]> granicus.if.org Git - pdns/log
pdns
8 years agodnsdist: Better handling of outstanding TCP queries
Remi Gacogne [Fri, 22 Jan 2016 16:11:58 +0000 (17:11 +0100)]
dnsdist: Better handling of outstanding TCP queries

The outstanding count was incremented for every query processed
in a single TCP session but was only decremented once per session.
It could also have been decremented before being incremented
if setupTCPDownstream() failed.
It might close #3288.

8 years agoMerge pull request #3287 from rgacogne/external-sodium
Remi Gacogne [Fri, 22 Jan 2016 10:33:23 +0000 (11:33 +0100)]
Merge pull request #3287 from rgacogne/external-sodium

Temporarily use an external libsodium in travis, revert me later

8 years agoTest if we can temporarily use external libsodium in travis
Remi Gacogne [Fri, 22 Jan 2016 08:32:01 +0000 (09:32 +0100)]
Test if we can temporarily use external libsodium in travis

8 years agoMerge pull request #3278 from rgacogne/dnsdist-lock-exceed-respgen
bert hubert [Thu, 21 Jan 2016 12:06:20 +0000 (13:06 +0100)]
Merge pull request #3278 from rgacogne/dnsdist-lock-exceed-respgen

dnsdist: Lock the response ring in exceedRespGen()

8 years agodnsdist: Lock the response ring in exceedRespGen()
Remi Gacogne [Thu, 21 Jan 2016 10:19:55 +0000 (11:19 +0100)]
dnsdist: Lock the response ring in exceedRespGen()

Hopefully this should fix #3277.

8 years agoMerge pull request #3242 from pieterlexis/zone2sql-json-comments-test
Pieter Lexis [Thu, 21 Jan 2016 10:18:14 +0000 (11:18 +0100)]
Merge pull request #3242 from pieterlexis/zone2sql-json-comments-test

Add test for zone2sql --json-comments

8 years agoMerge pull request #3166 from pieterlexis/db-exceptions
Pieter Lexis [Thu, 21 Jan 2016 10:18:09 +0000 (11:18 +0100)]
Merge pull request #3166 from pieterlexis/db-exceptions

Make auth crash less on transient DB failures

8 years agoMerge pull request #3275 from rgacogne/dnsdist-exceedservfails-typo
Remi Gacogne [Thu, 21 Jan 2016 09:27:05 +0000 (10:27 +0100)]
Merge pull request #3275 from rgacogne/dnsdist-exceedservfails-typo

dnsdist: Fix exceedServFails() case. Add exceedQRate to completion

8 years agoMerge pull request #3269 from rgacogne/dnsdist-incbin-unlicense
Remi Gacogne [Thu, 21 Jan 2016 08:41:20 +0000 (09:41 +0100)]
Merge pull request #3269 from rgacogne/dnsdist-incbin-unlicense

dnsdist: Include ext/incbin/UNLICENSE in the dnsdist tarball

8 years agodnsdist: Fix exceedServFails() case. Add exceedQRate to completion
Remi Gacogne [Wed, 20 Jan 2016 17:09:18 +0000 (18:09 +0100)]
dnsdist: Fix exceedServFails() case. Add exceedQRate to completion

Rename exceedServfails() to exceedServFails() to be consistent.
Closes #3273.

8 years agoUpdate README-dnsdist.md
bert hubert [Wed, 20 Jan 2016 23:51:28 +0000 (00:51 +0100)]
Update README-dnsdist.md

8 years agoMerge pull request #3274 from ahupowerdns/recpack
bert hubert [Wed, 20 Jan 2016 22:53:36 +0000 (23:53 +0100)]
Merge pull request #3274 from ahupowerdns/recpack

redo packet cache to be simpler, have more features, testcases and still reduce lines of code!

8 years agoMerge remote-tracking branch 'origin/master' into recpack
bert hubert [Wed, 20 Jan 2016 22:02:41 +0000 (23:02 +0100)]
Merge remote-tracking branch 'origin/master' into recpack

8 years agoFix auth make dist
Pieter Lexis [Wed, 20 Jan 2016 20:58:50 +0000 (21:58 +0100)]
Fix auth make dist

8 years agoalso support running w/o lua
bert hubert [Wed, 20 Jan 2016 15:51:38 +0000 (16:51 +0100)]
also support running w/o lua

8 years agorevamp recursor packet cache to be far less clever and simply hash its question case...
bert hubert [Wed, 20 Jan 2016 14:56:17 +0000 (15:56 +0100)]
revamp recursor packet cache to be far less clever and simply hash its question case insensitively. Plus add testcases.

8 years agoimplement Lua gettag() which optionally tells you which part of the packet cache...
bert hubert [Wed, 20 Jan 2016 14:50:42 +0000 (15:50 +0100)]
implement Lua gettag() which optionally tells you which part of the packet cache to look at

8 years agoclarifying comment
bert hubert [Wed, 20 Jan 2016 14:49:37 +0000 (15:49 +0100)]
clarifying comment

8 years agoMove pdns-recursor contrib to recursordist
Pieter Lexis [Wed, 20 Jan 2016 16:04:16 +0000 (17:04 +0100)]
Move pdns-recursor contrib to recursordist

8 years agorecursor dist: add missing file
Pieter Lexis [Wed, 20 Jan 2016 15:40:58 +0000 (16:40 +0100)]
recursor dist: add missing file

8 years agoMerge pull request #3259 from pieterlexis/recursor-autotools
bert hubert [Wed, 20 Jan 2016 15:27:27 +0000 (16:27 +0100)]
Merge pull request #3259 from pieterlexis/recursor-autotools

Fully autotoolize the recursor distribution!

8 years agoAppease the license-gods
Pieter Lexis [Wed, 20 Jan 2016 12:27:02 +0000 (13:27 +0100)]
Appease the license-gods

8 years agodnsdist: Include ext/incbin/UNLICENSE in the dnsdist tarball
Remi Gacogne [Wed, 20 Jan 2016 11:32:58 +0000 (12:32 +0100)]
dnsdist: Include ext/incbin/UNLICENSE in the dnsdist tarball

8 years agoRecursor: have buildscripts use new normal configure
Pieter Lexis [Wed, 20 Jan 2016 10:32:28 +0000 (11:32 +0100)]
Recursor: have buildscripts use new normal configure

8 years agoAutotoolize the recursor
Pieter Lexis [Tue, 29 Dec 2015 12:35:18 +0000 (13:35 +0100)]
Autotoolize the recursor

This is done similar to dnsdist.

This commit adds a pdns_check_os.m4 to set OS dependent options.

8 years agoMerge pull request #3268 from ahupowerdns/adfilter
bert hubert [Tue, 19 Jan 2016 17:11:40 +0000 (18:11 +0100)]
Merge pull request #3268 from ahupowerdns/adfilter

enhance recursor lua with a hashed IP set, plus addRecord which is more generic than addAnswer

8 years agoadd an efficient ComboAddress set (loads around a million IP addresses per second)
bert hubert [Tue, 19 Jan 2016 14:44:33 +0000 (15:44 +0100)]
add an efficient ComboAddress set (loads around a million IP addresses per second)

8 years agoadd ability to store comboaddress in a hashed container
bert hubert [Tue, 19 Jan 2016 14:44:10 +0000 (15:44 +0100)]
add ability to store comboaddress in a hashed container

8 years agoMerge pull request #3244 from pieterlexis/4.0-forward-zones
bert hubert [Tue, 19 Jan 2016 11:37:56 +0000 (12:37 +0100)]
Merge pull request #3244 from pieterlexis/4.0-forward-zones

Fix the forward zones in the recursor

8 years agoMerge pull request #3258 from Habbie/rrlfixes
bert hubert [Tue, 19 Jan 2016 11:37:30 +0000 (12:37 +0100)]
Merge pull request #3258 from Habbie/rrlfixes

minor fixes to policy/RRL code

8 years agoMerge pull request #3256 from rgacogne/dnsdist-or-not
bert hubert [Tue, 19 Jan 2016 11:37:05 +0000 (12:37 +0100)]
Merge pull request #3256 from rgacogne/dnsdist-or-not

dnsdist: Add NotRule() and OrRule()

8 years agoMerge pull request #3265 from rgacogne/dnsdist-ubsan
bert hubert [Tue, 19 Jan 2016 11:34:45 +0000 (12:34 +0100)]
Merge pull request #3265 from rgacogne/dnsdist-ubsan

dnsdist: Fix misaligned load/store in ECS, reported by UBSAN

8 years agoMerge pull request #3266 from rgacogne/dnsdist-fake-ds
bert hubert [Tue, 19 Jan 2016 10:33:04 +0000 (11:33 +0100)]
Merge pull request #3266 from rgacogne/dnsdist-fake-ds

dnsdist: Do not create socket/thread for fake DS in client mode

8 years agoMerge pull request #3264 from cmouse/geoipbackend-id
Pieter Lexis [Tue, 19 Jan 2016 09:55:34 +0000 (10:55 +0100)]
Merge pull request #3264 from cmouse/geoipbackend-id

Use correct id numbers for domains

8 years agoMerge pull request #3255 from janeczku/auth-basic
Remi Gacogne [Tue, 19 Jan 2016 09:43:08 +0000 (10:43 +0100)]
Merge pull request #3255 from janeczku/auth-basic

Don't log authentication errors before sending HTTP basic auth challenge

8 years agodnsdist: Do not create socket/thread for fake DS in client mode
Remi Gacogne [Tue, 19 Jan 2016 09:25:42 +0000 (10:25 +0100)]
dnsdist: Do not create socket/thread for fake DS in client mode

While parsing the configuration in client mode, we create a fake
DownstreamState for each newServer() call, because we need it to
return a valid DownstreamState object. Unfortunately this leads
to the creation of a socket for 0.0.0.0, and a subsequent
connection attempt.
We now detect that the address does not make sense in this context
and do not create the associated socket.
Closes #3257.

8 years agoUse correct id numbers for domains
Aki Tuomi [Tue, 19 Jan 2016 08:38:12 +0000 (10:38 +0200)]
Use correct id numbers for domains

8 years agodnsdist: Fix misaligned load/store in ECS, reported by UBSAN
Remi Gacogne [Tue, 19 Jan 2016 08:28:11 +0000 (09:28 +0100)]
dnsdist: Fix misaligned load/store in ECS, reported by UBSAN

Using the buffer position as an uint16_t requires 2 byte alignment,
which is not guaranteed here.

8 years agoDon't throw authentication error on the first request a HTTP client sends
Jan Broer [Mon, 18 Jan 2016 01:01:48 +0000 (02:01 +0100)]
Don't throw authentication error on the first request a HTTP client sends

8 years agoAdd empty ComboAddress equality unit-test
Pieter Lexis [Mon, 18 Jan 2016 14:21:50 +0000 (15:21 +0100)]
Add empty ComboAddress equality unit-test

8 years agoFix the forward zones in the recursor
Pieter Lexis [Fri, 15 Jan 2016 17:00:26 +0000 (18:00 +0100)]
Fix the forward zones in the recursor

In the pre-DNSName era, when dns-native names were passed as strings, we
overloaded the NS-name for a forward or auth zone. e.g. an empty string
meant 'this is an auth zone' and '+203.0.113.1' meant 'forward to 203.0.113.1
with the RD bit set'. With DNSNames, this is impossible (yay!).

In this commit, the set of strings (and later DNSNames), is replaced by
a map where a DNSName is the key and the value is a pair of a
ComboAddress and a boolean.

A non-empty DNSName: This is a normal NS, recurse as usual (the pair is
ignored).

An empty DNSName and empty ComboAddress: We are auth for this zone,
check the auth store for an answer.

An empty DNSName and non-empty ComboAddress: The query must be forwarded
to the ComboAddress specified and the boolean in the pair tells us the
value of the RD bit in the query we need to send.

8 years agodon't toString an empty dnsname
Peter van Dijk [Mon, 18 Jan 2016 11:38:30 +0000 (12:38 +0100)]
don't toString an empty dnsname

8 years agoMerge pull request #3176 from zeha/nombed
Peter van Dijk [Mon, 18 Jan 2016 10:31:48 +0000 (11:31 +0100)]
Merge pull request #3176 from zeha/nombed

Allow building with OpenSSL in place of mbedtls

8 years agodnsdist: Add NotRule() and OrRule()
Remi Gacogne [Mon, 18 Jan 2016 10:19:40 +0000 (11:19 +0100)]
dnsdist: Add NotRule() and OrRule()

8 years agoAdd test for zone2sql --json-comments
Pieter Lexis [Thu, 14 Jan 2016 12:59:09 +0000 (13:59 +0100)]
Add test for zone2sql --json-comments

Closes #3181

8 years agoMerge pull request #3251 from rgacogne/dnsdist-any-tcp
bert hubert [Sun, 17 Jan 2016 22:20:59 +0000 (23:20 +0100)]
Merge pull request #3251 from rgacogne/dnsdist-any-tcp

dnsdist: Document toString() aliases. Add TCPRule. Make AnyTCRule set TC only over UDP

8 years agodnsdist: Add TCPRule. Make addAnyTCRule set TC=1 over UDP, not TCP.
Remi Gacogne [Sun, 17 Jan 2016 15:15:18 +0000 (16:15 +0100)]
dnsdist: Add TCPRule. Make addAnyTCRule set TC=1 over UDP, not TCP.

8 years agodnsdist: Document toString() and toStringWithPort() aliases
Remi Gacogne [Sun, 17 Jan 2016 11:27:46 +0000 (12:27 +0100)]
dnsdist: Document toString() and toStringWithPort() aliases

8 years agoadd makeRule convenience function, improve SuffixMatchNodeRule showRules() output...
bert hubert [Sun, 17 Jan 2016 09:49:03 +0000 (10:49 +0100)]
add makeRule convenience function, improve SuffixMatchNodeRule showRules() output, document this

8 years agoMerge pull request #3232 from Habbie/ghostfixes
bert hubert [Sat, 16 Jan 2016 21:51:11 +0000 (22:51 +0100)]
Merge pull request #3232 from Habbie/ghostfixes

Fix recursor ghost tests

8 years ago[FOR NOW] Disable mbedtls for travis
Christian Hofstaedtler [Fri, 15 Jan 2016 14:17:17 +0000 (15:17 +0100)]
[FOR NOW] Disable mbedtls for travis

8 years agoDist+build Recursor with openssl instead of mbedtls
Christian Hofstaedtler [Sun, 3 Jan 2016 20:26:07 +0000 (21:26 +0100)]
Dist+build Recursor with openssl instead of mbedtls

8 years agoPort sha.hh to OpenSSL
Christian Hofstaedtler [Sun, 3 Jan 2016 00:39:35 +0000 (01:39 +0100)]
Port sha.hh to OpenSSL

8 years agoPort dnssecinfra.cc to OpenSSL
Christian Hofstaedtler [Sun, 3 Jan 2016 00:29:52 +0000 (01:29 +0100)]
Port dnssecinfra.cc to OpenSSL

8 years agoPort md5.hh to OpenSSL
Christian Hofstaedtler [Sat, 2 Jan 2016 21:25:44 +0000 (22:25 +0100)]
Port md5.hh to OpenSSL

8 years agoPort dns_random.cc to OpenSSL
Christian Hofstaedtler [Sat, 2 Jan 2016 21:01:46 +0000 (22:01 +0100)]
Port dns_random.cc to OpenSSL

8 years agoPort base64.cc to OpenSSL
Christian Hofstaedtler [Sat, 2 Jan 2016 21:01:38 +0000 (22:01 +0100)]
Port base64.cc to OpenSSL

8 years agoAdd --without-mbedtls
Christian Hofstaedtler [Sat, 2 Jan 2016 21:00:59 +0000 (22:00 +0100)]
Add --without-mbedtls

Will require openssl though.

8 years agoMerge pull request #3243 from a6502/master
bert hubert [Sat, 16 Jan 2016 15:04:59 +0000 (16:04 +0100)]
Merge pull request #3243 from a6502/master

Some fixes for lua backend for Lua version >= 5.2

8 years agoMerge pull request #3249 from ahupowerdns/cmsg-fix
bert hubert [Sat, 16 Jan 2016 12:48:27 +0000 (13:48 +0100)]
Merge pull request #3249 from ahupowerdns/cmsg-fix

found with the help of @mischapeters - turns out our recent 'supply l…

8 years agowe silently ignored your Lua script if there was no Lua support in PowerDNS Recursor...
bert hubert [Sat, 16 Jan 2016 12:46:33 +0000 (13:46 +0100)]
we silently ignored your Lua script if there was no Lua support in PowerDNS Recursor. This makes us error out again.

8 years agoquick fix for compiling on FreeBSD 10.2 which appears to be what people use/need...
bert hubert [Sat, 16 Jan 2016 12:26:33 +0000 (13:26 +0100)]
quick fix for compiling on FreeBSD 10.2 which appears to be what people use/need to compile powerdns 4.

8 years agofound with the help of @mischapeters - turns out our recent 'supply local address...
bert hubert [Sat, 16 Jan 2016 11:48:53 +0000 (12:48 +0100)]
found with the help of @mischapeters - turns out our recent 'supply local address to lua' improvements triggered us to set the source address on all our replies explicitly, something FreeBSD did not like and was wasteful on Linux. Plus added some logging that would have helped debug this faster.

8 years agoset c++11 flag for freebsd too
bert hubert [Sat, 16 Jan 2016 11:07:57 +0000 (12:07 +0100)]
set c++11 flag for freebsd too

8 years agoMerge pull request #3234 from pieterlexis/make-check-auth-tarball
bert hubert [Sat, 16 Jan 2016 08:15:17 +0000 (09:15 +0100)]
Merge pull request #3234 from pieterlexis/make-check-auth-tarball

remove unneeded source from auth tarball testrunner

8 years agoMerge pull request #3236 from Habbie/recursorwild
bert hubert [Sat, 16 Jan 2016 08:14:42 +0000 (09:14 +0100)]
Merge pull request #3236 from Habbie/recursorwild

make auth-zone wildcard test actually test an auth-zone

8 years agoMerge pull request #3238 from Habbie/rawtypetest
bert hubert [Fri, 15 Jan 2016 22:35:58 +0000 (23:35 +0100)]
Merge pull request #3238 from Habbie/rawtypetest

test uninterpreted records, closes #3215

8 years agoMerge pull request #3245 from rgacogne/dnsdist-fix-dq-merge
bert hubert [Fri, 15 Jan 2016 22:35:23 +0000 (23:35 +0100)]
Merge pull request #3245 from rgacogne/dnsdist-fix-dq-merge

dnsdist: Fix Lua Spoof PR not being compatible w/ the DNSQuestion one

8 years agodnsdist: Fix Lua Spoof PR not being compatible w/ the DNSQuestion one
Remi Gacogne [Fri, 15 Jan 2016 21:47:04 +0000 (22:47 +0100)]
dnsdist: Fix Lua Spoof PR not being compatible w/ the DNSQuestion one

PR #3241 did not take PR #3233 into account, my bad.

8 years agoMerge pull request #3240 from jeffpc/master
bert hubert [Fri, 15 Jan 2016 21:32:12 +0000 (22:32 +0100)]
Merge pull request #3240 from jeffpc/master

devpollmplexer fixes + fix DS ucontext.h pollution once and for all

8 years agoMerge pull request #3233 from rgacogne/dnsdist-dq
bert hubert [Fri, 15 Jan 2016 20:23:50 +0000 (21:23 +0100)]
Merge pull request #3233 from rgacogne/dnsdist-dq

dnsdist: Replace the Lua params with a DNSQuestion `dq` object

8 years agoMerge pull request #3241 from rgacogne/dnsdist-lua-spoof
bert hubert [Fri, 15 Jan 2016 20:19:02 +0000 (21:19 +0100)]
Merge pull request #3241 from rgacogne/dnsdist-lua-spoof

dnsdist: Implement DNSAction.Spoof. Support IPv6-only SpoofAction

8 years agoFix importing of standard libraries for Lua version >= 5.2; Change some lua_pushnumbe...
Wieger Opmeer [Fri, 15 Jan 2016 13:43:12 +0000 (14:43 +0100)]
Fix importing of standard libraries for Lua version >= 5.2; Change some lua_pushnumbers to lua_pushinteger because Lua 5.3 has native integers

8 years agodnsdist: Implement DNSAction.Spoof. Support IPv6-only SpoofAction
Remi Gacogne [Fri, 15 Jan 2016 11:00:01 +0000 (12:00 +0100)]
dnsdist: Implement DNSAction.Spoof. Support IPv6-only SpoofAction

DNSAction.Spoof can be used to return a spoofed response from
a Lua rule. It supports an IPv4 (A), IPv6 (AAAA) or a DNSName
(CNAME).
SpoofAction() can be used IPv6-only, by passing a IPv6 as the
first parameter. It now supports spoofing IPv4-only, IPv6-only,
IPv4 and IPv6, and CNAME.
Closes #3064.

8 years agodon't pollute the namespace with DS register definition
Josef 'Jeff' Sipek [Thu, 14 Jan 2016 19:40:40 +0000 (14:40 -0500)]
don't pollute the namespace with DS register definition

DS is part of the i386 ABI that's pulled in via ucontext.h.

closes #3239

8 years agodevpollmplexer is leaky
Josef 'Jeff' Sipek [Thu, 14 Jan 2016 19:12:07 +0000 (14:12 -0500)]
devpollmplexer is leaky

closes #3001

8 years agodevpollmplexer doesn't compile due to missing sigset_t
Josef 'Jeff' Sipek [Thu, 14 Jan 2016 19:11:07 +0000 (14:11 -0500)]
devpollmplexer doesn't compile due to missing sigset_t

closes #3000

8 years agoMerge pull request #3235 from rgacogne/dnsdist-nocharset-json
Remi Gacogne [Thu, 14 Jan 2016 16:44:20 +0000 (17:44 +0100)]
Merge pull request #3235 from rgacogne/dnsdist-nocharset-json

dnsdist: Remove charset from the Content-Type header for application/json contents

8 years agotest uninterpreted records, closes #3215
Peter van Dijk [Thu, 14 Jan 2016 16:22:48 +0000 (16:22 +0000)]
test uninterpreted records, closes #3215

8 years agomake auth-zone wildcard test actually test an auth-zone
Peter van Dijk [Thu, 14 Jan 2016 14:54:21 +0000 (14:54 +0000)]
make auth-zone wildcard test actually test an auth-zone

8 years agodnsdist: Remove charset from Content-Type for application/json
Remi Gacogne [Thu, 14 Jan 2016 13:28:07 +0000 (14:28 +0100)]
dnsdist: Remove charset from Content-Type for application/json

8 years agoremove unneeded source from auth tarball testrunner
Pieter Lexis [Thu, 14 Jan 2016 13:09:14 +0000 (14:09 +0100)]
remove unneeded source from auth tarball testrunner

8 years agoMerge pull request #3229 from pieterlexis/no-dnsdist-for-auth
bert hubert [Thu, 14 Jan 2016 12:22:00 +0000 (13:22 +0100)]
Merge pull request #3229 from pieterlexis/no-dnsdist-for-auth

Remove dnsdist from auth tarball

8 years agoMerge pull request #3231 from ahupowerdns/dynimp
bert hubert [Thu, 14 Jan 2016 12:21:10 +0000 (13:21 +0100)]
Merge pull request #3231 from ahupowerdns/dynimp

Document and slightly improve dnsdist dynamic rules

8 years agore-enable ghost tests
Peter van Dijk [Thu, 14 Jan 2016 12:19:44 +0000 (12:19 +0000)]
re-enable ghost tests

8 years agoadapt to trailing dots on names
Peter van Dijk [Thu, 14 Jan 2016 11:44:34 +0000 (11:44 +0000)]
adapt to trailing dots on names

8 years agodnsdist: Replace the Lua params with a DNSQuestion `dq` object
Remi Gacogne [Thu, 14 Jan 2016 11:57:33 +0000 (12:57 +0100)]
dnsdist: Replace the Lua params with a DNSQuestion `dq` object

In order to:
1. Be able to add functions/member without breaking the API
2. Being as compatible as possible with the PowerDNS Lua API

To limit the parsing/copy to a minimum, this DNSQuestion differs
from the PowerDNS one. Most Lua members are properly wrapped,
but it currently lacks some advanced functions like `getRecords()`
or `setRecords()`, that we might add later.
In addition to the existing `tostring()`, this commit adds
`toString()` ones to match the PowerDNS syntax.

LuaWrapper is supposed to support read-only members, where you
only define the getter and no setter, but I can't find the right
syntax for that to work, so for now the setter are present for
read-only members, and just do nothing.

8 years agouse new require semantics
Peter van Dijk [Thu, 14 Jan 2016 11:44:10 +0000 (11:44 +0000)]
use new require semantics

8 years agofix fetching of qname from lua table
Peter van Dijk [Thu, 14 Jan 2016 11:43:50 +0000 (11:43 +0000)]
fix fetching of qname from lua table

8 years agodocument dynamic rule generation
bert hubert [Thu, 14 Jan 2016 11:36:03 +0000 (12:36 +0100)]
document dynamic rule generation

8 years agoimplement & document exceedQRate(), plus populate dnsdist.* with dns types.
bert hubert [Thu, 14 Jan 2016 10:45:49 +0000 (11:45 +0100)]
implement & document exceedQRate(), plus populate dnsdist.* with dns types.

8 years agoRemove dnsdist from auth tarball
Pieter Lexis [Thu, 14 Jan 2016 10:08:47 +0000 (11:08 +0100)]
Remove dnsdist from auth tarball

This ensures any files _only_ needed for dnsdist are not distributed,
that dnsdist (htmlfiles.h specifically) cannot be built from the tarball.

But still allow building dnsdist from the repository root.

8 years agoMerge pull request #3228 from pieterlexis/generate-manpage-dnsdist
bert hubert [Thu, 14 Jan 2016 09:30:01 +0000 (10:30 +0100)]
Merge pull request #3228 from pieterlexis/generate-manpage-dnsdist

dnsdist: Build manpages from make

8 years agoMerge pull request #3219 from rgacogne/dnsdist-xss
bert hubert [Thu, 14 Jan 2016 09:10:58 +0000 (10:10 +0100)]
Merge pull request #3219 from rgacogne/dnsdist-xss

dnsdist: Remove JSONP, limit command to /jsonstat, add security HTTP headers and CORS

8 years agodnsdist: Set the charset to UTF-8 for html, JS, CSS and JSON contents
Remi Gacogne [Thu, 14 Jan 2016 08:14:05 +0000 (09:14 +0100)]
dnsdist: Set the charset to UTF-8 for html, JS, CSS and JSON contents

8 years agodnsdist: Remove remote images in the webserver index
Remi Gacogne [Wed, 13 Jan 2016 16:54:54 +0000 (17:54 +0100)]
dnsdist: Remove remote images in the webserver index

- Remove the github link/image
- Add the powerdns logo to the html directory
- Add handling for PNG files in the webserver
- Edit the CSP policy to only allows local images
- Explicitely asks jQuery not to use JSONP while fetching the stats

8 years agodnsdist: Add basic CORS support in the webserver
Remi Gacogne [Tue, 12 Jan 2016 15:00:36 +0000 (16:00 +0100)]
dnsdist: Add basic CORS support in the webserver

Now that we have removed JSONP support, we need to support
Cross-Origin Resource Sharing (CORS) to allow web pages not served
by our webserver to access our JSON REST API (well, stats).

8 years agodnsdist: Support command= only on /jsonstat URL
Christian Hofstaedtler [Tue, 12 Jan 2016 09:46:04 +0000 (10:46 +0100)]
dnsdist: Support command= only on /jsonstat URL

8 years agodnsdist: Remove jsonp callback, add security HTTP headers
Remi Gacogne [Tue, 12 Jan 2016 09:25:05 +0000 (10:25 +0100)]
dnsdist: Remove jsonp callback, add security HTTP headers

- Remove the jsonp callback, using simple json data instead (Fixes #3217)
We might need to add CORS if we want to be able to retrieve JSON
data from a webpage not stored on the embedded web server.
- Add several HTTP headers:
 * X-Content-Type-Options: no-sniff to prevent browsers from guessing MIME type
 * X-Frame-Options: deny to prevent clickjacking
 * X-Permitted-Cross-Domain-Policies: none to keep flash from crossing boundaries
 * X-XSS-Protection: 1; mode=block to mitigate XSS
 * Content-Security-Policy: default-src 'self'; img-src *; style-src 'self' 'unsafe-inline',
 a basic CSP policy to restrict which scripts and CSS can be loaded

8 years agoMerge pull request #3226 from zeha/libedit2
bert hubert [Thu, 14 Jan 2016 08:01:03 +0000 (09:01 +0100)]
Merge pull request #3226 from zeha/libedit2

Drop unused <history.h> include