]>
granicus.if.org Git - pdns/log
Pieter Lexis [Fri, 29 Jul 2016 13:55:37 +0000 (15:55 +0200)]
More changelog fixes
Pieter Lexis [Fri, 29 Jul 2016 13:31:32 +0000 (15:31 +0200)]
Update changelog with one more entry
Peter van Dijk [Fri, 29 Jul 2016 13:29:21 +0000 (15:29 +0200)]
Merge pull request #4252 from rgacogne/auth-bind-include-length
auth: Don't include bind files if length <= 2 or > sizeof(filename)
Pieter Lexis [Fri, 29 Jul 2016 13:26:15 +0000 (15:26 +0200)]
Merge pull request #4241 from pieterlexis/401-changelog
4.0.1 changelog, docs and secpoll
Pieter Lexis [Thu, 28 Jul 2016 09:02:40 +0000 (11:02 +0200)]
Add 4.0.1 to secpoll
Pieter Lexis [Thu, 28 Jul 2016 08:56:56 +0000 (10:56 +0200)]
Add some docs on new ComboAddress features in Lua
Pieter Lexis [Thu, 28 Jul 2016 08:53:01 +0000 (10:53 +0200)]
Add Upgrade Notes for the recursor
Pieter Lexis [Thu, 28 Jul 2016 08:51:40 +0000 (10:51 +0200)]
Add auth 4.0.1 changelog
Pieter Lexis [Thu, 28 Jul 2016 08:51:24 +0000 (10:51 +0200)]
Add recursor 4.0.1 changelog entries
Pieter Lexis [Fri, 29 Jul 2016 12:38:49 +0000 (14:38 +0200)]
Merge pull request #4255 from pieterlexis/stl-error-on-broken-soa
Auth: catch runtime_error when parsing a broken MNAME
Pieter Lexis [Fri, 29 Jul 2016 12:38:39 +0000 (14:38 +0200)]
Merge pull request #4207 from pieterlexis/multiple-DS-per-name
Change DS config items to dsmap_t
Pieter Lexis [Thu, 21 Jul 2016 14:43:47 +0000 (16:43 +0200)]
Change dsmap_t to a set to prevent duplicates
Pieter Lexis [Tue, 19 Jul 2016 13:38:27 +0000 (15:38 +0200)]
Change DS config items to dsmap_t
Ensure that addTA() appends the DS.
Pieter Lexis [Fri, 29 Jul 2016 10:21:25 +0000 (12:21 +0200)]
Auth: PDNSException for bad SOA MNAME or RNAME
This prevents blowing up the bind backend on startup when one zone
contains a bad SOA record.
Pieter Lexis [Fri, 29 Jul 2016 08:52:51 +0000 (10:52 +0200)]
Merge pull request #4242 from rgacogne/fix-protobuf-todebugstring-4240
Fix `DNSProtoBufMessage::toDebugString()` without protobuf support
Pieter Lexis [Fri, 29 Jul 2016 08:45:33 +0000 (10:45 +0200)]
Merge pull request #4245 from mind04/nsec
direct nsec nxdomain
Pieter Lexis [Fri, 29 Jul 2016 08:45:26 +0000 (10:45 +0200)]
Merge pull request #4250 from mind04/tologstring
use toLogString() for ringAccount
Kees Monshouwer [Thu, 28 Jul 2016 21:23:56 +0000 (23:23 +0200)]
use toLogString() for ringAccount
Peter van Dijk [Thu, 28 Jul 2016 17:56:13 +0000 (19:56 +0200)]
Merge pull request #4247 from pieterlexis/fail-on-missing-components
Autoconf improvements
Pieter Lexis [Thu, 28 Jul 2016 15:17:26 +0000 (17:17 +0200)]
Merge pull request #4222 from aj-gh/fix-doc-timedout-packets
Correct wrong statistics counter name in docs
Pieter Lexis [Thu, 28 Jul 2016 15:17:19 +0000 (17:17 +0200)]
Merge pull request #4243 from pieterlexis/toString-in-current-queries
Recursor: Fix a possible crash
Pieter Lexis [Thu, 28 Jul 2016 14:37:06 +0000 (16:37 +0200)]
dnsdist: we don't use boost::foreach anymore
Pieter Lexis [Thu, 28 Jul 2016 14:33:06 +0000 (16:33 +0200)]
Auth: Fail configure on missing boost components
Prevents issues like #4239
Kees Monshouwer [Thu, 28 Jul 2016 14:03:21 +0000 (16:03 +0200)]
test response for non existent direct nsec queries
Kees Monshouwer [Thu, 28 Jul 2016 13:17:39 +0000 (15:17 +0200)]
don't send covering nsec records for direct nsec queries
Pieter Lexis [Thu, 28 Jul 2016 12:21:10 +0000 (14:21 +0200)]
Recursor: Fix a possible crash
When the parser creates empty DNSNames (for whatever reason) and
`rec_control current-queries` is run, the process would abort because it
tried to print an empty DNSName.
Pieter Lexis [Thu, 28 Jul 2016 10:38:31 +0000 (12:38 +0200)]
Merge pull request #4214 from rgacogne/auth-supermaster-proxy-ecs
auth: Trust EDNS Client Subnet from a trusted notification proxy
Pieter Lexis [Thu, 28 Jul 2016 09:49:39 +0000 (11:49 +0200)]
Merge pull request #4210 from pieterlexis/rec-secpoll-validate
Validate DNSSEC for secpoll.powerdns.com
Remi Gacogne [Thu, 28 Jul 2016 09:08:43 +0000 (11:08 +0200)]
Fix `DNSProtoBufMessage::toDebugString()` without protobuf support
Fixes #4240.
Pieter Lexis [Thu, 28 Jul 2016 08:15:25 +0000 (10:15 +0200)]
Merge pull request #4183 from hnsk/pdnsutil-always-diff
pdnsutil: Remove checking of ctime and always diff the changes.
Pieter Lexis [Thu, 28 Jul 2016 08:01:22 +0000 (10:01 +0200)]
Merge pull request #4206 from rgacogne/auth-psql-deallocate-4201
auth: Don't try to deallocate empty PG statements
Pieter Lexis [Thu, 28 Jul 2016 08:00:47 +0000 (10:00 +0200)]
Merge pull request #4126 from rgacogne/auth-carbon-freebsd
auth: Wait for the connection to the carbon server to be established
Pieter Lexis [Thu, 28 Jul 2016 07:59:21 +0000 (09:59 +0200)]
Merge pull request #4142 from mind04/fd-usage
add used filedescriptor statistics to auth
Pieter Lexis [Thu, 28 Jul 2016 07:54:05 +0000 (09:54 +0200)]
Merge pull request #4168 from cmouse/recursor-lua-netmask
Add more Netmask methods for recursor Lua
Pieter Lexis [Thu, 28 Jul 2016 07:53:56 +0000 (09:53 +0200)]
Merge pull request #4140 from James-TR/fix-include-sys-poll
resolver.cc: fix warnings with gcc on musl-libc
Pieter Lexis [Thu, 28 Jul 2016 07:53:47 +0000 (09:53 +0200)]
Merge pull request #4224 from mind04/regression
fix AXFR-SOURCE tests
Remi Gacogne [Wed, 27 Jul 2016 15:15:43 +0000 (17:15 +0200)]
auth: Don't include bind files if length < 2 or > sizeof(filename)
Pieter Lexis [Wed, 27 Jul 2016 12:34:27 +0000 (14:34 +0200)]
Merge pull request #4215 from rgacogne/rec-rpz-override-local
rec: RPZ default policy should also override local data RRs
Kees Monshouwer [Sat, 23 Jul 2016 12:14:47 +0000 (14:14 +0200)]
grep out fd-usage metric in counters test
bert hubert [Fri, 22 Jul 2016 19:13:07 +0000 (21:13 +0200)]
Merge pull request #4205 from rgacogne/dnsdist-downstream-any
dnsdist: Prevent the use of "any" addresses for downstream server
bert hubert [Fri, 22 Jul 2016 19:12:27 +0000 (21:12 +0200)]
Merge pull request #4211 from pieterlexis/secpoll-400-unsupported
Secpoll: Set 4.0.0 pre-releases to "upgrade now"
bert hubert [Fri, 22 Jul 2016 19:11:51 +0000 (21:11 +0200)]
Merge pull request #4221 from Habbie/no-clobber-erno
save errno before we clobber it
bert hubert [Fri, 22 Jul 2016 19:11:16 +0000 (21:11 +0200)]
Merge pull request #4217 from ahupowerdns/nxtrust
turn on root-nx-trust by default and log-common-errors=off, and document that
Kees Monshouwer [Fri, 22 Jul 2016 17:50:51 +0000 (19:50 +0200)]
fix AXFR-SOURCE tests
bert hubert [Fri, 22 Jul 2016 13:20:59 +0000 (15:20 +0200)]
clarify root-nx-trust by explicitly setting it to yes
bert hubert [Fri, 22 Jul 2016 13:20:32 +0000 (15:20 +0200)]
turn off the logging of common errors by default. In high traffic situations with synchronous logging, this is dangerous.
bert hubert [Fri, 22 Jul 2016 13:19:23 +0000 (15:19 +0200)]
Merge pull request #4220 from rgacogne/dnsdist-no-error-parsing-udp-query
dnsdist: Don't log an error when parsing an invalid UDP query
Andreas Jakum [Fri, 22 Jul 2016 13:01:29 +0000 (15:01 +0200)]
Correct wrong statistics counter name in docs
Peter van Dijk [Thu, 21 Jul 2016 15:06:57 +0000 (17:06 +0200)]
Merge pull request #4164 from pieterlexis/fail-on-lua-dns-script-missing
Fail on startup when lua-dns-script doesn't exist
Pieter Lexis [Thu, 21 Jul 2016 15:02:34 +0000 (17:02 +0200)]
Merge pull request #4192 from Habbie/dnsreplay-nostamp
only ecs-stamp when asked for
Peter van Dijk [Thu, 21 Jul 2016 14:58:16 +0000 (16:58 +0200)]
Merge pull request #4152 from zeha/test-doubleeq
Use single equal sign when calling test(1)
Peter van Dijk [Thu, 21 Jul 2016 14:49:20 +0000 (16:49 +0200)]
save errno before we clobber it
Remi Gacogne [Thu, 21 Jul 2016 14:11:06 +0000 (16:11 +0200)]
dnsdist: Don't log an error when parsing an invalid UDP query
It can still be displayed in verbose mode, but we don't want to
flood our logs for this.
bert hubert [Thu, 21 Jul 2016 10:06:39 +0000 (12:06 +0200)]
turn on root-nx-trust by default, and document that
Peter van Dijk [Thu, 21 Jul 2016 09:57:47 +0000 (11:57 +0200)]
Merge pull request #4119 from mind04/recursor
rec: improve dnssec record skipping for non dnssec queries
Peter van Dijk [Thu, 21 Jul 2016 09:52:15 +0000 (11:52 +0200)]
Merge pull request #4114 from rgacogne/dnsdist-labelscount-rule
dnsdist: Add `QNameLabelsCountRule()` and `QNameWireLengthRule()`
Peter van Dijk [Thu, 21 Jul 2016 09:41:46 +0000 (11:41 +0200)]
Merge pull request #4133 from rgacogne/issue-4128
Add limits to the size of received {A,I}XFR, in megabytes
Pieter Lexis [Thu, 21 Jul 2016 09:35:14 +0000 (11:35 +0200)]
Merge pull request #4213 from pieterlexis/tinydns-for-centos
Create tinydns backend packages for CentOS 7
Pieter Lexis [Thu, 21 Jul 2016 09:34:55 +0000 (11:34 +0200)]
Merge pull request #4212 from pieterlexis/pgp-key
Add PGP key to tarball signers
Remi Gacogne [Wed, 20 Jul 2016 13:59:49 +0000 (15:59 +0200)]
auth: Trust EDNS Client Subnet from a trusted notification proxy
This allows for example the use of dnsdist in front of supermaster
slaves.
dnsdist must be configured to send ECS to the backend with:
* `useClientSubnet=true` on the corresponding `newServer()`
* `setECSSourcePrefixV4(32)` and/or `setECSSourcePrefixV6(128)` so
the exact source is sent to the slave
* `setECSOverride(true)` so that any existing ECS information is
overridden
In addition, pdns must be configured to accept notification from
dnsdist with `trusted-notification-proxy` and to process ECS with
`edns-subnet-processing=yes`.
Remi Gacogne [Wed, 20 Jul 2016 12:49:04 +0000 (14:49 +0200)]
rec: RPZ default policy should also override local data RRs
Pieter Lexis [Wed, 20 Jul 2016 10:52:53 +0000 (12:52 +0200)]
Add PGP key to tarball signers
Pieter Lexis [Tue, 19 Jul 2016 15:24:26 +0000 (17:24 +0200)]
Create tinydns backend packages for CentOS 7
Pieter Lexis [Wed, 20 Jul 2016 10:33:07 +0000 (12:33 +0200)]
Secpoll: Set 4.0.0 pre-releases to "upgrade now"
Pieter Lexis [Wed, 20 Jul 2016 10:22:32 +0000 (12:22 +0200)]
Rec: validate DNSSEC for secpoll.powerdns.com
bert hubert [Tue, 19 Jul 2016 19:48:32 +0000 (21:48 +0200)]
Merge pull request #4044 from cmouse/dnspacket-comboaddr
Dnspacket comboaddr
bert hubert [Tue, 19 Jul 2016 18:55:39 +0000 (20:55 +0200)]
Merge pull request #4187 from pieterlexis/bogus-island-of-trust
Two more DNSSEC fixes
James Taylor [Sat, 9 Jul 2016 09:38:42 +0000 (09:38 +0000)]
resolver.cc: fix warnings with gcc on musl-libc
resolver.cc makes an incorrect include directive of `poll.h`. The
correct syntax for inclusion, according to `man 2 poll` is:
`#include <poll.h>`
This commit prevents warnings from being displayed due to going through
musl-libc's compatibility wrappers
Remi Gacogne [Tue, 19 Jul 2016 08:50:43 +0000 (10:50 +0200)]
auth: Don't try to deallocate empty PG statements
When a SPgSQLStatement is released without having been prepared,
we execute an invalid 'DEALLOCATE ' SQL command. This might happen
if the statement has not been used before being destroyed, for example.
Remi Gacogne [Mon, 18 Jul 2016 13:00:26 +0000 (15:00 +0200)]
dnsdist: Prevent the use of "any" addresses for downstream server
Otherwise the corresponding `DownstreamState`'s FD is -1 (needed
for 'client' mode) and we loop endlessly on `recvfrom()` returning -1.
Reported by Sander Smeenk.
Pieter Lexis [Fri, 15 Jul 2016 09:54:53 +0000 (11:54 +0200)]
Add changelog entry
Pieter Lexis [Fri, 15 Jul 2016 14:25:32 +0000 (16:25 +0200)]
Validate all key paths on possible Insecure
Before, we only checked the first QName, now we go through every name we
have to verify that the answer is indeed insecure.
Pieter Lexis [Fri, 15 Jul 2016 14:24:30 +0000 (16:24 +0200)]
Do not follow CNAMEs when hunting for DS records
This fixes the CNAME at apex bogus
Pieter Lexis [Thu, 14 Jul 2016 22:23:15 +0000 (00:23 +0200)]
Don't go bogus on CNAMEs to islands of security
Closes #4181
Incidentally, this commit also ensures that we no longer 'jojo' between
Secure and Insecure states. Once we have an Insecure, we can only go
Bogus but not Secure.
Pieter Lexis [Thu, 14 Jul 2016 22:14:41 +0000 (00:14 +0200)]
Compress 3 lines into 1
Pieter Lexis [Thu, 14 Jul 2016 22:14:14 +0000 (00:14 +0200)]
Add test for island of security (#4181)
Peter van Dijk [Fri, 15 Jul 2016 12:48:43 +0000 (14:48 +0200)]
only ecs-stamp when asked for
Pieter Lexis [Thu, 14 Jul 2016 15:50:12 +0000 (17:50 +0200)]
Add missing DNSSEC trace message
Pieter Lexis [Fri, 15 Jul 2016 09:47:54 +0000 (11:47 +0200)]
Merge pull request #4178 from pieterlexis/qtype-to-dnssec-trace
Add QType to log output for DNSSEC trace
Pieter Lexis [Fri, 15 Jul 2016 09:47:39 +0000 (11:47 +0200)]
Merge pull request #4162 from pieterlexis/post-400-dnssec-fixes
Recursor 4.0.0 DNSSEC fixes
Pieter Lexis [Thu, 14 Jul 2016 22:31:46 +0000 (00:31 +0200)]
Merge pull request #4166 from Habbie/cleanup
Cleanup
Pieter Lexis [Thu, 14 Jul 2016 22:31:27 +0000 (00:31 +0200)]
Merge pull request #4154 from setharnold/patch-3
small doc fixes
Hannu Ylitalo [Thu, 14 Jul 2016 16:07:06 +0000 (19:07 +0300)]
pdnsutil: Remove checking of ctime and always diff the changes. Exit if no changes are found.
Pieter Lexis [Thu, 14 Jul 2016 15:44:10 +0000 (17:44 +0200)]
Add changelog entries
Pieter Lexis [Tue, 12 Jul 2016 14:33:15 +0000 (16:33 +0200)]
Add test for #4158
Pieter Lexis [Tue, 12 Jul 2016 13:09:34 +0000 (15:09 +0200)]
Skip a level when a CNAME is found for the name
If we'd encounter a CNAME when chasing for DS/DNSKEY, we followed it and
concluded that the domain was bogus. We now skip this level and try to
get a DS record for the next name.
I'm unsure this is the correct solution, but it fixes #4158
Pieter Lexis [Tue, 12 Jul 2016 14:06:27 +0000 (16:06 +0200)]
Add tests for out of band names
Pieter Lexis [Tue, 12 Jul 2016 11:42:55 +0000 (13:42 +0200)]
Don't validate internal or out-of-band names
Closes #4149
Closes #4156
Closes #4157
Pieter Lexis [Tue, 12 Jul 2016 14:07:43 +0000 (16:07 +0200)]
Fix filename to match test names
Pieter Lexis [Tue, 12 Jul 2016 08:23:04 +0000 (10:23 +0200)]
Use g_dnssecmode global instead of the slower arg()
Pieter Lexis [Thu, 14 Jul 2016 15:39:56 +0000 (17:39 +0200)]
Merge pull request #4169 from zeha/typo
Fix typos found by lintian
Pieter Lexis [Thu, 14 Jul 2016 15:39:35 +0000 (17:39 +0200)]
Merge pull request #4160 from pieterlexis/do-means-ad
Also validate on +DO
Pieter Lexis [Tue, 12 Jul 2016 10:54:50 +0000 (12:54 +0200)]
Add changelog
Pieter Lexis [Thu, 14 Jul 2016 11:36:27 +0000 (13:36 +0200)]
Add QType to log output for DNSSEC trace
Pieter Lexis [Tue, 12 Jul 2016 10:50:18 +0000 (12:50 +0200)]
Update DNSSEC docs on the DO/AD bit usage
Pieter Lexis [Tue, 12 Jul 2016 10:09:30 +0000 (12:09 +0200)]
Also validate on _only_ +DO
Closes #4159
Pieter Lexis [Tue, 12 Jul 2016 10:01:12 +0000 (12:01 +0200)]
Update regression tests for +DO means +AD
Christian Hofstaedtler [Wed, 13 Jul 2016 12:42:28 +0000 (14:42 +0200)]
Fix typos found by lintian
Aki Tuomi [Wed, 13 Jul 2016 09:52:41 +0000 (12:52 +0300)]
Add more Netmask methods for recursor Lua
Closes #4167
Aki Tuomi [Sun, 26 Jun 2016 17:28:02 +0000 (20:28 +0300)]
DNSPacket API change