deprecated settings.
return d_params.find(var) != d_params.end();
}
+// ATM Shared between Recursor and Auth, is that a good idea?
+static const map<string,string> deprecateList = {
+ { "stats-api-blacklist", "stats-api-disabled-list" },
+ { "stats-carbon-blacklist", "stats-carbon-disabled-list" },
+ { "stats-rec-control-blacklist", "stats-rec-control-disabled-list" },
+ { "stats-snmp-blacklist", "stats-snmp-disabled-list" },
+ { "edns-subnet-whitelist", "edns-subnet-allow-list" },
+ { "new-domain-whitelist", "new-domain-ignore-list" },
+ { "snmp-master-socket", "snmp-daemon-socket" }
+};
+
+static void warnIfDeprecated(const string& var)
+{
+ const auto msg = deprecateList.find(var);
+ if (msg != deprecateList.end()) {
+ g_log << Logger::Warning << "'" << var << "' is deprecated and will be removed in a future release, use '" << msg->second << "' instead" << endl;
+ }
+}
+
void ArgvMap::parseOne(const string &arg, const string &parseOnly, bool lax)
{
string var, val;
boost::trim(var);
if(var!="" && (parseOnly.empty() || var==parseOnly)) {
+ warnIfDeprecated(var);
pos=val.find_first_not_of(" \t"); // strip leading whitespace
if(pos && pos!=string::npos)
val=val.substr(pos);
#include "dnssecinfra.hh"
#include "tsigverifier.hh"
-vector<pair<vector<DNSRecord>, vector<DNSRecord> > > processIXFRRecords(const ComboAddress& master, const DNSName& zone,
- const vector<DNSRecord>& records, const std::shared_ptr<SOARecordContent>& masterSOA)
+vector<pair<vector<DNSRecord>, vector<DNSRecord> > > processIXFRRecords(const ComboAddress& primary, const DNSName& zone,
+ const vector<DNSRecord>& records, const std::shared_ptr<SOARecordContent>& primarySOA)
{
vector<pair<vector<DNSRecord>, vector<DNSRecord> > > ret;
- if (records.size() == 0 || masterSOA == nullptr) {
+ if (records.size() == 0 || primarySOA == nullptr) {
return ret;
}
auto sr = getRR<SOARecordContent>(records[pos]);
if (!sr) {
- throw std::runtime_error("Error getting the content of the first SOA record of this IXFR sequence for zone '"+zone.toLogString()+"' from master '"+master.toStringWithPort()+"'");
+ throw std::runtime_error("Error getting the content of the first SOA record of this IXFR sequence for zone '"+zone.toLogString()+"' from primary '"+primary.toStringWithPort()+"'");
}
- // cerr<<"Serial is "<<sr->d_st.serial<<", final serial is "<<masterSOA->d_st.serial<<endl;
+ // cerr<<"Serial is "<<sr->d_st.serial<<", final serial is "<<primarySOA->d_st.serial<<endl;
// the serial of this SOA record is the serial of the
// zone before the removals and updates of this sequence
- if (sr->d_st.serial == masterSOA->d_st.serial) {
+ if (sr->d_st.serial == primarySOA->d_st.serial) {
if (records.size() == 2) {
// if the entire update is two SOAs records with the same
// serial, this is actually an empty AXFR!
}
if (pos >= records.size()) {
- throw std::runtime_error("No SOA record to finish the removals part of the IXFR sequence of zone '" + zone.toLogString() + "' from " + master.toStringWithPort());
+ throw std::runtime_error("No SOA record to finish the removals part of the IXFR sequence of zone '" + zone.toLogString() + "' from " + primary.toStringWithPort());
}
sr = getRR<SOARecordContent>(records[pos]);
if (!sr) {
- throw std::runtime_error("Invalid SOA record to finish the removals part of the IXFR sequence of zone '" + zone.toLogString() + "' from " + master.toStringWithPort());
+ throw std::runtime_error("Invalid SOA record to finish the removals part of the IXFR sequence of zone '" + zone.toLogString() + "' from " + primary.toStringWithPort());
}
// this is the serial of the zone after the removals
}
if (pos >= records.size()) {
- throw std::runtime_error("No SOA record to finish the additions part of the IXFR sequence of zone '" + zone.toLogString() + "' from " + master.toStringWithPort());
+ throw std::runtime_error("No SOA record to finish the additions part of the IXFR sequence of zone '" + zone.toLogString() + "' from " + primary.toStringWithPort());
}
sr = getRR<SOARecordContent>(records[pos]);
if (!sr) {
- throw std::runtime_error("Invalid SOA record to finish the additions part of the IXFR sequence of zone '" + zone.toLogString() + "' from " + master.toStringWithPort());
+ throw std::runtime_error("Invalid SOA record to finish the additions part of the IXFR sequence of zone '" + zone.toLogString() + "' from " + primary.toStringWithPort());
}
if (sr->d_st.serial != newSerial) {
- throw std::runtime_error("Invalid serial (" + std::to_string(sr->d_st.serial) + ", expecting " + std::to_string(newSerial) + ") in the SOA record finishing the additions part of the IXFR sequence of zone '" + zone.toLogString() + "' from " + master.toStringWithPort());
+ throw std::runtime_error("Invalid serial (" + std::to_string(sr->d_st.serial) + ", expecting " + std::to_string(newSerial) + ") in the SOA record finishing the additions part of the IXFR sequence of zone '" + zone.toLogString() + "' from " + primary.toStringWithPort());
}
- if (newSerial == masterSOA->d_st.serial) {
+ if (newSerial == primarySOA->d_st.serial) {
// this was the last sequence
if (pos != (records.size() - 1)) {
- throw std::runtime_error("Trailing records after the last IXFR sequence of zone '" + zone.toLogString() + "' from " + master.toStringWithPort());
+ throw std::runtime_error("Trailing records after the last IXFR sequence of zone '" + zone.toLogString() + "' from " + primary.toStringWithPort());
}
}
}
// Returns pairs of "remove & add" vectors. If you get an empty remove, it means you got an AXFR!
-vector<pair<vector<DNSRecord>, vector<DNSRecord> > > getIXFRDeltas(const ComboAddress& master, const DNSName& zone, const DNSRecord& oursr,
+vector<pair<vector<DNSRecord>, vector<DNSRecord> > > getIXFRDeltas(const ComboAddress& primary, const DNSName& zone, const DNSRecord& oursr,
const TSIGTriplet& tt, const ComboAddress* laddr, size_t maxReceivedBytes)
{
vector<pair<vector<DNSRecord>, vector<DNSRecord> > > ret;
pw.commit();
TSIGRecordContent trc;
- TSIGTCPVerifier tsigVerifier(tt, master, trc);
+ TSIGTCPVerifier tsigVerifier(tt, primary, trc);
if(!tt.algo.empty()) {
TSIGHashEnum the;
getTSIGHashEnum(tt.algo, the);
string msg((const char*)&len, 2);
msg.append((const char*)&packet[0], packet.size());
- Socket s(master.sin4.sin_family, SOCK_STREAM);
+ Socket s(primary.sin4.sin_family, SOCK_STREAM);
// cout<<"going to connect"<<endl;
if(laddr)
s.bind(*laddr);
- s.connect(master);
+ s.connect(primary);
// cout<<"Connected"<<endl;
s.writen(msg);
- // CURRENT MASTER SOA
+ // CURRENT PRIMARY SOA
// REPEAT:
// SOA WHERE THIS DELTA STARTS
// RECORDS TO REMOVE
// SOA WHERE THIS DELTA GOES
// RECORDS TO ADD
- // CURRENT MASTER SOA
- std::shared_ptr<SOARecordContent> masterSOA = nullptr;
+ // CURRENT PRIMARY SOA
+ std::shared_ptr<SOARecordContent> primarySOA = nullptr;
vector<DNSRecord> records;
size_t receivedBytes = 0;
int8_t ixfrInProgress = -2;
break;
if (maxReceivedBytes > 0 && (maxReceivedBytes - receivedBytes) < (size_t) len)
- throw std::runtime_error("Reached the maximum number of received bytes in an IXFR delta for zone '"+zone.toLogString()+"' from master "+master.toStringWithPort());
+ throw std::runtime_error("Reached the maximum number of received bytes in an IXFR delta for zone '"+zone.toLogString()+"' from primary "+primary.toStringWithPort());
reply.resize(len);
readn2(s.getHandle(), &reply.at(0), len);
MOADNSParser mdp(false, reply);
if(mdp.d_header.rcode)
- throw std::runtime_error("Got an error trying to IXFR zone '"+zone.toLogString()+"' from master '"+master.toStringWithPort()+"': "+RCode::to_s(mdp.d_header.rcode));
+ throw std::runtime_error("Got an error trying to IXFR zone '"+zone.toLogString()+"' from primary '"+primary.toStringWithPort()+"': "+RCode::to_s(mdp.d_header.rcode));
// cout<<"Got a response, rcode: "<<mdp.d_header.rcode<<", got "<<mdp.d_answers.size()<<" answers"<<endl;
for(auto& r: mdp.d_answers) {
// cout<<r.first.d_name<< " " <<r.first.d_content->getZoneRepresentation()<<endl;
- if(!masterSOA) {
+ if(!primarySOA) {
// we have not seen the first SOA record yet
if (r.first.d_type != QType::SOA) {
- throw std::runtime_error("The first record of the IXFR answer for zone '"+zone.toLogString()+"' from master '"+master.toStringWithPort()+"' is not a SOA ("+QType(r.first.d_type).getName()+")");
+ throw std::runtime_error("The first record of the IXFR answer for zone '"+zone.toLogString()+"' from primary '"+primary.toStringWithPort()+"' is not a SOA ("+QType(r.first.d_type).getName()+")");
}
auto sr = getRR<SOARecordContent>(r.first);
if (!sr) {
- throw std::runtime_error("Error getting the content of the first SOA record of the IXFR answer for zone '"+zone.toLogString()+"' from master '"+master.toStringWithPort()+"'");
+ throw std::runtime_error("Error getting the content of the first SOA record of the IXFR answer for zone '"+zone.toLogString()+"' from primary '"+primary.toStringWithPort()+"'");
}
if(sr->d_st.serial == std::dynamic_pointer_cast<SOARecordContent>(oursr.d_content)->d_st.serial) {
// we are up to date
return ret;
}
- masterSOA = sr;
+ primarySOA = sr;
} else if (r.first.d_type == QType::SOA) {
auto sr = getRR<SOARecordContent>(r.first);
if (!sr) {
- throw std::runtime_error("Error getting the content of SOA record of IXFR answer for zone '"+zone.toLogString()+"' from master '"+master.toStringWithPort()+"'");
+ throw std::runtime_error("Error getting the content of SOA record of IXFR answer for zone '"+zone.toLogString()+"' from primary '"+primary.toStringWithPort()+"'");
}
// we hit the last SOA record
// IXFR is considered to be done if we hit the last SOA record twice
- if (masterSOA->d_st.serial == sr->d_st.serial) {
+ if (primarySOA->d_st.serial == sr->d_st.serial) {
ixfrInProgress++;
}
}
if(r.first.d_type == QType::OPT)
continue;
- throw std::runtime_error("Unexpected record (" +QType(r.first.d_type).getName()+") in non-answer section ("+std::to_string(r.first.d_place)+")in IXFR response for zone '"+zone.toLogString()+"' from master '"+master.toStringWithPort());
+ throw std::runtime_error("Unexpected record (" +QType(r.first.d_type).getName()+") in non-answer section ("+std::to_string(r.first.d_place)+")in IXFR response for zone '"+zone.toLogString()+"' from primary '"+primary.toStringWithPort());
}
r.first.d_name.makeUsRelative(zone);
// cout<<"Got "<<records.size()<<" records"<<endl;
- return processIXFRRecords(master, zone, records, masterSOA);
+ return processIXFRRecords(primary, zone, records, primarySOA);
}
#include "dnsparser.hh"
#include "dnsrecords.hh"
-vector<pair<vector<DNSRecord>, vector<DNSRecord> > > getIXFRDeltas(const ComboAddress& master, const DNSName& zone,
+vector<pair<vector<DNSRecord>, vector<DNSRecord> > > getIXFRDeltas(const ComboAddress& primary, const DNSName& zone,
const DNSRecord& sr, const TSIGTriplet& tt=TSIGTriplet(),
const ComboAddress* laddr=0, size_t maxReceivedBytes=0);
-vector<pair<vector<DNSRecord>, vector<DNSRecord> > > processIXFRRecords(const ComboAddress& master, const DNSName& zone,
- const vector<DNSRecord>& records, const std::shared_ptr<SOARecordContent>& masterSOA);
+vector<pair<vector<DNSRecord>, vector<DNSRecord> > > processIXFRRecords(const ComboAddress& primary, const DNSName& zone,
+ const vector<DNSRecord>& records, const std::shared_ptr<SOARecordContent>& primarySOA);
static bool nodCheckNewDomain(const DNSName& dname)
{
bool ret = false;
- // First check the (sub)domain isn't whitelisted for NOD purposes
+ // First check the (sub)domain isn't ignored for NOD purposes
if (!g_nodDomainWL.check(dname)) {
// Now check the NODDB (note this is probabilistic so can have FNs/FPs)
if (t_nodDBp && t_nodDBp->isNewDomain(dname)) {
}
}
-static void parseNODWhitelist(const std::string& wlist)
+static void parseNODIgnorelist(const std::string& wlist)
{
vector<string> parts;
stringtok(parts, wlist, ",; ");
g_nodEnabled = ::arg().mustDo("new-domain-tracking");
g_nodLookupDomain = DNSName(::arg()["new-domain-lookup"]);
g_nodLog = ::arg().mustDo("new-domain-log");
- parseNODWhitelist(::arg()["new-domain-whitelist"]);
- parseNODWhitelist(::arg()["new-domain-ignore-list"]);
+ parseNODIgnorelist(::arg()["new-domain-whitelist"]);
+ parseNODIgnorelist(::arg()["new-domain-ignore-list"]);
// Setup Unique DNS Response subsystem
g_udrEnabled = ::arg().mustDo("unique-response-tracking");
SyncRes::setECSScopeZeroAddress(nm);
}
- SyncRes::parseEDNSSubnetWhitelist(::arg()["edns-subnet-whitelist"]);
- SyncRes::parseEDNSSubnetWhitelist(::arg()["edns-subnet-allow-list"]);
+ SyncRes::parseEDNSSubnetAllowlist(::arg()["edns-subnet-whitelist"]);
+ SyncRes::parseEDNSSubnetAllowlist(::arg()["edns-subnet-allow-list"]);
SyncRes::parseEDNSSubnetAddFor(::arg()["ecs-add-for"]);
g_useIncomingECS = ::arg().mustDo("use-incoming-edns-subnet");
g_useKernelTimestamp = ::arg().mustDo("protobuf-use-kernel-timestamp");
- blacklistStats(StatComponent::API, ::arg()["stats-api-blacklist"]);
- blacklistStats(StatComponent::Carbon, ::arg()["stats-carbon-blacklist"]);
- blacklistStats(StatComponent::RecControl, ::arg()["stats-rec-control-blacklist"]);
- blacklistStats(StatComponent::SNMP, ::arg()["stats-snmp-blacklist"]);
+ disableStats(StatComponent::API, ::arg()["stats-api-blacklist"]);
+ disableStats(StatComponent::Carbon, ::arg()["stats-carbon-blacklist"]);
+ disableStats(StatComponent::RecControl, ::arg()["stats-rec-control-blacklist"]);
+ disableStats(StatComponent::SNMP, ::arg()["stats-snmp-blacklist"]);
- blacklistStats(StatComponent::API, ::arg()["stats-api-disabled-list"]);
- blacklistStats(StatComponent::Carbon, ::arg()["stats-carbon-disabled-list"]);
- blacklistStats(StatComponent::RecControl, ::arg()["stats-rec-control-disabled-list"]);
- blacklistStats(StatComponent::SNMP, ::arg()["stats-snmp-disabled-list"]);
+ disableStats(StatComponent::API, ::arg()["stats-api-disabled-list"]);
+ disableStats(StatComponent::Carbon, ::arg()["stats-carbon-disabled-list"]);
+ disableStats(StatComponent::RecControl, ::arg()["stats-rec-control-disabled-list"]);
+ disableStats(StatComponent::SNMP, ::arg()["stats-snmp-disabled-list"]);
if (::arg().mustDo("snmp-agent")) {
string setting = ::arg()["snmp-daemon-socket"];
::arg().set("snmp-master-socket", "If set and snmp-agent is set, the socket to use to register to the SNMP daemon (deprecated)")="";
::arg().set("snmp-daemon-socket", "If set and snmp-agent is set, the socket to use to register to the SNMP daemon")="";
- std::string defaultBlacklistedStats = "cache-bytes, packetcache-bytes, special-memory-usage";
+ std::string defeaultDisabledStats = "cache-bytes, packetcache-bytes, special-memory-usage";
for (size_t idx = 0; idx < 32; idx++) {
- defaultBlacklistedStats += ", ecs-v4-response-bits-" + std::to_string(idx + 1);
+ defeaultDisabledStats += ", ecs-v4-response-bits-" + std::to_string(idx + 1);
}
for (size_t idx = 0; idx < 128; idx++) {
- defaultBlacklistedStats += ", ecs-v6-response-bits-" + std::to_string(idx + 1);
+ defeaultDisabledStats += ", ecs-v6-response-bits-" + std::to_string(idx + 1);
}
- ::arg().set("stats-api-blacklist", "List of statistics that are disabled when retrieving the complete list of statistics via the API (deprecated)")=defaultBlacklistedStats;
- ::arg().set("stats-carbon-blacklist", "List of statistics that are prevented from being exported via Carbon (deprecated)")=defaultBlacklistedStats;
- ::arg().set("stats-rec-control-blacklist", "List of statistics that are prevented from being exported via rec_control get-all (deprecated)")=defaultBlacklistedStats;
- ::arg().set("stats-snmp-blacklist", "List of statistics that are prevented from being exported via SNMP (deprecated)")=defaultBlacklistedStats;
+ ::arg().set("stats-api-blacklist", "List of statistics that are disabled when retrieving the complete list of statistics via the API (deprecated)")=defeaultDisabledStats;
+ ::arg().set("stats-carbon-blacklist", "List of statistics that are prevented from being exported via Carbon (deprecated)")=defeaultDisabledStats;
+ ::arg().set("stats-rec-control-blacklist", "List of statistics that are prevented from being exported via rec_control get-all (deprecated)")=defeaultDisabledStats;
+ ::arg().set("stats-snmp-blacklist", "List of statistics that are prevented from being exported via SNMP (deprecated)")=defeaultDisabledStats;
- ::arg().set("stats-api-disabled-list", "List of statistics that are disabled when retrieving the complete list of statistics via the API")=defaultBlacklistedStats;
- ::arg().set("stats-carbon-disabled-list", "List of statistics that are prevented from being exported via Carbon")=defaultBlacklistedStats;
- ::arg().set("stats-rec-control-disabled-list", "List of statistics that are prevented from being exported via rec_control get-all")=defaultBlacklistedStats;
- ::arg().set("stats-snmp-disabled-list", "List of statistics that are prevented from being exported via SNMP")=defaultBlacklistedStats;
+ ::arg().set("stats-api-disabled-list", "List of statistics that are disabled when retrieving the complete list of statistics via the API")=defeaultDisabledStats;
+ ::arg().set("stats-carbon-disabled-list", "List of statistics that are prevented from being exported via Carbon")=defeaultDisabledStats;
+ ::arg().set("stats-rec-control-disabled-list", "List of statistics that are prevented from being exported via rec_control get-all")=defeaultDisabledStats;
+ ::arg().set("stats-snmp-disabled-list", "List of statistics that are prevented from being exported via SNMP")=defeaultDisabledStats;
::arg().set("tcp-fast-open", "Enable TCP Fast Open support on the listening sockets, using the supplied numerical value as the queue size")="0";
::arg().set("tcp-fast-open-connect", "Enable TCP Fast Open support on outgoing sockets")="no";
::arg().set("edns-padding-from", "List of netmasks (proxy IP in case of XPF or proxy-protocol presence, client IP otherwise) for which EDNS padding will be enabled in responses, provided that 'edns-padding-mode' applies")="";
::arg().set("edns-padding-mode", "Whether to add EDNS padding to all responses ('always') or only to responses for queries containing the EDNS padding option ('padded-queries-only', the default). In both modes, padding will only be added to responses for queries coming from `edns-padding-from`_ sources")="padded-queries-only";
- ::arg().set("edns-padding-tag", "Packetcache tag associated to responses sent with EDNS padding, to prevent sending these to non-whitelisted clients.")="7830";
+ ::arg().set("edns-padding-tag", "Packetcache tag associated to responses sent with EDNS padding, to prevent sending these toclients for which padding is not enabled.")="7830";
::arg().setCmd("help","Provide a helpful message");
::arg().setCmd("version","Print version string");
}
#endif /* HAVE_FSTRM */
-static void rpzPrimary(LuaConfigItems& lci, luaConfigDelayedThreads& delayedThreads, const boost::variant<string, std::vector<std::pair<int, string> > >& masters_, const string& zoneName, boost::optional<rpzOptions_t> options)
+static void rpzPrimary(LuaConfigItems& lci, luaConfigDelayedThreads& delayedThreads, const boost::variant<string, std::vector<std::pair<int, string>>>& primaries_, const string& zoneName, boost::optional<rpzOptions_t> options)
{
boost::optional<DNSFilterEngine::Policy> defpol;
bool defpolOverrideLocal = true;
uint16_t axfrTimeout = 20;
uint32_t maxTTL = std::numeric_limits<uint32_t>::max();
ComboAddress localAddress;
- std::vector<ComboAddress> masters;
- if (masters_.type() == typeid(string)) {
- masters.push_back(ComboAddress(boost::get<std::string>(masters_), 53));
+ std::vector<ComboAddress> primaries;
+ if (primaries_.type() == typeid(string)) {
+ primaries.push_back(ComboAddress(boost::get<std::string>(primaries_), 53));
}
else {
- for (const auto& master : boost::get<std::vector<std::pair<int, std::string>>>(masters_)) {
- masters.push_back(ComboAddress(master.second, 53));
+ for (const auto& primary : boost::get<std::vector<std::pair<int, std::string>>>(primaries_)) {
+ primaries.push_back(ComboAddress(primary.second, 53));
}
}
}
if (localAddress != ComboAddress()) {
- // We were passed a localAddress, check if its AF matches the masters'
- for (const auto& master : masters) {
- if (localAddress.sin4.sin_family != master.sin4.sin_family) {
- throw PDNSException("Primary address("+master.toString()+") is not of the same Address Family as the local address ("+localAddress.toString()+").");
+ // We were passed a localAddress, check if its AF matches the primaries'
+ for (const auto& primary : primaries) {
+ if (localAddress.sin4.sin_family != primary.sin4.sin_family) {
+ throw PDNSException("Primary address("+primary.toString()+") is not of the same Address Family as the local address ("+localAddress.toString()+").");
}
}
}
exit(1); // FIXME proper exit code?
}
- delayedThreads.rpzMasterThreads.push_back(std::make_tuple(masters, defpol, defpolOverrideLocal, maxTTL, zoneIdx, tt, maxReceivedXFRMBytes, localAddress, axfrTimeout, refresh, sr, dumpFile));
+ delayedThreads.rpzPrimaryThreads.push_back(std::make_tuple(primaries, defpol, defpolOverrideLocal, maxTTL, zoneIdx, tt, maxReceivedXFRMBytes, localAddress, axfrTimeout, refresh, sr, dumpFile));
}
void loadRecursorLuaConfig(const std::string& fname, luaConfigDelayedThreads& delayedThreads)
}
});
- Lua.writeFunction("rpzMaster", [&lci, &delayedThreads](const boost::variant<string, std::vector<std::pair<int, string> > >& masters_, const string& zoneName, boost::optional<rpzOptions_t> options) {
- rpzPrimary(lci, delayedThreads, masters_, zoneName, options);
+ Lua.writeFunction("rpzMaster", [&lci, &delayedThreads](const boost::variant<string, std::vector<std::pair<int, string> > >& primaries_, const string& zoneName, boost::optional<rpzOptions_t> options) {
+ g_log<<Logger::Warning<<"'rpzMaster' is deprecated and will be removed in a future release, use 'rpzPrimary' instead"<< endl;
+ rpzPrimary(lci, delayedThreads, primaries_, zoneName, options);
});
- Lua.writeFunction("rpzPrimary", [&lci, &delayedThreads](const boost::variant<string, std::vector<std::pair<int, string> > >& masters_, const string& zoneName, boost::optional<rpzOptions_t> options) {
- rpzPrimary(lci, delayedThreads, masters_, zoneName, options);
+ Lua.writeFunction("rpzPrimary", [&lci, &delayedThreads](const boost::variant<string, std::vector<std::pair<int, string> > >& primaries_, const string& zoneName, boost::optional<rpzOptions_t> options) {
+ rpzPrimary(lci, delayedThreads, primaries_, zoneName, options);
});
typedef vector<pair<int,boost::variant<string, vector<pair<int, string> > > > > argvec_t;
void startLuaConfigDelayedThreads(const luaConfigDelayedThreads& delayedThreads, uint64_t generation)
{
- for (const auto& rpzMaster : delayedThreads.rpzMasterThreads) {
+ for (const auto& rpzPrimary : delayedThreads.rpzPrimaryThreads) {
try {
- std::thread t(RPZIXFRTracker, std::get<0>(rpzMaster), std::get<1>(rpzMaster), std::get<2>(rpzMaster), std::get<3>(rpzMaster), std::get<4>(rpzMaster), std::get<5>(rpzMaster), std::get<6>(rpzMaster) * 1024 * 1024, std::get<7>(rpzMaster), std::get<8>(rpzMaster), std::get<9>(rpzMaster), std::get<10>(rpzMaster), std::get<11>(rpzMaster), generation);
+ std::thread t(RPZIXFRTracker, std::get<0>(rpzPrimary), std::get<1>(rpzPrimary), std::get<2>(rpzPrimary), std::get<3>(rpzPrimary), std::get<4>(rpzPrimary), std::get<5>(rpzPrimary), std::get<6>(rpzPrimary) * 1024 * 1024, std::get<7>(rpzPrimary), std::get<8>(rpzPrimary), std::get<9>(rpzPrimary), std::get<10>(rpzPrimary), std::get<11>(rpzPrimary), generation);
t.detach();
}
catch(const std::exception& e) {
struct luaConfigDelayedThreads
{
- std::vector<std::tuple<std::vector<ComboAddress>, boost::optional<DNSFilterEngine::Policy>, bool, uint32_t, size_t, TSIGTriplet, size_t, ComboAddress, uint16_t, uint32_t, std::shared_ptr<SOARecordContent>, std::string> > rpzMasterThreads;
+ std::vector<std::tuple<std::vector<ComboAddress>, boost::optional<DNSFilterEngine::Policy>, bool, uint32_t, size_t, TSIGTriplet, size_t, ComboAddress, uint16_t, uint32_t, std::shared_ptr<SOARecordContent>, std::string> > rpzPrimaryThreads;
};
void loadRecursorLuaConfig(const std::string& fname, luaConfigDelayedThreads& delayedThreads);
s_statsMap[statOID[statOIDLength - 1]] = name.c_str();
netsnmp_register_scalar(netsnmp_create_handler_registration(name.c_str(),
- isStatBlacklisted(StatComponent::SNMP, name) ?
+ isStatDisabled(StatComponent::SNMP, name) ?
handleDisabledCounter64Stats : handleCounter64Stats,
statOID,
statOIDLength,
class RecursorSNMPAgent: public SNMPAgent
{
public:
- RecursorSNMPAgent(const std::string& name, const std::string& masterSocket);
+ RecursorSNMPAgent(const std::string& name, const std::string& daemonSocket);
bool sendCustomTrap(const std::string& reason);
};
DNSName getRegisteredName(const DNSName& dom);
std::atomic<unsigned long>* getDynMetric(const std::string& str, const std::string& prometheusName);
boost::optional<uint64_t> getStatByName(const std::string& name);
-bool isStatBlacklisted(StatComponent component, const std::string& name);
-void blacklistStat(StatComponent component, const string& name);
-void blacklistStats(StatComponent component, const string& stats);
+bool isStatDisabled(StatComponent component, const std::string& name);
+void disableStat(StatComponent component, const string& name);
+void disableStats(StatComponent component, const string& stats);
void registerAllStats();
static map<string, dynmetrics> d_dynmetrics;
-static std::map<StatComponent, std::set<std::string>> s_blacklistedStats;
+static std::map<StatComponent, std::set<std::string>> s_disabledStats;
-bool isStatBlacklisted(StatComponent component, const string& name)
+bool isStatDisabled(StatComponent component, const string& name)
{
- return s_blacklistedStats[component].count(name) != 0;
+ return s_disabledStats[component].count(name) != 0;
}
-void blacklistStat(StatComponent component, const string& name)
+void disableStat(StatComponent component, const string& name)
{
- s_blacklistedStats[component].insert(name);
+ s_disabledStats[component].insert(name);
}
-void blacklistStats(StatComponent component, const string& stats)
+void disableStats(StatComponent component, const string& stats)
{
- std::vector<std::string> blacklistedStats;
- stringtok(blacklistedStats, stats, ", ");
- auto& map = s_blacklistedStats[component];
- for (const auto &st : blacklistedStats) {
+ std::vector<std::string> disabledStats;
+ stringtok(disabledStats, stats, ", ");
+ auto& map = s_disabledStats[component];
+ for (const auto &st : disabledStats) {
map.insert(st);
}
}
StatsMap getAllStatsMap(StatComponent component)
{
StatsMap ret;
- const auto& blacklistMap = s_blacklistedStats.at(component);
+ const auto& disabledlistMap = s_disabledStats.at(component);
for(const auto& the32bits : d_get32bitpointers) {
- if (blacklistMap.count(the32bits.first) == 0) {
+ if (disabledlistMap.count(the32bits.first) == 0) {
ret.insert(make_pair(the32bits.first, StatsMapEntry{getPrometheusName(the32bits.first), std::to_string(*the32bits.second)}));
}
}
for(const auto& atomic : d_getatomics) {
- if (blacklistMap.count(atomic.first) == 0) {
+ if (disabledlistMap.count(atomic.first) == 0) {
ret.insert(make_pair(atomic.first, StatsMapEntry{getPrometheusName(atomic.first), std::to_string(atomic.second->load())}));
}
}
for(const auto& the64bitmembers : d_get64bitmembers) {
- if (blacklistMap.count(the64bitmembers.first) == 0) {
+ if (disabledlistMap.count(the64bitmembers.first) == 0) {
ret.insert(make_pair(the64bitmembers.first, StatsMapEntry{getPrometheusName(the64bitmembers.first), std::to_string(the64bitmembers.second())}));
}
}
{
std::lock_guard<std::mutex> l(d_dynmetricslock);
for(const auto& a : d_dynmetrics) {
- if (blacklistMap.count(a.first) == 0) {
+ if (disabledlistMap.count(a.first) == 0) {
ret.insert(make_pair(a.first, StatsMapEntry{a.second.d_prometheusName, std::to_string(*a.second.d_ptr)}));
}
}
}
}
-static shared_ptr<SOARecordContent> loadRPZFromServer(const ComboAddress& master, const DNSName& zoneName, std::shared_ptr<DNSFilterEngine::Zone> zone, boost::optional<DNSFilterEngine::Policy> defpol, bool defpolOverrideLocal, uint32_t maxTTL, const TSIGTriplet& tt, size_t maxReceivedBytes, const ComboAddress& localAddress, uint16_t axfrTimeout)
+static shared_ptr<SOARecordContent> loadRPZFromServer(const ComboAddress& primary, const DNSName& zoneName, std::shared_ptr<DNSFilterEngine::Zone> zone, boost::optional<DNSFilterEngine::Policy> defpol, bool defpolOverrideLocal, uint32_t maxTTL, const TSIGTriplet& tt, size_t maxReceivedBytes, const ComboAddress& localAddress, uint16_t axfrTimeout)
{
- g_log<<Logger::Warning<<"Loading RPZ zone '"<<zoneName<<"' from "<<master.toStringWithPort()<<endl;
+ g_log<<Logger::Warning<<"Loading RPZ zone '"<<zoneName<<"' from "<<primary.toStringWithPort()<<endl;
if(!tt.name.empty())
g_log<<Logger::Warning<<"With TSIG key '"<<tt.name<<"' of algorithm '"<<tt.algo<<"'"<<endl;
ComboAddress local(localAddress);
if (local == ComboAddress())
- local = pdns::getQueryLocalAddress(master.sin4.sin_family, 0);
+ local = pdns::getQueryLocalAddress(primary.sin4.sin_family, 0);
- AXFRRetriever axfr(master, zoneName, tt, &local, maxReceivedBytes, axfrTimeout);
+ AXFRRetriever axfr(primary, zoneName, tt, &local, maxReceivedBytes, axfrTimeout);
unsigned int nrecords=0;
Resolver::res_t nop;
vector<DNSRecord> chunk;
return true;
}
-void RPZIXFRTracker(const std::vector<ComboAddress>& masters, boost::optional<DNSFilterEngine::Policy> defpol, bool defpolOverrideLocal, uint32_t maxTTL, size_t zoneIdx, const TSIGTriplet& tt, size_t maxReceivedBytes, const ComboAddress& localAddress, const uint16_t axfrTimeout, const uint32_t refreshFromConf, std::shared_ptr<SOARecordContent> sr, std::string dumpZoneFileName, uint64_t configGeneration)
+void RPZIXFRTracker(const std::vector<ComboAddress>& primaries, boost::optional<DNSFilterEngine::Policy> defpol, bool defpolOverrideLocal, uint32_t maxTTL, size_t zoneIdx, const TSIGTriplet& tt, size_t maxReceivedBytes, const ComboAddress& localAddress, const uint16_t axfrTimeout, const uint32_t refreshFromConf, std::shared_ptr<SOARecordContent> sr, std::string dumpZoneFileName, uint64_t configGeneration)
{
setThreadName("pdns-r/RPZIXFR");
bool isPreloaded = sr != nullptr;
/* full copy, as promised */
std::shared_ptr<DNSFilterEngine::Zone> newZone = std::make_shared<DNSFilterEngine::Zone>(*oldZone);
- for (const auto& master : masters) {
+ for (const auto& primary : primaries) {
try {
- sr = loadRPZFromServer(master, zoneName, newZone, defpol, defpolOverrideLocal, maxTTL, tt, maxReceivedBytes, localAddress, axfrTimeout);
+ sr = loadRPZFromServer(primary, zoneName, newZone, defpol, defpolOverrideLocal, maxTTL, tt, maxReceivedBytes, localAddress, axfrTimeout);
newZone->setSerial(sr->d_st.serial);
newZone->setRefresh(sr->d_st.refresh);
refresh = std::max(refreshFromConf ? refreshFromConf : newZone->getRefresh(), 1U);
dumpZoneToDisk(zoneName, newZone, dumpZoneFileName);
}
- /* no need to try another master */
+ /* no need to try another primary */
break;
}
catch(const std::exception& e) {
- g_log<<Logger::Warning<<"Unable to load RPZ zone '"<<zoneName<<"' from '"<<master<<"': '"<<e.what()<<"'. (Will try again in "<<refresh<<" seconds...)"<<endl;
+ g_log<<Logger::Warning<<"Unable to load RPZ zone '"<<zoneName<<"' from '"<<primary<<"': '"<<e.what()<<"'. (Will try again in "<<refresh<<" seconds...)"<<endl;
incRPZFailedTransfers(polName);
}
catch(const PDNSException& e) {
- g_log<<Logger::Warning<<"Unable to load RPZ zone '"<<zoneName<<"' from '"<<master<<"': '"<<e.reason<<"'. (Will try again in "<<refresh<<" seconds...)"<<endl;
+ g_log<<Logger::Warning<<"Unable to load RPZ zone '"<<zoneName<<"' from '"<<primary<<"': '"<<e.reason<<"'. (Will try again in "<<refresh<<" seconds...)"<<endl;
incRPZFailedTransfers(polName);
}
}
}
vector<pair<vector<DNSRecord>, vector<DNSRecord> > > deltas;
- for (const auto& master : masters) {
- g_log<<Logger::Info<<"Getting IXFR deltas for "<<zoneName<<" from "<<master.toStringWithPort()<<", our serial: "<<getRR<SOARecordContent>(dr)->d_st.serial<<endl;
+ for (const auto& primary : primaries) {
+ g_log<<Logger::Info<<"Getting IXFR deltas for "<<zoneName<<" from "<<primary.toStringWithPort()<<", our serial: "<<getRR<SOARecordContent>(dr)->d_st.serial<<endl;
ComboAddress local(localAddress);
if (local == ComboAddress()) {
- local = pdns::getQueryLocalAddress(master.sin4.sin_family, 0);
+ local = pdns::getQueryLocalAddress(primary.sin4.sin_family, 0);
}
try {
- deltas = getIXFRDeltas(master, zoneName, dr, tt, &local, maxReceivedBytes);
+ deltas = getIXFRDeltas(primary, zoneName, dr, tt, &local, maxReceivedBytes);
- /* no need to try another master */
+ /* no need to try another primary */
break;
} catch(const std::runtime_error& e ){
g_log<<Logger::Warning<<e.what()<<endl;
extern bool g_logRPZChanges;
std::shared_ptr<SOARecordContent> loadRPZFromFile(const std::string& fname, std::shared_ptr<DNSFilterEngine::Zone> zone, boost::optional<DNSFilterEngine::Policy> defpol, bool defpolOverrideLocal, uint32_t maxTTL);
-void RPZIXFRTracker(const std::vector<ComboAddress>& masters, boost::optional<DNSFilterEngine::Policy> defpol, bool defpolOverrideLocal, uint32_t maxTTL, size_t zoneIdx, const TSIGTriplet& tt, size_t maxReceivedBytes, const ComboAddress& localAddress, const uint16_t axfrTimeout, const uint32_t reloadFromConf, shared_ptr<SOARecordContent> sr, std::string dumpZoneFileName, uint64_t configGeneration);
+void RPZIXFRTracker(const std::vector<ComboAddress>& primaries, boost::optional<DNSFilterEngine::Policy> defpol, bool defpolOverrideLocal, uint32_t maxTTL, size_t zoneIdx, const TSIGTriplet& tt, size_t maxReceivedBytes, const ComboAddress& localAddress, const uint16_t axfrTimeout, const uint32_t reloadFromConf, shared_ptr<SOARecordContent> sr, std::string dumpZoneFileName, uint64_t configGeneration);
struct rpzStats
{
ne.d_ttd = d_now.tv_sec + lowestTTL;
if (!wasVariable()) {
- if (qtype.getCode()) { // prevents us from blacking out a whole domain
+ if (qtype.getCode()) { // prevents us from NXDOMAIN'ing a whole domain
g_negCache->add(ne);
}
}
return boost::none;
}
-void SyncRes::parseEDNSSubnetWhitelist(const std::string& wlist)
+void SyncRes::parseEDNSSubnetAllowlist(const std::string& alist)
{
vector<string> parts;
- stringtok(parts, wlist, ",; ");
+ stringtok(parts, alist, ",; ");
for(const auto& a : parts) {
try {
s_ednsremotesubnets.addMask(Netmask(a));
{
s_dontQuery = nullptr;
}
- static void parseEDNSSubnetWhitelist(const std::string& wlist);
+ static void parseEDNSSubnetAllowlist(const std::string& alist);
static void parseEDNSSubnetAddFor(const std::string& subnetlist);
static void addEDNSLocalSubnet(const std::string& subnet)
{
std::ostringstream output;
- // Argument controls blacklisting of any stats. So
- // stats-api-blacklist will be used to block returned stats.
+ // Argument controls disabling of any stats. So
+ // stats-api-disabled-list will be used to block returned stats.
auto varmap = getAllStatsMap(StatComponent::API);
for (const auto& tup : varmap) {
std::string metricName = tup.first;
projects / thirdparty / pdns.git / commitdiff
