devuan
/
pdns-recursor
10
0
Fork 0
Code Issues 0 Pull Requests 0 Releases 20 Wiki Activity
Browse Source

New upstream version 4.0.6

tags/upstream/4.3.0
Christian Hofstaedtler 3 years ago
parent
3746261e6b
commit
0b528878b6
38 changed files with 1339 additions and 181 deletions
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. +1
    -1
      .version
  2. +10
    -0
      Makefile.am
  3. +50
    -33
      Makefile.in
  4. +1
    -0
      aclocal.m4
  5. +1
    -1
      cachecleaner.hh
  6. +3
    -0
      config.h.in
  7. +142
    -23
      configure
  8. +9
    -0
      configure.ac
  9. +293
    -0
      decafsigners.cc
  10. +2
    -2
      dnsrecords.cc
  11. +2
    -1
      dnsrecords.hh
  12. +2
    -0
      dnssecinfra.cc
  13. +5
    -1
      dnssecinfra.hh
  14. +5
    -1
      dnsseckeeper.hh
  15. +124
    -5
      effective_tld_names.dat
  16. +2
    -0
      ext/Makefile.in
  17. +2
    -0
      ext/json11/Makefile.in
  18. +2
    -0
      ext/yahttp/Makefile.in
  19. +2
    -0
      ext/yahttp/yahttp/Makefile.in
  20. +1
    -1
      iputils.hh
  21. +125
    -41
      ixfr.cc
  22. +4
    -0
      ixfr.hh
  23. +6
    -2
      lwres.cc
  24. +23
    -0
      m4/pdns_check_libdecaf.m4
  25. +1
    -1
      m4/pdns_check_os.m4
  26. +11
    -7
      pdns_recursor.cc
  27. +87
    -2
      pubsuffix.cc
  28. +38
    -29
      recursor_cache.cc
  29. +2
    -2
      recursor_cache.hh
  30. +2
    -2
      root-addresses.hh
  31. +5
    -17
      sodiumsigners.cc
  32. +6
    -6
      syncres.cc
  33. +1
    -1
      syncres.hh
  34. +42
    -0
      test-common.hh
  35. +2
    -2
      test-dnsrecords_cc.cc
  36. +19
    -0
      test-iputils_hh.cc
  37. +303
    -0
      test-ixfr_cc.cc
  38. +3
    -0
      version.cc

+ 1
- 1
.version View File

@@ -1 +1 @@
4.0.5
4.0.6

+ 10
- 0
Makefile.am View File

@@ -185,6 +185,7 @@ testrunner_SOURCES = \
gettime.cc gettime.hh \
gss_context.cc gss_context.hh \
iputils.cc iputils.hh \
ixfr.cc ixfr.hh \
logger.cc logger.hh \
misc.cc misc.hh \
namespaces.hh \
@@ -202,16 +203,19 @@ testrunner_SOURCES = \
test-arguments_cc.cc \
test-base32_cc.cc \
test-base64_cc.cc \
test-common.hh \
test-dns_random_hh.cc \
test-dnsname_cc.cc \
test-dnsparser_hh.cc \
test-dnsrecords_cc.cc \
test-iputils_hh.cc \
test-ixfr_cc.cc \
test-misc_hh.cc \
test-nmtree.cc \
test-rcpgenerator_cc.cc \
test-recpacketcache_cc.cc \
testrunner.cc \
tsigverifier.cc tsigverifier.hh \
unix_utility.cc \
zoneparser-tng.cc zoneparser-tng.hh

@@ -237,6 +241,12 @@ pdns_recursor_SOURCES += \
pdns_recursor_LDADD += $(LIBSODIUM_LIBS)
endif

if LIBDECAF
pdns_recursor_SOURCES += \
decafsigners.cc
pdns_recursor_LDADD += $(LIBDECAF_LIBS)
endif

if MALLOC_TRACE
pdns_recursor_SOURCES += \
malloctrace.cc \


+ 50
- 33
Makefile.in View File

@@ -94,21 +94,25 @@ bin_PROGRAMS = rec_control$(EXEEXT)
@LIBSODIUM_TRUE@ sodiumsigners.cc

@LIBSODIUM_TRUE@am__append_7 = $(LIBSODIUM_LIBS)
@MALLOC_TRACE_TRUE@am__append_8 = \
@LIBDECAF_TRUE@am__append_8 = \
@LIBDECAF_TRUE@ decafsigners.cc

@LIBDECAF_TRUE@am__append_9 = $(LIBDECAF_LIBS)
@MALLOC_TRACE_TRUE@am__append_10 = \
@MALLOC_TRACE_TRUE@ malloctrace.cc \
@MALLOC_TRACE_TRUE@ malloctrace.hh

@MALLOC_TRACE_TRUE@am__append_9 = -rdynamic
@LUA_TRUE@am__append_10 = $(LUA_LIBS)
@HAVE_FREEBSD_TRUE@am__append_11 = kqueuemplexer.cc
@HAVE_LINUX_TRUE@am__append_12 = epollmplexer.cc
@HAVE_SOLARIS_TRUE@am__append_13 = \
@MALLOC_TRACE_TRUE@am__append_11 = -rdynamic
@LUA_TRUE@am__append_12 = $(LUA_LIBS)
@HAVE_FREEBSD_TRUE@am__append_13 = kqueuemplexer.cc
@HAVE_LINUX_TRUE@am__append_14 = epollmplexer.cc
@HAVE_SOLARIS_TRUE@am__append_15 = \
@HAVE_SOLARIS_TRUE@ devpollmplexer.cc \
@HAVE_SOLARIS_TRUE@ portsmplexer.cc

@HAVE_PROTOBUF_TRUE@@HAVE_PROTOC_TRUE@am__append_14 = dnsmessage.pb.cc
@HAVE_PROTOBUF_TRUE@@HAVE_PROTOC_TRUE@am__append_15 = $(PROTOBUF_LIBS)
@HAVE_PROTOBUF_TRUE@@HAVE_PROTOC_TRUE@am__append_16 = $(PROTOBUF_LIBS)
@HAVE_PROTOBUF_TRUE@@HAVE_PROTOC_TRUE@am__append_16 = dnsmessage.pb.cc
@HAVE_PROTOBUF_TRUE@@HAVE_PROTOC_TRUE@am__append_17 = $(PROTOBUF_LIBS)
@HAVE_PROTOBUF_TRUE@@HAVE_PROTOC_TRUE@am__append_18 = $(PROTOBUF_LIBS)
DIST_COMMON = $(srcdir)/lua_hpp.mk $(srcdir)/Makefile.in \
$(srcdir)/Makefile.am $(top_srcdir)/configure \
$(am__configure_deps) $(srcdir)/config.h.in \
@@ -135,6 +139,7 @@ am__aclocal_m4_deps = \
$(top_srcdir)/m4/pdns_check_curl.m4 \
$(top_srcdir)/m4/pdns_check_libcrypto.m4 \
$(top_srcdir)/m4/pdns_check_libcrypto_ecdsa.m4 \
$(top_srcdir)/m4/pdns_check_libdecaf.m4 \
$(top_srcdir)/m4/pdns_check_libsodium.m4 \
$(top_srcdir)/m4/pdns_check_lua_hpp.m4 \
$(top_srcdir)/m4/pdns_check_network_libs.m4 \
@@ -199,14 +204,15 @@ am__pdns_recursor_SOURCES_DIST = arguments.cc base32.cc base32.hh \
version.cc version.hh webserver.cc webserver.hh ws-api.cc \
ws-api.hh ws-recursor.cc ws-recursor.hh zoneparser-tng.cc \
zoneparser-tng.hh botan110signers.cc sodiumsigners.cc \
malloctrace.cc malloctrace.hh kqueuemplexer.cc epollmplexer.cc \
devpollmplexer.cc portsmplexer.cc
decafsigners.cc malloctrace.cc malloctrace.hh kqueuemplexer.cc \
epollmplexer.cc devpollmplexer.cc portsmplexer.cc
@BOTAN110_TRUE@am__objects_1 = botan110signers.$(OBJEXT)
@LIBSODIUM_TRUE@am__objects_2 = sodiumsigners.$(OBJEXT)
@MALLOC_TRACE_TRUE@am__objects_3 = malloctrace.$(OBJEXT)
@HAVE_FREEBSD_TRUE@am__objects_4 = kqueuemplexer.$(OBJEXT)
@HAVE_LINUX_TRUE@am__objects_5 = epollmplexer.$(OBJEXT)
@HAVE_SOLARIS_TRUE@am__objects_6 = devpollmplexer.$(OBJEXT) \
@LIBDECAF_TRUE@am__objects_3 = decafsigners.$(OBJEXT)
@MALLOC_TRACE_TRUE@am__objects_4 = malloctrace.$(OBJEXT)
@HAVE_FREEBSD_TRUE@am__objects_5 = kqueuemplexer.$(OBJEXT)
@HAVE_LINUX_TRUE@am__objects_6 = epollmplexer.$(OBJEXT)
@HAVE_SOLARIS_TRUE@am__objects_7 = devpollmplexer.$(OBJEXT) \
@HAVE_SOLARIS_TRUE@ portsmplexer.$(OBJEXT)
am_pdns_recursor_OBJECTS = arguments.$(OBJEXT) base32.$(OBJEXT) \
base64.$(OBJEXT) dns.$(OBJEXT) dns_random.$(OBJEXT) \
@@ -233,7 +239,8 @@ am_pdns_recursor_OBJECTS = arguments.$(OBJEXT) base32.$(OBJEXT) \
version.$(OBJEXT) webserver.$(OBJEXT) ws-api.$(OBJEXT) \
ws-recursor.$(OBJEXT) zoneparser-tng.$(OBJEXT) \
$(am__objects_1) $(am__objects_2) $(am__objects_3) \
$(am__objects_4) $(am__objects_5) $(am__objects_6)
$(am__objects_4) $(am__objects_5) $(am__objects_6) \
$(am__objects_7)
@HAVE_PROTOBUF_TRUE@@HAVE_PROTOC_TRUE@nodist_pdns_recursor_OBJECTS = \
@HAVE_PROTOBUF_TRUE@@HAVE_PROTOC_TRUE@ dnsmessage.pb.$(OBJEXT)
pdns_recursor_OBJECTS = $(am_pdns_recursor_OBJECTS) \
@@ -241,14 +248,16 @@ pdns_recursor_OBJECTS = $(am_pdns_recursor_OBJECTS) \
am__DEPENDENCIES_1 =
@BOTAN110_TRUE@am__DEPENDENCIES_2 = $(am__DEPENDENCIES_1)
@LIBSODIUM_TRUE@am__DEPENDENCIES_3 = $(am__DEPENDENCIES_1)
@LUA_TRUE@am__DEPENDENCIES_4 = $(am__DEPENDENCIES_1)
@HAVE_PROTOBUF_TRUE@@HAVE_PROTOC_TRUE@am__DEPENDENCIES_5 = \
@LIBDECAF_TRUE@am__DEPENDENCIES_4 = $(am__DEPENDENCIES_1)
@LUA_TRUE@am__DEPENDENCIES_5 = $(am__DEPENDENCIES_1)
@HAVE_PROTOBUF_TRUE@@HAVE_PROTOC_TRUE@am__DEPENDENCIES_6 = \
@HAVE_PROTOBUF_TRUE@@HAVE_PROTOC_TRUE@ $(am__DEPENDENCIES_1)
pdns_recursor_DEPENDENCIES = $(am__DEPENDENCIES_1) $(JSON11_LIBS) \
$(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \
$(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \
$(am__DEPENDENCIES_2) $(am__DEPENDENCIES_3) \
$(am__DEPENDENCIES_4) $(am__DEPENDENCIES_5)
$(am__DEPENDENCIES_4) $(am__DEPENDENCIES_5) \
$(am__DEPENDENCIES_6)
AM_V_lt = $(am__v_lt_@AM_V@)
am__v_lt_ = $(am__v_lt_@AM_DEFAULT_V@)
am__v_lt_0 = --silent
@@ -268,25 +277,26 @@ am_testrunner_OBJECTS = arguments.$(OBJEXT) base32.$(OBJEXT) \
dnsname.$(OBJEXT) dnsparser.$(OBJEXT) dns_random.$(OBJEXT) \
dnsrecords.$(OBJEXT) dnssecinfra.$(OBJEXT) dnswriter.$(OBJEXT) \
ednsoptions.$(OBJEXT) ednssubnet.$(OBJEXT) gettime.$(OBJEXT) \
gss_context.$(OBJEXT) iputils.$(OBJEXT) logger.$(OBJEXT) \
misc.$(OBJEXT) nsecrecords.$(OBJEXT) protobuf.$(OBJEXT) \
qtype.$(OBJEXT) rcpgenerator.$(OBJEXT) \
gss_context.$(OBJEXT) iputils.$(OBJEXT) ixfr.$(OBJEXT) \
logger.$(OBJEXT) misc.$(OBJEXT) nsecrecords.$(OBJEXT) \
protobuf.$(OBJEXT) qtype.$(OBJEXT) rcpgenerator.$(OBJEXT) \
recpacketcache.$(OBJEXT) rec-protobuf.$(OBJEXT) \
responsestats.$(OBJEXT) sillyrecords.$(OBJEXT) \
test-arguments_cc.$(OBJEXT) test-base32_cc.$(OBJEXT) \
test-base64_cc.$(OBJEXT) test-dns_random_hh.$(OBJEXT) \
test-dnsname_cc.$(OBJEXT) test-dnsparser_hh.$(OBJEXT) \
test-dnsrecords_cc.$(OBJEXT) test-iputils_hh.$(OBJEXT) \
test-misc_hh.$(OBJEXT) test-nmtree.$(OBJEXT) \
test-rcpgenerator_cc.$(OBJEXT) \
test-ixfr_cc.$(OBJEXT) test-misc_hh.$(OBJEXT) \
test-nmtree.$(OBJEXT) test-rcpgenerator_cc.$(OBJEXT) \
test-recpacketcache_cc.$(OBJEXT) testrunner.$(OBJEXT) \
unix_utility.$(OBJEXT) zoneparser-tng.$(OBJEXT)
tsigverifier.$(OBJEXT) unix_utility.$(OBJEXT) \
zoneparser-tng.$(OBJEXT)
@HAVE_PROTOBUF_TRUE@@HAVE_PROTOC_TRUE@nodist_testrunner_OBJECTS = \
@HAVE_PROTOBUF_TRUE@@HAVE_PROTOC_TRUE@ dnsmessage.pb.$(OBJEXT)
testrunner_OBJECTS = $(am_testrunner_OBJECTS) \
$(nodist_testrunner_OBJECTS)
testrunner_DEPENDENCIES = $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \
$(am__DEPENDENCIES_1) $(am__DEPENDENCIES_5)
$(am__DEPENDENCIES_1) $(am__DEPENDENCIES_6)
testrunner_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CXX $(AM_LIBTOOLFLAGS) \
$(LIBTOOLFLAGS) --mode=link $(CXXLD) $(AM_CXXFLAGS) \
$(CXXFLAGS) $(testrunner_LDFLAGS) $(LDFLAGS) -o $@
@@ -706,6 +716,7 @@ LDFLAGS = @LDFLAGS@
LIBCRYPTO_INCLUDES = @LIBCRYPTO_INCLUDES@
LIBCRYPTO_LDFLAGS = @LIBCRYPTO_LDFLAGS@
LIBCRYPTO_LIBS = @LIBCRYPTO_LIBS@
LIBDECAF_LIBS = @LIBDECAF_LIBS@
LIBOBJS = @LIBOBJS@
LIBS = @LIBS@
LIBSODIUM_CFLAGS = @LIBSODIUM_CFLAGS@
@@ -828,7 +839,7 @@ AM_LDFLAGS = \
$(THREADFLAGS)

ACLOCAL_AMFLAGS = -I m4
BUILT_SOURCES = htmlfiles.h $(am__append_2) $(am__append_14)
BUILT_SOURCES = htmlfiles.h $(am__append_2) $(am__append_16)
CLEANFILES = htmlfiles.h dnsmessage.pb.cc dnsmessage.pb.h \
$(am__append_3)
SUBDIRS = ext
@@ -890,16 +901,16 @@ pdns_recursor_SOURCES = arguments.cc base32.cc base32.hh base64.cc \
version.cc version.hh webserver.cc webserver.hh ws-api.cc \
ws-api.hh ws-recursor.cc ws-recursor.hh zoneparser-tng.cc \
zoneparser-tng.hh $(am__append_4) $(am__append_6) \
$(am__append_8) $(am__append_11) $(am__append_12) \
$(am__append_13)
$(am__append_8) $(am__append_10) $(am__append_13) \
$(am__append_14) $(am__append_15)
@HAVE_LUA_HPP_FALSE@nodist_pdns_recursor_SOURCES = lua.hpp
@HAVE_PROTOBUF_TRUE@@HAVE_PROTOC_TRUE@nodist_pdns_recursor_SOURCES = dnsmessage.pb.cc dnsmessage.pb.h
pdns_recursor_LDADD = $(YAHTTP_LIBS) $(JSON11_LIBS) $(LIBCRYPTO_LIBS) \
$(BOOST_CONTEXT_LIBS) $(SYSTEMD_LIBS) $(RT_LIBS) \
$(am__append_5) $(am__append_7) $(am__append_10) \
$(am__append_15)
$(am__append_5) $(am__append_7) $(am__append_9) \
$(am__append_12) $(am__append_17)
pdns_recursor_LDFLAGS = $(AM_LDFLAGS) $(LIBCRYPTO_LDFLAGS) \
$(BOOST_CONTEXT_LDFLAGS) $(am__append_9)
$(BOOST_CONTEXT_LDFLAGS) $(am__append_11)
testrunner_SOURCES = \
arguments.cc \
base32.cc \
@@ -917,6 +928,7 @@ testrunner_SOURCES = \
gettime.cc gettime.hh \
gss_context.cc gss_context.hh \
iputils.cc iputils.hh \
ixfr.cc ixfr.hh \
logger.cc logger.hh \
misc.cc misc.hh \
namespaces.hh \
@@ -934,16 +946,19 @@ testrunner_SOURCES = \
test-arguments_cc.cc \
test-base32_cc.cc \
test-base64_cc.cc \
test-common.hh \
test-dns_random_hh.cc \
test-dnsname_cc.cc \
test-dnsparser_hh.cc \
test-dnsrecords_cc.cc \
test-iputils_hh.cc \
test-ixfr_cc.cc \
test-misc_hh.cc \
test-nmtree.cc \
test-rcpgenerator_cc.cc \
test-recpacketcache_cc.cc \
testrunner.cc \
tsigverifier.cc tsigverifier.hh \
unix_utility.cc \
zoneparser-tng.cc zoneparser-tng.hh

@@ -953,7 +968,7 @@ testrunner_LDFLAGS = \
$(LIBCRYPTO_LDFLAGS)

testrunner_LDADD = $(BOOST_UNIT_TEST_FRAMEWORK_LIBS) $(LIBCRYPTO_LIBS) \
$(RT_LIBS) $(am__append_16)
$(RT_LIBS) $(am__append_18)
@HAVE_PROTOBUF_TRUE@@HAVE_PROTOC_TRUE@nodist_testrunner_SOURCES = dnsmessage.pb.cc dnsmessage.pb.h
rec_control_SOURCES = \
arguments.cc arguments.hh \
@@ -1165,6 +1180,7 @@ distclean-compile:
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/base32.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/base64.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/botan110signers.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/decafsigners.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/devpollmplexer.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/dns.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/dns_random.Po@am__quote@
@@ -1228,6 +1244,7 @@ distclean-compile:
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/test-dnsparser_hh.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/test-dnsrecords_cc.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/test-iputils_hh.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/test-ixfr_cc.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/test-misc_hh.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/test-nmtree.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/test-rcpgenerator_cc.Po@am__quote@


+ 1
- 0
aclocal.m4 View File

@@ -1412,6 +1412,7 @@ m4_include([m4/pdns_check_clock_gettime.m4])
m4_include([m4/pdns_check_curl.m4])
m4_include([m4/pdns_check_libcrypto.m4])
m4_include([m4/pdns_check_libcrypto_ecdsa.m4])
m4_include([m4/pdns_check_libdecaf.m4])
m4_include([m4/pdns_check_libsodium.m4])
m4_include([m4/pdns_check_lua_hpp.m4])
m4_include([m4/pdns_check_network_libs.m4])


+ 1
- 1
cachecleaner.hh View File

@@ -60,7 +60,7 @@ template <typename T> void pruneCollection(T& collection, unsigned int maxCached
else
++iter;

if(toTrim && erased > toTrim)
if(toTrim && erased >= toTrim)
break;
}



+ 3
- 0
config.h.in View File

@@ -59,6 +59,9 @@
/* define to 1 if OpenSSL ecdsa support is available. */
#undef HAVE_LIBCRYPTO_ECDSA

/* Define to 1 if you have libdecaf */
#undef HAVE_LIBDECAF

/* Define to 1 if you have libsodium */
#undef HAVE_LIBSODIUM



+ 142
- 23
configure View File

@@ -1,6 +1,6 @@
#! /bin/sh
# Guess values for system-dependent variables and create Makefiles.
# Generated by GNU Autoconf 2.69 for pdns-recursor 4.0.5.
# Generated by GNU Autoconf 2.69 for pdns-recursor 4.0.6.
#
#
# Copyright (C) 1992-1996, 1998-2012 Free Software Foundation, Inc.
@@ -587,8 +587,8 @@ MAKEFLAGS=
# Identity of this package.
PACKAGE_NAME='pdns-recursor'
PACKAGE_TARNAME='pdns-recursor'
PACKAGE_VERSION='4.0.5'
PACKAGE_STRING='pdns-recursor 4.0.5'
PACKAGE_VERSION='4.0.6'
PACKAGE_STRING='pdns-recursor 4.0.6'
PACKAGE_BUGREPORT=''
PACKAGE_URL=''

@@ -659,6 +659,9 @@ PIE_CFLAGS
socketdir
CURL
RAGEL
LIBDECAF_LIBS
LIBDECAF_FALSE
LIBDECAF_TRUE
LIBSODIUM_LIBS
LIBSODIUM_CFLAGS
LIBSODIUM_FALSE
@@ -860,6 +863,7 @@ enable_verbose_logging
enable_botan1_10
with_libcrypto
enable_libsodium
enable_libdecaf
with_socketdir
enable_hardening
enable_asan
@@ -1438,7 +1442,7 @@ if test "$ac_init_help" = "long"; then
# Omit some internal or obsolete options to make the list less imposing.
# This message is too long to be a string in the A/UX 3.1 sh.
cat <<_ACEOF
\`configure' configures pdns-recursor 4.0.5 to adapt to many kinds of systems.
\`configure' configures pdns-recursor 4.0.6 to adapt to many kinds of systems.

Usage: $0 [OPTION]... [VAR=VALUE]...

@@ -1508,7 +1512,7 @@ fi

if test -n "$ac_init_help"; then
case $ac_init_help in
short | recursive ) echo "Configuration of pdns-recursor 4.0.5:";;
short | recursive ) echo "Configuration of pdns-recursor 4.0.6:";;
esac
cat <<\_ACEOF

@@ -1541,6 +1545,7 @@ Optional Features:
enable verbose logging [default=no]
--enable-botan1.10 use Botan 1.10 [default=no]
--enable-libsodium use libsodium [default=no]
--enable-libdecaf use libdecaf [default=no]
--disable-hardening disable compiler security checks [default=no]
--enable-asan enable AddressSanitizer [default=no]
--enable-msan enable MemorySanitizer [default=no]
@@ -1670,7 +1675,7 @@ fi
test -n "$ac_init_help" && exit $ac_status
if $ac_init_version; then
cat <<\_ACEOF
pdns-recursor configure 4.0.5
pdns-recursor configure 4.0.6
generated by GNU Autoconf 2.69

Copyright (C) 2012 Free Software Foundation, Inc.
@@ -2269,7 +2274,7 @@ cat >config.log <<_ACEOF
This file contains any messages produced by compilers while
running configure, to aid debugging if configure makes a mistake.

It was created by pdns-recursor $as_me 4.0.5, which was
It was created by pdns-recursor $as_me 4.0.6, which was
generated by GNU Autoconf 2.69. Invocation command line was

$ $0 $@
@@ -3132,7 +3137,7 @@ fi

# Define the identity of the package.
PACKAGE='pdns-recursor'
VERSION='4.0.5'
VERSION='4.0.6'


cat >>confdefs.h <<_ACEOF
@@ -15885,17 +15890,14 @@ fi

case "$host" in
mips* | powerpc* )
as_CACHEVAR=`$as_echo "ax_cv_check_ldflags_cannot continue" "$LINENO" 5
_-latomic" | $as_tr_sh`
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether the linker accepts -latomic" >&5
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether the linker accepts -latomic" >&5
$as_echo_n "checking whether the linker accepts -latomic... " >&6; }
if eval \${$as_CACHEVAR+:} false; then :
if ${ax_cv_check_ldflags___latomic+:} false; then :
$as_echo_n "(cached) " >&6
else

ax_check_save_flags=$LDFLAGS
LDFLAGS="$LDFLAGS cannot continue" "$LINENO" 5
-latomic"
LDFLAGS="$LDFLAGS -latomic"
cat confdefs.h - <<_ACEOF >conftest.$ac_ext
/* end confdefs.h. */

@@ -15908,21 +15910,21 @@ main ()
}
_ACEOF
if ac_fn_cxx_try_link "$LINENO"; then :
eval "$as_CACHEVAR=yes"
ax_cv_check_ldflags___latomic=yes
else
eval "$as_CACHEVAR=no"
ax_cv_check_ldflags___latomic=no
fi
rm -f core conftest.err conftest.$ac_objext \
conftest$ac_exeext conftest.$ac_ext
LDFLAGS=$ax_check_save_flags
fi
eval ac_res=\$$as_CACHEVAR
{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5
$as_echo "$ac_res" >&6; }
if eval test \"x\$"$as_CACHEVAR"\" = x"yes"; then :
{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ax_cv_check_ldflags___latomic" >&5
$as_echo "$ax_cv_check_ldflags___latomic" >&6; }
if test "x$ax_cv_check_ldflags___latomic" = xyes; then :
:
else
as_fn_error $? "Unable to link against libatomic
as_fn_error $? "Unable to link against libatomic, cannot continue" "$LINENO" 5

fi

LDFLAGS="-latomic $LDFLAGS"
@@ -19545,6 +19547,103 @@ fi
fi


{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether we will be linking in libdecaf" >&5
$as_echo_n "checking whether we will be linking in libdecaf... " >&6; }
# Check whether --enable-libdecaf was given.
if test "${enable_libdecaf+set}" = set; then :
enableval=$enable_libdecaf; enable_libdecaf=$enableval
else
enable_libdecaf=no

fi

{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $enable_libdecaf" >&5
$as_echo "$enable_libdecaf" >&6; }

if test "x$enable_libdecaf" != "xno"; then
LIBDECAF_TRUE=
LIBDECAF_FALSE='#'
else
LIBDECAF_TRUE='#'
LIBDECAF_FALSE=
fi


if test "x$enable_libdecaf" != "xno"; then :

save_LIBS=$LIBS
LIBS=""
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for library containing decaf_ed25519_sign" >&5
$as_echo_n "checking for library containing decaf_ed25519_sign... " >&6; }
if ${ac_cv_search_decaf_ed25519_sign+:} false; then :
$as_echo_n "(cached) " >&6
else
ac_func_search_save_LIBS=$LIBS
cat confdefs.h - <<_ACEOF >conftest.$ac_ext
/* end confdefs.h. */

/* Override any GCC internal prototype to avoid an error.
Use char because int might match the return type of a GCC
builtin and then its argument prototype would still apply. */
#ifdef __cplusplus
extern "C"
#endif
char decaf_ed25519_sign ();
int
main ()
{
return decaf_ed25519_sign ();
;
return 0;
}
_ACEOF
for ac_lib in '' decaf; do
if test -z "$ac_lib"; then
ac_res="none required"
else
ac_res=-l$ac_lib
LIBS="-l$ac_lib $ac_func_search_save_LIBS"
fi
if ac_fn_cxx_try_link "$LINENO"; then :
ac_cv_search_decaf_ed25519_sign=$ac_res
fi
rm -f core conftest.err conftest.$ac_objext \
conftest$ac_exeext
if ${ac_cv_search_decaf_ed25519_sign+:} false; then :
break
fi
done
if ${ac_cv_search_decaf_ed25519_sign+:} false; then :

else
ac_cv_search_decaf_ed25519_sign=no
fi
rm conftest.$ac_ext
LIBS=$ac_func_search_save_LIBS
fi
{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_decaf_ed25519_sign" >&5
$as_echo "$ac_cv_search_decaf_ed25519_sign" >&6; }
ac_res=$ac_cv_search_decaf_ed25519_sign
if test "$ac_res" != no; then :
test "$ac_res" = "none required" || LIBS="$ac_res $LIBS"


$as_echo "#define HAVE_LIBDECAF 1" >>confdefs.h

LIBDECAF_LIBS="$LIBS"


else

as_fn_error $? "Could not find libdecaf" "$LINENO" 5

fi

LIBS="$save_LIBS"

fi


# check for tools we might need

# Extract the first word of "ragel", so it can be a program name with args.
@@ -20878,6 +20977,10 @@ if test -z "${LIBSODIUM_TRUE}" && test -z "${LIBSODIUM_FALSE}"; then
as_fn_error $? "conditional \"LIBSODIUM\" was never defined.
Usually this means the macro was only invoked conditionally." "$LINENO" 5
fi
if test -z "${LIBDECAF_TRUE}" && test -z "${LIBDECAF_FALSE}"; then
as_fn_error $? "conditional \"LIBDECAF\" was never defined.
Usually this means the macro was only invoked conditionally." "$LINENO" 5
fi
if test -z "${MALLOC_TRACE_TRUE}" && test -z "${MALLOC_TRACE_FALSE}"; then
as_fn_error $? "conditional \"MALLOC_TRACE\" was never defined.
Usually this means the macro was only invoked conditionally." "$LINENO" 5
@@ -21291,7 +21394,7 @@ cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
# report actual input values of CONFIG_FILES etc. instead of their
# values after options handling.
ac_log="
This file was extended by pdns-recursor $as_me 4.0.5, which was
This file was extended by pdns-recursor $as_me 4.0.6, which was
generated by GNU Autoconf 2.69. Invocation command line was

CONFIG_FILES = $CONFIG_FILES
@@ -21357,7 +21460,7 @@ _ACEOF
cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`"
ac_cs_version="\\
pdns-recursor config.status 4.0.5
pdns-recursor config.status 4.0.6
configured by $0, generated by GNU Autoconf 2.69,
with options \\"\$ac_cs_config\\"

@@ -23450,6 +23553,22 @@ fi
fi
{ $as_echo "$as_me:${as_lineno-$LINENO}: OpenSSL ECDSA: $libcrypto_ecdsa" >&5
$as_echo "$as_me: OpenSSL ECDSA: $libcrypto_ecdsa" >&6;}
if test "x$LIBSODIUM_LIBS" != "x"; then :
{ $as_echo "$as_me:${as_lineno-$LINENO}: libsodium ed25519: yes" >&5
$as_echo "$as_me: libsodium ed25519: yes" >&6;}
else
{ $as_echo "$as_me:${as_lineno-$LINENO}: libsodium ed25519: no" >&5
$as_echo "$as_me: libsodium ed25519: no" >&6;}

fi
if test "x$LIBDECAF_LIBS" != "x"; then :
{ $as_echo "$as_me:${as_lineno-$LINENO}: libdecaf ed25519 and ed448: yes" >&5
$as_echo "$as_me: libdecaf ed25519 and ed448: yes" >&6;}
else
{ $as_echo "$as_me:${as_lineno-$LINENO}: libdecaf ed25519 and ed448: no" >&5
$as_echo "$as_me: libdecaf ed25519 and ed448: no" >&6;}

fi
if test "x$PROTOBUF_LIBS" != "x" -a x"$PROTOC" != "x"; then :
{ $as_echo "$as_me:${as_lineno-$LINENO}: Protobuf: yes" >&5
$as_echo "$as_me: Protobuf: yes" >&6;}


+ 9
- 0
configure.ac View File

@@ -114,6 +114,7 @@ PDNS_CHECK_LIBCRYPTO([
)
PDNS_CHECK_LIBCRYPTO_ECDSA
PDNS_CHECK_LIBSODIUM
PDNS_CHECK_LIBDECAF

# check for tools we might need
PDNS_CHECK_RAGEL
@@ -202,6 +203,14 @@ AS_IF([test "x$LUAPC" != "x"],
[AC_MSG_NOTICE([Lua/LuaJit: no])])
])
AC_MSG_NOTICE([OpenSSL ECDSA: $libcrypto_ecdsa])
AS_IF([test "x$LIBSODIUM_LIBS" != "x"],
[AC_MSG_NOTICE([libsodium ed25519: yes])],
[AC_MSG_NOTICE([libsodium ed25519: no])]
)
AS_IF([test "x$LIBDECAF_LIBS" != "x"],
[AC_MSG_NOTICE([libdecaf ed25519 and ed448: yes])],
[AC_MSG_NOTICE([libdecaf ed25519 and ed448: no])]
)
AS_IF([test "x$PROTOBUF_LIBS" != "x" -a x"$PROTOC" != "x"],
[AC_MSG_NOTICE([Protobuf: yes])],
[AC_MSG_NOTICE([Protobuf: no])]


+ 293
- 0
decafsigners.cc View File

@@ -0,0 +1,293 @@
#ifdef HAVE_CONFIG_H
#include "config.h"
#endif
#include <decaf.hxx>
#include <decaf/eddsa.hxx>
#include <decaf/spongerng.hxx>

#include "dnssecinfra.hh"

using namespace decaf;

class DecafED25519DNSCryptoKeyEngine : public DNSCryptoKeyEngine
{
public:
explicit DecafED25519DNSCryptoKeyEngine(unsigned int algo) : DNSCryptoKeyEngine(algo)
{

}
string getName() const override { return "Decaf ED25519"; }
void create(unsigned int bits) override;
storvector_t convertToISCVector() const override;
std::string getPubKeyHash() const override;
std::string sign(const std::string& msg) const override;
bool verify(const std::string& msg, const std::string& signature) const override;
std::string getPublicKeyString() const override;
int getBits() const override;
void fromISCMap(DNSKEYRecordContent& drc, std::map<std::string, std::string>& stormap) override;
void fromPublicKeyString(const std::string& content) override;
void fromPEMString(DNSKEYRecordContent& drc, const std::string& raw) override
{}

static std::shared_ptr<DNSCryptoKeyEngine> maker(unsigned int algorithm)
{
return std::make_shared<DecafED25519DNSCryptoKeyEngine>(algorithm);
}

private:
unsigned char d_pubkey[DECAF_EDDSA_25519_PUBLIC_BYTES];
unsigned char d_seckey[DECAF_EDDSA_25519_PRIVATE_BYTES];
};

void DecafED25519DNSCryptoKeyEngine::create(unsigned int bits)
{
if(bits != (unsigned int)getBits()) {
throw runtime_error("Unsupported key length of "+std::to_string(bits)+" bits requested, DecafED25519 class");
}

SpongeRng rng("/dev/urandom");

typename EdDSA<IsoEd25519>::PrivateKey priv(rng);
typename EdDSA<IsoEd25519>::PublicKey pub(priv);

priv.serialize_into(d_seckey);
pub.serialize_into(d_pubkey);
}

int DecafED25519DNSCryptoKeyEngine::getBits() const
{
return DECAF_EDDSA_25519_PRIVATE_BYTES << 3;
}

DNSCryptoKeyEngine::storvector_t DecafED25519DNSCryptoKeyEngine::convertToISCVector() const
{
/*
Private-key-format: v1.2
Algorithm: 15 (ED25519)
PrivateKey: ODIyNjAzODQ2MjgwODAxMjI2NDUxOTAyMDQxNDIyNjI=
*/

storvector_t storvector;

storvector.push_back(make_pair("Algorithm", "15 (ED25519)"));
storvector.push_back(make_pair("PrivateKey", string((char*)d_seckey, DECAF_EDDSA_25519_PRIVATE_BYTES)));

return storvector;
}

void DecafED25519DNSCryptoKeyEngine::fromISCMap(DNSKEYRecordContent& drc, std::map<std::string, std::string>& stormap )
{
/*
Private-key-format: v1.2
Algorithm: 15 (ED25519)
PrivateKey: ODIyNjAzODQ2MjgwODAxMjI2NDUxOTAyMDQxNDIyNjI=
*/

drc.d_algorithm = pdns_stou(stormap["algorithm"]);
string privateKey = stormap["privatekey"];

if (privateKey.length() != DECAF_EDDSA_25519_PRIVATE_BYTES)
throw runtime_error("Private key size mismatch in ISCMap, DecafED25519 class");

typename EdDSA<IsoEd25519>::PrivateKey priv(Block((const unsigned char*)privateKey.c_str(), DECAF_EDDSA_25519_PRIVATE_BYTES));
typename EdDSA<IsoEd25519>::PublicKey pub(priv);

priv.serialize_into(d_seckey);
pub.serialize_into(d_pubkey);
}

std::string DecafED25519DNSCryptoKeyEngine::getPubKeyHash() const
{
return this->getPublicKeyString();
}

std::string DecafED25519DNSCryptoKeyEngine::getPublicKeyString() const
{
return string((char*)d_pubkey, DECAF_EDDSA_25519_PUBLIC_BYTES);
}

void DecafED25519DNSCryptoKeyEngine::fromPublicKeyString(const std::string& input)
{
if (input.length() != DECAF_EDDSA_25519_PUBLIC_BYTES)
throw runtime_error("Public key size mismatch, DecafED25519 class");

memcpy(d_pubkey, input.c_str(), DECAF_EDDSA_25519_PUBLIC_BYTES);
}

std::string DecafED25519DNSCryptoKeyEngine::sign(const std::string& msg) const
{
typename EdDSA<IsoEd25519>::PrivateKey priv(Block(d_seckey, DECAF_EDDSA_25519_PRIVATE_BYTES));

SecureBuffer message(msg.begin(), msg.end());

SecureBuffer sig = priv.sign(message);

return string(sig.begin(), sig.end());
}

bool DecafED25519DNSCryptoKeyEngine::verify(const std::string& msg, const std::string& signature) const
{
if (signature.length() != DECAF_EDDSA_25519_SIGNATURE_BYTES)
return false;

typename EdDSA<IsoEd25519>::PublicKey pub(Block(d_pubkey, DECAF_EDDSA_25519_PUBLIC_BYTES));

SecureBuffer sig(signature.begin(), signature.end());
SecureBuffer message(msg.begin(), msg.end());

try {
pub.verify(sig, message);
} catch(CryptoException) {
return false;
}

return true;
}


class DecafED448DNSCryptoKeyEngine : public DNSCryptoKeyEngine
{
public:
explicit DecafED448DNSCryptoKeyEngine(unsigned int algo) : DNSCryptoKeyEngine(algo)
{

}
string getName() const override { return "Decaf ED448"; }
void create(unsigned int bits) override;
storvector_t convertToISCVector() const override;
std::string getPubKeyHash() const override;
std::string sign(const std::string& msg) const override;
bool verify(const std::string& msg, const std::string& signature) const override;
std::string getPublicKeyString() const override;
int getBits() const override;
void fromISCMap(DNSKEYRecordContent& drc, std::map<std::string, std::string>& stormap) override;
void fromPublicKeyString(const std::string& content) override;
void fromPEMString(DNSKEYRecordContent& drc, const std::string& raw) override
{}

static std::shared_ptr<DNSCryptoKeyEngine> maker(unsigned int algorithm)
{
return std::make_shared<DecafED448DNSCryptoKeyEngine>(algorithm);
}

private:
unsigned char d_pubkey[DECAF_EDDSA_448_PUBLIC_BYTES];
unsigned char d_seckey[DECAF_EDDSA_448_PRIVATE_BYTES];
};

void DecafED448DNSCryptoKeyEngine::create(unsigned int bits)
{
if(bits != (unsigned int)getBits()) {
throw runtime_error("Unsupported key length of "+std::to_string(bits)+" bits requested, DecafED448 class");
}

SpongeRng rng("/dev/urandom");

typename EdDSA<Ed448Goldilocks>::PrivateKey priv(rng);
typename EdDSA<Ed448Goldilocks>::PublicKey pub(priv);

priv.serialize_into(d_seckey);
pub.serialize_into(d_pubkey);
}

int DecafED448DNSCryptoKeyEngine::getBits() const
{
return DECAF_EDDSA_448_PRIVATE_BYTES << 3;
}

DNSCryptoKeyEngine::storvector_t DecafED448DNSCryptoKeyEngine::convertToISCVector() const
{
/*
Private-key-format: v1.2
Algorithm: 16 (ED448)
PrivateKey: xZ+5Cgm463xugtkY5B0Jx6erFTXp13rYegst0qRtNsOYnaVpMx0Z/c5EiA9x8wWbDDct/U3FhYWA
*/

storvector_t storvector;

storvector.push_back(make_pair("Algorithm", "16 (ED448)"));
storvector.push_back(make_pair("PrivateKey", string((char*)d_seckey, DECAF_EDDSA_448_PRIVATE_BYTES)));

return storvector;
}

void DecafED448DNSCryptoKeyEngine::fromISCMap(DNSKEYRecordContent& drc, std::map<std::string, std::string>& stormap )
{
/*
Private-key-format: v1.2
Algorithm: 16 (ED448)
PrivateKey: xZ+5Cgm463xugtkY5B0Jx6erFTXp13rYegst0qRtNsOYnaVpMx0Z/c5EiA9x8wWbDDct/U3FhYWA
*/

drc.d_algorithm = pdns_stou(stormap["algorithm"]);
string privateKey = stormap["privatekey"];

if (privateKey.length() != DECAF_EDDSA_448_PRIVATE_BYTES)
throw runtime_error("Private key size mismatch in ISCMap, DecafED448 class");

typename EdDSA<Ed448Goldilocks>::PrivateKey priv(Block((const unsigned char*)privateKey.c_str(), DECAF_EDDSA_448_PRIVATE_BYTES));
typename EdDSA<Ed448Goldilocks>::PublicKey pub(priv);

priv.serialize_into(d_seckey);
pub.serialize_into(d_pubkey);
}

std::string DecafED448DNSCryptoKeyEngine::getPubKeyHash() const
{
return this->getPublicKeyString();
}

std::string DecafED448DNSCryptoKeyEngine::getPublicKeyString() const
{
return string((char*)d_pubkey, DECAF_EDDSA_448_PUBLIC_BYTES);
}

void DecafED448DNSCryptoKeyEngine::fromPublicKeyString(const std::string& input)
{
if (input.length() != DECAF_EDDSA_448_PUBLIC_BYTES)
throw runtime_error("Public key size mismatch, DecafED448 class");

memcpy(d_pubkey, input.c_str(), DECAF_EDDSA_448_PUBLIC_BYTES);
}

std::string DecafED448DNSCryptoKeyEngine::sign(const std::string& msg) const
{
typename EdDSA<Ed448Goldilocks>::PrivateKey priv(Block(d_seckey, DECAF_EDDSA_448_PRIVATE_BYTES));

SecureBuffer message(msg.begin(), msg.end());

SecureBuffer sig = priv.sign(message);

return string(sig.begin(), sig.end());
}

bool DecafED448DNSCryptoKeyEngine::verify(const std::string& msg, const std::string& signature) const
{
if (signature.length() != DECAF_EDDSA_448_SIGNATURE_BYTES)
return false;

typename EdDSA<Ed448Goldilocks>::PublicKey pub(Block(d_pubkey, DECAF_EDDSA_448_PUBLIC_BYTES));

SecureBuffer sig(signature.begin(), signature.end());
SecureBuffer message(msg.begin(), msg.end());

try {
pub.verify(sig, message);
} catch(CryptoException) {
return false;
}

return true;
}


namespace {
struct LoaderDecafStruct
{
LoaderDecafStruct()
{
DNSCryptoKeyEngine::report(15, &DecafED25519DNSCryptoKeyEngine::maker, true);
DNSCryptoKeyEngine::report(16, &DecafED448DNSCryptoKeyEngine::maker);
}
} loaderdecaf;
}

+ 2
- 2
dnsrecords.cc View File

@@ -482,8 +482,8 @@ boilerplate_conv(TKEY, QType::TKEY,
TKEYRecordContent::TKEYRecordContent() { d_othersize = 0; } // fix CID#1288932

boilerplate_conv(URI, QType::URI,
conv.xfr8BitInt(d_priority);
conv.xfr8BitInt(d_weight);
conv.xfr16BitInt(d_priority);
conv.xfr16BitInt(d_weight);
conv.xfrText(d_target, true, false);
)



+ 2
- 1
dnsrecords.hh View File

@@ -198,6 +198,7 @@ class CNAMERecordContent : public DNSRecordContent
{
public:
includeboilerplate(CNAME)
CNAMERecordContent(const DNSName& content) : d_content(content){}
DNSName getTarget() const { return d_content; }
private:
DNSName d_content;
@@ -630,7 +631,7 @@ class URIRecordContent : public DNSRecordContent {
public:
includeboilerplate(URI)
private:
uint8_t d_priority, d_weight;
uint16_t d_priority, d_weight;
string d_target;
};



+ 2
- 0
dnssecinfra.cc View File

@@ -239,6 +239,8 @@ pair<unsigned int, unsigned int> DNSCryptoKeyEngine::testMakers(unsigned int alg
bits=256;
else if(algo == 14) // ECDSAP384SHA384
bits = 384;
else if(algo == 16) // ED448
bits = 456;
else
throw runtime_error("Can't guess key size for algorithm "+std::to_string(algo));



+ 5
- 1
dnssecinfra.hh View File

@@ -46,7 +46,11 @@ class DNSCryptoKeyEngine
virtual storvector_t convertToISCVector() const =0;
std::string convertToISC() const ;
virtual std::string sign(const std::string& msg) const =0;
virtual std::string hash(const std::string& msg) const =0;
virtual std::string hash(const std::string& msg) const
{
throw std::runtime_error("hash() function not implemented");
return msg;
}
virtual bool verify(const std::string& msg, const std::string& signature) const =0;
virtual std::string getPubKeyHash()const =0;


+ 5
- 1
dnsseckeeper.hh View File

@@ -51,7 +51,8 @@ public:
ECCGOST=12,
ECDSA256=13,
ECDSA384=14,
ED25519=15
ED25519=15,
ED448=16
};

struct KeyMetaData
@@ -92,6 +93,7 @@ public:
if (!algorithm.compare("ecdsa256")) return ECDSA256;
if (!algorithm.compare("ecdsa384")) return ECDSA384;
if (!algorithm.compare("ed25519")) return ED25519;
if (!algorithm.compare("ed448")) return ED448;
return -1;
}

@@ -126,6 +128,8 @@ public:
return "ECDSAP384SHA384";
case ED25519:
return "ED25519";
case ED448:
return "ED448";
case 252:
return "INDIRECT";
case 253:


+ 124
- 5
effective_tld_names.dat View File

@@ -407,6 +407,7 @@ arq.br
art.br
ato.br
b.br
belem.br
bio.br
blog.br
bmd.br
@@ -415,6 +416,8 @@ cng.br
cnt.br
com.br
coop.br
cri.br
def.br
ecn.br
eco.br
edu.br
@@ -425,6 +428,7 @@ etc.br
eti.br
far.br
flog.br
floripa.br
fm.br
fnd.br
fot.br
@@ -432,9 +436,38 @@ fst.br
g12.br
ggf.br
gov.br
// gov.br 26 states + df https://en.wikipedia.org/wiki/States_of_Brazil
ac.gov.br
al.gov.br
am.gov.br
ap.gov.br
ba.gov.br
ce.gov.br
df.gov.br
es.gov.br
go.gov.br
ma.gov.br
mg.gov.br
ms.gov.br
mt.gov.br
pa.gov.br
pb.gov.br
pe.gov.br
pi.gov.br
pr.gov.br
rj.gov.br
rn.gov.br
ro.gov.br
rr.gov.br
rs.gov.br
sc.gov.br
se.gov.br
sp.gov.br
to.gov.br
imb.br
ind.br
inf.br
jampa.br
jor.br
jus.br
leg.br
@@ -450,6 +483,7 @@ not.br
ntr.br
odo.br
org.br
poa.br
ppg.br
pro.br
psc.br
@@ -457,6 +491,7 @@ psi.br
qsl.br
radio.br
rec.br
recife.br
slg.br
srv.br
taxi.br
@@ -466,6 +501,7 @@ trd.br
tur.br
tv.br
vet.br
vix.br
vlog.br
wiki.br
zlg.br
@@ -10712,6 +10748,14 @@ virtueeldomein.nl
// Submitted by Khash Sajadi <khash@cloud66.com>
c66.me

// CloudAccess.net : https://www.cloudaccess.net/
// Submitted by Pawel Panek <noc@cloudaccess.net>
jdevcloud.com
wpdevcloud.com
cloudaccess.host
freesite.host
cloudaccess.net

// cloudControl : https://www.cloudcontrol.com/
// Submitted by Tobias Wilken <tw@cloudcontrol.com>
cloudcontrolled.com
@@ -10800,6 +10844,10 @@ dedyn.io
// Submitted by Norbert Auler <mail@dnshome.de>
dnshome.de

// DrayTek Corp. : https://www.draytek.com/
// Submitted by Paul Fang <mis@draytek.com>
drayddns.com

// DreamHost : http://www.dreamhost.com/
// Submitted by Andrew Farmer <andrew.farmer@dreamhost.com>
dreamhosters.com
@@ -11128,6 +11176,10 @@ dynv6.net
// Submitted by Vladimir Dudr <info@e4you.cz>
e4.cz

// Enalean SAS: https://www.enalean.com
// Submitted by Thomas Cottier <thomas.cottier@enalean.com>
mytuleap.com

// Enonic : http://enonic.com/
// Submitted by Erik Kaareng-Sunde <esu@enonic.com>
enonic.io
@@ -11311,6 +11363,10 @@ fedorainfracloud.org
fedorapeople.org
cloud.fedoraproject.org

// Filegear Inc. : https://www.filegear.com
// Submitted by Jason Zhu <jason@owtware.com>
filegear.me

// Firebase, Inc.
// Submitted by Chris Raynor <chris@firebase.com>
firebaseapp.com
@@ -11318,6 +11374,7 @@ firebaseapp.com
// Flynn : https://flynn.io
// Submitted by Jonathan Rudenberg <jonathan@flynn.io>
flynnhub.com
flynnhosting.net

// Freebox : http://www.freebox.fr
// Submitted by Romain Fliedel <rfliedel@freebox.fr>
@@ -11348,11 +11405,6 @@ service.gov.uk
// Submitted by Patrick Toomey <security@github.com>
github.io
githubusercontent.com
githubcloud.com
*.api.githubcloud.com
*.ext.githubcloud.com
gist.githubcloud.com
*.githubcloudusercontent.com

// GitLab, Inc.
// Submitted by Alex Hanselka <alex@gitlab.com>
@@ -11487,6 +11539,10 @@ iki.fi
biz.at
info.at

// info.cx : http://info.cx
// Submitted by Jacob Slater <whois@igloo.to>
info.cx

// Interlegis : http://www.interlegis.leg.br
// Submitted by Gabriel Ferreira <registrobr@interlegis.leg.br>
ac.leg.br
@@ -11542,6 +11598,23 @@ knightpoint.systems
co.krd
edu.krd

// LCube - Professional hosting e.K. : https://www.lcube-webhosting.de
// Submitted by Lars Laehn <info@lcube.de>
git-repos.de
lcube-server.de
svn-repos.de

// Lukanet Ltd : https://lukanet.com
// Submitted by Anton Avramov <register@lukanet.com>
barsy.bg
barsyonline.com
barsy.de
barsy.eu
barsy.in
barsy.net
barsy.online
barsy.support

// Magento Commerce
// Submitted by Damien Tournoud <dtournoud@magento.cloud>
*.magentosite.cloud
@@ -11550,6 +11623,11 @@ edu.krd
// Submitted by Ilya Zaretskiy <zaretskiy@corp.mail.ru>
hb.cldmail.ru

// MetaCentrum, CESNET z.s.p.o. : https://www.metacentrum.cz/en/
// Submitted by Zdenฤ›k ล ustr <zdenek.sustr@cesnet.cz>
cloud.metacentrum.cz
custom.metacentrum.cz

// Meteor Development Group : https://www.meteor.com/hosting
// Submitted by Pierre Carrier <pierre@meteor.com>
meteorapp.com
@@ -11673,6 +11751,11 @@ sytes.net
webhop.me
zapto.org

// Nodum B.V. : https://nodum.io/
// Submitted by Wietse Wind <hello+publicsuffixlist@nodum.io>
nodum.co
nodum.io

// NYC.mn : http://www.information.nyc.mn
// Submitted by Matthew Brown <mattbrown@nyc.mn>
nyc.mn
@@ -11898,11 +11981,40 @@ gdynia.pl
med.pl
sopot.pl

// Thingdust AG : https://thingdust.com/
// Submitted by Adrian Imboden <adi@thingdust.com>
cust.dev.thingdust.io
cust.disrec.thingdust.io
cust.prod.thingdust.io
cust.testing.thingdust.io

// TownNews.com : http://www.townnews.com
// Submitted by Dustin Ward <dward@townnews.com>
bloxcms.com
townnews-staging.com

// TrafficPlex GmbH : https://www.trafficplex.de/
// Submitted by Phillipp Rรถll <phillipp.roell@trafficplex.de>
12hp.at
2ix.at
4lima.at
lima-city.at
12hp.ch
2ix.ch
4lima.ch
lima-city.ch
trafficplex.cloud
de.cool
12hp.de
2ix.de
4lima.de
lima-city.de
1337.pictures
clan.rip
lima-city.rocks
webspace.rocks
lima.zone

// TransIP : htts://www.transip.nl
// Submitted by Rory Breuk <rbreuk@transip.nl>
*.transurl.be
@@ -11948,6 +12060,11 @@ lib.de.us
// Submitted by Simon Kissel <hostmaster@viprinet.com>
router.management

// WeDeploy by Liferay, Inc. : https://www.wedeploy.com
// Submitted by Henrique Vicente <security@wedeploy.com>
wedeploy.io
wedeploy.me

// Western Digital Technologies, Inc : https://www.wdc.com
// Submitted by Jung Jin <jungseok.jin@wdc.com>
remotewd.com
@@ -11958,6 +12075,8 @@ wmflabs.org

// XS4ALL Internet bv : https://www.xs4all.nl/
// Submitted by Daniel Mostertman <unixbeheer+publicsuffix@xs4all.net>
cistron.nl
demon.nl
xs4all.space

// Yola : https://www.yola.com/


+ 2
- 0
ext/Makefile.in View File

@@ -91,6 +91,7 @@ am__aclocal_m4_deps = \
$(top_srcdir)/m4/pdns_check_curl.m4 \
$(top_srcdir)/m4/pdns_check_libcrypto.m4 \
$(top_srcdir)/m4/pdns_check_libcrypto_ecdsa.m4 \
$(top_srcdir)/m4/pdns_check_libdecaf.m4 \
$(top_srcdir)/m4/pdns_check_libsodium.m4 \
$(top_srcdir)/m4/pdns_check_lua_hpp.m4 \
$(top_srcdir)/m4/pdns_check_network_libs.m4 \
@@ -260,6 +261,7 @@ LDFLAGS = @LDFLAGS@
LIBCRYPTO_INCLUDES = @LIBCRYPTO_INCLUDES@
LIBCRYPTO_LDFLAGS = @LIBCRYPTO_LDFLAGS@
LIBCRYPTO_LIBS = @LIBCRYPTO_LIBS@
LIBDECAF_LIBS = @LIBDECAF_LIBS@
LIBOBJS = @LIBOBJS@
LIBS = @LIBS@
LIBSODIUM_CFLAGS = @LIBSODIUM_CFLAGS@


+ 2
- 0
ext/json11/Makefile.in View File

@@ -93,6 +93,7 @@ am__aclocal_m4_deps = \
$(top_srcdir)/m4/pdns_check_curl.m4 \
$(top_srcdir)/m4/pdns_check_libcrypto.m4 \
$(top_srcdir)/m4/pdns_check_libcrypto_ecdsa.m4 \
$(top_srcdir)/m4/pdns_check_libdecaf.m4 \
$(top_srcdir)/m4/pdns_check_libsodium.m4 \
$(top_srcdir)/m4/pdns_check_lua_hpp.m4 \
$(top_srcdir)/m4/pdns_check_network_libs.m4 \
@@ -269,6 +270,7 @@ LDFLAGS = @LDFLAGS@
LIBCRYPTO_INCLUDES = @LIBCRYPTO_INCLUDES@
LIBCRYPTO_LDFLAGS = @LIBCRYPTO_LDFLAGS@
LIBCRYPTO_LIBS = @LIBCRYPTO_LIBS@
LIBDECAF_LIBS = @LIBDECAF_LIBS@
LIBOBJS = @LIBOBJS@
LIBS = @LIBS@
LIBSODIUM_CFLAGS = @LIBSODIUM_CFLAGS@


+ 2
- 0
ext/yahttp/Makefile.in View File

@@ -91,6 +91,7 @@ am__aclocal_m4_deps = \
$(top_srcdir)/m4/pdns_check_curl.m4 \
$(top_srcdir)/m4/pdns_check_libcrypto.m4 \
$(top_srcdir)/m4/pdns_check_libcrypto_ecdsa.m4 \
$(top_srcdir)/m4/pdns_check_libdecaf.m4 \
$(top_srcdir)/m4/pdns_check_libsodium.m4 \
$(top_srcdir)/m4/pdns_check_lua_hpp.m4 \
$(top_srcdir)/m4/pdns_check_network_libs.m4 \
@@ -261,6 +262,7 @@ LDFLAGS = @LDFLAGS@
LIBCRYPTO_INCLUDES = @LIBCRYPTO_INCLUDES@
LIBCRYPTO_LDFLAGS = @LIBCRYPTO_LDFLAGS@
LIBCRYPTO_LIBS = @LIBCRYPTO_LIBS@
LIBDECAF_LIBS = @LIBDECAF_LIBS@
LIBOBJS = @LIBOBJS@
LIBS = @LIBS@
LIBSODIUM_CFLAGS = @LIBSODIUM_CFLAGS@


+ 2
- 0
ext/yahttp/yahttp/Makefile.in View File

@@ -93,6 +93,7 @@ am__aclocal_m4_deps = \
$(top_srcdir)/m4/pdns_check_curl.m4 \
$(top_srcdir)/m4/pdns_check_libcrypto.m4 \
$(top_srcdir)/m4/pdns_check_libcrypto_ecdsa.m4 \
$(top_srcdir)/m4/pdns_check_libdecaf.m4 \
$(top_srcdir)/m4/pdns_check_libsodium.m4 \
$(top_srcdir)/m4/pdns_check_lua_hpp.m4 \
$(top_srcdir)/m4/pdns_check_network_libs.m4 \
@@ -269,6 +270,7 @@ LDFLAGS = @LDFLAGS@
LIBCRYPTO_INCLUDES = @LIBCRYPTO_INCLUDES@
LIBCRYPTO_LDFLAGS = @LIBCRYPTO_LDFLAGS@
LIBCRYPTO_LIBS = @LIBCRYPTO_LIBS@
LIBDECAF_LIBS = @LIBDECAF_LIBS@
LIBOBJS = @LIBOBJS@
LIBS = @LIBS@
LIBSODIUM_CFLAGS = @LIBSODIUM_CFLAGS@


+ 1
- 1
iputils.hh View File

@@ -313,7 +313,7 @@ public:
Netmask(const ComboAddress& network, uint8_t bits=0xff)
{
d_network = network;
d_network.sin4.sin_port=0;
if(bits > 128)
bits = (network.sin4.sin_family == AF_INET) ? 32 : 128;


+ 125
- 41
ixfr.cc View File

@@ -26,6 +26,96 @@
#include "dnssecinfra.hh"
#include "tsigverifier.hh"

vector<pair<vector<DNSRecord>, vector<DNSRecord> > > processIXFRRecords(const ComboAddress& master, const DNSName& zone,
const vector<DNSRecord>& records, const std::shared_ptr<SOARecordContent> masterSOA)
{
vector<pair<vector<DNSRecord>, vector<DNSRecord> > > ret;

if (records.size() == 0 || masterSOA == nullptr) {
return ret;
}

// we start at 1 to skip the first SOA record
// we don't increase pos because the final SOA
// of the previous sequence is also the first SOA
// of this one
for(unsigned int pos = 1; pos < records.size(); ) {
vector<DNSRecord> remove, add;

// cerr<<"Looking at record in position "<<pos<<" of type "<<QType(records[pos].d_type).getName()<<endl;

if (records[pos].d_type != QType::SOA) {
// this is an actual AXFR!
return {{remove, records}};
}

auto sr = getRR<SOARecordContent>(records[pos]);
if (!sr) {
throw std::runtime_error("Error getting the content of the first SOA record of this IXFR sequence for zone '"+zone.toString()+"' from master '"+master.toStringWithPort()+"'");
}

// cerr<<"Serial is "<<sr->d_st.serial<<", final serial is "<<masterSOA->d_st.serial<<endl;

// the serial of this SOA record is the serial of the
// zone before the removals and updates of this sequence
if (sr->d_st.serial == masterSOA->d_st.serial) {
// if it's the final SOA, there is nothing for us to see
break;
}

remove.push_back(records[pos]); // this adds the SOA

// process removals
for(pos++; pos < records.size() && records[pos].d_type != QType::SOA; ++pos) {
remove.push_back(records[pos]);
}

if (pos >= records.size()) {
throw std::runtime_error("No SOA record to finish the removals part of the IXFR sequence of zone '" + zone.toString() + "' from " + master.toStringWithPort());
}

sr = getRR<SOARecordContent>(records[pos]);
if (!sr) {
throw std::runtime_error("Invalid SOA record to finish the removals part of the IXFR sequence of zone '" + zone.toString() + "' from " + master.toStringWithPort());
}

// this is the serial of the zone after the removals
// and updates, but that might not be the final serial
// because there might be several sequences
uint32_t newSerial = sr->d_st.serial;
add.push_back(records[pos]); // this adds the new SOA

// process additions
for(pos++; pos < records.size() && records[pos].d_type != QType::SOA; ++pos) {
add.push_back(records[pos]);
}

if (pos >= records.size()) {
throw std::runtime_error("No SOA record to finish the additions part of the IXFR sequence of zone '" + zone.toString() + "' from " + master.toStringWithPort());
}

sr = getRR<SOARecordContent>(records[pos]);
if (!sr) {
throw std::runtime_error("Invalid SOA record to finish the additions part of the IXFR sequence of zone '" + zone.toString() + "' from " + master.toStringWithPort());
}

if (sr->d_st.serial != newSerial) {
throw std::runtime_error("Invalid serial (" + std::to_string(sr->d_st.serial) + ", expecting " + std::to_string(newSerial) + ") in the SOA record finishing the additions part of the IXFR sequence of zone '" + zone.toString() + "' from " + master.toStringWithPort());
}

if (newSerial == masterSOA->d_st.serial) {
// this was the last sequence
if (pos != (records.size() - 1)) {
throw std::runtime_error("Trailing records after the last IXFR sequence of zone '" + zone.toString() + "' from " + master.toStringWithPort());
}
}

ret.push_back(make_pair(remove,add));
}

return ret;
}

// Returns pairs of "remove & add" vectors. If you get an empty remove, it means you got an AXFR!
vector<pair<vector<DNSRecord>, vector<DNSRecord> > > getIXFRDeltas(const ComboAddress& master, const DNSName& zone, const DNSRecord& oursr,
const TSIGTriplet& tt, const ComboAddress* laddr, size_t maxReceivedBytes)
@@ -75,24 +165,26 @@ vector<pair<vector<DNSRecord>, vector<DNSRecord> > > getIXFRDeltas(const ComboAd
// SOA WHERE THIS DELTA GOES
// RECORDS TO ADD
// CURRENT MASTER SOA
shared_ptr<SOARecordContent> masterSOA;
std::shared_ptr<SOARecordContent> masterSOA = nullptr;
vector<DNSRecord> records;
size_t receivedBytes = 0;

for(;;) {
if(s.read((char*)&len, 2)!=2)
if(s.read((char*)&len, sizeof(len)) != sizeof(len))
break;

len=ntohs(len);
// cout<<"Got chunk of "<<len<<" bytes"<<endl;
if(!len)
break;

if (maxReceivedBytes > 0 && (maxReceivedBytes - receivedBytes) < (size_t) len)
throw std::runtime_error("Reached the maximum number of received bytes in an IXFR delta for zone '"+zone.toString()+"' from master '"+master.toStringWithPort());
throw std::runtime_error("Reached the maximum number of received bytes in an IXFR delta for zone '"+zone.toString()+"' from master "+master.toStringWithPort());

char reply[len];
readn2(s.getHandle(), reply, len);
receivedBytes += len;

MOADNSParser mdp(false, string(reply, len));
if(mdp.d_header.rcode)
throw std::runtime_error("Got an error trying to IXFR zone '"+zone.toString()+"' from master '"+master.toStringWithPort()+"': "+RCode::to_s(mdp.d_header.rcode));
@@ -104,49 +196,41 @@ vector<pair<vector<DNSRecord>, vector<DNSRecord> > > getIXFRDeltas(const ComboAd
}

for(auto& r: mdp.d_answers) {
if(r.first.d_type == QType::TSIG)
continue;
// cout<<r.first.d_name<< " " <<r.first.d_content->getZoneRepresentation()<<endl;
r.first.d_name = r.first.d_name.makeRelative(zone);
records.push_back(r.first);
if(r.first.d_type == QType::SOA) {
if(!masterSOA) {
// we have not seen the first SOA record yet
if (r.first.d_type != QType::SOA) {
throw std::runtime_error("The first record of the IXFR answer for zone '"+zone.toString()+"' from master '"+master.toStringWithPort()+"' is not a SOA ("+QType(r.first.d_type).getName()+")");
}

auto sr = getRR<SOARecordContent>(r.first);
if(sr) {
if(!masterSOA) {
if(sr->d_st.serial == std::dynamic_pointer_cast<SOARecordContent>(oursr.d_content)->d_st.serial) { // we are up to date
goto done;
}
masterSOA=sr;
}
else if(sr->d_st.serial == masterSOA->d_st.serial)
goto done;
}
if (!sr) {
throw std::runtime_error("Error getting the content of the first SOA record of the IXFR answer for zone '"+zone.toString()+"' from master '"+master.toStringWithPort()+"'");
}

if(sr->d_st.serial == std::dynamic_pointer_cast<SOARecordContent>(oursr.d_content)->d_st.serial) {
// we are up to date
return ret;
}
masterSOA = sr;
}
}
}
// cout<<"Got "<<records.size()<<" records"<<endl;
done:;
for(unsigned int pos = 1;pos < records.size();) {
auto sr = getRR<SOARecordContent>(records[pos]);
vector<DNSRecord> remove, add;
if(!sr) { // this is an actual AXFR!
return {{remove, records}};
}
if(sr->d_st.serial == masterSOA->d_st.serial)
break;

remove.push_back(records[pos]); // this adds the SOA
for(pos++; pos < records.size() && records[pos].d_type != QType::SOA; ++pos) {
remove.push_back(records[pos]);
}
sr = getRR<SOARecordContent>(records[pos]);
if(r.first.d_place != DNSResourceRecord::ANSWER) {
if(r.first.d_type == QType::TSIG)
continue;

add.push_back(records[pos]); // this adds the new SOA
for(pos++; pos < records.size() && records[pos].d_type != QType::SOA; ++pos) {
add.push_back(records[pos]);
if(r.first.d_type == QType::OPT)
continue;

throw std::runtime_error("Unexpected record (" +QType(r.first.d_type).getName()+") in non-answer section ("+std::to_string(r.first.d_place)+")in IXFR response for zone '"+zone.toString()+"' from master '"+master.toStringWithPort());
}

r.first.d_name.makeUsRelative(zone);
records.push_back(r.first);
}
ret.push_back(make_pair(remove,add));
}
return ret;

// cout<<"Got "<<records.size()<<" records"<<endl;

return processIXFRRecords(master, zone, records, masterSOA);
}

+ 4
- 0
ixfr.hh View File

@@ -22,7 +22,11 @@
#include "namespaces.hh"
#include "iputils.hh"
#include "dnsparser.hh"
#include "dnsrecords.hh"

vector<pair<vector<DNSRecord>, vector<DNSRecord> > > getIXFRDeltas(const ComboAddress& master, const DNSName& zone,
const DNSRecord& sr, const TSIGTriplet& tt=TSIGTriplet(),
const ComboAddress* laddr=0, size_t maxReceivedBytes=0);

vector<pair<vector<DNSRecord>, vector<DNSRecord> > > processIXFRRecords(const ComboAddress& master, const DNSName& zone,
const vector<DNSRecord>& records, const std::shared_ptr<SOARecordContent> masterSOA);

+ 6
- 2
lwres.cc View File

@@ -116,20 +116,20 @@ int asyncresolve(const ComboAddress& ip, const DNSName& domain, int type, bool d

string ping;
bool weWantEDNSSubnet=false;
if(EDNS0Level) {
if(EDNS0Level > 0) {
DNSPacketWriter::optvect_t opts;
if(srcmask) {
EDNSSubnetOpts eo;
eo.source = *srcmask;
// cout<<"Adding request mask: "<<eo.source.toString()<<endl;
opts.push_back(make_pair(8, makeEDNSSubnetOptsString(eo)));
srcmask=boost::optional<Netmask>(); // this is also our return value
weWantEDNSSubnet=true;
}

pw.addOpt(g_outgoingEDNSBufsize, 0, g_dnssecmode == DNSSECMode::Off ? 0 : EDNSOpts::DNSSECOK, opts);
pw.commit();
}
srcmask = boost::none; // this is also our return value, even if EDNS0Level == 0
lwr->d_rcode = 0;
lwr->d_haveEDNS = false;
int ret;
@@ -255,6 +255,10 @@ int asyncresolve(const ComboAddress& ip, const DNSName& domain, int type, bool d
EDNSSubnetOpts reso;
if(getEDNSSubnetOptsFromString(opt.second, &reso)) {
// cerr<<"EDNS Subnet response: "<<reso.source.toString()<<", scope: "<<reso.scope.toString()<<", family = "<<reso.scope.getNetwork().sin4.sin_family<<endl;
/* rfc7871 states that 0 "indicate[s] that the answer is suitable for all addresses in FAMILY",
so we might want to still pass the information along to be able to differentiate between
IPv4 and IPv6. Still I'm pretty sure it doesn't matter in real life, so let's not duplicate
entries in our cache. */
if(reso.scope.getBits())
srcmask = reso.scope;
}


+ 23
- 0
m4/pdns_check_libdecaf.m4 View File

@@ -0,0 +1,23 @@
AC_DEFUN([PDNS_CHECK_LIBDECAF],[
AC_MSG_CHECKING([whether we will be linking in libdecaf])
AC_ARG_ENABLE([libdecaf],
[AS_HELP_STRING([--enable-libdecaf],[use libdecaf @<:@default=no@:>@])],
[enable_libdecaf=$enableval],
[enable_libdecaf=no]
)
AC_MSG_RESULT([$enable_libdecaf])

AM_CONDITIONAL([LIBDECAF],[test "x$enable_libdecaf" != "xno"])

AS_IF([test "x$enable_libdecaf" != "xno"],[
save_LIBS=$LIBS
LIBS=""
AC_SEARCH_LIBS([decaf_ed25519_sign],[decaf],[
AC_DEFINE([HAVE_LIBDECAF],[1],[Define to 1 if you have libdecaf])
AC_SUBST([LIBDECAF_LIBS],["$LIBS"])
],[
AC_MSG_ERROR([Could not find libdecaf])
])
LIBS="$save_LIBS"
])
])

+ 1
- 1
m4/pdns_check_os.m4 View File

@@ -39,7 +39,7 @@ AC_DEFUN([PDNS_CHECK_OS],[
mips* | powerpc* )
AX_CHECK_LINK_FLAG([-latomic],
[ : ],
AC_MSG_ERROR([Unable to link against libatomic, cannot continue])
[ AC_MSG_ERROR([Unable to link against libatomic, cannot continue]) ]
)
LDFLAGS="-latomic $LDFLAGS"
;;


+ 11
- 7
pdns_recursor.cc View File

@@ -694,12 +694,16 @@ void startDoResolve(void *p)
if (t_queryring)
t_queryring->push_back(make_pair(dc->d_mdp.d_qname, dc->d_mdp.d_qtype));

uint32_t maxanswersize= dc->d_tcp ? 65535 : min((uint16_t) 512, g_udpTruncationThreshold);
uint16_t maxanswersize = dc->d_tcp ? 65535 : min(static_cast<uint16_t>(512), g_udpTruncationThreshold);
EDNSOpts edo;
bool haveEDNS=false;
if(getEDNSOpts(dc->d_mdp, &edo)) {
if(!dc->d_tcp)
maxanswersize = min(edo.d_packetsize, g_udpTruncationThreshold);
if(!dc->d_tcp) {
/* rfc6891 6.2.3:
"Values lower than 512 MUST be treated as equal to 512."
*/
maxanswersize = min(static_cast<uint16_t>(edo.d_packetsize >= 512 ? edo.d_packetsize : 512), g_udpTruncationThreshold);
}
dc->d_ednsOpts = edo.d_options;
haveEDNS=true;

@@ -751,9 +755,8 @@ void startDoResolve(void *p)
bool DNSSECOK=false;
if(t_pdl) {
sr.setLuaEngine(*t_pdl);
sr.d_requestor=dc->d_remote;
}
sr.d_requestor=dc->d_remote; // ECS needs this too
if(g_dnssecmode != DNSSECMode::Off) {
sr.d_doDNSSEC=true;

@@ -773,6 +776,7 @@ void startDoResolve(void *p)
sr.d_incomingECSFound = dc->d_ecsFound;
if (dc->d_ecsFound) {
sr.d_incomingECS = dc->d_ednssubnet;
sr.d_incomingECSNetwork = sr.d_incomingECS ? sr.d_incomingECS->source.getMaskedNetwork() : ComboAddress();
}
}

@@ -1086,7 +1090,7 @@ void startDoResolve(void *p)
if(i->d_type != QType::OPT) // their TTL ain't real
minTTL = min(minTTL, i->d_ttl);
i->d_content->toPacket(pw);
if(pw.size() > maxanswersize) {
if(pw.size() > static_cast<size_t>(maxanswersize)) {
pw.rollback();
if(i->d_place==DNSResourceRecord::ANSWER) // only truncate if we actually omitted parts of the answer
{
@@ -3080,7 +3084,7 @@ int main(int argc, char **argv)
::arg().set("ecs-ipv4-bits", "Number of bits of IPv4 address to pass for EDNS Client Subnet")="24";
::arg().set("ecs-ipv6-bits", "Number of bits of IPv6 address to pass for EDNS Client Subnet")="56";
::arg().set("edns-subnet-whitelist", "List of netmasks and domains that we should enable EDNS subnet for")="";
::arg().setSwitch( "use-incoming-edns-subnet", "Pass along received EDNS Client Subnet information")="";
::arg().setSwitch( "use-incoming-edns-subnet", "Pass along received EDNS Client Subnet information")="no";
::arg().setSwitch( "pdns-distributes-queries", "If PowerDNS itself should distribute queries over threads")="";
::arg().setSwitch( "root-nx-trust", "If set, believe that an NXDOMAIN from the root means the TLD does not exist")="yes";
::arg().setSwitch( "any-to-tcp","Answer ANY queries with tc=1, shunting to TCP" )="no";


+ 87
- 2
pubsuffix.cc View File

@@ -280,6 +280,7 @@ const char* g_pubsuffix[]={
"art.br",
"ato.br",
"b.br",
"belem.br",
"bio.br",
"blog.br",
"bmd.br",
@@ -288,6 +289,8 @@ const char* g_pubsuffix[]={
"cnt.br",
"com.br",
"coop.br",
"cri.br",
"def.br",
"ecn.br",
"eco.br",
"edu.br",
@@ -298,6 +301,7 @@ const char* g_pubsuffix[]={
"eti.br",
"far.br",
"flog.br",
"floripa.br",
"fm.br",
"fnd.br",
"fot.br",
@@ -305,9 +309,37 @@ const char* g_pubsuffix[]={
"g12.br",
"ggf.br",
"gov.br",
"ac.gov.br",
"al.gov.br",
"am.gov.br",
"ap.gov.br",
"ba.gov.br",
"ce.gov.br",
"df.gov.br",
"es.gov.br",
"go.gov.br",
"ma.gov.br",
"mg.gov.br",
"ms.gov.br",
"mt.gov.br",
"pa.gov.br",
"pb.gov.br",
"pe.gov.br",
"pi.gov.br",
"pr.gov.br",
"rj.gov.br",
"rn.gov.br",
"ro.gov.br",
"rr.gov.br",
"rs.gov.br",
"sc.gov.br",
"se.gov.br",
"sp.gov.br",
"to.gov.br",
"imb.br",
"ind.br",
"inf.br",
"jampa.br",
"jor.br",
"jus.br",
"leg.br",
@@ -322,6 +354,7 @@ const char* g_pubsuffix[]={
"ntr.br",
"odo.br",
"org.br",
"poa.br",
"ppg.br",
"pro.br",
"psc.br",
@@ -329,6 +362,7 @@ const char* g_pubsuffix[]={
"qsl.br",
"radio.br",
"rec.br",
"recife.br",
"slg.br",
"srv.br",
"taxi.br",
@@ -338,6 +372,7 @@ const char* g_pubsuffix[]={
"tur.br",
"tv.br",
"vet.br",
"vix.br",
"vlog.br",
"wiki.br",
"zlg.br",
@@ -5427,6 +5462,11 @@ const char* g_pubsuffix[]={
"xenapponazure.com",
"virtueeldomein.nl",
"c66.me",
"jdevcloud.com",
"wpdevcloud.com",
"cloudaccess.host",
"freesite.host",
"cloudaccess.net",
"cloudcontrolled.com",
"cloudcontrolapp.com",
"co.ca",
@@ -5471,6 +5511,7 @@ const char* g_pubsuffix[]={
"store.dk",
"dedyn.io",
"dnshome.de",
"drayddns.com",
"dreamhosters.com",
"mydrobo.com",
"drud.io",
@@ -5770,6 +5811,7 @@ const char* g_pubsuffix[]={
"definima.io",
"dynv6.net",
"e4.cz",
"mytuleap.com",
"enonic.io",
"customer.enonic.io",
"eu.org",
@@ -5925,8 +5967,10 @@ const char* g_pubsuffix[]={
"fedorainfracloud.org",
"fedorapeople.org",
"cloud.fedoraproject.org",
"filegear.me",
"firebaseapp.com",
"flynnhub.com",
"flynnhosting.net",
"freebox-os.com",
"freeboxos.com",
"fbx-os.fr",
@@ -5939,8 +5983,6 @@ const char* g_pubsuffix[]={
"service.gov.uk",
"github.io",
"githubusercontent.com",
"githubcloud.com",
"gist.githubcloud.com",
"gitlab.io",
"homeoffice.gov.uk",
"ro.im",
@@ -6039,6 +6081,7 @@ const char* g_pubsuffix[]={
"iki.fi",
"biz.at",
"info.at",
"info.cx",
"ac.leg.br",
"al.leg.br",
"am.leg.br",
@@ -6072,7 +6115,20 @@ const char* g_pubsuffix[]={
"knightpoint.systems",
"co.krd",
"edu.krd",
"git-repos.de",
"lcube-server.de",
"svn-repos.de",
"barsy.bg",
"barsyonline.com",
"barsy.de",
"barsy.eu",
"barsy.in",
"barsy.net",
"barsy.online",
"barsy.support",
"hb.cldmail.ru",
"cloud.metacentrum.cz",
"custom.metacentrum.cz",
"meteorapp.com",
"eu.meteorapp.com",
"co.pl",
@@ -6170,6 +6226,8 @@ const char* g_pubsuffix[]={
"sytes.net",
"webhop.me",
"zapto.org",
"nodum.co",
"nodum.io",
"nyc.mn",
"cya.gg",
"nid.io",
@@ -6260,8 +6318,31 @@ const char* g_pubsuffix[]={
"gdynia.pl",
"med.pl",
"sopot.pl",
"cust.dev.thingdust.io",
"cust.disrec.thingdust.io",
"cust.prod.thingdust.io",
"cust.testing.thingdust.io",
"bloxcms.com",
"townnews-staging.com",
"12hp.at",
"2ix.at",
"4lima.at",
"lima-city.at",
"12hp.ch",
"2ix.ch",
"4lima.ch",
"lima-city.ch",
"trafficplex.cloud",
"de.cool",
"12hp.de",
"2ix.de",
"4lima.de",