Commits · ec1950686dd7f5fea194cce54794b5a8f0588a3a · Knot projects / Knot DNS

Jan 27, 2022
- refresh: use exponential retry backoff with base 2 rather than 3 · ec195068
  David Vasek authored 3 years ago and Daniel Salzman committed 3 years ago
```
By using the cumulative time since the zone expiration (instead of the last
time interval) we achieve an approximation of exponential retry backoff with
base 2 (rather than with base 3, as it was until now). Now, with every retry attempt,
the interval between refreshes only doubles (with up to 30 second jitter).

This change helps avoid excessive waiting for a refresh when a few early attempts
fail.
```
  ec195068
- tests-extra: extend test for mod-cookies · f82b2381
  Daniel Salzman authored 3 years ago
  
  f82b2381
- knotd: EDNS cookies - extra tests for TCP cookies · 901e5264
  Jan Hák authored 3 years ago and Daniel Salzman committed 3 years ago
  
  901e5264
- knotd: EDNS cookies - fix missing server cookie over TCP connection · 6b5cf61e
  Jan Hák authored 3 years ago and Daniel Salzman committed 3 years ago
  
  6b5cf61e
- doc: document remote/no-edns option · 1cba17cd
  Daniel Salzman authored 3 years ago
  
  1cba17cd
- kdig: add SOA owner checks to XFR processing · 27982506
  Daniel Salzman authored 3 years ago
  
  27982506
- knsupdate: preserve dname letter case in response · f1501763
  Daniel Salzman authored 3 years ago
  
  f1501763
- kdig: allow trailing data in reply packet with warning · f0201f29
  Daniel Salzman authored 3 years ago
  
  f0201f29
- doc: update year in the copyright · b6428ec4
  Daniel Salzman authored 3 years ago
  
  b6428ec4
- doc/kdig: mark DNS Cookie argument optional · 5f2e8614
  Daniel Salzman authored 3 years ago
  
  5f2e8614
- kdig: preserve dname letter case in XFR and Dnstap outputs · a0ab9f01
  Daniel Salzman authored 3 years ago
  
  a0ab9f01
Dec 22, 2021
- kzonesign: implemented zone verify · 2a3f1c5c
  Libor Peltan authored 4 years ago and Daniel Salzman committed 3 years ago
  
  2a3f1c5c
Dec 20, 2021
- Bump version 3.1.5 · 55203c24
  Daniel Salzman authored 3 years ago
  
  v3.1.5
  
  55203c24
- NEWS: add version 3.1.5 · 0d0aca81
  Daniel Salzman authored 3 years ago
  
  0d0aca81
- tests-extra: ctl/basic -- call zone-purge in the blocking mode · 26935760
  David Vasek authored 3 years ago and Daniel Salzman committed 3 years ago
  
  26935760
- tests: test pre-check of mod-geoip configuration · cd8068d8
  Libor Peltan authored 3 years ago and Daniel Salzman committed 3 years ago
  
  cd8068d8
- knotc: conf-check checks also configuration database · e739979f
  Daniel Salzman authored 3 years ago
  
  e739979f
- geoip: check the module configuration file during the general configuration checks · cefcb657
  Daniel Salzman authored 3 years ago
  
  cefcb657
- geoip: move geodb-key checks to geoip_conf_check() · 6c51a111
  Daniel Salzman authored 3 years ago
  
  6c51a111
Dec 18, 2021
- NEWS: synchronize with the 3.0 branch · 6ecfe337
  Daniel Salzman authored 3 years ago
  
  6ecfe337
- ctl/purge: add a simple error logging · 1b24ef39
  David Vasek authored 3 years ago and Daniel Salzman committed 3 years ago
  
  1b24ef39
Dec 15, 2021
- libdnssec: fix memleak when pkcs8_import_key() fails · 91eb876c
  Daniel Salzman authored 3 years ago
  
  91eb876c
- knot: change server.remote-retry-delay units from seconds to milliseconds · c3a09b37
  Daniel Salzman authored 3 years ago
  
  c3a09b37
- unreachables: use list_t and unlimited number of remotes · 0b6e1025
  Libor Peltan authored 3 years ago and Daniel Salzman committed 3 years ago
  
  0b6e1025
- unreachables: also consider local 'via' address · 873ee762
  Libor Peltan authored 3 years ago and Daniel Salzman committed 3 years ago
  
  873ee762
- requestor: return proper errcode when send fails · 3719b4b4
  Libor Peltan authored 3 years ago and Daniel Salzman committed 3 years ago
  
  3719b4b4
- implemented tracking of unreachable remotes · 6ef979ee
  Libor Peltan authored 3 years ago and Daniel Salzman committed 3 years ago
  
  6ef979ee
- kdig: fix empty server in program arguments · ff809158
  Jan Hák authored 3 years ago and Daniel Salzman committed 3 years ago
  
  ff809158
Dec 12, 2021
- conn-pool: ignore source port in conn_pool_get() in case if set · 3d0f94a9
  Daniel Salzman authored 3 years ago
  
  3d0f94a9
- doc: update key log order during key rollovers · 7dedda71
  Daniel Salzman authored 3 years ago
  
  7dedda71
- dnssec: rrsig-refresh: warn if too low · 998268c9
  Libor Peltan authored 3 years ago and Daniel Salzman committed 3 years ago
  
  998268c9
- DS push: use DNSKEY TTL for parent DS · 9d7a56a6
  Libor Peltan authored 3 years ago and Daniel Salzman committed 3 years ago
  
  9d7a56a6
Dec 10, 2021

conf: add check on using the default number of NSEC3 iterations · 9bc55ede
Daniel Salzman authored 3 years ago

9bc55ede
tests-extra: enable ldns-verify-zone for alg rollovers (it works with new versions) · 9ce21f6a
Daniel Salzman authored 3 years ago

9ce21f6a
tests: scenario of alg roll with offline KSK · fb1e968c
Libor Peltan authored 3 years ago and Daniel Salzman committed 3 years ago

fb1e968c
libknot/dname: improve knot_dname_lf() output description · 0ac7ae90
Daniel Salzman authored 3 years ago

0ac7ae90

mod-dnstap: Fix corner case in "Restore the original query QNAME case" · 59573ab3

Robert Edmonds authored 3 years ago and

Daniel Salzman committed 3 years ago

Previously, after "mod-dnstap: Restore the original query QNAME case",
the dnstap module would copy the original QNAME into the query packet
buffer passed to the dnstap module, so that the originally cased query
message would be written out to the dnstap logging stream.

However, there are error conditions that can result in the query
packet's 'qname_size' field being updated to a non-zero value (the
question section was successfully parsed), but the packet was ultimately
rejected.

In the prepare_answer() function in src/knot/nameserver/process_query.c,
there are several error return paths that prevent the 'orig_qname' field
from being written by the call to memcpy(). In this case, the
'orig_qname' field in the corresponding knotd_qdata_extra_t object will
remain at an initialized (zeroed out) value.

Before this patch, in some cases (e.g. in responses to some queries that
return FORMERR), mod-dnstap would overwrite the QNAME in the query
packet buffer with 'qname_size' bytes from the 'orig_qname' field. With
'qname_size' set to a non-zero value (due to successful parsing of the
QNAME) but with 'orig_qname' set to its original initialized (zeroed
out) value, this would result in zeroing out the QNAME in the query
packet buffer. This would then result in writing a corrupted query
message into the dnstap logging stream.

Since mod-dnstap writes directly to the query packet buffer rather than
making a copy, this corruption would also be visible to modules
executing after mod-dnstap as well as the rest of knotd.

This patch updates mod-dnstap's msg_query_qname_restore() so that it
avoids copying the original QNAME into the query packet buffer if the
'orig_qname' field has been left in its initialized (zeroed out) value.

fixes #777

59573ab3

ctl: log the command for all zones specified (not just the first one) · d0cabd50
Daniel Salzman authored 3 years ago

d0cabd50
dnsproxy: add optional source address match option · 580be077
Daniel Salzman authored 3 years ago

580be077
tests: compatibility with new Bind · de549bae
Libor Peltan authored 3 years ago and Daniel Salzman committed 3 years ago

de549bae

Admin message

Admin message