Authoritative server exits on parse error while looking for NS addresses to notify #7646
Assignees
Comments
|
Unable to reproduce using 4.1.8 (and master branch) on my development system. I do see an error message on notify: Bu the process keep running in my test environment. |
|
I can still reliably reproduce this, both 4.1.8 and 4.2.0-rc1. This is the full configuration: master setuid=pdns
setgid=pdns
server-id=ns1.mydomain.tld
version-string=powerdns
launch=bind
distributor-threads=1
bind-config=/etc/powerdns/bindbackend.conf
bind-dnssec-db=/var/lib/powerdns/bind-dnssec/bind-dnssec-db.sqlite3
bind-check-interval=5
slave-cycle-interval=5
master=yes
slave=no
disable-axfr=no
allow-axfr-ips=10.0.2.6,10.0.3.7
allow-notify-from=
only-notify=10.0.2.6,10.0.3.7
also-notify=10.0.2.6,10.0.3.7
default-soa-edit-signed=INCREMENT-WEEKSmaster slave setuid=pdns
setgid=pdns
server-id=ns2.mydomain.tld
version-string=powerdns
launch=bind
distributor-threads=1
bind-config=/etc/powerdns/bindbackend.conf
bind-dnssec-db=/var/lib/powerdns/bind-dnssec/bind-dnssec-db.sqlite3
master=no
slave=yes
disable-axfr=yes
allow-notify-from=10.0.2.5On master, changing zone line to And this lives in a Docker environment with entrypoint
in a "simple" Debian Stretch base image. Perhaps I have made a configuration error with this that's contributing? HTH |
|
OK, can reproduce now (also on my dev system). The key thing is to break the NS record. |
Ah, good to hear that! didn't think of that specifically. I just got down to the first A-type record which always happens to be the NS record of course. |
|
omoerbeek
added a commit
to omoerbeek/pdns
that referenced
this issue
Apr 3, 2019
not be the right place, though, but it prevents fatal exception on unparseable A (or AAAA) addresss for nameserver addresses needed to send notifies.
|
This can also happen on DB backends. |
omoerbeek
changed the title
7 tasks
Oh, yikes. If not properly validated before entering the database... boom. Security/DoS issue too? 😨 |
omoerbeek
added a commit
to omoerbeek/pdns
that referenced
this issue
Apr 3, 2019
not be the right place, though, but it prevents fatal exception on unparseable A (or AAAA) addresss for nameserver addresses needed to send notifies. (cherry picked from commit 475fc44)
omoerbeek
added a commit
to omoerbeek/pdns
that referenced
this issue
May 17, 2019
not be the right place, though, but it prevents fatal exception on unparseable A (or AAAA) addresss for nameserver addresses needed to send notifies. (cherry picked from commit 475fc44) Rearrange; to avoid uninitialized var and bail out after exception, b might be inconsistent in that case. (cherry picked from commit cb22b82) Better logging, so the operator knows where to look. (cherry picked from commit c6e6b05) Fix logging for 4.1.x
Habbie
added a commit
to Habbie/pdns
that referenced
this issue
Jul 8, 2019
This reverts commit 475fc44.
clrpackages
pushed a commit
to clearlinux-pkgs/pdns
that referenced
this issue
Feb 9, 2021
1848 (1):
Add option to set interval between health checks
Adam Majer (1):
Fix compiler warning about returning garbage
Aki Tuomi (116):
ext/luawrapper: Add toString and eq to LuaContext
lua-base4: Add base lua for auth and recursor
Use BaseLua4 with both auth and recursor
lua-base4: Refactor to load from non-file sources
lua-auth4: Add DNSPacket to Lua
lua-auth4: Move prequery to new lua framework
lua-auth: Remove unused sources
lua-auth4: updatePolicy should default to accept when not present
testrunner: Add unit test for lua-auth4.cc
fix recursor prequery scripts
fix check_stest_source
pdns: Fix dependency tracking for backends
pdns: Improve error when record data is not consumed
pdns: RecordTextReader - trim whitespace
tinydnsbackend: Use toDNSStringLC since lowercase is preferred
Use DNSName in RecordTextReader
geoipbackend: Whitespace fixes
geoipbackend: Move GeoIP handling to separate class
geoipbackend: Replace GeoIPLookup with GeoIPNetmask
geoipbackend: Reorder includes
geoipbackend: Switch to new filename syntax
m4: Improve geo backend dependecy checks
geoipbackend: Add mmdb interface
geoipbackend: Make GeoIP interface optional
geoipbackend: Skip non-TXT results that format to empty
geoipbackend: Add location support
geoipbackend: Add per-AFI IP expansions
geoipbackend: Update documentation
geoipbackend: tests - fix edns subnet usage
geoipbackend: Fix error message formatting
geoipbackend: Use only our own database for tests
geoipbackend: Add a location test
geoipbackend: Add regression test for per-AFI variables
geoipbackend: Add edns subnet geoipregionip where needed in tests
geoipbackend: Add mmdb support for regression test
travis: Remove geoipregion* from travis settings
travis: Add libmaxminddb-dev to auth dependencies
travis: Run geoipbackend test with mmdb database
pkcs11signers: Get actual slot IDs from PKCS#11 device
pkcs11signers: Support separate public key label
pdnsutil: Check that hsm was provided a sub-command
pkcs11signers: Use OpenSSL to parse EC parameters if available
lua-base4: Add newDRR for making DNSResourceRecords
lua-base4: Expose more DNSName methods
lua-base4: Add QType methods
pdns: Include lua-auth and it's dependencies in pdnsutil
lua2backend: Add new backend
travis: Run tests for lua2
build lua2 backend packages
build-scripts: Use correct example file for lua2
m4: Check for randombytes_stir
m4: Check for openssl random generators
configure: Check for system random number generators
pdns: Implement new dns_random
dnsbackend: Make isMaster a const
docs: geoip-database-files has not been dropped in v4.2.0
ssqlite3: Add missing overrides
godbcbackend: Add missing overrides to SODBC
pdnsutil: Use new domain in b2bmigrate
docs: Disable parallel build for docs
docs: Add support for clean
geoipbackend: Fix struct/class usage
geoipbackend: Add struct for holding geoip service
geoipbackend: Hide queryGeoIP
geoipbackend: Make sure initial netmask is not too wide
geoipbackend: Optimize lookup
geoipbackend: Avoid expensive destroy during initialization
stubresolver: Improve locking
geoipbackend: Check GeoIP_id_by_addr_gl and GeoIP_id_by_addr_v6_gl return value
geoipbackend: Document that MMDB support has been added in v4.2
geoipbackend: Handle read error for config file
m4: Fix lua.hpp check to actually work
geoipbackend: Allow empty content for ENT record
dnsupdate: Update documentation to indicate that both source IP and TSIG key name checks are skipped
pdns_notify: Support hostname for notification
pdns_notify: Implement 60 second timeout
pdns_notify: Fix logging
Update supermaster-signed test expected_result
pdns_notify: Update manpage
pdns_notify: Update usage
remotebackend: Implement getUpdatedMasters
gsqlbackend: Reset correct query in searchComments
remotebackend: http connector - Properly escape parameters
lua-recursor4: Add missing getregisteredname Lua function
packethandler: Compare TSIG key name using DNSName
geoipbackend: Use Netmask instead of string
json.hh: Fix shadowing arg
nsecrecords.cc: Fix shadowing variables
opensslsigners.cc: Fix shadowing variables
opensslsigners.cc: Fix parameter name
opendbxbackend: Rename list to domains
gmysqlbackend: Rename connect to set_connect
pipebackend: Rename receive variable to received
iputils.hh: Rename parent to pparent
dnsdist.hh: Rename isTCP to isTCP_
rfc2136handler.cc: Rename forwardPacket to l_forwardPacket
slavecommunicator.cc: Rename notify as doNotify
webserver.hh: Rename what as what_arg
speedtest.cc: Remove duplicate rr local
global: Normalize isIpv6 to isIPv6
global: Normalize isIpv4 to isIPv4
docs: Update documentation about isIPv4 and isIPv6
docs: Update upgrading info
docs: backends/pipe - Fix performance page location
ws-auth: Check DNAME records correctly
regression-tests.api: Update tests
regression-tests.api: Add future test for nothing under DNAME
opensslsigners: Add missing 'static' keyword
pkcs11: Fix module path for CryptAS example
pkcs11: Document how to use SoftHSM2 remotely.
misc.cc: Resize hostname to final size in getCarbonHostname()
test-misc_hh: Add test for getCarbonHostname
communicator: Allow forcing domain retrieval
dynhandler: Allow specifying master IP on retrieve
pdns_control.1.rst: retrieve - Document new parameter
dynhandler: Do not copy master value
Aleksandar Topuzović (1):
Fix typo in tsig documentation
Aleksejs Spiridonovs (1):
If master doesnt support IPv4/IPv6, but slave does
Alexander Fisher (1):
Docs: Add note about only needing ro db access
Alexander Huemer (2):
docs/dnsupdate.rst: Fix typo in getZoneName()
Fix test syntax in 'pdnsutil --help'
Andrea Tosatto (1):
Add missing CAP_SETGID and CAP_SETUID to the IXFRDist systemD unit file
Andrey Domas (3):
DNSNameSet and QNameSetRule
DNSNameSet and QNameSetRule, minor fixes
DNSNameSet and QNameSetRule, minor changes in docs
Anhad Jai Singh (3):
Add swagger spec for Authoritative Server HTTP API
Update swagger spec to v0.0.12
Update 4.1 changelog for auth-4.1.1 release
Antoine Joubert (1):
rec: debian postinst / do not fail on user creation if it already exists
Arjen Zonneveld (1):
Update index.rst
Baptiste Courtois (4):
auth: geoip - forbid 0 as weight value
auth: geoip, add regression test for issue #7051
auth: geoip, compute weight per QType
auth: geoip, check weight only on matching QTypes
Bas van Schaik (1):
Remove flake8 from lgtm.yml
Charles-Henri Bruyand (123):
Auth: Reload /etc/resolv.conf when modified. Fix #6263
Use RAII wrappers for locks and some cleaning following reviews
Don't check for changes more than once every 60 secs
dnsdist: Update deprecated syntax used in dist configuration file
recursor: add min-udp-source-port, max-udp-source-port and avoid-udp-source-port variables to tune the range of ports we use
rename new settings to group them, add documentation
remove typo
dnsdist: make lua actions second return value optional
improve documentation of addLuaAction and addLuaResponseAction
dnsdist: add missing definition for DNSResponseAction
dnsdist: test LuaAction optional second return value
dnsdist: ignore certificate files used by the tests
dnsdist: correct typos in doc, adjust regression test
auth: fix regression while handling user-defined axfr filters return values, and a typo in a documentation example
auth: add quiet modifier to pdnsutil rectify-all-zones command
auth: fix typo in command description
auth: add support for MB and MG RR types
auth: skip mailbox tests with mydns,tinydns and ldap backends
auth: tinydnsbackend / tests - document binaries used by generate-data.sh and update data files
dnsdist: add option to showRules actions to truncate rule length output
dnsdist: fix typos and replaces new typedef's name
rec: fallback to std::set when boost::container::flat_set is not available (boost version < 1.48)
rec: only notice if boost flat_set are not available
rec: allow to bind on udp port 1024
rec: remove unused plotter related code
rec: prefer prefix ++/-- operators for non-primitive types
rec: perform constructor initialization in initialization list
rec: prefer references for function parameters
rec: adjust format string formaters
rec: use C++11 range-based for loop
Auth: replace Socket::connect() implementation with SConnectWithTimeout
luarec: add basic tests
sync with g_log var
Auth: fix tools build
add --disable-lua-records option
add lua rec tests to travis build
missing requests package
auth: test GeoIP related features of LUA Records
remove unecessary requirements
clean todolist
rethrow lua execution exception with reason
add lua-reccord-exec-limit option to pdns_server
License minicurl files under the MIT license
adjust EXTRA_DIST source
docs: bump auth version to 4.2 for luarec integration
docs: clarify ifportup and fix some typos
luarec tests: double instructions performed to test timeout
fix configure issues and disable lua records for el6 and sles
configure: ensure lua is setup when lua records are enabled
dnsdist: allow known exception types to be converted to string
rec api: add subtree option to the cache flush endpoint
Skip subtree option tests against auth
details version the subtree parameters has been added
check if parameter has been submitted before accessing it
docs: document setVerboseHealthChecks()
pdnsutil: also load modules through the load-modules directive
pdnsutil: refactor loadModules()
auth-api: restrict creation of OPT and TSIG rrsets
auth-api: refactor checks of RRsets types while importing them
rec: add lua maintenance callback
rec: call maintenance() callback on every thread
rec: ensure lua-dns-script has been properly initialized
rec-tests: print the logs of supervised processes reported as running for less than 3 secs
rec: restrict maintenance() callback to worker threads
auth: sign CDS/CDNSKEY RRsets with the KSK
luawrapper: report caught std::exception as lua_error with a nice reason message
dnsdist: default set "Connection: close" header for web requests
"Connection: close" is not a security header
bump version as 4.1.3 has been released
rec: REALLY restrict maintenance() callback to worker threads
dnsdist: add consistent hash builtin policy
dnsdist: consistent hash - compute hashes at object initialization
dnsdist: consistent hash - only pre compute when policy is set to chashed, lazy-load otherwise
dnsdist: consistent hash - get rid of intermediate map construction
recursor tests: replace awk command by perl
ensure server's weight is properly bounded
Fix greediness issue
dnsdist: consistent hash - also check for individual pool's policies before pre-computing backend's hashes
rec: fix outgoingProtobufServer config instanciation
dnsdist: do not iterate over hash map for consistent hashing based query distribution
fix string format issue on 32bits arm
dnsdist: add setConsoleOutputMaxMsgSize function to tune console output message maximum size
dnsdist docs: update documentation on updating ACLs via the API
dnsdist: add ability to update webserver credentials
Update test_API.py
dnsdist: refactor webserver config in a single table
auth: api - Check if the DNSNames that should be hostnames, are hostnames
Update dnsdist-lua.cc
auth: api - wrap hostname check in a single function
nit style
check argument lists emptyness
report execution failure in wildcard LUA records
expose DNSName::getRawLabels
auth: lua records: document DNSName, DNSHeader, DNSResourceRecord API
auth: lua records: document DNSRecord objects, and other functions and constants
restore deleted file
dnsdist: add optional UUID field to showServers() and clarify doc about chashed distribution mechanism
dnsdist: fix documentation nits and add completion documentation for showServers new options
auth: geoip, properly delete libGeoIP return values
auth: lua records - mirror backupSelector behaviour to ifportup
auth: lua records - nit style
auth: lua records - remove "none" selector, add test for "all" backup selector
auth: docs - increase latex maximum list depth to avoid reaching max nesting level
auth: make --enable-lua-records switch plural
Prefer prefix ++/-- operators for non-primitive types
Perform initialization in initialization list instead of in constructor body
Prefer const references where applicable to avoid unnecessary data copying
auth: lua-records - get rid of getStatus(), avoid object leak and align var type to format string
Remove unused variables
Explicitely avoid object copy for Semaphore, ChunkedSigningPipe, SingleThreadDistributor, and MultiThreadDistributor
rec: fix compilation warnings by replacing snprintf with boost::format
rec: reduce log message urgency of non pertinent errors
Revert some changes as suggested by rgacogne
Fix missing word in pdns/recursordist/docs/lua-config/rpz.rst
all: DNSName reserve memory before converting to string
all: DNSName avoid copying labels while converting to string
recursor: add new deviceName field to the dnsmessage protobuf export
lua: DNSQuestion, actually export deviceName and deviceId attributes
docs: fix version numbers
auth: register lua functions only once when shared context
pipebackend: remove unused variable
auth: lua refactor health checks monitoring
auth: lua monitoring, lock on status change, better report malformed options content
Chris (Someguy123) (3):
Various small corrections for reverse DNS functions
Added section on using Lua records with generic SQL
Packages needed for Ubuntu 18.04 + how to build sphinx docs
Chris Boot (2):
Swagger: fix definition for putTSIGKey operation
Swagger: fix Error object definition
Chris Hofstaedtler (165):
Update/add macOS compilation notes
Remove redundant --with-lua
Handle bracketed IPv6 addresses without ports
Drop useless if branch
Quiet unused variable warning on macOS
Recursor: add ecs-add-for option
regression-tests.recursor-dnssec: improve equality test output
regression-tests.recursor-dnssec: make this somewhat usable on macOS
sdig: avoid segfault when ednssubnet is given with no arg
Add TempFailureCacheTTLAction
ldapbackend: fix listing zones incl. AXFR
regression-tests.api: clean up runtests.py wrapper
API: Expose ResponseStats and Ringbuffers
Forbid creating algo 5/8/10 keys with out-of-spec sizes
Use algo constants where possible
Add ERCodeRule
Improve DNSUPDATE prereq check log messages
bindbackend: handle std::exception during startup zone-parsing
Avoid including statbag.hh in recursor
dnsdist: Expose tempFailureTTL to Lua
dnsdist: add docs, test for TempFailureCacheTTLAction
ecs-add-for: add better wording from @rgacogne
Update EDNS Option code list
Remove obsolete EDNS PING code
Remove debug leftovers
Fix incorrect comment in testcase
testcase: do not add "unused" response to queue
Store rcodes as unsigned
Do not pretty-print out-of-range RCodes
Use c++-style casts
Clarify where offset comes from
tests: use sdig from PATH if available
Remove unused struct QueryInfo
resolver: remove pointless optional-local sendResolve overload
sendResolve: improve local socket making error message
Resolover::resolve: dont second guess local socket choice
slavecommunicator: remove dead variable
auth: remove obsolete directResolve stub
Fix macOS build: Use IPPROTO_TCP instead of SOL_TCP
Minimal fix to make primeHints threadsafe
Fix copied code
Rename getRuleID to makeRuleID
rm*Rule: rename num to id
docs: replace order with position
Warn when no rule was matched by uuid in rm...Rule()
add uuid= option to addLua*Action, mirroring add*Action
docs: fix some rm*Rule inconsistencies
recursor: abort when unused arguments remain
dnsdist: reduce resprulactions/cachehitresprulactions code deuplication
dnsdist: add rules for self-answered responses
dnsdist: record query time in DNSQuestion
Add dnstap-compatible protobuf support to dnsdist.
dnsdist: fix build without protobuf
Clean up QTag code
Report Lua(Response)Action failures
tests: Add rule-servfail to test_API
In tests use protobuf3 on macOS
dnsdist: Move Lua(Response)Action operator() out of header file
debian: drop allow-recursion handling
debian: fix ucf registration (same as Debian bug#816362)
dnsdist responderThread: rename state to dss
dnsdist: update self-answered only for actually sent UDP responses
dnsdist: update latency stats for all UDP responses
dnsdist: account latency for responses to TCP queries
dnsdist: docs: clarify some stats items
Remove leftover -I ext/rapidjson
TeeAction: make getStats() order deterministic
dnsdist: create RemoteLoggers in client mode, but avoid connecting
dnsdist tests: make py3k compatible and pick py3k if available
Document protobufServer behaviour change
api tests: fix up for py3k and other cleanup
Auth API: return status 409 if domain already exists #4482
api tests: pick python3 if available
Remove latency tracking for TCP again, for now
dnsdist: avoid LuaWrapper assert on errors in newServer()
Split PDNS_ENABLE_UNIT_TESTS so recursor, dnsdist dont have meaningless --enable-backend-unit-tests
dnsdist: sort features in --version output
dnsdist: add --version to --help
dnsdist: warn about -k in /proc/x/cmdline
dnsdist: kill unintentional -s alias for --supervised
dnsdist: remove optional arg from short-form -v
dnsdist: (re-)sort long and short options
dnsdist: avoid hiding -k/--setkey from "plaintext" builds
Fix reorder warning: field 'd_rname' will be initialized after field 'd_st'
make clean: rm generated .service and .conf-dist files
dnsdist tests: avoid failure on not-so-optimal distribution
Catch exceptions by-ref
Add some missing header include guards
Add config for lgtm.com
Remove redundant function declaration
API docs: zone delete returns 204
API: Remove ENTs when "replacing" new records
gmysql: Use future-proof statement for transaction isolation
Auth API: add zone lookup by /zones?zone=example.org.
Allow running "brew bundle" to fetch deps
dnsdist: Expose toString of various objects to Lua
Initialize some missed qtypes
Style
Remove broken, unused buildroot.sh.in
Clean up some old docstrings
Merge UNIX_declareArguments into declareArguments
docs/dnssec: improve HTML rendering of table
docs/dnssec: add note about CD flag
docs/dnssec: improve HTML rendering of table
serialtweaker: add comment on why empty SOA-EDIT is "wrong"
serialtweaker: drop extra check for case that is handled further down
Allow compiling against MySQL 8 client header files
check-all-zones: find duplicate zones and SOAs
Workaround MariaDB pretending to be MySQL
Drop api-readonly configuration setting
Add pdnslog to Lua configuration scripts
Remove leftover multi_index_container tag structs
Fix removal notice in docs
README.md: fix typo in macOS instructions
Update and re-sort feature list in --version output
builder-support: finish up ucf removal for sql backends
Fix typo in "collisions"
whitelist.words: Add "filtername"
Resync yahttp code to cmouse/yahttp@11be77a1fc4032ed268cb5a80eb2aa1d14ce849d
Auth. API: improve RRset validation
Rename type to object_type
API: improve handling of out of range modified_at value
remotebackend: fix SOA in unittests
Fixup test-remotebackend.cc
Debian packages: remove duplicated dnsdomain2.schema
API: Mark set-ptr as deprecated
Webserver: simplify access to apikey/password
recursor webserver: allow accessing some API endpoints using password
recuweb: remove api-key from interface, can just use basic auth
Fix some spelling errors found by lintian
Update URLs to use https scheme
README: remove OpenCSW advice
ext/ipcrypt: Ship LICENSE in tarballs
Fix some spelling mistakes noticed by lintian
API: do not return dnssec info in domain list
Support optional ?dnssec=false flag on listing zones
Fix typo: settting to setting
Remove not implemented zone check API from spec
gpgsqlbackend: Avoid actually prepared statements
gpgsqlbackend: remove d_nstatement
Make Lua mandatory for Auth
Update docs
Update my name in old changelogs
Replace include guard ifdef/define with pragma once
Install bind SQL schema files as part of bindbackend
builder: use new --config=default for building config templates
builder: avoid config change prompts on each pdns-recursor update
Optimize IXFR-to-AXFR fallback path
Address feedback from #9176
API: Allow rectifying Slave zones
Set SyslogIdentifier for multiple instances
API: forbid rectify for presigned zones, only
gpgsqlbackend: add parameters to query logging
gpgsql: Reintroduce prepared statements
spgsql: tidy up
auth: log more pdns_control actions
auth: add used master address to slave check logs
auth: immediately fill account, masters on zone create
Fix typo
backends: Pass masters as vector<ComboAddress>
Remove redundant toLogString() calls
bindbackend: fix zoneId in log statement
auth: 0 as nullptr cleanup
gsqlbackend: allow backend-specific queries
gpgsql: avoid reconnect on connect
Christian Hofstaedtler (5):
Remove serializeSOAData, refactor calculate/edit/increaseSOA
serialtweaker: remove fallback, make DEFAULT an explicit choice
Have a test for SOA-EDIT-INCREASE via the API
INCEPTION-INCREMENT: avoid jumping by two on every increase
dnstap.rst: Fix some editing errors
Cmdr Riker (2):
update docs for upcoming custom response header changes for dnsdist
dnsdist: Add support for custom DoH headers
Colin Mitchell (1):
Add parameters to swagger API definition for creating zone
Costy Petrisor (1):
parsing `dont-throttle-names` and `dont-throttle-netmasks` as comma separated lists
Dan McCombs (1):
Restrict value range for weight parameter, avoid overflowing and dropping queries if the sum of all weights is greater than the max value of int.
David Freedman (1):
Dynamic blocks were being created with the wrong duration (the detection interval was being used).
Dennis Koster (2):
Added IN to the output of API export function
Updated test_export_zone_json and test_export_zone_text to include the IN in the output
Dmitry Alenichev (4):
respond with RCODE=BADVERS on EDNS version >0 (rfc6891)
replace RCODE=BADVERS response on version >0 with a rule to match on the
pass empty response
make passing empty response optional
Dominic (1):
[dnsdist] Doc fix of carbonServer
Dominic Luechinger (1):
Fix wrong version numbering of new features
Donatas Abraitis (2):
geoipbackend: Add libmaxminddb-devel dependency for CentOS
docs: Add small description for pipe backend about distributor-threads
Doug Freed (2):
Make travis use a modern python
dnsdist-console: flush cout after printing g_outputBuffer
Edward Dore (1):
Fix trusted-notification-proxy port
Emil (4):
Add a new command to add a super-master to SQL backends
Remove unnecessary .patch files
Add some documentation regarding the new comand
Add bash completion
Enna1 (1):
fix typo in comment in syncres.cc: 'FRC 7129' to 'RFC 7129'
Erik Winkels (18):
Add upgrading note for #5915.
Update changelog and secpoll for rec-4.1.1.
Add fixes suggested by @habbie.
Add syntax to dns.proto to silence compilation warning.
Update changelog, secpoll and advisories.
Replace XXXX with (now known) PRs.
Update changelog and secpoll for rec-4.1.10.
Fix broken grammar.
Update changelog and secpoll for auth-4.2.0-rc1.
Update changelog and secpoll for rec-4.1.12.
Update secpoll for rec-4.1.14 release.
Fix typo.
Add script for generating repo files.
Update docker repo script for auth-4.2.1.
Update docker repo script for rec-4.2.1.
Fix CentOS 8 issue and install `dig`.
Add `auth-43` and `rec-43`.
Add support for rec-43.
Florian Kaiser (1):
Fix typo in SQL query name in documentation
Florian Obser (1):
Include unistd.h for chroot(2) et al.
Frank Louwers (19):
Document the removal of api-readonly for the pdns-auth as well
Make pdnsutil check-zone more consistent.
Fix error in setQueryRate warning example
Point out that the sql schema is for 4.2/master in the guide.
Fix typo in basic-database guide
Make guide more clear
Add documentation for pdnsutil delete-rrset and replace-rrset
Fix typo
Update index.rst
Update rules-actions.rst
Update qpslimits.rst
Add signal handling for SIGTERM and SIGINT in pdns_recursor
Only register our handler when we're pid 1, and change to doExit()
Add comments on why we need this
Typo. Thanks @phonedph1
Fix typo in setQueryRate docs
Clarify comment
Clarify allow-axfr-ips behaviour in combination with TSIG
Update docs/tsig.rst
Gert van Dijk (40):
docs: Improve "BIND-mode operation" for DNSSEC
docs: align meta-data -> metadata
docs: remove unintentional blockquotes in HTML
docs: fix formatting of 'PKCS#11 support' page
docs: Add 'hidden master' approach in DNSSEC security
docs: Fix formatting of some code blocks
docs: reword sentence in DNSSEC intro
docs: fix link in Lua backend
docs: Fix formatting of Lua2 backend API
docs: Fix link in Lua2 backend
docs: Other minor fixes
docs: HTTP API tsigkeys example shows wrong body
docs: formatting fixes for 'Dynamic DNS Update' page
docs: Use 'sudo' to install packages
docs: Emphasize no data should return in example
docs: fix links in 'Adding new DNS record types'
docs: Hide the toctree on 'Backends' index page
docs: Change occurrences of "note" to admonition
docs: fix several typos
docs: Add '(or zone transfer)' in sentence on BIND backend
docs: BIND backend - improve formatting of output status
docs: Add paragraph on benefits of the BIND backend
docs: Add a missing 'Default:' (consistency on page)
docs: Cross-reference DNSSEC-ALIAS limitation
docs: Consistent naming/casing of the BIND (backend)
docs: Add warning on empty bind-dnssec-db for slave operation
docs: specify type of 8bit-dns setting
docs: Add missing entry in table for the 'Lua' backend
docs: Remove superfluous comma in 'any-to-tcp' setting
docs: Align position of version annotation in settings
docs: fix some links (invalid ref-role usage)
docs: fix formatting of 'rng' setting options
docs: add use case for 'no-config' setting
docs: Alphabetically order settings
docs: fix Sphinx-build warning in ixfsdist.yml.5.rst
docs: fix link to setting loglevel in settings
docs: Note that supermaster support is off by default since 4.2
docs: Add 'bind-check-interval' setting default
docs: notes on 'bind-check-interval' <-> 'slave-cycle-interval'
docs: update pdnsutil 'set-nsec3' and NSEC3 narrow mode
Gibheer (7):
add more variables to carbon keys
add more variables to dnsdist carbon keys
fix lua for new carbon variables in key
add recursor functions for carbon key variables
use correct variable in carbon key string
add versionadded for the new carbon options
move defaults of carbon options
Greg Cockroft (1):
recursor webhandler for prometheus metrics
Grégory Oestreicher (14):
LDAP: fix getDomainInfo() to set this as di.backend (#6048)
Only log when there's an actual error
Don't add braces with throw
Various Kerberos improvments
Cosmetic: prefix member variables with d_
LDAP search revamp
Add PowerLDAP::del() and PowerLDAP::add()
Fix lookups in strict mode and filter on the record type
Add support for per-record data
Re-enable DNAME records as they're supported now
Add support for ENT
Fix Kerberos error codes management
Add support for ALIAS record
Remove compiler warnings pointed by Aki
Hannu Ylitalo (2):
pdnsutil: Fix output order of pdnsutil add-record
dnsdist: Change addLocal example to IPv6 address in quickstart
Håkan Lindqvist (1):
Minor fixes to dnsdist docs
JP Mens (5):
Change wording to indicate may not XFR instead of cannot
fix typo
pdns_control reopens geoip databases on reload
s/ZSK/CSK
YAML backend
Jacob Bunk Nielsen (1):
Documentation fix. filename is mandatory in 1.3.3.
James Cowgill (1):
Increase MTasker stacksize
James Taylor (3):
auth: make sure we really are using glibc
auth: correct syntax for GLIBC detection
auth: remove redundant --no-config from commands
Jan Hilberath (4):
docs: Add missing words in pdns_control man page
Fix typo in Recursor Performance Guide
Fix typo
Fix layout in the dnsdist Caching Responses guide
Jan-Arve Nygård (1):
Removed master-zone-query from documentation
Jeremy Clerc (2):
geoipbackend: propagate weighted rounding gap fix
geoipbackend: stop looking after first weighted match
Johannes Eiglsperger (1):
Set type of Cryptokey ID to integer
Jonas Schäfer (3):
Add missing colons in front of :func: reference
Add paragraph break in load balancer guide
Improve checkFunction example for downstreams guide
Jonathan Eenkhoorn (2):
Add type filter to search-data api. Closes #5430
Make a combination of delete and replace for rrset possible
Josh Soref (75):
Recursor: try to document how to handle systemd private tmp
Rename RecordTextException to rte
Remove tabs from dnsrecords.hh
gramar: its
move arg function to the testrunner
consistently use test_ prefix for boost test suite names
consistently name boost test suite names based on filename
merge test-nmtree into test-iputils_hh
Fix use of BOOST_CHECK_MESSAGE in test-dnsrecords_cc.cc
Enforce style const MOADNSException &mde
Fix ./configure --help alignment
README.md: change markdown syntax for shell content
README.md: change markdown syntax for shell content
fixing doc rst error by extending dashes
configure: with-gnutls
configure: with-libdecaf
configure: with-libsodium
configure: with-libssl
configure: with-re2
configure: enable-dnstap
Update readme for debian 9
travis: complain about dangling symlinks
Removing pandoc remnants
spelling: minimum
spelling: response
initial spelling checker implementation
enable spelling checker
removing ghost
catch subprocess.check_output and raise AssertionError with the output
tests: improve output by labeling tests
test-recursor: remove duplicate cd directive
Tell people to use --with-(dyn-)modules=... when they use --without-mysql
rst: Definition list ends without a blank line; unexpected unindent
spelling: iterator
spelling: successful
spelling: syscall
spelling: version
spelling: deactivated
doc: described is a simple enough word...
clarify sentence
grammar ...
grammar: comma-however
grammar: oxford comma
grammar: oxford comma
grammar: comma for introductory phrase
grammar: comma for introductory phrase
grammar: help parsers understand that denial-of-existence is a thing
spelling: spell out day of week abbreviations
separate overly complicated sentence
grammar: remove unnecessary comma in compound predicate
grammar: avoid using having
grammar: rewrite sentence
spelling: SQLite
grammar: remove unnecessary comma in compound predicate
grammar: reword complicated sentence
spelling: [API] deserialize
Set up spell-checking action
receiver: fix help output for pdns current-config
Update check-spelling action
spelling: answer
spelling: first
spelling: improvements
spelling: milliseconds
spelling: record
spelling: should
spelling: target
spelling: with
Ignore c(xx)flags
spelling: Wshadow
Update expects
Update recursordist: reuseport
Wishy-washy
clarify: reuseports behavior re worker threads
rewrite pdns-distributes-queries
spell-check: check pull requests
Kees Hoekzema (1):
fix PR checkout in circle-ci testing
Kees Monshouwer (105):
auth: use toLogString() for gsql backend exceptions
don't use toString() for logging
use toLogString while throwing
escaping unusual DNS label octets in DNSName is off by one
gmysql-backend: set unsigned attribute on notified_serial column
auth: whitespace
auth: do not set ordername during rectify of non-dnssec zones
auth: avoid an isane amount of new backend connections during an AXFR
auth: do not waste SOA queries in getDomaininfo() for a serial we never use
auth: one query and a huge amount of code down the drain
auth: remove an other query for unsigned notifies and notifies signed with a wrong TSIG key
auth: remove supurios notify after a supermaster domain was created
auth: do not compare port numbers in isMaster()
auth: do not use the remote port for SOA and NS queries in trySuperMaster()
add toLogString() to ComboAddress and start using it
auth: add 'supermaster' option to enable/disable supermaster support
auth: ComboAddress masters in lua2backend
uth: use ComboAddress in addSlaveCheckRequest()
auth: ignore NSEC3PARAM records in a presigned zone
auth: speedup AXFR out for presigned zones.
auth: also skip sorting for unsigned zones. Thanks @habbie
auth-api: increase serial after dnssec related updates
auth-api: remove headers
pdnsutil: occlusion check improvements
pdnsutil: auth check improvements
rec: add bogus ringbuffer to make it more easy to detect high profile bogus domains
rec: add cached bogus answers to the statistics
rec: move bogus ring from packet cache to doProcessUDPQuestion()
rec: update the validation state when we replace an existing entry in the packet cache
auth: fix el6 build, histograms are too sophisticated for boost 1.41
rec: fix some warnings in the docs
auth: remove duplicate dns update section from the backend-writers-guide
auth: fix a warining in the docs
auth: scopeMask in the SOAData structure is unused after #5512
rec: remove the old dnssec root key, goodbye 19036 ....
rec: allow the signture inception to be off by a number of seconds.
rec: docs, add versionadded for signature-inception-skew
rec: docs, add versionchanged for signature-inception-skew and typo fix
auth: remove autoserial
auth: rename the schema update files due to a new milestone
Revert "On incoming NOTIFY load our serial from backend to have it available during slave-check."
auth: load serial in slaveRefresh()
auth: we don't know the serial at this point and it is to early to get it here
auth: speedup getUpdatedMasters() for the gsql backends
auth: fix dot stripping in setContent()
auth: lmdb-backend avoid duplicate NSEC3 records in presigned zones
Do not compress the root
auth: no dnssec processing for non dnssec zones and avoid a lot of isSecuredZone() calls
auth: update root direct-ns and ref-3ld expected results and add a direct DS test
auth: Rectify for ent records in narrow zones was slightly wrong.
auth: small optimization in the rectify code for optout narrow zones
auth: add referral response tests for DS queries
auth: fix referral response for DS queries
auth: lmdbbackend, fix getAllDomains()
auth: use the api in the lmdb regression tests
auth: add comments to explain the DS referall logic
auth: always add DS for secure zones, broken since #7523
auth: lmdbbackend: auth was unset in get() (always true)
pdns: lmdbbackend: strip trailing dots in content
auth: fix, missing insecure zones in authSet #7785
auth: update lmdb tests and some cleanup
auth: soaedit test by @Habbie
auth: cleanup soaedit and fix #7361
auth: always truncate when the additional records do not fit
auth: add an option to bulk fix the regression tests results
auth: detect SOA cache pollution caused by broken backends
auth: completely disable the packet when cache-ttl=0
doc: s/\n//
auth: deprecate SOA autocomplete
doc: add a depreation warning to the SOA autocomplete settings
auth: register a few known types and remove an unknown one
auth: remove the oracle backends
auth: prevent the chopOff() loop in lookup(), for SOA queries
auth: remove the default default from the zone_id argument in lookup()
auth: api, look for pre-existing RRsets in the right zone
auth: make sure the RRSIG freshness check is using the right zone
auth: send notifies only to the nameservers in the zone
auth: prevent new database connections while sending notifies
auth: pdnsutil show zone, make sure the DNSKEY is from the right zone
auth: silence 'mastercommunicator.cc:223:104 warning: ‘id’ may be used uninitialized in this function' warning
auth: bind-backend, improve the domain_id check in lookup()
auth: improve the handling of duplicate id's in bindbackend
auth: cleanup slave-renotify code
auth: gmysql backend, add an option to send the SSL capability flag to the server
auth: remove mydns backend
pdns: oracle leftovers
auth: remove lua backend
auth: api: avoid a large number of new database connections
auth: api: purge the entire zone from the cache after a patch operation.
auth: api: patchZone() was ignoring the default-api-rectify setting
auth: api: do not run soaedit or rectify for disabled zones
auth: lmdb-backend, remove duplicate code and some unused variables
auth: remove opendbx backend
auth: add diff option to 'pdns_control current-config'
auth: add --config=check option
auth: make sure get() is always returning the default value for d_place
auth: do not update identical notified serials
auth: make sure we look at 10% of all cached items during cleanup
auth: improve sql schema updates
auth: remove beta2 schema files
auth: fetch all metadata at once
auth: use real remote for supermaster createSlaveDomain()
auth: gsqlite3backend: add missing indexes
auth: fix cache cleaning race conditions in DNSSECKeeper()
auth: clear the key cache after addKey()
Kevin P. Fleming (10):
Correct typo in Swagger specification
Improve specification for metadata API endpoint
modifyMetadata returns the created object
deleteMetadata returns 200 OK, not 204 No Content
Correct doc for ecs-add-for default
Clarify local-address documentation
Address review feedback.
Render examples as preformatted text
Correct spelling error
Document 'rrsets' parameter to API listZone operation
Kirill Ponomarev (2):
Update pdns/dnssecinfra.cc
Update pdns/dnssecinfra.cc
Klaus Darilion (13):
pdns_control notify: make sure PDNS is either master, or slave with renotify
add incremental slave-check backoff also for failed AXFR due to master problems
On incoming NOTIFY load our serial from backend to have it available during slave-check.
When the final result of the slave-check get logged, always add the respective serials to the log line. This is very useful when debugging slave-check issues
add option to send NOTIFYs without TSIG signature
fix typo
fix typo: "ourserial is" -> "our serial is"
add d_lock while manipulating d_failedSlaveRefresh
Delete a zone from the list of failed slave-checks on incoming NOTIFY and fix d_lock handling
improve docs about incremental hold-back period on failed XFRs
reject NXDOMAIN response during SOA-check
during SOA-check response processing make sure to only accept SOA records
store masters with comma separated and without trailing space
Konrad Wojas (1):
calidns: accurate qps targets
Krombel (2):
dnsdist: Fix formatting on DoH guide
dnsdist: Add DoH behind reverse proxy (and http) to guide
Ladislav (1):
fixes misleading documentation
Leo Neat (1):
Turning dry_run off for CIFuzz
Leo Vdw (1):
RKEY is missing algorithm field
Leon Xu (3):
IXFR shouldn't remove RRs which aren't in deleted list
speed up IXFR transcation
import test for IXFR ending
Lowell Mower (8):
add regression test for server-up metric
add metric line to interpolate value returned from countServersUp
add function to get count for servers with status UP within a pool
c++11 loop style for countServerUp()
hardcode servers and up/down in the configuration attribute
change return value to size_t for countServerUp
remove unnecessary class attributes
move constant in countServersUp() signature
Mark Janssen (1):
Fix typo/sentence
Mark Zealey (1):
Fix SERVFAIL when backend returns empty DNSName
Marlin Cremers (2):
dnsdist: Move PoolAvailableRule to rules section
dnsdist: Add Prometheus latency histogram support
Martin Heiland (2):
Making swagger code-gen happy.
Also fixing duplicate mapping key
Matt Nordhoff (21):
pdnsutil.1: Add Ed25519 and Ed448, document ECC keysizes
pdnsutil.1 and settings: Add ed448, and remove way-old algorithms
settings.rst: Remove ecc-gost too
Remove trailing \n from runtime_error message
pdnsutil documentation ECC algorithm updates
pdnsutil: Fix "is is" typo in help
docs: Fix a few reference markup errors
profile.rst: Remove GOST
Make pdnsutil set-publish-cds default to SHA-256 only
Clarify XPF support in Auth changelog
docs: suggest putting bind dnssec db in /var/lib/powerdns
auth: Ensure that pdns can read pdns.conf when upgrading from an older package
Add distributor-threads setting to rec performance docs
docs: Add 4.2 schema links
auth: Add 4.3.0 schema files to Makefile.ams
auth: Add enable-foreign-keys.mysql.sql to packages and Makefile.am
auth: List the 3.4.0+ SQL schema files wherever the older files are.
auth: Include bind schema files in pdns RPM
auth: Include bind schema files in debs
Deduplicate EXTRA_DIST and dist_doc_DATA in modified Makefile.ams
rec: docs: Update the allow-from setting default.
Matti Hiljanen (8):
dnsdist: add frontend response statistics
dnsdist: print stats from expungeByName
auth: bindbackend: use metadata for also-notifies as well
auth: SLAVE-RENOTIFY zone metadata support
auth: allow SLAVE-RENOTIFY in API too
auth: add configurable timeout for inbound AXFR
dnsdist: add sessionTimeout setting for TLS session lifetime
dnsdist: document sessionTimeout
MaxWichern (4):
Update domainmetadata.rst
Update domainmetadata.rst
Update docs/domainmetadata.rst
Update domainmetadata.rst
Mike Damm (1):
Clarify documentation to reflect actual behavior
Mischan Toosarani-Hausberger (5):
Implemented prometheus metrics-endpoint for auth
auth: Change StatType for some metrics from counter to gauge
auth: Declare ring-capacity metrics as gauges.
auth: Declare ring-size metrics as gauges
dnsdist: Use toStringWithPort instead of manual addr/port concat
Neil Cook (18):
Newly observed domain support using a stable bloom filter to record previously seen domains.
Make NOD and Boost FS conditional for compilation based on configure flag
Fix incorrect tests for NOD in configure
Refactor NOD code
Add NOD and UDR to Protobuf Logs
Update ProtobufLogger.py with info from new NOD and UDR flags
Add UDR Tracking and refactor NOD support
Add thread ID to snapshotCurrent()
Make SBF size configurable
Remove the NOD and UDR info from Protobuf *before* adding to packet cache
Account for the fact that udr and nod flags are optional in protobuf
Fix code-review issues:
Update settings documentation:
New methods to add and remove individual policy tags
Support for protobuf policy tags for NOD and UDR
Document NOD and UDR policy tag configuration
Documentation for the NOD and UDR features
Make title underlines match title in nod rst documentation
Nick Douma (3):
Add instructions for running PowerDNS on CockroachDB using generic pgsql
Remove duplicate PRIMARY KEY statement
Clarify what index to skip
Nicko Dehaine (34):
Support for APL Records
Fix record name in doc
Fix ordering
Updated to use Netmask class and boilerplate
Lexicalcast not needed after move to ComboAddress/Netmask
Simplify loop to parse address in incoming packet
Use boolean for negation flag
Style fixes
Fixed travis warning
Add APL field name to spell check
Target 4.4.0 for APL records
Use boolean for negation flag (class definition)
Fixed netmasks and added tests
Fix record name in doc
Fix ordering
Add support for zero and multiple items in the APL RDATA
Fix record name in doc
Fix ordering
Fix rebase
Fix record name in doc
Fix rebase conflict
Fix record name in doc
Fix ordering
Merge
Fix record name in doc
Target 4.4.0 for APL records
Fix record name in doc
Fix rebase
Fix record name in doc
Fix rebase conflict
Fix doc
Replaced bzero with memset
Removed duplicate entry
Use an union for the ipv4 and ipv6 fields
Nico Cartron (6):
added LMDB backend info
fixed weird line, and moved each sentence to a single line.
specified defaults for lmdb-shards setting
made the 'nometasync' sync mode explanation more clear
Added details about 'lmdb-sync-mode=sync' option
Specified that mapasync is the default mode for lmdb-sync-mode
Nicolas R (1):
Reload systemctl service on install and updates
Nuitari (1):
Update pdns/dnsdistdist/dnsdist-healthchecks.cc
Oli Schacher (7):
fix partial Partial
compile options reference the Recursor instead of the Authoritative server
fix showTLSContexts tab completion
fix typo rzpMaster, lowercase settings
mention slave-renotify in notification warnings
fix doc typo: expension->expansion
document direct-dnskey setting also affects CDS and CDNSKEY records
Olivier Voortman (1):
Improved Lua records - Added all and none selector, added defaultSelector on ifurlup()
Olivier van der Toorn (1):
Fix syntax error for replace-rrset
Ori Markovitch (1):
See #3602, made requests always return to sender, for usage in multi master slave zones. Also - made sure that the master that is questioned for updates will be selected randomly, to prevent repeatidally asking a dead master for updates
Otto Moerbeek (443):
Rec: Set socket buf size for control socket.
Fix logger time_t issues on at least OpenBSD.
Followup: Only set buffers size if increasing it.
Failure to raise socket buf size is not fatal
Use mmap for stack allocation, adding the MAP_STACK flag on OpenBSD.
Use mmap for stack allocation, adding the MAP_STACK flag on OpenBSD.
Fix maybe-unitialized warning while improving the test to use the return value
Tweaks to the rollover docs: make a few things explicit.
Tweaks to the rollover docs: make a few things explicit.
Use symbolic names for enum values instead of hard-coded ones.
Avoid unaligned access, it hurts on e.g. sparc64
sprintf, strcpy and const method case
Avoid infinite loop in mydnsbackend.
Utility::random() and srandom() is not used anymore.
Use dns_random() for generating the id of the notify message.
Move from random() to dns_random()
Add back call to srandom() in common startup. srandom() is still used
Replace almost all occurences of random() by dns_random().
Change the way getRealMemUsage() works on Linux (using statm)
Init required args before calling dns_random()
Add new objects to OBJECT-GROUP; use "self" instead of getpid()
Autotool scaffolding for using dnstap messages in recursor
Don't convert nsec to usec if we need nsec
WIP code for dnstap of cache misses
Lua config for dnstap works in basic testing.
Fix dns_random() in pdns_notify, it needs ::args setup properly.
If a type is complex, you need to specify a separate type: clause.
Allow for fstrmlib queue options to be set; switch for logging queries and/or answers only.
Document dnstap framestream functionality.
Basic test for dnstap over framestreams
Set IP(V6)_RECVERR socket option to get notified of more than just
aaaa-additional-processing does not exist anymore
Don't use doLog.hh in recursor, ifdef around it.
Use separate class for recursor dnstap messages.
Use a dummy class if the framestream lib is not available.
Eliminate the loop in SyncRess:getAddrs().
Zap the if (true); it apparently does not make anything clearer.
Skip a few tests (and still keep some good coverage) as not to hit the Travis
Add optional framestream related files to EXTRA_DIST
Move back to malloc on !OpenBSD. Doing mmap/munmap all the time hurts too much.
Use RecDnstapMessage for recursor queries.
Initial code for ecs-cache-limit-ttl.
Add tests for ecs-cache-limit-ttl
New approach. I spelled out the logic to make it more clear.
Only apply "do not cache" if both limits are set and satisfied. Doc tweaks.
Reformulate condition and comment to make it more clear.
A way to fix https://github.com/PowerDNS/pdns/issues/7646. It might
Rearrange; to avoid uninitialized var and bail out after exception,
Better logging, so the operator knows where to look.
Fix 7680: gmysql-thread-cleanup option documented incorrectly
OpenBSD only has protoc 3.x; tell python to install the proper runtime.
Any order is good for SetACL.
Cleanup configs and make sure cert chains does not contain old certs.
Fix unaligned access. Spotted in the wild on OpenBSD/armv7.
Use a smaller test size to not fill the pipe buffer on systems with a small one.
Add comment on upper bound
Alternative solution to the unaligned accesses. No tricks with the alignment of the union,
Basic speedtest for NetmaksGroup
Explicitly call reportAllTypes() at test suite init, to avoid almost
Explicitly call reportAllTypes() on test suite init, it is needed for various tests.
Fix init of global to make tests order independent.
Tweaks suggested by rgacogne.
Avoid shadowing of var names and use modern C++
Split test-syncres_cc.cc into multiple files to make them more
Fix a delete call on abstract class without virtual dt clang warning.
Do not busy loop if we get lots of notifies. Also rewrite
Use a condition variable and restore the loop to be more like the original code.
Minimal fix to avoid busy looping. The condition_variable varant showed
Use for (const auto &i : collection) style loops
Add some notes explaining why some validations are not relevant in the dnstap case.
Allow unix domains sockets for dnstap destinations
stubquery: Fix handling of optional type arg.
Check syntax during configuration and add fix docs.
Port calidns to openbsd and other systems without recvmmsg or sched_setscheduler.
Fix error handling in poll loop.
Set the query-zone field in the dnstap messages. This requires passing the auth zone
Remove unneeded AM_CONDITIONAL line.
Simple blacklist handler for StatBag. Not configurable but that
Maintain blacklist inside StatBag.
Merge pull request #7908 from omoerbeek/rec-4.1.14-changelog
Append the basename of the target branch to the name of the created branch.
Qname minimizaton.
Proper annotation for RFC link in docs.
Resolve merge errors.
Comments from pieterlexis: comment args, restructure "no ancestor found" case, zap newlines in trace.
errno review wip
Fix default value and versionadded for allow-trust-anchor-query
Proper default value for allow-trust-anchor-query
Fix config template and remove old root trust anchor
Fix missing .. changelog:: line
And a missing change::
Add a few secpoll unit tests.
Merge pull request #7966 from omoerbeek/rec-4.2.0-rc2-changelog
Align cmsg aux data, as recommended by OpenBSD manpage.
typo
Fixerror: flexible array member 'cmsghdr::__cmsg_data' not at end of 'struct MMReceiver'
Exact string returned is lib dependent. So only check prefix.
Comment on cmsgbuf_aligned in the proper place.
Another batch
typo
Fix indent.
Clear CMSG_SPACE(sizeof(data)) in cmsghdr to appease valgrind.
Remaining strerror(errno) -> stringerror() conversions
And a sweep of .hh files for stringerror(errno) -> stringerror()
Another time sensistive test fixed with a fixedNow construct.
Changelog and secpoll for upcoming rec-4.2.0 release
Change security status of rec 4.2.0 prereleases
State the effects of the new support policy.
Add 8074
Killed stray newlines
Update version added
Fix includes
Fix the rfc1982LessThan template, it only works properly if the cast is done to a same-sized type.
Add static assert to ensure T is unsigned.
Some unneeded float<->double conversions.
Some stringerror() missed cases as spotted by chbruyand
Revert "Bail out when no Context library is available"
Move to newer alpine for docker buildbot, needed for proper
Revert "Revert "Bail out when no Context library is available""
First stab at Lua pdns_features table
Allow for pdns_features to be set for all products.
Fix stray sentence
Fix inverse handler registration logic for SNMP.
Add unit test for #8231.
Fix test to correctly use getQueryPolicy
Add missing inc in rpz findClientPolicy loop.
A AuthDomain unit test for a wildcard in combinaton with an ent
rec: fix two coverity issues
Do not use addLuaAction in example config
Parameterize dnstap configure default (rec=no, dndist=auto)
changelog and secpoll update for rec-4.3.0-alpha1
Index: ref to 4.3.rst
rm obsolete service file; we generate one these days
Two stray spaces fixed: less strange formatting
Review comments: change prefix to pdns_recursor, some type changes
Move to buster and make sure the env is the same for interactive and non-
Fix out-of-bound access for zero length "serialized" string.
Enable dnstap and include libfstrm
Make the test succeed but print warnings. Once issue #8231 is fixed
Move CHECKs to WARNs so the test succeeds and refer to issue #8321.
Fix cwd for dnsdist and rec when uploading tarballs so ./builder-support
Remove version number
clang-format file proposal
Fix #8338: Issue with "zz" abbreviation for IPv6 RPZ triggers
Incorporate suggestions from rgacogne
Some low-hanging LGTM fruit
Missed one case of localtime()
Add lgtm annotations and #error directives if we're configured wrongly.
Add script to format code, leaving the file untouched if not changed
bind backend: pthread_mutex_t should be inited and destroyed and not be copied
Problem found by coverity.
chmod/own recursor.conf for the systemd case
chown/mods for systemd case for more smooth upgrade
Cleanup copy constructor/assignment op "rule-of-2" violations.
Build Newly Observerd Domain (NOD) support by default.
Auto, conditional on availability of boot-filesystem lib
Printing a pthread_t on platforms having a non-int pthread_id
Fix chmod paths in rules files
Correct chmod paths
Use -Wextra -Wshadow.
Some more shadowing going on
Add copy-ct, gcc C++ lib <= 4.8 seems to need it.
While there is no shadowing going on for global functions, improve
And declare assignment operator deleted
Allow multiple simulaneous incoming TCP queries over a connection.
- Fix multiplexer accounting in the write error case
On read error we remove the fd from the set. If there are still queries in-flight
Using a variable format string opens up all kinds of cans of worms.
Add unit test for zone file with template
Proper in-flight maintenance; settable setting with doc.
A few shadowing cases.
More modern C++ idiom
Tests, docs and validation of OOO setting.
Teask: more auth threads and prime the delay.example NS
Use two auths to avoid serialization problems, as suggested by Habbie
Basic validation of $GENERATE parameters
prime tld of root name server names
Also call primeRootNSZones() from syncres (after primeHints())
Disable one OOO test that mysteriously fails on CircleCI so others
Disable the other OOO test as well while investigating CircleCI specific failures
Illegal -> Invalid
Add a comment explaining things.
Fix OOO tests on CircleCI and enable DNSSEC for them as well.
Fix auth logging if no packet cache; from Habbie
Wipe entry form cache before getting a new one to make sure we
Prep for rec-4.3.0-alpha2
Do not wipe . NS; this can happen with custom hint files that are
It is better to make sure . entries are not added to the set.
Move to alpha3, since alpha2 contains a last-mintue introduced error.
And alpha3 in secpoll
Minor corrections as suggested by rgacogne
Pipe the output of pip to cat, so it produces no procress bar which
Do not log SKIP on each packet when PC is disabled.
Less aggressive 8020: by default only cut at NXDOMAIN if the entry is Secure.
Updated docs for nothing-below-nxdomain
Even for HardenNXD::Yes we don't want to believe Bogus NXDOMAINs.
Avoid mthread race when using the set of rootNSZones.
Test case for 8020 with dnssec enabled
Doc tweaks
Zap unsued code in test
Enable qname minimization by default.
Typos in comments
Make threads run until asked to stop.
sig_atomic_t is defined in signal.h
Join the worker thread in the unthreaded case as well, there is actually 1 thread plus
Fix markup
Revert "Rec 8020 docs fix"
Markup fix
Make threads run until asked to stop.
Cleanup some global resources.
Purge map of failed auths periodically by keeping a last changed timestamp.
man page bits
Also purge t_sstorage.ednsstatus and include edns size in the periodic report.
If modeSetAt is zero, we never updated the entry and it can go.
ednsmap might be cleared while yielding; so reassign pointer.
Explicitly initialize RecursorControlChannel::stop
Avoid looking up an entry twice by using a ref.
Use multi-index for all time-based tables except nsspeeds
Avoid startup race by setting the state of a tread before starting it.
Check return value of dup() and avoid fd leak if if fdopen() fails.
We have reasons to believe that QName Minimization is no longer experimental.
Explain the condition that must be true for the adding of auth zones and
Further steps in nsSpeeds cleanup:
Further steps in nsSpeeds cleanup:
pthread_rwlock_init() should be matched by pthread_rwlock_destroy()
More robust script
quotes
Reformat
Check if formatting is ok
Do not show verbose messages if !tty
Avoid having to use numbered indexes by given all indexes a tag
Use [ -t 1 ] as suggested
NULL -> nullptr
Correct when to replace a throttle entry
Avoid copying of pthread_rwlock_t
Prep for rec-4.1.15
Prepare for rec-4.2.1
Rebased; test files were reformatted
Prepare for rec-4.3.0-beta1
Suggestions by Habbie
Update pdns/recursordist/docs/changelog/4.3.rst
Upgrade guide for rec-4.3
hyphen vs underscore
Give recursor relevant examples.
User differs on Debian vs CentOS
Bump max-qperq default to 100; this is enough for rev v6 queries with cold
QName Minimization consults the cache first to see work needs to
Introduce test for PR 8648.
Set default maxqperq to 60, and allow for extra if qname-minimization is on.
Fix compilation on OpenBSD where stdin is a define
Slightly different approach as suggested by rgacogne: if
correct cast
Give an explcit messsage if something is wrong with socket-dir.
Fix ./syncres.hh:228:20: warning: initialized lambda captures are a C++14 extension
Prepare for recursor 4.3.0-beta2 release
secpoll
Add PR 8704
EPEL 8 now has libfstrm-devel
Better function name as suggested by rgacogne.
Explicit--enable-dnstap, as suggested by lieter.
EPEL 8 now has libfstrm-devel
- Explcitly enable dnstap for debian-stretch and buster
Document the difference between rec_control quit and quit-nicely.
typo
Prep rec-4.3.0-rc1
tweaks
WIP for researching #8697
Update security email addresses
Remove duplicate *PolicyTags docs
Introduce an explicit refreshFromConf arg to RPZIXFRTracker.
Tweaks for minimum time
Warn at refresh=0
Typos
Continue evaluation of RPZ rules after passthru, taking
Set the d_priority field in the policy objects of a zone.
Test clientIP before name, fix one more cutoff condition.
Avoid copying policies around by passing a Policy& that gets modified
Formatting
Fix compilation issue on older compilers
Rebased to handle NetmaskTree changes
Init zone's d_priority field.
Prep for rec-4.3.0-rc2
Fix compile errors without snmp support
Fix unsigned vs signed warnings spotted by clang on OpenBSD
dnsdist: Prevent referencing a Lua pol after the Lua ctx has been destroyed
Prepare for reformat-all
It's 2020
Prep for rec-4.3.0
Formatting
It's 2020
EOL rec-4.0.x and tidy a few entries.
In .rts a \ is \\.
wip
wip2
get total size beforehand
Show recursor log on failure
Also invalidate cachecache on prune
Run more variations of rec bulk test and also do two run…
clrpackages
pushed a commit
to clearlinux-pkgs/pdns-recursor
that referenced
this issue
Feb 9, 2021
…rsion 4.4.2
1848 (1):
Add option to set interval between health checks
Adam Majer (1):
Fix compiler warning about returning garbage
Aki Tuomi (116):
ext/luawrapper: Add toString and eq to LuaContext
lua-base4: Add base lua for auth and recursor
Use BaseLua4 with both auth and recursor
lua-base4: Refactor to load from non-file sources
lua-auth4: Add DNSPacket to Lua
lua-auth4: Move prequery to new lua framework
lua-auth: Remove unused sources
lua-auth4: updatePolicy should default to accept when not present
testrunner: Add unit test for lua-auth4.cc
fix recursor prequery scripts
fix check_stest_source
pdns: Fix dependency tracking for backends
pdns: Improve error when record data is not consumed
pdns: RecordTextReader - trim whitespace
tinydnsbackend: Use toDNSStringLC since lowercase is preferred
Use DNSName in RecordTextReader
geoipbackend: Whitespace fixes
geoipbackend: Move GeoIP handling to separate class
geoipbackend: Replace GeoIPLookup with GeoIPNetmask
geoipbackend: Reorder includes
geoipbackend: Switch to new filename syntax
m4: Improve geo backend dependecy checks
geoipbackend: Add mmdb interface
geoipbackend: Make GeoIP interface optional
geoipbackend: Skip non-TXT results that format to empty
geoipbackend: Add location support
geoipbackend: Add per-AFI IP expansions
geoipbackend: Update documentation
geoipbackend: tests - fix edns subnet usage
geoipbackend: Fix error message formatting
geoipbackend: Use only our own database for tests
geoipbackend: Add a location test
geoipbackend: Add regression test for per-AFI variables
geoipbackend: Add edns subnet geoipregionip where needed in tests
geoipbackend: Add mmdb support for regression test
travis: Remove geoipregion* from travis settings
travis: Add libmaxminddb-dev to auth dependencies
travis: Run geoipbackend test with mmdb database
pkcs11signers: Get actual slot IDs from PKCS#11 device
pkcs11signers: Support separate public key label
pdnsutil: Check that hsm was provided a sub-command
pkcs11signers: Use OpenSSL to parse EC parameters if available
lua-base4: Add newDRR for making DNSResourceRecords
lua-base4: Expose more DNSName methods
lua-base4: Add QType methods
pdns: Include lua-auth and it's dependencies in pdnsutil
lua2backend: Add new backend
travis: Run tests for lua2
build lua2 backend packages
build-scripts: Use correct example file for lua2
m4: Check for randombytes_stir
m4: Check for openssl random generators
configure: Check for system random number generators
pdns: Implement new dns_random
dnsbackend: Make isMaster a const
docs: geoip-database-files has not been dropped in v4.2.0
ssqlite3: Add missing overrides
godbcbackend: Add missing overrides to SODBC
pdnsutil: Use new domain in b2bmigrate
docs: Disable parallel build for docs
docs: Add support for clean
geoipbackend: Fix struct/class usage
geoipbackend: Add struct for holding geoip service
geoipbackend: Hide queryGeoIP
geoipbackend: Make sure initial netmask is not too wide
geoipbackend: Optimize lookup
geoipbackend: Avoid expensive destroy during initialization
stubresolver: Improve locking
geoipbackend: Check GeoIP_id_by_addr_gl and GeoIP_id_by_addr_v6_gl return value
geoipbackend: Document that MMDB support has been added in v4.2
geoipbackend: Handle read error for config file
m4: Fix lua.hpp check to actually work
geoipbackend: Allow empty content for ENT record
dnsupdate: Update documentation to indicate that both source IP and TSIG key name checks are skipped
pdns_notify: Support hostname for notification
pdns_notify: Implement 60 second timeout
pdns_notify: Fix logging
Update supermaster-signed test expected_result
pdns_notify: Update manpage
pdns_notify: Update usage
remotebackend: Implement getUpdatedMasters
gsqlbackend: Reset correct query in searchComments
remotebackend: http connector - Properly escape parameters
lua-recursor4: Add missing getregisteredname Lua function
packethandler: Compare TSIG key name using DNSName
geoipbackend: Use Netmask instead of string
json.hh: Fix shadowing arg
nsecrecords.cc: Fix shadowing variables
opensslsigners.cc: Fix shadowing variables
opensslsigners.cc: Fix parameter name
opendbxbackend: Rename list to domains
gmysqlbackend: Rename connect to set_connect
pipebackend: Rename receive variable to received
iputils.hh: Rename parent to pparent
dnsdist.hh: Rename isTCP to isTCP_
rfc2136handler.cc: Rename forwardPacket to l_forwardPacket
slavecommunicator.cc: Rename notify as doNotify
webserver.hh: Rename what as what_arg
speedtest.cc: Remove duplicate rr local
global: Normalize isIpv6 to isIPv6
global: Normalize isIpv4 to isIPv4
docs: Update documentation about isIPv4 and isIPv6
docs: Update upgrading info
docs: backends/pipe - Fix performance page location
ws-auth: Check DNAME records correctly
regression-tests.api: Update tests
regression-tests.api: Add future test for nothing under DNAME
opensslsigners: Add missing 'static' keyword
pkcs11: Fix module path for CryptAS example
pkcs11: Document how to use SoftHSM2 remotely.
misc.cc: Resize hostname to final size in getCarbonHostname()
test-misc_hh: Add test for getCarbonHostname
communicator: Allow forcing domain retrieval
dynhandler: Allow specifying master IP on retrieve
pdns_control.1.rst: retrieve - Document new parameter
dynhandler: Do not copy master value
Aleksandar Topuzović (1):
Fix typo in tsig documentation
Aleksejs Spiridonovs (1):
If master doesnt support IPv4/IPv6, but slave does
Alexander Fisher (1):
Docs: Add note about only needing ro db access
Alexander Huemer (2):
docs/dnsupdate.rst: Fix typo in getZoneName()
Fix test syntax in 'pdnsutil --help'
Andrea Tosatto (1):
Add missing CAP_SETGID and CAP_SETUID to the IXFRDist systemD unit file
Andrey Domas (3):
DNSNameSet and QNameSetRule
DNSNameSet and QNameSetRule, minor fixes
DNSNameSet and QNameSetRule, minor changes in docs
Anhad Jai Singh (3):
Add swagger spec for Authoritative Server HTTP API
Update swagger spec to v0.0.12
Update 4.1 changelog for auth-4.1.1 release
Antoine Joubert (1):
rec: debian postinst / do not fail on user creation if it already exists
Arjen Zonneveld (1):
Update index.rst
Baptiste Courtois (4):
auth: geoip - forbid 0 as weight value
auth: geoip, add regression test for issue #7051
auth: geoip, compute weight per QType
auth: geoip, check weight only on matching QTypes
Bas van Schaik (1):
Remove flake8 from lgtm.yml
Charles-Henri Bruyand (123):
Auth: Reload /etc/resolv.conf when modified. Fix #6263
Use RAII wrappers for locks and some cleaning following reviews
Don't check for changes more than once every 60 secs
dnsdist: Update deprecated syntax used in dist configuration file
recursor: add min-udp-source-port, max-udp-source-port and avoid-udp-source-port variables to tune the range of ports we use
rename new settings to group them, add documentation
remove typo
dnsdist: make lua actions second return value optional
improve documentation of addLuaAction and addLuaResponseAction
dnsdist: add missing definition for DNSResponseAction
dnsdist: test LuaAction optional second return value
dnsdist: ignore certificate files used by the tests
dnsdist: correct typos in doc, adjust regression test
auth: fix regression while handling user-defined axfr filters return values, and a typo in a documentation example
auth: add quiet modifier to pdnsutil rectify-all-zones command
auth: fix typo in command description
auth: add support for MB and MG RR types
auth: skip mailbox tests with mydns,tinydns and ldap backends
auth: tinydnsbackend / tests - document binaries used by generate-data.sh and update data files
dnsdist: add option to showRules actions to truncate rule length output
dnsdist: fix typos and replaces new typedef's name
rec: fallback to std::set when boost::container::flat_set is not available (boost version < 1.48)
rec: only notice if boost flat_set are not available
rec: allow to bind on udp port 1024
rec: remove unused plotter related code
rec: prefer prefix ++/-- operators for non-primitive types
rec: perform constructor initialization in initialization list
rec: prefer references for function parameters
rec: adjust format string formaters
rec: use C++11 range-based for loop
Auth: replace Socket::connect() implementation with SConnectWithTimeout
luarec: add basic tests
sync with g_log var
Auth: fix tools build
add --disable-lua-records option
add lua rec tests to travis build
missing requests package
auth: test GeoIP related features of LUA Records
remove unecessary requirements
clean todolist
rethrow lua execution exception with reason
add lua-reccord-exec-limit option to pdns_server
License minicurl files under the MIT license
adjust EXTRA_DIST source
docs: bump auth version to 4.2 for luarec integration
docs: clarify ifportup and fix some typos
luarec tests: double instructions performed to test timeout
fix configure issues and disable lua records for el6 and sles
configure: ensure lua is setup when lua records are enabled
dnsdist: allow known exception types to be converted to string
rec api: add subtree option to the cache flush endpoint
Skip subtree option tests against auth
details version the subtree parameters has been added
check if parameter has been submitted before accessing it
docs: document setVerboseHealthChecks()
pdnsutil: also load modules through the load-modules directive
pdnsutil: refactor loadModules()
auth-api: restrict creation of OPT and TSIG rrsets
auth-api: refactor checks of RRsets types while importing them
rec: add lua maintenance callback
rec: call maintenance() callback on every thread
rec: ensure lua-dns-script has been properly initialized
rec-tests: print the logs of supervised processes reported as running for less than 3 secs
rec: restrict maintenance() callback to worker threads
auth: sign CDS/CDNSKEY RRsets with the KSK
luawrapper: report caught std::exception as lua_error with a nice reason message
dnsdist: default set "Connection: close" header for web requests
"Connection: close" is not a security header
bump version as 4.1.3 has been released
rec: REALLY restrict maintenance() callback to worker threads
dnsdist: add consistent hash builtin policy
dnsdist: consistent hash - compute hashes at object initialization
dnsdist: consistent hash - only pre compute when policy is set to chashed, lazy-load otherwise
dnsdist: consistent hash - get rid of intermediate map construction
recursor tests: replace awk command by perl
ensure server's weight is properly bounded
Fix greediness issue
dnsdist: consistent hash - also check for individual pool's policies before pre-computing backend's hashes
rec: fix outgoingProtobufServer config instanciation
dnsdist: do not iterate over hash map for consistent hashing based query distribution
fix string format issue on 32bits arm
dnsdist: add setConsoleOutputMaxMsgSize function to tune console output message maximum size
dnsdist docs: update documentation on updating ACLs via the API
dnsdist: add ability to update webserver credentials
Update test_API.py
dnsdist: refactor webserver config in a single table
auth: api - Check if the DNSNames that should be hostnames, are hostnames
Update dnsdist-lua.cc
auth: api - wrap hostname check in a single function
nit style
check argument lists emptyness
report execution failure in wildcard LUA records
expose DNSName::getRawLabels
auth: lua records: document DNSName, DNSHeader, DNSResourceRecord API
auth: lua records: document DNSRecord objects, and other functions and constants
restore deleted file
dnsdist: add optional UUID field to showServers() and clarify doc about chashed distribution mechanism
dnsdist: fix documentation nits and add completion documentation for showServers new options
auth: geoip, properly delete libGeoIP return values
auth: lua records - mirror backupSelector behaviour to ifportup
auth: lua records - nit style
auth: lua records - remove "none" selector, add test for "all" backup selector
auth: docs - increase latex maximum list depth to avoid reaching max nesting level
auth: make --enable-lua-records switch plural
Prefer prefix ++/-- operators for non-primitive types
Perform initialization in initialization list instead of in constructor body
Prefer const references where applicable to avoid unnecessary data copying
auth: lua-records - get rid of getStatus(), avoid object leak and align var type to format string
Remove unused variables
Explicitely avoid object copy for Semaphore, ChunkedSigningPipe, SingleThreadDistributor, and MultiThreadDistributor
rec: fix compilation warnings by replacing snprintf with boost::format
rec: reduce log message urgency of non pertinent errors
Revert some changes as suggested by rgacogne
Fix missing word in pdns/recursordist/docs/lua-config/rpz.rst
all: DNSName reserve memory before converting to string
all: DNSName avoid copying labels while converting to string
recursor: add new deviceName field to the dnsmessage protobuf export
lua: DNSQuestion, actually export deviceName and deviceId attributes
docs: fix version numbers
auth: register lua functions only once when shared context
pipebackend: remove unused variable
auth: lua refactor health checks monitoring
auth: lua monitoring, lock on status change, better report malformed options content
Chris (Someguy123) (3):
Various small corrections for reverse DNS functions
Added section on using Lua records with generic SQL
Packages needed for Ubuntu 18.04 + how to build sphinx docs
Chris Boot (2):
Swagger: fix definition for putTSIGKey operation
Swagger: fix Error object definition
Chris Hofstaedtler (165):
Update/add macOS compilation notes
Remove redundant --with-lua
Handle bracketed IPv6 addresses without ports
Drop useless if branch
Quiet unused variable warning on macOS
Recursor: add ecs-add-for option
regression-tests.recursor-dnssec: improve equality test output
regression-tests.recursor-dnssec: make this somewhat usable on macOS
sdig: avoid segfault when ednssubnet is given with no arg
Add TempFailureCacheTTLAction
ldapbackend: fix listing zones incl. AXFR
regression-tests.api: clean up runtests.py wrapper
API: Expose ResponseStats and Ringbuffers
Forbid creating algo 5/8/10 keys with out-of-spec sizes
Use algo constants where possible
Add ERCodeRule
Improve DNSUPDATE prereq check log messages
bindbackend: handle std::exception during startup zone-parsing
Avoid including statbag.hh in recursor
dnsdist: Expose tempFailureTTL to Lua
dnsdist: add docs, test for TempFailureCacheTTLAction
ecs-add-for: add better wording from @rgacogne
Update EDNS Option code list
Remove obsolete EDNS PING code
Remove debug leftovers
Fix incorrect comment in testcase
testcase: do not add "unused" response to queue
Store rcodes as unsigned
Do not pretty-print out-of-range RCodes
Use c++-style casts
Clarify where offset comes from
tests: use sdig from PATH if available
Remove unused struct QueryInfo
resolver: remove pointless optional-local sendResolve overload
sendResolve: improve local socket making error message
Resolover::resolve: dont second guess local socket choice
slavecommunicator: remove dead variable
auth: remove obsolete directResolve stub
Fix macOS build: Use IPPROTO_TCP instead of SOL_TCP
Minimal fix to make primeHints threadsafe
Fix copied code
Rename getRuleID to makeRuleID
rm*Rule: rename num to id
docs: replace order with position
Warn when no rule was matched by uuid in rm...Rule()
add uuid= option to addLua*Action, mirroring add*Action
docs: fix some rm*Rule inconsistencies
recursor: abort when unused arguments remain
dnsdist: reduce resprulactions/cachehitresprulactions code deuplication
dnsdist: add rules for self-answered responses
dnsdist: record query time in DNSQuestion
Add dnstap-compatible protobuf support to dnsdist.
dnsdist: fix build without protobuf
Clean up QTag code
Report Lua(Response)Action failures
tests: Add rule-servfail to test_API
In tests use protobuf3 on macOS
dnsdist: Move Lua(Response)Action operator() out of header file
debian: drop allow-recursion handling
debian: fix ucf registration (same as Debian bug#816362)
dnsdist responderThread: rename state to dss
dnsdist: update self-answered only for actually sent UDP responses
dnsdist: update latency stats for all UDP responses
dnsdist: account latency for responses to TCP queries
dnsdist: docs: clarify some stats items
Remove leftover -I ext/rapidjson
TeeAction: make getStats() order deterministic
dnsdist: create RemoteLoggers in client mode, but avoid connecting
dnsdist tests: make py3k compatible and pick py3k if available
Document protobufServer behaviour change
api tests: fix up for py3k and other cleanup
Auth API: return status 409 if domain already exists #4482
api tests: pick python3 if available
Remove latency tracking for TCP again, for now
dnsdist: avoid LuaWrapper assert on errors in newServer()
Split PDNS_ENABLE_UNIT_TESTS so recursor, dnsdist dont have meaningless --enable-backend-unit-tests
dnsdist: sort features in --version output
dnsdist: add --version to --help
dnsdist: warn about -k in /proc/x/cmdline
dnsdist: kill unintentional -s alias for --supervised
dnsdist: remove optional arg from short-form -v
dnsdist: (re-)sort long and short options
dnsdist: avoid hiding -k/--setkey from "plaintext" builds
Fix reorder warning: field 'd_rname' will be initialized after field 'd_st'
make clean: rm generated .service and .conf-dist files
dnsdist tests: avoid failure on not-so-optimal distribution
Catch exceptions by-ref
Add some missing header include guards
Add config for lgtm.com
Remove redundant function declaration
API docs: zone delete returns 204
API: Remove ENTs when "replacing" new records
gmysql: Use future-proof statement for transaction isolation
Auth API: add zone lookup by /zones?zone=example.org.
Allow running "brew bundle" to fetch deps
dnsdist: Expose toString of various objects to Lua
Initialize some missed qtypes
Style
Remove broken, unused buildroot.sh.in
Clean up some old docstrings
Merge UNIX_declareArguments into declareArguments
docs/dnssec: improve HTML rendering of table
docs/dnssec: add note about CD flag
docs/dnssec: improve HTML rendering of table
serialtweaker: add comment on why empty SOA-EDIT is "wrong"
serialtweaker: drop extra check for case that is handled further down
Allow compiling against MySQL 8 client header files
check-all-zones: find duplicate zones and SOAs
Workaround MariaDB pretending to be MySQL
Drop api-readonly configuration setting
Add pdnslog to Lua configuration scripts
Remove leftover multi_index_container tag structs
Fix removal notice in docs
README.md: fix typo in macOS instructions
Update and re-sort feature list in --version output
builder-support: finish up ucf removal for sql backends
Fix typo in "collisions"
whitelist.words: Add "filtername"
Resync yahttp code to cmouse/yahttp@11be77a1fc4032ed268cb5a80eb2aa1d14ce849d
Auth. API: improve RRset validation
Rename type to object_type
API: improve handling of out of range modified_at value
remotebackend: fix SOA in unittests
Fixup test-remotebackend.cc
Debian packages: remove duplicated dnsdomain2.schema
API: Mark set-ptr as deprecated
Webserver: simplify access to apikey/password
recursor webserver: allow accessing some API endpoints using password
recuweb: remove api-key from interface, can just use basic auth
Fix some spelling errors found by lintian
Update URLs to use https scheme
README: remove OpenCSW advice
ext/ipcrypt: Ship LICENSE in tarballs
Fix some spelling mistakes noticed by lintian
API: do not return dnssec info in domain list
Support optional ?dnssec=false flag on listing zones
Fix typo: settting to setting
Remove not implemented zone check API from spec
gpgsqlbackend: Avoid actually prepared statements
gpgsqlbackend: remove d_nstatement
Make Lua mandatory for Auth
Update docs
Update my name in old changelogs
Replace include guard ifdef/define with pragma once
Install bind SQL schema files as part of bindbackend
builder: use new --config=default for building config templates
builder: avoid config change prompts on each pdns-recursor update
Optimize IXFR-to-AXFR fallback path
Address feedback from #9176
API: Allow rectifying Slave zones
Set SyslogIdentifier for multiple instances
API: forbid rectify for presigned zones, only
gpgsqlbackend: add parameters to query logging
gpgsql: Reintroduce prepared statements
spgsql: tidy up
auth: log more pdns_control actions
auth: add used master address to slave check logs
auth: immediately fill account, masters on zone create
Fix typo
backends: Pass masters as vector<ComboAddress>
Remove redundant toLogString() calls
bindbackend: fix zoneId in log statement
auth: 0 as nullptr cleanup
gsqlbackend: allow backend-specific queries
gpgsql: avoid reconnect on connect
Christian Hofstaedtler (5):
Remove serializeSOAData, refactor calculate/edit/increaseSOA
serialtweaker: remove fallback, make DEFAULT an explicit choice
Have a test for SOA-EDIT-INCREASE via the API
INCEPTION-INCREMENT: avoid jumping by two on every increase
dnstap.rst: Fix some editing errors
Cmdr Riker (2):
update docs for upcoming custom response header changes for dnsdist
dnsdist: Add support for custom DoH headers
Colin Mitchell (1):
Add parameters to swagger API definition for creating zone
Costy Petrisor (1):
parsing `dont-throttle-names` and `dont-throttle-netmasks` as comma separated lists
Dan McCombs (1):
Restrict value range for weight parameter, avoid overflowing and dropping queries if the sum of all weights is greater than the max value of int.
David Freedman (1):
Dynamic blocks were being created with the wrong duration (the detection interval was being used).
Dennis Koster (2):
Added IN to the output of API export function
Updated test_export_zone_json and test_export_zone_text to include the IN in the output
Dmitry Alenichev (4):
respond with RCODE=BADVERS on EDNS version >0 (rfc6891)
replace RCODE=BADVERS response on version >0 with a rule to match on the
pass empty response
make passing empty response optional
Dominic (1):
[dnsdist] Doc fix of carbonServer
Dominic Luechinger (1):
Fix wrong version numbering of new features
Donatas Abraitis (2):
geoipbackend: Add libmaxminddb-devel dependency for CentOS
docs: Add small description for pipe backend about distributor-threads
Doug Freed (2):
Make travis use a modern python
dnsdist-console: flush cout after printing g_outputBuffer
Edward Dore (1):
Fix trusted-notification-proxy port
Emil (4):
Add a new command to add a super-master to SQL backends
Remove unnecessary .patch files
Add some documentation regarding the new comand
Add bash completion
Enna1 (1):
fix typo in comment in syncres.cc: 'FRC 7129' to 'RFC 7129'
Erik Winkels (18):
Add upgrading note for #5915.
Update changelog and secpoll for rec-4.1.1.
Add fixes suggested by @habbie.
Add syntax to dns.proto to silence compilation warning.
Update changelog, secpoll and advisories.
Replace XXXX with (now known) PRs.
Update changelog and secpoll for rec-4.1.10.
Fix broken grammar.
Update changelog and secpoll for auth-4.2.0-rc1.
Update changelog and secpoll for rec-4.1.12.
Update secpoll for rec-4.1.14 release.
Fix typo.
Add script for generating repo files.
Update docker repo script for auth-4.2.1.
Update docker repo script for rec-4.2.1.
Fix CentOS 8 issue and install `dig`.
Add `auth-43` and `rec-43`.
Add support for rec-43.
Florian Kaiser (1):
Fix typo in SQL query name in documentation
Florian Obser (1):
Include unistd.h for chroot(2) et al.
Frank Louwers (19):
Document the removal of api-readonly for the pdns-auth as well
Make pdnsutil check-zone more consistent.
Fix error in setQueryRate warning example
Point out that the sql schema is for 4.2/master in the guide.
Fix typo in basic-database guide
Make guide more clear
Add documentation for pdnsutil delete-rrset and replace-rrset
Fix typo
Update index.rst
Update rules-actions.rst
Update qpslimits.rst
Add signal handling for SIGTERM and SIGINT in pdns_recursor
Only register our handler when we're pid 1, and change to doExit()
Add comments on why we need this
Typo. Thanks @phonedph1
Fix typo in setQueryRate docs
Clarify comment
Clarify allow-axfr-ips behaviour in combination with TSIG
Update docs/tsig.rst
Gert van Dijk (40):
docs: Improve "BIND-mode operation" for DNSSEC
docs: align meta-data -> metadata
docs: remove unintentional blockquotes in HTML
docs: fix formatting of 'PKCS#11 support' page
docs: Add 'hidden master' approach in DNSSEC security
docs: Fix formatting of some code blocks
docs: reword sentence in DNSSEC intro
docs: fix link in Lua backend
docs: Fix formatting of Lua2 backend API
docs: Fix link in Lua2 backend
docs: Other minor fixes
docs: HTTP API tsigkeys example shows wrong body
docs: formatting fixes for 'Dynamic DNS Update' page
docs: Use 'sudo' to install packages
docs: Emphasize no data should return in example
docs: fix links in 'Adding new DNS record types'
docs: Hide the toctree on 'Backends' index page
docs: Change occurrences of "note" to admonition
docs: fix several typos
docs: Add '(or zone transfer)' in sentence on BIND backend
docs: BIND backend - improve formatting of output status
docs: Add paragraph on benefits of the BIND backend
docs: Add a missing 'Default:' (consistency on page)
docs: Cross-reference DNSSEC-ALIAS limitation
docs: Consistent naming/casing of the BIND (backend)
docs: Add warning on empty bind-dnssec-db for slave operation
docs: specify type of 8bit-dns setting
docs: Add missing entry in table for the 'Lua' backend
docs: Remove superfluous comma in 'any-to-tcp' setting
docs: Align position of version annotation in settings
docs: fix some links (invalid ref-role usage)
docs: fix formatting of 'rng' setting options
docs: add use case for 'no-config' setting
docs: Alphabetically order settings
docs: fix Sphinx-build warning in ixfsdist.yml.5.rst
docs: fix link to setting loglevel in settings
docs: Note that supermaster support is off by default since 4.2
docs: Add 'bind-check-interval' setting default
docs: notes on 'bind-check-interval' <-> 'slave-cycle-interval'
docs: update pdnsutil 'set-nsec3' and NSEC3 narrow mode
Gibheer (7):
add more variables to carbon keys
add more variables to dnsdist carbon keys
fix lua for new carbon variables in key
add recursor functions for carbon key variables
use correct variable in carbon key string
add versionadded for the new carbon options
move defaults of carbon options
Greg Cockroft (1):
recursor webhandler for prometheus metrics
Grégory Oestreicher (14):
LDAP: fix getDomainInfo() to set this as di.backend (#6048)
Only log when there's an actual error
Don't add braces with throw
Various Kerberos improvments
Cosmetic: prefix member variables with d_
LDAP search revamp
Add PowerLDAP::del() and PowerLDAP::add()
Fix lookups in strict mode and filter on the record type
Add support for per-record data
Re-enable DNAME records as they're supported now
Add support for ENT
Fix Kerberos error codes management
Add support for ALIAS record
Remove compiler warnings pointed by Aki
Hannu Ylitalo (2):
pdnsutil: Fix output order of pdnsutil add-record
dnsdist: Change addLocal example to IPv6 address in quickstart
Håkan Lindqvist (1):
Minor fixes to dnsdist docs
JP Mens (5):
Change wording to indicate may not XFR instead of cannot
fix typo
pdns_control reopens geoip databases on reload
s/ZSK/CSK
YAML backend
Jacob Bunk Nielsen (1):
Documentation fix. filename is mandatory in 1.3.3.
James Cowgill (1):
Increase MTasker stacksize
James Taylor (3):
auth: make sure we really are using glibc
auth: correct syntax for GLIBC detection
auth: remove redundant --no-config from commands
Jan Hilberath (4):
docs: Add missing words in pdns_control man page
Fix typo in Recursor Performance Guide
Fix typo
Fix layout in the dnsdist Caching Responses guide
Jan-Arve Nygård (1):
Removed master-zone-query from documentation
Jeremy Clerc (2):
geoipbackend: propagate weighted rounding gap fix
geoipbackend: stop looking after first weighted match
Johannes Eiglsperger (1):
Set type of Cryptokey ID to integer
Jonas Schäfer (3):
Add missing colons in front of :func: reference
Add paragraph break in load balancer guide
Improve checkFunction example for downstreams guide
Jonathan Eenkhoorn (2):
Add type filter to search-data api. Closes #5430
Make a combination of delete and replace for rrset possible
Josh Soref (75):
Recursor: try to document how to handle systemd private tmp
Rename RecordTextException to rte
Remove tabs from dnsrecords.hh
gramar: its
move arg function to the testrunner
consistently use test_ prefix for boost test suite names
consistently name boost test suite names based on filename
merge test-nmtree into test-iputils_hh
Fix use of BOOST_CHECK_MESSAGE in test-dnsrecords_cc.cc
Enforce style const MOADNSException &mde
Fix ./configure --help alignment
README.md: change markdown syntax for shell content
README.md: change markdown syntax for shell content
fixing doc rst error by extending dashes
configure: with-gnutls
configure: with-libdecaf
configure: with-libsodium
configure: with-libssl
configure: with-re2
configure: enable-dnstap
Update readme for debian 9
travis: complain about dangling symlinks
Removing pandoc remnants
spelling: minimum
spelling: response
initial spelling checker implementation
enable spelling checker
removing ghost
catch subprocess.check_output and raise AssertionError with the output
tests: improve output by labeling tests
test-recursor: remove duplicate cd directive
Tell people to use --with-(dyn-)modules=... when they use --without-mysql
rst: Definition list ends without a blank line; unexpected unindent
spelling: iterator
spelling: successful
spelling: syscall
spelling: version
spelling: deactivated
doc: described is a simple enough word...
clarify sentence
grammar ...
grammar: comma-however
grammar: oxford comma
grammar: oxford comma
grammar: comma for introductory phrase
grammar: comma for introductory phrase
grammar: help parsers understand that denial-of-existence is a thing
spelling: spell out day of week abbreviations
separate overly complicated sentence
grammar: remove unnecessary comma in compound predicate
grammar: avoid using having
grammar: rewrite sentence
spelling: SQLite
grammar: remove unnecessary comma in compound predicate
grammar: reword complicated sentence
spelling: [API] deserialize
Set up spell-checking action
receiver: fix help output for pdns current-config
Update check-spelling action
spelling: answer
spelling: first
spelling: improvements
spelling: milliseconds
spelling: record
spelling: should
spelling: target
spelling: with
Ignore c(xx)flags
spelling: Wshadow
Update expects
Update recursordist: reuseport
Wishy-washy
clarify: reuseports behavior re worker threads
rewrite pdns-distributes-queries
spell-check: check pull requests
Kees Hoekzema (1):
fix PR checkout in circle-ci testing
Kees Monshouwer (105):
auth: use toLogString() for gsql backend exceptions
don't use toString() for logging
use toLogString while throwing
escaping unusual DNS label octets in DNSName is off by one
gmysql-backend: set unsigned attribute on notified_serial column
auth: whitespace
auth: do not set ordername during rectify of non-dnssec zones
auth: avoid an isane amount of new backend connections during an AXFR
auth: do not waste SOA queries in getDomaininfo() for a serial we never use
auth: one query and a huge amount of code down the drain
auth: remove an other query for unsigned notifies and notifies signed with a wrong TSIG key
auth: remove supurios notify after a supermaster domain was created
auth: do not compare port numbers in isMaster()
auth: do not use the remote port for SOA and NS queries in trySuperMaster()
add toLogString() to ComboAddress and start using it
auth: add 'supermaster' option to enable/disable supermaster support
auth: ComboAddress masters in lua2backend
uth: use ComboAddress in addSlaveCheckRequest()
auth: ignore NSEC3PARAM records in a presigned zone
auth: speedup AXFR out for presigned zones.
auth: also skip sorting for unsigned zones. Thanks @habbie
auth-api: increase serial after dnssec related updates
auth-api: remove headers
pdnsutil: occlusion check improvements
pdnsutil: auth check improvements
rec: add bogus ringbuffer to make it more easy to detect high profile bogus domains
rec: add cached bogus answers to the statistics
rec: move bogus ring from packet cache to doProcessUDPQuestion()
rec: update the validation state when we replace an existing entry in the packet cache
auth: fix el6 build, histograms are too sophisticated for boost 1.41
rec: fix some warnings in the docs
auth: remove duplicate dns update section from the backend-writers-guide
auth: fix a warining in the docs
auth: scopeMask in the SOAData structure is unused after #5512
rec: remove the old dnssec root key, goodbye 19036 ....
rec: allow the signture inception to be off by a number of seconds.
rec: docs, add versionadded for signature-inception-skew
rec: docs, add versionchanged for signature-inception-skew and typo fix
auth: remove autoserial
auth: rename the schema update files due to a new milestone
Revert "On incoming NOTIFY load our serial from backend to have it available during slave-check."
auth: load serial in slaveRefresh()
auth: we don't know the serial at this point and it is to early to get it here
auth: speedup getUpdatedMasters() for the gsql backends
auth: fix dot stripping in setContent()
auth: lmdb-backend avoid duplicate NSEC3 records in presigned zones
Do not compress the root
auth: no dnssec processing for non dnssec zones and avoid a lot of isSecuredZone() calls
auth: update root direct-ns and ref-3ld expected results and add a direct DS test
auth: Rectify for ent records in narrow zones was slightly wrong.
auth: small optimization in the rectify code for optout narrow zones
auth: add referral response tests for DS queries
auth: fix referral response for DS queries
auth: lmdbbackend, fix getAllDomains()
auth: use the api in the lmdb regression tests
auth: add comments to explain the DS referall logic
auth: always add DS for secure zones, broken since #7523
auth: lmdbbackend: auth was unset in get() (always true)
pdns: lmdbbackend: strip trailing dots in content
auth: fix, missing insecure zones in authSet #7785
auth: update lmdb tests and some cleanup
auth: soaedit test by @Habbie
auth: cleanup soaedit and fix #7361
auth: always truncate when the additional records do not fit
auth: add an option to bulk fix the regression tests results
auth: detect SOA cache pollution caused by broken backends
auth: completely disable the packet when cache-ttl=0
doc: s/\n//
auth: deprecate SOA autocomplete
doc: add a depreation warning to the SOA autocomplete settings
auth: register a few known types and remove an unknown one
auth: remove the oracle backends
auth: prevent the chopOff() loop in lookup(), for SOA queries
auth: remove the default default from the zone_id argument in lookup()
auth: api, look for pre-existing RRsets in the right zone
auth: make sure the RRSIG freshness check is using the right zone
auth: send notifies only to the nameservers in the zone
auth: prevent new database connections while sending notifies
auth: pdnsutil show zone, make sure the DNSKEY is from the right zone
auth: silence 'mastercommunicator.cc:223:104 warning: ‘id’ may be used uninitialized in this function' warning
auth: bind-backend, improve the domain_id check in lookup()
auth: improve the handling of duplicate id's in bindbackend
auth: cleanup slave-renotify code
auth: gmysql backend, add an option to send the SSL capability flag to the server
auth: remove mydns backend
pdns: oracle leftovers
auth: remove lua backend
auth: api: avoid a large number of new database connections
auth: api: purge the entire zone from the cache after a patch operation.
auth: api: patchZone() was ignoring the default-api-rectify setting
auth: api: do not run soaedit or rectify for disabled zones
auth: lmdb-backend, remove duplicate code and some unused variables
auth: remove opendbx backend
auth: add diff option to 'pdns_control current-config'
auth: add --config=check option
auth: make sure get() is always returning the default value for d_place
auth: do not update identical notified serials
auth: make sure we look at 10% of all cached items during cleanup
auth: improve sql schema updates
auth: remove beta2 schema files
auth: fetch all metadata at once
auth: use real remote for supermaster createSlaveDomain()
auth: gsqlite3backend: add missing indexes
auth: fix cache cleaning race conditions in DNSSECKeeper()
auth: clear the key cache after addKey()
Kevin P. Fleming (10):
Correct typo in Swagger specification
Improve specification for metadata API endpoint
modifyMetadata returns the created object
deleteMetadata returns 200 OK, not 204 No Content
Correct doc for ecs-add-for default
Clarify local-address documentation
Address review feedback.
Render examples as preformatted text
Correct spelling error
Document 'rrsets' parameter to API listZone operation
Kirill Ponomarev (2):
Update pdns/dnssecinfra.cc
Update pdns/dnssecinfra.cc
Klaus Darilion (13):
pdns_control notify: make sure PDNS is either master, or slave with renotify
add incremental slave-check backoff also for failed AXFR due to master problems
On incoming NOTIFY load our serial from backend to have it available during slave-check.
When the final result of the slave-check get logged, always add the respective serials to the log line. This is very useful when debugging slave-check issues
add option to send NOTIFYs without TSIG signature
fix typo
fix typo: "ourserial is" -> "our serial is"
add d_lock while manipulating d_failedSlaveRefresh
Delete a zone from the list of failed slave-checks on incoming NOTIFY and fix d_lock handling
improve docs about incremental hold-back period on failed XFRs
reject NXDOMAIN response during SOA-check
during SOA-check response processing make sure to only accept SOA records
store masters with comma separated and without trailing space
Konrad Wojas (1):
calidns: accurate qps targets
Krombel (2):
dnsdist: Fix formatting on DoH guide
dnsdist: Add DoH behind reverse proxy (and http) to guide
Ladislav (1):
fixes misleading documentation
Leo Neat (1):
Turning dry_run off for CIFuzz
Leo Vdw (1):
RKEY is missing algorithm field
Leon Xu (3):
IXFR shouldn't remove RRs which aren't in deleted list
speed up IXFR transcation
import test for IXFR ending
Lowell Mower (8):
add regression test for server-up metric
add metric line to interpolate value returned from countServersUp
add function to get count for servers with status UP within a pool
c++11 loop style for countServerUp()
hardcode servers and up/down in the configuration attribute
change return value to size_t for countServerUp
remove unnecessary class attributes
move constant in countServersUp() signature
Mark Janssen (1):
Fix typo/sentence
Mark Zealey (1):
Fix SERVFAIL when backend returns empty DNSName
Marlin Cremers (2):
dnsdist: Move PoolAvailableRule to rules section
dnsdist: Add Prometheus latency histogram support
Martin Heiland (2):
Making swagger code-gen happy.
Also fixing duplicate mapping key
Matt Nordhoff (21):
pdnsutil.1: Add Ed25519 and Ed448, document ECC keysizes
pdnsutil.1 and settings: Add ed448, and remove way-old algorithms
settings.rst: Remove ecc-gost too
Remove trailing \n from runtime_error message
pdnsutil documentation ECC algorithm updates
pdnsutil: Fix "is is" typo in help
docs: Fix a few reference markup errors
profile.rst: Remove GOST
Make pdnsutil set-publish-cds default to SHA-256 only
Clarify XPF support in Auth changelog
docs: suggest putting bind dnssec db in /var/lib/powerdns
auth: Ensure that pdns can read pdns.conf when upgrading from an older package
Add distributor-threads setting to rec performance docs
docs: Add 4.2 schema links
auth: Add 4.3.0 schema files to Makefile.ams
auth: Add enable-foreign-keys.mysql.sql to packages and Makefile.am
auth: List the 3.4.0+ SQL schema files wherever the older files are.
auth: Include bind schema files in pdns RPM
auth: Include bind schema files in debs
Deduplicate EXTRA_DIST and dist_doc_DATA in modified Makefile.ams
rec: docs: Update the allow-from setting default.
Matti Hiljanen (8):
dnsdist: add frontend response statistics
dnsdist: print stats from expungeByName
auth: bindbackend: use metadata for also-notifies as well
auth: SLAVE-RENOTIFY zone metadata support
auth: allow SLAVE-RENOTIFY in API too
auth: add configurable timeout for inbound AXFR
dnsdist: add sessionTimeout setting for TLS session lifetime
dnsdist: document sessionTimeout
MaxWichern (4):
Update domainmetadata.rst
Update domainmetadata.rst
Update docs/domainmetadata.rst
Update domainmetadata.rst
Mike Damm (1):
Clarify documentation to reflect actual behavior
Mischan Toosarani-Hausberger (5):
Implemented prometheus metrics-endpoint for auth
auth: Change StatType for some metrics from counter to gauge
auth: Declare ring-capacity metrics as gauges.
auth: Declare ring-size metrics as gauges
dnsdist: Use toStringWithPort instead of manual addr/port concat
Neil Cook (18):
Newly observed domain support using a stable bloom filter to record previously seen domains.
Make NOD and Boost FS conditional for compilation based on configure flag
Fix incorrect tests for NOD in configure
Refactor NOD code
Add NOD and UDR to Protobuf Logs
Update ProtobufLogger.py with info from new NOD and UDR flags
Add UDR Tracking and refactor NOD support
Add thread ID to snapshotCurrent()
Make SBF size configurable
Remove the NOD and UDR info from Protobuf *before* adding to packet cache
Account for the fact that udr and nod flags are optional in protobuf
Fix code-review issues:
Update settings documentation:
New methods to add and remove individual policy tags
Support for protobuf policy tags for NOD and UDR
Document NOD and UDR policy tag configuration
Documentation for the NOD and UDR features
Make title underlines match title in nod rst documentation
Nick Douma (3):
Add instructions for running PowerDNS on CockroachDB using generic pgsql
Remove duplicate PRIMARY KEY statement
Clarify what index to skip
Nicko Dehaine (34):
Support for APL Records
Fix record name in doc
Fix ordering
Updated to use Netmask class and boilerplate
Lexicalcast not needed after move to ComboAddress/Netmask
Simplify loop to parse address in incoming packet
Use boolean for negation flag
Style fixes
Fixed travis warning
Add APL field name to spell check
Target 4.4.0 for APL records
Use boolean for negation flag (class definition)
Fixed netmasks and added tests
Fix record name in doc
Fix ordering
Add support for zero and multiple items in the APL RDATA
Fix record name in doc
Fix ordering
Fix rebase
Fix record name in doc
Fix rebase conflict
Fix record name in doc
Fix ordering
Merge
Fix record name in doc
Target 4.4.0 for APL records
Fix record name in doc
Fix rebase
Fix record name in doc
Fix rebase conflict
Fix doc
Replaced bzero with memset
Removed duplicate entry
Use an union for the ipv4 and ipv6 fields
Nico Cartron (6):
added LMDB backend info
fixed weird line, and moved each sentence to a single line.
specified defaults for lmdb-shards setting
made the 'nometasync' sync mode explanation more clear
Added details about 'lmdb-sync-mode=sync' option
Specified that mapasync is the default mode for lmdb-sync-mode
Nicolas R (1):
Reload systemctl service on install and updates
Nuitari (1):
Update pdns/dnsdistdist/dnsdist-healthchecks.cc
Oli Schacher (7):
fix partial Partial
compile options reference the Recursor instead of the Authoritative server
fix showTLSContexts tab completion
fix typo rzpMaster, lowercase settings
mention slave-renotify in notification warnings
fix doc typo: expension->expansion
document direct-dnskey setting also affects CDS and CDNSKEY records
Olivier Voortman (1):
Improved Lua records - Added all and none selector, added defaultSelector on ifurlup()
Olivier van der Toorn (1):
Fix syntax error for replace-rrset
Ori Markovitch (1):
See #3602, made requests always return to sender, for usage in multi master slave zones. Also - made sure that the master that is questioned for updates will be selected randomly, to prevent repeatidally asking a dead master for updates
Otto Moerbeek (450):
Rec: Set socket buf size for control socket.
Fix logger time_t issues on at least OpenBSD.
Followup: Only set buffers size if increasing it.
Failure to raise socket buf size is not fatal
Use mmap for stack allocation, adding the MAP_STACK flag on OpenBSD.
Use mmap for stack allocation, adding the MAP_STACK flag on OpenBSD.
Fix maybe-unitialized warning while improving the test to use the return value
Tweaks to the rollover docs: make a few things explicit.
Tweaks to the rollover docs: make a few things explicit.
Use symbolic names for enum values instead of hard-coded ones.
Avoid unaligned access, it hurts on e.g. sparc64
sprintf, strcpy and const method case
Avoid infinite loop in mydnsbackend.
Utility::random() and srandom() is not used anymore.
Use dns_random() for generating the id of the notify message.
Move from random() to dns_random()
Add back call to srandom() in common startup. srandom() is still used
Replace almost all occurences of random() by dns_random().
Change the way getRealMemUsage() works on Linux (using statm)
Init required args before calling dns_random()
Add new objects to OBJECT-GROUP; use "self" instead of getpid()
Autotool scaffolding for using dnstap messages in recursor
Don't convert nsec to usec if we need nsec
WIP code for dnstap of cache misses
Lua config for dnstap works in basic testing.
Fix dns_random() in pdns_notify, it needs ::args setup properly.
If a type is complex, you need to specify a separate type: clause.
Allow for fstrmlib queue options to be set; switch for logging queries and/or answers only.
Document dnstap framestream functionality.
Basic test for dnstap over framestreams
Set IP(V6)_RECVERR socket option to get notified of more than just
aaaa-additional-processing does not exist anymore
Don't use doLog.hh in recursor, ifdef around it.
Use separate class for recursor dnstap messages.
Use a dummy class if the framestream lib is not available.
Eliminate the loop in SyncRess:getAddrs().
Zap the if (true); it apparently does not make anything clearer.
Skip a few tests (and still keep some good coverage) as not to hit the Travis
Add optional framestream related files to EXTRA_DIST
Move back to malloc on !OpenBSD. Doing mmap/munmap all the time hurts too much.
Use RecDnstapMessage for recursor queries.
Initial code for ecs-cache-limit-ttl.
Add tests for ecs-cache-limit-ttl
New approach. I spelled out the logic to make it more clear.
Only apply "do not cache" if both limits are set and satisfied. Doc tweaks.
Reformulate condition and comment to make it more clear.
A way to fix https://github.com/PowerDNS/pdns/issues/7646. It might
Rearrange; to avoid uninitialized var and bail out after exception,
Better logging, so the operator knows where to look.
Fix 7680: gmysql-thread-cleanup option documented incorrectly
OpenBSD only has protoc 3.x; tell python to install the proper runtime.
Any order is good for SetACL.
Cleanup configs and make sure cert chains does not contain old certs.
Fix unaligned access. Spotted in the wild on OpenBSD/armv7.
Use a smaller test size to not fill the pipe buffer on systems with a small one.
Add comment on upper bound
Alternative solution to the unaligned accesses. No tricks with the alignment of the union,
Basic speedtest for NetmaksGroup
Explicitly call reportAllTypes() at test suite init, to avoid almost
Explicitly call reportAllTypes() on test suite init, it is needed for various tests.
Fix init of global to make tests order independent.
Tweaks suggested by rgacogne.
Avoid shadowing of var names and use modern C++
Split test-syncres_cc.cc into multiple files to make them more
Fix a delete call on abstract class without virtual dt clang warning.
Do not busy loop if we get lots of notifies. Also rewrite
Use a condition variable and restore the loop to be more like the original code.
Minimal fix to avoid busy looping. The condition_variable varant showed
Use for (const auto &i : collection) style loops
Add some notes explaining why some validations are not relevant in the dnstap case.
Allow unix domains sockets for dnstap destinations
stubquery: Fix handling of optional type arg.
Check syntax during configuration and add fix docs.
Port calidns to openbsd and other systems without recvmmsg or sched_setscheduler.
Fix error handling in poll loop.
Set the query-zone field in the dnstap messages. This requires passing the auth zone
Remove unneeded AM_CONDITIONAL line.
Simple blacklist handler for StatBag. Not configurable but that
Maintain blacklist inside StatBag.
Merge pull request #7908 from omoerbeek/rec-4.1.14-changelog
Append the basename of the target branch to the name of the created branch.
Qname minimizaton.
Proper annotation for RFC link in docs.
Resolve merge errors.
Comments from pieterlexis: comment args, restructure "no ancestor found" case, zap newlines in trace.
errno review wip
Fix default value and versionadded for allow-trust-anchor-query
Proper default value for allow-trust-anchor-query
Fix config template and remove old root trust anchor
Fix missing .. changelog:: line
And a missing change::
Add a few secpoll unit tests.
Merge pull request #7966 from omoerbeek/rec-4.2.0-rc2-changelog
Align cmsg aux data, as recommended by OpenBSD manpage.
typo
Fixerror: flexible array member 'cmsghdr::__cmsg_data' not at end of 'struct MMReceiver'
Exact string returned is lib dependent. So only check prefix.
Comment on cmsgbuf_aligned in the proper place.
Another batch
typo
Fix indent.
Clear CMSG_SPACE(sizeof(data)) in cmsghdr to appease valgrind.
Remaining strerror(errno) -> stringerror() conversions
And a sweep of .hh files for stringerror(errno) -> stringerror()
Another time sensistive test fixed with a fixedNow construct.
Changelog and secpoll for upcoming rec-4.2.0 release
Change security status of rec 4.2.0 prereleases
State the effects of the new support policy.
Add 8074
Killed stray newlines
Update version added
Fix includes
Fix the rfc1982LessThan template, it only works properly if the cast is done to a same-sized type.
Add static assert to ensure T is unsigned.
Some unneeded float<->double conversions.
Some stringerror() missed cases as spotted by chbruyand
Revert "Bail out when no Context library is available"
Move to newer alpine for docker buildbot, needed for proper
Revert "Revert "Bail out when no Context library is available""
First stab at Lua pdns_features table
Allow for pdns_features to be set for all products.
Fix stray sentence
Fix inverse handler registration logic for SNMP.
Add unit test for #8231.
Fix test to correctly use getQueryPolicy
Add missing inc in rpz findClientPolicy loop.
A AuthDomain unit test for a wildcard in combinaton with an ent
rec: fix two coverity issues
Do not use addLuaAction in example config
Parameterize dnstap configure default (rec=no, dndist=auto)
changelog and secpoll update for rec-4.3.0-alpha1
Index: ref to 4.3.rst
rm obsolete service file; we generate one these days
Two stray spaces fixed: less strange formatting
Review comments: change prefix to pdns_recursor, some type changes
Move to buster and make sure the env is the same for interactive and non-
Fix out-of-bound access for zero length "serialized" string.
Enable dnstap and include libfstrm
Make the test succeed but print warnings. Once issue #8231 is fixed
Move CHECKs to WARNs so the test succeeds and refer to issue #8321.
Fix cwd for dnsdist and rec when uploading tarballs so ./builder-support
Remove version number
clang-format file proposal
Fix #8338: Issue with "zz" abbreviation for IPv6 RPZ triggers
Incorporate suggestions from rgacogne
Some low-hanging LGTM fruit
Missed one case of localtime()
Add lgtm annotations and #error directives if we're configured wrongly.
Add script to format code, leaving the file untouched if not changed
bind backend: pthread_mutex_t should be inited and destroyed and not be copied
Problem found by coverity.
chmod/own recursor.conf for the systemd case
chown/mods for systemd case for more smooth upgrade
Cleanup copy constructor/assignment op "rule-of-2" violations.
Build Newly Observerd Domain (NOD) support by default.
Auto, conditional on availability of boot-filesystem lib
Printing a pthread_t on platforms having a non-int pthread_id
Fix chmod paths in rules files
Correct chmod paths
Use -Wextra -Wshadow.
Some more shadowing going on
Add copy-ct, gcc C++ lib <= 4.8 seems to need it.
While there is no shadowing going on for global functions, improve
And declare assignment operator deleted
Allow multiple simulaneous incoming TCP queries over a connection.
- Fix multiplexer accounting in the write error case
On read error we remove the fd from the set. If there are still queries in-flight
Using a variable format string opens up all kinds of cans of worms.
Add unit test for zone file with template
Proper in-flight maintenance; settable setting with doc.
A few shadowing cases.
More modern C++ idiom
Tests, docs and validation of OOO setting.
Teask: more auth threads and prime the delay.example NS
Use two auths to avoid serialization problems, as suggested by Habbie
Basic validation of $GENERATE parameters
prime tld of root name server names
Also call primeRootNSZones() from syncres (after primeHints())
Disable one OOO test that mysteriously fails on CircleCI so others
Disable the other OOO test as well while investigating CircleCI specific failures
Illegal -> Invalid
Add a comment explaining things.
Fix OOO tests on CircleCI and enable DNSSEC for them as well.
Fix auth logging if no packet cache; from Habbie
Wipe entry form cache before getting a new one to make sure we
Prep for rec-4.3.0-alpha2
Do not wipe . NS; this can happen with custom hint files that are
It is better to make sure . entries are not added to the set.
Move to alpha3, since alpha2 contains a last-mintue introduced error.
And alpha3 in secpoll
Minor corrections as suggested by rgacogne
Pipe the output of pip to cat, so it produces no procress bar which
Do not log SKIP on each packet when PC is disabled.
Less aggressive 8020: by default only cut at NXDOMAIN if the entry is Secure.
Updated docs for nothing-below-nxdomain
Even for HardenNXD::Yes we don't want to believe Bogus NXDOMAINs.
Avoid mthread race when using the set of rootNSZones.
Test case for 8020 with dnssec enabled
Doc tweaks
Zap unsued code in test
Enable qname minimization by default.
Typos in comments
Make threads run until asked to stop.
sig_atomic_t is defined in signal.h
Join the worker thread in the unthreaded case as well, there is actually 1 thread plus
Fix markup
Revert "Rec 8020 docs fix"
Markup fix
Make threads run until asked to stop.
Cleanup some global resources.
Purge map of failed auths periodically by keeping a last changed timestamp.
man page bits
Also purge t_sstorage.ednsstatus and include edns size in the periodic report.
If modeSetAt is zero, we never updated the entry and it can go.
ednsmap might be cleared while yielding; so reassign pointer.
Explicitly initialize RecursorControlChannel::stop
Avoid looking up an entry twice by using a ref.
Use multi-index for all time-based tables except nsspeeds
Avoid startup race by setting the state of a tread before starting it.
Check return value of dup() and avoid fd leak if if fdopen() fails.
We have reasons to believe that QName Minimization is no longer experimental.
Explain the condition that must be true for the adding of auth zones and
Further steps in nsSpeeds cleanup:
Further steps in nsSpeeds cleanup:
pthread_rwlock_init() should be matched by pthread_rwlock_destroy()
More robust script
quotes
Reformat
Check if formatting is ok
Do not show verbose messages if !tty
Avoid having to use numbered indexes by given all indexes a tag
Use [ -t 1 ] as suggested
NULL -> nullptr
Correct when to replace a throttle entry
Avoid copying of pthread_rwlock_t
Prep for rec-4.1.15
Prepare for rec-4.2.1
Rebased; test files were reformatted
Prepare for rec-4.3.0-beta1
Suggestions by Habbie
Update pdns/recursordist/docs/changelog/4.3.rst
Upgrade guide for rec-4.3
hyphen vs underscore
Give recursor relevant examples.
User differs on Debian vs CentOS
Bump max-qperq default to 100; this is enough for rev v6 queries with cold
QName Minimization consults the cache first to see work needs to
Introduce test for PR 8648.
Set default maxqperq to 60, and allow for extra if qname-minimization is on.
Fix compilation on OpenBSD where stdin is a define
Slightly different approach as suggested by rgacogne: if
correct cast
Give an explcit messsage if something is wrong with socket-dir.
Fix ./syncres.hh:228:20: warning: initialized lambda captures are a C++14 extension
Prepare for recursor 4.3.0-beta2 release
secpoll
Add PR 8704
EPEL 8 now has libfstrm-devel
Better function name as suggested by rgacogne.
Explicit--enable-dnstap, as suggested by lieter.
EPEL 8 now has libfstrm-devel
- Explcitly enable dnstap for debian-stretch and buster
Document the difference between rec_control quit and quit-nicely.
typo
Prep rec-4.3.0-rc1
tweaks
WIP for researching #8697
Update security email addresses
Remove duplicate *PolicyTags docs
Introduce an explicit refreshFromConf arg to RPZIXFRTracker.
Tweaks for minimum time
Warn at refresh=0
Typos
Continue evaluation of RPZ rules after passthru, taking
Set the d_priority field in the policy objects of a zone.
Test clientIP before name, fix one more cutoff condition.
Avoid copying policies around by passing a Policy& that gets modified
Formatting
Fix compilation issue on older compilers
Rebased to handle NetmaskTree changes
Init zone's d_priority field.
Prep for rec-4.3.0-rc2
Fix compile errors without snmp support
Fix unsigned vs signed warnings spotted by clang on OpenBSD
dnsdist: Prevent referencing a Lua pol after the Lua ctx has been destroyed
Prepare for reformat-all
It's 2020
Prep for rec-4.3.0
Formatting
It's 2020
EOL rec-4.0.x and tidy a few entries.
In .rts a \ is \\.
wip
wip2
get total size beforehand
Show recursor log on failure
Also invalidate cachecache on prune
Run more variations of rec bulk test and also d…
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Short description
Very similar to #7493 (exit/crash with invalid zone data), but for regular non-SOA records on the BIND backend.
I do not expect a PowerDNS server to completely go down / exit upon a parser error.
Environment
Steps to reproduce
Set up a master with the BIND backend.
Add a zone with zone file containing an invalid A record (example with quotes as invalid character, probably other cases to trigger this too?), e.g.:
Increment the serial, reload the zone or await automatic reload.
Observe exit of server with log line:
Expected behaviour
Log error/warning about zone, but keep running for other valid zones loaded.
Actual behaviour
Complete server exiting.
Other information
I think it's very similar to #7493, but the bug appears only fixed for SOA record parser errors?
If I have another example error, in an MX record (data, again with quotes that are wrong:
"10 myhost"), instead of an A record I get another issue on zone transfer (but not a full crash):I noticed this when I accidentally added quotes to records' data, not just the ones of type TXT.
The text was updated successfully, but these errors were encountered: