From c4bee46c0b1b9cdf4709afcfc0d3d0b9bf612e69 Mon Sep 17 00:00:00 2001 From: Bert Hubert Date: Fri, 14 Feb 2003 19:55:02 +0000 Subject: [PATCH] lots git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@151 d19b8d6e-7fed-0310-83ef-9ca221ded41b --- ChangeLog | 12 +++ TODO | 4 + configure.in | 4 +- debian/changelog | 6 ++ modules/ldapbackend/dns.ldif | 8 +- pdns/backends/bind/zoneparser2.cc | 4 +- pdns/communicator.cc | 2 +- pdns/docs/pdns.sgml | 166 +++++++++++++++++++++++++++--- pdns/misc.cc | 12 ++- pdns/resolver.cc | 1 - pdns/syncres.cc | 2 +- 11 files changed, 188 insertions(+), 33 deletions(-) diff --git a/ChangeLog b/ChangeLog index 7ac1e861e..a09b736eb 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,15 @@ +Changes since 2.9.6: + - implemented isMaster in bindbackend (we now react to notifies) + - added zoneId to mboxfw stuff - massive speedup + - $GENERATE off by one bug (Christian Laursen) + - Outgoing AXFR crashes with certain backends or frequent AXFRs + (thanks to ISP Services for testing this in production) + - GODBC + - LDAP + - possible issue resolved with case differences in domain names and incoming AXFR + - now also accept 'in' as 'IN' (noted by Joris Vandalon) + - $include fixed, sometimes lost a " or the last character (noted by Joris Vandalon) + Changes since 2.9.4: - heap of work in shortening dnspacket.cc (factor out common operations) - work on recursor diff --git a/TODO b/TODO index 44f08d7ce..6274ab99f 100644 --- a/TODO +++ b/TODO @@ -1,4 +1,8 @@ +* new zone is AXFRed, written to disk succesfully + probably? unsure +* the old SOA record remains in place + bugs: pdns.conf-dist contains old descriptions diff --git a/configure.in b/configure.in index 4e21df632..102d3be80 100644 --- a/configure.in +++ b/configure.in @@ -1,6 +1,6 @@ dnl intro AC_INIT(pdns/receiver.cc) -AM_INIT_AUTOMAKE(pdns, 2.9.5) +AM_INIT_AUTOMAKE(pdns, 2.9.6) AC_CANONICAL_HOST AM_CONFIG_HEADER(config.h) AC_C_BIGENDIAN @@ -340,4 +340,4 @@ modules/mysqlbackend/Makefile modules/pdnsbackend/Makefile \ modules/gmysqlbackend/Makefile modules/db2backend/Makefile \ modules/pipebackend/Makefile modules/oraclebackend/Makefile \ modules/xdbbackend/Makefile modules/odbcbackend/Makefile \ -modules/gpgsqlbackend/Makefile ) +modules/gpgsqlbackend/Makefile modules/ldapbackend/Makefile ) diff --git a/debian/changelog b/debian/changelog index 9a887f242..7426ea940 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,9 @@ +pdns (2.9.6-1) unstable; urgency=low + + * fill in the blanks + + -- Wichert Akkerman Fri, 14 Feb 2003 20:16:16 +0100 + pdns (2.9.5-1) unstable; urgency=low * fill in the blanks diff --git a/modules/ldapbackend/dns.ldif b/modules/ldapbackend/dns.ldif index 3889d3f5c..c5861a253 100644 --- a/modules/ldapbackend/dns.ldif +++ b/modules/ldapbackend/dns.ldif @@ -1,6 +1,6 @@ # zone related things including SOA, NS and MX records -dn: dc=snapcount +dn: dc=example objectclass: top objectclass: dnsdomain objectclass: domainrelatedobject @@ -14,7 +14,7 @@ associateddomain: example.dom # Simple record (mail.example.dom has address 172.168.0.2) -dn: dc=mail,dc=snapcount +dn: dc=mail,dc=example objectclass: top objectclass: dnsdomain objectclass: domainrelatedobject @@ -27,7 +27,7 @@ associateddomain: mail.example.dom # This is also applicable to all other records including "associateddomain" # but not for a CNAME record -dn: dc=server,dc=snapcount +dn: dc=server,dc=example objectclass: top objectclass: dnsdomain objectclass: domainrelatedobject @@ -40,7 +40,7 @@ associateddomain: server.example.dom # domain alias ({mail2,ns}.example.dom is CNAME for server.example.dom) # cnamerecord must only contain one entry -dn: dc=backup,dc=snapcount +dn: dc=backup,dc=example objectclass: top objectclass: dnsdomain objectclass: domainrelatedobject diff --git a/pdns/backends/bind/zoneparser2.cc b/pdns/backends/bind/zoneparser2.cc index a1b6fd2c7..11220e6b8 100644 --- a/pdns/backends/bind/zoneparser2.cc +++ b/pdns/backends/bind/zoneparser2.cc @@ -124,7 +124,7 @@ void ZoneParser::parse(const string &fname, const string &origin, vector d_lineno++; if(!line.find("$INCLUDE ") || !line.find("$include ")) { vector parts; - stringtok(parts,line," \t\n"); + stringtok(parts,line," \t\r\n"); if(parts.size()!=2) throw AhuException("Invalid $INCLUDE statement in zonefile '"+fname+"'"); @@ -258,7 +258,7 @@ bool ZoneParser::isType(const string &s) bool ZoneParser::isClass(const string &s) { - return (s=="IN" || s=="CH" || s=="HS"); + return (s=="IN" || s=="CH" || s=="HS" || s=="in" || s=="ch" || s=="hs"); } unsigned int ZoneParser::zoneNumber(const string &str) diff --git a/pdns/communicator.cc b/pdns/communicator.cc index b5d45d154..76ce2ff52 100644 --- a/pdns/communicator.cc +++ b/pdns/communicator.cc @@ -75,7 +75,7 @@ void CommunicatorClass::suck(const string &domain,const string &remote) first=false; } for(Resolver::res_t::iterator i=recs.begin();i!=recs.end();++i) { - if((i->qname.size()-toLower(i->qname).rfind(toLower(domain)))!=domain.size()) { // move this to endsOn FIXME XXX + if(!endsOn(i->qname, domain)) { L<qname<<"' during AXFR of zone '"<abortTransaction(); return; diff --git a/pdns/docs/pdns.sgml b/pdns/docs/pdns.sgml index 774bdbc2f..7cda7ff9d 100644 --- a/pdns/docs/pdns.sgml +++ b/pdns/docs/pdns.sgml @@ -11,7 +11,7 @@ - v2.1 $Date: 2003/02/10 11:09:09 $ + v2.1 $Date: 2003/02/14 19:55:02 $ @@ -81,6 +81,73 @@ Before proceeding, it is advised to check the release notes for your PDNS version, as specified in the name of the distribution file. + Version 2.9.6 + + Two new backends - Generic ODBC and LDAP. Furthermore, a few important bugs have been fixed which may have hampered sites seeing a lot of + outgoing zonetransfers. Additionally, the pdns recursor now has 'query throttling' which is pretty cool. In short this makes sure that PowerDNS + does not send out heaps of queries if a nameserver is unable to provide an answer. Many operators of authoritative setups are all too aware of + recursing nameservers that hammer them for zones they don't have, PowerDNS won't do that anymore now, no matter what clients request of it. + + + + + There is an unresolved issue with the BIND backend and 'overlapping' slave zones. So if you have 'example.com' and also have a separate + slave zone called 'external.example.com', things may go wrong badly. Thanks to Christian Laursen for working with us a lot in finding + this issue. We hope to resolve it soon. + + + + + + + BIND Backend now honours notifies, code to support this was accidentally left out. Thanks to Christian Laursen for noticing this. + + + + + Massive speedup for those of you using the slightly deprecated MBOXFW records. Thanks to Jorn of + ISP Services for helping and testing this improvement. + + + + + $GENERATE had an off-by-one bug where it would omit the last record to be generated (Christian Laursen) + + + + + Simultaneous AXFRs may have been problematic on some backends. Thanks to Jorn of ISP-Services again for helping us resolve this issue. + + + + + Added LDAP backend by Norbert Sendetzky, see . + + + + + Added Generic ODBC backend by Michel Stol. + + + + + Simplified 'out of zone data' detection in incoming AXFR support, hopefully removing a case sensitivity bug there. Thanks again + to Christian Laursen for reporting this issue. + + + + + $include in-zonefile was broken under some circumstances, losing the last character of a filename. Thanks to Joris Vandalon for noticing this. + + + + + The zoneparser was more case-sensitive than BIND, refusing to accept 'in' as well as 'IN'. Thanks to Joris Vandalon for noticing this. + + + + + Version 2.9.5 Released on 2002-02-03. @@ -4182,10 +4249,55 @@ local0.err /var/log/pdns.err + Details + + PowerDNS implements a very simple but effective nameserver. Care has been taken not to overload remote servers in case + of overly active clients. + + + This is implemented using the 'throttle'. This accounts all recent traffic and prevents queries that have been sent out + recently from going out again. + + + There are three levels of throttling. + + + + If a remote server indicates that it is lame for a zone, the exact question won't + be repeated in the next 60 seconds. + + + + + After 4 ServFail responses in 60 seconds, the query gets throttled too. + + + + + 5 timeouts in 20 seconds also lead to query suppression. + + + + + Statistics Every half our or so, the recursor outputs a line with statistics. More infrastructure is planned so as to allow - for Cricket or MRTG graphs. + for Cricket or MRTG graphs. To force the output of statistics, send the process a SIGUSR1. A line of statistics looks + like this: + +Feb 10 14:16:03 stats: 125784 questions, 13971 cache entries, 309 negative entries, 84% cache hits, outpacket/query ratio 37%, 12% throttled + + This means that there are 13791 different names cached, which each may have multiple records attached to them. There are 309 items + in the negative cache, items of which it is known that don't exist and won't do so for the near future. 84% of incoming questions + could be answered without any additional queries going out to the net. + + + The outpacket/query ratio means that on average, 0.37 packets were needed to answer a question. Initially this ratio may be well over 100% + as additional queries may be needed to actually recurse the DNS and figure out the addresses of nameservers. + + + Finally, 12% of queries were not performed because identical queries had gone out previously, saving load servers worldwide. @@ -7118,7 +7230,7 @@ insert into Records (id,ZoneId, name,type,content,TimeToLive,Priority) select RE ldap-host - LDAP host to connect to. + LDAP host to connect to, defaults to localhost. @@ -7131,10 +7243,10 @@ insert into Records (id,ZoneId, name,type,content,TimeToLive,Priority) select RE - ldap-basdn + ldap-basedn - Root for DNS searches. Defaults to the empty string. + Root for DNS searches. Must be configured before the LDAP backend will work. @@ -7142,7 +7254,7 @@ insert into Records (id,ZoneId, name,type,content,TimeToLive,Priority) select RE ldap-binddn - Distinguished Name to bind with to the LDAP server. + Distinguished Name to bind with to the LDAP server. Defaults to the empty string for anonymous bind. @@ -7150,22 +7262,19 @@ insert into Records (id,ZoneId, name,type,content,TimeToLive,Priority) select RE ldap-secret - Secret to bind with to LDAP server. + Secret to bind with to LDAP server. Defaults to the empty string for anonymous bind. - The schema used is as follows: + The schema used is that defined by RFC 1279 and is present in OpenLDAP under the name 'cosine.schema'. + An example LDIF file: - objectclass: top -objectclass: dnsdomain -objectclass: domainrelatedobject -dc: example # zone related things including SOA, NS and MX records -dn: dc=snapcount +dn: dc=example objectclass: top objectclass: dnsdomain objectclass: domainrelatedobject @@ -7179,18 +7288,41 @@ associateddomain: example.dom # Simple record (mail.example.dom has address 172.168.0.2) -dn: dc=mail,dc=snapcount +dn: dc=mail,dc=example objectclass: top objectclass: dnsdomain objectclass: domainrelatedobject dc: mail arecord: 172.168.0.2 associateddomain: mail.example.dom + +# There may more than one entry per record +# This is also applicable to all other records including "associateddomain" +# but not for a CNAME record + +dn: dc=server,dc=snapcount +objectclass: top +objectclass: dnsdomain +objectclass: domainrelatedobject +dc: server +arecord: 10.1.0.1 +arecord: 172.168.0.1 +associateddomain: server.example.dom + + +# domain alias ({mail2,ns}.example.dom is CNAME for server.example.dom) +# cnamerecord must only contain one entry + +dn: dc=backup,dc=snapcount +objectclass: top +objectclass: dnsdomain +objectclass: domainrelatedobject +dc: server +cnamerecord: server.example.dom +associateddomain: mail2.example.dom +associateddomain: ns.example.dom - - More details are forthcoming. - PDNS internals diff --git a/pdns/misc.cc b/pdns/misc.cc index 0a296bd45..e19cb09c7 100644 --- a/pdns/misc.cc +++ b/pdns/misc.cc @@ -21,6 +21,7 @@ #include #include #include +#include #include #include @@ -75,11 +76,10 @@ u_int32_t getLong(const char* p) /** strips a domain suffix from a domain, returns true if it stripped */ bool stripDomainSuffix(string *qname, const string &domain) { - if((qname->size()-toLower(*qname).rfind(toLower(domain)))!=domain.size()) { + if(!endsOn(*qname, domain)) return false; - } - if(*qname==domain) + if(toLower(*qname)==toLower(domain)) *qname="@"; else { if((*qname)[qname->size()-domain.size()-1]!='.') @@ -261,12 +261,14 @@ const string unquotify(const string &item) string::size_type bpos=0, epos=item.size(); - if(item[0]=='"') + if(item[0]=='"') bpos=1; + + cout<<"wuh: '"<1 && !res.empty()) // chop off the last SOA res.resize(res.size()-1); - return 1; } diff --git a/pdns/syncres.cc b/pdns/syncres.cc index d113242d9..acd0d4bbd 100644 --- a/pdns/syncres.cc +++ b/pdns/syncres.cc @@ -308,7 +308,7 @@ int SyncRes::doResolveAt(set nameservers, string auth, const string &qna d_outqueries++; if(d_lwr.asyncresolve(remoteIP,qname.c_str(),qtype.getCode())!=1) { // <- we go out on the wire! LOG<