1. 06 Jul, 2016 5 commits
    • Marek Vavrusa's avatar
      daemon: worker publishes usage information · 93303da5
      Marek Vavrusa authored
    • Marek Vavrusa's avatar
      daemon: workers are interconnected with IPC pipes · de7b3862
      Marek Vavrusa authored
      forks are connected with IPC pipes to process
      group leader and can execute expressions on its
      behalf. so running commands over all workers
      is easy now:
      > hostname() -- single
      > map 'hostname()' -- all
    • Marek Vavrusa's avatar
      daemon/worker: track query in BEGIN and dst addr · e4747066
      Marek Vavrusa authored
      * in the begin() layer, the incoming query is
        exposed as req->qsource.packet, it is invalidated
        after begin() and should not be modified
      * the destination address (local interface) is
        also tracked for filtering purposes
    • Marek Vavrusa's avatar
      lib/resolve: store auth addr/rtt in consume() layer · e9ffeb1a
      Marek Vavrusa authored
      during the consume step, the information about
      upstream authoritative (address and current rtt)
      is exposed in the request structure, just like
      information about current query
    • Marek Vavrusa's avatar
      modules/http: graphs, prometheus metrics, websocks · cf2a18b0
      Marek Vavrusa authored
      * http embeds modified lua-http server code that
        reuses single cqueue for all h2 client sockets,
        this is also because the API in upstream is unstable
      * http embeds rickshaw for real-time graphs over
        websockets, it displays latency heatmap by default
        and can show several other metrics
      * http shows a world map with pinned recently contacted
        authoritatives, where diameter represents number
        of queries sent and colour its average RTT, so
        you can see where the queries are going
      * http now exports several endpoints and websockets:
        /stats for statistics in JSON, and /metrics for
        metrics in Prometheus text format
  2. 20 May, 2016 1 commit
    • Marek Vavrusa's avatar
      lib: cache api v2, removed dep on libknot db.h · e68c3a0a
      Marek Vavrusa authored
      this change introduces new API for cache backends,
      that is a subset of knot_db_api_t from libknot
      with several cache-specific operations
      major changes are:
      * merged 'cachectl' module into 'cache' as it is
        99% default-on and it simplifies things
      * not transaction oriented, transactions may be
        reused and cached for higher performance
      * scatter/gather API, this is important for
        latency and performance of non-local backends
        like Redis
      * faster and reliable cache clearing
      * cache-specific operations (prefix scan, ...) in
        the API not hacked in
      * simpler code for both backends and caller
  3. 18 Apr, 2016 1 commit
    • Marek Vavrusa's avatar
      daemon: mode(strict|normal|permissive) · e61c48ef
      Marek Vavrusa authored
      the daemon has now three modes of strictness
      checking from strict to permissive.
      it reflects the tradeoff between resolving the
      query in as few steps as possible and security
      for insecure zones
  4. 07 Apr, 2016 1 commit
  5. 06 Apr, 2016 1 commit
    • Marek Vavrusa's avatar
      trust_anchors: added custom timers, limit history · 5e7591f0
      Marek Vavrusa authored
      new trust anchors variables:
      * trust_anchors.hold_down_time = 30 * day
      * trust_anchors.refresh_time = nil
      * trust_anchors.keep_removed = 0
      these could be used to control how often should
      root trust anchors be checked and how many removed
      keys should be kept in log (0 by default)
  6. 03 Feb, 2016 2 commits
  7. 30 Jan, 2016 1 commit
  8. 23 Jan, 2016 2 commits
  9. 22 Jan, 2016 3 commits
  10. 21 Jan, 2016 2 commits
  11. 11 Jan, 2016 1 commit
  12. 23 Dec, 2015 1 commit
  13. 17 Dec, 2015 2 commits
  14. 10 Dec, 2015 1 commit
  15. 08 Dec, 2015 1 commit
  16. 05 Dec, 2015 1 commit
    • Marek Vavruša's avatar
      daemon: root trust anchors automatically bootstrapped from IANA · 1af623da
      Marek Vavruša authored
      if the root key file doesn’t exist, it will be populated from root DNSKEY query, which will be validated against root trust anchors retrieved over HTTPS with IANA cert verification against built-in current IANA cert CA. it requires luasocket and luasec for it to work. trust anchors XML file signature is not checked, as there’s no facility for PKCS7 checking yet.
  17. 24 Nov, 2015 1 commit
  18. 18 Nov, 2015 1 commit
  19. 17 Nov, 2015 2 commits
  20. 13 Nov, 2015 1 commit
  21. 12 Nov, 2015 1 commit
  22. 03 Nov, 2015 2 commits
  23. 28 Oct, 2015 3 commits
  24. 27 Oct, 2015 3 commits