]>
granicus.if.org Git - pdns/log
bert hubert [Wed, 28 Oct 2015 20:34:39 +0000 (21:34 +0100)]
add link to blogpost to clarify what backends are
Peter van Dijk [Thu, 19 Feb 2015 08:20:11 +0000 (09:20 +0100)]
Merge pull request #2253 from pieterlexis/configureOutputCXXYesNo
Have configure show yes/no for C++2011 support
Pieter Lexis [Wed, 18 Feb 2015 20:04:07 +0000 (21:04 +0100)]
Have configure show yes/no for C++2011 support
Peter van Dijk [Wed, 18 Feb 2015 16:01:31 +0000 (17:01 +0100)]
Merge pull request #2251 from hkraal/patch-1
Corrected default value for master setting
Henk Kraal [Wed, 18 Feb 2015 15:55:55 +0000 (16:55 +0100)]
Corrected default value for master setting
Peter van Dijk [Wed, 18 Feb 2015 08:16:10 +0000 (09:16 +0100)]
Merge pull request #2215 from pieterlexis/issue-2179-API-send-403
JSON-API: Send 403 on bad API-Key
Peter van Dijk [Tue, 17 Feb 2015 16:26:41 +0000 (17:26 +0100)]
avoid fbsd10 build failure, thanks @rubenk
Peter van Dijk [Tue, 17 Feb 2015 16:20:18 +0000 (17:20 +0100)]
move recursor-git build script from jenkins config into git
Peter van Dijk [Tue, 17 Feb 2015 15:24:55 +0000 (16:24 +0100)]
move auth-git build script from jenkins config into git
Peter van Dijk [Tue, 17 Feb 2015 15:14:37 +0000 (16:14 +0100)]
Merge pull request #2218 from sspans/sspans-bindany
add support for non-local binds
Sten Spans [Wed, 11 Feb 2015 13:50:10 +0000 (14:50 +0100)]
add support for non-local binds
- add option non-local-bind to request this behaviour
- add support to auth and recursor
- add utility function to set sockopts
bert hubert [Tue, 17 Feb 2015 13:31:00 +0000 (14:31 +0100)]
teach dnsscope to read multiple files closes #2247
bert hubert [Tue, 17 Feb 2015 12:42:27 +0000 (13:42 +0100)]
add support for raw IP tcpdump format, which makes is compatible with DNS OARC dnscap and closes #2246
Peter van Dijk [Tue, 17 Feb 2015 09:16:38 +0000 (10:16 +0100)]
remove all traces of fancy records
Peter van Dijk [Tue, 17 Feb 2015 10:14:33 +0000 (11:14 +0100)]
Merge pull request #2230 from Whissi/improve-remotebackend-testsuite-r1
Improve remotebackend testsuite
Thomas D [Sat, 14 Feb 2015 13:31:21 +0000 (14:31 +0100)]
Show 'modules/remotebackend/test-suite.log' when exists
This will help us to see what's going on.
Thomas D [Sat, 14 Feb 2015 13:28:12 +0000 (14:28 +0100)]
Workaround for Travis `make check` failure no longer needed
Thomas D [Sat, 14 Feb 2015 13:23:25 +0000 (14:23 +0100)]
Make parallel test harness work with automake-1.11
Thomas D [Fri, 13 Feb 2015 12:58:26 +0000 (13:58 +0100)]
Add check for curl program
When building "remote" module with unit tests enabled we need the curl program
because the remotebacked testsuite uses the curl program.
Thomas D [Fri, 13 Feb 2015 12:33:23 +0000 (13:33 +0100)]
When test service startup timeout was reached kill (cleanup) still running test services
If curl for example isn't installed or fails to check the service status for any reason,
we need to kill the test service if still running to prevent any resource leak.
Thomas D [Fri, 13 Feb 2015 03:01:09 +0000 (04:01 +0100)]
Fix testrunner.sh's exit status
"$rv" isn't defined so use "$?" instead.
Thomas D [Fri, 13 Feb 2015 02:44:22 +0000 (03:44 +0100)]
Detect test service start failures
It is possible that a test service doesn't start (i.e. due to missing Ruby dependencies).
We are now checking if the test services are running or we will display a meaningful
error message.
Also, because testrunner.sh is now called by test-driver, we can skip tests.
Thomas D [Fri, 13 Feb 2015 01:58:55 +0000 (02:58 +0100)]
Detect test service stop failures
Imagine a test blocks or kills the test service. Failures like that
should be detected.
Thomas D [Fri, 13 Feb 2015 01:02:47 +0000 (02:02 +0100)]
Test services should log into their own log file
Each test has a general log file in the following schema:
remotebackend_<module>.log
When testrunner.sh spins up a service, the service logs its output
into the general log file. But test-driver from automake, which is
using the same log file and starts after the test service is up and
running, will overwrite the log file.
So in case of a server failure we will miss important log data.
Using a dedicated log file for the services we start will solve
this problem. The new schema for server log files will be
remotebackend_<module>_server.log
Thomas D [Fri, 13 Feb 2015 00:22:54 +0000 (01:22 +0100)]
automake: Use parallel test harness to prevent a parallel make issue
The http, post and json test are using the same TCP port. Because of
that we need to specify an execution order or we will get errors like
INFO WEBrick 1.3.1
INFO ruby 2.0.0 (2014-11-13) [x86_64-linux]
WARN TCPServer Error: Address already in use - bind(2)
WARN TCPServer Error: Address already in use - bind(2)
/usr/lib64/ruby/2.0.0/webrick/utils.rb:85:in `initialize': Address already in use - bind(2) (Errno::EADDRINUSE)
from /usr/lib64/ruby/2.0.0/webrick/utils.rb:85:in `new'
from /usr/lib64/ruby/2.0.0/webrick/utils.rb:85:in `block in create_listeners'
from /usr/lib64/ruby/2.0.0/webrick/utils.rb:82:in `each'
from /usr/lib64/ruby/2.0.0/webrick/utils.rb:82:in `create_listeners'
from /usr/lib64/ruby/2.0.0/webrick/server.rb:132:in `listen'
from /usr/lib64/ruby/2.0.0/webrick/server.rb:113:in `initialize'
from /usr/lib64/ruby/2.0.0/webrick/httpserver.rb:45:in `initialize'
from ./unittest_http.rb:184:in `new'
from ./unittest_http.rb:184:in `<main>'
when running the tests in parallel (`make -j5 check`).
Thomas D [Thu, 12 Feb 2015 20:21:39 +0000 (21:21 +0100)]
Disable shell debug mode
Probably leftovers from a previous debugging session.
Peter van Dijk [Tue, 17 Feb 2015 08:53:42 +0000 (09:53 +0100)]
Merge pull request #2234 from rubenk/cleanup-log-messages
Cleanup the log messages a bit
bert hubert [Tue, 17 Feb 2015 08:43:57 +0000 (09:43 +0100)]
remove the parts that are wrong from this readme, add some stuff that is right
Ruben Kerkhof [Sat, 14 Feb 2015 14:18:37 +0000 (15:18 +0100)]
Cleanup the log messages a bit
And fix a few typos while we're at it.
Peter van Dijk [Tue, 17 Feb 2015 07:52:22 +0000 (08:52 +0100)]
Merge pull request #2237 from zeha/share-thread-ueberbackend
PacketHandler: Share UeberBackend with DNSSECKeeper
Peter van Dijk [Tue, 17 Feb 2015 06:22:53 +0000 (07:22 +0100)]
Merge pull request #2243 from mind04/dolog
dnsdist requires dolog.hh
Kees Monshouwer [Mon, 16 Feb 2015 22:50:29 +0000 (23:50 +0100)]
dnsdist requires dolog.hh
Peter van Dijk [Mon, 16 Feb 2015 21:50:41 +0000 (22:50 +0100)]
Merge pull request #2242 from mind04/dist
add LuaContext.hpp to auth dist tar.bz2
Kees Monshouwer [Mon, 16 Feb 2015 20:05:04 +0000 (21:05 +0100)]
add LuaContext.hpp to auth dist tar.bz2
Pieter Lexis [Tue, 10 Feb 2015 18:09:51 +0000 (19:09 +0100)]
JSON-API: Send 401 on bad API-Key
* Closes #2179
* We send an HTTP 401 (Unauthorized) when:
* The API Key is wrong
* The API Key is empty or missing
* Authentication failures are logged as Error (was Debug)
* Fix the API regression test to accept this 401 as valid
Peter van Dijk [Mon, 16 Feb 2015 15:09:00 +0000 (16:09 +0100)]
Merge pull request #2235 from Whissi/make-remotebackend-zeromq-depending-on-remote-module
0MQ remotebackend requires remote backend itself
Peter van Dijk [Mon, 16 Feb 2015 14:11:14 +0000 (15:11 +0100)]
Merge pull request #2236 from Whissi/cleanup-configure-output
Improve configure output
Peter van Dijk [Mon, 16 Feb 2015 14:00:27 +0000 (15:00 +0100)]
Merge pull request #2157 from cmouse/tsig-changes
Tsig changes
Peter van Dijk [Mon, 16 Feb 2015 12:22:15 +0000 (13:22 +0100)]
move statbag so static initialisation happens early enough for packetcache; thanks @cmouse for pointers
Peter van Dijk [Mon, 16 Feb 2015 12:43:38 +0000 (13:43 +0100)]
Merge pull request #1735 from cmouse/send-servfail-on-error
Make sure we send servfail on error
bert hubert [Mon, 16 Feb 2015 11:27:09 +0000 (12:27 +0100)]
remove dependency on sendmmsg, which did not help in any case
Peter van Dijk [Mon, 16 Feb 2015 09:29:11 +0000 (10:29 +0100)]
Avoid warning: ISO C++11 does not allow conversion from string literal to 'char *' [-Wc++11-compat-deprecated-writable-strings]
Peter van Dijk [Mon, 16 Feb 2015 08:09:01 +0000 (09:09 +0100)]
Merge pull request #2238 from cmouse/fix-lua-auth-warning
Use correct type for loop variable, removes warning
bert hubert [Mon, 16 Feb 2015 07:44:47 +0000 (08:44 +0100)]
we used to rely on SRCDIR environment variable being set, now assume . if unset
bert hubert [Sun, 15 Feb 2015 18:55:44 +0000 (19:55 +0100)]
fix up our c++2011-with-working-lua-detection (thanks to pieter for spotting the issue)
Aki Tuomi [Sun, 15 Feb 2015 15:23:02 +0000 (17:23 +0200)]
Use correct type for loop variable, removes warning
Christian Hofstaedtler [Sun, 15 Feb 2015 14:01:28 +0000 (15:01 +0100)]
Replace PacketHandler with UeberBackend where possible
Makes reasoning about PacketHandler usage easier.
Christian Hofstaedtler [Sun, 15 Feb 2015 13:36:45 +0000 (14:36 +0100)]
Remove emitNSEC3 from header file
I broke it's signature during the last cleanup, but nobody outside
packethandler.cc uses it.
Christian Hofstaedtler [Sun, 15 Feb 2015 13:35:27 +0000 (14:35 +0100)]
PacketHandler: Remove signatures for missing functions
Christian Hofstaedtler [Sun, 15 Feb 2015 13:08:32 +0000 (14:08 +0100)]
PacketHandler: Share UeberBackend with DNSSECKeeper
Reduces number of backend instances by 50%, very relevant for setups
that have backends with huge startup/runtime cost.
Thomas D [Sat, 14 Feb 2015 21:14:42 +0000 (22:14 +0100)]
Add information whether we are building ZeroMQ remotebackend to summary
Thomas D [Sat, 14 Feb 2015 17:42:52 +0000 (18:42 +0100)]
"--disable-hardening" option improved
* Splitted into argument and helptext
* MSG about hardening status added to configure output
bert hubert [Sat, 14 Feb 2015 18:26:17 +0000 (19:26 +0100)]
dnsdist is c++2011 now which means jenkins can't build it anymore for us. Remove it from RPM.
Thomas D [Sat, 14 Feb 2015 16:43:34 +0000 (17:43 +0100)]
ZeroMQ remotebackend requires remote backend itself
Peter van Dijk [Sat, 14 Feb 2015 14:54:54 +0000 (15:54 +0100)]
Merge pull request #2233 from rubenk/handle-missing-so_reuseport
Older kernels don't have SO_REUSEPORT
Ruben Kerkhof [Sat, 14 Feb 2015 14:42:07 +0000 (15:42 +0100)]
Older kernels don't have SO_REUSEPORT
bert hubert [Sat, 14 Feb 2015 12:10:03 +0000 (13:10 +0100)]
only do c++-2011 is luawrapper works (breaks c+2011 for non-lua builds, but want to get the tests running again)
bert hubert [Sat, 14 Feb 2015 09:41:21 +0000 (10:41 +0100)]
turns out travis and jenkins don't know about the sendmmsg system call (eh?)
bert hubert [Sat, 14 Feb 2015 08:50:29 +0000 (09:50 +0100)]
didn't work
bert hubert [Sat, 14 Feb 2015 08:48:58 +0000 (09:48 +0100)]
Merge branch 'master' into dnsdist11
Peter van Dijk [Sat, 14 Feb 2015 07:31:32 +0000 (08:31 +0100)]
Merge pull request #2231 from rubenk/testrunner-needs-libdl
The testrunner needs -ldl now
Ruben Kerkhof [Fri, 13 Feb 2015 23:03:36 +0000 (00:03 +0100)]
The testrunner needs -ldl now
Peter van Dijk [Fri, 13 Feb 2015 22:36:23 +0000 (23:36 +0100)]
Merge pull request #2142 from zeha/untangle-dnsbackend-ueberbackend
Stop pretending UeberBackend is a normal DNSBackend
Peter van Dijk [Fri, 13 Feb 2015 22:04:29 +0000 (23:04 +0100)]
Merge pull request #2167 from Habbie/html-tar-bz2
html.tar.bz2 target, partial resolution for #2165
Peter van Dijk [Fri, 13 Feb 2015 22:04:08 +0000 (23:04 +0100)]
Merge pull request #2176 from rubenk/recursor-systemd
Start pdns-recursor before nss-lookup.target
Peter van Dijk [Fri, 13 Feb 2015 22:03:33 +0000 (23:03 +0100)]
Merge pull request #2185 from rubenk/systemd-improvements
Systemd improvements
Peter van Dijk [Fri, 13 Feb 2015 22:02:28 +0000 (23:02 +0100)]
Merge pull request #2182 from AdamMajer/master
Memory leak cleanup in unit tests thanks to valgrind
Peter van Dijk [Fri, 13 Feb 2015 22:01:27 +0000 (23:01 +0100)]
Merge pull request #2213 from James-TR/patch-1
Welcome to 2015
Peter van Dijk [Fri, 13 Feb 2015 21:15:30 +0000 (22:15 +0100)]
Merge pull request #2229 from rubenk/make-rule-explicit
Use an explit rule to turn ragel into C++
Peter van Dijk [Fri, 13 Feb 2015 16:27:08 +0000 (17:27 +0100)]
re-allow building without lua
Peter van Dijk [Fri, 13 Feb 2015 14:49:19 +0000 (15:49 +0100)]
Merge pull request #1471 from Habbie/luapolicy
initial implementation of Lua policy engine
Peter van Dijk [Fri, 6 Jun 2014 10:43:27 +0000 (12:43 +0200)]
Merge work-in-progress Lua policy engine.
Some text from the Pull Request at the time of merge:
Should not break anything when not used; should not break anything when used
(assuming the loaded script is free of bugs). Example script may not be
entirely correct. Needs tests (dnsperf QPS is a fine KPI).
Run `git show <thiscommit> | grep FIXME` to see known issues.
Todo/evolution ideas:
Copy reload/unload behaviour from recursor (allow reloading different script,
don't replace running instance when loading fails due to syntax errors etc).
Related, make sure we do PASS when the police() call fails.
Add pdns-side metrics (drops/passes/truncates/lua errors) (probably some
actual breakage in the metrics area right now). Log (sample of) lua errors.
Call metrics() periodically (every second) and merge those into our own,
including carbon submission? Perhaps with incremental (number since last read)
vs. absolute flag (number since startup). If absolute, consider
'checkpointing' on script reload.
Call statsline() periodically (every X minutes) for a summary we can log?
Write wrapper (in Lua?) to allow loading policy scripts into recursor using
the hooks already present there (pre/postresolve).
Expose header/extra flags (RD, DO, etc.).
Ruben Kerkhof [Fri, 13 Feb 2015 13:30:55 +0000 (14:30 +0100)]
Use an explit rule to turn ragel into C++
The implicit rule causes Make to search for a .rl
file for each .cc file
Peter van Dijk [Fri, 13 Feb 2015 12:56:23 +0000 (13:56 +0100)]
Merge pull request #2219 from mind04/mixed
evaluate KSK ZSK pairs per algorithm
Peter van Dijk [Fri, 13 Feb 2015 12:54:30 +0000 (13:54 +0100)]
Merge pull request #2222 from James-TR/pdnssec-doc-fix
Bring pdnssec algs inline with pdnssec source
Peter van Dijk [Fri, 13 Feb 2015 12:53:43 +0000 (13:53 +0100)]
Merge pull request #2226 from rubenk/silence-scary-warning-in-configure-recursor
Silence warnings that always occur on FreeBSD
Peter van Dijk [Fri, 13 Feb 2015 11:28:47 +0000 (12:28 +0100)]
Merge pull request #2228 from Habbie/fixsendmsg
make sure we never call sendmsg with msg_control!=NULL && msg_controllen>0
Aki Tuomi [Fri, 13 Feb 2015 10:07:57 +0000 (12:07 +0200)]
Do not delete b too early
Aki Tuomi [Fri, 26 Sep 2014 11:24:58 +0000 (14:24 +0300)]
Make sure we send servfail on error
Peter van Dijk [Fri, 13 Feb 2015 08:49:13 +0000 (09:49 +0100)]
add recursor-test-freebsd script
Peter van Dijk [Fri, 13 Feb 2015 08:29:00 +0000 (09:29 +0100)]
make sure we never call sendmsg with msg_control!=NULL && msg_controllen>0. Fixes #2227
James Taylor [Thu, 12 Feb 2015 22:03:16 +0000 (22:03 +0000)]
Bring pdnssec algs inline with pdnssec source
* Changed the algorithms to be inline with shorthand2algorithm()
from pdns/pdnssec.c
* Might need to clarify what the other algorithms are, too
Ruben Kerkhof [Thu, 12 Feb 2015 16:58:42 +0000 (17:58 +0100)]
Silence warnings that always occur on FreeBSD
Peter van Dijk [Thu, 12 Feb 2015 13:14:36 +0000 (14:14 +0100)]
fix mailman link, thanks @justinclift
Peter van Dijk [Thu, 12 Feb 2015 12:33:27 +0000 (13:33 +0100)]
Merge pull request #2224 from arjenz/master
Fix typo
arjenz [Thu, 12 Feb 2015 12:31:32 +0000 (13:31 +0100)]
Fix typo
Fix a typo as noticed on http://blog.powerdns.com/2015/02/12/powerdns-recursor-3-7-1-released/
Peter van Dijk [Thu, 12 Feb 2015 12:24:43 +0000 (13:24 +0100)]
secpoll for rec 3.7.1
Peter van Dijk [Thu, 12 Feb 2015 11:36:59 +0000 (12:36 +0100)]
drop RC details
Peter van Dijk [Thu, 12 Feb 2015 11:07:30 +0000 (12:07 +0100)]
3.7.1 changelog
Kees Monshouwer [Wed, 11 Feb 2015 21:54:08 +0000 (22:54 +0100)]
evaluate KSK ZSK pairs per algorithm
bert hubert [Wed, 11 Feb 2015 16:00:21 +0000 (17:00 +0100)]
on Linux, SO_TIMESTAMP == SCM_TIMESTAMP, on at least FreeBSD, it is not, causing us to miss harvesting the timestamp, and dropping all packets as too old. With this change, we don't drop if we can't find the timestamp, plus harvest it properly
bert hubert [Wed, 11 Feb 2015 12:47:04 +0000 (13:47 +0100)]
update release notes and documentation for 3.7.0
bert hubert [Wed, 11 Feb 2015 12:14:16 +0000 (13:14 +0100)]
secpoll for 3.7.0
James Taylor [Tue, 10 Feb 2015 08:47:57 +0000 (08:47 +0000)]
Welcome to 2015
* It's February! :D
Ruben Kerkhof [Wed, 4 Feb 2015 10:16:33 +0000 (11:16 +0100)]
Restrict address families that can be used
To AF_UNIX AF_INET and AF_INET6.
Ruben Kerkhof [Wed, 4 Feb 2015 10:13:07 +0000 (11:13 +0100)]
Mount /home and /run/user read-only
Ruben Kerkhof [Wed, 4 Feb 2015 10:07:44 +0000 (11:07 +0100)]
Give recursor its own read-only mount namespace
/usr and /etc are mounted read-only
Ruben Kerkhof [Wed, 4 Feb 2015 10:06:23 +0000 (11:06 +0100)]
Ensure recursor can't elevate its privileges
Ruben Kerkhof [Wed, 4 Feb 2015 10:04:43 +0000 (11:04 +0100)]
Drop unneeded capabilities
The recursor only needs CAP_NET_BIND_SERVICE
to bind to port 53
Ruben Kerkhof [Wed, 4 Feb 2015 10:04:13 +0000 (11:04 +0100)]
Give recursor its own /dev namespace