]> granicus.if.org Git - pdns/log
pdns
8 years agoMerge pull request #4213 from pieterlexis/tinydns-for-centos
Pieter Lexis [Thu, 21 Jul 2016 09:35:14 +0000 (11:35 +0200)]
Merge pull request #4213 from pieterlexis/tinydns-for-centos

Create tinydns backend packages for CentOS 7

8 years agoMerge pull request #4212 from pieterlexis/pgp-key
Pieter Lexis [Thu, 21 Jul 2016 09:34:55 +0000 (11:34 +0200)]
Merge pull request #4212 from pieterlexis/pgp-key

Add PGP key to tarball signers

8 years agoAdd PGP key to tarball signers
Pieter Lexis [Wed, 20 Jul 2016 10:52:53 +0000 (12:52 +0200)]
Add PGP key to tarball signers

8 years agoCreate tinydns backend packages for CentOS 7
Pieter Lexis [Tue, 19 Jul 2016 15:24:26 +0000 (17:24 +0200)]
Create tinydns backend packages for CentOS 7

8 years agoMerge pull request #4044 from cmouse/dnspacket-comboaddr
bert hubert [Tue, 19 Jul 2016 19:48:32 +0000 (21:48 +0200)]
Merge pull request #4044 from cmouse/dnspacket-comboaddr

Dnspacket comboaddr

8 years agoMerge pull request #4187 from pieterlexis/bogus-island-of-trust
bert hubert [Tue, 19 Jul 2016 18:55:39 +0000 (20:55 +0200)]
Merge pull request #4187 from pieterlexis/bogus-island-of-trust

Two more DNSSEC fixes

8 years agoAdd changelog entry
Pieter Lexis [Fri, 15 Jul 2016 09:54:53 +0000 (11:54 +0200)]
Add changelog entry

8 years agoValidate all key paths on possible Insecure
Pieter Lexis [Fri, 15 Jul 2016 14:25:32 +0000 (16:25 +0200)]
Validate all key paths on possible Insecure

Before, we only checked the first QName, now we go through every name we
have to verify that the answer is indeed insecure.

8 years agoDo not follow CNAMEs when hunting for DS records
Pieter Lexis [Fri, 15 Jul 2016 14:24:30 +0000 (16:24 +0200)]
Do not follow CNAMEs when hunting for DS records

This fixes the CNAME at apex bogus

8 years agoDon't go bogus on CNAMEs to islands of security
Pieter Lexis [Thu, 14 Jul 2016 22:23:15 +0000 (00:23 +0200)]
Don't go bogus on CNAMEs to islands of security

Closes #4181

Incidentally, this commit also ensures that we no longer 'jojo' between
Secure and Insecure states. Once we have an Insecure, we can only go
Bogus but not Secure.

8 years agoCompress 3 lines into 1
Pieter Lexis [Thu, 14 Jul 2016 22:14:41 +0000 (00:14 +0200)]
Compress 3 lines into 1

8 years agoAdd test for island of security (#4181)
Pieter Lexis [Thu, 14 Jul 2016 22:14:14 +0000 (00:14 +0200)]
Add test for island of security (#4181)

8 years agoAdd missing DNSSEC trace message
Pieter Lexis [Thu, 14 Jul 2016 15:50:12 +0000 (17:50 +0200)]
Add missing DNSSEC trace message

8 years agoMerge pull request #4178 from pieterlexis/qtype-to-dnssec-trace
Pieter Lexis [Fri, 15 Jul 2016 09:47:54 +0000 (11:47 +0200)]
Merge pull request #4178 from pieterlexis/qtype-to-dnssec-trace

Add QType to log output for DNSSEC trace

8 years agoMerge pull request #4162 from pieterlexis/post-400-dnssec-fixes
Pieter Lexis [Fri, 15 Jul 2016 09:47:39 +0000 (11:47 +0200)]
Merge pull request #4162 from pieterlexis/post-400-dnssec-fixes

Recursor 4.0.0 DNSSEC fixes

8 years agoMerge pull request #4166 from Habbie/cleanup
Pieter Lexis [Thu, 14 Jul 2016 22:31:46 +0000 (00:31 +0200)]
Merge pull request #4166 from Habbie/cleanup

Cleanup

8 years agoMerge pull request #4154 from setharnold/patch-3
Pieter Lexis [Thu, 14 Jul 2016 22:31:27 +0000 (00:31 +0200)]
Merge pull request #4154 from setharnold/patch-3

small doc fixes

8 years agoAdd changelog entries
Pieter Lexis [Thu, 14 Jul 2016 15:44:10 +0000 (17:44 +0200)]
Add changelog entries

8 years agoAdd test for #4158
Pieter Lexis [Tue, 12 Jul 2016 14:33:15 +0000 (16:33 +0200)]
Add test for #4158

8 years agoSkip a level when a CNAME is found for the name
Pieter Lexis [Tue, 12 Jul 2016 13:09:34 +0000 (15:09 +0200)]
Skip a level when a CNAME is found for the name

If we'd encounter a CNAME when chasing for DS/DNSKEY, we followed it and
concluded that the domain was bogus. We now skip this level and try to
get a DS record for the next name.

I'm unsure this is the correct solution, but it fixes #4158

8 years agoAdd tests for out of band names
Pieter Lexis [Tue, 12 Jul 2016 14:06:27 +0000 (16:06 +0200)]
Add tests for out of band names

8 years agoDon't validate internal or out-of-band names
Pieter Lexis [Tue, 12 Jul 2016 11:42:55 +0000 (13:42 +0200)]
Don't validate internal or out-of-band names

Closes #4149
Closes #4156
Closes #4157

8 years agoFix filename to match test names
Pieter Lexis [Tue, 12 Jul 2016 14:07:43 +0000 (16:07 +0200)]
Fix filename to match test names

8 years agoUse g_dnssecmode global instead of the slower arg()
Pieter Lexis [Tue, 12 Jul 2016 08:23:04 +0000 (10:23 +0200)]
Use g_dnssecmode global instead of the slower arg()

8 years agoMerge pull request #4169 from zeha/typo
Pieter Lexis [Thu, 14 Jul 2016 15:39:56 +0000 (17:39 +0200)]
Merge pull request #4169 from zeha/typo

Fix typos found by lintian

8 years agoMerge pull request #4160 from pieterlexis/do-means-ad
Pieter Lexis [Thu, 14 Jul 2016 15:39:35 +0000 (17:39 +0200)]
Merge pull request #4160 from pieterlexis/do-means-ad

Also validate on +DO

8 years agoAdd changelog
Pieter Lexis [Tue, 12 Jul 2016 10:54:50 +0000 (12:54 +0200)]
Add changelog

8 years agoAdd QType to log output for DNSSEC trace
Pieter Lexis [Thu, 14 Jul 2016 11:36:27 +0000 (13:36 +0200)]
Add QType to log output for DNSSEC trace

8 years agoUpdate DNSSEC docs on the DO/AD bit usage
Pieter Lexis [Tue, 12 Jul 2016 10:50:18 +0000 (12:50 +0200)]
Update DNSSEC docs on the DO/AD bit usage

8 years agoAlso validate on _only_ +DO
Pieter Lexis [Tue, 12 Jul 2016 10:09:30 +0000 (12:09 +0200)]
Also validate on _only_ +DO

Closes #4159

8 years agoUpdate regression tests for +DO means +AD
Pieter Lexis [Tue, 12 Jul 2016 10:01:12 +0000 (12:01 +0200)]
Update regression tests for +DO means +AD

8 years agoFix typos found by lintian
Christian Hofstaedtler [Wed, 13 Jul 2016 12:42:28 +0000 (14:42 +0200)]
Fix typos found by lintian

8 years agoDNSPacket API change
Aki Tuomi [Sun, 26 Jun 2016 17:28:02 +0000 (20:28 +0300)]
DNSPacket API change

8 years agodrop unused variable
Peter van Dijk [Wed, 13 Jul 2016 09:11:12 +0000 (11:11 +0200)]
drop unused variable

8 years agofix verbose logging compile error
Peter van Dijk [Wed, 13 Jul 2016 09:11:04 +0000 (11:11 +0200)]
fix verbose logging compile error

8 years agodnspacket: Return ComboAddress for local and remote
Aki Tuomi [Sun, 26 Jun 2016 17:17:06 +0000 (20:17 +0300)]
dnspacket: Return ComboAddress for local and remote

8 years agoMerge pull request #4153 from pieterlexis/400-docs
Peter van Dijk [Tue, 12 Jul 2016 15:06:43 +0000 (17:06 +0200)]
Merge pull request #4153 from pieterlexis/400-docs

Update docs for 4.0.0

8 years agodocument outgoing-edns-bufsize
Pieter Lexis [Tue, 12 Jul 2016 07:30:05 +0000 (09:30 +0200)]
document outgoing-edns-bufsize

8 years agoUpdate settings docs
Pieter Lexis [Mon, 11 Jul 2016 17:36:41 +0000 (19:36 +0200)]
Update settings docs

8 years agoAdd upgrade docs for 4.0.0, remove the 3.x.x ones
Pieter Lexis [Mon, 11 Jul 2016 17:35:52 +0000 (19:35 +0200)]
Add upgrade docs for 4.0.0, remove the 3.x.x ones

8 years agosmall doc fixes
setharnold [Mon, 11 Jul 2016 17:51:26 +0000 (10:51 -0700)]
small doc fixes

8 years agoMerge pull request #4144 from pieterlexis/rec-dnssec-queries
Pieter Lexis [Mon, 11 Jul 2016 17:44:52 +0000 (19:44 +0200)]
Merge pull request #4144 from pieterlexis/rec-dnssec-queries

Fix a lie in the recursor stats docs

8 years agoMerge pull request #4143 from pieterlexis/4.0.0-final-changelog
Pieter Lexis [Mon, 11 Jul 2016 09:29:38 +0000 (11:29 +0200)]
Merge pull request #4143 from pieterlexis/4.0.0-final-changelog

Auth and Recursor 4.0.0 changelogs and secpoll

8 years agoUpdate release dates
Pieter Lexis [Mon, 11 Jul 2016 07:46:18 +0000 (09:46 +0200)]
Update release dates

8 years agoAdd auth 4.0.0 to secpoll
Pieter Lexis [Fri, 8 Jul 2016 15:03:44 +0000 (17:03 +0200)]
Add auth 4.0.0 to secpoll

8 years agoAdd auth 4.0.0 changelog
Pieter Lexis [Mon, 11 Jul 2016 07:42:06 +0000 (09:42 +0200)]
Add auth 4.0.0 changelog

8 years agoAdd recursor 4.0.0 to secpoll
Pieter Lexis [Mon, 11 Jul 2016 07:43:19 +0000 (09:43 +0200)]
Add recursor 4.0.0 to secpoll

8 years agoAdd Recursor 4.0.0 changelog
Pieter Lexis [Fri, 8 Jul 2016 15:01:53 +0000 (17:01 +0200)]
Add Recursor 4.0.0 changelog

8 years agoFix a lie in the recursor stats docs
Pieter Lexis [Mon, 11 Jul 2016 07:48:39 +0000 (09:48 +0200)]
Fix a lie in the recursor stats docs

8 years agoMerge pull request #4137 from cmouse/conditional-keys auth-4.0.0 rec-4.0.0
Peter van Dijk [Fri, 8 Jul 2016 09:59:41 +0000 (11:59 +0200)]
Merge pull request #4137 from cmouse/conditional-keys

gsqlite3: Check whether foreign keys should be turned on

8 years agogsqlite3: Check whether foreign keys should be turned on
Aki Tuomi [Fri, 8 Jul 2016 08:57:57 +0000 (11:57 +0300)]
gsqlite3: Check whether foreign keys should be turned on

8 years agoMerge pull request #4138 from pieterlexis/rpm-protobuf
Pieter Lexis [Fri, 8 Jul 2016 09:03:36 +0000 (11:03 +0200)]
Merge pull request #4138 from pieterlexis/rpm-protobuf

Build RPMs with protobuf

8 years agoBuild RPMs with protobuf
Pieter Lexis [Fri, 8 Jul 2016 07:53:47 +0000 (09:53 +0200)]
Build RPMs with protobuf

Fixes #4130

8 years agoMerge pull request #4096 from rgacogne/rec-no-empty-commit
Peter van Dijk [Fri, 8 Jul 2016 07:49:04 +0000 (09:49 +0200)]
Merge pull request #4096 from rgacogne/rec-no-empty-commit

rec: Don't call `commit()` if we skipped all the records

8 years agoMerge pull request #4124 from zeha/auth-no-recommends
Pieter Lexis [Fri, 8 Jul 2016 07:36:34 +0000 (09:36 +0200)]
Merge pull request #4124 from zeha/auth-no-recommends

Debian packaging: stop recommending/suggesting some packages

8 years agoMerge pull request #4101 from rgacogne/dnsdist-rpm-sed
Pieter Lexis [Fri, 8 Jul 2016 07:20:01 +0000 (09:20 +0200)]
Merge pull request #4101 from rgacogne/dnsdist-rpm-sed

dnsdist: Fix $ expansion in build-dnsdist-rpm

8 years agoMerge pull request #4127 from pieterlexis/protobuf-fixes
Peter van Dijk [Thu, 7 Jul 2016 19:34:39 +0000 (21:34 +0200)]
Merge pull request #4127 from pieterlexis/protobuf-fixes

Add protobuf to travis

8 years agoMerge pull request #4125 from rgacogne/protobuf-query-timestamp
Peter van Dijk [Thu, 7 Jul 2016 19:01:55 +0000 (21:01 +0200)]
Merge pull request #4125 from rgacogne/protobuf-query-timestamp

Add protobuf fields for the query's time in the response

8 years agoMerge pull request #4136 from rgacogne/rec-protobuf-doc
Peter van Dijk [Thu, 7 Jul 2016 18:54:11 +0000 (20:54 +0200)]
Merge pull request #4136 from rgacogne/rec-protobuf-doc

rec: Add protocol buffers documentation

8 years agorec: Add a link to the `dnsmessage.proto` file
Remi Gacogne [Thu, 7 Jul 2016 16:33:14 +0000 (18:33 +0200)]
rec: Add a link to the `dnsmessage.proto` file

8 years agorec: Add protocol buffers documentation
Remi Gacogne [Thu, 7 Jul 2016 15:23:37 +0000 (17:23 +0200)]
rec: Add protocol buffers documentation

8 years agoMerge pull request #4123 from pieterlexis/issue-3267-algo-5-7
Pieter Lexis [Wed, 6 Jul 2016 20:41:01 +0000 (22:41 +0200)]
Merge pull request #4123 from pieterlexis/issue-3267-algo-5-7

check-zone: warn on mismatch between algo and NSEC

8 years agoMerge pull request #3051 from pieterlexis/issue-2405-misleading-error-in-bind
Pieter Lexis [Wed, 6 Jul 2016 20:40:37 +0000 (22:40 +0200)]
Merge pull request #3051 from pieterlexis/issue-2405-misleading-error-in-bind

Better error message for unfound new slave domains

8 years agoAdd protobuf fields for the query's time in the response
Remi Gacogne [Wed, 6 Jul 2016 16:54:39 +0000 (18:54 +0200)]
Add protobuf fields for the query's time in the response

This way it's possible to compute the latency by looking only
at the response message.
Implemented for:
* dnsdist
* dnspcap2protobuf
* ProtobufLogger.py
* rec

8 years agoDebian packaging: stop recommending/suggesting some packages
Christian Hofstaedtler [Wed, 6 Jul 2016 16:11:53 +0000 (18:11 +0200)]
Debian packaging: stop recommending/suggesting some packages

Drop Suggests: pdns-recursor is not that common on the same machine.
Drop Recommends: mysql-client, as with default apt settings, that
would remove an installed mariadb server. (Drop Recommends:
postgresql-client for consistency.)

8 years agoAdd missing file to auth tarball
Pieter Lexis [Wed, 6 Jul 2016 14:40:38 +0000 (16:40 +0200)]
Add missing file to auth tarball

8 years agoAdd protobuf to travis
Pieter Lexis [Wed, 6 Jul 2016 14:40:09 +0000 (16:40 +0200)]
Add protobuf to travis

8 years agocheck-zone: warn on mismatch between algo and NSEC
Pieter Lexis [Wed, 6 Jul 2016 13:52:33 +0000 (15:52 +0200)]
check-zone: warn on mismatch between algo and NSEC

Closes #3267

8 years agoMerge pull request #4077 from pieterlexis/dnssec-stats
Pieter Lexis [Wed, 6 Jul 2016 09:11:38 +0000 (11:11 +0200)]
Merge pull request #4077 from pieterlexis/dnssec-stats

Recursor: Add DNSSEC validation statistics

8 years agoMerge pull request #4117 from pieterlexis/basic-rpz-fix
Pieter Lexis [Wed, 6 Jul 2016 09:02:04 +0000 (11:02 +0200)]
Merge pull request #4117 from pieterlexis/basic-rpz-fix

Recursor: basic.rpz fix

8 years agobasic.rpz fix (naive)
Pieter Lexis [Tue, 5 Jul 2016 22:29:18 +0000 (00:29 +0200)]
basic.rpz fix (naive)

Closes #4087

8 years agoMerge pull request #4097 from pieterlexis/DNSSEC-Log-Bogus
Pieter Lexis [Tue, 5 Jul 2016 16:41:36 +0000 (18:41 +0200)]
Merge pull request #4097 from pieterlexis/DNSSEC-Log-Bogus

Recursor: Allow logging DNSSEC bogus in any mode

8 years agoMerge pull request #4108 from pieterlexis/document-reload-lua-config
Pieter Lexis [Tue, 5 Jul 2016 14:53:37 +0000 (16:53 +0200)]
Merge pull request #4108 from pieterlexis/document-reload-lua-config

Document the fact that reload-lua-config blocks

8 years agoRecursor: Allow logging DNSSEC bogus in any mode
Pieter Lexis [Mon, 4 Jul 2016 13:15:41 +0000 (15:15 +0200)]
Recursor: Allow logging DNSSEC bogus in any mode

Also allow setting this at runtime.

8 years agoMerge pull request #4041 from rgacogne/remotebackend-unix-socat-eof
Peter van Dijk [Tue, 5 Jul 2016 14:28:06 +0000 (16:28 +0200)]
Merge pull request #4041 from rgacogne/remotebackend-unix-socat-eof

auth: Don't fail if `socat` exits at the end of remote backend unix tests

8 years agoRecursor: Add DNSSEC validation statistics
Pieter Lexis [Thu, 30 Jun 2016 14:55:48 +0000 (16:55 +0200)]
Recursor: Add DNSSEC validation statistics

Closes #3916

8 years agoDocument the fact that reload-lua-config blocks
Pieter Lexis [Tue, 5 Jul 2016 12:30:10 +0000 (14:30 +0200)]
Document the fact that reload-lua-config blocks

8 years agodocument C++11 ABI issue
Peter van Dijk [Tue, 5 Jul 2016 13:03:20 +0000 (15:03 +0200)]
document C++11 ABI issue

8 years agoMerge pull request #4090 from pieterlexis/issue-4085-rec_control-reload-lua-config
Peter van Dijk [Tue, 5 Jul 2016 09:37:48 +0000 (11:37 +0200)]
Merge pull request #4090 from pieterlexis/issue-4085-rec_control-reload-lua-config

rec_control: add reload-lua-config option

8 years agoMerge pull request #4038 from rgacogne/protobuf-refactor
Peter van Dijk [Tue, 5 Jul 2016 09:35:05 +0000 (11:35 +0200)]
Merge pull request #4038 from rgacogne/protobuf-refactor

Protobuf refactoring

8 years agoMerge pull request #4071 from mind04/gmysql
Pieter Lexis [Tue, 5 Jul 2016 09:05:09 +0000 (11:05 +0200)]
Merge pull request #4071 from mind04/gmysql

abort on backend failures at startup and retry while running

8 years agoMerge pull request #4099 from rgacogne/auth-issue-3868
Pieter Lexis [Tue, 5 Jul 2016 09:05:03 +0000 (11:05 +0200)]
Merge pull request #4099 from rgacogne/auth-issue-3868

auth: Close the TCP connection descriptor if `pthread_create()` failed

8 years agoincrease the default value for the maximum number of TCP connections to 20
Kees Monshouwer [Mon, 4 Jul 2016 17:50:34 +0000 (19:50 +0200)]
increase the default value for the maximum number of TCP connections to 20

8 years agodnsdist: Fix $ expansion in build-dnsdist-rpm
Remi Gacogne [Mon, 4 Jul 2016 16:06:08 +0000 (18:06 +0200)]
dnsdist: Fix $ expansion in build-dnsdist-rpm

Using '!' inside double-quoted string in shell might lead to nasty
issues if bash is used (history), replacing that with ',' instead.

8 years agoBetter error message for unfound new slave domains
Pieter Lexis [Wed, 16 Dec 2015 16:18:10 +0000 (17:18 +0100)]
Better error message for unfound new slave domains

Closes #2405

8 years agoauth: Close the TCP connection descriptor if `pthread_create()` failed
Remi Gacogne [Mon, 4 Jul 2016 15:00:15 +0000 (17:00 +0200)]
auth: Close the TCP connection descriptor if `pthread_create()` failed

8 years agoMerge pull request #4094 from zeha/sort-incfiles
Pieter Lexis [Mon, 4 Jul 2016 14:38:30 +0000 (16:38 +0200)]
Merge pull request #4094 from zeha/sort-incfiles

Sort included html files

8 years agoMerge pull request #4083 from zeha/resolver-cc-warnings
Pieter Lexis [Mon, 4 Jul 2016 14:38:20 +0000 (16:38 +0200)]
Merge pull request #4083 from zeha/resolver-cc-warnings

resolver.cc: fix warnings found by clang-703.0.31 on OS X

8 years agoMerge pull request #4062 from pieterlexis/dnsname-toLogString
Pieter Lexis [Mon, 4 Jul 2016 14:34:02 +0000 (16:34 +0200)]
Merge pull request #4062 from pieterlexis/dnsname-toLogString

DNSName logging fixes

8 years agoMerge pull request #4073 from Habbie/rec-fwd-doc-nit
bert hubert [Mon, 4 Jul 2016 13:22:29 +0000 (15:22 +0200)]
Merge pull request #4073 from Habbie/rec-fwd-doc-nit

fix doc copy/paste error

8 years agorec: Don't call `commit()` if we skipped all the records
Remi Gacogne [Mon, 4 Jul 2016 09:45:18 +0000 (11:45 +0200)]
rec: Don't call `commit()` if we skipped all the records

8 years agorec_control: add reload-lua-config option
Pieter Lexis [Fri, 1 Jul 2016 14:40:56 +0000 (16:40 +0200)]
rec_control: add reload-lua-config option

Closes #4085

8 years agodnsdist: Fix typo (NOTIMPL->NOTIMP) in dnsdistconf.lua
Remi Gacogne [Mon, 4 Jul 2016 08:09:37 +0000 (10:09 +0200)]
dnsdist: Fix typo (NOTIMPL->NOTIMP) in dnsdistconf.lua

8 years agoSort included html files
Christian Hofstaedtler [Sun, 3 Jul 2016 08:20:06 +0000 (10:20 +0200)]
Sort included html files

For improved reproducibility.

8 years agomysql autoreconnect is a really bad idea
Kees Monshouwer [Sun, 3 Jul 2016 19:20:14 +0000 (21:20 +0200)]
mysql autoreconnect is a really bad idea
prepared statementes are released at reconnect

8 years agoa warning for a future developer
Peter van Dijk [Sun, 3 Jul 2016 14:37:36 +0000 (16:37 +0200)]
a warning for a future developer

8 years agoMerge pull request #4081 from pieterlexis/licenses
Peter van Dijk [Sun, 3 Jul 2016 12:50:41 +0000 (14:50 +0200)]
Merge pull request #4081 from pieterlexis/licenses

Hopefully appease the License Gods (again)

8 years agocompare NSEC labels canonically instead of DNSName default. Clears up many in-addr...
bert hubert [Fri, 1 Jul 2016 15:25:39 +0000 (17:25 +0200)]
compare NSEC labels canonically instead of DNSName default. Clears up many in-addr.arpa failures.

8 years agofix up arpa/com.co insecure delegations
bert hubert [Fri, 1 Jul 2016 13:50:03 +0000 (15:50 +0200)]
fix up arpa/com.co insecure delegations

8 years agoretry once after a backend failure
Kees Monshouwer [Thu, 30 Jun 2016 20:35:41 +0000 (22:35 +0200)]
retry once after a backend failure