]>
git.ipfire.org Git - thirdparty/pdns.git/log
Remi Gacogne [Wed, 4 May 2022 16:38:22 +0000 (18:38 +0200)]
dnsdist: Fix invalid proxy protocol payload on a DoH TC to TCP retry
dnsdist forwards incoming DoH queries to its backend over UDP, and
retry over TCP if the response is truncated (TC=1).
When the proxy protocol is used between dnsdist and its backend, the
second query, over TCP, needs to take into account that the proxy
protocol payload has already been handled. This was not properly done
in that exact case because the proxy protocol payload length was not
propagated to the code handling the TCP communication, leading to
the query ID being edited at the wrong offset in the packet and thus
to an invalid proxy protocol payload.
(cherry picked from commit
1c9c001cbe327023e5d490e5bc044d67ecae9cf2 )
Remi Gacogne [Wed, 1 Jun 2022 13:36:29 +0000 (15:36 +0200)]
Merge pull request #11663 from rgacogne/ddist17-protobuf-python-impl
Peter van Dijk [Tue, 31 May 2022 10:13:57 +0000 (12:13 +0200)]
protobuf: use python implementation during tests
(cherry picked from commit
2dd4d60b8103a64c796296647ad7b45226d5a5bd )
Remi Gacogne [Tue, 31 May 2022 08:53:29 +0000 (10:53 +0200)]
Merge pull request #11579 from rgacogne/ddist17-skip-scan-no-outstanding
Remi Gacogne [Tue, 31 May 2022 08:53:17 +0000 (10:53 +0200)]
Merge pull request #11580 from rgacogne/ddist17-healthcheck-mplexer
Remi Gacogne [Mon, 21 Mar 2022 09:27:30 +0000 (10:27 +0100)]
dnsdist-1.7.x: Only allocate the health-check mplexer when needed
When health-checking is disabled, or when a check delay longer than one
second is used, there is no need to allocate a new multiplexer object
every second.
(cherry picked from commit
017337515725264173e4d1f254bc0a19e4da6f4a )
Remi Gacogne [Tue, 26 Apr 2022 07:59:46 +0000 (09:59 +0200)]
dnsdist-1.7: Scan the UDP buckets only when we have outstanding queries
Remi Gacogne [Fri, 22 Apr 2022 12:34:11 +0000 (14:34 +0200)]
Merge pull request #11572 from rgacogne/ddist17-check-interval-timeouts
Remi Gacogne [Fri, 22 Apr 2022 11:29:28 +0000 (13:29 +0200)]
dnsdist: The check interval applies to health-check, not timeouts
Remi Gacogne [Fri, 22 Apr 2022 11:11:12 +0000 (13:11 +0200)]
Merge pull request #11566 from rgacogne/ddist171-backports
Remi Gacogne [Fri, 22 Apr 2022 09:02:26 +0000 (11:02 +0200)]
Merge pull request #11550 from rgacogne/ddist17-bpf-block-action
Remi Gacogne [Wed, 20 Apr 2022 12:32:14 +0000 (14:32 +0200)]
dnsdist: Fix wrong eBPF values (qtype, counter) being inserted for qnames
(cherry picked from commit
815aee7a22c749b0e4729318d66af311f5137314 )
Remi Gacogne [Fri, 15 Apr 2022 12:21:57 +0000 (14:21 +0200)]
dnsdist: Fix formatting
(cherry picked from commit
9c591809dad79eaae701120ba75401cb0489470e )
Remi Gacogne [Fri, 15 Apr 2022 10:57:53 +0000 (12:57 +0200)]
dnsdist: Add a 'getAddressAndPort()' method to DOHFrontend and TLSFrontend objects
(cherry picked from commit
59090737335dc8fe412ed00d2e73e3cf056713c9 )
Remi Gacogne [Fri, 15 Apr 2022 10:46:44 +0000 (12:46 +0200)]
dnsdist: Raise the number of entries in a packet cache to at least 1
And make sure that we cannot create such an object.
(cherry picked from commit
ffae2ddce64501226153261927178618d7d94a06 )
Remi Gacogne [Fri, 15 Apr 2022 10:35:20 +0000 (12:35 +0200)]
dnsdist: Use the correct outgoing protocol in our ring buffers
(cherry picked from commit
d5578666bcfb4f8c994e44a355bd786f232482e2 )
Remi Gacogne [Mon, 14 Feb 2022 18:03:24 +0000 (19:03 +0100)]
Better GnuTLS warning as suggested by Matt Nordhoff
Co-authored-by: Matt Nordhoff <mnordhoff@mattnordhoff.com>
(cherry picked from commit
298de588dacb292791088c155fc347082a39ca80 )
Remi Gacogne [Mon, 14 Feb 2022 16:43:11 +0000 (17:43 +0100)]
dnsdist: Remove the leak warning with GnuTLS >= 3.7.3
(cherry picked from commit
dc75dd372225f29a200794c019f78f20f3f496a9 )
Otto Moerbeek [Tue, 22 Feb 2022 07:17:34 +0000 (08:17 +0100)]
Better description of latency-count and latency-bucket
(cherry picked from commit
c1a71fed871d65c45ac3dbdfddef2f0324e5b17e )
Remi Gacogne [Mon, 14 Feb 2022 16:30:03 +0000 (17:30 +0100)]
dnsdist: Fix the latency-count metric
(cherry picked from commit
3df91da4c285a82179434f3009c94b865490a5a3 )
Remi Gacogne [Mon, 31 Jan 2022 11:11:36 +0000 (12:11 +0100)]
dnsdist: Fix 'inConfigCheck()'
(cherry picked from commit
dd6dfd9914f7e244b1a7170137c267c17752e47a )
Remi Gacogne [Mon, 31 Jan 2022 09:53:10 +0000 (10:53 +0100)]
dnsdist: Fix the health-check timeout for outgoing DoH connections
The health-check timeout is in milliseconds, contrary to the other
ones that are in seconds.
(cherry picked from commit
68f77a91b7d4e712bc068c02e64097651a6f30a6 )
Remi Gacogne [Tue, 1 Feb 2022 10:50:51 +0000 (11:50 +0100)]
dnsdist: Add regression tests for outgoing SNI
(cherry picked from commit
bff628697a6a21b627ff9f9e5f3962de6b627380 )
Remi Gacogne [Mon, 31 Jan 2022 11:24:29 +0000 (12:24 +0100)]
TCPIOHandler: Handle empty TLS hostname in outgoing connections
(cherry picked from commit
4d6004bda9401c82a35fdd148c89120c0d09f2c0 )
Remi Gacogne [Mon, 31 Jan 2022 09:33:46 +0000 (10:33 +0100)]
dnsdist: Set Server Name Indication on outgoing TLS connections (DoT, DoH)
(cherry picked from commit
3a692438ae8353544c934ac6f6c53dce0a55c70a )
Peter van Dijk [Fri, 14 Jan 2022 11:12:09 +0000 (12:12 +0100)]
test ubuntu jammy build target
(cherry picked from commit
e3d50799180eb4499f8dda5263773775301bfa7e )
Peter van Dijk [Fri, 14 Jan 2022 11:12:04 +0000 (12:12 +0100)]
add ubuntu jammy build target
(cherry picked from commit
6c1e5fd70b4dd4e75b18ff8c75f93c7d22122643 )
Remi Gacogne [Mon, 17 Jan 2022 15:56:13 +0000 (16:56 +0100)]
Stop using the now deprecated and useless std::binary_function
It is no longer needed since the types can now be automatically
deduced, has been deprecated in C++11 and removed in C++17.
(cherry picked from commit
7587bcbea8a9cb3058cb2e6d7f6a2597494b6713 )
Otto Moerbeek [Wed, 12 Jan 2022 12:49:53 +0000 (13:49 +0100)]
Work around a compiler bug seen on OpenBSD/amd64 using clang-13 and make the code a tiny bit more pretty.
Fixes #11113.
(cherry picked from commit
36c5a9e7129d68a7c7334437965c2db127e10428 )
Remi Gacogne [Fri, 15 Apr 2022 10:19:46 +0000 (12:19 +0200)]
dnsdist: Properly use eBPF when the DynBlock is not set
When the DynBlock rule does not set a specific action we use the
default one, set with `setDynBlocksAction()`, so we should follow
the same logic when determining whether to insert an eBPF block.
(cherry picked from commit
8742251acdcce8cd27d859595e5e30cecfa4e4ab )
Remi Gacogne [Fri, 15 Apr 2022 14:22:57 +0000 (16:22 +0200)]
Merge pull request #11551 from rgacogne/ddist17-docs-pin-jinja2
Remi Gacogne [Fri, 25 Mar 2022 08:45:55 +0000 (09:45 +0100)]
docs: Pin jinja2 to < 3.1.0
Jinja2 3.1.0 removed deprecated code that is still used by sphinx
1.8.x, and it looks like our custom sphinx extensions are not working
with more recent versions of sphinx..
See:
- https://github.com/pallets/jinja/issues/1631
- https://github.com/readthedocs/readthedocs.org/issues/9037
and
- https://github.com/PowerDNS/pdns/pull/7712
The exact error is:
```
Extension error:
Could not import extension sphinx.builders.latex (exception: cannot import name 'contextfunction' from 'jinja2' (/dnsdist/pdns/dnsdistdist/.venv/lib/python3.7/site-packages/jinja2/__init__.py))
```
(cherry picked from commit
92ad29702011ac7cbd0d7d118ba612e7e07cedbe )
Remi Gacogne [Wed, 23 Feb 2022 08:35:04 +0000 (09:35 +0100)]
Merge pull request #11335 from rgacogne/ddist17-fix-xfr-error-crash
Remi Gacogne [Thu, 17 Feb 2022 11:23:27 +0000 (12:23 +0100)]
dnsdist: Add a unit test for the "I/O error during proxy-enabled XFR" case
(cherry picked from commit
2d87738d7a85b91b522277f344491c6ee2e09c8e )
Remi Gacogne [Thu, 17 Feb 2022 10:22:44 +0000 (11:22 +0100)]
dnsdist: Fix a use-after-free in case of a network error in the middle of a XFR query
(cherry picked from commit
76a72b6b57397d15a217eae0d9936e704b3f4cf2 )
Peter van Dijk [Fri, 4 Feb 2022 15:01:50 +0000 (16:01 +0100)]
Merge pull request #11292 from Habbie/backport-11290-to-dnsdist-1.7.x
Peter van Dijk [Fri, 4 Feb 2022 11:40:20 +0000 (12:40 +0100)]
dnsdist Docker image: install ca-certificates
(cherry picked from commit
d256ad02c53c470b9fb035fe4b29daeb686e9734 )
Peter van Dijk [Thu, 3 Feb 2022 10:21:51 +0000 (11:21 +0100)]
Merge pull request #11278 from Habbie/backport-11262-to-dnsdist-1.7.x
Peter van Dijk [Mon, 31 Jan 2022 17:15:14 +0000 (18:15 +0100)]
builder: add el-7 alias for centos-7
(cherry picked from commit
6bd3c9bb23f5dfc385a66647ab175ec2812d6617 )
Peter van Dijk [Mon, 31 Jan 2022 15:43:54 +0000 (16:43 +0100)]
take centos 8-stream from quay
(cherry picked from commit
2f9edddc0c9c1f8a68e154f6c12e3fd214420563 )
Peter van Dijk [Mon, 31 Jan 2022 15:28:34 +0000 (16:28 +0100)]
builder CI: switch oraclelinux-8 to el-8
cleanup
(cherry picked from commit
1b27721782ad3dc547ed448a257c59829ff0bd94 )
Peter van Dijk [Mon, 31 Jan 2022 15:28:04 +0000 (16:28 +0100)]
builder: archs for oraclelinux-8; el-8 symlinks
(cherry picked from commit
dee53cf16161a6c45560475b647de420842532ef )
Peter van Dijk [Thu, 27 Jan 2022 13:02:08 +0000 (14:02 +0100)]
Merge pull request #11094 from Habbie/backport-11081-to-dnsdist-1.7.x
Remi Gacogne [Tue, 18 Jan 2022 11:55:37 +0000 (12:55 +0100)]
Merge pull request #11195 from rgacogne/ddist17-openssl3
Remi Gacogne [Mon, 17 Jan 2022 14:44:01 +0000 (15:44 +0100)]
dnsdist-1.7.x: Fix compilation with OpenSSL 3.0.0
Remi Gacogne [Wed, 12 Jan 2022 08:14:16 +0000 (09:14 +0100)]
Merge pull request #11156 from rgacogne/ddist17-warning-ratio
Doug Freed [Mon, 27 Dec 2021 17:00:37 +0000 (12:00 -0500)]
Test correct member in DynBlockRatioRule::warningRatioExceeded
Also sprinkle in some more checks of d_enabled.
Fixes #11131
(cherry picked from commit
b1fd5841e92719049751836cce728b136aaddb4a )
Remi Gacogne [Fri, 17 Dec 2021 10:14:07 +0000 (11:14 +0100)]
Merge pull request #11104 from rgacogne/ddist17-doh-tc-check-query-size
Remi Gacogne [Thu, 16 Dec 2021 10:03:11 +0000 (11:03 +0100)]
Merge pull request #11106 from rgacogne/ddist17-unbreak-compilation-without-doh
Remi Gacogne [Thu, 16 Dec 2021 08:36:25 +0000 (09:36 +0100)]
dnsdist: Fix compilation without incoming DoH support
(cherry picked from commit
d0ae90801838ed9104051fa11fa577f3a96a9289 )
Remi Gacogne [Wed, 15 Dec 2021 15:32:29 +0000 (16:32 +0100)]
Merge pull request #11103 from rgacogne/ddist17-fix-dropped-doh-cross-responses
Remi Gacogne [Wed, 15 Dec 2021 13:57:54 +0000 (14:57 +0100)]
Merge pull request #11085 from rgacogne/ddist17-remove-non-ddist-ci
Remi Gacogne [Thu, 9 Dec 2021 10:14:57 +0000 (11:14 +0100)]
dnsdist: Account for the proxy protocol payload when checking the query size
(cherry picked from commit
4546141949cce7e2518f94d23361c02cb11a65c4 )
Remi Gacogne [Wed, 8 Dec 2021 14:36:37 +0000 (15:36 +0100)]
dnsdist: Check the size of the query when re-sending a DoH query
When the UDP response to a DoH query was truncated, we re-send the
query via TCP, passing it to a TCP worker. We need to edit the ID
to its original value before that, and while there is no reason
that the query is smaller than a dnsheader, we need to check its size,
not the size of the response.
(cherry picked from commit
5d552300959a5133546bb65ddeb8ce918d598c08 )
Remi Gacogne [Wed, 15 Dec 2021 11:19:11 +0000 (12:19 +0100)]
dnsdist: Clarify that if the call failed we still own the DOHUnit
(cherry picked from commit
9d53151a282e9a98f75d28e8fcbff7901a07b592 )
Remi Gacogne [Wed, 15 Dec 2021 10:49:29 +0000 (11:49 +0100)]
dnsdist: Add comments on reference counting around our internal pipe
(cherry picked from commit
e36f950460e7fa8e53c9b6751e244d15f6bcd24c )
Remi Gacogne [Wed, 15 Dec 2021 09:54:07 +0000 (10:54 +0100)]
dnsdist: Use an alias for the DOHUnit unique pointer
(cherry picked from commit
9f46a693ffc6a9e7614f787726b210731fe10a8d )
Remi Gacogne [Wed, 15 Dec 2021 09:53:28 +0000 (10:53 +0100)]
dnsdist: Fix typo spotted by Otto
(cherry picked from commit
1fa2cd69bfd3a4edfa54e84795962c74e31794b6 )
Remi Gacogne [Wed, 8 Dec 2021 14:31:18 +0000 (15:31 +0100)]
dnsdist: Increment the DoH ref counter before writing to the pipe
As far as I can tell this is not actually needed, as we decrement
it right away, but it prevents TSAN from reporting a race when the
UDP response comes very fast, is truncated, and the query is then
passed to a TCP worker. TSAN seems to think that the thread is still
sending the UDP query when we touch it again in the TCP worker, which
does not really make sense to me.
My guess is that the memory barrier needed to update the ref counter
makes TSAN happy, but I might be missing something.
(cherry picked from commit
7a90dbde7b01321783d73d71520abd3fa380a9c8 )
Remi Gacogne [Wed, 8 Dec 2021 11:31:00 +0000 (12:31 +0100)]
dnsdist: Wrap the DOHUnit object in a unique_ptr whenever possible
(cherry picked from commit
871e5e481310f1e51bfb76319d5f49a27d21804d )
Remi Gacogne [Wed, 8 Dec 2021 10:15:08 +0000 (11:15 +0100)]
dnsdist: Refactoring of the DoH unit handling
(cherry picked from commit
2171e7c7ef360c5646646c6504d29d83a74e18c2 )
Remi Gacogne [Wed, 8 Dec 2021 10:13:34 +0000 (11:13 +0100)]
dnsdist: Fix a leak when a UDP response for DoH is truncated
(cherry picked from commit
65ef9d4617349aac5e350e07fcce3a7e7ee3be67 )
Remi Gacogne [Tue, 7 Dec 2021 16:41:22 +0000 (17:41 +0100)]
dnsdist: Fix a double-free when a DoH cross-protocol response is dropped
(cherry picked from commit
dbd2a418d299891e5af3b2376f41bb7464dae45d )
Nico Vaatstra [Thu, 9 Dec 2021 11:39:29 +0000 (12:39 +0100)]
Additional note on Docker Engine version where the requirement of the additional capability was dropped
(cherry picked from commit
07b24e5743c08c828c73a93e724a86a5b83b680a )
Nico Vaatstra [Wed, 8 Dec 2021 15:28:42 +0000 (16:28 +0100)]
Remove capability requirements from Docker images
(cherry picked from commit
f28c81ed0242b6838eafdb61933a6f63b68040cf )
Remi Gacogne [Thu, 9 Dec 2021 13:24:35 +0000 (14:24 +0100)]
dnsdist-1.7.x: Remove non dnsdist-related CI steps
Remi Gacogne [Wed, 8 Dec 2021 15:16:01 +0000 (16:16 +0100)]
Merge pull request #11078 from rgacogne/ddist-ffi-spoof-raw-no-const
Remi Gacogne [Wed, 8 Dec 2021 11:41:23 +0000 (12:41 +0100)]
dnsdist: Fix const-correctness of dnsdist_ffi_raw_value_t's value
Pieter Lexis [Tue, 7 Dec 2021 12:12:02 +0000 (13:12 +0100)]
Merge pull request #11073 from jsoref/grammar
Josh Soref [Tue, 7 Dec 2021 09:21:44 +0000 (04:21 -0500)]
Minor fixes
Otto Moerbeek [Mon, 6 Dec 2021 14:27:52 +0000 (15:27 +0100)]
Merge pull request #11070 from omoerbeek/rec-regr-logs
Peter van Dijk [Mon, 6 Dec 2021 11:56:02 +0000 (12:56 +0100)]
Merge pull request #11068 from Habbie/bind-hybrid-zone-cache
Peter van Dijk [Mon, 6 Dec 2021 11:55:05 +0000 (12:55 +0100)]
Merge pull request #11067 from Habbie/pdnsutil-ds-sha1-verbose
Peter van Dijk [Mon, 6 Dec 2021 11:54:33 +0000 (12:54 +0100)]
Merge pull request #11066 from zeha/auth-api-zonecache-flush-small
Peter van Dijk [Mon, 6 Dec 2021 11:49:09 +0000 (12:49 +0100)]
Merge pull request #11071 from PowerDNS/omoerbeek-patch-1
Otto Moerbeek [Mon, 6 Dec 2021 08:29:36 +0000 (09:29 +0100)]
Merge pull request #11069 from omoerbeek/rec-no-eventtrace-on-no-lua
Otto Moerbeek [Fri, 3 Dec 2021 14:29:09 +0000 (15:29 +0100)]
Cleanup start and stop code
Otto Moerbeek [Fri, 3 Dec 2021 16:18:07 +0000 (17:18 +0100)]
Wrong title of check
Chris Hofstaedtler [Fri, 3 Dec 2021 12:52:38 +0000 (13:52 +0100)]
auth API: add zone to zonecache in flush endpoint
Peter van Dijk [Fri, 3 Dec 2021 11:51:10 +0000 (12:51 +0100)]
auth: prevent bind-hybrid+zone-cache, fixes #10658
Chris Hofstaedtler [Fri, 3 Dec 2021 12:45:34 +0000 (13:45 +0100)]
auth API: purge entire zone from cache, not just zone-level records
Otto Moerbeek [Fri, 3 Dec 2021 12:26:32 +0000 (13:26 +0100)]
Merge pull request #11064 from omoerbeek/docs-secpoll-status
Otto [Fri, 3 Dec 2021 12:24:45 +0000 (13:24 +0100)]
Do not generate eventtrace records if no Lua hook is defined
Peter van Dijk [Fri, 3 Dec 2021 11:38:25 +0000 (12:38 +0100)]
pdnsutil: skip SHA1 DSes except in verbose mode, fixes #11045
Otto [Fri, 3 Dec 2021 08:18:41 +0000 (09:18 +0100)]
For pre-releases, use status 2 when supserseded.
Otto Moerbeek [Fri, 3 Dec 2021 09:32:21 +0000 (10:32 +0100)]
Merge pull request #11063 from omoerbeek/rec-prep-4.6.0-rc1
Remi Gacogne [Fri, 3 Dec 2021 09:11:16 +0000 (10:11 +0100)]
Merge pull request #11054 from rgacogne/ddist-fix-webserver-headers-doc
Otto Moerbeek [Fri, 3 Dec 2021 08:45:51 +0000 (09:45 +0100)]
Update pdns/recursordist/docs/changelog/4.6.rstCo-authored-by: Remi Gacogne <github@coredump.fr>
Otto [Wed, 1 Dec 2021 15:21:09 +0000 (16:21 +0100)]
Prep for rec-4.6.0-rc1
Otto Moerbeek [Wed, 1 Dec 2021 12:13:40 +0000 (13:13 +0100)]
Merge pull request #10982 from omoerbeek/systemd-dir-env-cond
Otto [Mon, 15 Nov 2021 10:48:22 +0000 (11:48 +0100)]
Condition to HAVE_SYSTEMD_WITH_RUNTIME_DIR_ENV is reversed
Remi Gacogne [Wed, 1 Dec 2021 08:53:43 +0000 (09:53 +0100)]
dnsdist: Fix 'custom_headers' -> 'customHeaders' in the webserver doc
Remi Gacogne [Tue, 30 Nov 2021 13:01:41 +0000 (14:01 +0100)]
Merge pull request #11039 from rgacogne/ddist-split-advanced-regression
Otto Moerbeek [Tue, 30 Nov 2021 11:53:30 +0000 (12:53 +0100)]
Merge pull request #11043 from omoerbeek/rec-regr-fast-startup-teardown
Otto Moerbeek [Tue, 30 Nov 2021 11:02:40 +0000 (12:02 +0100)]
Merge pull request #11050 from omoerbeek/rec-catch-guard-ex
Otto Moerbeek [Tue, 30 Nov 2021 11:00:15 +0000 (12:00 +0100)]
Merge pull request #11033 from omoerbeek/circleci-drop-formatting
Otto [Tue, 30 Nov 2021 10:55:59 +0000 (11:55 +0100)]
Wait for web server to come online before proceeding
Otto [Tue, 30 Nov 2021 06:55:10 +0000 (07:55 +0100)]
Set timeout on TCP connect attempt
Otto [Mon, 29 Nov 2021 11:14:55 +0000 (12:14 +0100)]
Wait for webserver to come up
Otto [Mon, 29 Nov 2021 09:56:23 +0000 (10:56 +0100)]
Wait until outgoing requests stabilizes before starting tests, rec might stil be busy resolving hints.
projects / thirdparty / pdns.git / log
