]>
granicus.if.org Git - pdns/log
Peter van Dijk [Tue, 13 Jun 2017 07:56:57 +0000 (09:56 +0200)]
Merge pull request #5378 from mind04/backports-40
Kees Monshouwer [Mon, 5 Jun 2017 20:13:16 +0000 (22:13 +0200)]
auth: fix override in lua backend
Kees Monshouwer [Mon, 5 Jun 2017 22:21:15 +0000 (00:21 +0200)]
auth: reanimate opendbx backend
Kees Monshouwer [Sun, 4 Jun 2017 11:31:54 +0000 (13:31 +0200)]
auth: make sure Lua axfrfilter() does not insert out of zone data
Kees Monshouwer [Sun, 4 Jun 2017 12:18:38 +0000 (14:18 +0200)]
auth: some small rectify improvements
Kees Monshouwer [Sun, 4 Jun 2017 11:27:07 +0000 (13:27 +0200)]
auth: make sure upcase qnames do not confuse rectify or axfr
Kees Monshouwer [Sun, 4 Jun 2017 11:18:51 +0000 (13:18 +0200)]
auth: make sure all qnames entering pdns via axfr are properly lowered
Kees Monshouwer [Sun, 4 Jun 2017 11:12:13 +0000 (13:12 +0200)]
add makeUsRelative() to DNSName class
Kees Monshouwer [Sun, 4 Jun 2017 22:47:05 +0000 (00:47 +0200)]
auth: test to make sure ordername is always lower case
Kees Monshouwer [Sat, 3 Jun 2017 14:25:02 +0000 (16:25 +0200)]
auth: ignore NSEC3PARAM in an unsigned zone
Kees Monshouwer [Thu, 1 Jun 2017 23:08:27 +0000 (01:08 +0200)]
auth: keep slave dnssec status in sync with the master
Pieter Lexis [Thu, 1 Jun 2017 09:33:13 +0000 (11:33 +0200)]
Merge pull request #5346 from shinsterneck/backport-5335-auth-4.0.x
Shin Sterneck [Tue, 23 May 2017 00:12:26 +0000 (09:12 +0900)]
corrects syntax error in test statement on existance of libcrypto_ecdsa
(cherry picked from commit
8189c881e5ebaa13f5f14d9345335d656bd34e43 )
Pieter Lexis [Thu, 25 May 2017 16:44:01 +0000 (18:44 +0200)]
Merge pull request #5341 from shantikulkarni/rel/auth-4.0.x
shantikulkarni [Wed, 24 May 2017 02:26:17 +0000 (21:26 -0500)]
Update ldapbackend.cc
Peter van Dijk [Tue, 23 May 2017 12:15:19 +0000 (14:15 +0200)]
Merge pull request #5297 from mind04/backport
Pieter Lexis [Wed, 17 May 2017 08:04:37 +0000 (10:04 +0200)]
Merge pull request #5325 from rgacogne/auth40-yahttp-backports
Remi Gacogne [Mon, 15 May 2017 10:48:12 +0000 (12:48 +0200)]
YaHTTP: Sync with upstream changes
Backport changes from upstream up to
c5b83288a4c2f8ec07cb8cb7bd150f2210db67b6
"Add missing `YaHTTP::isdigit()`, fix locale-enabled versions"
Pieter Lexis [Sat, 13 May 2017 09:32:51 +0000 (11:32 +0200)]
Merge pull request #5298 from mind04/notify-dnsupdate40
Pieter Lexis [Sat, 13 May 2017 09:31:51 +0000 (11:31 +0200)]
Merge pull request #5317 from mind04/axfr-filter40
Remi Gacogne [Thu, 27 Apr 2017 20:41:33 +0000 (22:41 +0200)]
Always wrap DNSCryptoKeyEngine objects in a shared pointer
It's done almost everywhere, but not quite, and some of the paths
where it's not could leak if an exception is raised.
Also mark the overridden virtual methods with `override` to prevent
future mistakes.
(cherry picked from commit
e69c2dac28d798813dd8e4a986c5045c63806ef0 )
Kees Monshouwer [Tue, 9 May 2017 12:04:08 +0000 (14:04 +0200)]
auth: add option to set a global lua-axfr-script value
Pieter Lexis [Tue, 9 May 2017 14:39:16 +0000 (16:39 +0200)]
Merge pull request #5289 from mind04/auth-4.0.x-nsec
Vitkor Velchev [Thu, 20 Oct 2016 13:01:11 +0000 (09:01 -0400)]
Add support for "NONE" SOA-EDIT kind
Kees Monshouwer [Fri, 5 May 2017 20:55:15 +0000 (22:55 +0200)]
remove latency from regression-tests.nobackend counters
Kees Monshouwer [Tue, 27 Dec 2016 13:39:51 +0000 (14:39 +0100)]
Send a notification to all slave servers after every update.
Kees Monshouwer [Fri, 7 Apr 2017 23:23:02 +0000 (01:23 +0200)]
fix memory leak in gmysql backend
Kees Monshouwer [Thu, 4 May 2017 21:33:18 +0000 (23:33 +0200)]
detect gcc/g++ 5.4, 7.0 and 7.1
Kees Monshouwer [Tue, 10 Jan 2017 15:04:22 +0000 (16:04 +0100)]
update
Ed25519 algorithm number and mnemonic
http://www.iana.org/assignments/dns-sec-alg-numbers/dns-sec-alg-numbers.xhtml
Kees Monshouwer [Thu, 23 Feb 2017 23:37:05 +0000 (00:37 +0100)]
minor cleanup in the afxr-rectify code
Kees Monshouwer [Thu, 23 Feb 2017 23:36:15 +0000 (00:36 +0100)]
fix a regression in axfr-rectify introduced by commit
d86e1bf7
Kees Monshouwer [Tue, 11 Apr 2017 09:00:46 +0000 (11:00 +0200)]
update tinydns data files
Kees Monshouwer [Fri, 7 Apr 2017 20:51:06 +0000 (22:51 +0200)]
signpipe stumbles over interrupted rrsets
Peter van Dijk [Mon, 10 Apr 2017 09:51:44 +0000 (11:51 +0200)]
sort tinydns data to reduce size of future diffs
Remi Gacogne [Tue, 14 Feb 2017 10:12:13 +0000 (11:12 +0100)]
auth: Don't leak on signing errors during outgoing AXFR
Remi Gacogne [Mon, 6 Mar 2017 17:26:27 +0000 (18:26 +0100)]
auth: Create additional `reuseport` sockets before dropping privileges
Pieter Lexis [Thu, 16 Feb 2017 08:56:42 +0000 (09:56 +0100)]
Add GCC 6.3 to boost.m4
Kees Monshouwer [Thu, 4 May 2017 15:05:09 +0000 (17:05 +0200)]
auth: forget minimal... let's make this shiny ;)
Kees Monshouwer [Wed, 3 May 2017 19:49:11 +0000 (21:49 +0200)]
auth: lowercase qname before NSEC generation
Kees Monshouwer [Wed, 3 May 2017 19:26:30 +0000 (21:26 +0200)]
auth: add test to make sure NSEC(3) generation is case insensitive
test result before fix (auth-4.0.3):
--- ./tests/nsecx-upcase/expected_result 2017-05-03 21:17:26.
000000000 +0200
+++ ./tests/nsecx-upcase/real_result 2017-05-03 21:29:10.
231994921 +0200
@@ -2,8 +2,10 @@
0 Z1234567890.wtest.com. IN RRSIG 3600 CNAME 13 2 3600 [expiry] [inception] [keytag] wtest.com. ...
0 server1.wtest.com. IN A 3600 1.2.3.4
0 server1.wtest.com. IN RRSIG 3600 A 13 3 3600 [expiry] [inception] [keytag] wtest.com. ...
-1 a.something.wtest.com. IN NSEC 86400 wtest.com. A RRSIG NSEC
-1 a.something.wtest.com. IN RRSIG 86400 NSEC 13 4 86400 [expiry] [inception] [keytag] wtest.com. ...
+1 *.wtest.com. IN NSEC 86400 e.wtest.com. CNAME RRSIG NSEC
+1 *.wtest.com. IN RRSIG 86400 NSEC 13 2 86400 [expiry] [inception] [keytag] wtest.com. ...
2 . IN OPT 32768
Rcode: 0 (No Error), RD: 0, QR: 1, TC: 0, AA: 1, opcode: 0
Reply to question for qname='Z1234567890.wtest.com.', qtype=A
./tests/nsecx-upcase/unbound-host.out:Z1234567890.wtest.com is an alias for server1.wtest.com. (BOGUS (security failure))
./tests/nsecx-upcase/unbound-host.out:server1.wtest.com has address 1.2.3.4 (BOGUS (security failure))
Peter van Dijk [Tue, 21 Mar 2017 21:38:31 +0000 (22:38 +0100)]
Merge pull request #5189 from Habbie/backport-4715
Remi Gacogne [Tue, 29 Nov 2016 08:48:36 +0000 (09:48 +0100)]
Specify that dnsmessage.proto uses protobuf version 2
Remi Gacogne [Mon, 20 Mar 2017 21:10:30 +0000 (22:10 +0100)]
Merge pull request #5184 from Habbie/backport-4839
Peter van Dijk [Mon, 20 Mar 2017 13:02:41 +0000 (14:02 +0100)]
Merge pull request #5176 from rgacogne/auth40-backport-5049
Peter van Dijk [Mon, 20 Mar 2017 13:00:41 +0000 (14:00 +0100)]
Merge pull request #5173 from rgacogne/auth40-backport-5101
Kees Monshouwer [Mon, 2 Jan 2017 15:23:41 +0000 (16:23 +0100)]
add required unbound version to the ent-asterisk test description
Kees Monshouwer [Sat, 31 Dec 2016 21:04:00 +0000 (22:04 +0100)]
nsec ent-asterisk test is no longer bogus with unbound 1.6.0
Remi Gacogne [Fri, 17 Mar 2017 16:57:49 +0000 (17:57 +0100)]
Merge pull request #5175 from rgacogne/auth40-backport-5130
Remi Gacogne [Fri, 17 Mar 2017 16:57:33 +0000 (17:57 +0100)]
Merge pull request #5174 from rgacogne/auth40-backport-5085
Peter van Dijk [Fri, 17 Mar 2017 11:16:33 +0000 (12:16 +0100)]
Merge pull request #5170 from mind04/auth-4.0.x
Kees Monshouwer [Thu, 16 Mar 2017 20:26:02 +0000 (21:26 +0100)]
Add an option to allow AXFR of zones with a different serial.
Remi Gacogne [Thu, 16 Feb 2017 12:59:54 +0000 (13:59 +0100)]
Fix coverity nits
(cherry picked from commit
f6a8107761b40efcf7512e9aec9a75d1ba1de703 )
Remi Gacogne [Thu, 16 Feb 2017 12:59:28 +0000 (13:59 +0100)]
Catch exceptions in destructors
(cherry picked from commit
737a287f2d73b1e5f7f0378d9ccb2ddb389f9299 )
Remi Gacogne [Thu, 9 Mar 2017 14:59:44 +0000 (15:59 +0100)]
dnsreplay: Add `--source-ip` and `--source-port` options
(cherry picked from commit
658b9c44802ae9791e8ce06a38a9ff84647d9463 )
Remi Gacogne [Fri, 24 Feb 2017 15:42:55 +0000 (16:42 +0100)]
calidns: Use the correct socket family (IPv4 / IPv6)
(cherry picked from commit
7f363f60451fa8e54508c2628be122a8eb021b53 )
Remi Gacogne [Thu, 2 Mar 2017 14:07:56 +0000 (15:07 +0100)]
Fix minor issues reported by `cppcheck`
(cherry picked from commit
d7c676a5d42d5d7e5078a8662d355c9a782bdb51 )
Pieter Lexis [Mon, 27 Feb 2017 14:29:08 +0000 (15:29 +0100)]
Merge pull request #5073 from Habbie/backport-4824
bert hubert [Thu, 23 Feb 2017 12:19:14 +0000 (13:19 +0100)]
Merge pull request #5071 from Habbie/backport-5051
backport #5051: fix godbc query logging (cherry-pick of
d2bc6b2 )
Pieter Lexis [Thu, 29 Dec 2016 17:01:30 +0000 (18:01 +0100)]
Backport #4824 (cherry-pick of
2a4c374 )
Check in the detected OpenSSL/libcrypto for ECDSA
We used to 'just' use the default includes for this detection.
Fixes #4680
Peter van Dijk [Fri, 17 Feb 2017 15:36:25 +0000 (16:36 +0100)]
fix godbc query logging (cherry-pick of
d2bc6b2 )
Pieter Lexis [Fri, 17 Feb 2017 09:59:28 +0000 (10:59 +0100)]
Merge pull request #4932 from zeha/auth40-api-comment-zero-ttl
Pieter Lexis [Fri, 17 Feb 2017 09:59:18 +0000 (10:59 +0100)]
Merge pull request #4934 from rgacogne/auth40-backport-4901
Pieter Lexis [Fri, 17 Feb 2017 09:59:06 +0000 (10:59 +0100)]
Merge pull request #4936 from rgacogne/auth40-backport-4911
Pieter Lexis [Fri, 17 Feb 2017 09:58:57 +0000 (10:58 +0100)]
Merge pull request #5048 from rgacogne/auth40-backport-4744
Pieter Lexis [Fri, 17 Feb 2017 09:58:44 +0000 (10:58 +0100)]
Merge pull request #5046 from rgacogne/auth40-backport-4746
Remi Gacogne [Tue, 6 Dec 2016 09:08:55 +0000 (10:08 +0100)]
auth: Fix coverity warning in `pdnsutil show-zone`
(cherry picked from commit
0944e3fc8333686767678eadb80fb0236fdc5fba )
Remi Gacogne [Mon, 5 Dec 2016 15:42:55 +0000 (16:42 +0100)]
Handle exceptions raised by `closesocket()`
This was not very well handled, and could cause the PowerDNS process
to terminate. This is especially nasty when `closesocket()` is called
from a destructor, as we could already be dealing with an exception.
(cherry picked from commit
a7b68ae7e414ec9f3184df70ac8008f8a310ae60 )
Pieter Lexis [Thu, 16 Feb 2017 11:21:36 +0000 (12:21 +0100)]
Merge pull request #5033 from pieterlexis/auth-backport-4508
Pieter Lexis [Thu, 16 Feb 2017 11:21:22 +0000 (12:21 +0100)]
Merge pull request #5032 from pieterlexis/backport-4463
Pieter Lexis [Thu, 16 Feb 2017 11:21:05 +0000 (12:21 +0100)]
Merge pull request #5029 from pieterlexis/backport-4500
Pieter Lexis [Thu, 16 Feb 2017 11:20:48 +0000 (12:20 +0100)]
Merge pull request #5027 from pieterlexis/backport-4622
Pieter Lexis [Thu, 16 Feb 2017 11:20:37 +0000 (12:20 +0100)]
Merge pull request #5026 from pieterlexis/backport-4684
Pieter Lexis [Thu, 16 Feb 2017 11:20:07 +0000 (12:20 +0100)]
Merge pull request #5024 from pieterlexis/auth-backport-4762
Pieter Lexis [Thu, 16 Feb 2017 11:19:11 +0000 (12:19 +0100)]
Merge pull request #5019 from pieterlexis/auth-backport-4793
Pieter Lexis [Thu, 16 Feb 2017 11:18:42 +0000 (12:18 +0100)]
Merge pull request #5016 from pieterlexis/auth-backport-4838
Pieter Lexis [Thu, 16 Feb 2017 11:18:35 +0000 (12:18 +0100)]
Merge pull request #5015 from pieterlexis/backport-4861
Pieter Lexis [Thu, 16 Feb 2017 11:18:18 +0000 (12:18 +0100)]
Merge pull request #5013 from pieterlexis/auth-backport-4868
Pieter Lexis [Thu, 16 Feb 2017 09:04:16 +0000 (10:04 +0100)]
Merge pull request #5011 from pieterlexis/auth-backport-4879
Peter van Dijk [Mon, 26 Sep 2016 12:52:10 +0000 (14:52 +0200)]
Revert "Merge pull request #947 from mind04/right"
This code only served to fix a combination of system misconfiguration and a
bug in glibc. Meanwhile it turns out this code is incorrect. Removing it.
(cherry picked from commit
c96765dae8da4c9322ca4a80e3e101d64faf141f )
Pieter Lexis [Mon, 12 Sep 2016 13:10:41 +0000 (15:10 +0200)]
Auth: build Bind backend for CentOS 6
Pieter Lexis [Tue, 14 Feb 2017 14:16:29 +0000 (15:16 +0100)]
Silence a GCC 6.2 compiler warning
Closes #5007
(cherry picked from commit
f226db2f2c12a2c0c16b3125a0438d9aca0d017c )
Mark Schouten [Tue, 25 Oct 2016 08:48:38 +0000 (10:48 +0200)]
According to IRC, this should fix #4621
(cherry picked from commit
8f95565346ba5dcc7d26fbd4165da7d9c7faf362 )
Håkan Lindqvist [Mon, 14 Nov 2016 12:24:13 +0000 (13:24 +0100)]
Clarify pdnsutil activate-tsig-key description
This clarifies the description of pdnsutil {de,}activate-tsig-key.
The command enables TSIG authenticated AXFR for a given zone + key,
which was not clear from the previous description.
(cherry picked from commit
ad7568d52bdd29eb708e16176f8b410f0e07b891 )
Remi Gacogne [Mon, 12 Dec 2016 16:16:11 +0000 (17:16 +0100)]
SuffixMatchNode: Fix insertion issue for an existing node
If the node we are about to insert already existed as an intermediary
one, we need to mark it as an end node.
(cherry picked from commit
ed221d0bc700158c21fcb8fc4463085713d07c53 )
Pieter Lexis [Mon, 19 Dec 2016 17:02:24 +0000 (18:02 +0100)]
Don't call `hostname -f` on openbsd
Closes #2579
(cherry picked from commit
df925537cfe0a4706b85353376da6f12996871bb )
Pieter Lexis [Mon, 2 Jan 2017 11:23:05 +0000 (12:23 +0100)]
Check if we can link against libatomic if needed
Also move the OS detection to the top
(cherry picked from commit
03571f7ac3d5bebb4879849b094e2e03f019cd10 )
Klaus Darilion [Sun, 8 Jan 2017 22:15:01 +0000 (22:15 +0000)]
Do not resolve the NS-records for NOTIFY targets if the "only-notify" whitelist is empty, as a target will never match an empty whitelist.
(cherry picked from commit
99844905a8abcab33a3b8ed42d3a49f2e419a310 )
Pieter Lexis [Tue, 14 Feb 2017 12:53:27 +0000 (13:53 +0100)]
Document that carbon-server requires IP address, no hostname accepted.
(cherry picked from commit
e12f84078798343e9749864cdeee44e68c4a81e6 and
90217d3960e3ee439405989b78fdf7e810d562f2 )
Pieter Lexis [Wed, 11 Jan 2017 22:06:51 +0000 (23:06 +0100)]
Remove a relative import in yahttp-config.h
We set our include directories nowadays.
Closes #4866 (again)
(cherry picked from commit
4c3c83f3bc1eecd82d09e1e527108fae98ce1fda )
bert hubert [Fri, 10 Feb 2017 16:49:29 +0000 (17:49 +0100)]
Merge pull request #4971 from rgacogne/auth40-tsig-canonical-algo
Remi Gacogne [Tue, 31 Jan 2017 10:18:37 +0000 (11:18 +0100)]
Lowercase the TSIG algorithm name in hash computation
`RFC2845` states that the algorithm name should be in `canonical wire
format` for the hash computation, which implies it should be lowercased.
We actually did lowercase it in 3.x, until it was moved to a `DNSName`
in 4.x.
(cherry picked from commit
68e9d647d4229c7a2ebd64d50837195d148c574b )
Remi Gacogne [Sun, 15 Jan 2017 20:45:27 +0000 (21:45 +0100)]
Fix negative port detection for IPv6 addresses on 32-bit
Remi Gacogne [Fri, 13 Jan 2017 13:02:19 +0000 (14:02 +0100)]
Fix AtomicCounter unit tests on 32-bit
(cherry picked from commit
00c6f2b9f5173c98cc883332f5ecf8b941715abc )
Christian Hofstaedtler [Tue, 24 Jan 2017 10:13:19 +0000 (11:13 +0100)]
Backport #4781: API: correctly take TTL from first record even if we are at the last comment
Cherry picked from master
50d739d0ae978b8b0b737b079992744ff8aa126d
Pieter Lexis [Mon, 16 Jan 2017 14:38:02 +0000 (15:38 +0100)]
Merge pull request #4906 from rgacogne/auth40-revert-4638
Remi Gacogne [Fri, 13 Jan 2017 16:40:02 +0000 (17:40 +0100)]
Revert "auth: In `Bind2Backend::lookup()`, use the `zoneId` when we have it"
This reverts commit
937a66255ff05f2e754ef113833e54cc4cf2004b .
It doesn't work with multiple backends since the `zoneId` is passed to
every available backend on `lookup()`.
(cherry picked from commit
98b9845f2dae3a9fecc64aecaf41150b54388d26 )
Pieter Lexis [Fri, 13 Jan 2017 17:03:04 +0000 (18:03 +0100)]
Merge pull request #4904 from pieterlexis/auth-4-centos-6-rpm-bind-backend
Pieter Lexis [Fri, 13 Jan 2017 15:03:48 +0000 (16:03 +0100)]
Build the bind backend for CentOS 6 differently
Pieter Lexis [Fri, 13 Jan 2017 08:10:39 +0000 (09:10 +0100)]
Merge pull request #4895 from rgacogne/auth40-tsig-ixfr
Remi Gacogne [Thu, 15 Sep 2016 13:28:45 +0000 (15:28 +0200)]
Check TSIG signature on IXFR
(cherry picked from commit
16c7f7823221d5d75282a77b2e9043b3f60e1ad2 )
projects / pdns / log