dnsdist: Add per-backend `max_udp_outstanding` YAML config setting

This commit adds a new per-backend config setting `max_udp_outstanding`
which overrides the global `tuning.udp.max_outstanding_per_backend`
setting.

If the per-backend `max_udp_outstanding` setting is omitted, the value
of the global option `tuning.udp.max_outstanding_per_backend` will be
used instead.

This allows tuning the number of UDP states allocated on a per-backend
basis in order to tune the amount of memory consumed by dnsdist.
Low-latency backends may only need a small number of UDP states, while
high-latency backends may need a higher number of UDP states.

The `tuning.udp.max_outstanding_per_backend` setting and the new
per-backend `max_udp_outstanding` setting directly control the sizes of
the vectors of `IDState` objects that are preallocated at startup.

The size of the `IDState` object can vary depending on compile time
options, but in my local build it is currently 496 bytes. This means
that a backend with the maximum number of UDP states (65535) will
require allocating at least (496 * 65535 / 1048576) = 31 MB. Similarly,
a backend with 8192 UDP states will require allocating 3.9 MB, and a
backend with 256 UDP states only requires 124 KB.

Signed-off-by: Robert Edmonds <edmonds@users.noreply.github.com>

Merge pull request #17164 from rgacogne/ddist-error-on-unhandled-switch-case

dnsdist: Error on unhandled switch cases while in CI

dnsdist: Error on unhandled switch cases while in CI

Signed-off-by: Remi Gacogne <remi.gacogne@powerdns.com>

Merge pull request #17161 from omoerbeek/rec-rpz-zonemd

rec: skip ZONEMD records in RPZs

Merge pull request #16725 from miodvallat/split-domain

auth lmdb: split domains table

Merge pull request #17160 from miodvallat/fasten_your_seat_belts

auth: safer lua geoip queries

Merge pull request #17014 from miodvallat/protobof

auth: simple protobuf logging support

Simpler serialization code.

Signed-off-by: Miod Vallat <miod.vallat@powerdns.com>

Update locking to SharedLockGuard.

Signed-off-by: Miod Vallat <miod.vallat@powerdns.com>

Merge pull request #17053 from kabenin/fix/lua_addRecord

recursor: Fix lua addRecord function implementation

Remove unused variable.

Signed-off-by: Miod Vallat <miod.vallat@powerdns.com>

rec: skip ZONEMD records in RPZs

Signed-off-by: Otto Moerbeek <otto.moerbeek@open-xchange.com>

Make the optional argument accept both DNSName and string

Signed-off-by: Otto Moerbeek <otto.moerbeek@open-xchange.com>
Signed-off-by: Sasha Kabenin <28066869+kabenin@users.noreply.github.com>

rename test to better align with existing tests

Signed-off-by: Sasha Kabenin <28066869+kabenin@users.noreply.github.com>

Fix recursor lua addRecord function's impl in C++

name argiment must be DNSName, not string

Signed-off-by: Sasha Kabenin <28066869+kabenin@users.noreply.github.com>

Merge pull request #17150 from rgacogne/ddist-missing-forward-for-header-on-existing-conn

dnsdist: Handle missing X-Forwarded-For on existing DoH connection

Be sure to hold a read lock during Lua queries.

Fixes: #17158
Signed-off-by: Miod Vallat <miod.vallat@powerdns.com>

Merge pull request #17155 from miodvallat/i_can_haz_ttl

auth: dnsupdate handling buglet

Perform the CNAME unicity tests during updates regardless of the TTL.

Signed-off-by: Miod Vallat <miod.vallat@powerdns.com>

Merge pull request #17152 from miodvallat/did_not_age_well

auth: fixes to AXFR in Bind backend

Merge pull request #17153 from rgacogne/ddist-better-handling-of-nghttp2-errors

dnsdist: Better handling of nghttp2 errors

Merge pull request #17154 from rgacogne/ddist-outgoing-doh-remove-debug

dnsdist: Remove commented out leftover debug messages in outgoing DoH

dnsdist: Don't try to convert consumed bytes to a nghttp2 error

Signed-off-by: Remi Gacogne <remi.gacogne@powerdns.com>

dnsdist: Remove commented out leftover debug messages in outgoing DoH

Signed-off-by: Remi Gacogne <remi.gacogne@powerdns.com>

dnsdist: Better handling of nghttp2 errors

There are a few cases where an error returned by `nghttp2` could
have been silently ignored. Thanks to ilhamaf for reporting this!
As far as I can tell there is no actual impact, except perhaps that
we can detect errors/stale connections earlier, but I haven't been
able to cause any actual problem introduced by not handling these
errors properly.

Signed-off-by: Remi Gacogne <remi.gacogne@powerdns.com>

Harden stripDomainSuffix() logic.

Signed-off-by: Miod Vallat <miod.vallat@powerdns.com>

Merge pull request #17151 from rgacogne/ddist-ywh-230

dnsdist: Fix handling of long HTTP/2 Date headers, handle non-POSIX locales

Drop boolean return from stripDomainSuffix().

Signed-off-by: Miod Vallat <miod.vallat@powerdns.com>

Remove ciEqual(), clone of pdns_iequals().

Signed-off-by: Miod Vallat <miod.vallat@powerdns.com>

Merge pull request #17149 from miodvallat/parse_is_hard

webserver: correctly split the basic authorization cookie

Merge pull request #17148 from miodvallat/httpenury

auth: add a configurable limit of web server connections

dnsdist: Check the value of the HTTP Date header, even with a weird locale

Signed-off-by: Remi Gacogne <remi.gacogne@powerdns.com>

dnsdist: Use the POSIX locale to generate the HTTP Date header

Signed-off-by: Remi Gacogne <remi.gacogne@powerdns.com>

dnsdist: Split HTTP Date header generation, use timebuf_t

Signed-off-by: Remi Gacogne <remi.gacogne@powerdns.com>

dnsdist: Fix handling of long HTTP/2 Date headers

Some days of the year can, in some specific locales, require more than 40 bytes.
We should handle that gracefully with a larger buffer, and also just skip the
`Date` header altogether if it somehow does not fit into our buffer.

Signed-off-by: Remi Gacogne <remi.gacogne@powerdns.com>

dnsdist: Appease ruff

Signed-off-by: Remi Gacogne <remi.gacogne@powerdns.com>

dnsdist: Handle missing X-Forwarded-For on existing DoH connection

If `trustForwardedForHeader` is enabled, meaning we trust an upstream
reverse-proxy to fill it with the address of the initial client, and
the header was set on at least one previous query of the current DoH
connection, but is missing from the current query, we should fall back
to the address the connection is coming from instead of using the value
of the last received `X-Forwarded-For` header.
This should never happen in practice: if we trust the reverse proxy
to set the `X-Forwarded-For` header it should always do so. But let's
handle the case nevertheless, or we will get an endless stream of
reports from LLMs about it.

Signed-off-by: Remi Gacogne <remi.gacogne@powerdns.com>

Correctly split the basic authorization cookie.

This allows passwords containing colons to be correctly handled.

Signed-off-by: Miod Vallat <miod.vallat@powerdns.com>

Add a limit of the number of concurrent connections to auth webserver.

Signed-off-by: Miod Vallat <miod.vallat@powerdns.com>

Move connection-management.hh to shared place.

Signed-off-by: Miod Vallat <miod.vallat@powerdns.com>

Merge pull request #17002 from miodvallat/directbackenderror

pdnsutil: possibly helpful backend-cmd help

Merge pull request #17134 from miodvallat/gallup

auth: only perform secpoll checks when they make sense

Merge pull request #17141 from rgacogne/ddist-coverity-20260414

dnsdist: Silence performance warnings from Coverity

dnsdist: Silence performance warnings from Coverity

Coverity (CID 503155 and 503156, at least) is worried that we are
mistakenly duplicating the `std::string`s that our Lua bindings are
returning. We are doing it on purpose, so let's make it clear.

Signed-off-by: Remi Gacogne <remi.gacogne@powerdns.com>

Merge pull request #17140 from PowerDNS/dependabot/cargo/pdns/recursordist/rec-rust-lib/rust/rand-0.9.4

build(deps): bump rand from 0.9.2 to 0.9.4 in /pdns/recursordist/rec-rust-lib/rust

build(deps): bump rand in /pdns/recursordist/rec-rust-lib/rust

Bumps [rand](https://github.com/rust-random/rand) from 0.9.2 to 0.9.4.
- [Release notes](https://github.com/rust-random/rand/releases)
- [Changelog](https://github.com/rust-random/rand/blob/0.9.4/CHANGELOG.md)
- [Commits](https://github.com/rust-random/rand/compare/rand_core-0.9.2...0.9.4)

---
updated-dependencies:
- dependency-name: rand
  dependency-version: 0.9.4
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>

Merge pull request #17139 from miodvallat/codeupdate

auth: comb the dns update code

Better variable names.

Signed-off-by: Miod Vallat <miod.vallat@powerdns.com>

Work on DNSRecord references rather than pointers whenever possible.

Signed-off-by: Miod Vallat <miod.vallat@powerdns.com>

Reduce scope of MOADNSParser objects.

Signed-off-by: Miod Vallat <miod.vallat@powerdns.com>

Pass the MOADNSParser d_answers field rather than the whole object.

Signed-off-by: Miod Vallat <miod.vallat@powerdns.com>

Do not keep secpolling for non-releases.

Fixes: #17133
Signed-off-by: Miod Vallat <miod.vallat@powerdns.com>

Merge pull request #17132 from rgacogne/ddist-fix-dnsresponse_t-lua-ffi

dnsdist: Lua FFI response actions are passed a `dnsdist_ffi_dnsresponse_t`

Allow `dnsresponse`

Signed-off-by: Remi Gacogne <remi.gacogne@powerdns.com>

dnsdist: Lua FFI _response_ actions are passed a `dnsdist_ffi_dnsresponse_t`

Signed-off-by: Remi Gacogne <remi.gacogne@powerdns.com>

Merge pull request #17124 from rgacogne/ddist-refactor-dq-header-interface

dnsdist: Refactor access to DNS headers from Lua

Merge pull request #17126 from miodvallat/createhex

auth lua: one more bad case of createForward

Merge pull request #17044 from PowerDNS/dependabot/pip/meson/requests-2.33.0

build(deps): bump requests from 2.32.4 to 2.33.0 in /meson

Merge pull request #17046 from PowerDNS/dependabot/pip/regression-tests.api/requests-2.33.0

build(deps): bump requests from 2.32.4 to 2.33.0 in /regression-tests.api

Merge pull request #17130 from miodvallat/dynlistentome

auth: some pdns_control love

Merge pull request #17129 from rgacogne/ddist-coverity-cid-502893

dnsdist: Fix a warning from Coverity about unintentional copy

Merge pull request #17128 from omoerbeek/rec-coverity-lua

rec: minor optimization from Coverity

Give some details about control socket setup and access control.

Signed-off-by: Miod Vallat <miod.vallat@powerdns.com>

rec: minor optimization from Coverity

Signed-off-by: Otto Moerbeek <otto.moerbeek@open-xchange.com>

dnsdist: Fix a warning from Coverity about unintentional copy

It is intentional, so make it clear.

Signed-off-by: Remi Gacogne <remi.gacogne@powerdns.com>

dnsdist: Apply documentation suggestions from Pieter (thanks!)

Signed-off-by: Remi Gacogne <remi.gacogne@powerdns.com>

Merge pull request #17127 from kpfleming/complete-rename-swagger-to-openapi

Complete the transition from Swagger to OpenAPI

Merge pull request #17125 from pieterlexis/dnsdist-padding-ecs

feat(dnsdist): Test for Frontend padding and backend ECS

Complete the transition from Swagger to OpenAPI

Remove one remaining reference to Swagger in the documentation, and
rename the API schema file to use 'openapi' instead of
'swagger'. These are all internal (build system and other) changes and
should have no effect on users.

Signed-off-by: Kevin P. Fleming <kevin@km6g.us>

Add a test with trailing hex digits for createfoward 1-2-3-4.

Signed-off-by: Miod Vallat <miod.vallat@powerdns.com>

Reject trailing hex digits in createforward 1-2-3-4 format.

Signed-off-by: Miod Vallat <miod.vallat@powerdns.com>

feat(dnsdist): Test for Frontend padding and backend ECS

Make more use of all-zeros strings. NFC

Signed-off-by: Miod Vallat <miod.vallat@powerdns.com>

Merge pull request #17123 from miodvallat/backtick

fix markdown error

Give more details about what happens if split-domain setting is changed.

Signed-off-by: Miod Vallat <miod.vallat@powerdns.com>

Remove spurious backticks.

Closes: #17111
Signed-off-by: Miod Vallat <miod.vallat@powerdns.com>

dnsdist: Refactor access to DNS headers from Lua

The existing interface is error-prone: it provides a pointer to
a buffer that might get invalidated if the user keeps it around
too long. The new interface makes it clear when the modification
is actually performed, and there is no dangling pointer.

Signed-off-by: Remi Gacogne <remi.gacogne@powerdns.com>

Merge pull request #17120 from rgacogne/ddist-coverity-20260408

dnsdist: Fix some warnings reported by Coverity

dnsdist: Fix some warnings reported by Coverity

Being more consistent when moving `RemoteLogActionConfiguration` objects.

Signed-off-by: Remi Gacogne <remi.gacogne@powerdns.com>

Merge pull request #17081 from rgacogne/ddist-dont-keep-parsed-edns-options-around

dnsdist: Do not keep the parsed EDNS options around

Merge pull request #17058 from rgacogne/ddist-move-dnsname-response-ring

dnsdist: Move the existing DNSName into the response rings

build(deps): bump requests in /regression-tests.api

Bumps [requests](https://github.com/psf/requests) from 2.32.4 to 2.33.0.
- [Release notes](https://github.com/psf/requests/releases)
- [Changelog](https://github.com/psf/requests/blob/main/HISTORY.md)
- [Commits](https://github.com/psf/requests/compare/v2.32.4...v2.33.0)

---
updated-dependencies:
- dependency-name: requests
  dependency-version: 2.33.0
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>

build(deps): bump requests from 2.32.4 to 2.33.0 in /meson

Bumps [requests](https://github.com/psf/requests) from 2.32.4 to 2.33.0.
- [Release notes](https://github.com/psf/requests/releases)
- [Changelog](https://github.com/psf/requests/blob/main/HISTORY.md)
- [Commits](https://github.com/psf/requests/compare/v2.32.4...v2.33.0)

---
updated-dependencies:
- dependency-name: requests
  dependency-version: 2.33.0
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>

Merge pull request #17115 from pieterlexis/dnsdist-yw-202-padding

dnsdist: Actually pad responses

Merge pull request #17119 from pieterlexis/update-py-deps

chore: Update all python dependencies

dnsdist: Pass copies of EDNS options to Lua, views are error-prone

Signed-off-by: Remi Gacogne <remi.gacogne@powerdns.com>

dnsdist: Do not keep the parsed EDNS options around

The idea to keep the EDNS options around to avoid parsing them
a second time was a nice one, but invalidation is error-prone and
this is rarely useful in practice.

Signed-off-by: Remi Gacogne <remi.gacogne@powerdns.com>

chore: Update all python dependencies

Merge pull request #17117 from ronhombre/fix/cpq-use-after-move-doh3

Hardened DoH3 internal error handling for cpq

chore(dnsdist): Add unit tests for addEDNSPadding

Merge pull request #17116 from pieterlexis/dnsdist-remove-debug

chore(dnsdist): clean up troubleshooting code

Plug protobuf logging at a higher level, to get more packets.

Signed-off-by: Miod Vallat <miod.vallat@powerdns.com>

auth: basic protobuf emission including test

Signed-off-by: Miod Vallat <miod.vallat@powerdns.com>

Hardened DoH3 internal error handling for cpq

Added a check for cpq before releasing DU to handle exceptional cases.

Signed-off-by: Ron Lauren Hombre <118486316+ronhombre@users.noreply.github.com>

fix(dnsdist): allow adding empty options in addOrReplaceEDNSOption

fix(dnsdist): actually pad responses when requested

feat(dnsdist): test self-answered, padded DOH

fix(dnsdist): do not let dnspython pad responses

chore(dnsdist): clean up troubleshooting code

Merge pull request #17114 from ronhombre/fix/cpq-use-after-move

Hardened DoQ internal error handling for cpq