]>
granicus.if.org Git - pdns/log
bert hubert [Wed, 25 Oct 2017 13:41:28 +0000 (15:41 +0200)]
Merge pull request #5835 from rgacogne/rec-disable-validation-for-infra
rec: Disable validation for infra queries, validate entries from the negcache
Remi Gacogne [Wed, 25 Oct 2017 12:53:13 +0000 (14:53 +0200)]
rec: Place CacheEntry and CacheKey into a unique namespace
aerique [Wed, 25 Oct 2017 11:54:29 +0000 (13:54 +0200)]
Merge pull request #5774 from ahupowerdns/our-latency-metric
Implement experimental metric tracking time spent within PowerDNS per query
bert hubert [Wed, 25 Oct 2017 10:46:41 +0000 (12:46 +0200)]
also account for network latency when talking to hardcoded servers
bert hubert [Wed, 25 Oct 2017 10:40:20 +0000 (12:40 +0200)]
remove whitespace
Remi Gacogne [Fri, 20 Oct 2017 13:42:07 +0000 (15:42 +0200)]
rec: Validate entries retrieved from the negcache if needed
This happens if validation was not requested during the first query
but is requested when we retrieve a negatively cached entry.
This is useful when running with dnssec=process, and also especially
so now that we don't validate infra queries anymore.
Remi Gacogne [Thu, 19 Oct 2017 15:34:22 +0000 (17:34 +0200)]
rec: Don't validate infrastructure queries
Also require authoritative answer when looking for a cut, since we
use `DS` queries and not `NS` queries anymore.
aerique [Tue, 24 Oct 2017 11:28:36 +0000 (13:28 +0200)]
Merge pull request #5834 from rgacogne/rec-dont-cache-nsec3
rec: Don't directly store NSEC3 records in the positive cache
aerique [Mon, 23 Oct 2017 15:03:48 +0000 (17:03 +0200)]
Merge pull request #5822 from mind04/ldap-timeout
auth: ldapbackend, use the timeout setting in the PowerLDAP class
bert hubert [Mon, 23 Oct 2017 11:01:14 +0000 (13:01 +0200)]
add annotation to documentation, fix unrelated RST-warning
bert hubert [Mon, 23 Oct 2017 10:30:42 +0000 (12:30 +0200)]
Merge pull request #5832 from rgacogne/travis-list-repos
Remove all custom repositories
Peter van Dijk [Mon, 23 Oct 2017 09:42:43 +0000 (11:42 +0200)]
Merge pull request #5833 from rgacogne/auth-add-key
auth: Fix Coverity warnings in apiZoneCryptokeysPOST and BindDomainInfo
Remi Gacogne [Mon, 23 Oct 2017 08:47:17 +0000 (10:47 +0200)]
Merge pull request #5625 from rgacogne/dnsdist-set-status-on-auto
dnsdist: Add an optional `status` parameter to `setAuto()`
Remi Gacogne [Mon, 23 Oct 2017 08:45:48 +0000 (10:45 +0200)]
Merge pull request #5686 from rgacogne/dnsdist-qps-action
dnsdist: Add missing QPSAction
aerique [Mon, 23 Oct 2017 08:25:14 +0000 (10:25 +0200)]
Merge pull request #5836 from mind04/axfr-dnsname
auth: more DNSName in doAXFR()
aerique [Mon, 23 Oct 2017 07:20:48 +0000 (09:20 +0200)]
Merge pull request #5777 from rgacogne/auth-signing-pipe-std-thread
auth: Handle a signing pipe worker dying with work still pending
Kees Monshouwer [Fri, 20 Oct 2017 22:38:45 +0000 (00:38 +0200)]
auth: more DNSName in doAXFR()
Remi Gacogne [Thu, 19 Oct 2017 09:57:32 +0000 (11:57 +0200)]
rec: Don't directly store NSEC3 records in the positive cache
Remi Gacogne [Thu, 19 Oct 2017 09:14:00 +0000 (11:14 +0200)]
auth: Make sure hadFileDirective is initialized in BindDomainInfo
It should be initialized after BindParser::commit() has been called,
but let's make sure it still is if this function is not called.
Reported by Coverity.
Remi Gacogne [Thu, 19 Oct 2017 09:13:24 +0000 (11:13 +0200)]
auth: Handle addKey() returning false in apiZoneCryptokeysPOST
Reported by Coverity.
Remi Gacogne [Thu, 19 Oct 2017 08:45:23 +0000 (10:45 +0200)]
auth: Fix Bind2Backend::addDomainKey return value without SQLite3
Since
82cc07611d23c5e815d8673ae070cf0e421351ad changed the return value
from an `int` to a `bool`, it would return `true` instead of `false`
when SQLite3 support was not available.
Remi Gacogne [Wed, 18 Oct 2017 16:06:53 +0000 (18:06 +0200)]
Remove all custom repositories
Pieter Lexis [Wed, 18 Oct 2017 10:56:17 +0000 (12:56 +0200)]
Merge pull request #5825 from pieterlexis/default-zsk-algorithm-empty-is-ok
Auth: Don't warn on empty default-{k,z}sk-algorithm
Pieter Lexis [Wed, 18 Oct 2017 10:55:30 +0000 (12:55 +0200)]
Merge pull request #5826 from pieterlexis/jpmens-issues-edition-2017
Fix some of the issues found by @jpmens
Pieter Lexis [Wed, 18 Oct 2017 10:55:15 +0000 (12:55 +0200)]
Merge pull request #5828 from pieterlexis/document-nits
Fix a bunch of documentation nits
aerique [Wed, 18 Oct 2017 10:02:18 +0000 (12:02 +0200)]
Merge pull request #5779 from pieterlexis/api-rectify-version-2
Rectify zones via the API
Pieter Lexis [Wed, 18 Oct 2017 08:29:06 +0000 (10:29 +0200)]
API docs: "name" of a zone is read-only
Pieter Lexis [Tue, 17 Oct 2017 13:53:33 +0000 (15:53 +0200)]
docs: fix underline warning
Pieter Lexis [Tue, 17 Oct 2017 13:51:31 +0000 (15:51 +0200)]
doc: Document support named.conf statements
Closes #5790
Pieter Lexis [Tue, 17 Oct 2017 13:20:12 +0000 (15:20 +0200)]
docs: Document PGP keys used to sign tarballs
Closes #5635
Pieter Lexis [Tue, 17 Oct 2017 13:01:02 +0000 (15:01 +0200)]
docs: Describe RRSIG validity period a bit better
Closes #5714
Pieter Lexis [Mon, 16 Oct 2017 10:40:48 +0000 (12:40 +0200)]
Deduplicate and shorten API exception message
Pieter Lexis [Mon, 16 Oct 2017 10:32:39 +0000 (12:32 +0200)]
Add doRectify bool to DNSSECKeeper::rectifyZone()
This is added so the API can wrap an update to a zone's records *and*
DNSSEC info into a single transaction.
Pieter Lexis [Mon, 16 Oct 2017 10:31:38 +0000 (12:31 +0200)]
Reuse UeberBackend in DNSSECKeeper::rectifyZone()
But use a full UeberBackend when needed.
Pieter Lexis [Mon, 16 Oct 2017 09:37:26 +0000 (11:37 +0200)]
API: Fully boolify api_rectify
Pieter Lexis [Fri, 6 Oct 2017 15:04:23 +0000 (17:04 +0200)]
API: add rectify endpoint
Pieter Lexis [Fri, 6 Oct 2017 14:13:22 +0000 (16:13 +0200)]
API: Implement conditional rectification
This commit takes a lot of ideas and code from #3417 and subsequent
development and implements the following things:
- Generate DNSSEC keys for a zone when "dnssec" is true in an API
POST/PATCH for zones
- Rectify DNSSEC zones after POST/PATCH when API-RECTIFY metadata is 1
- Allow setting this metadata via the "api-rectify" param in a Zone
object
- Shows "nsec3param" and "nsec3narrow" in Zone API responses
- Adds an "rrsets" request parameter for a zone to skip sending RRSets
in the response (Closes #5712)
Closes #3417
Many thanks to Nils Wisiol (@nils-wisiol) for the initial
implementation.
Pieter Lexis [Fri, 6 Oct 2017 12:24:45 +0000 (14:24 +0200)]
Add checkNSEC3PARAM function
Pieter Lexis [Wed, 4 Oct 2017 14:20:07 +0000 (16:20 +0200)]
Move rectifyZone from pdnsutil to DNSSECKeeper
Pieter Lexis [Tue, 17 Oct 2017 12:30:28 +0000 (14:30 +0200)]
docs: document gpgsql default settings
Closes #5688
Pieter Lexis [Tue, 17 Oct 2017 12:20:57 +0000 (14:20 +0200)]
docs: Fix wrong description of webserver-address
Closes #5728
Pieter Lexis [Tue, 17 Oct 2017 12:18:48 +0000 (14:18 +0200)]
Fix a bunch of doc nits
Closes #5724
Pieter Lexis [Tue, 17 Oct 2017 12:28:16 +0000 (14:28 +0200)]
Merge pull request #5757 from mstathers/master
Update docs to reflect actual default database name.
Pieter Lexis [Mon, 16 Oct 2017 15:56:06 +0000 (17:56 +0200)]
Merge pull request #5740 from pieterlexis/lowercase-outgoing-all-the-things
rec: Lowercase all outgoing qnames when lowercase-outgoing is set
Pieter Lexis [Mon, 16 Oct 2017 15:54:21 +0000 (17:54 +0200)]
doc: Document that the bind-dnssec-db is not the normal gsqlite3 db
Closes #5785
Pieter Lexis [Mon, 16 Oct 2017 15:20:38 +0000 (17:20 +0200)]
BIND: reject zones without 'file' stanza
Closes #5786
Peter van Dijk [Mon, 16 Oct 2017 15:10:39 +0000 (17:10 +0200)]
Merge pull request #5824 from mind04/b-root
b.root renumbering, effective 2017-10-24
Remi Gacogne [Mon, 16 Oct 2017 14:16:37 +0000 (16:16 +0200)]
Merge pull request #5808 from rgacogne/rec-nsec-ent
rec: Check that the NSEC covers an ENT when looking for NODATA
Pieter Lexis [Mon, 16 Oct 2017 13:05:33 +0000 (15:05 +0200)]
docs: document 2 missing functions in pdnsutil.1
Closes #5784
Pieter Lexis [Mon, 16 Oct 2017 13:00:35 +0000 (15:00 +0200)]
pdnsutil: Check for domain before setting metadata
Closes #5787
Pieter Lexis [Thu, 28 Sep 2017 11:04:28 +0000 (13:04 +0200)]
Add test for lowercase-outgoing
Pieter Lexis [Mon, 16 Oct 2017 11:20:12 +0000 (13:20 +0200)]
Auth: Don't warn on empty default-{k,z}sk-algorithm
Closes #5809
Pieter Lexis [Thu, 28 Sep 2017 10:15:00 +0000 (12:15 +0200)]
Make lowercase-outgoing actually lowercase all q's
Before, we would only lowercase the original qname before handing it to
SyncRes. Now the asyncresolveWrapper lowercases if it has to behor
handing the qname to asyncresolve.
Kees Monshouwer [Sun, 15 Oct 2017 19:31:35 +0000 (21:31 +0200)]
b.root renumbering, effective 2017-10-24
Kees Monshouwer [Sat, 14 Oct 2017 22:13:02 +0000 (00:13 +0200)]
auth: ldapbackend, use the timeout setting in the PowerLDAP class
aerique [Fri, 13 Oct 2017 13:35:40 +0000 (15:35 +0200)]
Merge pull request #5820 from rgacogne/auth-mysql-trunc
auth: Display the needed size when a MySQL result was truncated
Remi Gacogne [Thu, 12 Oct 2017 15:55:41 +0000 (17:55 +0200)]
Merge pull request #5815 from Habbie/presigned-soa-edit
ignore SOA-EDIT for PRESIGNED zones. Fixes #5814
Remi Gacogne [Thu, 12 Oct 2017 15:32:52 +0000 (17:32 +0200)]
auth: Display the needed size when a MySQL result was truncated
Peter van Dijk [Thu, 12 Oct 2017 10:26:37 +0000 (12:26 +0200)]
ignore SOA-EDIT for PRESIGNED zones. Fixes #5814
Remi Gacogne [Wed, 11 Oct 2017 14:27:40 +0000 (16:27 +0200)]
Merge pull request #5800 from zeha/spelling
rec_control manpage: fix spelling error found by lintian
Remi Gacogne [Wed, 11 Oct 2017 14:26:40 +0000 (16:26 +0200)]
Merge pull request #5801 from rgacogne/auth-tinydns-indent-mismatch
auth: Fix missing else braces in TinyDNSBackend::get()
Remi Gacogne [Wed, 11 Oct 2017 12:30:27 +0000 (14:30 +0200)]
Merge pull request #5802 from rgacogne/travis-encrypt-channel
Encrypt the IRC channel name so notifications are not sent for forks
Remi Gacogne [Wed, 11 Oct 2017 10:20:42 +0000 (12:20 +0200)]
rec: The NSEC next name should be different to prove an ENT
While it's not an issue in the current code because we checked
earlier that the NSEC covered the name, it might prevent an issue
if we reuse nsecProvesENT() later.
Remi Gacogne [Wed, 11 Oct 2017 09:25:04 +0000 (11:25 +0200)]
rec: Check that the NSEC covers an ENT when looking for NODATA
Otherwise we might consider that a NSEC record covers a name when it
does not.
bert hubert [Tue, 10 Oct 2017 17:57:00 +0000 (19:57 +0200)]
Merge pull request #5803 from ahupowerdns/zero-exception
Fix throwing exceptions from MThreads, plus add unit tests
bert hubert [Tue, 10 Oct 2017 17:56:39 +0000 (19:56 +0200)]
Merge pull request #5805 from ahupowerdns/mthread-contain-except
improve logging of errors in carbon & web services thread
bert hubert [Tue, 10 Oct 2017 16:06:36 +0000 (18:06 +0200)]
It is 2017, also in README.md
bert hubert [Tue, 10 Oct 2017 16:03:24 +0000 (18:03 +0200)]
Tone down errors a bit, remove ominous ": "
aerique [Tue, 10 Oct 2017 14:25:09 +0000 (16:25 +0200)]
Merge pull request #5804 from Habbie/rec4.1a1-secpoll
add rec-4.1.0-alpha1 to secpoll
bert hubert [Tue, 10 Oct 2017 14:06:51 +0000 (16:06 +0200)]
use BOOST_CHECK_THROW, link in boost_context.cc
bert hubert [Tue, 10 Oct 2017 13:50:22 +0000 (15:50 +0200)]
improve logging of errors in carbon & web services thread
bert hubert [Tue, 10 Oct 2017 12:41:44 +0000 (14:41 +0200)]
add two tests for MTasker, including catching an exception
bert hubert [Tue, 10 Oct 2017 12:41:01 +0000 (14:41 +0200)]
if there was an mtasker waiter with no associated timeout, we would loop forever in MTasker::schedule()
bert hubert [Tue, 10 Oct 2017 10:48:55 +0000 (12:48 +0200)]
Fix crash on older boost when receiving an exception from an MThread
for older boost fcontext versions, we would return a boolean that said 'we
caught an exception for you and stored it in ctx', but we would not actually
retrieve the origin ctx, and then blindly attempt to rethrow the exception
(not) stored in the ctx we did have, leading to a crash. We now send back the
actual ctx, and check it for a stored exception.
Peter van Dijk [Tue, 10 Oct 2017 13:35:37 +0000 (15:35 +0200)]
add rec-4.1.0-alpha1 to secpoll
Remi Gacogne [Tue, 10 Oct 2017 07:47:41 +0000 (09:47 +0200)]
auth: Fix missing else braces in TinyDNSBackend::get()
It doesn't look like an issue since there is a `continue` at the end
of the alternative, but this is a lot cleaner that way.
Chris Hofstaedtler [Tue, 10 Oct 2017 05:54:41 +0000 (07:54 +0200)]
rec_control manpage: fix spelling error found by lintian
bert hubert [Mon, 9 Oct 2017 18:43:20 +0000 (20:43 +0200)]
as expected, the 'delta' latency between time passed and time spent on network sometimes goes negative (because we use timers like that). Protect ourselves against messing up the stats when that happens (it is very rare, but it happened to me)
Peter van Dijk [Mon, 9 Oct 2017 15:26:45 +0000 (17:26 +0200)]
Merge pull request #5794 from Habbie/azerty
fix azerty typo
Peter van Dijk [Mon, 9 Oct 2017 15:26:24 +0000 (17:26 +0200)]
Merge pull request #5791 from Habbie/tinydns-bogus-reporting
tinydns: report broken content that causes errors
Peter van Dijk [Mon, 9 Oct 2017 15:26:03 +0000 (17:26 +0200)]
Merge pull request #5789 from ahupowerdns/warn-sqlite3-replace
add note on how you can't replace the sqlite3 database file while pow…
Peter van Dijk [Mon, 9 Oct 2017 15:17:41 +0000 (17:17 +0200)]
Merge pull request #5775 from MatusKysel/master
Remove preprocessor directives for older GCC versions
aerique [Mon, 9 Oct 2017 14:15:18 +0000 (16:15 +0200)]
Merge pull request #5776 from aerique/feature/update-rec-changelog
Update the ChangeLog and secpoll for Recursor 4.1.0 RC1.
Remi Gacogne [Mon, 9 Oct 2017 08:46:59 +0000 (10:46 +0200)]
Encrypt the IRC channel name so notifications are not sent for forks
Erik Winkels [Mon, 9 Oct 2017 12:13:06 +0000 (14:13 +0200)]
Update secpoll for recursor 4.1.0-rc1.
Erik Winkels [Fri, 6 Oct 2017 11:59:25 +0000 (13:59 +0200)]
Update the ChangeLog for Recursor 4.1.0 RC1.
aerique [Mon, 9 Oct 2017 12:19:22 +0000 (14:19 +0200)]
Merge pull request #5780 from pieterlexis/libsodium-detect-fix
Fix libsodium autodetect without libsodium
aerique [Mon, 9 Oct 2017 11:47:00 +0000 (13:47 +0200)]
Merge pull request #5792 from rgacogne/web-socket-accept-nullptr
If accept() returns EAGAIN, Socket::accept() returns a null pointer
Peter van Dijk [Mon, 9 Oct 2017 09:03:15 +0000 (11:03 +0200)]
fix azerty typo
Peter van Dijk [Mon, 9 Oct 2017 10:29:37 +0000 (12:29 +0200)]
Merge pull request #5796 from rgacogne/travis-mongo-failure
Remove failing mongodb source from travis
Remi Gacogne [Mon, 9 Oct 2017 08:35:17 +0000 (10:35 +0200)]
Remove failing mongodb source from travis
Peter van Dijk [Sun, 8 Oct 2017 17:52:22 +0000 (19:52 +0200)]
tinydns: report broken content that causes errors
bert hubert [Sun, 8 Oct 2017 11:41:50 +0000 (13:41 +0200)]
add note on how you can't replace the sqlite3 database file while powerdns is running. Also strenghten sqlite3 analyze remark.
Remi Gacogne [Sat, 7 Oct 2017 08:28:35 +0000 (10:28 +0200)]
If accept() returns EAGAIN, Socket::accept() returns a null pointer
Pieter Lexis [Fri, 6 Oct 2017 18:30:24 +0000 (20:30 +0200)]
Add libsodium change to the upgrade guides
Pieter Lexis [Fri, 6 Oct 2017 18:22:20 +0000 (20:22 +0200)]
Fix libsodium autodetect without libsodium
Found by @mind04
aerique [Fri, 6 Oct 2017 15:04:02 +0000 (17:04 +0200)]
Merge pull request #5764 from pieterlexis/libsodium-auto-detect
autoconf: set --enable-libsodium to 'auto'
aerique [Fri, 6 Oct 2017 13:09:07 +0000 (15:09 +0200)]
Merge pull request #5773 from rgacogne/rec-check-negative-rrsig-validity
rec: Don't negcache entries for longer than their RRSIG validity
Matus Kysel [Fri, 6 Oct 2017 12:12:26 +0000 (14:12 +0200)]
Revert one of changed files
bert hubert [Fri, 6 Oct 2017 11:20:15 +0000 (13:20 +0200)]
Implement experimental metric tracking time spent within PowerDNS per query
With this commit, PowerDNS provides metrics on the difference between the time spent waiting for authoritative servers, and the amount of time elapsed between arrival of query
and sending out the response. This metric should be seen as experimental until operational experience proves its relevance.