granicus.if.org Git - pdns/log

]> granicus.if.org Git - pdns/log

projects / pdns / log

summary | shortlog | log | commit | commitdiff | tree
first ⋅ prev ⋅ next

commit | commitdiff | tree

Bert Hubert [Fri, 25 Feb 2011 20:54:32 +0000 (20:54 +0000)]

backends supporting DNSSEC must return all records of one (name,type) tuple consecutively. This commit solves the issue
where multiple signatures were seen for a single such tuple.

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@2053 d19b8d6e-7fed-0310-83ef-9ca221ded41b

commit | commitdiff | tree

Bert Hubert [Sat, 19 Feb 2011 20:08:29 +0000 (20:08 +0000)]

don't send do=1 SOA requests for slaving purposes for non-presigned slave zones

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@2052 d19b8d6e-7fed-0310-83ef-9ca221ded41b

commit | commitdiff | tree

Bert Hubert [Sat, 19 Feb 2011 20:06:02 +0000 (20:06 +0000)]

some further comment improvements (spent most of the day debugging, took hours to find the bug, this is what I did in the meantime ;-))

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@2051 d19b8d6e-7fed-0310-83ef-9ca221ded41b

commit | commitdiff | tree

Bert Hubert [Sat, 19 Feb 2011 20:05:02 +0000 (20:05 +0000)]

improve some comments

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@2050 d19b8d6e-7fed-0310-83ef-9ca221ded41b

commit | commitdiff | tree

Bert Hubert [Sat, 19 Feb 2011 20:04:34 +0000 (20:04 +0000)]

improve some generic sql error messages and comments

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@2049 d19b8d6e-7fed-0310-83ef-9ca221ded41b

commit | commitdiff | tree

Bert Hubert [Sat, 19 Feb 2011 20:03:13 +0000 (20:03 +0000)]

sqlite3 can host slave zones too, zone2sql didn't know that

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@2048 d19b8d6e-7fed-0310-83ef-9ca221ded41b

commit | commitdiff | tree

Bert Hubert [Sat, 19 Feb 2011 20:02:42 +0000 (20:02 +0000)]

add gsqlite3-pragma-synchronous for benchmarketing purposes, plus make sqlite3 more paranoid about closing its connection

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@2047 d19b8d6e-7fed-0310-83ef-9ca221ded41b

commit | commitdiff | tree

Bert Hubert [Sat, 19 Feb 2011 14:57:44 +0000 (14:57 +0000)]

add port numbers where relevant to SOA notification output, plus prevent filedescriptor leak on AXFR error

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@2046 d19b8d6e-7fed-0310-83ef-9ca221ded41b

commit | commitdiff | tree

Bert Hubert [Fri, 18 Feb 2011 22:12:48 +0000 (22:12 +0000)]

make sure we AXFR from the correct master port after a notification, and not port 53 only

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@2045 d19b8d6e-7fed-0310-83ef-9ca221ded41b

commit | commitdiff | tree

Bert Hubert [Fri, 18 Feb 2011 18:59:03 +0000 (18:59 +0000)]

add the commit methods to dnsseckeeper

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@2044 d19b8d6e-7fed-0310-83ef-9ca221ded41b

commit | commitdiff | tree

Bert Hubert [Fri, 18 Feb 2011 16:27:15 +0000 (16:27 +0000)]

for bulk signing: pdnssec secure-zone can now accept multiple zones in one go, in one database transaction

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@2043 d19b8d6e-7fed-0310-83ef-9ca221ded41b

commit | commitdiff | tree

Bert Hubert [Fri, 18 Feb 2011 16:19:19 +0000 (16:19 +0000)]

don't wait a full second for notifications to come in

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@2042 d19b8d6e-7fed-0310-83ef-9ca221ded41b

commit | commitdiff | tree

Bert Hubert [Fri, 18 Feb 2011 16:18:01 +0000 (16:18 +0000)]

siles some logging on loading BIND zones

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@2041 d19b8d6e-7fed-0310-83ef-9ca221ded41b

commit | commitdiff | tree

Bert Hubert [Fri, 18 Feb 2011 13:55:06 +0000 (13:55 +0000)]

it helps tremendously if you actually close your incoming AXFR socket!

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@2040 d19b8d6e-7fed-0310-83ef-9ca221ded41b

commit | commitdiff | tree

Bert Hubert [Thu, 17 Feb 2011 21:53:05 +0000 (21:53 +0000)]

further indices needed for high dnssec performance

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@2039 d19b8d6e-7fed-0310-83ef-9ca221ded41b

commit | commitdiff | tree

Bert Hubert [Thu, 17 Feb 2011 20:54:30 +0000 (20:54 +0000)]

oops, cryptokeys table lacked an index

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@2038 d19b8d6e-7fed-0310-83ef-9ca221ded41b

commit | commitdiff | tree

Bert Hubert [Thu, 17 Feb 2011 13:00:15 +0000 (13:00 +0000)]

phase out boost::bimap so we can depend on 1.34 again

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@2037 d19b8d6e-7fed-0310-83ef-9ca221ded41b

commit | commitdiff | tree

Bert Hubert [Thu, 17 Feb 2011 10:21:16 +0000 (10:21 +0000)]

TSIG-verify first answer chunk ('envelope') of incoming AXFR. I don't understand the RFC on how to verify subsequent
envelopes.

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@2036 d19b8d6e-7fed-0310-83ef-9ca221ded41b

commit | commitdiff | tree

Bert Hubert [Thu, 17 Feb 2011 09:59:21 +0000 (09:59 +0000)]

add ability to do TSIG signed AXFR requests by setting AXFR-MASTER-TSIG domainmetadata setting to a TSIG keyname
Does not yet verify responses!

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@2035 d19b8d6e-7fed-0310-83ef-9ca221ded41b

commit | commitdiff | tree

Bert Hubert [Thu, 17 Feb 2011 08:57:26 +0000 (08:57 +0000)]

move around code so TSIG generation/verification is divorced from DNSPacket, readying it for use in signing notifications & verifying AXFR answers

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@2034 d19b8d6e-7fed-0310-83ef-9ca221ded41b

commit | commitdiff | tree

Bert Hubert [Thu, 17 Feb 2011 07:28:33 +0000 (07:28 +0000)]

Evan H discovered our documentation what out of whack with the source wrt to specifying the TSIG algorithm. The source has been adjusted.

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@2033 d19b8d6e-7fed-0310-83ef-9ca221ded41b

commit | commitdiff | tree

Bert Hubert [Wed, 16 Feb 2011 22:53:58 +0000 (22:53 +0000)]

and another case of not closing a db connection properly in pdnssec - harmless warning

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@2032 d19b8d6e-7fed-0310-83ef-9ca221ded41b

commit | commitdiff | tree

Bert Hubert [Wed, 16 Feb 2011 22:31:37 +0000 (22:31 +0000)]

the zone2sql code was _so_ scary I didn't dare touch it for half a decade. Revamped it completely.

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@2031 d19b8d6e-7fed-0310-83ef-9ca221ded41b

commit | commitdiff | tree

Bert Hubert [Wed, 16 Feb 2011 21:17:18 +0000 (21:17 +0000)]

Jose Arthur Benetasso Villanova discovered pdnssec did not do a proper database connection teardown after rectify-zone, leading to a message in the postgresql log.

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@2030 d19b8d6e-7fed-0310-83ef-9ca221ded41b

commit | commitdiff | tree

Bert Hubert [Wed, 16 Feb 2011 16:38:56 +0000 (16:38 +0000)]

neglected to 0 the NSEC3PARAM field from the actual NSEC3 setting (I wonder why the RFC requires this)

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@2029 d19b8d6e-7fed-0310-83ef-9ca221ded41b

commit | commitdiff | tree

Bert Hubert [Wed, 16 Feb 2011 16:17:43 +0000 (16:17 +0000)]

jan piet mens discovered we neglected to put the NSEC3PARAM in outgoing AXFR.

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@2028 d19b8d6e-7fed-0310-83ef-9ca221ded41b

commit | commitdiff | tree

Bert Hubert [Wed, 16 Feb 2011 12:09:16 +0000 (12:09 +0000)]

forgot to copy d_havetsig properly, leading to odd behaviour

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@2027 d19b8d6e-7fed-0310-83ef-9ca221ded41b

commit | commitdiff | tree

Bert Hubert [Tue, 15 Feb 2011 22:01:54 +0000 (22:01 +0000)]

spruce up docs a bit

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@2026 d19b8d6e-7fed-0310-83ef-9ca221ded41b

commit | commitdiff | tree

Bert Hubert [Tue, 15 Feb 2011 21:51:03 +0000 (21:51 +0000)]

document TSIG, plus remove trailing dot from TSIG key name

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@2025 d19b8d6e-7fed-0310-83ef-9ca221ded41b

commit | commitdiff | tree

Bert Hubert [Tue, 15 Feb 2011 21:06:26 +0000 (21:06 +0000)]

this giant commit implements TSIG access control and outbound TSIG authorized & signed AXFRs.
We also clean up some very old slightly dead code from dnspacket.cc, plus rename some variables so the are no longer incor
Next up, use TSIG for slaving from remotes. And document all this ;-)

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@2024 d19b8d6e-7fed-0310-83ef-9ca221ded41b

commit | commitdiff | tree

Bert Hubert [Tue, 15 Feb 2011 20:44:22 +0000 (20:44 +0000)]

silence a lot of signingpipe debugging

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@2023 d19b8d6e-7fed-0310-83ef-9ca221ded41b

commit | commitdiff | tree

Bert Hubert [Tue, 15 Feb 2011 20:09:52 +0000 (20:09 +0000)]

further cleanups (next commits remove some methods from DNSPacket)

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@2022 d19b8d6e-7fed-0310-83ef-9ca221ded41b

commit | commitdiff | tree

Bert Hubert [Tue, 15 Feb 2011 20:09:01 +0000 (20:09 +0000)]

some cleanups, plus NotAuth RCODE

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@2021 d19b8d6e-7fed-0310-83ef-9ca221ded41b

commit | commitdiff | tree

Bert Hubert [Tue, 15 Feb 2011 20:02:56 +0000 (20:02 +0000)]

commit of docs so as not to skew the diffstat

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@2020 d19b8d6e-7fed-0310-83ef-9ca221ded41b

commit | commitdiff | tree

Bert Hubert [Mon, 14 Feb 2011 15:34:32 +0000 (15:34 +0000)]

fix up 4.4 billion query statistics wraparound. And congratulations to the people that ran into this problem! Closes ticket 327.

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@2019 d19b8d6e-7fed-0310-83ef-9ca221ded41b

commit | commitdiff | tree

Bert Hubert [Mon, 14 Feb 2011 14:57:11 +0000 (14:57 +0000)]

fix up printing of %eth0 scope in ComboAddress::toStringWithPort

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@2018 d19b8d6e-7fed-0310-83ef-9ca221ded41b

commit | commitdiff | tree

Bert Hubert [Mon, 14 Feb 2011 14:20:04 +0000 (14:20 +0000)]

teach generic SQL backends about the ALSO-NOTIFY domain metadata in the domainmetadata table!

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@2017 d19b8d6e-7fed-0310-83ef-9ca221ded41b

commit | commitdiff | tree

Bert Hubert [Mon, 14 Feb 2011 14:10:07 +0000 (14:10 +0000)]

make master notification sender do its utmost to gather IPv6 addresses too. We sorta didn't try.

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@2016 d19b8d6e-7fed-0310-83ef-9ca221ded41b

commit | commitdiff | tree

Bert Hubert [Mon, 14 Feb 2011 12:50:05 +0000 (12:50 +0000)]

make sure we don't trip over disconnects on the controlsocket

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@2014 d19b8d6e-7fed-0310-83ef-9ca221ded41b

commit | commitdiff | tree

Bert Hubert [Mon, 14 Feb 2011 12:22:44 +0000 (12:22 +0000)]

silence some debugging

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@2013 d19b8d6e-7fed-0310-83ef-9ca221ded41b

commit | commitdiff | tree

Bert Hubert [Mon, 14 Feb 2011 10:56:27 +0000 (10:56 +0000)]

this giant commit adds full IPv6 master/slaving/notification support which appeared.. not to have been there ;-(
In addition, the complete AXFR & outgoing resolver apparatus of the auth server has been revamped, removing some of the oldest code in PowerDNS.
This is a giant change, but it adds functionality while decreasing the size of the code.

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@2012 d19b8d6e-7fed-0310-83ef-9ca221ded41b

commit | commitdiff | tree

Bert Hubert [Mon, 14 Feb 2011 10:53:26 +0000 (10:53 +0000)]

remove some dead code, add silly special cased 'waitFor2Data' to wait on 2 fds simult for ipv6

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@2011 d19b8d6e-7fed-0310-83ef-9ca221ded41b

commit | commitdiff | tree

Bert Hubert [Mon, 14 Feb 2011 09:58:10 +0000 (09:58 +0000)]

phase out sockAddrToString function (ComboAddress has a better one)
teach ComboAddress to accept 1.2.3.4:53 as well as [::]:53

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@2010 d19b8d6e-7fed-0310-83ef-9ca221ded41b

commit | commitdiff | tree

Bert Hubert [Sun, 13 Feb 2011 22:17:56 +0000 (22:17 +0000)]

widen allow-axfr-ips to IPv6, plus add query-local-address6 for inbound AXFR & outbound notifications over IPv6

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@2009 d19b8d6e-7fed-0310-83ef-9ca221ded41b

commit | commitdiff | tree

Bert Hubert [Thu, 10 Feb 2011 20:09:52 +0000 (20:09 +0000)]

freebsd might need '-1' for timeout instead of 'a negative value'

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@2008 d19b8d6e-7fed-0310-83ef-9ca221ded41b

commit | commitdiff | tree

Bert Hubert [Thu, 10 Feb 2011 19:55:38 +0000 (19:55 +0000)]

make slave engine use RRSIG information to determine the re-retrieval of presigned zones, independent of SOA serial

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@2007 d19b8d6e-7fed-0310-83ef-9ca221ded41b

commit | commitdiff | tree

Bert Hubert [Thu, 10 Feb 2011 19:52:46 +0000 (19:52 +0000)]

teach SOA freshness retriever about DNSSEC & do=1, and have it examine returned RRSIGs

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@2006 d19b8d6e-7fed-0310-83ef-9ca221ded41b

commit | commitdiff | tree

Bert Hubert [Thu, 10 Feb 2011 19:48:58 +0000 (19:48 +0000)]

silence harmless warning in botansigners

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@2005 d19b8d6e-7fed-0310-83ef-9ca221ded41b

commit | commitdiff | tree

Bert Hubert [Thu, 10 Feb 2011 19:48:21 +0000 (19:48 +0000)]

implement sqlite3 busy handler, should remove 'database is locked' errors

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@2004 d19b8d6e-7fed-0310-83ef-9ca221ded41b

commit | commitdiff | tree

Bert Hubert [Thu, 10 Feb 2011 14:35:54 +0000 (14:35 +0000)]

add Ragel based DNS Label parser next to the DNS TXT parser

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@2003 d19b8d6e-7fed-0310-83ef-9ca221ded41b

commit | commitdiff | tree

Bert Hubert [Thu, 10 Feb 2011 14:04:52 +0000 (14:04 +0000)]

fix up our tar.gz so you can actually build from it

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@2002 d19b8d6e-7fed-0310-83ef-9ca221ded41b

commit | commitdiff | tree

Bert Hubert [Thu, 10 Feb 2011 13:14:31 +0000 (13:14 +0000)]

this is not going to win any prizes.. copy the dnslabeltext.cc file here

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@2001 d19b8d6e-7fed-0310-83ef-9ca221ded41b

commit | commitdiff | tree

Bert Hubert [Thu, 10 Feb 2011 13:01:24 +0000 (13:01 +0000)]

add a 'Ragel' based DNS TXT parser & hook it up. With this change we can finally serve the whole 'zone from hell' from @jp_mens ;-)
Ragel is now a 'build-from-svn' dependency, but not 'build-from-tarball'.

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@2000 d19b8d6e-7fed-0310-83ef-9ca221ded41b

commit | commitdiff | tree

Bert Hubert [Thu, 10 Feb 2011 12:10:27 +0000 (12:10 +0000)]

perhaps this helps the signingpipe on freebsd..

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@1999 d19b8d6e-7fed-0310-83ef-9ca221ded41b

commit | commitdiff | tree

Bert Hubert [Tue, 8 Feb 2011 21:32:31 +0000 (21:32 +0000)]

prevent zone2sql and zone2ldap from importing the 'hints' zone into powerdns, which would give unexpected results.

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@1998 d19b8d6e-7fed-0310-83ef-9ca221ded41b

commit | commitdiff | tree

Bert Hubert [Tue, 8 Feb 2011 16:28:06 +0000 (16:28 +0000)]

fix up pdns_recursor compilation, improve reporting of signing errors in AXFR

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@1997 d19b8d6e-7fed-0310-83ef-9ca221ded41b

commit | commitdiff | tree

Bert Hubert [Tue, 8 Feb 2011 16:26:03 +0000 (16:26 +0000)]

fix up 'wingsuitnews.com' - they don't deserve to resolve though..

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@1996 d19b8d6e-7fed-0310-83ef-9ca221ded41b

commit | commitdiff | tree

Bert Hubert [Tue, 8 Feb 2011 08:11:35 +0000 (08:11 +0000)]

fix up previous commit, thanks Christof

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@1995 d19b8d6e-7fed-0310-83ef-9ca221ded41b

commit | commitdiff | tree

Bert Hubert [Tue, 8 Feb 2011 07:48:48 +0000 (07:48 +0000)]

bring our outgoing DNSSEC AXFR in line with the EDNS words in RFC 5936. This will hopefully placate the Microsoft DNS server. Issue discovered by Christof Meerwald.

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@1994 d19b8d6e-7fed-0310-83ef-9ca221ded41b

commit | commitdiff | tree

Bert Hubert [Mon, 7 Feb 2011 19:36:54 +0000 (19:36 +0000)]

Thanks to Jan-Piet Mens' "zone from hell", we can now serve unknown record types ('TYPE65534').

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@1993 d19b8d6e-7fed-0310-83ef-9ca221ded41b

commit | commitdiff | tree

Bert Hubert [Mon, 7 Feb 2011 16:07:48 +0000 (16:07 +0000)]

signingpipe is a bit scary.. appears to work well now

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@1992 d19b8d6e-7fed-0310-83ef-9ca221ded41b

commit | commitdiff | tree

Bert Hubert [Mon, 7 Feb 2011 10:47:02 +0000 (10:47 +0000)]

fix up std::exception for LDAP backend

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@1991 d19b8d6e-7fed-0310-83ef-9ca221ded41b

commit | commitdiff | tree

Bert Hubert [Mon, 7 Feb 2011 10:26:08 +0000 (10:26 +0000)]

remove debugging to catch request for unsupported DNSCryptoKeyEngine, plus improve request for unsupported DS digest type. Spotted by 'at0r'

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@1990 d19b8d6e-7fed-0310-83ef-9ca221ded41b

commit | commitdiff | tree

Bert Hubert [Mon, 7 Feb 2011 10:19:20 +0000 (10:19 +0000)]

removing using namespace std; from yacc too

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@1989 d19b8d6e-7fed-0310-83ef-9ca221ded41b

commit | commitdiff | tree

Bert Hubert [Mon, 7 Feb 2011 09:53:01 +0000 (09:53 +0000)]

opendbx std fixes

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@1988 d19b8d6e-7fed-0310-83ef-9ca221ded41b

commit | commitdiff | tree

Bert Hubert [Mon, 7 Feb 2011 09:51:01 +0000 (09:51 +0000)]

fix up geobackend compilation after using namespace std fixes

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@1987 d19b8d6e-7fed-0310-83ef-9ca221ded41b

commit | commitdiff | tree

Bert Hubert [Mon, 7 Feb 2011 09:42:22 +0000 (09:42 +0000)]

fix up MyDNS compatible backend compilation - this might eventually offer MyDNS users an easy DNSSEC migration path

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@1986 d19b8d6e-7fed-0310-83ef-9ca221ded41b

commit | commitdiff | tree

Bert Hubert [Mon, 7 Feb 2011 09:39:22 +0000 (09:39 +0000)]

namespaces.hh includes

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@1985 d19b8d6e-7fed-0310-83ef-9ca221ded41b

commit | commitdiff | tree

Bert Hubert [Mon, 7 Feb 2011 09:33:20 +0000 (09:33 +0000)]

improve secure-zone output when no dnssec capable backend was loaded
fix verify-crypto so it actually does that again
add dead code to implement a remote signing-server

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@1984 d19b8d6e-7fed-0310-83ef-9ca221ded41b

commit | commitdiff | tree

Bert Hubert [Mon, 7 Feb 2011 09:32:05 +0000 (09:32 +0000)]

add loads of statistics about signign speed to the tcpreceiver, plus adjust to new signing pipe interface

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@1983 d19b8d6e-7fed-0310-83ef-9ca221ded41b

commit | commitdiff | tree

Bert Hubert [Mon, 7 Feb 2011 09:31:12 +0000 (09:31 +0000)]

make sure that addKey lets us know if it worked, allowing us to spot non-working configurations
un__thread the keycache, reintroducing the 'shared key' problem, but plugging a massive memory leak

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@1982 d19b8d6e-7fed-0310-83ef-9ca221ded41b

commit | commitdiff | tree

Bert Hubert [Mon, 7 Feb 2011 09:29:03 +0000 (09:29 +0000)]

signingpipe was revamped 12 times, but is again simple.

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@1981 d19b8d6e-7fed-0310-83ef-9ca221ded41b

commit | commitdiff | tree

Bert Hubert [Mon, 7 Feb 2011 08:50:00 +0000 (08:50 +0000)]

fix up svn compilation with the 'mysqlcbackend'. Spotted by Stefan Schmidt

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@1980 d19b8d6e-7fed-0310-83ef-9ca221ded41b

commit | commitdiff | tree

Bert Hubert [Sun, 6 Feb 2011 11:15:37 +0000 (11:15 +0000)]

make sure ueberbackend returns negative if it failed to find a backend willing to host dnssec material

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@1979 d19b8d6e-7fed-0310-83ef-9ca221ded41b

commit | commitdiff | tree

Bert Hubert [Sun, 6 Feb 2011 11:14:49 +0000 (11:14 +0000)]

further round of std::changes

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@1978 d19b8d6e-7fed-0310-83ef-9ca221ded41b

commit | commitdiff | tree

Bert Hubert [Sun, 6 Feb 2011 11:13:46 +0000 (11:13 +0000)]

further std::

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@1977 d19b8d6e-7fed-0310-83ef-9ca221ded41b

commit | commitdiff | tree

Bert Hubert [Sun, 6 Feb 2011 11:11:34 +0000 (11:11 +0000)]

big batch of 'using namespace std;' removal

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@1976 d19b8d6e-7fed-0310-83ef-9ca221ded41b

commit | commitdiff | tree

Bert Hubert [Sat, 5 Feb 2011 17:40:50 +0000 (17:40 +0000)]

turns out that for each signature, we consulted the database because we ignored the cache. Amazing what numbers we got anyhow!

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@1975 d19b8d6e-7fed-0310-83ef-9ca221ded41b

commit | commitdiff | tree

Bert Hubert [Sat, 5 Feb 2011 17:39:43 +0000 (17:39 +0000)]

beginning of the removal of 'using namespace std'. Goal is to swap out string.

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@1974 d19b8d6e-7fed-0310-83ef-9ca221ded41b

commit | commitdiff | tree

Bert Hubert [Sat, 5 Feb 2011 11:26:53 +0000 (11:26 +0000)]

Google Protocol Buffers coming to PowerDNSSEC for transporting records & signatures

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@1973 d19b8d6e-7fed-0310-83ef-9ca221ded41b

commit | commitdiff | tree

Bert Hubert [Thu, 3 Feb 2011 20:46:30 +0000 (20:46 +0000)]

signingpipe is all zero-copy and hyperefficient now. but not any faster ;-(

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@1972 d19b8d6e-7fed-0310-83ef-9ca221ded41b

commit | commitdiff | tree

Bert Hubert [Thu, 3 Feb 2011 16:23:10 +0000 (16:23 +0000)]

make test-algorithms do a bit more signatures to get a better estimate of performance

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@1971 d19b8d6e-7fed-0310-83ef-9ca221ded41b

commit | commitdiff | tree

Bert Hubert [Thu, 3 Feb 2011 15:08:50 +0000 (15:08 +0000)]

add 'test-speed' to pdnssec, plus make sure test-algorithms can be run w/o loading all BIND zones

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@1970 d19b8d6e-7fed-0310-83ef-9ca221ded41b

commit | commitdiff | tree

Bert Hubert [Thu, 3 Feb 2011 15:07:11 +0000 (15:07 +0000)]

make our keyenginecache per-thread, so we don't get two threads trying to use the same engine at the same time
compile the signingpipe into pdnssec as well

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@1969 d19b8d6e-7fed-0310-83ef-9ca221ded41b

commit | commitdiff | tree

Bert Hubert [Thu, 3 Feb 2011 14:54:06 +0000 (14:54 +0000)]

add udiffNoReset for running time measurements

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@1968 d19b8d6e-7fed-0310-83ef-9ca221ded41b

commit | commitdiff | tree

Bert Hubert [Thu, 3 Feb 2011 14:53:34 +0000 (14:53 +0000)]

fix up Botan (de)initialization, plus give all DNSCryptoEngines a virtual destructor

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@1967 d19b8d6e-7fed-0310-83ef-9ca221ded41b

commit | commitdiff | tree

Bert Hubert [Thu, 3 Feb 2011 12:52:50 +0000 (12:52 +0000)]

linker gets confused by multiple global objects with same class & instance name, even when in namespace{}. Give them different names.

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@1966 d19b8d6e-7fed-0310-83ef-9ca221ded41b

commit | commitdiff | tree

Bert Hubert [Wed, 2 Feb 2011 19:35:47 +0000 (19:35 +0000)]

and add signingpipe.hh to the tarball

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@1965 d19b8d6e-7fed-0310-83ef-9ca221ded41b

commit | commitdiff | tree

Bert Hubert [Wed, 2 Feb 2011 14:11:02 +0000 (14:11 +0000)]

make sure we wait for all signatures to come in from workers at the end of a zonetransfer
speed up NSEC generation

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@1964 d19b8d6e-7fed-0310-83ef-9ca221ded41b

commit | commitdiff | tree

Bert Hubert [Wed, 2 Feb 2011 08:47:56 +0000 (08:47 +0000)]

don't calculate NSEC/NSEC3 chain for insecure zones on outgoing AXFR

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@1963 d19b8d6e-7fed-0310-83ef-9ca221ded41b

commit | commitdiff | tree

Bert Hubert [Wed, 2 Feb 2011 08:46:46 +0000 (08:46 +0000)]

this is probably a speedup, but a cleanup in any case

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@1962 d19b8d6e-7fed-0310-83ef-9ca221ded41b

commit | commitdiff | tree

Bert Hubert [Wed, 2 Feb 2011 08:29:26 +0000 (08:29 +0000)]

make sure we ship md5.hh for the tarball

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@1961 d19b8d6e-7fed-0310-83ef-9ca221ded41b

commit | commitdiff | tree

Bert Hubert [Tue, 1 Feb 2011 23:12:40 +0000 (23:12 +0000)]

make the signingpipe multithreaded, achieving around 8000 RSASHA256/1024 signatures/s so far on an 8 core machine

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@1960 d19b8d6e-7fed-0310-83ef-9ca221ded41b

commit | commitdiff | tree

Bert Hubert [Tue, 1 Feb 2011 20:36:59 +0000 (20:36 +0000)]

divorce addRRSigs() from DNSPacket. Make sure addRRSigs() uses an RRSIG order that is easier on the eyes.
Massively clean up the outgoing AXFR code by moving it to the ChunkedSigningPipe. Note to self, teach it not to sign if so required ;-)

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@1959 d19b8d6e-7fed-0310-83ef-9ca221ded41b

commit | commitdiff | tree

Bert Hubert [Tue, 1 Feb 2011 20:34:39 +0000 (20:34 +0000)]

the confusing variable name of the year goes to: static bool mustShuffle =::arg().mustDo("no-shuffle");

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@1958 d19b8d6e-7fed-0310-83ef-9ca221ded41b

commit | commitdiff | tree

Bert Hubert [Tue, 1 Feb 2011 15:51:16 +0000 (15:51 +0000)]

speed up bindbackend to pre-DNSSEC speeds. We again hail the genius of boost::multi_index, it had just the feature we need.
Plus speedup the auth fixups. We can now load a 3 million zone in 20 seconds again, and start serving dnssec immediately.

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@1957 d19b8d6e-7fed-0310-83ef-9ca221ded41b

commit | commitdiff | tree

Bert Hubert [Tue, 1 Feb 2011 15:00:33 +0000 (15:00 +0000)]

don't re-add base64 encoded algorithm

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@1956 d19b8d6e-7fed-0310-83ef-9ca221ded41b

commit | commitdiff | tree

Bert Hubert [Tue, 1 Feb 2011 14:18:00 +0000 (14:18 +0000)]

build our packages with embedded crypto++

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@1955 d19b8d6e-7fed-0310-83ef-9ca221ded41b

commit | commitdiff | tree

Bert Hubert [Tue, 1 Feb 2011 14:11:52 +0000 (14:11 +0000)]

and add the configure.ac update for CRYPTOPP

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@1954 d19b8d6e-7fed-0310-83ef-9ca221ded41b

commit | commitdiff | tree

Bert Hubert [Tue, 1 Feb 2011 14:09:51 +0000 (14:09 +0000)]

add support for Crypto++ ECDSA, refine & rename CryptoKeyEngine interface, add 'pdnssec test-algorithm' mutual testing between engines, which found a bunch of bugs (fixed)

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@1953 d19b8d6e-7fed-0310-83ef-9ca221ded41b

Unnamed repository; edit this file 'description' to name the repository.