]>
git.ipfire.org Git - thirdparty/pdns.git/log
Otto [Wed, 12 May 2021 10:46:44 +0000 (12:46 +0200)]
Take into account q_quiet when determing loglevel and change a few
loglevels.
(cherry picked from commit
cf02f990a7fb9398aa4b13373c7ae35f7d2d47e3 )
Otto Moerbeek [Wed, 19 May 2021 08:34:59 +0000 (10:34 +0200)]
Merge pull request #10422 from omoerbeek/rec-backport-10420-to-4.5.x
Otto [Tue, 18 May 2021 14:59:23 +0000 (16:59 +0200)]
Backport of #10420 to rec 4.5.x
Otto Moerbeek [Mon, 10 May 2021 13:02:16 +0000 (15:02 +0200)]
Merge pull request #10378 from omoerbeek/rel/rec-4.5.x
Otto Moerbeek [Mon, 10 May 2021 13:02:02 +0000 (15:02 +0200)]
Merge pull request #10377 from omoerbeek/backport-10375-to-rec-4.5.x
Otto [Mon, 10 May 2021 11:30:25 +0000 (13:30 +0200)]
Add missing fuzzing corpus files
Remi Gacogne [Fri, 7 May 2021 15:25:01 +0000 (17:25 +0200)]
rec: Prevent a race in the aggressive NSEC cache
When a new NSEC3 record has a different salt than the one we know, we
update the zone entry with the new salt. Unfortunately, that salt was
read without holding the lock in `AggressiveNSECCache::getNSEC3Denial`,
leading to a possible data race.
(cherry picked from commit
779f35b41c758bed9215d51df4fc3a69edbada9d )
Otto Moerbeek [Fri, 7 May 2021 07:48:00 +0000 (09:48 +0200)]
Merge pull request #10366 from omoerbeek/backport-10353-to-rec-4.5.x
Remi Gacogne [Tue, 4 May 2021 16:30:47 +0000 (18:30 +0200)]
rec: Test the most simple condition first
Co-authored-by: Otto Moerbeek <otto.moerbeek@open-xchange.com>
(cherry picked from commit
89461c55042e1f0f7d17a511ae3d6c7c39602954 )
Remi Gacogne [Tue, 4 May 2021 12:56:40 +0000 (14:56 +0200)]
rec: Add a regression test for gettag_ffi, RPZ and DNS64 interaction
(cherry picked from commit
76b47869c7902da25036c76ec4cd98fe23a51827 )
Remi Gacogne [Tue, 4 May 2021 10:29:32 +0000 (12:29 +0200)]
rec: Apply dns64 on RPZ hits generated after a gettag_ffi hit
We do special case the qname RPZ processing after a gettag_ffi hit,
leading to dns64 to not be applied in that case. This commit adds
dns64 handling to the special case.
(cherry picked from commit
92f829c42ef82b6d5d0804886519536137925f23 )
Otto Moerbeek [Mon, 26 Apr 2021 09:14:28 +0000 (11:14 +0200)]
Merge pull request #10335 from omoerbeek/backport-10329-to-rec-4.5.x
Otto Moerbeek [Mon, 26 Apr 2021 09:14:14 +0000 (11:14 +0200)]
Merge pull request #10334 from omoerbeek/backport-10318-to-rec-4.5.x
Otto Moerbeek [Mon, 26 Apr 2021 09:14:00 +0000 (11:14 +0200)]
Merge pull request #10333 from omoerbeek/backport-10312-to-rec-4.5.x
Peter van Dijk [Fri, 23 Apr 2021 13:40:43 +0000 (15:40 +0200)]
boost 1.76 containers: use standard exceptions
(cherry picked from commit
311f26839819062ced8697686372b6c6b2210bdf )
Matt Nordhoff [Tue, 20 Apr 2021 13:41:42 +0000 (13:41 +0000)]
rec: Fix typo in edns-padding-tag help
(cherry picked from commit
07e8ae03d1ec61f6d8f2577cf16a76889bbdd832 )
Otto Moerbeek [Wed, 21 Apr 2021 09:01:56 +0000 (11:01 +0200)]
typo
Co-authored-by: Remi Gacogne <github@coredump.fr>
(cherry picked from commit
693b9c55afb04e1774a9086074986c910a7eaf20 )
Otto [Mon, 19 Apr 2021 14:44:43 +0000 (16:44 +0200)]
Improve packet cache sizing.
Since queries incoming over TCP are now also using the packet
cache, there is now also one packet cache instance per distributor
thread. Each cache instance has a size of max-packetcache-entries
divided by (threads + distributor-threads).
(cherry picked from commit
5c367a7e8c69311998737914270386618eb9e1d2 )
Otto Moerbeek [Wed, 21 Apr 2021 09:03:08 +0000 (11:03 +0200)]
Merge pull request #10320 from omoerbeek/backport-10317-to-rec-4.5.x
Otto Moerbeek [Wed, 21 Apr 2021 09:02:48 +0000 (11:02 +0200)]
Merge pull request #10319 from omoerbeek/backport-10303-to-rec-4.5.x
Otto [Tue, 20 Apr 2021 11:52:38 +0000 (13:52 +0200)]
Also check query type
(cherry picked from commit
660a62d41320e484387e3d4671ec36cf0d07b942 )
Otto [Tue, 20 Apr 2021 11:32:26 +0000 (13:32 +0200)]
Add test case
(cherry picked from commit
a990990b951c843aafcd89a536eb9c8972f05624 )
Otto [Tue, 6 Apr 2021 11:20:36 +0000 (13:20 +0200)]
Do not put results of DS query for auth or forward domains in negcache.
Should fix #10189.
(cherry picked from commit
6fa3df17b1fd369020601e804ee98e2e2c2882f0 )
Remi Gacogne [Mon, 19 Apr 2021 12:06:26 +0000 (14:06 +0200)]
rec: Fix the proxy protocol regression tests
(cherry picked from commit
1d3ea4cf67b5e1565ed619f5015420481e1c87f3 )
Remi Gacogne [Mon, 19 Apr 2021 09:15:43 +0000 (11:15 +0200)]
rec: Replace deprecated edns-subnet-whitelist with edns-subnet-allow-list
(cherry picked from commit
3be6dde85dda49352642681813753454e5f41525 )
Remi Gacogne [Mon, 19 Apr 2021 09:13:47 +0000 (11:13 +0200)]
rec: Add regression tests for Proxy Protocol / ECS interaction
(cherry picked from commit
9166ee1b3fc9d5df9b93570d883cf154aa98e425 )
Remi Gacogne [Mon, 19 Apr 2021 08:09:40 +0000 (10:09 +0200)]
rec: Use the correct ECS address when proxy-protocol is enabled
(cherry picked from commit
2199aa19f92415dc9ecdfafbd9c9ce08327f54b8 )
Otto Moerbeek [Tue, 20 Apr 2021 09:09:01 +0000 (11:09 +0200)]
Merge pull request #10308 from omoerbeek/backport-10299-to-rec-4.5.x
Otto Moerbeek [Tue, 20 Apr 2021 09:08:47 +0000 (11:08 +0200)]
Merge pull request #10307 from omoerbeek/backport-10298-to-rec-4.5.x
Otto Moerbeek [Tue, 20 Apr 2021 09:08:34 +0000 (11:08 +0200)]
Merge pull request #10306 from omoerbeek/backport-10291-to-rec-4.5.x
Otto Moerbeek [Tue, 20 Apr 2021 09:08:15 +0000 (11:08 +0200)]
Merge pull request #10305 from omoerbeek/backport-10286-to-rec-4.5.x
phonedph1 [Thu, 15 Apr 2021 20:31:30 +0000 (14:31 -0600)]
rec: update setting for aggressive-nsec-cache-size
(cherry picked from commit
327851e53faeeee67db857e2152e149edf72753e )
phonedph1 [Thu, 15 Apr 2021 17:38:35 +0000 (11:38 -0600)]
Update validate.cc
(cherry picked from commit
c0d3ae95c47cd0cdc03432889e61d7de87b8cf14 )
phonedph1 [Thu, 15 Apr 2021 16:57:15 +0000 (10:57 -0600)]
rec: print the covering NSEC
It would be nice to log not only that a name is covered, but what entry actually covers it. This is useful in debugging crazy setups.
(cherry picked from commit
a651118120d441c1cf20daa9d495d2795ac0b5e8 )
Otto [Tue, 13 Apr 2021 13:16:09 +0000 (15:16 +0200)]
Exception loading the RPZ seedfile is not fatal.
Catch PDNSException and clear on failure.
(cherry picked from commit
a47cc75dfa7519bcf7b31cee511852ae954a50f8 )
Peter van Dijk [Wed, 14 Apr 2021 16:46:27 +0000 (18:46 +0200)]
the code is not glibc specific
(cherry picked from commit
245abe4da5829bcf39953cfe06c0ef6ab8f6ecd7 )
Peter van Dijk [Wed, 14 Apr 2021 16:28:20 +0000 (18:28 +0200)]
comments from code review
(cherry picked from commit
34b0536b713515b4cc89d8a28ea27822ef0880dc )
Peter van Dijk [Wed, 14 Apr 2021 16:26:09 +0000 (18:26 +0200)]
auto, reinterpret_cast
Co-authored-by: Remi Gacogne <rgacogne+github@valombre.net>
(cherry picked from commit
de769ee3f68d9e940cd10610e7a68b03ce339bda )
Peter van Dijk [Tue, 13 Apr 2021 19:06:33 +0000 (21:06 +0200)]
add tests
Co-authored-by: Otto Moerbeek <otto.moerbeek@open-xchange.com>
(cherry picked from commit
0d70e98b423fed67efff4ea82db7eb7d6552a64c )
Peter van Dijk [Mon, 12 Apr 2021 10:24:17 +0000 (12:24 +0200)]
rpz dumper: stop generating double zz labels on networks that start with zeroes
(partial rewrite; adds tests)
(cherry picked from commit
bbe6cfec2b5a0b65a7183c04a4d088f1fcc87ba7 )
Otto Moerbeek [Tue, 13 Apr 2021 06:17:38 +0000 (08:17 +0200)]
Merge pull request #10284 from omoerbeek/backport-10252-to-rec-4.5.x
Pieter Lexis [Wed, 31 Mar 2021 14:04:27 +0000 (16:04 +0200)]
Fix the package version _on_ prerelease tags
Closes #9842
(cherry picked from commit
121a191d5ecd24818053a39013608e424a36142a )
Otto Moerbeek [Fri, 9 Apr 2021 10:22:02 +0000 (12:22 +0200)]
Merge pull request #10280 from omoerbeek/backport-10268-to-rec-4.5.x
Otto Moerbeek [Fri, 9 Apr 2021 10:21:46 +0000 (12:21 +0200)]
Merge pull request #10279 from omoerbeek/backport-10264-to-rec-4.5.x
Otto Moerbeek [Fri, 9 Apr 2021 10:02:39 +0000 (12:02 +0200)]
Merge pull request #10278 from omoerbeek/backport-10232-to-rec-4.5.x
Otto Moerbeek [Fri, 9 Apr 2021 10:02:26 +0000 (12:02 +0200)]
Merge pull request #10277 from omoerbeek/backport-10223-to-rec-4.5.x
Otto Moerbeek [Wed, 7 Apr 2021 08:07:09 +0000 (10:07 +0200)]
Aslo test query_address for value and query_port for presence
(cherry picked from commit
11927be3eb2a9f1aa0f210dc7dd73c7c32209d01 )
Otto [Tue, 6 Apr 2021 13:19:58 +0000 (15:19 +0200)]
Log client IP in dnstap messages
Also make sure we log only if we actually sent a message, i.e.
we did not chain our request to an existing one.
(cherry picked from commit
82c0899caaf9b97a8bcec1b19d9387feec86c9e9 )
Otto [Tue, 6 Apr 2021 08:41:39 +0000 (10:41 +0200)]
Also disable PMTU for v6
(cherry picked from commit
db63b4b63158d95399fa9109b9802b195df515f8 )
Otto [Fri, 26 Mar 2021 15:37:46 +0000 (16:37 +0100)]
Clear d_from if we don't know where the update came from
(cherry picked from commit
ef726696aa4411d49f7d5400abb275c000718034 )
Remi Gacogne [Tue, 30 Mar 2021 07:20:41 +0000 (09:20 +0200)]
rec: Fix duplicated space in the SyncRes unit tests
Co-authored-by: Josh Soref <jsoref@users.noreply.github.com>
(cherry picked from commit
aabd93c4bafc01cb4df72cc527ba7745cfd6252f )
Remi Gacogne [Tue, 30 Mar 2021 07:20:34 +0000 (09:20 +0200)]
rec: Fix duplicated space in the SyncRes unit tests
Co-authored-by: Josh Soref <jsoref@users.noreply.github.com>
(cherry picked from commit
a5b7a31e157d5a5d41d1567c22e124b8cb1974f3 )
Remi Gacogne [Fri, 26 Mar 2021 14:57:31 +0000 (15:57 +0100)]
rec: Add unit tests for the "unpublished DNSKEY" case
(cherry picked from commit
fb6dfd69d95fa76f3e5be2aaf510f3b829ddbac8 )
Remi Gacogne [Fri, 26 Mar 2021 14:56:11 +0000 (15:56 +0100)]
rec: Don't override a Bogus state, handle NSEC3s for unpublished DNSKEY
(cherry picked from commit
e6333113aabaaba9d4a0895653bba7b8bad005d5 )
Remi Gacogne [Fri, 26 Mar 2021 08:48:09 +0000 (09:48 +0100)]
rec: Better handling of stranded DNSKeys
(cherry picked from commit
cf730c2e6f0b7cc63ab589038699987133eee94c )
Otto Moerbeek [Tue, 30 Mar 2021 05:38:53 +0000 (07:38 +0200)]
Merge pull request #10241 from omoerbeek/backport-10238-to-rec-4.5.x
Otto [Mon, 29 Mar 2021 13:27:43 +0000 (15:27 +0200)]
Safe tmp file handling, basic sanity check on size of data.
(cherry picked from commit
852d4e70c09dd9b41d9aa2a988a666b0cb749d97 )
Otto [Mon, 29 Mar 2021 10:07:14 +0000 (12:07 +0200)]
Move the opening of the file to write a bit down
(cherry picked from commit
5ef38b0c7b61e819773765d87b0fe6061cd0be7a )
Otto [Mon, 29 Mar 2021 10:05:55 +0000 (12:05 +0200)]
namespace filesystem = boost::filesystem
(cherry picked from commit
dec872ee807caa32eab6f75e36db4feb16f2f6ea )
Otto [Mon, 29 Mar 2021 09:49:34 +0000 (11:49 +0200)]
Zap tmp files; use random suffix and fix leak by using smart pointer.
(cherry picked from commit
e672ad6db7e9d0a98569656a4c0701121715b842 )
Otto [Mon, 29 Mar 2021 08:40:37 +0000 (10:40 +0200)]
More fail-safe handling of NOD files
(cherry picked from commit
7b4cc738ffaaec7173f39fc140799f2200d93e61 )
Peter van Dijk [Fri, 26 Mar 2021 11:29:48 +0000 (12:29 +0100)]
Merge pull request #10206 from pieterlexis/API-search-rrtype-on-comment
Remi Gacogne [Fri, 26 Mar 2021 10:58:08 +0000 (11:58 +0100)]
Merge pull request #10207 from rgacogne/ddist-max-concurrent-connections
Remi Gacogne [Wed, 24 Mar 2021 14:16:44 +0000 (15:16 +0100)]
dnsdist: Clarify the meaning of 'tcpMaxConcurrentConnections'
Remi Gacogne [Wed, 24 Mar 2021 14:15:17 +0000 (15:15 +0100)]
dnsdist: Remove trailing whitespace in the documentation
Remi Gacogne [Wed, 24 Mar 2021 10:27:15 +0000 (11:27 +0100)]
dnsdist: Add regression tests for the number of conns per frontend
Remi Gacogne [Tue, 23 Mar 2021 17:58:54 +0000 (18:58 +0100)]
dnsdist: Add a parameter to limit the number of TCP conns per frontend
Remi Gacogne [Mon, 22 Mar 2021 17:45:01 +0000 (18:45 +0100)]
dnsdist: Add setMaxCachedTCPConnectionsPerDownstream()
Remi Gacogne [Mon, 22 Mar 2021 16:12:46 +0000 (17:12 +0100)]
dnsdist: Add 'max concurrent connections' counters
Pieter Lexis [Mon, 22 Mar 2021 17:31:31 +0000 (18:31 +0100)]
API: return RRType when finding a comment
Otto Moerbeek [Fri, 26 Mar 2021 09:15:45 +0000 (10:15 +0100)]
Merge pull request #10213 from omoerbeek/rec-prep-4.5.0-beta1
Remi Gacogne [Fri, 26 Mar 2021 07:33:19 +0000 (08:33 +0100)]
Merge pull request #10218 from rgacogne/ddist-disable-renego
Remi Gacogne [Thu, 25 Mar 2021 18:17:24 +0000 (19:17 +0100)]
dnsdist: Disable client-initiated renegotiation with LibreSSL
Remi Gacogne [Thu, 25 Mar 2021 15:57:44 +0000 (16:57 +0100)]
dnsdist: Disable TLS renegotiation by default
Remi Gacogne [Thu, 25 Mar 2021 09:00:38 +0000 (10:00 +0100)]
Merge pull request #10214 from rgacogne/ddist-certificate-reloading
Remi Gacogne [Wed, 24 Mar 2021 15:38:24 +0000 (16:38 +0100)]
dnsdist: Unify certificate reloading syntaxes
Otto Moerbeek [Wed, 24 Mar 2021 15:28:16 +0000 (16:28 +0100)]
Apply suggestions from code reviewCo-authored-by: Remi Gacogne <rgacogne+github@valombre.net>
Otto Moerbeek [Wed, 24 Mar 2021 14:40:30 +0000 (15:40 +0100)]
Merge pull request #10212 from omoerbeek/rec-docs-mt-metrics
Remi Gacogne [Wed, 24 Mar 2021 14:02:34 +0000 (15:02 +0100)]
Merge pull request #10201 from rgacogne/ddist-connect-timeout
Otto [Wed, 24 Mar 2021 13:59:31 +0000 (14:59 +0100)]
Fix typos and incoorporate suggestions.
Otto [Mon, 15 Mar 2021 13:25:57 +0000 (14:25 +0100)]
A few updates and corrections of docs related to metrics and threads.
Remi Gacogne [Wed, 24 Mar 2021 12:45:38 +0000 (13:45 +0100)]
dnsdist: Revert the backend's default TCP read and write timeouts
Remi Gacogne [Wed, 24 Mar 2021 12:37:36 +0000 (13:37 +0100)]
Merge pull request #10204 from rgacogne/ddist-tuning-defaults
Otto [Wed, 24 Mar 2021 11:22:25 +0000 (12:22 +0100)]
Changelog and secpoll
Otto Moerbeek [Wed, 24 Mar 2021 11:17:10 +0000 (12:17 +0100)]
Merge pull request #9995 from omoerbeek/rec-fastopen-connect
Otto [Tue, 23 Mar 2021 15:10:37 +0000 (16:10 +0100)]
Avoid flooding log on each connect by testing if fast-open-connect succeeds once on startup,
Otto [Mon, 15 Mar 2021 11:08:54 +0000 (12:08 +0100)]
change in writenWithTimeout should not be needed anymore as sdig now
Otto [Wed, 3 Mar 2021 12:51:45 +0000 (13:51 +0100)]
As suggested by @rgacogne and verified by myself v6 actually does have TFO.
Otto [Wed, 3 Mar 2021 12:36:43 +0000 (13:36 +0100)]
Zap unused leftover var after rebase
Otto [Tue, 26 Jan 2021 09:26:07 +0000 (10:26 +0100)]
My initial diagnosis of google causing disable of TFO was wrong,
Otto [Fri, 22 Jan 2021 13:57:06 +0000 (14:57 +0100)]
Upgrade guide note
Otto [Fri, 22 Jan 2021 12:39:30 +0000 (13:39 +0100)]
Spelling execptions
Otto Moerbeek [Fri, 22 Jan 2021 12:36:26 +0000 (13:36 +0100)]
rfc refCo-authored-by: Pieter Lexis <pieter@plexis.eu>
Otto [Fri, 22 Jan 2021 12:28:53 +0000 (13:28 +0100)]
Settings docs plus some background info.
Otto [Fri, 22 Jan 2021 11:34:03 +0000 (12:34 +0100)]
Use separate settings for tcp-fast-open (passive) and tcp-fast-open-connect (active)
Otto [Fri, 22 Jan 2021 11:25:42 +0000 (12:25 +0100)]
Warn if fastopen-connect is requested but could not be enabled and adapt
Otto [Wed, 20 Jan 2021 12:28:02 +0000 (13:28 +0100)]
Use a timeout with tcp connect to we get the EINPROGRESS handling.
Otto Moerbeek [Wed, 20 Jan 2021 10:04:50 +0000 (11:04 +0100)]
sdig now works with fastopen
Otto [Tue, 19 Jan 2021 15:48:43 +0000 (16:48 +0100)]
Start supporting fastopen for outgoing TCP connections.
Otto [Wed, 24 Mar 2021 09:57:03 +0000 (10:57 +0100)]
update EOL statement
projects / thirdparty / pdns.git / log
