]>
granicus.if.org Git - pdns/log
Remi Gacogne [Mon, 9 Jul 2018 07:21:14 +0000 (09:21 +0200)]
Merge pull request #6754 from rgacogne/dnsdist-subnet-collision
dnsdist: Detect ECS collisions in the packet cache
Remi Gacogne [Mon, 9 Jul 2018 07:20:06 +0000 (09:20 +0200)]
Merge pull request #6775 from rgacogne/dnsdist-none-action
dnsdist: Implement NoneAction()
Remi Gacogne [Mon, 9 Jul 2018 07:19:47 +0000 (09:19 +0200)]
Merge pull request #6776 from rgacogne/dnsdist-dynblock-noop
dnsdist: Add DNSAction.NoOp to debug Dynamic Blocks
Remi Gacogne [Fri, 6 Jul 2018 14:06:13 +0000 (16:06 +0200)]
dnsdist: Make sure that DynBlock tests do not pass when they shouldn't
Remi Gacogne [Fri, 6 Jul 2018 12:27:47 +0000 (14:27 +0200)]
dnsdist: Add DNSAction.NoOp to debug Dynamic Blocks
Setting the dynamic block action to NoOp allows the dynamic rule to
be inserted as usual and show up while looking at the rules,
while not blocking any query and not stopping subsequent rules from
being evaluated.
Remi Gacogne [Fri, 6 Jul 2018 12:26:36 +0000 (14:26 +0200)]
dnsdist: Implement NoneAction()
Remi Gacogne [Fri, 6 Jul 2018 08:14:33 +0000 (10:14 +0200)]
Merge pull request #6760 from rgacogne/dnsdist-dynblockrulesgroup-exclusions
dnsdist: Add netmask-based {ex,in}clusions to DynBlockRulesGroup
Remi Gacogne [Wed, 4 Jul 2018 08:42:49 +0000 (10:42 +0200)]
Merge pull request #6720 from rgacogne/rec-snmp-broadcast
rec: Allow the SNMP thread to retrieve statistics
Remi Gacogne [Wed, 27 Jun 2018 13:21:09 +0000 (15:21 +0200)]
dnsdist: Remove an unused local variable in getEDNSOptionsStart()
Remi Gacogne [Mon, 25 Jun 2018 09:29:31 +0000 (11:29 +0200)]
dnsdist: Detect ECS collisions in the packet cache
We did not detect a collision involving two queries for the same qname,
qtype, qclass and flags but with different ECS values hashing to the same key.
This commit adds an option to the packet cache to parse and keep the ECS value
in order to detect this kind of collisions.
It's not enabled by default because parsing the ECS value has a cost.
Remi Gacogne [Wed, 4 Jul 2018 08:27:05 +0000 (10:27 +0200)]
Merge pull request #6767 from rgacogne/dnsdist-dynblocks-api-lower
dnsdist: Fix duration false positive in the dynblock regression tests
Remi Gacogne [Wed, 4 Jul 2018 08:26:50 +0000 (10:26 +0200)]
Merge pull request #6762 from rgacogne/dnsdist-unorderedmap-table
dnsdist: Fix iterating over the results of exceed*() functions
Remi Gacogne [Wed, 4 Jul 2018 08:26:12 +0000 (10:26 +0200)]
Merge pull request #6749 from rgacogne/dnsdist-cache-dump
dnsdist: Add the ability to dump a summary of the cache content
Remi Gacogne [Mon, 2 Jul 2018 14:16:40 +0000 (16:16 +0200)]
dnsdist: Fix duration false positive in the dynblock regression tests
The number of remaining seconds might also be equal to the minimum
value.
Remi Gacogne [Mon, 2 Jul 2018 06:58:47 +0000 (08:58 +0200)]
Merge pull request #6765 from PowerDNS/doc-bind-api-ro
Document that BIND backend hosted zones can't be altered from the API
bert hubert [Fri, 29 Jun 2018 21:05:40 +0000 (23:05 +0200)]
Document that BIND backend hosted zones can't be altered from the API
Remi Gacogne [Thu, 28 Jun 2018 13:13:51 +0000 (15:13 +0200)]
Merge pull request #6747 from rgacogne/dnsdist-flags-collision
dnsdist: Check the flags to detect collisions in the packet cache
Remi Gacogne [Thu, 28 Jun 2018 13:11:40 +0000 (15:11 +0200)]
Merge pull request #6744 from rgacogne/rec-edns-options-multi-values
rec: Support multiple values for the same EDNS option in gettag
Remi Gacogne [Thu, 28 Jun 2018 10:29:51 +0000 (12:29 +0200)]
dnsdist: Test that we can iterate over the results of exceed*()
Remi Gacogne [Thu, 28 Jun 2018 09:04:49 +0000 (11:04 +0200)]
LuaWrapper: Add support for handling specialized unordered map as tables
Remi Gacogne [Wed, 27 Jun 2018 12:52:37 +0000 (14:52 +0200)]
dnsdist: Add netmask-based {ex,in}clusions to DynBlockRulesGroup
Remi Gacogne [Thu, 21 Jun 2018 10:38:50 +0000 (12:38 +0200)]
dnsdist: Check the flags to detect collisions in the packet cache
In the unlikely but quite real event two queries with the same qname,
qtype and qclass but different EDNS options or flags end up with
the same hash, the packet cache would return a answer that might
not be suitable for the query. Reduce the odds by checking the
flags present in the dns header in addition to the qname, qtype
and qclass.
For the same reason we might need to consider storing the ECS
subnet if any.
Remi Gacogne [Fri, 22 Jun 2018 07:49:37 +0000 (09:49 +0200)]
dnsdist: Add the ability to dump a summary of the cache content
Pieter Lexis [Thu, 21 Jun 2018 15:49:54 +0000 (17:49 +0200)]
Merge pull request #6697 from jsoref/rec_control_tmp
Recursor: try to document how to handle systemd private tmp
Pieter Lexis [Thu, 21 Jun 2018 15:47:10 +0000 (17:47 +0200)]
Merge pull request #6733 from rgacogne/rec-multi-rpz
rec: Add support for multiple rpz masters as failover
Pieter Lexis [Thu, 21 Jun 2018 15:46:49 +0000 (17:46 +0200)]
Merge pull request #6740 from rgacogne/dnsdist-packetcache-neg-ttl
dnsdist: Add a negative TTL option to the packet cache
Pieter Lexis [Thu, 21 Jun 2018 15:45:21 +0000 (17:45 +0200)]
Merge pull request #6741 from rgacogne/rec-forward-recurse-aa-cache
rec: Don't require authoritative answers for forward-recurse zones
Pieter Lexis [Thu, 21 Jun 2018 15:43:56 +0000 (17:43 +0200)]
Merge pull request #6745 from rubenk/fix-typo-in-recursor-docs
Fix a typo in the recursor docs
Pieter Lexis [Thu, 21 Jun 2018 15:43:45 +0000 (17:43 +0200)]
Merge pull request #6746 from rubenk/document-default-for-pdns-distributes-queries
pdns-distributes-queries is on by default
Ruben Kerkhof [Thu, 21 Jun 2018 09:24:20 +0000 (11:24 +0200)]
pdns-distributes-queries is on by default
Document this
Ruben Kerkhof [Thu, 21 Jun 2018 08:42:12 +0000 (10:42 +0200)]
Fix a typo in the recursor docs
Remi Gacogne [Thu, 21 Jun 2018 07:59:45 +0000 (09:59 +0200)]
Merge pull request #6495 from Habbie/parse-resolvconf-once
only parse resolv.conf once - this avoids race conditions
Remi Gacogne [Thu, 21 Jun 2018 07:58:32 +0000 (09:58 +0200)]
Merge pull request #6713 from mind04/bogus-ring
rec: add bogus ring to make it more easy to detect high profile domains with broken dnssec
Kees Monshouwer [Wed, 20 Jun 2018 11:59:05 +0000 (13:59 +0200)]
rec: update the validation state when we replace an existing entry in the packet cache
Remi Gacogne [Tue, 19 Jun 2018 10:30:57 +0000 (12:30 +0200)]
rec: Add some regression tests for our Lua hooks
Remi Gacogne [Mon, 18 Jun 2018 15:55:07 +0000 (17:55 +0200)]
rec: Support multiple values for the same EDNS option in gettag
And in the FFI version of gettag.
Kees Monshouwer [Mon, 18 Jun 2018 19:32:25 +0000 (21:32 +0200)]
rec: move bogus ring from packet cache to doProcessUDPQuestion()
Remi Gacogne [Fri, 15 Jun 2018 15:01:07 +0000 (17:01 +0200)]
rec: Don't require authoritative answers for forward-recurse zones
Remi Gacogne [Fri, 15 Jun 2018 12:39:47 +0000 (14:39 +0200)]
Merge pull request #6589 from chbruyand/rec-lua-maintenance
rec: Add lua maintenance callback
Remi Gacogne [Fri, 15 Jun 2018 12:31:38 +0000 (14:31 +0200)]
Merge pull request #6692 from Habbie/reorder-subdirs
auth: reorder SUBDIRS
Remi Gacogne [Fri, 15 Jun 2018 12:31:12 +0000 (14:31 +0200)]
Merge pull request #6695 from zeha/doc-dnssec-cd
Tiny Recursor dnssec doc improvements
Remi Gacogne [Fri, 15 Jun 2018 12:30:11 +0000 (14:30 +0200)]
Merge pull request #6725 from zeha/docs-table-size
docs/dnssec: improve HTML rendering of table
Remi Gacogne [Wed, 6 Jun 2018 15:15:51 +0000 (17:15 +0200)]
rec: Add regression tests for SNMP
Remi Gacogne [Wed, 6 Jun 2018 14:05:20 +0000 (16:05 +0200)]
rec: Allow the SNMP thread to retrieve statistics
Peter van Dijk [Thu, 14 Jun 2018 20:38:39 +0000 (22:38 +0200)]
Merge pull request #6739 from ahupowerdns/dedup-rhel6-fix
fix up compilation on rhel6 for dedup speedup in auth
Remi Gacogne [Wed, 13 Jun 2018 08:35:55 +0000 (10:35 +0200)]
dnsdist: Add a negative TTL option to the packet cache
Also add unit tests for the standalone functions in dnsparser.cc
Remi Gacogne [Wed, 13 Jun 2018 16:27:37 +0000 (18:27 +0200)]
dnsdist: Pass the correct section to the 'editTTLs' callback
bert hubert [Thu, 14 Jun 2018 15:08:13 +0000 (17:08 +0200)]
fix up compilation on rhel6 for dedup speedup in auth
bert hubert [Thu, 14 Jun 2018 10:10:42 +0000 (12:10 +0200)]
Merge pull request #6730 from ahupowerdns/dedup-speedup
Implement a smarter dedup for filling packets in auth
Remi Gacogne [Wed, 13 Jun 2018 12:35:45 +0000 (14:35 +0200)]
Merge pull request #6735 from rgacogne/rpz-ixfr-api-tests-fix
rec: Add full AXFR in the middle of IXFR, API checks in RPZ tests
bert hubert [Wed, 13 Jun 2018 08:47:50 +0000 (10:47 +0200)]
speed up dedup code, use less memory
Remi Gacogne [Wed, 13 Jun 2018 07:24:35 +0000 (09:24 +0200)]
rec: Add full AXFR in the middle of IXFR, API checks in RPZ tests
Remi Gacogne [Tue, 12 Jun 2018 14:36:39 +0000 (16:36 +0200)]
rec: Add support for multiple rpz masters as failover
Remi Gacogne [Tue, 12 Jun 2018 13:49:18 +0000 (15:49 +0200)]
Merge pull request #6722 from rgacogne/rec-rpz-ixfr-tests
rec: Add some regression tests for RPZ over AXFR and IXFR
bert hubert [Tue, 12 Jun 2018 13:30:56 +0000 (15:30 +0200)]
improve comments, clean up code a bit
bert hubert [Tue, 12 Jun 2018 13:18:12 +0000 (15:18 +0200)]
Implement a smarter dedup for filling packets in auth
Remi Gacogne [Tue, 12 Jun 2018 12:00:01 +0000 (14:00 +0200)]
Merge pull request #6715 from rgacogne/dnsdist-console-nokey
dnsdist: Refuse console connection without a proper key set
Remi Gacogne [Tue, 12 Jun 2018 11:51:24 +0000 (13:51 +0200)]
Merge pull request #6729 from rgacogne/packetcache-ttl-test-6578
auth: Increase the packet cache TTL in our unit tests
Remi Gacogne [Thu, 7 Jun 2018 16:57:03 +0000 (18:57 +0200)]
rec: Add some regression tests for RPZ over AXFR and IXFR
Remi Gacogne [Mon, 11 Jun 2018 15:36:36 +0000 (17:36 +0200)]
auth: Increase the packet cache TTL in our unit tests
Hopefully this will lower the risks of failure on slow hosts, like
our pi builder.
Remi Gacogne [Mon, 11 Jun 2018 13:36:00 +0000 (15:36 +0200)]
dnsdist: Mention earlier that libsodium is required for console encryption
Remi Gacogne [Mon, 11 Jun 2018 13:31:19 +0000 (15:31 +0200)]
dnsdist: Fix a typo in one of the console error messages
Remi Gacogne [Mon, 11 Jun 2018 13:02:31 +0000 (15:02 +0200)]
Merge pull request #6718 from rgacogne/dnsdist-web-decimals
dnsdist: Limit QPS and latency to two decimals in the web view
Remi Gacogne [Mon, 11 Jun 2018 07:37:51 +0000 (09:37 +0200)]
Merge pull request #6627 from rgacogne/rec-truncated-queries
rec: Drop queries truncated because they were larger than our buffer
Chris Hofstaedtler [Tue, 29 May 2018 22:25:32 +0000 (00:25 +0200)]
docs/dnssec: improve HTML rendering of table
Remi Gacogne [Fri, 8 Jun 2018 07:24:25 +0000 (09:24 +0200)]
Merge pull request #6563 from pieterlexis/dnsdist-droprate-in-API
dnsdist: show droprate in API output
bert hubert [Fri, 8 Jun 2018 06:44:15 +0000 (08:44 +0200)]
Merge pull request #6724 from setharnold/patch-7
add missing word 'impact' to the documentation
Remi Gacogne [Fri, 1 Jun 2018 10:07:11 +0000 (12:07 +0200)]
rec: Resize the incoming query buffer to 512 after each query
Remi Gacogne [Fri, 1 Jun 2018 10:05:15 +0000 (12:05 +0200)]
rec: Use a 512-byte buffer for incoming queries instead of 1500
Remi Gacogne [Fri, 18 May 2018 13:57:06 +0000 (15:57 +0200)]
rec: Drop queries truncated because they were larger than our buffer
setharnold [Fri, 8 Jun 2018 01:22:53 +0000 (18:22 -0700)]
add missing word 'impact'
Remi Gacogne [Thu, 7 Jun 2018 14:35:49 +0000 (16:35 +0200)]
Merge pull request #6716 from rgacogne/dnsdist-tcp-vector-size
dnsdist: Don't access the TCP buffer vector past its size
Remi Gacogne [Thu, 7 Jun 2018 13:30:58 +0000 (15:30 +0200)]
Merge pull request #6717 from phonedph1/patch-4
Update timedipsetrule.rst
Remi Gacogne [Wed, 6 Jun 2018 12:53:41 +0000 (14:53 +0200)]
dnsdist: Limit QPS and latency to two decimals in the web view
Remi Gacogne [Wed, 6 Jun 2018 12:32:33 +0000 (14:32 +0200)]
dnsdist: Clarify that local connections to the console should be encrypted too
Remi Gacogne [Wed, 6 Jun 2018 09:51:57 +0000 (11:51 +0200)]
Merge pull request #6711 from chbruyand/dnsdist-connection-close
dnsdist: default set "Connection: close" header for web requests
Remi Gacogne [Wed, 6 Jun 2018 09:51:31 +0000 (11:51 +0200)]
Merge pull request #6710 from rgacogne/dnsdist-dynblocks-duration-test
dnsdist: Test the content of dynamic blocks using the API
Remi Gacogne [Wed, 6 Jun 2018 08:34:44 +0000 (10:34 +0200)]
dnsdist: Remove left-over debug message in the console code
Charles-Henri Bruyand [Wed, 6 Jun 2018 07:22:12 +0000 (09:22 +0200)]
rec: REALLY restrict maintenance() callback to worker threads
Charles-Henri Bruyand [Wed, 6 Jun 2018 07:02:53 +0000 (09:02 +0200)]
bump version as 4.1.3 has been released
Charles-Henri Bruyand [Wed, 6 Jun 2018 06:49:39 +0000 (08:49 +0200)]
"Connection: close" is not a security header
phonedph1 [Wed, 6 Jun 2018 01:58:37 +0000 (19:58 -0600)]
Update timedipsetrule.rst
I think this makes more sense based on what it does and to match the overall description.
Also fix typo in differently.
Kees Monshouwer [Tue, 5 Jun 2018 00:16:26 +0000 (02:16 +0200)]
rec: add cached bogus answers to the statistics
Remi Gacogne [Tue, 5 Jun 2018 22:10:13 +0000 (00:10 +0200)]
dnsdist: Don't access the TCP buffer vector past its size
The required memory has been reserve()'d, but we are not allowed to
access it directly, and it breaks when compiled with the following
flag, checking any access to containers as if .at() were used:
-D_GLIBCXX_ASSERTIONS
Remi Gacogne [Tue, 5 Jun 2018 21:28:31 +0000 (23:28 +0200)]
dnsdist: Refuse console connection without a proper key set
Charles-Henri Bruyand [Tue, 5 Jun 2018 15:42:38 +0000 (17:42 +0200)]
dnsdist: default set "Connection: close" header for web requests
Remi Gacogne [Tue, 5 Jun 2018 11:49:07 +0000 (13:49 +0200)]
dnsdist: Test the content of dynamic blocks using the API
Remi Gacogne [Tue, 5 Jun 2018 07:29:32 +0000 (09:29 +0200)]
Merge pull request #6705 from ahupowerdns/recursor-tracelog-improv
slightly improve DNSSEC trace logging
Remi Gacogne [Tue, 5 Jun 2018 07:29:20 +0000 (09:29 +0200)]
Merge pull request #6707 from rgacogne/shadowed-vars
rec: Fix some warnings reported by GCC
Kees Monshouwer [Mon, 4 Jun 2018 22:31:20 +0000 (00:31 +0200)]
rec: add bogus ringbuffer to make it more easy to detect high profile bogus domains
Remi Gacogne [Mon, 4 Jun 2018 15:31:37 +0000 (17:31 +0200)]
Merge pull request #6706 from claranet/fix-dynblock-duration
Dynamic blocks were being created with the wrong duration
David Freedman [Mon, 4 Jun 2018 11:59:37 +0000 (12:59 +0100)]
Dynamic blocks were being created with the wrong duration (the detection interval was being used).
bert hubert [Mon, 4 Jun 2018 12:54:43 +0000 (14:54 +0200)]
slightly improve DNSSEC trace logging
Remi Gacogne [Mon, 4 Jun 2018 09:49:50 +0000 (11:49 +0200)]
Fix a GCC warning about strncpy()
We always NULL-terminate the string anyway, but let's make the
compiler happy.
Remi Gacogne [Mon, 4 Jun 2018 09:48:59 +0000 (11:48 +0200)]
Fix some shadowed variables reported by GCC with -Wshadow
Remi Gacogne [Fri, 1 Jun 2018 14:49:37 +0000 (16:49 +0200)]
Merge pull request #6701 from rgacogne/nits-cppcheck
Fix minor warnings reported by the compiler or cppcheck
Remi Gacogne [Tue, 29 May 2018 14:14:16 +0000 (16:14 +0200)]
rec: Remove unused lambda capture 'checkOnly' in the rpzMaster()
Remi Gacogne [Tue, 29 May 2018 14:13:44 +0000 (16:13 +0200)]
rec: Pass the remote logger to asyncresolve() by reference
Remi Gacogne [Tue, 29 May 2018 14:12:35 +0000 (16:12 +0200)]
auth: Pass signQName to getRRSIGsForRRSET / addSignature by ref
Remi Gacogne [Tue, 29 May 2018 14:11:57 +0000 (16:11 +0200)]
GeoIP: Fix a struct/class mixup