]>
git.ipfire.org Git - thirdparty/pdns.git/log
Remi Gacogne [Thu, 6 Nov 2025 09:12:25 +0000 (10:12 +0100)]
Merge pull request #16439 from rgacogne/ddist20-backport-16372
Remi Gacogne [Wed, 5 Nov 2025 15:32:46 +0000 (16:32 +0100)]
dnsdist: Document that `Regex` matches in a case-insensitive way
Signed-off-by: Remi Gacogne <remi.gacogne@powerdns.com>
(cherry picked from commit
561ce344a7aa829bc51c897cb3e02c7a08651df4 )
Signed-off-by: Remi Gacogne <remi.gacogne@powerdns.com>
Remi Gacogne [Fri, 24 Oct 2025 14:55:01 +0000 (16:55 +0200)]
Regex: Appease clang-tidy
Signed-off-by: Remi Gacogne <remi.gacogne@powerdns.com>
(cherry picked from commit
d9f454a3f3d918ecc9248aface3bacad2e32f71b )
Signed-off-by: Remi Gacogne <remi.gacogne@powerdns.com>
Remi Gacogne [Fri, 24 Oct 2025 14:16:02 +0000 (16:16 +0200)]
Regex: Prevent accidently copying the underlying `regex_t`
Signed-off-by: Remi Gacogne <remi.gacogne@powerdns.com>
(cherry picked from commit
fef5b856a497eb4e4b691d3596535073d61aadcc )
Signed-off-by: Remi Gacogne <remi.gacogne@powerdns.com>
Remi Gacogne [Fri, 24 Oct 2025 12:35:20 +0000 (14:35 +0200)]
dnsdist: Document that our `Regex` is Posix Extended Regular Expressions-compatibleSigned-off-by: Remi Gacogne <remi.gacogne@powerdns.com>
Remi Gacogne [Fri, 24 Oct 2025 12:34:46 +0000 (14:34 +0200)]
dnsdist: Just in case, catch `PDNSException` while loading YAML configuration
Signed-off-by: Remi Gacogne <remi.gacogne@powerdns.com>
(cherry picked from commit
e2a5799bf62d0aa747dddbffb71616352c691b71 )
Signed-off-by: Remi Gacogne <remi.gacogne@powerdns.com>
Remi Gacogne [Fri, 24 Oct 2025 12:34:16 +0000 (14:34 +0200)]
dnsdist: Properly handle invalid regular expressions
Signed-off-by: Remi Gacogne <remi.gacogne@powerdns.com>
(cherry picked from commit
4828beccd5b56e42a130591ee60f6b5df0c464b3 )
Signed-off-by: Remi Gacogne <remi.gacogne@powerdns.com>
Remi Gacogne [Wed, 5 Nov 2025 15:47:41 +0000 (16:47 +0100)]
Merge pull request #16435 from rgacogne/ddist20-backport-16229
Remi Gacogne [Wed, 5 Nov 2025 15:47:27 +0000 (16:47 +0100)]
Merge pull request #16436 from rgacogne/ddist20-backport-16333
Peter van Dijk [Tue, 21 Oct 2025 15:18:58 +0000 (17:18 +0200)]
regression-tests.dnsdist: detect function absence and report it better
(cherry picked from commit
bb714732eaedea0a26c21729b22b1d88feffb163 )
Peter van Dijk [Thu, 9 Oct 2025 11:22:54 +0000 (13:22 +0200)]
store debug.traceback function before user can hide it from us
Signed-off-by: Peter van Dijk <peter.van.dijk@powerdns.com>
(cherry picked from commit
3dc2224362f82cb281b7202811af8291cbac63f9 )
Signed-off-by: Remi Gacogne <remi.gacogne@powerdns.com>
Remi Gacogne [Wed, 5 Nov 2025 11:28:17 +0000 (12:28 +0100)]
Merge pull request #16406 from romeroalx/backport-15267-dnsdist-2.0.x
Remi Gacogne [Tue, 4 Nov 2025 15:17:39 +0000 (16:17 +0100)]
Merge pull request #16430 from rgacogne/ddist20-backport-16375
Remi Gacogne [Tue, 4 Nov 2025 15:17:17 +0000 (16:17 +0100)]
Merge pull request #16431 from rgacogne/ddist20-backport-16255
Otto Moerbeek [Mon, 27 Oct 2025 09:33:28 +0000 (10:33 +0100)]
Include a Date: response header for rejected HTTP1 requests
This allows OpenBSD ntpd time constraint retrieval to work properly
with nghttp2 incoming DoH.
Note that requests having no alpn data do not appear in any stats.
Should that be changed?
Signed-off-by: Otto Moerbeek <otto.moerbeek@open-xchange.com>
(cherry picked from commit
2f23fc90d2cf1b8fa8b885543ac01ba722ca23c0 )
Remi Gacogne [Tue, 21 Oct 2025 12:24:56 +0000 (14:24 +0200)]
dnsdist: Fix typo spotted by Miod!
Signed-off-by: Remi Gacogne <remi.gacogne@powerdns.com>
(cherry picked from commit
80ed46bdb9ddd432a77d3401b98480b2de292c03 )
Remi Gacogne [Tue, 21 Oct 2025 09:39:26 +0000 (11:39 +0200)]
dnsdist: Fix comment as suggested by Miod
Signed-off-by: Remi Gacogne <remi.gacogne@powerdns.com>
(cherry picked from commit
ec21af00d5d682ffaa916b4bf48209dfa9038814 )
Remi Gacogne [Fri, 17 Oct 2025 08:12:27 +0000 (10:12 +0200)]
libssl: It is now likely that the OCSP leak will be fixed in OpenSSL 3.6.1
Signed-off-by: Remi Gacogne <remi.gacogne@powerdns.com>
(cherry picked from commit
2342ad6efa8065039c85c7ee0f373c3f61d0f1ce )
Remi Gacogne [Fri, 17 Oct 2025 08:11:56 +0000 (10:11 +0200)]
libssl: Rename the `copy` variable which might not always be a copy
Signed-off-by: Remi Gacogne <remi.gacogne@powerdns.com>
(cherry picked from commit
91b6691c90e5f733fcee5c0166e01184b04604d4 )
Remi Gacogne [Mon, 13 Oct 2025 14:18:13 +0000 (16:18 +0200)]
dnsdist: Fix a memory link with OCSP and OpenSSL 3.6.0
See https://github.com/openssl/openssl/issues/28888
I'm not very happy with the fix, but I don't really have a better idea at this point.
Reported by LeakSanitizer:
```
=================================================================
==121188==ERROR: LeakSanitizer: detected memory leaks
Direct leak of 1132 byte(s) in 2 object(s) allocated from:
#0 0x7f9278720cb5 in malloc /usr/src/debug/gcc/gcc/libsanitizer/asan/asan_malloc_linux.cpp:67
#1 0x7f9277f9189e in CRYPTO_malloc (/usr/lib/libcrypto.so.3+0x19189e) (BuildId:
9943e383d1a8a3cdcf8786b70a4abbf903e67661 )
#2 0x561ed5dfcfe8 in libssl_ocsp_stapling_callback(ssl_st*, std::map<int, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::less<int>, std::allocator<std::pair<int const, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > > > const&) ../libssl.cc:378
#3 0x7f92779c965a (/usr/lib/libssl.so.3+0xb065a) (BuildId:
05d6e27a4ef1635017caf539e4d5b5687767d20b )
#4 0x7f92779b2b2d (/usr/lib/libssl.so.3+0x99b2d) (BuildId:
05d6e27a4ef1635017caf539e4d5b5687767d20b )
#5 0x7f92779b579d (/usr/lib/libssl.so.3+0x9c79d) (BuildId:
05d6e27a4ef1635017caf539e4d5b5687767d20b )
#6 0x561ed5f94e44 in OpenSSLTLSConnection::tryHandshake() ../tcpiohandler.cc:375
#7 0x561ed58d690d in TCPIOHandler::tryHandshake() ../tcpiohandler.hh:369
#8 0x561ed58d690d in IncomingTCPConnectionState::handleHandshake(timeval const&) ../dnsdist-tcp.cc:1070
#9 0x561ed593118d in IncomingTCPConnectionState::handleIO() ../dnsdist-tcp.cc:1251
#10 0x561ed58fc420 in handleIncomingTCPQuery ../dnsdist-tcp.cc:1468
#11 0x561ed3b21d72 in std::function<void (int, boost::any&)>::operator()(int, boost::any&) const /usr/include/c++/15.2.1/bits/std_function.h:593
#12 0x561ed3b21d72 in EpollFDMultiplexer::run(timeval*, int) ../epollmplexer.cc:188
#13 0x561ed591a6e8 in tcpClientThread ../dnsdist-tcp.cc:1698
#14 0x561ed593d147 in void std::__invoke_impl<void, void (*)(pdns::channel::Receiver<ConnectionInfo, std::default_delete<ConnectionInfo> >&&, pdns::channel::Receiver<CrossProtocolQuery, std::default_delete<CrossProtocolQuery> >&&, pdns::channel::Receiver<TCPCrossProtocolResponse, std::default_delete<TCPCrossProtocolResponse> >&&, pdns::channel::Sender<TCPCrossProtocolResponse, std::default_delete<TCPCrossProtocolResponse> >&&, std::vector<ClientState*, std::allocator<ClientState*> >), pdns::channel::Receiver<ConnectionInfo, std::default_delete<ConnectionInfo> >, pdns::channel::Receiver<CrossProtocolQuery, std::default_delete<CrossProtocolQuery> >, pdns::channel::Receiver<TCPCrossProtocolResponse, std::default_delete<TCPCrossProtocolResponse> >, pdns::channel::Sender<TCPCrossProtocolResponse, std::default_delete<TCPCrossProtocolResponse> >, std::vector<ClientState*, std::allocator<ClientState*> > >(std::__invoke_other, void (*&&)(pdns::channel::Receiver<ConnectionInfo, std::default_delete<ConnectionInfo> >&&, pdns::channel::Receiver<CrossProtocolQuery, std::default_delete<CrossProtocolQuery> >&&, pdns::channel::Receiver<TCPCrossProtocolResponse, std::default_delete<TCPCrossProtocolResponse> >&&, pdns::channel::Sender<TCPCrossProtocolResponse, std::default_delete<TCPCrossProtocolResponse> >&&, std::vector<ClientState*, std::allocator<ClientState*> >), pdns::channel::Receiver<ConnectionInfo, std::default_delete<ConnectionInfo> >&&, pdns::channel::Receiver<CrossProtocolQuery, std::default_delete<CrossProtocolQuery> >&&, pdns::channel::Receiver<TCPCrossProtocolResponse, std::default_delete<TCPCrossProtocolResponse> >&&, pdns::channel::Sender<TCPCrossProtocolResponse, std::default_delete<TCPCrossProtocolResponse> >&&, std::vector<ClientState*, std::allocator<ClientState*> >&&) /usr/include/c++/15.2.1/bits/invoke.h:63
#15 0x561ed593d147 in std::__invoke_result<void (*)(pdns::channel::Receiver<ConnectionInfo, std::default_delete<ConnectionInfo> >&&, pdns::channel::Receiver<CrossProtocolQuery, std::default_delete<CrossProtocolQuery> >&&, pdns::channel::Receiver<TCPCrossProtocolResponse, std::default_delete<TCPCrossProtocolResponse> >&&, pdns::channel::Sender<TCPCrossProtocolResponse, std::default_delete<TCPCrossProtocolResponse> >&&, std::vector<ClientState*, std::allocator<ClientState*> >), pdns::channel::Receiver<ConnectionInfo, std::default_delete<ConnectionInfo> >, pdns::channel::Receiver<CrossProtocolQuery, std::default_delete<CrossProtocolQuery> >, pdns::channel::Receiver<TCPCrossProtocolResponse, std::default_delete<TCPCrossProtocolResponse> >, pdns::channel::Sender<TCPCrossProtocolResponse, std::default_delete<TCPCrossProtocolResponse> >, std::vector<ClientState*, std::allocator<ClientState*> > >::type std::__invoke<void (*)(pdns::channel::Receiver<ConnectionInfo, std::default_delete<ConnectionInfo> >&&, pdns::channel::Receiver<CrossProtocolQuery, std::default_delete<CrossProtocolQuery> >&&, pdns::channel::Receiver<TCPCrossProtocolResponse, std::default_delete<TCPCrossProtocolResponse> >&&, pdns::channel::Sender<TCPCrossProtocolResponse, std::default_delete<TCPCrossProtocolResponse> >&&, std::vector<ClientState*, std::allocator<ClientState*> >), pdns::channel::Receiver<ConnectionInfo, std::default_delete<ConnectionInfo> >, pdns::channel::Receiver<CrossProtocolQuery, std::default_delete<CrossProtocolQuery> >, pdns::channel::Receiver<TCPCrossProtocolResponse, std::default_delete<TCPCrossProtocolResponse> >, pdns::channel::Sender<TCPCrossProtocolResponse, std::default_delete<TCPCrossProtocolResponse> >, std::vector<ClientState*, std::allocator<ClientState*> > >(void (*&&)(pdns::channel::Receiver<ConnectionInfo, std::default_delete<ConnectionInfo> >&&, pdns::channel::Receiver<CrossProtocolQuery, std::default_delete<CrossProtocolQuery> >&&, pdns::channel::Receiver<TCPCrossProtocolResponse, std::default_delete<TCPCrossProtocolResponse> >&&, pdns::channel::Sender<TCPCrossProtocolResponse, std::default_delete<TCPCrossProtocolResponse> >&&, std::vector<ClientState*, std::allocator<ClientState*> >), pdns::channel::Receiver<ConnectionInfo, std::default_delete<ConnectionInfo> >&&, pdns::channel::Receiver<CrossProtocolQuery, std::default_delete<CrossProtocolQuery> >&&, pdns::channel::Receiver<TCPCrossProtocolResponse, std::default_delete<TCPCrossProtocolResponse> >&&, pdns::channel::Sender<TCPCrossProtocolResponse, std::default_delete<TCPCrossProtocolResponse> >&&, std::vector<ClientState*, std::allocator<ClientState*> >&&) /usr/include/c++/15.2.1/bits/invoke.h:98
#16 0x561ed593d147 in void std::thread::_Invoker<std::tuple<void (*)(pdns::channel::Receiver<ConnectionInfo, std::default_delete<ConnectionInfo> >&&, pdns::channel::Receiver<CrossProtocolQuery, std::default_delete<CrossProtocolQuery> >&&, pdns::channel::Receiver<TCPCrossProtocolResponse, std::default_delete<TCPCrossProtocolResponse> >&&, pdns::channel::Sender<TCPCrossProtocolResponse, std::default_delete<TCPCrossProtocolResponse> >&&, std::vector<ClientState*, std::allocator<ClientState*> >), pdns::channel::Receiver<ConnectionInfo, std::default_delete<ConnectionInfo> >, pdns::channel::Receiver<CrossProtocolQuery, std::default_delete<CrossProtocolQuery> >, pdns::channel::Receiver<TCPCrossProtocolResponse, std::default_delete<TCPCrossProtocolResponse> >, pdns::channel::Sender<TCPCrossProtocolResponse, std::default_delete<TCPCrossProtocolResponse> >, std::vector<ClientState*, std::allocator<ClientState*> > > >::_M_invoke<0ul, 1ul, 2ul, 3ul, 4ul, 5ul>(std::_Index_tuple<0ul, 1ul, 2ul, 3ul, 4ul, 5ul>) /usr/include/c++/15.2.1/bits/std_thread.h:303
#17 0x561ed593d147 in std::thread::_Invoker<std::tuple<void (*)(pdns::channel::Receiver<ConnectionInfo, std::default_delete<ConnectionInfo> >&&, pdns::channel::Receiver<CrossProtocolQuery, std::default_delete<CrossProtocolQuery> >&&, pdns::channel::Receiver<TCPCrossProtocolResponse, std::default_delete<TCPCrossProtocolResponse> >&&, pdns::channel::Sender<TCPCrossProtocolResponse, std::default_delete<TCPCrossProtocolResponse> >&&, std::vector<ClientState*, std::allocator<ClientState*> >), pdns::channel::Receiver<ConnectionInfo, std::default_delete<ConnectionInfo> >, pdns::channel::Receiver<CrossProtocolQuery, std::default_delete<CrossProtocolQuery> >, pdns::channel::Receiver<TCPCrossProtocolResponse, std::default_delete<TCPCrossProtocolResponse> >, pdns::channel::Sender<TCPCrossProtocolResponse, std::default_delete<TCPCrossProtocolResponse> >, std::vector<ClientState*, std::allocator<ClientState*> > > >::operator()() /usr/include/c++/15.2.1/bits/std_thread.h:310
#18 0x561ed593d147 in std::thread::_State_impl<std::thread::_Invoker<std::tuple<void (*)(pdns::channel::Receiver<ConnectionInfo, std::default_delete<ConnectionInfo> >&&, pdns::channel::Receiver<CrossProtocolQuery, std::default_delete<CrossProtocolQuery> >&&, pdns::channel::Receiver<TCPCrossProtocolResponse, std::default_delete<TCPCrossProtocolResponse> >&&, pdns::channel::Sender<TCPCrossProtocolResponse, std::default_delete<TCPCrossProtocolResponse> >&&, std::vector<ClientState*, std::allocator<ClientState*> >), pdns::channel::Receiver<ConnectionInfo, std::default_delete<ConnectionInfo> >, pdns::channel::Receiver<CrossProtocolQuery, std::default_delete<CrossProtocolQuery> >, pdns::channel::Receiver<TCPCrossProtocolResponse, std::default_delete<TCPCrossProtocolResponse> >, pdns::channel::Sender<TCPCrossProtocolResponse, std::default_delete<TCPCrossProtocolResponse> >, std::vector<ClientState*, std::allocator<ClientState*> > > > >::_M_run() /usr/include/c++/15.2.1/bits/std_thread.h:255
#19 0x7f92772e55a3 in execute_native_thread_routine /usr/src/debug/gcc/gcc/libstdc++-v3/src/c++11/thread.cc:104
#20 0x7f927865e11a in asan_thread_start /usr/src/debug/gcc/gcc/libsanitizer/asan/asan_interceptors.cpp:239
#21 0x7f92766969ca (/usr/lib/libc.so.6+0x969ca) (BuildId:
4fe011c94a88e8aeb6f2201b9eb369f42b4a1e9e )
SUMMARY: AddressSanitizer: 1132 byte(s) leaked in 2 allocation(s).
```
Signed-off-by: Remi Gacogne <remi.gacogne@powerdns.com>
(cherry picked from commit
9ae6ddc37a303985d06488d6fb76ff53017b818a )
Remi Gacogne [Mon, 3 Nov 2025 15:42:15 +0000 (16:42 +0100)]
Merge pull request #16410 from rgacogne/ddist20-backport-16217
Remi Gacogne [Mon, 3 Nov 2025 13:46:55 +0000 (14:46 +0100)]
Merge pull request #16346 from rgacogne/ddist20-backport-16214
Remi Gacogne [Tue, 7 Oct 2025 14:03:00 +0000 (16:03 +0200)]
dnsdist: Add package urls to our SBOMs
Signed-off-by: Remi Gacogne <remi.gacogne@powerdns.com>
(cherry picked from commit
0da0d23db6c38a72ecb8dae0317fc5aa12ef4d25 )
romeroalx [Tue, 28 Oct 2025 11:53:44 +0000 (12:53 +0100)]
gh actions build-packages: avoid duplicates download-artifacts action. Fix publications
romeroalx [Fri, 7 Mar 2025 07:00:19 +0000 (08:00 +0100)]
gh actions: upload packages to an additional repository
Remi Gacogne [Mon, 3 Nov 2025 10:36:59 +0000 (11:36 +0100)]
Merge pull request #16400 from omoerbeek/backport-16392-to-dnsdist-2.0.x
Otto Moerbeek [Thu, 30 Oct 2025 11:38:16 +0000 (12:38 +0100)]
Better words in comment
Signed-off-by: Otto Moerbeek <otto.moerbeek@open-xchange.com>
(cherry picked from commit
9dd5af8c6a44c76a163bc63434925659d47e59ef )
Otto Moerbeek [Wed, 29 Oct 2025 11:31:12 +0000 (12:31 +0100)]
Make version number in rust lib confirm to Rust specifics
Signed-off-by: Otto Moerbeek <otto.moerbeek@open-xchange.com>
(cherry picked from commit
b141ed0805e14bf50b8dd01aa7f4d84e26d45fdf )
Remi Gacogne [Wed, 22 Oct 2025 13:48:03 +0000 (15:48 +0200)]
Merge pull request #16345 from rgacogne/ddist20-backport-16230
Remi Gacogne [Wed, 22 Oct 2025 13:05:36 +0000 (15:05 +0200)]
Merge pull request #16328 from rgacogne/ddist20-backport-15794
Remi Gacogne [Wed, 22 Oct 2025 13:05:17 +0000 (15:05 +0200)]
Merge pull request #16327 from rgacogne/ddist20-backport-16140
Remi Gacogne [Wed, 22 Oct 2025 13:05:03 +0000 (15:05 +0200)]
Merge pull request #16326 from rgacogne/ddist20-backport-16144
Remi Gacogne [Wed, 22 Oct 2025 13:04:50 +0000 (15:04 +0200)]
Merge pull request #16325 from rgacogne/ddist20-backport-16178
Remi Gacogne [Wed, 22 Oct 2025 13:04:37 +0000 (15:04 +0200)]
Merge pull request #16324 from rgacogne/ddist20-backport-16180
Remi Gacogne [Wed, 22 Oct 2025 13:04:25 +0000 (15:04 +0200)]
Merge pull request #16322 from rgacogne/ddist20-backport-16238
Remi Gacogne [Tue, 21 Oct 2025 13:28:38 +0000 (15:28 +0200)]
Merge pull request #16320 from rgacogne/ddist20-backport-16241
Peter van Dijk [Thu, 9 Oct 2025 11:41:29 +0000 (13:41 +0200)]
luawrapper: don't segfault on failure in traceback handler
Signed-off-by: Peter van Dijk <peter.van.dijk@powerdns.com>
(cherry picked from commit
3e12d56c5491618688d5166ce1d4741e34b37be9 )
Remi Gacogne [Mon, 6 Oct 2025 13:58:22 +0000 (15:58 +0200)]
dnsdist: Fix parameter names in `dnsdist_ffi_dnsquestion_set_alternate_name`
Signed-off-by: Remi Gacogne <remi.gacogne@powerdns.com>
(cherry picked from commit
a30f694137d9b443efc6ae49b9016ced735a37d1 )
Remi Gacogne [Mon, 6 Oct 2025 12:28:46 +0000 (14:28 +0200)]
dnsdist: Remove empty trailing line
Signed-off-by: Remi Gacogne <remi.gacogne@powerdns.com>
(cherry picked from commit
d396b26772ac6b8a5835c81b5f665632c4c2b3cb )
Remi Gacogne [Mon, 6 Oct 2025 12:26:47 +0000 (14:26 +0200)]
dnsdist: Fix clang-tidy warnings, test more cases
Signed-off-by: Remi Gacogne <remi.gacogne@powerdns.com>
(cherry picked from commit
e6cf554574d6875c4e233f6b0dcbe844fd58a850 )
Remi Gacogne [Mon, 6 Oct 2025 10:56:01 +0000 (12:56 +0200)]
dnsdist: Refactor the FFI "alternate name" interface
So we can use it without making the query asynchronous when we
don't have to.
Signed-off-by: Remi Gacogne <remi.gacogne@powerdns.com>
(cherry picked from commit
8ccff7a4f1475e873d400f5fb908edb482ea1850 )
Remi Gacogne [Tue, 21 Oct 2025 12:35:05 +0000 (14:35 +0200)]
Merge pull request #16309 from rgacogne/ddist20-backport-16292
Remi Gacogne [Tue, 21 Oct 2025 12:34:44 +0000 (14:34 +0200)]
Merge pull request #16310 from rgacogne/ddist20-backport-16155
Remi Gacogne [Tue, 21 Oct 2025 12:27:50 +0000 (14:27 +0200)]
Merge pull request #16315 from rgacogne/ddist20-backport-16285
Remi Gacogne [Tue, 21 Oct 2025 12:27:38 +0000 (14:27 +0200)]
Merge pull request #16316 from rgacogne/ddist20-backport-16256
Remi Gacogne [Tue, 21 Oct 2025 12:27:26 +0000 (14:27 +0200)]
Merge pull request #16317 from rgacogne/ddist20-backport-16254
Remi Gacogne [Tue, 21 Oct 2025 12:27:13 +0000 (14:27 +0200)]
Merge pull request #16318 from rgacogne/ddist20-backport-16244
Remi Gacogne [Tue, 21 Oct 2025 12:26:59 +0000 (14:26 +0200)]
Merge pull request #16319 from rgacogne/ddist20-backport-16242
Remi Gacogne [Fri, 17 Oct 2025 14:35:34 +0000 (16:35 +0200)]
dnsdist: Fix query rules bypass after tagging from a dynblock
In 2.0.0 we introduced the ability to set a tag when a dynamic
block matches, making it possible to combine dynamic blocks with
existing rules. Unfortunately the implementation turned out to
bypass query rules after setting a tag, so the mechanism could
only be used with the remaining rules chains (cache hit, cache-miss,
cache inserted, self-answered and regular response rules).
This commit fixes that to ensure that we can use tags with query
rules as well.
Signed-off-by: Remi Gacogne <remi.gacogne@powerdns.com>
(cherry picked from commit
b2afaadbd8e3403a68a93fa82b7a25be9f89e385 )
Remi Gacogne [Mon, 22 Sep 2025 15:02:24 +0000 (17:02 +0200)]
dnsdist: Error out in meson-sdist-script.sh when BUILDER_VERSION is unset
Signed-off-by: Remi Gacogne <remi.gacogne@powerdns.com>
(cherry picked from commit
ed2ce8b3b7e103f8dc9953a55a1e814ceeb1bb64 )
Remi Gacogne [Mon, 22 Sep 2025 15:01:28 +0000 (17:01 +0200)]
dnsdist: Add comment about the Rust library version being automatically updated
Signed-off-by: Remi Gacogne <remi.gacogne@powerdns.com>
(cherry picked from commit
97124012429f6d088575b350e7cf134c24538f3c )
Remi Gacogne [Fri, 17 Oct 2025 10:33:21 +0000 (12:33 +0200)]
dnsdist: Make inserting to the in-memory rings a bit faster
This commit moves the allocation and copy of the DNS name before
taking the lock, reducing contention. In completely unrealistic
benchmarks this makes the insertion ~10% faster.
Ideally I would rather move the existing `DNSName` instead of allocating
a new one, as we are usually done with it by the point we insert
into the rings, but this involves a lot of changes so let's start
with this.
Signed-off-by: Remi Gacogne <remi.gacogne@powerdns.com>
(cherry picked from commit
868ec90eacc2fc10f923bbfc333cb5b802fc9fbb )
Remi Gacogne [Mon, 13 Oct 2025 14:54:07 +0000 (16:54 +0200)]
dnsdist: Allow selecting a specific version of Lua with meson
Signed-off-by: Remi Gacogne <remi.gacogne@powerdns.com>
(cherry picked from commit
e85ba9b1a7e7d5fc38d295e1538173893c79eaaf )
Remi Gacogne [Mon, 13 Oct 2025 15:21:07 +0000 (17:21 +0200)]
test-iputils_hh.cc: Appease clang-tidy
Signed-off-by: Remi Gacogne <remi.gacogne@powerdns.com>
(cherry picked from commit
27ef73a521cf551bdc3b488df53727ec0c46057a )
Remi Gacogne [Mon, 13 Oct 2025 14:44:15 +0000 (16:44 +0200)]
iputils: Make static addresses static in `ComboAddress::isUnspecified`
Prevent having to instantiate them again and again, as suggested by
Otto.
Signed-off-by: Remi Gacogne <remi.gacogne@powerdns.com>
(cherry picked from commit
a4301807428dd4389d9bb43bffea171f5ca3c2ae )
Remi Gacogne [Mon, 13 Oct 2025 14:13:03 +0000 (16:13 +0200)]
ComboAddress: Fix "unspecified address" test when the port is set
This fixes the QUIC issue reported on FreeBSD: the frontend
was not considered to be bound to an `ANY`/unspecified address
because the port was set, causing the address selection address
to fail.
Signed-off-by: Remi Gacogne <remi.gacogne@powerdns.com>
(cherry picked from commit
940d35a6237ba997bce1e1ef80ad836ad11da4ae )
Remi Gacogne [Fri, 10 Oct 2025 14:40:25 +0000 (16:40 +0200)]
dnsdist: Don't choke on invalid DNS payload when generating protobuf messages
Signed-off-by: Remi Gacogne <remi.gacogne@powerdns.com>
(cherry picked from commit
ba78a38a7a2349ec73fa2a66b552eb2234b42007 )
Remi Gacogne [Fri, 10 Oct 2025 14:39:56 +0000 (16:39 +0200)]
dnsdist: Properly zero-initialize the "fake" DNS header
Signed-off-by: Remi Gacogne <remi.gacogne@powerdns.com>
(cherry picked from commit
153a1bf296f58c38cfd4fb96de29e2677ac42e04 )
Remi Gacogne [Fri, 10 Oct 2025 09:45:25 +0000 (11:45 +0200)]
dnsdist: Set up the dns header for timeout response rules
Response actions expect that there is a DNS payload containing at
least a DNS header, as an incoming packet smaller than a DNS header
would have been discarded early in the processing path.
Unfortunately this is not true for timeout response rules, where we
no longer have the DNS payload from the query and obviously don't
have a response either. This commit restores a DNS header from the
information we have (query ID, flags) so that most actions can
proceed normally.
Signed-off-by: Remi Gacogne <remi.gacogne@powerdns.com>
(cherry picked from commit
0cc4805b11afde171880d8f8ee84716de0ce5335 )
Remi Gacogne [Tue, 7 Oct 2025 11:34:49 +0000 (13:34 +0200)]
dnsdist: Fix handling of large XSK frames
There was a bug in the way we were computing the remaining capacity
of a XSK frame, because we forgot to account for the network headers.
This caused some XSK responses to be discarded by the kernel (`tx_invalid_descs`)
because there was not enough space left in the frame (less than
`XDP_PACKET_HEADROOM`).
Thanks to `ednaq` for reporting this via ou YesWeHack program.
Signed-off-by: Remi Gacogne <remi.gacogne@powerdns.com>
(cherry picked from commit
e0eb6a798c02ccd0d613fff53b0e51560e0a9fba )
Remi Gacogne [Fri, 10 Oct 2025 08:18:40 +0000 (10:18 +0200)]
dnsdist: Make the round-robin LB policy internal counter atomic
Otherwise TSAN is rightfully complaining that there is a data race
because several threads are updating at the same time. While the
impact of this counter being corrupted is almost zero, and there is
an actual overhead to making it atomic, I believe this is the only
correct way to ensure the expected behaviour of this policy.
Signed-off-by: Remi Gacogne <remi.gacogne@powerdns.com>
(cherry picked from commit
1ad48b108eadbe260c16443c1feaf393a2c1324b )
Remi Gacogne [Thu, 9 Oct 2025 12:53:51 +0000 (14:53 +0200)]
dnsdist: Properly handle exceptions when processing timeout rules
Signed-off-by: Remi Gacogne <remi.gacogne@powerdns.com>
(cherry picked from commit
9a17d3411db3ee41c9b8f1ff998c8f4474b7e9a0 )
Remi Gacogne [Thu, 25 Sep 2025 13:14:40 +0000 (15:14 +0200)]
dnsdist: Fix release builds by updating the locked Rust lib version
Since we are now dynamically setting the version of our internal Rust library
when generating the release tarball, `cargo` needs to update the `Cargo.lock`
file to reflect the new version, which is not possible if we are passing `--locked`:
```
error: the lock file /pdns/dnsdist-2.1.0-alpha0.870.master.gc64b979bc/dnsdist-rust-lib/rust/Cargo.lock needs to be updated but --locked was passed to prevent this
If you want to try to generate the lock file without accessing the network, remove the --locked flag and use --offline instead.
```
This commit fixes that also updating the `Cargo.lock` file when generating the
release tarball so that `cargo` no longer needs to update the `Cargo.lock`.
Signed-off-by: Remi Gacogne <remi.gacogne@powerdns.com>
(cherry picked from commit
b99706f376d7ec0a21214e0ec31182f324082560 )
Remi Gacogne [Thu, 25 Sep 2025 10:01:52 +0000 (12:01 +0200)]
dnsdist: Fix setting meta keys on response, pass them from question to response
This commit fixes setting Protocol Buffer meta keys on DNS response via Lua FFI:
the existing code was assuming it was possible to use the question methods on a
response object which is not true and would likely have ended in a crash at some
point.
It also propates meta keys set on a DNS question to the corresponding DNS response.
Before this commit the values were not passed along to the response which was quite
unexpected, especially for self-answered responses.
Signed-off-by: Remi Gacogne <remi.gacogne@powerdns.com>
(cherry picked from commit
e3381435870e89c8573efb4a44497a08b0807b24 )
Remi Gacogne [Mon, 22 Sep 2025 10:15:03 +0000 (12:15 +0200)]
update-rust-library-version: Not DNSdist-specific
Signed-off-by: Remi Gacogne <remi.gacogne@powerdns.com>
(cherry picked from commit
27ee747f17b7887e7514ec9b4f87cf7c7ecd8f77 )
Remi Gacogne [Mon, 22 Sep 2025 09:43:11 +0000 (11:43 +0200)]
dnsdist: Update the Rust library version when generating a tarball
Signed-off-by: Remi Gacogne <remi.gacogne@powerdns.com>
(cherry picked from commit
1ec5492f189b694ed3b62db94aeee68f714a6244 )
Remi Gacogne [Fri, 19 Sep 2025 12:15:09 +0000 (14:15 +0200)]
dnsdist: Document that the hash perturbation is NOT only used for chashed
As suggested by Robert Edmonds (thank you!).
Signed-off-by: Remi Gacogne <remi.gacogne@powerdns.com>
(cherry picked from commit
c23454eeb6d9233ca77115c72ba856e55fe64445 )
Signed-off-by: Remi Gacogne <remi.gacogne@powerdns.com>
Remi Gacogne [Fri, 19 Sep 2025 12:14:23 +0000 (14:14 +0200)]
dnsdist: Initialize hash perturbation later, and only if needed
As suggested by Robert Edmonds (many thanks!).
Signed-off-by: Remi Gacogne <remi.gacogne@powerdns.com>
(cherry picked from commit
1362f8c0d846113f32d837a7be9af62c40c67a14 )
Remi Gacogne [Fri, 19 Sep 2025 12:13:32 +0000 (14:13 +0200)]
dnsdist: Add the current hash perturbation setting to verbose logging
As suggested by Robert Edmonds (thanks!).
Signed-off-by: Remi Gacogne <remi.gacogne@powerdns.com>
(cherry picked from commit
d7994e1c0458a88bce259c758d256cf6717cc79c )
Remi Gacogne [Thu, 25 Sep 2025 07:32:37 +0000 (09:32 +0200)]
dnsdist: Remove redundant assignment noticed by Otto
Signed-off-by: Remi Gacogne <remi.gacogne@powerdns.com>
(cherry picked from commit
6186a149e8c66640b45f53a6a905836855cbfbd4 )
Remi Gacogne [Fri, 19 Sep 2025 09:37:37 +0000 (11:37 +0200)]
dnsdist: Appease clang-tidy
Signed-off-by: Remi Gacogne <remi.gacogne@powerdns.com>
(cherry picked from commit
332f2c37a7a7a8c07824ef93a0a796e39694bcfe )
Remi Gacogne [Thu, 18 Sep 2025 13:12:04 +0000 (15:12 +0200)]
dnsdist: Reduce complexity of `TCPConnectionToBackend::handleIO`
Signed-off-by: Remi Gacogne <remi.gacogne@powerdns.com>
(cherry picked from commit
f253ae82322d2273a1c95f4423f6da373d5ff1d5 )
Remi Gacogne [Tue, 16 Sep 2025 15:24:50 +0000 (17:24 +0200)]
dnsdist: Fix reentry issue in TCP downstream I/O on macOS/BSD
Signed-off-by: Remi Gacogne <remi.gacogne@powerdns.com>
(cherry picked from commit
62af150ded89da4ae922e0ad6dc82af9868e7a5e )
Remi Gacogne [Fri, 4 Jul 2025 10:01:03 +0000 (12:01 +0200)]
dnsdist: Add a regression test for the incoming protocol selector
Signed-off-by: Remi Gacogne <remi.gacogne@powerdns.com>
(cherry picked from commit
c742379bac82700195f0bbd608b2e29a3e44ac95 )
Remi Gacogne [Thu, 3 Jul 2025 19:15:01 +0000 (21:15 +0200)]
dnsdist: Add a selector to match the incoming protocol
Signed-off-by: Remi Gacogne <remi.gacogne@powerdns.com>
(cherry picked from commit
363baee040886defdb57671fab3a336f83ae9099 )
Remi Gacogne [Thu, 16 Oct 2025 08:48:35 +0000 (10:48 +0200)]
Merge pull request #16276 from rgacogne/dnsdist-2.0.x-backport-16169
Remi Gacogne [Thu, 16 Oct 2025 08:30:51 +0000 (10:30 +0200)]
Merge pull request #16270 from rgacogne/dnsdist-2.0.x-backport-15267
Remi Gacogne [Tue, 23 Sep 2025 14:15:13 +0000 (16:15 +0200)]
build-docker-images-tags: Grant enough permissions to sign imagesSigned-off-by: Remi Gacogne <remi.gacogne@powerdns.com>
romeroalx [Fri, 7 Mar 2025 07:00:19 +0000 (08:00 +0100)]
dnsdist-2.0.x: Fix the build-packages workflow
(cherry picked from commit
0424014ebdcac41efc882559d6d5ea0d30bd444b )
Signed-off-by: Remi Gacogne <remi.gacogne@powerdns.com>
Remi Gacogne [Wed, 10 Sep 2025 07:54:30 +0000 (09:54 +0200)]
Merge pull request #16102 from rgacogne/ddist20-backport-16065
Remi Gacogne [Mon, 1 Sep 2025 10:22:55 +0000 (12:22 +0200)]
dnsdist: Test that the configuration is correctly reloaded
Signed-off-by: Remi Gacogne <remi.gacogne@powerdns.com>
(cherry picked from commit
a139d6ddef76cabc203d0e9786110a6f3d3b3f2f )
Remi Gacogne [Mon, 1 Sep 2025 10:22:06 +0000 (12:22 +0200)]
dnsdist: Refresh configuration after `recv` which may have blocked for a long time
Signed-off-by: Remi Gacogne <remi.gacogne@powerdns.com>
(cherry picked from commit
4f70dcdd60826448b4bcad5a44335de0c45dbeea )
Remi Gacogne [Mon, 8 Sep 2025 14:53:30 +0000 (16:53 +0200)]
Merge pull request #16096 from rgacogne/ddist20-backport-16082
Remi Gacogne [Fri, 5 Sep 2025 07:35:44 +0000 (09:35 +0200)]
dnsdist: Fix the IO reentry guard in outgoing DoH
Signed-off-by: Remi Gacogne <remi.gacogne@powerdns.com>
(cherry picked from commit
81f0706bdf91c01ee26f8bb18315206af7a70b31 )
Remi Gacogne [Mon, 8 Sep 2025 13:47:18 +0000 (15:47 +0200)]
Merge pull request #16095 from rgacogne/ddist20-backport-16090
Remi Gacogne [Fri, 5 Sep 2025 14:38:49 +0000 (16:38 +0200)]
dnsdist: Fix access to frontends while in client mode
Since 2.0 we return `nil` instead of an object containing a `NULL`
pointer when the requested object does not exist, to make it possible
to check the validity of the returned object from `Lua`. It makes
sense in all contexts except when we are in client mode, because
then accessing the object in the remaining parts of the configuration
will trigger an error. Our DNS over HTTPS documentation itself contains
such a Lua configuration snippet, which is now broken.
This commit reverts back to sending an object containg a `NULL`
pointer when accessing the frontends in the client mode case.
Signed-off-by: Remi Gacogne <remi.gacogne@powerdns.com>
(cherry picked from commit
e6b9a30bbe1e198702308d9904d067eb89b646f1 )
Remi Gacogne [Mon, 8 Sep 2025 09:50:39 +0000 (11:50 +0200)]
Merge pull request #16093 from rgacogne/ddist20-backport-15737
Remi Gacogne [Fri, 27 Jun 2025 14:09:18 +0000 (16:09 +0200)]
dnsdist-resolver: Fix a bug when we get new IPs for a server
The `dnsdist-resolver` script regularly checks the IPs corresponding
to a backend `hostname`, and updates our backend accordingly:
- if an IP we previously received vanishes, it removes the backend
corresponding to that IP
- if a new IP shows up, it adds a new backend
The existing code tries to avoid some work by keeping track of the
number of IPs associated to a given server, skipping the comparisons
of recently received IPs to existing ones if the number did not change.
This unfortunately does not work well if we get the same number of IPs
but with different IPs in the set.
This caused some backends to never get removed and stay along as ghosts,
as well as some new IPs to never be picked up.
Signed-off-by: Remi Gacogne <remi.gacogne@powerdns.com>
(cherry picked from commit
e306ec7a085282893b93214a75ba3aac4d9435b4 )
Remi Gacogne [Fri, 5 Sep 2025 07:55:29 +0000 (09:55 +0200)]
Merge pull request #16080 from rgacogne/ddist20-backport-16015
Remi Gacogne [Fri, 5 Sep 2025 07:55:21 +0000 (09:55 +0200)]
Merge pull request #16081 from rgacogne/ddist20-backport-16064
Remi Gacogne [Mon, 1 Sep 2025 12:00:09 +0000 (14:00 +0200)]
dnsdist: Properly handle truncation for UDP responses sent via `sendmmsg`
Signed-off-by: Remi Gacogne <remi.gacogne@powerdns.com>
(cherry picked from commit
bf06a3d6b2f517b0cf365e218c752548029ea4a6 )
Remi Gacogne [Fri, 22 Aug 2025 12:38:35 +0000 (14:38 +0200)]
dnsdist: Fix a typo is an exception message spotted by Miod
Co-authored-by: Miod Vallat <miod.vallat@powerdns.com>
Signed-off-by: Remi Gacogne <github@coredump.fr>
(cherry picked from commit
28238ca3fb9fab245b90d912a30355567aa7266d )
Remi Gacogne [Fri, 22 Aug 2025 12:38:03 +0000 (14:38 +0200)]
dnsdist: Apply Miod's suggestion
Co-authored-by: Miod Vallat <miod.vallat@powerdns.com>
Signed-off-by: Remi Gacogne <github@coredump.fr>
(cherry picked from commit
0cf2668a8c625f72944f682010befbe3089b9dd0 )
Remi Gacogne [Fri, 22 Aug 2025 12:22:29 +0000 (14:22 +0200)]
dnsdist: Fix clang-tidy warnings
Signed-off-by: Remi Gacogne <remi.gacogne@powerdns.com>
(cherry picked from commit
baad31c2b9db48acd1874db743a1764beaa05931 )
Remi Gacogne [Fri, 22 Aug 2025 08:33:14 +0000 (10:33 +0200)]
dnsdist: Don't call `nghttp2_session_send` from a callback
Signed-off-by: Remi Gacogne <remi.gacogne@powerdns.com>
(cherry picked from commit
a917d158c3f8994e84b38cacbaec5668b1745460 )
Remi Gacogne [Fri, 22 Aug 2025 07:57:57 +0000 (09:57 +0200)]
dnsdist: Fix a memory access violation in the nghttp2 unit tests
Calling `nghttp2_session_send` from a callback does not work well
when ``nghttp2_session_send`` ends up closing the current stream,
triggering a use-after-free.
It's not clear from the API documentation, but it is mentioned in
the programmers' guide's remarks:
> Do not call `nghttp2_session_send()`, `nghttp2_session_mem_send2()`,
`nghttp2_session_recv()` or `nghttp2_session_mem_recv2()` from the
nghttp2 callback functions directly or indirectly. It will lead to the
crash. You can submit requests or frames in the callbacks then call
these functions outside the callbacks.
Signed-off-by: Remi Gacogne <remi.gacogne@powerdns.com>
(cherry picked from commit
346d37abe3beedcec8c856ea4421311de4df1d24 )
Remi Gacogne [Fri, 29 Aug 2025 11:29:32 +0000 (13:29 +0200)]
Merge pull request #16053 from rgacogne/ddist20-backport-15874
Remi Gacogne [Thu, 28 Aug 2025 12:10:18 +0000 (14:10 +0200)]
Merge pull request #16052 from rgacogne/ddist20-backport-16043
Remi Gacogne [Thu, 28 Aug 2025 12:10:01 +0000 (14:10 +0200)]
Merge pull request #16049 from rgacogne/ddist20-backport-16042
Remi Gacogne [Thu, 28 Aug 2025 09:38:49 +0000 (11:38 +0200)]
Merge pull request #16048 from rgacogne/ddist20-backport-16038
projects / thirdparty / pdns.git / log
