Robert Edmonds authored 3 years ago and Daniel Salzman committed 3 years ago

Previously, after "mod-dnstap: Restore the original query QNAME case",
the dnstap module would copy the original QNAME into the query packet
buffer passed to the dnstap module, so that the originally cased query
message would be written out to the dnstap logging stream.

However, there are error conditions that can result in the query
packet's 'qname_size' field being updated to a non-zero value (the
question section was successfully parsed), but the packet was ultimately
rejected.

In the prepare_answer() function in src/knot/nameserver/process_query.c,
there are several error return paths that prevent the 'orig_qname' field
from being written by the call to memcpy(). In this case, the
'orig_qname' field in the corresponding knotd_qdata_extra_t object will
remain at an initialized (zeroed out) value.

Before this patch, in some cases (e.g. in responses to some queries that
return FORMERR), mod-dnstap would overwrite the QNAME in the query
packet buffer with 'qname_size' bytes from the 'orig_qname' field. With
'qname_size' set to a non-zero value (due to successful parsing of the
QNAME) but with 'orig_qname' set to its original initialized (zeroed
out) value, this would result in zeroing out the QNAME in the query
packet buffer. This would then result in writing a corrupted query
message into the dnstap logging stream.

Since mod-dnstap writes directly to the query packet buffer rather than
making a copy, this corruption would also be visible to modules
executing after mod-dnstap as well as the rest of knotd.

This patch updates mod-dnstap's msg_query_qname_restore() so that it
avoids copying the original QNAME into the query packet buffer if the
'orig_qname' field has been left in its initialized (zeroed out) value.

fixes #777

Log the control command for all zones specified (not just the first one)

Closes #776

See merge request !1397

Jan Hák authored 3 years ago and Daniel Salzman committed 3 years ago

Option --brief is now deprecated.

Sign pipeline refactor

See merge request !1396

tests: compatibility with new Bind

See merge request !1393

Outgoing connection pool

See merge request !1382

Josh Soref authored 3 years ago and Daniel Salzman committed 3 years ago

Signed-off-by: Josh Soref <jsoref@users.noreply.github.com>

- Enabled fastparser
- Temporarily disabled unittests (dthreads test fails on armhf)
- Added release tag

- New option FASTPARSER=disable|enable
- New option CHECK=disable|enable for unittests execution
- Explicit CFLAGS="-g -O2 -DNDEBUG -D_FORTIFY_SOURCE=2 -fstack-protector-strong"
- Added --enable-dnstap

Xfr failovers

See merge request !1385

dynarray: remove even duplicate items

See merge request !1392