100)]
Merge pull request #6198 from aerique/bugfix/backport-6085
rec: Don't process records for another class than IN
Remi Gacogne [Wed, 10 Jan 2018 13:18:10 +0000 (14:18 +0100)]
rec: Initialize the result var before calling the preoutquery hook
If the `preoutquery` hook was defined but didn't handle the query,
the resulting variable was left uninitialized.
(cherry picked from commit
17cecc84cc0e9f7b1dc9991e2568d1f8f4fc2b08 )
Remi Gacogne [Mon, 8 Jan 2018 14:43:47 +0000 (15:43 +0100)]
rec: Add unit tests to make sure we correctly detect an unsigned DS
(cherry picked from commit
f100caacf6b5fe6624aa3909ad6cb988d7f22148 )
Remi Gacogne [Wed, 3 Jan 2018 11:34:02 +0000 (12:34 +0100)]
rec: Don't validate signature for "glue" CNAME
Anything else than the initial CNAME can't be considered authoritative.
(cherry picked from commit
933299e88c46fdc1cf8c64ff9bf11e6839686a94 )
Remi Gacogne [Thu, 14 Dec 2017 12:48:28 +0000 (13:48 +0100)]
rec: Don't stop the reactor in the regression tests
So, there is one and only one global reactor for every test suites,
ever, and you can't restart it if you stop it (see the awful
`ReactorNotRestartable` exception).
That doesn't prevent you from adding new ports to listen on to the
existing one, so let's just start if it isn't already running and
never stop it.
(cherry picked from commit
fbfaa4a7ee59829cbf2d3765a3a967edb823bb39 )
Remi Gacogne [Thu, 14 Dec 2017 10:14:35 +0000 (11:14 +0100)]
rec: Add regression tests for UDP outgoing buffer size
(cherry picked from commit
fb611f07566e08adf31c374e6453a6494df7d696 )
Remi Gacogne [Tue, 12 Dec 2017 13:56:03 +0000 (14:56 +0100)]
rec: Pass the correct buffer size to arecvfrom()
The size we used to pass to arecvfrom() along with our buffer was off by
one byte, resulting in the last byte of our buffer to be uninitialized for
answers exactly matching our outgoing buffer size. Since we passed the
correct size to MOADNSParser, we were reading one bye of unitialized
memory for such answers.
This caused issue with some authoritative servers sending an answer of our
exact buffer size, causing a parsing error. We would then retry without EDNS,
causing DNSSEC validation failures for some domains on such authoritative
servers.
(cherry picked from commit
4185f0895fbda41e8ffa21f39721db1f018a3466 )
Remi Gacogne [Fri, 15 Dec 2017 13:30:46 +0000 (14:30 +0100)]
rec: Switch the exception thrown by `getDenial()` to a `PDNSException`
(cherry picked from commit
dfbe5d76143f9227b287555ca0df9216f2f544d1 )
Remi Gacogne [Wed, 13 Dec 2017 14:03:24 +0000 (15:03 +0100)]
rec: Fix the computation of the closest encloser for positive answers
When the positive answer is expanded from a wildcard with NSEC3,
the closest encloser is not always parent of the qname, depending
on the number of labels in the initial wildcard.
(cherry picked from commit
e4894ce07a529e174b542d20eae327a026e171e8 )
Remi Gacogne [Wed, 29 Nov 2017 13:59:26 +0000 (14:59 +0100)]
rec: Don't process records for another class than IN
(cherry picked from commit
c5310862fe5d5813d9533e6e1a73ef512ca5044f )
Remi Gacogne [Fri, 5 Jan 2018 09:12:10 +0000 (10:12 +0100)]
Merge pull request #6140 from Habbie/4.1.x-travis-jan2018
rec 4.1.x: travis fixes/improvements
Aki Tuomi [Fri, 7 Jul 2017 15:46:47 +0000 (18:46 +0300)]
fix recursor prequery scripts
(cherry picked from commit
c1feb3a819ac425fe535d8c21c0d0f79c6fbf069 )
Peter van Dijk [Thu, 4 Jan 2018 14:53:50 +0000 (15:53 +0100)]
limit builds to recursor only
Peter van Dijk [Mon, 4 Dec 2017 11:34:00 +0000 (12:34 +0100)]
Merge pull request #6041 from rgacogne/mplexer-time
Add the missing <sys/time.h> include to mplexer.hh for struct timeval
Remi Gacogne [Mon, 4 Dec 2017 08:41:49 +0000 (09:41 +0100)]
Add the missing <sys/time.h> include to mplexer.hh for struct timeval
Pieter Lexis [Fri, 1 Dec 2017 15:50:40 +0000 (16:50 +0100)]
Merge pull request #6023 from rgacogne/dnsdist-ebpf-doc
dnsdist: Add missing documentation about ClientState, eBPF dynamic filters
Pieter Lexis [Fri, 1 Dec 2017 15:50:15 +0000 (16:50 +0100)]
Merge pull request #5956 from job/priv_drop
Priv drop
Peter van Dijk [Fri, 1 Dec 2017 15:16:28 +0000 (16:16 +0100)]
Merge pull request #6034 from Habbie/ragel-path
centralise ragel check+remove .cc symlink
bert hubert [Fri, 1 Dec 2017 12:22:41 +0000 (13:22 +0100)]
Merge pull request #6032 from rgacogne/rec-getrr-cleanup
rec: Use getRR<T>() instead of directly using a dynamic cast
Peter van Dijk [Fri, 1 Dec 2017 12:10:36 +0000 (13:10 +0100)]
remove spurious symlink
Peter van Dijk [Fri, 1 Dec 2017 12:00:10 +0000 (13:00 +0100)]
centralise ragel check
Pieter Lexis [Fri, 1 Dec 2017 11:01:22 +0000 (12:01 +0100)]
Merge pull request #6020 from rgacogne/auth-testrunner-log
Travis: Display the content of the logs when the auth unit tests fail
Pieter Lexis [Fri, 1 Dec 2017 11:01:08 +0000 (12:01 +0100)]
Merge pull request #6025 from pieterlexis/fix-changelog-blog-url
Fix 4.1.0 changelog blog url
Pieter Lexis [Fri, 1 Dec 2017 11:00:54 +0000 (12:00 +0100)]
Merge pull request #6026 from pieterlexis/update-EOL
[WIP] Update auth EOL statement on Auth
Pieter Lexis [Fri, 1 Dec 2017 11:00:40 +0000 (12:00 +0100)]
Merge pull request #6027 from rgacogne/rec-regression-tests-rpz-ttl
rec: Normalize the TTLs for default.example.net. in the RPZ tests
Pieter Lexis [Fri, 1 Dec 2017 11:00:20 +0000 (12:00 +0100)]
Merge pull request #6029 from Habbie/alias-nocompress
forbid label compression in ALIAS wire format
Remi Gacogne [Fri, 1 Dec 2017 10:18:25 +0000 (11:18 +0100)]
rec: Use getRR<T>() instead of directly using a dynamic cast
Peter van Dijk [Thu, 30 Nov 2017 18:20:41 +0000 (19:20 +0100)]
forbid label compression in ALIAS wire format
fixes #6028
Peter van Dijk [Thu, 30 Nov 2017 15:58:37 +0000 (16:58 +0100)]
Merge pull request #6024 from Habbie/builder-version
add preliminary pdns-builder support
bert hubert [Thu, 30 Nov 2017 15:47:15 +0000 (16:47 +0100)]
add explicit 3.x statement, clarify we offer commercial support beyond EOL.
Remi Gacogne [Thu, 30 Nov 2017 14:29:30 +0000 (15:29 +0100)]
rec: Normalize the TTLs for default.example.net. in the RPZ tests
Since we ask for several records that are CNAME to default.example.net.
the TTL might have been decreased by the time we get to the last ones.
That's fine, the TTL we are interested in are for other records, so we
can just ignore the TTL for this exact record.
Pieter Lexis [Thu, 30 Nov 2017 13:08:53 +0000 (14:08 +0100)]
Fix 4.1.0 changelog blog url
Peter van Dijk [Thu, 30 Nov 2017 12:34:09 +0000 (13:34 +0100)]
add preliminary pdns-builder support
Remi Gacogne [Thu, 30 Nov 2017 11:57:37 +0000 (12:57 +0100)]
dnsdist: Add missing documentation about ClientState, eBPF dynamic filters
aerique [Thu, 30 Nov 2017 09:33:09 +0000 (10:33 +0100)]
Merge pull request #6016 from aerique:feature/update-auth-4.1.0-changelog.
Update changelog and secpoll for 4.1.0.
Remi Gacogne [Wed, 29 Nov 2017 11:09:22 +0000 (12:09 +0100)]
Travis: Display the content of the logs when the auth unit tests fail
aerique [Tue, 28 Nov 2017 20:21:28 +0000 (21:21 +0100)]
Merge pull request #6006 from rgacogne/nixu-5.3.4
rec: Sanitize values received from the API before writing them to the conf
aerique [Tue, 28 Nov 2017 15:53:22 +0000 (16:53 +0100)]
Merge pull request #6011 from ahupowerdns/quote-server-id
quote server-id to hosts with - or . in their name get reported again
aerique [Tue, 28 Nov 2017 15:53:08 +0000 (16:53 +0100)]
Merge pull request #6015 from Habbie/id.server
it's id.server, not server.id
Peter van Dijk [Tue, 28 Nov 2017 13:18:44 +0000 (14:18 +0100)]
nit
Pieter Lexis [Tue, 28 Nov 2017 12:33:18 +0000 (13:33 +0100)]
Merge pull request #6000 from rgacogne/rec-authzone-validation
rec: Skip validation (including cached entries) for auth zones
Pieter Lexis [Tue, 28 Nov 2017 12:33:03 +0000 (13:33 +0100)]
Merge pull request #6001 from zeha/secpoll-servfail
recursor secpoll: improve message on timeout
Pieter Lexis [Tue, 28 Nov 2017 12:32:39 +0000 (13:32 +0100)]
Merge pull request #6009 from rgacogne/rec-zone-part-signer
rec: When validating DNSKeys, the zone should be part of the signer
Pieter Lexis [Tue, 28 Nov 2017 12:32:26 +0000 (13:32 +0100)]
Merge pull request #6008 from rgacogne/ecdsa-error-leak
rec: Don't leak when the loading a public ECDSA key fails
aerique [Tue, 28 Nov 2017 12:26:56 +0000 (13:26 +0100)]
Merge pull request #6007 from rgacogne/auth-web-readonly-ops
auth: Deny cache flush, zone retrieve and notify if the API is RO
bert hubert [Tue, 28 Nov 2017 10:44:51 +0000 (11:44 +0100)]
fix tab & {}
bert hubert [Tue, 28 Nov 2017 09:50:24 +0000 (10:50 +0100)]
quote server-id. This stops us from breaking serving chaos txt id.server if your server has a dash or a dot or an underscore in its name.
Peter van Dijk [Tue, 28 Nov 2017 09:28:17 +0000 (10:28 +0100)]
Merge pull request #5997 from rgacogne/rec-additional-val
rec: Store additional records as non-auth, even on AA=1 answers
Peter van Dijk [Tue, 28 Nov 2017 08:54:22 +0000 (09:54 +0100)]
Merge pull request #6004 from pieterlexis/rm-old-soa-edit
Remove deprecated SOA-EDIT values
Peter van Dijk [Tue, 28 Nov 2017 08:52:49 +0000 (09:52 +0100)]
Merge pull request #5617 from Habbie/ednsflags
fix reading of ednsflags in recursor testing
Remi Gacogne [Tue, 28 Nov 2017 08:15:45 +0000 (09:15 +0100)]
doc: Fix a typo in PowerDNS Advisory 2017-04
Remi Gacogne [Mon, 17 Jul 2017 17:21:01 +0000 (19:21 +0200)]
rec: Sanitize values received from the API before writing them to the conf
Remi Gacogne [Tue, 22 Aug 2017 09:48:07 +0000 (11:48 +0200)]
auth: Deny cache flush, zone retrieve and notify if the API is RO
Remi Gacogne [Wed, 11 Oct 2017 13:28:04 +0000 (15:28 +0200)]
Fix a memory leak when loading an RSA key with an invalid modulus
Remi Gacogne [Thu, 13 Jul 2017 14:22:30 +0000 (16:22 +0200)]
Don't leak when the loading a public ECDSA key fails
Remi Gacogne [Thu, 17 Aug 2017 16:05:54 +0000 (18:05 +0200)]
rec: When validating DNSKeys, the zone should be part of the signer
Peter van Dijk [Wed, 16 Aug 2017 12:08:13 +0000 (14:08 +0200)]
do not demand a DO reply to a non-DO query
Pieter Lexis [Mon, 27 Nov 2017 12:24:51 +0000 (13:24 +0100)]
Remove deprecated SOA-EDIT values
Pieter Lexis [Mon, 27 Nov 2017 18:37:38 +0000 (19:37 +0100)]
Update auth EOL statement
Pieter Lexis [Mon, 27 Nov 2017 16:58:49 +0000 (17:58 +0100)]
Merge pull request #5916 from pieterlexis/rm-wiki
Documentation additions so we can rid of the wiki
Pieter Lexis [Mon, 27 Nov 2017 16:58:32 +0000 (17:58 +0100)]
Merge pull request #5990 from jannyg/patch-2
Adds description of add-record
Chris Hofstaedtler [Mon, 27 Nov 2017 16:48:45 +0000 (17:48 +0100)]
recursor secpoll: improve message on timeout
Pieter Lexis [Mon, 27 Nov 2017 16:01:41 +0000 (17:01 +0100)]
Fix secpoll
Pieter Lexis [Mon, 27 Nov 2017 15:48:04 +0000 (16:48 +0100)]
Fix changelog syntax
aerique [Mon, 27 Nov 2017 15:35:39 +0000 (16:35 +0100)]
Merge pull request #5999 from aerique/advisories-2017
Add advisories 2017-03, 2017-04, 2017-05, 2017-06 and 2017-07.
Remi Gacogne [Fri, 24 Nov 2017 16:48:19 +0000 (17:48 +0100)]
rec: Skip validation (including cached entries) for auth zones
Pieter Lexis [Mon, 27 Nov 2017 11:56:06 +0000 (12:56 +0100)]
Update security advisory links in secpoll
Peter van Dijk [Wed, 16 Aug 2017 11:44:54 +0000 (13:44 +0200)]
read ednsflags instead of flags
Remi Gacogne [Mon, 27 Nov 2017 10:21:21 +0000 (11:21 +0100)]
rec: Store additional records as non-auth, even on AA=1 answers
We used to store additional records in AA=1 answers as auth. In addition
to being wrong, it also broke DNSSEC validation if the record was stored
as Indeterminate because while we take care of not validating additional
records when processing an answer, we have no way of knowing in which
section a record was originally located when we retrieve it from the cache.
When an answer becomes too big to fit in the requester UDP payload,
rfc4035 allows the sender to keep records in the additional section
while omitting the corresponding RRSIGs, without setting the TC bit.
Remi Gacogne [Mon, 27 Nov 2017 07:15:46 +0000 (08:15 +0100)]
Add release date, security advisories to the changelogs
Jan-Arve Nygård [Fri, 24 Nov 2017 12:47:04 +0000 (13:47 +0100)]
Added description of add-record
Added description of add-record with options to man-pages
Remi Gacogne [Fri, 24 Nov 2017 10:10:28 +0000 (11:10 +0100)]
Update secpoll
Remi Gacogne [Tue, 24 Oct 2017 09:02:57 +0000 (11:02 +0200)]
Add advisories 2017-03, 2017-04, 2017-05, 2017-06 and 2017-07
bert hubert [Thu, 23 Nov 2017 12:54:49 +0000 (13:54 +0100)]
make notify.cc compile again