]> granicus.if.org Git - pdns/log
pdns
7 years agoRecursor 4.0.5: Backport #5319
Pieter Lexis [Wed, 17 May 2017 19:22:41 +0000 (21:22 +0200)]
Recursor 4.0.5: Backport #5319

7 years agorec: Only check the netmask for subnet specific cache entries
Remi Gacogne [Fri, 12 May 2017 12:12:10 +0000 (14:12 +0200)]
rec: Only check the netmask for subnet specific cache entries

We used to check the netmask for all entries for a qname
if at least one of them was a subnet specific one. Since an empty
`Netmask` doesn't match anything, we would effectively ignore every
non subnet specific entries if we had at least one subnet specific
one.
This caused a very hard to reproduce issue with for example
f.root-servers.net that includes an EDNS Client Subnet option in its
answer for `NS .` if the query has an EDNS Client Subnet option.
This caused the recursor to cache a subnet specific entry for `NS .`.
When that entry expired, we retrieved and cached a non subnet specific
one, but that new one was ignored as long as the subnet specific
was not expunged from the cache.
Under certain circumstances that could cause a root refresh loop
using a lot of stack memory.

(cherry picked from commit 65fdd185f4930f685b87340d29535f40d8b52fb3)

7 years agoRecursor 4.0.5: Backport #5318
Pieter Lexis [Sat, 13 May 2017 09:42:32 +0000 (11:42 +0200)]
Recursor 4.0.5: Backport #5318

7 years agowhen (re)priming the root, we do so with auth=0. We'll only set auth=1 after we have...
bert hubert [Fri, 12 May 2017 10:34:44 +0000 (12:34 +0200)]
when (re)priming the root, we do so with auth=0. We'll only set auth=1 after we have an answer from the roots. This however opens up a small race condition in which the root is expired (ttl=0), but still auth=1 in the cache. Our attempt to replace it with auth=0 dta fails at that point. This is probably due to some fencepost error somewhere. To not be subtle about this, explicitly nuke the root when we reprime.

(cherry picked from commit 0d032a66afe508cc86a25eef26fc9be0867a117e)

7 years agoRecursor 4.0.5: Backport #5304
Pieter Lexis [Sat, 13 May 2017 08:16:37 +0000 (10:16 +0200)]
Recursor 4.0.5: Backport #5304

7 years agodon't age the root - this was a mistranslation from 3.x to 4.x
bert hubert [Thu, 11 May 2017 15:18:04 +0000 (17:18 +0200)]
don't age the root - this was a mistranslation from 3.x to 4.x

(cherry picked from commit 03c09afecec7098a605a632606600bca2992dfaf)

7 years agoRecursor 4.0.5: Backport #5312
Pieter Lexis [Sat, 13 May 2017 07:58:40 +0000 (09:58 +0200)]
Recursor 4.0.5: Backport #5312

7 years agowe would attempt to protobuf log DNS questions without a set question and get excepti...
bert hubert [Thu, 11 May 2017 15:16:20 +0000 (17:16 +0200)]
we would attempt to protobuf log DNS questions without a set question and get exceptions over that

(cherry picked from commit da5bcd9d891418b9462c76fbc87fd7e18fa374c8)

7 years agoRecursor 4.0.5: Backport #5265
Pieter Lexis [Tue, 9 May 2017 12:54:25 +0000 (14:54 +0200)]
Recursor 4.0.5: Backport #5265

7 years agorec: Add support for RPZ wildcarded target names
Remi Gacogne [Sun, 23 Apr 2017 18:56:36 +0000 (20:56 +0200)]
rec: Add support for RPZ wildcarded target names

7 years agoRecursor 4.0.5: Backport #5278
Pieter Lexis [Tue, 9 May 2017 12:18:13 +0000 (14:18 +0200)]
Recursor 4.0.5: Backport #5278

7 years agoAlways wrap DNSCryptoKeyEngine objects in a shared pointer
Remi Gacogne [Thu, 27 Apr 2017 20:41:33 +0000 (22:41 +0200)]
Always wrap DNSCryptoKeyEngine objects in a shared pointer

It's done almost everywhere, but not quite, and some of the paths
where it's not could leak if an exception is raised.
Also mark the overridden virtual methods with `override` to prevent
future mistakes.

(cherry picked from commit e69c2dac28d798813dd8e4a986c5045c63806ef0)

7 years agoRecursor 4.0.5: Backport #5231
Pieter Lexis [Tue, 9 May 2017 10:17:46 +0000 (12:17 +0200)]
Recursor 4.0.5: Backport #5231

7 years agorec: Clear the RPZ NS IP table when clearing the policy
Remi Gacogne [Mon, 10 Apr 2017 16:33:30 +0000 (18:33 +0200)]
rec: Clear the RPZ NS IP table when clearing the policy

Be it the entire policy object or a single zone.

(cherry picked from commit 2ae5639865ca29aa0c7b722e55e9098b81627700)

7 years agoRcursor 4.0.5: Backport #5218
Pieter Lexis [Tue, 9 May 2017 10:12:24 +0000 (12:12 +0200)]
Rcursor 4.0.5: Backport #5218

7 years agorec: Fix cache-only queries against a forward-zone
Remi Gacogne [Mon, 3 Apr 2017 08:53:41 +0000 (10:53 +0200)]
rec: Fix cache-only queries against a forward-zone

We used to pass the return code from `asyncresolve` directly to the
caller, leading the success code (1) to be interpreted as `RCode::FormErr`.

(cherry picked from commit 6148fa9731f6e4cef35243c8f35399d2b1e89215)

7 years agoRecursor: Backport #5147
Pieter Lexis [Tue, 9 May 2017 10:11:15 +0000 (12:11 +0200)]
Recursor: Backport #5147

7 years agoLuaWrapper: Allow embedded NULs in strings received from Lua
Peter van Dijk [Fri, 10 Mar 2017 09:48:46 +0000 (10:48 +0100)]
LuaWrapper: Allow embedded NULs in strings received from Lua

(cherry picked from commit 448990ab9bd7355f42ff8752a973aff20bdaf4e7)

7 years agoRecursor 4.0.5: Backport #4912
Pieter Lexis [Tue, 9 May 2017 10:02:42 +0000 (12:02 +0200)]
Recursor 4.0.5: Backport #4912

7 years agoRefuse to start with chroot set in a systemd env
Pieter Lexis [Mon, 16 Jan 2017 11:37:13 +0000 (12:37 +0100)]
Refuse to start with chroot set in a systemd env

Closes #4848

(cherry picked from commit 75336810381e4cdc25d0beab7c19abb910cea3ab)

7 years agoRecursor 4.0.5: Backport #4877
Pieter Lexis [Tue, 9 May 2017 09:50:58 +0000 (11:50 +0200)]
Recursor 4.0.5: Backport #4877

7 years agoissue #4579
Roman Dayneko [Wed, 11 Jan 2017 14:46:17 +0000 (16:46 +0200)]
issue #4579

(cherry picked from commit 28fe507d1acc3b4fe7b5669caac9f4bd4a516093)

7 years agoBackport #4873 into Recursor 4.0.5
Pieter Lexis [Tue, 9 May 2017 09:46:41 +0000 (11:46 +0200)]
Backport #4873 into Recursor 4.0.5

7 years agohook up ed25519 signer in the recursor
Kees Monshouwer [Tue, 10 Jan 2017 21:50:12 +0000 (22:50 +0100)]
hook up ed25519 signer in the recursor

(cherry picked from commit d1b28475acae46cf39d2a883791953910b89ea67)

7 years agoupdate Ed25519 algorithm number and mnemonic
Kees Monshouwer [Tue, 10 Jan 2017 15:04:22 +0000 (16:04 +0100)]
update Ed25519 algorithm number and mnemonic
http://www.iana.org/assignments/dns-sec-alg-numbers/dns-sec-alg-numbers.xhtml

(cherry picked from commit 9d3727e0471f132f0294d6944349eb6afb2ba2ab)

7 years agoMerge pull request #5148 from rgacogne/rec40-backport-5139
Peter van Dijk [Mon, 20 Mar 2017 13:07:09 +0000 (14:07 +0100)]
Merge pull request #5148 from rgacogne/rec40-backport-5139

Backport #5139: rec: Run unit tests, split recursor-specific unit tests from the auth

7 years agoMerge pull request #5164 from rgacogne/rec40-backport-5101
Peter van Dijk [Mon, 20 Mar 2017 13:06:20 +0000 (14:06 +0100)]
Merge pull request #5164 from rgacogne/rec40-backport-5101

Backport #5101: rec-4.0.x: Fix minor issues reported by `cppcheck`

7 years agoMerge pull request #5165 from rgacogne/rec40-backport-5058
Peter van Dijk [Mon, 20 Mar 2017 13:06:05 +0000 (14:06 +0100)]
Merge pull request #5165 from rgacogne/rec40-backport-5058

Backport #5058: Rec: Store the RPZ policies in an unordered_map instead of a map

7 years agoMerge pull request #5166 from rgacogne/rec40-backport-5042
Peter van Dijk [Mon, 20 Mar 2017 13:05:19 +0000 (14:05 +0100)]
Merge pull request #5166 from rgacogne/rec40-backport-5042

Backport #5042: StateHolder: Allocate (and copy if needed) before taking the lock

7 years agoStateHolder: Allocate (and copy if needed) before taking the lock
Remi Gacogne [Tue, 14 Feb 2017 17:46:38 +0000 (18:46 +0100)]
StateHolder: Allocate (and copy if needed) before taking the lock

(cherry picked from commit 47678b827e9b20a23352e381b16312f1c29831de)

7 years agoRec: Store the RPZ policies in an unordered_map instead of a map
Remi Gacogne [Mon, 20 Feb 2017 14:45:22 +0000 (15:45 +0100)]
Rec: Store the RPZ policies in an unordered_map instead of a map

This speeds up the loading of huge zones a bit (~20%) while also nicely
improving the lookup speed.
Also adds a `zoneSizeHint` parameter to `rpzFile()` and `rpzMaster()` to be
able to reserve space before loading the zone, to prevent reallocation
and rehashing when possible.

(cherry picked from commit a2d0450ec9fa958308fe0c40499ce28228bb3f00)

7 years agoFix minor issues reported by `cppcheck`
Remi Gacogne [Thu, 2 Mar 2017 14:07:56 +0000 (15:07 +0100)]
Fix minor issues reported by `cppcheck`

(cherry picked from commit d7c676a5d42d5d7e5078a8662d355c9a782bdb51)

7 years agoFix dns_random unit tests with gcc > 4
Remi Gacogne [Wed, 15 Mar 2017 14:42:02 +0000 (15:42 +0100)]
Fix dns_random unit tests with gcc > 4

(cherry picked from commit 4b587bc5a1a25a285c614ae772f0896d65954ad9)

7 years agorec: Run unit tests, split recursor-specific unit tests from the auth
Remi Gacogne [Mon, 13 Mar 2017 12:52:51 +0000 (13:52 +0100)]
rec: Run unit tests, split recursor-specific unit tests from the auth

Some unit tests are common and will be run twice, once in the auth
build and once in the rec one. This ensures that they will be run on
rec-4.0.x and auth-4.0.x branches as well.

(cherry picked from commit 35d883a830af0284efafe94d1a6bd1c1ad04bae7)

7 years agoMerge pull request #4935 from rgacogne/rec40-backport-4911
Pieter Lexis [Fri, 17 Feb 2017 09:59:13 +0000 (10:59 +0100)]
Merge pull request #4935 from rgacogne/rec40-backport-4911

Backport #4911: Fix negative port detection for IPv6 addresses on 32-bit

7 years agoMerge pull request #5047 from rgacogne/rec40-backport-4744
Pieter Lexis [Fri, 17 Feb 2017 09:58:52 +0000 (10:58 +0100)]
Merge pull request #5047 from rgacogne/rec40-backport-4744

backport #4744: Handle exceptions raised by `closesocket()`

7 years agoMerge pull request #5045 from rgacogne/rec40-backport-4917
Pieter Lexis [Fri, 17 Feb 2017 09:58:37 +0000 (10:58 +0100)]
Merge pull request #5045 from rgacogne/rec40-backport-4917

backport #4917: rec: Clean up, fix compiler warnings

7 years agoMerge pull request #4970 from rgacogne/rec40-tsig-canonical-algo
Pieter Lexis [Fri, 17 Feb 2017 09:58:28 +0000 (10:58 +0100)]
Merge pull request #4970 from rgacogne/rec40-tsig-canonical-algo

Backport #4961: Lowercase the TSIG algorithm name in hash computation

7 years agoExplicitely use const iterators in `validateWithKeySet` and `getKeysFor`
Remi Gacogne [Mon, 16 Jan 2017 17:05:34 +0000 (18:05 +0100)]
Explicitely use const iterators in `validateWithKeySet` and `getKeysFor`

(cherry picked from commit 7a4f4632913046afde9e8acbbff1213b8faf982d)

7 years agoMake sure `labelsToAdd` is not empty in `getZoneCuts()`
Remi Gacogne [Mon, 16 Jan 2017 16:53:06 +0000 (17:53 +0100)]
Make sure `labelsToAdd` is not empty in `getZoneCuts()`

(cherry picked from commit e2f91e7051975a411445ebd54a2a124c78a7d8ff)

7 years agoRemove `g_rootDS` leftover
Remi Gacogne [Mon, 16 Jan 2017 16:51:49 +0000 (17:51 +0100)]
Remove `g_rootDS` leftover

(cherry picked from commit 08d5ffac729f6aaa2f63d070a7fcefe42e3c32f4)

7 years agoRemove unused `RemoteLogger::sendData()` leftover
Remi Gacogne [Mon, 16 Jan 2017 16:46:59 +0000 (17:46 +0100)]
Remove unused `RemoteLogger::sendData()` leftover

(cherry picked from commit 59ab41170cee9b95513bdc931a5f125a0c3de205)

7 years agorec: Fix shadowed variables
Remi Gacogne [Mon, 16 Jan 2017 16:45:34 +0000 (17:45 +0100)]
rec: Fix shadowed variables

No real issue here, but I'd like to be able `-Wshadow` to prevent
future mishaps at some point.

(cherry picked from commit dd07976412d9b2b35db7179ceb590e542aff9eef)

7 years agoHandle exceptions raised by `closesocket()`
Remi Gacogne [Mon, 5 Dec 2016 15:42:55 +0000 (16:42 +0100)]
Handle exceptions raised by `closesocket()`

This was not very well handled, and could cause the PowerDNS process
to terminate. This is especially nasty when `closesocket()` is called
from a destructor, as we could already be dealing with an exception.

(cherry picked from commit a7b68ae7e414ec9f3184df70ac8008f8a310ae60)

7 years agoMerge pull request #5034 from pieterlexis/rec-backport-4508
Pieter Lexis [Thu, 16 Feb 2017 11:22:23 +0000 (12:22 +0100)]
Merge pull request #5034 from pieterlexis/rec-backport-4508

Backport #4508: Revert "Merge pull request #947 from mind04/right" (rec)

7 years agoMerge pull request #5028 from pieterlexis/backport-4619
Pieter Lexis [Thu, 16 Feb 2017 11:22:16 +0000 (12:22 +0100)]
Merge pull request #5028 from pieterlexis/backport-4619

Backport #4619: Document the -pub- variants

7 years agoMerge pull request #5023 from pieterlexis/backport-4767
Pieter Lexis [Thu, 16 Feb 2017 11:22:09 +0000 (12:22 +0100)]
Merge pull request #5023 from pieterlexis/backport-4767

Backport #4767: hide ttl in RPZ tests to avoid random failures

7 years agoMerge pull request #5035 from pieterlexis/backport-4794
Pieter Lexis [Thu, 16 Feb 2017 11:21:50 +0000 (12:21 +0100)]
Merge pull request #5035 from pieterlexis/backport-4794

Backport #4794: RPZ: some logging fixes

7 years agoMerge pull request #5031 from pieterlexis/backport-4603
Pieter Lexis [Thu, 16 Feb 2017 11:21:13 +0000 (12:21 +0100)]
Merge pull request #5031 from pieterlexis/backport-4603

Backport #4603: g.root-servers.net added IPv6

7 years agoMerge pull request #5025 from pieterlexis/rec-backport-4762
Pieter Lexis [Thu, 16 Feb 2017 11:20:28 +0000 (12:20 +0100)]
Merge pull request #5025 from pieterlexis/rec-backport-4762

Backport #4762: SuffixMatchNode: Fix insertion issue for an existing node (rec)

7 years agoMerge pull request #5022 from pieterlexis/backport-4775
Pieter Lexis [Thu, 16 Feb 2017 11:19:39 +0000 (12:19 +0100)]
Merge pull request #5022 from pieterlexis/backport-4775

Backport #4775: LuaWrapper: Use the correct index when storing a function

7 years agoMerge pull request #5021 from pieterlexis/backport-4777
Pieter Lexis [Thu, 16 Feb 2017 11:19:28 +0000 (12:19 +0100)]
Merge pull request #5021 from pieterlexis/backport-4777

Backport #4777: only delegate if NS's are below apex in auth-zones

7 years agoMerge pull request #5020 from pieterlexis/rec-backport-4793
Pieter Lexis [Thu, 16 Feb 2017 11:19:16 +0000 (12:19 +0100)]
Merge pull request #5020 from pieterlexis/rec-backport-4793

Backport #4793: Don't call `hostname -f` on openbsd (rec)

7 years agoMerge pull request #5018 from pieterlexis/backport-4804
Pieter Lexis [Thu, 16 Feb 2017 11:19:02 +0000 (12:19 +0100)]
Merge pull request #5018 from pieterlexis/backport-4804

Backport #4804: remove hardcoding of port 53 for TCP/IP forwarded zones in recursor, …

7 years agoMerge pull request #5017 from pieterlexis/rec-backport-4838
Pieter Lexis [Thu, 16 Feb 2017 11:18:50 +0000 (12:18 +0100)]
Merge pull request #5017 from pieterlexis/rec-backport-4838

backport #4838: Check if we can link against libatomic if needed (rec)

7 years agoMerge pull request #5014 from pieterlexis/rec-backport-4868
Pieter Lexis [Thu, 16 Feb 2017 11:18:26 +0000 (12:18 +0100)]
Merge pull request #5014 from pieterlexis/rec-backport-4868

Backport #4868: Document that carbon-server requires IP address, no hostname accepted. (rec)

7 years agoMerge pull request #5012 from pieterlexis/rec-backport-4879
Pieter Lexis [Thu, 16 Feb 2017 11:18:11 +0000 (12:18 +0100)]
Merge pull request #5012 from pieterlexis/rec-backport-4879

Backport #4879: Remove a relative import in yahttp-config.h (rec)

7 years agoMerge pull request #5010 from pieterlexis/backport-4940
Pieter Lexis [Thu, 16 Feb 2017 11:17:43 +0000 (12:17 +0100)]
Merge pull request #5010 from pieterlexis/backport-4940

Backport #4940: Backport json11 fixes from upstream

7 years agoMerge pull request #5009 from pieterlexis/backport-4972
Pieter Lexis [Thu, 16 Feb 2017 09:03:29 +0000 (10:03 +0100)]
Merge pull request #5009 from pieterlexis/backport-4972

Backport #4972: Add the 2017 root key

7 years agoUpdate the manpage as well
phonedph1 [Tue, 25 Oct 2016 01:59:23 +0000 (01:59 +0000)]
Update the manpage as well

(cherry picked from commit 6c9a5b516f73edf5a6f6ec931eea1967090ee48f)

7 years agoRPZ: log additions/removals at degug, not info
Pieter Lexis [Mon, 19 Dec 2016 17:30:49 +0000 (18:30 +0100)]
RPZ: log additions/removals at degug, not info

(cherry picked from commit 610d8343deba239edbb88f3f17d3e4118bc782ac)

7 years agoUnconfuse the RPZ summary
Pieter Lexis [Mon, 19 Dec 2016 17:20:47 +0000 (18:20 +0100)]
Unconfuse the RPZ summary

Closes #4342

(cherry picked from commit 00febe394033d2ea53ecbcf135ac94de6ba4be08)

7 years agoRevert "Merge pull request #947 from mind04/right"
Peter van Dijk [Mon, 26 Sep 2016 12:52:10 +0000 (14:52 +0200)]
Revert "Merge pull request #947 from mind04/right"

This code only served to fix a combination of system misconfiguration and a
bug in glibc. Meanwhile it turns out this code is incorrect. Removing it.

(cherry picked from commit c96765dae8da4c9322ca4a80e3e101d64faf141f)

7 years agog.root-servers.net added IPv6
Kevin Otte [Fri, 21 Oct 2016 12:41:11 +0000 (08:41 -0400)]
g.root-servers.net added IPv6

http://www.internic.net/domain/db.cache
last update:    October 20, 2016

7 years agoDocument the -pub- variants
phonedph1 [Tue, 25 Oct 2016 01:52:13 +0000 (01:52 +0000)]
Document the -pub- variants

7 years agoSuffixMatchNode: Fix insertion issue for an existing node
Remi Gacogne [Mon, 12 Dec 2016 16:16:11 +0000 (17:16 +0100)]
SuffixMatchNode: Fix insertion issue for an existing node

If the node we are about to insert already existed as an intermediary
one, we need to mark it as an end node.

(cherry picked from commit ed221d0bc700158c21fcb8fc4463085713d07c53)

7 years agohide ttl in RPZ tests to avoid random failures
Peter van Dijk [Tue, 13 Dec 2016 13:35:07 +0000 (14:35 +0100)]
hide ttl in RPZ tests to avoid random failures

(cherry picked from commit 41eac9c12f28cc7a07a45ae0abe86ba390802e06)

7 years agoLuaWrapper: Fix comments since `ValueInRegistry` now takes an optional index
Remi Gacogne [Mon, 19 Dec 2016 17:08:29 +0000 (18:08 +0100)]
LuaWrapper: Fix comments since `ValueInRegistry` now takes an optional index

(cherry picked from commit 28abe7558fd5c0d853a7544f49fb780aafbc49f3)

7 years agoLuaWrapper: Use the correct index when storing a function
Remi Gacogne [Fri, 16 Dec 2016 13:39:46 +0000 (14:39 +0100)]
LuaWrapper: Use the correct index when storing a function

The LuaWrapper used to assume that the function was at the
top of the stack, making it effectively impossible to have
a callback function parameter anywhere else than as the last
parameter.

(cherry picked from commit 4ec1e17418d539cea7eb4fb5469e905684ca6457)

7 years agorec: only delegate if NS's are below apex in auth-zones
Pieter Lexis [Fri, 16 Dec 2016 14:24:13 +0000 (15:24 +0100)]
rec: only delegate if NS's are below apex in auth-zones

As:
 1. we **are** authoritative for the zone named at the apex
 2. We would servfail because we could get an upward referral

Closes #4771

(cherry picked from commit 221a3f72e117a0e0fdf9e4fedf237a8e6526d145)

7 years agoDon't call `hostname -f` on openbsd
Pieter Lexis [Mon, 19 Dec 2016 17:02:24 +0000 (18:02 +0100)]
Don't call `hostname -f` on openbsd

Closes #2579

(cherry picked from commit df925537cfe0a4706b85353376da6f12996871bb)

7 years agoremove hardcoding of port 53 for TCP/IP forwarded zones in recursor, to address ...
bert hubert [Wed, 21 Dec 2016 13:07:56 +0000 (14:07 +0100)]
remove hardcoding of port 53 for TCP/IP forwarded zones in recursor, to address #4799

(cherry picked from commit 1bde6efa9fa0331dbd431fb42f208b4df530d88c)

7 years agoCheck if we can link against libatomic if needed
Pieter Lexis [Mon, 2 Jan 2017 11:23:05 +0000 (12:23 +0100)]
Check if we can link against libatomic if needed

Also move the OS detection to the top

(cherry picked from commit 03571f7ac3d5bebb4879849b094e2e03f019cd10)

7 years agoDocument that carbon-server requires IP address, no hostname accepted.
Pieter Lexis [Tue, 14 Feb 2017 12:51:30 +0000 (13:51 +0100)]
Document that carbon-server requires IP address, no hostname accepted.

(cherry picked from commit e12f84078798343e9749864cdeee44e68c4a81e6 and 90217d3960e3ee439405989b78fdf7e810d562f2)

7 years agoRemove a relative import in yahttp-config.h
Pieter Lexis [Wed, 11 Jan 2017 22:06:51 +0000 (23:06 +0100)]
Remove a relative import in yahttp-config.h

We set our include directories nowadays.

Closes #4866 (again)

(cherry picked from commit 4c3c83f3bc1eecd82d09e1e527108fae98ce1fda)

7 years agoBackport json11 fixes from upstream
Remi Gacogne [Wed, 25 Jan 2017 09:26:08 +0000 (10:26 +0100)]
Backport json11 fixes from upstream

(cherry picked from commit 3c20dd3b30bd0c15c5f7a1e82fba3bb5254b28df)

7 years agoAdd the 2017 root key
Pieter Lexis [Fri, 3 Feb 2017 08:03:35 +0000 (09:03 +0100)]
Add the 2017 root key

(cherry picked from commit d5037c4d34ffbc89ca5d4f79554dd87aa49fdbc8)

7 years agoLowercase the TSIG algorithm name in hash computation
Remi Gacogne [Tue, 31 Jan 2017 10:18:37 +0000 (11:18 +0100)]
Lowercase the TSIG algorithm name in hash computation

`RFC2845` states that the algorithm name should be in `canonical wire
format` for the hash computation, which implies it should be lowercased.
We actually did lowercase it in 3.x, until it was moved to a `DNSName`
in 4.x.

(cherry picked from commit 68e9d647d4229c7a2ebd64d50837195d148c574b)

7 years agoMerge pull request #4792 from rgacogne/rec40-backport-3869
Peter van Dijk [Tue, 31 Jan 2017 12:42:28 +0000 (13:42 +0100)]
Merge pull request #4792 from rgacogne/rec40-backport-3869

Backport #3869: rec: Log outgoing queries / incoming responses via protobuf

7 years agoFix negative port detection for IPv6 addresses on 32-bit
Remi Gacogne [Sun, 15 Jan 2017 20:45:27 +0000 (21:45 +0100)]
Fix negative port detection for IPv6 addresses on 32-bit

On a 32-bit Arch, our `test_ComboAddress` unit test fails because
`ComboAddress("[::1]:-6")` is considered valid. This is caused by
`stoul()` not throwing for a negative value and returning an `unsigned
long` value using unsigned integer wraparound rules. Since we used to
store the result value in a `signed int` and treat negative values
as if the port was not set, the test failed.

7 years agorec: Wait until after daemonizing to start the outgoing protobuf thread
Remi Gacogne [Fri, 16 Dec 2016 09:40:55 +0000 (10:40 +0100)]
rec: Wait until after daemonizing to start the outgoing protobuf thread

(cherry picked from commit a79b00a6df3076c1f7af87d0fd093e8aa2fc4e9f)

7 years agorec: Log outgoing queries / incoming responses via protobuf
Remi Gacogne [Fri, 4 Nov 2016 16:28:22 +0000 (17:28 +0100)]
rec: Log outgoing queries / incoming responses via protobuf

(cherry picked from commit 4898a34807043c2af442ef983f9ef45e0b473651)

7 years agoMerge pull request #4896 from rgacogne/rec40-tsig-ixfr rec-4.0.4
Pieter Lexis [Fri, 13 Jan 2017 08:10:34 +0000 (09:10 +0100)]
Merge pull request #4896 from rgacogne/rec40-tsig-ixfr

Backport #4893: Check TSIG signature on IXFR

7 years agoCheck TSIG signature on IXFR
Remi Gacogne [Thu, 15 Sep 2016 13:28:45 +0000 (15:28 +0200)]
Check TSIG signature on IXFR

(cherry picked from commit 16c7f7823221d5d75282a77b2e9043b3f60e1ad2)

7 years agoMerge pull request #4886 from rgacogne/rec40-spurious-rrs
Pieter Lexis [Thu, 12 Jan 2017 13:15:07 +0000 (14:15 +0100)]
Merge pull request #4886 from rgacogne/rec40-spurious-rrs

Backport #4882: Don't parse spurious RRs in queries when we don't need them

7 years agoMerge pull request #4881 from rgacogne/rec40-depth-limit
Pieter Lexis [Thu, 12 Jan 2017 12:42:55 +0000 (13:42 +0100)]
Merge pull request #4881 from rgacogne/rec40-depth-limit

Backport #4880: rec: Add `max-recursion-depth` to limit the number of internal recursion

7 years agoMerge pull request #4878 from pieterlexis/rec-4-mkpubsuffix
Pieter Lexis [Thu, 12 Jan 2017 12:42:37 +0000 (13:42 +0100)]
Merge pull request #4878 from pieterlexis/rec-4-mkpubsuffix

Backport #4874: Recursor: ship mkpubsuffixcc

7 years agoDon't parse spurious RRs in queries when we don't need them
Remi Gacogne [Fri, 16 Sep 2016 15:10:25 +0000 (17:10 +0200)]
Don't parse spurious RRs in queries when we don't need them

7 years agorec: Add `max-recursion-depth` to `upgrading.md`
Remi Gacogne [Wed, 11 Jan 2017 14:52:19 +0000 (15:52 +0100)]
rec: Add `max-recursion-depth` to `upgrading.md`

(cherry picked from commit 8c25e5e927245c8ab5bcf21dc3c86973415ec52a)

7 years agorec: Add `max-recursion-depth` to limit the number of internal recursion
Remi Gacogne [Tue, 10 Jan 2017 12:12:17 +0000 (13:12 +0100)]
rec: Add `max-recursion-depth` to limit the number of internal recursion

Default to 40, was unlimited.

(cherry picked from commit 7c3398aabe2e9dd8c5c3e8b3572455abfa3037be)

7 years agoRecursor: ship mkpubsuffixcc
Pieter Lexis [Tue, 10 Jan 2017 17:01:54 +0000 (18:01 +0100)]
Recursor: ship mkpubsuffixcc

Closes #4842

(cherry picked from commit 265ff1c3cb1083e1f5b4ed0ddafd200c2f27acf4)

7 years agoMerge pull request #4870 from rgacogne/rec40-backport-4852
Pieter Lexis [Wed, 11 Jan 2017 18:08:57 +0000 (19:08 +0100)]
Merge pull request #4870 from rgacogne/rec40-backport-4852

Backport 4852: DNSName: Check that both first two bits are set in compressed labels

7 years agoDNSName: Check that both first two bits are set in compressed labels
Remi Gacogne [Wed, 4 Jan 2017 10:48:47 +0000 (11:48 +0100)]
DNSName: Check that both first two bits are set in compressed labels

We checked that at least one of the first two bits was set,
but the 10 and 01 are combinations do not indicate a compressed label
and are reserved for future use.

(cherry picked from commit 99bbbc7bdf675509caf61f41464a1ae62c09f342)

7 years agoMerge pull request #4805 from rgacogne/rec40-backport-4635
Pieter Lexis [Tue, 27 Dec 2016 06:20:56 +0000 (07:20 +0100)]
Merge pull request #4805 from rgacogne/rec40-backport-4635

Backport #4635: rec: Don't crash on an empty query ring

7 years agoMerge pull request #4806 from rgacogne/rec40-backport-4670
Pieter Lexis [Tue, 27 Dec 2016 06:20:43 +0000 (07:20 +0100)]
Merge pull request #4806 from rgacogne/rec40-backport-4670

Backport #4670: Set `RemoteLogger::d_socket` to -1 after closing it

7 years agoMerge pull request #4807 from rgacogne/rec40-backport-4789
Pieter Lexis [Tue, 27 Dec 2016 06:20:33 +0000 (07:20 +0100)]
Merge pull request #4807 from rgacogne/rec40-backport-4789

Backport #4789: rec: Don't choke on escaped content in getZoneCuts()

8 years agorec: Don't choke on escaped content in getZoneCuts()
Remi Gacogne [Mon, 19 Dec 2016 15:27:14 +0000 (16:27 +0100)]
rec: Don't choke on escaped content in getZoneCuts()

`getZoneCuts()` was constructing a `DNSName` by passing a raw label returned
from `DNSName::getRawLabels()` as a string. The constructor then tried to handle
escaped characters from the string, resulting in a different `DNSName` than the
expected one. This caused the `qname != begin` condition to be false even after
every label in `labelsToAdd` had been added, causing an UB by calling
`std::vector::back()` on an empty vector.
Using `DNSName::prependRawLabel()` instead prevents this issue since the string is
not escaped.

(cherry picked from commit 754914f0177cd990db16ff0cc29c8789e94b32bb)

8 years agoSet `RemoteLogger::d_socket` to -1 after closing it
Remi Gacogne [Mon, 12 Dec 2016 11:20:32 +0000 (12:20 +0100)]
Set `RemoteLogger::d_socket` to -1 after closing it

Otherwise, in the unlikely case `SSocket()` throws an exception
we might end up with a stale file descriptor in `RemoteLogger::reconnect()`.

(cherry picked from commit 754f300f6b7e64b8de70990950484c4de749d10a)

8 years agorec: Don't crash on an empty query ring
Remi Gacogne [Wed, 26 Oct 2016 08:00:39 +0000 (10:00 +0200)]
rec: Don't crash on an empty query ring

It obviously happens if stats-ringbuffer-entries is set to 0.

(cherry picked from commit 5af86fdcdee2843d80d40dd1c22c137e471f9484)

8 years agoMerge pull request #4770 from rgacogne/rec40-backport-4769
Pieter Lexis [Fri, 16 Dec 2016 08:38:10 +0000 (09:38 +0100)]
Merge pull request #4770 from rgacogne/rec40-backport-4769

Backport #4769 rec: Set the result to NoError before calling `preresolve`