]> granicus.if.org Git - pdns/log
pdns
8 years agoimplement a 'quiet' mode for SuffixMatchNodeRule() which prevents ShowRules() from...
bert hubert [Fri, 6 May 2016 07:43:11 +0000 (09:43 +0200)]
implement a 'quiet' mode for SuffixMatchNodeRule() which prevents ShowRules() from listing a million domain names.

8 years agoinclude 1.0.0 announcement and announcement-video on website of dnsdist
bert hubert [Fri, 6 May 2016 05:00:08 +0000 (07:00 +0200)]
include 1.0.0 announcement and announcement-video on website of dnsdist

8 years agoMerge pull request #3813 from ahupowerdns/multi-wash
bert hubert [Thu, 5 May 2016 12:22:29 +0000 (14:22 +0200)]
Merge pull request #3813 from ahupowerdns/multi-wash

Multi wash: make dnswash process multiple files at once & anonymize IPv6 fully now (128 bits)

8 years agoMerge pull request #3812 from zeha/docs-rrsets
bert hubert [Wed, 4 May 2016 18:16:56 +0000 (20:16 +0200)]
Merge pull request #3812 from zeha/docs-rrsets

APi docs: Fix typo rrset -> rrsets

8 years agoAPi docs: Fix typo rrset -> rrsets
Christian Hofstaedtler [Wed, 4 May 2016 17:21:42 +0000 (19:21 +0200)]
APi docs: Fix typo rrset -> rrsets

8 years agomake sure we zero out the anonymized IPv6 address.
bert hubert [Wed, 4 May 2016 17:10:47 +0000 (19:10 +0200)]
make sure we zero out the anonymized IPv6 address.

8 years agodays since fixing last part where we got IPv6 wrong: 0
bert hubert [Wed, 4 May 2016 14:29:57 +0000 (16:29 +0200)]
days since fixing last part where we got IPv6 wrong: 0

8 years agomake dnswasher be able to wash multiple files, retaining consistent IP address mapping
bert hubert [Wed, 4 May 2016 13:49:00 +0000 (15:49 +0200)]
make dnswasher be able to wash multiple files, retaining consistent IP address mapping

8 years agoMerge pull request #3807 from rgacogne/auth-caches-ttl-settings
Peter van Dijk [Wed, 4 May 2016 08:04:07 +0000 (10:04 +0200)]
Merge pull request #3807 from rgacogne/auth-caches-ttl-settings

auth: Add TTL settings for DNSSECKeeper's caches (key, medatada)

8 years agoUpdate DNSSECKeeper's caches settings in pdns.conf-dist
Remi Gacogne [Tue, 3 May 2016 19:26:03 +0000 (21:26 +0200)]
Update DNSSECKeeper's caches settings in pdns.conf-dist

8 years agoBetter description for DNSSECKeeper's cache, 0 disables caching
Remi Gacogne [Tue, 3 May 2016 15:39:42 +0000 (17:39 +0200)]
Better description for DNSSECKeeper's cache, 0 disables caching

* Fix the description of the new settings
* Setting a 0-TTL disables caching
* Only get the value once, as it's done for `max-nsec3-iterations`

8 years agoMerge pull request #3806 from rgacogne/fromiscmap-nocheck
Remi Gacogne [Tue, 3 May 2016 14:31:37 +0000 (16:31 +0200)]
Merge pull request #3806 from rgacogne/fromiscmap-nocheck

auth: Move key validity check out of `fromISCMap()`

8 years agoMerge pull request #3802 from Habbie/robust-doresolve
Peter van Dijk [Tue, 3 May 2016 14:23:30 +0000 (16:23 +0200)]
Merge pull request #3802 from Habbie/robust-doresolve

refactor doResolve out of secpoll

8 years agoMerge pull request #3663 from klaus3000/pdnscontrol_notify
Peter van Dijk [Tue, 3 May 2016 13:38:07 +0000 (15:38 +0200)]
Merge pull request #3663 from klaus3000/pdnscontrol_notify

fix: also slaves may send NOTIFYs if slave-renotify is enabled

8 years agoMerge pull request #3743 from hlindqvist/policy-rrl-mask
Peter van Dijk [Tue, 3 May 2016 13:35:01 +0000 (15:35 +0200)]
Merge pull request #3743 from hlindqvist/policy-rrl-mask

Implement address masking in RRL script (#3286)

8 years agoAdd key check on `pdnsutils hsm assign`
Remi Gacogne [Tue, 3 May 2016 12:41:23 +0000 (14:41 +0200)]
Add key check on `pdnsutils hsm assign`

8 years agoRename `DNSCryptoKeyEngine` `checkKeys()` method to `checkKey()`
Remi Gacogne [Tue, 3 May 2016 12:40:32 +0000 (14:40 +0200)]
Rename `DNSCryptoKeyEngine` `checkKeys()` method to `checkKey()`

8 years agoauth: Move key validity check out of `fromISCMap()`
Remi Gacogne [Tue, 3 May 2016 08:39:53 +0000 (10:39 +0200)]
auth: Move key validity check out of `fromISCMap()`

It doesn't make a lot of sense to check the key validity at every
call of `fromISCMap()`, and it hurts performance a lot when keys
are not cached.

* Add separate `DNSSECKeeper::checkKeys()` and
`DNSCryptoKeyEngine::checkKeys()` methods
* Key validity is checked on import-zone-key, check-zone and
test-algorithm(s)

8 years agoauth: Add TTL settings for DNSSECKeeper's caches (key, medatada)
Remi Gacogne [Tue, 3 May 2016 08:10:04 +0000 (10:10 +0200)]
auth: Add TTL settings for DNSSECKeeper's caches (key, medatada)

8 years agoMerge pull request #3805 from ahupowerdns/depurl
bert hubert [Tue, 3 May 2016 06:55:14 +0000 (08:55 +0200)]
Merge pull request #3805 from ahupowerdns/depurl

remove purl.js: outdated & unused

8 years agoMerge pull request #3797 from pieterlexis/issue-270-Version-for-tools
Peter van Dijk [Mon, 2 May 2016 19:55:08 +0000 (21:55 +0200)]
Merge pull request #3797 from pieterlexis/issue-270-Version-for-tools

Add --version and --help to all the tools

8 years agooutdated & unused
bert hubert [Mon, 2 May 2016 19:29:44 +0000 (21:29 +0200)]
outdated & unused

8 years agoMerge pull request #3803 from ahupowerdns/logger-fixes
bert hubert [Mon, 2 May 2016 19:14:47 +0000 (21:14 +0200)]
Merge pull request #3803 from ahupowerdns/logger-fixes

Logger fixes

8 years agoMerge pull request #3804 from rgacogne/rec-leak-validate
bert hubert [Mon, 2 May 2016 18:40:11 +0000 (20:40 +0200)]
Merge pull request #3804 from rgacogne/rec-leak-validate

rec: Fix a memory leak in DNSSEC validation

8 years agorec: Fix a memory leak in DNSSEC validation
Remi Gacogne [Mon, 2 May 2016 15:24:08 +0000 (17:24 +0200)]
rec: Fix a memory leak in DNSSEC validation

`DNSCryptoKeyEngine::makeFromPublicKeyString()` returns a naked
pointer to a new object.

8 years agoMerge pull request #3801 from rgacogne/rec-lua-rcodes
Peter van Dijk [Mon, 2 May 2016 13:02:02 +0000 (15:02 +0200)]
Merge pull request #3801 from rgacogne/rec-lua-rcodes

rec: Add missing Lua rcodes bindings

8 years agofurther logging silencing
bert hubert [Mon, 2 May 2016 11:46:13 +0000 (13:46 +0200)]
further logging silencing

8 years agothis wins no prizes - our protobuf logger is used both in dnsdist and recursor and...
bert hubert [Mon, 2 May 2016 11:01:35 +0000 (13:01 +0200)]
this wins no prizes - our protobuf logger is used both in dnsdist and recursor and sometimes needs to log. We previously did that to cerr since dnsdist and recursor have different logging promitives. This adds #ifdef based support for both. It works, is the best I can say about it.

8 years agorename a bunch of things
Peter van Dijk [Mon, 2 May 2016 11:01:23 +0000 (13:01 +0200)]
rename a bunch of things

8 years agomove stub code into stubresolver.cc/hh
Peter van Dijk [Mon, 2 May 2016 10:39:29 +0000 (12:39 +0200)]
move stub code into stubresolver.cc/hh

8 years agohonor qtype
Peter van Dijk [Tue, 26 Apr 2016 11:31:44 +0000 (13:31 +0200)]
honor qtype

8 years agorec: Add missing Lua rcodes bindings
Remi Gacogne [Mon, 2 May 2016 08:29:27 +0000 (10:29 +0200)]
rec: Add missing Lua rcodes bindings

Closes #3717.

8 years agoMerge pull request #3798 from Habbie/requests-version
Peter van Dijk [Mon, 2 May 2016 08:25:33 +0000 (10:25 +0200)]
Merge pull request #3798 from Habbie/requests-version

specify requests 2.9.2 to work around a bug in linkchecker

8 years agospecify requests 2.9.2 to work around a bug in linkchecker
Peter van Dijk [Sun, 1 May 2016 20:11:36 +0000 (22:11 +0200)]
specify requests 2.9.2 to work around a bug in linkchecker

8 years agoMerge pull request #3794 from pieterlexis/rm-validDNSName
bert hubert [Sat, 30 Apr 2016 12:10:51 +0000 (14:10 +0200)]
Merge pull request #3794 from pieterlexis/rm-validDNSName

Remove the ancient validDNSName function

8 years agoAdd sdig manpage to pdns-tools deb
Pieter Lexis [Sat, 30 Apr 2016 11:46:15 +0000 (13:46 +0200)]
Add sdig manpage to pdns-tools deb

8 years agoAdd --help and --version to sdig
Pieter Lexis [Sat, 30 Apr 2016 11:44:41 +0000 (13:44 +0200)]
Add --help and --version to sdig

8 years agoAdd ixplore manpage to docs website
Pieter Lexis [Sat, 30 Apr 2016 11:38:23 +0000 (13:38 +0200)]
Add ixplore manpage to docs website

8 years agoAdd --version to zone2sql
Pieter Lexis [Sat, 30 Apr 2016 11:35:18 +0000 (13:35 +0200)]
Add --version to zone2sql

8 years agoAdd --version to zone2ldap
Pieter Lexis [Sat, 30 Apr 2016 11:32:53 +0000 (13:32 +0200)]
Add --version to zone2ldap

8 years agoAdd --version to zone2json
Pieter Lexis [Sat, 30 Apr 2016 11:30:24 +0000 (13:30 +0200)]
Add --version to zone2json

8 years agopdns_recursor: Exit friendly on --version
Pieter Lexis [Sat, 30 Apr 2016 11:25:43 +0000 (13:25 +0200)]
pdns_recursor: Exit friendly on --version

8 years agoAdd --help and --version to nsec3dig
Pieter Lexis [Sat, 30 Apr 2016 11:19:10 +0000 (13:19 +0200)]
Add --help and --version to nsec3dig

8 years agoAdd nproxy manpage, ship nproxy in pdns-tools deb
Pieter Lexis [Sat, 30 Apr 2016 11:13:03 +0000 (13:13 +0200)]
Add nproxy manpage, ship nproxy in pdns-tools deb

8 years agoAdd --version to nproxy
Pieter Lexis [Fri, 29 Apr 2016 17:50:49 +0000 (19:50 +0200)]
Add --version to nproxy

8 years agoAdd --help and --version to ixplore
Pieter Lexis [Fri, 29 Apr 2016 17:38:43 +0000 (19:38 +0200)]
Add --help and --version to ixplore

8 years agoAdd notify manpage
Pieter Lexis [Fri, 29 Apr 2016 17:31:18 +0000 (19:31 +0200)]
Add notify manpage

8 years agoAdd --help and --version to notify
Pieter Lexis [Fri, 29 Apr 2016 17:26:52 +0000 (19:26 +0200)]
Add --help and --version to notify

8 years agoAdd dumresp manpages and add dumresp to pdns-tools
Pieter Lexis [Fri, 29 Apr 2016 15:38:09 +0000 (17:38 +0200)]
Add dumresp manpages and add dumresp to pdns-tools

8 years agoAdd --help and --version to dumresp
Pieter Lexis [Fri, 29 Apr 2016 15:36:39 +0000 (17:36 +0200)]
Add --help and --version to dumresp

8 years agoAdd --help and --version to dnswasher
Pieter Lexis [Fri, 29 Apr 2016 15:14:25 +0000 (17:14 +0200)]
Add --help and --version to dnswasher

8 years agoAdd --version to dnstcpbench
Pieter Lexis [Fri, 29 Apr 2016 15:07:31 +0000 (17:07 +0200)]
Add --version to dnstcpbench

8 years agoAdd --version to dnsscope
Pieter Lexis [Fri, 29 Apr 2016 15:04:23 +0000 (17:04 +0200)]
Add --version to dnsscope

8 years agoAdd --help and --version to dnsscan
Pieter Lexis [Fri, 29 Apr 2016 15:00:47 +0000 (17:00 +0200)]
Add --help and --version to dnsscan

8 years agoAdd --version to dnsreplay
Pieter Lexis [Fri, 29 Apr 2016 14:57:42 +0000 (16:57 +0200)]
Add --version to dnsreplay

8 years agoAdd --version and --help to dnsgram
Pieter Lexis [Fri, 29 Apr 2016 14:52:34 +0000 (16:52 +0200)]
Add --version and --help to dnsgram

8 years agomake dnspcap spit out the filename on error
Pieter Lexis [Fri, 29 Apr 2016 14:52:20 +0000 (16:52 +0200)]
make dnspcap spit out the filename on error

8 years agoAdd --help and --version to dnsbulktest
Pieter Lexis [Fri, 29 Apr 2016 14:41:15 +0000 (16:41 +0200)]
Add --help and --version to dnsbulktest

8 years agoAdd calidns manpage and add to pdns-tools
Pieter Lexis [Fri, 29 Apr 2016 14:32:05 +0000 (16:32 +0200)]
Add calidns manpage and add to pdns-tools

8 years agoMerge pull request #3795 from kaosdrachen/patch-1
Pieter Lexis [Fri, 29 Apr 2016 14:37:48 +0000 (16:37 +0200)]
Merge pull request #3795 from kaosdrachen/patch-1

Fixed a typo

8 years agoAdd --help and --version to calidns
Pieter Lexis [Fri, 29 Apr 2016 14:31:49 +0000 (16:31 +0200)]
Add --help and --version to calidns

8 years agoFixed a typo
kaosdrachen [Fri, 29 Apr 2016 14:30:21 +0000 (16:30 +0200)]
Fixed a typo

Line 284: unset-pushish-cds --> unset-publish-cds

8 years agoAdd --version to pdnsutil
Pieter Lexis [Fri, 29 Apr 2016 12:48:27 +0000 (14:48 +0200)]
Add --version to pdnsutil

8 years agoAdd --version to rec_control
Pieter Lexis [Fri, 1 May 2015 12:25:45 +0000 (14:25 +0200)]
Add --version to rec_control

8 years agoMerge pull request #3752 from pieterlexis/issue-3682-DNSSEC-processing
bert hubert [Fri, 29 Apr 2016 11:28:48 +0000 (13:28 +0200)]
Merge pull request #3752 from pieterlexis/issue-3682-DNSSEC-processing

recursor: DNSSEC related query flag processing

8 years agoMerge pull request #3662 from klaus3000/soa_serial_0
bert hubert [Fri, 29 Apr 2016 11:28:27 +0000 (13:28 +0200)]
Merge pull request #3662 from klaus3000/soa_serial_0

handle SOAs with serial 0 correctly in incoming AXFR

8 years agoMerge pull request #3754 from rgacogne/dnsdist-custom-headers
bert hubert [Fri, 29 Apr 2016 11:13:17 +0000 (13:13 +0200)]
Merge pull request #3754 from rgacogne/dnsdist-custom-headers

dnsdist: Allow the use of custom headers in the web server

8 years agoMerge pull request #3772 from pieterlexis/issue-3738-cap-servfail-ttl
bert hubert [Fri, 29 Apr 2016 11:12:44 +0000 (13:12 +0200)]
Merge pull request #3772 from pieterlexis/issue-3738-cap-servfail-ttl

Cap packetcache-servfail-ttl to packetcache-ttl

8 years agoRemove the ancient validDNSName function
Pieter Lexis [Fri, 29 Apr 2016 10:40:40 +0000 (12:40 +0200)]
Remove the ancient validDNSName function

It was unused anyway, closes #213.

8 years agoMerge pull request #3789 from rgacogne/dnsname-negative-labellen-ispartof
bert hubert [Fri, 29 Apr 2016 05:41:51 +0000 (07:41 +0200)]
Merge pull request #3789 from rgacogne/dnsname-negative-labellen-ispartof

Add consistency checks to segmentDNSNameRaw()

8 years agoMerge pull request #3792 from pieterlexis/dnssec-regression-part-3
bert hubert [Fri, 29 Apr 2016 05:41:25 +0000 (07:41 +0200)]
Merge pull request #3792 from pieterlexis/dnssec-regression-part-3

More DNSSEC tests and a RRSIG validation fix for wildcards

8 years agoAdd DNSSEC tests for cnames to/from (in)secure
Pieter Lexis [Thu, 28 Apr 2016 15:40:11 +0000 (17:40 +0200)]
Add DNSSEC tests for cnames to/from (in)secure

8 years agoAdd simple NODATA tests
Pieter Lexis [Thu, 28 Apr 2016 14:57:53 +0000 (16:57 +0200)]
Add simple NODATA tests

8 years agoAdd 2 wildcard CNAME tests
Pieter Lexis [Thu, 28 Apr 2016 13:34:59 +0000 (15:34 +0200)]
Add 2 wildcard CNAME tests

8 years agorecursor: Correctly validate wildcard RRSIGs
Pieter Lexis [Thu, 28 Apr 2016 12:33:16 +0000 (14:33 +0200)]
recursor: Correctly validate wildcard RRSIGs

8 years agoAdd DNSSEC wilcard test
Pieter Lexis [Thu, 28 Apr 2016 12:33:12 +0000 (14:33 +0200)]
Add DNSSEC wilcard test

8 years agoAdd 2 tests with subtrees inside a secure zone
Pieter Lexis [Thu, 28 Apr 2016 12:30:32 +0000 (14:30 +0200)]
Add 2 tests with subtrees inside a secure zone

To test if the recursor actually validates RRSIGs with a signer name
that is not directly a parent of the name to validate. i.e. validates
signer name = 'domain.example' and record owner name =
'some.sub.domain.example'

8 years agoMerge pull request #3784 from mind04/soa-cache-master
Pieter Lexis [Thu, 28 Apr 2016 10:32:17 +0000 (12:32 +0200)]
Merge pull request #3784 from mind04/soa-cache-master

fix SOA caching with multiple backends

8 years agoMerge pull request #3788 from mind04/mysql-timeout
Pieter Lexis [Thu, 28 Apr 2016 10:32:07 +0000 (12:32 +0200)]
Merge pull request #3788 from mind04/mysql-timeout

make mysql timeout configurable

8 years agoAdd consistency checks to segmentDNSNameRaw()
Remi Gacogne [Thu, 28 Apr 2016 09:59:01 +0000 (11:59 +0200)]
Add consistency checks to segmentDNSNameRaw()

This fixes most issues found by fuzzing loadRPZFromFile() with
American Fuzzy Lop.

8 years agoThrow on negative label length in `DNSName::isPartOf()`
Remi Gacogne [Thu, 28 Apr 2016 08:59:27 +0000 (10:59 +0200)]
Throw on negative label length in `DNSName::isPartOf()`

Found with American Fuzzy Lop and Address Sanitizer.

8 years agoMerge pull request #3765 from pieterlexis/update-yahttp
Pieter Lexis [Thu, 28 Apr 2016 08:29:48 +0000 (10:29 +0200)]
Merge pull request #3765 from pieterlexis/update-yahttp

Update yahttp

8 years agoMerge pull request #3766 from rgacogne/packetparser-min-offset
Pieter Lexis [Thu, 28 Apr 2016 08:29:37 +0000 (10:29 +0200)]
Merge pull request #3766 from rgacogne/packetparser-min-offset

Add a minimum offset parameter to DNSName

8 years agoMerge pull request #3768 from rgacogne/afl-crash-fixes
bert hubert [Thu, 28 Apr 2016 05:56:50 +0000 (07:56 +0200)]
Merge pull request #3768 from rgacogne/afl-crash-fixes

Fix various crashes

8 years agoMerge pull request #3773 from rgacogne/dnsdist-web-req-resp
bert hubert [Thu, 28 Apr 2016 05:56:28 +0000 (07:56 +0200)]
Merge pull request #3773 from rgacogne/dnsdist-web-req-resp

dnsdist: Stop copying the request headers to the response

8 years agoMerge pull request #3786 from pieterlexis/recursor-dnssec-part-2
bert hubert [Thu, 28 Apr 2016 05:56:07 +0000 (07:56 +0200)]
Merge pull request #3786 from pieterlexis/recursor-dnssec-part-2

More DNSSEC tests

8 years agoAdd basic NSEC and NSEC3 tests
Pieter Lexis [Wed, 27 Apr 2016 12:08:29 +0000 (14:08 +0200)]
Add basic NSEC and NSEC3 tests

Add a zone with NSEC3-optout for the NSEC3 tests

8 years agoAdd timing based DNSSEC tests
Pieter Lexis [Wed, 27 Apr 2016 07:23:10 +0000 (09:23 +0200)]
Add timing based DNSSEC tests

Note: the `faketime` program does not clean up its childprocesses
properly (possibly in combination with authbind), hence we LD_PRELOAD it
and supply the faketime through the environment.

8 years agonon opt-out nsec3
bert hubert [Wed, 27 Apr 2016 17:20:30 +0000 (19:20 +0200)]
non opt-out nsec3

8 years agomake mysql timeout configurable
Kees Monshouwer [Wed, 27 Apr 2016 13:00:19 +0000 (15:00 +0200)]
make mysql timeout configurable

8 years agoMerge pull request #3767 from ahupowerdns/dnsdist-yaks
bert hubert [Wed, 27 Apr 2016 14:13:28 +0000 (16:13 +0200)]
Merge pull request #3767 from ahupowerdns/dnsdist-yaks

Please ponder: nodelay, console newlines, print out json, silence some trivia, move to 'return' for Lua statements

8 years agoMerge pull request #3783 from rgacogne/type-conversion-fixes
bert hubert [Wed, 27 Apr 2016 14:13:07 +0000 (16:13 +0200)]
Merge pull request #3783 from rgacogne/type-conversion-fixes

Fix type conversions, add some checks

8 years agoMerge pull request #3779 from rgacogne/dnsname-afl-crash-unsigned
bert hubert [Wed, 27 Apr 2016 14:02:22 +0000 (16:02 +0200)]
Merge pull request #3779 from rgacogne/dnsname-afl-crash-unsigned

Use unsigned char* in getRawLabels() and countLabels()

8 years agoMerge pull request #3785 from ahupowerdns/nsec3fix
bert hubert [Wed, 27 Apr 2016 14:01:48 +0000 (16:01 +0200)]
Merge pull request #3785 from ahupowerdns/nsec3fix

process nsec3 insecure delegation

8 years agoprocess NSEC3 insecure delegation, closes #3675
bert hubert [Wed, 27 Apr 2016 13:10:49 +0000 (15:10 +0200)]
process NSEC3 insecure delegation, closes #3675

8 years agoenable function to hash qnames w/o having the NSEC3PARAM ready
bert hubert [Wed, 27 Apr 2016 13:10:17 +0000 (15:10 +0200)]
enable function to hash qnames w/o having the NSEC3PARAM ready

8 years agofix SOA caching with multiple backends
Kees Monshouwer [Wed, 27 Apr 2016 10:01:45 +0000 (12:01 +0200)]
fix SOA caching with multiple backends

8 years agoFix type conversions, add some checks
Remi Gacogne [Wed, 27 Apr 2016 08:26:20 +0000 (10:26 +0200)]
Fix type conversions, add some checks

There is no known bug involved, only hardening.

8 years agoUse unsigned char* in getRawLabels() and countLabels()
Remi Gacogne [Tue, 26 Apr 2016 15:20:07 +0000 (17:20 +0200)]
Use unsigned char* in getRawLabels() and countLabels()

Otherwise we treat values larger than INT8_MAX as negatives
in pointer arithmetic.
Found with American Fuzzy Lop and Address Sanitizer.

8 years agoMerge pull request #3707 from brynjare/patch-1
Pieter Lexis [Tue, 26 Apr 2016 13:44:52 +0000 (15:44 +0200)]
Merge pull request #3707 from brynjare/patch-1

Increase MySQL client timeouts from 10 seconds