Do not chase CNAME during qname minimization step 4.¶
References: #9790, pull request 9804
Make sure we take the right minimum for the packet cache TTL data in the SERVFAIL case.¶
References: #10185, pull request 10193
Do not add request to a wait chain that’s already processed or being processed.¶
References: #9707, pull request 9718
Do not send overly long NOD lookups.¶
References: #9697, pull request 9706
Avoid a CNAME loop detection issue with DNS64.¶
References: #9696, pull request 9702
If a.b.c CNAME x.a.b.c is encountered, switch off QName Minimization.¶
References: #9680, pull request 9684
Previous placeholder fix was incomplete.¶
References: #9070, pull request 9609
Log when going Bogus because of a missing SOA in authority.¶
References: pull request 9527
Backport of CVE-2020-25829: Cache pollution.¶
References: pull request 9604
Watch the descriptor again after an out-of-order read timeout.¶
References: #9495, pull request 9525
Raise an exception on invalid content in unknown records.¶
References: #9497, pull request 9507
Boost 1.73 moved boost::bind placeholders to the placeholders namespace.x¶
References: #9070, pull request 9501
Fix the parsing of dont-throttle-netmasks in the presence of dont-throttle-names.¶
References: #9454, pull request 9457
Ensure runtime dirs for virtual services differ.¶
References: #9073, pull request 9397
Allow some more depth headroom for the no-qname-minimization fallback case.¶
References: #9375, pull request 9416
Resize hostname to final size in getCarbonHostname().¶
References: pull request 9367
Validate cached DNSKEYs against the DSs, not the RRSIGs only.¶
References: #9309, pull request 9330
Ignore cache-only for DNSKEYs and DS retrieval.¶
References: #9297, pull request 9329
A ServFail while retrieving DS/DNSKEY records is just that.¶
References: #9292, pull request 9328
Refuse DS records received from child zones.¶
References: #9188, pull request 9327
Better exception handling in houseKeeping/handlePolicyHit.¶
References: #9268, pull request 9305
Take initial refresh time from loaded zone.¶
References: #9299, #9301, pull request 9304
Defer the NOD lookup until after the response has been sent.¶
References: #9142, pull request 9243
CNAME loop detection.¶
References: #9194, #9202, #9216, pull request 9248
Backport of CVE-2020-14196: Enforce webserver ACL.¶
References: pull request 9285
Copy the negative cache entry before validating it.¶
References: #9251, pull request 9262
Fix compilation of the ports event multiplexer.¶
References: #9031, pull request 9242
Fix the handling of DS queries for the root.¶
References: #9151, pull request 9245
Fix RPZ removals when an update has several deltas.¶
References: #9172, pull request 9246
Fix compilation on systems that do not define HOST_NAME_MAX.¶
References: #9127, pull request 9128
Fix build with gcc-10.¶
References: #8640, pull request 9122
Correct depth increments.¶
References: #9184, #9192, pull request 9247
Limit the TTL of RRSIG records as well¶
References: #9205, pull request 9249
Add ubuntu focal target.¶
References: pull request 9082
Backport of security fixes for CVE-2020-10995, CVE-2020-12244 and CVE-2020-10030, plus avoid a crash when loading an invalid RPZ.¶
References: pull request 9115
RPZ dumpFile/seedFile: store/get SOA refresh on dump/load.¶
References: #8778, pull request 9048
Update boost.m4.¶
References: #8875, pull request 8963
Only log qname parsing errors when ‘log-common-errors’ is set.¶
References: pull request 8870
Update copyright year.¶
References: pull request 8863
Do continue rpz processing if the current policy is passthru.¶
References: pull request 8827
Refuse NSEC records with a bitmap length > 32.¶
References: pull request 8831
Update boost.m4.¶
References: pull request 8751
Explicitly enable dnstap for debian-stretch and buster.¶
References: pull request 8738
EPEL 8 now has libfstrm-devel.¶
References: pull request 8728
Give an explicit message if something is wrong with socket-dir.¶
References: pull request 8726
Make ComboAddress::setPort() update the current object.¶
References: pull request 8730
Fix the evaluation order for filtering policies (RPZ).¶
References: pull request 8727
Add the source and destination ports to the protobuf msg.¶
References: pull request 8704
Increase default max-qperq.¶
References: #8646, pull request 8675
Debian postinst / do not fail on user creation if it already exists.¶
References: pull request 8673
Parsing dont-throttle-names and dont-throttle-netmasks as comma separated lists. (costypetrisor)¶
References: #8676, pull request 8685
An Opt-Out NSEC3 RR only proves that there is no secure delegation.¶
References: #8664, pull request 8692
Fix wrong zoneCuts caused by cache only lookup.¶
References: #8642, pull request 8670
Better time based data structures¶
References: pull request 8571
QName Minimization is no longer experimental and is now enabled by default.¶
References: pull request 8477, pull request 8561
Make threads run until asked to stop.¶
References: #8518, pull request 8521
Fix -Wshadow warnings (Aki Tuomi)¶
References: pull request 8440
Do RFC 8020 only if cache entry is dnssec validated¶
References: pull request 8511
Add a parameter to limit the number of ‘$GENERATE’ steps¶
References: pull request 8492
Remove duplicate RRs inside a RRSet when computing the signature¶
References: pull request 8512
Check return value of dup() and avoid fd leak if if fdopen() fails¶
References: pull request 8560
Avoid startup race by setting the state of a thread before starting it.¶
References: #8558, pull request 8559
Purge map of failed auths periodically by keeping a last changed timestamp.¶
References: #7771, pull request 8525
Avoid mthread race when using the set of rootNSZones.¶
References: pull request 8510
Implement RFC 8020 “NXDOMAIN: There Really Is Nothing Underneath”¶
References: pull request 8367
Update CentOS 6 init script (None)¶
References: pull request 8463
Basic validation of $GENERATE parameters¶
References: pull request 8451
Add signal handling for SIGTERM and SIGINT in pdns_recursor, if we are PID1 (Frank Louwers)¶
References: pull request 8344
Docs: Add small description for pipe backend about distributor-threads (Donatas Abraitis)¶
References: pull request 8287
Improve commandline error reporting for non-opts¶
References: pull request 8290
Prime NS records of root-servers.net parent (.net)¶
References: pull request 8470
Dns64: stop hiding PTR indirection¶
References: pull request 8433
Allow multiple simultaneous incoming TCP queries over a connection¶
References: #8358, pull request 8391
Add CentOS 8 as builder target¶
References: pull request 8400
Fix chmod paths in rules files¶
References: pull request 8371
Build Newly Observed Domain (NOD) support by default.¶
References: pull request 8366
Rec: chmod/own recursor.conf for the systemd case¶
References: #8352, pull request 8360
Fix #8338: Issue with “zz” abbreviation for IPv6 RPZ triggers¶
References: #8338, pull request 8340
Retry getrandom() on EINTR¶
References: pull request 8317
Recursor webhandler for prometheus metrics (Greg Cockroft)¶
References: pull request 7758
Rec: lua pdns_features table¶
References: pull request 8210
Builder: add raspbian-buster target¶
References: pull request 8075
Rec: export a protobuf incoming response message for timeouts¶
References: pull request 8000
Recursor: add devicename field to protobuf messages¶
References: pull request 8001
Recursor: don’t start as root in systemd¶
References: pull request 7879
Rec experimental qname minimization¶
References: pull request 7757
Rec: set the query-zone field in the dnstap messages.¶
References: pull request 7877
Allow unix domains sockets for dnstap destinations¶
References: pull request 7868
DNSTAP logging for queries to, and responses from, auths¶
References: pull request 7538
Bail out when no context library is available¶
References: pull request 8122
Some unneeded float<->double conversions.¶
References: pull request 8091
Rec: document that the special-memory-usage stat is excluded by default¶
References: pull request 8140
Update boost.m4¶
References: #6942, #8084, pull request 7951
Rec: small speed improvements in the syncres¶
References: pull request 8010
Don’t create temporary strings to escape dnsname labels¶
References: pull request 8013
Add static assertions for the size of the src address control buffer¶
References: pull request 8007
Clear cmsg_space(sizeof(data)) in cmsghdr to appease valgrind.¶
References: #7981, pull request 7996
Explicitly align the buffer used for cmsgs¶
References: #7981, pull request 7990
Silence unused lambda warning (retry) (fwSmit)¶
References: #7949, pull request 7967
Rec: clean ups in the syncres::docnamecachelookup code¶
References: pull request 7945
All: dnsname, speeds up tostring() conversion¶
References: pull request 7699
rec: optimize for large number of filtering policies, empty sections¶
References: pull request 7904
Rec: reuse the outgoing query protobuf for the incoming response¶
References: pull request 7901
Rec: compare the cachekey type and place first then the name¶
References: pull request 7905
Update boost.m4 to the latest version¶
References: pull request 7862
Check if -latomic is needed instead of hardcoding (Rosen Penev)¶
References: pull request 7861
Rec: small speedups in the recursion ‘slow’ path¶
References: pull request 7843
Add latomic to arc platform (Rosen Penev)¶
References: pull request 7857
Eliminate the loop in syncres::getaddrs()¶
References: pull request 7548
Rec: fix two coverity issues¶
References: pull request 8256
Add missing inc in rpz findclientpolicy loop.¶
References: pull request 8236
Fix inverse handler registration logic for snmp.¶
References: pull request 8227
Restore the lua binding for dnsname::wirelength()¶
References: pull request 8142
Rec docs: fix versionadded for maintenance()¶
References: pull request 8152
Fix the rfc1982lessthan template.¶
References: pull request 8089
Ensure debian sysv users get set{g,u}id¶
References: pull request 8034
Make sure we always compile with boost_cb_enable_debug set to 0¶
References: pull request 8067
Limit compression pointers to 14 bits¶
References: pull request 8028
Another time sensistive test fixed with a fixednow construct.¶
References: #8008, pull request 8047
Rec: don’t go bogus if the auth zone delegation test takes too long¶
References: pull request 8008
Rec: fix the export of only outgoing queries or incoming responses¶
References: pull request 7997
Fix a few markup issues in our documentation¶
References: pull request 7946
Adapt calidns for openbsd and other systems without rcvmmsg(2)¶
References: pull request 7871
Rec: better detection of bogus zone cuts for dnssec validation¶
References: pull request 7928
suffixmatchtree: fix root removal, partial match of non-leaf nodes¶
References: pull request 7886
Rec: don’t mix time() and gettimeofday() in our unit tests (again)¶
References: #6160, #7235, #7883, pull request 7884
Stubquery: fix handling of optional type arg.¶
References: pull request 7870
Fix warnings reported by coverity¶
References: pull request 7864
Recursor: log udp tc bits during trace¶
References: pull request 7841