]>
granicus.if.org Git - pdns/log
Remi Gacogne [Fri, 5 Apr 2019 16:10:23 +0000 (18:10 +0200)]
dnsdist: Add missing overrides
Remi Gacogne [Fri, 5 Apr 2019 12:21:15 +0000 (14:21 +0200)]
Merge pull request #7559 from rgacogne/dnsdist-tcp-refactor-clean
dnsdist: Refactoring of the TCP stack
Remi Gacogne [Fri, 5 Apr 2019 12:10:58 +0000 (14:10 +0200)]
Merge pull request #7670 from Habbie/kill-addlua
dnsdist: remove addLuaAction and addLuaResponseAction
Remi Gacogne [Fri, 5 Apr 2019 10:51:45 +0000 (12:51 +0200)]
dnsdist: Add more TCP metrics
Keep, for each frontend and backend:
- the number of concurrent TCP connections
- the average number of queries per connection
- the average duration of a connection
Peter van Dijk [Thu, 4 Apr 2019 14:44:22 +0000 (16:44 +0200)]
dnsdist: remove addLuaAction and addLuaResponseAction
Remi Gacogne [Thu, 4 Apr 2019 08:00:40 +0000 (10:00 +0200)]
dnsdist: Apply suggestions from chbruyand's reviews (thanks!)
Remi Gacogne [Wed, 3 Apr 2019 16:10:55 +0000 (18:10 +0200)]
dnsdist: Try reading from the TCP backend right away
Instead of waiting for the socket to be readable, as it might
already be, so we save a multiplexer trip, and prevent an issue
if we ever add a TLS layer between dnsdist and the backends.
Remi Gacogne [Wed, 3 Apr 2019 15:35:41 +0000 (17:35 +0200)]
dnsdist: Actually try to read before checking if the socket is readable
We need to because the TLS layer might already have data waiting
for us, while there might not be anything left on the OS-level
buffer associated to the socket.
If we don't ask the TLS layer, we might wait indefinitely for
something to arrive while the client has already sent everything,
and it's just waiting for us because the TLS record has been read.
Remi Gacogne [Wed, 3 Apr 2019 15:30:52 +0000 (17:30 +0200)]
dnsdist: Better reporting of syscall errors via OpenSSL's libssl
Remi Gacogne [Wed, 3 Apr 2019 15:30:21 +0000 (17:30 +0200)]
mplexer: Add an accessor to get the number of watched FDs
Remi Gacogne [Wed, 3 Apr 2019 15:29:39 +0000 (17:29 +0200)]
dnsdist: Add a few more regression tests for DNS over TLS
Remi Gacogne [Tue, 26 Mar 2019 14:18:34 +0000 (15:18 +0100)]
dnsdist: Update the documentation for the new TCP stack
Remi Gacogne [Tue, 26 Mar 2019 13:26:41 +0000 (14:26 +0100)]
dnsdist: Fix invalid carbon formatting for TCP stats
Remi Gacogne [Tue, 26 Mar 2019 10:22:03 +0000 (11:22 +0100)]
dnsdist: Display (and export via API) the frontend type (DoT, ..)
Remi Gacogne [Tue, 26 Mar 2019 10:10:57 +0000 (11:10 +0100)]
dnsdist: Display backend and frontend TCP metrics in showTCPStats()
Remi Gacogne [Tue, 26 Mar 2019 09:24:35 +0000 (10:24 +0100)]
dnsdist: Add more TCP metrics
Remi Gacogne [Mon, 25 Mar 2019 16:57:31 +0000 (17:57 +0100)]
dnsdist: Add a "lots of TCP connections" regression test
Remi Gacogne [Mon, 25 Mar 2019 16:11:22 +0000 (17:11 +0100)]
dnsdist: Downstream failures only count for fresh TCP connections
Remi Gacogne [Mon, 25 Mar 2019 16:10:13 +0000 (17:10 +0100)]
dnsdist: Properly handle an I/O error while sending a TCP response
Remi Gacogne [Fri, 22 Mar 2019 17:25:44 +0000 (18:25 +0100)]
mplexer: Add some unit tests for our multiplexers
Remi Gacogne [Fri, 22 Mar 2019 14:03:14 +0000 (15:03 +0100)]
mplexer: Keep TTD ordered so we can scan for timeouts efficiently
Remi Gacogne [Thu, 21 Mar 2019 17:49:27 +0000 (18:49 +0100)]
dnsdist: Handle EAGAIN when reading from the non-blocking TCP pipe
Remi Gacogne [Thu, 21 Mar 2019 17:45:40 +0000 (18:45 +0100)]
dnsdist: Don't scan for TCP timeouts more than once every second
Remi Gacogne [Thu, 21 Mar 2019 17:36:33 +0000 (18:36 +0100)]
dnsdist: Make sure that the TCP distribution pipes are non-blocking
Remi Gacogne [Thu, 21 Mar 2019 17:30:42 +0000 (18:30 +0100)]
dnsdist: Fix outstanding count for TCP connections
Remi Gacogne [Wed, 20 Mar 2019 11:09:28 +0000 (12:09 +0100)]
dnsdist: Use a unique pointer for the global TCPClientCollection
Remi Gacogne [Tue, 19 Mar 2019 14:53:38 +0000 (15:53 +0100)]
dnsdist: Remove code duplication between UDP and TCP in the tests
Remi Gacogne [Fri, 8 Mar 2019 17:44:36 +0000 (18:44 +0100)]
dnsdist: Disable regression tests for invalid AXFR
The new implementation does not try to be too smart about that
anymore.
Remi Gacogne [Thu, 28 Feb 2019 14:39:40 +0000 (15:39 +0100)]
dnsdist: TCP refactoring using an event-based logic
Remi Gacogne [Tue, 5 Mar 2019 10:48:02 +0000 (11:48 +0100)]
Only allocate the SSocket buffer when we actually need it, cleanup
Remi Gacogne [Tue, 5 Mar 2019 10:49:24 +0000 (11:49 +0100)]
Return EINPROGRESS instead of -1 in SConnectWithTimeout wo/ timeout
Remi Gacogne [Fri, 8 Mar 2019 15:41:22 +0000 (16:41 +0100)]
mplexer: Add support for write timeouts
Remi Gacogne [Mon, 4 Mar 2019 10:32:23 +0000 (11:32 +0100)]
mplexer: Make it possible to set the read TTD right away
Remi Gacogne [Wed, 27 Feb 2019 13:12:42 +0000 (14:12 +0100)]
dnsdist: Define empty DNSCrypt-related objects when not enabled
This way the rest of the code can mostly ignore whether DNSCrypt
support is enabled.
Remi Gacogne [Wed, 27 Feb 2019 11:06:53 +0000 (12:06 +0100)]
dnsdist: Add a function to extract an EDNS0Record from a DNS packet
Remi Gacogne [Tue, 26 Feb 2019 13:17:46 +0000 (14:17 +0100)]
dnsdist: Refactoring of the response handling path
Remi Gacogne [Mon, 25 Feb 2019 14:54:58 +0000 (15:54 +0100)]
dnsdist: Python 3 compat fixes for the regression tests
Remi Gacogne [Mon, 25 Feb 2019 14:54:13 +0000 (15:54 +0100)]
dnsdist: Refactoring to merge the UDP and TCP paths
Remi Gacogne [Thu, 4 Apr 2019 09:31:31 +0000 (11:31 +0200)]
Merge pull request #7481 from rgacogne/ipcrypt
Add support for encrypting IP addresses #gdpr
Remi Gacogne [Thu, 4 Apr 2019 09:29:29 +0000 (11:29 +0200)]
Merge pull request #7620 from shane-kerr/readme-link-fixes
Correct dnsdist & recursor information in README
Remi Gacogne [Thu, 4 Apr 2019 09:29:04 +0000 (11:29 +0200)]
Merge pull request #7652 from Habbie/dnsdist-ednsoptionview
dnsdist, recursor: EDNSOptionView improvements
Remi Gacogne [Thu, 4 Apr 2019 09:27:16 +0000 (11:27 +0200)]
Merge pull request #7578 from qvr/addtl-gstats
dnsdist: add frontend response statistics
Remi Gacogne [Thu, 4 Apr 2019 09:26:24 +0000 (11:26 +0200)]
Merge pull request #7343 from rgacogne/dnsdist-dyngroup-smt
dnsdist: Add addDynBlockSMT() support to dynBlockRulesGroup
Remi Gacogne [Thu, 4 Apr 2019 09:25:05 +0000 (11:25 +0200)]
Merge pull request #7585 from rgacogne/dnsdist-zero-ttl
dnsdist: Prevent 0-TTL cache hits
Remi Gacogne [Thu, 4 Apr 2019 09:24:04 +0000 (11:24 +0200)]
Merge pull request #7586 from rgacogne/dnsdist-null-latency-web
dnsdist: Gracefully handle a null latency in the webserver's JS
Peter van Dijk [Wed, 3 Apr 2019 07:10:09 +0000 (09:10 +0200)]
Merge pull request #7598 from jsoref/spelling
Spelling
Peter van Dijk [Wed, 3 Apr 2019 07:03:11 +0000 (09:03 +0200)]
Merge pull request #7656 from Habbie/dnsdist-macos-build-nit
dnsdist README: update macOS instructions
Peter van Dijk [Tue, 2 Apr 2019 16:29:04 +0000 (18:29 +0200)]
1-index recursor EDNSOptionView
Peter van Dijk [Tue, 2 Apr 2019 15:33:53 +0000 (17:33 +0200)]
dnsdist README: update macOS instructions
aerique [Tue, 2 Apr 2019 12:26:43 +0000 (14:26 +0200)]
Merge pull request #7654 from aerique/feature/changelog-and-secpoll-for-rec-4.1.12
Update changelog and secpoll for rec-4.1.12.
Peter van Dijk [Tue, 2 Apr 2019 12:11:52 +0000 (14:11 +0200)]
simplify vector indexing
Peter van Dijk [Tue, 2 Apr 2019 12:10:59 +0000 (14:10 +0200)]
adjust indexes in tests
Erik Winkels [Tue, 2 Apr 2019 11:08:12 +0000 (13:08 +0200)]
Update changelog and secpoll for rec-4.1.12.
Otto Moerbeek [Tue, 2 Apr 2019 08:38:05 +0000 (10:38 +0200)]
Merge pull request #7631 from omoerbeek/rec-ecs-cache-limit-with-ttl
Rec ecs cache limit with ttl
Peter van Dijk [Mon, 1 Apr 2019 19:29:55 +0000 (21:29 +0200)]
Lua tables are indexed from 1
Peter van Dijk [Mon, 1 Apr 2019 19:29:09 +0000 (21:29 +0200)]
count is a method, not an attribute
Remi Gacogne [Mon, 1 Apr 2019 13:57:42 +0000 (15:57 +0200)]
Merge pull request #7507 from rgacogne/rec-bounded-load-balancing
rec: Use a bounded load-balancing algo to distribute queries
Pieter Lexis [Mon, 1 Apr 2019 12:43:49 +0000 (14:43 +0200)]
Merge pull request #5932 from pieterlexis/webserver-logging
Improve logging in the webserver
Otto Moerbeek [Mon, 1 Apr 2019 12:27:27 +0000 (14:27 +0200)]
Reformulate condition and comment to make it more clear.
Otto Moerbeek [Mon, 1 Apr 2019 09:30:06 +0000 (11:30 +0200)]
Only apply "do not cache" if both limits are set and satisfied. Doc tweaks.
Remi Gacogne [Fri, 29 Mar 2019 16:20:52 +0000 (17:20 +0100)]
rec: Clarify that the server load should be >= to the pondered avg
(cherry picked from commit
b476baebdc5a2ab4170476167aef94b7cdb677ab )
Remi Gacogne [Fri, 29 Mar 2019 12:32:46 +0000 (13:32 +0100)]
rec: Keep track of the number of MTasks in a dedicated variable
(cherry picked from commit
03a5d29ea3456fd3798ca71ed4f0f7ec7980ee2c )
Otto Moerbeek [Fri, 29 Mar 2019 10:40:05 +0000 (11:40 +0100)]
New approach. I spelled out the logic to make it more clear.
Points to keep in mind: > vs >=
What do we do if s_ecscachelimitttl is not set? I chose to let the scope determine
cacheability.
Remi Gacogne [Thu, 28 Mar 2019 17:30:12 +0000 (18:30 +0100)]
rec: Make sure that distribution-load-factor is >= 1.0 if set
Otto Moerbeek [Wed, 27 Mar 2019 12:17:06 +0000 (13:17 +0100)]
Add tests for ecs-cache-limit-ttl
Remi Gacogne [Wed, 27 Mar 2019 11:10:37 +0000 (12:10 +0100)]
rec: Add a 'rebalanced-queries' metric
Remi Gacogne [Wed, 20 Feb 2019 16:47:30 +0000 (17:47 +0100)]
rec: Use a bounded load-balancing algo to distribute queries
Otto Moerbeek [Wed, 27 Mar 2019 11:37:19 +0000 (12:37 +0100)]
Initial code for ecs-cache-limit-ttl.
Otto Moerbeek [Wed, 27 Mar 2019 10:34:24 +0000 (11:34 +0100)]
Merge remote-tracking branch 'origin/pr/7572' into rec-ecs-cache-limit-with-ttl
Remi Gacogne [Wed, 27 Mar 2019 08:45:54 +0000 (09:45 +0100)]
Merge pull request #7628 from tcely/patch-3
Lua QClass global does not exist
tcely [Tue, 26 Mar 2019 18:04:53 +0000 (14:04 -0400)]
Lua QClass global does not exist
The C code uses `QClass`, but the Lua variable was added as `DNSClass` for whatever reason.
Remi Gacogne [Tue, 12 Mar 2019 12:22:30 +0000 (13:22 +0100)]
rec: Set ecs-ipv4-cache-bits and ecs-ipv6-cache-bits in the tests
(cherry picked from commit
0cd27a313133139947e6e1b97fe7f1c0164ad40f )
Remi Gacogne [Tue, 12 Mar 2019 11:27:06 +0000 (12:27 +0100)]
rec: Document 'ecs-ipv4-cache-bits' and 'ecs-ipv6-cache-bits'
(cherry picked from commit
4d8c05df7a8fd6045061325693dcf8b17dbd364d )
Remi Gacogne [Tue, 12 Mar 2019 11:19:13 +0000 (12:19 +0100)]
rec: Add unit tests for the ECS cache limit feature
Remi Gacogne [Tue, 12 Mar 2019 11:05:56 +0000 (12:05 +0100)]
rec: Move the ECS cache limit check to the SyncRes
bert hubert [Tue, 12 Mar 2019 10:27:53 +0000 (11:27 +0100)]
implement a configurable ECS cache limit, defaulting to /24 and /56 of IPv6. So a /25 response will not get cached.
(cherry picked from commit
1dab554571edc88ae625c3997294dbcfb1c3507e )
Remi Gacogne [Tue, 12 Feb 2019 16:06:33 +0000 (17:06 +0100)]
dnsdist: Add regression tests for protobuf pseudonymization
Remi Gacogne [Tue, 12 Feb 2019 15:14:29 +0000 (16:14 +0100)]
Build ipcrypt as a separate (static) library since it's written in C
Otherwise we could compile it as C++ code, leading to this warning
from the compiler:
```
cc1: warning: command line option ‘-std=c++11’ is valid for C++/ObjC++ but not for C
```
Remi Gacogne [Thu, 31 Jan 2019 13:59:29 +0000 (14:59 +0100)]
Remove trailing whitespaces
Remi Gacogne [Wed, 30 Jan 2019 15:58:04 +0000 (16:58 +0100)]
dnsdist: Add IP 'encryption' options to RemoteLog{,Response}Action
Remi Gacogne [Wed, 30 Jan 2019 15:01:39 +0000 (16:01 +0100)]
dnsdist: Don't link OpenSSL's libssl or GnuTLS unless DoT is enabled
bert hubert [Mon, 19 Feb 2018 09:21:19 +0000 (10:21 +0100)]
make pdnsutil support base64 encoded keys for ipcipher
bert hubert [Fri, 16 Feb 2018 21:34:51 +0000 (22:34 +0100)]
fix testrunner
bert hubert [Fri, 16 Feb 2018 21:01:02 +0000 (22:01 +0100)]
update docs to key derivation & proper link
bert hubert [Fri, 16 Feb 2018 09:12:43 +0000 (10:12 +0100)]
document dnswasher flags
bert hubert [Fri, 16 Feb 2018 09:03:39 +0000 (10:03 +0100)]
made dnswasher support ipcipher
bert hubert [Thu, 15 Feb 2018 12:58:27 +0000 (13:58 +0100)]
dnswasher comment
bert hubert [Thu, 15 Feb 2018 13:03:58 +0000 (14:03 +0100)]
hook up makeIPCipherKey in dnsdist
bert hubert [Wed, 7 Feb 2018 12:18:09 +0000 (13:18 +0100)]
salt was confusing, should be ipcipheripcipher
bert hubert [Wed, 7 Feb 2018 09:05:33 +0000 (10:05 +0100)]
fix up salt for pbkdf2
bert hubert [Thu, 15 Feb 2018 12:51:24 +0000 (13:51 +0100)]
rename ipcrypt/ipcipher
bert hubert [Tue, 6 Feb 2018 12:11:32 +0000 (13:11 +0100)]
add key derivatin from password, add ipencrypt/ipdecrypt to pdnsutil & document it
bert hubert [Fri, 2 Feb 2018 12:39:28 +0000 (13:39 +0100)]
add documentation to dnsdist
bert hubert [Fri, 2 Feb 2018 11:39:57 +0000 (12:39 +0100)]
fix ipcrypt.h in testrunner Makefile
bert hubert [Fri, 2 Feb 2018 10:51:28 +0000 (11:51 +0100)]
replace links
bert hubert [Fri, 2 Feb 2018 10:48:15 +0000 (11:48 +0100)]
add in symlinks for dnsdist
bert hubert [Fri, 2 Feb 2018 10:43:20 +0000 (11:43 +0100)]
Add support for encrypting IP addresses #gdpr
With this change, PowerDNS core gains ability to encrypt & decrypt IP addresses as described in https://medium.com/@bert.hubert/on-ip-address-encryption-security-analysis-with-respect-for-privacy-
dabe1201b476
For IPv4 this uses ipcrypt, for IPv6 it uses a 128-bit AES ECB operation.
This CR also hooks up ipencrypt() and ipdecrypt() methods for dnsdist use, specifically to pseudonomyse logging.
Remi Gacogne [Mon, 25 Mar 2019 09:19:58 +0000 (10:19 +0100)]
Merge pull request #7574 from rgacogne/rec-min-ecs-ttl
rec: Add a new ecs-minimum-ttl-override setting
Remi Gacogne [Mon, 25 Mar 2019 08:51:44 +0000 (09:51 +0100)]
Merge pull request #7621 from shane-kerr/lua-required-for-recursor
Note that Lua is now required for the recursor
bert hubert [Sun, 24 Mar 2019 21:35:51 +0000 (22:35 +0100)]
Merge pull request #7623 from genofire/patch-1
typo in docs - thanks!