Basic cookies test: enable cookies in rec and talk to auths with cookies disabled and enabled

Add setting, remove debug lines

TCP support for cookies, taking into account idle outgoing connections

Tidy rec-tcpout.??

Initial very raw version

Merge pull request #15945 from omoerbeek/rec-tidy-pubsuffix

rec pubsuffix: tidy and use C++ strings

Unbreak test.

Signed-off-by: Miod Vallat <miod.vallat@powerdns.com>

Perform stricter validation of TXT record contents.

Fixes: #11052
Signed-off-by: Miod Vallat <miod.vallat@powerdns.com>

Rework patchZone() signature and split it in multiple pieces. NFC

Signed-off-by: Miod Vallat <miod.vallat@powerdns.com>

Merge pull request #16054 from PowerDNS/dependabot/pip/regression-tests.dnsdist/h2-4.3.0

build(deps): bump h2 from 4.2.0 to 4.3.0 in /regression-tests.dnsdist

Merge pull request #16058 from omoerbeek/version-configure-in

rec/dnsdist: add (back) the line that sets the version in configure.ac

dnsdist: Fix code formatting

Signed-off-by: Remi Gacogne <remi.gacogne@powerdns.com>

dnsdist: Add regression tests for packet cache and EDNS padding

Signed-off-by: Remi Gacogne <remi.gacogne@powerdns.com>

dnsdist: Refactor YAML configuration parsing to reduce code complexity

Signed-off-by: Remi Gacogne <remi.gacogne@powerdns.com>

Merge pull request #16059 from miodvallat/where_is_my_404

REST API: bring back 404 errors

Merge pull request #15773 from karelbilek/kb/clarify_auth

dnsdist: Clarify different webserver auths

Merge pull request #16064 from rgacogne/ddist-properly-handle-truncation-sendmmsg

dnsdist: Properly handle truncation for UDP responses sent via `sendmmsg`

Merge pull request #15891 from miodvallat/behind_the_backend

Improve lmdb dyndns test results

Merge pull request #16024 from miodvallat/update_unless_don't

Correctly handle dnsupdate reject by Lua policy

fix case sensitivity handling for IXFR requests in ixfrdist

TXT record values are case sensitive, but the compilation of
an IXFR difference in ixfrdist doesn't produce a difference
when the change is only a case modification.

This commit removes the toLower() call when comparing record content
to properly handle case-sensitive changes.

Merge pull request #16050 from miodvallat/what_time_is_it

Display SOA check timestamps in human-readable form

dnsdist: Clarify different webserver auths

dnsdist: Skip EDNS padding content by default in the packet cache

Signed-off-by: Remi Gacogne <remi.gacogne@powerdns.com>

dnsdist: Properly handle truncation for UDP responses sent via `sendmmsg`

Signed-off-by: Remi Gacogne <remi.gacogne@powerdns.com>

dnsdist: Test that the configuration is correctly reloaded

Signed-off-by: Remi Gacogne <remi.gacogne@powerdns.com>

dnsdist: Refresh configuration after `recv` which may have blocked for a long time

Signed-off-by: Remi Gacogne <remi.gacogne@powerdns.com>

Merge pull request #15966 from miodvallat/unsafe

pdnsutil: report corrupted records

Merge pull request #15969 from miodvallat/seventh_json_of_a_seventh_json

web server: try harder to return response in the same type as the request

Add optional backend method to let them return invalid records.

Use this in pdnsutil check-zone to report these ill-formed records which
would otherwise never made visible.

Fixes: #4941
Signed-off-by: Miod Vallat <miod.vallat@powerdns.com>

Update lmdb dyndns oracles.

Signed-off-by: Miod Vallat <miod.vallat@powerdns.com>

Use pdnsutil backend-cmd list to get NSEC3 details in dyndns tests.

Signed-off-by: Miod Vallat <miod.vallat@powerdns.com>

Add a "list" backend-cmd which allows us to get NSEC3 ordername data.

Signed-off-by: Miod Vallat <miod.vallat@powerdns.com>

Merge pull request #16016 from Habbie/random-doc-nits

auth: random doc nits

Prevent the /* OPTIONS handler to turn every 404 error into 405.

Fixes: #14572
Signed-off-by: Miod Vallat <miod.vallat@powerdns.com>

Merge pull request #16056 from rkr-23/patch-1

Auth: Fix misleading description of tcp-control-port argument.

rec/dnsdist: add (back) the line that sets the version in configure.ac

Partial revert of #15717
Signed-off-by: Otto Moerbeek <otto.moerbeek@open-xchange.com>

Merge pull request #16046 from miodvallat/transfer_of_confusion

Make axfr error message more helpful when a domain can't be found

Fix misleading description of tcp-control-port argument.

Signed-off-by: Ramsanker K R <164614935+rkr-23@users.noreply.github.com>

Merge pull request #16044 from omoerbeek/rec-prep-5.3.0

rec: prep for rec-5.3.0

build(deps): bump h2 from 4.2.0 to 4.3.0 in /regression-tests.dnsdist

Bumps [h2](https://github.com/python-hyper/h2) from 4.2.0 to 4.3.0.
- [Changelog](https://github.com/python-hyper/h2/blob/master/CHANGELOG.rst)
- [Commits](https://github.com/python-hyper/h2/compare/v4.2.0...v4.3.0)

---
updated-dependencies:
- dependency-name: h2
  dependency-version: 4.3.0
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>

Merge pull request #16022 from romeroalx/fix-pip-pinning-2508

Update Python package pinning for setup_requires dependency `pbr` to version `7.0.1`

Display SOA check timestamps in human-readable form.

Fixes: #11134
Signed-off-by: Miod Vallat <miod.vallat@powerdns.com>

Merge pull request #16043 from omoerbeek/dnsdist-build-gcc8

dnsdist: allow building wth gcc8, which needs -lstdc++fs as link argument

Make axfr error message more helpful when a domain can't be found.

Fixes: #11084
Signed-off-by: Miod Vallat <miod.vallat@powerdns.com>

Merge pull request #16042 from omoerbeek/dnsdist-incr-macro

dnsdist: don't increment in a potential macro argument

rec: prep for rec-5.3.0

Signed-off-by: Otto Moerbeek <otto.moerbeek@open-xchange.com>

dnsdist: allow building wth gcc8, which needs -lstdc++fs as link argument

Signed-off-by: Otto Moerbeek <otto.moerbeek@open-xchange.com>

dnsdist: don't increment in a potential macro argument

Fixes g++ 8: ../dnsdist-crypto.cc:291:16: warning: operation on 'count' may be undefined [-Wsequence-point]

Signed-off-by: Otto Moerbeek <otto.moerbeek@open-xchange.com>

Merge pull request #16038 from rgacogne/ddist-add-missing-dist-files

dnsdist: Add missing generated files to the dist tarball

Merge pull request #15537 from romeroalx/ci-daily-build-pkgs-rel

GH actions: add daily build-packages for rel/* branches to ci

Merge pull request #15874 from rgacogne/ddist-get-current-runtime-config-optimization

dnsdist: Only check the freshness of the configuration when needed

dnsdist: Add missing generated files to the dist tarball

Signed-off-by: Remi Gacogne <remi.gacogne@powerdns.com>

process comments from Miod

dnsdist: Expose `refreshRuntimeConfiguration` to Lua

Signed-off-by: Remi Gacogne <remi.gacogne@powerdns.com>

dnsdist: Fix a typo is an exception message spotted by Miod

Co-authored-by: Miod Vallat <miod.vallat@powerdns.com>
Signed-off-by: Remi Gacogne <github@coredump.fr>

dnsdist: Apply Miod's suggestion

Co-authored-by: Miod Vallat <miod.vallat@powerdns.com>
Signed-off-by: Remi Gacogne <github@coredump.fr>

dnsdist: Fix clang-tidy warnings

Signed-off-by: Remi Gacogne <remi.gacogne@powerdns.com>

dnsdist: Don't call `nghttp2_session_send` from a callback

Signed-off-by: Remi Gacogne <remi.gacogne@powerdns.com>

dnsdist: Fix a memory access violation in the nghttp2 unit tests

Calling `nghttp2_session_send` from a callback does not work well
when ``nghttp2_session_send`` ends up closing the current stream,
triggering a use-after-free.
It's not clear from the API documentation, but it is mentioned in
the programmers' guide's remarks:

> Do not call `nghttp2_session_send()`, `nghttp2_session_mem_send2()`,
`nghttp2_session_recv()` or `nghttp2_session_mem_recv2()` from the
nghttp2 callback functions directly or indirectly. It will lead to the
crash. You can submit requests or frames in the callbacks then call
these functions outside the callbacks.

Signed-off-by: Remi Gacogne <remi.gacogne@powerdns.com>

clang-tidy, my old nemesis, we meet again.

Signed-off-by: Miod Vallat <miod.vallat@powerdns.com>

Merge pull request #16007 from rgacogne/ddist-h2-25

dnsdist: Add mitigations for the HTTP/2 MadeYouReset attack

Merge pull request #16034 from rgacogne/ddist-upgrade-h2o-226pdns3

dnsdist: Upgrade h2o to 2.2.6-pdns3

Merge pull request #16033 from miodvallat/boost_your_readability

Remove boost < 1.54 leftovers

dnsdist: Fix invalid log formatters spotted by Otto

Signed-off-by: Remi Gacogne <remi.gacogne@powerdns.com>

Keep timestamps for the complete list of files used by the zone parser.

Check all of them during freshness checks, so that an update to an included
file can correctly report the zone as outdated.

Fixes: #469
Signed-off-by: Miod Vallat <miod.vallat@powerdns.com>

Remove preprocessor check for Boost < 1.54.

Signed-off-by: Miod Vallat <miod.vallat@powerdns.com>

Remove workaround for Boost 1.53 since we require at least 1.54 to build.

Signed-off-by: Miod Vallat <miod.vallat@powerdns.com>

Let ZoneParserTNG keep a list of all visited files (such as includes).

Signed-off-by: Miod Vallat <miod.vallat@powerdns.com>

dnsdist: Upgrade h2o to 2.2.6-pdns3

Signed-off-by: Remi Gacogne <remi.gacogne@powerdns.com>

clang-tidy always finds something to complain about.

Signed-off-by: Miod Vallat <miod.vallat@powerdns.com>

Merge pull request #16021 from omoerbeek/rec-include-logr

rec: include logr.hh in bridge.hh

Return Refused when the lua update policy declines all updates.

Fixes: #14953
Signed-off-by: Miod Vallat <miod.vallat@powerdns.com>

Split PacketHandler::processUpdate() into multiple subfunctions. NFCI

Signed-off-by: Miod Vallat <miod.vallat@powerdns.com>

rec: include logr.hh in bridge.hh

Not doing so results in creating a shared pointer to an incomplete class,
which does not work for all compilers/c++ lib combinations.

Signed-off-by: Otto Moerbeek <otto.moerbeek@open-xchange.com>

gh actions: add daily build-packages for rel/* branches

gh actions: removed daily buider for rel/* branches

pip pinning: update requirements.txt for pbr 7.0.1

Merge pull request #16011 from omoerbeek/rec-path-unlink-unmodernize

rec: Path.unlink(True) requires python 3.8, rewrite so it works on older versions

Merge pull request #15988 from Habbie/noracular

drop ubuntu oracular, it is EOL

dnsdist: Also refresh the configuration when `recvmmsg` is used

Signed-off-by: Remi Gacogne <remi.gacogne@powerdns.com>

Merge pull request #16006 from miodvallat/12154-redone

More zone names in error messages

Merge pull request #15952 from miodvallat/system_five

auth: update CI for 5.x

clarify catz/views status

correct company name

Merge pull request #16012 from miodvallat/knocking_on_server's_door

auth: 5.0.0 release notes and secpoll update

5.0.0 release notes and secpoll update

Signed-off-by: Miod Vallat <miod.vallat@powerdns.com>

Merge pull request #15931 from rgacogne/ddist-faster-response-content-matching

dnsdist: Speed up response content matching

Merge pull request #15930 from rgacogne/ddist-backend-qps-limiter

dnsdist: Backend QPS limit refactoring

Merge pull request #15935 from rgacogne/ddist-incoming-concurrent-tcp-conn-counter-cleanup

dnsdist: Clean up incoming TCP connections counters once per minute

Refactor `DNSName::matches` around `pdns_ilexicographical_compare_three_way`

And rename it to hopefully prevent any confusion regarding when it can be used.

Signed-off-by: Remi Gacogne <remi.gacogne@powerdns.com>

Merge pull request #16010 from omoerbeek/rec-pubsuffix-followup

rec: check for pubsuffix.cc presence, followup to #15782

update keyblocks with non-SHA1 signing keys

fixes #15141

dnsdist: Remove unused `BasicQPSLimiter` and `QPSLimiter` ctors

Signed-off-by: Remi Gacogne <remi.gacogne@powerdns.com>

Merge pull request #16009 from miodvallat/backport-15991-to-auth-5.0.x

auth-5.0: backport "Fix Boost system lib dependency: it is no longer available since 1.89"

dnsdist: Fix error in comment spotted by Otto (seconds -> minutes)

Signed-off-by: Remi Gacogne <remi.gacogne@powerdns.com>

rec: Path.unlink(True) requires python 3.8, rewrite so it works on older versions

Signed-off-by: Otto Moerbeek <otto.moerbeek@open-xchange.com>

dnsdist: Apply Miod and clang-tidy's suggestions

Signed-off-by: Remi Gacogne <remi.gacogne@powerdns.com>

rec: check for pubsuffix.cc presence, followup to #15782

Signed-off-by: Otto Moerbeek <otto.moerbeek@open-xchange.com>

Merge pull request #15943 from zjs604381586/answer-log

add tc flag in answer log

Fix Boost system lib dependency: it is no longer available since 1.89

To do that, partly sync with upstream boost.m4

Should fix #15972

Signed-off-by: Otto Moerbeek <otto.moerbeek@open-xchange.com>
(cherry picked from commit e096f48218dd2ea82fc907ff62e4cbced121ca8b)