Remi Gacogne [Thu, 3 Dec 2020 08:34:08 +0000 (09:34 +0100)]
rec: Handle failure to start the web server more gracefully
At this point we already have several threads so calling exit()
will cause problem by trying to destruct objects that are in use
by other threads, so call _exit() instead.
Also mention the web server in the error message so that the root
cause is easier to identify.
Remi Gacogne [Tue, 1 Dec 2020 16:20:22 +0000 (17:20 +0100)]
rec: Fix the gathering of denial proof for wildcard-expanded answers
If somehow the RRSIG indicating that the answer is expanded from a
wildcard (label count smaller than the number of labels in the name)
went _after_ the NSEC we need, we forgot to gather that NSEC.
It might have been an issue for downstream validation (we do gather
them a second time later for our own validation) since the client
would not have received them.
Remi Gacogne [Thu, 3 Dec 2020 14:21:48 +0000 (15:21 +0100)]
rec: Keep a cached, valid entry over a fresher Bogus one
It turns out to be quite difficult to make us accept a record that
we already have in cache, thanks to sanitization, but let's make
sure that we will not replace a valid entry with a Bogus one if that
happens.
It might happen for SOA records, and for DS records when the TTL of
the corresponding NS records is shorter than the TTL of the DS.
Remi Gacogne [Tue, 8 Dec 2020 15:54:14 +0000 (16:54 +0100)]
UUID: Use the non-cryptographic variant of the boost::uuid
Since Boost 1.67.0 the default UUID generator is cryptographically
strong, which is neat but quite slower. Since we don't need that,
just use the fastest version.
Remi Gacogne [Mon, 12 Oct 2020 10:43:04 +0000 (12:43 +0200)]
rec: Move to several distinct Bogus states, for easier debugging
This is especially useful after the fact, when the Bogus state is
retrieved from a cache and we don't have any clue left as to how
we ended up with that state.
Pieter Lexis [Thu, 1 Oct 2020 18:36:51 +0000 (20:36 +0200)]
Ensure socket-dir matches runtimedir on old systemd
This is mostly a hack for systemd version <240 so using virtual hosting
on Ubuntu Bionic and EL7 does not lead to surprises.
This Commit explicitly adds the `--socket-dir` to the invocation of the
unit. Any users who want to use their own runtimedirs should use a
drop-in unit overriding ExecStart. I believe this does not validate the
principle of least surprise for those using the PowerDNS provided
packages and virtual hosting.
Otto Moerbeek [Wed, 11 Nov 2020 11:02:50 +0000 (12:02 +0100)]
Do not add request to a wait chain that's already processed or being processed.
The following scenario can occur. Multiple concurrent clients doing the same query A
are needed to trigger it:
1. Incoming request A, which has a need for request X
2. Add request X to chain because we already have an identical outstanding request
3. We receive the reply for X
4. We process the chain
5. In the meantime a new request for X that's identical is added to the chain
6. The added id in step 5 is not being processed anymore -> timeout
This can happen if request X has TTL 0, otherwise the record cache would have a hit.
Remi Gacogne [Tue, 10 Nov 2020 10:15:02 +0000 (11:15 +0100)]
rec: Avoid a CNAME loop detection issue with DNS64
When the requested qname is a CNAME to a second CNAME, the CNAME
loop detection might get incorrectly triggered because the CNAMEs
were already present in the vector of result records.
Otto Moerbeek [Fri, 30 Oct 2020 08:12:06 +0000 (09:12 +0100)]
Only prepend the pdns_recursor_ prefix if no 2nd arg to getMteric was
given.
This also fixes the lookup of the HELP entries since they require the
original key. So getAllStats() now returns the key, the prometheus name
and the value.
Otto Moerbeek [Wed, 28 Oct 2020 09:39:23 +0000 (10:39 +0100)]
Allow to specify a name that is used for Prometheus export only.
This can be used to specify names that are structured using Prometheus
conventions. If no name Prometheus name is given, do a more thorough
conversion to a name Prometheus likes by replacng any non-alnum
char by an underscore.
The existing implementation did not properly update the DNSSEC
and authoritative status, and did not include all the needed
RRSIG and additional records.
rec: Prevent updating the status of all cached records for a name
Before that fix, it was possible to make the recursor update the
DNSSEC status of all cached records for a given name using an ANY
query.
This real issue is that we should retrieve the needed RRSIGs and
authority records for all cached records when processing an ANY
query, but this fix prevents the cache pollution which is the worst
part of the issue.
rec: Log when going Bogus because of a missing SOA in authority
A missing SOA in the authority section of negative (NXDOMAIN, NODATA)
answers in a DNSSEC-secure zone currently leads to a Bogus result,
because the needed NSEC/NSEC3 could not be validated.
rec: Watch the descriptor again after an out-of-order read timeout
It might be that there was no other incoming query on that connection
and we timed out while the response had not been sent yet, but the
client might want to re-use the connection after receving the response.
We try to reset the TTD, but that might fail when the socket descriptor
has already been removed.
Remi Gacogne [Tue, 11 Aug 2020 09:25:06 +0000 (11:25 +0200)]
Raise an exception on invalid hex content in unknown records
Otherwise we can end up reading uninitialised memory from the stack,
possibly leaking information.
This is only an issue if the content is read from an untrusted source
and can be passed back to an attacker.
Otto Moerbeek [Mon, 14 Sep 2020 09:30:42 +0000 (11:30 +0200)]
Use boost::optional to pass optional cutoff point. This way the
proper cutoff point can be specified for forwarded zones only,
making it possible to change it meaning witjout regular nameserver
lookups.
Otto Moerbeek [Mon, 7 Sep 2020 10:17:30 +0000 (12:17 +0200)]
We only want to do QName Minimization for the names in a forwarded
domain.
E.g. if foo.bar.com is forwarded and the qname is x.foo.bar.com,
start the QM process with ancestor foo.bar.com, so the query is
directed to the forwarder. But if the qname is baz.bar.com, we do
regular QM, starting with the regular ancestor.
Should fix #9438 without breaking having forward for .
Otto Moerbeek [Fri, 14 Aug 2020 08:51:28 +0000 (10:51 +0200)]
Also record the value that caused a hit.
For triggers fomr rpz zones it makes sense to store them as listed there.
For hit values (names or IPs) it makes more sense to store them
in the regular string value and not list them as rpz trigger format.
e.g.: a trigger is listed
projects / thirdparty / pdns.git / log
