Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
pdns-recursor: Autospec creation for update from version 5.0.6 to ver…
…sion 5.1.0
Aki Tuomi (32):
ws-auth: Extract zone from ID to macro
ws-auth.cc: Split apiZoneMetadata to GET and POST variant
ws-auth.cc: Split apiZoneMetadataKind to GET, PUT and DELETE variants
ws-auth.cc: Split apiServerTSIGKeys to GET and POST variant
ws-auth.cc: Split apiServerTSIGKeyDetail to GET, PUT and DELETE variant
ws-auth.cc: Split apiServerAutoprimaries to GET and POST variants
ws-auth: Add apiServerAutoprimaryDetailDELETE
ws-auth.cc: Split apiServerZones to GET and POST variants
ws-auth: Add NOLINTs to apiServerZonesPOST()
ws-auth.cc: Split apiServerZoneDetail to GET, PATCH, PUT and DELETE variants
ws-auth.cc: Prepare apiZoneCryptokeys for method routing
webserver: Allow specifying supported method
ext/yahttp: Move route matching to separate function
ws-auth.cc: Move method checking to router
ws-recursor.cc: Add methods to routes
ws-recursor.cc: Split apiServerConfigACL to GET and PUT variant
ws-recursor.cc: Split apiServerZones to GET and POST variant
ws-recursor.cc: Split apiServerZoneDetail to GET, PUT, DELETE variants
ws-recursor.cc: Remove redundant checks for method
ws-api.cc: Remove redundant checks for method
webserver.cc: Add resource aware OPTIONS handler
regression-tests.api/test_Basics: Update to match new dynamic CORS handler
ws-api: Constify some variables
Remove unused req for prometheusMetrics()
remotebackend: Fix example.com ID
remotebackend: Use asString for serial
remotebackend: Do not send extra NUL with zeromq
remotebackend: Convert unit tests to python
remotebackend: Convert regression tests to python
remotebackend: Remove stray files
tasks: Replace ruby with python
tasks: Dump all remotebackend logs, including server logs
Alexis Romero (1):
run build-and-test-test-all workflow on debian bookworm
Brian Rak (6):
Add Lua function to pick records via name hash
Fix typo
Appease lint
Update minor code/doc nits
Update overload-queue-length and overload-drops documentation
Update docs/performance.rst
Carolin Dohmen (1):
Only print config if debug flag is set
Charles-Henri Bruyand (49):
dnsdist: add doh3 protocol
dnsdist: add beta support for incoming DNS over HTTP/3
dnsdist: add basic DoHTTP/3 test
dnsdist: doh3, fix formating and clang-tidy warnings
dnsdist: enable doh3 in our CI
dnsdist: doh3 clarify fin usage
dnsdist: refactor some common code between doq/doh3
dnsdist: add some words about doh3 in documentation
dnsdist: doh3, appease the CI folks
dnsdist: doh3 fix a few review points
dnsdist: doh3 add support for post queries
dnsdist: doh3 clean some var names
dnsdist: display if DNS over HTTP/3 is enabled or not in the configure report
auth: add a configurable delay for notifications
dnsdist: try to increase receive and send buffers to max
dnsdist: tidy variable name
dnsdist: doq,doh3 make sure we enforce any ACL
dnsdist: buffer h3 headers until query has been dispatched
dnsdist: add content-type header information in http/3 responses, add relayed response size in http/3 vinfologs
Update pdns/dnsdistdist/doh3.cc
dnsdist: properly set protocol for dnstap and protobuf logging when using DoQ or DoH3
format pdns/dnsdist-lua-actions.cc pdns/dnsdist-protobuf.cc pdns/dnsdist-protobuf.hh pdns/dnstap.cc pdns/dnstap.hh
dnsdist: clang-tidy fixes
dnsdist: add a test for new protobuf field httpVersion
dnsmessage.proto: fix naming consistency
dnsdist: test protobuf protocols for DoHTTP/3 and DoQ
dnsdist: revert some clang-tidy related changes
auth: fix tinydnsbackend compilation issue
auth: reformat communicator.hh and communicator.cc
auth: a bit of tidy
auth: document new delay-notifications setting
dnsname: move len and offset from int to size_t
dnsname: clang-tidy fix a few missing braces
dnsname: tidy some implicit conversion
dnsname: remove unnecessary cast as suggested by Otto
auth: lua-records, add support for pickchashed function
auth: tell spell check about pickchashed
auth: clang-tidy fixes
auth: fix typo in tests
ixfrdist: send out notify
ixfrdist: clang-tidy cleanup
ixfrdist: add examples of notify out configuration
ixfrdist: add a simple test for outgoing notify
ixfrdist: clang-tidy cleanup
auth: lua-records, support cleaning old hashed entries
ixfrdist: fix centos build
ixfrist: fix coverity report 1534483
ixfrdist: fix coverity 1534661 and 1534662
dnsdist: update test runner for mac with dynamic prefix and up to date package name for curl
Chris Hofstaedtler (7):
auth: add test for mixing CNAME with other types on wildcards
auth api: flush all caches when flushing
ws-auth: restore zone cache cleanup in apiServerZoneDetailDELETE
auth: allow building in separate build directory
rec: allow out-of-tree builds
auth dnsproxy: fix build on s390x
autoconf: allow prerelease systemd versions
Doug Freed (3):
tcpiohandler: Use server preference algoritm for ALPN selection
rec-main: let NetmaskGroup parse dont-throttle-netmasks
Fix formatting of PowerDNS SA 2024-03
Edward Dore (1):
Fix country()/countryCode() mixup in example Lua Record
Eli Schwartz (1):
configure: remove broken bashism
Ensar Sarajčić (16):
rec: add `udr-ignore-list` option
Add support for `udr-ignore-list-file`
Remove wrong description from UDR related settings
Add file option for new domain ignore list
Update error on bad file name for ignorelist
Remove unnecessary trims from ignore list file parsing
Remove `oldname` from new settings
Update doc for file ignore list variants
Remove comment functionality from ignore list file
Reduce nesting in NOD check
Reduce nesting in UDR check
Handle exceptions when reading domains from file ignorelist
Add braces for if statements in ignorelist parsing for readability
Use example.com instead of xyz123.tv for docs
Fix formatting for settings/table.py
Fix remaining formatting issues in settings/table.py
Erik Winkels (5):
Add auth-49, rec-50 and dnsdist-19 to repo test script.
Remove Ubuntu Bionic and add Noble to repo test script.
Update version regex for Python 3.
Remove support for EOL versions from repo test script.
Update repo test script version.
Evil Eye (3):
Add dnsupdate-require-tsig config option
Add tests
Add documentation
Frank Louwers (4):
clarify `also-notify-from` docs
fix ref
Update docs/settings.rst
Update dq.rst
Fred Morcos (448):
Fix type qualifier warning
Fix warnings with GCC and older clang
Some cleanups in dnsbulktest.cc and dnstcpbench.cc
Cleanup dns.hh
Format DNSResourceRecord
Cleanup DNSResourceRecord
Fix warning about pointer with non-zero offset being freed
Format ws-auth.hh
Format ws-auth.cc
Move Ewma impl to ws-auth.cc
Whitespace cleanup
Remove global StatBag from ws-auth
Format ws-api.hh
Format ws-api.cc
Delint ws-api.cc
Delint ws-auth.cc
Replace the zoneFromId() macro with a ZoneData class in ws-auth.cc
Get rid of some NOLINTs in ws-auth.cc
Replace the TSIGKeyFromId() macro with a TSIGKeyData class in ws-auth.cc
Fix formatting in ws-auth.cc
Fixup Github clang-tidy helper scripts
Format dnsbackend.hh and dnsbackend.cc
Fixup dnsbackend.cc and dnsbackend.hh
Format test-sha_hh.cc
Clean up pdns/sha.hh
Format test-digests_hh.cc
Cleanup pdns/digests.hh
Fix compilation of dnsproxy.cc due to unused macro
CI: Enable verbose logging to catch errors withing DLOG macros
Cleanup remotebackend testrunner script
Fix remotebackend testrunner script's new_api mode
Meson: Initial Meson build file
Meson: Lua and lua.hpp
Meson: Print build summary
Meson: Cleanup Lua and lua.hpp
Meson: Refactor pthread_setname variant detection
Meson: Compiler and libc hardening
Meson: Unsafe KISS RNG
Meson: Network functions
Meson: tm_gmtoff in struct tm
Meson: Check for sys/mman.h and mmap
Meson: libsodium signers support
Meson: libdecaf signers support
Meson: libcrypto signers support
Meson: Minor cleanup
Meson: OpenSSL ECDSA and EdDSA
Meson: Compiler setup
Meson: Summary
Meson: time_t size
Meson: time_t sign
Meson: flex and bison
Meson: Platform information
Meson: Atomics
Meson: pthread headers
Meson: pthread setname
Meson: strerror
Meson: Lua and lua.hpp
Meson: Compiler hardening features
Meson: KISS RNG
Meson: Network libraries and functions
Meson: gmtoff member of struct tm
Meson: mman.h and mmap
Meson: libsodium signers
Meson: libdecaf signers
Meson: OpenSSL libcrypto signers
Meson: Clean up main auth build file
Meson: OpenSSL libssl
Meson: GnuTLS
Meson: DNS over TLS
Meson: ipcipher
Meson: Ragel
Meson: clock_gettime
Meson: Boost
Meson: Boost program_options library
Meson: Unit Tests
Meson: Auth backend unit tests
Meson: Reproducible builds
Meson: Fuzzing targets
Meson: Python venv
Meson: Auth Sqlite3
Meson: From Git
Meson: Auth API Swagger
Meson: Auth manpages
Meson: Reorder Auth build file
Meson: dlopen
Meson: Clean up some boost and unit test handling
Meson: Auth various functions
Meson: Verbose Logging
Meson: PKCS11
Meson: GSS-TSIG
Meson: Fix issue in Summary output
Meson: Refactor some compiler hardening features
Meson: Refactor platform detection
Meson: Auth socket-dir
Meson: Auth detect modules
Meson: MySQL
Meson: ODBC
Meson: PostgreSQL
Meson: SQLite3
Meson: LDAP
Meson: cURL
Meson: Auth remote backend
Meson: CDB
Meson: Auth tinyDNS backend
Meson: Auth GeoIP backend
Meson: Boost Program Options Library
Meson: Add missing TODO item
Meson: Boost Serialization
Meson: Auth LMDB backend
Meson: Auth remote backend (with and without ZeroMQ)
Meson: Auth tools
Meson: ixfrdist
Meson: Lua records
Meson: Auth bind module
Meson: Auth pipe backend
Meson: Move flex and bison to prog-flex and prog-bison
Meson: Move ragel to prog-ragel
Meson: Handle backend modules
Meson: Preliminary Auth backend module build files
Meson: Generate the version number
Meson: Update libcrypto module outputs
Meson: Fix libdecaf include dir
Meson: Create flex and bison generators
Meson: Define HAVE_CONFIG_H
Meson: Small refactoring of how Auth modules are handled
Meson: Use enabled/disabled in libcrypto instead of yes/no
Meson: Product source and build dirs
Meson: Small refactoring to how Auth modules are built
Meson: Auth Lua2 backend build file
Meson: Auth bind backend build file
Meson: Systemd and its service file handling
Meson: Code coverage
Meson: Automatic Variable Initialization
Meson: More consistent option naming
Meson: Sanitizers
Meson: Separate dependency args from global option args
Meson: Disable some features for their meson counterpart
Meson: Malloc trace
Meson: LTO
Meson: Use builtin feature to build PIEs
Meson: Use builtin feature to handle coverage
Meson: Use builtin feature to handle sanitizers
Meson: Use builtin option to handle LTO
Meson: Archive
Meson: Cleanup main auth file
Meson: Also add global compiler arguments for C files
Meson: Auth version summary
Meson: Ragel generator
Meson: Auth backend unit tests meson module
Meson: Move -DHAVE_CONFIG_H to meson build module
Meson: More consistent file naming
Meson: Auth socket dir
Meson: Various functions needed by auth
Meson: Cleanup auth meson module imports
Meson: Toplevel includes
Meson: ipcrypt
Meson: YaHTTP
Meson: ext
Meson: Use gen-version for the meson project version
Meson: More readable compiler command
Meson: Add -Wno-ignored-attributes
Meson: Redirects in meson are passed with shell escaping
Meson: Bind backend dependencies
Meson: json11 ext
Meson: sysconfdir
Meson: libdir and pkglibdir
Meson: libpdns, libpdns_bindparser and libpdns_auth
Meson: Toplevel include directories
Meson: Fix libsystemd detection
Meson: Fix lua_records handling
Meson: detect some more functions
Meson: Set LOCALSTATEDIR as the socket dir
Meson: Turn ext/yahttp into a dependency
Meson: Build ext/json11 as a static_library
Meson: Build the auth bindbackend as a shared module
Meson: introduce libpdns and libpdns_auth
Meson: Use libpdns and libpdns_meson to build pdns_server
Meson: Bump minimum version to Debian 11's 1.0
Meson: Cleanup some TODOs
Meson: Cleanup pkcs11 module
Meson: Cleanup GSS-TSIG module
Meson: socket-dir is not specific to auth
Meson: Various functions are not specific to auth
Meson: Cleanup the various-functions module
Meson: Minor cleanups of main auth build file
Meson: Bump version to 1.2.1
Meson: License file
Meson: lua2 backend cleanup
Meson: ext/yahttp cleanup
Meson: Auth bindbackend cleanup
Meson: Replace toplevel_includes with a proper dependency
Meson: fix libpdns-* names
Meson: Cleanup atomics module
Meson: Cleanup various modules
Meson: Cleanup lua module
Meson: Cleanup lua-records module
Meson: rework and cleanup pdns/meson.build file
Meson: Cleanup ext/json11
Meson: Cleanup ext/yahttp
Meson: Cleanup systemd module
Meson: Rework dependencies handling
Meson: Cleanup bison, flex and ragel modules
Meson: Cleanup libdir and sysconfdir modules
Meson: Cleanup time_t modules
Meson: Cleanup platform module
Meson: Some cleanup in toplevel meson build file
Meson: More cleanups to the atomics module
Meson: Cleanup pthread-headers module
Meson: Cleanup pthread-setname module
Meson: Cleanup sterror_r module
Meson: Cleanup hardening modules
Meson: Cleanup the KISS RNG module
Meson: Cleanup the mmap module
Meson: Cleanup the netlibs module
Meson: Cleanup the gmtoff module
Meson: Cleanup libsodium module
Meson: Cleanup libdecaf module
Meson: Cleanup libcrypto modules
Meson: Cleanup libssl module
Meson: Cleanup ipcipher module
Meson: Cleanup GnuTLS module
Meson: Cleanup DoT module
Meson: Cleanup librt module
Meson: Cleanup boost modules
Meson: Cleanup unit test modules
Meson: Cleanup dlopen module
Meson: Cleanup reproducible builds module
Meson: Cleanup verbose logging module
Meson: Cleanup from-git module
Meson: Cleanup fuzz targets module
Meson: Cleanup auth-tools module
Meson: Cleanup python and venv module
Meson: Cleanup ixfrdist module
Meson: Cleanup ipcrypt ext module
Meson: Reorder some deps
Meson: Cleanup sanitizer modules
Meson: Cleanup misc modules
Meson: Get rid of using a global deps list
Meson: Cleanup GeoIP module
Meson: Cleanup LDAP module
Meson: Rename libpdns_bindparser to libpdns_bind_parser
Meson: Generate the sqlite3 bind-dnssec schema code
Meson: Generate swagger api and apidocfiles.h
Meson: Don't lookup the venv module for Python anymore
Meson: Rework how modules are handled
Meson: Cleanup the mysql dependency detection
Meson: Cleanup the ODBC dependency detection
Meson: Cleanup the pgsql dependency detection
Meson: Cleanup the sqlite3 dependency detection
Meson: Auth Backends: pipe
Meson: Auth Backends: gsqlite3
Meson: Auth Backends: bind
Meson: Auth Backends: gmysql
Meson: Auth Backends: godbc
Meson: Auth Backends: gpgsql
Meson: Auth Backends: LDAP
Meson: Detect ext modules before auth backend modules
Meson: Add the ext arc4random module
Meson: Cleanup the ZeroMQ module
Meson: Cleanup pdns/ submodule
Meson: Rework how modules are handled (again!)
Meson: Add threads dependencies
Meson: Add SSQLite3 to libpdns-auth
Meson: Use link_whole for backend library archive files
Meson: Properly set configuration variables for LDAP
Meson: Set HAVE_ZMQ_MSG_SEND in ZeroMQ module
Meson: Cleanup remote backend
Meson: Cleanup CDB module
Meson: Auth tinydns backend
Meson: Fix geoip module
Meson: Auth GeoIP backend
Meson: ext lmdb-safe module
Meson: link_whole ext modules
Meson: Cleanup lmdb module
Meson: Auth lmdb backend
Meson: Handle auth module dependencies on ext modules
Meson: Fix platform detection on MacOS
Meson: Fix hardening not working when PIE is disabled
Meson: Disable the auth mysql backend by default
Meson: Use link_with for ext modules
Meson: Fix lmdb-safe module linking issues
Meson: Remove direct lmdb dependency from pdns_server
Meson: Add boost dependency for auth bind and pipe backends
Meson: Various headers module
Meson: Fix bison call for MacOS
Meson: Fix strerror_r detection
Meson: Get rid of from-git subdir call
Meson: Check python PyYAML package
Meson: Separate GSS and TSIG
Meson: Cleanup dlopen module
Meson: Build pdnsutil
Meson: Don't require EVP_PKEY_CTX_set1_scrypt_salt in libcrypto
Meson: Conditionally generate dnslabeltext.cc
Meson: Conditionally generate apidocfiles.h
Meson: Conditionally generate bind-dnssec.schema.sqlite3.sql.h
Meson: Improve warning message when PIE is disabled
Meson: Improve detection of pkcs11 dependencies
Meson: Add transient dependencies for the lmdb backend
Meson: Get rid of libpdns_util_main
Meson: Properly name libraries
Meson: Build modules with all dependencies
Meson: Rely on the correct pg_config variables for Postgres
Meson: Use --version instead of --cc_version with mysql_config
Meson: Handle bindparser lexer and parser files conditionally
Meson: Minor cleanup of python module
Meson: Formatting cleanup of pthread headers module
Meson: Conditionally check for ragel for dnslabeltext.cc
Meson: Minor cleanup in mmap module
Meson: Separate python for apidocfiles and the BIND DNSSEC schema
Meson: Move flex, bison, python and ragel modules to archive
Meson: Move mmap, geoip and maxminddb detection to geoipbackend
Meson: Change strerror_r test to a C program
Meson: Move detection of tm_gmtoff to YaHTTP
Meson: Minor cleanup of pdns module
Meson: Replace global arguments with project arguments
Meson: Get rid of from_git
Meson: Restore mmap module
Meson: Split the geoip, mmdb and yaml-cpp modules
Meson: Revert the integration of detecting tm-gmtoff in YaHTTP
Meson: Get rid of the meson modules archive
Meson: Enable sqlite3 when the dep is activated by the backend
Meson: Whitespace cleanup
Meson: Use the .so prefix for backend modules on all platforms
Meson: Small cleanup of sanitizer module
Meson: Rework backend handling to fix some issues
Meson: Be more accurate with which files are built for which target
Meson: Don't fail on platforms where the linker doesn't support help text
Meson: Fail when source fortification is requested on a debug build
Meson: Better handling of relro and support full relro
Meson: Fix libdecaf's detection of header file location
Meson: libpdns sodium, libdecaf and sqlite3 support
Meson: Don't build sqlite3 support as part of libpdns base
Meson: Revert "Full RELRO" since it breaks auth backends
Meson: Fix broken backends with "Full RELRO"
Meson: Rename fortify-source to hardening-fortify-source
Meson: Remove "Full RELRO" option
Meson: Move fortify-source out of the normal set of hardening features
Meson: Hardening - Control Flow Protection
Meson: Hardening - Stack Clash Protection
Meson: Boost: Set have_boost_1_48_0 when we find boost >=1.48.0
Meson: Boost: Define BOOST_CONTAINER_USE_STD_EXCEPTIONS
Meson: protozero
Meson: Cleanup the handling of unit tests and extra tools
Meson: Add ext/luawrapper dependency
Meson: Detect C++ filesystem library
Meson: Consistent naming of dependencies wrapping generated sources
Meson: Cleanup libpdns_auth_sources
Meson: Introduce libpdns_common a shared library between all tools
Meson: Build pdns-auth-control
Meson: Small addition to libpdns_bind_parser
Meson: Move more stuff to libpdns_common
Meson: Build pdns-zone2sql
Meson: Rename libpdns_bind_dnssec_schema
Meson: Build pdns-zone2ldap
Meson: Build pdns-zone2json
Meson: Cleanup linking of pdns-util
Meson: Make building of libpdns_tsig conditional
Meson: Move libpdns-minicurl out of libpdns-lua-records
Meson: Move more files to libpdns_common
Meson: Build pdns-sdig
Meson: Move more files to libpdns_common
Meson: Build pdns-calidns
Meson: Create libpdns_cdb and use it in the tinydnsbackend
Meson: Build pdns-dumresp
Meson: Refactor the building of tools and their libraries
Meson: Build pdns-kvresp
Meson: Move more files to libpdns-common
Meson: Build pdns-stubquery
Meson: Create libpdns_dnssecinfra and libpdns_stubresolver,
Meson: Build pdns-saxfr
Meson: Rename generated source file variables
Meson: Properly add the yaml-cpp and boost-test dependencies
Meson: Cleanup pdns/meson.build
Meson: Cleanup the fuzz-targets module
Meson: Cleanup and rework the platform module
Meson: Fix dnslabeltext being generated several times
Meson: Build all auth-related tools and tests
Meson: Adapt to file renames
Meson: Minor cleanup
Meson: Fix when dep_cdb is not available
Meson: Add apidocfiles.h to libpdns_auth build
Meson: Don't make tsigutils and verifier optional
Meson: Fix apidocfiles header file generation
Meson: Fix bind DNSSEC schema generation
Meson: Build unit tests even if backend unit tests aren't enabled
Meson: Rename tsig_tests to tsig-tests
Meson: Cleanup some of the tool listings
Meson: Create a variable for every tool built
Meson: Rework the building of conditional sources
Meson: ipcipher is conditionally built by #ifdefs
Meson: lua-base4 is not optional for auth
Meson: Define BOOST_CONTAINER_USE_STD_EXCEPTIONS on the command-line
Meson: Refactor boost test handling
Meson: Refactor yaml-cpp handling
Meson: Refactor sqlite3 handling for module-gsqlite3
Meson: Minor refactor of platform detection
Meson: Refactor handling of module-lmdb dependencies
Meson: Finish refactoring of how module dependencies are handled
Meson: Rename the source file cache
Meson: Add tests for remotebackend
Meson: Cleanup naming scheme for some common libraries
Meson: Disable libssl engine support for auth
Meson: Update funnytext
Meson: Rework how ext/ is handled
Meson: Refactor the tools and build a single libpdns_common
Meson: Don't import the fs module at the toplevel
Meson: Refactor into a single file
Meson: Define HAVE_CLOCK_GETTIME
Meson: Move dnslabeltext to a separate library
Meson: Move signers-pkcs11 to a separate library
Meson: Build remotebackend tests
Meson: Avoid bare static_libraries
Meson: Fix remotebackend tests and add unit-tests-verbose option
Meson: Change how the auth testrunner test object is created
Meson: Don't add apidocfiles and bind-dnssec-schema to common sources
Meson: Separate test files from common files
Meson: Link decaf, sodium and openssl signers as whole
Meson: Minor cleanup
Meson: Create a ninja target to generate man pages
Meson: Format C++ feature test files
Meson: Fix when the LDAP module is disabled
Meson: Fix pdns-auth-util linking against backend modules
Meson: Fix when unit-tests-backends is enabled but module-remote isn't
Meson: Fix curl program lookup
Meson: Fix decaf/openssl/sodium signers build dependencies
Meson: Silence sign compare warnings for bindlexer and bindparser
Meson: Fix ssqlite3 build on MacOS
Meson: Fix missing dependency for auth testrunner
Revert "Meson: Fix missing dependency for auth testrunner"
Meson: Fix passing thread dependency on platforms that need it
Meson: Remove unit-tests-verbose and favor meson test --verbose
Meson: Use include_directories for pgsqlbackend
Meson: Improve (and fix) libdecaf detection
Meson: Rework libdecaf header file detection
Meson: Integrate libdecaf library and header detection
Meson: Fix lmdb-safe needs gettime
Meson: Add system build flag
Meson: Add basic support for systemd service file
Meson: Add systemd feature support for service files
Meson: Support pdns-auth and ixfrdist service files
Disable clang-tidy performance-avoid-endl check
Auth: Add debug logging to UeberBackend and BackendMakerClass
Meson: Move modules handling to modules/ dir
UeberBackend cleanups
Auth/meson: Don't fail if compiler doesn't support trivial-auto-var-init
Auth: Adapt backend regression tests harness to Meson builds
Meson: Integrate auth geoip backend regression test
Rename PDNS_MESON_PATH to PDNS_BUILD_PATH
Guillaume-Jean Herbiet (4):
dnsdist: Clarify server status methods and attributes documentation
dnsdist: typo in server status description
dnsdist: further clarify `Server:isUp` method
dnsdist: typo in `Server:isUp` description
Jacob Bunk Nielsen (1):
Link to existing documentation for DNSNameSet.
Jasper Spaans (1):
improve readability of affected versions in advisory 2024-02
Jindrich Roessler (1):
updated KSK and ZSK Rollover procedures, small fixes in Algorithm Rollover procedure
Josh Soref (5):
Improve issue template options
Improve rst for lua-records
Clean up SSQLite3::~SSQLite3
Allow build-tags to run on forks
Clarify workflow name
Karel Bilek (1):
Do shuffle TCP responses except *XFRs
Kees Monshouwer (5):
auth, extend the systemd startup timeout during lmdb schema migrations
auth: fix cname wildcard and other records
auth: wildcard CNAME trump other records
auth: do not disable ns records at apex in consumer zones
auth: catalog, include groups in hash calculation
Ludovic Ortega (2):
fix(doc): incorrect setting `query_local_address`
fix: replace missing query_local_address
Morten Stevens (1):
Change home directory to /var/lib/pdns
Nate Baker (1):
Allow setting notify_allowed on zones in Recursor API
Neil Cook (1):
Update Dynamic DNS Update Docs with GSS-TSIG
Nico Vaatstra (2):
Supervisor in Auth container image
Minor docs change regarding supervisord in Kubernetes
Otto Moerbeek (257):
rec: introduce command to set aggressive NSEC cache size
rec: fix time_t truncation warnings from coverity by annotating them.
The nod code sets up the SBF DBs before starting the thraed, no need for protection
Another bunch of coverity fixes
Another set of coverity fixes
Another set of coverity fixes, these are a bit more tricky
Sometimes, coverity and clang-tidy do not agree
Prep for rec-5.0.0-rc1
Fine tune EOL policy
Apply suggestions from code review
Disabling structured logging is deprecated
rec: lower default max-qperq limit.
Remove redundant word
US English
Remove redundant coverity annotation
rec: rng and entropy-source are not longer processed
Respect RUNTIME_DIRECTORY as a default for socket-dir
Use correct compile time values for the NOD and UDR dirs
Beter default value (saying "it depends") in generated docs for settings
Zap symlinks
Move mtasker.?? to recursordist
Reformat
Tidy
Move (instead of include) mtasker.cc to mtasker.hh
rec: Always set the two new vars in the Makefile, follow up to 13588
Move change to version 5.1.0
More reorg and tidy
Prep for rec-5.0.0-rc2
Prepare for rec-5.0.1 final release
Refactor RPZ download thread code
iputils: avoid unused warnings on !linux
RPZ notify
rec: Avoid raw pointers by using a referrence wrapper inside a variant
Reformat and tidy annotations
Tidy
Add test, only clear cache if the notify wasn't for an RPZ
1528464 COPY_INSTEAD_OF_MOVE
1531280 COPY_INSTEAD_OF_MOVE
Docs
1524930 COPY_INSTEAD_OF_MOVE
1524920 COPY_INSTEAD_OF_MOVE
1524908 Use of auto that causes a copy
Cleanup of code doing SNMP OID handling
Fix typos in annotations: 1524912 COPY_INSTEAD_OF_MOVE and 1524842 COPY_INSTEAD_OF_MOVE
1524889 COPY_INSTEAD_OF_MOVE
1524911 Use of 32-bit time_t
1524944 Use of 32-bit time_t
Process comments from review by @rgacogne, thanks!
Process comments from review by @rgacogne, thanks!
Rate limit the notifies per zone to max 1 per 5 sec (less if refresh is lower)
Make the refresh 1 again, to work around the new rate limiting
rec: fix YAML conversion test
rec: fix Coverity issues in new RPZ code
rec: update to cargo 1.75 and updated Cargo dependencies
Tidy filterpo.?? (reaching into iputils.hh as well).
auth: fix gss regression test
rec: tidy ResolveContext
Actually, ResolveContext is not optional
Fix async callbacks in unit tests now that ResolverContext is no longer an optional
Avoid a cases of `an exception may be thrown in function '' which should not throw exceptions (bugprone-exception-escape)`
one last lint
dnsdist: make sure we do not allocate 16-byte aligned objects through lua(jit)
Experiment
rec: CVE-2023-50387 and CVE-2023-50868
Prep for 2024-01
rec: skip a few test that depend on sidnlab's public test setup that no longer works
rec: fix the zoneToCache regression introduced by SA 2024-01
Test ZTC with root zone
rec: add thanks to Petr Spacek to SA 2024-01
rec: dnspython's API changed wrt NSID, apply (version dependent) fix in regression test
rec: log if a dnssec related limit was hit (if log_bogus is set)
rec: allocate hit data in policy on demand instead of always
Do not keep a ref to a lua config around in startup code
Also allocate custom records via unique ptr
rec: add structured logging backend that uses JSON representation
rec: tidy rpzloader.??
Allow AF_INET6 as address family for framestream/dnstap streams
tidy
less strict cling-tidy: allow const and/or ref fields in classes
rec: Don't enter wildcard qname's into the cache in the ZoneToCache function
Move #define to static const string
rec: prep for 5.0.3, 4.9.4 and 4.8.7
auth: on OpenBSD, try harder to send on a non-blocking socket
dnsdist: update to quiche 0.20.1
rec: fix Coverity 1534473 Unintended sign extension
rec: Tidy lua-recursor4.cc and lua-recursor4.hh
Make a few fields (d_gettag and friends and handle) private
Avoid label and goto in loop
Reformat
Explicit cast to do multiply in 64-bit
rec: don't throttle lame servers if they are marked as dontThrottle
rec: fix trace=fail regression and add regression test for it
ZTC regression test does not need auths
sdig: remove xpf handling
rec ci: also build a rec with all optional stuff disabled
Add a bunch of new compiler versions to the compiler list used by boost.m4
Pass 'full' to rec configure arg for codeql & clang-tidy run
dnsdist: also handle EHOSTUNRERACH as a case for reconnecting the socket
rec: fix types of two YAML settings that should be sequences of subnets
Upgrade guide entry
Tidy
Use a single NOD / UDR DB, sahred by all threads
Actually pick the newest and not the oldest file.
Apply suggestions from code review
Typo
Make snapshot write interval settable
Always check HAVE_XYZ flags with #ifdef
Fix the remaining cases of #if vs #ifdef HAVE_XYZ
rec: facility to resolve names via system resolver
selfresolve check wip
Search -lresolv (if applicable) the proper auto* way
Enable explicitly only
Avoid race setting serverID
Comments & docs
Simple test of named forward, a bit ugly as it depends on external servers
Add test to also test changing forwarder. Needs ENABLE_SUDO_TESTS
Apply suggestions from code review: typos in comments
Sort result vector of getaddrinfo
rec: remove the possiblility to disable structured logging
remove unused branch in SLOG macro (ifdef RECURSOR)
process review comments; move toTimestampStringMilli() to Logging namespace
rec: fix netmask docs wrt deprecatd isIpX() functions
Apply suggestions from code review
Remove changes var and releted method, they are unused
Make resolve check interval and self-resolve check settable
Comment fixes, some of them only made sense for the non-shared setup
Update pdns/recursordist/settings/docs-new-preamble-in.rst
Use FDWrapper, modify its reset() to return the close() return value
rec: fixup res-system-resolve.cc on FreeBSD: resolve.h needs netinet/in.h
Explain the d_cachedir_mutex is only used for protecting init() calls
rec: allow exception to proxy protocal usage for specific listen addresses
Add test for proxy exception mechanism
rec: mention rust compiler in compiling docs
Typo
rec: allow access to real/physical addresses in DNSQuestion
Add basic tests for phys addresses for both regular Lua and FFI
Reorder fields of DNSQuestion to avoid gaps
auth docs: update primary/secondary terminology
Tidy stat_t
A few type fixes, mostly cosmetical
rec docs: we do not have a query cache
rec: a name can be present already when building the cname chain
Add test for cname already present for the forward case
Name the values "interface_localaddr" and "interface_remoteaddr" instead of "phys_..."
Use consistent terminology in the proxy mapping docs
dnsdist: syslog should be enabled by default
rec: do not count RRSIGs using unsupported algorithms toward RRSIGs limit
meson: don't assume libdecaf is present when declaring dependency
Prep for Security Advisory 2024-02
Better wording
Better wording in docs from @rgacogne
dsmap_t is actually a set, rename type and a few vars
Basic handling of YAML TAs and NTAs
Tidy sortlist.??
Zap sortlist.?? symlinks, in preparation for move to recursordist
Move sortlist.?? to recursordist
YAML defs for all Lua config constructs, plus converting old-style to YAML
Use a C++ array for the well-known DS record(s)
Convert YAML to Lua config, including full test
Build active Lua config from data structure that can be supplied by either Lua or YAML
Show Lua config converted to YAML in rec_control show-yaml
(re)load Lua config from either Lua or YAML
Add --config support and validation of a few fields
Tweaks and handle trust anchors better
Basic docs of YAML specs of original Lua config
Tidy
Make a isValidHostname() callable from Rust that calls into DNSName::is_hostname()
Better cross refs in docs, formatting
Modify ZTC regression test to use YAML config
Tidy
rec: add a HTTPS, SVCB and NAPTR record types to be exportable via protobuf
rec: fix two doc examples missing a colon
Format
First pass of tidy for iputils.hh
Tidy iputils.cc
Extra tricky part: make_unique vs new
Formatting fixes
One more clang-tidy case that did not happen locally: add a cast
remove struct so that clang-format does not insists laying out the var init over three lines.
rec: followup to 14097: missed OpenBSD specfic case
Apply suggestions from code review
Explain two somewhat puzzling pieces of code in comments
Typo's in comments
rec: mention subnets are not allowed (yet) in query-local-address/outgoing.source_address
Better wording and typo
rec: prep for 20240514 releases
Check exit code of recursor
Tweaks to make LSAN work
rec: prep rec-5.1.0-alpha1
Typo in comment
rec: fix version changed for incoming.edns_padding_from and incoming.proxy_protocol_from
Also accept -15 (killed by SIGTERM) as exit code
Fix includes
Fix "var unused" warnings in tests
Tidy test
rec: report error when linux map limit is too low
Log exceptions occuring in resolving action; do not let the worker threads die
Rate limit logging for a few cases (there could be more)
Use RIAA guard for d_inrun, making sure exceptions reset d_inrun
Use LockGuarded construct
Adjust max-mthreads if vm.max_map_count is too low
Reformt
Two cases of wrong var (in code not compiled)
kern.max_map_count -> vm.max_map_count; from @phonedph1
Add upgrade guide item
If a chain is long, refuse to add more entries to it (including metrics)
Compute the auth response delay we are wiling to accept based on the number of
If the chain is old, refuse to add more entries to it
Rename authWaitTime() to make it explicit we're talking milliseconds
Introduce a random delay before processing a request that was chained
reformat
Typos
Stop doing a literal include of the SNMP MIB.
Apply suggestions from code review
rec: add a few more cases for the PB tests wrt deviceID and friends
Typo in comment
rec: improve docs on gettag() and gettag_ffi()
typo
Use actual timeout value for nsspeeds; don't throttle on short timeouts
Include "notify_allowd" in zone object produced
Add API test for notify_allowed
rec: update to rust/cargo 1.78 and updated dependencies
rec: add a few more fields to the protobuf messages
Typo in comment
rec: fix cases of copy instead of move, as reported by coverity
rec: followup to #14221: fix timeout adjust case
rec: make clippy happy
Sugggestion from @rgacogne: testing the OSLimitError case should not change behaviour
Format
Tidy
Prep for rec-5.0.6
Provide a more descriptive title for builds and leave out redundant "build"
rec: prep for rec-5.1.0-beta1
rec: document vm.max_map_count can be too low
Apply suggestions from code review
rec: make max CNAME chain length handled settable, previously fixed at 10
rec: do not add UDR field to outgoingProtobuf answer messages
rec: add nsName into outgoing protobuf request/response messages
rec: count substituted remote in case of proxy protocol
Add regression test for remote count when using proxy protocol
rec: fix TCP case for cached policy tags
Refactor test to avoid code duplciation, as suggested by @rgacogne
rec: describe (roughly) memory usage
dns.cc: use pdns::views::UnsignedCharView
Use const ref for string arg
Remove potential double SOA records if the target of a dns64 name is NODATA
rec: make names of new udr settings consistent with existing scheme
rec: allow recursor.conf file to contain YAML
Adapt Debian packaging
Adapt RH packaging
Generate no more .conf-dist file
Document the new approach of reading YAML from a recursor.conf file
Install a small YAML default config instead of one with everything commented out
rec: tweak debian install, as suggested by @zeha
Add test for duplicate SOA record in the dns64/NODATA case
Also use variable suffix for file when reloading YAML-Lua config
rec: specialize rel/rec-5.1.x branch to rec only workflows
Peter van Dijk (79):
clarify that the mssql password is not a secret
auth docs: add note about EL9 and SHA1
add ubuntu-noble build target and test it daily
one sentence per line
auth: set catalog field in gsql getAllDomains
auth-4.8.4: secpoll&docs
ixfrdist tests: refactor one function a bit
regression-tests.auth-py/clientsubnetoption.py: fix equality operator
auth-py tests: test ECS in ALIAS forwarding
only use the scope from the answer
add testECSNone
remove isValid
format dnsproxy.{cc,hh}, ednssubnet.{cc,hh}, stubresolver.cc
cleanups from clang-tidy
docs&secpoll for auth-4.9.0-alpha1
pdns-builder: update to newest, removes fakeroot usage
auth LUA createForward: allow non-hex word prefix
small refactor
tidy: avoid pointer math
tidy: fix short variable name
tidy: use .empty()
tidy: this function is not really complex, just long
fix false check positive on modified submodule
Revert "Debian Trixie builder: install fakeroot pkg"
also recognise uppercase hex
note changed query in updating.rst
reference instead of copy, and move some code for clarity
bit of formatting
getAllDomains catalog: avoid useless copy
auth LUA: new dblookup() function
auth debian: adjust option names in shipped configs
auth API: reject priority element in record, closes #12657
code review from otto, thanks
fix formatting
lmdb: remove mapasync mode, it was always a lie
auth 4.9.0-beta2: docs&secpoll
remotebackend tests: report exit value correctly
don't log from destructors, g_log might be gone already (thanks asan)
remotebackend tests: do pass empty array
remotebackend tests: use unsigned domain_id (thanks ubsan)
auth LUA dblookup: switch qtype argument to int
nits
auth debian: adjust option name in shipped postinst
fix NUL string literal
auth LUA: support returning empty set in filterForward
simplify return type usage
secpoll & docs for dnsdist 1.9.1
fix formatting
.dockerignore: adjust for https://github.com/docker/buildx/issues/850
auth-4.9.0: docs&secpoll
EOL auth 4.6
add ubuntu noble to default build targets
add pkghashes-ubuntu-noble
auth gmysql: deprecate gmysql-ssl flag, enable connection timeout
ixfrdist: use IPV6_V6ONLY on listening sockets, closes #13878
auth API cryptokeys: skip SHA1 and GOST DSes, closes #13950
pdnsutil: move GOST DSes behind verbose flag, like SHA1
add NOLINT because showZone is big
auth smysql: remove unused var
longer variable name for clang-tidy
add auth-4.9.x and dnsdist-1.9.x to daily build test
accept the complexity of this function for now
auth, rec: update option text and docs to clarify logging is to stderr, not stdout
clang-tidy: more descriptive variable name
more clang-tidy
rec: also look for __res_query symbol
fix typo
pdnsutil check-zone: accept LUA A/AAAA as SVCB address targets
auth LUA: (optionally) drop whitespace on join
security advisory 2024-02: fix formatting
auth docs, clarify that dnsupdate-require-tsig is new in 5.0
sdig.1: format example commands better
auth-4.9.1: changelog&secpoll
add entry for #14251
add 14253, add some credits
builder update: better ubuntu/deb distro naming in package versioning
auth geoipbackend: link C++ filesystem lib if necessary
auth geoipbackend meson: link C++ fs lib if needed
auth docs: remove stray backquote
Remi Gacogne (371):
dnsdist: Add an option to set the SSL proxy protocol TLV
dnsdist: Add Proxy Protocol v2 support to `TeeAction`
dnsdist: Allow setting the action from `setSuffixMatchRule{,FFI}()`'s visitor
dnsdist: Document that the `responses` metric changed in 1.8
dnsdist: Add `NetmaskGroup:addNMG()` to merge Netmask groups
dnsdist: Fix a spurious whitespace
dnsdist: Better description suggested by Otto in the documentation
dnsdist: Document the content of proxy payload added via TeeAction
dnsdist: Make the max size of entries in the packet cache configurable
dnsdist: Delint test-dnsdistpacketcache_cc.cc
dnsdist: Delint test-dnsdistpacketcache_cc.cc a bit more
dnsdist: Improve `NetmaskGroupRule`/`SuffixMatchNodeRule`, deprecate `makeRule`
dnsdist: Stop using `makeRule` in our tests
dnsdist: Document that passing a string to add*Action is deprecated
dnsdist: Apply clang-tidy comments
dnsdist: Add regression tests for the new multiple strings syntax
dnsdist: Update the example configuration, as suggested by @phonedph1
dnsdist: Clarify the passing a string/list of strings to add*Action() is deprecated
dnsdist: Add regression tests for deprecated but not yet removed items
dnsdist: Spoof a raw response for ANY queries
dnsdist: Fix clang-tidy warnings
dnsdist: Remove left-over commented code in test_Caching.py
rec: Fix a dangling reference in Lua's UDP Query Response callback
dnsdist: Add a Lua FFI way to know if the query was received over v6
dnsdist: Add a helper to hash arbitrary data from Lua FFI
dnsdist: Fix a clang-tidy warning
dnsdist: Fix a small race in the NetworkListener
dnsdist: Delint dnsdist-lua-network.cc
dnsdist: Fix a race in the async regression tests
dnsdist: Add `PayloadSizeRule`
dnsdist: Implement DNSResponseAction.Truncate and TCResponseAction()
dnsdist: Add unit tests for PayloadSizeRule
dnsdist: Fix a clang-tidy warning
dnsdist: Fix a clang-tidy warning in the rules unit tests
dnsdist: Refactor QUIC tests so that they can be used for DoQ and DoH3
dnsdist: Handle HTTP/3 error responses
dnsdist: Fix clang-tidy warnings
dnsdist: Add showDOH3Frontends()
dnsdist: Split the DoH3 event handling loop off the main one
dnsdist: More delinting of the DoH3 code
dnsdist: Allow enabling incoming PROXY protocol on a per-bind basis
dnsdist: Fix a few clang-tidy warnings
dnsdist: Delint dnsdist-tcp.cc
dnsdist: Rename 'allowProxyProtocol' to 'enableProxyProtocol'
dnsdist: Apply Otto's suggestion for the qtypeForAny parameter
dnsdist: Fix compilation issue
dnsdist: Add a cache-miss ratio dynamic block rule
dnsdist: Delint test-dnsdistdynblocks_hh.cc
dnsdist: Require a minimum cache-hit ratio in `DynBlockRulesGroup:setCacheMissRatio()`
dnsdist: More delinting
dnsdist: Format dnsdist-dynblocks.hh
dnsdist: Yet more delinting
dnsdist: No need to multiply 1.0 in cache-miss ratio dynblocks
dnsdist: Add `QNameSuffixRule`
dnsdist: Add regression tests for DNS header set/get via Lua FFI
dnsdist: Send a HTTP 400 response to HTTP/1.1 clients
dnsdist: ChangeLog and secpoll update for 1.9.0-alpha4
dnsdist: Document that `makeRule` and friends are deprecated in the upgrade guide
dnsdist: Fix formatting issues in the documentation
dnsdist: Fix documentation issues reported by Habbie
dnsdist: Fix a typo in the documentation
dnsdist: Clarify the Lua FFI DNS header set/get regression tests
dnsdist: Uh, phrasing!
tcpiohandler: Added a comment explaining the HTTP/1.1 addition to ALPN
dnsdist: Clarify that `TCResponseAction` removes all records
dnsdist: Add 13564, 13592 and 13594 to the ChangeLog
dnsdist: Fix `DynBlockRulesGroup:removeRange`'s version in the docs
dnsdist: ChangeLog and secpoll update for 1.8.3
CI: Enable more compiler hardening options during our CI run
dnsdist: Fix a bug in the TCP connection metrics
dnsdist: Fix Coverity warnings
dnsdist: Fix clang-tidy warnings in the DownstreamState bindings
dnsdist: Fix 'Bugs Fixes' -> 'Bug Fixes' in the ChangeLog
dnsdist: More clang-tidy fixes
dnsdist: Handle congested DoQ streams
dnsdist: Set the DNS over HTTP/3 default port to 443
dnsdist: Also fix the DoH3 default port in the DoH3 guide
dnsdist: Document `showDOH3Frontends`
dnsdist: Document how to advertise HTTP/3 support over HTTP/2
dnsdist: Fix alt-svc typo in the documentation example
dnsdist: Fall back to libcrypto for authenticated encryption
dnsdist: Reformat dnsdist-crypto.cc
dnsdist: Delint dnsdist-crypto.cc
dnsdist: More delinting in dnsdist-lua-bindings.cc
dnsdist: Delint dnsdist's console code
dnsdist: Fix compilation of the console
dnsdist: Split the DoQ 'readable stream' handling code to a function
dnsdist: Loop on `quiche_conn_stream_recv()` until done
dnsdist: Split DoQ 'socket readable' to a separate function
dnsdist: Split DoH3 'socket readable' to a separate function
Socket: Return the remote peer from Socket::recvFromAsync
dnsdist: Read as many DoQ packets as possible
dnsdist: Read as many DoH3 packets as possible
Socket: Prevent alloc+copy in Socket::recvFromAsync()
dnsdist: Handle early data in DoQ/DoH3
dnsdist: Try flushing egress data after processing readable streams
dnsdist: Delint DoQ and DoH3
dnsdist: Re-format doh3.cc and doq.cc
dnsdist: Avoid a few more allocations in the DoQ code
dnsdist: Clean up the Lua objects before exiting
rec: Fix the version of alabaster when building the doc
dnsdist: Fix the version of alabaster when building the doc
dnsdist: Enable PMTU discovery and disable fragmentation on QUIC binds
dnsdist: Grant unidirectional HTTP/3 streams for DoH3
ci: Update upload-artifact and download-artifact to version 4
rec: Fix a potential null deref in MTasker::schedule()
rec: Fix a clang-tidy warning in test-mtasker.cc
build-packages: Fix the handling of provenance artifacts
dnstap: Fix a missed optimization reported by Coverity
dnsdist: Fix a missed optimization reported by Coverity
dnsdist: Move the console socket instead of copying it
dnsdist: Update Quiche to 0.20.0
dnsname: Optimize parsing of uncompressed labels
dnsname: Use a view instead of pointer arithmetic in DNSName::packetParser()
dnsname: Remove a redundant comparison reported by CodeQL
dnsdist: Better error messages when failing to load the XDP map
dnsdist: Prevent a false-positive warning from the compiler
dnsdist: Add an option to easily disable XDP logging (default)
dnsdist: Pass-through TCP packets from XDP
dnsdist: Punt fragmented UDP dgrams to the kernel in xdp-filter
dnsdist: Fix parameter validation with XSK
dnsdist: Add comments to the XSK code
dnsdist: Add a `XskSocket::getMetrics()` binding
dnsdist: Fall-back to non-XSK for too large responses
dnsdist: Small cleanup of the XSK code
dnsdist: Better detection of libbpf and libxdp
dnsdist: Fix AF_XDP (XSK) detection
dnsdist: Minor clean ups in the XSK code
dnsdist: Fix a UMEM corruption in XSK
dnsdist: Cleanup of the XSK code, fixing alignment issues
dnsdist: Refactor the XSK code into a proper namespace
dnsdist: Get rid of memory allocations in the XSK hot path
dnsdist: Fix XSK between dnsdist and its backends
dnsdist: Clean up and reorganize XSK code
dnsdist: Format and delint the XSK code
dnsdist: Revert the now unneeded changes made to dnsdist-healthchecks
xdp.py: The ports set is now unused in XSK mode
dnsdist: Report the `AF_XDP` feature
dnsdist: Document the XSK feature
dnsdist: Add xsk, xskmap and umem to the spellchecker allow-list
dnsdist: Fix XSK/AF_XDP detection
dnsdist: We need the regular, non-XSK threads as well!
dnsdist: Fix a clang-tidy warning
dnsdist: Add default values for the map and number of frames in `newXsk`
dnsdist: Install libbpf and libxdp in our CI image
dnsdist: Log whether UDP queries are forwarded via XSK
dnsdist: Fix XSK over IPv6
dnsdist: Log whether we are using XSK, and which mode (native or emulated)
dnsdist: Cosmetic fixes for XSK
dnsdist: Refactor XSK support between dnsdist and the backends
dnsdist: Properly delay response packets in incoming-only XSK mode
dnsdist: Clear the XSK responder notification queue right away
dnsdist: Enable XSK (AF_XDP) on supported OSes
dnsdist: Hopefully fix building with/without XDP in CI
dnsdist: Switch to Debian 12 for our Docker image, enable XSK
dnsdist: Relax file descriptor check for XSK-enabled backends
dnsdist: Fix warnings from clang-tidy
dnsdist: Implement proper parameters handling in the XDP helper
dnsdist: Fix more clang-tidy warnings
dnsdist: Update the XSK documentation for recent changes
spell-check: Allow libxdp
dnsdist: ChangeLog and secpoll update for 1.9.0-rc1
dnsdist: Properly detect whether `bpf_xdp_query` is available
dnsname: Remove useless resize, we always resize again right after it
dnsname: Use `static_cast` instead of C-style casts
dnsdist: Add a fuzzing target for the XSK code
dnsdist: Fix formatting of fuzz_xsk.cc
ci: Exclude the fuzzing/corpus dir from the 'no binary files' check
dnsdist: The 1.9.0-rc1 release has been moved to the 30th
dnsdist: Apply Charles-Henri's suggestions (thanks!)
dnsdist: Fix typos in the AF_XDP documentation
dnsdist: Document AF_XDP's limitations
dnsdist: Better handling of short, non-initial QUIC headers
dnsdist: Fix a warning reported by Coverity
dnsdist: Improve the documentation around TLS certificates and keys
dnsdist: Refactor the rules (selectors and actions) documentation
dnsdist: Add regression tests for eBPF blocks (static / dynamic)
dnsdist: Enable eBPF regression tests in our CI
dnsdist: Reduce the timeout on Dynamic Block tests expected to fail
dnsdist: Preserve 'LLVM_PROFILE_FILE' in sudo-enabled regression tests
dnsdist: Add a Lua maintenance hook
dnsdist: Clear the Lua maintenance callbacks before exiting
dnsdist: Apply suggestions from code review, delint
dnsdist: Implementation reloading of TLS certs/keys for DoQ and DoH3
dnsdist: Document certs/keys reloading for DoQ and DoH3
dnsdist: Add a regression test for DoQ certs/keys reloading
dnsdist: Delint the 'reloadCertificates' methods
dnsdist: Fix an issue spotted by TSAN: we need to use atomic_load_explicit along with atomic_store_explicit
dnsdist: Fix newServerPolicy, add regression tests for custom policies
dnsdist: Prevent useless allocation+copy in `setPoolServerPolicy`
dnsdist: Fix a missing explicit atomic load of the Quiche configuration
dnsdist: Fix performance inefficiencies reported by Coverity
dnsdist: Clarify that setSuffixMatchRule blocks per suffix, not labels
dnsdist: ChangeLog and secpoll update for 1.9.0 final!
dnsdist: Fix outdated definition for `addMaintenanceCallback()`
dnsdist: Move `linux/*.h` headers to xsk.cc to fix warnings
dnsdist: Update the EOL statements
dnsdist: Fix the EOL statements (c/p paste mistake from the Recursor)
rec: Fix gathering of denial of existence proof for wildcard-expanded names
rec: Add a unit test for the gathering of denial of existence proof for wildcard-expanded names
dnsdist: Fix HTTP/1 -> HTTP/2 mistake in the upgrade notes
rec: Fix clang-tidy warnings
rec: Apply Otto's suggestions
dnsdist: Use a view for parsing ALPN data, add a regression test
Add missing views.hh reference in the Makefiles
dnsname: Fix formatting issue
dnsdist: Remove symbolic links for dnsdist-specific files
dnsdist: Move dnsdist-specific files
dnsdist: Format moved files
dnsdist: Delint dnsdist-carbon.cc
dnsdist: Delint dnsdist-cache.cc
dnsdist: Delint test-dnsdistpacketcache_cc.cc
dnsdist: Delint dnsdist-dnscrypt.cc
dnsdist: Delint test-dnsdist_cc.cc
dnsdist: Delint dnsdist-dynbpf.cc
dnsdist: Delint dnsdist-lua-actions.cc
dnsdist: Delint dnsdist-lua-bindings-dnsquestion.cc
dnsdist: Delint dnsdist-lua-bindings.cc
dnsdist: Delint dnsdist-lua-rules.cc
dnsdist: Delint dnsdist-lua-inspection.cc
dnsdist: Delint dnsdist-rings.cc
dnsdist: Fix formatting in dnsdist-lua-bindings-dnsquestion.cc
dnsdist: Delint dnsdist-lua.cc and dnsdist-snmp.cc
dnsdist: Delint dnsdist-protocols.cc
dnsdist: Delint dnsdist-lua-vars.cc
dnsdist: Fix formatting issues
dnsdist: Delint dnsdist-ecs.cc
dnsdist: Delint dnsdist-web.cc
dnsdist: Delint dnsdist-xpf.cc
dnsdist: Delint dnsdist.cc
dnsdist: Delint dnsdist-protobuf.cc
dnsdist: Move dnsdistconf.lua to dnsdistdist/
dnsdist: Remove dangling sodcrypto.cc and sodcrypto.hh symbolic links
dnsdist: Return the correct TLS provider for DoQ and DoH3 frontends
dnsdist: Simplify the handling of rule chains
validate: Remove unused harvestCSPFromRecs()
dnsdist: Fix clang-tidy warnings
dnsdist: Fix first IPv6 console connection being rejected
dnsdist: Add a regression test for IPv6 console connections
dnsdist: Properly handle a failure of the first lazy health-check
dnsdist: Fix exponential backoff computation in edge cases
dnsdist: Fix XSK-enabled check when reconnecting a backend
dnsdist: Shrink InternalQueryState's size by reordering its fields
dnsdist: Add a new response chain for XFR responses
misc: Implement pdns::UniqueFilePtr
dnsdist: Switch to `pdns::UniqueFilePtr`
rec: Switch to `pdns::UniqueFilePtr`
auth: Switch to `pdns::UniqueFilePtr`
Mark the `pdns::UniqueFilePtr` deleter `const noexcept`
Fix clang-tidy warnings
Add `pdns::openFileForWriting()` to control permissions when creating a file
Fix clang-tidy warnings, again
dnsdist: Properly account the failure to forward a query to a backend
dnsdist: Document that cache hits go into the ring buffer since 1.8.0
auth: Wrap SSql pointers in a unique pointer earlier
Move the version (and hashes) of external dependencies to JSON files
Add license, publisher information to the external deps data
Fix recursor builds: we now require `jq` during the `dist` phase
Fix recursor builds: fix invalid path for builder-support/helpers
Attempt to generate SBOMs after building packages
Hopefully fix SBOM generation
Disable SBOM generation on el-7 (almost EOL), fix it on el-8
Fix syntax errors
SBOM: Fix the builder target variable
rec: Correctly count NSEC3s considered when chasing the closest encloser
SBOM: Dynamically generate the list of auth-related packages
dnsdist: Increase the HTTP/1.1 query counter when DoH with 1.1 ALPN
dnsdist: Remove commented out include directive
dnsdist: Properly increase the HTTP connections counter w/ nghttp2
dnsdist: Add a regression test for DoH connection counters
dnsdist: Fix formatting in dnsdist-nghttp2-in.cc
dnsdist: Support "no server available" result from Lua FFI LB policies
dnsdist: Fix a null-deref in incoming DoH w/ nghttp2
dnsdist: Release incoming TCP connection right away on backend failure
dnsdist: Release failed TCP backend connections more quickly
FDWrapper: Do not try to close negative file descriptors
dnsdist: Add a new query rules chain triggered after a cache miss
dnsdist: Add regression tests for the new cache-miss rules chain
dnsdist: Clarify how to return 'no server available' from the FFI policies
dnsdist: Fix clang-tidy warnings
dnsdist: Delint test-dnsdistlbpolicies_cc.cc
FDWrapper: Always reset the internal descriptor to -1
auth: Wrap backend factories in smart pointers
auth: Properly finalize PKCS11 modules before releasing them
ci: Enable LeakSanitizer during dnsdist and recursor unit tests
dnsdist: Update ChangeLog and secpoll for DNSdist 1.9.2
auth: Use smart pointers in the remote backend unit tests
dnsdist: Document how to generate a console key without dnsdist
dnsdist: Document the `-C /dev/null` trick to generate a key as well
dnsdist: Fix "C++ One Definition Rule" warnings in XSK
dnsdist: Fix a crash in the Downstream TCP handler
dnsdist: Update secpoll and ChangeLog for 1.9.3
dnsdist: Fix DNS over plain HTTP broken by `reloadAllCertificates()`
dnsdist: Update tuning/design documentation for DoQ and DoH3
dnsdist: Use the correct source IP for outgoing QUIC datagrams
dnsdist: Add regression for destination address harvesting with QUIC
dnsdist: Fix clang-tidy warnings
auth: Remove trailing tab in builder-support/specs/pdns.spec
dnsdist: Change home directory to /var/lib/dnsdist on EL-based OSs
rec: Change home directory to /var/lib/pdns-recursor on EL-based OSs
dnsdist: Fix home directory location comment in the EL spec
rec: Fix home directory location comment in the EL spec
dnsdist: Fix a crash in incoming DoH with nghttp2
dnsdist: Update Quiche to 0.21.0
dnsdist: Reply to HTTP/2 PING frames immediately
dnsdist: Fix TCP I/O timeout and callback being used for HTTP/2
dnsdist: Log the correct amount of bytes sent for DoH w/ nghttp2
dnsdist: Make `IncomingTCPConnectionState::updateIOForAsync`
dnsdist: Simplify IncomingTCPConnectionState::updateIO()
dnsdist: Enable memory leak detection in CI during regression tests
dnsdist: Detect memory leaks during regression tests in CI
dnsdist: Implement an "atExit" Lua callback to clean up leftovers
dnsdist: Suppress a warning from TSAN about our signal handler
build-packages: Update download-artifact to v4
dnsdist: Update the secpoll zone and the ChangeLog for 1.9.4
dnsdist: Fix handling of XFR requests over DoH
dnsdist: Add security advisory 2024-03 for DNSdist
dnsdist: Fix the PR number in the ChangeLog
dnsdist: Fix a warning when compiling the unit tests without XSK
dnsdist: Prevent a race when calling `registerWebHandler` at runtime
dnsdist: Clean up DynBlock defaults
dnsdist: Add the ability to set tags from dynamic block rules
dnsdist: Add a regression test for the Dynamic cache miss ratio case
dnsdist: Add a SetTag dynamic rule action
dnsdist: Add a regression test for Dynamic rules SetTag action
dnsdist: Fix formatting
dnsdist: Handle dynamic rules' tag action from Lua
dnsdist: Handle dynamic rules addition with the new tag action from Lua FFI
dnsdist: Document the new tag action options for dynamic rules
dnsdist: Fix clang-tidy warnings
dnsdist: Remove XPF support
dnsdist: Get rid of assert()
auth: Fix memory leaks in the bind file format parser
Delint the DNSCrypt code base
dnsdist: Remove DNSCrypt symbolic links
dnsdist: Move the DNSCrypt files to pdns/dnsdistdist/
dnsdist: Format DNSCrypt code
rec: Skip NSEC records signed by a subzone when validating a denial proof
rec: Check denial in positive {C,D}NAME answers expanded from a wildcard
auth: Enable LeakSanitizer while running the unit tests in CI
dnsdist: More delinting in test-dnscrypt_cc.cc
dnsdist: Reformat dnsdist-lua-bindings-dnscrypt.cc
dnsdist: Delint dnsdist-lua-bindings-dnscrypt.cc
auth: Fix a memory leak report in the distributor unit tests
dnsdist: Document that 'tagValue' can be omitted for tag actions
dnsdist: Hopefully make the "passing the source a…- Loading branch information
