]>
granicus.if.org Git - pdns/log
Remi Gacogne [Thu, 4 Aug 2016 17:01:22 +0000 (19:01 +0200)]
auth: Handle out_of_range exception when parsing serial
Unsure if we can actually get a bad serial here, but we are checking
the number of parts so it looks like it might happen.
Remi Gacogne [Thu, 4 Aug 2016 17:00:07 +0000 (19:00 +0200)]
auth: Catch out_of_range exception when parsing serial
Peter van Dijk [Wed, 3 Aug 2016 19:01:11 +0000 (21:01 +0200)]
Merge pull request #4274 from mind04/dhcid
report DHCID type
Peter van Dijk [Tue, 2 Aug 2016 20:37:39 +0000 (22:37 +0200)]
Merge pull request #4271 from Habbie/ucontext_t
fix type
Kees Monshouwer [Tue, 2 Aug 2016 19:09:46 +0000 (21:09 +0200)]
report DHCID type
Peter van Dijk [Tue, 2 Aug 2016 13:48:34 +0000 (15:48 +0200)]
fix type
Remi Gacogne [Mon, 1 Aug 2016 07:18:37 +0000 (09:18 +0200)]
Merge pull request #4042 from rgacogne/dnsdist-tcp-fast-open
dnsdist: Add server-side TCP Fast Open support
Remi Gacogne [Mon, 1 Aug 2016 07:17:33 +0000 (09:17 +0200)]
Merge pull request #4067 from rgacogne/dnsdist-fix-ebpf-detection
dnsdist: Disable eBPF support when BPF_FUNC_tail_call is not found
Remi Gacogne [Mon, 1 Aug 2016 07:16:56 +0000 (09:16 +0200)]
Merge pull request #4079 from rgacogne/dnsdist-remotelog-no-protobuf
dnsdist: Return an error on RemoteLog{,Response}Action() w/o protobuf
Remi Gacogne [Mon, 1 Aug 2016 07:16:42 +0000 (09:16 +0200)]
Merge pull request #4198 from stutiredboy/master
newServer setting maxCheckFailures makes no sense
Remi Gacogne [Mon, 1 Aug 2016 07:15:51 +0000 (09:15 +0200)]
Merge pull request #4246 from rgacogne/dnsdist-api-array-pools
dnsdist: API now sends pools as a JSON array instead of a string
Pieter Lexis [Fri, 29 Jul 2016 14:28:18 +0000 (16:28 +0200)]
Merge pull request #4056 from zeha/openssl11
OpenSSL 1.1.0 support
Pieter Lexis [Fri, 29 Jul 2016 13:55:37 +0000 (15:55 +0200)]
More changelog fixes
Pieter Lexis [Fri, 29 Jul 2016 13:31:32 +0000 (15:31 +0200)]
Update changelog with one more entry
Peter van Dijk [Fri, 29 Jul 2016 13:29:21 +0000 (15:29 +0200)]
Merge pull request #4252 from rgacogne/auth-bind-include-length
auth: Don't include bind files if length <= 2 or > sizeof(filename)
Pieter Lexis [Fri, 29 Jul 2016 13:26:15 +0000 (15:26 +0200)]
Merge pull request #4241 from pieterlexis/401-changelog
4.0.1 changelog, docs and secpoll
Pieter Lexis [Thu, 28 Jul 2016 09:02:40 +0000 (11:02 +0200)]
Add 4.0.1 to secpoll
Pieter Lexis [Thu, 28 Jul 2016 08:56:56 +0000 (10:56 +0200)]
Add some docs on new ComboAddress features in Lua
Pieter Lexis [Thu, 28 Jul 2016 08:53:01 +0000 (10:53 +0200)]
Add Upgrade Notes for the recursor
Pieter Lexis [Thu, 28 Jul 2016 08:51:40 +0000 (10:51 +0200)]
Add auth 4.0.1 changelog
Pieter Lexis [Thu, 28 Jul 2016 08:51:24 +0000 (10:51 +0200)]
Add recursor 4.0.1 changelog entries
Christian Hofstaedtler [Mon, 27 Jun 2016 19:45:23 +0000 (19:45 +0000)]
opensslsigners: use libcrypto access functions
Christian Hofstaedtler [Mon, 27 Jun 2016 13:50:31 +0000 (13:50 +0000)]
opensslsigners: remove thread/locking setup, not needed in openssl 1.1 anymore
Christian Hofstaedtler [Mon, 27 Jun 2016 13:50:05 +0000 (13:50 +0000)]
dns_random: Use CRYPTO_ctr128_encrypt when available
As AES_ctr128_encrypt is removed in OpenSSL 1.1.0.
Pieter Lexis [Mon, 27 Jun 2016 18:41:52 +0000 (20:41 +0200)]
Add PDNS_CHECK_LIBCRYPTO based on AX_CHECK_OPENSSL
This detects libcrypto for OpenSSL 0.9.8, 1.0 and 1.1.
Furthermore, curve detection appeared broken on Arch Linux, this is fixed
with the addition of PDNS_CHECK_LIBCRYPTO_ECDSA, without breaking on Debian
Jessie, Ubuntu Trusty, Wily and Xenial and CentOS 5 through 7.
Pieter Lexis [Fri, 29 Jul 2016 12:38:49 +0000 (14:38 +0200)]
Merge pull request #4255 from pieterlexis/stl-error-on-broken-soa
Auth: catch runtime_error when parsing a broken MNAME
Pieter Lexis [Fri, 29 Jul 2016 12:38:39 +0000 (14:38 +0200)]
Merge pull request #4207 from pieterlexis/multiple-DS-per-name
Change DS config items to dsmap_t
Pieter Lexis [Thu, 21 Jul 2016 14:43:47 +0000 (16:43 +0200)]
Change dsmap_t to a set to prevent duplicates
Pieter Lexis [Tue, 19 Jul 2016 13:38:27 +0000 (15:38 +0200)]
Change DS config items to dsmap_t
Ensure that addTA() appends the DS.
Christian Hofstaedtler [Fri, 1 Jul 2016 12:17:08 +0000 (14:17 +0200)]
test-algorithms: check public key can be reloaded
Christian Hofstaedtler [Fri, 1 Jul 2016 09:57:35 +0000 (11:57 +0200)]
opensslsigners: mark member overrides
Fixes warnings from clang.
Pieter Lexis [Fri, 29 Jul 2016 10:21:25 +0000 (12:21 +0200)]
Auth: PDNSException for bad SOA MNAME or RNAME
This prevents blowing up the bind backend on startup when one zone
contains a bad SOA record.
Pieter Lexis [Fri, 29 Jul 2016 08:52:51 +0000 (10:52 +0200)]
Merge pull request #4242 from rgacogne/fix-protobuf-todebugstring-4240
Fix `DNSProtoBufMessage::toDebugString()` without protobuf support
Pieter Lexis [Fri, 29 Jul 2016 08:45:33 +0000 (10:45 +0200)]
Merge pull request #4245 from mind04/nsec
direct nsec nxdomain
Pieter Lexis [Fri, 29 Jul 2016 08:45:26 +0000 (10:45 +0200)]
Merge pull request #4250 from mind04/tologstring
use toLogString() for ringAccount
Kees Monshouwer [Thu, 28 Jul 2016 21:23:56 +0000 (23:23 +0200)]
use toLogString() for ringAccount
Peter van Dijk [Thu, 28 Jul 2016 17:56:13 +0000 (19:56 +0200)]
Merge pull request #4247 from pieterlexis/fail-on-missing-components
Autoconf improvements
Pieter Lexis [Thu, 28 Jul 2016 15:17:26 +0000 (17:17 +0200)]
Merge pull request #4222 from aj-gh/fix-doc-timedout-packets
Correct wrong statistics counter name in docs
Pieter Lexis [Thu, 28 Jul 2016 15:17:19 +0000 (17:17 +0200)]
Merge pull request #4243 from pieterlexis/toString-in-current-queries
Recursor: Fix a possible crash
Pieter Lexis [Thu, 28 Jul 2016 14:37:06 +0000 (16:37 +0200)]
dnsdist: we don't use boost::foreach anymore
Pieter Lexis [Thu, 28 Jul 2016 14:33:06 +0000 (16:33 +0200)]
Auth: Fail configure on missing boost components
Prevents issues like #4239
Kees Monshouwer [Thu, 28 Jul 2016 14:03:21 +0000 (16:03 +0200)]
test response for non existent direct nsec queries
Remi Gacogne [Thu, 28 Jul 2016 13:50:08 +0000 (15:50 +0200)]
dnsdist: API now sends pools as a JSON array instead of a string
Kees Monshouwer [Thu, 28 Jul 2016 13:17:39 +0000 (15:17 +0200)]
don't send covering nsec records for direct nsec queries
Pieter Lexis [Thu, 28 Jul 2016 12:21:10 +0000 (14:21 +0200)]
Recursor: Fix a possible crash
When the parser creates empty DNSNames (for whatever reason) and
`rec_control current-queries` is run, the process would abort because it
tried to print an empty DNSName.
Pieter Lexis [Thu, 28 Jul 2016 10:38:31 +0000 (12:38 +0200)]
Merge pull request #4214 from rgacogne/auth-supermaster-proxy-ecs
auth: Trust EDNS Client Subnet from a trusted notification proxy
Pieter Lexis [Thu, 28 Jul 2016 09:49:39 +0000 (11:49 +0200)]
Merge pull request #4210 from pieterlexis/rec-secpoll-validate
Validate DNSSEC for secpoll.powerdns.com
Remi Gacogne [Thu, 28 Jul 2016 09:08:43 +0000 (11:08 +0200)]
Fix `DNSProtoBufMessage::toDebugString()` without protobuf support
Fixes #4240.
Pieter Lexis [Thu, 28 Jul 2016 08:15:25 +0000 (10:15 +0200)]
Merge pull request #4183 from hnsk/pdnsutil-always-diff
pdnsutil: Remove checking of ctime and always diff the changes.
Pieter Lexis [Thu, 28 Jul 2016 08:01:22 +0000 (10:01 +0200)]
Merge pull request #4206 from rgacogne/auth-psql-deallocate-4201
auth: Don't try to deallocate empty PG statements
Pieter Lexis [Thu, 28 Jul 2016 08:00:47 +0000 (10:00 +0200)]
Merge pull request #4126 from rgacogne/auth-carbon-freebsd
auth: Wait for the connection to the carbon server to be established
Pieter Lexis [Thu, 28 Jul 2016 07:59:21 +0000 (09:59 +0200)]
Merge pull request #4142 from mind04/fd-usage
add used filedescriptor statistics to auth
Pieter Lexis [Thu, 28 Jul 2016 07:54:05 +0000 (09:54 +0200)]
Merge pull request #4168 from cmouse/recursor-lua-netmask
Add more Netmask methods for recursor Lua
Pieter Lexis [Thu, 28 Jul 2016 07:53:56 +0000 (09:53 +0200)]
Merge pull request #4140 from James-TR/fix-include-sys-poll
resolver.cc: fix warnings with gcc on musl-libc
Pieter Lexis [Thu, 28 Jul 2016 07:53:47 +0000 (09:53 +0200)]
Merge pull request #4224 from mind04/regression
fix AXFR-SOURCE tests
Remi Gacogne [Wed, 27 Jul 2016 15:15:43 +0000 (17:15 +0200)]
auth: Don't include bind files if length < 2 or > sizeof(filename)
Pieter Lexis [Wed, 27 Jul 2016 12:34:27 +0000 (14:34 +0200)]
Merge pull request #4215 from rgacogne/rec-rpz-override-local
rec: RPZ default policy should also override local data RRs
Kees Monshouwer [Sat, 23 Jul 2016 12:14:47 +0000 (14:14 +0200)]
grep out fd-usage metric in counters test
bert hubert [Fri, 22 Jul 2016 19:13:07 +0000 (21:13 +0200)]
Merge pull request #4205 from rgacogne/dnsdist-downstream-any
dnsdist: Prevent the use of "any" addresses for downstream server
bert hubert [Fri, 22 Jul 2016 19:12:27 +0000 (21:12 +0200)]
Merge pull request #4211 from pieterlexis/secpoll-400-unsupported
Secpoll: Set 4.0.0 pre-releases to "upgrade now"
bert hubert [Fri, 22 Jul 2016 19:11:51 +0000 (21:11 +0200)]
Merge pull request #4221 from Habbie/no-clobber-erno
save errno before we clobber it
bert hubert [Fri, 22 Jul 2016 19:11:16 +0000 (21:11 +0200)]
Merge pull request #4217 from ahupowerdns/nxtrust
turn on root-nx-trust by default and log-common-errors=off, and document that
Kees Monshouwer [Fri, 22 Jul 2016 17:50:51 +0000 (19:50 +0200)]
fix AXFR-SOURCE tests
bert hubert [Fri, 22 Jul 2016 13:20:59 +0000 (15:20 +0200)]
clarify root-nx-trust by explicitly setting it to yes
bert hubert [Fri, 22 Jul 2016 13:20:32 +0000 (15:20 +0200)]
turn off the logging of common errors by default. In high traffic situations with synchronous logging, this is dangerous.
bert hubert [Fri, 22 Jul 2016 13:19:23 +0000 (15:19 +0200)]
Merge pull request #4220 from rgacogne/dnsdist-no-error-parsing-udp-query
dnsdist: Don't log an error when parsing an invalid UDP query
Andreas Jakum [Fri, 22 Jul 2016 13:01:29 +0000 (15:01 +0200)]
Correct wrong statistics counter name in docs
Peter van Dijk [Thu, 21 Jul 2016 15:06:57 +0000 (17:06 +0200)]
Merge pull request #4164 from pieterlexis/fail-on-lua-dns-script-missing
Fail on startup when lua-dns-script doesn't exist
Pieter Lexis [Thu, 21 Jul 2016 15:02:34 +0000 (17:02 +0200)]
Merge pull request #4192 from Habbie/dnsreplay-nostamp
only ecs-stamp when asked for
Peter van Dijk [Thu, 21 Jul 2016 14:58:16 +0000 (16:58 +0200)]
Merge pull request #4152 from zeha/test-doubleeq
Use single equal sign when calling test(1)
Peter van Dijk [Thu, 21 Jul 2016 14:49:20 +0000 (16:49 +0200)]
save errno before we clobber it
Remi Gacogne [Thu, 21 Jul 2016 14:11:06 +0000 (16:11 +0200)]
dnsdist: Don't log an error when parsing an invalid UDP query
It can still be displayed in verbose mode, but we don't want to
flood our logs for this.
bert hubert [Thu, 21 Jul 2016 10:06:39 +0000 (12:06 +0200)]
turn on root-nx-trust by default, and document that
Peter van Dijk [Thu, 21 Jul 2016 09:57:47 +0000 (11:57 +0200)]
Merge pull request #4119 from mind04/recursor
rec: improve dnssec record skipping for non dnssec queries
Peter van Dijk [Thu, 21 Jul 2016 09:52:15 +0000 (11:52 +0200)]
Merge pull request #4114 from rgacogne/dnsdist-labelscount-rule
dnsdist: Add `QNameLabelsCountRule()` and `QNameWireLengthRule()`
Peter van Dijk [Thu, 21 Jul 2016 09:41:46 +0000 (11:41 +0200)]
Merge pull request #4133 from rgacogne/issue-4128
Add limits to the size of received {A,I}XFR, in megabytes
Pieter Lexis [Thu, 21 Jul 2016 09:35:14 +0000 (11:35 +0200)]
Merge pull request #4213 from pieterlexis/tinydns-for-centos
Create tinydns backend packages for CentOS 7
Pieter Lexis [Thu, 21 Jul 2016 09:34:55 +0000 (11:34 +0200)]
Merge pull request #4212 from pieterlexis/pgp-key
Add PGP key to tarball signers
Remi Gacogne [Wed, 20 Jul 2016 13:59:49 +0000 (15:59 +0200)]
auth: Trust EDNS Client Subnet from a trusted notification proxy
This allows for example the use of dnsdist in front of supermaster
slaves.
dnsdist must be configured to send ECS to the backend with:
* `useClientSubnet=true` on the corresponding `newServer()`
* `setECSSourcePrefixV4(32)` and/or `setECSSourcePrefixV6(128)` so
the exact source is sent to the slave
* `setECSOverride(true)` so that any existing ECS information is
overridden
In addition, pdns must be configured to accept notification from
dnsdist with `trusted-notification-proxy` and to process ECS with
`edns-subnet-processing=yes`.
Remi Gacogne [Wed, 20 Jul 2016 12:49:04 +0000 (14:49 +0200)]
rec: RPZ default policy should also override local data RRs
Pieter Lexis [Wed, 20 Jul 2016 10:52:53 +0000 (12:52 +0200)]
Add PGP key to tarball signers
Pieter Lexis [Tue, 19 Jul 2016 15:24:26 +0000 (17:24 +0200)]
Create tinydns backend packages for CentOS 7
Pieter Lexis [Wed, 20 Jul 2016 10:33:07 +0000 (12:33 +0200)]
Secpoll: Set 4.0.0 pre-releases to "upgrade now"
Pieter Lexis [Wed, 20 Jul 2016 10:22:32 +0000 (12:22 +0200)]
Rec: validate DNSSEC for secpoll.powerdns.com
bert hubert [Tue, 19 Jul 2016 19:48:32 +0000 (21:48 +0200)]
Merge pull request #4044 from cmouse/dnspacket-comboaddr
Dnspacket comboaddr
bert hubert [Tue, 19 Jul 2016 18:55:39 +0000 (20:55 +0200)]
Merge pull request #4187 from pieterlexis/bogus-island-of-trust
Two more DNSSEC fixes
James Taylor [Sat, 9 Jul 2016 09:38:42 +0000 (09:38 +0000)]
resolver.cc: fix warnings with gcc on musl-libc
resolver.cc makes an incorrect include directive of `poll.h`. The
correct syntax for inclusion, according to `man 2 poll` is:
`#include <poll.h>`
This commit prevents warnings from being displayed due to going through
musl-libc's compatibility wrappers
Remi Gacogne [Tue, 19 Jul 2016 08:50:43 +0000 (10:50 +0200)]
auth: Don't try to deallocate empty PG statements
When a SPgSQLStatement is released without having been prepared,
we execute an invalid 'DEALLOCATE ' SQL command. This might happen
if the statement has not been used before being destroyed, for example.
stutiredboy [Tue, 19 Jul 2016 03:08:55 +0000 (11:08 +0800)]
healthChecksThread indentation fixed.
Remi Gacogne [Mon, 18 Jul 2016 13:00:26 +0000 (15:00 +0200)]
dnsdist: Prevent the use of "any" addresses for downstream server
Otherwise the corresponding `DownstreamState`'s FD is -1 (needed
for 'client' mode) and we loop endlessly on `recvfrom()` returning -1.
Reported by Sander Smeenk.
stutiredboy [Mon, 18 Jul 2016 09:48:08 +0000 (17:48 +0800)]
newServer setting maxCheckFailures makes no sense
Pieter Lexis [Fri, 15 Jul 2016 09:54:53 +0000 (11:54 +0200)]
Add changelog entry
Pieter Lexis [Fri, 15 Jul 2016 14:25:32 +0000 (16:25 +0200)]
Validate all key paths on possible Insecure
Before, we only checked the first QName, now we go through every name we
have to verify that the answer is indeed insecure.
Pieter Lexis [Fri, 15 Jul 2016 14:24:30 +0000 (16:24 +0200)]
Do not follow CNAMEs when hunting for DS records
This fixes the CNAME at apex bogus
Pieter Lexis [Thu, 14 Jul 2016 22:23:15 +0000 (00:23 +0200)]
Don't go bogus on CNAMEs to islands of security
Closes #4181
Incidentally, this commit also ensures that we no longer 'jojo' between
Secure and Insecure states. Once we have an Insecure, we can only go
Bogus but not Secure.
Pieter Lexis [Thu, 14 Jul 2016 22:14:41 +0000 (00:14 +0200)]
Compress 3 lines into 1
Pieter Lexis [Thu, 14 Jul 2016 22:14:14 +0000 (00:14 +0200)]
Add test for island of security (#4181)
Peter van Dijk [Fri, 15 Jul 2016 12:48:43 +0000 (14:48 +0200)]
only ecs-stamp when asked for
Pieter Lexis [Thu, 14 Jul 2016 15:50:12 +0000 (17:50 +0200)]
Add missing DNSSEC trace message
Pieter Lexis [Fri, 15 Jul 2016 09:47:54 +0000 (11:47 +0200)]
Merge pull request #4178 from pieterlexis/qtype-to-dnssec-trace
Add QType to log output for DNSSEC trace