]> granicus.if.org Git - pdns/log
pdns
7 years agoAdd Authoritative Server 4.0.5 changelog
Pieter Lexis [Fri, 3 Nov 2017 15:18:19 +0000 (16:18 +0100)]
Add Authoritative Server 4.0.5 changelog

7 years agoMerge pull request #5978 from rgacogne/rec-negcache-referral-to-unsigned
Remi Gacogne [Wed, 22 Nov 2017 11:02:17 +0000 (12:02 +0100)]
Merge pull request #5978 from rgacogne/rec-negcache-referral-to-unsigned

rec: Fix DNSSEC validation of DS denial from the negative cache

7 years agoMerge pull request #5980 from rgacogne/rec-denial-validation-caching
aerique [Wed, 22 Nov 2017 10:11:01 +0000 (11:11 +0100)]
Merge pull request #5980 from rgacogne/rec-denial-validation-caching

rec: Cache Secure validation state when inserting negcache entries

7 years agoMerge pull request #5964 from pieterlexis/api-crypto-key-consistency
aerique [Wed, 22 Nov 2017 09:15:26 +0000 (10:15 +0100)]
Merge pull request #5964 from pieterlexis/api-crypto-key-consistency

API: Make the /cryptokeys endpoint consistently use CryptoKey objects

7 years agoMerge pull request #5976 from Habbie/soa-unsetdnsname
aerique [Wed, 22 Nov 2017 08:34:39 +0000 (09:34 +0100)]
Merge pull request #5976 from Habbie/soa-unsetdnsname

report remote IP when SOA query comes back with empty question section

7 years agoMerge pull request #5954 from pieterlexis/cherry-pick-script
Pieter Lexis [Tue, 21 Nov 2017 16:31:42 +0000 (17:31 +0100)]
Merge pull request #5954 from pieterlexis/cherry-pick-script

Add two scripts: one to backport PRs and one to generate changelogs

7 years agoMerge pull request #5972 from rgacogne/rec-dump-neg-status
Pieter Lexis [Tue, 21 Nov 2017 16:31:21 +0000 (17:31 +0100)]
Merge pull request #5972 from rgacogne/rec-dump-neg-status

rec: Dump the validation status of negcache entries, fix DNSSEC type

7 years agoMerge pull request #5968 from pieterlexis/api-rectify-transaction
Pieter Lexis [Tue, 21 Nov 2017 16:30:34 +0000 (17:30 +0100)]
Merge pull request #5968 from pieterlexis/api-rectify-transaction

Fix hang when PATCHing zone during rectify

7 years agoMerge pull request #5958 from pieterlexis/centos-7-ship-dnsdist-multi-instance
Pieter Lexis [Tue, 21 Nov 2017 16:29:32 +0000 (17:29 +0100)]
Merge pull request #5958 from pieterlexis/centos-7-ship-dnsdist-multi-instance

Packages: Ship dnsdist multi-instance files

7 years agorec: Cache Secure validation state when inserting negcache entries
Remi Gacogne [Tue, 21 Nov 2017 09:42:43 +0000 (10:42 +0100)]
rec: Cache Secure validation state when inserting negcache entries

Fix a bug that prevented Secure negative cache entries to be marked
as such when they were first inserted, marking them as Indeterminate
instead. This would require us to validate them a second time for no
valid reason.

7 years agorec: Fix DNSSEC validation of DS denial from the negative cache
Remi Gacogne [Mon, 20 Nov 2017 17:12:48 +0000 (18:12 +0100)]
rec: Fix DNSSEC validation of DS denial from the negative cache

There is two reasons you can get a proper DS denial:
* Secure to insecure cut, and if we are getting a referral with a
DS denial, we know that we have to check that the NS bit is set
as described in section 8.9 of rfc5155
* No zone cut inside a secure zone, and then of course the NS is
not set

When we retrieve the DS denial from the negative cache with a
validation status of Indeterminate, most likely because validation
was not enabled during the query that landed it in the cache, we
don't have enough data to know which case we are looking at, so
let's just skip the NS check.

7 years agoreport remote IP when SOA query comes back with empty question section
Peter van Dijk [Mon, 20 Nov 2017 13:32:23 +0000 (14:32 +0100)]
report remote IP when SOA query comes back with empty question section

this improves the #5974 situation a bit

7 years agoMerge pull request #5971 from rgacogne/rec-getdsrecords-erased-it
bert hubert [Mon, 20 Nov 2017 11:23:45 +0000 (12:23 +0100)]
Merge pull request #5971 from rgacogne/rec-getdsrecords-erased-it

rec: Fix the use of a deleted iterator in SyncRes::getDSRecords()

7 years agorec: Fix the use of a deleted iterator in SyncRes::getDSRecords()
Remi Gacogne [Mon, 20 Nov 2017 10:01:48 +0000 (11:01 +0100)]
rec: Fix the use of a deleted iterator in SyncRes::getDSRecords()

7 years agorec: Update the negcache's unit tests (validation status, DNSSEC type)
Remi Gacogne [Mon, 20 Nov 2017 08:56:34 +0000 (09:56 +0100)]
rec: Update the negcache's unit tests (validation status, DNSSEC type)

7 years agorec: Dump the correct NSEC record type for negative cache entries
Remi Gacogne [Mon, 20 Nov 2017 08:55:50 +0000 (09:55 +0100)]
rec: Dump the correct NSEC record type for negative cache entries

7 years agorec: Add the validation status when dumping the negative cache
Remi Gacogne [Sun, 19 Nov 2017 19:22:47 +0000 (20:22 +0100)]
rec: Add the validation status when dumping the negative cache

7 years agoMerge pull request #5969 from giganteous/rec-correct-documentation-typo
bert hubert [Fri, 17 Nov 2017 16:09:54 +0000 (17:09 +0100)]
Merge pull request #5969 from giganteous/rec-correct-documentation-typo

Fix reference to the wrong product

7 years agoFix reference to the wrong product
Kai Storbeck [Fri, 17 Nov 2017 16:04:37 +0000 (17:04 +0100)]
Fix reference to the wrong product

7 years agoMerge pull request #5965 from aerique:feature/update-rec-4.1.0-rc3-changelog rec-4.1.0-rc3
aerique [Fri, 17 Nov 2017 13:05:40 +0000 (14:05 +0100)]
Merge pull request #5965 from aerique:feature/update-rec-4.1.0-rc3-changelog

Update ChangeLog and secpoll for rec-4.1.0-rc3.

7 years agoFix hang when PATCHing zone during rectify
Pieter Lexis [Fri, 17 Nov 2017 12:20:52 +0000 (13:20 +0100)]
Fix hang when PATCHing zone during rectify

Before, we would spawn a new UeberBackend in the DNSSECKeeper, but there
was already a transaction going on, so the rectify would never finish,
as rectifyZone would not return.

7 years agoMerge pull request #5961 from jake2184/master
aerique [Fri, 17 Nov 2017 11:27:31 +0000 (12:27 +0100)]
Merge pull request #5961 from jake2184/master

Edit configname definition to include the 'config-name' argument

7 years agoSupport csk in the cryptokey endpoint
Pieter Lexis [Thu, 16 Nov 2017 16:43:13 +0000 (17:43 +0100)]
Support csk in the cryptokey endpoint

7 years agoCompare algorithm mnemonics case insensitive
Pieter Lexis [Thu, 16 Nov 2017 16:41:40 +0000 (17:41 +0100)]
Compare algorithm mnemonics case insensitive

7 years agoMap DNSSEC algo-numbers and names 1:1
Pieter Lexis [Thu, 16 Nov 2017 15:05:50 +0000 (16:05 +0100)]
Map DNSSEC algo-numbers and names 1:1

7 years agoAPI: Make the /cryptokeys endpoint use CryptoKey objects
Pieter Lexis [Thu, 16 Nov 2017 13:53:47 +0000 (14:53 +0100)]
API: Make the /cryptokeys endpoint use CryptoKey objects

Add bits and algorithm to the CryptoKey object

7 years agoMerge pull request #5955 from Habbie/macos-build
bert hubert [Thu, 16 Nov 2017 16:13:02 +0000 (17:13 +0100)]
Merge pull request #5955 from Habbie/macos-build

macOS build fixes

7 years agoMerge pull request #5963 from aerique/bugfix/remove-5938-from-auth-docs auth-4.1.0-rc3
aerique [Thu, 16 Nov 2017 13:01:58 +0000 (14:01 +0100)]
Merge pull request #5963 from aerique/bugfix/remove-5938-from-auth-docs

Remove #5938 from auth-4.1.0-rc3 ChangeLog.

7 years agoRemove #5938 from auth-4.1.0-rc3 ChangeLog.
Erik Winkels [Thu, 16 Nov 2017 12:43:18 +0000 (13:43 +0100)]
Remove #5938 from auth-4.1.0-rc3 ChangeLog.

It was accidentally labeled as "auth" but was only for "rec".

7 years agoMerge pull request #5962 from aerique:feature/update-auth-4.1.0-rc3-changelog
aerique [Thu, 16 Nov 2017 12:36:22 +0000 (13:36 +0100)]
Merge pull request #5962 from aerique:feature/update-auth-4.1.0-rc3-changelog

Update ChangeLog and secpoll for auth-4.1.0-rc3.

7 years agoMerge pull request #5936 from pieterlexis/api-allow-deactivate-dnssec
aerique [Thu, 16 Nov 2017 11:49:44 +0000 (12:49 +0100)]
Merge pull request #5936 from pieterlexis/api-allow-deactivate-dnssec

API: Allow disabling DNSSEC

7 years agoMerge pull request #5933 from pieterlexis/issue-5931-tsig-crash
aerique [Thu, 16 Nov 2017 10:24:54 +0000 (11:24 +0100)]
Merge pull request #5933 from pieterlexis/issue-5931-tsig-crash

Check return value for all getTSIGKey calls

7 years agoMerge pull request #5943 from pieterlexis/pdnsutil-man-missing-command
Pieter Lexis [Thu, 16 Nov 2017 10:13:07 +0000 (11:13 +0100)]
Merge pull request #5943 from pieterlexis/pdnsutil-man-missing-command

document missing pdnsutil list-tsig-key command

7 years agoMerge pull request #5949 from rgacogne/auth-5948
aerique [Thu, 16 Nov 2017 09:17:10 +0000 (10:17 +0100)]
Merge pull request #5949 from rgacogne/auth-5948

auth: Don't complain that glues are occluded by a delegation

7 years agoEdit configname to include the 'config-name' argument
Jake Reynolds [Wed, 15 Nov 2017 14:59:43 +0000 (14:59 +0000)]
Edit configname to include the 'config-name' argument

7 years agodnsdist: Ship multiple unit files in RPM
Pieter Lexis [Tue, 14 Nov 2017 11:42:36 +0000 (12:42 +0100)]
dnsdist: Ship multiple unit files in RPM

And run dnsdist as an unprivileged user.

7 years agodnsdist: Ship multiple unit files for debian
Pieter Lexis [Tue, 14 Nov 2017 11:39:49 +0000 (12:39 +0100)]
dnsdist: Ship multiple unit files for debian

7 years agodocument libcrypto usage for recent macOS
Peter van Dijk [Tue, 14 Nov 2017 09:18:10 +0000 (10:18 +0100)]
document libcrypto usage for recent macOS

7 years agorecent Apple Xcode headers need this
Peter van Dijk [Tue, 14 Nov 2017 09:17:58 +0000 (10:17 +0100)]
recent Apple Xcode headers need this

reference: https://github.com/arvidn/libtorrent/issues/2364#issuecomment-336175406

7 years agoAdd script to generate changelogs
Pieter Lexis [Tue, 14 Nov 2017 08:32:40 +0000 (09:32 +0100)]
Add script to generate changelogs

7 years agoauth: Don't complain that glues are occluded by a delegation
Remi Gacogne [Mon, 13 Nov 2017 11:42:22 +0000 (12:42 +0100)]
auth: Don't complain that glues are occluded by a delegation

7 years agodocument missing pdnsutil list-tsig-key command
Pieter Lexis [Fri, 10 Nov 2017 15:48:35 +0000 (16:48 +0100)]
document missing pdnsutil list-tsig-key command

7 years agoMerge pull request #5935 from pieterlexis/no-metadata-on-non-existent-zone
Pieter Lexis [Fri, 10 Nov 2017 13:03:11 +0000 (14:03 +0100)]
Merge pull request #5935 from pieterlexis/no-metadata-on-non-existent-zone

API: Throw exception in metadata endpoint w/ wrong zone

7 years agoMerge pull request #5941 from jpmens/patch-8
Pieter Lexis [Fri, 10 Nov 2017 13:01:38 +0000 (14:01 +0100)]
Merge pull request #5941 from jpmens/patch-8

mention API key required for access

7 years agomention API key required for access
JP Mens [Fri, 10 Nov 2017 12:54:35 +0000 (13:54 +0100)]
mention API key required for access

7 years agoCheck return of getTSIGKey and B64Decode in the Slave Communicator
Pieter Lexis [Thu, 9 Nov 2017 11:01:32 +0000 (12:01 +0100)]
Check return of getTSIGKey and B64Decode in the Slave Communicator

7 years agoCheck return of getTSIGKey and B64Decode in the TCPReceiver
Pieter Lexis [Thu, 9 Nov 2017 10:24:36 +0000 (11:24 +0100)]
Check return of getTSIGKey and B64Decode in the TCPReceiver

7 years agoCheck return value of getTSIGKey and B64Decode
Pieter Lexis [Thu, 9 Nov 2017 10:09:32 +0000 (11:09 +0100)]
Check return value of getTSIGKey and B64Decode

This would lead to crashes if the TSIG key was referenced in
TSIG-ALLOW-FROM but the key was not in the tsigkeys table.

Closes #5931

7 years agoMerge pull request #5937 from rgacogne/rec-self-resolving-ns
bert hubert [Fri, 10 Nov 2017 11:39:42 +0000 (12:39 +0100)]
Merge pull request #5937 from rgacogne/rec-self-resolving-ns

rec: Allow the use of a 'self-resolving' NS if cached A/AAAA exists

7 years agoMerge pull request #5939 from rgacogne/rec-forward-rd-cname
bert hubert [Fri, 10 Nov 2017 09:33:00 +0000 (10:33 +0100)]
Merge pull request #5939 from rgacogne/rec-forward-rd-cname

rec: Only accept types not matching the query if we asked for ANY

7 years agoMerge pull request #5938 from rgacogne/rec-zero-threads
bert hubert [Fri, 10 Nov 2017 09:31:15 +0000 (10:31 +0100)]
Merge pull request #5938 from rgacogne/rec-zero-threads

rec: Don't crash when asked to run with zero threads

7 years agorec: Only accept types not matching the query if we asked for ANY
Remi Gacogne [Thu, 9 Nov 2017 16:16:04 +0000 (17:16 +0100)]
rec: Only accept types not matching the query if we asked for ANY

Even from forward-recurse servers.

7 years agoAPI: Allow disabling DNSSEC
Pieter Lexis [Thu, 9 Nov 2017 15:56:30 +0000 (16:56 +0100)]
API: Allow disabling DNSSEC

Closes #5909
Closes #5910

7 years agorec: Allow the use of a 'self-resolving' NS if cached A/AAAA exists
Remi Gacogne [Thu, 9 Nov 2017 15:31:11 +0000 (16:31 +0100)]
rec: Allow the use of a 'self-resolving' NS if cached A/AAAA exists

We just have to take care not to try to contact that NS to learn
its own IP addresses, because that does not make sense.
Before this, we could skip a perfectly valid NS for which we had
retrieved the A and/or AAAA entries, for example via a glue.
Also get rid of a flawed calculation based on whether IPv6 was
enabled whereas we were only dealing with NS at this point.

7 years agoMerge pull request #5879 from pieterlexis/issue-3059-check-zone-warn-eclipse
Pieter Lexis [Thu, 9 Nov 2017 15:04:27 +0000 (16:04 +0100)]
Merge pull request #5879 from pieterlexis/issue-3059-check-zone-warn-eclipse

pdnsutil: Warn if records in a zone are eclipsed

7 years agoMerge pull request #5924 from rgacogne/rec-cname-cache-validation
Pieter Lexis [Thu, 9 Nov 2017 15:04:13 +0000 (16:04 +0100)]
Merge pull request #5924 from rgacogne/rec-cname-cache-validation

rec: Add unit tests for DNSSEC validation of cached CNAME answers

7 years agoMerge pull request #5925 from wojas/recursor-cleanup-webui
Pieter Lexis [Thu, 9 Nov 2017 15:04:00 +0000 (16:04 +0100)]
Merge pull request #5925 from wojas/recursor-cleanup-webui

rec: cleanup web UI

7 years agoMerge pull request #5928 from rgacogne/auth-rectify-log-5903
Pieter Lexis [Thu, 9 Nov 2017 15:03:44 +0000 (16:03 +0100)]
Merge pull request #5928 from rgacogne/auth-rectify-log-5903

auth: Add back missing output details to rectifyZone

7 years agoAPI: Throw exception in metadata endpoint w/ wrong zone
Pieter Lexis [Thu, 9 Nov 2017 13:53:00 +0000 (14:53 +0100)]
API: Throw exception in metadata endpoint w/ wrong zone

Before, We would happily accept this POST

7 years agoMerge pull request #5883 from pieterlexis/issue-5853-pdnsutil-clobber-metadata
Peter van Dijk [Thu, 9 Nov 2017 10:46:21 +0000 (11:46 +0100)]
Merge pull request #5883 from pieterlexis/issue-5853-pdnsutil-clobber-metadata

pdnsutil: Add add-meta function

7 years agoMerge pull request #5930 from ahupowerdns/secpoll-order-agnostic
bert hubert [Wed, 8 Nov 2017 16:25:33 +0000 (17:25 +0100)]
Merge pull request #5930 from ahupowerdns/secpoll-order-agnostic

in the recursor secpoll code, we ASSumed the TXT record would be the first record

7 years agocatch all exceptions coming from secpoll, this was a regression of this PR
bert hubert [Wed, 8 Nov 2017 14:57:05 +0000 (15:57 +0100)]
catch all exceptions coming from secpoll, this was a regression of this PR

7 years agoin the recursor secpoll code, we ASSumed the TXT record would be the first record...
bert hubert [Wed, 8 Nov 2017 14:33:45 +0000 (15:33 +0100)]
in the recursor secpoll code, we ASSumed the TXT record would be the first record we received. Sometimes it was the RRSIG, leading to a silent error, and no secpoll check. Fixed the assumption, added an error.

7 years agoadd missing Debian security poll status
bert hubert [Wed, 8 Nov 2017 13:09:12 +0000 (14:09 +0100)]
add missing Debian security poll status

7 years agorec: Don't crash when asked to run with zero threads
Remi Gacogne [Wed, 8 Nov 2017 11:23:12 +0000 (12:23 +0100)]
rec: Don't crash when asked to run with zero threads

7 years agoauth: Add back missing output details to rectifyZone
Remi Gacogne [Wed, 8 Nov 2017 10:07:48 +0000 (11:07 +0100)]
auth: Add back missing output details to rectifyZone

7 years agoMerge pull request #5895 from rgacogne/rec-lua-validationstate
Remi Gacogne [Wed, 8 Nov 2017 08:56:25 +0000 (09:56 +0100)]
Merge pull request #5895 from rgacogne/rec-lua-validationstate

rec: Add the DNSSEC validation state to the DNSQuestion Lua object

7 years agoMerge pull request #5926 from zeha/apidocrrset
Pieter Lexis [Tue, 7 Nov 2017 21:37:43 +0000 (22:37 +0100)]
Merge pull request #5926 from zeha/apidocrrset

API docs: reduce RRSets/Records confusion

7 years agoMerge pull request #5917 from ahupowerdns/die-better
Pieter Lexis [Tue, 7 Nov 2017 20:30:25 +0000 (21:30 +0100)]
Merge pull request #5917 from ahupowerdns/die-better

use _exit() when we really really want to exit, for example after a fatal error

7 years agoMerge pull request #5921 from rgacogne/rec-secpoll-loop
Pieter Lexis [Tue, 7 Nov 2017 20:30:02 +0000 (21:30 +0100)]
Merge pull request #5921 from rgacogne/rec-secpoll-loop

rec: Don't retry security polling too often when it fails

7 years agoAdd script to cherry-pick PR commits for backports
Pieter Lexis [Tue, 7 Nov 2017 20:29:09 +0000 (21:29 +0100)]
Add script to cherry-pick PR commits for backports

7 years agoMerge pull request #5911 from job/improve_error_readability
Pieter Lexis [Tue, 7 Nov 2017 19:57:25 +0000 (20:57 +0100)]
Merge pull request #5911 from job/improve_error_readability

Add quotation chars to make erroneous end of line whitespace easier t…

7 years agoMerge pull request #5616 from rgacogne/nmt-cleanup-from-weakforced
Pieter Lexis [Tue, 7 Nov 2017 19:49:03 +0000 (20:49 +0100)]
Merge pull request #5616 from rgacogne/nmt-cleanup-from-weakforced

Better support for deleting entries in NetmaskTree and NetmaskGroup

7 years agoMerge pull request #5881 from rgacogne/rec-edns-truncated-servfail
Pieter Lexis [Tue, 7 Nov 2017 19:38:05 +0000 (20:38 +0100)]
Merge pull request #5881 from rgacogne/rec-edns-truncated-servfail

rec: Add EDNS to truncated, servfail answers

7 years agoMerge pull request #5914 from rgacogne/dnsdist-tee-tests
bert hubert [Tue, 7 Nov 2017 18:34:10 +0000 (19:34 +0100)]
Merge pull request #5914 from rgacogne/dnsdist-tee-tests

dnsdist: Add regression tests for TeeAction

7 years agoAPI docs: fix old field reference
Chris Hofstaedtler [Tue, 7 Nov 2017 15:21:19 +0000 (16:21 +0100)]
API docs: fix old field reference

7 years agoAPI docs: rename Record -> RREntry to avoid confusion
Chris Hofstaedtler [Tue, 7 Nov 2017 15:20:59 +0000 (16:20 +0100)]
API docs: rename Record -> RREntry to avoid confusion

7 years agorec: cleanup web UI
Konrad Wojas [Tue, 7 Nov 2017 14:50:21 +0000 (22:50 +0800)]
rec: cleanup web UI

- Switch to Handlebars templating
- Slightly cleaner look
- Slightly cleaner and more mobile friendly HTML

7 years agorec: Add unit tests for DNSSEC validation of cached CNAME answers
Remi Gacogne [Tue, 7 Nov 2017 14:49:49 +0000 (15:49 +0100)]
rec: Add unit tests for DNSSEC validation of cached CNAME answers

7 years agorec: reformat web UI code
Konrad Wojas [Tue, 7 Nov 2017 14:41:13 +0000 (22:41 +0800)]
rec: reformat web UI code

Reformat web UI code before refactoring.

7 years agorec: Don't retry security polling too often when it fails
Remi Gacogne [Tue, 7 Nov 2017 10:40:30 +0000 (11:40 +0100)]
rec: Don't retry security polling too often when it fails

7 years agoMerge pull request #5912 from rgacogne/rec-too-many-nsec3-iterations
Pieter Lexis [Tue, 7 Nov 2017 09:34:09 +0000 (10:34 +0100)]
Merge pull request #5912 from rgacogne/rec-too-many-nsec3-iterations

rec: Fix going Insecure on NSEC3 hashes with too many iterations

7 years agoMerge pull request #5904 from rgacogne/rec-validate-cached-insecure
Pieter Lexis [Tue, 7 Nov 2017 09:33:51 +0000 (10:33 +0100)]
Merge pull request #5904 from rgacogne/rec-validate-cached-insecure

rec: Fix incomplete validation of cached entries

7 years agoMerge pull request #5919 from jpmens/patch-9
Pieter Lexis [Tue, 7 Nov 2017 09:28:15 +0000 (10:28 +0100)]
Merge pull request #5919 from jpmens/patch-9

typo

7 years agoUpdate index.rst
JP Mens [Tue, 7 Nov 2017 09:27:29 +0000 (10:27 +0100)]
Update index.rst

7 years agoMerge pull request #5918 from jpmens/patch-8
Pieter Lexis [Tue, 7 Nov 2017 09:25:05 +0000 (10:25 +0100)]
Merge pull request #5918 from jpmens/patch-8

typo

7 years agotypo
JP Mens [Tue, 7 Nov 2017 09:24:10 +0000 (10:24 +0100)]
typo

7 years agoand two exits() should really be _exit() in distributor.hh too (fixed the other ones...
bert hubert [Tue, 7 Nov 2017 08:50:35 +0000 (09:50 +0100)]
and two exits() should really be _exit() in distributor.hh too (fixed the other ones too for good measure)

7 years agouse _exit() when we really really want to exit, for example after a fatal error....
bert hubert [Tue, 7 Nov 2017 08:21:30 +0000 (09:21 +0100)]
use _exit() when we really really want to exit, for example after a fatal error. Stops is dying while we die.

7 years agodnsdist: Add regression tests for TeeAction
Remi Gacogne [Mon, 6 Nov 2017 16:24:26 +0000 (17:24 +0100)]
dnsdist: Add regression tests for TeeAction

7 years agoMerge pull request #5884 from pieterlexis/issue-5849-pdnsutil-generate-tsig-key-issues
Pieter Lexis [Mon, 6 Nov 2017 15:34:55 +0000 (16:34 +0100)]
Merge pull request #5884 from pieterlexis/issue-5849-pdnsutil-generate-tsig-key-issues

pdnsutil: Fix messages created by generate-tsig-key

7 years agoMerge pull request #5885 from rgacogne/rec-nodata-nsec-wildcard
Pieter Lexis [Mon, 6 Nov 2017 15:34:29 +0000 (16:34 +0100)]
Merge pull request #5885 from rgacogne/rec-nodata-nsec-wildcard

rec: Split NODATA/NXDOMAIN NSEC wildcard denial proof of existence

7 years agoMerge pull request #5876 from ahupowerdns/dnssec-ttl-log-improv
Pieter Lexis [Mon, 6 Nov 2017 15:33:54 +0000 (16:33 +0100)]
Merge pull request #5876 from ahupowerdns/dnssec-ttl-log-improv

--trace logging with more details about trust anchors, plus ttl of auth data

7 years agoMerge pull request #5889 from pieterlexis/rec-41-prevent-downgrade
Pieter Lexis [Mon, 6 Nov 2017 15:33:31 +0000 (16:33 +0100)]
Merge pull request #5889 from pieterlexis/rec-41-prevent-downgrade

Prevent possible downgrade attacks in the recursor

7 years agoMerge pull request #5898 from pieterlexis/dnsdist-multi-instance
Pieter Lexis [Mon, 6 Nov 2017 15:32:27 +0000 (16:32 +0100)]
Merge pull request #5898 from pieterlexis/dnsdist-multi-instance

Add multi-instance unit file

7 years agoMerge pull request #5901 from mind04/retry-once
Pieter Lexis [Mon, 6 Nov 2017 15:32:03 +0000 (16:32 +0100)]
Merge pull request #5901 from mind04/retry-once

auth: retry once is not an error condition.

7 years agorec: Fix going Insecure on NSEC3 hashes with too many iterations
Remi Gacogne [Mon, 6 Nov 2017 11:27:04 +0000 (12:27 +0100)]
rec: Fix going Insecure on NSEC3 hashes with too many iterations

7 years agoAdd quotation chars to make erroneous end of line whitespace easier to spot
Job Snijders [Mon, 6 Nov 2017 10:57:53 +0000 (11:57 +0100)]
Add quotation chars to make erroneous end of line whitespace easier to spot

7 years agoMerge pull request #5905 from mind04/302
Remi Gacogne [Sat, 4 Nov 2017 12:06:04 +0000 (13:06 +0100)]
Merge pull request #5905 from mind04/302

auth: use 302 redirects in the webserver for ringbuffer reset or resize

7 years agoMerge pull request #5896 from rgacogne/rec-nsip-speed-purge-one
Remi Gacogne [Sat, 4 Nov 2017 12:03:50 +0000 (13:03 +0100)]
Merge pull request #5896 from rgacogne/rec-nsip-speed-purge-one

rec: Purge nsSpeeds entries even if we get less than 2 new entries