]> granicus.if.org Git - pdns/log
pdns
8 years agofor shame
bert hubert [Sun, 29 Nov 2015 18:28:08 +0000 (19:28 +0100)]
for shame

8 years agoimplement a maintenance() function in dnsdist lua which can configure dynamic filters...
bert hubert [Sun, 29 Nov 2015 16:43:01 +0000 (17:43 +0100)]
implement a maintenance() function in dnsdist lua which can configure dynamic filters, plus add ringbuffer tooling to do so:

dyn = newNMG()
function blockFilter(remote, qname, qtype, dh)
-- print(string.format("Called from %s", remote:tostring()))
if(dyn:match(remote))
then
print("Blocking query from " .. remote:tostring() .. " because dynamic blocklist")
return true
end
return false
end

function maintenance()
local newdyn = newNMG()
local exc=exceedServfails(1, 3) -- more than 1 qps over 3 seconds
newdyn:add(exc)
for k, v in pairs( exc ) do
   newdyn:add(k)
end

exc=exceedNXDOMAINs(3, 10)   -- more than 3 qps over 10 seconds
for k, v in pairs( exc ) do
   print("Adding because of NXDOMAIN: "..k:tostring())
   newdyn:add(k)
end

newdyn:add(exceedByterate(1000, 4)) -- more than 1000 bytes/s over 4 seconds

dyn=newdyn
end

8 years agowe might have more DiffTimes
bert hubert [Sun, 29 Nov 2015 16:42:42 +0000 (17:42 +0100)]
we might have more DiffTimes

8 years agoMerge pull request #2945 from cmouse/geoip-interpolation
bert hubert [Sun, 29 Nov 2015 11:15:24 +0000 (12:15 +0100)]
Merge pull request #2945 from cmouse/geoip-interpolation

Geoip interpolation and sundry of fixes.

8 years agothe day you new that would be arriving: a Lua configuration file for Recursor. Also...
bert hubert [Sun, 29 Nov 2015 10:51:00 +0000 (11:51 +0100)]
the day you new that would be arriving: a Lua configuration file for Recursor. Also implements sortlist & makes Lua mandatory (for now) in Recursor

8 years agoadd a single-netmask long test case for netmasktree
bert hubert [Sun, 29 Nov 2015 10:50:26 +0000 (11:50 +0100)]
add a single-netmask long test case for netmasktree

8 years agorevert to std::string in DNSName for now since Centos6 boost does not have boost...
bert hubert [Sun, 29 Nov 2015 08:38:05 +0000 (09:38 +0100)]
revert to std::string in DNSName for now since Centos6 boost does not have boost::container::string - we should autodetect this with #if on BOOST_VERSION

8 years agoMerge pull request #2954 from cmouse/deforeach-remote
bert hubert [Sat, 28 Nov 2015 18:45:45 +0000 (19:45 +0100)]
Merge pull request #2954 from cmouse/deforeach-remote

Fix remotebackend for loops

8 years agoCorrect the name of the unixODBC package on centos
Pieter Lexis [Sat, 28 Nov 2015 15:18:40 +0000 (16:18 +0100)]
Correct the name of the unixODBC package on centos

8 years agomake nxdomains/noerror responses work. We validate the NSEC/NSEC3 records, but don...
bert hubert [Sat, 28 Nov 2015 11:38:05 +0000 (12:38 +0100)]
make nxdomains/noerror responses work. We validate the NSEC/NSEC3 records, but don't yet prove they cover the right things.

8 years agohook up ECDSA in git pdns_recursor build, not yet in separate tarball. Fix up CNAME...
bert hubert [Sat, 28 Nov 2015 10:05:07 +0000 (11:05 +0100)]
hook up ECDSA in git pdns_recursor build, not yet in separate tarball. Fix up CNAME chains and resolving insecure domains with do=1

8 years agoMerge pull request #2943 from ahupowerdns/deforeach
bert hubert [Fri, 27 Nov 2015 22:13:57 +0000 (23:13 +0100)]
Merge pull request #2943 from ahupowerdns/deforeach

Do we want this? remove BOOST_FOREACH, fixes two bugs

8 years agowhitespace conflict. Merge branch 'master' into deforeach
bert hubert [Fri, 27 Nov 2015 21:25:17 +0000 (22:25 +0100)]
whitespace conflict. Merge branch 'master' into deforeach

Conflicts:
pdns/dnssecinfra.cc

8 years agoMerge pull request #2942 from ahupowerdns/deserial
bert hubert [Fri, 27 Nov 2015 19:16:56 +0000 (20:16 +0100)]
Merge pull request #2942 from ahupowerdns/deserial

Deserial: remove boost serialization from configure.ac and includes, speeding up builds

8 years agoMerge pull request #2944 from rgacogne/sanitizers
bert hubert [Fri, 27 Nov 2015 19:12:18 +0000 (20:12 +0100)]
Merge pull request #2944 from rgacogne/sanitizers

Add configure options to build dnsdist with various sanitizers

8 years agoMerge pull request #2947 from rgacogne/dnsdist-tcp-check-len
bert hubert [Fri, 27 Nov 2015 19:12:05 +0000 (20:12 +0100)]
Merge pull request #2947 from rgacogne/dnsdist-tcp-check-len

Check the length of TCP queries in dnsdist

8 years agoMerge pull request #2948 from rgacogne/dnsname-check-offset-len
bert hubert [Fri, 27 Nov 2015 19:11:33 +0000 (20:11 +0100)]
Merge pull request #2948 from rgacogne/dnsname-check-offset-len

Check that offset < len in DNSName constructor

8 years agoMerge pull request #2950 from pieterlexis/dnsdist-http-contenttype
bert hubert [Fri, 27 Nov 2015 19:11:02 +0000 (20:11 +0100)]
Merge pull request #2950 from pieterlexis/dnsdist-http-contenttype

dnsdist: Add the correct Content-Header for files

8 years agoMerge pull request #2952 from pieterlexis/dnsdist-version-in-html
bert hubert [Fri, 27 Nov 2015 19:10:25 +0000 (20:10 +0100)]
Merge pull request #2952 from pieterlexis/dnsdist-version-in-html

Show the dnsdist version in the html

8 years agoignore the dnsdist history file
Pieter Lexis [Fri, 27 Nov 2015 17:01:17 +0000 (18:01 +0100)]
ignore the dnsdist history file

8 years agoUse symlink for gen-version script
Pieter Lexis [Fri, 27 Nov 2015 17:00:06 +0000 (18:00 +0100)]
Use symlink for gen-version script

8 years agodnsdist: show correct version in the webpage
Pieter Lexis [Fri, 27 Nov 2015 16:58:57 +0000 (17:58 +0100)]
dnsdist: show correct version in the webpage

8 years agodnsdist: Add the correct Content-Header for files
Pieter Lexis [Fri, 27 Nov 2015 15:56:23 +0000 (16:56 +0100)]
dnsdist: Add the correct Content-Header for files

8 years agoIgnore generated file
Aki Tuomi [Fri, 27 Nov 2015 15:52:41 +0000 (17:52 +0200)]
Ignore generated file

8 years agomake nonconst version of getTag() too which is faster
bert hubert [Fri, 27 Nov 2015 15:41:24 +0000 (16:41 +0100)]
make nonconst version of getTag() too which is faster

8 years agoMerge pull request #2949 from ahupowerdns/dprotect
bert hubert [Fri, 27 Nov 2015 15:40:04 +0000 (16:40 +0100)]
Merge pull request #2949 from ahupowerdns/dprotect

Dprotect: dnssec validation of answers

8 years agoCheck that offset < len in DNSName constructor
Remi Gacogne [Fri, 27 Nov 2015 14:06:32 +0000 (15:06 +0100)]
Check that offset < len in DNSName constructor

Otherwise, we might call memchr() with garbage, as len and offset
are signed but memchr()'s n is unsigned (size_t).

8 years agohook up the validator code with the recursor, keep toysdig independent so it can...
bert hubert [Fri, 27 Nov 2015 14:04:44 +0000 (15:04 +0100)]
hook up the validator code with the recursor, keep toysdig independent so it can source records over TCP/IP

8 years agoCheck the length of TCP queries
Remi Gacogne [Fri, 27 Nov 2015 14:00:36 +0000 (15:00 +0100)]
Check the length of TCP queries

There is no point in trying to parse queries whose length
is < sizeof(dnsheader).

8 years agomake sure we have enough space to receive those huge dnssec laden packets!
bert hubert [Fri, 27 Nov 2015 13:22:16 +0000 (14:22 +0100)]
make sure we have enough space to receive those huge dnssec laden packets!

8 years agoRemove unnecessary test
Aki Tuomi [Fri, 27 Nov 2015 12:45:48 +0000 (14:45 +0200)]
Remove unnecessary test

8 years agoAdd warning
Aki Tuomi [Fri, 27 Nov 2015 11:24:23 +0000 (13:24 +0200)]
Add warning

8 years agoUpdate docs
Aki Tuomi [Fri, 27 Nov 2015 11:05:08 +0000 (13:05 +0200)]
Update docs

8 years agoAdd format specifier for IP
Aki Tuomi [Fri, 27 Nov 2015 11:04:37 +0000 (13:04 +0200)]
Add format specifier for IP

8 years agoUpdate documentation
Aki Tuomi [Fri, 27 Nov 2015 10:56:14 +0000 (12:56 +0200)]
Update documentation

8 years agoRemove unneeded 1.2.3.4 from dev lo
Aki Tuomi [Fri, 27 Nov 2015 10:32:28 +0000 (12:32 +0200)]
Remove unneeded 1.2.3.4 from dev lo

8 years agosplit out validation bits from toysdig, move to an 'Oracle' that provides answers...
bert hubert [Fri, 27 Nov 2015 10:32:02 +0000 (11:32 +0100)]
split out validation bits from toysdig, move to an 'Oracle' that provides answers. Next step: make SyncRes that Oracle in the recursor

8 years agoFix remotebackend for loops
Aki Tuomi [Fri, 27 Nov 2015 09:21:14 +0000 (11:21 +0200)]
Fix remotebackend for loops

8 years agoUpdate test suite
Aki Tuomi [Fri, 27 Nov 2015 10:27:21 +0000 (12:27 +0200)]
Update test suite

8 years agoDo not reset gl->netmask to 0
Aki Tuomi [Fri, 27 Nov 2015 10:27:02 +0000 (12:27 +0200)]
Do not reset gl->netmask to 0

8 years agoDo not cache unknown responses
Aki Tuomi [Fri, 27 Nov 2015 10:26:46 +0000 (12:26 +0200)]
Do not cache unknown responses

8 years agoSupport content interpolation
Aki Tuomi [Fri, 27 Nov 2015 10:25:57 +0000 (12:25 +0200)]
Support content interpolation

8 years agoAdd configure options to build dnsdist with various sanitizers.
Remi Gacogne [Fri, 27 Nov 2015 10:13:06 +0000 (11:13 +0100)]
Add configure options to build dnsdist with various sanitizers.

It makes it really easy to enable ASAN, LSAN, MSAN, TSAN, or
USBSAN on a custom build, to track issues.

8 years agoTurn on EDNS subnet processing
Aki Tuomi [Fri, 27 Nov 2015 09:55:55 +0000 (11:55 +0200)]
Turn on EDNS subnet processing

8 years agoAdd interpolation test
Aki Tuomi [Fri, 27 Nov 2015 09:47:49 +0000 (11:47 +0200)]
Add interpolation test

8 years agoFix test suite name
Aki Tuomi [Fri, 27 Nov 2015 09:47:36 +0000 (11:47 +0200)]
Fix test suite name

8 years agoFix test suite name
Aki Tuomi [Fri, 27 Nov 2015 09:47:18 +0000 (11:47 +0200)]
Fix test suite name

8 years agoAdd interpolation test setup
Aki Tuomi [Fri, 27 Nov 2015 09:46:53 +0000 (11:46 +0200)]
Add interpolation test setup

8 years agoAdd interpolation support for content
Aki Tuomi [Fri, 27 Nov 2015 09:44:42 +0000 (11:44 +0200)]
Add interpolation support for content

8 years agomove everything to getMDP(), first step in abstracting to be able to talk to SyncRes too
bert hubert [Fri, 27 Nov 2015 09:34:11 +0000 (10:34 +0100)]
move everything to getMDP(), first step in abstracting to be able to talk to SyncRes too

8 years agoMerge branch 'master' into dprotect
bert hubert [Fri, 27 Nov 2015 08:52:37 +0000 (09:52 +0100)]
Merge branch 'master' into dprotect

8 years agothere was a BOOST_REVERSE_FOREACH!
bert hubert [Fri, 27 Nov 2015 07:12:05 +0000 (08:12 +0100)]
there was a BOOST_REVERSE_FOREACH!

8 years agothere was a BOOST_REVERSE_FOREACH!
bert hubert [Fri, 27 Nov 2015 07:12:05 +0000 (08:12 +0100)]
there was a BOOST_REVERSE_FOREACH!

8 years agoremove boost/foreach includes & autoconf bit
bert hubert [Thu, 26 Nov 2015 22:22:25 +0000 (23:22 +0100)]
remove boost/foreach includes & autoconf bit

8 years agofinal BOOST_FOREACH cleanup
bert hubert [Thu, 26 Nov 2015 22:04:33 +0000 (23:04 +0100)]
final BOOST_FOREACH cleanup

8 years agofurther for range cleanups
bert hubert [Thu, 26 Nov 2015 21:53:19 +0000 (22:53 +0100)]
further for range cleanups

8 years agoforeach fixup
bert hubert [Thu, 26 Nov 2015 21:49:17 +0000 (22:49 +0100)]
foreach fixup

8 years agosmall range for fixup
bert hubert [Thu, 26 Nov 2015 21:32:05 +0000 (22:32 +0100)]
small range for fixup

8 years agosome more simpe ones
bert hubert [Thu, 26 Nov 2015 19:30:45 +0000 (20:30 +0100)]
some more simpe ones

8 years agofurther straightforward cases
bert hubert [Thu, 26 Nov 2015 19:30:19 +0000 (20:30 +0100)]
further straightforward cases

8 years agoremove all the obviously translatable uses of BOOST_FOREACH
bert hubert [Thu, 26 Nov 2015 19:26:46 +0000 (20:26 +0100)]
remove all the obviously translatable uses of BOOST_FOREACH

8 years agoprevent a storm of string copies just for getting the minTTL of a packet
bert hubert [Thu, 26 Nov 2015 19:17:50 +0000 (20:17 +0100)]
prevent a storm of string copies just for getting the minTTL of a packet

8 years agoremove boost serialization which actually shaves seconds off ./configure and probably...
bert hubert [Thu, 26 Nov 2015 17:41:00 +0000 (18:41 +0100)]
remove boost serialization which actually shaves seconds off ./configure and probably more off our build times

8 years agoMerge pull request #2939 from rgacogne/dnsdist-truncated
bert hubert [Thu, 26 Nov 2015 17:22:46 +0000 (18:22 +0100)]
Merge pull request #2939 from rgacogne/dnsdist-truncated

Drop truncated UDP messages caused by a small buffer. Note: might be a good idea for rest of our products as well!

8 years agoMerge pull request #2941 from sid3windr/patch-2
Peter van Dijk [Thu, 26 Nov 2015 16:14:34 +0000 (17:14 +0100)]
Merge pull request #2941 from sid3windr/patch-2

Correct small typo in dns64 documentation

8 years agoMerge branch 'pcserial' from @ahupowerdns
Pieter Lexis [Thu, 26 Nov 2015 16:06:40 +0000 (17:06 +0100)]
Merge branch 'pcserial' from @ahupowerdns

8 years agoimprove filedescriptor requesting code so it requests more filedescriptors, plus...
bert hubert [Thu, 26 Nov 2015 14:26:39 +0000 (15:26 +0100)]
improve filedescriptor requesting code so it requests more filedescriptors, plus actually uses the number of launched threads in the calculation... Potentially relevant for 3.7.3 as well!

8 years agoEMFILE was (out of filedescriptors, too many open files) was reported as an error...
bert hubert [Thu, 26 Nov 2015 14:23:57 +0000 (15:23 +0100)]
EMFILE was (out of filedescriptors, too many open files) was reported as an error that could be blamed on the remote nameserver instead of on the OS, causing throttle actions.

8 years agoalso report fd usage in recursor
bert hubert [Thu, 26 Nov 2015 14:23:04 +0000 (15:23 +0100)]
also report fd usage in recursor

8 years agofix back the scopemask stuff we removed from the ueberbackend query cache
bert hubert [Thu, 26 Nov 2015 10:57:06 +0000 (11:57 +0100)]
fix back the scopemask stuff we removed from the ueberbackend query cache

8 years agomove dnsname to boost::container::string, remove horrible serialization from packetcache
bert hubert [Wed, 25 Nov 2015 21:07:53 +0000 (22:07 +0100)]
move dnsname to boost::container::string, remove horrible serialization from packetcache

8 years agoMerge pull request #2934 from cmouse/gdobc-stuff
Peter van Dijk [Thu, 26 Nov 2015 15:59:40 +0000 (16:59 +0100)]
Merge pull request #2934 from cmouse/gdobc-stuff

Fix gODBC for MSSQL - this corrects the breakage from #2929

8 years agonit
Peter van Dijk [Thu, 26 Nov 2015 15:57:57 +0000 (16:57 +0100)]
nit

8 years agoMerge pull request #2931 from pieterlexis/dnsdist-version
bert hubert [Thu, 26 Nov 2015 15:34:52 +0000 (16:34 +0100)]
Merge pull request #2931 from pieterlexis/dnsdist-version

small dnsdist enhancements

8 years agoMaurice Makaay spotted that dnsdist built-in-webserver URLs were needlessly absolute...
bert hubert [Thu, 26 Nov 2015 15:16:14 +0000 (16:16 +0100)]
Maurice Makaay spotted that dnsdist built-in-webserver URLs were needlessly absolute. They are relative now. Thanks!

8 years agoDrop truncated UDP messages caused by a small buffer.
Remi Gacogne [Thu, 26 Nov 2015 14:55:04 +0000 (15:55 +0100)]
Drop truncated UDP messages caused by a small buffer.

When we receive a message too large for our buffer, recvmsg() will
truncate the content to fit the buffer and set the MSG_TRUNC flag.
There is no point in trying to parse this message because we will
choke during the parsing anyway.

8 years agostop testing odbc/sqlite on travis as ubuntu trusty has broken versions of all the...
Peter van Dijk [Thu, 26 Nov 2015 14:52:48 +0000 (15:52 +0100)]
stop testing odbc/sqlite on travis as ubuntu trusty has broken versions of all the relevant libs

8 years agoMerge pull request #2935 from pieterlexis/comma-sep-arguments-consistent
bert hubert [Thu, 26 Nov 2015 14:21:34 +0000 (15:21 +0100)]
Merge pull request #2935 from pieterlexis/comma-sep-arguments-consistent

Allow the use of spaces to parse options

8 years agoAllow the use of spaces to parse options
Pieter Lexis [Thu, 26 Nov 2015 13:58:51 +0000 (14:58 +0100)]
Allow the use of spaces to parse options

8 years agoMerge pull request #2893 from yossigo/fix_missing_ipv6
Pieter Lexis [Thu, 26 Nov 2015 11:59:12 +0000 (12:59 +0100)]
Merge pull request #2893 from yossigo/fix_missing_ipv6

Gracefully handle cases where IPv6 (AF_INET6) is not supported.

8 years agoMerge pull request #2920 from stasic/patch-1
Pieter Lexis [Thu, 26 Nov 2015 11:56:37 +0000 (12:56 +0100)]
Merge pull request #2920 from stasic/patch-1

use the vars

8 years agoRetrieve data only once
Aki Tuomi [Thu, 26 Nov 2015 08:36:56 +0000 (10:36 +0200)]
Retrieve data only once

8 years agoFix example in the README.md
Pieter Lexis [Thu, 26 Nov 2015 08:54:27 +0000 (09:54 +0100)]
Fix example in the README.md

8 years agoRename the dnsdist history file to something less generic
Pieter Lexis [Wed, 25 Nov 2015 18:06:16 +0000 (19:06 +0100)]
Rename the dnsdist history file to something less generic

8 years agodnsdist: Add version number to startup message
Pieter Lexis [Wed, 25 Nov 2015 18:03:53 +0000 (19:03 +0100)]
dnsdist: Add version number to startup message

8 years agoAdd a bunch of new options to the dnsdist manpage
Pieter Lexis [Wed, 25 Nov 2015 17:31:28 +0000 (18:31 +0100)]
Add a bunch of new options to the dnsdist manpage

8 years agoAdd the final dnsdist executable to .gitignore
Pieter Lexis [Wed, 25 Nov 2015 16:43:29 +0000 (17:43 +0100)]
Add the final dnsdist executable to .gitignore

8 years agoAdd --version to dnsdist
Pieter Lexis [Wed, 25 Nov 2015 16:42:41 +0000 (17:42 +0100)]
Add --version to dnsdist

8 years agoadd setting edns-outgoing-bufsize for setting the default EDNS bufsize in recursor...
bert hubert [Thu, 26 Nov 2015 08:20:49 +0000 (09:20 +0100)]
add setting edns-outgoing-bufsize for setting the default EDNS bufsize in recursor for outgoing queries

8 years agoMerge pull request #2932 from ahupowerdns/fixmalloc
bert hubert [Thu, 26 Nov 2015 07:45:33 +0000 (08:45 +0100)]
Merge pull request #2932 from ahupowerdns/fixmalloc

get travis to merge us again

8 years agopotentially get travis to build us correctly again
bert hubert [Wed, 25 Nov 2015 18:15:15 +0000 (19:15 +0100)]
potentially get travis to build us correctly again

8 years agoadd ./configure --enable-malloc-trace which will cause powerdns recursor (for now...
bert hubert [Wed, 25 Nov 2015 14:11:45 +0000 (15:11 +0100)]
add ./configure --enable-malloc-trace which will cause powerdns recursor (for now) to trace malloc calls and report them as metrics.

8 years agoshave off 23 mallocs per cache miss
bert hubert [Wed, 25 Nov 2015 13:55:01 +0000 (14:55 +0100)]
shave off 23 mallocs per cache miss

8 years agoMerge pull request #2929 from cmouse/godbc-stuff
Peter van Dijk [Wed, 25 Nov 2015 08:11:21 +0000 (09:11 +0100)]
Merge pull request #2929 from cmouse/godbc-stuff

gODBC touches

8 years agoAdd godbc_sqlite3 to help
Aki Tuomi [Tue, 24 Nov 2015 13:52:24 +0000 (15:52 +0200)]
Add godbc_sqlite3 to help

8 years agoUse sizeof instead of magic number
Aki Tuomi [Tue, 24 Nov 2015 13:50:32 +0000 (15:50 +0200)]
Use sizeof instead of magic number

8 years agoUse 128k fetch buffer
Aki Tuomi [Tue, 24 Nov 2015 13:49:45 +0000 (15:49 +0200)]
Use 128k fetch buffer

8 years agoConsume variable length data in parts
Aki Tuomi [Tue, 24 Nov 2015 13:40:15 +0000 (15:40 +0200)]
Consume variable length data in parts

8 years agoNUL-safe select
Aki Tuomi [Tue, 24 Nov 2015 13:18:14 +0000 (15:18 +0200)]
NUL-safe select

8 years agoMerge pull request #2923 from pieterlexis/pipe-backend-fixes
Pieter Lexis [Tue, 24 Nov 2015 17:30:38 +0000 (18:30 +0100)]
Merge pull request #2923 from pieterlexis/pipe-backend-fixes

pipe: Correctly initialize the abi-version var