]>
granicus.if.org Git - pdns/log
Christian Hofstaedtler [Sat, 2 Jan 2016 21:25:44 +0000 (22:25 +0100)]
Port md5.hh to OpenSSL
Christian Hofstaedtler [Sat, 2 Jan 2016 21:01:46 +0000 (22:01 +0100)]
Port dns_random.cc to OpenSSL
Christian Hofstaedtler [Sat, 2 Jan 2016 21:01:38 +0000 (22:01 +0100)]
Port base64.cc to OpenSSL
Christian Hofstaedtler [Sat, 2 Jan 2016 21:00:59 +0000 (22:00 +0100)]
Add --without-mbedtls
Will require openssl though.
bert hubert [Sat, 16 Jan 2016 15:04:59 +0000 (16:04 +0100)]
Merge pull request #3243 from a6502/master
Some fixes for lua backend for Lua version >= 5.2
bert hubert [Sat, 16 Jan 2016 12:48:27 +0000 (13:48 +0100)]
Merge pull request #3249 from ahupowerdns/cmsg-fix
found with the help of @mischapeters - turns out our recent 'supply l…
bert hubert [Sat, 16 Jan 2016 12:46:33 +0000 (13:46 +0100)]
we silently ignored your Lua script if there was no Lua support in PowerDNS Recursor. This makes us error out again.
bert hubert [Sat, 16 Jan 2016 12:26:33 +0000 (13:26 +0100)]
quick fix for compiling on FreeBSD 10.2 which appears to be what people use/need to compile powerdns 4.
bert hubert [Sat, 16 Jan 2016 11:48:53 +0000 (12:48 +0100)]
found with the help of @mischapeters - turns out our recent 'supply local address to lua' improvements triggered us to set the source address on all our replies explicitly, something FreeBSD did not like and was wasteful on Linux. Plus added some logging that would have helped debug this faster.
bert hubert [Sat, 16 Jan 2016 11:07:57 +0000 (12:07 +0100)]
set c++11 flag for freebsd too
bert hubert [Sat, 16 Jan 2016 08:15:17 +0000 (09:15 +0100)]
Merge pull request #3234 from pieterlexis/make-check-auth-tarball
remove unneeded source from auth tarball testrunner
bert hubert [Sat, 16 Jan 2016 08:14:42 +0000 (09:14 +0100)]
Merge pull request #3236 from Habbie/recursorwild
make auth-zone wildcard test actually test an auth-zone
bert hubert [Fri, 15 Jan 2016 22:35:58 +0000 (23:35 +0100)]
Merge pull request #3238 from Habbie/rawtypetest
test uninterpreted records, closes #3215
bert hubert [Fri, 15 Jan 2016 22:35:23 +0000 (23:35 +0100)]
Merge pull request #3245 from rgacogne/dnsdist-fix-dq-merge
dnsdist: Fix Lua Spoof PR not being compatible w/ the DNSQuestion one
Remi Gacogne [Fri, 15 Jan 2016 21:47:04 +0000 (22:47 +0100)]
dnsdist: Fix Lua Spoof PR not being compatible w/ the DNSQuestion one
PR #3241 did not take PR #3233 into account, my bad.
bert hubert [Fri, 15 Jan 2016 21:32:12 +0000 (22:32 +0100)]
Merge pull request #3240 from jeffpc/master
devpollmplexer fixes + fix DS ucontext.h pollution once and for all
bert hubert [Fri, 15 Jan 2016 20:23:50 +0000 (21:23 +0100)]
Merge pull request #3233 from rgacogne/dnsdist-dq
dnsdist: Replace the Lua params with a DNSQuestion `dq` object
bert hubert [Fri, 15 Jan 2016 20:19:02 +0000 (21:19 +0100)]
Merge pull request #3241 from rgacogne/dnsdist-lua-spoof
dnsdist: Implement DNSAction.Spoof. Support IPv6-only SpoofAction
Wieger Opmeer [Fri, 15 Jan 2016 13:43:12 +0000 (14:43 +0100)]
Fix importing of standard libraries for Lua version >= 5.2; Change some lua_pushnumbers to lua_pushinteger because Lua 5.3 has native integers
Remi Gacogne [Fri, 15 Jan 2016 11:00:01 +0000 (12:00 +0100)]
dnsdist: Implement DNSAction.Spoof. Support IPv6-only SpoofAction
DNSAction.Spoof can be used to return a spoofed response from
a Lua rule. It supports an IPv4 (A), IPv6 (AAAA) or a DNSName
(CNAME).
SpoofAction() can be used IPv6-only, by passing a IPv6 as the
first parameter. It now supports spoofing IPv4-only, IPv6-only,
IPv4 and IPv6, and CNAME.
Closes #3064.
Josef 'Jeff' Sipek [Thu, 14 Jan 2016 19:40:40 +0000 (14:40 -0500)]
don't pollute the namespace with DS register definition
DS is part of the i386 ABI that's pulled in via ucontext.h.
closes #3239
Josef 'Jeff' Sipek [Thu, 14 Jan 2016 19:12:07 +0000 (14:12 -0500)]
devpollmplexer is leaky
closes #3001
Josef 'Jeff' Sipek [Thu, 14 Jan 2016 19:11:07 +0000 (14:11 -0500)]
devpollmplexer doesn't compile due to missing sigset_t
closes #3000
Remi Gacogne [Thu, 14 Jan 2016 16:44:20 +0000 (17:44 +0100)]
Merge pull request #3235 from rgacogne/dnsdist-nocharset-json
dnsdist: Remove charset from the Content-Type header for application/json contents
Peter van Dijk [Thu, 14 Jan 2016 16:22:48 +0000 (16:22 +0000)]
test uninterpreted records, closes #3215
Peter van Dijk [Thu, 14 Jan 2016 14:54:21 +0000 (14:54 +0000)]
make auth-zone wildcard test actually test an auth-zone
Remi Gacogne [Thu, 14 Jan 2016 13:28:07 +0000 (14:28 +0100)]
dnsdist: Remove charset from Content-Type for application/json
Pieter Lexis [Thu, 14 Jan 2016 13:09:14 +0000 (14:09 +0100)]
remove unneeded source from auth tarball testrunner
bert hubert [Thu, 14 Jan 2016 12:22:00 +0000 (13:22 +0100)]
Merge pull request #3229 from pieterlexis/no-dnsdist-for-auth
Remove dnsdist from auth tarball
bert hubert [Thu, 14 Jan 2016 12:21:10 +0000 (13:21 +0100)]
Merge pull request #3231 from ahupowerdns/dynimp
Document and slightly improve dnsdist dynamic rules
Remi Gacogne [Thu, 14 Jan 2016 11:57:33 +0000 (12:57 +0100)]
dnsdist: Replace the Lua params with a DNSQuestion `dq` object
In order to:
1. Be able to add functions/member without breaking the API
2. Being as compatible as possible with the PowerDNS Lua API
To limit the parsing/copy to a minimum, this DNSQuestion differs
from the PowerDNS one. Most Lua members are properly wrapped,
but it currently lacks some advanced functions like `getRecords()`
or `setRecords()`, that we might add later.
In addition to the existing `tostring()`, this commit adds
`toString()` ones to match the PowerDNS syntax.
LuaWrapper is supposed to support read-only members, where you
only define the getter and no setter, but I can't find the right
syntax for that to work, so for now the setter are present for
read-only members, and just do nothing.
bert hubert [Thu, 14 Jan 2016 11:36:03 +0000 (12:36 +0100)]
document dynamic rule generation
bert hubert [Thu, 14 Jan 2016 10:45:49 +0000 (11:45 +0100)]
implement & document exceedQRate(), plus populate dnsdist.* with dns types.
Pieter Lexis [Thu, 14 Jan 2016 10:08:47 +0000 (11:08 +0100)]
Remove dnsdist from auth tarball
This ensures any files _only_ needed for dnsdist are not distributed,
that dnsdist (htmlfiles.h specifically) cannot be built from the tarball.
But still allow building dnsdist from the repository root.
bert hubert [Thu, 14 Jan 2016 09:30:01 +0000 (10:30 +0100)]
Merge pull request #3228 from pieterlexis/generate-manpage-dnsdist
dnsdist: Build manpages from make
bert hubert [Thu, 14 Jan 2016 09:10:58 +0000 (10:10 +0100)]
Merge pull request #3219 from rgacogne/dnsdist-xss
dnsdist: Remove JSONP, limit command to /jsonstat, add security HTTP headers and CORS
Remi Gacogne [Thu, 14 Jan 2016 08:14:05 +0000 (09:14 +0100)]
dnsdist: Set the charset to UTF-8 for html, JS, CSS and JSON contents
Remi Gacogne [Wed, 13 Jan 2016 16:54:54 +0000 (17:54 +0100)]
dnsdist: Remove remote images in the webserver index
- Remove the github link/image
- Add the powerdns logo to the html directory
- Add handling for PNG files in the webserver
- Edit the CSP policy to only allows local images
- Explicitely asks jQuery not to use JSONP while fetching the stats
Remi Gacogne [Tue, 12 Jan 2016 15:00:36 +0000 (16:00 +0100)]
dnsdist: Add basic CORS support in the webserver
Now that we have removed JSONP support, we need to support
Cross-Origin Resource Sharing (CORS) to allow web pages not served
by our webserver to access our JSON REST API (well, stats).
Christian Hofstaedtler [Tue, 12 Jan 2016 09:46:04 +0000 (10:46 +0100)]
dnsdist: Support command= only on /jsonstat URL
Remi Gacogne [Tue, 12 Jan 2016 09:25:05 +0000 (10:25 +0100)]
dnsdist: Remove jsonp callback, add security HTTP headers
- Remove the jsonp callback, using simple json data instead (Fixes #3217)
We might need to add CORS if we want to be able to retrieve JSON
data from a webpage not stored on the embedded web server.
- Add several HTTP headers:
* X-Content-Type-Options: no-sniff to prevent browsers from guessing MIME type
* X-Frame-Options: deny to prevent clickjacking
* X-Permitted-Cross-Domain-Policies: none to keep flash from crossing boundaries
* X-XSS-Protection: 1; mode=block to mitigate XSS
* Content-Security-Policy: default-src 'self'; img-src *; style-src 'self' 'unsafe-inline',
a basic CSP policy to restrict which scripts and CSS can be loaded
bert hubert [Thu, 14 Jan 2016 08:01:03 +0000 (09:01 +0100)]
Merge pull request #3226 from zeha/libedit2
Drop unused <history.h> include
Pieter Lexis [Wed, 13 Jan 2016 19:21:38 +0000 (20:21 +0100)]
dnsdist: Build manpages from make
Build manpage when they are not there and ensure they are distributed in
the tarball.
bert hubert [Wed, 13 Jan 2016 19:42:46 +0000 (20:42 +0100)]
Merge pull request #3224 from tjikkun/fix_html
fix html a bit
Christian Hofstaedtler [Wed, 13 Jan 2016 19:31:39 +0000 (20:31 +0100)]
Drop unused <history.h> include
Not needed for libedit, and the compat symlink apparently is a
Debian-only thing, breaking the build on Fedora.
bert hubert [Wed, 13 Jan 2016 19:31:37 +0000 (20:31 +0100)]
Merge pull request #3152 from zeha/shasummer
Fix deleted copy/assignment constructors
Sander Hoentjen [Wed, 13 Jan 2016 15:20:05 +0000 (16:20 +0100)]
fix html a bit
bert hubert [Wed, 13 Jan 2016 14:52:12 +0000 (15:52 +0100)]
Merge pull request #3221 from zeha/tarball-cleanup
dist-tar cleanup / fixes
bert hubert [Wed, 13 Jan 2016 14:51:46 +0000 (15:51 +0100)]
Merge pull request #3220 from zeha/libedit
Replace readline with libedit
bert hubert [Wed, 13 Jan 2016 14:50:28 +0000 (15:50 +0100)]
Merge pull request #3222 from bearggg/master
dnsdist: README hints to AllowAction() yet doesnt exist, add it
Greg [Wed, 13 Jan 2016 01:55:17 +0000 (17:55 -0800)]
dnsdist: README hints to AllowAction() yet doesnt exist, add it
Christian Hofstaedtler [Wed, 13 Jan 2016 00:04:26 +0000 (01:04 +0100)]
auth: Remove dnsdistdist from tarball
Christian Hofstaedtler [Wed, 13 Jan 2016 00:03:11 +0000 (01:03 +0100)]
auth: stop shipping semistaticg++
Which is referenced from nowhere, apparently.
Christian Hofstaedtler [Wed, 13 Jan 2016 00:02:02 +0000 (01:02 +0100)]
dnsdist: ship build-aux/gen-version in tarball
So tarball users can run autoreconf.
Christian Hofstaedtler [Wed, 13 Jan 2016 00:00:53 +0000 (01:00 +0100)]
Add license file for incbin
Christian Hofstaedtler [Tue, 12 Jan 2016 23:58:07 +0000 (00:58 +0100)]
dnsdist: ship manpage source
Christian Hofstaedtler [Tue, 12 Jan 2016 20:21:05 +0000 (21:21 +0100)]
Replace readline with libedit
bert hubert [Tue, 12 Jan 2016 20:11:08 +0000 (21:11 +0100)]
Merge pull request #3086 from cmouse/recursor-fixes
Recursor fixes
bert hubert [Tue, 12 Jan 2016 20:09:39 +0000 (21:09 +0100)]
Merge pull request #3209 from pieterlexis/SOA-EDIT-warning
Warn if SOA-EDIT value is bogus
bert hubert [Tue, 12 Jan 2016 20:07:52 +0000 (21:07 +0100)]
Merge pull request #3216 from Habbie/validatorfixes
[WIP] validator fixes and polishing
Peter van Dijk [Tue, 12 Jan 2016 17:23:42 +0000 (18:23 +0100)]
reduce breakage for insecure domains
Send DS queries to parent side of zone cut instead of child
Aki Tuomi [Tue, 12 Jan 2016 14:35:24 +0000 (16:35 +0200)]
Enclose DLOG with braces
bert hubert [Tue, 12 Jan 2016 14:26:00 +0000 (15:26 +0100)]
Merge pull request #3218 from cmouse/ax-socket-nsl
Add socket/nsl check to local m4
Peter van Dijk [Mon, 11 Jan 2016 17:31:08 +0000 (18:31 +0100)]
Mark servfail.nl as bogus
if we have keys, but could validate nothing, consider the situation Bogus.
Peter van Dijk [Mon, 11 Jan 2016 16:51:08 +0000 (17:51 +0100)]
Mark dnssec-failed.org as bogus
Do not throw away bogus result from getKeysFor
Pieter Lexis [Tue, 12 Jan 2016 08:47:26 +0000 (09:47 +0100)]
Merge pull request #3169 from zeha/createzonesoa
pdnsutil create-zone: Create SOA, too
Pieter Lexis [Tue, 12 Jan 2016 08:47:16 +0000 (09:47 +0100)]
Merge pull request #3162 from zeha/meh
Fix my pdnsutil check-all-zones fix
Aki Tuomi [Tue, 12 Jan 2016 08:45:06 +0000 (10:45 +0200)]
Add socket/nsl check to local m4
Pieter Lexis [Tue, 12 Jan 2016 08:35:40 +0000 (09:35 +0100)]
Merge pull request #3119 from cmouse/presigned-show-zone
Show DNSSEC keys for slaved zone
Pieter Lexis [Tue, 12 Jan 2016 08:35:19 +0000 (09:35 +0100)]
Merge pull request #3205 from pieterlexis/issue-3184-disable-pdnsutil
pdnsutil: don't check disabled records
Pieter Lexis [Tue, 12 Jan 2016 08:35:12 +0000 (09:35 +0100)]
Merge pull request #3052 from zeha/pdnsutil-consistent-cerr
pdnsutil: Make cout/cerr usage more consistent
Pieter Lexis [Tue, 12 Jan 2016 08:35:06 +0000 (09:35 +0100)]
Merge pull request #3143 from rubenk/fix-typo
Correct name of libcrypto in ax_check_openssl.m4
Christian Hofstaedtler [Mon, 4 Jan 2016 10:42:40 +0000 (11:42 +0100)]
Fix my check-all-zones fix
Which entirely disabled exit-on-error.
bert hubert [Mon, 11 Jan 2016 12:59:35 +0000 (13:59 +0100)]
implement ixfr-falls-back-to-axfr support
bert hubert [Mon, 11 Jan 2016 12:58:19 +0000 (13:58 +0100)]
some (c) updates - happy 2016
Pieter Lexis [Mon, 11 Jan 2016 09:09:21 +0000 (10:09 +0100)]
pdnsutil: don't check disabled records
Closes #3184
Pieter Lexis [Mon, 11 Jan 2016 11:31:57 +0000 (12:31 +0100)]
Warn if SOA-EDIT value is bogus
Remi Gacogne [Mon, 11 Jan 2016 11:31:08 +0000 (12:31 +0100)]
Merge pull request #3207 from rgacogne/dnsdist-tests-fixes
dnsdist: More regression tests cleanups
Remi Gacogne [Mon, 11 Jan 2016 09:45:23 +0000 (10:45 +0100)]
dnsdist: More regression tests cleanups
- Add a timeout on all queue operations
- Give dnsdist more time to start in the DNSCrypt tests, since
the key material has to be generated
- Clear the response counters and the queues before every test
- Add a one-line description for tests, displayed in verbose mode
bert hubert [Sun, 10 Jan 2016 18:13:25 +0000 (19:13 +0100)]
Merge pull request #3151 from zeha/dnsnamepain
Catch DNSName build errors in dynhandler
bert hubert [Sun, 10 Jan 2016 18:06:52 +0000 (19:06 +0100)]
Merge pull request #3201 from janeczku/expose_server_latency
Expose server latency in dnsdist API/UI
bert hubert [Sun, 10 Jan 2016 17:58:12 +0000 (18:58 +0100)]
Merge pull request #3202 from pieterlexis/issue-3200-license-dnsdist
Add GPLv2 licenxe to dnsdist tarball
Pieter Lexis [Sun, 10 Jan 2016 15:57:25 +0000 (16:57 +0100)]
Add GPLv2 licenxe to dnsdist tarball
Closes #3200
Jan Broer [Sun, 10 Jan 2016 14:43:58 +0000 (15:43 +0100)]
Expose server latency in dnsdist API/WebUI
bert hubert [Sat, 9 Jan 2016 07:54:02 +0000 (08:54 +0100)]
Merge pull request #3146 from mind04/dot
fix trailing dots in slave zones
bert hubert [Sat, 9 Jan 2016 07:53:15 +0000 (08:53 +0100)]
Merge pull request #3154 from zeha/ntlog
Remove Logger::NTLog
bert hubert [Sat, 9 Jan 2016 07:52:00 +0000 (08:52 +0100)]
Merge pull request #3195 from a6502/master
fixes for powerdns-luabackend.lua example script.
bert hubert [Fri, 8 Jan 2016 19:56:45 +0000 (20:56 +0100)]
Merge pull request #3179 from pieterlexis/build-name
Determine system name at configure time
bert hubert [Fri, 8 Jan 2016 19:54:55 +0000 (20:54 +0100)]
Merge pull request #3161 from rgacogne/openssl-rsa
Add RSA support to DNSSEC infra via OpenSSL
bert hubert [Fri, 8 Jan 2016 19:53:46 +0000 (20:53 +0100)]
Merge pull request #3191 from rgacogne/dnsdist-minor-fixes
dnsdist: minor fixes reported by coverity and some cleanups
bert hubert [Fri, 8 Jan 2016 19:53:23 +0000 (20:53 +0100)]
Merge pull request #3187 from cmouse/illumos-fixes
Fix compiling issues on illumos
bert hubert [Fri, 8 Jan 2016 19:52:30 +0000 (20:52 +0100)]
Merge pull request #3193 from rgacogne/openssl-bn-clear
Clear the OpenSSL BN holding the private key before releasing them
bert hubert [Fri, 8 Jan 2016 19:51:53 +0000 (20:51 +0100)]
Merge pull request #3196 from rgacogne/mbed-ecdsa-reset-key
mbed ECDSA: Completely reset the key on from* calls
Wieger Opmeer [Fri, 8 Jan 2016 16:21:55 +0000 (17:21 +0100)]
make the powerdns-luabackend.lua example script somewhat more functional with 4.0
Remi Gacogne [Fri, 8 Jan 2016 16:04:07 +0000 (17:04 +0100)]
mbed ECDSA: Completely reset the key on from* calls
As noted by @mind04 in #3161, nothing guarantees the signer will
be used for a single task with a single key. This way we make
sure that there is nothing left behind.
In addition, we now consistently use getName() in error messages.
Remi Gacogne [Fri, 8 Jan 2016 14:57:56 +0000 (15:57 +0100)]
RSA support via OpenSSL: completely reset the key on from* calls
bert hubert [Fri, 8 Jan 2016 11:44:49 +0000 (12:44 +0100)]
Merge pull request #3190 from ahupowerdns/tsig-ixfr
Tsig ixfr: hook up all the things, plus clean up IXFR in general
Remi Gacogne [Fri, 8 Jan 2016 11:30:18 +0000 (12:30 +0100)]
Clear the OpenSSL BN holding the private key before releasing them
Pieter Lexis [Fri, 8 Jan 2016 11:24:54 +0000 (12:24 +0100)]
Merge pull request #3192 from pieterlexis/alpha1-secpoll
Update secpoll for alpha1
Pieter Lexis [Fri, 8 Jan 2016 11:19:30 +0000 (12:19 +0100)]
Update secpoll for alpha1
Also, update the NS records in the zone to use the new infra
Closes #3114