]>
granicus.if.org Git - pdns/log
Otto Moerbeek [Sun, 27 Oct 2019 07:35:39 +0000 (08:35 +0100)]
Merge pull request #8469 from omoerbeek/auth-illegal-to-invalid
Illegal -> Invalid
Remi Gacogne [Sat, 26 Oct 2019 21:44:06 +0000 (23:44 +0200)]
Merge pull request #8466 from rgacogne/ddist-add-prometheus-test
dnsdist: Add regression tests for our prometheus export
Remi Gacogne [Sat, 26 Oct 2019 21:43:47 +0000 (23:43 +0200)]
Merge pull request #8465 from rgacogne/ddist-prometheus-rename-frontend
dnsdist: Rename the 'address' label to 'frontend' for DoH metrics
Remi Gacogne [Sat, 26 Oct 2019 21:14:42 +0000 (23:14 +0200)]
Merge pull request #8471 from rgacogne/ddist-du-refcount-ids
dnsdist: Increment the DOHUnit ref count when it's set in the IDState
Remi Gacogne [Sat, 26 Oct 2019 16:47:49 +0000 (18:47 +0200)]
dnsdist: Fix a race condition in the DOHUnit reference counter
It was based on the reference counter used for the DOHAcceptContext
where thread safety was never an issue because those objects are
not shared between threads, but DOHUnit are.
Remi Gacogne [Fri, 25 Oct 2019 19:37:32 +0000 (21:37 +0200)]
dnsdist: Increment the DOHUnit ref count when it's set in the IDState
We need to increment the reference counter even before sending the
query to the backend, as soon as we copy a reference into the IDState.
Because:
- that makes sense anyway, we are storing a new copy ;
- otherwise, in the unlikely event where we reuse the IDState before
the query has been sent to the backend we might free the DOHUnit
before the reference counter has been incremented and cause a
double-free.
Otto Moerbeek [Fri, 25 Oct 2019 11:48:03 +0000 (13:48 +0200)]
Illegal -> Invalid
Remi Gacogne [Fri, 25 Oct 2019 09:54:24 +0000 (11:54 +0200)]
Merge pull request #8460 from rgacogne/ddist-140-rc4-changelog-secpoll
dnsdist: Add ChangeLog and secpoll update for 1.4.0-rc4
Otto Moerbeek [Fri, 25 Oct 2019 09:35:34 +0000 (11:35 +0200)]
Merge pull request #8468 from PowerDNS/omoerbeek-patch-1-1
Disable the other OOO test as well while investigating CircleCI speciā¦
Otto Moerbeek [Fri, 25 Oct 2019 09:34:56 +0000 (11:34 +0200)]
Disable the other OOO test as well while investigating CircleCI specific failures
Remi Gacogne [Fri, 25 Oct 2019 09:24:43 +0000 (11:24 +0200)]
dnsdist: Add regression tests for our prometheus export
Remi Gacogne [Fri, 25 Oct 2019 08:20:48 +0000 (10:20 +0200)]
dnsdist: Rename the 'address' label to 'frontend' for DoH metrics
Pieter Lexis [Fri, 25 Oct 2019 07:10:47 +0000 (09:10 +0200)]
Merge pull request #8352 from mnordhoff/chmod-chown-pdns.conf
auth: Ensure that pdns can read pdns.conf when upgrading from an older package
Pieter Lexis [Fri, 25 Oct 2019 07:08:51 +0000 (09:08 +0200)]
Merge pull request #8424 from Habbie/ixfrdist-fixes
Ixfrdist: handle reading of empty files gracefully
Pieter Lexis [Fri, 25 Oct 2019 07:07:37 +0000 (09:07 +0200)]
Merge pull request #8461 from rgacogne/changelog-from-pr-update
Small improvements to changelog-from-pr
Pieter Lexis [Fri, 25 Oct 2019 07:06:41 +0000 (09:06 +0200)]
Merge pull request #8463 from phonedph1/patch-17
rec: Update CentOS 6 init script
phonedph1 [Thu, 24 Oct 2019 19:05:09 +0000 (13:05 -0600)]
rec: Update CentOS 6 init script
Remi Gacogne [Thu, 24 Oct 2019 13:12:00 +0000 (15:12 +0200)]
dnsdist: Add missing ChangeLog entry for #8442
Remi Gacogne [Thu, 24 Oct 2019 12:50:36 +0000 (14:50 +0200)]
Merge pull request #8426 from Habbie/openssl-eddsa-bits
openssl eddsa signers: report correct key size
Remi Gacogne [Thu, 24 Oct 2019 12:44:36 +0000 (14:44 +0200)]
Merge pull request #8444 from Habbie/sdig-class
sdig: make query class selectable
Remi Gacogne [Thu, 24 Oct 2019 10:41:22 +0000 (12:41 +0200)]
changelog-from-pr: Add Otto to the list of team members
Remi Gacogne [Thu, 24 Oct 2019 10:40:42 +0000 (12:40 +0200)]
changelog-from-pr: Capitalize the first letter without lowercasing the rest
Remi Gacogne [Thu, 24 Oct 2019 10:39:39 +0000 (12:39 +0200)]
changelog-from-pr: Display the GH login if the user has not set a name
Remi Gacogne [Thu, 24 Oct 2019 10:36:06 +0000 (12:36 +0200)]
dnsdist: Add ChangeLog and secpoll update for 1.4.0-rc4
Remi Gacogne [Thu, 24 Oct 2019 09:41:42 +0000 (11:41 +0200)]
Merge pull request #8458 from rgacogne/ddist-cppcheck-clang-analyzer
dnsdist: Small changes suggested by cppcheck and clang's static analyzer
Remi Gacogne [Thu, 24 Oct 2019 08:41:49 +0000 (10:41 +0200)]
dnsdist: Check that the ClientState pointer is not nullptr
That makes clang's static analyzer happy.
Remi Gacogne [Thu, 24 Oct 2019 08:34:20 +0000 (10:34 +0200)]
dnsdist: Use qualified calls to virtual functions in the ctor
Otherwise cppcheck warns that virtual functions should not be called
from the constructor because dynamic binding is not used, and objects
may not have been fully constructed yet. In that case that's fine
because there is no derived classes, but let's make it explicit.
Remi Gacogne [Thu, 24 Oct 2019 08:33:56 +0000 (10:33 +0200)]
dnsdist: Initialize HTTPHeaderRule members in the ctor init list
Remi Gacogne [Thu, 24 Oct 2019 08:32:55 +0000 (10:32 +0200)]
LMDB: Initialize values in the init list to make cppcheck happy
Remi Gacogne [Wed, 23 Oct 2019 15:54:09 +0000 (17:54 +0200)]
Merge pull request #8442 from rgacogne/ddist-ssl-key-log-file
dnsdist: Add support dumping TLS keys via keyLogFile
Peter van Dijk [Wed, 23 Oct 2019 14:30:52 +0000 (16:30 +0200)]
sdig: make query class selectable
Otto Moerbeek [Wed, 23 Oct 2019 14:23:59 +0000 (16:23 +0200)]
Merge pull request #8455 from omoerbeek/rec-disable-ooo-test
Disable one OOO test that mysteriously fails on CircleCI so others
Otto Moerbeek [Wed, 23 Oct 2019 14:22:00 +0000 (14:22 +0000)]
Disable one OOO test that mysteriously fails on CircleCI so others
aren't bothered with it and I can debug this in a private branch.
Peter van Dijk [Wed, 23 Oct 2019 14:17:55 +0000 (16:17 +0200)]
use named constant instead of magic number
Remi Gacogne [Tue, 15 Oct 2019 15:30:12 +0000 (17:30 +0200)]
dnsdist: Add support dumping TLS keys via keyLogFile
This is similar to what various programs do when the SSLKEYLOGFILE
environment variable is set, and uses the format described in:
https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/Key_Log_Format
Remi Gacogne [Tue, 15 Oct 2019 14:43:43 +0000 (16:43 +0200)]
dnsdist: Move the DoH ticket keys logic into the DOHAcceptContext
Remi Gacogne [Wed, 23 Oct 2019 10:02:26 +0000 (12:02 +0200)]
Merge pull request #8416 from rgacogne/ddist-dohunit-refcount
dnsdist: Implement ref counting for the DOHUnit object
Remi Gacogne [Wed, 23 Oct 2019 10:01:54 +0000 (12:01 +0200)]
Merge pull request #8447 from rgacogne/ddist-tls-error-counters
dnsdist: Add metrics about TLS handshake failures for DoH and DoT
Otto Moerbeek [Wed, 23 Oct 2019 09:50:38 +0000 (11:50 +0200)]
Merge pull request #8451 from omoerbeek/auth-zonfile-generate
Basic validation of $GENERATE parameters
Otto Moerbeek [Wed, 23 Oct 2019 09:44:10 +0000 (11:44 +0200)]
Merge pull request #8391 from omoerbeek/rec-out-of-order
rec: Allow multiple simultaneous incoming TCP queries over a connection
Otto Moerbeek [Wed, 23 Oct 2019 08:50:33 +0000 (10:50 +0200)]
Basic validation of $GENERATE parameters
Otto Moerbeek [Wed, 23 Oct 2019 08:32:51 +0000 (08:32 +0000)]
Use two auths to avoid serialization problems, as suggested by Habbie
Otto Moerbeek [Wed, 23 Oct 2019 07:53:03 +0000 (09:53 +0200)]
Teask: more auth threads and prime the delay.example NS
Peter van Dijk [Tue, 22 Oct 2019 16:56:13 +0000 (18:56 +0200)]
Merge pull request #8434 from mind04/pdns-remove-mydns
auth: remove mydns backend
Remi Gacogne [Tue, 22 Oct 2019 15:24:26 +0000 (17:24 +0200)]
dnsdist: Fix missing 'thread' key on some prometheus labels
Remi Gacogne [Tue, 22 Oct 2019 15:16:53 +0000 (17:16 +0200)]
dnsdist: Add metrics about TLS handshake failures for DoH and DoT
Otto Moerbeek [Fri, 11 Oct 2019 11:38:50 +0000 (11:38 +0000)]
Tests, docs and validation of OOO setting.
Test required some framework work to allow for auths having
more than 1 thread.
Otto Moerbeek [Tue, 22 Oct 2019 14:42:00 +0000 (16:42 +0200)]
Merge pull request #8367 from pieterlexis/rfc8020
Implement RFC 8020 "NXDOMAIN: There Really Is Nothing Underneath"
Otto Moerbeek [Tue, 22 Oct 2019 05:51:01 +0000 (07:51 +0200)]
Merge pull request #8445 from Habbie/skip-useless-unbound-call
auth ds-at-apex-noerror test: do not run unbound-host
Peter van Dijk [Mon, 21 Oct 2019 22:41:31 +0000 (00:41 +0200)]
auth ds-at-apex-noerror test: do not run unbound-host
Pieter Lexis [Tue, 1 Oct 2019 10:25:58 +0000 (12:25 +0200)]
Implement RFC 8020
This commit implements the "NXDOMAIN: There Really Is Nothing Underneath".
When enabled (the default), the SyncRes will check the negative cache if
there exists a higher denied name and uses that data to send an NXDOMAIN
to the client. In essence, it is a more aggressive version of
root-nx-trust (which could be removed in the future).
There are several advantages:
* We potentially send fewer queries to the internet
* The record cache is not "polluted" with useless NXDOMAINs
Remi Gacogne [Sat, 19 Oct 2019 11:38:41 +0000 (13:38 +0200)]
Merge pull request #8437 from Habbie/dnsdist-doc-nits-1.4.0
dnsdist docs: fix versionadded formatting
Peter van Dijk [Fri, 18 Oct 2019 14:19:45 +0000 (16:19 +0200)]
Merge pull request #8433 from Habbie/dns64-ptr-cname
dns64: stop hiding PTR indirection
Peter van Dijk [Fri, 18 Oct 2019 11:59:41 +0000 (13:59 +0200)]
fix versionadded formatting
Peter van Dijk [Fri, 18 Oct 2019 10:31:55 +0000 (12:31 +0200)]
dns64: stop hiding PTR indirection
Peter van Dijk [Fri, 18 Oct 2019 10:23:32 +0000 (12:23 +0200)]
Merge pull request #8432 from mind04/pdns-oracle-leftovers
pdns: oracle leftovers
Pieter Lexis [Fri, 18 Oct 2019 09:26:00 +0000 (11:26 +0200)]
Merge pull request #8420 from pieterlexis/pdnsutil-algo-7
pdnsutil: add algo 7 to add-zone-key help
Kees Monshouwer [Thu, 17 Oct 2019 21:00:03 +0000 (23:00 +0200)]
pdns: oracle leftovers
Kees Monshouwer [Thu, 17 Oct 2019 20:29:02 +0000 (22:29 +0200)]
auth: remove mydns backend
Peter van Dijk [Thu, 17 Oct 2019 14:22:46 +0000 (16:22 +0200)]
Merge pull request #8429 from Habbie/ubuntu-eoan
add Ubuntu eoan builder target
Peter van Dijk [Thu, 17 Oct 2019 13:24:45 +0000 (15:24 +0200)]
remove goto
Peter van Dijk [Thu, 17 Oct 2019 13:24:34 +0000 (15:24 +0200)]
ixfrdist: handle zone write errors
Peter van Dijk [Thu, 17 Oct 2019 10:39:00 +0000 (12:39 +0200)]
ixfrdist: if zonefile is broken, remove and find another
Peter van Dijk [Thu, 17 Oct 2019 10:21:45 +0000 (12:21 +0200)]
add Ubuntu eoan builder target
Peter van Dijk [Wed, 16 Oct 2019 23:36:04 +0000 (01:36 +0200)]
openssl: report correct keysize for eddsa, fixes part one of #8278
Peter van Dijk [Wed, 16 Oct 2019 23:34:15 +0000 (01:34 +0200)]
pdnsutil test-algorithm(s): report key size
Peter van Dijk [Wed, 16 Oct 2019 22:47:14 +0000 (00:47 +0200)]
ignore unloadable files, causing a fresh zone retrieve
Peter van Dijk [Wed, 16 Oct 2019 22:37:59 +0000 (00:37 +0200)]
singular function name for singular functionality
Pieter Lexis [Wed, 16 Oct 2019 11:32:31 +0000 (13:32 +0200)]
Merge pull request #8400 from pieterlexis/centos-8-pkgs
Add CentOS 8 as builder target
Pieter Lexis [Wed, 16 Oct 2019 11:32:03 +0000 (13:32 +0200)]
Merge pull request #8325 from pieterlexis/disabled-in-api
auth API: make disabled optional for Record
Remi Gacogne [Tue, 15 Oct 2019 20:52:16 +0000 (22:52 +0200)]
Merge pull request #8421 from rgacogne/ddist-fix-merge-rotation-delay
dnsdist: Fix merge issue (d_ticketsKeyRotationDelay)
Pieter Lexis [Tue, 15 Oct 2019 18:14:30 +0000 (20:14 +0200)]
pdnsutil: add algo 7 to add-zone-key help
Remi Gacogne [Tue, 15 Oct 2019 18:14:11 +0000 (20:14 +0200)]
dnsdist: Fix merge issue (d_ticketsKeyRotationDelay)
d_ticketsKeyRotationDelay is now in the TLSConfig object.
Remi Gacogne [Tue, 15 Oct 2019 12:49:44 +0000 (14:49 +0200)]
Merge pull request #8411 from rgacogne/dnsdist-better-log-action
dnsdist: Add more options to LogAction (non-verbose mode, timestamps)
Remi Gacogne [Tue, 15 Oct 2019 12:47:38 +0000 (14:47 +0200)]
Merge pull request #8383 from rgacogne/ddist-merge-doh-dot-contexts
dnsdist: Merge the setup of TLS contexts in Doh and DoT
Remi Gacogne [Tue, 15 Oct 2019 12:42:29 +0000 (14:42 +0200)]
Merge pull request #8408 from rgacogne/ddist-buffer-size-cache
dnsdist: Fix the caching of large entries
Remi Gacogne [Tue, 15 Oct 2019 10:21:38 +0000 (12:21 +0200)]
Merge pull request #8417 from rgacogne/auth-dist-unit2.test
Add regression-tests/zones/unit2.test to EXTRA_DIST
Remi Gacogne [Tue, 15 Oct 2019 08:13:37 +0000 (10:13 +0200)]
Add regression-tests/zones/unit2.test to EXTRA_DIST
Otherwise the unit tests fail.
Remi Gacogne [Fri, 11 Oct 2019 14:44:25 +0000 (16:44 +0200)]
dnsdist: Use std::max() to compute the size of the incoming buffer
Remi Gacogne [Fri, 11 Oct 2019 12:57:45 +0000 (14:57 +0200)]
dnsdist: Add regression tests for the caching of large answers
Remi Gacogne [Fri, 11 Oct 2019 12:52:08 +0000 (14:52 +0200)]
dnsdist: Don't cache entries larger than 4096 bytes
We won't be able to use them anyway.
Remi Gacogne [Fri, 11 Oct 2019 12:51:11 +0000 (14:51 +0200)]
dnsdist: Always allocate at least 4096 bytes for the cached response
Remi Gacogne [Thu, 10 Oct 2019 15:44:43 +0000 (17:44 +0200)]
dnsdist: Advertise the size really available in the query buffer
We use to advertise s_udpIncomingBufferSize (1500) but the buffer
is really 4096 bytes long. This allows much larger responses from
to be returned from the cache.
Remi Gacogne [Tue, 15 Oct 2019 08:04:49 +0000 (10:04 +0200)]
Merge pull request #8415 from rgacogne/ddist-tcp-stats-format
dnsdist: Fix formatting in showTCPStats()
Remi Gacogne [Mon, 14 Oct 2019 14:18:46 +0000 (16:18 +0200)]
dnsdist: Implement ref counting for the DOHUnit object
It turns out that, at least when testing with ASAN enabled, we
sometimes trigger use-after-free detection because we get the
response from the backend, send it to the client then delete the
object before the send() call to the backend even returned.
Remi Gacogne [Mon, 14 Oct 2019 14:02:44 +0000 (16:02 +0200)]
dnsdist: Fix formatting in showTCPStats()
Remi Gacogne [Mon, 14 Oct 2019 13:39:59 +0000 (15:39 +0200)]
Merge pull request #8413 from rgacogne/cmsg_space_osx
Work around CMSG_SPACE somehow not being a constexpr on macOS
Otto Moerbeek [Mon, 14 Oct 2019 11:09:47 +0000 (13:09 +0200)]
Merge pull request #8414 from omoerbeek/test-zoneparse-more-modern
test-zoneparser_tng: more modern C++ idiom
Remi Gacogne [Mon, 14 Oct 2019 08:21:20 +0000 (10:21 +0200)]
Work around CMSG_SPACE somehow not being a constexpr on macOS
Otto Moerbeek [Mon, 14 Oct 2019 07:06:35 +0000 (09:06 +0200)]
More modern C++ idiom
Remi Gacogne [Sat, 12 Oct 2019 13:25:17 +0000 (15:25 +0200)]
Merge pull request #8372 from rgacogne/ddist-vrf-itf
dnsdist: Use SO_BINDTODEVICE when available for newServer's source itf
Remi Gacogne [Sat, 12 Oct 2019 13:23:47 +0000 (15:23 +0200)]
Merge pull request #8409 from rgacogne/ddist-prometheus-descriptions-pool
dnsdist: Add missing prometheus descriptions for cache-related metrics
Remi Gacogne [Fri, 11 Oct 2019 15:16:37 +0000 (17:16 +0200)]
dnsdist: Add more options to LogAction (non-verbose mode, timestamps)
Remi Gacogne [Fri, 11 Oct 2019 14:38:51 +0000 (16:38 +0200)]
Merge pull request #8410 from franklouwers/doc/setQueryRate-fix
Fix typo in setQueryRate docs
Remi Gacogne [Fri, 11 Oct 2019 14:26:51 +0000 (16:26 +0200)]
dnsdist: Don't call SO_BINDTODEVICE with an empty interface name
Remi Gacogne [Fri, 11 Oct 2019 14:12:54 +0000 (16:12 +0200)]
dnsdist: Fix indentation in newServer()
Frank Louwers [Fri, 11 Oct 2019 14:10:08 +0000 (16:10 +0200)]
Clarify comment
Frank Louwers [Fri, 11 Oct 2019 14:00:31 +0000 (16:00 +0200)]
Fix typo in setQueryRate docs
Remi Gacogne [Fri, 11 Oct 2019 13:24:55 +0000 (15:24 +0200)]
dnsdist: Add missing prometheus descriptions for cache-related metrics
Remi Gacogne [Fri, 11 Oct 2019 13:16:16 +0000 (15:16 +0200)]
Merge pull request #8406 from rgacogne/ddist-tls-ticket-key-stats
dnsdist: Add metrics about unknown/inactive TLS ticket keys