]>
granicus.if.org Git - pdns/log
Robin Geuze [Fri, 12 Aug 2016 08:19:29 +0000 (10:19 +0200)]
Add showTCPStats function
Peter van Dijk [Thu, 11 Aug 2016 12:39:32 +0000 (14:39 +0200)]
Merge pull request #4301 from Habbie/lua-ds-tostring
expose SMN toString to lua
Peter van Dijk [Thu, 11 Aug 2016 12:38:52 +0000 (14:38 +0200)]
Merge pull request #4300 from Habbie/luacopydnsname
allow newDN to take a DNSName in; document missing methods
Peter van Dijk [Thu, 11 Aug 2016 12:36:24 +0000 (14:36 +0200)]
Merge pull request #4293 from rubenk/remove-selinux-policy
Remove SELinux policy
Peter van Dijk [Thu, 11 Aug 2016 12:35:22 +0000 (14:35 +0200)]
Merge pull request #4302 from rgacogne/dnsdist-help
dnsdist: Add `help()` and `showVersion()`
Peter van Dijk [Thu, 11 Aug 2016 08:48:07 +0000 (10:48 +0200)]
add missing methods to documentation
Peter van Dijk [Mon, 8 Aug 2016 19:06:15 +0000 (21:06 +0200)]
allow newDN to take a DNSName in
Peter van Dijk [Mon, 8 Aug 2016 19:11:06 +0000 (21:11 +0200)]
expose SMN toString to lua
Remi Gacogne [Tue, 9 Aug 2016 14:07:26 +0000 (16:07 +0200)]
dnsdist: Add `help()` and `showVersion()`
Peter van Dijk [Wed, 10 Aug 2016 19:22:59 +0000 (21:22 +0200)]
Merge pull request #4303 from rgacogne/auth-ruby-json-travis
Use ruby-json 1.8.2 instead of 1.8.1 to build on travis
Remi Gacogne [Wed, 10 Aug 2016 08:26:28 +0000 (10:26 +0200)]
Use ruby-json 1.8.2 instead of 1.8.1 to build on travis
Since travis upgraded their trusty image, ruby has been updated to
2.3.1 and doesn't play well with ruby-json 1.8.1.
This should be fixed in 1.8.2 according to
https://github.com/flori/json/issues/229
Ruben Kerkhof [Sat, 6 Aug 2016 10:23:59 +0000 (12:23 +0200)]
Remove SELinux policy
I wrote new policy from scratch which has been upstreamed a while ago.
bert hubert [Thu, 4 Aug 2016 17:02:10 +0000 (19:02 +0200)]
Update index.md
Peter van Dijk [Wed, 3 Aug 2016 19:01:11 +0000 (21:01 +0200)]
Merge pull request #4274 from mind04/dhcid
report DHCID type
Peter van Dijk [Tue, 2 Aug 2016 20:37:39 +0000 (22:37 +0200)]
Merge pull request #4271 from Habbie/ucontext_t
fix type
Kees Monshouwer [Tue, 2 Aug 2016 19:09:46 +0000 (21:09 +0200)]
report DHCID type
Peter van Dijk [Tue, 2 Aug 2016 13:48:34 +0000 (15:48 +0200)]
fix type
Remi Gacogne [Mon, 1 Aug 2016 07:18:37 +0000 (09:18 +0200)]
Merge pull request #4042 from rgacogne/dnsdist-tcp-fast-open
dnsdist: Add server-side TCP Fast Open support
Remi Gacogne [Mon, 1 Aug 2016 07:17:33 +0000 (09:17 +0200)]
Merge pull request #4067 from rgacogne/dnsdist-fix-ebpf-detection
dnsdist: Disable eBPF support when BPF_FUNC_tail_call is not found
Remi Gacogne [Mon, 1 Aug 2016 07:16:56 +0000 (09:16 +0200)]
Merge pull request #4079 from rgacogne/dnsdist-remotelog-no-protobuf
dnsdist: Return an error on RemoteLog{,Response}Action() w/o protobuf
Remi Gacogne [Mon, 1 Aug 2016 07:16:42 +0000 (09:16 +0200)]
Merge pull request #4198 from stutiredboy/master
newServer setting maxCheckFailures makes no sense
Remi Gacogne [Mon, 1 Aug 2016 07:15:51 +0000 (09:15 +0200)]
Merge pull request #4246 from rgacogne/dnsdist-api-array-pools
dnsdist: API now sends pools as a JSON array instead of a string
Pieter Lexis [Fri, 29 Jul 2016 14:28:18 +0000 (16:28 +0200)]
Merge pull request #4056 from zeha/openssl11
OpenSSL 1.1.0 support
Pieter Lexis [Fri, 29 Jul 2016 13:55:37 +0000 (15:55 +0200)]
More changelog fixes
Pieter Lexis [Fri, 29 Jul 2016 13:31:32 +0000 (15:31 +0200)]
Update changelog with one more entry
Peter van Dijk [Fri, 29 Jul 2016 13:29:21 +0000 (15:29 +0200)]
Merge pull request #4252 from rgacogne/auth-bind-include-length
auth: Don't include bind files if length <= 2 or > sizeof(filename)
Pieter Lexis [Fri, 29 Jul 2016 13:26:15 +0000 (15:26 +0200)]
Merge pull request #4241 from pieterlexis/401-changelog
4.0.1 changelog, docs and secpoll
Pieter Lexis [Thu, 28 Jul 2016 09:02:40 +0000 (11:02 +0200)]
Add 4.0.1 to secpoll
Pieter Lexis [Thu, 28 Jul 2016 08:56:56 +0000 (10:56 +0200)]
Add some docs on new ComboAddress features in Lua
Pieter Lexis [Thu, 28 Jul 2016 08:53:01 +0000 (10:53 +0200)]
Add Upgrade Notes for the recursor
Pieter Lexis [Thu, 28 Jul 2016 08:51:40 +0000 (10:51 +0200)]
Add auth 4.0.1 changelog
Pieter Lexis [Thu, 28 Jul 2016 08:51:24 +0000 (10:51 +0200)]
Add recursor 4.0.1 changelog entries
Christian Hofstaedtler [Mon, 27 Jun 2016 19:45:23 +0000 (19:45 +0000)]
opensslsigners: use libcrypto access functions
Christian Hofstaedtler [Mon, 27 Jun 2016 13:50:31 +0000 (13:50 +0000)]
opensslsigners: remove thread/locking setup, not needed in openssl 1.1 anymore
Christian Hofstaedtler [Mon, 27 Jun 2016 13:50:05 +0000 (13:50 +0000)]
dns_random: Use CRYPTO_ctr128_encrypt when available
As AES_ctr128_encrypt is removed in OpenSSL 1.1.0.
Pieter Lexis [Mon, 27 Jun 2016 18:41:52 +0000 (20:41 +0200)]
Add PDNS_CHECK_LIBCRYPTO based on AX_CHECK_OPENSSL
This detects libcrypto for OpenSSL 0.9.8, 1.0 and 1.1.
Furthermore, curve detection appeared broken on Arch Linux, this is fixed
with the addition of PDNS_CHECK_LIBCRYPTO_ECDSA, without breaking on Debian
Jessie, Ubuntu Trusty, Wily and Xenial and CentOS 5 through 7.
Pieter Lexis [Fri, 29 Jul 2016 12:38:49 +0000 (14:38 +0200)]
Merge pull request #4255 from pieterlexis/stl-error-on-broken-soa
Auth: catch runtime_error when parsing a broken MNAME
Pieter Lexis [Fri, 29 Jul 2016 12:38:39 +0000 (14:38 +0200)]
Merge pull request #4207 from pieterlexis/multiple-DS-per-name
Change DS config items to dsmap_t
Pieter Lexis [Thu, 21 Jul 2016 14:43:47 +0000 (16:43 +0200)]
Change dsmap_t to a set to prevent duplicates
Pieter Lexis [Tue, 19 Jul 2016 13:38:27 +0000 (15:38 +0200)]
Change DS config items to dsmap_t
Ensure that addTA() appends the DS.
Christian Hofstaedtler [Fri, 1 Jul 2016 12:17:08 +0000 (14:17 +0200)]
test-algorithms: check public key can be reloaded
Christian Hofstaedtler [Fri, 1 Jul 2016 09:57:35 +0000 (11:57 +0200)]
opensslsigners: mark member overrides
Fixes warnings from clang.
Pieter Lexis [Fri, 29 Jul 2016 10:21:25 +0000 (12:21 +0200)]
Auth: PDNSException for bad SOA MNAME or RNAME
This prevents blowing up the bind backend on startup when one zone
contains a bad SOA record.
Pieter Lexis [Fri, 29 Jul 2016 08:52:51 +0000 (10:52 +0200)]
Merge pull request #4242 from rgacogne/fix-protobuf-todebugstring-4240
Fix `DNSProtoBufMessage::toDebugString()` without protobuf support
Pieter Lexis [Fri, 29 Jul 2016 08:45:33 +0000 (10:45 +0200)]
Merge pull request #4245 from mind04/nsec
direct nsec nxdomain
Pieter Lexis [Fri, 29 Jul 2016 08:45:26 +0000 (10:45 +0200)]
Merge pull request #4250 from mind04/tologstring
use toLogString() for ringAccount
Kees Monshouwer [Thu, 28 Jul 2016 21:23:56 +0000 (23:23 +0200)]
use toLogString() for ringAccount
Peter van Dijk [Thu, 28 Jul 2016 17:56:13 +0000 (19:56 +0200)]
Merge pull request #4247 from pieterlexis/fail-on-missing-components
Autoconf improvements
Pieter Lexis [Thu, 28 Jul 2016 15:17:26 +0000 (17:17 +0200)]
Merge pull request #4222 from aj-gh/fix-doc-timedout-packets
Correct wrong statistics counter name in docs
Pieter Lexis [Thu, 28 Jul 2016 15:17:19 +0000 (17:17 +0200)]
Merge pull request #4243 from pieterlexis/toString-in-current-queries
Recursor: Fix a possible crash
Pieter Lexis [Thu, 28 Jul 2016 14:37:06 +0000 (16:37 +0200)]
dnsdist: we don't use boost::foreach anymore
Pieter Lexis [Thu, 28 Jul 2016 14:33:06 +0000 (16:33 +0200)]
Auth: Fail configure on missing boost components
Prevents issues like #4239
Kees Monshouwer [Thu, 28 Jul 2016 14:03:21 +0000 (16:03 +0200)]
test response for non existent direct nsec queries
Remi Gacogne [Thu, 28 Jul 2016 13:50:08 +0000 (15:50 +0200)]
dnsdist: API now sends pools as a JSON array instead of a string
Kees Monshouwer [Thu, 28 Jul 2016 13:17:39 +0000 (15:17 +0200)]
don't send covering nsec records for direct nsec queries
Pieter Lexis [Thu, 28 Jul 2016 12:21:10 +0000 (14:21 +0200)]
Recursor: Fix a possible crash
When the parser creates empty DNSNames (for whatever reason) and
`rec_control current-queries` is run, the process would abort because it
tried to print an empty DNSName.
Pieter Lexis [Thu, 28 Jul 2016 10:38:31 +0000 (12:38 +0200)]
Merge pull request #4214 from rgacogne/auth-supermaster-proxy-ecs
auth: Trust EDNS Client Subnet from a trusted notification proxy
Pieter Lexis [Thu, 28 Jul 2016 09:49:39 +0000 (11:49 +0200)]
Merge pull request #4210 from pieterlexis/rec-secpoll-validate
Validate DNSSEC for secpoll.powerdns.com
Remi Gacogne [Thu, 28 Jul 2016 09:08:43 +0000 (11:08 +0200)]
Fix `DNSProtoBufMessage::toDebugString()` without protobuf support
Fixes #4240.
Pieter Lexis [Thu, 28 Jul 2016 08:15:25 +0000 (10:15 +0200)]
Merge pull request #4183 from hnsk/pdnsutil-always-diff
pdnsutil: Remove checking of ctime and always diff the changes.
Pieter Lexis [Thu, 28 Jul 2016 08:01:22 +0000 (10:01 +0200)]
Merge pull request #4206 from rgacogne/auth-psql-deallocate-4201
auth: Don't try to deallocate empty PG statements
Pieter Lexis [Thu, 28 Jul 2016 08:00:47 +0000 (10:00 +0200)]
Merge pull request #4126 from rgacogne/auth-carbon-freebsd
auth: Wait for the connection to the carbon server to be established
Pieter Lexis [Thu, 28 Jul 2016 07:59:21 +0000 (09:59 +0200)]
Merge pull request #4142 from mind04/fd-usage
add used filedescriptor statistics to auth
Pieter Lexis [Thu, 28 Jul 2016 07:54:05 +0000 (09:54 +0200)]
Merge pull request #4168 from cmouse/recursor-lua-netmask
Add more Netmask methods for recursor Lua
Pieter Lexis [Thu, 28 Jul 2016 07:53:56 +0000 (09:53 +0200)]
Merge pull request #4140 from James-TR/fix-include-sys-poll
resolver.cc: fix warnings with gcc on musl-libc
Pieter Lexis [Thu, 28 Jul 2016 07:53:47 +0000 (09:53 +0200)]
Merge pull request #4224 from mind04/regression
fix AXFR-SOURCE tests
Remi Gacogne [Wed, 27 Jul 2016 15:15:43 +0000 (17:15 +0200)]
auth: Don't include bind files if length < 2 or > sizeof(filename)
Pieter Lexis [Wed, 27 Jul 2016 12:34:27 +0000 (14:34 +0200)]
Merge pull request #4215 from rgacogne/rec-rpz-override-local
rec: RPZ default policy should also override local data RRs
Kees Monshouwer [Sat, 23 Jul 2016 12:14:47 +0000 (14:14 +0200)]
grep out fd-usage metric in counters test
bert hubert [Fri, 22 Jul 2016 19:13:07 +0000 (21:13 +0200)]
Merge pull request #4205 from rgacogne/dnsdist-downstream-any
dnsdist: Prevent the use of "any" addresses for downstream server
bert hubert [Fri, 22 Jul 2016 19:12:27 +0000 (21:12 +0200)]
Merge pull request #4211 from pieterlexis/secpoll-400-unsupported
Secpoll: Set 4.0.0 pre-releases to "upgrade now"
bert hubert [Fri, 22 Jul 2016 19:11:51 +0000 (21:11 +0200)]
Merge pull request #4221 from Habbie/no-clobber-erno
save errno before we clobber it
bert hubert [Fri, 22 Jul 2016 19:11:16 +0000 (21:11 +0200)]
Merge pull request #4217 from ahupowerdns/nxtrust
turn on root-nx-trust by default and log-common-errors=off, and document that
Kees Monshouwer [Fri, 22 Jul 2016 17:50:51 +0000 (19:50 +0200)]
fix AXFR-SOURCE tests
bert hubert [Fri, 22 Jul 2016 13:20:59 +0000 (15:20 +0200)]
clarify root-nx-trust by explicitly setting it to yes
bert hubert [Fri, 22 Jul 2016 13:20:32 +0000 (15:20 +0200)]
turn off the logging of common errors by default. In high traffic situations with synchronous logging, this is dangerous.
bert hubert [Fri, 22 Jul 2016 13:19:23 +0000 (15:19 +0200)]
Merge pull request #4220 from rgacogne/dnsdist-no-error-parsing-udp-query
dnsdist: Don't log an error when parsing an invalid UDP query
Andreas Jakum [Fri, 22 Jul 2016 13:01:29 +0000 (15:01 +0200)]
Correct wrong statistics counter name in docs
Peter van Dijk [Thu, 21 Jul 2016 15:06:57 +0000 (17:06 +0200)]
Merge pull request #4164 from pieterlexis/fail-on-lua-dns-script-missing
Fail on startup when lua-dns-script doesn't exist
Pieter Lexis [Thu, 21 Jul 2016 15:02:34 +0000 (17:02 +0200)]
Merge pull request #4192 from Habbie/dnsreplay-nostamp
only ecs-stamp when asked for
Peter van Dijk [Thu, 21 Jul 2016 14:58:16 +0000 (16:58 +0200)]
Merge pull request #4152 from zeha/test-doubleeq
Use single equal sign when calling test(1)
Peter van Dijk [Thu, 21 Jul 2016 14:49:20 +0000 (16:49 +0200)]
save errno before we clobber it
Remi Gacogne [Thu, 21 Jul 2016 14:11:06 +0000 (16:11 +0200)]
dnsdist: Don't log an error when parsing an invalid UDP query
It can still be displayed in verbose mode, but we don't want to
flood our logs for this.
bert hubert [Thu, 21 Jul 2016 10:06:39 +0000 (12:06 +0200)]
turn on root-nx-trust by default, and document that
Peter van Dijk [Thu, 21 Jul 2016 09:57:47 +0000 (11:57 +0200)]
Merge pull request #4119 from mind04/recursor
rec: improve dnssec record skipping for non dnssec queries
Peter van Dijk [Thu, 21 Jul 2016 09:52:15 +0000 (11:52 +0200)]
Merge pull request #4114 from rgacogne/dnsdist-labelscount-rule
dnsdist: Add `QNameLabelsCountRule()` and `QNameWireLengthRule()`
Peter van Dijk [Thu, 21 Jul 2016 09:41:46 +0000 (11:41 +0200)]
Merge pull request #4133 from rgacogne/issue-4128
Add limits to the size of received {A,I}XFR, in megabytes
Pieter Lexis [Thu, 21 Jul 2016 09:35:14 +0000 (11:35 +0200)]
Merge pull request #4213 from pieterlexis/tinydns-for-centos
Create tinydns backend packages for CentOS 7
Pieter Lexis [Thu, 21 Jul 2016 09:34:55 +0000 (11:34 +0200)]
Merge pull request #4212 from pieterlexis/pgp-key
Add PGP key to tarball signers
Remi Gacogne [Wed, 20 Jul 2016 13:59:49 +0000 (15:59 +0200)]
auth: Trust EDNS Client Subnet from a trusted notification proxy
This allows for example the use of dnsdist in front of supermaster
slaves.
dnsdist must be configured to send ECS to the backend with:
* `useClientSubnet=true` on the corresponding `newServer()`
* `setECSSourcePrefixV4(32)` and/or `setECSSourcePrefixV6(128)` so
the exact source is sent to the slave
* `setECSOverride(true)` so that any existing ECS information is
overridden
In addition, pdns must be configured to accept notification from
dnsdist with `trusted-notification-proxy` and to process ECS with
`edns-subnet-processing=yes`.
Remi Gacogne [Wed, 20 Jul 2016 12:49:04 +0000 (14:49 +0200)]
rec: RPZ default policy should also override local data RRs
Pieter Lexis [Wed, 20 Jul 2016 10:52:53 +0000 (12:52 +0200)]
Add PGP key to tarball signers
Pieter Lexis [Tue, 19 Jul 2016 15:24:26 +0000 (17:24 +0200)]
Create tinydns backend packages for CentOS 7
Pieter Lexis [Wed, 20 Jul 2016 10:33:07 +0000 (12:33 +0200)]
Secpoll: Set 4.0.0 pre-releases to "upgrade now"
Pieter Lexis [Wed, 20 Jul 2016 10:22:32 +0000 (12:22 +0200)]
Rec: validate DNSSEC for secpoll.powerdns.com
bert hubert [Tue, 19 Jul 2016 19:48:32 +0000 (21:48 +0200)]
Merge pull request #4044 from cmouse/dnspacket-comboaddr
Dnspacket comboaddr
bert hubert [Tue, 19 Jul 2016 18:55:39 +0000 (20:55 +0200)]
Merge pull request #4187 from pieterlexis/bogus-island-of-trust
Two more DNSSEC fixes
James Taylor [Sat, 9 Jul 2016 09:38:42 +0000 (09:38 +0000)]
resolver.cc: fix warnings with gcc on musl-libc
resolver.cc makes an incorrect include directive of `poll.h`. The
correct syntax for inclusion, according to `man 2 poll` is:
`#include <poll.h>`
This commit prevents warnings from being displayed due to going through
musl-libc's compatibility wrappers
Remi Gacogne [Tue, 19 Jul 2016 08:50:43 +0000 (10:50 +0200)]
auth: Don't try to deallocate empty PG statements
When a SPgSQLStatement is released without having been prepared,
we execute an invalid 'DEALLOCATE ' SQL command. This might happen
if the statement has not been used before being destroyed, for example.
stutiredboy [Tue, 19 Jul 2016 03:08:55 +0000 (11:08 +0800)]
healthChecksThread indentation fixed.