upstream/knot-dns
1
0
Fork 0
mirror of https://gitlab.nic.cz/knot/knot-dns.git synced 2026-05-19 08:32:22 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions
16169 commits 152 branches 210 tags 61 MiB
Commit graph

12176 commits

Author SHA1 Message Date
Daniel Salzman
4356bd8da1 kzonesign: fix typo 2020-08-14 12:26:38 +02:00
Daniel Salzman
1e1a972b6c kzonesign: unify program parameters 2020-08-14 09:54:53 +02:00
David Vašek
07c4f3462a utils: properly initialize the time zone for libc functions where needed 
The initialization is needed for localtime_r(3) libc function to work reliably on all platforms.
 2020-08-14 09:20:46 +02:00
Daniel Salzman
99e99779ee sem check: fix memory leak 2020-08-11 19:25:46 +02:00
Daniel Salzman
7be944b5a0 Merge branch 'kzonecheck_optimize' into 'master' 
sem check: skip crypto if keytag mismatch

Closes #688

See merge request knot/knot-dns!1166
 2020-08-11 14:41:05 +02:00
Libor Peltan
6566324f8d sem check: skip crypto if keytag mismatch 2020-08-11 14:20:30 +02:00
Libor Peltan
bc0e5b25f1 catalog: add catalog-role option to distinguish 'generate' and 'member' roles in the future 2020-08-11 13:50:34 +02:00
Daniel Salzman
9d471ebb8a kxdpgun: improve traffic summary 2020-08-10 14:00:59 +02:00
Daniel Salzman
32860af546 tcp-handler: set CPU affinity 2020-08-09 18:05:30 +02:00
Daniel Salzman
416493fb44 knotd: add socket BFP filter to TCP sockets 2020-08-09 17:40:38 +02:00
Daniel Salzman
56dce5f162 server: mute Valgrind error "Syscall param socketcall.setsockopt(optval) points to uninitialised byte(s)", code cleanup 2020-08-09 17:40:38 +02:00
Daniel Salzman
8d8d149637 keymgr: update blank configuration to new schema 2020-08-07 21:37:06 +02:00
Daniel Salzman
41048099b6 log: add timezone to timestamp for non-syslog streams 2020-08-07 20:54:59 +02:00
Jan Hak
2277aef1b1 knotd: add socket BFP filter for perfect CPU locality 2020-08-07 20:48:49 +02:00
Daniel Salzman
87e4342138 kzonesign: complete help, tiny code unification 2020-08-07 16:08:58 +02:00
Daniel Salzman
58a3a5ae21 kzonesign: move from sbin to bin 2020-08-06 20:54:16 +02:00
Libor Peltan
b3107054c2 kzonesign: renamed from ksignzone 2020-08-06 20:54:16 +02:00
Libor Peltan
3c1928a5f6 kzonesign: support for fake timestamp 2020-08-06 20:54:16 +02:00
Libor Peltan
401521222e ksignzone implemented 2020-08-06 20:54:16 +02:00
Libor Peltan
de68c49765 kxdpgun: display response data rate 2020-08-05 14:27:20 +02:00
Libor Peltan
984932ff5f kxdpgun: fix units to pps... 
...because qps makes no sense for responses
 2020-08-05 13:09:09 +02:00
Libor Peltan
240e5a3fbc kxdpgun: renamed from knot-xdp-gun 2020-08-04 18:50:24 +02:00
Daniel Salzman
59d2b2960a dnssec validation: enable junk NSEC3 with... 
...same salt, but different iterations count
 2020-08-03 16:08:28 +02:00
Daniel Salzman
495fb8ea77 nsec-chain: remove NSEC3PARAM check from bitmap_add_node_rrsets() 
The check seems obsolete.
 2020-08-03 16:08:28 +02:00
Libor Peltan
3a51170795 dnssec validation: disable AXFR failover if validation failed 2020-08-03 16:08:28 +02:00
Libor Peltan
89b78370d3 bugfix: refresh: proper error code instead of KNOT_EPROCESSING 2020-08-03 16:08:28 +02:00
Libor Peltan
9f53bb6cd5 DNSSEC validation: allow garbage NSEC3 nodes... 
...more precisely, if zone has NSEC3 tree, allow any NSEC3 records with different salt
this is useful for checking zones with slow-resalt
 2020-08-03 16:08:28 +02:00
Libor Peltan
b8fe253f62 implemented dnssec validation of updates 2020-08-03 16:08:28 +02:00
Libor Peltan
7ad85976ab xdp gun: completely ignore different incomming traffic 2020-07-30 16:33:07 +02:00
Libor Peltan
d643fc7acf xdp-gun: parameter for CPU affinity setting 2020-07-30 14:37:35 +02:00
Libor Peltan
9e53ccb853 xdp gun: use constant trans id to distinguish junk traffic 2020-07-30 09:05:08 +02:00
Daniel Salzman
91110a34b9 xdp-gun: set CPU affinity of threads to first N CPUs 2020-07-28 15:08:58 +02:00
Libor Peltan
90c5d46bfe dnssec: fix setting revoked flag 2020-07-24 12:22:53 +02:00
Libor Peltan
b6c6194209 catalog: fix handling nonexistent catalog config option 2020-07-24 12:22:53 +02:00
Libor Peltan
c35ceb1d6a knotc reload: check for non-loaded zone when replanning after reload 2020-07-24 12:22:53 +02:00
Libor Peltan
42048df575 catalog: bugfix: save to catalog DB even reconf change 2020-07-20 13:32:55 +02:00
Daniel Salzman
46d91a7c53 conf: use static buffer instead of dynamic memory for catalog name 2020-07-19 19:35:30 +02:00
Libor Peltan
975cc4e472 nameserver: don't ignore parsing errors, answer FORMERR 
the trick: decreasing 'parsed' throws FORMERR in process_query_out()

the issue: Knot answered NOERROR on query with 2x OPT
 2020-07-17 17:15:53 +02:00
Daniel Salzman
76129f8071 Merge branch 'requestor_error_reporting' into 'master' 
Requestor and other error reporting, XFR failover logic, document needed file descriptors

See merge request knot/knot-dns!1152
 2020-07-17 10:49:48 +02:00
David Vašek
981dd27bb8 refresh: more detailed IXFR-to-AXFR failover logic 2020-07-17 10:29:10 +02:00
Daniel Salzman
9bd6564b21 Merge branch 'ksk_state_revoked' into 'master' 
Ksk state revoked

See merge request knot/knot-dns!1153
 2020-07-17 10:23:03 +02:00
Libor Peltan
ac8fb6450e DS push: bugfix: cleanup timers after successful push 2020-07-17 10:12:52 +02:00
Libor Peltan
1ad6ddf0d0 dnssec: implemented RFC 5011 KSK revoked state 
...only for manual key management
 2020-07-17 10:12:52 +02:00
David Vašek
ee351882aa libknot/error: allow to set a default error for knot_map_errno*() function calls 
Also, change the default Knot error (for errnos not in the mapping table) from
KNOT_ERROR (-1000) to a new value KNOT_ERRNO_ERROR (-500). The aim is to distinguish
between DNS logic errors and the underlying OS (syscall and library) errors.
 2020-07-17 10:08:49 +02:00
David Vašek
8742bb7f1b libknot/error: add support for more system errors 2020-07-17 10:08:49 +02:00
David Vašek
83e07d9262 requestor: report real error when creating and connecting a socket 2020-07-17 10:08:49 +02:00
Daniel Salzman
5f3d563e27 https: mute some warnings about printf argument mismatch 2020-07-16 15:45:22 +02:00
Libor Peltan
2d19b4099c catalog: fixed handling of catDB transactions 2020-07-16 13:06:07 +02:00
Daniel Salzman
36794204c5 keymgr: improve error message from import-bind if a file error 
The primary problem is that zs_set_input_file() always returns ZS_FILE_OPEN
for open() error, so it's impossible to distinguish between file name
and permission errors for example.

closes #683
 2020-07-15 18:41:17 +02:00
Libor Peltan
9ca1a4e083 keymgr: fake configuration quoting kasp_db path 
...this was found when running tests-extra in a loop,
having a hashtag in server path
 2020-07-13 20:07:09 +02:00
Libor Peltan
927f470fb1 catalog: more code comments 2020-07-13 20:07:09 +02:00
Libor Peltan
a2fb1c9b27 catalog: fix parallel access to cat->txn->cur_val etc 2020-07-13 20:07:09 +02:00
Libor Peltan
8404eb2816 catalog: use short-term RW transactions 2020-07-13 20:07:09 +02:00
Daniel Salzman
8c8a6c7be6 kcatalogprint: improve output 2020-07-13 20:07:09 +02:00
Daniel Salzman
e060ea893b utils: tiny code unification 2020-07-13 20:07:09 +02:00
Daniel Salzman
9285d480c1 catalog: unify API names 2020-07-13 20:07:09 +02:00
Libor Peltan
00f774df10 catalog: only allow normal queries to catalog zone over TCP 2020-07-13 20:07:09 +02:00
Libor Peltan
9e01ffdce0 catalog: check catalog zone version 2020-07-13 20:07:09 +02:00
Libor Peltan
2a27c5023b catalog: only take PTRs from 'zones' subtree 2020-07-13 20:07:09 +02:00
Libor Peltan
be1e052f9f catalog: added kcatalogprint utility 2020-07-13 20:07:09 +02:00
Libor Peltan
d533f3ee6b catalog zones implemented 2020-07-13 20:07:09 +02:00
Daniel Salzman
17957dde10 xdp-gun: import popenve from contrib to remove libcap-ng dependency for all utilities 2020-07-13 13:18:00 +02:00
Libor Peltan
c1207aafc7 Revert "xdp-gun: routing to loopback iface" 
This reverts commit 2d92925b29535633d0f4825f1a02cb3a54b3b84e.
 2020-07-13 13:18:00 +02:00
Libor Peltan
f76993a637 xdp-gun: summarize answers' rcodes 2020-07-13 13:18:00 +02:00
Libor Peltan
c10e90b33c xdp-gun: routing to loopback iface 2020-07-13 10:47:32 +02:00
David Vašek
655919453e xdp-gun: change internal exit statuses of child process, add comments 2020-07-13 10:47:32 +02:00
David Vašek
71d20c917c xdp-gun: mimick the popen() function a little more closely 2020-07-13 10:47:32 +02:00
Libor Peltan
637fcaf6ae xdp-gun: drop capabilities from subprocess ip 2020-07-13 10:47:32 +02:00
Libor Peltan
e507fb11e2 xdp-gun: use safer alternative of popen because being root 2020-07-13 10:47:32 +02:00
Daniel Salzman
b8f48e978c libknot/eth.c: remove UTF-8 BOM 2020-07-10 14:59:05 +02:00
David Vašek
d5b63c2036 zone: improved logging when master is not usable 
If the preferred master address fails, emit warning immediately.
When trying the configured masters by the list later, warn about the preferred
master only if it has been tried again (i.e. on another of its addresses).
 2020-07-08 15:12:36 +02:00
Jan Hak
3eff84e998 kdig: add documentation for DoH 2020-07-02 10:57:11 +02:00
Jan Hák
a5e44c3b23 kdig: add DoH support 2020-07-02 10:57:11 +02:00
Jan Hák
2181a14a39 contrib: import url-parser 2020-07-01 20:33:00 +02:00
Jan Hak
53642ae50c contrib: add base64url encoder and decoder 2020-07-01 20:33:00 +02:00
Jan Hák
47b94ea6d6 doh: added HTTP library to configuration file (automake) 2020-07-01 20:33:00 +02:00
Daniel Salzman
11161a5b56 ajust: mute false-positive gcc warning 'argument to variable-length array may be too large' 2020-06-30 14:23:16 +02:00
Daniel Salzman
6df80b232a ctl: replace dynamic allocation with global buffers 
In the case of many zones, control operations over all zones took lots of memory.
 2020-06-17 14:01:32 +02:00
Libor Peltan
86893f0547 dnssec: improve too general error codes and messages 2020-06-15 09:37:00 +02:00
Robert Edmonds
c7d34d94ec kdig: add +[no]opttext option 
This commit adds a kdig flag +opttext that attempts to print unknown
EDNS options as text if all of the octets are printable characters. If
any octets are not printable, the whole option will be printed in
hexadecimal, as if the +opttext option were not specified.
 2020-06-04 22:11:32 -04:00
Daniel Salzman
4bc18d2b90 Merge branch 'fix_roll_ttl_change' into 'master' 
dnssec: bugfix: key rollovers timing according to real TTLs

See merge request knot/knot-dns!1146
 2020-06-03 13:55:01 +02:00
Libor Peltan
7528fee462 dnssec: bugfix: key rollovers timing according to real TTLs 
It's necessary to save the DNSKEY TTL and zone maximal TTL
at the time of previous rollover step, so that the next
step corresponds with TTLs in resolvers' caches.
 2020-06-03 11:50:21 +02:00
Libor Peltan
9adc992cd7 conf: allow configuring acl with a remote 2020-06-03 09:22:37 +02:00
Libor Peltan
878dc57794 onlinesign: bugfix: dont promote NXDOMAIN to NOERROR if not signed 2020-06-02 13:30:08 +02:00
Daniel Salzman
19d7d1fa34 xdp-gun: improve stability, log temporary errors instead of immediate program exit 2020-06-01 09:36:11 +02:00
Daniel Salzman
44284f8005 xdp-gun: fix Clang analyzer warning + tiny code cleanup 2020-06-01 09:35:02 +02:00
Daniel Salzman
9f1cc32c10 xdp-gun: rename to knot-xdp-gun 2020-05-31 10:49:11 +02:00
Daniel Salzman
8b2ee368fb xdp-gun: improve popen return handling to mute Clang analyzer 2020-05-31 09:17:13 +02:00
Libor Peltan
e3a89be7e7 xdp-gun: proper cli options 2020-05-31 09:17:13 +02:00
Libor Peltan
9b9c353ff3 xdp-gun: enable send-only mode to speed-up 2020-05-31 09:17:13 +02:00
Libor Peltan
c17b8e3317 dnssec: bugfix: CSK->K+ZSK scheme rollover ends too early 2020-05-29 11:03:24 +02:00
Daniel Salzman
8f32f1503c query_module: fix possbile NULL pointer dereference in knotd_mod_stats_free 2020-05-27 13:35:21 +02:00
Daniel Salzman
af5a85d8a6 query_module: unify function parameter names to make Doxygen happy 2020-05-27 13:35:21 +02:00
Daniel Salzman
944d446a90 adjust: refactor zone_adjust_tree_parallel 2020-05-26 20:36:06 +02:00
Daniel Salzman
5bf063d6ff adjust: rename arg args in zone_adjust_tree_parallel 2020-05-26 20:24:57 +02:00
Libor Peltan
8baec1ec4c adjust: no point in parallelizing this one 2020-05-26 19:28:13 +02:00
Libor Peltan
1db21180ee adjust/parallel: also when incremental re-salt 2020-05-26 19:28:13 +02:00
Libor Peltan
f62542080c adjust/parallel: also parallelize when changed_nodes tree exists 2020-05-26 19:28:13 +02:00
Libor Peltan
8dc81831ef implemented parallel adjusting 2020-05-26 19:28:13 +02:00
Libor Peltan
415ecd606a bugfix: new_cont -> max TTL == 0 during roll-over 2020-05-22 14:09:16 +02:00
Daniel Salzman
7df573e45e libdnssec/tsig: mute warning: cast to smaller integer type 2020-05-17 17:24:56 +02:00
Libor Peltan
c68e26e450 stats/performance: per-thread counters 2020-05-15 13:45:01 +02:00
Daniel Salzman
9838a0953f internet: refactor put_answer 2020-05-12 17:09:14 +02:00
Daniel Salzman
20df0fe9b9 knotd: remove obsolete KNOTD_QUERY_FLAG_LIMIT_ANY flag 2020-05-12 16:29:38 +02:00
Libor Peltan
ee55050821 onlinesign: proper handling of new ANY approach 2020-05-12 16:29:38 +02:00
Libor Peltan
2e32cbe528 nameserver: answer type RRSIG with just one RR 
more precisely, the first RRSIG is chosen and added are all RRSIGS covering the same type
 2020-05-12 16:06:54 +02:00
Libor Peltan
40385080a5 ANY over TCP returns one random RRSet not all 2020-05-12 15:38:57 +02:00
Jan Hak
d4ec3a3aa8 contrib: remove embedded LMDB 2020-05-11 22:14:44 +02:00
Daniel Salzman
8f3084d3c2 contrib: force using embedded LMDB 2020-05-11 22:03:17 +02:00
Daniel Salzman
128c942020 contrib: prepare for embedded LMDB removal 2020-05-11 21:52:10 +02:00
Daniel Salzman
96f17d6ba6 xdp: add KNOT_XDP_LOAD_BPF_ALWAYS_UNLOAD mode 2020-05-11 08:12:04 +02:00
Daniel Salzman
70c245d587 modupd: fix heap-buffer-overflow for XDP access 2020-05-09 09:31:41 +02:00
Daniel Salzman
c7e82db67f udp-handler: add missing return to a non-void function 2020-05-05 13:34:22 +02:00
Daniel Salzman
9a766892d6 libknot: fix not-installed libknot.h 2020-05-05 13:24:25 +02:00
Daniel Salzman
530293263b Merge branch 'zone_size_xfr' into 'master' 
refresh: removed redundant size check (better in zone_update_commit)

See merge request knot/knot-dns!1131
 2020-05-02 08:16:27 +02:00
Libor Peltan
46cd6b21d7 refresh: removed redundant size check (better in zone_update_commit) 2020-05-01 20:52:19 +02:00
Libor Peltan
197314d451 ANY: when UDP, always answer with one RRSet 2020-05-01 20:14:03 +02:00
Daniel Salzman
a6a50fe1c8 Merge branch 'kjournalprint_rdonly' into 'master' 
kjournalprint: open LMDB completely RDONLY

See merge request knot/knot-dns!1130
 2020-05-01 17:26:26 +02:00
Libor Peltan
5d0aa029ae kjournalprint: open LMDB completely RDONLY 2020-05-01 14:56:40 +02:00
Libor Peltan
b66cf6518f bugfix: skip_crypto not effective after FULL update 2020-04-30 17:36:11 +02:00
David Vašek
642373f038 contrib/net: try to catch misbehaving Valgrind 2020-04-29 16:55:25 +02:00
David Vašek
58045d51e5 contrib/net: when sending data, reflect other transient errors as well 2020-04-29 16:55:25 +02:00
Libor Peltan
8a051f2a05 xfr: secret option to send XFR w/o EDNS 2020-04-29 14:31:20 +02:00
Libor Peltan
dba419df85 bugfix: proper handling of nsec3 tree created during incremental update 2020-04-28 21:15:09 +02:00
Daniel Salzman
41bbd5ddc8 Revert "xdp: remove KNOT_XDP_LOAD_BPF_NEVER mode, which is not used" 
This reverts commit 588e384d4a.

The mode really is used!
 2020-04-28 16:19:05 +02:00
Daniel Salzman
47c576eb79 xdp-gun: mute 'warning: suggest braces around initialization of subobject' 2020-04-28 15:51:31 +02:00
Daniel Salzman
9e2f188384 xdp: mute 'warning: unused variable' if NDEBUG 2020-04-28 15:49:52 +02:00
David Vašek
3e520827bb geoip: don't process another geoip module if a CNAME/DNAME record has been found 2020-04-28 15:44:01 +02:00
David Vašek
b10ca5564b doc/geoip: fix a typo 2020-04-28 15:44:01 +02:00
Daniel Salzman
69e192eaf2 Merge branch 'bitfehler/geoip-cname' into 'master' 
geoip: trigger CNAME chain resolution

See merge request knot/knot-dns!1122
 2020-04-25 19:57:36 +02:00
Daniel Salzman
d338704f74 ctl: increase listen backlog to 5 
When a control client reaches its timeout or is interrupted, the connection isn't
closed by the server immediately. So another connection attempts can be forbiden
with the error "OS lacked necessary resources". By increasing the listen backlog
such a situation is less probable to happen.
 2020-04-25 19:35:14 +02:00
Conrad Hoffmann
903613b8d4 geoip: trigger CNAME chain resolution 
Currently, when the geoip module returns a CNAME, knot will not resolve
it any further, even if it is within its authority. This forces clients
or recursors to issue an additional request to resolve the CNAME.

This commit enables the module to take advantage of knot's chain
resolution by updating the query data with the returned CNAME and
returning KNOT_IN_STATE_FOLLOW instead of KNOT_IN_STATE_HIT, which will
let knot to continue with the processing as it would for regular CNAME
results.
 2020-04-23 19:40:04 +02:00
Conrad Hoffmann
4a5fb64e85 geoip: stricter validation of CNAME usage 
The geoip module does not validate the semantic validity of views, such
as that a CNAME cannot occur along with any other record. It will take
care to only return the right type in any given response, but this can
still lead to inconsistent results. Furthermore, one can supply two
CNAMEs in a view, and the module will write both of them into a
response.

This adds some input validation to tighten the rules of what the module
will accept as valid configuration, specifically that a CNAME cannot
occur along any other record in a view. This prevents ambiguities that
might otherwise arise in the query processing.

The additional storing of the domain name in case of a CNAME was chosen
in anticipation of using it for enabling CNAME chaing resolution,
implemented seperately.
 2020-04-23 19:40:04 +02:00
Daniel Salzman
63951a9e9e xdp-gun: some fixes (Coverity) 2020-04-23 16:27:35 +02:00
Daniel Salzman
588e384d4a xdp: remove KNOT_XDP_LOAD_BPF_NEVER mode, which is not used 2020-04-23 15:28:43 +02:00
Daniel Salzman
fd0b8e0746 conf: disallow binding to port 0 2020-04-21 18:43:10 +02:00
Libor Peltan
d48bbe50c9 xdp-gun: support for target IP in other subnet 2020-04-21 18:43:10 +02:00
Daniel Salzman
bb6f385390 ddns: return SERVFAIL to updates over XDP (not supported) 2020-04-21 18:43:10 +02:00
Daniel Salzman
fb39584314 knotd: add XDP message context to qdata, fix module queryacl 2020-04-21 18:43:10 +02:00
Daniel Salzman
498892a3e6 libknot: fix conditional includes in libknot.h 2020-04-21 18:43:10 +02:00
Daniel Salzman
df81abc701 knotd: server improvements relating XDP 2020-04-21 18:43:10 +02:00
Daniel Salzman
523925d954 knotd: XDP cleanup; improved configuration; resolved TODOs 2020-04-21 18:43:10 +02:00
Daniel Salzman
c193cf95c9 xdp-gun: remove dead code 2020-04-21 18:43:10 +02:00
Daniel Salzman
35b7af4947 xdp-gun: replace strncpy with strlcpy 2020-04-21 18:43:10 +02:00
Daniel Salzman
011d0d3cf5 xdp: move if_queue from knot_xdp_socket to kxsk_iface 2020-04-21 18:43:10 +02:00
Daniel Salzman
7dff34af83 xdp: rename xsk_umem_info kxsk_umem 2020-04-21 18:43:10 +02:00
Daniel Salzman
5d3e8c8810 xdp: code cleanup and unification 2020-04-21 18:43:10 +02:00
Vladimír Čunát
c5849e8ef1 xdp checksums: unify and explain endianness 
Tested briefly, to be sure.
 2020-04-21 18:43:10 +02:00
Daniel Salzman
b560dd9ab3 xdp: refactor knot_xdp_send() 2020-04-21 18:43:10 +02:00
Daniel Salzman
93bc4e5843 xdp: add output file parameter to knot_xdp_info() 2020-04-21 18:43:10 +02:00