checkLinuxIPv6Limits();
try {
pdns::parseQueryLocalAddress(::arg()["query-local-address"]);
- pdns::parseQueryLocalAddress(::arg()["query-local-address6"]);
+ if (!::arg()["query-local-address6"].empty()) {
+ // TODO remove in 4.5.0
+ g_log<<Logger::Warning<<"query-local-address6 is deprecated and will be removed in a future version. Please use query-local-address for IPv6 addresses as well"<<endl;
+ pdns::parseQueryLocalAddress(::arg()["query-local-address6"]);
+ }
}
catch(std::exception& e) {
g_log<<Logger::Error<<"Assigning local query addresses: "<<e.what();
g_log<<Logger::Warning<<"Enabling IPv6 transport for outgoing queries"<<endl;
}
else {
- g_log<<Logger::Warning<<"NOT using IPv6 for outgoing queries - set 'query-local-address6=::' to enable"<<endl;
+ g_log<<Logger::Warning<<"NOT using IPv6 for outgoing queries - add an IPv6 address (like '::') to query-local-address to enable"<<endl;
}
// keep this ABOVE loadRecursorLuaConfig!
::arg().set("socket-dir",string("Where the controlsocket will live, ")+LOCALSTATEDIR+"/pdns-recursor when unset and not chrooted" )="";
::arg().set("delegation-only","Which domains we only accept delegations from")="";
::arg().set("query-local-address","Source IP address for sending queries")="0.0.0.0";
- ::arg().set("query-local-address6","Source IPv6 address for sending queries. IF UNSET, IPv6 WILL NOT BE USED FOR OUTGOING QUERIES")="";
+ ::arg().set("query-local-address6","DEPRECATED: Use query-local-address for IPv6 as well. Source IPv6 address for sending queries. IF UNSET, IPv6 WILL NOT BE USED FOR OUTGOING QUERIES")="";
::arg().set("client-tcp-timeout","Timeout in seconds when talking to TCP clients")="2";
::arg().set("max-mthreads", "Maximum number of simultaneous Mtasker threads")="2048";
::arg().set("max-tcp-clients","Maximum number of simultaneous TCP clients")="128";
localAddress
^^^^^^^^^^^^
The source IP address to use when transferring the RPZ.
-When unset, :ref:`setting-query-local-address` and :ref:`setting-query-local-address6` are used.
+When unset, :ref:`setting-query-local-address` is used.
axfrTimeout
^^^^^^^^^^^
Maximum number of simultaneous TCP clients.
--max-tcp-per-client=<num>
If set, maximum number of TCP sessions per client (IP address).
---query-local-address=<address>
+--query-local-address=<address>[,address...]
Use *address* as Source IP address when sending queries.
---query-local-address6=<address>
- Send out local IPv6 queries from *address*. Disabled by default,
- which also disables outgoing IPv6 support. A useful setting is
- '::0'.
--quiet
Suppress logging of questions and answers.
--server-id=<text>
`edns-subnet-whitelist`_ when `use-incoming-edns-subnet`_ is set and the query has
an ECS source prefix-length set to 0.
The default is to look for the first usable (not an ``any`` one) address in
-`query-local-address`_ then `query-local-address6`_. If no suitable address is
+`query-local-address`_ (starting with IPv4). If no suitable address is
found, the recursor fallbacks to sending 127.0.0.1.
.. _setting-edns-outgoing-bufsize:
``query-local-address``
-----------------------
-- IPv4 Address, comma separated
+.. versionchanged:: 4.4.0
+ IPv6 addresses can be set with this option as well.
+
+- IP addresses, comma separated
- Default: 0.0.0.0
-Send out local queries from this address, or addresses, by adding multiple addresses, increased spoofing resilience is achieved.
+Send out local queries from this address, or addresses. By adding multiple
+addresses, increased spoofing resilience is achieved. When no address of a certain
+address family is configured, there are *no* queries sent with that address family.
+In the default configuration this means that IPv6 is not used for outgoing queries.
.. _setting-query-local-address6:
``query-local-address6``
------------------------
+.. deprecated:: 4.4.0
+ Use :ref:`setting-query-local-address` for IPv4 and IPv6.
+
- IPv6 addresses, comma separated
- Default: unset
// choose socket based on local
if (local.sin4.sin_family == 0) {
// up to us.
- if (remote.sin4.sin_family == AF_INET && !pdns::isQueryLocalAddressFamilyEnabled(AF_INET)) {
- throw ResolverException("No IPv4 socket available, is query-local-address set?");
- }
- if (remote.sin4.sin_family == AF_INET6 && !pdns::isQueryLocalAddressFamilyEnabled(AF_INET6)) {
- throw ResolverException("No IPv6 socket available, is query-local-address6 set?");
+ if (!pdns::isQueryLocalAddressFamilyEnabled(remote.sin4.sin_family)) {
+ string ipv = remote.sin4.sin_family == AF_INET ? "4" : "6";
+ throw ResolverException("No IPv" + ipv + " socket available, is such an address configured in query-local-address?");
}
sock = remote.sin4.sin_family == AF_INET ? locals["default4"] : locals["default6"];
} else {
ecs-ipv4-cache-bits=32
ecs-ipv6-cache-bits=128
forward-zones=ecs-echo.example=%s.21
-query-local-address6=::1
+query-local-address=::1
""" % (os.environ['PREFIX'])
def testSendECS(self):
self.sendECSQuery(query, expected, ttlECS)
def testRequireNoECS(self):
- # we should get ::1/128 because neither ecs-scope-zero-addr nor query-local-address are set,
- # but query-local-address6 is set to ::1
+ # we should get ::1/128 because ecs-scope-zero-addr is unset and query-local-address is set to ::1
expected = dns.rrset.from_text(nameECS, ttlECS, dns.rdataclass.IN, 'TXT', "::1/128")
ecso = clientsubnetoption.ClientSubnetOption('0.0.0.0', 0)
if [ $IPv6 = 1 ]
then
- QLA6="::"
+ QLA6=" ::"
else
QLA6=""
fi
<measurement><name>system CPU seconds</name><value>%S</value></measurement>
<measurement><name>wallclock seconds</name><value>%e</value></measurement>
<measurement><name>%% CPU used</name><value>%P</value></measurement>
-' ${RECURSOR} --daemon=no --local-port=$port --socket-dir=./ --trace=$TRACE --config-dir=. --max-mthreads=$mthreads --query-local-address6="${QLA6}" --threads=$threads --cache-shards=$shards --disable-packetcache > recursor.log 2>&1 &
+' ${RECURSOR} --daemon=no --local-port=$port --socket-dir=./ --trace=$TRACE --config-dir=. --max-mthreads=$mthreads --query-local-address="0.0.0.0${QLA6}" --threads=$threads --cache-shards=$shards --disable-packetcache > recursor.log 2>&1 &
sleep 3
# warm up the cache
if [ $IPv6 = 1 ]
then
- QLA6="::"
+ QLA6=" ::"
else
QLA6=""
fi
rm -f recursor.pid pdns_recursor.pid
-${RECURSOR} --daemon=no --local-port=$port --socket-dir=./ --trace=$TRACE --config-dir=. --local-address=0.0.0.0 --allow-from=0.0.0.0/0 --query-local-address6="${QLA6}" > recursor.log 2>&1 &
+${RECURSOR} --daemon=no --local-port=$port --socket-dir=./ --trace=$TRACE --config-dir=. --local-address=0.0.0.0 --allow-from=0.0.0.0/0 --query-local-address="0.0.0.0${QLA6}" > recursor.log 2>&1 &
sleep 3
./dnsbulktest -qe 37.252.127.190 $port $limit < ${CSV} > bulktest.results
kill $(cat pdns_recursor.pid)
projects / thirdparty / pdns.git / commitdiff
