]> granicus.if.org Git - pdns/log
pdns
7 years agorec: Run unit tests, split recursor-specific unit tests from the auth
Remi Gacogne [Mon, 13 Mar 2017 12:52:51 +0000 (13:52 +0100)]
rec: Run unit tests, split recursor-specific unit tests from the auth

Some unit tests are common and will be run twice, once in the auth
build and once in the rec one. This ensures that they will be run on
rec-4.0.x and auth-4.0.x branches as well.

(cherry picked from commit 35d883a830af0284efafe94d1a6bd1c1ad04bae7)

7 years agoMerge pull request #4935 from rgacogne/rec40-backport-4911
Pieter Lexis [Fri, 17 Feb 2017 09:59:13 +0000 (10:59 +0100)]
Merge pull request #4935 from rgacogne/rec40-backport-4911

Backport #4911: Fix negative port detection for IPv6 addresses on 32-bit

7 years agoMerge pull request #5047 from rgacogne/rec40-backport-4744
Pieter Lexis [Fri, 17 Feb 2017 09:58:52 +0000 (10:58 +0100)]
Merge pull request #5047 from rgacogne/rec40-backport-4744

backport #4744: Handle exceptions raised by `closesocket()`

7 years agoMerge pull request #5045 from rgacogne/rec40-backport-4917
Pieter Lexis [Fri, 17 Feb 2017 09:58:37 +0000 (10:58 +0100)]
Merge pull request #5045 from rgacogne/rec40-backport-4917

backport #4917: rec: Clean up, fix compiler warnings

7 years agoMerge pull request #4970 from rgacogne/rec40-tsig-canonical-algo
Pieter Lexis [Fri, 17 Feb 2017 09:58:28 +0000 (10:58 +0100)]
Merge pull request #4970 from rgacogne/rec40-tsig-canonical-algo

Backport #4961: Lowercase the TSIG algorithm name in hash computation

7 years agoExplicitely use const iterators in `validateWithKeySet` and `getKeysFor`
Remi Gacogne [Mon, 16 Jan 2017 17:05:34 +0000 (18:05 +0100)]
Explicitely use const iterators in `validateWithKeySet` and `getKeysFor`

(cherry picked from commit 7a4f4632913046afde9e8acbbff1213b8faf982d)

7 years agoMake sure `labelsToAdd` is not empty in `getZoneCuts()`
Remi Gacogne [Mon, 16 Jan 2017 16:53:06 +0000 (17:53 +0100)]
Make sure `labelsToAdd` is not empty in `getZoneCuts()`

(cherry picked from commit e2f91e7051975a411445ebd54a2a124c78a7d8ff)

7 years agoRemove `g_rootDS` leftover
Remi Gacogne [Mon, 16 Jan 2017 16:51:49 +0000 (17:51 +0100)]
Remove `g_rootDS` leftover

(cherry picked from commit 08d5ffac729f6aaa2f63d070a7fcefe42e3c32f4)

7 years agoRemove unused `RemoteLogger::sendData()` leftover
Remi Gacogne [Mon, 16 Jan 2017 16:46:59 +0000 (17:46 +0100)]
Remove unused `RemoteLogger::sendData()` leftover

(cherry picked from commit 59ab41170cee9b95513bdc931a5f125a0c3de205)

7 years agorec: Fix shadowed variables
Remi Gacogne [Mon, 16 Jan 2017 16:45:34 +0000 (17:45 +0100)]
rec: Fix shadowed variables

No real issue here, but I'd like to be able `-Wshadow` to prevent
future mishaps at some point.

(cherry picked from commit dd07976412d9b2b35db7179ceb590e542aff9eef)

7 years agoHandle exceptions raised by `closesocket()`
Remi Gacogne [Mon, 5 Dec 2016 15:42:55 +0000 (16:42 +0100)]
Handle exceptions raised by `closesocket()`

This was not very well handled, and could cause the PowerDNS process
to terminate. This is especially nasty when `closesocket()` is called
from a destructor, as we could already be dealing with an exception.

(cherry picked from commit a7b68ae7e414ec9f3184df70ac8008f8a310ae60)

7 years agoMerge pull request #5034 from pieterlexis/rec-backport-4508
Pieter Lexis [Thu, 16 Feb 2017 11:22:23 +0000 (12:22 +0100)]
Merge pull request #5034 from pieterlexis/rec-backport-4508

Backport #4508: Revert "Merge pull request #947 from mind04/right" (rec)

7 years agoMerge pull request #5028 from pieterlexis/backport-4619
Pieter Lexis [Thu, 16 Feb 2017 11:22:16 +0000 (12:22 +0100)]
Merge pull request #5028 from pieterlexis/backport-4619

Backport #4619: Document the -pub- variants

7 years agoMerge pull request #5023 from pieterlexis/backport-4767
Pieter Lexis [Thu, 16 Feb 2017 11:22:09 +0000 (12:22 +0100)]
Merge pull request #5023 from pieterlexis/backport-4767

Backport #4767: hide ttl in RPZ tests to avoid random failures

7 years agoMerge pull request #5035 from pieterlexis/backport-4794
Pieter Lexis [Thu, 16 Feb 2017 11:21:50 +0000 (12:21 +0100)]
Merge pull request #5035 from pieterlexis/backport-4794

Backport #4794: RPZ: some logging fixes

7 years agoMerge pull request #5031 from pieterlexis/backport-4603
Pieter Lexis [Thu, 16 Feb 2017 11:21:13 +0000 (12:21 +0100)]
Merge pull request #5031 from pieterlexis/backport-4603

Backport #4603: g.root-servers.net added IPv6

7 years agoMerge pull request #5025 from pieterlexis/rec-backport-4762
Pieter Lexis [Thu, 16 Feb 2017 11:20:28 +0000 (12:20 +0100)]
Merge pull request #5025 from pieterlexis/rec-backport-4762

Backport #4762: SuffixMatchNode: Fix insertion issue for an existing node (rec)

7 years agoMerge pull request #5022 from pieterlexis/backport-4775
Pieter Lexis [Thu, 16 Feb 2017 11:19:39 +0000 (12:19 +0100)]
Merge pull request #5022 from pieterlexis/backport-4775

Backport #4775: LuaWrapper: Use the correct index when storing a function

7 years agoMerge pull request #5021 from pieterlexis/backport-4777
Pieter Lexis [Thu, 16 Feb 2017 11:19:28 +0000 (12:19 +0100)]
Merge pull request #5021 from pieterlexis/backport-4777

Backport #4777: only delegate if NS's are below apex in auth-zones

7 years agoMerge pull request #5020 from pieterlexis/rec-backport-4793
Pieter Lexis [Thu, 16 Feb 2017 11:19:16 +0000 (12:19 +0100)]
Merge pull request #5020 from pieterlexis/rec-backport-4793

Backport #4793: Don't call `hostname -f` on openbsd (rec)

7 years agoMerge pull request #5018 from pieterlexis/backport-4804
Pieter Lexis [Thu, 16 Feb 2017 11:19:02 +0000 (12:19 +0100)]
Merge pull request #5018 from pieterlexis/backport-4804

Backport #4804: remove hardcoding of port 53 for TCP/IP forwarded zones in recursor, …

7 years agoMerge pull request #5017 from pieterlexis/rec-backport-4838
Pieter Lexis [Thu, 16 Feb 2017 11:18:50 +0000 (12:18 +0100)]
Merge pull request #5017 from pieterlexis/rec-backport-4838

backport #4838: Check if we can link against libatomic if needed (rec)

7 years agoMerge pull request #5014 from pieterlexis/rec-backport-4868
Pieter Lexis [Thu, 16 Feb 2017 11:18:26 +0000 (12:18 +0100)]
Merge pull request #5014 from pieterlexis/rec-backport-4868

Backport #4868: Document that carbon-server requires IP address, no hostname accepted. (rec)

7 years agoMerge pull request #5012 from pieterlexis/rec-backport-4879
Pieter Lexis [Thu, 16 Feb 2017 11:18:11 +0000 (12:18 +0100)]
Merge pull request #5012 from pieterlexis/rec-backport-4879

Backport #4879: Remove a relative import in yahttp-config.h (rec)

7 years agoMerge pull request #5010 from pieterlexis/backport-4940
Pieter Lexis [Thu, 16 Feb 2017 11:17:43 +0000 (12:17 +0100)]
Merge pull request #5010 from pieterlexis/backport-4940

Backport #4940: Backport json11 fixes from upstream

7 years agoMerge pull request #5009 from pieterlexis/backport-4972
Pieter Lexis [Thu, 16 Feb 2017 09:03:29 +0000 (10:03 +0100)]
Merge pull request #5009 from pieterlexis/backport-4972

Backport #4972: Add the 2017 root key

7 years agoUpdate the manpage as well
phonedph1 [Tue, 25 Oct 2016 01:59:23 +0000 (01:59 +0000)]
Update the manpage as well

(cherry picked from commit 6c9a5b516f73edf5a6f6ec931eea1967090ee48f)

7 years agoRPZ: log additions/removals at degug, not info
Pieter Lexis [Mon, 19 Dec 2016 17:30:49 +0000 (18:30 +0100)]
RPZ: log additions/removals at degug, not info

(cherry picked from commit 610d8343deba239edbb88f3f17d3e4118bc782ac)

7 years agoUnconfuse the RPZ summary
Pieter Lexis [Mon, 19 Dec 2016 17:20:47 +0000 (18:20 +0100)]
Unconfuse the RPZ summary

Closes #4342

(cherry picked from commit 00febe394033d2ea53ecbcf135ac94de6ba4be08)

7 years agoRevert "Merge pull request #947 from mind04/right"
Peter van Dijk [Mon, 26 Sep 2016 12:52:10 +0000 (14:52 +0200)]
Revert "Merge pull request #947 from mind04/right"

This code only served to fix a combination of system misconfiguration and a
bug in glibc. Meanwhile it turns out this code is incorrect. Removing it.

(cherry picked from commit c96765dae8da4c9322ca4a80e3e101d64faf141f)

7 years agog.root-servers.net added IPv6
Kevin Otte [Fri, 21 Oct 2016 12:41:11 +0000 (08:41 -0400)]
g.root-servers.net added IPv6

http://www.internic.net/domain/db.cache
last update:    October 20, 2016

7 years agoDocument the -pub- variants
phonedph1 [Tue, 25 Oct 2016 01:52:13 +0000 (01:52 +0000)]
Document the -pub- variants

7 years agoSuffixMatchNode: Fix insertion issue for an existing node
Remi Gacogne [Mon, 12 Dec 2016 16:16:11 +0000 (17:16 +0100)]
SuffixMatchNode: Fix insertion issue for an existing node

If the node we are about to insert already existed as an intermediary
one, we need to mark it as an end node.

(cherry picked from commit ed221d0bc700158c21fcb8fc4463085713d07c53)

7 years agohide ttl in RPZ tests to avoid random failures
Peter van Dijk [Tue, 13 Dec 2016 13:35:07 +0000 (14:35 +0100)]
hide ttl in RPZ tests to avoid random failures

(cherry picked from commit 41eac9c12f28cc7a07a45ae0abe86ba390802e06)

7 years agoLuaWrapper: Fix comments since `ValueInRegistry` now takes an optional index
Remi Gacogne [Mon, 19 Dec 2016 17:08:29 +0000 (18:08 +0100)]
LuaWrapper: Fix comments since `ValueInRegistry` now takes an optional index

(cherry picked from commit 28abe7558fd5c0d853a7544f49fb780aafbc49f3)

7 years agoLuaWrapper: Use the correct index when storing a function
Remi Gacogne [Fri, 16 Dec 2016 13:39:46 +0000 (14:39 +0100)]
LuaWrapper: Use the correct index when storing a function

The LuaWrapper used to assume that the function was at the
top of the stack, making it effectively impossible to have
a callback function parameter anywhere else than as the last
parameter.

(cherry picked from commit 4ec1e17418d539cea7eb4fb5469e905684ca6457)

7 years agorec: only delegate if NS's are below apex in auth-zones
Pieter Lexis [Fri, 16 Dec 2016 14:24:13 +0000 (15:24 +0100)]
rec: only delegate if NS's are below apex in auth-zones

As:
 1. we **are** authoritative for the zone named at the apex
 2. We would servfail because we could get an upward referral

Closes #4771

(cherry picked from commit 221a3f72e117a0e0fdf9e4fedf237a8e6526d145)

7 years agoDon't call `hostname -f` on openbsd
Pieter Lexis [Mon, 19 Dec 2016 17:02:24 +0000 (18:02 +0100)]
Don't call `hostname -f` on openbsd

Closes #2579

(cherry picked from commit df925537cfe0a4706b85353376da6f12996871bb)

7 years agoremove hardcoding of port 53 for TCP/IP forwarded zones in recursor, to address ...
bert hubert [Wed, 21 Dec 2016 13:07:56 +0000 (14:07 +0100)]
remove hardcoding of port 53 for TCP/IP forwarded zones in recursor, to address #4799

(cherry picked from commit 1bde6efa9fa0331dbd431fb42f208b4df530d88c)

7 years agoCheck if we can link against libatomic if needed
Pieter Lexis [Mon, 2 Jan 2017 11:23:05 +0000 (12:23 +0100)]
Check if we can link against libatomic if needed

Also move the OS detection to the top

(cherry picked from commit 03571f7ac3d5bebb4879849b094e2e03f019cd10)

7 years agoDocument that carbon-server requires IP address, no hostname accepted.
Pieter Lexis [Tue, 14 Feb 2017 12:51:30 +0000 (13:51 +0100)]
Document that carbon-server requires IP address, no hostname accepted.

(cherry picked from commit e12f84078798343e9749864cdeee44e68c4a81e6 and 90217d3960e3ee439405989b78fdf7e810d562f2)

7 years agoRemove a relative import in yahttp-config.h
Pieter Lexis [Wed, 11 Jan 2017 22:06:51 +0000 (23:06 +0100)]
Remove a relative import in yahttp-config.h

We set our include directories nowadays.

Closes #4866 (again)

(cherry picked from commit 4c3c83f3bc1eecd82d09e1e527108fae98ce1fda)

7 years agoBackport json11 fixes from upstream
Remi Gacogne [Wed, 25 Jan 2017 09:26:08 +0000 (10:26 +0100)]
Backport json11 fixes from upstream

(cherry picked from commit 3c20dd3b30bd0c15c5f7a1e82fba3bb5254b28df)

7 years agoAdd the 2017 root key
Pieter Lexis [Fri, 3 Feb 2017 08:03:35 +0000 (09:03 +0100)]
Add the 2017 root key

(cherry picked from commit d5037c4d34ffbc89ca5d4f79554dd87aa49fdbc8)

7 years agoLowercase the TSIG algorithm name in hash computation
Remi Gacogne [Tue, 31 Jan 2017 10:18:37 +0000 (11:18 +0100)]
Lowercase the TSIG algorithm name in hash computation

`RFC2845` states that the algorithm name should be in `canonical wire
format` for the hash computation, which implies it should be lowercased.
We actually did lowercase it in 3.x, until it was moved to a `DNSName`
in 4.x.

(cherry picked from commit 68e9d647d4229c7a2ebd64d50837195d148c574b)

7 years agoMerge pull request #4792 from rgacogne/rec40-backport-3869
Peter van Dijk [Tue, 31 Jan 2017 12:42:28 +0000 (13:42 +0100)]
Merge pull request #4792 from rgacogne/rec40-backport-3869

Backport #3869: rec: Log outgoing queries / incoming responses via protobuf

7 years agoFix negative port detection for IPv6 addresses on 32-bit
Remi Gacogne [Sun, 15 Jan 2017 20:45:27 +0000 (21:45 +0100)]
Fix negative port detection for IPv6 addresses on 32-bit

On a 32-bit Arch, our `test_ComboAddress` unit test fails because
`ComboAddress("[::1]:-6")` is considered valid. This is caused by
`stoul()` not throwing for a negative value and returning an `unsigned
long` value using unsigned integer wraparound rules. Since we used to
store the result value in a `signed int` and treat negative values
as if the port was not set, the test failed.

8 years agorec: Wait until after daemonizing to start the outgoing protobuf thread
Remi Gacogne [Fri, 16 Dec 2016 09:40:55 +0000 (10:40 +0100)]
rec: Wait until after daemonizing to start the outgoing protobuf thread

(cherry picked from commit a79b00a6df3076c1f7af87d0fd093e8aa2fc4e9f)

8 years agorec: Log outgoing queries / incoming responses via protobuf
Remi Gacogne [Fri, 4 Nov 2016 16:28:22 +0000 (17:28 +0100)]
rec: Log outgoing queries / incoming responses via protobuf

(cherry picked from commit 4898a34807043c2af442ef983f9ef45e0b473651)

8 years agoMerge pull request #4896 from rgacogne/rec40-tsig-ixfr rec-4.0.4
Pieter Lexis [Fri, 13 Jan 2017 08:10:34 +0000 (09:10 +0100)]
Merge pull request #4896 from rgacogne/rec40-tsig-ixfr

Backport #4893: Check TSIG signature on IXFR

8 years agoCheck TSIG signature on IXFR
Remi Gacogne [Thu, 15 Sep 2016 13:28:45 +0000 (15:28 +0200)]
Check TSIG signature on IXFR

(cherry picked from commit 16c7f7823221d5d75282a77b2e9043b3f60e1ad2)

8 years agoMerge pull request #4886 from rgacogne/rec40-spurious-rrs
Pieter Lexis [Thu, 12 Jan 2017 13:15:07 +0000 (14:15 +0100)]
Merge pull request #4886 from rgacogne/rec40-spurious-rrs

Backport #4882: Don't parse spurious RRs in queries when we don't need them

8 years agoMerge pull request #4881 from rgacogne/rec40-depth-limit
Pieter Lexis [Thu, 12 Jan 2017 12:42:55 +0000 (13:42 +0100)]
Merge pull request #4881 from rgacogne/rec40-depth-limit

Backport #4880: rec: Add `max-recursion-depth` to limit the number of internal recursion

8 years agoMerge pull request #4878 from pieterlexis/rec-4-mkpubsuffix
Pieter Lexis [Thu, 12 Jan 2017 12:42:37 +0000 (13:42 +0100)]
Merge pull request #4878 from pieterlexis/rec-4-mkpubsuffix

Backport #4874: Recursor: ship mkpubsuffixcc

8 years agoDon't parse spurious RRs in queries when we don't need them
Remi Gacogne [Fri, 16 Sep 2016 15:10:25 +0000 (17:10 +0200)]
Don't parse spurious RRs in queries when we don't need them

8 years agorec: Add `max-recursion-depth` to `upgrading.md`
Remi Gacogne [Wed, 11 Jan 2017 14:52:19 +0000 (15:52 +0100)]
rec: Add `max-recursion-depth` to `upgrading.md`

(cherry picked from commit 8c25e5e927245c8ab5bcf21dc3c86973415ec52a)

8 years agorec: Add `max-recursion-depth` to limit the number of internal recursion
Remi Gacogne [Tue, 10 Jan 2017 12:12:17 +0000 (13:12 +0100)]
rec: Add `max-recursion-depth` to limit the number of internal recursion

Default to 40, was unlimited.

(cherry picked from commit 7c3398aabe2e9dd8c5c3e8b3572455abfa3037be)

8 years agoRecursor: ship mkpubsuffixcc
Pieter Lexis [Tue, 10 Jan 2017 17:01:54 +0000 (18:01 +0100)]
Recursor: ship mkpubsuffixcc

Closes #4842

(cherry picked from commit 265ff1c3cb1083e1f5b4ed0ddafd200c2f27acf4)

8 years agoMerge pull request #4870 from rgacogne/rec40-backport-4852
Pieter Lexis [Wed, 11 Jan 2017 18:08:57 +0000 (19:08 +0100)]
Merge pull request #4870 from rgacogne/rec40-backport-4852

Backport 4852: DNSName: Check that both first two bits are set in compressed labels

8 years agoDNSName: Check that both first two bits are set in compressed labels
Remi Gacogne [Wed, 4 Jan 2017 10:48:47 +0000 (11:48 +0100)]
DNSName: Check that both first two bits are set in compressed labels

We checked that at least one of the first two bits was set,
but the 10 and 01 are combinations do not indicate a compressed label
and are reserved for future use.

(cherry picked from commit 99bbbc7bdf675509caf61f41464a1ae62c09f342)

8 years agoMerge pull request #4805 from rgacogne/rec40-backport-4635
Pieter Lexis [Tue, 27 Dec 2016 06:20:56 +0000 (07:20 +0100)]
Merge pull request #4805 from rgacogne/rec40-backport-4635

Backport #4635: rec: Don't crash on an empty query ring

8 years agoMerge pull request #4806 from rgacogne/rec40-backport-4670
Pieter Lexis [Tue, 27 Dec 2016 06:20:43 +0000 (07:20 +0100)]
Merge pull request #4806 from rgacogne/rec40-backport-4670

Backport #4670: Set `RemoteLogger::d_socket` to -1 after closing it

8 years agoMerge pull request #4807 from rgacogne/rec40-backport-4789
Pieter Lexis [Tue, 27 Dec 2016 06:20:33 +0000 (07:20 +0100)]
Merge pull request #4807 from rgacogne/rec40-backport-4789

Backport #4789: rec: Don't choke on escaped content in getZoneCuts()

8 years agorec: Don't choke on escaped content in getZoneCuts()
Remi Gacogne [Mon, 19 Dec 2016 15:27:14 +0000 (16:27 +0100)]
rec: Don't choke on escaped content in getZoneCuts()

`getZoneCuts()` was constructing a `DNSName` by passing a raw label returned
from `DNSName::getRawLabels()` as a string. The constructor then tried to handle
escaped characters from the string, resulting in a different `DNSName` than the
expected one. This caused the `qname != begin` condition to be false even after
every label in `labelsToAdd` had been added, causing an UB by calling
`std::vector::back()` on an empty vector.
Using `DNSName::prependRawLabel()` instead prevents this issue since the string is
not escaped.

(cherry picked from commit 754914f0177cd990db16ff0cc29c8789e94b32bb)

8 years agoSet `RemoteLogger::d_socket` to -1 after closing it
Remi Gacogne [Mon, 12 Dec 2016 11:20:32 +0000 (12:20 +0100)]
Set `RemoteLogger::d_socket` to -1 after closing it

Otherwise, in the unlikely case `SSocket()` throws an exception
we might end up with a stale file descriptor in `RemoteLogger::reconnect()`.

(cherry picked from commit 754f300f6b7e64b8de70990950484c4de749d10a)

8 years agorec: Don't crash on an empty query ring
Remi Gacogne [Wed, 26 Oct 2016 08:00:39 +0000 (10:00 +0200)]
rec: Don't crash on an empty query ring

It obviously happens if stats-ringbuffer-entries is set to 0.

(cherry picked from commit 5af86fdcdee2843d80d40dd1c22c137e471f9484)

8 years agoMerge pull request #4770 from rgacogne/rec40-backport-4769
Pieter Lexis [Fri, 16 Dec 2016 08:38:10 +0000 (09:38 +0100)]
Merge pull request #4770 from rgacogne/rec40-backport-4769

Backport #4769 rec: Set the result to NoError before calling `preresolve`

8 years agorec: Set the result to NoError before calling `preresolve`
Remi Gacogne [Tue, 13 Dec 2016 15:21:17 +0000 (16:21 +0100)]
rec: Set the result to NoError before calling `preresolve`

Otherwise `rq.rcode` needs to be set explicitly when handling the
query from `preresolve`, which is not documented and wasn't the case
before.

(cherry picked from commit ef3b6cd7719e968364f6ad7692ff4287829f37f1)

8 years agoMerge pull request #4757 from rgacogne/rec40-backport-4724
Peter van Dijk [Tue, 13 Dec 2016 12:39:04 +0000 (13:39 +0100)]
Merge pull request #4757 from rgacogne/rec40-backport-4724

Backport #4724: rec: Add `getRecursorThreadId()` to Lua, identifying the current thread

8 years agoMerge pull request #4756 from rgacogne/rec40-backport-4715
Peter van Dijk [Tue, 13 Dec 2016 12:35:20 +0000 (13:35 +0100)]
Merge pull request #4756 from rgacogne/rec40-backport-4715

Backport #4715: Specify that dnsmessage.proto uses protobuf version 2

8 years agorec: Add `getRecursorThreadId()` to Lua, identifying the current thread
Remi Gacogne [Thu, 1 Dec 2016 14:58:01 +0000 (15:58 +0100)]
rec: Add `getRecursorThreadId()` to Lua, identifying the current thread

(cherry picked from commit b401545341c7e4bd2d27940e95f9fe1af374479d)

8 years agoSpecify that dnsmessage.proto uses protobuf version 2
Remi Gacogne [Tue, 29 Nov 2016 08:48:36 +0000 (09:48 +0100)]
Specify that dnsmessage.proto uses protobuf version 2

Recent proto-c versions are complaining loudly otherwise.

(cherry picked from commit 2e14d4bbf6549c70e3422b315287bc69bfe398dd)

8 years agoMerge pull request #4647 from pieterlexis/backport-4629
Pieter Lexis [Fri, 9 Dec 2016 08:59:00 +0000 (09:59 +0100)]
Merge pull request #4647 from pieterlexis/backport-4629

Backport #4629:  Handle CNAMEs at the apex of secure zones to other secure zones

8 years agoMerge pull request #4739 from rgacogne/rec40-dnsname-4718
Peter van Dijk [Tue, 6 Dec 2016 09:45:01 +0000 (10:45 +0100)]
Merge pull request #4739 from rgacogne/rec40-dnsname-4718

Backport 4722: Fix incorrect length check in `DNSName` when extracting qtype or qclass

8 years agoMerge pull request #4695 from rgacogne/backport-4691
Peter van Dijk [Mon, 5 Dec 2016 14:05:12 +0000 (15:05 +0100)]
Merge pull request #4695 from rgacogne/backport-4691

Backport #4691: rec: Wait until after daemonizing to start the RPZ and protobuf threads

8 years agoFix incorrect length check in `DNSName` when extracting qtype or qclass
Remi Gacogne [Thu, 1 Dec 2016 12:00:13 +0000 (13:00 +0100)]
Fix incorrect length check in `DNSName` when extracting qtype or qclass

In `DNSName::packetParser()`, the length check might have been incorrect
when the caller asked for the `qtype` and/or the `qclass` to be extracted.
The `pos + labellen + 2 > end` check was wrong because `pos` might have already
been incremented by `labellen`. There are 3 ways to exit the main loop:

* `labellen` is 0, the most common case, and in that case the check is valid
* `pos >= end`, meaning that `pos + labellen + 2 > end` will be true regardless
of the value of `labellen` since it cannot be negative
* if `uncompress` is set and a compressed label is found, the main loop is
broken out of, and `labellen` still holds a now irrelevant, possibly non-zero value
corresponding to the first byte of the compressed label length & ~0xc0.

In that last case, if the compressed label points to a position > 255 the check
is wrong and might have rejected a valid packet.
A quick look throught the code didn't show any place where we request decompression
and ask for `qtype` and/or `qclass` in a response, but I might have missed one.

Reported by Houssam El Hajoui (thanks!).

(cherry picked from commit 7b9c052c617d02e1870195d0f216732047d56e22)

8 years agoMerge pull request #4730 from Habbie/rec-4.0.x-travis-only-rec
Peter van Dijk [Mon, 5 Dec 2016 10:18:26 +0000 (11:18 +0100)]
Merge pull request #4730 from Habbie/rec-4.0.x-travis-only-rec

do not build/test auth, dnsdist, docs

8 years agodo not build/test auth, dnsdist, docs
Peter van Dijk [Fri, 2 Dec 2016 19:41:31 +0000 (20:41 +0100)]
do not build/test auth, dnsdist, docs

8 years agoMerge pull request #4729 from Habbie/rec-4.0.x-travis-update
Peter van Dijk [Mon, 5 Dec 2016 08:12:11 +0000 (09:12 +0100)]
Merge pull request #4729 from Habbie/rec-4.0.x-travis-update

stop auto-started pdns with 0.0.0.0 bind, to allow individual binds

8 years agostop auto-started pdns with 0.0.0.0 bind, to allow individual binds
Peter van Dijk [Fri, 2 Dec 2016 13:01:57 +0000 (14:01 +0100)]
stop auto-started pdns with 0.0.0.0 bind, to allow individual binds

8 years agoMerge pull request #4717 from rgacogne/backport-4716
Remi Gacogne [Thu, 1 Dec 2016 12:46:45 +0000 (13:46 +0100)]
Merge pull request #4717 from rgacogne/backport-4716

Backport #4716: rec: Remove leftover debug msg in `RecursorLua4::DNSQuestion::setRecords()`

8 years agorec: Remove leftover debug msg in `RecursorLua4::DNSQuestion::setRecords()`
Remi Gacogne [Tue, 29 Nov 2016 08:51:13 +0000 (09:51 +0100)]
rec: Remove leftover debug msg in `RecursorLua4::DNSQuestion::setRecords()`

(cherry picked from commit 3c82a3e58f689324b4c700c8bdad9dd9fb351065)

8 years agorec: Wait until after daemonizing to start the RPZ and protobuf threads
Remi Gacogne [Wed, 16 Nov 2016 14:37:04 +0000 (15:37 +0100)]
rec: Wait until after daemonizing to start the RPZ and protobuf threads

Otherwise they are killed when we call `fork()`.
We still want to actually parse the configuration to check for syntax
errors before daemonizing to be able to report any error, so when
`daemon` is set to `yes`, we parse the Lua configuration early
without starting any threads, and then again, starting the threads
that time, after daemonizing.

(cherry picked from commit a4241908a1c80c4293cfcd5056bb67138958f0e6)

8 years agoMerge pull request #4677 from pieterlexis/backport-4674
Pieter Lexis [Mon, 14 Nov 2016 16:55:26 +0000 (17:55 +0100)]
Merge pull request #4677 from pieterlexis/backport-4674

Backport #4674: Enable protobuf in CentOS 6 packages

8 years agoMerge pull request #4636 from rgacogne/rec-backport-4577
Peter van Dijk [Fri, 11 Nov 2016 19:34:15 +0000 (20:34 +0100)]
Merge pull request #4636 from rgacogne/rec-backport-4577

Backport #4577: rec: Fix src/dest inversion in the protobuf message for TCP queries

8 years agoUpdate boost requirement for DNSName
Pieter Lexis [Fri, 11 Nov 2016 13:24:02 +0000 (14:24 +0100)]
Update boost requirement for DNSName

This version is known to work (CentOS 7)

(cherry picked from commit 46104a7e4ebc19419a3908141358289332709eea)

8 years agoAdd protobuf support to EL6 packages
Pieter Lexis [Fri, 11 Nov 2016 12:41:28 +0000 (13:41 +0100)]
Add protobuf support to EL6 packages

(cherry picked from commit 7cfda92fa027ecfadc42a6c1063f852a52314c1c)

8 years agoMerge pull request #4675 from pieterlexis/backport-4672
Pieter Lexis [Fri, 11 Nov 2016 16:45:30 +0000 (17:45 +0100)]
Merge pull request #4675 from pieterlexis/backport-4672

Backport #4672: On (re-)priming, fetch the root NS records

8 years agoOn (re-)priming, fetch the root NS records
Pieter Lexis [Thu, 10 Nov 2016 12:56:58 +0000 (13:56 +0100)]
On (re-)priming, fetch the root NS records

8 years agoMerge pull request #4652 from rgacogne/rec-40-backport-4573
Remi Gacogne [Wed, 9 Nov 2016 09:02:50 +0000 (10:02 +0100)]
Merge pull request #4652 from rgacogne/rec-40-backport-4573

Backport #4573: Fix building with ECDSA support disabled in libcrypto

8 years agoFix building with ECDSA support disabled in libcrypto
Remi Gacogne [Mon, 17 Oct 2016 08:07:26 +0000 (10:07 +0200)]
Fix building with ECDSA support disabled in libcrypto

(cherry picked from commit aa74d164ae29269168d048d2cc8d7e1f984774c4)

8 years agoFix a DNSSEC trace log message
Pieter Lexis [Tue, 25 Oct 2016 15:26:32 +0000 (17:26 +0200)]
Fix a DNSSEC trace log message

8 years agoHandle CNAME at secure zone apex to secure zone
Pieter Lexis [Tue, 25 Oct 2016 15:25:19 +0000 (17:25 +0200)]
Handle CNAME at secure zone apex to secure zone

Closes #4466

8 years agoAdd test for #4466
Pieter Lexis [Tue, 25 Oct 2016 15:24:25 +0000 (17:24 +0200)]
Add test for #4466

8 years agorec: Fix src/dest inversion in the protobuf message for TCP queries
Remi Gacogne [Mon, 17 Oct 2016 10:19:06 +0000 (12:19 +0200)]
rec: Fix src/dest inversion in the protobuf message for TCP queries

(cherry picked from commit 35a7fc41b202da6406f88e79d0bd7b3dccfcae5c)

8 years agoMerge pull request #4599 from rgacogne/backport-4554
Pieter Lexis [Mon, 24 Oct 2016 22:24:17 +0000 (00:24 +0200)]
Merge pull request #4599 from rgacogne/backport-4554

Backport #4554: Add requestorId and some comments to the protobuf definition file

8 years agoMerge pull request #4610 from pieterlexis/backport-4602
Pieter Lexis [Mon, 24 Oct 2016 22:23:58 +0000 (00:23 +0200)]
Merge pull request #4610 from pieterlexis/backport-4602

Backport #4602:  NSEC3 optout and Bogus insecure forward fixes

8 years agoFix comment indent
Pieter Lexis [Fri, 21 Oct 2016 10:48:24 +0000 (12:48 +0200)]
Fix comment indent

8 years agoAdd an RFC quote in the right place
Pieter Lexis [Fri, 21 Oct 2016 10:48:10 +0000 (12:48 +0200)]
Add an RFC quote in the right place

8 years agoNSEC3 optout and Bogus insecure forward fixes
Pieter Lexis [Fri, 21 Oct 2016 10:33:41 +0000 (12:33 +0200)]
NSEC3 optout and Bogus insecure forward fixes

After the change to zonecuts to find key material, the NSEC3 checking
returned an (incorrect) 'covering nxdomain' for a forwarded subzone with
no DS record in its parent. After fixing this, the NSEC3 optout test
failed as Bogus (instead of insecure). This was fixed by actually
checking the optout flag on a delegation NSEC3 record.