]>
granicus.if.org Git - pdns/log
aerique [Wed, 18 Oct 2017 10:02:18 +0000 (12:02 +0200)]
Merge pull request #5779 from pieterlexis/api-rectify-version-2
Rectify zones via the API
Pieter Lexis [Mon, 16 Oct 2017 10:40:48 +0000 (12:40 +0200)]
Deduplicate and shorten API exception message
Pieter Lexis [Mon, 16 Oct 2017 10:32:39 +0000 (12:32 +0200)]
Add doRectify bool to DNSSECKeeper::rectifyZone()
This is added so the API can wrap an update to a zone's records *and*
DNSSEC info into a single transaction.
Pieter Lexis [Mon, 16 Oct 2017 10:31:38 +0000 (12:31 +0200)]
Reuse UeberBackend in DNSSECKeeper::rectifyZone()
But use a full UeberBackend when needed.
Pieter Lexis [Mon, 16 Oct 2017 09:37:26 +0000 (11:37 +0200)]
API: Fully boolify api_rectify
Pieter Lexis [Fri, 6 Oct 2017 15:04:23 +0000 (17:04 +0200)]
API: add rectify endpoint
Pieter Lexis [Fri, 6 Oct 2017 14:13:22 +0000 (16:13 +0200)]
API: Implement conditional rectification
This commit takes a lot of ideas and code from #3417 and subsequent
development and implements the following things:
- Generate DNSSEC keys for a zone when "dnssec" is true in an API
POST/PATCH for zones
- Rectify DNSSEC zones after POST/PATCH when API-RECTIFY metadata is 1
- Allow setting this metadata via the "api-rectify" param in a Zone
object
- Shows "nsec3param" and "nsec3narrow" in Zone API responses
- Adds an "rrsets" request parameter for a zone to skip sending RRSets
in the response (Closes #5712)
Closes #3417
Many thanks to Nils Wisiol (@nils-wisiol) for the initial
implementation.
Pieter Lexis [Fri, 6 Oct 2017 12:24:45 +0000 (14:24 +0200)]
Add checkNSEC3PARAM function
Pieter Lexis [Wed, 4 Oct 2017 14:20:07 +0000 (16:20 +0200)]
Move rectifyZone from pdnsutil to DNSSECKeeper
Pieter Lexis [Tue, 17 Oct 2017 12:28:16 +0000 (14:28 +0200)]
Merge pull request #5757 from mstathers/master
Update docs to reflect actual default database name.
Pieter Lexis [Mon, 16 Oct 2017 15:56:06 +0000 (17:56 +0200)]
Merge pull request #5740 from pieterlexis/lowercase-outgoing-all-the-things
rec: Lowercase all outgoing qnames when lowercase-outgoing is set
Peter van Dijk [Mon, 16 Oct 2017 15:10:39 +0000 (17:10 +0200)]
Merge pull request #5824 from mind04/b-root
b.root renumbering, effective 2017-10-24
Remi Gacogne [Mon, 16 Oct 2017 14:16:37 +0000 (16:16 +0200)]
Merge pull request #5808 from rgacogne/rec-nsec-ent
rec: Check that the NSEC covers an ENT when looking for NODATA
Pieter Lexis [Thu, 28 Sep 2017 11:04:28 +0000 (13:04 +0200)]
Add test for lowercase-outgoing
Pieter Lexis [Thu, 28 Sep 2017 10:15:00 +0000 (12:15 +0200)]
Make lowercase-outgoing actually lowercase all q's
Before, we would only lowercase the original qname before handing it to
SyncRes. Now the asyncresolveWrapper lowercases if it has to behor
handing the qname to asyncresolve.
Kees Monshouwer [Sun, 15 Oct 2017 19:31:35 +0000 (21:31 +0200)]
b.root renumbering, effective 2017-10-24
aerique [Fri, 13 Oct 2017 13:35:40 +0000 (15:35 +0200)]
Merge pull request #5820 from rgacogne/auth-mysql-trunc
auth: Display the needed size when a MySQL result was truncated
Remi Gacogne [Thu, 12 Oct 2017 15:55:41 +0000 (17:55 +0200)]
Merge pull request #5815 from Habbie/presigned-soa-edit
ignore SOA-EDIT for PRESIGNED zones. Fixes #5814
Remi Gacogne [Thu, 12 Oct 2017 15:32:52 +0000 (17:32 +0200)]
auth: Display the needed size when a MySQL result was truncated
Peter van Dijk [Thu, 12 Oct 2017 10:26:37 +0000 (12:26 +0200)]
ignore SOA-EDIT for PRESIGNED zones. Fixes #5814
Remi Gacogne [Wed, 11 Oct 2017 14:27:40 +0000 (16:27 +0200)]
Merge pull request #5800 from zeha/spelling
rec_control manpage: fix spelling error found by lintian
Remi Gacogne [Wed, 11 Oct 2017 14:26:40 +0000 (16:26 +0200)]
Merge pull request #5801 from rgacogne/auth-tinydns-indent-mismatch
auth: Fix missing else braces in TinyDNSBackend::get()
Remi Gacogne [Wed, 11 Oct 2017 12:30:27 +0000 (14:30 +0200)]
Merge pull request #5802 from rgacogne/travis-encrypt-channel
Encrypt the IRC channel name so notifications are not sent for forks
Remi Gacogne [Wed, 11 Oct 2017 10:20:42 +0000 (12:20 +0200)]
rec: The NSEC next name should be different to prove an ENT
While it's not an issue in the current code because we checked
earlier that the NSEC covered the name, it might prevent an issue
if we reuse nsecProvesENT() later.
Remi Gacogne [Wed, 11 Oct 2017 09:25:04 +0000 (11:25 +0200)]
rec: Check that the NSEC covers an ENT when looking for NODATA
Otherwise we might consider that a NSEC record covers a name when it
does not.
bert hubert [Tue, 10 Oct 2017 17:57:00 +0000 (19:57 +0200)]
Merge pull request #5803 from ahupowerdns/zero-exception
Fix throwing exceptions from MThreads, plus add unit tests
bert hubert [Tue, 10 Oct 2017 17:56:39 +0000 (19:56 +0200)]
Merge pull request #5805 from ahupowerdns/mthread-contain-except
improve logging of errors in carbon & web services thread
bert hubert [Tue, 10 Oct 2017 16:06:36 +0000 (18:06 +0200)]
It is 2017, also in README.md
bert hubert [Tue, 10 Oct 2017 16:03:24 +0000 (18:03 +0200)]
Tone down errors a bit, remove ominous ": "
aerique [Tue, 10 Oct 2017 14:25:09 +0000 (16:25 +0200)]
Merge pull request #5804 from Habbie/rec4.1a1-secpoll
add rec-4.1.0-alpha1 to secpoll
bert hubert [Tue, 10 Oct 2017 14:06:51 +0000 (16:06 +0200)]
use BOOST_CHECK_THROW, link in boost_context.cc
bert hubert [Tue, 10 Oct 2017 13:50:22 +0000 (15:50 +0200)]
improve logging of errors in carbon & web services thread
bert hubert [Tue, 10 Oct 2017 12:41:44 +0000 (14:41 +0200)]
add two tests for MTasker, including catching an exception
bert hubert [Tue, 10 Oct 2017 12:41:01 +0000 (14:41 +0200)]
if there was an mtasker waiter with no associated timeout, we would loop forever in MTasker::schedule()
bert hubert [Tue, 10 Oct 2017 10:48:55 +0000 (12:48 +0200)]
Fix crash on older boost when receiving an exception from an MThread
for older boost fcontext versions, we would return a boolean that said 'we
caught an exception for you and stored it in ctx', but we would not actually
retrieve the origin ctx, and then blindly attempt to rethrow the exception
(not) stored in the ctx we did have, leading to a crash. We now send back the
actual ctx, and check it for a stored exception.
Peter van Dijk [Tue, 10 Oct 2017 13:35:37 +0000 (15:35 +0200)]
add rec-4.1.0-alpha1 to secpoll
Remi Gacogne [Tue, 10 Oct 2017 07:47:41 +0000 (09:47 +0200)]
auth: Fix missing else braces in TinyDNSBackend::get()
It doesn't look like an issue since there is a `continue` at the end
of the alternative, but this is a lot cleaner that way.
Chris Hofstaedtler [Tue, 10 Oct 2017 05:54:41 +0000 (07:54 +0200)]
rec_control manpage: fix spelling error found by lintian
Peter van Dijk [Mon, 9 Oct 2017 15:26:45 +0000 (17:26 +0200)]
Merge pull request #5794 from Habbie/azerty
fix azerty typo
Peter van Dijk [Mon, 9 Oct 2017 15:26:24 +0000 (17:26 +0200)]
Merge pull request #5791 from Habbie/tinydns-bogus-reporting
tinydns: report broken content that causes errors
Peter van Dijk [Mon, 9 Oct 2017 15:26:03 +0000 (17:26 +0200)]
Merge pull request #5789 from ahupowerdns/warn-sqlite3-replace
add note on how you can't replace the sqlite3 database file while pow…
Peter van Dijk [Mon, 9 Oct 2017 15:17:41 +0000 (17:17 +0200)]
Merge pull request #5775 from MatusKysel/master
Remove preprocessor directives for older GCC versions
aerique [Mon, 9 Oct 2017 14:15:18 +0000 (16:15 +0200)]
Merge pull request #5776 from aerique/feature/update-rec-changelog
Update the ChangeLog and secpoll for Recursor 4.1.0 RC1.
Remi Gacogne [Mon, 9 Oct 2017 08:46:59 +0000 (10:46 +0200)]
Encrypt the IRC channel name so notifications are not sent for forks
Erik Winkels [Mon, 9 Oct 2017 12:13:06 +0000 (14:13 +0200)]
Update secpoll for recursor 4.1.0-rc1.
Erik Winkels [Fri, 6 Oct 2017 11:59:25 +0000 (13:59 +0200)]
Update the ChangeLog for Recursor 4.1.0 RC1.
aerique [Mon, 9 Oct 2017 12:19:22 +0000 (14:19 +0200)]
Merge pull request #5780 from pieterlexis/libsodium-detect-fix
Fix libsodium autodetect without libsodium
aerique [Mon, 9 Oct 2017 11:47:00 +0000 (13:47 +0200)]
Merge pull request #5792 from rgacogne/web-socket-accept-nullptr
If accept() returns EAGAIN, Socket::accept() returns a null pointer
Peter van Dijk [Mon, 9 Oct 2017 09:03:15 +0000 (11:03 +0200)]
fix azerty typo
Peter van Dijk [Mon, 9 Oct 2017 10:29:37 +0000 (12:29 +0200)]
Merge pull request #5796 from rgacogne/travis-mongo-failure
Remove failing mongodb source from travis
Remi Gacogne [Mon, 9 Oct 2017 08:35:17 +0000 (10:35 +0200)]
Remove failing mongodb source from travis
Peter van Dijk [Sun, 8 Oct 2017 17:52:22 +0000 (19:52 +0200)]
tinydns: report broken content that causes errors
bert hubert [Sun, 8 Oct 2017 11:41:50 +0000 (13:41 +0200)]
add note on how you can't replace the sqlite3 database file while powerdns is running. Also strenghten sqlite3 analyze remark.
Remi Gacogne [Sat, 7 Oct 2017 08:28:35 +0000 (10:28 +0200)]
If accept() returns EAGAIN, Socket::accept() returns a null pointer
Pieter Lexis [Fri, 6 Oct 2017 18:30:24 +0000 (20:30 +0200)]
Add libsodium change to the upgrade guides
Pieter Lexis [Fri, 6 Oct 2017 18:22:20 +0000 (20:22 +0200)]
Fix libsodium autodetect without libsodium
Found by @mind04
aerique [Fri, 6 Oct 2017 15:04:02 +0000 (17:04 +0200)]
Merge pull request #5764 from pieterlexis/libsodium-auto-detect
autoconf: set --enable-libsodium to 'auto'
aerique [Fri, 6 Oct 2017 13:09:07 +0000 (15:09 +0200)]
Merge pull request #5773 from rgacogne/rec-check-negative-rrsig-validity
rec: Don't negcache entries for longer than their RRSIG validity
Matus Kysel [Fri, 6 Oct 2017 12:12:26 +0000 (14:12 +0200)]
Revert one of changed files
Matus Kysel [Fri, 6 Oct 2017 11:11:07 +0000 (13:11 +0200)]
Cleanup or remove preprocessor directives for specific GCC versions #5158
Remi Gacogne [Thu, 5 Oct 2017 15:20:15 +0000 (17:20 +0200)]
rec: Don't negcache entries for longer than their RRSIG validity
Peter van Dijk [Fri, 6 Oct 2017 09:16:50 +0000 (11:16 +0200)]
Merge pull request #5733 from rgacogne/test-vectors
Add DNSSEC test vectors for RSA, ECDSA,
ed25519 and GOST
Peter van Dijk [Fri, 6 Oct 2017 09:13:53 +0000 (11:13 +0200)]
Merge pull request #5766 from rgacogne/auth-purge-query-cache-on-axfr
auth: Correctly purge entries from the caches after a transfer
Peter van Dijk [Fri, 6 Oct 2017 09:12:25 +0000 (11:12 +0200)]
Merge pull request #5771 from rgacogne/rec-ds-queries-cut
rec: For DS queries, only the cuts down to the parent matter
Peter van Dijk [Fri, 6 Oct 2017 09:11:38 +0000 (11:11 +0200)]
Merge pull request #5772 from rgacogne/rec-tc-authority
rec: Set TC=1 if we had to omit part of the AUTHORITY section
Remi Gacogne [Thu, 5 Oct 2017 14:48:27 +0000 (16:48 +0200)]
rec: Set TC=1 if we had to omit part of the AUTHORITY section
The client might need them for validation purpose, for example, so
it needs to know the answer has been truncated.
Remi Gacogne [Thu, 5 Oct 2017 10:24:56 +0000 (12:24 +0200)]
auth: Purge the caches after a successful IXFR
Remi Gacogne [Thu, 5 Oct 2017 10:09:46 +0000 (12:09 +0200)]
auth: Purge entries from the query cache on an incoming AXFR
Since the QC/PC split up, we only removed entries for the AXFR'd
domain from the packet cache, not the query cache.
Remi Gacogne [Tue, 3 Oct 2017 20:41:12 +0000 (22:41 +0200)]
rec: For DS queries, only the cuts down to the parent matter
Pieter Lexis [Tue, 3 Oct 2017 20:29:08 +0000 (22:29 +0200)]
autoconf: set --enable-libsodium to 'auto'
This was 'no' before. As we (want to) use libsodium for dnsdist's
console *and* for
ed25519 for the auth and the recursor, we might as wel
use it when we detect it.
This would a good change to have in auth 4.1, rec 4.1 and dndist 1.3,
currently on master.
bert hubert [Mon, 2 Oct 2017 19:39:23 +0000 (21:39 +0200)]
Merge pull request #5756 from ahupowerdns/logimp2
Improve --quiet=false output for recursor to include DNSSEC and more timing details (the good version of this PR)
bert hubert [Fri, 29 Sep 2017 20:37:49 +0000 (22:37 +0200)]
Improve --quiet=false output for recursor to include DNSSEC and more timing details
With this PR, pdns_recursor non-quiet logging shows DNSSEC status and adds time spent waiting for network, plus total time spent before answer was sent. This quantifies the internal overhead.
aerique [Mon, 2 Oct 2017 12:41:06 +0000 (14:41 +0200)]
Merge pull request #5752 from rgacogne/rec-5716-follow-up
rec: Check that the owner name is part of the signer in getDenial
aerique [Mon, 2 Oct 2017 09:33:56 +0000 (11:33 +0200)]
Merge pull request #5753 from rgacogne/rec-nxd-from-exact-auth-ds
rec: When looking for a DS, skip NXD if the auth matches the qname
bert hubert [Mon, 2 Oct 2017 08:30:30 +0000 (10:30 +0200)]
Merge pull request #5755 from ahupowerdns/travis-bulk-improve
Improve dnsbulktest experience in travis for more robustness
bert hubert [Mon, 2 Oct 2017 07:27:03 +0000 (09:27 +0200)]
we actually resolve 98% by new definition, so can affort upping threshold from 90 to 95%.
Michael Stathers [Sun, 1 Oct 2017 21:44:30 +0000 (14:44 -0700)]
Update docs to reflect actual default database name.
Peter van Dijk [Sat, 30 Sep 2017 20:10:30 +0000 (22:10 +0200)]
Merge pull request #5744 from cmouse/remotebackend
remotebackend: Fix libjson11.la location to top_builddir
bert hubert [Fri, 29 Sep 2017 20:40:53 +0000 (22:40 +0200)]
Improve dnsbulktest experience in travis for more robustness
This commit changes our dnsbulktest source from Alexa to Cisco Umbrella, but this turned out not to be as important as we thought.
In addition, it turns out we had been installing pdns-tools incorrectly because of wrong apt-settings. We now install pdns-tools from the master repo at repo.powerdns.com
This commit also tunes pdns_recursor to use less simultaneous outbound connections during testing, which appears to make Travis NAT happier, leading to less errors.
Finally, we use new features of dnsbulktest to extract more statistics for how well we are doing. Success is now dependent on errors and timeouts, and less on NXDOMAIN.
bert hubert [Fri, 29 Sep 2017 16:27:35 +0000 (18:27 +0200)]
Merge pull request #5754 from ahupowerdns/dnsbulk-more-stats
Add more metrics to dnsbulktest -e output
bert hubert [Fri, 29 Sep 2017 15:30:23 +0000 (17:30 +0200)]
Add more metrics to dnsbulktest -e output
With this commit, dnsbulktest writes out more statistics when invoked with -e. This enables more granular limits for determining build success in travis.
Remi Gacogne [Fri, 29 Sep 2017 12:35:16 +0000 (14:35 +0200)]
rec: When looking for a DS, skip NXD if the auth matches the qname
Remi Gacogne [Fri, 29 Sep 2017 11:56:50 +0000 (13:56 +0200)]
Merge pull request #5738 from rgacogne/rec-servfail-on-direct-rrsig-nsec3
rec: Do not allow direct queries for RRSIG or NSEC3
Remi Gacogne [Fri, 29 Sep 2017 10:26:05 +0000 (12:26 +0200)]
rec: Check that the owner name is part of the signer in getDenial
Remi Gacogne [Fri, 29 Sep 2017 10:01:40 +0000 (12:01 +0200)]
rec: De-duplicate handling of TA/NTA state from getDSRecords()
bert hubert [Fri, 29 Sep 2017 07:15:54 +0000 (09:15 +0200)]
Merge pull request #5750 from ahupowerdns/dnsbulktest-no-www
add --www feature to dnsbulktest to make it (not) add www. to everything too
bert hubert [Fri, 29 Sep 2017 06:07:53 +0000 (08:07 +0200)]
add --www feature to dnsbulktest to make it (not) add www. to everything too
Peter van Dijk [Thu, 28 Sep 2017 18:44:12 +0000 (20:44 +0200)]
Merge pull request #5716 from rgacogne/rec-cut-ds
rec: Detect zone cuts by asking for DS instead of NS
Aki Tuomi [Thu, 28 Sep 2017 13:12:34 +0000 (16:12 +0300)]
remotebackend: Fix libjson11.la location to top_builddir
bert hubert [Thu, 28 Sep 2017 11:59:46 +0000 (13:59 +0200)]
Merge pull request #5699 from ahupowerdns/rec-dyn-cache-entries
implement dynamic cache sizeing for recursor
aerique [Thu, 28 Sep 2017 09:32:48 +0000 (11:32 +0200)]
Merge pull request #5734 from rgacogne/auth-botan-pk-crash
auth: Fix a crash when getting a public GOST key if the private one is not set
aerique [Thu, 28 Sep 2017 08:15:26 +0000 (10:15 +0200)]
Merge pull request #5739 from rgacogne/rec-policy-pass-truncate
rec: Remove pdns.PASS and pdns.TRUNCATE
bert hubert [Wed, 27 Sep 2017 19:22:30 +0000 (21:22 +0200)]
Merge pull request #5576 from rgacogne/dnsdist-sharded-mmsg
dnsdist: Cache sharding, recvmmsg and CPU pinning support
Remi Gacogne [Wed, 27 Sep 2017 14:24:39 +0000 (16:24 +0200)]
rec: Remove pdns.PASS and pdns.TRUNCATE
Those values are not documented in a recursor context, and does not
work as expected since `pdns.PASS` resulted in an immediate `ServFail`
and `pdns.TRUNCATE` in a strange status code being sent (showing
up as `RESERVED13` in `dig`).
Remi Gacogne [Wed, 27 Sep 2017 14:14:49 +0000 (16:14 +0200)]
rec: Do not allow direct queries for RRSIG or NSEC3
aerique [Wed, 27 Sep 2017 10:13:52 +0000 (12:13 +0200)]
Merge pull request #5723 from rgacogne/auth-bindbackend_dof
auth: Use a unique pointer for bind backend's `d_of`
aerique [Wed, 27 Sep 2017 08:29:53 +0000 (10:29 +0200)]
Merge pull request #5732 from aerique/bugfix/5690-add-note-ldap-schema-update
Add note on updating LDAP schema.
aerique [Tue, 26 Sep 2017 15:11:47 +0000 (17:11 +0200)]
Merge pull request #5715 from rgacogne/rec-direct-nsec
rec: Handle direct NSEC queries
Peter van Dijk [Tue, 26 Sep 2017 09:37:15 +0000 (11:37 +0200)]
Merge pull request #5722 from pieterlexis/issue-5721-publish-inactive-CDS-CDNSKEY
Auth: Publish inactive KSK/CSK as CDNSKEY/CDS
Erik Winkels [Tue, 26 Sep 2017 08:56:40 +0000 (10:56 +0200)]
Add note on updating LDAP schema.