Commits · 7ed11614a8268846849ae714e709c297014ba989 · Knot projects / Knot DNS

Jul 23, 2022

refresh: omit EDNS expire from lower limiting only · 7ed11614

David Vasek authored 2 years ago and

Daniel Salzman committed 2 years ago

The upper limit (C_EXPIRE_MAX_INTERVAL) is still valid even for
expire timer values received as EDNS EXPIRE options.

This partially changes the effect of commit b1f7e2f8
"refresh: don't impose limits on expire when EDNS expire takes effect".

7ed11614

Jul 22, 2022
- requestor: add a state for data having been ignored · 0dacfb5f
  David Vasek authored 2 years ago
  
  0dacfb5f
Jul 11, 2022
- events: don't replan user events that haven't been processed yet · 722a0405
  David Vasek authored 2 years ago and Daniel Salzman committed 2 years ago
  
  722a0405
- ctl/purge: code cleanup · e067ded0
  David Vasek authored 2 years ago and Daniel Salzman committed 2 years ago
  
  e067ded0
- conf: fix some typos · b73c9229
  David Vasek authored 2 years ago and Daniel Salzman committed 2 years ago
  
  b73c9229
- catalog: "never" expire interpreted catalog zones automatically · 000d3618
  David Vasek authored 2 years ago and Daniel Salzman committed 2 years ago
```
Ignore the value from SOA actually.
```
  000d3618
- kdig: set AD bit by default · ac5ca193
  Tuomo Soini authored 2 years ago and Daniel Salzman committed 2 years ago
  
  ac5ca193
Jul 01, 2022

dnssec: move offline records loading from knot_zone_sign_update_dnskeys() to context initialization · a2776990
Daniel Salzman authored 2 years ago

a2776990
zone: purge 'timers.catalog_member' only if catalog filter is specified · 0fccd0f5
Daniel Salzman authored 2 years ago

0fccd0f5
zone: set 'timers.next_expire' to now when zone expires · 890e5fe1
Daniel Salzman authored 2 years ago
```
This change should improve next bootstrap attempt planning after zone expiration.
```
890e5fe1
proxyv2: split the code into general contrib and internal knot parts · 08513514
Jan Hák authored 2 years ago and Daniel Salzman committed 2 years ago

08513514

Support haproxy PROXY v2 protocol on incoming UDP packets · 4c394545

Robert Edmonds authored 3 years ago and

Daniel Salzman committed 2 years ago

This commit adds minimal support for the haproxy PROXY v2 protocol which
is described at
https://www.haproxy.org/download/2.5/doc/proxy-protocol.txt.

Only the UDP-over-IPv4 and UDP-over-IPv6 PROXY v2 family/transports are
supported, and only the original source address/port of the proxied
client are recovered from the PROXY v2 payload. Only the PROXY command
is supported.

There is a hardcoded ACL check to verify that the query was sent from
127.0.0.0/8 before PROXY v2 decapsulation is attempted. This prevents
spoofing of the PROXY v2 header and avoids exposing the PROXY v2 parsing
code to the Internet. This should probably be converted to a real ACL
check that can be configured.

If a proxied client address/port was successfully extracted from the
PROXY v2 payload, the 'remote' field in the knotd_qdata_params_t
structure will be updated to represent the address of the real (proxied)
client. This way query modules (e.g. whoami) don't need to be updated to
continue to produce correct source address dependent behavior. The
address of the proxy that actually sent the proxied packet will be saved
in a new 'proxy' field in knotd_qdata_params_t in case this value needs
to be processed.

The 'sdig' utility that comes with PowerDNS supports generating queries
with a PROXY v2 header, which is in the 'pdns-tools' package on
Debian/Ubuntu systems. Example command-line invocations:

* sdig 127.0.0.1 53053 example.net a proxy 0 192.0.2.1:49153 198.51.100.1:53

* sdig 127.0.0.1 53053 example.net a proxy 0 '[2001:db8::1]:49153' '[2001:db8::100:1]:53'

4c394545

Jun 30, 2022
- zonedb-load: fix member zone leak when reloading the zones during dynamic config change · 3387e718
  Daniel Salzman authored 2 years ago
```
Includes some code improvements and an optimization of reusing unchanged member zones.
```
  3387e718
Jun 29, 2022
- kcatalogprint: add parameters for filtering catalog or member zone · 4fd0e18d
  Jan Hák authored 2 years ago and Daniel Salzman committed 2 years ago
  
  4fd0e18d
Jun 28, 2022
- catalog: purge members before catDB commit · 986d295c
  Libor Peltan authored 2 years ago
  
  986d295c
Jun 27, 2022
- conf: simplify the code and wording of error messages · a927f24d
  David Vasek authored 2 years ago and Daniel Salzman committed 2 years ago
  
  a927f24d
- conf: add check for not supported catalog template options · df7d2331
  David Vasek authored 2 years ago and Daniel Salzman committed 2 years ago
  
  df7d2331
- conf: add catalog check for subcatalogs · da5afb23
  Daniel Salzman authored 2 years ago
  
  da5afb23
Jun 22, 2022
- fix: kdig count time from query instead of connect · 2b3deba4
  Jan Hák authored 2 years ago
  
  2b3deba4
- kdig: fix DoH authority value based on TLS Hostname · dd441b74
  Jan Hák authored 2 years ago and Daniel Salzman committed 2 years ago
  
  dd441b74
- kdig: rebase kdig on ngtcp2-v0.6.0 · 72c437dc
  Jan Hák authored 2 years ago and Daniel Salzman committed 2 years ago
  
  72c437dc
- contrib: upgrade embedded library ngtcp2 to v0.6.0 · dee66de6
  Daniel Salzman authored 2 years ago
  
  dee66de6
- utils: unify TLS-related header printers · 017d3e65
  Daniel Salzman authored 2 years ago
  
  017d3e65
- kdig: fix sending query if Path MTU Discovery is in progress · 020204d8
  Jan Hák authored 2 years ago and Daniel Salzman committed 2 years ago
  
  020204d8
- kdig: open a new data stream when the connection is already open because to the keepopen flag · 2c674d4d
  Jan Hák authored 2 years ago and Daniel Salzman committed 2 years ago
  
  2c674d4d
- kdig: print QUIC header in response summary · 6355c224
  Jan Hák authored 2 years ago and Daniel Salzman committed 2 years ago
  
  6355c224
- kdig: adapt to API changes in ngtcp2 >= v0.3.0 · 8da4a155
  Jan Hák authored 2 years ago and Daniel Salzman committed 2 years ago
  
  8da4a155
- contrib: upgrade embedded library ngtcp2 to v0.5.0 · 3252779e
  Daniel Salzman authored 2 years ago
  
  3252779e
- kdig: close and deinit QUIC connection · 5036f771
  Jan Hák authored 2 years ago and Daniel Salzman committed 2 years ago
  
  5036f771
- kdig: receive response over QUIC · 4d52d602
  Jan Hák authored 2 years ago and Daniel Salzman committed 2 years ago
  
  4d52d602
- kdig: send query over QUIC · 718f0208
  Jan Hák authored 2 years ago and Daniel Salzman committed 2 years ago
  
  718f0208
- kdig: quic connect · 21c5263d
  Jan Hák authored 2 years ago and Daniel Salzman committed 2 years ago
  
  21c5263d
- kdig: netio init quic connection ctx · c6063eac
  Jan Hák authored 2 years ago and Daniel Salzman committed 2 years ago
  
  c6063eac
- kdig: add quic parameter · c18d8dd5
  Jan Hák authored 2 years ago and Daniel Salzman committed 2 years ago
  
  c18d8dd5
Jun 21, 2022
- contrib: add embedded library ngtcp2 v0.1.0 as a temporary solution until a package is available · 41d42ecf
  Daniel Salzman authored 3 years ago
  
  41d42ecf
- libknot: always build tcp_iobuf as it's generally needed · 5a64c76a
  Jan Hák authored 2 years ago and Daniel Salzman committed 2 years ago
  
  5a64c76a
- utils: small change of common API for TLS in kdig and knsupdate · d273f50e
  Jan Hák authored 2 years ago and Daniel Salzman committed 2 years ago
```
Move ALPN and settings in context initialization
```
  d273f50e
- zone: fix a typo · fd045bc6
  David Vasek authored 2 years ago and Libor Peltan committed 2 years ago
  
  fd045bc6
- catalog: add some asserts to catalog_zone_purge() · d441b9b1
  David Vasek authored 2 years ago and Libor Peltan committed 2 years ago
  
  d441b9b1
- ctl/purge: report errors in orphans purge back to knotc · c76f3bd3
  David Vasek authored 2 years ago and Libor Peltan committed 2 years ago
```
However, when purging orphan catalog members, knotc isn't notified about errors
returned from selective_zone_purge() and catalog_del() as for now.
Try to use similar reporting style as in zones_apply().
```
  c76f3bd3

Admin message

Admin message