1. 09 Jan, 2019 2 commits
  2. 08 Jan, 2019 1 commit
    • Michał Kępień's avatar
      Track forwarder timeouts in fetch contexts · 33350626
      Michał Kępień authored
      Since following a delegation resets most fetch context state, address
      marks (FCTX_ADDRINFO_MARK) set inside lib/dns/resolver.c are not
      preserved when a delegation is followed.  This is fine for full
      recursive resolution but when named is configured with "forward first;"
      and one of the specified forwarders times out, triggering a fallback to
      full recursive resolution, that forwarder should no longer be consulted
      at each delegation point subsequently reached within a given fetch
      context.
      
      Add a new badnstype_t enum value, badns_forwarder, and use it to mark a
      forwarder as bad when it times out in a "forward first;" configuration.
      Since the bad server list is not cleaned when a fetch context follows a
      delegation, this prevents a forwarder from being queried again after
      falling back to full recursive resolution.  Yet, as each fetch context
      maintains its own list of bad servers, this change does not cause a
      forwarder timeout to prevent that forwarder from being used by other
      fetch contexts.
      33350626
  3. 20 Dec, 2018 1 commit
  4. 19 Dec, 2018 3 commits
  5. 18 Dec, 2018 2 commits
  6. 17 Dec, 2018 1 commit
  7. 15 Dec, 2018 5 commits
  8. 14 Dec, 2018 2 commits
  9. 11 Dec, 2018 8 commits
  10. 10 Dec, 2018 7 commits
  11. 07 Dec, 2018 1 commit
  12. 06 Dec, 2018 6 commits
    • Evan Hunt's avatar
      name change from "hook modules" to "plugins" · fd20f10d
      Evan Hunt authored
      - "hook" is now used only for hook points and hook actions
      - the "hook" statement in named.conf is now "plugin"
      - ns_module and ns_modlist are now ns_plugin and ns_plugins
      - ns_module_load is renamed ns_plugin_register
      - the mandatory functions in plugin modules (hook_register,
        hook_check, hook_version, hook_destroy) have been renamed
      fd20f10d
    • Evan Hunt's avatar
      restore filter-aaaa syntax checking · 7a47e4d8
      Evan Hunt authored
      - added functionality to check hook parameters in named-checkconf,
        and restored the checkconf tests that were removed from the
        filter-aaaa test.
      7a47e4d8
    • Evan Hunt's avatar
      clear AD flag when altering response messages · 427e9ca3
      Evan Hunt authored
      - the AD flag was not being cleared correctly when filtering
      - enabled dnssec valdiation in the filter-aaaa test to confirm this
        works correctly now
      427e9ca3
    • Evan Hunt's avatar
      add a parser to filter-aaaa.so and pass in the parameters · 9911c835
      Evan Hunt authored
      - make some cfg-parsing functions global so they can be run
        from filter-aaaa.so
      - add filter-aaaa options to the hook module's parser
      - mark filter-aaaa options in named.conf as obsolete, remove
        from named and checkconf, and update the filter-aaaa test not to
        use checkconf anymore
      - remove filter-aaaa-related struct members from dns_view
      9911c835
    • Evan Hunt's avatar
      add hook statement to configuration parser · d2f46443
      Evan Hunt authored
      - allow multiple "hook" statements at global or view level
      - add "optional bracketed text" type for optional parameter list
      - load hook module from specified path rather than hardcoded path
      - add a hooktable pointer (and a callback for freeing it) to the
        view structure
      - change the hooktable functions so they no longer update ns__hook_table
        by default, and modify PROCESS_HOOK so it uses the view hooktable, if
        set, rather than ns__hook_table. (ns__hook_table is retained for
        use by unit tests.)
      - update the filter-aaaa system test to load filter-aaaa.so
      - add a prereq script to check for dlopen support before running
        the filter-aaaa system test
      
      not yet done:
      - configuration parameters are not being passed to the filter-aaaa
        module; the filter-aaaa ACL and filter-aaaa-on-{v4,v6} settings are
        still stored in dns_view
      d2f46443
    • Evan Hunt's avatar
      refactor filter-aaaa implementation · d43dcef1
      Evan Hunt authored
       - the goal of this change is for AAAA filtering to be fully contained
         in the query logic, and implemented at discrete points that can be
         replaced with hook callouts later on.
       - the new code may be slightly less efficient than the old filter-aaaa
         implementation, but maximum efficiency was never a priority for AAAA
         filtering anyway.
       - we now use the rdataset RENDERED attribute to indicate that an AAAA
         rdataset should not be included when rendering the message. (this
         flag was originally meant to indicate that an rdataset has already
         been rendered and should not be repeated, but it can also be used to
         prevent rendering in the first place.)
       - the DNS_MESSAGERENDER_FILTER_AAAA, NS_CLIENTATTR_FILTER_AAAA,
         and DNS_RDATASETGLUE_FILTERAAAA flags are all now unnecessary and
         have been removed.
      d43dcef1
  13. 05 Dec, 2018 1 commit