Oto Šťáva [Fri, 5 Apr 2024 09:57:22 +0000 (11:57 +0200)]
daemon/meson.build: add install_rpath to kresd
This fixes the default use-case for developers when they put their
install prefix somewhere where the system `LD_LIBRARY_PATH` does not
point. Before this, `kresd` would fail to start after `ninja install`
because it would not be able to find the `libkres.so` library.
The original workaround to this was to use `meson configure
-Ddefault_library=static`, but firstly, we would like it to be working
with the default settings, and secondly, we would like to have it as
similar to what most users will encounter as possible.
Vladimír Čunát [Wed, 6 Mar 2024 11:19:28 +0000 (12:19 +0100)]
daemon/lua: fix on 32-bit systems with 64-bit time_t
This improves the heuristics.
The problem would be detected by meson, but not when cross-compiling,
in which case things would mostly run OK, except some lua code/modules.
Vladimír Čunát [Fri, 23 Feb 2024 09:07:35 +0000 (10:07 +0100)]
lib/cache: bump CACHE_VERSION
Ideally we would've done that at once with increasing NSEC3 strictness,
i.e. in 5.7.1 + 6.0.6, as otherwise we could run into some recoverable
assertions until the records got removed or expired.
We at least do the bump now.
Vladimír Čunát [Tue, 2 Jan 2024 10:18:31 +0000 (11:18 +0100)]
validator: similarly also limit excessive NSEC3 salt length
Limit combination of iterations and salt length, based on estimated
expense of the computation. Note that the result only differs for
salt length > 44 which is rather nonsensical and very rare:
https://chat.dns-oarc.net/community/pl/h58qx9sjkbgt9dajb7x988p78a
Oto Šťáva [Tue, 12 Sep 2023 12:27:09 +0000 (14:27 +0200)]
.gitlab-ci: fix Pages publishing
This commit renames `docs:public` to `pages` as required by GitLab CI to
recognize Pages jobs correctly. It also adds the `public` directory into
`artifacts:paths`.
Oto Šťáva [Tue, 29 Aug 2023 08:38:13 +0000 (10:38 +0200)]
.gitlab-ci.yml: use environments for documentation versioning
This leverages Environments on GitLab to expose different versions of
Knot Resolver docs. The `docs:build` job builds the documentation and
exposes it via job artifacts. Then `docs:develop` (for branches) and
`docs:release` (for tags) take these artifacts and expose them via an
Environment link (an example of this in action may be seen at
[https://gitlab.nic.cz/ostava/knot-resolver/-/environments]).
There is also an optional, manually runnable `docs:public` job, which,
when run, propagates the documentation to the main GitLab Pages of the
project (e.g. [https://knot.pages.nic.cz/knot-resolver]) - this will
probably be mostly used for the latest release, although this setup
pretty much allows us to swap it for whatever version we like at any
time.
Officially yesterday, but there's long overlap when both address pairs
are promised to work. See e.g. this e-mail thread:
https://lists.dns-oarc.net/pipermail/dns-operations/2023-June/022052.html
Vladimír Čunát [Fri, 3 Nov 2023 11:31:06 +0000 (12:31 +0100)]
lib/zonecut.c fetch_addr(): resurrect filtering by NO_IPV*
This filtering was dropped in 4565cc596680 (v5.3.0).
Now it's reintroduced - but inside the function, as that seems nicer.
Nit: naming and comment were updated to fit the current usage.
As the code is designed so far (in whole history probably), in order
to detect whether we need to choose a zone cut closer to the root,
we need to do something like this in lib/zonecut.c already,
instead of just during server selection.
I don't think this change can break anything.
Fetching unusable addresses from cache seems pointless,
as selection wouldn't be allowed to use them or try resolving them.
Vladimír Čunát [Sat, 29 Jul 2023 15:53:34 +0000 (17:53 +0200)]
daemon: more avoidance of excessive TCP reconnections
Previously this penalization was only triggered if the remote server
closed TCP. Now it's extended to us closing it when the server
(only) sends back some nonsense. At least for the cases which I could
see immediately.
That's just three trivial one-line additions; the rest is refactoring.
Vladimír Čunát [Wed, 28 Jun 2023 15:48:51 +0000 (17:48 +0200)]
avoid knot_pkt_default_padding_size()
The reserved size in packet is a messy thing, broken by
https://gitlab.nic.cz/knot/knot-dns/-/commit/ded5fbf01d00a875f141
Fortunately this function is trivial, so we can inline what we need.
It gets complicated by an earlier typo fix, though.
Vladimír Čunát [Sat, 10 Jun 2023 08:34:12 +0000 (10:34 +0200)]
hints: fix names inside home.arpa.
Reported on https://forum.turris.cz/t/knot-resolver-with-local-fqdn-hostnames/19034/8
I write it as three comparisons, as it seems like a simple way of
still running only a single comparison in the typical case of QNAME
not falling under .arpa.
Tested just quickly, manually. This chunk of code already is replaced
for kresd >= 6.0.0.
Vladimír Čunát [Wed, 7 Jun 2023 08:30:33 +0000 (10:30 +0200)]
meson: add more warnings from the C compiler
I tested this still builds with gcc 6, gcc 13, clang 7, clang 16.
Our CI additionally does `-Werror`, so that the properties
will get maintained (on some Debian's default compiler and clang).
Warnings with gcc 13 seem clear for me now, too.
Oto Šťáva [Wed, 7 Jun 2023 13:04:10 +0000 (15:04 +0200)]
tests/dnstap: let Go handle its transitive dependencies
Dependabot reported that we have some vulnerable dependencies. The
problem is that the ones it wants to bump to do not support older Go
versions, which we need to use due to some distros not having the most
recent Go packages available.
The `go.sum` file contains the outdated ones (because I tried with an
older Go), but as far as I can tell, from Go docs and other places, it
is actually not a lockfile, so newer Go should update the packages
regardless of what is in `go.sum`.
Oto Šťáva [Wed, 7 Jun 2023 06:15:41 +0000 (08:15 +0200)]
tests/pytests: adapt to new pylint
New version of pylint removed the disabled `bad-continuation` check. It
also added a parens check that we were violating in
`test_random_close.py`, which is now fixed as well.
Vladimír Čunát [Mon, 29 May 2023 11:59:00 +0000 (13:59 +0200)]
lib/cache pkt_renew(): fix an edge-case bug
It could happen that this condition didn't get triggered,
but the structures weren't completely clear. In particular,
the current section could be past KNOT_ANSWER already.
Let's be more conservative here; pkt_recycle() shouldn't be expensive.
I'm not sure why I only ran into this on the new-policy branch,
but it really seems like bug here on master already.
Vladimír Čunát [Wed, 26 Apr 2023 09:16:34 +0000 (11:16 +0200)]
hints docs: explain root hints better
The removed tip seemed especially misleading;
I don't think our root hints could've ever been used that way.
And latency to root servers has practically no impact on latency
of replies to reasonable answers (just like... once per day and TLD).
Vladimír Čunát [Mon, 8 May 2023 08:39:41 +0000 (10:39 +0200)]
ci: drop debian 9
It looks like downloads won't work anymore:
https://gitlab.nic.cz/knot/knot-resolver/-/jobs/890201
https://gitlab.nic.cz/knot/knot-resolver/-/jobs/890312
which is probably because long-term support ended last summer.
Vladimír Čunát [Wed, 8 Mar 2023 16:18:16 +0000 (17:18 +0100)]
improve handling of SERVFAIL from forwarders
- selection: utilize address_state::broken also when forwarding
- selection: drop fallbacks that don't make sense when forwarding
- iterate: copy EDE codes on DNSSEC SERVFAILs
projects / thirdparty / knot-resolver.git / log
