]> granicus.if.org Git - pdns/log
pdns
8 years agoMerge pull request #4332 from rgacogne/auth-apply-non-local-bind-query
Peter van Dijk [Mon, 5 Sep 2016 08:23:56 +0000 (10:23 +0200)]
Merge pull request #4332 from rgacogne/auth-apply-non-local-bind-query

auth: Apply `non-local-bind` to `query-local-address{,6}` when possible

8 years agoMerge pull request #4391 from pieterlexis/recursor-NTA-at-level-of-TA
Peter van Dijk [Mon, 5 Sep 2016 08:23:03 +0000 (10:23 +0200)]
Merge pull request #4391 from pieterlexis/recursor-NTA-at-level-of-TA

DNSSEC: Actually follow RFC 7646 §2.1

8 years agoMerge pull request #4381 from pieterlexis/query-local-address-before-lua-config-file
Peter van Dijk [Mon, 5 Sep 2016 08:22:08 +0000 (10:22 +0200)]
Merge pull request #4381 from pieterlexis/query-local-address-before-lua-config-file

Parse query-local-address before lua-config-file

8 years agoMerge pull request #4319 from pieterlexis/pipe-SERVFAIL-on-FAIL
Peter van Dijk [Mon, 5 Sep 2016 08:20:21 +0000 (10:20 +0200)]
Merge pull request #4319 from pieterlexis/pipe-SERVFAIL-on-FAIL

pipe: SERVFAIL when needed

8 years agoMerge pull request #4291 from rgacogne/rec-protbuf-only-tagged
Peter van Dijk [Mon, 5 Sep 2016 08:19:30 +0000 (10:19 +0200)]
Merge pull request #4291 from rgacogne/rec-protbuf-only-tagged

rec: Add an option to only send protobuf messages with a policy or tag set

8 years agoMerge pull request #4392 from pieterlexis/Lua-scripting-docs
Peter van Dijk [Fri, 2 Sep 2016 15:13:30 +0000 (17:13 +0200)]
Merge pull request #4392 from pieterlexis/Lua-scripting-docs

Docs: add missing functions, fix indents

8 years agoMerge pull request #4394 from pieterlexis/boost-context-1.61
Peter van Dijk [Fri, 2 Sep 2016 15:07:32 +0000 (17:07 +0200)]
Merge pull request #4394 from pieterlexis/boost-context-1.61

Recursor: allow building against Boost 1.61

8 years agoMerge pull request #4405 from pieterlexis/autotools-modules-no
Peter van Dijk [Fri, 2 Sep 2016 15:05:51 +0000 (17:05 +0200)]
Merge pull request #4405 from pieterlexis/autotools-modules-no

Auth: several autoconf cleanups

8 years agoAuth: allow --with-(dyn-)modules=no
Pieter Lexis [Fri, 2 Sep 2016 13:38:47 +0000 (15:38 +0200)]
Auth: allow --with-(dyn-)modules=no

Fixes #4399

8 years agoAdd 3.4.10 to secpoll
Pieter Lexis [Fri, 2 Sep 2016 08:53:57 +0000 (10:53 +0200)]
Add 3.4.10 to secpoll

8 years agoAuth: remove unused AC_DEFINE
Pieter Lexis [Fri, 2 Sep 2016 07:32:58 +0000 (09:32 +0200)]
Auth: remove unused AC_DEFINE

8 years agoauth: remove autoconf leftover from before the split
Pieter Lexis [Fri, 2 Sep 2016 07:31:57 +0000 (09:31 +0200)]
auth: remove autoconf leftover from before the split

8 years agoMerge pull request #4373 from ahupowerdns/compression-redo
bert hubert [Thu, 1 Sep 2016 14:51:13 +0000 (16:51 +0200)]
Merge pull request #4373 from ahupowerdns/compression-redo

Revamp label compression code which (+ some cleanups) speeds up large packet creation by ~40%

8 years agoMerge pull request #4393 from rgacogne/dnsdist-110-beta-changelog
Pieter Lexis [Thu, 1 Sep 2016 12:48:31 +0000 (14:48 +0200)]
Merge pull request #4393 from rgacogne/dnsdist-110-beta-changelog

dnsdist: Update ChangeLog for 1.1.0-beta1

8 years agodnsdist: Update ChangeLog for 1.1.0-beta1
Remi Gacogne [Thu, 1 Sep 2016 12:34:46 +0000 (14:34 +0200)]
dnsdist: Update ChangeLog for 1.1.0-beta1

8 years agoRec: show context lib in configure output
Pieter Lexis [Thu, 1 Sep 2016 10:35:31 +0000 (12:35 +0200)]
Rec: show context lib in configure output

8 years agoRec: support boost's fcontext in boost 1.61+
Pieter Lexis [Wed, 31 Aug 2016 14:22:57 +0000 (16:22 +0200)]
Rec: support boost's fcontext in boost 1.61+

8 years agoMerge pull request #4346 from mind04/anytotcp dnsdist-1.1.0-beta1
Pieter Lexis [Thu, 1 Sep 2016 09:38:03 +0000 (11:38 +0200)]
Merge pull request #4346 from mind04/anytotcp

change default for any-to-tcp to yes

8 years agoAdd test for NTA at level of TA
Pieter Lexis [Thu, 1 Sep 2016 09:23:35 +0000 (11:23 +0200)]
Add test for NTA at level of TA

8 years agoDNSSEC: Actually follow RFC 7646 §2.1
Pieter Lexis [Thu, 1 Sep 2016 09:04:05 +0000 (11:04 +0200)]
DNSSEC: Actually follow RFC 7646 §2.1

We were off by one when counting labels, so when an NTA was added for a
name where a TA was configured, we would still attempt validation.

Reported by @jpmens

8 years agorec: Add an option to only send protobuf messages with a policy or tag set
Remi Gacogne [Fri, 26 Aug 2016 13:57:25 +0000 (15:57 +0200)]
rec: Add an option to only send protobuf messages with a policy or tag set

8 years agoMerge pull request #4305 from rgacogne/dnsdist-lua-anon
bert hubert [Wed, 31 Aug 2016 14:48:04 +0000 (16:48 +0200)]
Merge pull request #4305 from rgacogne/dnsdist-lua-anon

dnsdist: Add an optional Lua callback for altering a Protobuf message

8 years agoMerge pull request #4350 from rgacogne/rec-tcp-gettag
bert hubert [Wed, 31 Aug 2016 14:44:05 +0000 (16:44 +0200)]
Merge pull request #4350 from rgacogne/rec-tcp-gettag

rec: Call `gettag()` for TCP queries

8 years agoMerge pull request #4380 from rgacogne/dnsdist-clang-ebpf
bert hubert [Wed, 31 Aug 2016 14:43:40 +0000 (16:43 +0200)]
Merge pull request #4380 from rgacogne/dnsdist-clang-ebpf

dnsdist: Fix compilation with clang when eBPF support is enabled

8 years agoMerge pull request #4387 from pieterlexis/port-overflow
bert hubert [Wed, 31 Aug 2016 14:42:49 +0000 (16:42 +0200)]
Merge pull request #4387 from pieterlexis/port-overflow

ComboAddress: don't allow invalid ports

8 years agoMerge pull request #4379 from sspans/patch-1
bert hubert [Wed, 31 Aug 2016 14:28:25 +0000 (16:28 +0200)]
Merge pull request #4379 from sspans/patch-1

Update notrack rules

8 years agoComboAddress: don't allow invalid ports
Pieter Lexis [Wed, 31 Aug 2016 13:30:30 +0000 (15:30 +0200)]
ComboAddress: don't allow invalid ports

Add tests for this.

Fixes: #4382
8 years agoDocs: add missing functions, fix indents
Pieter Lexis [Tue, 30 Aug 2016 12:55:22 +0000 (14:55 +0200)]
Docs: add missing functions, fix indents

On the recursor scripting page

8 years agoParse query-local-address before lua-config-file
Pieter Lexis [Tue, 30 Aug 2016 09:09:38 +0000 (11:09 +0200)]
Parse query-local-address before lua-config-file

@42wim discovered that the query-local-address was not used for the
initial RPZ AXFR. However, it was used in subsequent IXFRs. It appears
that we executed the lua-config-file before checking the
query-local-address(6).

8 years agodnsdist: Fix warnings when compiling with clang
Remi Gacogne [Tue, 30 Aug 2016 08:41:07 +0000 (10:41 +0200)]
dnsdist: Fix warnings when compiling with clang

8 years agoremove hash signs
Sten Spans [Tue, 30 Aug 2016 06:51:04 +0000 (08:51 +0200)]
remove hash signs

As requested by @ahupowerdns, to make copy-pasting easier.

8 years agoUpdate notrack rules
Sten Spans [Tue, 30 Aug 2016 06:42:22 +0000 (08:42 +0200)]
Update notrack rules

* switch from NOTRACK to CT target (deprecated around 2012)
* add output accept for sport 53
* describe firewalld configuration for newer centos/fedora/redhat versions

```
Date: Thu, 20 Dec 2012 12:26:22 +0100
Subject: [PATCH] netfilter: xt_CT: recover NOTRACK target support

Florian Westphal reported that the removal of the NOTRACK target
(9655050 netfilter: remove xt_NOTRACK) is breaking some existing
setups.

That removal was scheduled for removal since long time ago as
described in Documentation/feature-removal-schedule.txt
```

https://patchwork.ozlabs.org/patch/207653/

8 years agodnsdist: Fix compilation with clang when eBPF is enabled
Remi Gacogne [Mon, 29 Aug 2016 15:54:03 +0000 (17:54 +0200)]
dnsdist: Fix compilation with clang when eBPF is enabled

8 years agoMerge pull request #4359 from pieterlexis/doc-fixes
Pieter Lexis [Mon, 29 Aug 2016 15:49:38 +0000 (17:49 +0200)]
Merge pull request #4359 from pieterlexis/doc-fixes

Several documentation fixes

8 years agoMerge pull request #4368 from rgacogne/rec-more-lua-bindings
Pieter Lexis [Mon, 29 Aug 2016 15:49:29 +0000 (17:49 +0200)]
Merge pull request #4368 from rgacogne/rec-more-lua-bindings

rec: Fix doc for ComboAddress/Netmask Lua bindings, add missing ones

8 years agoMerge pull request #4376 from rgacogne/rec-uninit-policy
Pieter Lexis [Mon, 29 Aug 2016 15:49:21 +0000 (17:49 +0200)]
Merge pull request #4376 from rgacogne/rec-uninit-policy

rec: fix the use of an uninitialized filtering policy

8 years agoDocument config-dir in the manpage better
Pieter Lexis [Mon, 29 Aug 2016 13:09:53 +0000 (15:09 +0200)]
Document config-dir in the manpage better

Closes #4372

8 years agorec: document edns-subnet-whitelist
Pieter Lexis [Tue, 23 Aug 2016 15:50:27 +0000 (17:50 +0200)]
rec: document edns-subnet-whitelist

Closes #4275

8 years agoRec: Fully document loglevel
Pieter Lexis [Tue, 23 Aug 2016 15:42:27 +0000 (17:42 +0200)]
Rec: Fully document loglevel

closes #4209

8 years agorec: fix the use of an uninitialized filtering policy
Remi Gacogne [Mon, 29 Aug 2016 09:52:00 +0000 (11:52 +0200)]
rec: fix the use of an uninitialized filtering policy

If `wantsRPZ` is set to false by the `prerpz` hook, `dfepol` might
not be correctly initialized. This leads to `appliedPolicy` not being
either before being passed to `preresolve` and `postresolve`.

Reported by Coverity.

8 years agoMerge pull request #4365 from rgacogne/dnsdist-outstanding-race
Remi Gacogne [Mon, 29 Aug 2016 09:10:54 +0000 (11:10 +0200)]
Merge pull request #4365 from rgacogne/dnsdist-outstanding-race

dnsdist: Reset origFD asap to keep the outstanding count correct

8 years agoMerge pull request #4348 from rgacogne/dnsdist-outstanding-xfr
Remi Gacogne [Mon, 29 Aug 2016 09:10:23 +0000 (11:10 +0200)]
Merge pull request #4348 from rgacogne/dnsdist-outstanding-xfr

dnsdist: Fix invalid outstanding count for {A,I}XFR over TCP

8 years agoMerge pull request #4375 from rgacogne/dnsdist-dynbpf-tuple-rga
Remi Gacogne [Mon, 29 Aug 2016 09:07:02 +0000 (11:07 +0200)]
Merge pull request #4375 from rgacogne/dnsdist-dynbpf-tuple-rga

dnsdist: tuple requires make_tuple to initialize

8 years agoadd test case for domains with more than 34 parts which our static vector can't compr...
bert hubert [Sat, 27 Aug 2016 12:53:54 +0000 (14:53 +0200)]
add test case for domains with more than 34 parts which our static vector can't compress. Plus deal with that case.

8 years agoturns out TSIG signing code was using the DNSPacketWriter in a superspecial way....
bert hubert [Sat, 27 Aug 2016 08:48:35 +0000 (10:48 +0200)]
turns out TSIG signing code was using the DNSPacketWriter in a superspecial way. Fixed now.

8 years agoremove d_record idea from DNSPacketWriter: write the packet directly now. Solves...
bert hubert [Fri, 26 Aug 2016 21:11:48 +0000 (23:11 +0200)]
remove d_record idea from DNSPacketWriter: write the packet directly now. Solves SOA-inter record compression bug. Still left to do: add check for names with more labels than we are prepared to handle. Plus handle that case.

8 years agorename d_positions, remove unused "d_pos"
bert hubert [Fri, 26 Aug 2016 19:26:01 +0000 (21:26 +0200)]
rename d_positions, remove unused "d_pos"

8 years agomoving some include files to prevent clashes of #defines on OSX
bert hubert [Fri, 26 Aug 2016 18:41:19 +0000 (20:41 +0200)]
moving some include files to prevent clashes of #defines on OSX

8 years agothe all new label compression code that is 40% faster even on fast malloc. This commi...
bert hubert [Fri, 26 Aug 2016 15:05:33 +0000 (17:05 +0200)]
the all new label compression code that is 40% faster even on fast malloc. This commit has a bug with compression within records, and it will fail the tests we made for that too.

8 years agoadd a test that verifies (again) that SOA records get good compression of names withi...
bert hubert [Fri, 26 Aug 2016 15:04:53 +0000 (17:04 +0200)]
add a test that verifies (again) that SOA records get good compression of names within themselves. Output easier to interpret than that from test-dnsrecords.

8 years agoa base32 test had a stupid name
bert hubert [Fri, 26 Aug 2016 15:04:30 +0000 (17:04 +0200)]
a base32 test had a stupid name

8 years agodnsparser was using an empty dnsname when it meant to use a root.
bert hubert [Fri, 26 Aug 2016 13:36:54 +0000 (15:36 +0200)]
dnsparser was using an empty dnsname when it meant to use a root.

8 years agosave a ton of DNSName(".") and DNSName("*") instantiations. Even though these live...
bert hubert [Fri, 26 Aug 2016 13:26:10 +0000 (15:26 +0200)]
save a ton of DNSName(".") and DNSName("*") instantiations. Even though these live on the stack, we were going through needless motions.

8 years agoadd pre-made DNSName objects for the root and wildcard. Move DNSName== inline. Revers...
bert hubert [Fri, 26 Aug 2016 13:04:35 +0000 (15:04 +0200)]
add pre-made DNSName objects for the root and wildcard. Move DNSName== inline. Reverse its comparison order.

8 years agoadd some more speedtests
bert hubert [Fri, 26 Aug 2016 11:56:27 +0000 (13:56 +0200)]
add some more speedtests

8 years agoadd a test that checks we compress all the things in packetwriter
bert hubert [Fri, 26 Aug 2016 10:51:05 +0000 (12:51 +0200)]
add a test that checks we compress all the things in packetwriter

8 years agodnsdist: tuple requires make_tuple to initialize
Remi Gacogne [Fri, 26 Aug 2016 15:52:48 +0000 (17:52 +0200)]
dnsdist: tuple requires make_tuple to initialize

Fix compilation on Ubuntu Xenial.
Reported by Christof Chen (thanks!).

8 years agoAdd recursor 4.0.2 secpoll
Pieter Lexis [Fri, 26 Aug 2016 13:23:09 +0000 (15:23 +0200)]
Add recursor 4.0.2 secpoll

Thanks @zaphodb for noticing

8 years agoslightly improve 4.0.2 recursor release notes
bert hubert [Fri, 26 Aug 2016 10:30:05 +0000 (12:30 +0200)]
slightly improve 4.0.2 recursor release notes

8 years agoMerge pull request #4364 from pieterlexis/rec-4.0.2-changelog rec-4.0.2
Pieter Lexis [Fri, 26 Aug 2016 10:19:24 +0000 (12:19 +0200)]
Merge pull request #4364 from pieterlexis/rec-4.0.2-changelog

Add Recursor 4.0.2 changelog

8 years agoAdd Recursor 4.0.2 changelog
Pieter Lexis [Thu, 25 Aug 2016 09:54:29 +0000 (11:54 +0200)]
Add Recursor 4.0.2 changelog

8 years agodoc: Clarify `gettag()` use, `dq`'s `addPolicyTag()`, `{get,set}PolicyTags()`
Remi Gacogne [Mon, 22 Aug 2016 16:12:32 +0000 (18:12 +0200)]
doc: Clarify `gettag()` use, `dq`'s `addPolicyTag()`, `{get,set}PolicyTags()`

8 years agorec: Call `gettag()` for TCP queries
Remi Gacogne [Mon, 22 Aug 2016 14:15:12 +0000 (16:15 +0200)]
rec: Call `gettag()` for TCP queries

The `gettag()` hook used to be called to set a tag for the packet cache
and hence it did not make sense to call it for TCP queries, but now it
can also be used to policy tags.

8 years agorec: Fix doc for ComboAddress/Netmask Lua bindings, add missing ones
Remi Gacogne [Fri, 26 Aug 2016 10:06:17 +0000 (12:06 +0200)]
rec: Fix doc for ComboAddress/Netmask Lua bindings, add missing ones

8 years agoMerge pull request #4324 from rgacogne/lua-RPZ-discard-rebased
bert hubert [Fri, 26 Aug 2016 10:06:27 +0000 (12:06 +0200)]
Merge pull request #4324 from rgacogne/lua-RPZ-discard-rebased

Allow Lua access to the result of the Policy Engine decision, skip RPZ

8 years agoMerge pull request #3 from pieterlexis/lua-RPZ-discard-rebased-doc-update
Remi Gacogne [Fri, 26 Aug 2016 08:22:52 +0000 (10:22 +0200)]
Merge pull request #3 from pieterlexis/lua-RPZ-discard-rebased-doc-update

The return value for prerpz is unused

8 years agoThe return value for prerpz is unused
Pieter Lexis [Fri, 26 Aug 2016 08:16:38 +0000 (10:16 +0200)]
The return value for prerpz is unused

8 years agodnsdist: Add an optional Lua callback for altering a Protobuf message
Remi Gacogne [Fri, 26 Aug 2016 07:53:24 +0000 (09:53 +0200)]
dnsdist: Add an optional Lua callback for altering a Protobuf message

For anonymization purposes, for example.

8 years agorec: The prerpz hook didn't return anything when compiled w/o Lua
Remi Gacogne [Fri, 26 Aug 2016 07:50:01 +0000 (09:50 +0200)]
rec: The prerpz hook didn't return anything when compiled w/o Lua

8 years agodnsdist: Reset origFD asap to keep the outstanding count correct
Remi Gacogne [Thu, 25 Aug 2016 15:15:54 +0000 (17:15 +0200)]
dnsdist: Reset origFD asap to keep the outstanding count correct

Previously the health check thread waited until we had finished
with the IDState to set `origFD` to -1, but:
* for the UDP client thread, the only difference it makes is that
`outstanding` will not be incremented if `origFD` is not -1,
which is not what we want since we are going to decrement it
* for the UDP responder thread, it actually increases the
likelihood of decrementing `outstanding` twice, once in the
responder threader and once in the health check thread.

This was especially likely to be an issue because the health check
thread used to call `gettime()` and to acquire a mutex before
setting `origFD` to -1.

8 years agoMerge pull request #4360 from 42wim/systemd
Pieter Lexis [Thu, 25 Aug 2016 13:57:02 +0000 (15:57 +0200)]
Merge pull request #4360 from 42wim/systemd

Make sure mariadb (mysql on centos/rhel) is started before pdns

8 years agoMerge pull request #4356 from rgacogne/auth-nocachelookup-tsig
Pieter Lexis [Thu, 25 Aug 2016 13:56:52 +0000 (15:56 +0200)]
Merge pull request #4356 from rgacogne/auth-nocachelookup-tsig

auth: Don't look up the packet cache for TSIG-enabled queries

8 years agofix subtle bug in findNamedPolicy
Pieter Lexis [Tue, 23 Aug 2016 07:41:18 +0000 (09:41 +0200)]
fix subtle bug in findNamedPolicy

8 years agoRevert "Recursor: Always log EDNS clientsubnet in trace"
Remi Gacogne [Tue, 23 Aug 2016 07:14:36 +0000 (09:14 +0200)]
Revert "Recursor: Always log EDNS clientsubnet in trace"

This reverts commit 601b188c559fb9d58392bc2115ddd583225ee52c.

`dc->d_ednssubnet` is only available when protobuf support is enabled.

8 years agorec: Fix rec_control man page tests
Remi Gacogne [Tue, 16 Aug 2016 15:55:34 +0000 (17:55 +0200)]
rec: Fix rec_control man page tests

8 years agoFix counting of `rec_control help` elements and grep syntax
Remi Gacogne [Tue, 16 Aug 2016 15:35:40 +0000 (17:35 +0200)]
Fix counting of `rec_control help` elements and grep syntax

8 years agoRecursor config for the regression tests is still in configs
Remi Gacogne [Tue, 16 Aug 2016 14:27:18 +0000 (16:27 +0200)]
Recursor config for the regression tests is still in configs

8 years agoFix hardcoded prefix in auth-zone-delegation test
Remi Gacogne [Tue, 16 Aug 2016 10:00:17 +0000 (12:00 +0200)]
Fix hardcoded prefix in auth-zone-delegation test

8 years agoActually fail on failed recursor tests
Remi Gacogne [Mon, 15 Aug 2016 13:28:24 +0000 (15:28 +0200)]
Actually fail on failed recursor tests

8 years agoFix hardcoded prefix in lowercase-outgoing test
Remi Gacogne [Mon, 15 Aug 2016 12:48:34 +0000 (14:48 +0200)]
Fix hardcoded prefix in lowercase-outgoing test

8 years agorecursor regression tests: have the socket live in /tmp
Pieter Lexis [Mon, 15 Aug 2016 09:32:41 +0000 (11:32 +0200)]
recursor regression tests: have the socket live in /tmp

8 years agoRecursor tests: we use bashisms now
Pieter Lexis [Mon, 15 Aug 2016 09:29:11 +0000 (11:29 +0200)]
Recursor tests: we use bashisms now

8 years agoRecursor tests: Fail on failed tests
Pieter Lexis [Mon, 15 Aug 2016 09:28:43 +0000 (11:28 +0200)]
Recursor tests: Fail on failed tests

8 years agoAdd regression tests for prerpz
Remi Gacogne [Mon, 15 Aug 2016 08:51:00 +0000 (10:51 +0200)]
Add regression tests for prerpz

8 years agoAdd documentation for the `prerpz` hook
Remi Gacogne [Mon, 15 Aug 2016 08:15:17 +0000 (10:15 +0200)]
Add documentation for the `prerpz` hook

8 years ago`protobufLogQuery()` never actually gets an applied policy
Remi Gacogne [Mon, 15 Aug 2016 08:01:45 +0000 (10:01 +0200)]
`protobufLogQuery()` never actually gets an applied policy

8 years agoMinor indentation fixes in `loadRecursorLuaConfig()`
Remi Gacogne [Mon, 15 Aug 2016 07:35:10 +0000 (09:35 +0200)]
Minor indentation fixes in `loadRecursorLuaConfig()`

8 years agorec: Add a 'prerpz' hook to be able to discard selected RPZ policies
Remi Gacogne [Fri, 12 Aug 2016 16:35:08 +0000 (18:35 +0200)]
rec: Add a 'prerpz' hook to be able to discard selected RPZ policies

8 years agoRPZ: Tests for wantsRPZ override, NSDNAME and NSIP
Pieter Lexis [Wed, 27 Jul 2016 21:03:20 +0000 (23:03 +0200)]
RPZ: Tests for wantsRPZ override, NSDNAME and NSIP

8 years agoRPZ: Implement NSDNAME and NSIP RPZ capabilities
Pieter Lexis [Wed, 27 Jul 2016 20:34:08 +0000 (22:34 +0200)]
RPZ: Implement NSDNAME and NSIP RPZ capabilities

Closes #2897

This also adds an extra bool 'wantsRPZ' to the Lua engine so RPZ
processing can be disabled for queries (Closes #4226).

Furthermore, IPv6 for RPZ is implemented.

8 years agoRPZ: Add metrics for the Policy Engine
Pieter Lexis [Wed, 27 Jul 2016 13:11:37 +0000 (15:11 +0200)]
RPZ: Add metrics for the Policy Engine

Closes #2895

8 years agoRPZ tests: add test for #4086
Pieter Lexis [Wed, 27 Jul 2016 10:44:09 +0000 (12:44 +0200)]
RPZ tests: add test for #4086

8 years agoAdd RPZ lua tests
Pieter Lexis [Tue, 26 Jul 2016 13:54:38 +0000 (15:54 +0200)]
Add RPZ lua tests

8 years agoAdd basic RPZ tests
Pieter Lexis [Tue, 26 Jul 2016 12:02:33 +0000 (14:02 +0200)]
Add basic RPZ tests

8 years agoAllow Lua to modify the RPZ decision
Pieter Lexis [Fri, 22 Jul 2016 18:56:44 +0000 (20:56 +0200)]
Allow Lua to modify the RPZ decision

in preResolve() and postResolve(), the user can now modify the whole
appliedPolicy. For clarity, the appliedPolicy elements have been named
policySomething. one can set the policyKind with the helper
pdns.policykinds.Name.

When the query is not marked as 'handled' by the Lua function, the
(possibly modified) policy is applied to the query.

8 years agoRPZ: Always set the policy name
Pieter Lexis [Fri, 22 Jul 2016 19:14:47 +0000 (21:14 +0200)]
RPZ: Always set the policy name

For slaved zones, set it to the name of the zone by default. For
file-based RPZs, use "rpzFile";

8 years agoRPZ: filter correctly by name
Pieter Lexis [Tue, 26 Jul 2016 11:48:01 +0000 (13:48 +0200)]
RPZ: filter correctly by name

Closes #4086

8 years agopdns_recursor.cc: Move comment to the right place
Pieter Lexis [Fri, 22 Jul 2016 18:49:39 +0000 (20:49 +0200)]
pdns_recursor.cc: Move comment to the right place

8 years agoRecursor: Always log EDNS clientsubnet in trace
Pieter Lexis [Fri, 22 Jul 2016 17:42:41 +0000 (19:42 +0200)]
Recursor: Always log EDNS clientsubnet in trace

8 years agolua-recursor4.cc: whitespace fixes
Pieter Lexis [Fri, 22 Jul 2016 17:34:28 +0000 (19:34 +0200)]
lua-recursor4.cc: whitespace fixes