Marek Vavruša authored 7 years ago and Vladimír Čunát committed 6 years ago

This updates the metatype to wrap knot_rrset_add_rdata and knot_rrset_init_empty
in a nicer way, and adds automatic GC destructor and tests.

Marek Vavruša authored 7 years ago and Vladimír Čunát committed 6 years ago

Before the API depended on the qry object which only makes sense during
resolution of requests, not when manipulating cache out of it.

This commit abstracts out stash_rrset from stash_rrarray_entry,
and fixes incrementing metrics on actual record insertion.
It then resurfaces kr_cache_insert_rr that was deleted in 2.0
using the extracted function.

vcunat separated stash_rrset_precond() later during rebase.

Closes #334 and #336

- TLS errors were mentioned twice
- the option mode wasn't changed, just a static function name

They didn't work locally for me, at least.

Release 2.3.0

Closes #334 and #336

See merge request knot/knot-resolver-security!3

Vladimír Čunát authored 6 years ago and Petr Špaček committed 6 years ago

Inspired by Marek's MR.

Grigorii Demidov authored 6 years ago and Petr Špaček committed 6 years ago

fixup! 8ea37cc3 daemon/worker: robustness against the slow-lorris attack

Vladimír Čunát authored 6 years ago and Petr Špaček committed 6 years ago

The NULL is never tested, and it was breaking our usual iteration pattern.

Grigorii Demidov authored 6 years ago and Petr Špaček committed 6 years ago

This is an attempt to fix two problems:
1. kresd tries to close incoming TCP connection too early. This may lead
to multiple client reconnections. This problem primarily
affects TCP/TLS clients who send several queries over single TCP connection.

2. In certain circumstances outbound TCP connection doesn't timeout
despite that fact that upstream doesn't send back any answers.
This may lead to timeouts on non-problematic queries.

Handle RRs with non-Internet class and meta-types

Closes #334

See merge request knot/knot-resolver-security!2

Refuse EDNS cookie requests if cookie module is missing

Closes #336

See merge request knot/knot-resolver-security!4

Protection against slowlorris attack on autoritative side

See merge request knot/knot-resolver-security!5

serve_stale: log only in verbose mode

See merge request !564

distro/rpm: update dependency declarations to conform with pkg standards

See merge request !563

distro/deb: add prefill module

See merge request !562

export a JSON decode function to lua

See merge request !560

Anbang Wen authored 6 years ago and Petr Špaček committed 6 years ago

Since there is already a bundled JSON library, expose it to lua for
modules to use.

daemon/worker: separate counter for TLS sendings

See merge request !557

root zone import implementation

See merge request !511

luasec internally calls SSL_CTX_load_verify_locations() which has
non-intuituve behavior for directories. Given that we already use path
to certificate file for TLS_FORWARD it is better to use consistent and
intuitive interface.

Default values would cause confusion when we introduce support for
non-root zones.

Only root zone can be imported (for now) but we want to
avoid changing syntax when support for other zones is added.

Delaying import would leak bunch of queries from the resolver between
moment of start and import.

The original prefill module did not import zone data after daemon
restart unless the file TTL was expired. The module now reuses data
on disk as long as TTL is not expired, and imports the zone after module
load.

An attempt to rename/move temporary file to its final destination will
fail if /tmp and working directory belong to different filesystems.

It seems that temporary file is not required so it easier to get rid of
it altogether.