]>
granicus.if.org Git - pdns/log
Peter van Dijk [Wed, 23 Oct 2019 14:17:55 +0000 (16:17 +0200)]
use named constant instead of magic number
Remi Gacogne [Wed, 23 Oct 2019 10:02:26 +0000 (12:02 +0200)]
Merge pull request #8416 from rgacogne/ddist-dohunit-refcount
dnsdist: Implement ref counting for the DOHUnit object
Remi Gacogne [Wed, 23 Oct 2019 10:01:54 +0000 (12:01 +0200)]
Merge pull request #8447 from rgacogne/ddist-tls-error-counters
dnsdist: Add metrics about TLS handshake failures for DoH and DoT
Otto Moerbeek [Wed, 23 Oct 2019 09:50:38 +0000 (11:50 +0200)]
Merge pull request #8451 from omoerbeek/auth-zonfile-generate
Basic validation of $GENERATE parameters
Otto Moerbeek [Wed, 23 Oct 2019 09:44:10 +0000 (11:44 +0200)]
Merge pull request #8391 from omoerbeek/rec-out-of-order
rec: Allow multiple simultaneous incoming TCP queries over a connection
Otto Moerbeek [Wed, 23 Oct 2019 08:50:33 +0000 (10:50 +0200)]
Basic validation of $GENERATE parameters
Otto Moerbeek [Wed, 23 Oct 2019 08:32:51 +0000 (08:32 +0000)]
Use two auths to avoid serialization problems, as suggested by Habbie
Otto Moerbeek [Wed, 23 Oct 2019 07:53:03 +0000 (09:53 +0200)]
Teask: more auth threads and prime the delay.example NS
Peter van Dijk [Tue, 22 Oct 2019 16:56:13 +0000 (18:56 +0200)]
Merge pull request #8434 from mind04/pdns-remove-mydns
auth: remove mydns backend
Remi Gacogne [Tue, 22 Oct 2019 15:24:26 +0000 (17:24 +0200)]
dnsdist: Fix missing 'thread' key on some prometheus labels
Remi Gacogne [Tue, 22 Oct 2019 15:16:53 +0000 (17:16 +0200)]
dnsdist: Add metrics about TLS handshake failures for DoH and DoT
Otto Moerbeek [Fri, 11 Oct 2019 11:38:50 +0000 (11:38 +0000)]
Tests, docs and validation of OOO setting.
Test required some framework work to allow for auths having
more than 1 thread.
Otto Moerbeek [Tue, 22 Oct 2019 14:42:00 +0000 (16:42 +0200)]
Merge pull request #8367 from pieterlexis/rfc8020
Implement RFC 8020 "NXDOMAIN: There Really Is Nothing Underneath"
Otto Moerbeek [Tue, 22 Oct 2019 05:51:01 +0000 (07:51 +0200)]
Merge pull request #8445 from Habbie/skip-useless-unbound-call
auth ds-at-apex-noerror test: do not run unbound-host
Peter van Dijk [Mon, 21 Oct 2019 22:41:31 +0000 (00:41 +0200)]
auth ds-at-apex-noerror test: do not run unbound-host
Pieter Lexis [Tue, 1 Oct 2019 10:25:58 +0000 (12:25 +0200)]
Implement RFC 8020
This commit implements the "NXDOMAIN: There Really Is Nothing Underneath".
When enabled (the default), the SyncRes will check the negative cache if
there exists a higher denied name and uses that data to send an NXDOMAIN
to the client. In essence, it is a more aggressive version of
root-nx-trust (which could be removed in the future).
There are several advantages:
* We potentially send fewer queries to the internet
* The record cache is not "polluted" with useless NXDOMAINs
Remi Gacogne [Sat, 19 Oct 2019 11:38:41 +0000 (13:38 +0200)]
Merge pull request #8437 from Habbie/dnsdist-doc-nits-1.4.0
dnsdist docs: fix versionadded formatting
Peter van Dijk [Fri, 18 Oct 2019 14:19:45 +0000 (16:19 +0200)]
Merge pull request #8433 from Habbie/dns64-ptr-cname
dns64: stop hiding PTR indirection
Peter van Dijk [Fri, 18 Oct 2019 11:59:41 +0000 (13:59 +0200)]
fix versionadded formatting
Peter van Dijk [Fri, 18 Oct 2019 10:31:55 +0000 (12:31 +0200)]
dns64: stop hiding PTR indirection
Peter van Dijk [Fri, 18 Oct 2019 10:23:32 +0000 (12:23 +0200)]
Merge pull request #8432 from mind04/pdns-oracle-leftovers
pdns: oracle leftovers
Pieter Lexis [Fri, 18 Oct 2019 09:26:00 +0000 (11:26 +0200)]
Merge pull request #8420 from pieterlexis/pdnsutil-algo-7
pdnsutil: add algo 7 to add-zone-key help
Kees Monshouwer [Thu, 17 Oct 2019 21:00:03 +0000 (23:00 +0200)]
pdns: oracle leftovers
Kees Monshouwer [Thu, 17 Oct 2019 20:29:02 +0000 (22:29 +0200)]
auth: remove mydns backend
Peter van Dijk [Thu, 17 Oct 2019 14:22:46 +0000 (16:22 +0200)]
Merge pull request #8429 from Habbie/ubuntu-eoan
add Ubuntu eoan builder target
Peter van Dijk [Thu, 17 Oct 2019 10:21:45 +0000 (12:21 +0200)]
add Ubuntu eoan builder target
Pieter Lexis [Wed, 16 Oct 2019 11:32:31 +0000 (13:32 +0200)]
Merge pull request #8400 from pieterlexis/centos-8-pkgs
Add CentOS 8 as builder target
Pieter Lexis [Wed, 16 Oct 2019 11:32:03 +0000 (13:32 +0200)]
Merge pull request #8325 from pieterlexis/disabled-in-api
auth API: make disabled optional for Record
Remi Gacogne [Tue, 15 Oct 2019 20:52:16 +0000 (22:52 +0200)]
Merge pull request #8421 from rgacogne/ddist-fix-merge-rotation-delay
dnsdist: Fix merge issue (d_ticketsKeyRotationDelay)
Pieter Lexis [Tue, 15 Oct 2019 18:14:30 +0000 (20:14 +0200)]
pdnsutil: add algo 7 to add-zone-key help
Remi Gacogne [Tue, 15 Oct 2019 18:14:11 +0000 (20:14 +0200)]
dnsdist: Fix merge issue (d_ticketsKeyRotationDelay)
d_ticketsKeyRotationDelay is now in the TLSConfig object.
Remi Gacogne [Tue, 15 Oct 2019 12:49:44 +0000 (14:49 +0200)]
Merge pull request #8411 from rgacogne/dnsdist-better-log-action
dnsdist: Add more options to LogAction (non-verbose mode, timestamps)
Remi Gacogne [Tue, 15 Oct 2019 12:47:38 +0000 (14:47 +0200)]
Merge pull request #8383 from rgacogne/ddist-merge-doh-dot-contexts
dnsdist: Merge the setup of TLS contexts in Doh and DoT
Remi Gacogne [Tue, 15 Oct 2019 12:42:29 +0000 (14:42 +0200)]
Merge pull request #8408 from rgacogne/ddist-buffer-size-cache
dnsdist: Fix the caching of large entries
Remi Gacogne [Tue, 15 Oct 2019 10:21:38 +0000 (12:21 +0200)]
Merge pull request #8417 from rgacogne/auth-dist-unit2.test
Add regression-tests/zones/unit2.test to EXTRA_DIST
Remi Gacogne [Tue, 15 Oct 2019 08:13:37 +0000 (10:13 +0200)]
Add regression-tests/zones/unit2.test to EXTRA_DIST
Otherwise the unit tests fail.
Remi Gacogne [Fri, 11 Oct 2019 14:44:25 +0000 (16:44 +0200)]
dnsdist: Use std::max() to compute the size of the incoming buffer
Remi Gacogne [Fri, 11 Oct 2019 12:57:45 +0000 (14:57 +0200)]
dnsdist: Add regression tests for the caching of large answers
Remi Gacogne [Fri, 11 Oct 2019 12:52:08 +0000 (14:52 +0200)]
dnsdist: Don't cache entries larger than 4096 bytes
We won't be able to use them anyway.
Remi Gacogne [Fri, 11 Oct 2019 12:51:11 +0000 (14:51 +0200)]
dnsdist: Always allocate at least 4096 bytes for the cached response
Remi Gacogne [Thu, 10 Oct 2019 15:44:43 +0000 (17:44 +0200)]
dnsdist: Advertise the size really available in the query buffer
We use to advertise s_udpIncomingBufferSize (1500) but the buffer
is really 4096 bytes long. This allows much larger responses from
to be returned from the cache.
Remi Gacogne [Tue, 15 Oct 2019 08:04:49 +0000 (10:04 +0200)]
Merge pull request #8415 from rgacogne/ddist-tcp-stats-format
dnsdist: Fix formatting in showTCPStats()
Remi Gacogne [Mon, 14 Oct 2019 14:18:46 +0000 (16:18 +0200)]
dnsdist: Implement ref counting for the DOHUnit object
It turns out that, at least when testing with ASAN enabled, we
sometimes trigger use-after-free detection because we get the
response from the backend, send it to the client then delete the
object before the send() call to the backend even returned.
Remi Gacogne [Mon, 14 Oct 2019 14:02:44 +0000 (16:02 +0200)]
dnsdist: Fix formatting in showTCPStats()
Remi Gacogne [Mon, 14 Oct 2019 13:39:59 +0000 (15:39 +0200)]
Merge pull request #8413 from rgacogne/cmsg_space_osx
Work around CMSG_SPACE somehow not being a constexpr on macOS
Otto Moerbeek [Mon, 14 Oct 2019 11:09:47 +0000 (13:09 +0200)]
Merge pull request #8414 from omoerbeek/test-zoneparse-more-modern
test-zoneparser_tng: more modern C++ idiom
Remi Gacogne [Mon, 14 Oct 2019 08:21:20 +0000 (10:21 +0200)]
Work around CMSG_SPACE somehow not being a constexpr on macOS
Otto Moerbeek [Mon, 14 Oct 2019 07:06:35 +0000 (09:06 +0200)]
More modern C++ idiom
Remi Gacogne [Sat, 12 Oct 2019 13:25:17 +0000 (15:25 +0200)]
Merge pull request #8372 from rgacogne/ddist-vrf-itf
dnsdist: Use SO_BINDTODEVICE when available for newServer's source itf
Remi Gacogne [Sat, 12 Oct 2019 13:23:47 +0000 (15:23 +0200)]
Merge pull request #8409 from rgacogne/ddist-prometheus-descriptions-pool
dnsdist: Add missing prometheus descriptions for cache-related metrics
Remi Gacogne [Fri, 11 Oct 2019 15:16:37 +0000 (17:16 +0200)]
dnsdist: Add more options to LogAction (non-verbose mode, timestamps)
Remi Gacogne [Fri, 11 Oct 2019 14:38:51 +0000 (16:38 +0200)]
Merge pull request #8410 from franklouwers/doc/setQueryRate-fix
Fix typo in setQueryRate docs
Remi Gacogne [Fri, 11 Oct 2019 14:26:51 +0000 (16:26 +0200)]
dnsdist: Don't call SO_BINDTODEVICE with an empty interface name
Remi Gacogne [Fri, 11 Oct 2019 14:12:54 +0000 (16:12 +0200)]
dnsdist: Fix indentation in newServer()
Frank Louwers [Fri, 11 Oct 2019 14:10:08 +0000 (16:10 +0200)]
Clarify comment
Frank Louwers [Fri, 11 Oct 2019 14:00:31 +0000 (16:00 +0200)]
Fix typo in setQueryRate docs
Remi Gacogne [Fri, 11 Oct 2019 13:24:55 +0000 (15:24 +0200)]
dnsdist: Add missing prometheus descriptions for cache-related metrics
Remi Gacogne [Fri, 11 Oct 2019 13:16:16 +0000 (15:16 +0200)]
Merge pull request #8406 from rgacogne/ddist-tls-ticket-key-stats
dnsdist: Add metrics about unknown/inactive TLS ticket keys
Otto Moerbeek [Fri, 11 Oct 2019 12:54:33 +0000 (14:54 +0200)]
Merge pull request #8407 from omoerbeek/auth-lua-records-shadowing
auth: A few shadowing cases.
Otto Moerbeek [Fri, 11 Oct 2019 12:05:22 +0000 (14:05 +0200)]
A few shadowing cases.
Otto Moerbeek [Fri, 11 Oct 2019 09:22:39 +0000 (11:22 +0200)]
Proper in-flight maintenance; settable setting with doc.
Remi Gacogne [Thu, 10 Oct 2019 14:57:29 +0000 (16:57 +0200)]
dnsdist: Add metrics about unknown/inactive TLS ticket keys
Remi Gacogne [Fri, 4 Oct 2019 15:57:04 +0000 (17:57 +0200)]
dnsdist: Merge the setup of TLS contexts in Doh and DoT
Remi Gacogne [Thu, 10 Oct 2019 14:44:41 +0000 (16:44 +0200)]
Merge pull request #8398 from rgacogne/ddist-fix-session-resumption-tests
dnsdist: Check that tickets have really been written in the tests, really disable tickets when asked
Remi Gacogne [Thu, 10 Oct 2019 14:44:23 +0000 (16:44 +0200)]
Merge pull request #8387 from rgacogne/dnsdist-tls-versions
dnsdist: Add metrics about TLS versions with DNS over TLS
Remi Gacogne [Thu, 10 Oct 2019 14:34:45 +0000 (16:34 +0200)]
Merge pull request #8404 from rgacogne/ddist-typo-suffixmatchnode-doc
dnsdist: Add a missing line before SuffixMatchNode's 'versionadded'
Otto Moerbeek [Thu, 10 Oct 2019 14:08:09 +0000 (16:08 +0200)]
Merge pull request #8396 from omoerbeek/zoneparser-fixed-format
Do not use variable printf format strings
Remi Gacogne [Thu, 10 Oct 2019 12:56:14 +0000 (14:56 +0200)]
dnsdist: Add a missing line before SuffixMatchNode's 'versionadded'
Pieter Lexis [Thu, 10 Oct 2019 12:03:21 +0000 (14:03 +0200)]
Add CentOS 8 as builder target
Remi Gacogne [Thu, 10 Oct 2019 09:07:21 +0000 (11:07 +0200)]
Merge pull request #8395 from rgacogne/ddist-doh-concurrent-connections
dnsdist: Count the number of concurrent connections for DoH as well
Remi Gacogne [Thu, 10 Oct 2019 09:00:30 +0000 (11:00 +0200)]
dnsdist: Add TLS version metrics to the API as well
Remi Gacogne [Tue, 8 Oct 2019 14:14:32 +0000 (16:14 +0200)]
dnsdist: Check that tickets have been written when needed
But they might not have been, especially when a session has been
resumed and it was encrypted with a Session Ticket Encryption Key
still active.
Remi Gacogne [Tue, 8 Oct 2019 14:14:04 +0000 (16:14 +0200)]
dnsdist: Really disable TLS tickets for TLS 1.3 when asked
Remi Gacogne [Thu, 10 Oct 2019 08:04:00 +0000 (10:04 +0200)]
Merge pull request #8388 from rgacogne/dnsdist-doh-rotation-key-clear
dnsdist: Clear the DoH Session Ticket Encryption Key in the ctor
Otto Moerbeek [Wed, 9 Oct 2019 14:21:00 +0000 (16:21 +0200)]
Add unit test for zone file with template
Remi Gacogne [Wed, 9 Oct 2019 13:41:50 +0000 (15:41 +0200)]
dnsdist: Count the number of concurrent connections for DoH as well
Otto Moerbeek [Wed, 9 Oct 2019 12:39:29 +0000 (14:39 +0200)]
Using a variable format string opens up all kinds of cans of worms.
Otto Moerbeek [Wed, 9 Oct 2019 09:12:38 +0000 (11:12 +0200)]
On read error we remove the fd from the set. If there are still queries in-flight
we will add it back if the in-flight condition is true.
This is not a real problem as the next handleTCPClientReadable() will take care.
Add a comment to explain that.
Also, setting the TTD might throw so handle that.
We might need a forgiving variant of removeReadFD() and setReadTTD().
Otto Moerbeek [Wed, 9 Oct 2019 08:35:00 +0000 (10:35 +0200)]
- Fix multiplexer accounting in the write error case
- Use proper type for in-flight accounting
Peter van Dijk [Wed, 9 Oct 2019 07:29:17 +0000 (09:29 +0200)]
Merge pull request #7719 from Habbie/dnspython-assertequal
better assertEqual for dnspython
Otto Moerbeek [Wed, 18 Sep 2019 10:01:01 +0000 (12:01 +0200)]
Allow multiple simulaneous incoming TCP queries over a connection.
Answers are sent out the moment the become available, so not
necesarily in the same order as received. There's a limit on how
many queries per TCP induced connection we may have in flight.
Peter van Dijk [Thu, 3 Oct 2019 13:59:51 +0000 (15:59 +0200)]
recursor-dnssec: use eqdnsmessage
Peter van Dijk [Thu, 3 Oct 2019 13:35:43 +0000 (15:35 +0200)]
ixfrdist: eqdnsmessage
Peter van Dijk [Thu, 3 Oct 2019 13:26:23 +0000 (15:26 +0200)]
(uselessly) add eqdnsmessage to auth testing
Peter van Dijk [Thu, 3 Oct 2019 13:18:31 +0000 (15:18 +0200)]
move assert helper out of dnsdist tests
Peter van Dijk [Thu, 11 Apr 2019 15:40:20 +0000 (17:40 +0200)]
better assertEqual for dnspython
before:
AssertionError: <DNS message, ID 38993> != <DNS message, ID 38993>
after:
AssertionError: <DNS message, ID 46818> != <DNS message, ID 46818>:
--- first
+++ second
@@ -1,10 +1,10 @@
id 46818
-opcode 6
-rcode NOTAUTH
-flags AD CD
+opcode QUERY
+rcode NOERROR
+flags RD
;QUESTION
xpf.tests.powerdns.com. IN A
;ANSWER
;AUTHORITY
;ADDITIONAL
-. 0 IN TYPE65422 \# 14
04117f0000017f000001f8bc14dc
+xpf.tests.powerdns.com. 60 IN TYPE65422 \# 14
04117f0000017f00000100000000
Otto Moerbeek [Tue, 8 Oct 2019 08:23:49 +0000 (10:23 +0200)]
Merge pull request #8351 from Habbie/no-move-mutex
auth statbag: move to std::mutex, avoid copies
Remi Gacogne [Mon, 7 Oct 2019 15:27:37 +0000 (17:27 +0200)]
Merge pull request #8382 from rgacogne/ddist-ciphers-order
dnsdist: Add a 'preferServerCiphers' option for DoH and DoT
Remi Gacogne [Mon, 7 Oct 2019 15:27:20 +0000 (17:27 +0200)]
Merge pull request #8381 from rgacogne/ddist-prometheus-thread-number
dnsdist: Add a prometheus 'thread' label to distinguish identical frontends
Remi Gacogne [Mon, 7 Oct 2019 15:26:55 +0000 (17:26 +0200)]
Merge pull request #8375 from rgacogne/ddist-python-dns-options-print
Implement python's to_text() for Cookies and Client Subnet options
Remi Gacogne [Mon, 7 Oct 2019 14:32:13 +0000 (16:32 +0200)]
dnsdist: Clear the DoH Session Ticket Encryption Key in the ctor
Remi Gacogne [Mon, 7 Oct 2019 14:00:59 +0000 (16:00 +0200)]
dnsdist: Add metrics about TLS versions with DNS over TLS
Otto Moerbeek [Mon, 7 Oct 2019 12:17:36 +0000 (14:17 +0200)]
And declare assignment operator deleted
Otto Moerbeek [Mon, 7 Oct 2019 11:44:59 +0000 (13:44 +0200)]
Merge pull request #8385 from omoerbeek/more-strict-flags
More strict flags
Otto Moerbeek [Mon, 7 Oct 2019 09:27:13 +0000 (11:27 +0200)]
While there is no shadowing going on for global functions, improve
consistency by calling a lua_state lua_state.
Otto Moerbeek [Mon, 7 Oct 2019 08:43:41 +0000 (10:43 +0200)]
Add copy-ct, gcc C++ lib <= 4.8 seems to need it.
Otto Moerbeek [Fri, 4 Oct 2019 15:13:19 +0000 (17:13 +0200)]
Some more shadowing going on
Otto Moerbeek [Fri, 4 Oct 2019 14:40:00 +0000 (16:40 +0200)]
Use -Wextra -Wshadow.
This cause plenty of signed-compare warnings from clang in the unit-tests. So
fix those plus a few cases of -Wshadow.
Remi Gacogne [Fri, 4 Oct 2019 10:28:56 +0000 (12:28 +0200)]
dnsdist: Add a 'preferServerCiphers' option for DoH and DoT
It used to be that the servers had a much better configuration than
the clients, but nowadays we better rely on the clients, as they
know whether they have hardware support for a specific algorithm
which might save battery life or improve latency by a large margin.
Remi Gacogne [Fri, 4 Oct 2019 09:13:42 +0000 (11:13 +0200)]
dnsdist: Add a prometheus 'thread' label to distinguish identical frontends