]> granicus.if.org Git - pdns/log
pdns
5 years agoMerge pull request #8461 from rgacogne/changelog-from-pr-update
Pieter Lexis [Fri, 25 Oct 2019 07:07:37 +0000 (09:07 +0200)]
Merge pull request #8461 from rgacogne/changelog-from-pr-update

Small improvements to changelog-from-pr

5 years agoMerge pull request #8463 from phonedph1/patch-17
Pieter Lexis [Fri, 25 Oct 2019 07:06:41 +0000 (09:06 +0200)]
Merge pull request #8463 from phonedph1/patch-17

rec: Update CentOS 6 init script

5 years agorec: Update CentOS 6 init script
phonedph1 [Thu, 24 Oct 2019 19:05:09 +0000 (13:05 -0600)]
rec: Update CentOS 6 init script

5 years agoMerge pull request #8426 from Habbie/openssl-eddsa-bits dnsdist-1.4.0-rc4
Remi Gacogne [Thu, 24 Oct 2019 12:50:36 +0000 (14:50 +0200)]
Merge pull request #8426 from Habbie/openssl-eddsa-bits

openssl eddsa signers: report correct key size

5 years agoMerge pull request #8444 from Habbie/sdig-class
Remi Gacogne [Thu, 24 Oct 2019 12:44:36 +0000 (14:44 +0200)]
Merge pull request #8444 from Habbie/sdig-class

sdig: make query class selectable

5 years agochangelog-from-pr: Add Otto to the list of team members
Remi Gacogne [Thu, 24 Oct 2019 10:41:22 +0000 (12:41 +0200)]
changelog-from-pr: Add Otto to the list of team members

5 years agochangelog-from-pr: Capitalize the first letter without lowercasing the rest
Remi Gacogne [Thu, 24 Oct 2019 10:40:42 +0000 (12:40 +0200)]
changelog-from-pr: Capitalize the first letter without lowercasing the rest

5 years agochangelog-from-pr: Display the GH login if the user has not set a name
Remi Gacogne [Thu, 24 Oct 2019 10:39:39 +0000 (12:39 +0200)]
changelog-from-pr: Display the GH login if the user has not set a name

5 years agoMerge pull request #8458 from rgacogne/ddist-cppcheck-clang-analyzer
Remi Gacogne [Thu, 24 Oct 2019 09:41:42 +0000 (11:41 +0200)]
Merge pull request #8458 from rgacogne/ddist-cppcheck-clang-analyzer

dnsdist: Small changes suggested by cppcheck and clang's static analyzer

5 years agodnsdist: Check that the ClientState pointer is not nullptr
Remi Gacogne [Thu, 24 Oct 2019 08:41:49 +0000 (10:41 +0200)]
dnsdist: Check that the ClientState pointer is not nullptr

That makes clang's static analyzer happy.

5 years agodnsdist: Use qualified calls to virtual functions in the ctor
Remi Gacogne [Thu, 24 Oct 2019 08:34:20 +0000 (10:34 +0200)]
dnsdist: Use qualified calls to virtual functions in the ctor

Otherwise cppcheck warns that virtual functions should not be called
from the constructor because dynamic binding is not used, and objects
may not have been fully constructed yet. In that case that's fine
because there is no derived classes, but let's make it explicit.

5 years agodnsdist: Initialize HTTPHeaderRule members in the ctor init list
Remi Gacogne [Thu, 24 Oct 2019 08:33:56 +0000 (10:33 +0200)]
dnsdist: Initialize HTTPHeaderRule members in the ctor init list

5 years agoLMDB: Initialize values in the init list to make cppcheck happy
Remi Gacogne [Thu, 24 Oct 2019 08:32:55 +0000 (10:32 +0200)]
LMDB: Initialize values in the init list to make cppcheck happy

5 years agoMerge pull request #8442 from rgacogne/ddist-ssl-key-log-file
Remi Gacogne [Wed, 23 Oct 2019 15:54:09 +0000 (17:54 +0200)]
Merge pull request #8442 from rgacogne/ddist-ssl-key-log-file

dnsdist: Add support dumping TLS keys via keyLogFile

5 years agosdig: make query class selectable
Peter van Dijk [Wed, 23 Oct 2019 14:30:52 +0000 (16:30 +0200)]
sdig: make query class selectable

5 years agoMerge pull request #8455 from omoerbeek/rec-disable-ooo-test
Otto Moerbeek [Wed, 23 Oct 2019 14:23:59 +0000 (16:23 +0200)]
Merge pull request #8455 from omoerbeek/rec-disable-ooo-test

Disable one OOO test that mysteriously fails on CircleCI so others

5 years agoDisable one OOO test that mysteriously fails on CircleCI so others
Otto Moerbeek [Wed, 23 Oct 2019 14:22:00 +0000 (14:22 +0000)]
Disable one OOO test that mysteriously fails on CircleCI so others
aren't bothered with it and I can debug this in a private branch.

5 years agouse named constant instead of magic number
Peter van Dijk [Wed, 23 Oct 2019 14:17:55 +0000 (16:17 +0200)]
use named constant instead of magic number

5 years agodnsdist: Add support dumping TLS keys via keyLogFile
Remi Gacogne [Tue, 15 Oct 2019 15:30:12 +0000 (17:30 +0200)]
dnsdist: Add support dumping TLS keys via keyLogFile

This is similar to what various programs do when the SSLKEYLOGFILE
environment variable is set, and uses the format described in:

https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/Key_Log_Format

5 years agodnsdist: Move the DoH ticket keys logic into the DOHAcceptContext
Remi Gacogne [Tue, 15 Oct 2019 14:43:43 +0000 (16:43 +0200)]
dnsdist: Move the DoH ticket keys logic into the DOHAcceptContext

5 years agoMerge pull request #8416 from rgacogne/ddist-dohunit-refcount
Remi Gacogne [Wed, 23 Oct 2019 10:02:26 +0000 (12:02 +0200)]
Merge pull request #8416 from rgacogne/ddist-dohunit-refcount

dnsdist: Implement ref counting for the DOHUnit object

5 years agoMerge pull request #8447 from rgacogne/ddist-tls-error-counters
Remi Gacogne [Wed, 23 Oct 2019 10:01:54 +0000 (12:01 +0200)]
Merge pull request #8447 from rgacogne/ddist-tls-error-counters

dnsdist: Add metrics about TLS handshake failures for DoH and DoT

5 years agoMerge pull request #8451 from omoerbeek/auth-zonfile-generate
Otto Moerbeek [Wed, 23 Oct 2019 09:50:38 +0000 (11:50 +0200)]
Merge pull request #8451 from omoerbeek/auth-zonfile-generate

Basic validation of $GENERATE parameters

5 years agoMerge pull request #8391 from omoerbeek/rec-out-of-order
Otto Moerbeek [Wed, 23 Oct 2019 09:44:10 +0000 (11:44 +0200)]
Merge pull request #8391 from omoerbeek/rec-out-of-order

rec: Allow multiple simultaneous incoming TCP queries over a connection

5 years agoBasic validation of $GENERATE parameters
Otto Moerbeek [Wed, 23 Oct 2019 08:50:33 +0000 (10:50 +0200)]
Basic validation of $GENERATE parameters

5 years agoUse two auths to avoid serialization problems, as suggested by Habbie
Otto Moerbeek [Wed, 23 Oct 2019 08:32:51 +0000 (08:32 +0000)]
Use two auths to avoid serialization problems, as suggested by Habbie

5 years agoTeask: more auth threads and prime the delay.example NS
Otto Moerbeek [Wed, 23 Oct 2019 07:53:03 +0000 (09:53 +0200)]
Teask: more auth threads and prime the delay.example NS

5 years agoMerge pull request #8434 from mind04/pdns-remove-mydns
Peter van Dijk [Tue, 22 Oct 2019 16:56:13 +0000 (18:56 +0200)]
Merge pull request #8434 from mind04/pdns-remove-mydns

auth: remove mydns backend

5 years agodnsdist: Fix missing 'thread' key on some prometheus labels
Remi Gacogne [Tue, 22 Oct 2019 15:24:26 +0000 (17:24 +0200)]
dnsdist: Fix missing 'thread' key on some prometheus labels

5 years agodnsdist: Add metrics about TLS handshake failures for DoH and DoT
Remi Gacogne [Tue, 22 Oct 2019 15:16:53 +0000 (17:16 +0200)]
dnsdist: Add metrics about TLS handshake failures for DoH and DoT

5 years agoTests, docs and validation of OOO setting.
Otto Moerbeek [Fri, 11 Oct 2019 11:38:50 +0000 (11:38 +0000)]
Tests, docs and validation of OOO setting.

Test required some framework work to allow for auths having
more than 1 thread.

5 years agoMerge pull request #8367 from pieterlexis/rfc8020
Otto Moerbeek [Tue, 22 Oct 2019 14:42:00 +0000 (16:42 +0200)]
Merge pull request #8367 from pieterlexis/rfc8020

Implement RFC 8020 "NXDOMAIN: There Really Is Nothing Underneath"

5 years agoMerge pull request #8445 from Habbie/skip-useless-unbound-call
Otto Moerbeek [Tue, 22 Oct 2019 05:51:01 +0000 (07:51 +0200)]
Merge pull request #8445 from Habbie/skip-useless-unbound-call

auth ds-at-apex-noerror test: do not run unbound-host

5 years agoauth ds-at-apex-noerror test: do not run unbound-host
Peter van Dijk [Mon, 21 Oct 2019 22:41:31 +0000 (00:41 +0200)]
auth ds-at-apex-noerror test: do not run unbound-host

5 years agoImplement RFC 8020
Pieter Lexis [Tue, 1 Oct 2019 10:25:58 +0000 (12:25 +0200)]
Implement RFC 8020

This commit implements the "NXDOMAIN: There Really Is Nothing Underneath".
When enabled (the default), the SyncRes will check the negative cache if
there exists a higher denied name and uses that data to send an NXDOMAIN
to the client. In essence, it is a more aggressive version of
root-nx-trust (which could be removed in the future).

There are several advantages:

 * We potentially send fewer queries to the internet
 * The record cache is not "polluted" with useless NXDOMAINs

5 years agoMerge pull request #8437 from Habbie/dnsdist-doc-nits-1.4.0
Remi Gacogne [Sat, 19 Oct 2019 11:38:41 +0000 (13:38 +0200)]
Merge pull request #8437 from Habbie/dnsdist-doc-nits-1.4.0

dnsdist docs: fix versionadded formatting

5 years agoMerge pull request #8433 from Habbie/dns64-ptr-cname
Peter van Dijk [Fri, 18 Oct 2019 14:19:45 +0000 (16:19 +0200)]
Merge pull request #8433 from Habbie/dns64-ptr-cname

dns64: stop hiding PTR indirection

5 years agofix versionadded formatting
Peter van Dijk [Fri, 18 Oct 2019 11:59:41 +0000 (13:59 +0200)]
fix versionadded formatting

5 years agodns64: stop hiding PTR indirection
Peter van Dijk [Fri, 18 Oct 2019 10:31:55 +0000 (12:31 +0200)]
dns64: stop hiding PTR indirection

5 years agoMerge pull request #8432 from mind04/pdns-oracle-leftovers
Peter van Dijk [Fri, 18 Oct 2019 10:23:32 +0000 (12:23 +0200)]
Merge pull request #8432 from mind04/pdns-oracle-leftovers

pdns: oracle leftovers

5 years agoMerge pull request #8420 from pieterlexis/pdnsutil-algo-7
Pieter Lexis [Fri, 18 Oct 2019 09:26:00 +0000 (11:26 +0200)]
Merge pull request #8420 from pieterlexis/pdnsutil-algo-7

pdnsutil: add algo 7 to add-zone-key help

5 years agopdns: oracle leftovers
Kees Monshouwer [Thu, 17 Oct 2019 21:00:03 +0000 (23:00 +0200)]
pdns: oracle leftovers

5 years agoauth: remove mydns backend
Kees Monshouwer [Thu, 17 Oct 2019 20:29:02 +0000 (22:29 +0200)]
auth: remove mydns backend

5 years agoMerge pull request #8429 from Habbie/ubuntu-eoan
Peter van Dijk [Thu, 17 Oct 2019 14:22:46 +0000 (16:22 +0200)]
Merge pull request #8429 from Habbie/ubuntu-eoan

add Ubuntu eoan builder target

5 years agoadd Ubuntu eoan builder target
Peter van Dijk [Thu, 17 Oct 2019 10:21:45 +0000 (12:21 +0200)]
add Ubuntu eoan builder target

5 years agoopenssl: report correct keysize for eddsa, fixes part one of #8278
Peter van Dijk [Wed, 16 Oct 2019 23:36:04 +0000 (01:36 +0200)]
openssl: report correct keysize for eddsa, fixes part one of #8278

5 years agopdnsutil test-algorithm(s): report key size
Peter van Dijk [Wed, 16 Oct 2019 23:34:15 +0000 (01:34 +0200)]
pdnsutil test-algorithm(s): report key size

5 years agoMerge pull request #8400 from pieterlexis/centos-8-pkgs
Pieter Lexis [Wed, 16 Oct 2019 11:32:31 +0000 (13:32 +0200)]
Merge pull request #8400 from pieterlexis/centos-8-pkgs

Add CentOS 8 as builder target

5 years agoMerge pull request #8325 from pieterlexis/disabled-in-api
Pieter Lexis [Wed, 16 Oct 2019 11:32:03 +0000 (13:32 +0200)]
Merge pull request #8325 from pieterlexis/disabled-in-api

auth API: make disabled optional for Record

5 years agoMerge pull request #8421 from rgacogne/ddist-fix-merge-rotation-delay
Remi Gacogne [Tue, 15 Oct 2019 20:52:16 +0000 (22:52 +0200)]
Merge pull request #8421 from rgacogne/ddist-fix-merge-rotation-delay

dnsdist: Fix merge issue (d_ticketsKeyRotationDelay)

5 years agopdnsutil: add algo 7 to add-zone-key help
Pieter Lexis [Tue, 15 Oct 2019 18:14:30 +0000 (20:14 +0200)]
pdnsutil: add algo 7 to add-zone-key help

5 years agodnsdist: Fix merge issue (d_ticketsKeyRotationDelay)
Remi Gacogne [Tue, 15 Oct 2019 18:14:11 +0000 (20:14 +0200)]
dnsdist: Fix merge issue (d_ticketsKeyRotationDelay)

d_ticketsKeyRotationDelay is now in the TLSConfig object.

5 years agoMerge pull request #8411 from rgacogne/dnsdist-better-log-action
Remi Gacogne [Tue, 15 Oct 2019 12:49:44 +0000 (14:49 +0200)]
Merge pull request #8411 from rgacogne/dnsdist-better-log-action

dnsdist: Add more options to LogAction (non-verbose mode, timestamps)

5 years agoMerge pull request #8383 from rgacogne/ddist-merge-doh-dot-contexts
Remi Gacogne [Tue, 15 Oct 2019 12:47:38 +0000 (14:47 +0200)]
Merge pull request #8383 from rgacogne/ddist-merge-doh-dot-contexts

dnsdist: Merge the setup of TLS contexts in Doh and DoT

5 years agoMerge pull request #8408 from rgacogne/ddist-buffer-size-cache
Remi Gacogne [Tue, 15 Oct 2019 12:42:29 +0000 (14:42 +0200)]
Merge pull request #8408 from rgacogne/ddist-buffer-size-cache

dnsdist: Fix the caching of large entries

5 years agoMerge pull request #8417 from rgacogne/auth-dist-unit2.test
Remi Gacogne [Tue, 15 Oct 2019 10:21:38 +0000 (12:21 +0200)]
Merge pull request #8417 from rgacogne/auth-dist-unit2.test

Add regression-tests/zones/unit2.test to EXTRA_DIST

5 years agoAdd regression-tests/zones/unit2.test to EXTRA_DIST
Remi Gacogne [Tue, 15 Oct 2019 08:13:37 +0000 (10:13 +0200)]
Add regression-tests/zones/unit2.test to EXTRA_DIST

Otherwise the unit tests fail.

5 years agodnsdist: Use std::max() to compute the size of the incoming buffer
Remi Gacogne [Fri, 11 Oct 2019 14:44:25 +0000 (16:44 +0200)]
dnsdist: Use std::max() to compute the size of the incoming buffer

5 years agodnsdist: Add regression tests for the caching of large answers
Remi Gacogne [Fri, 11 Oct 2019 12:57:45 +0000 (14:57 +0200)]
dnsdist: Add regression tests for the caching of large answers

5 years agodnsdist: Don't cache entries larger than 4096 bytes
Remi Gacogne [Fri, 11 Oct 2019 12:52:08 +0000 (14:52 +0200)]
dnsdist: Don't cache entries larger than 4096 bytes

We won't be able to use them anyway.

5 years agodnsdist: Always allocate at least 4096 bytes for the cached response
Remi Gacogne [Fri, 11 Oct 2019 12:51:11 +0000 (14:51 +0200)]
dnsdist: Always allocate at least 4096 bytes for the cached response

5 years agodnsdist: Advertise the size really available in the query buffer
Remi Gacogne [Thu, 10 Oct 2019 15:44:43 +0000 (17:44 +0200)]
dnsdist: Advertise the size really available in the query buffer

We use to advertise s_udpIncomingBufferSize (1500) but the buffer
is really 4096 bytes long. This allows much larger responses from
to be returned from the cache.

5 years agoMerge pull request #8415 from rgacogne/ddist-tcp-stats-format
Remi Gacogne [Tue, 15 Oct 2019 08:04:49 +0000 (10:04 +0200)]
Merge pull request #8415 from rgacogne/ddist-tcp-stats-format

dnsdist: Fix formatting in showTCPStats()

5 years agodnsdist: Implement ref counting for the DOHUnit object
Remi Gacogne [Mon, 14 Oct 2019 14:18:46 +0000 (16:18 +0200)]
dnsdist: Implement ref counting for the DOHUnit object

It turns out that, at least when testing with ASAN enabled, we
sometimes trigger use-after-free detection because we get the
response from the backend, send it to the client then delete the
object before the send() call to the backend even returned.

5 years agodnsdist: Fix formatting in showTCPStats()
Remi Gacogne [Mon, 14 Oct 2019 14:02:44 +0000 (16:02 +0200)]
dnsdist: Fix formatting in showTCPStats()

5 years agoMerge pull request #8413 from rgacogne/cmsg_space_osx
Remi Gacogne [Mon, 14 Oct 2019 13:39:59 +0000 (15:39 +0200)]
Merge pull request #8413 from rgacogne/cmsg_space_osx

Work around CMSG_SPACE somehow not being a constexpr on macOS

5 years agoMerge pull request #8414 from omoerbeek/test-zoneparse-more-modern
Otto Moerbeek [Mon, 14 Oct 2019 11:09:47 +0000 (13:09 +0200)]
Merge pull request #8414 from omoerbeek/test-zoneparse-more-modern

test-zoneparser_tng: more modern C++ idiom

5 years agoWork around CMSG_SPACE somehow not being a constexpr on macOS
Remi Gacogne [Mon, 14 Oct 2019 08:21:20 +0000 (10:21 +0200)]
Work around CMSG_SPACE somehow not being a constexpr on macOS

5 years agoMore modern C++ idiom
Otto Moerbeek [Mon, 14 Oct 2019 07:06:35 +0000 (09:06 +0200)]
More modern C++ idiom

5 years agoMerge pull request #8372 from rgacogne/ddist-vrf-itf
Remi Gacogne [Sat, 12 Oct 2019 13:25:17 +0000 (15:25 +0200)]
Merge pull request #8372 from rgacogne/ddist-vrf-itf

dnsdist: Use SO_BINDTODEVICE when available for newServer's source itf

5 years agoMerge pull request #8409 from rgacogne/ddist-prometheus-descriptions-pool
Remi Gacogne [Sat, 12 Oct 2019 13:23:47 +0000 (15:23 +0200)]
Merge pull request #8409 from rgacogne/ddist-prometheus-descriptions-pool

dnsdist: Add missing prometheus descriptions for cache-related metrics

5 years agodnsdist: Add more options to LogAction (non-verbose mode, timestamps)
Remi Gacogne [Fri, 11 Oct 2019 15:16:37 +0000 (17:16 +0200)]
dnsdist: Add more options to LogAction (non-verbose mode, timestamps)

5 years agoMerge pull request #8410 from franklouwers/doc/setQueryRate-fix
Remi Gacogne [Fri, 11 Oct 2019 14:38:51 +0000 (16:38 +0200)]
Merge pull request #8410 from franklouwers/doc/setQueryRate-fix

Fix typo in setQueryRate docs

5 years agodnsdist: Don't call SO_BINDTODEVICE with an empty interface name
Remi Gacogne [Fri, 11 Oct 2019 14:26:51 +0000 (16:26 +0200)]
dnsdist: Don't call SO_BINDTODEVICE with an empty interface name

5 years agodnsdist: Fix indentation in newServer()
Remi Gacogne [Fri, 11 Oct 2019 14:12:54 +0000 (16:12 +0200)]
dnsdist: Fix indentation in newServer()

5 years agoClarify comment
Frank Louwers [Fri, 11 Oct 2019 14:10:08 +0000 (16:10 +0200)]
Clarify comment

5 years agoFix typo in setQueryRate docs
Frank Louwers [Fri, 11 Oct 2019 14:00:31 +0000 (16:00 +0200)]
Fix typo in setQueryRate docs

5 years agodnsdist: Add missing prometheus descriptions for cache-related metrics
Remi Gacogne [Fri, 11 Oct 2019 13:24:55 +0000 (15:24 +0200)]
dnsdist: Add missing prometheus descriptions for cache-related metrics

5 years agoMerge pull request #8406 from rgacogne/ddist-tls-ticket-key-stats
Remi Gacogne [Fri, 11 Oct 2019 13:16:16 +0000 (15:16 +0200)]
Merge pull request #8406 from rgacogne/ddist-tls-ticket-key-stats

dnsdist: Add metrics about unknown/inactive TLS ticket keys

5 years agoMerge pull request #8407 from omoerbeek/auth-lua-records-shadowing
Otto Moerbeek [Fri, 11 Oct 2019 12:54:33 +0000 (14:54 +0200)]
Merge pull request #8407 from omoerbeek/auth-lua-records-shadowing

auth: A few shadowing cases.

5 years agoA few shadowing cases.
Otto Moerbeek [Fri, 11 Oct 2019 12:05:22 +0000 (14:05 +0200)]
A few shadowing cases.

5 years agoProper in-flight maintenance; settable setting with doc.
Otto Moerbeek [Fri, 11 Oct 2019 09:22:39 +0000 (11:22 +0200)]
Proper in-flight maintenance; settable setting with doc.

5 years agodnsdist: Add metrics about unknown/inactive TLS ticket keys
Remi Gacogne [Thu, 10 Oct 2019 14:57:29 +0000 (16:57 +0200)]
dnsdist: Add metrics about unknown/inactive TLS ticket keys

5 years agodnsdist: Merge the setup of TLS contexts in Doh and DoT
Remi Gacogne [Fri, 4 Oct 2019 15:57:04 +0000 (17:57 +0200)]
dnsdist: Merge the setup of TLS contexts in Doh and DoT

5 years agoMerge pull request #8398 from rgacogne/ddist-fix-session-resumption-tests
Remi Gacogne [Thu, 10 Oct 2019 14:44:41 +0000 (16:44 +0200)]
Merge pull request #8398 from rgacogne/ddist-fix-session-resumption-tests

dnsdist: Check that tickets have really been written in the tests, really disable tickets when asked

5 years agoMerge pull request #8387 from rgacogne/dnsdist-tls-versions
Remi Gacogne [Thu, 10 Oct 2019 14:44:23 +0000 (16:44 +0200)]
Merge pull request #8387 from rgacogne/dnsdist-tls-versions

dnsdist: Add metrics about TLS versions with DNS over TLS

5 years agoMerge pull request #8404 from rgacogne/ddist-typo-suffixmatchnode-doc
Remi Gacogne [Thu, 10 Oct 2019 14:34:45 +0000 (16:34 +0200)]
Merge pull request #8404 from rgacogne/ddist-typo-suffixmatchnode-doc

dnsdist: Add a missing line before SuffixMatchNode's 'versionadded'

5 years agoMerge pull request #8396 from omoerbeek/zoneparser-fixed-format
Otto Moerbeek [Thu, 10 Oct 2019 14:08:09 +0000 (16:08 +0200)]
Merge pull request #8396 from omoerbeek/zoneparser-fixed-format

Do not use variable printf format strings

5 years agodnsdist: Add a missing line before SuffixMatchNode's 'versionadded'
Remi Gacogne [Thu, 10 Oct 2019 12:56:14 +0000 (14:56 +0200)]
dnsdist: Add a missing line before SuffixMatchNode's 'versionadded'

5 years agoAdd CentOS 8 as builder target
Pieter Lexis [Thu, 10 Oct 2019 12:03:21 +0000 (14:03 +0200)]
Add CentOS 8 as builder target

5 years agoMerge pull request #8395 from rgacogne/ddist-doh-concurrent-connections
Remi Gacogne [Thu, 10 Oct 2019 09:07:21 +0000 (11:07 +0200)]
Merge pull request #8395 from rgacogne/ddist-doh-concurrent-connections

dnsdist: Count the number of concurrent connections for DoH as well

5 years agodnsdist: Add TLS version metrics to the API as well
Remi Gacogne [Thu, 10 Oct 2019 09:00:30 +0000 (11:00 +0200)]
dnsdist: Add TLS version metrics to the API as well

5 years agodnsdist: Check that tickets have been written when needed
Remi Gacogne [Tue, 8 Oct 2019 14:14:32 +0000 (16:14 +0200)]
dnsdist: Check that tickets have been written when needed

But they might not have been, especially when a session has been
resumed and it was encrypted with a Session Ticket Encryption Key
still active.

5 years agodnsdist: Really disable TLS tickets for TLS 1.3 when asked
Remi Gacogne [Tue, 8 Oct 2019 14:14:04 +0000 (16:14 +0200)]
dnsdist: Really disable TLS tickets for TLS 1.3 when asked

5 years agoMerge pull request #8388 from rgacogne/dnsdist-doh-rotation-key-clear
Remi Gacogne [Thu, 10 Oct 2019 08:04:00 +0000 (10:04 +0200)]
Merge pull request #8388 from rgacogne/dnsdist-doh-rotation-key-clear

dnsdist: Clear the DoH Session Ticket Encryption Key in the ctor

5 years agoAdd unit test for zone file with template
Otto Moerbeek [Wed, 9 Oct 2019 14:21:00 +0000 (16:21 +0200)]
Add unit test for zone file with template

5 years agodnsdist: Count the number of concurrent connections for DoH as well
Remi Gacogne [Wed, 9 Oct 2019 13:41:50 +0000 (15:41 +0200)]
dnsdist: Count the number of concurrent connections for DoH as well

5 years agoUsing a variable format string opens up all kinds of cans of worms.
Otto Moerbeek [Wed, 9 Oct 2019 12:39:29 +0000 (14:39 +0200)]
Using a variable format string opens up all kinds of cans of worms.

5 years agoOn read error we remove the fd from the set. If there are still queries in-flight
Otto Moerbeek [Wed, 9 Oct 2019 09:12:38 +0000 (11:12 +0200)]
On read error we remove the fd from the set. If there are still queries in-flight
we will add it back if the in-flight condition is true.
This is not a real problem as the next handleTCPClientReadable() will take care.
Add a comment to explain that.
Also, setting the TTD might throw so handle that.
We might need a forgiving variant of removeReadFD() and setReadTTD().

5 years ago- Fix multiplexer accounting in the write error case
Otto Moerbeek [Wed, 9 Oct 2019 08:35:00 +0000 (10:35 +0200)]
- Fix multiplexer accounting in the write error case
- Use proper type for in-flight accounting