]>
git.ipfire.org Git - thirdparty/pdns.git/log
Miod Vallat [Thu, 21 May 2026 13:08:49 +0000 (15:08 +0200)] 
Perform length check in RecordTextReader::xfrBlob().
Signed-off-by: Miod Vallat <miod.vallat@powerdns.com>
Miod Vallat [Thu, 21 May 2026 13:08:34 +0000 (15:08 +0200)]
Do not read beyond record in the 2-args xfrBlob.
Signed-off-by: Miod Vallat <miod.vallat@powerdns.com>
Remi Gacogne [Wed, 20 May 2026 18:48:04 +0000 (20:48 +0200)] 
Merge pull request #17371 from rgacogne/error-when-clang-tidy-fails
ci: Error when clang tidy fails
Remi Gacogne [Wed, 20 May 2026 18:47:17 +0000 (20:47 +0200)]
Merge pull request #17385 from rgacogne/ddist-keep-live-concurrent-connections
dnsdist: Keep concurrent connection entries for live connections
Miod Vallat [Wed, 20 May 2026 12:54:06 +0000 (14:54 +0200)]
Merge pull request #17445 from miodvallat/doc_sa_2026_06
auth: 5.0.15 & 4.9.5 documentation updates
Miod Vallat [Wed, 20 May 2026 08:15:30 +0000 (10:15 +0200)]
documentation and secpoll update for auth 4.9.15 and 5.0.5
Signed-off-by: Miod Vallat <miod.vallat@powerdns.com>
Miod Vallat [Wed, 20 May 2026 11:43:05 +0000 (13:43 +0200)]
Merge pull request #17442 from miodvallat/sa_2026_06
auth: fixes for SA 2026-06
Miod Vallat [Wed, 20 May 2026 07:31:40 +0000 (09:31 +0200)]
Be sure to escape user data when building a TXT record.
Signed-off-by: Miod Vallat <miod.vallat@powerdns.com>
Miod Vallat [Wed, 20 May 2026 07:31:31 +0000 (09:31 +0200)]
Simplify PTR record creation. NFCI
Signed-off-by: Miod Vallat <miod.vallat@powerdns.com>
Miod Vallat [Wed, 20 May 2026 07:30:51 +0000 (09:30 +0200)]
Crude test for proxy + views
Signed-off-by: Miod Vallat <miod.vallat@powerdns.com>
Miod Vallat [Wed, 20 May 2026 07:30:39 +0000 (09:30 +0200)]
Use the inner remote to perform view selection.
Signed-off-by: Miod Vallat <miod.vallat@powerdns.com>
Miod Vallat [Wed, 20 May 2026 07:30:23 +0000 (09:30 +0200)]
Use getInnerRemote() instead of inlining it. NFC
Signed-off-by: Miod Vallat <miod.vallat@powerdns.com>
Miod Vallat [Wed, 20 May 2026 07:29:52 +0000 (09:29 +0200)]
Escape bind-special characters in rrnames when writing bind zones.
Signed-off-by: Miod Vallat <miod.vallat@powerdns.com>
Miod Vallat [Wed, 20 May 2026 07:28:22 +0000 (09:28 +0200)]
Cope with exceptions thrown by MOADNSParser initialization.
Signed-off-by: Miod Vallat <miod.vallat@powerdns.com>
Miod Vallat [Wed, 20 May 2026 07:27:35 +0000 (09:27 +0200)]
Add a configurable limit to the number of active GSS contexts.
Signed-off-by: Miod Vallat <miod.vallat@powerdns.com>
Miod Vallat [Wed, 20 May 2026 07:27:03 +0000 (09:27 +0200)]
Factor code responsible for GssSecContext acquisition.
Signed-off-by: Miod Vallat <miod.vallat@powerdns.com>
Miod Vallat [Wed, 20 May 2026 07:26:52 +0000 (09:26 +0200)]
Lock around GssSecContext operation.
Two distributor threads may create GssContext with the same DNSName label,
and thus end up sharing the same GssSecContext internally.
Wrapping GssSecContext in LockGuarded makes sure that no concurrent
operation can occur.
Signed-off-by: Miod Vallat <miod.vallat@powerdns.com>
Miod Vallat [Wed, 20 May 2026 07:26:34 +0000 (09:26 +0200)]
Remove redundant GssContext object creation.
Signed-off-by: Miod Vallat <miod.vallat@powerdns.com>
Miod Vallat [Wed, 20 May 2026 07:26:22 +0000 (09:26 +0200)]
Make s_last_expired atomic; multiple threads may access it.
Signed-off-by: Miod Vallat <miod.vallat@powerdns.com>
Remi Gacogne [Tue, 19 May 2026 13:20:00 +0000 (15:20 +0200)]
dnsdist: Check that marking a TCP conn as closed does not remove it from the map
Signed-off-by: Remi Gacogne <remi.gacogne@powerdns.com>
Remi Gacogne [Tue, 19 May 2026 12:01:22 +0000 (14:01 +0200)]
Merge pull request #17376 from rgacogne/credentials-zero-out
credentials: Try harder to zero out existing data
Remi Gacogne [Tue, 19 May 2026 12:01:10 +0000 (14:01 +0200)]
Merge pull request #17162 from rgacogne/ddist-harden-ffi-interface
dnsdist: Harden the Lua FFI interface against misuse
Remi Gacogne [Tue, 19 May 2026 10:44:15 +0000 (12:44 +0200)]
Merge pull request #17393 from rgacogne/ddist-check-backend-weight-yaml
dnsdist: Ignore valid backend weight coming from YAML
Remi Gacogne [Tue, 19 May 2026 08:34:29 +0000 (10:34 +0200)]
Merge pull request #17401 from rgacogne/ddist-quiche-0.29.0
dnsdist: Update Quiche to 0.29.0 in our packages
Remi Gacogne [Tue, 19 May 2026 08:29:49 +0000 (10:29 +0200)]
credentials: Document that we trying to get the linters to shut the hell up
Signed-off-by: Remi Gacogne <remi.gacogne@powerdns.com>
Remi Gacogne [Tue, 19 May 2026 08:26:29 +0000 (10:26 +0200)]
dnsdist: Stop trying to be clever; just tell clang-tidy to shut up
Signed-off-by: Remi Gacogne <remi.gacogne@powerdns.com>
Remi Gacogne [Tue, 19 May 2026 07:45:06 +0000 (09:45 +0200)]
dnsdist: Apply Miod's suggestion
Signed-off-by: Remi Gacogne <remi.gacogne@powerdns.com>
Remi Gacogne [Tue, 19 May 2026 07:42:20 +0000 (09:42 +0200)]
credentials: Clear the moved-from string before checking its capacity
Signed-off-by: Remi Gacogne <remi.gacogne@powerdns.com>
Remi Gacogne [Mon, 18 May 2026 19:27:08 +0000 (21:27 +0200)]
Merge pull request #17392 from rgacogne/ddist-exceptions
dnsdist: Better handling of exceptions
Remi Gacogne [Mon, 18 May 2026 15:22:55 +0000 (17:22 +0200)]
Merge pull request #17375 from rgacogne/ddist-fix-outgoing-tls-session-cache
dnsdist: Fix outgoing TLS session cache cleanup
Remi Gacogne [Mon, 18 May 2026 15:22:38 +0000 (17:22 +0200)]
Merge pull request #17390 from rgacogne/ddist-bpf-fixes
dnsdist: Fixes several eBPF issues
Remi Gacogne [Mon, 18 May 2026 15:21:40 +0000 (17:21 +0200)]
Merge pull request #17400 from rgacogne/ddist-healtcheck-test-failure
dnsdist: Hopefully fixes spurious failures of TestHealthCheckLatency
Miod Vallat [Mon, 18 May 2026 15:05:04 +0000 (17:05 +0200)]
Merge pull request #17365 from miodvallat/luautil
auth: let pdnsutil work with lua backend
Miod Vallat [Mon, 18 May 2026 14:49:44 +0000 (16:49 +0200)]
Merge pull request #17131 from miodvallat/immuluability
auth: make lua records immutable by default
Remi Gacogne [Mon, 18 May 2026 14:38:04 +0000 (16:38 +0200)]
dnsdist: Reformat harder
Signed-off-by: Remi Gacogne <remi.gacogne@powerdns.com>
Remi Gacogne [Mon, 18 May 2026 14:19:53 +0000 (16:19 +0200)]
dnsdist: Update Quiche to 0.29.0 in our packages
Signed-off-by: Remi Gacogne <remi.gacogne@powerdns.com>
Remi Gacogne [Mon, 18 May 2026 14:13:04 +0000 (16:13 +0200)]
credentials: Fix formatting
Signed-off-by: Remi Gacogne <remi.gacogne@powerdns.com>
Remi Gacogne [Mon, 18 May 2026 14:10:43 +0000 (16:10 +0200)]
dnsdist: Silence clang-tidy
Signed-off-by: Remi Gacogne <remi.gacogne@powerdns.com>
Remi Gacogne [Mon, 18 May 2026 14:08:41 +0000 (16:08 +0200)]
dnsdist: More clang-tidy fixes
Signed-off-by: Remi Gacogne <remi.gacogne@powerdns.com>
Remi Gacogne [Mon, 18 May 2026 14:00:36 +0000 (16:00 +0200)]
Merge pull request #17394 from rgacogne/ddist-edns
dnsdist: Fix two small EDNS addition related bugs
Remi Gacogne [Mon, 18 May 2026 14:00:24 +0000 (16:00 +0200)]
Merge pull request #17396 from rgacogne/snmp-leak
snmp-agent: Fix a memory leak
Remi Gacogne [Mon, 18 May 2026 14:00:12 +0000 (16:00 +0200)]
Merge pull request #17397 from rgacogne/ddist-doq-max-query-size
dnsdist: Check the DoQ query size against the received size
Remi Gacogne [Mon, 18 May 2026 13:58:40 +0000 (15:58 +0200)]
credentials: Try even harder to clear existing content
Signed-off-by: Remi Gacogne <remi.gacogne@powerdns.com>
Remi Gacogne [Mon, 18 May 2026 13:42:08 +0000 (15:42 +0200)]
Merge pull request #17306 from PowerDNS/dependabot/github_actions/sigstore/cosign-installer-4.1.2
build(deps): bump sigstore/cosign-installer from 4.1.1 to 4.1.2
Remi Gacogne [Mon, 18 May 2026 13:38:41 +0000 (15:38 +0200)]
Merge pull request #17398 from rgacogne/libssl-minor-fixes
libssl: Minor fixes
Remi Gacogne [Mon, 18 May 2026 13:38:24 +0000 (15:38 +0200)]
Merge pull request #17399 from rgacogne/ddist-minor-fixes
dnsdist: More minor fixes
Remi Gacogne [Mon, 18 May 2026 13:36:37 +0000 (15:36 +0200)]
dnsdist: Handle large YAML values for a backend weight
Signed-off-by: Remi Gacogne <remi.gacogne@powerdns.com>
Remi Gacogne [Mon, 18 May 2026 12:50:22 +0000 (14:50 +0200)]
tcpiohandler: Appease clang-tidy
Signed-off-by: Remi Gacogne <remi.gacogne@powerdns.com>
Remi Gacogne [Mon, 18 May 2026 12:48:22 +0000 (14:48 +0200)]
dnsdist: Really fix Python indentation
Signed-off-by: Remi Gacogne <remi.gacogne@powerdns.com>
Remi Gacogne [Mon, 18 May 2026 12:40:02 +0000 (14:40 +0200)]
dnsdist: Hopefully fixes spurious failures of TestHealthCheckLatency
Signed-off-by: Remi Gacogne <remi.gacogne@powerdns.com>
Remi Gacogne [Mon, 18 May 2026 11:58:47 +0000 (13:58 +0200)]
Merge pull request #17395 from rgacogne/ddist-logging-iso8601
dnsdist: Use the correct timestamp, not now, for ISO-8601 format
Remi Gacogne [Mon, 18 May 2026 11:58:36 +0000 (13:58 +0200)]
Merge pull request #17391 from rgacogne/ddist-tee-metrics
dnsdist: Fix TeeAction metrics on error/short datagrams
Remi Gacogne [Mon, 18 May 2026 11:12:29 +0000 (13:12 +0200)]
dnsdist: Fix Python formatting
Signed-off-by: Remi Gacogne <remi.gacogne@powerdns.com>
Remi Gacogne [Mon, 18 May 2026 11:05:20 +0000 (13:05 +0200)]
dnsdist: Porperly skip network addresses with no mask
Signed-off-by: Remi Gacogne <remi.gacogne@powerdns.com>
Remi Gacogne [Mon, 18 May 2026 11:04:42 +0000 (13:04 +0200)]
dnsdist: Keep processing XSK packets on exception
Signed-off-by: Remi Gacogne <remi.gacogne@powerdns.com>
Remi Gacogne [Mon, 18 May 2026 11:04:04 +0000 (13:04 +0200)]
dnsdist: Prevent UB when OT object it not found on the stack
This should not happen, but we know how it goes..
Signed-off-by: Remi Gacogne <remi.gacogne@powerdns.com>
Remi Gacogne [Mon, 18 May 2026 11:03:42 +0000 (13:03 +0200)]
dnsdist: Handle small MAC addresses
Signed-off-by: Remi Gacogne <remi.gacogne@powerdns.com>
Remi Gacogne [Mon, 18 May 2026 11:03:09 +0000 (13:03 +0200)]
dnsdist: Move the NetworkListener's data earlier to prevent a race
Signed-off-by: Remi Gacogne <remi.gacogne@powerdns.com>
Remi Gacogne [Mon, 18 May 2026 11:02:14 +0000 (13:02 +0200)]
dnsdist: Increase the correct bucket for high-latency responses
Signed-off-by: Remi Gacogne <remi.gacogne@powerdns.com>
Remi Gacogne [Mon, 18 May 2026 11:01:49 +0000 (13:01 +0200)]
dnsdist: Fix duplicate entry for setTCPConnectionsOverloadThreshold
Signed-off-by: Remi Gacogne <remi.gacogne@powerdns.com>
Remi Gacogne [Mon, 18 May 2026 11:01:29 +0000 (13:01 +0200)]
dnsdist: Correct error message in setHealthCheckResponseValidator
Signed-off-by: Remi Gacogne <remi.gacogne@powerdns.com>
Remi Gacogne [Mon, 18 May 2026 10:58:14 +0000 (12:58 +0200)]
libssl: Properly deal with an empty error stack in `libssl_get_error_string`
Signed-off-by: Remi Gacogne <remi.gacogne@powerdns.com>
Remi Gacogne [Mon, 18 May 2026 10:57:25 +0000 (12:57 +0200)]
libssl: Fix the position of OCSP files on errors
Signed-off-by: Remi Gacogne <remi.gacogne@powerdns.com>
Remi Gacogne [Mon, 18 May 2026 10:53:48 +0000 (12:53 +0200)]
dnsdist: Check the DoQ query size against the received size
The existing code was doing the check against the size
allocated, not the one actually used.
Signed-off-by: Remi Gacogne <remi.gacogne@powerdns.com>
Remi Gacogne [Mon, 18 May 2026 10:50:21 +0000 (12:50 +0200)]
snmp-agent: Fix a memory leak
We need to call netsnmp_large_fd_set_cleanup to release the
memory allocated by netsnmp_large_fd_set_init.
Signed-off-by: Remi Gacogne <remi.gacogne@powerdns.com>
Remi Gacogne [Mon, 18 May 2026 10:45:52 +0000 (12:45 +0200)]
dnsdist: Use the correct timestamp, not now, for ISO-8601 format
Signed-off-by: Remi Gacogne <remi.gacogne@powerdns.com>
Remi Gacogne [Mon, 18 May 2026 10:42:33 +0000 (12:42 +0200)]
dnsdist: Proper error handling in setEDNSOption
We need to return false when it was not possible to set the option,
and to properly set the value indicating that we added an EDNS OPT
RR if needed.
Signed-off-by: Remi Gacogne <remi.gacogne@powerdns.com>
Remi Gacogne [Mon, 18 May 2026 10:41:39 +0000 (12:41 +0200)]
dnsdist: Handle empty EDNS options in slowRewriteEDNSOptionInQueryWithRecords
Signed-off-by: Remi Gacogne <remi.gacogne@powerdns.com>
Remi Gacogne [Mon, 18 May 2026 10:39:48 +0000 (12:39 +0200)]
dnsdist: Ignore valid backend weight coming from YAML
We do handle that in the Lua configuration already.
Signed-off-by: Remi Gacogne <remi.gacogne@powerdns.com>
Remi Gacogne [Mon, 18 May 2026 10:37:30 +0000 (12:37 +0200)]
tcpiohandler: Don't throw exceptions over the C/C++ boundary
Signed-off-by: Remi Gacogne <remi.gacogne@powerdns.com>
Remi Gacogne [Mon, 18 May 2026 10:36:04 +0000 (12:36 +0200)]
dnsdist: Better handling of exceptions in outgoing DoH
We cannot throw exceptions over the C++/C boundary.
Signed-off-by: Remi Gacogne <remi.gacogne@powerdns.com>
Remi Gacogne [Mon, 18 May 2026 10:34:21 +0000 (12:34 +0200)]
dnsdist: Handle exceptions when dealing with asynchronous objects
Signed-off-by: Remi Gacogne <remi.gacogne@powerdns.com>
Remi Gacogne [Mon, 18 May 2026 10:32:10 +0000 (12:32 +0200)]
dnsdist: Fix TeeAction metrics on error/short datagrams
Signed-off-by: Remi Gacogne <remi.gacogne@powerdns.com>
Remi Gacogne [Mon, 18 May 2026 10:30:00 +0000 (12:30 +0200)]
dnsdist: Fix a bug not always displaying the first eBPF entry of a map
Signed-off-by: Remi Gacogne <remi.gacogne@powerdns.com>
Remi Gacogne [Mon, 18 May 2026 10:18:49 +0000 (12:18 +0200)]
dnsdist: Don't count BPF range entries twice
Signed-off-by: Remi Gacogne <remi.gacogne@powerdns.com>
Remi Gacogne [Mon, 18 May 2026 10:17:23 +0000 (12:17 +0200)]
dnsdist: Fix invalid BPF map size check
Signed-off-by: Remi Gacogne <remi.gacogne@powerdns.com>
Miod Vallat [Mon, 18 May 2026 09:08:22 +0000 (11:08 +0200)]
Merge pull request #17389 from miodvallat/minus148
auth: stricter string-to-int conversions
Miod Vallat [Mon, 18 May 2026 08:53:56 +0000 (10:53 +0200)]
Merge pull request #17388 from miodvallat/wheresmypassword
auth: webserver documentation tweaks
Remi Gacogne [Mon, 18 May 2026 08:47:32 +0000 (10:47 +0200)]
dnsdist: More clang-tidy fixes
Signed-off-by: Remi Gacogne <remi.gacogne@powerdns.com>
Remi Gacogne [Sun, 17 May 2026 09:47:16 +0000 (11:47 +0200)]
dnsdist: More clang-tidy fixes
Signed-off-by: Remi Gacogne <remi.gacogne@powerdns.com>
Miod Vallat [Mon, 18 May 2026 07:31:47 +0000 (09:31 +0200)]
Replace a bunch of std::stoi with pdns::checked_stoi.
Signed-off-by: Miod Vallat <miod.vallat@powerdns.com>
Miod Vallat [Mon, 18 May 2026 07:31:23 +0000 (09:31 +0200)]
Correctly reject a negative number of entries for search.
Signed-off-by: Miod Vallat <miod.vallat@powerdns.com>
Miod Vallat [Mon, 18 May 2026 06:42:10 +0000 (08:42 +0200)]
Sort webserver options.
Signed-off-by: Miod Vallat <miod.vallat@powerdns.com>
Miod Vallat [Mon, 18 May 2026 06:38:44 +0000 (08:38 +0200)]
Advise configuring webserver-password more strongly.
Signed-off-by: Miod Vallat <miod.vallat@powerdns.com>
Remi Gacogne [Sun, 17 May 2026 09:19:54 +0000 (11:19 +0200)]
Merge pull request #17381 from rgacogne/ddist-fix-set-health-check-params
dnsdist: Fix DownstreamState::setHealthCheckParams
Remi Gacogne [Fri, 15 May 2026 20:01:38 +0000 (22:01 +0200)]
Merge pull request #17382 from rgacogne/ddist-cdb-race
dnsdist: Fix a data race on concurrent CDB KVS lookups
Remi Gacogne [Fri, 15 May 2026 20:01:16 +0000 (22:01 +0200)]
Merge pull request #17383 from rgacogne/ddist-xsk-fixes
dnsdist: Fix a few issues in our AF_XDP/XSK code
Remi Gacogne [Fri, 15 May 2026 15:17:08 +0000 (17:17 +0200)]
dnsdist: Remove empty line
Signed-off-by: Remi Gacogne <remi.gacogne@powerdns.com>
Remi Gacogne [Fri, 15 May 2026 15:15:36 +0000 (17:15 +0200)]
Merge pull request #17384 from rgacogne/edns-cookie-validity-logic
ednscookies: Fix timestamp validity check
Remi Gacogne [Fri, 15 May 2026 15:02:29 +0000 (17:02 +0200)]
dnsdist: Gracefully handle no TLS session tickets allowed
Signed-off-by: Remi Gacogne <remi.gacogne@powerdns.com>
Miod Vallat [Fri, 15 May 2026 15:00:59 +0000 (17:00 +0200)]
Merge pull request #17239 from GrapheneOS/improved-backup-selector
auth: only apply backupSelector to the first non-empty group
Remi Gacogne [Fri, 15 May 2026 14:57:04 +0000 (16:57 +0200)]
dnsdist: Fix formatting
Signed-off-by: Remi Gacogne <remi.gacogne@powerdns.com>
Remi Gacogne [Fri, 15 May 2026 14:54:39 +0000 (16:54 +0200)]
dnsdist: Fix a bug caught by clang-tidy
Signed-off-by: Remi Gacogne <remi.gacogne@powerdns.com>
Remi Gacogne [Fri, 15 May 2026 14:52:29 +0000 (16:52 +0200)]
dnsdist: Add a unit test for "keep live connections around"
Signed-off-by: Remi Gacogne <remi.gacogne@powerdns.com>
Remi Gacogne [Fri, 15 May 2026 14:52:13 +0000 (16:52 +0200)]
dnsdist: Make clang-tidy happy
Signed-off-by: Remi Gacogne <remi.gacogne@powerdns.com>
Remi Gacogne [Fri, 15 May 2026 14:51:11 +0000 (16:51 +0200)]
dnsdist: Keep concurrent connection entries for live connections
Otherwise clients that manage to keep their connections around for
a long time can bypass the limit.
Signed-off-by: Remi Gacogne <remi.gacogne@powerdns.com>
Remi Gacogne [Fri, 15 May 2026 14:34:34 +0000 (16:34 +0200)]
Merge pull request #17380 from rgacogne/ddist-ecs-wrap-around
dnsdist: Fix OPT rdlen computation when adding ECS
Remi Gacogne [Fri, 15 May 2026 14:20:18 +0000 (16:20 +0200)]
ednscookies: Fix timestamp validity check
I _think_ the check was wrong, but please double-check my logic.
Signed-off-by: Remi Gacogne <remi.gacogne@powerdns.com>
Remi Gacogne [Fri, 15 May 2026 14:05:36 +0000 (16:05 +0200)]
dnsdist: Appease clang-tidy (again)
Signed-off-by: Remi Gacogne <remi.gacogne@powerdns.com>
Remi Gacogne [Fri, 15 May 2026 14:03:34 +0000 (16:03 +0200)]
Merge pull request #17378 from rgacogne/ddist-smt-top-counters
dnsdist: Fix the dynamic block top suffixes counters computation
projects / thirdparty / pdns.git / log
