]>
granicus.if.org Git - pdns/log
Pieter Lexis [Fri, 25 Oct 2019 07:07:37 +0000 (09:07 +0200)]
Merge pull request #8461 from rgacogne/changelog-from-pr-update
Small improvements to changelog-from-pr
Pieter Lexis [Fri, 25 Oct 2019 07:06:41 +0000 (09:06 +0200)]
Merge pull request #8463 from phonedph1/patch-17
rec: Update CentOS 6 init script
phonedph1 [Thu, 24 Oct 2019 19:05:09 +0000 (13:05 -0600)]
rec: Update CentOS 6 init script
Remi Gacogne [Thu, 24 Oct 2019 12:50:36 +0000 (14:50 +0200)]
Merge pull request #8426 from Habbie/openssl-eddsa-bits
openssl eddsa signers: report correct key size
Remi Gacogne [Thu, 24 Oct 2019 12:44:36 +0000 (14:44 +0200)]
Merge pull request #8444 from Habbie/sdig-class
sdig: make query class selectable
Remi Gacogne [Thu, 24 Oct 2019 10:41:22 +0000 (12:41 +0200)]
changelog-from-pr: Add Otto to the list of team members
Remi Gacogne [Thu, 24 Oct 2019 10:40:42 +0000 (12:40 +0200)]
changelog-from-pr: Capitalize the first letter without lowercasing the rest
Remi Gacogne [Thu, 24 Oct 2019 10:39:39 +0000 (12:39 +0200)]
changelog-from-pr: Display the GH login if the user has not set a name
Remi Gacogne [Thu, 24 Oct 2019 09:41:42 +0000 (11:41 +0200)]
Merge pull request #8458 from rgacogne/ddist-cppcheck-clang-analyzer
dnsdist: Small changes suggested by cppcheck and clang's static analyzer
Remi Gacogne [Thu, 24 Oct 2019 08:41:49 +0000 (10:41 +0200)]
dnsdist: Check that the ClientState pointer is not nullptr
That makes clang's static analyzer happy.
Remi Gacogne [Thu, 24 Oct 2019 08:34:20 +0000 (10:34 +0200)]
dnsdist: Use qualified calls to virtual functions in the ctor
Otherwise cppcheck warns that virtual functions should not be called
from the constructor because dynamic binding is not used, and objects
may not have been fully constructed yet. In that case that's fine
because there is no derived classes, but let's make it explicit.
Remi Gacogne [Thu, 24 Oct 2019 08:33:56 +0000 (10:33 +0200)]
dnsdist: Initialize HTTPHeaderRule members in the ctor init list
Remi Gacogne [Thu, 24 Oct 2019 08:32:55 +0000 (10:32 +0200)]
LMDB: Initialize values in the init list to make cppcheck happy
Remi Gacogne [Wed, 23 Oct 2019 15:54:09 +0000 (17:54 +0200)]
Merge pull request #8442 from rgacogne/ddist-ssl-key-log-file
dnsdist: Add support dumping TLS keys via keyLogFile
Peter van Dijk [Wed, 23 Oct 2019 14:30:52 +0000 (16:30 +0200)]
sdig: make query class selectable
Otto Moerbeek [Wed, 23 Oct 2019 14:23:59 +0000 (16:23 +0200)]
Merge pull request #8455 from omoerbeek/rec-disable-ooo-test
Disable one OOO test that mysteriously fails on CircleCI so others
Otto Moerbeek [Wed, 23 Oct 2019 14:22:00 +0000 (14:22 +0000)]
Disable one OOO test that mysteriously fails on CircleCI so others
aren't bothered with it and I can debug this in a private branch.
Peter van Dijk [Wed, 23 Oct 2019 14:17:55 +0000 (16:17 +0200)]
use named constant instead of magic number
Remi Gacogne [Tue, 15 Oct 2019 15:30:12 +0000 (17:30 +0200)]
dnsdist: Add support dumping TLS keys via keyLogFile
This is similar to what various programs do when the SSLKEYLOGFILE
environment variable is set, and uses the format described in:
https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/Key_Log_Format
Remi Gacogne [Tue, 15 Oct 2019 14:43:43 +0000 (16:43 +0200)]
dnsdist: Move the DoH ticket keys logic into the DOHAcceptContext
Remi Gacogne [Wed, 23 Oct 2019 10:02:26 +0000 (12:02 +0200)]
Merge pull request #8416 from rgacogne/ddist-dohunit-refcount
dnsdist: Implement ref counting for the DOHUnit object
Remi Gacogne [Wed, 23 Oct 2019 10:01:54 +0000 (12:01 +0200)]
Merge pull request #8447 from rgacogne/ddist-tls-error-counters
dnsdist: Add metrics about TLS handshake failures for DoH and DoT
Otto Moerbeek [Wed, 23 Oct 2019 09:50:38 +0000 (11:50 +0200)]
Merge pull request #8451 from omoerbeek/auth-zonfile-generate
Basic validation of $GENERATE parameters
Otto Moerbeek [Wed, 23 Oct 2019 09:44:10 +0000 (11:44 +0200)]
Merge pull request #8391 from omoerbeek/rec-out-of-order
rec: Allow multiple simultaneous incoming TCP queries over a connection
Otto Moerbeek [Wed, 23 Oct 2019 08:50:33 +0000 (10:50 +0200)]
Basic validation of $GENERATE parameters
Otto Moerbeek [Wed, 23 Oct 2019 08:32:51 +0000 (08:32 +0000)]
Use two auths to avoid serialization problems, as suggested by Habbie
Otto Moerbeek [Wed, 23 Oct 2019 07:53:03 +0000 (09:53 +0200)]
Teask: more auth threads and prime the delay.example NS
Peter van Dijk [Tue, 22 Oct 2019 16:56:13 +0000 (18:56 +0200)]
Merge pull request #8434 from mind04/pdns-remove-mydns
auth: remove mydns backend
Remi Gacogne [Tue, 22 Oct 2019 15:24:26 +0000 (17:24 +0200)]
dnsdist: Fix missing 'thread' key on some prometheus labels
Remi Gacogne [Tue, 22 Oct 2019 15:16:53 +0000 (17:16 +0200)]
dnsdist: Add metrics about TLS handshake failures for DoH and DoT
Otto Moerbeek [Fri, 11 Oct 2019 11:38:50 +0000 (11:38 +0000)]
Tests, docs and validation of OOO setting.
Test required some framework work to allow for auths having
more than 1 thread.
Otto Moerbeek [Tue, 22 Oct 2019 14:42:00 +0000 (16:42 +0200)]
Merge pull request #8367 from pieterlexis/rfc8020
Implement RFC 8020 "NXDOMAIN: There Really Is Nothing Underneath"
Otto Moerbeek [Tue, 22 Oct 2019 05:51:01 +0000 (07:51 +0200)]
Merge pull request #8445 from Habbie/skip-useless-unbound-call
auth ds-at-apex-noerror test: do not run unbound-host
Peter van Dijk [Mon, 21 Oct 2019 22:41:31 +0000 (00:41 +0200)]
auth ds-at-apex-noerror test: do not run unbound-host
Pieter Lexis [Tue, 1 Oct 2019 10:25:58 +0000 (12:25 +0200)]
Implement RFC 8020
This commit implements the "NXDOMAIN: There Really Is Nothing Underneath".
When enabled (the default), the SyncRes will check the negative cache if
there exists a higher denied name and uses that data to send an NXDOMAIN
to the client. In essence, it is a more aggressive version of
root-nx-trust (which could be removed in the future).
There are several advantages:
* We potentially send fewer queries to the internet
* The record cache is not "polluted" with useless NXDOMAINs
Remi Gacogne [Sat, 19 Oct 2019 11:38:41 +0000 (13:38 +0200)]
Merge pull request #8437 from Habbie/dnsdist-doc-nits-1.4.0
dnsdist docs: fix versionadded formatting
Peter van Dijk [Fri, 18 Oct 2019 14:19:45 +0000 (16:19 +0200)]
Merge pull request #8433 from Habbie/dns64-ptr-cname
dns64: stop hiding PTR indirection
Peter van Dijk [Fri, 18 Oct 2019 11:59:41 +0000 (13:59 +0200)]
fix versionadded formatting
Peter van Dijk [Fri, 18 Oct 2019 10:31:55 +0000 (12:31 +0200)]
dns64: stop hiding PTR indirection
Peter van Dijk [Fri, 18 Oct 2019 10:23:32 +0000 (12:23 +0200)]
Merge pull request #8432 from mind04/pdns-oracle-leftovers
pdns: oracle leftovers
Pieter Lexis [Fri, 18 Oct 2019 09:26:00 +0000 (11:26 +0200)]
Merge pull request #8420 from pieterlexis/pdnsutil-algo-7
pdnsutil: add algo 7 to add-zone-key help
Kees Monshouwer [Thu, 17 Oct 2019 21:00:03 +0000 (23:00 +0200)]
pdns: oracle leftovers
Kees Monshouwer [Thu, 17 Oct 2019 20:29:02 +0000 (22:29 +0200)]
auth: remove mydns backend
Peter van Dijk [Thu, 17 Oct 2019 14:22:46 +0000 (16:22 +0200)]
Merge pull request #8429 from Habbie/ubuntu-eoan
add Ubuntu eoan builder target
Peter van Dijk [Thu, 17 Oct 2019 10:21:45 +0000 (12:21 +0200)]
add Ubuntu eoan builder target
Peter van Dijk [Wed, 16 Oct 2019 23:36:04 +0000 (01:36 +0200)]
openssl: report correct keysize for eddsa, fixes part one of #8278
Peter van Dijk [Wed, 16 Oct 2019 23:34:15 +0000 (01:34 +0200)]
pdnsutil test-algorithm(s): report key size
Pieter Lexis [Wed, 16 Oct 2019 11:32:31 +0000 (13:32 +0200)]
Merge pull request #8400 from pieterlexis/centos-8-pkgs
Add CentOS 8 as builder target
Pieter Lexis [Wed, 16 Oct 2019 11:32:03 +0000 (13:32 +0200)]
Merge pull request #8325 from pieterlexis/disabled-in-api
auth API: make disabled optional for Record
Remi Gacogne [Tue, 15 Oct 2019 20:52:16 +0000 (22:52 +0200)]
Merge pull request #8421 from rgacogne/ddist-fix-merge-rotation-delay
dnsdist: Fix merge issue (d_ticketsKeyRotationDelay)
Pieter Lexis [Tue, 15 Oct 2019 18:14:30 +0000 (20:14 +0200)]
pdnsutil: add algo 7 to add-zone-key help
Remi Gacogne [Tue, 15 Oct 2019 18:14:11 +0000 (20:14 +0200)]
dnsdist: Fix merge issue (d_ticketsKeyRotationDelay)
d_ticketsKeyRotationDelay is now in the TLSConfig object.
Remi Gacogne [Tue, 15 Oct 2019 12:49:44 +0000 (14:49 +0200)]
Merge pull request #8411 from rgacogne/dnsdist-better-log-action
dnsdist: Add more options to LogAction (non-verbose mode, timestamps)
Remi Gacogne [Tue, 15 Oct 2019 12:47:38 +0000 (14:47 +0200)]
Merge pull request #8383 from rgacogne/ddist-merge-doh-dot-contexts
dnsdist: Merge the setup of TLS contexts in Doh and DoT
Remi Gacogne [Tue, 15 Oct 2019 12:42:29 +0000 (14:42 +0200)]
Merge pull request #8408 from rgacogne/ddist-buffer-size-cache
dnsdist: Fix the caching of large entries
Remi Gacogne [Tue, 15 Oct 2019 10:21:38 +0000 (12:21 +0200)]
Merge pull request #8417 from rgacogne/auth-dist-unit2.test
Add regression-tests/zones/unit2.test to EXTRA_DIST
Remi Gacogne [Tue, 15 Oct 2019 08:13:37 +0000 (10:13 +0200)]
Add regression-tests/zones/unit2.test to EXTRA_DIST
Otherwise the unit tests fail.
Remi Gacogne [Fri, 11 Oct 2019 14:44:25 +0000 (16:44 +0200)]
dnsdist: Use std::max() to compute the size of the incoming buffer
Remi Gacogne [Fri, 11 Oct 2019 12:57:45 +0000 (14:57 +0200)]
dnsdist: Add regression tests for the caching of large answers
Remi Gacogne [Fri, 11 Oct 2019 12:52:08 +0000 (14:52 +0200)]
dnsdist: Don't cache entries larger than 4096 bytes
We won't be able to use them anyway.
Remi Gacogne [Fri, 11 Oct 2019 12:51:11 +0000 (14:51 +0200)]
dnsdist: Always allocate at least 4096 bytes for the cached response
Remi Gacogne [Thu, 10 Oct 2019 15:44:43 +0000 (17:44 +0200)]
dnsdist: Advertise the size really available in the query buffer
We use to advertise s_udpIncomingBufferSize (1500) but the buffer
is really 4096 bytes long. This allows much larger responses from
to be returned from the cache.
Remi Gacogne [Tue, 15 Oct 2019 08:04:49 +0000 (10:04 +0200)]
Merge pull request #8415 from rgacogne/ddist-tcp-stats-format
dnsdist: Fix formatting in showTCPStats()
Remi Gacogne [Mon, 14 Oct 2019 14:18:46 +0000 (16:18 +0200)]
dnsdist: Implement ref counting for the DOHUnit object
It turns out that, at least when testing with ASAN enabled, we
sometimes trigger use-after-free detection because we get the
response from the backend, send it to the client then delete the
object before the send() call to the backend even returned.
Remi Gacogne [Mon, 14 Oct 2019 14:02:44 +0000 (16:02 +0200)]
dnsdist: Fix formatting in showTCPStats()
Remi Gacogne [Mon, 14 Oct 2019 13:39:59 +0000 (15:39 +0200)]
Merge pull request #8413 from rgacogne/cmsg_space_osx
Work around CMSG_SPACE somehow not being a constexpr on macOS
Otto Moerbeek [Mon, 14 Oct 2019 11:09:47 +0000 (13:09 +0200)]
Merge pull request #8414 from omoerbeek/test-zoneparse-more-modern
test-zoneparser_tng: more modern C++ idiom
Remi Gacogne [Mon, 14 Oct 2019 08:21:20 +0000 (10:21 +0200)]
Work around CMSG_SPACE somehow not being a constexpr on macOS
Otto Moerbeek [Mon, 14 Oct 2019 07:06:35 +0000 (09:06 +0200)]
More modern C++ idiom
Remi Gacogne [Sat, 12 Oct 2019 13:25:17 +0000 (15:25 +0200)]
Merge pull request #8372 from rgacogne/ddist-vrf-itf
dnsdist: Use SO_BINDTODEVICE when available for newServer's source itf
Remi Gacogne [Sat, 12 Oct 2019 13:23:47 +0000 (15:23 +0200)]
Merge pull request #8409 from rgacogne/ddist-prometheus-descriptions-pool
dnsdist: Add missing prometheus descriptions for cache-related metrics
Remi Gacogne [Fri, 11 Oct 2019 15:16:37 +0000 (17:16 +0200)]
dnsdist: Add more options to LogAction (non-verbose mode, timestamps)
Remi Gacogne [Fri, 11 Oct 2019 14:38:51 +0000 (16:38 +0200)]
Merge pull request #8410 from franklouwers/doc/setQueryRate-fix
Fix typo in setQueryRate docs
Remi Gacogne [Fri, 11 Oct 2019 14:26:51 +0000 (16:26 +0200)]
dnsdist: Don't call SO_BINDTODEVICE with an empty interface name
Remi Gacogne [Fri, 11 Oct 2019 14:12:54 +0000 (16:12 +0200)]
dnsdist: Fix indentation in newServer()
Frank Louwers [Fri, 11 Oct 2019 14:10:08 +0000 (16:10 +0200)]
Clarify comment
Frank Louwers [Fri, 11 Oct 2019 14:00:31 +0000 (16:00 +0200)]
Fix typo in setQueryRate docs
Remi Gacogne [Fri, 11 Oct 2019 13:24:55 +0000 (15:24 +0200)]
dnsdist: Add missing prometheus descriptions for cache-related metrics
Remi Gacogne [Fri, 11 Oct 2019 13:16:16 +0000 (15:16 +0200)]
Merge pull request #8406 from rgacogne/ddist-tls-ticket-key-stats
dnsdist: Add metrics about unknown/inactive TLS ticket keys
Otto Moerbeek [Fri, 11 Oct 2019 12:54:33 +0000 (14:54 +0200)]
Merge pull request #8407 from omoerbeek/auth-lua-records-shadowing
auth: A few shadowing cases.
Otto Moerbeek [Fri, 11 Oct 2019 12:05:22 +0000 (14:05 +0200)]
A few shadowing cases.
Otto Moerbeek [Fri, 11 Oct 2019 09:22:39 +0000 (11:22 +0200)]
Proper in-flight maintenance; settable setting with doc.
Remi Gacogne [Thu, 10 Oct 2019 14:57:29 +0000 (16:57 +0200)]
dnsdist: Add metrics about unknown/inactive TLS ticket keys
Remi Gacogne [Fri, 4 Oct 2019 15:57:04 +0000 (17:57 +0200)]
dnsdist: Merge the setup of TLS contexts in Doh and DoT
Remi Gacogne [Thu, 10 Oct 2019 14:44:41 +0000 (16:44 +0200)]
Merge pull request #8398 from rgacogne/ddist-fix-session-resumption-tests
dnsdist: Check that tickets have really been written in the tests, really disable tickets when asked
Remi Gacogne [Thu, 10 Oct 2019 14:44:23 +0000 (16:44 +0200)]
Merge pull request #8387 from rgacogne/dnsdist-tls-versions
dnsdist: Add metrics about TLS versions with DNS over TLS
Remi Gacogne [Thu, 10 Oct 2019 14:34:45 +0000 (16:34 +0200)]
Merge pull request #8404 from rgacogne/ddist-typo-suffixmatchnode-doc
dnsdist: Add a missing line before SuffixMatchNode's 'versionadded'
Otto Moerbeek [Thu, 10 Oct 2019 14:08:09 +0000 (16:08 +0200)]
Merge pull request #8396 from omoerbeek/zoneparser-fixed-format
Do not use variable printf format strings
Remi Gacogne [Thu, 10 Oct 2019 12:56:14 +0000 (14:56 +0200)]
dnsdist: Add a missing line before SuffixMatchNode's 'versionadded'
Pieter Lexis [Thu, 10 Oct 2019 12:03:21 +0000 (14:03 +0200)]
Add CentOS 8 as builder target
Remi Gacogne [Thu, 10 Oct 2019 09:07:21 +0000 (11:07 +0200)]
Merge pull request #8395 from rgacogne/ddist-doh-concurrent-connections
dnsdist: Count the number of concurrent connections for DoH as well
Remi Gacogne [Thu, 10 Oct 2019 09:00:30 +0000 (11:00 +0200)]
dnsdist: Add TLS version metrics to the API as well
Remi Gacogne [Tue, 8 Oct 2019 14:14:32 +0000 (16:14 +0200)]
dnsdist: Check that tickets have been written when needed
But they might not have been, especially when a session has been
resumed and it was encrypted with a Session Ticket Encryption Key
still active.
Remi Gacogne [Tue, 8 Oct 2019 14:14:04 +0000 (16:14 +0200)]
dnsdist: Really disable TLS tickets for TLS 1.3 when asked
Remi Gacogne [Thu, 10 Oct 2019 08:04:00 +0000 (10:04 +0200)]
Merge pull request #8388 from rgacogne/dnsdist-doh-rotation-key-clear
dnsdist: Clear the DoH Session Ticket Encryption Key in the ctor
Otto Moerbeek [Wed, 9 Oct 2019 14:21:00 +0000 (16:21 +0200)]
Add unit test for zone file with template
Remi Gacogne [Wed, 9 Oct 2019 13:41:50 +0000 (15:41 +0200)]
dnsdist: Count the number of concurrent connections for DoH as well
Otto Moerbeek [Wed, 9 Oct 2019 12:39:29 +0000 (14:39 +0200)]
Using a variable format string opens up all kinds of cans of worms.
Otto Moerbeek [Wed, 9 Oct 2019 09:12:38 +0000 (11:12 +0200)]
On read error we remove the fd from the set. If there are still queries in-flight
we will add it back if the in-flight condition is true.
This is not a real problem as the next handleTCPClientReadable() will take care.
Add a comment to explain that.
Also, setting the TTD might throw so handle that.
We might need a forgiving variant of removeReadFD() and setReadTTD().
Otto Moerbeek [Wed, 9 Oct 2019 08:35:00 +0000 (10:35 +0200)]
- Fix multiplexer accounting in the write error case
- Use proper type for in-flight accounting