]>
git.ipfire.org Git - thirdparty/pdns.git/log
Remi Gacogne [Thu, 23 Jun 2022 10:36:17 +0000 (12:36 +0200)]
dnsdist: Fix the number of concurrent queries on a backend TCP conn
When we are in the process of sending a query to the backend, that
query is no longer accounted in the "queued" queries nor it is in
the "queued" responses, but we need to take it into account.
Otherwise we might be sending two concurrent queries to a backend
that does not support out-of-order processing (increasing our
latency), or even worse to one that does not support pipelining.
(cherry picked from commit
2848406e55b5a1d2e35bfa9f7c4dbb0c49989a1b )
Remi Gacogne [Wed, 10 Aug 2022 16:07:28 +0000 (18:07 +0200)]
dnsdist: Extract the logic in SetEDNSOptionAction into a separate function
So that we can reuse and test it without linking issues.
(cherry picked from commit
721569c13d64fc17aa4b6fd420da8556f5917d7f )
Remi Gacogne [Sat, 2 Jul 2022 14:34:37 +0000 (16:34 +0200)]
dnsdist: Fix indentation
(cherry picked from commit
54d32dc54a1b3a7986b16cff5b6028016ec55d85 )
Remi Gacogne [Sat, 2 Jul 2022 12:20:38 +0000 (14:20 +0200)]
dnsdist: Forward declaration of DNSQuestion should be a struct
(cherry picked from commit
3baa93c2874f96011de57f6179373e568f3c53da )
Remi Gacogne [Sat, 2 Jul 2022 10:42:29 +0000 (12:42 +0200)]
dnsdist: Add DNSQuestion:setEDNSOption() Lua binding
(cherry picked from commit
21ebaa6e1c9fa87cf5f7a8ceffe7cc840cdec60b )
Remi Gacogne [Sat, 2 Jul 2022 10:40:47 +0000 (12:40 +0200)]
dnsdist: Add a unit test for SetEDNSOptionAction with DO set
(cherry picked from commit
3165970b7d2ce72de227bbc2962670cebab288bb )
Remi Gacogne [Sat, 2 Jul 2022 10:39:05 +0000 (12:39 +0200)]
dnsdist: Add a regression test for SetEDNSOptionAction with DO set
(cherry picked from commit
f86629741495e735f050e3636be91775f0b4cc09 )
Remi Gacogne [Tue, 28 Jun 2022 08:32:01 +0000 (10:32 +0200)]
dnsdist: Fix a bug in SetEDNSOptionAction
The DNS parser has already converted the "TTL" of the OPT record to
the host byte order before providing to us, and unfortunately we do
not want that for the meta-OPT record, where the TTL is used to encode
the extended rcode, the EDNS version and the DO bits, amongst other
things.
In other places we do parse the TTL from the DNS payload ourselves
and thus do not need to worry about that conversion, but here we
need to convert the value back to the network byte order.
(cherry picked from commit
0d6d240e56629b522e486520171f4f043b2db3c9 )
Asgeir Storesund Nilsen [Mon, 8 Aug 2022 09:01:42 +0000 (11:01 +0200)]
Use stringerror
Co-authored-by: Remi Gacogne <github@coredump.fr>
(cherry picked from commit
cd0d1c226596ae9ab35a8f9f7992755139294f6a )
Asgeir Storesund Nilsen [Thu, 4 Aug 2022 17:46:06 +0000 (19:46 +0200)]
Also reconnect on ENETUNREACH.
Ref. #4155
(cherry picked from commit
63f2d2700d5c011df2270beabe92a87168ef3c66 )
Remi Gacogne [Tue, 9 Aug 2022 11:22:25 +0000 (13:22 +0200)]
dnsdist: Fix a possible race in the CDB reload regression tests
(cherry picked from commit
d8f842ee5d729394ad4045364d840e349f346b52 )
Remi Gacogne [Fri, 21 Oct 2022 09:07:20 +0000 (11:07 +0200)]
dnsdist: Fix comparison of DNS serials
(cherry picked from commit
8441e20e9547b1caaccf5831b3c666f8f824d40e )
Remi Gacogne [Wed, 19 Oct 2022 11:30:07 +0000 (13:30 +0200)]
dnsdist: Only IXFR queries can contain a SOA
So the "single SOA" response is only valid for IXFR, not AXFR.
This is the second issue spotted by Håkan Lindqvist in this pull
request, many, many thanks for that :)
(cherry picked from commit
0d44343fc40e7710822b11f2e3f4ae9b1755df04 )
Remi Gacogne [Wed, 19 Oct 2022 09:58:33 +0000 (11:58 +0200)]
dnsdist: Also handle XFR responses with a lower serial than the query
As suggested by Håkan Lindqvist (thanks!).
(cherry picked from commit
e09d3a8fcdf5077ee3449bd94d27d37b8ba218a1 )
Remi Gacogne [Wed, 19 Oct 2022 09:20:00 +0000 (11:20 +0200)]
dnsdist: Properly handle single-SOA XFR responses
From rfc1995 section 2 "Brief Description of the Protocol":
"If an IXFR query with the same or newer version number than that of the server is received, it is replied to with a single SOA record of the server's current version, just as in AXFR."
Until now we considered such a message to be an unfinished response to the pending {A,I}XFR, waiting for more DNS messages to come up and keeping the connection open for as long as the remote host was willing to accept that.
This causes an issue for servers keeping the connection open for a very long time, like ixfrdist.
(cherry picked from commit
ad2941b4c9e6c6cc81216c160c1aa02d77ac0ba6 )
Remi Gacogne [Fri, 25 Nov 2022 17:34:17 +0000 (18:34 +0100)]
dnsdist: Ignore unclean TLS session shutdown
OpenSSL 3.0 "helpfully" treats an unclean TLS session shutdown as an
error, flooding our logs and killing TLS session resumption. We do
not care about a possible "truncation attack" since we already know
how many bytes we are supposed to get, so we can ignore this.
(cherry picked from commit
099749046c03c1c2ee8d7c83e0fb7f3a66f7c75e )
Otto Moerbeek [Fri, 2 Dec 2022 08:16:55 +0000 (09:16 +0100)]
Properly encode json string containing binary data
The existing code assumes the strings are alreayd valid UTF8 and contain potential out-of-bound accesses.
Also urlEncode path in log lines, as it trips pytest.xml:
Running tests...
$ 'pytest' '--junitxml=pytest.xml' '-v'
==STDOUT===
==STDERRR===
File "/home/otto/pdns/regression-tests.api/runtests.py", line 304, in <module>
print(serverproc.stderr.read())
File "/usr/lib/python3.9/codecs.py", line 322, in decode
(result, consumed) = self._buffer_decode(data, self.errors, final)
UnicodeDecodeError: 'utf-8' codec can't decode byte 0xeb in position 4304: invalid continuation byte
There might be more places where this is needed.
(cherry picked from commit
1478a2c8713535e4cbd1943e2526e3527d58a19b )
Remi Gacogne [Wed, 14 Dec 2022 15:10:49 +0000 (16:10 +0100)]
dnsdist: Fix the health-check timeout computation for DoH backend
The remaining milliseconds after handling the full seconds was not
properly converted to microseconds.
(cherry picked from commit
5545db56470250d31c1034fca6e9d884bd4094a3 )
Remi Gacogne [Tue, 27 Dec 2022 16:01:55 +0000 (17:01 +0100)]
dnsdist: Prevent an underflow of the TCP d_queued counter
By incrementing it _before_ writing to the pipe, and decrementing
it in case of an error, we prevent a very possible underflow from
occurring if the reader manages to decrement before we can return
from write and increment it.
(cherry picked from commit
817901ff3cee433ef5febdfc19ff29487b94fdd8 )
Remi Gacogne [Fri, 20 Jan 2023 11:00:10 +0000 (12:00 +0100)]
libssl: Use decltype(&SSL_CTX_free) as suggested by Fred
(cherry picked from commit
e99550b86a6e5dacc31ad596bcfe638223654cc8 )
Remi Gacogne [Mon, 16 Jan 2023 14:28:02 +0000 (15:28 +0100)]
dnsdist: Skip invalid OCSP files after issuing a warning
Contrary to certificates and keys, OCSP files are never required to
provide a working DoT or DoH service, so it's better to start even
if would not load all, or any, OCSP files.
(cherry picked from commit
d1ce3058fcffd31496346f4575020162f6c49077 )
Remi Gacogne [Fri, 27 Jan 2023 16:31:54 +0000 (17:31 +0100)]
dnsdist: Add a regression test for RCodeAction-related metrics
(cherry picked from commit
8bdce29f8a6cc98663297e8295927721ce5ba466 )
Remi Gacogne [Fri, 27 Jan 2023 16:30:32 +0000 (17:30 +0100)]
dnsdist: Properly update rcode-related metrics on RCodeAction hits
(cherry picked from commit
6e959bfcca7b0675afddf9fed2b3fce6cac03419 )
Remi Gacogne [Fri, 10 Feb 2023 09:33:34 +0000 (10:33 +0100)]
dnsdist: Properly record the incoming flags on a timeout
(cherry picked from commit
58a4b9b3a11dae59ae17f0a2fdbeeed4cc739b38 )
Remi Gacogne [Fri, 10 Feb 2023 15:01:58 +0000 (16:01 +0100)]
dnsdist: Fix the formatting of 'showServers'
Long IPv6 addresses and huge weight and order values were not properly
handled.
(cherry picked from commit
3619223b82681b8176ea6f55d422fc5d316ba77d )
Remi Gacogne [Wed, 25 Jan 2023 08:27:43 +0000 (09:27 +0100)]
Merge pull request #12460 from Habbie/backport-12453-to-dnsdist-1.7.x
Remi Gacogne [Mon, 23 Jan 2023 20:44:19 +0000 (21:44 +0100)]
Merge pull request #12461 from Habbie/dnsdist-1.7.x-docs-lieter-dep
Peter van Dijk [Tue, 11 Jan 2022 13:18:08 +0000 (14:18 +0100)]
docs: move dependencies from pieterlexis to PowerDNS
(cherry picked from commit
9805260c407d8ae14cc613cd8f576e4796469b64 )
Peter van Dijk [Mon, 23 Jan 2023 13:54:09 +0000 (14:54 +0100)]
lock.hh: include <stdexcept>
(cherry picked from commit
d8b4ea24dc5dbe7c53c24bfffba24bcae7f58e02 )
Peter van Dijk [Thu, 10 Nov 2022 11:03:41 +0000 (12:03 +0100)]
Merge pull request #12183 from Habbie/dnsdist-1.7.x-value_or
Peter van Dijk [Thu, 10 Nov 2022 08:17:11 +0000 (09:17 +0100)]
fix one more instance of value_or that we apparently no longer have on master
Remi Gacogne [Tue, 8 Nov 2022 09:36:07 +0000 (10:36 +0100)]
dnsdist: Fix building with boost < 1.56
boost::optional::value_or() has been introduced in 1.56
and we only require 1.53, so stop using it.
(cherry picked from commit
8464c603664a9d52fdf775413fdbd99357fab566 )
Peter van Dijk [Tue, 20 Sep 2022 09:12:34 +0000 (11:12 +0200)]
Merge pull request #11948 from Habbie/backport-11788-to-dnsdist-1.7.x
Peter van Dijk [Mon, 19 Sep 2022 17:57:09 +0000 (19:57 +0200)]
Merge pull request #11974 from Habbie/backport-11961-to-dnsdist-1.7.x
Peter van Dijk [Thu, 15 Sep 2022 13:14:34 +0000 (15:14 +0200)]
docker: upgrade to bullseye
(cherry picked from commit
a0d3acff25a92627186ee43bead110aef416f59a )
Peter van Dijk [Fri, 15 Jul 2022 14:27:22 +0000 (16:27 +0200)]
add 9-stream target and test it daily
(cherry picked from commit
f021d529629ef9dc7b7983b9d1c7e7ca589b6f13 )
Peter van Dijk [Wed, 13 Jul 2022 20:23:45 +0000 (22:23 +0200)]
add el-9 target
(cherry picked from commit
4728ab89f071c0d5f596638614efb85a26fafdd4 )
Peter van Dijk [Fri, 1 Jul 2022 11:47:44 +0000 (13:47 +0200)]
Merge pull request #11742 from Habbie/backport-11735-to-dnsdist-1.7.x
Peter van Dijk [Thu, 30 Jun 2022 11:51:00 +0000 (13:51 +0200)]
dh_builddeb: force gzip compression, thanks Zash!
(cherry picked from commit
bbfa37c0232b56e2227668717dbb97ce4f01d990 )
Remi Gacogne [Tue, 7 Jun 2022 09:56:24 +0000 (11:56 +0200)]
Merge pull request #11667 from rgacogne/ddist17-fix-proxyprotocol-tc-doh+ddist-fix-proxyprotocol-tc-doh
Remi Gacogne [Wed, 11 May 2022 15:58:31 +0000 (17:58 +0200)]
dnsdist: Test for an exception raised when adding proxy protocol payload to a DoH query
(cherry picked from commit
dc3ee9ab30c713a57d67f2eba04f59a6c3371a50 )
Remi Gacogne [Tue, 10 May 2022 20:26:21 +0000 (22:26 +0200)]
dnsdist: Fix a crash on a invalid protocol in DoH forwarded-for header
(cherry picked from commit
f84fbd58b150fe6b69a7af27e23502f58f68eee5 )
(cherry picked from commit
bcdb279ebd78ee4911baa396c0566ada01232c23 )
Remi Gacogne [Thu, 2 Jun 2022 15:33:47 +0000 (17:33 +0200)]
Merge pull request #11666 from rgacogne/ddist17-lua-binding-dns-payload
Remi Gacogne [Thu, 2 Jun 2022 15:33:10 +0000 (17:33 +0200)]
Merge pull request #11665 from rgacogne/ddist17-fix-proxyprotocol-tc-doh
Remi Gacogne [Thu, 2 Jun 2022 14:37:26 +0000 (16:37 +0200)]
Merge pull request #11664 from rgacogne/ddist17-missing-prometheus-descriptions
Remi Gacogne [Wed, 4 May 2022 16:38:22 +0000 (18:38 +0200)]
dnsdist: Fix invalid proxy protocol payload on a DoH TC to TCP retry
dnsdist forwards incoming DoH queries to its backend over UDP, and
retry over TCP if the response is truncated (TC=1).
When the proxy protocol is used between dnsdist and its backend, the
second query, over TCP, needs to take into account that the proxy
protocol payload has already been handled. This was not properly done
in that exact case because the proxy protocol payload length was not
propagated to the code handling the TCP communication, leading to
the query ID being edited at the wrong offset in the packet and thus
to an invalid proxy protocol payload.
(cherry picked from commit
1c9c001cbe327023e5d490e5bc044d67ecae9cf2 )
Remi Gacogne [Wed, 4 May 2022 08:48:56 +0000 (10:48 +0200)]
dnsdist: Add missing descriptions for prometheus metrics
(cherry picked from commit
b03faac0603a3283efc80f3a226c4db614fb2bf2 )
Remi Gacogne [Thu, 5 May 2022 14:20:07 +0000 (16:20 +0200)]
dnsdist: Add Lua bindings to access the DNS payload as a string
(cherry picked from commit
1bf2f3b2f126cd26378ae6b848585e0182bf45d4 )
Remi Gacogne [Wed, 1 Jun 2022 13:36:29 +0000 (15:36 +0200)]
Merge pull request #11663 from rgacogne/ddist17-protobuf-python-impl
Peter van Dijk [Tue, 31 May 2022 10:13:57 +0000 (12:13 +0200)]
protobuf: use python implementation during tests
(cherry picked from commit
2dd4d60b8103a64c796296647ad7b45226d5a5bd )
Remi Gacogne [Tue, 31 May 2022 08:53:29 +0000 (10:53 +0200)]
Merge pull request #11579 from rgacogne/ddist17-skip-scan-no-outstanding
Remi Gacogne [Tue, 31 May 2022 08:53:17 +0000 (10:53 +0200)]
Merge pull request #11580 from rgacogne/ddist17-healthcheck-mplexer
Remi Gacogne [Mon, 21 Mar 2022 09:27:30 +0000 (10:27 +0100)]
dnsdist-1.7.x: Only allocate the health-check mplexer when needed
When health-checking is disabled, or when a check delay longer than one
second is used, there is no need to allocate a new multiplexer object
every second.
(cherry picked from commit
017337515725264173e4d1f254bc0a19e4da6f4a )
Remi Gacogne [Tue, 26 Apr 2022 07:59:46 +0000 (09:59 +0200)]
dnsdist-1.7: Scan the UDP buckets only when we have outstanding queries
Remi Gacogne [Fri, 22 Apr 2022 12:34:11 +0000 (14:34 +0200)]
Merge pull request #11572 from rgacogne/ddist17-check-interval-timeouts
Remi Gacogne [Fri, 22 Apr 2022 11:29:28 +0000 (13:29 +0200)]
dnsdist: The check interval applies to health-check, not timeouts
Remi Gacogne [Fri, 22 Apr 2022 11:11:12 +0000 (13:11 +0200)]
Merge pull request #11566 from rgacogne/ddist171-backports
Remi Gacogne [Fri, 22 Apr 2022 09:02:26 +0000 (11:02 +0200)]
Merge pull request #11550 from rgacogne/ddist17-bpf-block-action
Remi Gacogne [Wed, 20 Apr 2022 12:32:14 +0000 (14:32 +0200)]
dnsdist: Fix wrong eBPF values (qtype, counter) being inserted for qnames
(cherry picked from commit
815aee7a22c749b0e4729318d66af311f5137314 )
Remi Gacogne [Fri, 15 Apr 2022 12:21:57 +0000 (14:21 +0200)]
dnsdist: Fix formatting
(cherry picked from commit
9c591809dad79eaae701120ba75401cb0489470e )
Remi Gacogne [Fri, 15 Apr 2022 10:57:53 +0000 (12:57 +0200)]
dnsdist: Add a 'getAddressAndPort()' method to DOHFrontend and TLSFrontend objects
(cherry picked from commit
59090737335dc8fe412ed00d2e73e3cf056713c9 )
Remi Gacogne [Fri, 15 Apr 2022 10:46:44 +0000 (12:46 +0200)]
dnsdist: Raise the number of entries in a packet cache to at least 1
And make sure that we cannot create such an object.
(cherry picked from commit
ffae2ddce64501226153261927178618d7d94a06 )
Remi Gacogne [Fri, 15 Apr 2022 10:35:20 +0000 (12:35 +0200)]
dnsdist: Use the correct outgoing protocol in our ring buffers
(cherry picked from commit
d5578666bcfb4f8c994e44a355bd786f232482e2 )
Remi Gacogne [Mon, 14 Feb 2022 18:03:24 +0000 (19:03 +0100)]
Better GnuTLS warning as suggested by Matt Nordhoff
Co-authored-by: Matt Nordhoff <mnordhoff@mattnordhoff.com>
(cherry picked from commit
298de588dacb292791088c155fc347082a39ca80 )
Remi Gacogne [Mon, 14 Feb 2022 16:43:11 +0000 (17:43 +0100)]
dnsdist: Remove the leak warning with GnuTLS >= 3.7.3
(cherry picked from commit
dc75dd372225f29a200794c019f78f20f3f496a9 )
Otto Moerbeek [Tue, 22 Feb 2022 07:17:34 +0000 (08:17 +0100)]
Better description of latency-count and latency-bucket
(cherry picked from commit
c1a71fed871d65c45ac3dbdfddef2f0324e5b17e )
Remi Gacogne [Mon, 14 Feb 2022 16:30:03 +0000 (17:30 +0100)]
dnsdist: Fix the latency-count metric
(cherry picked from commit
3df91da4c285a82179434f3009c94b865490a5a3 )
Remi Gacogne [Mon, 31 Jan 2022 11:11:36 +0000 (12:11 +0100)]
dnsdist: Fix 'inConfigCheck()'
(cherry picked from commit
dd6dfd9914f7e244b1a7170137c267c17752e47a )
Remi Gacogne [Mon, 31 Jan 2022 09:53:10 +0000 (10:53 +0100)]
dnsdist: Fix the health-check timeout for outgoing DoH connections
The health-check timeout is in milliseconds, contrary to the other
ones that are in seconds.
(cherry picked from commit
68f77a91b7d4e712bc068c02e64097651a6f30a6 )
Remi Gacogne [Tue, 1 Feb 2022 10:50:51 +0000 (11:50 +0100)]
dnsdist: Add regression tests for outgoing SNI
(cherry picked from commit
bff628697a6a21b627ff9f9e5f3962de6b627380 )
Remi Gacogne [Mon, 31 Jan 2022 11:24:29 +0000 (12:24 +0100)]
TCPIOHandler: Handle empty TLS hostname in outgoing connections
(cherry picked from commit
4d6004bda9401c82a35fdd148c89120c0d09f2c0 )
Remi Gacogne [Mon, 31 Jan 2022 09:33:46 +0000 (10:33 +0100)]
dnsdist: Set Server Name Indication on outgoing TLS connections (DoT, DoH)
(cherry picked from commit
3a692438ae8353544c934ac6f6c53dce0a55c70a )
Peter van Dijk [Fri, 14 Jan 2022 11:12:09 +0000 (12:12 +0100)]
test ubuntu jammy build target
(cherry picked from commit
e3d50799180eb4499f8dda5263773775301bfa7e )
Peter van Dijk [Fri, 14 Jan 2022 11:12:04 +0000 (12:12 +0100)]
add ubuntu jammy build target
(cherry picked from commit
6c1e5fd70b4dd4e75b18ff8c75f93c7d22122643 )
Remi Gacogne [Mon, 17 Jan 2022 15:56:13 +0000 (16:56 +0100)]
Stop using the now deprecated and useless std::binary_function
It is no longer needed since the types can now be automatically
deduced, has been deprecated in C++11 and removed in C++17.
(cherry picked from commit
7587bcbea8a9cb3058cb2e6d7f6a2597494b6713 )
Otto Moerbeek [Wed, 12 Jan 2022 12:49:53 +0000 (13:49 +0100)]
Work around a compiler bug seen on OpenBSD/amd64 using clang-13 and make the code a tiny bit more pretty.
Fixes #11113.
(cherry picked from commit
36c5a9e7129d68a7c7334437965c2db127e10428 )
Remi Gacogne [Fri, 15 Apr 2022 10:19:46 +0000 (12:19 +0200)]
dnsdist: Properly use eBPF when the DynBlock is not set
When the DynBlock rule does not set a specific action we use the
default one, set with `setDynBlocksAction()`, so we should follow
the same logic when determining whether to insert an eBPF block.
(cherry picked from commit
8742251acdcce8cd27d859595e5e30cecfa4e4ab )
Remi Gacogne [Fri, 15 Apr 2022 14:22:57 +0000 (16:22 +0200)]
Merge pull request #11551 from rgacogne/ddist17-docs-pin-jinja2
Remi Gacogne [Fri, 25 Mar 2022 08:45:55 +0000 (09:45 +0100)]
docs: Pin jinja2 to < 3.1.0
Jinja2 3.1.0 removed deprecated code that is still used by sphinx
1.8.x, and it looks like our custom sphinx extensions are not working
with more recent versions of sphinx..
See:
- https://github.com/pallets/jinja/issues/1631
- https://github.com/readthedocs/readthedocs.org/issues/9037
and
- https://github.com/PowerDNS/pdns/pull/7712
The exact error is:
```
Extension error:
Could not import extension sphinx.builders.latex (exception: cannot import name 'contextfunction' from 'jinja2' (/dnsdist/pdns/dnsdistdist/.venv/lib/python3.7/site-packages/jinja2/__init__.py))
```
(cherry picked from commit
92ad29702011ac7cbd0d7d118ba612e7e07cedbe )
Remi Gacogne [Wed, 23 Feb 2022 08:35:04 +0000 (09:35 +0100)]
Merge pull request #11335 from rgacogne/ddist17-fix-xfr-error-crash
Remi Gacogne [Thu, 17 Feb 2022 11:23:27 +0000 (12:23 +0100)]
dnsdist: Add a unit test for the "I/O error during proxy-enabled XFR" case
(cherry picked from commit
2d87738d7a85b91b522277f344491c6ee2e09c8e )
Remi Gacogne [Thu, 17 Feb 2022 10:22:44 +0000 (11:22 +0100)]
dnsdist: Fix a use-after-free in case of a network error in the middle of a XFR query
(cherry picked from commit
76a72b6b57397d15a217eae0d9936e704b3f4cf2 )
Peter van Dijk [Fri, 4 Feb 2022 15:01:50 +0000 (16:01 +0100)]
Merge pull request #11292 from Habbie/backport-11290-to-dnsdist-1.7.x
Peter van Dijk [Fri, 4 Feb 2022 11:40:20 +0000 (12:40 +0100)]
dnsdist Docker image: install ca-certificates
(cherry picked from commit
d256ad02c53c470b9fb035fe4b29daeb686e9734 )
Peter van Dijk [Thu, 3 Feb 2022 10:21:51 +0000 (11:21 +0100)]
Merge pull request #11278 from Habbie/backport-11262-to-dnsdist-1.7.x
Peter van Dijk [Mon, 31 Jan 2022 17:15:14 +0000 (18:15 +0100)]
builder: add el-7 alias for centos-7
(cherry picked from commit
6bd3c9bb23f5dfc385a66647ab175ec2812d6617 )
Peter van Dijk [Mon, 31 Jan 2022 15:43:54 +0000 (16:43 +0100)]
take centos 8-stream from quay
(cherry picked from commit
2f9edddc0c9c1f8a68e154f6c12e3fd214420563 )
Peter van Dijk [Mon, 31 Jan 2022 15:28:34 +0000 (16:28 +0100)]
builder CI: switch oraclelinux-8 to el-8
cleanup
(cherry picked from commit
1b27721782ad3dc547ed448a257c59829ff0bd94 )
Peter van Dijk [Mon, 31 Jan 2022 15:28:04 +0000 (16:28 +0100)]
builder: archs for oraclelinux-8; el-8 symlinks
(cherry picked from commit
dee53cf16161a6c45560475b647de420842532ef )
Peter van Dijk [Thu, 27 Jan 2022 13:02:08 +0000 (14:02 +0100)]
Merge pull request #11094 from Habbie/backport-11081-to-dnsdist-1.7.x
Remi Gacogne [Tue, 18 Jan 2022 11:55:37 +0000 (12:55 +0100)]
Merge pull request #11195 from rgacogne/ddist17-openssl3
Remi Gacogne [Mon, 17 Jan 2022 14:44:01 +0000 (15:44 +0100)]
dnsdist-1.7.x: Fix compilation with OpenSSL 3.0.0
Remi Gacogne [Wed, 12 Jan 2022 08:14:16 +0000 (09:14 +0100)]
Merge pull request #11156 from rgacogne/ddist17-warning-ratio
Doug Freed [Mon, 27 Dec 2021 17:00:37 +0000 (12:00 -0500)]
Test correct member in DynBlockRatioRule::warningRatioExceeded
Also sprinkle in some more checks of d_enabled.
Fixes #11131
(cherry picked from commit
b1fd5841e92719049751836cce728b136aaddb4a )
Remi Gacogne [Fri, 17 Dec 2021 10:14:07 +0000 (11:14 +0100)]
Merge pull request #11104 from rgacogne/ddist17-doh-tc-check-query-size
Remi Gacogne [Thu, 16 Dec 2021 10:03:11 +0000 (11:03 +0100)]
Merge pull request #11106 from rgacogne/ddist17-unbreak-compilation-without-doh
Remi Gacogne [Thu, 16 Dec 2021 08:36:25 +0000 (09:36 +0100)]
dnsdist: Fix compilation without incoming DoH support
(cherry picked from commit
d0ae90801838ed9104051fa11fa577f3a96a9289 )
Remi Gacogne [Wed, 15 Dec 2021 15:32:29 +0000 (16:32 +0100)]
Merge pull request #11103 from rgacogne/ddist17-fix-dropped-doh-cross-responses
Remi Gacogne [Wed, 15 Dec 2021 13:57:54 +0000 (14:57 +0100)]
Merge pull request #11085 from rgacogne/ddist17-remove-non-ddist-ci
Remi Gacogne [Thu, 9 Dec 2021 10:14:57 +0000 (11:14 +0100)]
dnsdist: Account for the proxy protocol payload when checking the query size
(cherry picked from commit
4546141949cce7e2518f94d23361c02cb11a65c4 )
projects / thirdparty / pdns.git / log
