]>
git.ipfire.org Git - thirdparty/pdns.git/log
Otto Moerbeek [Tue, 2 Apr 2019 08:37:43 +0000 (10:37 +0200)]
Merge pull request #7651 from omoerbeek/backport-7631
Backport Rec ecs cache limit with tt (7631)
Otto Moerbeek [Tue, 2 Apr 2019 08:08:53 +0000 (08:08 +0000)]
Move the setQuerySource() method to a wrapper in the syncres test code.
Otto Moerbeek [Mon, 1 Apr 2019 19:07:35 +0000 (19:07 +0000)]
Fix do not cache condition (merge error spotted by rcagogne)
Otto Moerbeek [Mon, 1 Apr 2019 15:36:23 +0000 (15:36 +0000)]
Make unit test work.
Otto Moerbeek [Mon, 1 Apr 2019 14:50:34 +0000 (14:50 +0000)]
Resolve merge errors
Otto Moerbeek [Mon, 1 Apr 2019 12:27:27 +0000 (14:27 +0200)]
Reformulate condition and comment to make it more clear.
(cherry picked from commit
73d9bf3ad13de7031a71700d00fb4efbab8ca938 )
Otto Moerbeek [Mon, 1 Apr 2019 09:30:06 +0000 (11:30 +0200)]
Only apply "do not cache" if both limits are set and satisfied. Doc tweaks.
(cherry picked from commit
42f418044c137ae2835f7f6550da093cb8b6ce7c )
Otto Moerbeek [Fri, 29 Mar 2019 10:40:05 +0000 (11:40 +0100)]
New approach. I spelled out the logic to make it more clear.
Points to keep in mind: > vs >=
What do we do if s_ecscachelimitttl is not set? I chose to let the scope determine
cacheability.
(cherry picked from commit
e7861cc408a4984d7c3e2a430825beb22ecf2a6d )
Otto Moerbeek [Wed, 27 Mar 2019 12:17:06 +0000 (13:17 +0100)]
Add tests for ecs-cache-limit-ttl
(cherry picked from commit
2cbe6a45ec0699f5ced3eb45945ce77b3a7fa343 )
Otto Moerbeek [Wed, 27 Mar 2019 11:37:19 +0000 (12:37 +0100)]
Initial code for ecs-cache-limit-ttl.
(cherry picked from commit
ed9019c97a4f81c42c2e45ab4353022540afdf08 )
Remi Gacogne [Tue, 12 Mar 2019 12:22:30 +0000 (13:22 +0100)]
rec: Set ecs-ipv4-cache-bits and ecs-ipv6-cache-bits in the tests
(cherry picked from commit
0cd27a313133139947e6e1b97fe7f1c0164ad40f )
(cherry picked from commit
30974eccedbe5fc90a24762f17b588750926ca2b )
Remi Gacogne [Tue, 12 Mar 2019 11:27:06 +0000 (12:27 +0100)]
rec: Document 'ecs-ipv4-cache-bits' and 'ecs-ipv6-cache-bits'
(cherry picked from commit
4d8c05df7a8fd6045061325693dcf8b17dbd364d )
(cherry picked from commit
216dc60aab0a7ea1a2385d85706bd41721e6ed16 )
Remi Gacogne [Tue, 12 Mar 2019 11:19:13 +0000 (12:19 +0100)]
rec: Add unit tests for the ECS cache limit feature
(cherry picked from commit
a87929c0fdb1675661a9f2fbea46e79530e4157e )
Remi Gacogne [Tue, 12 Mar 2019 11:05:56 +0000 (12:05 +0100)]
rec: Move the ECS cache limit check to the SyncRes
(cherry picked from commit
bdceeb7e8c0e25dfe86f0300fb83d1cdaee3422c )
bert hubert [Tue, 12 Mar 2019 10:27:53 +0000 (11:27 +0100)]
implement a configurable ECS cache limit, defaulting to /24 and /56 of IPv6. So a /25 response will not get cached.
(cherry picked from commit
1dab554571edc88ae625c3997294dbcfb1c3507e )
(cherry picked from commit
fd8898fbb51d8068127ff2fffd6a5f2e9f60be33 )
Remi Gacogne [Mon, 1 Apr 2019 13:57:10 +0000 (15:57 +0200)]
Merge pull request #7634 from rgacogne/rec41-bounded-load-balancing
rec-4.1.x: Use a bounded load-balancing algo to distribute queries
bert hubert [Mon, 1 Apr 2019 13:56:22 +0000 (15:56 +0200)]
Merge pull request #7647 from ahupowerdns/per-thread-stats
This provides CPU usage statistics per thread (worker & distributor).
bert hubert [Mon, 1 Apr 2019 13:48:55 +0000 (15:48 +0200)]
add comments
bert hubert [Mon, 1 Apr 2019 12:47:59 +0000 (14:47 +0200)]
This provides CPU usage statistics per thread (worker & distributor).
Remi Gacogne [Fri, 29 Mar 2019 16:20:52 +0000 (17:20 +0100)]
rec: Clarify that the server load should be >= to the pondered avg
Remi Gacogne [Fri, 29 Mar 2019 12:32:46 +0000 (13:32 +0100)]
rec: Keep track of the number of MTasks in a dedicated variable
Remi Gacogne [Thu, 28 Mar 2019 17:30:12 +0000 (18:30 +0100)]
rec: Make sure that distribution-load-factor is >= 1.0 if set
(cherry picked from commit
078be17f3c150abed2ae87dfe771ef479f3137ef )
Remi Gacogne [Wed, 27 Mar 2019 11:10:37 +0000 (12:10 +0100)]
rec: Add a 'rebalanced-queries' metric
(cherry picked from commit
596bf48219cb82379bf872e746dd7f626b582342 )
Remi Gacogne [Wed, 20 Feb 2019 16:47:30 +0000 (17:47 +0100)]
rec: Use a bounded load-balancing algo to distribute queries
(cherry picked from commit
144040bef0b1f65abfb4634f65b1445a84393a1b )
Remi Gacogne [Thu, 21 Feb 2019 09:15:06 +0000 (10:15 +0100)]
Merge pull request #7495 from rgacogne/rec41-ixfr-empty-axfr
rec-4.1.x: Correctly interpret an empty AXFR response to an IXFR query
Remi Gacogne [Mon, 18 Feb 2019 12:22:07 +0000 (13:22 +0100)]
Correctly interpret an empty AXFR response to an IXFR query
Remi Gacogne [Wed, 30 Jan 2019 14:55:31 +0000 (15:55 +0100)]
Merge pull request #7434 from rgacogne/rec41-protobuf-responses-only
rec-4.1.x: Add an option to export only responses over protobuf
Remi Gacogne [Wed, 30 Jan 2019 10:38:23 +0000 (11:38 +0100)]
rec: Add an option to export only responses over protobuf
bert hubert [Wed, 30 Jan 2019 08:11:57 +0000 (09:11 +0100)]
Merge pull request #7430 from rgacogne/rec41-redo-remotelogger
rec-4.1.x: Reduce systemcall usage in protobuf logging
Remi Gacogne [Tue, 29 Jan 2019 16:10:55 +0000 (17:10 +0100)]
rec-4.1.x: Backport some protobuf regression tests
bert hubert [Tue, 29 Jan 2019 11:15:21 +0000 (12:15 +0100)]
Reduce systemcall usage in protobuf logging
Since Spectre/Meltdown, system calls have become more expensive. In
addition, relevant versions of glibc turn out to implement pthread_cond_wait
and pthread_cond_signal in such a way that they use multiple system calls always.
There is an optimization in glibc to improve this but it is disabled.
This new setup changes our protobuf logging so it amortizes system calls so we perform
far less than one call per message.
Note that our previous RemoteLogger was configured in terms of how many
*messages* it would buffer. Our new code is configured in terms of how many
*bytes*. I have multiplied the configured numbers by 100 elsewhere (recursor
config, dnsdist config) to sort of maintain parity.
In addition, the old RemoteLogger would buffer messages while there was no
connection available. We no longer do this.
Finally new, every 'reconnectTimeout' seconds we will flush our buffers
opportunistically to not keep people waiting.
Remi Gacogne [Thu, 24 Jan 2019 17:12:40 +0000 (18:12 +0100)]
Merge pull request #7415 from zeha/backport-7327
Backport #7327: rec: Fix a possible timing issue w/ RRSIGs in the SyncRes unit tests
Chris Hofstaedtler [Thu, 24 Jan 2019 16:23:31 +0000 (17:23 +0100)]
Backport #7327: rec: Fix a possible timing issue w/ RRSIGs in the SyncRes unit tests
On Debians mipsel builders this has caused test failures a number of
times in a row, so this is not just a possible issue.
Remi Gacogne [Tue, 22 Jan 2019 08:59:51 +0000 (09:59 +0100)]
Merge pull request #7403 from rgacogne/rec41-dh-no-protobuf
rec-4.1.x: Fix compilation in handleRunningTCPQuestion without protobuf support
Remi Gacogne [Mon, 21 Jan 2019 15:07:29 +0000 (16:07 +0100)]
rec: Fix compilation in handleRunningTCPQuestion without protobuf support
Remi Gacogne [Mon, 21 Jan 2019 08:50:24 +0000 (09:50 +0100)]
Merge pull request #7397 from rgacogne/rec41-sec-
20190121
rec-4.1.x: Load the Lua script in the distributor thread, check signature for AA=0 answers
Remi Gacogne [Fri, 18 Jan 2019 14:46:36 +0000 (15:46 +0100)]
Merge pull request #7377 from rgacogne/rec41-retry-on-full-pipe
rec-4.1.x: Try another worker before failing if the first pipe was full
Remi Gacogne [Wed, 16 Jan 2019 14:19:17 +0000 (15:19 +0100)]
rec: Try another worker before failing if the first pipe was full
Remi Gacogne [Wed, 9 Jan 2019 16:08:38 +0000 (17:08 +0100)]
rec: Always check signature for records in ANSWER, even with AA=0
Except for a small exception with chains of CNAMEs.
Remi Gacogne [Wed, 9 Jan 2019 08:56:04 +0000 (09:56 +0100)]
rec: Add missing cookiesoption.py for the python regression tests
Remi Gacogne [Tue, 8 Jan 2019 15:05:28 +0000 (16:05 +0100)]
rec: Call the ipfilter hook if any over TCP as well
Remi Gacogne [Tue, 8 Jan 2019 15:00:01 +0000 (16:00 +0100)]
rec: Test our Lua hooks
Remi Gacogne [Tue, 8 Jan 2019 14:09:43 +0000 (15:09 +0100)]
rec: Load the Lua script in the distributor threads, for TCP
Pieter Lexis [Thu, 3 Jan 2019 12:31:09 +0000 (13:31 +0100)]
Merge pull request #7303 from rgacogne/rec41-ghost
rec-4.1.x: Enable the ghost tests again, add a corresponding unit test
Remi Gacogne [Mon, 9 Apr 2018 12:36:31 +0000 (14:36 +0200)]
rec: Enable the ghost tests again, add a corresponding unit test
(cherry picked from commit
97ab616efd0c8387978360a9eebb3a83f23fffe5 )
Remi Gacogne [Wed, 5 Dec 2018 09:13:19 +0000 (10:13 +0100)]
Merge pull request #7240 from rgacogne/rec41-syncres-test-negcache-rrsig
rec-4.1.x: Use the SyncRes time when computing the RRSIG validity time
Remi Gacogne [Wed, 28 Nov 2018 10:36:24 +0000 (11:36 +0100)]
rec: Use the SyncRes time when computing the RRSIG validity time
Otherwise we get random test failures when the RRSIG is generated
after the number of seconds since epoch increased.
(cherry picked from commit
1e2e06f1fd4a29702eaa297456dca72714ac1fe0 )
aerique [Mon, 26 Nov 2018 12:36:39 +0000 (13:36 +0100)]
Merge pull request #7221 from aerique/rec41-canhash-oob
rec-4.1.x: Fix an out-of-bounds read in the packet cache
Peter van Dijk [Fri, 9 Nov 2018 10:57:58 +0000 (11:57 +0100)]
Merge pull request #7172 from rgacogne/rec41-revert-formerr-with-edns
rec: Revert 'Keep the EDNS status of a server on FormErr with EDNS'
Peter van Dijk [Fri, 9 Nov 2018 10:57:29 +0000 (11:57 +0100)]
Merge pull request #7174 from rgacogne/rec41-ban-more-types
rec-4.1.x: Refuse queries for all meta-types
Remi Gacogne [Fri, 9 Nov 2018 10:53:24 +0000 (11:53 +0100)]
rec: Refuse queries for all meta-types
(cherry picked from commit
25e654f7f9725c474d96c7eca57cb34fe41c4669 )
Remi Gacogne [Fri, 9 Nov 2018 10:36:09 +0000 (11:36 +0100)]
rec: Revert 'Keep the EDNS status of a server on FormErr with EDNS'
Remi Gacogne [Wed, 7 Nov 2018 17:48:13 +0000 (18:48 +0100)]
rec: Fix an out-of-bounds read in the packet cache
Pieter Lexis [Wed, 7 Nov 2018 11:30:37 +0000 (12:30 +0100)]
Merge pull request #7159 from rgacogne/rec41-revert-6980
rec-4.1.x: Revert "rec: Authority records in AA=1 CNAME answer are authoritative"
Remi Gacogne [Wed, 7 Nov 2018 10:49:24 +0000 (11:49 +0100)]
Revert "rec: Authority records in AA=1 CNAME answer are authoritative"
This reverts commit
4caae205f06cb989c415a9c1e0f4c5ec667236a2 .
It turns out that authority records in AA=1 CNAME answer may, or may
not, be authoritative, and that in some cases considering them as
authoritative causes DNSSEC validation failures.
aerique [Tue, 6 Nov 2018 14:15:01 +0000 (15:15 +0100)]
Merge pull request #7151 from aerique/rec41-sec-201810
PowerDNS Recursor 4.1.5
Peter van Dijk [Mon, 5 Nov 2018 10:08:20 +0000 (11:08 +0100)]
Merge pull request #7120 from rgacogne/rec415-backports
Recursor 4.1.5 backports
Peter van Dijk [Thu, 1 Nov 2018 15:36:40 +0000 (16:36 +0100)]
Merge pull request #7125 from mind04/inception-skew
rec: allow the signture inception to be off by a number of seconds.
Kees Monshouwer [Mon, 29 Oct 2018 10:30:25 +0000 (11:30 +0100)]
rec: allow the signture inception to be off by a number of seconds.
Pieter Lexis [Wed, 31 Oct 2018 22:16:38 +0000 (23:16 +0100)]
Merge pull request #7122 from pieterlexis/rec-41-el6-pkg-fix
rec 4.1 el6: switch to devtoolset-7
Pieter Lexis [Wed, 31 Oct 2018 16:17:18 +0000 (17:17 +0100)]
rec 4.1 el6: switch to devtoolset-7
See #7040
Remi Gacogne [Wed, 31 Oct 2018 15:11:46 +0000 (16:11 +0100)]
Backport #7004
Remi Gacogne [Wed, 31 Oct 2018 15:11:40 +0000 (16:11 +0100)]
Backport #6951
Remi Gacogne [Wed, 31 Oct 2018 15:11:36 +0000 (16:11 +0100)]
Backport #6945
Remi Gacogne [Wed, 31 Oct 2018 15:11:31 +0000 (16:11 +0100)]
Backport #6925
Remi Gacogne [Wed, 31 Oct 2018 15:11:27 +0000 (16:11 +0100)]
Backport #6917
Remi Gacogne [Wed, 31 Oct 2018 15:11:21 +0000 (16:11 +0100)]
Backport #6948
Remi Gacogne [Wed, 31 Oct 2018 15:10:43 +0000 (16:10 +0100)]
Backport #6741
Remi Gacogne [Fri, 28 Sep 2018 14:08:10 +0000 (16:08 +0200)]
ProtobufLogger: Add support for the ServerIdentity field
(cherry picked from commit
c5ffc56c587c792aa6f8aca69d7d45f0a67c0f60 )
Remi Gacogne [Fri, 28 Sep 2018 14:11:28 +0000 (16:11 +0200)]
rec: Export the server ID in protobuf messages
(cherry picked from commit
c165308b66fcaf6bd2517afa165a27027e5919ad )
Remi Gacogne [Thu, 27 Sep 2018 14:45:03 +0000 (16:45 +0200)]
rec: Export the outgoing ECS value if any in our protobuf messages
(cherry picked from commit
0ff13512cb8a48f668d841e5f33ba1b48fb99a2a )
phonedph1 [Mon, 10 Sep 2018 15:08:01 +0000 (15:08 +0000)]
Be consistent with reload-zones and clear all caches on (N)TA changes.
(cherry picked from commit
8302d4cb1db346198ae9698f489b956abf0f0d32 )
Peter van Dijk [Sat, 8 Sep 2018 16:31:58 +0000 (18:31 +0200)]
realign ucontext stack after #6719
(cherry picked from commit
43c3c21ed15b52b43d69972985e8cc7f8240c1f5 )
phonedph1 [Tue, 4 Sep 2018 22:05:56 +0000 (22:05 +0000)]
Print possibly empty dnsnames safer
(cherry picked from commit
d3ca14b2ee0d1cfd66a64424dcfb9d03884c0ef0 )
Remi Gacogne [Mon, 3 Sep 2018 07:43:45 +0000 (09:43 +0200)]
Release memory in case of error in the OpenSSL ECDSA constructor
The current code will only fail to release the allocated memory if
called with an invalid algorithm, which won't happen, or if a
memory allocation fails in which case this might not matter much.
Still, it's cleaner to release the memory properly and might avoid
mistakes later if we look at this code while implementing a new
crypto backend.
(cherry picked from commit
b141d89b27e52c3a8e76ca79ec5201d001f4fce9 )
Remi Gacogne [Sat, 8 Sep 2018 15:15:14 +0000 (17:15 +0200)]
Fix compilation with LibreSSL 2.7.0+
(cherry picked from commit
1648b8ff39c705fdee526cd73bf2652982b80087 )
Remi Gacogne [Fri, 15 Jun 2018 15:01:07 +0000 (17:01 +0200)]
rec: Don't require authoritative answers for forward-recurse zones
(cherry picked from commit
ad797d945527040202105b6a775ab6df94b103c6 )
Remi Gacogne [Wed, 17 Oct 2018 14:00:29 +0000 (16:00 +0200)]
Merge pull request #7073 from rgacogne/rec41-backport-7070
rec-4.1.x: avoid a memory leak in catch-all exception handler
Rafael Buchbinder [Tue, 16 Oct 2018 12:39:20 +0000 (15:39 +0300)]
pdns-recursor: avoid a memory leak in catch-all exception handler
This commit prevents a leak of DNSComboWriter in the catch-all exception
handler.
(cherry picked from commit
cbb097d8581dbb27d81be3a3022a96b8ad08e295 )
Remi Gacogne [Thu, 20 Sep 2018 12:46:11 +0000 (14:46 +0200)]
rec: Keep the EDNS status of a server on FormErr with EDNS
Note that the choice of DNAME in the unit test is an arbitrary
choice, we could even have used A here.
(cherry picked from commit
6fb756b6cd49d61eacf7865ce48d0edb62730710 )
(cherry picked from commit
d8b9d57103f1e1496767d9fac3955b1973e04302 )
Remi Gacogne [Wed, 12 Sep 2018 14:12:46 +0000 (16:12 +0200)]
rec: Refuse queries for rfc6895 section 3.1 meta types
(cherry picked from commit
ab1b5574d15a62e67a133828fc98502de830842c )
(cherry picked from commit
6bf06d65b9c9b9c2c41351ca4b56d54e7619d925 )
Remi Gacogne [Thu, 19 Jul 2018 13:52:40 +0000 (15:52 +0200)]
Do full packet comparison in the packet caches in addition to the hash
(cherry picked from commit
aab08a02344a66e14572cf63129d157d6e7ba8c9 )
(cherry picked from commit
f48315332c4542d09b58a14dafadc90d04f54abd )
Remi Gacogne [Wed, 23 May 2018 08:35:17 +0000 (10:35 +0200)]
Allocate DNSRecord objects as smart pointers right away
(cherry picked from commit
1339125af5afe6d6ecfe0a500c5fdc76d790459d )
(cherry picked from commit
7c87cee4b257a68cabf789b2f003fee969c812b7 )
Remi Gacogne [Mon, 8 Oct 2018 12:17:04 +0000 (14:17 +0200)]
Merge pull request #6980 from rgacogne/rec41-cname-authority
rec-4.1.x: Authority records in AA=1 CNAME answer are authoritative
Remi Gacogne [Tue, 25 Sep 2018 13:10:40 +0000 (15:10 +0200)]
Merge pull request #6984 from Habbie/backport-6792
rec: Delay the creation of RPZ threads until we have dropped privileges
Remi Gacogne [Fri, 13 Jul 2018 09:19:04 +0000 (11:19 +0200)]
rec: Delay the creation of RPZ threads until we have dropped privileges
On Linux/glibc, calling `set*id()` from a thread results in the other
threads being sent the `SIGRT_1` signal so they are aware that they
should switch credentials too, because `POSIX` requires that all threads
use the same credentials but Linux actually handles it per thread.
The reception of the signal interrupts the current `syscall` with
`EINTR`, causing the loading of the `RPZ` zone to fail.
(cherry picked from commit
e6ec15bfe4c391a51eab7c51c38307c7e009768f )
Remi Gacogne [Wed, 19 Sep 2018 13:33:10 +0000 (15:33 +0200)]
rec: Authority records in AA=1 CNAME answer are authoritative
The records other than the CNAME for the initial target in ANSWER
are not, nor are the ADDITIONAL ones, but authority records are.
(cherry picked from commit
cdc5d0c09ac148c805e91411d863b04b144ebbf9 )
Pieter Lexis [Mon, 17 Sep 2018 13:59:56 +0000 (15:59 +0200)]
Merge pull request #6963 from rgacogne/rec41-cap-ecs-scope
rec-4.1.x: Make sure that the ECS scope from the auth is < to the source
Remi Gacogne [Fri, 14 Sep 2018 12:19:04 +0000 (14:19 +0200)]
Merge pull request #6971 from rgacogne/rec41-unfck-sphinx
rec-4.1.x: Sphinx 1.8.0 seems broken, use any other version available instead
Remi Gacogne [Fri, 14 Sep 2018 07:48:38 +0000 (09:48 +0200)]
Sphinx 1.8.0 seems broken, use any other version available instead
(cherry picked from commit
424a5ee31cd82870da5e1df4b908735967e2912a )
Remi Gacogne [Thu, 13 Sep 2018 10:03:43 +0000 (12:03 +0200)]
Merge pull request #6961 from rgacogne/rec41-ecs-index-tree-cleanup
rec-4.1.x: Cleanup the netmask trees used for the ECS index on removals
Remi Gacogne [Thu, 14 Dec 2017 22:12:01 +0000 (23:12 +0100)]
rec: Add a regression test for invalid ECS scope from auth servers
(cherry picked from commit
635a67659f3a9066cf8ecaecbb65ff307d6fddac )
Remi Gacogne [Thu, 14 Dec 2017 22:11:25 +0000 (23:11 +0100)]
rec: Make sure that the ECS scope from the auth is < to the source
(cherry picked from commit
30d4402d06b494c36eb75cff80e2ecce9ca02e17 )
Remi Gacogne [Wed, 12 Sep 2018 10:42:37 +0000 (12:42 +0200)]
rec: Cleanup the netmask trees used for the ECS index on removals
Remi Gacogne [Tue, 4 Sep 2018 08:32:15 +0000 (10:32 +0200)]
Merge pull request #6919 from zeha/pdnslog-lua
recursor 4.1: Add pdnslog to Lua configuration scripts
Chris Hofstaedtler [Mon, 3 Sep 2018 09:39:59 +0000 (11:39 +0200)]
recursor: Allow pdnslog to Lua configuration files
Pieter Lexis [Fri, 31 Aug 2018 06:50:01 +0000 (08:50 +0200)]
Merge pull request #6867 from pieterlexis/rec-414-backports
Recursor 4.1.4 backports
Pieter Lexis [Thu, 30 Aug 2018 08:45:39 +0000 (10:45 +0200)]
Backport #6873
phonedph1 [Thu, 23 Aug 2018 17:27:02 +0000 (17:27 +0000)]
Purge all auth/forward zone data including subtree.
Previously this would miss purging out removed entries/data.
(cherry picked from commit
b68af3ee48054ebce87aec3df89abf75a71f8c49 )
Pieter Lexis [Tue, 21 Aug 2018 13:41:11 +0000 (15:41 +0200)]
Backport #6804