]>
granicus.if.org Git - pdns/log
Peter van Dijk [Thu, 4 Jan 2018 14:13:01 +0000 (15:13 +0100)]
install lua-posix
aerique [Mon, 11 Dec 2017 10:13:50 +0000 (11:13 +0100)]
Merge pull request #6082 from rgacogne/rec40-skip-cache-not-in
rec: Don't add non-IN records to the cache
Remi Gacogne [Wed, 29 Nov 2017 14:26:12 +0000 (15:26 +0100)]
rec: Don't process records for another class than IN
Remi Gacogne [Wed, 29 Nov 2017 14:20:02 +0000 (15:20 +0100)]
rec: Use getRR<T>() instead of directly using a dynamic cast
Peter van Dijk [Thu, 30 Nov 2017 16:08:21 +0000 (17:08 +0100)]
Merge pull request #6014 from aerique/backport/5930-secpoll-order-agnostic
Backport #5930: secpoll order agnostic
bert hubert [Wed, 8 Nov 2017 14:57:05 +0000 (15:57 +0100)]
catch all exceptions coming from secpoll, this was a regression of this PR
(cherry picked from commit
47e9b74f9ee097b9bdc029c21c9edfb2f7532102 )
bert hubert [Wed, 8 Nov 2017 14:33:45 +0000 (15:33 +0100)]
in the recursor secpoll code, we ASSumed the TXT record would be the first record we received. Sometimes it was the RRSIG, leading to a silent error, and no secpoll check. Fixed the assumption, added an error.
(cherry picked from commit
581d4ea357effe5b7d61da8cd46cec6ed9cb132e )
aerique [Mon, 27 Nov 2017 08:38:53 +0000 (09:38 +0100)]
Merge pull request #5995 from rgacogne/rec-4.0.x-201711
rec-4.0.x: Backports for 4.0.7
Remi Gacogne [Wed, 11 Oct 2017 13:28:04 +0000 (15:28 +0200)]
Fix a memory leak when loading an RSA key with an invalid modulus
(cherry picked from commit
5917fffa4864cb3256a40aa03f63d69513e379f3 )
Remi Gacogne [Thu, 13 Jul 2017 14:22:30 +0000 (16:22 +0200)]
Don't leak when the loading a public ECDSA key fails
(cherry picked from commit
5a23b49d6faf7d0d844be0c7bb0ec422733a131f )
Remi Gacogne [Mon, 17 Jul 2017 17:21:01 +0000 (19:21 +0200)]
rec: Sanitize values received from the API before writing them to the conf
(cherry picked from commit
4aabe3c257ecb6d66099b07a7f639dd825b6bd04 )
Remi Gacogne [Fri, 11 Aug 2017 14:51:10 +0000 (16:51 +0200)]
rec: Fix XSS in the web interface
(cherry picked from commit
2d801e832ed07dbbcbe9aa9bb6cca99c077916bf )
Remi Gacogne [Fri, 18 Aug 2017 10:32:51 +0000 (12:32 +0200)]
rec: Guard against out-of-bailiwick signatures
Similar issue to the one fixed in Knot Resolver 1.3.3:
https://gitlab.labs.nic.cz/knot/knot-resolver/commit/
d7d7cae5a339ec4b0a280184af3a46d89c08bc09
Remi Gacogne [Sat, 25 Nov 2017 23:14:52 +0000 (00:14 +0100)]
Merge pull request #5989 from Habbie/4.0.x-5955
Backport #5955: recent Apple Xcode headers need this
Peter van Dijk [Tue, 14 Nov 2017 09:17:58 +0000 (10:17 +0100)]
Backport #5955: recent Apple Xcode headers need this
reference: https://github.com/arvidn/libtorrent/issues/2364#issuecomment-
336175406
(cherry picked from commit
e201675a3aa63712f8d08c27f2cedc10873b8f4c )
aerique [Thu, 23 Nov 2017 11:23:29 +0000 (12:23 +0100)]
Merge pull request #5952 from rgacogne/rec407-backports
Recursor 4.0.7 backports
Remi Gacogne [Tue, 21 Nov 2017 10:41:46 +0000 (11:41 +0100)]
Backport #5498
Remi Gacogne [Tue, 21 Nov 2017 10:41:11 +0000 (11:41 +0100)]
Backport #5961
Jake Reynolds [Wed, 15 Nov 2017 14:59:43 +0000 (14:59 +0000)]
Edit configname to include the 'config-name' argument
(cherry picked from commit
3e63da83fde2d98ed0739578f7171aa4e70a6f32 )
Kees Monshouwer [Wed, 25 Oct 2017 23:06:54 +0000 (01:06 +0200)]
replace depricated botan.h include
(cherry picked from commit
00f1924bb1900e8c6eab1bd0fe03ff21d41f38eb )
Kees Monshouwer [Wed, 25 Oct 2017 20:43:35 +0000 (22:43 +0200)]
drop botan 1.x support
(cherry picked from commit
e11963ce69059d1fa47e92927ed48bd744b95348 )
Remi Gacogne [Wed, 5 Jul 2017 10:02:17 +0000 (12:02 +0200)]
travis: Build the rec with Botan and libsodium
(cherry picked from commit
18a93d3812bfbf2e2dbc9b6353e3619d626283fd )
Remi Gacogne [Tue, 4 Jul 2017 19:59:00 +0000 (21:59 +0200)]
Add support for Botan 2.x
Initial testing indicates that both 2.0.1 and 2.1.0 work fine,
but signature is 10 times slower with 2.1.0, apparently due to
blinding (callgrind reports a lot of CPU spent in the `RNG`).
(cherry picked from commit
13f34f2e0ccff514cbd5f9ec076c220473da347a )
Remi Gacogne [Mon, 13 Nov 2017 17:06:04 +0000 (18:06 +0100)]
Backport #5921
Remi Gacogne [Mon, 13 Nov 2017 17:05:57 +0000 (18:05 +0100)]
Backport #5762
Remi Gacogne [Mon, 13 Nov 2017 17:05:53 +0000 (18:05 +0100)]
Backport #5739
Remi Gacogne [Mon, 13 Nov 2017 17:05:44 +0000 (18:05 +0100)]
Backport #5599
Remi Gacogne [Mon, 13 Nov 2017 17:05:40 +0000 (18:05 +0100)]
Backport #5598
Remi Gacogne [Mon, 13 Nov 2017 17:05:34 +0000 (18:05 +0100)]
Backport #5525
Remi Gacogne [Mon, 13 Nov 2017 17:05:30 +0000 (18:05 +0100)]
Backport #5523
Remi Gacogne [Mon, 13 Nov 2017 17:05:25 +0000 (18:05 +0100)]
Backport #5488
Remi Gacogne [Mon, 13 Nov 2017 17:05:21 +0000 (18:05 +0100)]
Backport #5406
Remi Gacogne [Mon, 13 Nov 2017 17:05:16 +0000 (18:05 +0100)]
Backport #5320
Remi Gacogne [Mon, 13 Nov 2017 17:05:12 +0000 (18:05 +0100)]
Backport #5261
Remi Gacogne [Mon, 13 Nov 2017 17:05:08 +0000 (18:05 +0100)]
Backport #5078
Remi Gacogne [Mon, 13 Nov 2017 17:05:03 +0000 (18:05 +0100)]
Backport #4960
Remi Gacogne [Mon, 13 Nov 2017 17:04:59 +0000 (18:04 +0100)]
Backport #4824
Remi Gacogne [Mon, 13 Nov 2017 17:04:55 +0000 (18:04 +0100)]
Backport #4646
Remi Gacogne [Mon, 13 Nov 2017 17:04:47 +0000 (18:04 +0100)]
Backport #4561
Remi Gacogne [Mon, 17 Jul 2017 08:29:45 +0000 (10:29 +0200)]
rec: Fix validation at the exact RRSIG inception or expiration time
Reported by Petr Špaček of cz.nic (thanks!).
(cherry picked from commit
179b340d522e36a65e799b048dcdae85c0237fdc )
Remi Gacogne [Tue, 7 Nov 2017 10:40:30 +0000 (11:40 +0100)]
rec: Don't retry security polling too often when it fails
(cherry picked from commit
491d5d97c907be9619910ee22646c8da911d0256 )
Pieter Lexis [Thu, 22 Jun 2017 09:51:08 +0000 (11:51 +0200)]
Rec: create socket-dir from init-script
Closes #5439
(cherry picked from commit
a64a65ba698044926c1bdf9d9fad4a4130c82012 )
Remi Gacogne [Wed, 27 Sep 2017 14:24:39 +0000 (16:24 +0200)]
rec: Remove pdns.PASS and pdns.TRUNCATE
Those values are not documented in a recursor context, and does not
work as expected since `pdns.PASS` resulted in an immediate `ServFail`
and `pdns.TRUNCATE` in a strange status code being sent (showing
up as `RESERVED13` in `dig`).
(cherry picked from commit
9cdfab64ac1750ac234a5b5efa4eba6cabc30257 )
Pieter Lexis [Fri, 11 Aug 2017 12:37:01 +0000 (14:37 +0200)]
Fix libatomic detection on ppc64
Thanks @tjikkun!
Closes #5456
(cherry picked from commit
b16f46605d86a62e4f37bc1e2caab0c52fa9f75c )
Pieter Lexis [Fri, 11 Aug 2017 11:54:21 +0000 (13:54 +0200)]
Add help text on autodetecting systemd support
Closes #5524
(cherry picked from commit
56d30a9c8a1c1754b478de79e823e015e103b5b0 )
Ruben Kerkhof [Fri, 14 Jul 2017 17:55:53 +0000 (19:55 +0200)]
Fix typo in two log messages
(cherry picked from commit
59d26fc8d63fd2ff924be2fa5b3bda3699081914 )
Remi Gacogne [Mon, 3 Jul 2017 11:04:58 +0000 (13:04 +0200)]
rec: Only increase `no-packet-error` on the first read
We try to read as many messages as possible after being woken up,
but only the first read can count as a no-packet error.
(cherry picked from commit
390f1dab05bbbb5d9ba2782e89600ca62c4bec14 )
Remi Gacogne [Wed, 14 Jun 2017 16:16:26 +0000 (18:16 +0200)]
rec: Make more specific Netmask < to less specific ones
Having the most specific ones first, then the less specific ones
then the empty one makes it easier to match the most specific first.
(cherry picked from commit
a009559d3bc4d648edc3b5fff062b622bbde2389 )
bert hubert [Fri, 12 May 2017 19:25:16 +0000 (21:25 +0200)]
Together with Mukund Sivaraman we found out PowerDNS sdig does not truncate
trailing bits of EDNS Client Subnet mask. So if you'd truncate something as
a /9, we'd have to use 2 bytes anyhow, but we would not zero the last 7 bits.
We do now. Thanks Mukund & ISC!
(cherry picked from commit
d7da15c560946cadaadfc173b8964dd6b40932ed )
Patrick Cloke [Sun, 23 Apr 2017 13:11:12 +0000 (09:11 -0400)]
get-remote-ring's "other" report should only have two items.
(cherry picked from commit
d6dcfe36c0d2bb5563322ec90167b5bd4e9efb6b )
Pieter Lexis [Thu, 23 Feb 2017 10:08:16 +0000 (11:08 +0100)]
Throw an error when lua-conf-file can't be loaded
This ensures we cannot start up if the file is unreadable.
Closes #4939
(cherry picked from commit
0f5785a6c441b043564f3ba26a39145aee74b1c2 )
Christian Hofstaedtler [Tue, 31 Jan 2017 11:13:47 +0000 (12:13 +0100)]
recursor: use explicit yes for default-enabled settings
(cherry picked from commit
e498dac1aa762f2ace690e1e7a1631f9611096b6 )
Pieter Lexis [Thu, 29 Dec 2016 17:01:30 +0000 (18:01 +0100)]
Check in the detected OpenSSL/libcrypto for ECDSA
We used to 'just' use the default includes for this detection.
Fixes #4680
(cherry picked from commit
2a4c374451d50e240872cc9907b69c2d2464f2cc )
Peter van Dijk [Fri, 28 Oct 2016 13:31:53 +0000 (15:31 +0200)]
extract nested exception from Luawrapper
Before:
Oct 28 15:30:34 STL error (www.foobar.com/A from 127.0.0.1): Exception thrown by a callback function called by Lua
After:
Oct 28 15:30:34 STL error (www.foobar.com/A from 127.0.0.1): Exception thrown by a callback function called by Lua. Extra info: Found . in wrong position in DNSName www.foobar.com..internal
reported by @elad, thanks!
(cherry picked from commit
068c763422b5830dc15598089f7760e79f5bdf81 )
Winfried Angele [Wed, 12 Oct 2016 12:08:02 +0000 (14:08 +0200)]
Update rec_control.1.md
(cherry picked from commit
2c04bf0c18f5e32ff498529162e71982bd3333bf )
Pieter Lexis [Wed, 25 Oct 2017 13:45:34 +0000 (15:45 +0200)]
Merge pull request #5843 from Habbie/b-root-4.0.x
b.root renumbering, effective 2017-10-24
Peter van Dijk [Wed, 25 Oct 2017 11:11:10 +0000 (13:11 +0200)]
b.root renumbering, effective 2017-10-24
Pieter Lexis [Mon, 16 Oct 2017 15:56:15 +0000 (17:56 +0200)]
Merge pull request #5765 from pieterlexis/rec-40-lowercase-outgoing-all-the-things
Backport #5740: Lowercase all outgoing qnames when lowercase-outgoing is set
Pieter Lexis [Mon, 16 Oct 2017 11:04:43 +0000 (13:04 +0200)]
Merge pull request #5726 from pieterlexis/auth-406-per-cut-validation
Rec 4.0.x: be more resilient with broken auths
Remi Gacogne [Wed, 11 Oct 2017 16:11:53 +0000 (18:11 +0200)]
Merge pull request #5812 from rgacogne/rec40-travis-encrypt-channel
Backport #5802: Encrypt the IRC channel name so notifications are not sent for forks
Remi Gacogne [Mon, 9 Oct 2017 08:46:59 +0000 (10:46 +0200)]
Encrypt the IRC channel name so notifications are not sent for forks
(cherry picked from commit
f4614876f16ac3223786b26b18a4386045102f09 )
Remi Gacogne [Wed, 11 Oct 2017 15:23:10 +0000 (17:23 +0200)]
Merge pull request #5813 from rgacogne/rec40-backport-5755
Backport #5755: Improve dnsbulktest experience in travis for more robustness
bert hubert [Mon, 2 Oct 2017 07:27:03 +0000 (09:27 +0200)]
we actually resolve 98% by new definition, so can affort upping threshold from 90 to 95%.
(cherry picked from commit
9fb6940f8b1c96c735af3856976ea7a7bc92d3d8 )
bert hubert [Fri, 29 Sep 2017 20:40:53 +0000 (22:40 +0200)]
Improve dnsbulktest experience in travis for more robustness
This commit changes our dnsbulktest source from Alexa to Cisco Umbrella, but this turned out not to be as important as we thought.
In addition, it turns out we had been installing pdns-tools incorrectly because of wrong apt-settings. We now install pdns-tools from the master repo at repo.powerdns.com
This commit also tunes pdns_recursor to use less simultaneous outbound connections during testing, which appears to make Travis NAT happier, leading to less errors.
Finally, we use new features of dnsbulktest to extract more statistics for how well we are doing. Success is now dependent on errors and timeouts, and less on NXDOMAIN.
(cherry picked from commit
8a27076c38e2d399204d41928374e1bb9c45969c )
Pieter Lexis [Tue, 12 Sep 2017 10:28:33 +0000 (12:28 +0200)]
Allow no-EDNS fallback when DNSSEC is needed
Pieter Lexis [Tue, 12 Sep 2017 10:28:19 +0000 (12:28 +0200)]
Stop DNSSEC processing at Insecure
Pieter Lexis [Thu, 28 Sep 2017 11:13:13 +0000 (13:13 +0200)]
Lowercase all outgoing qnames when lowercase-outgoing is set
This is a backport of #5740
aerique [Thu, 7 Sep 2017 12:52:56 +0000 (14:52 +0200)]
Merge pull request #5676 from aerique/feature/update-copryright-year-rec-4.0.x
Update copyright year in publicly visible output and files
Pieter Lexis [Thu, 16 Feb 2017 13:08:40 +0000 (14:08 +0100)]
Update copyright year in publicly visible output and files
(cherry picked from commit
ff8f70b800e8b81a6d97c2d2568483d03228df2a )
Remi Gacogne [Tue, 22 Aug 2017 08:41:39 +0000 (10:41 +0200)]
Merge pull request #5627 from rgacogne/rec40-remove-syncres-unit-tests
rec: Remove the SyncRes unit tests from the 4.0 branch
Remi Gacogne [Mon, 21 Aug 2017 08:02:57 +0000 (10:02 +0200)]
Merge pull request #5629 from rgacogne/rec40-travis-build-dir
Backport #4986: Use `${TRAVIS_BUILD_DIR}` instead of assuming the repo is in `pdns`
Remi Gacogne [Wed, 8 Feb 2017 14:33:57 +0000 (15:33 +0100)]
Use `${TRAVIS_BUILD_DIR}` instead of assuming the repo is in `pdns`
Thus avoiding issues when/if the repository is cloned with a different
name.
(cherry picked from commit
1e0253cad96199647f92ef4fa8230f614637e80c )
Remi Gacogne [Fri, 18 Aug 2017 10:37:26 +0000 (12:37 +0200)]
rec: Remove the SyncRes unit tests from the 4.0 branch
test-syncres_cc.cc is not used and was added by mistake in a commit
backporting IXFR tests:
c8f3468f102a4ab17ea1b5a9f408ce2bad3ddeab
Remi Gacogne [Mon, 14 Aug 2017 12:43:59 +0000 (14:43 +0200)]
Merge pull request #5608 from rgacogne/rec40-cache-inttypes
rec: Add missing cinttypes include for PRId64
Remi Gacogne [Mon, 14 Aug 2017 10:37:58 +0000 (12:37 +0200)]
rec: Add missing cinttypes include for PRId64
Remi Gacogne [Mon, 14 Aug 2017 08:14:11 +0000 (10:14 +0200)]
Merge pull request #5596 from pieterlexis/rec-dump-rrsigs-from-cache
Backport #5511: Dump RRSIGs on `dump-cache`
Pieter Lexis [Mon, 17 Jul 2017 12:14:29 +0000 (14:14 +0200)]
rec: Show auth state recursor cache dump
cherry-picked from commit
ea9831c08f4c54514006efc1c61990963b10080f
Pieter Lexis [Mon, 10 Jul 2017 11:29:49 +0000 (13:29 +0200)]
rec: Dump RRSIGs from record cache
Peter van Dijk [Tue, 4 Jul 2017 13:09:41 +0000 (15:09 +0200)]
Merge pull request #5415 from rgacogne/rec40-ecs-fixes
rec40: Backport ECS fixes
Remi Gacogne [Wed, 14 Jun 2017 11:31:18 +0000 (13:31 +0200)]
rec: Use the incoming ECS for cache lookup if `use-incoming-edns-subnet` is set
Otherwise we insert into the cache based on the incoming ECS but
later do the lookup based on the query's source IP.
(cherry picked from commit
5736e55e0d2d8cd9a064b8377e87d08a540cb1b1 )
Remi Gacogne [Thu, 15 Jun 2017 14:36:52 +0000 (16:36 +0200)]
Add more tests to the Netmask unit tests
Additional tests:
* getBits()
* isIpv4()
* isIPv6()
* getNetwork()
* getMaskedNetwork()
* check that Netmasks constructed from ComboAddresses with different
ports match
(cherry picked from commit
7f3e6acd659a9fee8ed027e7abe99ea77b3ee691 )
bert hubert [Thu, 15 Jun 2017 01:14:01 +0000 (03:14 +0200)]
when making a netmask from a comboaddress, we neglected to zero the port. This could lead to a proliferation of netmasks.
(cherry picked from commit
0bdabe94e6fd873455d34b88f8954d8cc6034a72 )
Remi Gacogne [Fri, 2 Jun 2017 11:52:00 +0000 (13:52 +0200)]
rec: Don't take the initial ECS source for a scope one if EDNS is off
(cherry picked from commit
fe61f5d87871b56a17612c5a8334a84391f0d962 )
bert hubert [Wed, 14 Jun 2017 06:35:53 +0000 (08:35 +0200)]
with this, EDNS Client Subnet becomes compatible with the packet cache, using the existing variable answer facility.
(cherry picked from commit
8bec43b3a28df7d31a4bb464dd043d7ec9caeab0 )
bert hubert [Tue, 13 Jun 2017 22:41:27 +0000 (00:41 +0200)]
also set d_requestor without Lua: the ECS logic needs it
(cherry picked from commit
cd00142f8ba7a70a59095249b601eb64257e146c )
Pieter Lexis [Mon, 3 Jul 2017 08:50:04 +0000 (10:50 +0200)]
Merge pull request #5479 from rgacogne/rec40-5476-ixfr-fix
rec: Backport #5476: Fix IXFR skipping the additions part of the last sequence
Pieter Lexis [Mon, 3 Jul 2017 08:49:56 +0000 (10:49 +0200)]
Merge pull request #5480 from rgacogne/rec40-5416-cache-expired
rec: Backport #5416: Move expired cache entries to the front so they are expunged
Remi Gacogne [Tue, 20 Jun 2017 15:09:56 +0000 (17:09 +0200)]
Remove just enough entries from the cache, not one more than asked
(cherry picked from commit
f3cb7c78abe3ad639d4583880ae9302b3be99a9e )
Remi Gacogne [Thu, 15 Jun 2017 16:17:23 +0000 (18:17 +0200)]
rec: Move expired cache entries to the front so they are expunged
(cherry picked from commit
197d755ea3972251352170261a9d7024ca95175c )
Remi Gacogne [Thu, 29 Jun 2017 13:29:40 +0000 (15:29 +0200)]
rec: Add IXFR unit tests
(cherry picked from commit
e503653f7d4c7e28b594336b37bcf602c7f5119a )
Remi Gacogne [Wed, 28 Jun 2017 16:26:33 +0000 (18:26 +0200)]
rec: Fix IXFR skipping the additions part of the last sequence
Under certain conditions, we could have skipped the additions part
of the last `IXFR` sequence, because we stopped processing records
after seeing a `SOA` record with the new serial. However, as stated
in rfc1995's "Response format" section:
"the first RR of the added RRs is the newer SOA RR"
(cherry picked from commit
d67ae3b477c9cf9d2a98f0edad9977dc34a2c8bf )
bert hubert [Thu, 29 Jun 2017 18:54:58 +0000 (20:54 +0200)]
Merge pull request #5471 from pieterlexis/rec-406-b-root
Backport #4497 and #5470: Add E and B root IPv6 addresses
Arsen Stasic [Tue, 27 Jun 2017 11:02:53 +0000 (13:02 +0200)]
rec: changed IPv6 addr of b.root-servers.net
http://www.internic.net/domain/db.cache
last update: June 01, 2017
is effective since 2017-06-01
(cherry picked from commit
951ab1a12096a6cf8514282c5f5d4d7641bc87ae )
phonedph1 [Fri, 23 Sep 2016 00:41:58 +0000 (18:41 -0600)]
e.root-servers.net has IPv6 now
(cherry picked from commit
b815c62e1a4be01b4a2a7833855116b8781f86f6 )
Pieter Lexis [Tue, 27 Jun 2017 10:05:31 +0000 (12:05 +0200)]
Merge pull request #5462 from pieterlexis/rex-406-backport-5455
Backport 5455: Travis: Use auth 4.0 for recursor tests
Pieter Lexis [Fri, 23 Jun 2017 08:43:37 +0000 (10:43 +0200)]
Travis: Use auth 4.0 for recursor tests
(cherry picked from commit
dad54543abf80aedefbe47f1d538542763794173 )
Peter van Dijk [Thu, 22 Jun 2017 14:07:25 +0000 (16:07 +0200)]
Merge pull request #5451 from rgacogne/rec40-requestor-payload-512
Backport #5446: rec: Treat requestor's payload size lower than 512 as equal to 512
Remi Gacogne [Thu, 22 Jun 2017 08:25:47 +0000 (10:25 +0200)]
rec: Treat requestor's payload size lower than 512 as equal to 512
(cherry picked from commit
320157487ec1cd0a9c4bcfd5309d9d651c26eb72 )
Pieter Lexis [Thu, 22 Jun 2017 12:22:51 +0000 (14:22 +0200)]
Merge pull request #5447 from Habbie/rec-4.0.x-uri
rec backport: make URI integers 16 bits, fixes #5443
Pieter Lexis [Thu, 22 Jun 2017 12:22:42 +0000 (14:22 +0200)]
Merge pull request #5448 from mind04/rec-4.0.x
Rec 4.0.x: backport decaf signer