]>
granicus.if.org Git - pdns/log
Pieter Lexis [Thu, 28 Apr 2016 08:29:37 +0000 (10:29 +0200)]
Merge pull request #3766 from rgacogne/packetparser-min-offset
Add a minimum offset parameter to DNSName
bert hubert [Thu, 28 Apr 2016 05:56:50 +0000 (07:56 +0200)]
Merge pull request #3768 from rgacogne/afl-crash-fixes
Fix various crashes
bert hubert [Thu, 28 Apr 2016 05:56:28 +0000 (07:56 +0200)]
Merge pull request #3773 from rgacogne/dnsdist-web-req-resp
dnsdist: Stop copying the request headers to the response
bert hubert [Thu, 28 Apr 2016 05:56:07 +0000 (07:56 +0200)]
Merge pull request #3786 from pieterlexis/recursor-dnssec-part-2
More DNSSEC tests
Pieter Lexis [Wed, 27 Apr 2016 12:08:29 +0000 (14:08 +0200)]
Add basic NSEC and NSEC3 tests
Add a zone with NSEC3-optout for the NSEC3 tests
Pieter Lexis [Wed, 27 Apr 2016 07:23:10 +0000 (09:23 +0200)]
Add timing based DNSSEC tests
Note: the `faketime` program does not clean up its childprocesses
properly (possibly in combination with authbind), hence we LD_PRELOAD it
and supply the faketime through the environment.
bert hubert [Wed, 27 Apr 2016 17:20:30 +0000 (19:20 +0200)]
non opt-out nsec3
bert hubert [Wed, 27 Apr 2016 14:13:28 +0000 (16:13 +0200)]
Merge pull request #3767 from ahupowerdns/dnsdist-yaks
Please ponder: nodelay, console newlines, print out json, silence some trivia, move to 'return' for Lua statements
bert hubert [Wed, 27 Apr 2016 14:13:07 +0000 (16:13 +0200)]
Merge pull request #3783 from rgacogne/type-conversion-fixes
Fix type conversions, add some checks
bert hubert [Wed, 27 Apr 2016 14:02:22 +0000 (16:02 +0200)]
Merge pull request #3779 from rgacogne/dnsname-afl-crash-unsigned
Use unsigned char* in getRawLabels() and countLabels()
bert hubert [Wed, 27 Apr 2016 14:01:48 +0000 (16:01 +0200)]
Merge pull request #3785 from ahupowerdns/nsec3fix
process nsec3 insecure delegation
bert hubert [Wed, 27 Apr 2016 13:10:49 +0000 (15:10 +0200)]
process NSEC3 insecure delegation, closes #3675
bert hubert [Wed, 27 Apr 2016 13:10:17 +0000 (15:10 +0200)]
enable function to hash qnames w/o having the NSEC3PARAM ready
Remi Gacogne [Wed, 27 Apr 2016 08:26:20 +0000 (10:26 +0200)]
Fix type conversions, add some checks
There is no known bug involved, only hardening.
Remi Gacogne [Tue, 26 Apr 2016 15:20:07 +0000 (17:20 +0200)]
Use unsigned char* in getRawLabels() and countLabels()
Otherwise we treat values larger than INT8_MAX as negatives
in pointer arithmetic.
Found with American Fuzzy Lop and Address Sanitizer.
Pieter Lexis [Tue, 26 Apr 2016 13:44:52 +0000 (15:44 +0200)]
Merge pull request #3707 from brynjare/patch-1
Increase MySQL client timeouts from 10 seconds
Remi Gacogne [Tue, 26 Apr 2016 13:44:16 +0000 (15:44 +0200)]
dnsdist: Stop copying the request headers to the response
bert hubert [Tue, 26 Apr 2016 12:05:33 +0000 (14:05 +0200)]
fix up newlines in console mode, move to 'return *line*' and if that is a syntax error, execute '*line*', also print out simple Lua tables as JSON
bert hubert [Tue, 26 Apr 2016 12:05:11 +0000 (14:05 +0200)]
silence where we read the config file from except in verbose mode
Remi Gacogne [Tue, 26 Apr 2016 09:09:05 +0000 (11:09 +0200)]
Add a minimum offset parameter to DNSName
PacketReader does not copy the header part of the DNS message,
therefore DNSName needs to be aware of the minimum valid offset
in order not to follow a pointer to an offset < sizeof(dnsheader),
as other callers expect every non-negative offset to be valid.
Found with American Fuzzy Lop and Address Sanitizer.
bert hubert [Tue, 26 Apr 2016 11:40:06 +0000 (13:40 +0200)]
hook up nodelay, silence output 'connecting to..' unless --verbose
bert hubert [Tue, 26 Apr 2016 11:39:08 +0000 (13:39 +0200)]
setTCPNoDelay() for dnsdist console. Yak.
bert hubert [Tue, 26 Apr 2016 11:35:06 +0000 (13:35 +0200)]
getAction(n) for n >= number of rules now properly returns nil instead of crashing
Pieter Lexis [Tue, 26 Apr 2016 11:16:10 +0000 (13:16 +0200)]
recursor: Add DNSSEC testing infrastructure and tests (#3741)
* Add rec dnssec test infra and initial tests
* Allow running an auth server
during the recursor regression tests.
Also add some boilerplate code so we can add DS records and root hints
* wip
* Add more infra to secure zones etc. wellKnown test passes, simple needs work
* Add own assertions, fix tests (all pass!)
* Hookup recursor DNSSEC tests to travis
* Add separate teardown classes
* Add a bogus zone
* Add tests for flag handling of the recursor
In preparation for #3682
And some new assertions
* Add flags test for bogus domains
* Lower startup delay
* refactor zones and keys
* Make pylint happy
* fix travis
* Disable WellKnown tests, they fail on travis
* WIP
* Add flag tests for insecure zone
* Change domain names to documentation names
Remi Gacogne [Mon, 25 Apr 2016 15:27:44 +0000 (17:27 +0200)]
rec: Drop non-IN records from auths, check for invalid record content
Fix a crash in case of a bogus response from an authoritative
server.
Remi Gacogne [Fri, 22 Apr 2016 14:56:46 +0000 (16:56 +0200)]
Fix null pointer dereference on parsing error in ZoneParserTNG
For example when parsing an unmatched '('
Remi Gacogne [Fri, 22 Apr 2016 14:55:59 +0000 (16:55 +0200)]
Fix off-by-one read in `latlon2ul()`
bert hubert [Tue, 26 Apr 2016 08:53:48 +0000 (10:53 +0200)]
Merge pull request #3762 from ahupowerdns/teeaction
Teeaction: send copy of query to second nameserver, sponge responses
bert hubert [Mon, 25 Apr 2016 18:10:13 +0000 (20:10 +0200)]
hook up action-stats to JSON output
bert hubert [Mon, 25 Apr 2016 18:02:15 +0000 (20:02 +0200)]
edit in changes suggested by @rgacogne for TeeAction, thanks
bert hubert [Mon, 25 Apr 2016 11:14:47 +0000 (13:14 +0200)]
document TeeAction & new getAction()
bert hubert [Mon, 25 Apr 2016 10:58:07 +0000 (12:58 +0200)]
make TeeAction() quit properly, add getAction() so you can get access to an action, add getStats() to give you raw stats
bert hubert [Mon, 25 Apr 2016 10:57:23 +0000 (12:57 +0200)]
clean up our error reporting on the console a bit, may need to happen for the remotely connected console too
bert hubert [Mon, 25 Apr 2016 08:02:01 +0000 (10:02 +0200)]
initial work on TeeAction, still has some missing bits, like not blocking the whole daemon when you delete a rule
bert hubert [Mon, 25 Apr 2016 07:58:27 +0000 (09:58 +0200)]
grepq() has no sideeffects in dnsdist.
Remi Gacogne [Mon, 25 Apr 2016 07:51:37 +0000 (09:51 +0200)]
Merge pull request #3755 from rgacogne/dnsdist-fix-regex-sample
dnsdist: Fix RegexRule example in dnsdistconf.lua
Remi Gacogne [Fri, 22 Apr 2016 19:14:04 +0000 (21:14 +0200)]
Merge pull request #3714 from rubenk/dnsdist-service
dnsdist: add documentation links to dnsdist.service
Pieter Lexis [Fri, 22 Apr 2016 14:08:45 +0000 (16:08 +0200)]
Merge pull request #3751 from medea61/master
fixing systemd capability issues #3748 & #3749
Roman Hochuli [Fri, 22 Apr 2016 09:21:40 +0000 (11:21 +0200)]
fixing #3749
Roman Hochuli [Fri, 22 Apr 2016 09:19:41 +0000 (11:19 +0200)]
fixing #3748
Remi Gacogne [Thu, 21 Apr 2016 19:42:21 +0000 (21:42 +0200)]
dnsdist: Fix RegexRule example in dnsdistconf.lua
Pieter Lexis [Thu, 21 Apr 2016 10:37:06 +0000 (12:37 +0200)]
Merge pull request #3745 from pieterlexis/dnsdist-not-remote-logo
dnsdist website, use a local logo
Remi Gacogne [Thu, 21 Apr 2016 10:31:31 +0000 (12:31 +0200)]
Merge pull request #3744 from rgacogne/dnsdist-100final-changelog
dnsdist: Update ChangeLog for 1.0.0
Pieter Lexis [Thu, 21 Apr 2016 10:28:50 +0000 (12:28 +0200)]
dnsdist website, use a local logo
Ruben Kerkhof [Fri, 15 Apr 2016 13:59:14 +0000 (15:59 +0200)]
dnsdist: add documentation links to dnsdist.service
Pieter Lexis [Wed, 20 Apr 2016 15:54:07 +0000 (17:54 +0200)]
Merge pull request #3740 from ahupowerdns/bind-nsec-fix
fixes a crash in BIND backend NSEC code - but needs more work
Remi Gacogne [Wed, 20 Apr 2016 14:14:19 +0000 (16:14 +0200)]
dnsdist: Update ChangeLog for 1.0.0
Remi Gacogne [Wed, 20 Apr 2016 12:12:54 +0000 (14:12 +0200)]
Merge pull request #3739 from rgacogne/dnsdist-drop-after-daemonize
dnsdist: Drop privileges after daemonizing and writing our pid
bert hubert [Wed, 20 Apr 2016 10:42:02 +0000 (12:42 +0200)]
this fix prevents a crash in bind backend in dnssec mode but unsure if it does the right thing
Remi Gacogne [Wed, 20 Apr 2016 09:05:12 +0000 (11:05 +0200)]
dnsdist: Drop privileges after daemonizing and writing our pid
Remi Gacogne [Tue, 19 Apr 2016 15:09:58 +0000 (17:09 +0200)]
Merge pull request #3713 from rubenk/remove-contrib-dnsdist-service
dnsdist: remove contrib/dnsdist.service
Remi Gacogne [Tue, 19 Apr 2016 15:09:33 +0000 (17:09 +0200)]
Merge pull request #3730 from rgacogne/dnsdist-top-bandwidth
dnsdist: Make `topBandwidth()` behave like other top* functions
Remi Gacogne [Tue, 19 Apr 2016 15:08:55 +0000 (17:08 +0200)]
Merge pull request #3700 from pieterlexis/rpm-dnsdist-user
dnsdist: create user from the RPM package to drop privs
Peter van Dijk [Tue, 19 Apr 2016 12:46:36 +0000 (14:46 +0200)]
typo
Remi Gacogne [Tue, 19 Apr 2016 12:37:11 +0000 (14:37 +0200)]
Merge pull request #3736 from rgacogne/dnsdist-nmg-rule
dnsdist: Add missing Lua binding for NetmaskGroupRule()
Peter van Dijk [Tue, 19 Apr 2016 11:46:09 +0000 (13:46 +0200)]
Merge pull request #3737 from Habbie/escapestar
nit
Peter van Dijk [Tue, 19 Apr 2016 11:07:04 +0000 (13:07 +0200)]
nit
Remi Gacogne [Tue, 19 Apr 2016 10:06:36 +0000 (12:06 +0200)]
dnsdist: Add missing Lua binding for NetmaskGroupRule()
Remi Gacogne [Tue, 19 Apr 2016 07:33:44 +0000 (09:33 +0200)]
Merge pull request #3731 from rgacogne/dnsdist-policies-doc
dnsdist: Clarify a bit the documentation of load-balancing policies
Remi Gacogne [Tue, 19 Apr 2016 07:32:27 +0000 (09:32 +0200)]
Merge pull request #3722 from rubenk/dnsdist-disable-static
dnsdist: use LT_INIT and disable static objects
bert hubert [Tue, 19 Apr 2016 05:45:55 +0000 (07:45 +0200)]
Merge pull request #3720 from edmonds/branches/edmonds-dnswasher-fixes
Fixes for dnswasher from Robert Edmonds of Farsight - thanks!
bert hubert [Tue, 19 Apr 2016 05:42:18 +0000 (07:42 +0200)]
Merge pull request #3735 from setharnold/patch-2
Mention dnsdist in main repo README.md
setharnold [Mon, 18 Apr 2016 19:53:39 +0000 (12:53 -0700)]
Mention dnsdist in main repo README.md
Ruben Kerkhof [Sat, 16 Apr 2016 14:37:29 +0000 (16:37 +0200)]
dnsdist: use LT_INIT and disable static objects
Do the same thing pdns does.
Remi Gacogne [Mon, 18 Apr 2016 14:41:34 +0000 (16:41 +0200)]
dnsdist: Clarify a bit the documentation of load-balancing policies
Remi Gacogne [Mon, 18 Apr 2016 14:13:51 +0000 (16:13 +0200)]
dnsdist: Make `topBandwidth()` behave like other top* functions
Fixes #3521.
Remi Gacogne [Mon, 18 Apr 2016 13:54:29 +0000 (15:54 +0200)]
Merge pull request #3728 from rgacogne/dnsdist-libedit-history
dnsdist: Document libedit Ctrl-R workaround for CentOS 6
Peter van Dijk [Mon, 18 Apr 2016 12:37:49 +0000 (14:37 +0200)]
Merge pull request #3710 from pieterlexis/always-validate
Always validate on 'validate' and 'log-fail'
bert hubert [Mon, 18 Apr 2016 11:22:21 +0000 (13:22 +0200)]
Merge pull request #3726 from ahupowerdns/getca-netmasks
implement getCA() for faster & native IP address extraction in Lua sc…
bert hubert [Mon, 18 Apr 2016 11:05:45 +0000 (13:05 +0200)]
Merge branch 'master' of github.com:PowerDNS/pdns
bert hubert [Mon, 18 Apr 2016 11:05:25 +0000 (13:05 +0200)]
implement an official pretty ordering for DNSRecords and use it
Peter van Dijk [Mon, 18 Apr 2016 11:02:56 +0000 (13:02 +0200)]
Merge pull request #3655 from zeha/setptr-soaeditapi
API: Fix set-ptr to honor SOA-EDIT-API
bert hubert [Mon, 18 Apr 2016 10:10:44 +0000 (12:10 +0200)]
make pdnsutil edit-zone operate on a 'prettysorted' zone in canonical order, except that SOA always comes on top
Remi Gacogne [Mon, 18 Apr 2016 09:30:34 +0000 (11:30 +0200)]
dnsdist: Document libedit Ctrl-R workaround for CentOS 6
Fixes #3227.
Pieter Lexis [Wed, 13 Apr 2016 08:37:22 +0000 (10:37 +0200)]
Add a paragraph on dropping privs
Pieter Lexis [Wed, 13 Apr 2016 08:04:01 +0000 (10:04 +0200)]
Add dnsdist user when installing RPMs
Remi Gacogne [Mon, 18 Apr 2016 07:46:27 +0000 (09:46 +0200)]
Merge pull request #3711 from rubenk/dnsdist-require-systemd-devel-for-rpm
dnsdist: building rpm needs systemd headers
Remi Gacogne [Mon, 18 Apr 2016 07:45:51 +0000 (09:45 +0200)]
Merge pull request #3712 from rgacogne/dnsdist-make-check
dnsdist: Make check should run testrunner
Remi Gacogne [Mon, 18 Apr 2016 07:45:18 +0000 (09:45 +0200)]
Merge pull request #3724 from zeha/mips-atomic
dnsdist: include PDNS_CHECK_OS in configure
bert hubert [Sun, 17 Apr 2016 17:44:31 +0000 (19:44 +0200)]
prettyfi the pdnsutil edit-zone diff output by grouping changed names together
Christian Hofstaedtler [Sun, 17 Apr 2016 09:55:15 +0000 (11:55 +0200)]
dnsdist: include PDNS_CHECK_OS in configure
Follow up fix to #3593 which added -latomic on mips(el), but
dnsdist did not use the macro where this got added.
Robert Edmonds [Sat, 16 Apr 2016 00:54:22 +0000 (20:54 -0400)]
dnswasher: Write obfuscated IPv6 prefixes in network byte order
Make the IPv6 code path follow the IPv4 code path by writing out the
IPObfuscator counter in network byte order.
This makes the obfuscated IPv6 addresses easier to read and avoids
making the output of the tool vary based on the host byte order.
Robert Edmonds [Sat, 16 Apr 2016 00:48:52 +0000 (20:48 -0400)]
dnswasher: Remove offsets from IPv6 src/dst pointers
I'm not entirely sure why this code was offsetting the IPv6
source/destination header fields, but this commit removes those offsets.
This results in the obfuscation of the first 64 bits of the IPv6
source/destination addresses. (Arguably the whole address should be
obfuscated, though.)
Robert Edmonds [Sat, 16 Apr 2016 00:43:34 +0000 (20:43 -0400)]
dnswasher: Only zero the IP header checksum for IPv4
IPv6 doesn't have a checksum field. This code previously zeroed the
space in the header where the IPv4 header checksum would be, regardless
of IP header version.
Robert Edmonds [Sat, 16 Apr 2016 00:42:21 +0000 (20:42 -0400)]
dnswasher: Don't spam stdout in IPObfuscator::obf6()
Robert Edmonds [Sat, 16 Apr 2016 00:36:19 +0000 (20:36 -0400)]
dnspcap: Decode IPv6 packets in DLT_RAW captures correctly
DLT_RAW captures (linktype 101) were not handling IPv6 packets
correctly.
For DLT_RAW, PcapPacketReader::getUDPPacket() synthesizes a fake
ethertype value (the "contentCode" variable), but for IPv6 it was
incorrectly set to 0x0806 (ARP) instead of 0x86dd (IPv6). This caused
IPv6 packets to silently be discarded.
Robert Edmonds [Sat, 16 Apr 2016 00:34:02 +0000 (20:34 -0400)]
dnswasher: Fix comment at top of file (RD -> QR)
Only the QR bit (not the RD bit) is consulted when determining which IP
address to obfuscate.
Peter van Dijk [Fri, 15 Apr 2016 16:12:16 +0000 (18:12 +0200)]
Merge pull request #3715 from mzealey/readme-patch
Add in tools required for recursor ubuntu build
Mark Zealey [Fri, 15 Apr 2016 16:10:30 +0000 (19:10 +0300)]
Add in tools required for recursor ubuntu build
Ruben Kerkhof [Fri, 15 Apr 2016 13:56:41 +0000 (15:56 +0200)]
dnsdist: remove contrib/dnsdist.service
One service file is more than enough
Remi Gacogne [Fri, 15 Apr 2016 13:51:38 +0000 (15:51 +0200)]
dnsdist: Make check should run testrunner
Thanks @rubenk !
Ruben Kerkhof [Fri, 15 Apr 2016 12:58:05 +0000 (14:58 +0200)]
dnsdist: building rpm needs systemd headers
We check for the systemd headers, which are in systemd-devel
checking systemd/sd-daemon.h usability... no
checking systemd/sd-daemon.h presence... no
checking for systemd/sd-daemon.h... no
Pieter Lexis [Fri, 15 Apr 2016 09:55:40 +0000 (11:55 +0200)]
Always validate on 'validate' and 'log-fail'
Closes #3709
Also add a comment in the code regarding another DNSSEC ticket
bert hubert [Fri, 15 Apr 2016 08:23:49 +0000 (10:23 +0200)]
implement getCA() for faster & native IP address extraction in Lua scripts plus document and implement faster way of loading large amounts of netmasks from file.
Brynjar Eide [Thu, 14 Apr 2016 17:56:10 +0000 (19:56 +0200)]
Increase MySQL client timeouts from 10 seconds
If a query runs for 10 seconds or more, the connection is killed from the client side.
Bumping this timeout value to three minutes should hopefully be good enough for most situations, until a configurable option can be added.
Remi Gacogne [Thu, 14 Apr 2016 13:04:25 +0000 (15:04 +0200)]
Merge pull request #3704 from rgacogne/dnsdist-beta1-changelog
dnsdist: beta1 ChangeLog
Remi Gacogne [Thu, 14 Apr 2016 13:02:37 +0000 (15:02 +0200)]
dnsdist: beta1 ChangeLog
Peter van Dijk [Thu, 14 Apr 2016 07:29:41 +0000 (09:29 +0200)]
typo
Christian Hofstaedtler [Wed, 13 Apr 2016 20:30:40 +0000 (22:30 +0200)]
API: honor set-ptr during zone create, too
Christian Hofstaedtler [Wed, 13 Apr 2016 20:30:31 +0000 (22:30 +0200)]
API: extract storeChangedPTRs out of patchZone