]>
granicus.if.org Git - pdns/log
bert hubert [Mon, 22 Feb 2016 14:26:55 +0000 (15:26 +0100)]
we used toString() to compare incoming packets - showed up in profile at 3% or so
bert hubert [Wed, 24 Feb 2016 10:54:22 +0000 (11:54 +0100)]
we don't need set close on exec in pdns_recursor since it won't (can't) exec anything
bert hubert [Wed, 24 Feb 2016 11:41:08 +0000 (12:41 +0100)]
because unset/empty netmasks did not compare as equal, we would fill the cache with tens of thousands of duplicate entries per name
bert hubert [Wed, 24 Feb 2016 10:24:59 +0000 (11:24 +0100)]
Merge pull request #3434 from Habbie/remove-old-lua-recursor
remove v3 lua recursor files (dead code)
Peter van Dijk [Wed, 24 Feb 2016 09:46:16 +0000 (10:46 +0100)]
Merge pull request #3428 from zeha/apirrsets
API: Fix zone/records design mistake
Peter van Dijk [Tue, 23 Feb 2016 15:03:14 +0000 (16:03 +0100)]
remove v3 lua recursor files (dead code)
bert hubert [Mon, 22 Feb 2016 18:51:49 +0000 (19:51 +0100)]
Merge pull request #3423 from Habbie/tinydns-yak
tinydns testing yaks
bert hubert [Mon, 22 Feb 2016 18:31:58 +0000 (19:31 +0100)]
Merge pull request #3422 from ahupowerdns/multispoof
Multispoof: make the dnsdist spoofing actions accept multiple IPv4 and IPv6 addresses, retaining old syntax + updated regression tests
Peter van Dijk [Mon, 22 Feb 2016 11:05:58 +0000 (12:05 +0100)]
update incbin to upstream 3d4aa9, fixing osx builds
Christian Hofstaedtler [Sun, 21 Feb 2016 21:11:16 +0000 (22:11 +0100)]
API: Fix zone/records design mistake
Christian Hofstaedtler [Sun, 21 Feb 2016 22:15:17 +0000 (23:15 +0100)]
Turn Comment.qname into a DNSName
Christian Hofstaedtler [Sun, 21 Feb 2016 22:14:32 +0000 (23:14 +0100)]
gsql: Remove stripDot where not needed
Peter van Dijk [Sun, 21 Feb 2016 18:30:06 +0000 (19:30 +0100)]
detect (g)md5sum to support osx brew usage
Peter van Dijk [Sun, 21 Feb 2016 18:27:46 +0000 (19:27 +0100)]
update tinydns data with cdnskey-cds-test.com domain
Peter van Dijk [Sun, 21 Feb 2016 18:27:12 +0000 (19:27 +0100)]
support dynamic loading of bindbackend
Peter van Dijk [Sun, 21 Feb 2016 18:27:00 +0000 (19:27 +0100)]
drop args, use vars like other scripts do, default to assuming they are on PATH
Peter van Dijk [Sun, 21 Feb 2016 18:25:14 +0000 (19:25 +0100)]
switch to bash; add -u (abort on use of unset var) to flags
bert hubert [Sun, 21 Feb 2016 10:27:56 +0000 (11:27 +0100)]
Merge pull request #3412 from pieterlexis/dnsdist-check-config
Dnsdist check config
bert hubert [Sun, 21 Feb 2016 09:00:49 +0000 (10:00 +0100)]
Merge pull request #3419 from Habbie/ldap-skipless
we skip too many ldap tests - unskip those that appear to actually work
bert hubert [Sun, 21 Feb 2016 09:00:38 +0000 (10:00 +0100)]
Merge pull request #3418 from Habbie/ldap-strict
add ldap strict mode testing
bert hubert [Sun, 21 Feb 2016 08:58:34 +0000 (09:58 +0100)]
document the new powers of domainspoof/spoofaction in dnsdist
Peter van Dijk [Sat, 20 Feb 2016 21:47:55 +0000 (22:47 +0100)]
Merge pull request #3420 from Habbie/no-verbose-wildcard-crash
don't servfail on unset wildcard in addNSEC when verbose logging is enabled
bert hubert [Sat, 20 Feb 2016 21:07:45 +0000 (22:07 +0100)]
Merge pull request #3399 from mind04/rsabits
report OpenSSL RSA keysize in bits
bert hubert [Sat, 20 Feb 2016 21:07:17 +0000 (22:07 +0100)]
Merge pull request #3413 from rgacogne/dnsdist-healthcheck-messages
dnsdist: log health check error messages even when verbose is off
bert hubert [Sat, 20 Feb 2016 21:06:36 +0000 (22:06 +0100)]
Merge pull request #3411 from rgacogne/dnsdist-nopacketcache-tcp
dnsdist: Do not share the packet cache entries between TCP and UDP
bert hubert [Sat, 20 Feb 2016 21:03:21 +0000 (22:03 +0100)]
Merge pull request #3356 from rgacogne/dnsdist-parse-failures-log
dnsdist: Display the query ID and remote IP when parsing fails
bert hubert [Sat, 20 Feb 2016 20:58:41 +0000 (21:58 +0100)]
make dnsdist spoofing actions support multiple A and AAAA records which we'll shuffle and include, plus regression tests for same
Peter van Dijk [Sat, 20 Feb 2016 20:57:38 +0000 (21:57 +0100)]
don't servfail on unset wildcard in addNSEC when verbose logging is enabled
bert hubert [Sat, 20 Feb 2016 20:56:03 +0000 (21:56 +0100)]
document dnsdist regression tests, make it possible to run only part of the regression tests (& document that too)
Peter van Dijk [Sat, 20 Feb 2016 19:18:45 +0000 (20:18 +0100)]
we skip too many ldap tests - unskip those that appear to actually work
Peter van Dijk [Sat, 20 Feb 2016 19:23:05 +0000 (20:23 +0100)]
add ldap strict mode testing
Peter van Dijk [Sat, 20 Feb 2016 18:00:27 +0000 (19:00 +0100)]
Merge pull request #3407 from cmouse/permit-star-entry
Permit star entry
Aki Tuomi [Sat, 20 Feb 2016 14:31:10 +0000 (16:31 +0200)]
test that API accepts wildcard name
Remi Gacogne [Fri, 19 Feb 2016 17:37:16 +0000 (18:37 +0100)]
dnsdist: log health check error messages even when verbose is off
This still requires setVerboseHealthChecks(true), but not global
verbose anymore, as the later logs every queries and thus is not
usable on a large deployment.
bert hubert [Sat, 20 Feb 2016 11:44:26 +0000 (12:44 +0100)]
report an error when we die when .. dnsdist sends us an unexpected answer?!
bert hubert [Sat, 20 Feb 2016 11:43:55 +0000 (12:43 +0100)]
silence warning about our vinfolog macro (perhaps we should see if we can improve the macro)
bert hubert [Fri, 19 Feb 2016 20:56:33 +0000 (21:56 +0100)]
refuse to validate empty space - @zaphodb, this may be your crash
bert hubert [Fri, 19 Feb 2016 20:28:05 +0000 (21:28 +0100)]
turns out we were using libc tolower in performance sensitive places.. top in perf
bert hubert [Fri, 19 Feb 2016 20:09:53 +0000 (21:09 +0100)]
prevent us dying on emitting error message about unexpected packet
Pieter Lexis [Fri, 19 Feb 2016 15:30:47 +0000 (16:30 +0100)]
dnsdist: add --check-config commandline switch
This allows testing of the configuration before one will try to restart
dnsdist with a broken config. Additionally, add tests to confirm the
config check still works.
Pieter Lexis [Fri, 19 Feb 2016 15:28:38 +0000 (16:28 +0100)]
dnsdist: Explicitly use python2 for tests
Aki Tuomi [Fri, 19 Feb 2016 07:53:55 +0000 (09:53 +0200)]
Permit star, fixes #3406
bert hubert [Fri, 19 Feb 2016 14:02:14 +0000 (15:02 +0100)]
Merge pull request #3410 from ahupowerdns/recuweb
Merge Recuweb - built in live webpage for recursor
Remi Gacogne [Fri, 19 Feb 2016 11:58:05 +0000 (12:58 +0100)]
dnsdist: Do not share the packet cache entries between TCP and UDP
It would obviously cause issues, for example with truncated
responses. It is possible to disable the cache for all TCP queries
by using something like:
addAction(TCPRule(true), SkipCacheAction())
bert hubert [Fri, 19 Feb 2016 10:39:39 +0000 (11:39 +0100)]
Merge pull request #3408 from rgacogne/dnsdist-default-pool
dnsdist: Always create the default pool, clean related log messages
bert hubert [Wed, 17 Feb 2016 20:13:29 +0000 (21:13 +0100)]
missing symlink
bert hubert [Wed, 17 Feb 2016 18:59:30 +0000 (19:59 +0100)]
distribute the recuweb stuff to the tarball
bert hubert [Wed, 17 Feb 2016 16:15:45 +0000 (17:15 +0100)]
make / work too for recuweb
bert hubert [Wed, 17 Feb 2016 10:52:14 +0000 (11:52 +0100)]
reinstate recuweb, but now internally!
bert hubert [Tue, 16 Feb 2016 16:13:59 +0000 (17:13 +0100)]
recuweb in recursor 4.0 built in
Pieter Lexis [Fri, 19 Feb 2016 08:37:39 +0000 (09:37 +0100)]
Merge pull request #3404 from pieterlexis/sles12
Add SLES 12 support to the build-auth-rpm script
Aki Tuomi [Fri, 19 Feb 2016 07:53:44 +0000 (09:53 +0200)]
It's name, not label.
bert hubert [Thu, 18 Feb 2016 20:19:35 +0000 (21:19 +0100)]
Merge pull request #3405 from rgacogne/dnsdist-health-check-failures
dnsdist: Add health check logging, `maxCheckFailures` to backend
bert hubert [Thu, 18 Feb 2016 20:19:22 +0000 (21:19 +0100)]
Merge pull request #3403 from rgacogne/dnsdist-more-tests
dnsdist: Add missing QPSPoolAction & DNSSECRule. Add missing tests.
bert hubert [Thu, 18 Feb 2016 20:18:21 +0000 (21:18 +0100)]
Merge pull request #3398 from rgacogne/dnsdist-oustanding
dnsdist: Better handling of outstanding counter
Remi Gacogne [Thu, 18 Feb 2016 16:36:25 +0000 (17:36 +0100)]
dnsdist: Add health check logging, `maxCheckFailures` to backend
`maxCheckFailures` allows waiting for several health check failures
before marking a downstream server down.
Health check errors are logged only in verbose mode and if
`setVerboseHealthChecks()` is set to true.
Remi Gacogne [Thu, 18 Feb 2016 16:06:40 +0000 (17:06 +0100)]
dnsdist: Always create the default pool, clean related log messages
Remi Gacogne [Thu, 18 Feb 2016 14:01:23 +0000 (15:01 +0100)]
dnsdist: Add missing QPSPoolAction & DNSSECRule. Add missing tests.
QPSPoolAction() and DNSSECRule() are mentioned in the README but
the Lua bindings were missing.
Add missing tests for some actions and rules.
Clean existing tests a bit in the process.
Pieter Lexis [Thu, 18 Feb 2016 10:35:28 +0000 (11:35 +0100)]
Add SLES support to the build-auth-rpm script
Kees Monshouwer [Wed, 17 Feb 2016 21:07:51 +0000 (22:07 +0100)]
report OpenSSL RSA keysize in bits
bert hubert [Wed, 17 Feb 2016 16:16:27 +0000 (17:16 +0100)]
Merge pull request #3397 from mind04/missing
[WIP] add missing files for tools and testrunner to auth tar.bz2
Kees Monshouwer [Wed, 17 Feb 2016 14:56:48 +0000 (15:56 +0100)]
add missing files for tools and testrunner to auth tar.bz2
bert hubert [Wed, 17 Feb 2016 12:34:48 +0000 (13:34 +0100)]
Merge pull request #3395 from Habbie/dist-dnsrecords-hh
re-dist dnsrecords.hh
Peter van Dijk [Wed, 17 Feb 2016 11:49:56 +0000 (12:49 +0100)]
re-dist dnsrecords.hh
Pieter Lexis [Wed, 17 Feb 2016 12:02:49 +0000 (13:02 +0100)]
Merge pull request #3368 from rubenk/link-internal-libs-directly
Link our internal libs directly
Pieter Lexis [Wed, 17 Feb 2016 12:02:31 +0000 (13:02 +0100)]
Merge pull request #3225 from pieterlexis/docs-400
[Needs review] Many additions and changes to the docs
Remi Gacogne [Wed, 17 Feb 2016 11:34:39 +0000 (12:34 +0100)]
dnsdist: Better handling of outstanding counter
The outstanding value is now displayed in `showServers()` and we
set the IDS age to 0 as soon as we get a response to prevent
the maintainer thread from cleaning it up during our processing.
Remi Gacogne [Wed, 17 Feb 2016 10:35:27 +0000 (11:35 +0100)]
Merge pull request #3394 from rgacogne/dnsdist-drop
dnsdist: Fix the Drop action over UDP
Pieter Lexis [Wed, 17 Feb 2016 10:18:11 +0000 (11:18 +0100)]
Merge pull request #3373 from Habbie/single-place-builds
Give each binary a single place for building
Remi Gacogne [Wed, 17 Feb 2016 09:37:13 +0000 (10:37 +0100)]
dnsdist: Fix the Drop action over UDP
I broke the Drop action over UDP in commit
1a2a4e68b6368361981cf525e0c5cad3b63c3788 and somehow we did not
have any regression tests actually testing it.
Peter van Dijk [Tue, 16 Feb 2016 12:46:16 +0000 (13:46 +0100)]
Merge pull request #3372 from Habbie/ldap-testing
make ldap testable, add travis testing
Peter van Dijk [Tue, 16 Feb 2016 12:28:29 +0000 (13:28 +0100)]
nit
bert hubert [Tue, 16 Feb 2016 09:06:58 +0000 (10:06 +0100)]
Merge pull request #3388 from rgacogne/dnsdist-lua-lock
dnsdist: Lock the Lua context before executing a LuaAction
Remi Gacogne [Tue, 16 Feb 2016 08:44:51 +0000 (09:44 +0100)]
dnsdist: Lock the Lua context before executing a LuaAction
Otherwise the stack of the Lua context might get corrupted
whenever another Lua function (blockfilter, policy, maintenance or
another LuaAction) is simultaneously called from another thread.
We might be able to use a separate execution stack via
createThread()/lua_newthread(), but if I understand correctly how
it works, we would need to be sure that the Lua function called
does not access the global state at all, which is probably too
restrictive.
This should fix #3374, #3375, #3376, #3377, #3378, #3379, #3383,
and hopefully the random travis failures in our regression tests.
bert hubert [Tue, 16 Feb 2016 00:00:47 +0000 (01:00 +0100)]
Merge pull request #3365 from janeczku/udpQueryResponse-fix
recursor: apply rcode set in UDPQueryResponse callback
bert hubert [Tue, 16 Feb 2016 00:00:17 +0000 (01:00 +0100)]
Merge pull request #3385 from pieterlexis/pdnsutil-default-soa-settings
pdnsutil: respect default-soa-* settings
bert hubert [Mon, 15 Feb 2016 23:58:07 +0000 (00:58 +0100)]
Merge pull request #3381 from pieterlexis/dnsdist-cflags
dnsdist: remove unneeded compiler flag
bert hubert [Mon, 15 Feb 2016 23:50:54 +0000 (00:50 +0100)]
Merge pull request #3355 from rgacogne/dnsdist-cache-clean
dnsdist: Add a simple Packet Cache
Pieter Lexis [Mon, 15 Feb 2016 20:05:06 +0000 (21:05 +0100)]
pdnsutil: respect default-soa-* settings
Closes #3382
Peter van Dijk [Mon, 15 Feb 2016 17:24:22 +0000 (18:24 +0100)]
Merge pull request #3380 from pieterlexis/dnsdist-pandoc
dnsdist: Correctly test for the manpage
Pieter Lexis [Mon, 15 Feb 2016 16:14:31 +0000 (17:14 +0100)]
dnsdist: remove unneeded compiler flag
Pieter Lexis [Mon, 15 Feb 2016 16:01:05 +0000 (17:01 +0100)]
dnsdist: Correctly test for the manpage
Peter van Dijk [Fri, 12 Feb 2016 08:36:31 +0000 (09:36 +0100)]
setup ldap, run tests
Peter van Dijk [Tue, 19 Jan 2016 21:58:28 +0000 (22:58 +0100)]
add ldap testing (tree+simple) to regression tests; skip known-failing tests
Peter van Dijk [Tue, 26 Jan 2016 15:43:41 +0000 (16:43 +0100)]
add all missing types (as far as our tests are concerned) to schema and header
Peter van Dijk [Tue, 26 Jan 2016 14:21:53 +0000 (15:21 +0100)]
import schema files from the ldap fork
Peter van Dijk [Mon, 15 Feb 2016 15:40:57 +0000 (16:40 +0100)]
stop testing in-tree recursor build
Peter van Dijk [Mon, 15 Feb 2016 13:56:03 +0000 (14:56 +0100)]
add courtesy notes
Peter van Dijk [Mon, 15 Feb 2016 13:49:35 +0000 (14:49 +0100)]
move re2 m4, only dnsdist uses it
Peter van Dijk [Mon, 15 Feb 2016 13:48:47 +0000 (14:48 +0100)]
rip out the most obvious supporting pieces for building ddnsdist and pdns_recursor in the auth tree
Peter van Dijk [Mon, 15 Feb 2016 13:43:37 +0000 (14:43 +0100)]
Merge pull request #3370 from ahupowerdns/re2
This adds --enable-re2 so we can benefit from libre2 if we want
Remi Gacogne [Mon, 15 Feb 2016 08:53:38 +0000 (09:53 +0100)]
Merge pull request #3361 from rgacogne/dnsdist-regression-tests-cleanup
dnsdist: Copy the resp in regression tests instead of fixing it up
Remi Gacogne [Mon, 15 Feb 2016 08:49:36 +0000 (09:49 +0100)]
dnsdist: Add a simple Packet Cache
Per-pool Packet Cache, using the whole query packet minus the id
has hashing key, to prevent issue related to:
* EDNS Payload size
* ECS
* DNSSEC
The packet cache is not enabled by default, and can be skipped
for specific queries using SkipCacheAction.
It's a per-pool cache, in case you have different responses, but
you can use the same cache for several pools if you want to.
We cache the whole response and age the TTLs when fetching the
response from the cache.
This commit also refactors a bit the way server pools are handled
to be able to have a per-pool cache, and to avoid scanning all
servers when looking for the ones in a given pool.
It is using a fixed-size unordered_map to prevent rehashing. It
is not very efficient with regard to cache cleaning, but I really
would like to use only a ReadLock on the fastpath, and using a
multi index container and moving cache entries to the back / front
on hit / miss would prevent that.
Health checks are moved to a different thread, to prevent them from
being impacted by the cache cleaning operation being slow.
bert hubert [Sun, 14 Feb 2016 17:22:52 +0000 (18:22 +0100)]
document RE2Rule
bert hubert [Sun, 14 Feb 2016 15:41:57 +0000 (16:41 +0100)]
Merge pull request #3357 from rgacogne/dnsdist-non-terminal-rules
dnsdist: continue processing rules after some specific actions
bert hubert [Sun, 14 Feb 2016 15:41:31 +0000 (16:41 +0100)]
Merge pull request #3360 from rgacogne/dnsdist-extended-logs
dnsdist: Add an option to log as text. Display filename in showRules
bert hubert [Sun, 14 Feb 2016 15:40:25 +0000 (16:40 +0100)]
Merge pull request #3364 from nlyan/master
Shrink PacketID by 10% by eliminating padding.
bert hubert [Sun, 14 Feb 2016 14:18:26 +0000 (15:18 +0100)]
make re2 something you have to enable explicitly. I can't get it to link statically.
bert hubert [Sun, 14 Feb 2016 10:16:56 +0000 (11:16 +0100)]
add a RE2Rule based on Google RE2 regex library. Note that if we detect it, we compile it in unconditionally which sucks as it is a dynamic link. We should make this something you turn on.
Ruben Kerkhof [Sat, 13 Feb 2016 17:39:11 +0000 (18:39 +0100)]
Link our internal libs directly
If we don't do this and we have an external version of the same
lib installed, we risk picking that one up instead.
See #3127 for background