Add setting and metric

diff --git a/pdns/recursordist/RECURSOR-MIB.txt b/pdns/recursordist/RECURSOR-MIB.txt
index ba743382ddfb9da81b438eef71e5f49e62d4d4a5..99a7dc8d80d7236c08f5f2200ecc9fbdec3b0d80 100644 (file)
--- a/pdns/recursordist/RECURSOR-MIB.txt
+++ b/pdns/recursordist/RECURSOR-MIB.txt
@@ -1280,6 +1280,22 @@ chainLimits OBJECT-TYPE
         "Chain limits reached"
     ::= { stats 151 }
 
+tcpOverflow OBJECT-TYPE
+    SYNTAX Counter64
+    MAX-ACCESS read-only
+    STATUS current
+    DESCRIPTION
+        "Incoming TCP limits reached"
+    ::= { stats 152 }
+
+ecsMissing OBJECT-TYPE
+    SYNTAX Counter64
+    MAX-ACCESS read-only
+    STATUS current
+    DESCRIPTION
+        "Number of answers where ECS info was missing"
+    ::= { stats 153 }
+
 ---
 --- Traps / Notifications
 ---
@@ -1478,7 +1494,13 @@ recGroup OBJECT-GROUP
         udrEvents,
         maxChainLength,
         maxChainWeight,
+<<<<<<< HEAD
         chainLimits
+=======
+        chainLimits,
+        tcpOverflow,
+        ecsMissing
+>>>>>>> 36edbdb8b (Add setting and metric)
     }
     STATUS current
     DESCRIPTION "Objects conformance group for PowerDNS Recursor"

diff --git a/pdns/recursordist/lwres.cc b/pdns/recursordist/lwres.cc
index 3657b7397a30fc11b241967e21f8d25e52a7417e..d37d485e77f8d5b4477db5eb7f128e77790b1168 100644 (file)
--- a/pdns/recursordist/lwres.cc
+++ b/pdns/recursordist/lwres.cc
@@ -58,7 +58,7 @@
 thread_local TCPOutConnectionManager t_tcp_manager;
 std::shared_ptr<Logr::Logger> g_slogout;
 bool g_paddingOutgoing;
-bool g_ECSHardening{false};
+bool g_ECSHardening;
 
 void remoteLoggerQueueData(RemoteLoggerInterface& rli, const std::string& data)
 {

diff --git a/pdns/recursordist/rec-main.cc b/pdns/recursordist/rec-main.cc
index 62c84eec6de8676f89449603f8e1fb26edadc7f2..67571e4705c230d7bee3da8d16213b4e820700a6 100644 (file)
--- a/pdns/recursordist/rec-main.cc
+++ b/pdns/recursordist/rec-main.cc
@@ -2241,6 +2241,7 @@ static int serviceMain(Logr::log_t log)
   }
   g_paddingTag = ::arg().asNum("edns-padding-tag");
   g_paddingOutgoing = ::arg().mustDo("edns-padding-out");
+  g_ECSHardening = ::arg().mustDo("edns-subnet-harden");
 
   RecThreadInfo::setNumDistributorThreads(::arg().asNum("distributor-threads"));
   RecThreadInfo::setNumUDPWorkerThreads(::arg().asNum("threads"));

diff --git a/pdns/recursordist/settings/table.py b/pdns/recursordist/settings/table.py
index d7282a0ab943ba62efc3e5f11ef4dc9fee9bdd16..655a814e815ed131d020f97414dea754fd4b64d2 100644 (file)
--- a/pdns/recursordist/settings/table.py
+++ b/pdns/recursordist/settings/table.py
@@ -939,6 +939,18 @@ By default, this option is empty, meaning no EDNS Client Subnet information is s
  ''',
     'versionadded': '4.5.0'
     },
+    {
+        'name' : 'edns_subnet_harden',
+        'section' : 'outgoing',
+        'type' : LType.Bool,
+        'default' : 'false',
+        'help' : 'Do more strict checking or EDNS Client Subnet information returned by authoritative servers',
+        'doc' : '''
+Do more strict checking or EDNS Client Subnet information returned by authoritative servers.
+Answers missing ECS information will be ignored and followed up by an ECS-less query.
+ ''',
+    'versionadded': ['5.2.x', '5.1.x', '5.0.x']
+    },
     {
         'name' : 'entropy_source',
         'section' : 'recursor',

diff --git a/regression-tests.recursor-dnssec/test_SNMP.py b/regression-tests.recursor-dnssec/test_SNMP.py
index 27b31ffbe3ded196a7aab9f8e04bd7db5eaa5caf..e0f67ba43577344c057af0af5888a90fc4c876c1 100644 (file)
--- a/regression-tests.recursor-dnssec/test_SNMP.py
+++ b/regression-tests.recursor-dnssec/test_SNMP.py
@@ -21,7 +21,7 @@ class TestSNMP(RecursorTest):
     """
 
     def _checkStatsValues(self, results):
-        count = 151
+        count = 153
         for i in list(range(1, count)):
             oid = self._snmpOID + '.1.' + str(i) + '.0'
             self.assertTrue(oid in results)