Daniel Kahn Gillmor authored 8 years ago and Ondřej Surý committed 8 years ago

We also propagate kresd's verbosity into the TLS logging level

Marek Vavrusa authored 8 years ago and Ondřej Surý committed 8 years ago

there are cases where switches or middle-boxes
block DNS/UDP answers >512 octets completely,
this gives user an option to mitigate that.
however, there are authoritatives serving
large answers that don't support TCP, so it's
a compromise as always

Daniel Kahn Gillmor authored 8 years ago and Ondřej Surý committed 8 years ago

kresd has --tls/-t by analogy with --addr/-a where the daemon opens
the socket itself.

This changeset adds equivalent functionality for inherited sockets:
--tlsfd/-T by analogy with --fd/-Sa

Marek Vavrusa authored 8 years ago and Ondřej Surý committed 8 years ago

the TLS sessions now bypass the usuall event loop asynchronous iops
this is because the whole operation is synchronous right now, and
implementing asynchronous send operations would require TLS session to
restart write events on the event loop and making sure the "on complete"
callback is called eventually

Marek Vavrusa authored 8 years ago and Ondřej Surý committed 8 years ago

this is a workaround probably, but we need to
process all records in received buffer otherwise
it loses the rest of the data

When run under systemd supervision, accept a control socket from the
supervisor if the name supplied is "control".

See FileDescriptorName= in systemd.socket(5) for more details.

there are cases where switches or middle-boxes
block DNS/UDP answers >512 octets completely,
this gives user an option to mitigate that.
however, there are authoritatives serving
large answers that don't support TCP, so it's
a compromise as always

when whole interface is passed and some of the addresses are not bindable,
the daemon will print them, but will continue to bind to the rest of the
addresses

fixes #80

forks are connected with IPC pipes to process
group leader and can execute expressions on its
behalf. so running commands over all workers
is easy now:

> hostname() -- single
localhost

> map 'hostname()' -- all
localhost
localhost
localhost

the e638f9fb introduced deduplication
for queries over UDP, the idea is to track same queries and answer
only once, however that introduces both constant processing and
memory overhead and could break clients who count packet loss
by queries sent/received. disabling for now.

* in the begin() layer, the incoming query is
  exposed as req->qsource.packet, it is invalidated
  after begin() and should not be modified
* the destination address (local interface) is
  also tracked for filtering purposes

string encoded integers are treated as possible
numbers, so a more strict typecheck is needed

during the consume step, the information about
upstream authoritative (address and current rtt)
is exposed in the request structure, just like
information about current query