From: Otto Moerbeek Date: Thu, 8 May 2025 10:25:36 +0000 (+0200) Subject: Add setting and metric X-Git-Tag: rec-5.1.6^2~8 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=e579c6e8a19fc9808ab697beabd390cf6647fa30;p=thirdparty%2Fpdns.git Add setting and metric --- diff --git a/pdns/recursordist/RECURSOR-MIB.txt b/pdns/recursordist/RECURSOR-MIB.txt index ba743382dd..99a7dc8d80 100644 --- a/pdns/recursordist/RECURSOR-MIB.txt +++ b/pdns/recursordist/RECURSOR-MIB.txt @@ -1280,6 +1280,22 @@ chainLimits OBJECT-TYPE "Chain limits reached" ::= { stats 151 } +tcpOverflow OBJECT-TYPE + SYNTAX Counter64 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "Incoming TCP limits reached" + ::= { stats 152 } + +ecsMissing OBJECT-TYPE + SYNTAX Counter64 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "Number of answers where ECS info was missing" + ::= { stats 153 } + --- --- Traps / Notifications --- @@ -1478,7 +1494,13 @@ recGroup OBJECT-GROUP udrEvents, maxChainLength, maxChainWeight, +<<<<<<< HEAD chainLimits +======= + chainLimits, + tcpOverflow, + ecsMissing +>>>>>>> 36edbdb8b (Add setting and metric) } STATUS current DESCRIPTION "Objects conformance group for PowerDNS Recursor" diff --git a/pdns/recursordist/lwres.cc b/pdns/recursordist/lwres.cc index 3657b7397a..d37d485e77 100644 --- a/pdns/recursordist/lwres.cc +++ b/pdns/recursordist/lwres.cc @@ -58,7 +58,7 @@ thread_local TCPOutConnectionManager t_tcp_manager; std::shared_ptr g_slogout; bool g_paddingOutgoing; -bool g_ECSHardening{false}; +bool g_ECSHardening; void remoteLoggerQueueData(RemoteLoggerInterface& rli, const std::string& data) { diff --git a/pdns/recursordist/rec-main.cc b/pdns/recursordist/rec-main.cc index 62c84eec6d..67571e4705 100644 --- a/pdns/recursordist/rec-main.cc +++ b/pdns/recursordist/rec-main.cc @@ -2241,6 +2241,7 @@ static int serviceMain(Logr::log_t log) } g_paddingTag = ::arg().asNum("edns-padding-tag"); g_paddingOutgoing = ::arg().mustDo("edns-padding-out"); + g_ECSHardening = ::arg().mustDo("edns-subnet-harden"); RecThreadInfo::setNumDistributorThreads(::arg().asNum("distributor-threads")); RecThreadInfo::setNumUDPWorkerThreads(::arg().asNum("threads")); diff --git a/pdns/recursordist/settings/table.py b/pdns/recursordist/settings/table.py index d7282a0ab9..655a814e81 100644 --- a/pdns/recursordist/settings/table.py +++ b/pdns/recursordist/settings/table.py @@ -939,6 +939,18 @@ By default, this option is empty, meaning no EDNS Client Subnet information is s ''', 'versionadded': '4.5.0' }, + { + 'name' : 'edns_subnet_harden', + 'section' : 'outgoing', + 'type' : LType.Bool, + 'default' : 'false', + 'help' : 'Do more strict checking or EDNS Client Subnet information returned by authoritative servers', + 'doc' : ''' +Do more strict checking or EDNS Client Subnet information returned by authoritative servers. +Answers missing ECS information will be ignored and followed up by an ECS-less query. + ''', + 'versionadded': ['5.2.x', '5.1.x', '5.0.x'] + }, { 'name' : 'entropy_source', 'section' : 'recursor', diff --git a/regression-tests.recursor-dnssec/test_SNMP.py b/regression-tests.recursor-dnssec/test_SNMP.py index 27b31ffbe3..e0f67ba435 100644 --- a/regression-tests.recursor-dnssec/test_SNMP.py +++ b/regression-tests.recursor-dnssec/test_SNMP.py @@ -21,7 +21,7 @@ class TestSNMP(RecursorTest): """ def _checkStatsValues(self, results): - count = 151 + count = 153 for i in list(range(1, count)): oid = self._snmpOID + '.1.' + str(i) + '.0' self.assertTrue(oid in results)