A SHA-384 DS should not trump a SHA-256 one, only potentially ignore SHA-1 DS records.¶
References: #10908, pull request 10910
rec_control wipe-cache-typed should check if a qtype argument is present and valid.¶
References: #10905, pull request 10909
Use the correct RPZ policy name for statistics when loading via XFR.¶
References: #10768, pull request 10802
NS from the cache could be a forwarder, take that into account for throttling decision.¶
References: #10643, pull request 10654
Check in more places if the policy has been updated before using or modifying it.¶
References: #10627, pull request 10628
Work around clueless servers sending AA=0 answers.¶
References: #10555, pull request 10580
Check if we have room before adding zero ECS scope ENDS value.¶
References: pull request 10390
Use the correct ECS address when proxy-protocol is enabled.¶
References: #10303, pull request 10383
Apply dns64 on RPZ hits generated after a gettag_ffi hit.¶
References: pull request 10385
RPZ dumper: stop generating double zz labels on networks that start with zeroes.¶
References: #10286, pull request 10314
Exception loading the RPZ seed file is not fatal.¶
References: #10291, pull request 10313
Use a short-lived NSEC3 hashes cache for denial validation.¶
References: #9856, pull request 10221
Pull in libfstrm for el8 build.¶
References: pull request 10062
More fail-safe handling of Newly Discovered Domain files.¶
References: #10238, pull request 10240
Handle policy (if needed) after postresolve.¶
References: #10111, pull request 10227
Return current rcode instead of 0 if there are no CNAME records to follow.¶
References: #10064, pull request 10226
Lookup DS entries before CNAME entries.¶
References: #9883, pull request 10224
Handle failure to start the web server more gracefully.¶
References: #9812, pull request 10199
Test that we correctly cap the answer’s TTL in expanded wildcard cases.¶
References: #9970, pull request 10197
Fix the gathering of denial proof for wildcard-expanded answers.¶
References: #9793, pull request 10194
Make sure we take the right minimum for the packet cache TTL data in the SERVFAIL case.¶
References: #10185, pull request 10192
UUID: Use the non-cryptographic variant of the boost::uuid.¶
References: pull request 9837
Keep a cached, valid entry over a fresher Bogus one.¶
References: pull request 9838
Ensure socket-dir matches runtime directory on old systemd¶
References: #9574, pull request 9799
Move to several distinct Bogus states, for easier debugging.¶
References: #9597, pull request 9821
Do not chase CNAME during qname minimization step 4.¶
References: #9790, pull request 9805
Untangle the validation/resolving qnames and qtypes.¶
References: #9807, pull request 9825
APL records: fix endianness problem.¶
References: #9766, pull request 9774
Allow to specify a name in getMetric() that is used for Prometheus export only.¶
References: #9651, pull request 9687
Do not add request to a wait chain that’s already processed or being processed.¶
References: #9707, pull request 9719
Avoid a CNAME loop detection issue with DNS64¶
References: #9696, pull request 9710
Do not send overly long NOD lookups.¶
References: #9697, pull request 9705
If a.b.c CNAME x.a.b.c is encountered, switch off QName Minimization.¶
References: #9680, pull request 9683
Fix the processing of answers generated from gettag.¶
References: #9679, pull request 9682
Backport of CVE-2020-25829: Cache pollution.¶
References: pull request 9605
Don’t parse any config with –version.¶
References: #9569, pull request 9577
Expose typed cache flush via Web API.¶
References: #9562, pull request 9576
Log when going Bogus because of a missing SOA in authority.¶
References: #9471, pull request 9528
Raise an exception on invalid content in unknown record.¶
References: #9497, pull request 9506
When deciding if we are auth in the local auth or forwarding case, DS is special.¶
References: #9434, pull request 9579
Fix wipe-cache-typed.¶
References: #9515, pull request 9557
Watch the descriptor again after an out-of-order read timeout.¶
References: #9495, pull request 9526
Only do QName Minimization for the names inside a forwarded domain.¶
References: #9448, pull request 9465
Fix the parsing of dont-throttle-netmasks in the presence of dont-throttle-names.¶
References: pull request 9458
Store RPZ trigger and hit in appliedPolicy and protobuf message and log them in the trace log.¶
References: pull request 9376
Apply filtering policies (RPZ) on CNAME chains as well.¶
References: #9363, pull request 9414
Fix warning: initialized lambda captures are a C++14 extension.¶
References: pull request 9411
Clean some coverity reported cases of exceptions thrown but not caught.¶
References: pull request 9412
Export record cache lock (contention) stats via the various channels.¶
References: pull request 9391
Allow multiple local data records when doing RPZ IP matching.¶
References: pull request 9396
Replace the use of ‘1’ by QClass::IN to improve readability.¶
References: pull request 9380
Avoid name clashes on Solaris derived systems.¶
References: #9279, pull request 9348
Allow some more depth headroom for the no-qname-minimization fallback case.¶
References: pull request 9375
If we have an NS in cache, use it in the forwarder case.¶
References: #9227, pull request 9351
Disable outgoing v4 when query-local-address has no v4 addresses.¶
References: pull request 9196
Resize hostname to final size in getCarbonHostname() (Aki Tuomi).¶
References: pull request 9343
Check that DNSKEYs have the zone flag set.¶
References: pull request 9308
Remove redundant toLogString() calls (Chris Hofstaedtler).¶
References: pull request 9314
Stop cluttering the global namespace with validation states.¶
References: pull request 9312
Use explicit flag for the specific version of c++ we’re targeting.¶
References: pull request 9231
Use new operator to print states.¶
References: pull request 9303
Refuse QType 0 right away, based on rfc6895 section 3.1.¶
References: pull request 9290
Specify a storage type for validation states.¶
References: pull request 9295
Common TCP write problems should only be logged if wanted.¶
References: pull request 9289
Dump the authority records of a negative cache entry as well.¶
References: pull request 9288
Alternative way to do “skip cname check” for DS and DNSKEY records¶
References: #9266, pull request 9272
Control stack depth when priming.¶
References: pull request 9267
Add version ‘statistic’ to prometheus.¶
References: pull request 9252
Cleanup cache cleaner pruneCollection function.¶
References: pull request 9236
RPZ policy should override gettag_ffi answer by default.¶
References: pull request 9203
Don’t copy the records when scanning for CNAME loops.¶
References: pull request 9216
Do not use using namespace std; .¶
References: pull request 9213
More sophisticated CNAME loop detection.¶
References: #9153, #9194, pull request 9202
Use std::string_view when available (Rosen Penev).¶
References: pull request 9207
Make sure we can install unsigned packages.¶
References: pull request 9152
Clarify docs (Josh Soref).¶
References: pull request 9162
Ensure runtime dirs for virtual services differ.¶
References: pull request 9073
Builder: improve shipped config files (Chris Hofstaedtler).¶
References: #8094, pull request 9085
Less negatives in error messages improves readability.¶
References: pull request 9100
Boost 1.73 moved boost::bind placeholders to the placeholders namespace.¶
References: pull request 9070
Fix useless copies in loop reported by clang++ 10.¶
References: pull request 9076
NetmaskTree: do not test node for null, the loop guarantees node is not null.¶
References: pull request 9078
Wrap pthread objects¶
References: pull request 9067
Get rid of a naked pointer in the /dev/poll event multiplexer.¶
References: pull request 9053
Random engine.¶
References: #9004, pull request 9016
Update proxy-protocol.cc (ihsinme).¶
References: pull request 9320
Kill an signed vs unsigned warning on OpenBSD.¶
References: pull request 9302
Don’t validate a NXD with a NSEC proving that the name is an ENT.¶
References: pull request 9237
Fix three shared cache issues.¶
References: pull request 9226
Limit the TTL of RRSIG records as well.¶
References: #9193, pull request 9205
Avoid throwing an exception in Logger::log().¶
References: pull request 9079
Implement native DNS64 support, without Lua.¶
References: pull request 8967
Add custom tags to RPZ hits.¶
References: pull request 8927
Allow attaching a ‘routing’ tag string to a query in lua code and use that tag in the record cache when appropriate.¶
References: pull request 8910
Share record cache between threads.¶
References: pull request 8898
Add support for Proxy Protocol between dnsdist and the recursor.¶
References: pull request 8874
Fix warnings with llvm10 and -Wrange-loop-construct (Kirill Ponomarev).¶
References: pull request 9000
Fix compilation without deprecated OpenSSL APIs (Rosen Penev).¶
References: pull request 8985
Detect {Libre,Open}SSL functions availability during configure.¶
References: #8739, pull request 8900
Better handling of reconnections in Remote Logger.¶
References: pull request 8887
Add ‘queue full’ metrics for our remote logger, log at debug only.¶
References: #8629, pull request 8883
Update boost.m4¶
References: #8875, pull request 8740, pull request 8876
Keep a masked network in the Netmask class.¶
References: pull request 8812
Replace include guard ifdef/define with pragma once (Chris Hofstaedtler).¶
References: pull request 8631
YaHTTP: Support bracketed IPv6 addresses¶
References: pull request 8815
Rework NetmaskTree for better CPU and memory efficiency (Stephan Bosch).¶
References: pull request 8355
RPZ dumpFile/seedFile: store/get SOA refresh on dump/load.¶
References: pull request 8778
Add ‘IO wait’ and ‘steal’ metrics on Linux.¶
References: pull request 8783
DNSName: Don’t call strlen() when the length is already known.¶
References: pull request 8792
Fix build with gcc-10 (Sander Hoentjen).¶
References: pull request 8640
Fix compilation of the ports event multiplexer.¶
References: #9025, pull request 9031
Init zone’s d_priority field.¶
References: pull request 8830
QName Minimization sometimes uses 1 label too many.¶
References: #8697, pull request 8777