]>
git.ipfire.org Git - thirdparty/pdns.git/log
romeroalx [Thu, 9 May 2024 14:36:59 +0000 (16:36 +0200)]
gh actions - build-and-test-all: use a ubuntu-22 runner for job collect
romeroalx [Fri, 5 Apr 2024 10:02:55 +0000 (12:02 +0200)]
gh actions - replace yq snap in collect job build-and-test-all
Peter van Dijk [Wed, 13 Mar 2024 20:19:21 +0000 (21:19 +0100)]
Merge pull request #13884 from Habbie/dnsdist-1.7-no-spelling
Peter van Dijk [Mon, 11 Mar 2024 08:35:24 +0000 (09:35 +0100)]
dnsdist-1.7.x: remove spell checker
Remi Gacogne [Mon, 22 Jan 2024 09:00:13 +0000 (10:00 +0100)]
Merge pull request #13697 from omoerbeek/backport-13675-to-dnsdist-1.7.x
Remi Gacogne [Mon, 8 Jan 2024 10:47:13 +0000 (11:47 +0100)]
dnsdist: Fix the version of alabaster when building the doc
Fixes
```
The alabaster extension used by this project needs at least Sphinx v3.4; it therefore cannot be built with this version.
```
(cherry picked from commit
c2a7ef8bd4f2423e2dc0eaa4d4a46de99b44636b )
Remi Gacogne [Mon, 8 Jan 2024 10:32:31 +0000 (11:32 +0100)]
rec: Fix the version of alabaster when building the doc
Fixes
```
The alabaster extension used by this project needs at least Sphinx v3.4; it therefore cannot be built with this version.
```
(cherry picked from commit
ac89467f17bb888fbd48c0f4c5267beab95aebee )
Remi Gacogne [Thu, 7 Dec 2023 13:31:19 +0000 (14:31 +0100)]
Merge pull request #13574 from romeroalx/rel/dnsdist-1.7.x-wc
Alexis Romero [Thu, 16 Feb 2023 05:54:23 +0000 (06:54 +0100)]
gh actions: simplified collector job in build-and-test-all.yml
romeroalx [Wed, 22 Nov 2023 13:07:38 +0000 (14:07 +0100)]
make builder workflow reusable
Alexis Romero [Thu, 16 Nov 2023 16:05:42 +0000 (17:05 +0100)]
make build-and-test-all reusable
Josh Soref [Tue, 25 Jul 2023 10:13:28 +0000 (06:13 -0400)]
Switch from deprecated ::set-output
dependabot[bot] [Wed, 19 Oct 2022 14:27:58 +0000 (14:27 +0000)]
build(deps): bump actions/download-artifact from 2 to 3Signed-off-by: dependabot[bot] <support@github.com>
Josh Soref [Thu, 9 Mar 2023 15:47:41 +0000 (10:47 -0500)]
Use actions/cache@v3
dependabot[bot] [Wed, 19 Oct 2022 14:28:07 +0000 (14:28 +0000)]
build(deps): bump actions/setup-python from 2 to 4Signed-off-by: dependabot[bot] <support@github.com>
dependabot[bot] [Wed, 19 Oct 2022 14:28:01 +0000 (14:28 +0000)]
build(deps): bump actions/upload-artifact from 1 to 3Signed-off-by: dependabot[bot] <support@github.com>
Josh Soref [Thu, 9 Mar 2023 15:47:03 +0000 (10:47 -0500)]
Use actions/checkout@v3
Peter van Dijk [Fri, 13 Jan 2023 10:06:14 +0000 (11:06 +0100)]
build-and-test-all: add functionality to quickly switch ubuntu mirrors
Otto [Sat, 18 Dec 2021 19:24:14 +0000 (20:24 +0100)]
Set policy to not start/enable services by default
Remi Gacogne [Wed, 11 Oct 2023 19:57:23 +0000 (21:57 +0200)]
Merge pull request #13357 from Habbie/backport-13355-to-dnsdist-1.7.x
Peter van Dijk [Wed, 11 Oct 2023 18:54:39 +0000 (20:54 +0200)]
dnsdist Docker: enable h2o again, using our fork
(cherry picked from commit
de02bfc )
Remi Gacogne [Wed, 11 Oct 2023 12:05:25 +0000 (14:05 +0200)]
Merge pull request #13351 from rgacogne/ddist17-powerdns-h2o-h2-rapid-reset
romeroalx [Fri, 17 Feb 2023 13:59:34 +0000 (14:59 +0100)]
Update FIXME comment in build-scripts/gh-actions-setup-inv
Co-authored-by: Remi Gacogne <github@coredump.fr>
(cherry picked from commit
03db3c76cf5b8fdf6df24180e8e5cf64f706e14d )
Alexis Romero [Fri, 17 Feb 2023 10:13:01 +0000 (11:13 +0100)]
workaround for grub error raised after apt-get dist-upgrade
(cherry picked from commit
735582e64f176c9fbca3c3fc20c162f6c94ae8cd )
Remi Gacogne [Wed, 11 Oct 2023 10:04:21 +0000 (12:04 +0200)]
builder-support: Use curl's "fail fast with no output at all on server errors" option
(cherry picked from commit
97d18cb451fcac78816604556629278c9ca49d3c )
Remi Gacogne [Wed, 11 Oct 2023 08:41:45 +0000 (10:41 +0200)]
dnsdist: Switch to our fork of h2o to mitigate http2 rapid reset
(cherry picked from commit
115db75920b73f07c356308df1b83ba296850e2a )
Remi Gacogne [Tue, 28 Mar 2023 10:38:35 +0000 (12:38 +0200)]
Merge pull request #12622 from rgacogne/dnsdist-1.7.x-bugs
Remi Gacogne [Tue, 14 Mar 2023 08:32:40 +0000 (09:32 +0100)]
Merge pull request #12646 from rgacogne/ddist17-tologstring
Remi Gacogne [Tue, 14 Mar 2023 00:39:45 +0000 (01:39 +0100)]
dnsdist: Use toLogString for the qname to prevent an error if it's empty
Remi Gacogne [Tue, 7 Mar 2023 09:55:15 +0000 (10:55 +0100)]
Merge pull request #12621 from rgacogne/dnsdist-1.7.x-features
Remi Gacogne [Tue, 7 Mar 2023 09:54:36 +0000 (10:54 +0100)]
Merge pull request #12619 from rgacogne/dnsdist-1.7.x-build
Remi Gacogne [Tue, 7 Mar 2023 09:44:33 +0000 (10:44 +0100)]
Merge pull request #12618 from rgacogne/dnsdist-1.7.x-ci
Remi Gacogne [Thu, 23 Jun 2022 10:36:17 +0000 (12:36 +0200)]
dnsdist: Fix the number of concurrent queries on a backend TCP conn
When we are in the process of sending a query to the backend, that
query is no longer accounted in the "queued" queries nor it is in
the "queued" responses, but we need to take it into account.
Otherwise we might be sending two concurrent queries to a backend
that does not support out-of-order processing (increasing our
latency), or even worse to one that does not support pipelining.
(cherry picked from commit
2848406e55b5a1d2e35bfa9f7c4dbb0c49989a1b )
Remi Gacogne [Wed, 10 Aug 2022 16:07:28 +0000 (18:07 +0200)]
dnsdist: Extract the logic in SetEDNSOptionAction into a separate function
So that we can reuse and test it without linking issues.
(cherry picked from commit
721569c13d64fc17aa4b6fd420da8556f5917d7f )
Remi Gacogne [Sat, 2 Jul 2022 14:34:37 +0000 (16:34 +0200)]
dnsdist: Fix indentation
(cherry picked from commit
54d32dc54a1b3a7986b16cff5b6028016ec55d85 )
Remi Gacogne [Sat, 2 Jul 2022 12:20:38 +0000 (14:20 +0200)]
dnsdist: Forward declaration of DNSQuestion should be a struct
(cherry picked from commit
3baa93c2874f96011de57f6179373e568f3c53da )
Remi Gacogne [Sat, 2 Jul 2022 10:42:29 +0000 (12:42 +0200)]
dnsdist: Add DNSQuestion:setEDNSOption() Lua binding
(cherry picked from commit
21ebaa6e1c9fa87cf5f7a8ceffe7cc840cdec60b )
Remi Gacogne [Sat, 2 Jul 2022 10:40:47 +0000 (12:40 +0200)]
dnsdist: Add a unit test for SetEDNSOptionAction with DO set
(cherry picked from commit
3165970b7d2ce72de227bbc2962670cebab288bb )
Remi Gacogne [Sat, 2 Jul 2022 10:39:05 +0000 (12:39 +0200)]
dnsdist: Add a regression test for SetEDNSOptionAction with DO set
(cherry picked from commit
f86629741495e735f050e3636be91775f0b4cc09 )
Remi Gacogne [Tue, 28 Jun 2022 08:32:01 +0000 (10:32 +0200)]
dnsdist: Fix a bug in SetEDNSOptionAction
The DNS parser has already converted the "TTL" of the OPT record to
the host byte order before providing to us, and unfortunately we do
not want that for the meta-OPT record, where the TTL is used to encode
the extended rcode, the EDNS version and the DO bits, amongst other
things.
In other places we do parse the TTL from the DNS payload ourselves
and thus do not need to worry about that conversion, but here we
need to convert the value back to the network byte order.
(cherry picked from commit
0d6d240e56629b522e486520171f4f043b2db3c9 )
Asgeir Storesund Nilsen [Mon, 8 Aug 2022 09:01:42 +0000 (11:01 +0200)]
Use stringerror
Co-authored-by: Remi Gacogne <github@coredump.fr>
(cherry picked from commit
cd0d1c226596ae9ab35a8f9f7992755139294f6a )
Asgeir Storesund Nilsen [Thu, 4 Aug 2022 17:46:06 +0000 (19:46 +0200)]
Also reconnect on ENETUNREACH.
Ref. #4155
(cherry picked from commit
63f2d2700d5c011df2270beabe92a87168ef3c66 )
Remi Gacogne [Tue, 9 Aug 2022 11:22:25 +0000 (13:22 +0200)]
dnsdist: Fix a possible race in the CDB reload regression tests
(cherry picked from commit
d8f842ee5d729394ad4045364d840e349f346b52 )
Remi Gacogne [Fri, 21 Oct 2022 09:07:20 +0000 (11:07 +0200)]
dnsdist: Fix comparison of DNS serials
(cherry picked from commit
8441e20e9547b1caaccf5831b3c666f8f824d40e )
Remi Gacogne [Wed, 19 Oct 2022 11:30:07 +0000 (13:30 +0200)]
dnsdist: Only IXFR queries can contain a SOA
So the "single SOA" response is only valid for IXFR, not AXFR.
This is the second issue spotted by HÃ¥kan Lindqvist in this pull
request, many, many thanks for that :)
(cherry picked from commit
0d44343fc40e7710822b11f2e3f4ae9b1755df04 )
Remi Gacogne [Wed, 19 Oct 2022 09:58:33 +0000 (11:58 +0200)]
dnsdist: Also handle XFR responses with a lower serial than the query
As suggested by HÃ¥kan Lindqvist (thanks!).
(cherry picked from commit
e09d3a8fcdf5077ee3449bd94d27d37b8ba218a1 )
Remi Gacogne [Wed, 19 Oct 2022 09:20:00 +0000 (11:20 +0200)]
dnsdist: Properly handle single-SOA XFR responses
From rfc1995 section 2 "Brief Description of the Protocol":
"If an IXFR query with the same or newer version number than that of the server is received, it is replied to with a single SOA record of the server's current version, just as in AXFR."
Until now we considered such a message to be an unfinished response to the pending {A,I}XFR, waiting for more DNS messages to come up and keeping the connection open for as long as the remote host was willing to accept that.
This causes an issue for servers keeping the connection open for a very long time, like ixfrdist.
(cherry picked from commit
ad2941b4c9e6c6cc81216c160c1aa02d77ac0ba6 )
Remi Gacogne [Fri, 25 Nov 2022 17:34:17 +0000 (18:34 +0100)]
dnsdist: Ignore unclean TLS session shutdown
OpenSSL 3.0 "helpfully" treats an unclean TLS session shutdown as an
error, flooding our logs and killing TLS session resumption. We do
not care about a possible "truncation attack" since we already know
how many bytes we are supposed to get, so we can ignore this.
(cherry picked from commit
099749046c03c1c2ee8d7c83e0fb7f3a66f7c75e )
Otto Moerbeek [Fri, 2 Dec 2022 08:16:55 +0000 (09:16 +0100)]
Properly encode json string containing binary data
The existing code assumes the strings are alreayd valid UTF8 and contain potential out-of-bound accesses.
Also urlEncode path in log lines, as it trips pytest.xml:
Running tests...
$ 'pytest' '--junitxml=pytest.xml' '-v'
==STDOUT===
==STDERRR===
File "/home/otto/pdns/regression-tests.api/runtests.py", line 304, in <module>
print(serverproc.stderr.read())
File "/usr/lib/python3.9/codecs.py", line 322, in decode
(result, consumed) = self._buffer_decode(data, self.errors, final)
UnicodeDecodeError: 'utf-8' codec can't decode byte 0xeb in position 4304: invalid continuation byte
There might be more places where this is needed.
(cherry picked from commit
1478a2c8713535e4cbd1943e2526e3527d58a19b )
Remi Gacogne [Wed, 14 Dec 2022 15:10:49 +0000 (16:10 +0100)]
dnsdist: Fix the health-check timeout computation for DoH backend
The remaining milliseconds after handling the full seconds was not
properly converted to microseconds.
(cherry picked from commit
5545db56470250d31c1034fca6e9d884bd4094a3 )
Remi Gacogne [Tue, 27 Dec 2022 16:01:55 +0000 (17:01 +0100)]
dnsdist: Prevent an underflow of the TCP d_queued counter
By incrementing it _before_ writing to the pipe, and decrementing
it in case of an error, we prevent a very possible underflow from
occurring if the reader manages to decrement before we can return
from write and increment it.
(cherry picked from commit
817901ff3cee433ef5febdfc19ff29487b94fdd8 )
Remi Gacogne [Fri, 20 Jan 2023 11:00:10 +0000 (12:00 +0100)]
libssl: Use decltype(&SSL_CTX_free) as suggested by Fred
(cherry picked from commit
e99550b86a6e5dacc31ad596bcfe638223654cc8 )
Remi Gacogne [Mon, 16 Jan 2023 14:28:02 +0000 (15:28 +0100)]
dnsdist: Skip invalid OCSP files after issuing a warning
Contrary to certificates and keys, OCSP files are never required to
provide a working DoT or DoH service, so it's better to start even
if would not load all, or any, OCSP files.
(cherry picked from commit
d1ce3058fcffd31496346f4575020162f6c49077 )
Remi Gacogne [Fri, 27 Jan 2023 16:31:54 +0000 (17:31 +0100)]
dnsdist: Add a regression test for RCodeAction-related metrics
(cherry picked from commit
8bdce29f8a6cc98663297e8295927721ce5ba466 )
Remi Gacogne [Fri, 27 Jan 2023 16:30:32 +0000 (17:30 +0100)]
dnsdist: Properly update rcode-related metrics on RCodeAction hits
(cherry picked from commit
6e959bfcca7b0675afddf9fed2b3fce6cac03419 )
Remi Gacogne [Fri, 10 Feb 2023 09:33:34 +0000 (10:33 +0100)]
dnsdist: Properly record the incoming flags on a timeout
(cherry picked from commit
58a4b9b3a11dae59ae17f0a2fdbeeed4cc739b38 )
Christof Chen [Fri, 7 Oct 2022 18:32:37 +0000 (20:32 +0200)]
add getPoolNames() function
(cherry picked from commit
377c12005b8548a3431ccce4be1dcf5e5b01956f )
Remi Gacogne [Fri, 10 Feb 2023 15:01:58 +0000 (16:01 +0100)]
dnsdist: Fix the formatting of 'showServers'
Long IPv6 addresses and huge weight and order values were not properly
handled.
(cherry picked from commit
3619223b82681b8176ea6f55d422fc5d316ba77d )
Otto Moerbeek [Mon, 19 Sep 2022 09:25:57 +0000 (11:25 +0200)]
clang14 has reached MacOS
Also upstreamed: https://github.com/tsuna/boost.m4/pull/129
(cherry picked from commit
c46730d9de5cb409c260e4d94cb4be3c75a643e5 )
Sander Hoentjen [Mon, 20 Feb 2023 15:51:07 +0000 (16:51 +0100)]
dnsdist-protocols.hh: include <cstdint>
This fixes building dnsdist with gcc13:
```
In file included from dnsdist-protocols.cc:26:
dnsdist-protocols.hh:32:8: error: use of enum 'typeenum' without previous declaration
32 | enum typeenum : uint8_t
| ^~~~~~~~
dnsdist-protocols.hh:32:19: error: 'uint8_t' was not declared in this scope
32 | enum typeenum : uint8_t
| ^~~~~~~
dnsdist-protocols.hh:25:1: note: 'uint8_t' is defined in header '<cstdint>'; did you forget to '#include <cstdint>'?
24 | #include <vector>
+++ |+#include <cstdint>
25 | #include <string>
```
(cherry picked from commit
f407319cb7374baf06698786f4f39d431a36a3cc )
Remi Gacogne [Mon, 12 Dec 2022 14:42:57 +0000 (15:42 +0100)]
dnsdist: Disable the send wrappers in our CI
The way the send wrappers are implemented, reading the data _after_
it has been sent, cause them to report a data race that does not
exist with existing implementations:
- we call `send()` from thread 1 to send a query to a backend, never
touching the data or associated metadata again from that thread
- we get a response from the backend in a different thread, thread 2,
which will then access the metadata and sometimes (truncated UDP
answers following a DoH query) even modify the data itself
- ASAN and TSAN complain because the wrapper might still be reading
the data after the UDP datagram has been sent, which is effectively
a race, but it does not really make any sense for an actual
implementation of `send()` to do that.
We work around that by disabling the `send()` wrappers in our CI,
for the dnsdist regression tests only, via `intercept_send=0`.
(cherry picked from commit
d22b0337f4b98a2c58a48824469de5f1260c3c2f )
Josh Soref [Thu, 2 Feb 2023 17:56:12 +0000 (12:56 -0500)]
Conditional for SCHEDULED_DOCKER
(cherry picked from commit
48af848853f6dbb583ed2844023cccfa581776eb )
Josh Soref [Thu, 2 Feb 2023 17:55:48 +0000 (12:55 -0500)]
Conditional for SCHEDULED_CODEQL_ANALYSIS
(cherry picked from commit
05e1570b13ef375e4461b1a9c7770dd67781b1cb )
Josh Soref [Thu, 2 Feb 2023 17:54:52 +0000 (12:54 -0500)]
Conditional for SCHEDULED_JOBS_BUILDER
(cherry picked from commit
8cb4f2698bbef8aa4d027f8e58e74cd0ad2071b4 )
Josh Soref [Thu, 2 Feb 2023 17:54:13 +0000 (12:54 -0500)]
Conditional for SCHEDULED_JOBS_BUILD_AND_TEST_ALL
(cherry picked from commit
d540dd1cc44c9609c8bf3ce54036e0d15a6dbba8 )
Remi Gacogne [Thu, 1 Dec 2022 13:34:19 +0000 (14:34 +0100)]
Restrict permissions for GITHUB_TOKEN in our workflows
Added using https://github.com/step-security/secure-workflows
For more information see:
- https://github.com/ossf/scorecard/blob/
d8fefc9b246db3600c777e9d60d441d7c386ce1d /docs/checks.md#token-permissions
- https://github.blog/changelog/2021-04-20-github-actions-control-permissions-for-github_token/
(cherry picked from commit
aff4e1eafa5bbc4e9ef6acee9d73b2154e0ab9b9 )
Josh Soref [Tue, 6 Dec 2022 17:39:08 +0000 (12:39 -0500)]
Switch from set-output tot GITHUB_OUTPUT
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
(cherry picked from commit
d3cc827b4d1aa689861cdc85c42f9626b7a71de9 )
Otto Moerbeek [Tue, 24 May 2022 10:36:28 +0000 (12:36 +0200)]
Move to v2 for CodeQL action, v1 will be deprecated dec 2022
(cherry picked from commit
a0c99342e7aa22e16a75d9e7daa4de69d087bc38 )
Remi Gacogne [Wed, 25 Jan 2023 08:27:43 +0000 (09:27 +0100)]
Merge pull request #12460 from Habbie/backport-12453-to-dnsdist-1.7.x
Remi Gacogne [Mon, 23 Jan 2023 20:44:19 +0000 (21:44 +0100)]
Merge pull request #12461 from Habbie/dnsdist-1.7.x-docs-lieter-dep
Peter van Dijk [Tue, 11 Jan 2022 13:18:08 +0000 (14:18 +0100)]
docs: move dependencies from pieterlexis to PowerDNS
(cherry picked from commit
9805260c407d8ae14cc613cd8f576e4796469b64 )
Peter van Dijk [Mon, 23 Jan 2023 13:54:09 +0000 (14:54 +0100)]
lock.hh: include <stdexcept>
(cherry picked from commit
d8b4ea24dc5dbe7c53c24bfffba24bcae7f58e02 )
Peter van Dijk [Thu, 10 Nov 2022 11:03:41 +0000 (12:03 +0100)]
Merge pull request #12183 from Habbie/dnsdist-1.7.x-value_or
Peter van Dijk [Thu, 10 Nov 2022 08:17:11 +0000 (09:17 +0100)]
fix one more instance of value_or that we apparently no longer have on master
Remi Gacogne [Tue, 8 Nov 2022 09:36:07 +0000 (10:36 +0100)]
dnsdist: Fix building with boost < 1.56
boost::optional::value_or() has been introduced in 1.56
and we only require 1.53, so stop using it.
(cherry picked from commit
8464c603664a9d52fdf775413fdbd99357fab566 )
Peter van Dijk [Tue, 20 Sep 2022 09:12:34 +0000 (11:12 +0200)]
Merge pull request #11948 from Habbie/backport-11788-to-dnsdist-1.7.x
Peter van Dijk [Mon, 19 Sep 2022 17:57:09 +0000 (19:57 +0200)]
Merge pull request #11974 from Habbie/backport-11961-to-dnsdist-1.7.x
Peter van Dijk [Thu, 15 Sep 2022 13:14:34 +0000 (15:14 +0200)]
docker: upgrade to bullseye
(cherry picked from commit
a0d3acff25a92627186ee43bead110aef416f59a )
Peter van Dijk [Fri, 15 Jul 2022 14:27:22 +0000 (16:27 +0200)]
add 9-stream target and test it daily
(cherry picked from commit
f021d529629ef9dc7b7983b9d1c7e7ca589b6f13 )
Peter van Dijk [Wed, 13 Jul 2022 20:23:45 +0000 (22:23 +0200)]
add el-9 target
(cherry picked from commit
4728ab89f071c0d5f596638614efb85a26fafdd4 )
Peter van Dijk [Fri, 1 Jul 2022 11:47:44 +0000 (13:47 +0200)]
Merge pull request #11742 from Habbie/backport-11735-to-dnsdist-1.7.x
Peter van Dijk [Thu, 30 Jun 2022 11:51:00 +0000 (13:51 +0200)]
dh_builddeb: force gzip compression, thanks Zash!
(cherry picked from commit
bbfa37c0232b56e2227668717dbb97ce4f01d990 )
Remi Gacogne [Tue, 7 Jun 2022 09:56:24 +0000 (11:56 +0200)]
Merge pull request #11667 from rgacogne/ddist17-fix-proxyprotocol-tc-doh+ddist-fix-proxyprotocol-tc-doh
Remi Gacogne [Wed, 11 May 2022 15:58:31 +0000 (17:58 +0200)]
dnsdist: Test for an exception raised when adding proxy protocol payload to a DoH query
(cherry picked from commit
dc3ee9ab30c713a57d67f2eba04f59a6c3371a50 )
Remi Gacogne [Tue, 10 May 2022 20:26:21 +0000 (22:26 +0200)]
dnsdist: Fix a crash on a invalid protocol in DoH forwarded-for header
(cherry picked from commit
f84fbd58b150fe6b69a7af27e23502f58f68eee5 )
(cherry picked from commit
bcdb279ebd78ee4911baa396c0566ada01232c23 )
Remi Gacogne [Thu, 2 Jun 2022 15:33:47 +0000 (17:33 +0200)]
Merge pull request #11666 from rgacogne/ddist17-lua-binding-dns-payload
Remi Gacogne [Thu, 2 Jun 2022 15:33:10 +0000 (17:33 +0200)]
Merge pull request #11665 from rgacogne/ddist17-fix-proxyprotocol-tc-doh
Remi Gacogne [Thu, 2 Jun 2022 14:37:26 +0000 (16:37 +0200)]
Merge pull request #11664 from rgacogne/ddist17-missing-prometheus-descriptions
Remi Gacogne [Wed, 4 May 2022 16:38:22 +0000 (18:38 +0200)]
dnsdist: Fix invalid proxy protocol payload on a DoH TC to TCP retry
dnsdist forwards incoming DoH queries to its backend over UDP, and
retry over TCP if the response is truncated (TC=1).
When the proxy protocol is used between dnsdist and its backend, the
second query, over TCP, needs to take into account that the proxy
protocol payload has already been handled. This was not properly done
in that exact case because the proxy protocol payload length was not
propagated to the code handling the TCP communication, leading to
the query ID being edited at the wrong offset in the packet and thus
to an invalid proxy protocol payload.
(cherry picked from commit
1c9c001cbe327023e5d490e5bc044d67ecae9cf2 )
Remi Gacogne [Wed, 4 May 2022 08:48:56 +0000 (10:48 +0200)]
dnsdist: Add missing descriptions for prometheus metrics
(cherry picked from commit
b03faac0603a3283efc80f3a226c4db614fb2bf2 )
Remi Gacogne [Thu, 5 May 2022 14:20:07 +0000 (16:20 +0200)]
dnsdist: Add Lua bindings to access the DNS payload as a string
(cherry picked from commit
1bf2f3b2f126cd26378ae6b848585e0182bf45d4 )
Remi Gacogne [Wed, 1 Jun 2022 13:36:29 +0000 (15:36 +0200)]
Merge pull request #11663 from rgacogne/ddist17-protobuf-python-impl
Peter van Dijk [Tue, 31 May 2022 10:13:57 +0000 (12:13 +0200)]
protobuf: use python implementation during tests
(cherry picked from commit
2dd4d60b8103a64c796296647ad7b45226d5a5bd )
Remi Gacogne [Tue, 31 May 2022 08:53:29 +0000 (10:53 +0200)]
Merge pull request #11579 from rgacogne/ddist17-skip-scan-no-outstanding
Remi Gacogne [Tue, 31 May 2022 08:53:17 +0000 (10:53 +0200)]
Merge pull request #11580 from rgacogne/ddist17-healthcheck-mplexer
Remi Gacogne [Mon, 21 Mar 2022 09:27:30 +0000 (10:27 +0100)]
dnsdist-1.7.x: Only allocate the health-check mplexer when needed
When health-checking is disabled, or when a check delay longer than one
second is used, there is no need to allocate a new multiplexer object
every second.
(cherry picked from commit
017337515725264173e4d1f254bc0a19e4da6f4a )
Remi Gacogne [Tue, 26 Apr 2022 07:59:46 +0000 (09:59 +0200)]
dnsdist-1.7: Scan the UDP buckets only when we have outstanding queries
Remi Gacogne [Fri, 22 Apr 2022 12:34:11 +0000 (14:34 +0200)]
Merge pull request #11572 from rgacogne/ddist17-check-interval-timeouts
Remi Gacogne [Fri, 22 Apr 2022 11:29:28 +0000 (13:29 +0200)]
dnsdist: The check interval applies to health-check, not timeouts
Remi Gacogne [Fri, 22 Apr 2022 11:11:12 +0000 (13:11 +0200)]
Merge pull request #11566 from rgacogne/ddist171-backports
projects / thirdparty / pdns.git / log
