Oto Šťáva [Tue, 12 Sep 2023 12:27:09 +0000 (14:27 +0200)]
.gitlab-ci: fix Pages publishing
This commit renames `docs:public` to `pages` as required by GitLab CI to
recognize Pages jobs correctly. It also adds the `public` directory into
`artifacts:paths`.
Oto Šťáva [Tue, 29 Aug 2023 08:38:13 +0000 (10:38 +0200)]
.gitlab-ci.yml: use environments for documentation versioning
This leverages Environments on GitLab to expose different versions of
Knot Resolver docs. The `docs:build` job builds the documentation and
exposes it via job artifacts. Then `docs:develop` (for branches) and
`docs:release` (for tags) take these artifacts and expose them via an
Environment link (an example of this in action may be seen at
[https://gitlab.nic.cz/ostava/knot-resolver/-/environments]).
There is also an optional, manually runnable `docs:public` job, which,
when run, propagates the documentation to the main GitLab Pages of the
project (e.g. [https://knot.pages.nic.cz/knot-resolver]) - this will
probably be mostly used for the latest release, although this setup
pretty much allows us to swap it for whatever version we like at any
time.
Officially yesterday, but there's long overlap when both address pairs
are promised to work. See e.g. this e-mail thread:
https://lists.dns-oarc.net/pipermail/dns-operations/2023-June/022052.html
Vladimír Čunát [Fri, 3 Nov 2023 11:31:06 +0000 (12:31 +0100)]
lib/zonecut.c fetch_addr(): resurrect filtering by NO_IPV*
This filtering was dropped in 4565cc596680 (v5.3.0).
Now it's reintroduced - but inside the function, as that seems nicer.
Nit: naming and comment were updated to fit the current usage.
As the code is designed so far (in whole history probably), in order
to detect whether we need to choose a zone cut closer to the root,
we need to do something like this in lib/zonecut.c already,
instead of just during server selection.
I don't think this change can break anything.
Fetching unusable addresses from cache seems pointless,
as selection wouldn't be allowed to use them or try resolving them.
Vladimír Čunát [Sat, 29 Jul 2023 15:53:34 +0000 (17:53 +0200)]
daemon: more avoidance of excessive TCP reconnections
Previously this penalization was only triggered if the remote server
closed TCP. Now it's extended to us closing it when the server
(only) sends back some nonsense. At least for the cases which I could
see immediately.
That's just three trivial one-line additions; the rest is refactoring.
Vladimír Čunát [Wed, 28 Jun 2023 15:48:51 +0000 (17:48 +0200)]
avoid knot_pkt_default_padding_size()
The reserved size in packet is a messy thing, broken by
https://gitlab.nic.cz/knot/knot-dns/-/commit/ded5fbf01d00a875f141
Fortunately this function is trivial, so we can inline what we need.
It gets complicated by an earlier typo fix, though.
Vladimír Čunát [Sat, 10 Jun 2023 08:34:12 +0000 (10:34 +0200)]
hints: fix names inside home.arpa.
Reported on https://forum.turris.cz/t/knot-resolver-with-local-fqdn-hostnames/19034/8
I write it as three comparisons, as it seems like a simple way of
still running only a single comparison in the typical case of QNAME
not falling under .arpa.
Tested just quickly, manually. This chunk of code already is replaced
for kresd >= 6.0.0.
Vladimír Čunát [Wed, 7 Jun 2023 08:30:33 +0000 (10:30 +0200)]
meson: add more warnings from the C compiler
I tested this still builds with gcc 6, gcc 13, clang 7, clang 16.
Our CI additionally does `-Werror`, so that the properties
will get maintained (on some Debian's default compiler and clang).
Warnings with gcc 13 seem clear for me now, too.
Oto Šťáva [Wed, 7 Jun 2023 13:04:10 +0000 (15:04 +0200)]
tests/dnstap: let Go handle its transitive dependencies
Dependabot reported that we have some vulnerable dependencies. The
problem is that the ones it wants to bump to do not support older Go
versions, which we need to use due to some distros not having the most
recent Go packages available.
The `go.sum` file contains the outdated ones (because I tried with an
older Go), but as far as I can tell, from Go docs and other places, it
is actually not a lockfile, so newer Go should update the packages
regardless of what is in `go.sum`.
Oto Šťáva [Wed, 7 Jun 2023 06:15:41 +0000 (08:15 +0200)]
tests/pytests: adapt to new pylint
New version of pylint removed the disabled `bad-continuation` check. It
also added a parens check that we were violating in
`test_random_close.py`, which is now fixed as well.
Vladimír Čunát [Mon, 29 May 2023 11:59:00 +0000 (13:59 +0200)]
lib/cache pkt_renew(): fix an edge-case bug
It could happen that this condition didn't get triggered,
but the structures weren't completely clear. In particular,
the current section could be past KNOT_ANSWER already.
Let's be more conservative here; pkt_recycle() shouldn't be expensive.
I'm not sure why I only ran into this on the new-policy branch,
but it really seems like bug here on master already.
Vladimír Čunát [Wed, 26 Apr 2023 09:16:34 +0000 (11:16 +0200)]
hints docs: explain root hints better
The removed tip seemed especially misleading;
I don't think our root hints could've ever been used that way.
And latency to root servers has practically no impact on latency
of replies to reasonable answers (just like... once per day and TLD).
Vladimír Čunát [Mon, 8 May 2023 08:39:41 +0000 (10:39 +0200)]
ci: drop debian 9
It looks like downloads won't work anymore:
https://gitlab.nic.cz/knot/knot-resolver/-/jobs/890201
https://gitlab.nic.cz/knot/knot-resolver/-/jobs/890312
which is probably because long-term support ended last summer.
Vladimír Čunát [Wed, 8 Mar 2023 16:18:16 +0000 (17:18 +0100)]
improve handling of SERVFAIL from forwarders
- selection: utilize address_state::broken also when forwarding
- selection: drop fallbacks that don't make sense when forwarding
- iterate: copy EDE codes on DNSSEC SERVFAILs
Vladimír Čunát [Tue, 21 Feb 2023 14:35:14 +0000 (15:35 +0100)]
view: fix destination-based matching
Apparently it's never worked since its introduction.
.addr is non-nil exactly when .dst_addr is non-nil
(which hapens iff the query originated externally).
Now we have semantics which was probably intended by the original code
(982162956a from 2016) but that semantics is still problematic
if you need both kinds of matching in a single request from client.
This matching by destination has never made it to docs,
so let's just add this simple fixup for now, and later
we'll steer users to new policy configuration anyway.
The hack shouldn't be needed anymore:
https://github.com/Homebrew/homebrew-core/commit/4369052170f4360b7ad545f23b8a01a4ccb37683#diff-59a7902ada251dd9dba99b5bd323c1dba1d102d244ce766c06ce00097fb82e8fL71
This isn't an exact revert, but differences are minor.
Oto Šťáva [Fri, 24 Feb 2023 10:08:59 +0000 (11:08 +0100)]
daemon/engine: warning when log_groups contains a non-existent group
Until now, kresd would refuse to start when a log_groups Lua call
contained a non-existent group. After this change, only a warning is
printed, which helps during development while switching between branches
with new logging groups. I don't think changing the configuration all
the time just for a logging group is warranted.
Vladimír Čunát [Mon, 13 Feb 2023 15:59:11 +0000 (16:59 +0100)]
lib/utils: fix timestamp format in dumps of records
The debug dumps of packets used UNIX timestamps (in RRSIG validity)
instead of the customary human stamps.
This was an unintentional regression of 0555828e, i.e. since v5.4.1
I looked again at all other differences from default kdig style,
and the only ones are that we don't show class and don't do IDN.
(both seem suitable here)
Vladimír Čunát [Wed, 22 Feb 2023 10:44:10 +0000 (11:44 +0100)]
ci: fix macOS builds
Let's specify more of the dependencies explicitly.
I suspect it was pkg-config that was missing;
https://github.com/CZ-NIC/knot-resolver/actions/runs/4241689540/jobs/7372234570
Oto Šťáva [Thu, 26 Jan 2023 07:45:24 +0000 (08:45 +0100)]
tests/pytests: quality-of-life improvements and notes
Added the option to run `kresd` inside `pytests` under `valgrind` and
`rr`, which can help with debugging. Also added a clarifying note that I
personally would have liked to have while exploring this.
Vladimír Čunát [Thu, 26 Jan 2023 16:07:01 +0000 (17:07 +0100)]
ci: allow failure for bad OBS distrotest jobs
They've been failing for many months, e.g. see
https://gitlab.nic.cz/knot/knot-resolver/-/pipelines/104497
This way it at least won't be confusing by showing red in CI.
Vladimír Čunát [Thu, 22 Dec 2022 12:58:53 +0000 (13:58 +0100)]
predict: fully deactivate prediction with `period = 0`
That setting is recommended by documentation but it would still leave
the timer triggering repeatedly. Maybe it didn't cause any practical
difference, but it was unnecessary and possibly confusing.
Vladimír Čunát [Thu, 14 Jul 2022 08:53:27 +0000 (10:53 +0200)]
TTL bounds: improve the logic
- apply to first (uncached) answer already
- don't extend over signature validity
Nit: the tests were using too high TTL (RFCs disallow the "sign bit").
It was working because (manual) cache-insertion was applying bounds,
but now the bounds don't get applied anymore, so it would fail.
Vladimír Čunát [Mon, 28 Feb 2022 18:10:16 +0000 (19:10 +0100)]
lib/cache: tweak TTL computation for packets
When a whole packet is cached (instead of individual RRs),
let's simplify the way the packet's TTL gets computed.
The previous mechanism came from commit 5b383a2bb7,
probably a misunderstanding of:
https://datatracker.ietf.org/doc/html/rfc2308#section-5
Anyway, I see no motivation to do it, and this way we should
get rid of some weird cases where we might extend TTL of some records,
except if they were below the cache.min_ttl() setting (5s default).
projects / thirdparty / knot-resolver.git / log
