]>
granicus.if.org Git - pdns/log
Pieter Lexis [Wed, 7 Nov 2018 11:30:37 +0000 (12:30 +0100)]
Merge pull request #7159 from rgacogne/rec41-revert-6980
Remi Gacogne [Wed, 7 Nov 2018 10:49:24 +0000 (11:49 +0100)]
Revert "rec: Authority records in AA=1 CNAME answer are authoritative"
This reverts commit
4caae205f06cb989c415a9c1e0f4c5ec667236a2 .
It turns out that authority records in AA=1 CNAME answer may, or may
not, be authoritative, and that in some cases considering them as
authoritative causes DNSSEC validation failures.
aerique [Tue, 6 Nov 2018 14:15:01 +0000 (15:15 +0100)]
Merge pull request #7151 from aerique/rec41-sec-201810
Peter van Dijk [Mon, 5 Nov 2018 10:08:20 +0000 (11:08 +0100)]
Merge pull request #7120 from rgacogne/rec415-backports
Peter van Dijk [Thu, 1 Nov 2018 15:36:40 +0000 (16:36 +0100)]
Merge pull request #7125 from mind04/inception-skew
Kees Monshouwer [Mon, 29 Oct 2018 10:30:25 +0000 (11:30 +0100)]
rec: allow the signture inception to be off by a number of seconds.
Pieter Lexis [Wed, 31 Oct 2018 22:16:38 +0000 (23:16 +0100)]
Merge pull request #7122 from pieterlexis/rec-41-el6-pkg-fix
Pieter Lexis [Wed, 31 Oct 2018 16:17:18 +0000 (17:17 +0100)]
rec 4.1 el6: switch to devtoolset-7
Remi Gacogne [Wed, 31 Oct 2018 15:11:46 +0000 (16:11 +0100)]
Backport #7004
Remi Gacogne [Wed, 31 Oct 2018 15:11:40 +0000 (16:11 +0100)]
Backport #6951
Remi Gacogne [Wed, 31 Oct 2018 15:11:36 +0000 (16:11 +0100)]
Backport #6945
Remi Gacogne [Wed, 31 Oct 2018 15:11:31 +0000 (16:11 +0100)]
Backport #6925
Remi Gacogne [Wed, 31 Oct 2018 15:11:27 +0000 (16:11 +0100)]
Backport #6917
Remi Gacogne [Wed, 31 Oct 2018 15:11:21 +0000 (16:11 +0100)]
Backport #6948
Remi Gacogne [Wed, 31 Oct 2018 15:10:43 +0000 (16:10 +0100)]
Backport #6741
Remi Gacogne [Fri, 28 Sep 2018 14:08:10 +0000 (16:08 +0200)]
ProtobufLogger: Add support for the ServerIdentity field
(cherry picked from commit
c5ffc56c587c792aa6f8aca69d7d45f0a67c0f60 )
Remi Gacogne [Fri, 28 Sep 2018 14:11:28 +0000 (16:11 +0200)]
rec: Export the server ID in protobuf messages
(cherry picked from commit
c165308b66fcaf6bd2517afa165a27027e5919ad )
Remi Gacogne [Thu, 27 Sep 2018 14:45:03 +0000 (16:45 +0200)]
rec: Export the outgoing ECS value if any in our protobuf messages
(cherry picked from commit
0ff13512cb8a48f668d841e5f33ba1b48fb99a2a )
phonedph1 [Mon, 10 Sep 2018 15:08:01 +0000 (15:08 +0000)]
Be consistent with reload-zones and clear all caches on (N)TA changes.
(cherry picked from commit
8302d4cb1db346198ae9698f489b956abf0f0d32 )
Peter van Dijk [Sat, 8 Sep 2018 16:31:58 +0000 (18:31 +0200)]
realign ucontext stack after #6719
(cherry picked from commit
43c3c21ed15b52b43d69972985e8cc7f8240c1f5 )
phonedph1 [Tue, 4 Sep 2018 22:05:56 +0000 (22:05 +0000)]
Print possibly empty dnsnames safer
(cherry picked from commit
d3ca14b2ee0d1cfd66a64424dcfb9d03884c0ef0 )
Remi Gacogne [Mon, 3 Sep 2018 07:43:45 +0000 (09:43 +0200)]
Release memory in case of error in the OpenSSL ECDSA constructor
The current code will only fail to release the allocated memory if
called with an invalid algorithm, which won't happen, or if a
memory allocation fails in which case this might not matter much.
Still, it's cleaner to release the memory properly and might avoid
mistakes later if we look at this code while implementing a new
crypto backend.
(cherry picked from commit
b141d89b27e52c3a8e76ca79ec5201d001f4fce9 )
Remi Gacogne [Sat, 8 Sep 2018 15:15:14 +0000 (17:15 +0200)]
Fix compilation with LibreSSL 2.7.0+
(cherry picked from commit
1648b8ff39c705fdee526cd73bf2652982b80087 )
Remi Gacogne [Fri, 15 Jun 2018 15:01:07 +0000 (17:01 +0200)]
rec: Don't require authoritative answers for forward-recurse zones
(cherry picked from commit
ad797d945527040202105b6a775ab6df94b103c6 )
Remi Gacogne [Wed, 17 Oct 2018 14:00:29 +0000 (16:00 +0200)]
Merge pull request #7073 from rgacogne/rec41-backport-7070
Rafael Buchbinder [Tue, 16 Oct 2018 12:39:20 +0000 (15:39 +0300)]
pdns-recursor: avoid a memory leak in catch-all exception handler
This commit prevents a leak of DNSComboWriter in the catch-all exception
handler.
(cherry picked from commit
cbb097d8581dbb27d81be3a3022a96b8ad08e295 )
Remi Gacogne [Thu, 20 Sep 2018 12:46:11 +0000 (14:46 +0200)]
rec: Keep the EDNS status of a server on FormErr with EDNS
Note that the choice of DNAME in the unit test is an arbitrary
choice, we could even have used A here.
(cherry picked from commit
6fb756b6cd49d61eacf7865ce48d0edb62730710 )
(cherry picked from commit
d8b9d57103f1e1496767d9fac3955b1973e04302 )
Remi Gacogne [Wed, 12 Sep 2018 14:12:46 +0000 (16:12 +0200)]
rec: Refuse queries for rfc6895 section 3.1 meta types
(cherry picked from commit
ab1b5574d15a62e67a133828fc98502de830842c )
(cherry picked from commit
6bf06d65b9c9b9c2c41351ca4b56d54e7619d925 )
Remi Gacogne [Thu, 19 Jul 2018 13:52:40 +0000 (15:52 +0200)]
Do full packet comparison in the packet caches in addition to the hash
(cherry picked from commit
aab08a02344a66e14572cf63129d157d6e7ba8c9 )
(cherry picked from commit
f48315332c4542d09b58a14dafadc90d04f54abd )
Remi Gacogne [Wed, 23 May 2018 08:35:17 +0000 (10:35 +0200)]
Allocate DNSRecord objects as smart pointers right away
(cherry picked from commit
1339125af5afe6d6ecfe0a500c5fdc76d790459d )
(cherry picked from commit
7c87cee4b257a68cabf789b2f003fee969c812b7 )
Remi Gacogne [Mon, 8 Oct 2018 12:17:04 +0000 (14:17 +0200)]
Merge pull request #6980 from rgacogne/rec41-cname-authority
Remi Gacogne [Tue, 25 Sep 2018 13:10:40 +0000 (15:10 +0200)]
Merge pull request #6984 from Habbie/backport-6792
Remi Gacogne [Fri, 13 Jul 2018 09:19:04 +0000 (11:19 +0200)]
rec: Delay the creation of RPZ threads until we have dropped privileges
On Linux/glibc, calling `set*id()` from a thread results in the other
threads being sent the `SIGRT_1` signal so they are aware that they
should switch credentials too, because `POSIX` requires that all threads
use the same credentials but Linux actually handles it per thread.
The reception of the signal interrupts the current `syscall` with
`EINTR`, causing the loading of the `RPZ` zone to fail.
(cherry picked from commit
e6ec15bfe4c391a51eab7c51c38307c7e009768f )
Remi Gacogne [Wed, 19 Sep 2018 13:33:10 +0000 (15:33 +0200)]
rec: Authority records in AA=1 CNAME answer are authoritative
The records other than the CNAME for the initial target in ANSWER
are not, nor are the ADDITIONAL ones, but authority records are.
(cherry picked from commit
cdc5d0c09ac148c805e91411d863b04b144ebbf9 )
Pieter Lexis [Mon, 17 Sep 2018 13:59:56 +0000 (15:59 +0200)]
Merge pull request #6963 from rgacogne/rec41-cap-ecs-scope
Remi Gacogne [Fri, 14 Sep 2018 12:19:04 +0000 (14:19 +0200)]
Merge pull request #6971 from rgacogne/rec41-unfck-sphinx
Remi Gacogne [Fri, 14 Sep 2018 07:48:38 +0000 (09:48 +0200)]
Sphinx 1.8.0 seems broken, use any other version available instead
(cherry picked from commit
424a5ee31cd82870da5e1df4b908735967e2912a )
Remi Gacogne [Thu, 13 Sep 2018 10:03:43 +0000 (12:03 +0200)]
Merge pull request #6961 from rgacogne/rec41-ecs-index-tree-cleanup
Remi Gacogne [Thu, 14 Dec 2017 22:12:01 +0000 (23:12 +0100)]
rec: Add a regression test for invalid ECS scope from auth servers
(cherry picked from commit
635a67659f3a9066cf8ecaecbb65ff307d6fddac )
Remi Gacogne [Thu, 14 Dec 2017 22:11:25 +0000 (23:11 +0100)]
rec: Make sure that the ECS scope from the auth is < to the source
(cherry picked from commit
30d4402d06b494c36eb75cff80e2ecce9ca02e17 )
Remi Gacogne [Wed, 12 Sep 2018 10:42:37 +0000 (12:42 +0200)]
rec: Cleanup the netmask trees used for the ECS index on removals
Remi Gacogne [Tue, 4 Sep 2018 08:32:15 +0000 (10:32 +0200)]
Merge pull request #6919 from zeha/pdnslog-lua
Chris Hofstaedtler [Mon, 3 Sep 2018 09:39:59 +0000 (11:39 +0200)]
recursor: Allow pdnslog to Lua configuration files
Pieter Lexis [Fri, 31 Aug 2018 06:50:01 +0000 (08:50 +0200)]
Merge pull request #6867 from pieterlexis/rec-414-backports
Pieter Lexis [Thu, 30 Aug 2018 08:45:39 +0000 (10:45 +0200)]
Backport #6873
phonedph1 [Thu, 23 Aug 2018 17:27:02 +0000 (17:27 +0000)]
Purge all auth/forward zone data including subtree.
Previously this would miss purging out removed entries/data.
(cherry picked from commit
b68af3ee48054ebce87aec3df89abf75a71f8c49 )
Pieter Lexis [Tue, 21 Aug 2018 13:41:11 +0000 (15:41 +0200)]
Backport #6804
Pieter Lexis [Tue, 21 Aug 2018 12:01:04 +0000 (14:01 +0200)]
Backport #6465
Peter van Dijk [Wed, 25 Jul 2018 16:13:04 +0000 (18:13 +0200)]
skip recursor SNMP testing in buildbot
(cherry picked from commit
e204f700718a7a502bc98c8b65e6848e1c419975 )
Remi Gacogne [Tue, 10 Apr 2018 08:26:21 +0000 (10:26 +0200)]
rec: Don't account chained queries more than once
(cherry picked from commit
deca7d8f719397ce553383372ec5f80a2b94b414 )
Pieter Lexis [Tue, 21 Aug 2018 10:49:04 +0000 (12:49 +0200)]
Backport #6812
Pieter Lexis [Tue, 21 Aug 2018 10:48:54 +0000 (12:48 +0200)]
Backport #6809
Pieter Lexis [Tue, 21 Aug 2018 10:48:38 +0000 (12:48 +0200)]
Backport #6557
Pieter Lexis [Tue, 21 Aug 2018 10:48:18 +0000 (12:48 +0200)]
Backport #6518
Pieter Lexis [Tue, 21 Aug 2018 10:48:00 +0000 (12:48 +0200)]
Backport #6436
Pieter Lexis [Tue, 21 Aug 2018 07:55:37 +0000 (09:55 +0200)]
Merge pull request #6851 from rgacogne/rec41-disable-tcp-sockets-reuseport
Peter van Dijk [Thu, 26 Jul 2018 15:05:14 +0000 (17:05 +0200)]
do not load Lua in the distributor thread
(cherry picked from commit
3fe38b4b10f1e3208eac806eb4889730f0115c90 )
Peter van Dijk [Thu, 26 Jul 2018 14:24:06 +0000 (16:24 +0200)]
only load the Lua script in worker threads
(cherry picked from commit
5b388d28aef0346f1d51e39e0d3ebe3f440cdebe )
Peter van Dijk [Thu, 26 Jul 2018 14:20:26 +0000 (16:20 +0200)]
correct type for getRecursorThreadId
(cherry picked from commit
30da2030cf0cc0c5f9d59b6e30560c381a847432 )
Charles-Henri Bruyand [Wed, 8 Aug 2018 06:15:51 +0000 (08:15 +0200)]
Fix greediness issue
(cherry picked from commit
86bb687cc54a3949bea7f0984b81bb1e25064003 )
Charles-Henri Bruyand [Thu, 26 Jul 2018 07:30:12 +0000 (09:30 +0200)]
recursor tests: replace awk command by perl
(cherry picked from commit
1bd2b0d8c94eec1a5908256110c5396296646065 )
Peter van Dijk [Tue, 1 May 2018 17:16:52 +0000 (19:16 +0200)]
make rec_control respect include-dir; closes #6536
(cherry picked from commit
14cd977426717d549120404b29f13e66c3acc044 )
Remi Gacogne [Fri, 27 Apr 2018 16:49:33 +0000 (18:49 +0200)]
rec: Clarify a bit what an incomning UDP queries processing round is
(cherry picked from commit
78227847a6c17d890b405b057fc87e651de31604 )
Remi Gacogne [Thu, 19 Apr 2018 15:03:54 +0000 (17:03 +0200)]
rec: Add a new max-udp-queries-per-round setting
This new setting limits the number of UDP queries we attempt to
handle after being woken up by the multiplexer and before returning
back to process other events.
Before this, we could end up trying to process queries after queries
and almost never return from handleNewUDPQuestion() to process new
events, meaning we could eventually end up never scheduling new
mthreads or handle responses from authoritative servers for a long
time, only sending responses for packetcache hits and creating new
mthreads.
(cherry picked from commit
a5886e6adad3c19e3490fba1dc7e580defb83eee )
Chris Hofstaedtler [Tue, 3 Apr 2018 08:55:38 +0000 (10:55 +0200)]
Split PDNS_ENABLE_UNIT_TESTS so recursor, dnsdist dont have meaningless --enable-backend-unit-tests
(cherry picked from commit
662d9972039d4bf32f70479b0139c1ecfe7d108e )
Remi Gacogne [Fri, 17 Aug 2018 10:13:16 +0000 (12:13 +0200)]
rec: Every thread listen on all TCP sockets without reuseport/distributes
Remi Gacogne [Mon, 13 Aug 2018 15:12:54 +0000 (17:12 +0200)]
rec: Disable only our own TCP listening socket when reuseport is enabled
(cherry picked from commit
adb6cd72c33eadaa60db7abdddea5ff1d29cf51b )
Remi Gacogne [Wed, 1 Aug 2018 12:43:48 +0000 (14:43 +0200)]
Merge pull request #6793 from rgacogne/rec41-gcc-8-warnings
Peter van Dijk [Wed, 25 Jul 2018 16:25:10 +0000 (18:25 +0200)]
Merge pull request #6794 from rgacogne/rec41-mtasker-container-bounds
Remi Gacogne [Wed, 9 May 2018 15:06:40 +0000 (17:06 +0200)]
Fix warnings reported by GCC 8.1.0
- polymorphic exceptions caught by value
- ComboAddress objects manipulated via `memset()`
(cherry picked from commit
d38e2ba97a78aa9dfc894fc4e13a6f3a410dd31a )
Remi Gacogne [Wed, 6 Jun 2018 08:37:25 +0000 (10:37 +0200)]
rec: Allocate one more stack byte to make _GLIBCXX_ASSERTIONS happy
(cherry picked from commit
5529b1b183a2b2a51784fe6ee292bdf9032e8834 )
Remi Gacogne [Thu, 5 Jul 2018 08:25:46 +0000 (10:25 +0200)]
Merge pull request #6772 from rgacogne/rec41-rec-snmp-broadcast
Remi Gacogne [Wed, 4 Jul 2018 11:36:00 +0000 (13:36 +0200)]
Merge pull request #6771 from rgacogne/rec41-unit-tests-thel
Remi Gacogne [Wed, 4 Jul 2018 09:33:53 +0000 (11:33 +0200)]
rec: Reorder more headers to be able to build with Boost 1.67+
Remi Gacogne [Wed, 6 Jun 2018 15:15:51 +0000 (17:15 +0200)]
rec: Add regression tests for SNMP
(cherry picked from commit
aa7a54c910f03af7c71a9bec0e4f8afda320aeb3 )
Remi Gacogne [Wed, 6 Jun 2018 14:05:20 +0000 (16:05 +0200)]
rec: Allow the SNMP thread to retrieve statistics
(cherry picked from commit
788eeb4c3318f5f6827943e4953941f48b2dc22a )
Remi Gacogne [Tue, 22 May 2018 13:09:58 +0000 (15:09 +0200)]
Merge pull request #6642 from rgacogne/rec41-fix-error-string
Remi Gacogne [Tue, 22 May 2018 13:09:22 +0000 (15:09 +0200)]
Merge pull request #6646 from Habbie/backport-6630
Peter van Dijk [Sun, 20 May 2018 09:13:59 +0000 (11:13 +0200)]
-rdynamic is for the linker
(cherry picked from commit
f1f504545f6165b794e8fe5ddd29812610c63db9 )
Remi Gacogne [Mon, 21 May 2018 16:38:26 +0000 (18:38 +0200)]
rec: Fix 'adding an integer to a string does not append to it' error
(cherry picked from commit
1763442754e6a30dd0fc0c6a37316c2b30b9a3b8 )
Pieter Lexis [Fri, 18 May 2018 12:08:49 +0000 (13:08 +0100)]
Merge pull request #6595 from Habbie/rec-4.1.x-boost-L
Pieter Lexis [Fri, 18 May 2018 12:08:28 +0000 (13:08 +0100)]
Merge pull request #6611 from mnordhoff/6130-rec-4.1.x
Remi Gacogne [Wed, 16 May 2018 15:04:48 +0000 (17:04 +0200)]
Merge pull request #6612 from rgacogne/backports-4.1.3
Remi Gacogne [Wed, 16 May 2018 12:46:03 +0000 (14:46 +0200)]
Backport #6469
Remi Gacogne [Wed, 16 May 2018 12:45:52 +0000 (14:45 +0200)]
Backport #6467
Remi Gacogne [Wed, 16 May 2018 12:45:44 +0000 (14:45 +0200)]
Backport #6313
Remi Gacogne [Wed, 11 Apr 2018 10:13:24 +0000 (12:13 +0200)]
rec: Fix the logged delay in the RPZ retriever thread
(cherry picked from commit
7a4bed25f45636f1ef23c99093ac432ec412ddc4 )
Remi Gacogne [Wed, 11 Apr 2018 09:33:10 +0000 (11:33 +0200)]
rec: Respect the AXFR timeout while connecting to the server
(cherry picked from commit
e07c3801fa248c5976799e5ed3bf40479173d0e6 )
bert hubert [Wed, 11 Apr 2018 08:24:04 +0000 (10:24 +0200)]
add comment
(cherry picked from commit
d04ac1081f9157bdc7a6c2fa630c4c50bef77515 )
bert hubert [Wed, 11 Apr 2018 08:15:57 +0000 (10:15 +0200)]
aj reported that we increase "dnssec-validations" counter even when running
with process-no-validate. This can be caused by us receiving queries for
special names ('localhost', 'version.bind') which we explicitly mark as
Insecure. This led our statistics to conclude a validation attempt had taken place.
This commit puts the update check behind 'shouldValidate()'.
(cherry picked from commit
3b54c577c8ba3a46cc4e9b7bf281b9e6eff7fb44 )
Remi Gacogne [Wed, 28 Feb 2018 14:46:10 +0000 (14:46 +0000)]
rec: Add the auth-zone-queries metric counting queries to hosted zones
(cherry picked from commit
e9a628a297f8bd2953d42ef4d898aeba1c371ae3 )
Remi Gacogne [Wed, 28 Feb 2018 14:09:47 +0000 (14:09 +0000)]
rec: Initialize SyncRes::d_authzonequeries
(cherry picked from commit
14d9aade0192562fd42009a533a9b8d714a2ac68 )
Remi Gacogne [Wed, 28 Feb 2018 10:26:03 +0000 (10:26 +0000)]
rec: Count a lookup into an internal auth zone as a cache miss
We only considered a query a cache miss if we had to do at least
one outgoing query, but having to look up into one of the internally
hosted zone (auth-zones) should count as a cache miss too.
(cherry picked from commit
f7b8cffae1ff94c2e78ac6f3b3ee494735a0c23c )
Remi Gacogne [Wed, 16 May 2018 10:10:17 +0000 (12:10 +0200)]
Backport #6588
Remi Gacogne [Wed, 16 May 2018 10:09:47 +0000 (12:09 +0200)]
Backport #6567
Remi Gacogne [Wed, 16 May 2018 10:05:07 +0000 (12:05 +0200)]
Backport #6566
Remi Gacogne [Wed, 16 May 2018 10:04:46 +0000 (12:04 +0200)]
Backport #6562
Charles-Henri Bruyand [Wed, 2 May 2018 14:18:50 +0000 (16:18 +0200)]
check if parameter has been submitted before accessing it
(cherry picked from commit
46d03ec1bde4eb3241f510f300e2a302dcfe65d0 )
Charles-Henri Bruyand [Wed, 2 May 2018 14:17:31 +0000 (16:17 +0200)]
details version the subtree parameters has been added
(cherry picked from commit
b3cccb9d3d61161c026ff2225582dcc685d4894a )
Charles-Henri Bruyand [Wed, 2 May 2018 13:55:34 +0000 (15:55 +0200)]
Skip subtree option tests against auth
(cherry picked from commit
921442337d81d1e9a4fa0e1f70f140e1f3ccf472 )
projects / pdns / log