You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
 
 
 
 
 
 

1976 lines
59 KiB

  1. #ifdef HAVE_CONFIG_H
  2. #include "config.h"
  3. #endif
  4. #include "utility.hh"
  5. #include "rec_channel.hh"
  6. #include <boost/bind.hpp>
  7. #include <vector>
  8. #ifdef MALLOC_TRACE
  9. #include "malloctrace.hh"
  10. #endif
  11. #include "misc.hh"
  12. #include "recursor_cache.hh"
  13. #include "syncres.hh"
  14. #include "negcache.hh"
  15. #include <boost/function.hpp>
  16. #include <boost/optional.hpp>
  17. #include <boost/tuple/tuple.hpp>
  18. #include <boost/format.hpp>
  19. #include <boost/algorithm/string.hpp>
  20. #include "version.hh"
  21. #include <sys/types.h>
  22. #include <sys/stat.h>
  23. #include <fcntl.h>
  24. #include "logger.hh"
  25. #include "dnsparser.hh"
  26. #include "arguments.hh"
  27. #include <sys/resource.h>
  28. #include <sys/time.h>
  29. #include "lock.hh"
  30. #include "responsestats.hh"
  31. #include "rec-lua-conf.hh"
  32. #include "validate-recursor.hh"
  33. #include "filterpo.hh"
  34. #include "secpoll-recursor.hh"
  35. #include "pubsuffix.hh"
  36. #include "namespaces.hh"
  37. std::mutex g_carbon_config_lock;
  38. static map<string, const uint32_t*> d_get32bitpointers;
  39. static map<string, const std::atomic<uint64_t>*> d_getatomics;
  40. static map<string, function< uint64_t() > > d_get64bitmembers;
  41. static std::mutex d_dynmetricslock;
  42. struct dynmetrics {
  43. std::atomic<unsigned long> *d_ptr;
  44. std::string d_prometheusName;
  45. };
  46. static map<string, dynmetrics> d_dynmetrics;
  47. static std::map<StatComponent, std::set<std::string>> s_blacklistedStats;
  48. bool isStatBlacklisted(StatComponent component, const string& name)
  49. {
  50. return s_blacklistedStats[component].count(name) != 0;
  51. }
  52. void blacklistStat(StatComponent component, const string& name)
  53. {
  54. s_blacklistedStats[component].insert(name);
  55. }
  56. void blacklistStats(StatComponent component, const string& stats)
  57. {
  58. std::vector<std::string> blacklistedStats;
  59. stringtok(blacklistedStats, stats, ", ");
  60. auto& map = s_blacklistedStats[component];
  61. for (const auto &st : blacklistedStats) {
  62. map.insert(st);
  63. }
  64. }
  65. static void addGetStat(const string& name, const uint32_t* place)
  66. {
  67. d_get32bitpointers[name]=place;
  68. }
  69. static void addGetStat(const string& name, const std::atomic<uint64_t>* place)
  70. {
  71. d_getatomics[name]=place;
  72. }
  73. static void addGetStat(const string& name, function<uint64_t ()> f )
  74. {
  75. d_get64bitmembers[name]=f;
  76. }
  77. static std::string getPrometheusName(const std::string& arg)
  78. {
  79. std::string name = arg;
  80. std::replace_if(name.begin(), name.end(), [](char c){
  81. return !isalnum(static_cast<unsigned char>(c));}, '_');
  82. return "pdns_recursor_" + name;
  83. }
  84. std::atomic<unsigned long>* getDynMetric(const std::string& str, const std::string& prometheusName)
  85. {
  86. std::lock_guard<std::mutex> l(d_dynmetricslock);
  87. auto f = d_dynmetrics.find(str);
  88. if(f != d_dynmetrics.end())
  89. return f->second.d_ptr;
  90. std::string name(str);
  91. if (!prometheusName.empty()) {
  92. name = prometheusName;
  93. } else {
  94. name = getPrometheusName(name);
  95. }
  96. auto ret = dynmetrics{new std::atomic<unsigned long>(), name};
  97. d_dynmetrics[str]= ret;
  98. return ret.d_ptr;
  99. }
  100. static optional<uint64_t> get(const string& name)
  101. {
  102. optional<uint64_t> ret;
  103. if(d_get32bitpointers.count(name))
  104. return *d_get32bitpointers.find(name)->second;
  105. if(d_getatomics.count(name))
  106. return d_getatomics.find(name)->second->load();
  107. if(d_get64bitmembers.count(name))
  108. return d_get64bitmembers.find(name)->second();
  109. std::lock_guard<std::mutex> l(d_dynmetricslock);
  110. auto f = rplookup(d_dynmetrics, name);
  111. if (f)
  112. return f->d_ptr->load();
  113. return ret;
  114. }
  115. optional<uint64_t> getStatByName(const std::string& name)
  116. {
  117. return get(name);
  118. }
  119. StatsMap getAllStatsMap(StatComponent component)
  120. {
  121. StatsMap ret;
  122. const auto& blacklistMap = s_blacklistedStats.at(component);
  123. for(const auto& the32bits : d_get32bitpointers) {
  124. if (blacklistMap.count(the32bits.first) == 0) {
  125. ret.insert(make_pair(the32bits.first, StatsMapEntry{getPrometheusName(the32bits.first), std::to_string(*the32bits.second)}));
  126. }
  127. }
  128. for(const auto& atomic : d_getatomics) {
  129. if (blacklistMap.count(atomic.first) == 0) {
  130. ret.insert(make_pair(atomic.first, StatsMapEntry{getPrometheusName(atomic.first), std::to_string(atomic.second->load())}));
  131. }
  132. }
  133. for(const auto& the64bitmembers : d_get64bitmembers) {
  134. if (blacklistMap.count(the64bitmembers.first) == 0) {
  135. ret.insert(make_pair(the64bitmembers.first, StatsMapEntry{getPrometheusName(the64bitmembers.first), std::to_string(the64bitmembers.second())}));
  136. }
  137. }
  138. {
  139. std::lock_guard<std::mutex> l(d_dynmetricslock);
  140. for(const auto& a : d_dynmetrics) {
  141. if (blacklistMap.count(a.first) == 0) {
  142. ret.insert(make_pair(a.first, StatsMapEntry{a.second.d_prometheusName, std::to_string(*a.second.d_ptr)}));
  143. }
  144. }
  145. }
  146. return ret;
  147. }
  148. static string getAllStats()
  149. {
  150. auto varmap = getAllStatsMap(StatComponent::RecControl);
  151. string ret;
  152. for (const auto& tup : varmap) {
  153. ret += tup.first + "\t" + tup.second.d_value + "\n";
  154. }
  155. return ret;
  156. }
  157. template<typename T>
  158. static string doGet(T begin, T end)
  159. {
  160. string ret;
  161. for(T i=begin; i != end; ++i) {
  162. optional<uint64_t> num=get(*i);
  163. if(num)
  164. ret+=std::to_string(*num)+"\n";
  165. else
  166. ret+="UNKNOWN\n";
  167. }
  168. return ret;
  169. }
  170. template<typename T>
  171. string static doGetParameter(T begin, T end)
  172. {
  173. string ret;
  174. string parm;
  175. using boost::replace_all;
  176. for(T i=begin; i != end; ++i) {
  177. if(::arg().parmIsset(*i)) {
  178. parm=::arg()[*i];
  179. replace_all(parm, "\\", "\\\\");
  180. replace_all(parm, "\"", "\\\"");
  181. replace_all(parm, "\n", "\\n");
  182. ret += *i +"=\""+ parm +"\"\n";
  183. }
  184. else
  185. ret += *i +" not known\n";
  186. }
  187. return ret;
  188. }
  189. static uint64_t dumpNegCache(NegCache& negcache, int fd)
  190. {
  191. auto fp = std::unique_ptr<FILE, int(*)(FILE*)>(fdopen(dup(fd), "w"), fclose);
  192. if(!fp) { // dup probably failed
  193. return 0;
  194. }
  195. uint64_t ret;
  196. fprintf(fp.get(), "; negcache dump from thread follows\n;\n");
  197. ret = negcache.dumpToFile(fp.get());
  198. return ret;
  199. }
  200. static uint64_t* pleaseDump(int fd)
  201. {
  202. return new uint64_t(dumpNegCache(SyncRes::t_sstorage.negcache, fd) + t_packetCache->doDump(fd));
  203. }
  204. static uint64_t* pleaseDumpEDNSMap(int fd)
  205. {
  206. return new uint64_t(SyncRes::doEDNSDump(fd));
  207. }
  208. static uint64_t* pleaseDumpNSSpeeds(int fd)
  209. {
  210. return new uint64_t(SyncRes::doDumpNSSpeeds(fd));
  211. }
  212. static uint64_t* pleaseDumpThrottleMap(int fd)
  213. {
  214. return new uint64_t(SyncRes::doDumpThrottleMap(fd));
  215. }
  216. static uint64_t* pleaseDumpFailedServers(int fd)
  217. {
  218. return new uint64_t(SyncRes::doDumpFailedServers(fd));
  219. }
  220. template<typename T>
  221. static string doDumpNSSpeeds(T begin, T end)
  222. {
  223. T i=begin;
  224. string fname;
  225. if(i!=end)
  226. fname=*i;
  227. int fd=open(fname.c_str(), O_CREAT | O_EXCL | O_WRONLY, 0660);
  228. if(fd < 0)
  229. return "Error opening dump file for writing: "+stringerror()+"\n";
  230. uint64_t total = 0;
  231. try {
  232. total = broadcastAccFunction<uint64_t>([=]{ return pleaseDumpNSSpeeds(fd); });
  233. }
  234. catch(std::exception& e)
  235. {
  236. close(fd);
  237. return "error dumping NS speeds: "+string(e.what())+"\n";
  238. }
  239. catch(PDNSException& e)
  240. {
  241. close(fd);
  242. return "error dumping NS speeds: "+e.reason+"\n";
  243. }
  244. close(fd);
  245. return "dumped "+std::to_string(total)+" records\n";
  246. }
  247. template<typename T>
  248. static string doDumpCache(T begin, T end)
  249. {
  250. T i=begin;
  251. string fname;
  252. if(i!=end)
  253. fname=*i;
  254. int fd=open(fname.c_str(), O_CREAT | O_EXCL | O_WRONLY, 0660);
  255. if(fd < 0)
  256. return "Error opening dump file for writing: "+stringerror()+"\n";
  257. uint64_t total = 0;
  258. try {
  259. total = s_RC->doDump(fd) + broadcastAccFunction<uint64_t>([=]{ return pleaseDump(fd); });
  260. }
  261. catch(...){}
  262. close(fd);
  263. return "dumped "+std::to_string(total)+" records\n";
  264. }
  265. template<typename T>
  266. static string doDumpEDNSStatus(T begin, T end)
  267. {
  268. T i=begin;
  269. string fname;
  270. if(i!=end)
  271. fname=*i;
  272. int fd=open(fname.c_str(), O_CREAT | O_EXCL | O_WRONLY, 0660);
  273. if(fd < 0)
  274. return "Error opening dump file for writing: "+stringerror()+"\n";
  275. uint64_t total = 0;
  276. try {
  277. total = broadcastAccFunction<uint64_t>([=]{ return pleaseDumpEDNSMap(fd); });
  278. }
  279. catch(...){}
  280. close(fd);
  281. return "dumped "+std::to_string(total)+" records\n";
  282. }
  283. template<typename T>
  284. static string doDumpRPZ(T begin, T end)
  285. {
  286. T i=begin;
  287. if (i == end) {
  288. return "No zone name specified\n";
  289. }
  290. string zoneName = *i;
  291. i++;
  292. if (i == end) {
  293. return "No file name specified\n";
  294. }
  295. string fname = *i;
  296. auto luaconf = g_luaconfs.getLocal();
  297. const auto zone = luaconf->dfe.getZone(zoneName);
  298. if (!zone) {
  299. return "No RPZ zone named "+zoneName+"\n";
  300. }
  301. int fd = open(fname.c_str(), O_CREAT | O_EXCL | O_WRONLY, 0660);
  302. if(fd < 0) {
  303. return "Error opening dump file for writing: "+stringerror()+"\n";
  304. }
  305. auto fp = std::unique_ptr<FILE, int(*)(FILE*)>(fdopen(fd, "w"), fclose);
  306. if (!fp) {
  307. close(fd);
  308. return "Error converting file descriptor: "+stringerror()+"\n";
  309. }
  310. zone->dump(fp.get());
  311. return "done\n";
  312. }
  313. template<typename T>
  314. static string doDumpThrottleMap(T begin, T end)
  315. {
  316. T i=begin;
  317. string fname;
  318. if(i!=end)
  319. fname=*i;
  320. int fd=open(fname.c_str(), O_CREAT | O_EXCL | O_WRONLY, 0660);
  321. if(fd < 0)
  322. return "Error opening dump file for writing: "+stringerror()+"\n";
  323. uint64_t total = 0;
  324. try {
  325. total = broadcastAccFunction<uint64_t>([=]{ return pleaseDumpThrottleMap(fd); });
  326. }
  327. catch(...){}
  328. close(fd);
  329. return "dumped "+std::to_string(total)+" records\n";
  330. }
  331. template<typename T>
  332. static string doDumpFailedServers(T begin, T end)
  333. {
  334. T i=begin;
  335. string fname;
  336. if(i!=end)
  337. fname=*i;
  338. int fd=open(fname.c_str(), O_CREAT | O_EXCL | O_WRONLY, 0660);
  339. if(fd < 0)
  340. return "Error opening dump file for writing: "+stringerror()+"\n";
  341. uint64_t total = 0;
  342. try {
  343. total = broadcastAccFunction<uint64_t>([=]{ return pleaseDumpFailedServers(fd); });
  344. }
  345. catch(...){}
  346. close(fd);
  347. return "dumped "+std::to_string(total)+" records\n";
  348. }
  349. uint64_t* pleaseWipePacketCache(const DNSName& canon, bool subtree, uint16_t qtype)
  350. {
  351. return new uint64_t(t_packetCache->doWipePacketCache(canon, qtype, subtree));
  352. }
  353. uint64_t* pleaseWipeAndCountNegCache(const DNSName& canon, bool subtree)
  354. {
  355. uint64_t ret = SyncRes::wipeNegCache(canon, subtree);
  356. return new uint64_t(ret);
  357. }
  358. template<typename T>
  359. static string doWipeCache(T begin, T end, uint16_t qtype)
  360. {
  361. vector<pair<DNSName, bool> > toWipe;
  362. for(T i=begin; i != end; ++i) {
  363. DNSName canon;
  364. bool subtree=false;
  365. try {
  366. if(boost::ends_with(*i, "$")) {
  367. canon=DNSName(i->substr(0, i->size()-1));
  368. subtree=true;
  369. } else {
  370. canon=DNSName(*i);
  371. }
  372. } catch (std::exception &e) {
  373. return "Error: " + std::string(e.what()) + ", nothing wiped\n";
  374. }
  375. toWipe.push_back({canon, subtree});
  376. }
  377. int count=0, pcount=0, countNeg=0;
  378. for (auto wipe : toWipe) {
  379. try {
  380. count+= s_RC->doWipeCache(wipe.first, wipe.second, qtype);
  381. pcount+= broadcastAccFunction<uint64_t>([=]{ return pleaseWipePacketCache(wipe.first, wipe.second, qtype);});
  382. countNeg+=broadcastAccFunction<uint64_t>([=]{ return pleaseWipeAndCountNegCache(wipe.first, wipe.second);});
  383. }
  384. catch (const std::exception& e) {
  385. g_log<<Logger::Warning<<", failed: "<<e.what()<<endl;
  386. }
  387. }
  388. return "wiped "+std::to_string(count)+" records, "+std::to_string(countNeg)+" negative records, "+std::to_string(pcount)+" packets\n";
  389. }
  390. template<typename T>
  391. static string doSetCarbonServer(T begin, T end)
  392. {
  393. std::lock_guard<std::mutex> l(g_carbon_config_lock);
  394. if(begin==end) {
  395. ::arg().set("carbon-server").clear();
  396. return "cleared carbon-server setting\n";
  397. }
  398. string ret;
  399. ::arg().set("carbon-server")=*begin;
  400. ret="set carbon-server to '"+::arg()["carbon-server"]+"'\n";
  401. ++begin;
  402. if(begin != end) {
  403. ::arg().set("carbon-ourname")=*begin;
  404. ret+="set carbon-ourname to '"+*begin+"'\n";
  405. } else {
  406. return ret;
  407. }
  408. ++begin;
  409. if(begin != end) {
  410. ::arg().set("carbon-namespace")=*begin;
  411. ret+="set carbon-namespace to '"+*begin+"'\n";
  412. } else {
  413. return ret;
  414. }
  415. ++begin;
  416. if(begin != end) {
  417. ::arg().set("carbon-instance")=*begin;
  418. ret+="set carbon-instance to '"+*begin+"'\n";
  419. }
  420. return ret;
  421. }
  422. template<typename T>
  423. static string doSetDnssecLogBogus(T begin, T end)
  424. {
  425. if(checkDNSSECDisabled())
  426. return "DNSSEC is disabled in the configuration, not changing the Bogus logging setting\n";
  427. if (begin == end)
  428. return "No DNSSEC Bogus logging setting specified\n";
  429. if (pdns_iequals(*begin, "on") || pdns_iequals(*begin, "yes")) {
  430. if (!g_dnssecLogBogus) {
  431. g_log<<Logger::Warning<<"Enabling DNSSEC Bogus logging, requested via control channel"<<endl;
  432. g_dnssecLogBogus = true;
  433. return "DNSSEC Bogus logging enabled\n";
  434. }
  435. return "DNSSEC Bogus logging was already enabled\n";
  436. }
  437. if (pdns_iequals(*begin, "off") || pdns_iequals(*begin, "no")) {
  438. if (g_dnssecLogBogus) {
  439. g_log<<Logger::Warning<<"Disabling DNSSEC Bogus logging, requested via control channel"<<endl;
  440. g_dnssecLogBogus = false;
  441. return "DNSSEC Bogus logging disabled\n";
  442. }
  443. return "DNSSEC Bogus logging was already disabled\n";
  444. }
  445. return "Unknown DNSSEC Bogus setting: '" + *begin +"'\n";
  446. }
  447. template<typename T>
  448. static string doAddNTA(T begin, T end)
  449. {
  450. if(checkDNSSECDisabled())
  451. return "DNSSEC is disabled in the configuration, not adding a Negative Trust Anchor\n";
  452. if(begin == end)
  453. return "No NTA specified, doing nothing\n";
  454. DNSName who;
  455. try {
  456. who = DNSName(*begin);
  457. }
  458. catch(std::exception &e) {
  459. string ret("Can't add Negative Trust Anchor: ");
  460. ret += e.what();
  461. ret += "\n";
  462. return ret;
  463. }
  464. begin++;
  465. string why("");
  466. while (begin != end) {
  467. why += *begin;
  468. begin++;
  469. if (begin != end)
  470. why += " ";
  471. }
  472. g_log<<Logger::Warning<<"Adding Negative Trust Anchor for "<<who<<" with reason '"<<why<<"', requested via control channel"<<endl;
  473. g_luaconfs.modify([who, why](LuaConfigItems& lci) {
  474. lci.negAnchors[who] = why;
  475. });
  476. try {
  477. s_RC->doWipeCache(who, true, 0xffff);
  478. broadcastAccFunction<uint64_t>([=]{return pleaseWipePacketCache(who, true, 0xffff);});
  479. broadcastAccFunction<uint64_t>([=]{return pleaseWipeAndCountNegCache(who, true);});
  480. }
  481. catch (std::exception& e) {
  482. g_log<<Logger::Warning<<", failed: "<<e.what()<<endl;
  483. return "Unable to clear caches while adding Negative Trust Anchor for " + who.toStringRootDot() + ": " + e.what() + "\n";
  484. }
  485. return "Added Negative Trust Anchor for " + who.toLogString() + " with reason '" + why + "'\n";
  486. }
  487. template<typename T>
  488. static string doClearNTA(T begin, T end)
  489. {
  490. if(checkDNSSECDisabled())
  491. return "DNSSEC is disabled in the configuration, not removing a Negative Trust Anchor\n";
  492. if(begin == end)
  493. return "No Negative Trust Anchor specified, doing nothing.\n";
  494. if (begin + 1 == end && *begin == "*"){
  495. g_log<<Logger::Warning<<"Clearing all Negative Trust Anchors, requested via control channel"<<endl;
  496. g_luaconfs.modify([](LuaConfigItems& lci) {
  497. lci.negAnchors.clear();
  498. });
  499. return "Cleared all Negative Trust Anchors.\n";
  500. }
  501. vector<DNSName> toRemove;
  502. DNSName who;
  503. while (begin != end) {
  504. if (*begin == "*")
  505. return "Don't mix all Negative Trust Anchor removal with multiple Negative Trust Anchor removal. Nothing removed\n";
  506. try {
  507. who = DNSName(*begin);
  508. }
  509. catch(std::exception &e) {
  510. string ret("Error: ");
  511. ret += e.what();
  512. ret += ". No Negative Anchors removed\n";
  513. return ret;
  514. }
  515. toRemove.push_back(who);
  516. begin++;
  517. }
  518. string removed("");
  519. bool first(true);
  520. try {
  521. for (auto const &entry : toRemove) {
  522. g_log<<Logger::Warning<<"Clearing Negative Trust Anchor for "<<entry<<", requested via control channel"<<endl;
  523. g_luaconfs.modify([entry](LuaConfigItems& lci) {
  524. lci.negAnchors.erase(entry);
  525. });
  526. s_RC->doWipeCache(entry, true, 0xffff);
  527. broadcastAccFunction<uint64_t>([=]{return pleaseWipePacketCache(entry, true, 0xffff);});
  528. broadcastAccFunction<uint64_t>([=]{return pleaseWipeAndCountNegCache(entry, true);});
  529. if (!first) {
  530. first = false;
  531. removed += ",";
  532. }
  533. removed += " " + entry.toStringRootDot();
  534. }
  535. }
  536. catch(std::exception &e) {
  537. g_log<<Logger::Warning<<", failed: "<<e.what()<<endl;
  538. return "Unable to clear caches while clearing Negative Trust Anchor for " + who.toStringRootDot() + ": " + e.what() + "\n";
  539. }
  540. return "Removed Negative Trust Anchors for " + removed + "\n";
  541. }
  542. static string getNTAs()
  543. {
  544. if(checkDNSSECDisabled())
  545. return "DNSSEC is disabled in the configuration\n";
  546. string ret("Configured Negative Trust Anchors:\n");
  547. auto luaconf = g_luaconfs.getLocal();
  548. for (auto negAnchor : luaconf->negAnchors)
  549. ret += negAnchor.first.toLogString() + "\t" + negAnchor.second + "\n";
  550. return ret;
  551. }
  552. template<typename T>
  553. static string doAddTA(T begin, T end)
  554. {
  555. if(checkDNSSECDisabled())
  556. return "DNSSEC is disabled in the configuration, not adding a Trust Anchor\n";
  557. if(begin == end)
  558. return "No TA specified, doing nothing\n";
  559. DNSName who;
  560. try {
  561. who = DNSName(*begin);
  562. }
  563. catch(std::exception &e) {
  564. string ret("Can't add Trust Anchor: ");
  565. ret += e.what();
  566. ret += "\n";
  567. return ret;
  568. }
  569. begin++;
  570. string what("");
  571. while (begin != end) {
  572. what += *begin + " ";
  573. begin++;
  574. }
  575. try {
  576. g_log<<Logger::Warning<<"Adding Trust Anchor for "<<who<<" with data '"<<what<<"', requested via control channel";
  577. g_luaconfs.modify([who, what](LuaConfigItems& lci) {
  578. auto ds=std::dynamic_pointer_cast<DSRecordContent>(DSRecordContent::make(what));
  579. lci.dsAnchors[who].insert(*ds);
  580. });
  581. s_RC->doWipeCache(who, true, 0xffff);
  582. broadcastAccFunction<uint64_t>([=]{return pleaseWipePacketCache(who, true, 0xffff);});
  583. broadcastAccFunction<uint64_t>([=]{return pleaseWipeAndCountNegCache(who, true);});
  584. g_log<<Logger::Warning<<endl;
  585. return "Added Trust Anchor for " + who.toStringRootDot() + " with data " + what + "\n";
  586. }
  587. catch(std::exception &e) {
  588. g_log<<Logger::Warning<<", failed: "<<e.what()<<endl;
  589. return "Unable to add Trust Anchor for " + who.toStringRootDot() + ": " + e.what() + "\n";
  590. }
  591. }
  592. template<typename T>
  593. static string doClearTA(T begin, T end)
  594. {
  595. if(checkDNSSECDisabled())
  596. return "DNSSEC is disabled in the configuration, not removing a Trust Anchor\n";
  597. if(begin == end)
  598. return "No Trust Anchor to clear\n";
  599. vector<DNSName> toRemove;
  600. DNSName who;
  601. while (begin != end) {
  602. try {
  603. who = DNSName(*begin);
  604. }
  605. catch(std::exception &e) {
  606. string ret("Error: ");
  607. ret += e.what();
  608. ret += ". No Anchors removed\n";
  609. return ret;
  610. }
  611. if (who.isRoot())
  612. return "Refusing to remove root Trust Anchor, no Anchors removed\n";
  613. toRemove.push_back(who);
  614. begin++;
  615. }
  616. string removed("");
  617. bool first(true);
  618. try {
  619. for (auto const &entry : toRemove) {
  620. g_log<<Logger::Warning<<"Removing Trust Anchor for "<<entry<<", requested via control channel"<<endl;
  621. g_luaconfs.modify([entry](LuaConfigItems& lci) {
  622. lci.dsAnchors.erase(entry);
  623. });
  624. s_RC->doWipeCache(entry, true, 0xffff);
  625. broadcastAccFunction<uint64_t>([=]{return pleaseWipePacketCache(entry, true, 0xffff);});
  626. broadcastAccFunction<uint64_t>([=]{return pleaseWipeAndCountNegCache(entry, true);});
  627. if (!first) {
  628. first = false;
  629. removed += ",";
  630. }
  631. removed += " " + entry.toStringRootDot();
  632. }
  633. }
  634. catch (std::exception& e) {
  635. g_log<<Logger::Warning<<", failed: "<<e.what()<<endl;
  636. return "Unable to clear caches while clearing Trust Anchor for " + who.toStringRootDot() + ": " + e.what() + "\n";
  637. }
  638. return "Removed Trust Anchor(s) for" + removed + "\n";
  639. }
  640. static string getTAs()
  641. {
  642. if(checkDNSSECDisabled())
  643. return "DNSSEC is disabled in the configuration\n";
  644. string ret("Configured Trust Anchors:\n");
  645. auto luaconf = g_luaconfs.getLocal();
  646. for (auto anchor : luaconf->dsAnchors) {
  647. ret += anchor.first.toLogString() + "\n";
  648. for (auto e : anchor.second) {
  649. ret+="\t\t"+e.getZoneRepresentation() + "\n";
  650. }
  651. }
  652. return ret;
  653. }
  654. template<typename T>
  655. static string setMinimumTTL(T begin, T end)
  656. {
  657. if(end-begin != 1)
  658. return "Need to supply new minimum TTL number\n";
  659. try {
  660. SyncRes::s_minimumTTL = pdns_stou(*begin);
  661. return "New minimum TTL: " + std::to_string(SyncRes::s_minimumTTL) + "\n";
  662. }
  663. catch (const std::exception& e) {
  664. return "Error parsing the new minimum TTL number: " + std::string(e.what()) + "\n";
  665. }
  666. }
  667. template<typename T>
  668. static string setMinimumECSTTL(T begin, T end)
  669. {
  670. if(end-begin != 1)
  671. return "Need to supply new ECS minimum TTL number\n";
  672. try {
  673. SyncRes::s_minimumECSTTL = pdns_stou(*begin);
  674. return "New minimum ECS TTL: " + std::to_string(SyncRes::s_minimumECSTTL) + "\n";
  675. }
  676. catch (const std::exception& e) {
  677. return "Error parsing the new ECS minimum TTL number: " + std::string(e.what()) + "\n";
  678. }
  679. }
  680. template<typename T>
  681. static string setMaxCacheEntries(T begin, T end)
  682. {
  683. if(end-begin != 1)
  684. return "Need to supply new cache size\n";
  685. try {
  686. g_maxCacheEntries = pdns_stou(*begin);
  687. return "New max cache entries: " + std::to_string(g_maxCacheEntries) + "\n";
  688. }
  689. catch (const std::exception& e) {
  690. return "Error parsing the new cache size: " + std::string(e.what()) + "\n";
  691. }
  692. }
  693. template<typename T>
  694. static string setMaxPacketCacheEntries(T begin, T end)
  695. {
  696. if(end-begin != 1)
  697. return "Need to supply new packet cache size\n";
  698. try {
  699. g_maxPacketCacheEntries = pdns_stou(*begin);
  700. return "New max packetcache entries: " + std::to_string(g_maxPacketCacheEntries) + "\n";
  701. }
  702. catch (const std::exception& e) {
  703. return "Error parsing the new packet cache size: " + std::string(e.what()) + "\n";
  704. }
  705. }
  706. static uint64_t getSysTimeMsec()
  707. {
  708. struct rusage ru;
  709. getrusage(RUSAGE_SELF, &ru);
  710. return (ru.ru_stime.tv_sec*1000ULL + ru.ru_stime.tv_usec/1000);
  711. }
  712. static uint64_t getUserTimeMsec()
  713. {
  714. struct rusage ru;
  715. getrusage(RUSAGE_SELF, &ru);
  716. return (ru.ru_utime.tv_sec*1000ULL + ru.ru_utime.tv_usec/1000);
  717. }
  718. /* This is a pretty weird set of functions. To get per-thread cpu usage numbers,
  719. we have to ask a thread over a pipe. We could do so surgically, so if you want to know about
  720. thread 3, we pick pipe 3, but we lack that infrastructure.
  721. We can however ask "execute this function on all threads and add up the results".
  722. This is what the first function does using a custom object ThreadTimes, which if you add
  723. to each other keeps filling the first one with CPU usage numbers
  724. */
  725. static ThreadTimes* pleaseGetThreadCPUMsec()
  726. {
  727. uint64_t ret=0;
  728. #ifdef RUSAGE_THREAD
  729. struct rusage ru;
  730. getrusage(RUSAGE_THREAD, &ru);
  731. ret = (ru.ru_utime.tv_sec*1000ULL + ru.ru_utime.tv_usec/1000);
  732. ret += (ru.ru_stime.tv_sec*1000ULL + ru.ru_stime.tv_usec/1000);
  733. #endif
  734. return new ThreadTimes{ret, vector<uint64_t>()};
  735. }
  736. /* Next up, when you want msec data for a specific thread, we check
  737. if we recently executed pleaseGetThreadCPUMsec. If we didn't we do so
  738. now and consult all threads.
  739. We then answer you from the (re)fresh(ed) ThreadTimes.
  740. */
  741. static uint64_t doGetThreadCPUMsec(int n)
  742. {
  743. static std::mutex s_mut;
  744. static time_t last = 0;
  745. static ThreadTimes tt;
  746. std::lock_guard<std::mutex> l(s_mut);
  747. if(last != time(nullptr)) {
  748. tt = broadcastAccFunction<ThreadTimes>(pleaseGetThreadCPUMsec);
  749. last = time(nullptr);
  750. }
  751. return tt.times.at(n);
  752. }
  753. static uint64_t calculateUptime()
  754. {
  755. return time(nullptr) - g_stats.startupTime;
  756. }
  757. static string* pleaseGetCurrentQueries()
  758. {
  759. ostringstream ostr;
  760. struct timeval now;
  761. gettimeofday(&now, 0);
  762. ostr << getMT()->d_waiters.size() <<" currently outstanding questions\n";
  763. boost::format fmt("%1% %|40t|%2% %|47t|%3% %|63t|%4% %|68t|%5% %|78t|%6%\n");
  764. ostr << (fmt % "qname" % "qtype" % "remote" % "tcp" % "chained" % "spent(ms)");
  765. unsigned int n=0;
  766. for(const auto& mthread : getMT()->d_waiters) {
  767. const PacketID& pident = mthread.key;
  768. const double spent = g_networkTimeoutMsec - (DiffTime(now, mthread.ttd) * 1000);
  769. ostr << (fmt
  770. % pident.domain.toLogString() /* ?? */ % DNSRecordContent::NumberToType(pident.type)
  771. % pident.remote.toString() % (pident.sock ? 'Y' : 'n')
  772. % (pident.fd == -1 ? 'Y' : 'n')
  773. % (spent > 0 ? spent : '0')
  774. );
  775. ++n;
  776. if (n >= 100)
  777. break;
  778. }
  779. ostr <<" - done\n";
  780. return new string(ostr.str());
  781. }
  782. static string doCurrentQueries()
  783. {
  784. return broadcastAccFunction<string>(pleaseGetCurrentQueries);
  785. }
  786. uint64_t* pleaseGetThrottleSize()
  787. {
  788. return new uint64_t(SyncRes::getThrottledServersSize());
  789. }
  790. static uint64_t getThrottleSize()
  791. {
  792. return broadcastAccFunction<uint64_t>(pleaseGetThrottleSize);
  793. }
  794. uint64_t* pleaseGetNegCacheSize()
  795. {
  796. uint64_t tmp=(SyncRes::getNegCacheSize());
  797. return new uint64_t(tmp);
  798. }
  799. static uint64_t getNegCacheSize()
  800. {
  801. return broadcastAccFunction<uint64_t>(pleaseGetNegCacheSize);
  802. }
  803. static uint64_t* pleaseGetFailedHostsSize()
  804. {
  805. uint64_t tmp=(SyncRes::getThrottledServersSize());
  806. return new uint64_t(tmp);
  807. }
  808. static uint64_t getFailedHostsSize()
  809. {
  810. return broadcastAccFunction<uint64_t>(pleaseGetFailedHostsSize);
  811. }
  812. uint64_t* pleaseGetNsSpeedsSize()
  813. {
  814. return new uint64_t(SyncRes::getNSSpeedsSize());
  815. }
  816. static uint64_t getNsSpeedsSize()
  817. {
  818. return broadcastAccFunction<uint64_t>(pleaseGetNsSpeedsSize);
  819. }
  820. uint64_t* pleaseGetFailedServersSize()
  821. {
  822. return new uint64_t(SyncRes::getFailedServersSize());
  823. }
  824. uint64_t* pleaseGetEDNSStatusesSize()
  825. {
  826. return new uint64_t(SyncRes::getEDNSStatusesSize());
  827. }
  828. uint64_t* pleaseGetConcurrentQueries()
  829. {
  830. return new uint64_t(getMT() ? getMT()->numProcesses() : 0);
  831. }
  832. static uint64_t getConcurrentQueries()
  833. {
  834. return broadcastAccFunction<uint64_t>(pleaseGetConcurrentQueries);
  835. }
  836. static uint64_t doGetCacheSize()
  837. {
  838. return s_RC->size();
  839. }
  840. static uint64_t doGetAvgLatencyUsec()
  841. {
  842. return (uint64_t) g_stats.avgLatencyUsec;
  843. }
  844. static uint64_t doGetCacheBytes()
  845. {
  846. return s_RC->bytes();
  847. }
  848. static uint64_t doGetCacheHits()
  849. {
  850. return s_RC->cacheHits;
  851. }
  852. static uint64_t doGetCacheMisses()
  853. {
  854. return s_RC->cacheMisses;
  855. }
  856. uint64_t* pleaseGetPacketCacheSize()
  857. {
  858. return new uint64_t(t_packetCache ? t_packetCache->size() : 0);
  859. }
  860. static uint64_t* pleaseGetPacketCacheBytes()
  861. {
  862. return new uint64_t(t_packetCache ? t_packetCache->bytes() : 0);
  863. }
  864. static uint64_t doGetPacketCacheSize()
  865. {
  866. return broadcastAccFunction<uint64_t>(pleaseGetPacketCacheSize);
  867. }
  868. static uint64_t doGetPacketCacheBytes()
  869. {
  870. return broadcastAccFunction<uint64_t>(pleaseGetPacketCacheBytes);
  871. }
  872. uint64_t* pleaseGetPacketCacheHits()
  873. {
  874. return new uint64_t(t_packetCache ? t_packetCache->d_hits : 0);
  875. }
  876. static uint64_t doGetPacketCacheHits()
  877. {
  878. return broadcastAccFunction<uint64_t>(pleaseGetPacketCacheHits);
  879. }
  880. static uint64_t* pleaseGetPacketCacheMisses()
  881. {
  882. return new uint64_t(t_packetCache ? t_packetCache->d_misses : 0);
  883. }
  884. static uint64_t doGetPacketCacheMisses()
  885. {
  886. return broadcastAccFunction<uint64_t>(pleaseGetPacketCacheMisses);
  887. }
  888. static uint64_t doGetMallocated()
  889. {
  890. // this turned out to be broken
  891. /* struct mallinfo mi = mallinfo();
  892. return mi.uordblks; */
  893. return 0;
  894. }
  895. extern ResponseStats g_rs;
  896. void registerAllStats()
  897. {
  898. static std::atomic_flag s_init = ATOMIC_FLAG_INIT;
  899. if(s_init.test_and_set())
  900. return;
  901. addGetStat("questions", &g_stats.qcounter);
  902. addGetStat("ipv6-questions", &g_stats.ipv6qcounter);
  903. addGetStat("tcp-questions", &g_stats.tcpqcounter);
  904. addGetStat("cache-hits", doGetCacheHits);
  905. addGetStat("cache-misses", doGetCacheMisses);
  906. addGetStat("cache-entries", doGetCacheSize);
  907. addGetStat("max-cache-entries", []() { return g_maxCacheEntries.load(); });
  908. addGetStat("max-packetcache-entries", []() { return g_maxPacketCacheEntries.load();});
  909. addGetStat("cache-bytes", doGetCacheBytes);
  910. addGetStat("record-cache-contended", []() { return s_RC->stats().first;});
  911. addGetStat("record-cache-acquired", []() { return s_RC->stats().second;});
  912. addGetStat("packetcache-hits", doGetPacketCacheHits);
  913. addGetStat("packetcache-misses", doGetPacketCacheMisses);
  914. addGetStat("packetcache-entries", doGetPacketCacheSize);
  915. addGetStat("packetcache-bytes", doGetPacketCacheBytes);
  916. addGetStat("malloc-bytes", doGetMallocated);
  917. addGetStat("servfail-answers", &g_stats.servFails);
  918. addGetStat("nxdomain-answers", &g_stats.nxDomains);
  919. addGetStat("noerror-answers", &g_stats.noErrors);
  920. addGetStat("unauthorized-udp", &g_stats.unauthorizedUDP);
  921. addGetStat("unauthorized-tcp", &g_stats.unauthorizedTCP);
  922. addGetStat("tcp-client-overflow", &g_stats.tcpClientOverflow);
  923. addGetStat("client-parse-errors", &g_stats.clientParseError);
  924. addGetStat("server-parse-errors", &g_stats.serverParseError);
  925. addGetStat("too-old-drops", &g_stats.tooOldDrops);
  926. addGetStat("truncated-drops", &g_stats.truncatedDrops);
  927. addGetStat("query-pipe-full-drops", &g_stats.queryPipeFullDrops);
  928. addGetStat("answers0-1", &g_stats.answers0_1);
  929. addGetStat("answers1-10", &g_stats.answers1_10);
  930. addGetStat("answers10-100", &g_stats.answers10_100);
  931. addGetStat("answers100-1000", &g_stats.answers100_1000);
  932. addGetStat("answers-slow", &g_stats.answersSlow);
  933. addGetStat("x-ourtime0-1", &g_stats.ourtime0_1);
  934. addGetStat("x-ourtime1-2", &g_stats.ourtime1_2);
  935. addGetStat("x-ourtime2-4", &g_stats.ourtime2_4);
  936. addGetStat("x-ourtime4-8", &g_stats.ourtime4_8);
  937. addGetStat("x-ourtime8-16", &g_stats.ourtime8_16);
  938. addGetStat("x-ourtime16-32", &g_stats.ourtime16_32);
  939. addGetStat("x-ourtime-slow", &g_stats.ourtimeSlow);
  940. addGetStat("auth4-answers0-1", &g_stats.auth4Answers0_1);
  941. addGetStat("auth4-answers1-10", &g_stats.auth4Answers1_10);
  942. addGetStat("auth4-answers10-100", &g_stats.auth4Answers10_100);
  943. addGetStat("auth4-answers100-1000", &g_stats.auth4Answers100_1000);
  944. addGetStat("auth4-answers-slow", &g_stats.auth4AnswersSlow);
  945. addGetStat("auth6-answers0-1", &g_stats.auth6Answers0_1);
  946. addGetStat("auth6-answers1-10", &g_stats.auth6Answers1_10);
  947. addGetStat("auth6-answers10-100", &g_stats.auth6Answers10_100);
  948. addGetStat("auth6-answers100-1000", &g_stats.auth6Answers100_1000);
  949. addGetStat("auth6-answers-slow", &g_stats.auth6AnswersSlow);
  950. addGetStat("qa-latency", doGetAvgLatencyUsec);
  951. addGetStat("x-our-latency", []() { return g_stats.avgLatencyOursUsec; });
  952. addGetStat("unexpected-packets", &g_stats.unexpectedCount);
  953. addGetStat("case-mismatches", &g_stats.caseMismatchCount);
  954. addGetStat("spoof-prevents", &g_stats.spoofCount);
  955. addGetStat("nsset-invalidations", &g_stats.nsSetInvalidations);
  956. addGetStat("resource-limits", &g_stats.resourceLimits);
  957. addGetStat("over-capacity-drops", &g_stats.overCapacityDrops);
  958. addGetStat("policy-drops", &g_stats.policyDrops);
  959. addGetStat("no-packet-error", &g_stats.noPacketError);
  960. addGetStat("dlg-only-drops", &SyncRes::s_nodelegated);
  961. addGetStat("ignored-packets", &g_stats.ignoredCount);
  962. addGetStat("empty-queries", &g_stats.emptyQueriesCount);
  963. addGetStat("max-mthread-stack", &g_stats.maxMThreadStackUsage);
  964. addGetStat("negcache-entries", getNegCacheSize);
  965. addGetStat("throttle-entries", getThrottleSize);
  966. addGetStat("nsspeeds-entries", getNsSpeedsSize);
  967. addGetStat("failed-host-entries", getFailedHostsSize);
  968. addGetStat("concurrent-queries", getConcurrentQueries);
  969. addGetStat("security-status", &g_security_status);
  970. addGetStat("outgoing-timeouts", &SyncRes::s_outgoingtimeouts);
  971. addGetStat("outgoing4-timeouts", &SyncRes::s_outgoing4timeouts);
  972. addGetStat("outgoing6-timeouts", &SyncRes::s_outgoing6timeouts);
  973. addGetStat("auth-zone-queries", &SyncRes::s_authzonequeries);
  974. addGetStat("tcp-outqueries", &SyncRes::s_tcpoutqueries);
  975. addGetStat("all-outqueries", &SyncRes::s_outqueries);
  976. addGetStat("ipv6-outqueries", &g_stats.ipv6queries);
  977. addGetStat("throttled-outqueries", &SyncRes::s_throttledqueries);
  978. addGetStat("dont-outqueries", &SyncRes::s_dontqueries);
  979. addGetStat("qname-min-fallback-success", &SyncRes::s_qnameminfallbacksuccess);
  980. addGetStat("throttled-out", &SyncRes::s_throttledqueries);
  981. addGetStat("unreachables", &SyncRes::s_unreachables);
  982. addGetStat("ecs-queries", &SyncRes::s_ecsqueries);
  983. addGetStat("ecs-responses", &SyncRes::s_ecsresponses);
  984. addGetStat("chain-resends", &g_stats.chainResends);
  985. addGetStat("tcp-clients", []{return TCPConnection::getCurrentConnections();});
  986. #ifdef __linux__
  987. addGetStat("udp-recvbuf-errors", []{return udpErrorStats("udp-recvbuf-errors");});
  988. addGetStat("udp-sndbuf-errors", []{return udpErrorStats("udp-sndbuf-errors");});
  989. addGetStat("udp-noport-errors", []{return udpErrorStats("udp-noport-errors");});
  990. addGetStat("udp-in-errors", []{return udpErrorStats("udp-in-errors");});
  991. #endif
  992. addGetStat("edns-ping-matches", &g_stats.ednsPingMatches);
  993. addGetStat("edns-ping-mismatches", &g_stats.ednsPingMismatches);
  994. addGetStat("dnssec-queries", &g_stats.dnssecQueries);
  995. addGetStat("dnssec-authentic-data-queries", &g_stats.dnssecAuthenticDataQueries);
  996. addGetStat("dnssec-check-disabled-queries", &g_stats.dnssecCheckDisabledQueries);
  997. addGetStat("variable-responses", &g_stats.variableResponses);
  998. addGetStat("noping-outqueries", &g_stats.noPingOutQueries);
  999. addGetStat("noedns-outqueries", &g_stats.noEdnsOutQueries);
  1000. addGetStat("uptime", calculateUptime);
  1001. addGetStat("real-memory-usage", boost::bind(getRealMemoryUsage, string()));
  1002. addGetStat("special-memory-usage", boost::bind(getSpecialMemoryUsage, string()));
  1003. addGetStat("fd-usage", boost::bind(getOpenFileDescriptors, string()));
  1004. // addGetStat("query-rate", getQueryRate);
  1005. addGetStat("user-msec", getUserTimeMsec);
  1006. addGetStat("sys-msec", getSysTimeMsec);
  1007. #ifdef __linux__
  1008. addGetStat("cpu-iowait", boost::bind(getCPUIOWait, string()));
  1009. addGetStat("cpu-steal", boost::bind(getCPUSteal, string()));
  1010. #endif
  1011. for(unsigned int n=0; n < g_numThreads; ++n)
  1012. addGetStat("cpu-msec-thread-"+std::to_string(n), boost::bind(&doGetThreadCPUMsec, n));
  1013. #ifdef MALLOC_TRACE
  1014. addGetStat("memory-allocs", boost::bind(&MallocTracer::getAllocs, g_mtracer, string()));
  1015. addGetStat("memory-alloc-flux", boost::bind(&MallocTracer::getAllocFlux, g_mtracer, string()));
  1016. addGetStat("memory-allocated", boost::bind(&MallocTracer::getTotAllocated, g_mtracer, string()));
  1017. #endif
  1018. addGetStat("dnssec-validations", &g_stats.dnssecValidations);
  1019. addGetStat("dnssec-result-insecure", &g_stats.dnssecResults[vState::Insecure]);
  1020. addGetStat("dnssec-result-secure", &g_stats.dnssecResults[vState::Secure]);
  1021. addGetStat("dnssec-result-bogus", []() {
  1022. static std::set<vState> const bogusStates = { vState::BogusNoValidDNSKEY, vState::BogusInvalidDenial, vState::BogusUnableToGetDSs, vState::BogusUnableToGetDNSKEYs, vState::BogusSelfSignedDS, vState::BogusNoRRSIG, vState::BogusNoValidRRSIG, vState::BogusMissingNegativeIndication, vState::BogusSignatureNotYetValid, vState::BogusSignatureExpired, vState::BogusUnsupportedDNSKEYAlgo, vState::BogusUnsupportedDSDigestType, vState::BogusNoZoneKeyBitSet, vState::BogusRevokedDNSKEY, vState::BogusInvalidDNSKEYProtocol };
  1023. uint64_t total = 0;
  1024. for (const auto& state : bogusStates) {
  1025. total += g_stats.dnssecResults[state];
  1026. }
  1027. return total;
  1028. });
  1029. addGetStat("dnssec-result-bogus-no-valid-dnskey", &g_stats.dnssecResults[vState::BogusNoValidDNSKEY]);
  1030. addGetStat("dnssec-result-bogus-invalid-denial", &g_stats.dnssecResults[vState::BogusInvalidDenial]);
  1031. addGetStat("dnssec-result-bogus-unable-to-get-dss", &g_stats.dnssecResults[vState::BogusUnableToGetDSs]);
  1032. addGetStat("dnssec-result-bogus-unable-to-get-dnskeys", &g_stats.dnssecResults[vState::BogusUnableToGetDNSKEYs]);
  1033. addGetStat("dnssec-result-bogus-self-signed-ds", &g_stats.dnssecResults[vState::BogusSelfSignedDS]);
  1034. addGetStat("dnssec-result-bogus-no-rrsig", &g_stats.dnssecResults[vState::BogusNoRRSIG]);
  1035. addGetStat("dnssec-result-bogus-no-valid-rrsig", &g_stats.dnssecResults[vState::BogusNoValidRRSIG]);
  1036. addGetStat("dnssec-result-bogus-missing-negative-indication", &g_stats.dnssecResults[vState::BogusMissingNegativeIndication]);
  1037. addGetStat("dnssec-result-bogus-signature-not-yet-valid", &g_stats.dnssecResults[vState::BogusSignatureNotYetValid]);
  1038. addGetStat("dnssec-result-bogus-signature-expired", &g_stats.dnssecResults[vState::BogusSignatureExpired]);
  1039. addGetStat("dnssec-result-bogus-unsupported-dnskey-algo", &g_stats.dnssecResults[vState::BogusUnsupportedDNSKEYAlgo]);
  1040. addGetStat("dnssec-result-bogus-unsupported-ds-digest-type", &g_stats.dnssecResults[vState::BogusUnsupportedDSDigestType]);
  1041. addGetStat("dnssec-result-bogus-no-zone-key-bit-set", &g_stats.dnssecResults[vState::BogusNoZoneKeyBitSet]);
  1042. addGetStat("dnssec-result-bogus-revoked-dnskey", &g_stats.dnssecResults[vState::BogusRevokedDNSKEY]);
  1043. addGetStat("dnssec-result-bogus-invalid-dnskey-protocol", &g_stats.dnssecResults[vState::BogusInvalidDNSKEYProtocol]);
  1044. addGetStat("dnssec-result-indeterminate", &g_stats.dnssecResults[vState::Indeterminate]);
  1045. addGetStat("dnssec-result-nta", &g_stats.dnssecResults[vState::NTA]);
  1046. addGetStat("policy-result-noaction", &g_stats.policyResults[DNSFilterEngine::PolicyKind::NoAction]);
  1047. addGetStat("policy-result-drop", &g_stats.policyResults[DNSFilterEngine::PolicyKind::Drop]);
  1048. addGetStat("policy-result-nxdomain", &g_stats.policyResults[DNSFilterEngine::PolicyKind::NXDOMAIN]);
  1049. addGetStat("policy-result-nodata", &g_stats.policyResults[DNSFilterEngine::PolicyKind::NODATA]);
  1050. addGetStat("policy-result-truncate", &g_stats.policyResults[DNSFilterEngine::PolicyKind::Truncate]);
  1051. addGetStat("policy-result-custom", &g_stats.policyResults[DNSFilterEngine::PolicyKind::Custom]);
  1052. addGetStat("rebalanced-queries", &g_stats.rebalancedQueries);
  1053. addGetStat("proxy-protocol-invalid", &g_stats.proxyProtocolInvalidCount);
  1054. /* make sure that the ECS stats are properly initialized */
  1055. SyncRes::clearECSStats();
  1056. for (size_t idx = 0; idx < SyncRes::s_ecsResponsesBySubnetSize4.size(); idx++) {
  1057. const std::string name = "ecs-v4-response-bits-" + std::to_string(idx + 1);
  1058. addGetStat(name, &(SyncRes::s_ecsResponsesBySubnetSize4.at(idx)));
  1059. }
  1060. for (size_t idx = 0; idx < SyncRes::s_ecsResponsesBySubnetSize6.size(); idx++) {
  1061. const std::string name = "ecs-v6-response-bits-" + std::to_string(idx + 1);
  1062. addGetStat(name, &(SyncRes::s_ecsResponsesBySubnetSize6.at(idx)));
  1063. }
  1064. }
  1065. void doExitGeneric(bool nicely)
  1066. {
  1067. g_log<<Logger::Error<<"Exiting on user request"<<endl;
  1068. extern RecursorControlChannel s_rcc;
  1069. s_rcc.~RecursorControlChannel();
  1070. extern string s_pidfname;
  1071. if(!s_pidfname.empty())
  1072. unlink(s_pidfname.c_str()); // we can at least try..
  1073. if(nicely) {
  1074. RecursorControlChannel::stop = 1;
  1075. } else {
  1076. _exit(1);
  1077. }
  1078. }
  1079. void doExit()
  1080. {
  1081. doExitGeneric(false);
  1082. }
  1083. void doExitNicely()
  1084. {
  1085. doExitGeneric(true);
  1086. }
  1087. vector<pair<DNSName, uint16_t> >* pleaseGetQueryRing()
  1088. {
  1089. typedef pair<DNSName,uint16_t> query_t;
  1090. vector<query_t >* ret = new vector<query_t>();
  1091. if(!t_queryring)
  1092. return ret;
  1093. ret->reserve(t_queryring->size());
  1094. for(const query_t& q : *t_queryring) {
  1095. ret->push_back(q);
  1096. }
  1097. return ret;
  1098. }
  1099. vector<pair<DNSName,uint16_t> >* pleaseGetServfailQueryRing()
  1100. {
  1101. typedef pair<DNSName,uint16_t> query_t;
  1102. vector<query_t>* ret = new vector<query_t>();
  1103. if(!t_servfailqueryring)
  1104. return ret;
  1105. ret->reserve(t_servfailqueryring->size());
  1106. for(const query_t& q : *t_servfailqueryring) {
  1107. ret->push_back(q);
  1108. }
  1109. return ret;
  1110. }
  1111. vector<pair<DNSName,uint16_t> >* pleaseGetBogusQueryRing()
  1112. {
  1113. typedef pair<DNSName,uint16_t> query_t;
  1114. vector<query_t>* ret = new vector<query_t>();
  1115. if(!t_bogusqueryring)
  1116. return ret;
  1117. ret->reserve(t_bogusqueryring->size());
  1118. for(const query_t& q : *t_bogusqueryring) {
  1119. ret->push_back(q);
  1120. }
  1121. return ret;
  1122. }
  1123. typedef boost::function<vector<ComboAddress>*()> pleaseremotefunc_t;
  1124. typedef boost::function<vector<pair<DNSName,uint16_t> >*()> pleasequeryfunc_t;
  1125. vector<ComboAddress>* pleaseGetRemotes()
  1126. {
  1127. vector<ComboAddress>* ret = new vector<ComboAddress>();
  1128. if(!t_remotes)
  1129. return ret;
  1130. ret->reserve(t_remotes->size());
  1131. for(const ComboAddress& ca : *t_remotes) {
  1132. ret->push_back(ca);
  1133. }
  1134. return ret;
  1135. }
  1136. vector<ComboAddress>* pleaseGetServfailRemotes()
  1137. {
  1138. vector<ComboAddress>* ret = new vector<ComboAddress>();
  1139. if(!t_servfailremotes)
  1140. return ret;
  1141. ret->reserve(t_servfailremotes->size());
  1142. for(const ComboAddress& ca : *t_servfailremotes) {
  1143. ret->push_back(ca);
  1144. }
  1145. return ret;
  1146. }
  1147. vector<ComboAddress>* pleaseGetBogusRemotes()
  1148. {
  1149. vector<ComboAddress>* ret = new vector<ComboAddress>();
  1150. if(!t_bogusremotes)
  1151. return ret;
  1152. ret->reserve(t_bogusremotes->size());
  1153. for(const ComboAddress& ca : *t_bogusremotes) {
  1154. ret->push_back(ca);
  1155. }
  1156. return ret;
  1157. }
  1158. vector<ComboAddress>* pleaseGetLargeAnswerRemotes()
  1159. {
  1160. vector<ComboAddress>* ret = new vector<ComboAddress>();
  1161. if(!t_largeanswerremotes)
  1162. return ret;
  1163. ret->reserve(t_largeanswerremotes->size());
  1164. for(const ComboAddress& ca : *t_largeanswerremotes) {
  1165. ret->push_back(ca);
  1166. }
  1167. return ret;
  1168. }
  1169. vector<ComboAddress>* pleaseGetTimeouts()
  1170. {
  1171. vector<ComboAddress>* ret = new vector<ComboAddress>();
  1172. if(!t_timeouts)
  1173. return ret;
  1174. ret->reserve(t_timeouts->size());
  1175. for(const ComboAddress& ca : *t_timeouts) {
  1176. ret->push_back(ca);
  1177. }
  1178. return ret;
  1179. }
  1180. static string doGenericTopRemotes(pleaseremotefunc_t func)
  1181. {
  1182. typedef map<ComboAddress, int, ComboAddress::addressOnlyLessThan> counts_t;
  1183. counts_t counts;
  1184. vector<ComboAddress> remotes=broadcastAccFunction<vector<ComboAddress> >(func);
  1185. unsigned int total=0;
  1186. for(const ComboAddress& ca : remotes) {
  1187. total++;
  1188. counts[ca]++;
  1189. }
  1190. typedef std::multimap<int, ComboAddress> rcounts_t;
  1191. rcounts_t rcounts;
  1192. for(counts_t::const_iterator i=counts.begin(); i != counts.end(); ++i)
  1193. rcounts.insert(make_pair(-i->second, i->first));
  1194. ostringstream ret;
  1195. ret<<"Over last "<<total<<" entries:\n";
  1196. format fmt("%.02f%%\t%s\n");
  1197. int limit=0, accounted=0;
  1198. if(total) {
  1199. for(rcounts_t::const_iterator i=rcounts.begin(); i != rcounts.end() && limit < 20; ++i, ++limit) {
  1200. ret<< fmt % (-100.0*i->first/total) % i->second.toString();
  1201. accounted+= -i->first;
  1202. }
  1203. ret<< '\n' << fmt % (100.0*(total-accounted)/total) % "rest";
  1204. }
  1205. return ret.str();
  1206. }
  1207. // XXX DNSName Pain - this function should benefit from native DNSName methods
  1208. DNSName getRegisteredName(const DNSName& dom)
  1209. {
  1210. auto parts=dom.getRawLabels();
  1211. if(parts.size()<=2)
  1212. return dom;
  1213. reverse(parts.begin(), parts.end());
  1214. for(string& str : parts) { str=toLower(str); };
  1215. // uk co migweb
  1216. string last;
  1217. while(!parts.empty()) {
  1218. if(parts.size()==1 || binary_search(g_pubs.begin(), g_pubs.end(), parts)) {
  1219. string ret=last;
  1220. if(!ret.empty())
  1221. ret+=".";
  1222. for(auto p = parts.crbegin(); p != parts.crend(); ++p) {
  1223. ret+=(*p)+".";
  1224. }
  1225. return DNSName(ret);
  1226. }
  1227. last=parts[parts.size()-1];
  1228. parts.resize(parts.size()-1);
  1229. }
  1230. return DNSName("??");
  1231. }
  1232. static DNSName nopFilter(const DNSName& name)
  1233. {
  1234. return name;
  1235. }
  1236. static string doGenericTopQueries(pleasequeryfunc_t func, boost::function<DNSName(const DNSName&)> filter=nopFilter)
  1237. {
  1238. typedef pair<DNSName,uint16_t> query_t;
  1239. typedef map<query_t, int> counts_t;
  1240. counts_t counts;
  1241. vector<query_t> queries=broadcastAccFunction<vector<query_t> >(func);
  1242. unsigned int total=0;
  1243. for(const query_t& q : queries) {
  1244. total++;
  1245. counts[make_pair(filter(q.first),q.second)]++;
  1246. }
  1247. typedef std::multimap<int, query_t> rcounts_t;
  1248. rcounts_t rcounts;
  1249. for(counts_t::const_iterator i=counts.begin(); i != counts.end(); ++i)
  1250. rcounts.insert(make_pair(-i->second, i->first));
  1251. ostringstream ret;
  1252. ret<<"Over last "<<total<<" entries:\n";
  1253. format fmt("%.02f%%\t%s\n");
  1254. int limit=0, accounted=0;
  1255. if(total) {
  1256. for(rcounts_t::const_iterator i=rcounts.begin(); i != rcounts.end() && limit < 20; ++i, ++limit) {
  1257. ret<< fmt % (-100.0*i->first/total) % (i->second.first.toLogString()+"|"+DNSRecordContent::NumberToType(i->second.second));
  1258. accounted+= -i->first;
  1259. }
  1260. ret<< '\n' << fmt % (100.0*(total-accounted)/total) % "rest";
  1261. }
  1262. return ret.str();
  1263. }
  1264. static string* nopFunction()
  1265. {
  1266. return new string("pong\n");
  1267. }
  1268. static string getDontThrottleNames() {
  1269. auto dtn = g_dontThrottleNames.getLocal();
  1270. return dtn->toString() + "\n";
  1271. }
  1272. static string getDontThrottleNetmasks() {
  1273. auto dtn = g_dontThrottleNetmasks.getLocal();
  1274. return dtn->toString() + "\n";
  1275. }
  1276. template<typename T>
  1277. static string addDontThrottleNames(T begin, T end) {
  1278. if (begin == end) {
  1279. return "No names specified, keeping existing list\n";
  1280. }
  1281. vector<DNSName> toAdd;
  1282. while (begin != end) {
  1283. try {
  1284. auto d = DNSName(*begin);
  1285. toAdd.push_back(d);
  1286. }
  1287. catch(const std::exception &e) {
  1288. return "Problem parsing '" + *begin + "': "+ e.what() + ", nothing added\n";
  1289. }
  1290. begin++;
  1291. }
  1292. string ret = "Added";
  1293. auto dnt = g_dontThrottleNames.getCopy();
  1294. bool first = true;
  1295. for (auto const &d : toAdd) {
  1296. if (!first) {
  1297. ret += ",";
  1298. }
  1299. first = false;
  1300. ret += " " + d.toLogString();
  1301. dnt.add(d);
  1302. }
  1303. g_dontThrottleNames.setState(std::move(dnt));
  1304. ret += " to the list of nameservers that may not be throttled";
  1305. g_log<<Logger::Info<<ret<<", requested via control channel"<<endl;
  1306. return ret + "\n";
  1307. }
  1308. template<typename T>
  1309. static string addDontThrottleNetmasks(T begin, T end) {
  1310. if (begin == end) {
  1311. return "No netmasks specified, keeping existing list\n";
  1312. }
  1313. vector<Netmask> toAdd;
  1314. while (begin != end) {
  1315. try {
  1316. auto n = Netmask(*begin);
  1317. toAdd.push_back(n);
  1318. }
  1319. catch(const std::exception &e) {
  1320. return "Problem parsing '" + *begin + "': "+ e.what() + ", nothing added\n";
  1321. }
  1322. catch(const PDNSException &e) {
  1323. return "Problem parsing '" + *begin + "': "+ e.reason + ", nothing added\n";
  1324. }
  1325. begin++;
  1326. }
  1327. string ret = "Added";
  1328. auto dnt = g_dontThrottleNetmasks.getCopy();
  1329. bool first = true;
  1330. for (auto const &t : toAdd) {
  1331. if (!first) {
  1332. ret += ",";
  1333. }
  1334. first = false;
  1335. ret += " " + t.toString();
  1336. dnt.addMask(t);
  1337. }
  1338. g_dontThrottleNetmasks.setState(std::move(dnt));
  1339. ret += " to the list of nameserver netmasks that may not be throttled";
  1340. g_log<<Logger::Info<<ret<<", requested via control channel"<<endl;
  1341. return ret + "\n";
  1342. }
  1343. template<typename T>
  1344. static string clearDontThrottleNames(T begin, T end) {
  1345. if(begin == end)
  1346. return "No names specified, doing nothing.\n";
  1347. if (begin + 1 == end && *begin == "*"){
  1348. SuffixMatchNode smn;
  1349. g_dontThrottleNames.setState(std::move(smn));
  1350. string ret = "Cleared list of nameserver names that may not be throttled";
  1351. g_log<<Logger::Warning<<ret<<", requested via control channel"<<endl;
  1352. return ret + "\n";
  1353. }
  1354. vector<DNSName> toRemove;
  1355. while (begin != end) {
  1356. try {
  1357. if (*begin == "*") {
  1358. return "Please don't mix '*' with other names, nothing removed\n";
  1359. }
  1360. toRemove.push_back(DNSName(*begin));
  1361. }
  1362. catch (const std::exception &e) {
  1363. return "Problem parsing '" + *begin + "': "+ e.what() + ", nothing removed\n";
  1364. }
  1365. begin++;
  1366. }
  1367. string ret = "Removed";
  1368. bool first = true;
  1369. auto dnt = g_dontThrottleNames.getCopy();
  1370. for (const auto &name : toRemove) {
  1371. if (!first) {
  1372. ret += ",";
  1373. }
  1374. first = false;
  1375. ret += " " + name.toLogString();
  1376. dnt.remove(name);
  1377. }
  1378. g_dontThrottleNames.setState(std::move(dnt));
  1379. ret += " from the list of nameservers that may not be throttled";
  1380. g_log<<Logger::Info<<ret<<", requested via control channel"<<endl;
  1381. return ret + "\n";
  1382. }
  1383. template<typename T>
  1384. static string clearDontThrottleNetmasks(T begin, T end) {
  1385. if(begin == end)
  1386. return "No netmasks specified, doing nothing.\n";
  1387. if (begin + 1 == end && *begin == "*"){
  1388. auto nmg = g_dontThrottleNetmasks.getCopy();
  1389. nmg.clear();
  1390. g_dontThrottleNetmasks.setState(std::move(nmg));
  1391. string ret = "Cleared list of nameserver addresses that may not be throttled";
  1392. g_log<<Logger::Warning<<ret<<", requested via control channel"<<endl;
  1393. return ret + "\n";
  1394. }
  1395. std::vector<Netmask> toRemove;
  1396. while (begin != end) {
  1397. try {
  1398. if (*begin == "*") {
  1399. return "Please don't mix '*' with other netmasks, nothing removed\n";
  1400. }
  1401. auto n = Netmask(*begin);
  1402. toRemove.push_back(n);
  1403. }
  1404. catch(const std::exception &e) {
  1405. return "Problem parsing '" + *begin + "': "+ e.what() + ", nothing added\n";
  1406. }
  1407. catch(const PDNSException &e) {
  1408. return "Problem parsing '" + *begin + "': "+ e.reason + ", nothing added\n";
  1409. }
  1410. begin++;
  1411. }
  1412. string ret = "Removed";
  1413. bool first = true;
  1414. auto dnt = g_dontThrottleNetmasks.getCopy();
  1415. for (const auto &mask : toRemove) {
  1416. if (!first) {
  1417. ret += ",";
  1418. }
  1419. first = false;
  1420. ret += " " + mask.toString();
  1421. dnt.deleteMask(mask);
  1422. }
  1423. g_dontThrottleNetmasks.setState(std::move(dnt));
  1424. ret += " from the list of nameservers that may not be throttled";
  1425. g_log<<Logger::Info<<ret<<", requested via control channel"<<endl;
  1426. return ret + "\n";
  1427. }
  1428. string RecursorControlParser::getAnswer(const string& question, RecursorControlParser::func_t** command)
  1429. {
  1430. *command=nop;
  1431. vector<string> words;
  1432. stringtok(words, question);
  1433. if(words.empty())
  1434. return "invalid command\n";
  1435. string cmd=toLower(words[0]);
  1436. vector<string>::const_iterator begin=words.begin()+1, end=words.end();
  1437. // should probably have a smart dispatcher here, like auth has
  1438. if(cmd=="help")
  1439. return
  1440. "add-dont-throttle-names [N...] add names that are not allowed to be throttled\n"
  1441. "add-dont-throttle-netmasks [N...]\n"
  1442. " add netmasks that are not allowed to be throttled\n"
  1443. "add-nta DOMAIN [REASON] add a Negative Trust Anchor for DOMAIN with the comment REASON\n"
  1444. "add-ta DOMAIN DSRECORD add a Trust Anchor for DOMAIN with data DSRECORD\n"
  1445. "current-queries show currently active queries\n"
  1446. "clear-dont-throttle-names [N...] remove names that are not allowed to be throttled. If N is '*', remove all\n"
  1447. "clear-dont-throttle-netmasks [N...]\n"
  1448. " remove netmasks that are not allowed to be throttled. If N is '*', remove all\n"
  1449. "clear-nta [DOMAIN]... Clear the Negative Trust Anchor for DOMAINs, if no DOMAIN is specified, remove all\n"
  1450. "clear-ta [DOMAIN]... Clear the Trust Anchor for DOMAINs\n"
  1451. "dump-cache <filename> dump cache contents to the named file\n"
  1452. "dump-edns [status] <filename> dump EDNS status to the named file\n"
  1453. "dump-nsspeeds <filename> dump nsspeeds statistics to the named file\n"
  1454. "dump-rpz <zone name> <filename> dump the content of a RPZ zone to the named file\n"
  1455. "dump-throttlemap <filename> dump the contents of the throttle map to the named file\n"
  1456. "dump-failedservers <filename> dump the failed servers to the named file\n"
  1457. "get [key1] [key2] .. get specific statistics\n"
  1458. "get-all get all statistics\n"
  1459. "get-dont-throttle-names get the list of names that are not allowed to be throttled\n"
  1460. "get-dont-throttle-netmasks get the list of netmasks that are not allowed to be throttled\n"
  1461. "get-ntas get all configured Negative Trust Anchors\n"
  1462. "get-tas get all configured Trust Anchors\n"
  1463. "get-parameter [key1] [key2] .. get configuration parameters\n"
  1464. "get-qtypelist get QType statistics\n"
  1465. " notice: queries from cache aren't being counted yet\n"
  1466. "help get this list\n"
  1467. "ping check that all threads are alive\n"
  1468. "quit stop the recursor daemon\n"
  1469. "quit-nicely stop the recursor daemon nicely\n"
  1470. "reload-acls reload ACLS\n"
  1471. "reload-lua-script [filename] (re)load Lua script\n"
  1472. "reload-lua-config [filename] (re)load Lua configuration file\n"
  1473. "reload-zones reload all auth and forward zones\n"
  1474. "set-ecs-minimum-ttl value set ecs-minimum-ttl-override\n"
  1475. "set-max-cache-entries value set new maximum cache size\n"
  1476. "set-max-packetcache-entries val set new maximum packet cache size\n"
  1477. "set-minimum-ttl value set minimum-ttl-override\n"
  1478. "set-carbon-server set a carbon server for telemetry\n"
  1479. "set-dnssec-log-bogus SETTING enable (SETTING=yes) or disable (SETTING=no) logging of DNSSEC validation failures\n"
  1480. "trace-regex [regex] emit resolution trace for matching queries (empty regex to clear trace)\n"
  1481. "top-largeanswer-remotes show top remotes receiving large answers\n"
  1482. "top-queries show top queries\n"
  1483. "top-pub-queries show top queries grouped by public suffix list\n"
  1484. "top-remotes show top remotes\n"
  1485. "top-timeouts show top downstream timeouts\n"
  1486. "top-servfail-queries show top queries receiving servfail answers\n"
  1487. "top-bogus-queries show top queries validating as bogus\n"
  1488. "top-pub-servfail-queries show top queries receiving servfail answers grouped by public suffix list\n"
  1489. "top-pub-bogus-queries show top queries validating as bogus grouped by public suffix list\n"
  1490. "top-servfail-remotes show top remotes receiving servfail answers\n"
  1491. "top-bogus-remotes show top remotes receiving bogus answers\n"
  1492. "unload-lua-script unload Lua script\n"
  1493. "version return Recursor version number\n"
  1494. "wipe-cache domain0 [domain1] .. wipe domain data from cache\n"
  1495. "wipe-cache-typed type domain0 [domain1] .. wipe domain data with qtype from cache\n";
  1496. if(cmd=="get-all")
  1497. return getAllStats();
  1498. if(cmd=="get")
  1499. return doGet(begin, end);
  1500. if(cmd=="get-parameter")
  1501. return doGetParameter(begin, end);
  1502. if(cmd=="quit") {
  1503. *command=&doExit;
  1504. return "bye\n";
  1505. }
  1506. if(cmd=="version") {
  1507. return getPDNSVersion()+"\n";
  1508. }
  1509. if(cmd=="quit-nicely") {
  1510. *command=&doExitNicely;
  1511. return "bye nicely\n";
  1512. }
  1513. if(cmd=="dump-cache")
  1514. return doDumpCache(begin, end);
  1515. if(cmd=="dump-ednsstatus" || cmd=="dump-edns")
  1516. return doDumpEDNSStatus(begin, end);
  1517. if(cmd=="dump-nsspeeds")
  1518. return doDumpNSSpeeds(begin, end);
  1519. if(cmd=="dump-failedservers")
  1520. return doDumpFailedServers(begin, end);
  1521. if(cmd=="dump-rpz") {
  1522. return doDumpRPZ(begin, end);
  1523. }
  1524. if(cmd=="dump-throttlemap")
  1525. return doDumpThrottleMap(begin, end);
  1526. if(cmd=="wipe-cache" || cmd=="flushname")
  1527. return doWipeCache(begin, end, 0xffff);
  1528. if(cmd=="wipe-cache-typed") {
  1529. uint16_t qtype = QType::chartocode(begin->c_str());
  1530. ++begin;
  1531. return doWipeCache(begin, end, qtype);
  1532. }
  1533. if(cmd=="reload-lua-script")
  1534. return doQueueReloadLuaScript(begin, end);
  1535. if(cmd=="reload-lua-config") {
  1536. if(begin != end)
  1537. ::arg().set("lua-config-file") = *begin;
  1538. try {
  1539. luaConfigDelayedThreads delayedLuaThreads;
  1540. loadRecursorLuaConfig(::arg()["lua-config-file"], delayedLuaThreads);
  1541. startLuaConfigDelayedThreads(delayedLuaThreads, g_luaconfs.getCopy().generation);
  1542. g_log<<Logger::Warning<<"Reloaded Lua configuration file '"<<::arg()["lua-config-file"]<<"', requested via control channel"<<endl;
  1543. return "Reloaded Lua configuration file '"+::arg()["lua-config-file"]+"'\n";
  1544. }
  1545. catch(std::exception& e) {
  1546. return "Unable to load Lua script from '"+::arg()["lua-config-file"]+"': "+e.what()+"\n";
  1547. }
  1548. catch(const PDNSException& e) {
  1549. return "Unable to load Lua script from '"+::arg()["lua-config-file"]+"': "+e.reason+"\n";
  1550. }
  1551. }
  1552. if(cmd=="set-carbon-server")
  1553. return doSetCarbonServer(begin, end);
  1554. if(cmd=="trace-regex")
  1555. return doTraceRegex(begin, end);
  1556. if(cmd=="unload-lua-script") {
  1557. vector<string> empty;
  1558. empty.push_back(string());
  1559. return doQueueReloadLuaScript(empty.begin(), empty.end());
  1560. }
  1561. if(cmd=="reload-acls") {
  1562. if(!::arg()["chroot"].empty()) {
  1563. g_log<<Logger::Error<<"Unable to reload ACL when chroot()'ed, requested via control channel"<<endl;
  1564. return "Unable to reload ACL when chroot()'ed, please restart\n";
  1565. }
  1566. try {
  1567. parseACLs();
  1568. }
  1569. catch(std::exception& e)
  1570. {
  1571. g_log<<Logger::Error<<"Reloading ACLs failed (Exception: "<<e.what()<<")"<<endl;
  1572. return e.what() + string("\n");
  1573. }
  1574. catch(PDNSException& ae)
  1575. {
  1576. g_log<<Logger::Error<<"Reloading ACLs failed (PDNSException: "<<ae.reason<<")"<<endl;
  1577. return ae.reason + string("\n");
  1578. }
  1579. return "ok\n";
  1580. }
  1581. if(cmd=="top-remotes")
  1582. return doGenericTopRemotes(pleaseGetRemotes);
  1583. if(cmd=="top-queries")
  1584. return doGenericTopQueries(pleaseGetQueryRing);
  1585. if(cmd=="top-pub-queries")
  1586. return doGenericTopQueries(pleaseGetQueryRing, getRegisteredName);
  1587. if(cmd=="top-servfail-queries")
  1588. return doGenericTopQueries(pleaseGetServfailQueryRing);
  1589. if(cmd=="top-pub-servfail-queries")
  1590. return doGenericTopQueries(pleaseGetServfailQueryRing, getRegisteredName);
  1591. if(cmd=="top-bogus-queries")
  1592. return doGenericTopQueries(pleaseGetBogusQueryRing);
  1593. if(cmd=="top-pub-bogus-queries")
  1594. return doGenericTopQueries(pleaseGetBogusQueryRing, getRegisteredName);
  1595. if(cmd=="top-servfail-remotes")
  1596. return doGenericTopRemotes(pleaseGetServfailRemotes);
  1597. if(cmd=="top-bogus-remotes")
  1598. return doGenericTopRemotes(pleaseGetBogusRemotes);
  1599. if(cmd=="top-largeanswer-remotes")
  1600. return doGenericTopRemotes(pleaseGetLargeAnswerRemotes);
  1601. if(cmd=="top-timeouts")
  1602. return doGenericTopRemotes(pleaseGetTimeouts);
  1603. if(cmd=="current-queries")
  1604. return doCurrentQueries();
  1605. if(cmd=="ping") {
  1606. return broadcastAccFunction<string>(nopFunction);
  1607. }
  1608. if(cmd=="reload-zones") {
  1609. if(!::arg()["chroot"].empty()) {
  1610. g_log<<Logger::Error<<"Unable to reload zones and forwards when chroot()'ed, requested via control channel"<<endl;
  1611. return "Unable to reload zones and forwards when chroot()'ed, please restart\n";
  1612. }
  1613. return reloadAuthAndForwards();
  1614. }
  1615. if(cmd=="set-ecs-minimum-ttl") {
  1616. return setMinimumECSTTL(begin, end);
  1617. }
  1618. if(cmd=="set-max-cache-entries") {
  1619. return setMaxCacheEntries(begin, end);
  1620. }
  1621. if(cmd=="set-max-packetcache-entries") {
  1622. return setMaxPacketCacheEntries(begin, end);
  1623. }
  1624. if(cmd=="set-minimum-ttl") {
  1625. return setMinimumTTL(begin, end);
  1626. }
  1627. if(cmd=="get-qtypelist") {
  1628. return g_rs.getQTypeReport();
  1629. }
  1630. if(cmd=="add-nta") {
  1631. return doAddNTA(begin, end);
  1632. }
  1633. if(cmd=="clear-nta") {
  1634. return doClearNTA(begin, end);
  1635. }
  1636. if(cmd=="get-ntas") {
  1637. return getNTAs();
  1638. }
  1639. if(cmd=="add-ta") {
  1640. return doAddTA(begin, end);
  1641. }
  1642. if(cmd=="clear-ta") {
  1643. return doClearTA(begin, end);
  1644. }
  1645. if(cmd=="get-tas") {
  1646. return getTAs();
  1647. }
  1648. if (cmd=="set-dnssec-log-bogus")
  1649. return doSetDnssecLogBogus(begin, end);
  1650. if (cmd == "get-dont-throttle-names") {
  1651. return getDontThrottleNames();
  1652. }
  1653. if (cmd == "get-dont-throttle-netmasks") {
  1654. return getDontThrottleNetmasks();
  1655. }
  1656. if (cmd == "add-dont-throttle-names") {
  1657. return addDontThrottleNames(begin, end);
  1658. }
  1659. if (cmd == "add-dont-throttle-netmasks") {
  1660. return addDontThrottleNetmasks(begin, end);
  1661. }
  1662. if (cmd == "clear-dont-throttle-names") {
  1663. return clearDontThrottleNames(begin, end);
  1664. }
  1665. if (cmd == "clear-dont-throttle-netmasks") {
  1666. return clearDontThrottleNetmasks(begin, end);
  1667. }
  1668. return "Unknown command '"+cmd+"', try 'help'\n";
  1669. }