git.ipfire.org Git - thirdparty/pdns.git/log

dnsdist: Allow selecting a specific version of Lua with meson

Signed-off-by: Remi Gacogne <remi.gacogne@powerdns.com>

iputils: Make static addresses static in `ComboAddress::isUnspecified`

Prevent having to instantiate them again and again, as suggested by
Otto.

Signed-off-by: Remi Gacogne <remi.gacogne@powerdns.com>

Merge pull request #16244 from rgacogne/ddist-dnsheader-timeout-response

dnsdist: Set up the dns header for timeout response rules

dnsdist: Fix a memory link with OCSP and OpenSSL 3.6.0

See https://github.com/openssl/openssl/issues/28888
I'm not very happy with the fix, but I don't really have a better idea at this point.

Reported by LeakSanitizer:
```
=================================================================
==121188==ERROR: LeakSanitizer: detected memory leaks

Direct leak of 1132 byte(s) in 2 object(s) allocated from:
    #0 0x7f9278720cb5 in malloc /usr/src/debug/gcc/gcc/libsanitizer/asan/asan_malloc_linux.cpp:67
    #1 0x7f9277f9189e in CRYPTO_malloc (/usr/lib/libcrypto.so.3+0x19189e) (BuildId: 9943e383d1a8a3cdcf8786b70a4abbf903e67661)
    #2 0x561ed5dfcfe8 in libssl_ocsp_stapling_callback(ssl_st*, std::map<int, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::less<int>, std::allocator<std::pair<int const, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > > > const&) ../libssl.cc:378
    #3 0x7f92779c965a  (/usr/lib/libssl.so.3+0xb065a) (BuildId: 05d6e27a4ef1635017caf539e4d5b5687767d20b)
    #4 0x7f92779b2b2d  (/usr/lib/libssl.so.3+0x99b2d) (BuildId: 05d6e27a4ef1635017caf539e4d5b5687767d20b)
    #5 0x7f92779b579d  (/usr/lib/libssl.so.3+0x9c79d) (BuildId: 05d6e27a4ef1635017caf539e4d5b5687767d20b)
    #6 0x561ed5f94e44 in OpenSSLTLSConnection::tryHandshake() ../tcpiohandler.cc:375
    #7 0x561ed58d690d in TCPIOHandler::tryHandshake() ../tcpiohandler.hh:369
    #8 0x561ed58d690d in IncomingTCPConnectionState::handleHandshake(timeval const&) ../dnsdist-tcp.cc:1070
    #9 0x561ed593118d in IncomingTCPConnectionState::handleIO() ../dnsdist-tcp.cc:1251
    #10 0x561ed58fc420 in handleIncomingTCPQuery ../dnsdist-tcp.cc:1468
    #11 0x561ed3b21d72 in std::function<void (int, boost::any&)>::operator()(int, boost::any&) const /usr/include/c++/15.2.1/bits/std_function.h:593
    #12 0x561ed3b21d72 in EpollFDMultiplexer::run(timeval*, int) ../epollmplexer.cc:188
    #13 0x561ed591a6e8 in tcpClientThread ../dnsdist-tcp.cc:1698
    #14 0x561ed593d147 in void std::__invoke_impl<void, void (*)(pdns::channel::Receiver<ConnectionInfo, std::default_delete<ConnectionInfo> >&&, pdns::channel::Receiver<CrossProtocolQuery, std::default_delete<CrossProtocolQuery> >&&, pdns::channel::Receiver<TCPCrossProtocolResponse, std::default_delete<TCPCrossProtocolResponse> >&&, pdns::channel::Sender<TCPCrossProtocolResponse, std::default_delete<TCPCrossProtocolResponse> >&&, std::vector<ClientState*, std::allocator<ClientState*> >), pdns::channel::Receiver<ConnectionInfo, std::default_delete<ConnectionInfo> >, pdns::channel::Receiver<CrossProtocolQuery, std::default_delete<CrossProtocolQuery> >, pdns::channel::Receiver<TCPCrossProtocolResponse, std::default_delete<TCPCrossProtocolResponse> >, pdns::channel::Sender<TCPCrossProtocolResponse, std::default_delete<TCPCrossProtocolResponse> >, std::vector<ClientState*, std::allocator<ClientState*> > >(std::__invoke_other, void (*&&)(pdns::channel::Receiver<ConnectionInfo, std::default_delete<ConnectionInfo> >&&, pdns::channel::Receiver<CrossProtocolQuery, std::default_delete<CrossProtocolQuery> >&&, pdns::channel::Receiver<TCPCrossProtocolResponse, std::default_delete<TCPCrossProtocolResponse> >&&, pdns::channel::Sender<TCPCrossProtocolResponse, std::default_delete<TCPCrossProtocolResponse> >&&, std::vector<ClientState*, std::allocator<ClientState*> >), pdns::channel::Receiver<ConnectionInfo, std::default_delete<ConnectionInfo> >&&, pdns::channel::Receiver<CrossProtocolQuery, std::default_delete<CrossProtocolQuery> >&&, pdns::channel::Receiver<TCPCrossProtocolResponse, std::default_delete<TCPCrossProtocolResponse> >&&, pdns::channel::Sender<TCPCrossProtocolResponse, std::default_delete<TCPCrossProtocolResponse> >&&, std::vector<ClientState*, std::allocator<ClientState*> >&&) /usr/include/c++/15.2.1/bits/invoke.h:63
    #15 0x561ed593d147 in std::__invoke_result<void (*)(pdns::channel::Receiver<ConnectionInfo, std::default_delete<ConnectionInfo> >&&, pdns::channel::Receiver<CrossProtocolQuery, std::default_delete<CrossProtocolQuery> >&&, pdns::channel::Receiver<TCPCrossProtocolResponse, std::default_delete<TCPCrossProtocolResponse> >&&, pdns::channel::Sender<TCPCrossProtocolResponse, std::default_delete<TCPCrossProtocolResponse> >&&, std::vector<ClientState*, std::allocator<ClientState*> >), pdns::channel::Receiver<ConnectionInfo, std::default_delete<ConnectionInfo> >, pdns::channel::Receiver<CrossProtocolQuery, std::default_delete<CrossProtocolQuery> >, pdns::channel::Receiver<TCPCrossProtocolResponse, std::default_delete<TCPCrossProtocolResponse> >, pdns::channel::Sender<TCPCrossProtocolResponse, std::default_delete<TCPCrossProtocolResponse> >, std::vector<ClientState*, std::allocator<ClientState*> > >::type std::__invoke<void (*)(pdns::channel::Receiver<ConnectionInfo, std::default_delete<ConnectionInfo> >&&, pdns::channel::Receiver<CrossProtocolQuery, std::default_delete<CrossProtocolQuery> >&&, pdns::channel::Receiver<TCPCrossProtocolResponse, std::default_delete<TCPCrossProtocolResponse> >&&, pdns::channel::Sender<TCPCrossProtocolResponse, std::default_delete<TCPCrossProtocolResponse> >&&, std::vector<ClientState*, std::allocator<ClientState*> >), pdns::channel::Receiver<ConnectionInfo, std::default_delete<ConnectionInfo> >, pdns::channel::Receiver<CrossProtocolQuery, std::default_delete<CrossProtocolQuery> >, pdns::channel::Receiver<TCPCrossProtocolResponse, std::default_delete<TCPCrossProtocolResponse> >, pdns::channel::Sender<TCPCrossProtocolResponse, std::default_delete<TCPCrossProtocolResponse> >, std::vector<ClientState*, std::allocator<ClientState*> > >(void (*&&)(pdns::channel::Receiver<ConnectionInfo, std::default_delete<ConnectionInfo> >&&, pdns::channel::Receiver<CrossProtocolQuery, std::default_delete<CrossProtocolQuery> >&&, pdns::channel::Receiver<TCPCrossProtocolResponse, std::default_delete<TCPCrossProtocolResponse> >&&, pdns::channel::Sender<TCPCrossProtocolResponse, std::default_delete<TCPCrossProtocolResponse> >&&, std::vector<ClientState*, std::allocator<ClientState*> >), pdns::channel::Receiver<ConnectionInfo, std::default_delete<ConnectionInfo> >&&, pdns::channel::Receiver<CrossProtocolQuery, std::default_delete<CrossProtocolQuery> >&&, pdns::channel::Receiver<TCPCrossProtocolResponse, std::default_delete<TCPCrossProtocolResponse> >&&, pdns::channel::Sender<TCPCrossProtocolResponse, std::default_delete<TCPCrossProtocolResponse> >&&, std::vector<ClientState*, std::allocator<ClientState*> >&&) /usr/include/c++/15.2.1/bits/invoke.h:98
    #16 0x561ed593d147 in void std::thread::_Invoker<std::tuple<void (*)(pdns::channel::Receiver<ConnectionInfo, std::default_delete<ConnectionInfo> >&&, pdns::channel::Receiver<CrossProtocolQuery, std::default_delete<CrossProtocolQuery> >&&, pdns::channel::Receiver<TCPCrossProtocolResponse, std::default_delete<TCPCrossProtocolResponse> >&&, pdns::channel::Sender<TCPCrossProtocolResponse, std::default_delete<TCPCrossProtocolResponse> >&&, std::vector<ClientState*, std::allocator<ClientState*> >), pdns::channel::Receiver<ConnectionInfo, std::default_delete<ConnectionInfo> >, pdns::channel::Receiver<CrossProtocolQuery, std::default_delete<CrossProtocolQuery> >, pdns::channel::Receiver<TCPCrossProtocolResponse, std::default_delete<TCPCrossProtocolResponse> >, pdns::channel::Sender<TCPCrossProtocolResponse, std::default_delete<TCPCrossProtocolResponse> >, std::vector<ClientState*, std::allocator<ClientState*> > > >::_M_invoke<0ul, 1ul, 2ul, 3ul, 4ul, 5ul>(std::_Index_tuple<0ul, 1ul, 2ul, 3ul, 4ul, 5ul>) /usr/include/c++/15.2.1/bits/std_thread.h:303
    #17 0x561ed593d147 in std::thread::_Invoker<std::tuple<void (*)(pdns::channel::Receiver<ConnectionInfo, std::default_delete<ConnectionInfo> >&&, pdns::channel::Receiver<CrossProtocolQuery, std::default_delete<CrossProtocolQuery> >&&, pdns::channel::Receiver<TCPCrossProtocolResponse, std::default_delete<TCPCrossProtocolResponse> >&&, pdns::channel::Sender<TCPCrossProtocolResponse, std::default_delete<TCPCrossProtocolResponse> >&&, std::vector<ClientState*, std::allocator<ClientState*> >), pdns::channel::Receiver<ConnectionInfo, std::default_delete<ConnectionInfo> >, pdns::channel::Receiver<CrossProtocolQuery, std::default_delete<CrossProtocolQuery> >, pdns::channel::Receiver<TCPCrossProtocolResponse, std::default_delete<TCPCrossProtocolResponse> >, pdns::channel::Sender<TCPCrossProtocolResponse, std::default_delete<TCPCrossProtocolResponse> >, std::vector<ClientState*, std::allocator<ClientState*> > > >::operator()() /usr/include/c++/15.2.1/bits/std_thread.h:310
    #18 0x561ed593d147 in std::thread::_State_impl<std::thread::_Invoker<std::tuple<void (*)(pdns::channel::Receiver<ConnectionInfo, std::default_delete<ConnectionInfo> >&&, pdns::channel::Receiver<CrossProtocolQuery, std::default_delete<CrossProtocolQuery> >&&, pdns::channel::Receiver<TCPCrossProtocolResponse, std::default_delete<TCPCrossProtocolResponse> >&&, pdns::channel::Sender<TCPCrossProtocolResponse, std::default_delete<TCPCrossProtocolResponse> >&&, std::vector<ClientState*, std::allocator<ClientState*> >), pdns::channel::Receiver<ConnectionInfo, std::default_delete<ConnectionInfo> >, pdns::channel::Receiver<CrossProtocolQuery, std::default_delete<CrossProtocolQuery> >, pdns::channel::Receiver<TCPCrossProtocolResponse, std::default_delete<TCPCrossProtocolResponse> >, pdns::channel::Sender<TCPCrossProtocolResponse, std::default_delete<TCPCrossProtocolResponse> >, std::vector<ClientState*, std::allocator<ClientState*> > > > >::_M_run() /usr/include/c++/15.2.1/bits/std_thread.h:255
    #19 0x7f92772e55a3 in execute_native_thread_routine /usr/src/debug/gcc/gcc/libstdc++-v3/src/c++11/thread.cc:104
    #20 0x7f927865e11a in asan_thread_start /usr/src/debug/gcc/gcc/libsanitizer/asan/asan_interceptors.cpp:239
    #21 0x7f92766969ca  (/usr/lib/libc.so.6+0x969ca) (BuildId: 4fe011c94a88e8aeb6f2201b9eb369f42b4a1e9e)

SUMMARY: AddressSanitizer: 1132 byte(s) leaked in 2 allocation(s).
```

Signed-off-by: Remi Gacogne <remi.gacogne@powerdns.com>

ComboAddress: Fix "unspecified address" test when the port is set

This fixes the QUIC issue reported on FreeBSD: the frontend
was not considered to be bound to an `ANY`/unspecified address
because the port was set, causing the address selection address
to fail.

Signed-off-by: Remi Gacogne <remi.gacogne@powerdns.com>

Merge pull request #16209 from miodvallat/declined_to_comment

pdnsutil: fix b2b-migrate to from sql to non-sql

Merge pull request #16251 from omoerbeek/rec-rust-warning

rec: silence rust warning

Add more DoT tests using a local responder

Signed-off-by: Otto Moerbeek <otto.moerbeek@open-xchange.com>

Merge pull request #16213 from miodvallat/tertiary

auth: fix a secondary domain type check in bind backend

In zone copy, proceed anyway if --force even if target doesn't support comments.

Signed-off-by: Miod Vallat <miod.vallat@powerdns.com>

Merge pull request #16243 from miodvallat/meet_your_maker

auth: remove and delete dead code which turns out to be dead and also not alive

Merge pull request #16240 from miodvallat/lua_and_order

auth: boring changes to lua backend

auth sdist: include additional files/dirs

Signed-off-by: Peter van Dijk <peter.van.dijk@powerdns.com>

dnsdist: Don't choke on invalid DNS payload when generating protobuf messages

Signed-off-by: Remi Gacogne <remi.gacogne@powerdns.com>

dnsdist: Properly zero-initialize the "fake" DNS header

Signed-off-by: Remi Gacogne <remi.gacogne@powerdns.com>

dnsdist: Set up the dns header for timeout response rules

Response actions expect that there is a DNS payload containing at
least a DNS header, as an incoming packet smaller than a DNS header
would have been discarded early in the processing path.
Unfortunately this is not true for timeout response rules, where we
no longer have the DNS payload from the query and obviously don't
have a response either. This commit restores a DNS header from the
information we have (query ID, flags) so that most actions can
proceed normally.

Signed-off-by: Remi Gacogne <remi.gacogne@powerdns.com>

Merge pull request #16123 from pieterlexis/dnsdist-ipcrypt-16110

dnsdist: Add IPCrypt2 PFX to Remote(Response)LogAction

Merge pull request #16215 from romeroalx/fix-pip-name-normalization

gh actions - misc-dailies: fix test that validates hashes of Python packages

Merge pull request #16245 from miodvallat/matriochka_exception

auth: yet another logic botch

Appease clang-tidy

Signed-off-by: Miod Vallat <miod.vallat@powerdns.com>

In getUpdatedPrimaries(), parse zone name first.

Otherwise, if another field is not parsed correctly, we risk triggering
another exception while attempting to use the unset zone name in the
error report.

Signed-off-by: Miod Vallat <miod.vallat@powerdns.com>

Merge pull request #16242 from rgacogne/ddist-xsk-large-payload

dnsdist: Fix handling of large XSK frames

dnsdist: Fix handling of large XSK frames

There was a bug in the way we were computing the remaining capacity
of a XSK frame, because we forgot to account for the network headers.
This caused some XSK responses to be discarded by the kernel (`tx_invalid_descs`)
because there was not enough space left in the frame (less than
`XDP_PACKET_HEADROOM`).

Thanks to `ednaq` for reporting this via ou YesWeHack program.

Signed-off-by: Remi Gacogne <remi.gacogne@powerdns.com>

Remove leftover DNSBackend::maker() routines.

Signed-off-by: Miod Vallat <miod.vallat@powerdns.com>

Merge pull request #16241 from rgacogne/ddist-round-robin-atomic

dnsdist: Make the round-robin LB policy internal counter atomic

dnsdist: Make the round-robin LB policy internal counter atomic

Otherwise TSAN is rightfully complaining that there is a data race
because several threads are updating at the same time. While the
impact of this counter being corrupted is almost zero, and there is
an actual overhead to making it atomic, I believe this is the only
correct way to ensure the expected behaviour of this policy.

Signed-off-by: Remi Gacogne <remi.gacogne@powerdns.com>

Merge pull request #16239 from hhoffstaette/roundrobin-fastpath

dnsdist: add fast path to roundrobin load balancing policy

Merge pull request #16238 from rgacogne/ddist-fix-crash-handling-timeout

dnsdist: Properly handle exceptions when processing timeout rules

Expand the logCall and logResult macros.

They are in the way of structured logging and can't remain in this form.

Signed-off-by: Miod Vallat <miod.vallat@powerdns.com>

Clearance sale on {} brackets, which clang-tidy will require eventually.

Signed-off-by: Miod Vallat <miod.vallat@powerdns.com>

dnsdist: add fast path to roundrobin load balancing policy

There is no need to collect all servers that are up when the current
server is already a good candidate. This avoids needless heap allocation
and deallocation in the vast majority of cases.

Signed-off-by: Holger Hoffstätte <holger@applied-asynchrony.com>

Merge pull request #16236 from jsoref/indent-list

docs: Indent list

Merge pull request #16237 from jsoref/add-period

docs: Add trailing period

Merge pull request #16235 from horazont/fix/doc-dnssec-link-algo-rollover

docs: link algorithm rollover from DNSSEC operational instructions

Merge pull request #16233 from horazont/fix/doc-dnssec-soa-edit-notes

docs: fix markup for list of "Important Notes"

build-scripts: Remove unused dist-{dist,recursor}

Signed-off-by: Remi Gacogne <remi.gacogne@powerdns.com>

dnsdist: Fix formatting, ignore complexity for now

Signed-off-by: Remi Gacogne <remi.gacogne@powerdns.com>

docs: Add trailing period

Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>

docs: Indent list

Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>

docs: link algorithm rollover from DNSSEC operational instructions

I probably would've missed it anyway, because that section of the
document has strong "motivational / introductory text" vibes which make
my brain auto-skip it, but at least there's a chance now.

Signed-off-by: Jonas Schäfer <jonas@zombofant.net>

docs: fix markup for list of "Important Notes"

This had me confused while reading, because the list wasn't rendered as
list (but as a paragraph) and I wondered why starting with 00 would
increase the chance of overflow...

Signed-off-by: Jonas Schäfer <jonas@zombofant.net>

rec: silence rust warning

Signed-off-by: Otto Moerbeek <otto.moerbeek@open-xchange.com>

luawrapper: don't segfault on failure in traceback handler

Signed-off-by: Peter van Dijk <peter.van.dijk@powerdns.com>

Merge pull request #16231 from omoerbeek/rec-unit-test-test

ci: Check return status of rec unit test run when using meson

Merge pull request #16227 from omoerbeek/unkeep-keeper-in-rec

Do not include dnsseckeeper.hh and ueberbackend.hh in rec

Firts stab at docs

Signed-off-by: Otto Moerbeek <otto.moerbeek@open-xchange.com>

Add tests, list gnutls as dependency

Signed-off-by: Otto Moerbeek <otto.moerbeek@open-xchange.com>

Allow runtime setting of TLS config tables by using rec_control reload-yaml

Signed-off-by: Otto Moerbeek <otto.moerbeek@open-xchange.com>

Provide TLS config by lookup on name or subnet.

With settable verification mode, provider, subject name and some more.

Signed-off-by: Otto Moerbeek <otto.moerbeek@open-xchange.com>

Link in gnutls provider and provide verify error status method for it

Signed-off-by: Otto Moerbeek <otto.moerbeek@open-xchange.com>

Add code to get certificate validation status (openssl only ATM)

Signed-off-by: Otto Moerbeek <otto.moerbeek@open-xchange.com>

dnsdist: Hopefully slightly reduce the complexity of `processQueryAfterRules`

Signed-off-by: Remi Gacogne <remi.gacogne@powerdns.com>

dnsdist: Properly handle exceptions when processing timeout rules

Signed-off-by: Remi Gacogne <remi.gacogne@powerdns.com>

Check return status of rec unit test run when using meson

Signed-off-by: Otto Moerbeek <otto.moerbeek@open-xchange.com>

Explicitly include file for openssl version number

Co-authored-by: Miod Vallat <miod.vallat@powerdns.com>
Signed-off-by: Otto Moerbeek <otto.moerbeek@open-xchange.com>

dnsdist: Add regression tests for the pool's zero scope bindings

Signed-off-by: Remi Gacogne <remi.gacogne@powerdns.com>

dnsdist: Do not use inverted logic for the pool's zero scope state

Signed-off-by: Remi Gacogne <remi.gacogne@powerdns.com>

dnsdist: Add unit tests for server consistency

Signed-off-by: Remi Gacogne <remi.gacogne@powerdns.com>

dnsdist: Try to appease clang-tidy

Signed-off-by: Remi Gacogne <remi.gacogne@powerdns.com>

dnsdist: Fix a caching bug when all servers are down and the query was received over TCP

Signed-off-by: Remi Gacogne <remi.gacogne@powerdns.com>

dnsdist: Speed up cache hits by skipping the LB policy when possible

We use to execute the load-balancing policy to select a backend before
doing the cache lookup, because in some corner cases the selected
backend might have settings that impact our cache lookup. In practice
most configurations have a consistent set of settings for all servers
in a given pool, so it makes no sense to waste CPU cycles selecting a
backend if we are going to get a hit from the cache.
This PR adds a bit of code to check if a pool is in a consistent state,
and if it is it delays the execution of the load-balancing policy to
after the cache lookup, skipping it entirely for cache hits.

Signed-off-by: Remi Gacogne <remi.gacogne@powerdns.com>

Merge pull request #16225 from miodvallat/a_ldap_oddity

auth: logic botch in ldap backend

Merge pull request #16226 from miodvallat/ldap_punk

auth: remove dead ldap code

Fix test-signers: if there's no ref to OpenSSL it fails

Signed-off-by: Otto Moerbeek <otto.moerbeek@open-xchange.com>

Merge pull request #16224 from rgacogne/ddist-xsk-typo-doc

dnsdist: Fix a typo in the XSK documentation

Merge pull request #15924 from rgacogne/ddist-refactor-server-pools

dnsdist: Refactor server pools and load-balancing policies

Correctly handle reconnection in several routines.

If the search failed with a LDAPNoConnection exception and reconnection
is successful, we would recurse to reiterate the operation, but then would
proceed with the exist logic operating on uninitialized data.

Signed-off-by: Miod Vallat <miod.vallat@powerdns.com>

Remove long deprecated and/or unused code.

Signed-off-by: Miod Vallat <miod.vallat@powerdns.com>

dnsdist: Add actual link to `newServer` in the XSK docs

Co-authored-by: Miod Vallat <miod.vallat@powerdns.com>
Signed-off-by: Remi Gacogne <remi.gacogne@powerdns.com>

auth/rec: seperate out dnssec constants from DNSSECKeeper by moving them to a DNSSEC class

This allows not having ueberbackend.hh in rec, it makes no sense including that file in rec

A bit of churn in rec, but all mechanical

Signed-off-by: Otto Moerbeek <otto.moerbeek@open-xchange.com>

Merge pull request #16223 from miodvallat/doctweaks

auth: minor doc tweak

Mention that unix socket support for webserver-address requires 5.0.

Fixes: #16222
Signed-off-by: Miod Vallat <miod.vallat@powerdns.com>

Move test-protozero-trace.cc to toplevel and add it in the autotools build where it was missing

Signed-off-by: Otto Moerbeek <otto.moerbeek@open-xchange.com>

protobuf logger: print opentelemetry id's in hex, implement proper arg parser

Signed-off-by: Otto Moerbeek <otto.moerbeek@open-xchange.com>

dnsdist: Add package urls to our SBOMs

Signed-off-by: Remi Gacogne <remi.gacogne@powerdns.com>

dnsdist: Yet another clang-tidy fix

Signed-off-by: Remi Gacogne <remi.gacogne@powerdns.com>

dnsdist: Fix a typo in the XSK documentation

Signed-off-by: Remi Gacogne <remi.gacogne@powerdns.com>

dnsdist: add support for TCP Fast Open on macOS

This uses Apple's connectx() API instead of UNIX connect() API.

Signed-off-by: Karel Bilek <kb@karelbilek.com>

dnsdist: Appease clang-tidy

Signed-off-by: Remi Gacogne <remi.gacogne@powerdns.com>

dnsdist: Fix typo

Signed-off-by: Remi Gacogne <remi.gacogne@powerdns.com>

spell-check: Remove 'splitsetup'

Signed-off-by: Remi Gacogne <remi.gacogne@powerdns.com>

dnsdist: Add regression tests for Lua pool bindings

Signed-off-by: Remi Gacogne <remi.gacogne@powerdns.com>

dnsdist: Remove a very outdated example of how to do split-setup

Signed-off-by: Remi Gacogne <remi.gacogne@powerdns.com>

dnsdist: Apply suggestions from code review

Signed-off-by: Remi Gacogne <remi.gacogne@powerdns.com>

dnsdist: Document the new behaviour for custom LB policies written in Lua

Signed-off-by: Remi Gacogne <remi.gacogne@powerdns.com>

dnsdist: Fix CodeQL warnings

Signed-off-by: Remi Gacogne <remi.gacogne@powerdns.com>

dnsdist: Simplify the least outstanding policy

The servers can no longer be updated under our feet, so we only need
one pass.

Signed-off-by: Remi Gacogne <remi.gacogne@powerdns.com>

dnsdist: Refactor load-balancing policies

Since we no longer need to increase the reference counter of the
returned backend (the runtime configuration cannot be updated be
updated under our feet anymore), we can return the position of the
selected backend in the initial array instead, significantly
reducing the performance cost of the load-balancing policies.

Signed-off-by: Remi Gacogne <remi.gacogne@powerdns.com>

dnsdist: Only set the DNSQuestion packet cache after a cache miss

Signed-off-by: Remi Gacogne <remi.gacogne@powerdns.com>

dnsdist: Server pools are no longer ref counted

Since the refactoring of the runtime configuration, the content of
a Server Pool is now in effect immutable, we have to create a new
copy and update it, so we no longer have to lock and reference count
Server Pools and their content.

Signed-off-by: Remi Gacogne <remi.gacogne@powerdns.com>

rec: Prevent generating release tarballs via autotools

Signed-off-by: Otto Moerbeek <otto.moerbeek@open-xchange.com>

dnsdist: Prevent generating release tarballs via autotools

Using the hook found by Otto, thanks!

Signed-off-by: Remi Gacogne <remi.gacogne@powerdns.com>

Merge pull request #16191 from rgacogne/ddist-test-meson-dist

build-and-test-all: Build dnsdist and recursor via a release tarball

dnsdist: Fix parameter names in `dnsdist_ffi_dnsquestion_set_alternate_name`

Signed-off-by: Remi Gacogne <remi.gacogne@powerdns.com>

dnsdist: Remove empty trailing line

Signed-off-by: Remi Gacogne <remi.gacogne@powerdns.com>

dnsdist: Fix clang-tidy warnings, test more cases

Signed-off-by: Remi Gacogne <remi.gacogne@powerdns.com>

dnsdist: Refactor the FFI "alternate name" interface

So we can use it without making the query asynchronous when we
don't have to.

Signed-off-by: Remi Gacogne <remi.gacogne@powerdns.com>

gh actions - misc-dailies: fix pip name normalization when validating hashes

Fix a secondary domain type check.

Signed-off-by: Miod Vallat <miod.vallat@powerdns.com>

Merge pull request #16205 from rgacogne/ddist-fix-settag-dynblock-doc

dnsdist: The dynamic block tag name is set via `tagName`, not `tagKey`