bert hubert [Thu, 10 Dec 2015 06:35:00 +0000 (07:35 +0100)]
so, it turns out only the hashing/dnssec parts of powerdns need 'toDNSString()' lowercase. Gave them a helper, made toDNSString() not touch case again.
bert hubert [Wed, 9 Dec 2015 18:08:37 +0000 (19:08 +0100)]
Revert "toDNSString inexplicably did a toLower() on what it wrote it, potentially causing 0x20 issues. Now, I assume some code needed this. This commit will find that code."
bert hubert [Wed, 9 Dec 2015 12:56:50 +0000 (13:56 +0100)]
toDNSString inexplicably did a toLower() on what it wrote it, potentially causing 0x20 issues. Now, I assume some code needed this. This commit will find that code.
Replace dnsnameFromJson() with apiNameToDNSName(stringFromJson())
To reuse the name checking code for strings that didn't come
from json. Also makes it clearer that the checking logic is
an API only thing, and other json consumers may use their own
policy on dots, etc.
Andreas Jakum [Fri, 13 Nov 2015 15:04:38 +0000 (16:04 +0100)]
Add counter for ignored packets to recursor statistics (+docs).
Turns out recursor can be kept rather busy dealing with packets that will not show up anywhere.
Remi Gacogne [Tue, 8 Dec 2015 17:19:34 +0000 (18:19 +0100)]
Make the string parameter to testCrypto() optional.
The documentation does not mention it and I don't think it makes
sense to require one.
Document the fact that makeKey() does return setKey('plaintext')
without libsodium support.
Reported by Charles-Henri Bruyand.
bert hubert [Tue, 8 Dec 2015 15:52:18 +0000 (16:52 +0100)]
fix up bandwidth exceeded limits, move dnsheader (12 bytes) into ringbuffer, add it to grepq output, make that somewhat pretty, plus fix up TCP reporting to the response rings
Remi Gacogne [Thu, 3 Dec 2015 08:28:22 +0000 (09:28 +0100)]
Add EDNS Client Subnet to queries, unit tests and regression tests.
The main idea is to be able to add EDNS Client Subnet information
to queries to that the downstream servers know who the real client
is. This is easy if the query already has EDNS, since we just have
to add an ECS option to the existing pseudo-RR OPT. Note that if the
query has an existing ECS option, we just leave it as it is unless
setECSOverride has been set to true.
If the original query has no ENDS support, we can easily add the
pseudo-RR OPT with an ECS option, but we need to remove EDNS from
the response, otherwise the client might choke on it. This is not too
hard it the pseudo-RR is the last one, but otherwise removing it
could cause issue with name compression (offsets), therefore we
completely rewrite the response in that case.
This implementation tries hard not to parse the query, and not
to allocate too much objects to parse the response. The huge downside
is that we do not reuse as much parsing code as we probably could.
Unit tests have been added, they are not enabled unless
--enable-unit-tests is set.
Regression tests have been added in regression-tests.dnsdist.
From and to API consumers we'll now always require/send names (and
content) with dots. To the backend, we'll always require/send without
dots. Some API tests now check the data written to the sqlite DB, too.
Incoming names are now checked against a restricted list of chars,
fixing #1437. The double dot case is taken care of by DNSName (and
we'll no longer report an ISE if DNSName parsing fails - we make
sure to parse all names in a try/except).
Remi Gacogne [Fri, 4 Dec 2015 15:01:40 +0000 (16:01 +0100)]
Allow setting maxOustanding and maxTCPClientThreads in configuration
This commit adds the setMaxTCPClientThreads() and
setMaxUDPOutstanding() directives.
These controls, respectively, the maximum number of TCP threads
handling client connections and the maximum number of oustanding
UDP queries to a given backend server.
setMaxUDPOutstanding() is only usable at configuration-time, and
not at runtime.
Remi Gacogne [Wed, 2 Dec 2015 16:42:01 +0000 (17:42 +0100)]
Fix stats handling for TCP queries.
The previous commit tried to fix the fact that TCP queries were
not correctly accounted, but did not properly handle the fact that
several queries can be sent over a single connection.
Responses were not properly handled either.
Remi Gacogne [Wed, 2 Dec 2015 17:55:44 +0000 (18:55 +0100)]
Remove the IDState lock.
Keeping a copy of the origFD in the response handling thread and
setting ids->age to 0 before setting ids->origFD in the UDP query
thread should prevent dropping query because of a race.