Hello community,
here is the log from the commit of package pdns for openSUSE:Factory checked in
at 2016-01-01 19:48:56
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/pdns (Old)
and /work/SRC/openSUSE:Factory/.pdns.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "pdns"
Changes:
--------
--- /work/SRC/openSUSE:Factory/pdns/pdns.changes 2015-09-03
18:12:20.000000000 +0200
+++ /work/SRC/openSUSE:Factory/.pdns.new/pdns.changes 2016-01-01
19:51:21.000000000 +0100
@@ -1,0 +2,28 @@
+Tue Nov 3 16:02:55 UTC 2015 - mich...@stroeder.com
+
+- update to 3.4.7
+
+Bug fixes:
+* Ignore invalid/empty TKEY and TSIG records (Christian Hofstaedtler)
+* Don't reply to truncated queries (Christian Hofstaedtler)
+* don't log out-of-zone ents during AXFR in (Kees Monshouwer)
+* Prevent XSS by escaping user input. Thanks to Pierre Jaury and Damien
+ Cauquil at Sysdream for pointing this out.
+* Handle NULL and boolean properly in gPGSql (Aki Tuomi)
+* Improve negative caching (Kees Monshouwer)
+* Do not divide timeout twice (Aki Tuomi)
+* Correctly sort records with a priority.
+
+Improvements:
+* Direct query answers and correct zone-rectification in the GeoIP
+backend (Aki Tuomi)
+* Use token names to identify PKCS#11 keys (Aki Tuomi)
+* Fix typo in an error message (Arjen Zonneveld)
+* limit NSEC3 iterations in bindbackend (Kees Monshouwer)
+* Initialize minbody (Aki Tuomi)
+
+New features:
+* OPENPGPKEY record-type (James Cloos and Kees Monshouwer)
+* add global soa-edit settings (Kees Monshouwer)
+
+-------------------------------------------------------------------
Old:
----
pdns-3.4.6.tar.bz2
New:
----
pdns-3.4.7.tar.bz2
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ pdns.spec ++++++
--- /var/tmp/diff_new_pack.zOYUmW/_old 2016-01-01 19:51:23.000000000 +0100
+++ /var/tmp/diff_new_pack.zOYUmW/_new 2016-01-01 19:51:23.000000000 +0100
@@ -17,11 +17,11 @@
Name: pdns
-Version: 3.4.6
+Version: 3.4.7
Release: 0
#
%define pkg_name pdns
-%define pkg_version 3.4.6
+%define pkg_version 3.4.7
%define polarssl_version 1.3.2
#
%define home %{_var}/lib/pdns
++++++ pdns-3.4.6.tar.bz2 -> pdns-3.4.7.tar.bz2 ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/pdns-3.4.6/build-scripts/redhat/pdns-server-test.spec
new/pdns-3.4.7/build-scripts/redhat/pdns-server-test.spec
--- old/pdns-3.4.6/build-scripts/redhat/pdns-server-test.spec 2015-08-27
15:17:34.000000000 +0200
+++ new/pdns-3.4.7/build-scripts/redhat/pdns-server-test.spec 2015-11-03
15:36:48.000000000 +0100
@@ -9,7 +9,7 @@
Epoch: 0
License: GPL
Group: System/Servers
-Source: http://downloads.powerdns.com/releases/pdns-3.4.6.tar.bz2
+Source: http://downloads.powerdns.com/releases/pdns-3.4.7.tar.bz2
BuildRequires: autoconf automake
BuildRequires: gcc gcc-c++
@@ -30,7 +30,7 @@
PowerDNS testbuild
%prep
-%setup -q -n pdns-3.4.6
+%setup -q -n pdns-3.4.7
%build
%configure \
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/pdns-3.4.6/configure new/pdns-3.4.7/configure
--- old/pdns-3.4.6/configure 2015-08-27 15:17:47.000000000 +0200
+++ new/pdns-3.4.7/configure 2015-11-03 15:37:00.000000000 +0100
@@ -1,6 +1,6 @@
#! /bin/sh
# Guess values for system-dependent variables and create Makefiles.
-# Generated by GNU Autoconf 2.69 for pdns 3.4.6.
+# Generated by GNU Autoconf 2.69 for pdns 3.4.7.
#
#
# Copyright (C) 1992-1996, 1998-2012 Free Software Foundation, Inc.
@@ -587,8 +587,8 @@
# Identity of this package.
PACKAGE_NAME='pdns'
PACKAGE_TARNAME='pdns'
-PACKAGE_VERSION='3.4.6'
-PACKAGE_STRING='pdns 3.4.6'
+PACKAGE_VERSION='3.4.7'
+PACKAGE_STRING='pdns 3.4.7'
PACKAGE_BUGREPORT=''
PACKAGE_URL=''
@@ -1470,7 +1470,7 @@
# Omit some internal or obsolete options to make the list less imposing.
# This message is too long to be a string in the A/UX 3.1 sh.
cat <<_ACEOF
-\`configure' configures pdns 3.4.6 to adapt to many kinds of systems.
+\`configure' configures pdns 3.4.7 to adapt to many kinds of systems.
Usage: $0 [OPTION]... [VAR=VALUE]...
@@ -1540,7 +1540,7 @@
if test -n "$ac_init_help"; then
case $ac_init_help in
- short | recursive ) echo "Configuration of pdns 3.4.6:";;
+ short | recursive ) echo "Configuration of pdns 3.4.7:";;
esac
cat <<\_ACEOF
@@ -1740,7 +1740,7 @@
test -n "$ac_init_help" && exit $ac_status
if $ac_init_version; then
cat <<\_ACEOF
-pdns configure 3.4.6
+pdns configure 3.4.7
generated by GNU Autoconf 2.69
Copyright (C) 2012 Free Software Foundation, Inc.
@@ -2347,7 +2347,7 @@
This file contains any messages produced by compilers while
running configure, to aid debugging if configure makes a mistake.
-It was created by pdns $as_me 3.4.6, which was
+It was created by pdns $as_me 3.4.7, which was
generated by GNU Autoconf 2.69. Invocation command line was
$ $0 $@
@@ -3170,7 +3170,7 @@
# Define the identity of the package.
PACKAGE='pdns'
- VERSION='3.4.6'
+ VERSION='3.4.7'
cat >>confdefs.h <<_ACEOF
@@ -21192,7 +21192,7 @@
# report actual input values of CONFIG_FILES etc. instead of their
# values after options handling.
ac_log="
-This file was extended by pdns $as_me 3.4.6, which was
+This file was extended by pdns $as_me 3.4.7, which was
generated by GNU Autoconf 2.69. Invocation command line was
CONFIG_FILES = $CONFIG_FILES
@@ -21258,7 +21258,7 @@
cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //;
s/[\\""\`\$]/\\\\&/g'`"
ac_cs_version="\\
-pdns config.status 3.4.6
+pdns config.status 3.4.7
configured by $0, generated by GNU Autoconf 2.69,
with options \\"\$ac_cs_config\\"
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/pdns-3.4.6/configure.ac new/pdns-3.4.7/configure.ac
--- old/pdns-3.4.6/configure.ac 2015-08-27 15:17:34.000000000 +0200
+++ new/pdns-3.4.7/configure.ac 2015-11-03 15:36:48.000000000 +0100
@@ -1,7 +1,7 @@
AC_PREREQ([2.61])
dnl The following lines may be patched by set-version-auth.
-AC_INIT([pdns], [3.4.6])
+AC_INIT([pdns], [3.4.7])
AC_SUBST([DIST_HOST], [jenk...@autotest.powerdns.com])
dnl End patch area.
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/pdns-3.4.6/debian-pdns/changelog
new/pdns-3.4.7/debian-pdns/changelog
--- old/pdns-3.4.6/debian-pdns/changelog 2015-08-27 15:17:34.000000000
+0200
+++ new/pdns-3.4.7/debian-pdns/changelog 2015-11-03 15:36:48.000000000
+0100
@@ -1,4 +1,4 @@
-pdns (3.4.6-1) unstable; urgency=medium
+pdns (3.4.7-1) unstable; urgency=medium
* fill in the blanks
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/pdns-3.4.6/modules/bindbackend/bindbackend2.hh
new/pdns-3.4.7/modules/bindbackend/bindbackend2.hh
--- old/pdns-3.4.6/modules/bindbackend/bindbackend2.hh 2015-08-24
11:11:59.000000000 +0200
+++ new/pdns-3.4.7/modules/bindbackend/bindbackend2.hh 2015-11-02
13:32:28.000000000 +0100
@@ -39,6 +39,7 @@
#include "pdns/lock.hh"
#include "pdns/misc.hh"
#include "pdns/dnsbackend.hh"
+#include "pdns/logger.hh"
#include "pdns/namespaces.hh"
using namespace ::boost::multi_index;
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/pdns-3.4.6/modules/bindbackend/binddnssec.cc
new/pdns-3.4.7/modules/bindbackend/binddnssec.cc
--- old/pdns-3.4.6/modules/bindbackend/binddnssec.cc 2015-06-09
14:28:57.000000000 +0200
+++ new/pdns-3.4.7/modules/bindbackend/binddnssec.cc 2015-11-02
13:32:28.000000000 +0100
@@ -108,16 +108,19 @@
getDomainMetadata(zname, "NSEC3PARAM", meta);
if(!meta.empty())
value=*meta.begin();
-
- if(value.empty()) { // "no NSEC3"
- return false;
- }
-
+ else
+ return false; // "no NSEC3"
+
+ static int maxNSEC3Iterations=::arg().asNum("max-nsec3-iterations");
if(ns3p) {
NSEC3PARAMRecordContent*
tmp=dynamic_cast<NSEC3PARAMRecordContent*>(DNSRecordContent::mastermake(QType::NSEC3PARAM,
1, value));
*ns3p = *tmp;
delete tmp;
}
+ if (ns3p->d_iterations > maxNSEC3Iterations) {
+ ns3p->d_iterations = maxNSEC3Iterations;
+ L<<Logger::Error<<"Number of NSEC3 iterations for zone '"<<zname<<"' is
above 'max-nsec3-iterations'. Value adjusted to: "<<maxNSEC3Iterations<<endl;
+ }
return true;
}
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/pdns-3.4.6/modules/geoipbackend/geoipbackend.cc
new/pdns-3.4.7/modules/geoipbackend/geoipbackend.cc
--- old/pdns-3.4.6/modules/geoipbackend/geoipbackend.cc 2015-06-09
14:28:57.000000000 +0200
+++ new/pdns-3.4.7/modules/geoipbackend/geoipbackend.cc 2015-09-29
16:50:32.000000000 +0200
@@ -4,14 +4,16 @@
#include <glob.h>
pthread_rwlock_t GeoIPBackend::s_state_lock=PTHREAD_RWLOCK_INITIALIZER;
+typedef map<string, string> service_map_t;
+typedef map<string, vector<DNSResourceRecord> > record_map_t;
class GeoIPDomain {
public:
int id;
string domain;
int ttl;
- map<string, string> services;
- map<string, vector<DNSResourceRecord> > records;
+ service_map_t services;
+ record_map_t records;
};
static vector<GeoIPDomain> s_domains;
@@ -128,6 +130,48 @@
dom.services[service->first.as<string>()] = service->second.as<string>();
}
+ // rectify the zone, first static records
+ BOOST_FOREACH(record_map_t::value_type& item, dom.records) {
+ // ensure we have parent in records
+ string name = item.first;
+ while(chopOff(name) && endsOn(name, dom.domain)) {
+ if (dom.records.find(name) == dom.records.end()) {
+ DNSResourceRecord rr;
+ vector<DNSResourceRecord> rrs;
+ rr.domain_id = dom.id;
+ rr.ttl = dom.ttl;
+ rr.qname = name;
+ rr.qtype = "NULL";
+ rr.content = "";
+ rr.auth = 1;
+ rr.d_place = DNSResourceRecord::ANSWER;
+ rrs.push_back(rr);
+ std::swap(dom.records[name], rrs);
+ }
+ }
+ }
+
+ // then services
+ BOOST_FOREACH(service_map_t::value_type& item, dom.services) {
+ // ensure we have parent in records
+ string name = item.first;
+ while(chopOff(name) && endsOn(name, dom.domain)) {
+ if (dom.records.find(name) == dom.records.end()) {
+ DNSResourceRecord rr;
+ vector<DNSResourceRecord> rrs;
+ rr.domain_id = dom.id;
+ rr.ttl = dom.ttl;
+ rr.qname = name;
+ rr.qtype = "NULL";
+ rr.content = "";
+ rr.auth = 1;
+ rr.d_place = DNSResourceRecord::ANSWER;
+ rrs.push_back(rr);
+ std::swap(dom.records[name], rrs);
+ }
+ }
+ }
+
tmp_domains.push_back(dom);
}
@@ -188,8 +232,6 @@
return;
}
- if (!(qtype == QType::ANY || qtype == QType::CNAME)) return;
-
string ip = "0.0.0.0";
bool v6 = false;
if (pkt_p != NULL) {
@@ -203,6 +245,21 @@
format = format2str(format, ip, v6);
+ // see if the record can be found
+ if (dom.records.count(format)) { // return static value
+ record_map_t::iterator i = dom.records.find(format);
+ BOOST_FOREACH(DNSResourceRecord rr, i->second) {
+ if (qtype == QType::ANY || rr.qtype == qtype) {
+ rr.scopeMask = (v6 ? 128 : 32);
+ d_result.push_back(rr);
+ d_result.back().qname = qdomain;
+ }
+ }
+ return;
+ }
+
+ if (!(qtype == QType::ANY || qtype == QType::CNAME)) return;
+
DNSResourceRecord rr;
rr.domain_id = dom.id;
rr.qtype = QType::CNAME;
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/pdns-3.4.6/modules/gpgsqlbackend/spgsql.cc
new/pdns-3.4.7/modules/gpgsqlbackend/spgsql.cc
--- old/pdns-3.4.6/modules/gpgsqlbackend/spgsql.cc 2015-06-09
14:28:57.000000000 +0200
+++ new/pdns-3.4.7/modules/gpgsqlbackend/spgsql.cc 2015-09-15
12:04:49.000000000 +0200
@@ -166,8 +166,16 @@
return false;
}
- for(int i=0;i<PQnfields(d_result);i++)
- row.push_back(PQgetvalue(d_result,d_count,i) ?: "");
+ for(int i=0;i<PQnfields(d_result);i++) {
+ if (PQgetisnull(d_result, d_count, i)) {
+ row.push_back("");
+ } else if (PQftype(d_result, i) == 16) { // BOOLEAN
+ char *val = PQgetvalue(d_result, d_count, i);
+ row.push_back(val[0] == 't' ? "1" : "0");
+ } else {
+ row.push_back(string(PQgetvalue(d_result, d_count, i)));
+ }
+ }
d_count++;
return true;
}
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/pdns-3.4.6/modules/remotebackend/httpconnector.cc
new/pdns-3.4.7/modules/remotebackend/httpconnector.cc
--- old/pdns-3.4.6/modules/remotebackend/httpconnector.cc 2015-08-24
11:11:59.000000000 +0200
+++ new/pdns-3.4.7/modules/remotebackend/httpconnector.cc 2015-11-03
13:58:26.000000000 +0100
@@ -388,7 +388,7 @@
try {
t0 = time((time_t*)NULL);
- while(arl.ready() == false && (labs(time((time_t*)NULL) - t0) <=
timeout/1000)) {
+ while(arl.ready() == false && (labs(time((time_t*)NULL) - t0) <=
timeout)) {
rd = d_socket->readWithTimeout(buffer, sizeof(buffer), timeout);
if (rd==0)
throw NetworkError("EOF while reading");
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/pdns-3.4.6/pdns/common_startup.cc
new/pdns-3.4.7/pdns/common_startup.cc
--- old/pdns-3.4.6/pdns/common_startup.cc 2015-06-09 14:29:04.000000000
+0200
+++ new/pdns-3.4.7/pdns/common_startup.cc 2015-11-02 14:05:07.000000000
+0100
@@ -138,6 +138,8 @@
::arg().set("soa-refresh-default","Default SOA refresh")="10800";
::arg().set("soa-retry-default","Default SOA retry")="3600";
::arg().set("soa-expire-default","Default SOA expire")="604800";
+ ::arg().set("default-soa-edit","Default SOA-EDIT value")="";
+ ::arg().set("default-soa-edit-signed","Default SOA-EDIT value for signed
zones")="";
::arg().set("trusted-notification-proxy", "IP address of incoming
notification proxy")="";
::arg().set("slave-renotify", "If we should send out notifications for
slaved updates")="no";
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/pdns-3.4.6/pdns/dbdnsseckeeper.cc
new/pdns-3.4.7/pdns/dbdnsseckeeper.cc
--- old/pdns-3.4.6/pdns/dbdnsseckeeper.cc 2015-06-09 14:29:04.000000000
+0200
+++ new/pdns-3.4.7/pdns/dbdnsseckeeper.cc 2015-11-02 14:05:07.000000000
+0100
@@ -212,6 +212,23 @@
}
}
+void DNSSECKeeper::getSoaEdit(const std::string& zname, std::string& value)
+{
+ static const string soaEdit(::arg()["default-soa-edit"]);
+ static const string soaEditSigned(::arg()["default-soa-edit-signed"]);
+
+ getFromMeta(zname, "SOA-EDIT", value);
+
+ if ((!soaEdit.empty() || !soaEditSigned.empty()) && value.empty() &&
!isPresigned(zname)) {
+ if (!soaEditSigned.empty() && isSecuredZone(zname))
+ value=soaEditSigned;
+ if (value.empty())
+ value=soaEdit;
+ }
+
+ return;
+}
+
uint64_t DNSSECKeeper::dbdnssecCacheSizes(const std::string& str)
{
if(str=="meta-cache-size") {
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/pdns-3.4.6/pdns/dnsbackend.cc
new/pdns-3.4.7/pdns/dnsbackend.cc
--- old/pdns-3.4.6/pdns/dnsbackend.cc 2015-06-09 14:29:04.000000000 +0200
+++ new/pdns-3.4.7/pdns/dnsbackend.cc 2015-10-13 10:37:24.000000000 +0200
@@ -44,18 +44,23 @@
return true;
}
-bool DNSBackend::getAuth(DNSPacket *p, SOAData *sd, const string &target, int
*zoneId, const int best_match_len)
+bool DNSBackend::getAuth(DNSPacket *p, SOAData *sd, const string &target, int
*zoneId, const int best_match_len, map<string,int>& negCacheMap)
{
bool found=false;
string subdomain(target);
do {
- if( best_match_len >= (int)subdomain.length() )
+ if( best_match_len >= (int)subdomain.length() && p->qtype != QType::DS )
break;
- if( this->getSOA( subdomain, *sd, p ) ) {
+ map<string,int>::iterator it = negCacheMap.find(subdomain);
+ bool negCached = ( it != negCacheMap.end() && it->second == 1 );
+
+ if(! negCached && this->getSOA( subdomain, *sd, p ) ) {
sd->qname = subdomain;
if(zoneId)
*zoneId = sd->domain_id;
+ if(found) // Second SOA found, we are done
+ return true;
if(p->qtype.getCode() == QType::DS && pdns_iequals(subdomain, target)) {
// Found authoritative zone but look for parent zone with 'DS' record.
@@ -63,6 +68,8 @@
} else
return true;
}
+ if (found)
+ negCacheMap[subdomain]=2; // don't cache SOA's during our quest for a
parent zone
}
while( chopOff( subdomain ) ); // 'www.powerdns.org' -> 'powerdns.org' ->
'org' -> ''
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/pdns-3.4.6/pdns/dnsbackend.hh
new/pdns-3.4.7/pdns/dnsbackend.hh
--- old/pdns-3.4.6/pdns/dnsbackend.hh 2015-08-24 11:11:59.000000000 +0200
+++ new/pdns-3.4.7/pdns/dnsbackend.hh 2015-10-13 10:37:24.000000000 +0200
@@ -163,7 +163,7 @@
virtual void getAllDomains(vector<DomainInfo> *domains, bool
include_disabled=false) { }
/** Determines if we are authoritative for a zone, and at what level */
- virtual bool getAuth(DNSPacket *p, SOAData *sd, const string &target, int
*zoneId, const int best_match_len);
+ virtual bool getAuth(DNSPacket *p, SOAData *sd, const string &target, int
*zoneId, const int best_match_len, map<string,int>& negCacheMap);
struct KeyData {
unsigned int id;
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/pdns-3.4.6/pdns/dnspacket.cc
new/pdns-3.4.7/pdns/dnspacket.cc
--- old/pdns-3.4.6/pdns/dnspacket.cc 2015-08-25 19:58:41.000000000 +0200
+++ new/pdns-3.4.7/pdns/dnspacket.cc 2015-11-02 11:33:21.000000000 +0100
@@ -464,10 +464,15 @@
bool gotit=false;
for(MOADNSParser::answers_t::const_iterator i=mdp.d_answers.begin();
i!=mdp.d_answers.end(); ++i) {
if(i->first.d_type == QType::TSIG) {
- *trc =
*boost::dynamic_pointer_cast<TSIGRecordContent>(i->first.d_content);
-
- gotit=true;
+ // cast can fail, f.e. if d_content is an UnknownRecordContent.
+ shared_ptr<TSIGRecordContent> content =
boost::dynamic_pointer_cast<TSIGRecordContent>(i->first.d_content);
+ if (!content) {
+ L<<Logger::Error<<"TSIG record has no or invalid content (invalid
packet)"<<endl;
+ return false;
+ }
+ *trc = *content;
*keyname = i->first.d_label;
+ gotit=true;
if(!keyname->empty())
keyname->resize(keyname->size()-1); // drop the trailing dot
}
@@ -492,7 +497,13 @@
}
if(i->first.d_type == QType::TKEY) {
- *tr =
*boost::dynamic_pointer_cast<TKEYRecordContent>(i->first.d_content);
+ // cast can fail, f.e. if d_content is an UnknownRecordContent.
+ shared_ptr<TKEYRecordContent> content =
boost::dynamic_pointer_cast<TKEYRecordContent>(i->first.d_content);
+ if (!content) {
+ L<<Logger::Error<<"TKEY record has no or invalid content (invalid
packet)"<<endl;
+ return false;
+ }
+ *tr = *content;
*keyname = i->first.d_label;
gotit=true;
}
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/pdns-3.4.6/pdns/dnsrecords.cc
new/pdns-3.4.7/pdns/dnsrecords.cc
--- old/pdns-3.4.6/pdns/dnsrecords.cc 2015-06-09 14:29:04.000000000 +0200
+++ new/pdns-3.4.7/pdns/dnsrecords.cc 2015-11-02 13:32:28.000000000 +0100
@@ -284,6 +284,10 @@
conv.xfrHexBlob(d_cert, true);
)
+boilerplate_conv(OPENPGPKEY, 61,
+ conv.xfrBlob(d_keyring);
+ )
+
#undef DS
DSRecordContent::DSRecordContent() : DNSRecordContent(43) {}
boilerplate_conv(DS, 43,
@@ -525,6 +529,7 @@
NSEC3RecordContent::report();
NSEC3PARAMRecordContent::report();
TLSARecordContent::report();
+ OPENPGPKEYRecordContent::report();
DLVRecordContent::report();
DNSRecordContent::regist(QClass::ANY, QType::TSIG,
&TSIGRecordContent::make, &TSIGRecordContent::make, "TSIG");
DNSRecordContent::regist(QClass::ANY, QType::TKEY,
&TKEYRecordContent::make, &TKEYRecordContent::make, "TKEY");
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/pdns-3.4.6/pdns/dnsrecords.hh
new/pdns-3.4.7/pdns/dnsrecords.hh
--- old/pdns-3.4.6/pdns/dnsrecords.hh 2015-06-09 14:29:05.000000000 +0200
+++ new/pdns-3.4.7/pdns/dnsrecords.hh 2015-11-02 13:32:28.000000000 +0100
@@ -348,6 +348,15 @@
string d_cert;
};
+class OPENPGPKEYRecordContent : public DNSRecordContent
+{
+public:
+ includeboilerplate(OPENPGPKEY)
+
+private:
+ string d_keyring;
+};
+
class RRSIGRecordContent : public DNSRecordContent
{
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/pdns-3.4.6/pdns/dnssecinfra.cc
new/pdns-3.4.7/pdns/dnssecinfra.cc
--- old/pdns-3.4.6/pdns/dnssecinfra.cc 2015-06-09 14:29:05.000000000 +0200
+++ new/pdns-3.4.7/pdns/dnssecinfra.cc 2015-11-02 13:32:28.000000000 +0100
@@ -60,8 +60,7 @@
pkcs11=true;
continue;
} else if (pdns_iequals(key,"slot")) {
- int slot = atoi(value.c_str());
- stormap["slot"]=lexical_cast<string>(slot);
+ stormap["slot"]=value;
continue;
} else if (pdns_iequals(key,"label")) {
stormap["label"]=value;
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/pdns-3.4.6/pdns/dnsseckeeper.hh
new/pdns-3.4.7/pdns/dnsseckeeper.hh
--- old/pdns-3.4.6/pdns/dnsseckeeper.hh 2015-06-09 14:29:05.000000000 +0200
+++ new/pdns-3.4.7/pdns/dnsseckeeper.hh 2015-11-02 14:05:07.000000000 +0100
@@ -106,6 +106,7 @@
}
void getFromMeta(const std::string& zname, const std::string& key,
std::string& value);
+ void getSoaEdit(const std::string& zname, std::string& value);
private:
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/pdns-3.4.6/pdns/docs/dnstcpbench.1
new/pdns-3.4.7/pdns/docs/dnstcpbench.1
--- old/pdns-3.4.6/pdns/docs/dnstcpbench.1 2015-08-27 15:18:35.000000000
+0200
+++ new/pdns-3.4.7/pdns/docs/dnstcpbench.1 2015-11-03 15:37:39.000000000
+0100
@@ -2,12 +2,12 @@
.\" Title: dnstcpbench
.\" Author: [see the "AUTHOR" section]
.\" Generator: DocBook XSL Stylesheets v1.76.1 <http://docbook.sf.net/>
-.\" Date: 08/27/2015
+.\" Date: 11/03/2015
.\" Manual: \ \&
.\" Source: \ \&
.\" Language: English
.\"
-.TH "DNSTCPBENCH" "1" "08/27/2015" "\ \&" "\ \&"
+.TH "DNSTCPBENCH" "1" "11/03/2015" "\ \&" "\ \&"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/pdns-3.4.6/pdns/ext/yahttp/yahttp/reqresp.hpp
new/pdns-3.4.7/pdns/ext/yahttp/yahttp/reqresp.hpp
--- old/pdns-3.4.6/pdns/ext/yahttp/yahttp/reqresp.hpp 2015-06-19
11:40:21.000000000 +0200
+++ new/pdns-3.4.7/pdns/ext/yahttp/yahttp/reqresp.hpp 2015-11-03
14:32:09.000000000 +0100
@@ -303,7 +303,7 @@
void initialize(T* target) {
chunked = false; chunk_size = 0;
- bodybuf.str(""); maxbody = 0;
+ bodybuf.str(""); minbody = 0; maxbody = 0;
pos = 0; state = 0; this->target = target;
hasBody = false;
buffer = "";
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/pdns-3.4.6/pdns/packethandler.cc
new/pdns-3.4.7/pdns/packethandler.cc
--- old/pdns-3.4.6/pdns/packethandler.cc 2015-08-26 11:29:42.000000000
+0200
+++ new/pdns-3.4.7/pdns/packethandler.cc 2015-11-02 11:33:21.000000000
+0100
@@ -996,6 +996,14 @@
return 0;
}
+ if(p->d.tc) { // truncated query. MOADNSParser would silently parse this
packet in an incomplete way.
+ if(d_logDNSDetails)
+ L<<Logger::Error<<"Received truncated query packet from
"<<p->getRemote()<<", dropping"<<endl;
+ S.inc("corrupt-packets");
+ S.ringAccount("remotes-corrupt", p->getRemote());
+ return 0;
+ }
+
if (p->hasEDNS() && p->getEDNSVersion() > 0) {
r = p->replyPacket();
r->setRcode(16 & 0xF);
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/pdns-3.4.6/pdns/pdns.conf-dist
new/pdns-3.4.7/pdns/pdns.conf-dist
--- old/pdns-3.4.6/pdns/pdns.conf-dist 2015-06-09 14:29:11.000000000 +0200
+++ new/pdns-3.4.7/pdns/pdns.conf-dist 2015-11-02 14:05:07.000000000 +0100
@@ -85,6 +85,16 @@
# default-ksk-size=0
#################################
+# default-soa-edit Default SOA-EDIT value
+#
+# default-soa-edit=
+
+#################################
+# default-soa-edit-signed Default SOA-EDIT value for signed zones
+#
+# default-soa-edit-signed=
+
+#################################
# default-soa-mail mail address to insert in the SOA record if none set in
the backend
#
# default-soa-mail=
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/pdns-3.4.6/pdns/pdnssec.cc
new/pdns-3.4.7/pdns/pdnssec.cc
--- old/pdns-3.4.6/pdns/pdnssec.cc 2015-08-24 14:32:10.000000000 +0200
+++ new/pdns-3.4.7/pdns/pdnssec.cc 2015-11-02 14:05:07.000000000 +0100
@@ -133,6 +133,8 @@
::arg().set("default-ksk-size","Default KSK size (0 means default)")="0";
::arg().set("default-zsk-algorithms","Default ZSK algorithms")="rsasha256";
::arg().set("default-zsk-size","Default KSK size (0 means default)")="0";
+ ::arg().set("default-soa-edit","Default SOA-EDIT value")="";
+ ::arg().set("default-soa-edit-signed","Default SOA-EDIT value for signed
zones")="";
::arg().set("max-ent-entries", "Maximum number of empty non-terminals in a
zone")="100000";
::arg().set("module-dir","Default directory for modules")=PKGLIBDIR;
::arg().set("entropy-source", "If set, read entropy from this
file")="/dev/urandom";
@@ -665,9 +667,14 @@
cout<<"No SOA for zone '"<<zone<<"'"<<endl;
return -1;
}
+
+ if (dk.isPresigned(zone)) {
+ cerr<<"Serial increase of presigned zone '"<<zone<<"' is not
allowed."<<endl;
+ return -1;
+ }
string soaEditKind;
- dk.getFromMeta(zone, "SOA-EDIT", soaEditKind);
+ dk.getSoaEdit(zone, soaEditKind);
sd.db->lookup(QType(QType::SOA), zone);
vector<DNSResourceRecord> rrs;
@@ -2034,7 +2041,7 @@
std::vector<DNSBackend::KeyData> keys;
if (cmds.size() < 9) {
- std::cout << "Usage: pdnssec hsm assign zone algorithm ksk|zsk module
slot pin label" << std::endl;
+ std::cout << "Usage: pdnssec hsm assign zone algorithm ksk|zsk module
token pin label" << std::endl;
return 1;
}
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/pdns-3.4.6/pdns/pkcs11signers.cc
new/pdns-3.4.7/pdns/pkcs11signers.cc
--- old/pdns-3.4.6/pdns/pkcs11signers.cc 2015-06-09 14:29:11.000000000
+0200
+++ new/pdns-3.4.7/pdns/pkcs11signers.cc 2015-11-02 13:32:28.000000000
+0100
@@ -213,6 +213,7 @@
L<<Logger::Error<< msg << endl;
}
}
+
public:
Pkcs11Slot(CK_FUNCTION_LIST* functions, const CK_SLOT_ID& slot) {
CK_TOKEN_INFO tokenInfo;
@@ -260,6 +261,9 @@
CK_FUNCTION_LIST* f() { return d_functions; }
pthread_mutex_t *m() { return &d_m; }
+
+ static boost::shared_ptr<Pkcs11Slot> GetSlot(const std::string& module,
const string& tokenId);
+ static CK_RV HuntSlot(const string& tokenId, CK_SLOT_ID &slotId,
_CK_SLOT_INFO* info, CK_FUNCTION_LIST* functions);
};
class Pkcs11Token {
@@ -607,31 +611,72 @@
return d_bits;
}
- static boost::shared_ptr<Pkcs11Token> GetToken(const std::string& module,
const CK_SLOT_ID& slotId, const std::string& label);
+ static boost::shared_ptr<Pkcs11Token> GetToken(const std::string& module,
const string& tokenId, const std::string& label);
};
static std::map<std::string, boost::shared_ptr<Pkcs11Slot> > pkcs11_slots;
static std::map<std::string, boost::shared_ptr<Pkcs11Token> > pkcs11_tokens;
-boost::shared_ptr<Pkcs11Token> Pkcs11Token::GetToken(const std::string&
module, const CK_SLOT_ID& slotId, const std::string& label) {
+CK_RV Pkcs11Slot::HuntSlot(const string& tokenId, CK_SLOT_ID &slotId,
_CK_SLOT_INFO* info, CK_FUNCTION_LIST* functions)
+{
+ CK_RV err;
+ unsigned long slots;
+ _CK_TOKEN_INFO tinfo;
+
+ // go thru all slots
+ // this is required by certain tokens, otherwise C_GetSlotInfo will not
return a token
+ err = functions->C_GetSlotList(CK_FALSE, NULL_PTR, &slots);
+ if (err) {
+ L<<Logger::Warning<<"C_GetSlotList(CK_FALSE, NULL_PTR, &slots) = " << err
<< std::endl;
+ return err;
+ }
+
+ // iterate all slots
+ for(slotId=0;slotId<slots;slotId++) {
+ if ((err = functions->C_GetSlotInfo(slotId, info))) {
+ L<<Logger::Warning<<"C_GetSlotList("<<slotId<<", info) = " << err <<
std::endl;
+ return err;
+ }
+ if ((err = functions->C_GetTokenInfo(slotId, &tinfo))) {
+ L<<Logger::Warning<<"C_GetSlotList("<<slotId<<", &tinfo) = " << err <<
std::endl;
+ return err;
+ }
+ std::string slotName;
+ slotName.assign(reinterpret_cast<char*>(tinfo.label), 32);
+ // trim it
+ boost::trim(slotName);
+ if (boost::iequals(slotName, tokenId)) {
+ return 0;
+ }
+ }
+
+ // see if we can find it with slotId
+ try {
+ slotId = boost::lexical_cast<int>(tokenId);
+ if ((err = functions->C_GetSlotInfo(slotId, info))) {
+ L<<Logger::Warning<<"C_GetSlotList("<<slotId<<", info) = " << err <<
std::endl;
+ return err;
+ }
+ L<<Logger::Warning<<"Specifying PKCS#11 token by SLOT ID is deprecated and
should not be used"<<std::endl;
+ return 0;
+ } catch (...) {
+ return CK_UNAVAILABLE_INFORMATION;
+ }
+ return CK_UNAVAILABLE_INFORMATION;
+}
+
+boost::shared_ptr<Pkcs11Slot> Pkcs11Slot::GetSlot(const std::string& module,
const string& tokenId) {
// see if we can find module
- std::string tidx = module;
- tidx.append("|");
- tidx.append(boost::lexical_cast<std::string>(slotId));
- std::string sidx = tidx;
- tidx.append("|");
- tidx.append(label);
- std::map<std::string, boost::shared_ptr<Pkcs11Token> >::iterator tokenIter;
+ std::string sidx = module;
+ sidx.append("|");
+ sidx.append(tokenId);
std::map<std::string, boost::shared_ptr<Pkcs11Slot> >::iterator slotIter;
CK_RV err;
CK_FUNCTION_LIST* functions;
- if ((tokenIter = pkcs11_tokens.find(tidx)) != pkcs11_tokens.end()) return
tokenIter->second;
-
// see if we have slot
if ((slotIter = pkcs11_slots.find(sidx)) != pkcs11_slots.end()) {
- pkcs11_tokens[tidx] = boost::make_shared<Pkcs11Token>(slotIter->second,
label);
- return pkcs11_tokens[tidx];
+ return slotIter->second;
}
#ifdef HAVE_P11KIT1_V2
@@ -644,23 +689,30 @@
// try to locate a slot
_CK_SLOT_INFO info;
- unsigned long slots;
-
- // this is required by certain tokens, otherwise C_GetSlotInfo will not
return a token
- err = functions->C_GetSlotList(CK_FALSE, NULL_PTR, &slots);
- if (err)
- L<<Logger::Warning<<"C_GetSlotList(CK_FALSE, NULL_PTR, &slots) = " << err
<< std::endl;
+ CK_SLOT_ID slotId;
- if ((err = functions->C_GetSlotInfo(slotId, &info))) {
- throw PDNSException(std::string("Cannot find PKCS#11 slot ") +
boost::lexical_cast<std::string>(slotId) + std::string(" on module ") + module
+ std::string(": error code ") + boost::lexical_cast<std::string>(err));
+ if ((err = Pkcs11Slot::HuntSlot(tokenId, slotId, &info, functions))) {
+ throw PDNSException(std::string("Cannot find PKCS#11 token ") + tokenId +
std::string(" on module ") + module + std::string(": error code ") +
boost::lexical_cast<std::string>(err));
}
// store slot
pkcs11_slots[sidx] = boost::make_shared<Pkcs11Slot>(functions, slotId);
- // looks ok to me.
- pkcs11_tokens[tidx] = boost::make_shared<Pkcs11Token>(pkcs11_slots[sidx],
label);
+ return pkcs11_slots[sidx];
+}
+boost::shared_ptr<Pkcs11Token> Pkcs11Token::GetToken(const std::string&
module, const string& tokenId, const std::string& label) {
+ // see if we can find module
+ std::string tidx = module;
+ tidx.append("|");
+ tidx.append(boost::lexical_cast<std::string>(tokenId));
+ tidx.append("|");
+ tidx.append(label);
+ std::map<std::string, boost::shared_ptr<Pkcs11Token> >::iterator tokenIter;
+ if ((tokenIter = pkcs11_tokens.find(tidx)) != pkcs11_tokens.end()) return
tokenIter->second;
+
+ boost::shared_ptr<Pkcs11Slot> slot = Pkcs11Slot::GetSlot(module, tokenId);
+ pkcs11_tokens[tidx] = boost::make_shared<Pkcs11Token>(slot, label);
return pkcs11_tokens[tidx];
}
@@ -677,6 +729,14 @@
Pkcs11Token::~Pkcs11Token() {
}
+bool PKCS11ModuleSlotLogin(const std::string& module, const string& tokenId,
const std::string& pin)
+{
+ boost::shared_ptr<Pkcs11Slot> slot;
+ slot = Pkcs11Slot::GetSlot(module, tokenId);
+ if (slot->LoggedIn()) return true; // no point failing
+ return slot->Login(pin);
+}
+
PKCS11DNSCryptoKeyEngine::PKCS11DNSCryptoKeyEngine(unsigned int algorithm):
DNSCryptoKeyEngine(algorithm) {}
PKCS11DNSCryptoKeyEngine::~PKCS11DNSCryptoKeyEngine() {}
PKCS11DNSCryptoKeyEngine::PKCS11DNSCryptoKeyEngine(const
PKCS11DNSCryptoKeyEngine& orig) : DNSCryptoKeyEngine(orig.d_algorithm) {}
@@ -866,7 +926,7 @@
boost::assign::push_back(storvect)
(make_pair("Algorithm", boost::lexical_cast<std::string>(d_algorithm)))
(make_pair("Engine", d_module))
- (make_pair("Slot", boost::lexical_cast<std::string>(d_slot_id)))
+ (make_pair("Slot", d_slot_id))
(make_pair("PIN", d_pin))
(make_pair("Label", d_label));
return storvect;
@@ -875,7 +935,8 @@
void PKCS11DNSCryptoKeyEngine::fromISCMap(DNSKEYRecordContent& drc, stormap_t&
stormap) {
drc.d_algorithm = atoi(stormap["algorithm"].c_str());
d_module = stormap["engine"];
- d_slot_id = atoi(stormap["slot"].c_str());
+ d_slot_id = stormap["slot"];
+ boost::trim(d_slot_id);
d_pin = stormap["pin"];
d_label = stormap["label"];
// validate parameters
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/pdns-3.4.6/pdns/pkcs11signers.hh
new/pdns-3.4.7/pdns/pkcs11signers.hh
--- old/pdns-3.4.6/pdns/pkcs11signers.hh 2015-06-09 14:29:11.000000000
+0200
+++ new/pdns-3.4.7/pdns/pkcs11signers.hh 2015-11-02 13:32:28.000000000
+0100
@@ -2,7 +2,7 @@
{
protected:
std::string d_module;
- unsigned long d_slot_id;
+ std::string d_slot_id;
std::string d_pin;
std::string d_label;
@@ -41,3 +41,4 @@
static DNSCryptoKeyEngine* maker(unsigned int algorithm);
};
+bool PKCS11ModuleSlotLogin(const std::string& module, const string& tokenId,
const std::string& pin);
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/pdns-3.4.6/pdns/qtype.hh new/pdns-3.4.7/pdns/qtype.hh
--- old/pdns-3.4.6/pdns/qtype.hh 2015-06-09 14:29:12.000000000 +0200
+++ new/pdns-3.4.7/pdns/qtype.hh 2015-11-02 13:32:28.000000000 +0100
@@ -82,7 +82,7 @@
#undef DS
enum typeenum {A=1, NS=2, CNAME=5, SOA=6, MR=9, PTR=12, HINFO=13, MX=15,
TXT=16, RP=17, AFSDB=18, SIG=24, KEY=25, AAAA=28, LOC=29, SRV=33, NAPTR=35,
KX=36,
CERT=37, A6=38, DNAME=39, OPT=41, DS=43, SSHFP=44,
IPSECKEY=45, RRSIG=46, NSEC=47, DNSKEY=48, DHCID=49, NSEC3=50, NSEC3PARAM=51,
- TLSA=52, SPF=99, EUI48=108, EUI64=109, TKEY=249, TSIG=250, IXFR=251,
AXFR=252, MAILB=253, MAILA=254, ANY=255, URL=256, MBOXFW=257, CURL=258,
ADDR=259, DLV=32769} types;
+ TLSA=52, OPENPGPKEY=61, SPF=99, EUI48=108, EUI64=109, TKEY=249, TSIG=250,
IXFR=251, AXFR=252, MAILB=253, MAILA=254, ANY=255, URL=256, MBOXFW=257,
CURL=258, ADDR=259, DLV=32769} types;
typedef pair<string,uint16_t> namenum;
static vector<namenum> names;
@@ -153,6 +153,7 @@
qtype_insert("NSEC3", 50);
qtype_insert("NSEC3PARAM", 51);
qtype_insert("TLSA", 52);
+ qtype_insert("OPENPGPKEY", 61);
qtype_insert("SPF", 99);
qtype_insert("EUI48", 108);
qtype_insert("EUI64", 109);
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/pdns-3.4.6/pdns/rfc2136handler.cc
new/pdns-3.4.7/pdns/rfc2136handler.cc
--- old/pdns-3.4.6/pdns/rfc2136handler.cc 2015-06-09 14:29:12.000000000
+0200
+++ new/pdns-3.4.7/pdns/rfc2136handler.cc 2015-11-02 14:05:07.000000000
+0100
@@ -955,13 +955,13 @@
if (!soaEdit2136Setting.empty()) {
soaEdit2136 = soaEdit2136Setting[0];
if (pdns_iequals(soaEdit2136, "SOA-EDIT") ||
pdns_iequals(soaEdit2136,"SOA-EDIT-INCREASE") ){
- vector<string> soaEditSetting;
- B.getDomainMetadata(di->zone, "SOA-EDIT", soaEditSetting);
+ string soaEditSetting;
+ d_dk.getSoaEdit(di->zone, soaEditSetting);
if (soaEditSetting.empty()) {
L<<Logger::Error<<msgPrefix<<"Using "<<soaEdit2136<<" for
SOA-EDIT-DNSUPDATE increase on DNS update, but SOA-EDIT is not set for domain
\""<< di->zone <<"\". Using DEFAULT for SOA-EDIT-DNSUPDATE"<<endl;
soaEdit2136 = "DEFAULT";
} else
- soaEdit = soaEditSetting[0];
+ soaEdit = soaEditSetting;
}
}
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/pdns-3.4.6/pdns/serialtweaker.cc
new/pdns-3.4.7/pdns/serialtweaker.cc
--- old/pdns-3.4.6/pdns/serialtweaker.cc 2015-06-09 14:29:12.000000000
+0200
+++ new/pdns-3.4.7/pdns/serialtweaker.cc 2015-11-02 14:05:07.000000000
+0100
@@ -42,7 +42,7 @@
BOOST_FOREACH(DNSResourceRecord& rr, rrs) {
if(rr.qtype.getCode() == QType::SOA && pdns_iequals(rr.qname,qname)) {
string kind;
- dk.getFromMeta(qname, "SOA-EDIT", kind);
+ dk.getSoaEdit(qname, kind);
return editSOARecord(rr, kind);
}
}
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/pdns-3.4.6/pdns/signingpipe.cc
new/pdns-3.4.7/pdns/signingpipe.cc
--- old/pdns-3.4.6/pdns/signingpipe.cc 2015-06-09 14:29:13.000000000 +0200
+++ new/pdns-3.4.7/pdns/signingpipe.cc 2015-11-03 13:26:30.000000000 +0100
@@ -109,16 +109,17 @@
namespace {
bool dedupLessThan(const DNSResourceRecord& a, const DNSResourceRecord &b)
{
- if(tie(a.content, a.ttl) < tie(b.content, b.ttl))
- return true;
- if(a.qtype.getCode() == QType::MX || a.qtype.getCode() == QType::SRV)
- return a.priority < b.priority;
- return false;
+ uint16_t aprio = 0, bprio = 0;
+ if (a.qtype.getCode() == QType::MX || a.qtype.getCode() == QType::SRV)
+ aprio = a.priority;
+ if (b.qtype.getCode() == QType::MX || b.qtype.getCode() == QType::SRV)
+ bprio = b.priority;
+ return tie(a.content, aprio) < tie(b.content, bprio);
}
bool dedupEqual(const DNSResourceRecord& a, const DNSResourceRecord &b)
{
- if(tie(a.content, a.ttl) != tie(b.content, b.ttl))
+ if(a.content != b.content)
return false;
if(a.qtype.getCode() == QType::MX || a.qtype.getCode() == QType::SRV)
return a.priority == b.priority;
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/pdns-3.4.6/pdns/tcpreceiver.cc
new/pdns-3.4.7/pdns/tcpreceiver.cc
--- old/pdns-3.4.6/pdns/tcpreceiver.cc 2015-06-09 14:29:13.000000000 +0200
+++ new/pdns-3.4.7/pdns/tcpreceiver.cc 2015-11-02 14:05:07.000000000 +0100
@@ -700,7 +700,8 @@
}
rrs.push_back(rr);
} else {
- L<<Logger::Warning<<"Zone '"<<target<<"' contains out-of-zone data
'"<<rr.qname<<"'|"<<rr.qtype.getName()<<"', ignoring"<<endl;
+ if (rr.qtype.getCode())
+ L<<Logger::Warning<<"Zone '"<<target<<"' contains out-of-zone data
'"<<rr.qname<<"|"<<rr.qtype.getName()<<"', ignoring"<<endl;
continue;
}
}
@@ -1021,7 +1022,7 @@
}
string soaedit;
- dk.getFromMeta(target, "SOA-EDIT", soaedit);
+ dk.getSoaEdit(target, soaedit);
if (!rfc1982LessThan(serial, calculateEditSOA(sd, soaedit))) {
TSIGRecordContent trc;
string tsigkeyname, tsigsecret;
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/pdns-3.4.6/pdns/test-dnsrecords_cc.cc
new/pdns-3.4.7/pdns/test-dnsrecords_cc.cc
--- old/pdns-3.4.6/pdns/test-dnsrecords_cc.cc 2015-06-09 14:29:13.000000000
+0200
+++ new/pdns-3.4.7/pdns/test-dnsrecords_cc.cc 2015-11-02 13:32:28.000000000
+0100
@@ -160,6 +160,8 @@
(CASE_S(QType::TLSA, "3 0 0
308201f43082015da003020102020900ac547c5557870ec7300d06092a864886f70d010105050030133111300f06035504030c087265632e74657374301e170d3133303531323139343830395a170d3133303631313139343830395a30133111300f06035504030c087265632e7465737430819f300d06092a864886f70d010101050003818d0030818902818100d282bb968dfdec0e5d13dfcc0a36ed73178581424e10a37c89d3014204933b3a8c1159fdecb221afe4168883d2d00ac1f15fca4614fbd5e05de2e37ad0fbad8b7748dddbcf30b39e80466c61c733415e72b9f42d5fad0bf35f041eb5631eded00314c66c4878b351416e5c6b9096f2a7088a24387e5d0149c523739f84f502c70203010001a350304e301d0603551d0e0416041473715bbfd9bc2b824112f858586f166aafb99482301f0603551d2304183016801473715bbfd9bc2b824112f858586f166aafb99482300c0603551d13040530030101ff300d06092a864886f70d0101050500038181005550f1d64139ab0e86c5b303fc69015d1676ca95931071ae41884656c71c116a38138ecf63054b350dc78983cb4a83288dbc81c5a659a56cc6843d5452c3e98449b94a0cf0c0cd7190c96caa5f0ee9a3bef7e75002be4a233673852bdf1a5fd306a7080eb4fead9b3ad162074b5f007e9156e220302dea8c700868a12577e7c4",
"\x03\x00\x00\x30\x82\x01\xf4\x30\x82\x01\x5d\xa0\x03\x02\x01\x02\x02\x09\x00\xac\x54\x7c\x55\x57\x87\x0e\xc7\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x05\x05\x00\x30\x13\x31\x11\x30\x0f\x06\x03\x55\x04\x03\x0c\x08\x72\x65\x63\x2e\x74\x65\x73\x74\x30\x1e\x17\x0d\x31\x33\x30\x35\x31\x32\x31\x39\x34\x38\x30\x39\x5a\x17\x0d\x31\x33\x30\x36\x31\x31\x31\x39\x34\x38\x30\x39\x5a\x30\x13\x31\x11\x30\x0f\x06\x03\x55\x04\x03\x0c\x08\x72\x65\x63\x2e\x74\x65\x73\x74\x30\x81\x9f\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x01\x05\x00\x03\x81\x8d\x00\x30\x81\x89\x02\x81\x81\x00\xd2\x82\xbb\x96\x8d\xfd\xec\x0e\x5d\x13\xdf\xcc\x0a\x36\xed\x73\x17\x85\x81\x42\x4e\x10\xa3\x7c\x89\xd3\x01\x42\x04\x93\x3b\x3a\x8c\x11\x59\xfd\xec\xb2\x21\xaf\xe4\x16\x88\x83\xd2\xd0\x0a\xc1\xf1\x5f\xca\x46\x14\xfb\xd5\xe0\x5d\xe2\xe3\x7a\xd0\xfb\xad\x8b\x77\x48\xdd\xdb\xcf\x30\xb3\x9e\x80\x46\x6c\x61\xc7\x33\x41\x5e\x72\xb9\xf4\x2d\x5f\xad\x0b\xf3\x5f\x04\x1e\xb5\x63\x1e\xde\xd0\x03\x14\xc6\x6c\x48\x78\xb3\x51\x41\x6e\x5c\x6b\x90\x96\xf2\xa7\x08\x8a\x24\x38\x7e\x5d\x01\x49\xc5\x23\x73\x9f\x84\xf5\x02\xc7\x02\x03\x01\x00\x01\xa3\x50\x30\x4e\x30\x1d\x06\x03\x55\x1d\x0e\x04\x16\x04\x14\x73\x71\x5b\xbf\xd9\xbc\x2b\x82\x41\x12\xf8\x58\x58\x6f\x16\x6a\xaf\xb9\x94\x82\x30\x1f\x06\x03\x55\x1d\x23\x04\x18\x30\x16\x80\x14\x73\x71\x5b\xbf\xd9\xbc\x2b\x82\x41\x12\xf8\x58\x58\x6f\x16\x6a\xaf\xb9\x94\x82\x30\x0c\x06\x03\x55\x1d\x13\x04\x05\x30\x03\x01\x01\xff\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x05\x05\x00\x03\x81\x81\x00\x55\x50\xf1\xd6\x41\x39\xab\x0e\x86\xc5\xb3\x03\xfc\x69\x01\x5d\x16\x76\xca\x95\x93\x10\x71\xae\x41\x88\x46\x56\xc7\x1c\x11\x6a\x38\x13\x8e\xcf\x63\x05\x4b\x35\x0d\xc7\x89\x83\xcb\x4a\x83\x28\x8d\xbc\x81\xc5\xa6\x59\xa5\x6c\xc6\x84\x3d\x54\x52\xc3\xe9\x84\x49\xb9\x4a\x0c\xf0\xc0\xcd\x71\x90\xc9\x6c\xaa\x5f\x0e\xe9\xa3\xbe\xf7\xe7\x50\x02\xbe\x4a\x23\x36\x73\x85\x2b\xdf\x1a\x5f\xd3\x06\xa7\x08\x0e\xb4\xfe\xad\x9b\x3a\xd1\x62\x07\x4b\x5f\x00\x7e\x91\x56\xe2\x20\x30\x2d\xea\x8c\x70\x08\x68\xa1\x25\x77\xe7\xc4",false))
(CASE_S(QType::TLSA, "3 1 0
30819f300d06092a864886f70d010101050003818d0030818902818100d282bb968dfdec0e5d13dfcc0a36ed73178581424e10a37c89d3014204933b3a8c1159fdecb221afe4168883d2d00ac1f15fca4614fbd5e05de2e37ad0fbad8b7748dddbcf30b39e80466c61c733415e72b9f42d5fad0bf35f041eb5631eded00314c66c4878b351416e5c6b9096f2a7088a24387e5d0149c523739f84f502c70203010001",
"\x03\x01\x00\x30\x81\x9f\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x01\x05\x00\x03\x81\x8d\x00\x30\x81\x89\x02\x81\x81\x00\xd2\x82\xbb\x96\x8d\xfd\xec\x0e\x5d\x13\xdf\xcc\x0a\x36\xed\x73\x17\x85\x81\x42\x4e\x10\xa3\x7c\x89\xd3\x01\x42\x04\x93\x3b\x3a\x8c\x11\x59\xfd\xec\xb2\x21\xaf\xe4\x16\x88\x83\xd2\xd0\x0a\xc1\xf1\x5f\xca\x46\x14\xfb\xd5\xe0\x5d\xe2\xe3\x7a\xd0\xfb\xad\x8b\x77\x48\xdd\xdb\xcf\x30\xb3\x9e\x80\x46\x6c\x61\xc7\x33\x41\x5e\x72\xb9\xf4\x2d\x5f\xad\x0b\xf3\x5f\x04\x1e\xb5\x63\x1e\xde\xd0\x03\x14\xc6\x6c\x48\x78\xb3\x51\x41\x6e\x5c\x6b\x90\x96\xf2\xa7\x08\x8a\x24\x38\x7e\x5d\x01\x49\xc5\x23\x73\x9f\x84\xf5\x02\xc7\x02\x03\x01\x00\x01",false))
+ (CASE_S(QType::OPENPGPKEY,
"mQINBFUIXh0BEADNPlL6NpWEaR2KJx6p19scIVpsBIo7UqzCIzeFbRJaGDhn/HlQgcwAalcVNmWUX0ZQsrdn9CEfLWuFu9ON2o1TslYiwn+oSAlH2raFm2eyJTp/iM7IUUCte5jmf3d+L9rjVI7JjmMnbVo6SVY2KDDD72dULcg7IqYcCAN4CT+tPZP5y4cYf+DxRlpxhxvqqiGyAi6lAcJ24/8fJ4hsG0lS1vU12LWeWTHa5aRMM+x9kmv3GYdXG+FxFqZw52kZEnAscpC2ymbX+1YFCr8sjGYGde/D+5cLvuu4PGNZ4fkSeS+0yXve/s6u1mX6RkkF6SOGWuJfBJOGdWzYwber9kqgqpHTjpr8HOybzVroBijtTlB/tommIUd4BTk9Jv4fv2gA4UkC13UM9KBF1NnzUnKC+Js49O3mj0HZDoCrkWMnZyDsEmhMyQPU6YRFHWmB6OTKeD/Znk+b1uz+HIBgrbNuiG/A0c00Vnj7lR4p94oOuypI00XusLsJwPsjI4EgFGKdoRtM0spJhi+3gf88Vq0NENBaFVHLBGWVFaVrffurGcDZYUAdnvm8jSPCgBPfFxpZutexNkLjyaaXjDtga5/n5gSd/3RpWCvp9u3W5jcTNDZF4TORnOXUWHcot/+XmyH8/+cn8ydt0prOLGQ+FtdI+AWyMCXHen6aaZ1jeSLZqwARAQABtFpwZG5zIHJlZ3Jlc3Npb24gdGVzdGluZyBrZXkgKG9ubHkgZm9yIHRlc3RpbmcgdGhlIG9wZW5wZ3BrZXkgcnIpIDxyZWdyZXNzaW9uQHBvd2VyZG5zLm9yZz6JAjcEEwEIACEFAlUIXh0CGwMFCwkIBwIGFQgJCgsCBBYCAwECHgECF4AACgkQPr/KqoyK2Z7A6Q//YOBu8nwt+fguSo/vyCln0PqnTiBm4RvE2gPDUnsKuoXoP5F56XHBXKl9kEgmycht/nc7c7NRHzUhacM2RQau6CgNZE8KLaqDTKlEuc/ANtrnGGYG8gMId4TlzU5taLEA8yrHIHnwnMuDDpx1a0ETkbYCrj7CynqdhXCABqFjgRL7Qb37UnLPE7YdFt7fRGwZVLnb3GVZLKHurZ0TANvLdRVDST3f0lCcYMppPbHAvi2MIU71FPGkms++tj4gTltq0VRvrMNm1e5v4+hHZ++QN4sm4+DJGlo7l850gnMXc7c7GkRGtg8gV0h5k5jX5icdgxyvENTuBQ+QprkYTRh9uYzpoTQ+NYRZlgaJxxaDIv1K/kb3oPtnAEKJBC02IZbB0EiS3R5pxYXhUNoWV7ez2A4hX1L+tfvlgCAbbQ/cBLvqXgpgsf9x4ygSi52vQBy3twZyrtLsogxacxADfPcyleHtju/+lSku+Z6+W6OojA0kY2HlaMyQATJLIXd+6NE/tYy70RsU9Oq0OyVTjxh21SPLsExeSwSfciVSLn7IuKGIOV82MEHFhpo1Uhv+G52J8T1fI730sS4Tl5DekLaCz1pg/FmI/EQeAsYqm98uDAaFQcs6gDse8VYGmp2XYsoCW72as8ElKmMIbQ/xD7qxDORLmjCtVoyKH19+s6Pp61a5Ag0EVQheHQEQAMN6pcLJUhw9bfO5kqhLv4prt0AqVBUok6U8tIaEc9vDaasBcFHXgPsoOG97DXB6BdvsHuK/5uMVH5PNe58MLp08iCoIt0C0CbN3+D9Qbeg37AyKyFanB/CXq1tPKVCJc6BMNkO/BswnUsTTmlcd4GovpaJUOOZzblGUQBbhzRohhmOGfdsScGeeYME/yNFqzt1ZArV4va1hOLOUpNFv9TOy0ZVi/yDi+sYA9fCSZU9alWI/cbBct5I+3bh1l26umlZsYQm8uqnSgiQWpRm6UJO6xQbmUN9GzCYyKCmpzZRduqqjjtiF10W1yzioTfTtq2cvU6PdINYY8w2UuOjRd9gChtvGuduOIwqlRTYSaXX1dDoFe1vWqZzRm+pIDumO9eX5jMmzFXLDG2pD2l97zoSjVFf/pYoBasgX43e3V/aEk9PUgXbYFm2QxFMcIYSO9GEDMoE+QxoMXf1UjLxMCK5gD5iHL3Ff2zyXLzlTZE+fHPMLcAkzcp2u6pJ9xpAGekqqeqnISXZ2o8yXsqv8NVvl1zaSiSqU+kak9mIg/2+WC9W1qO2PeSLW2tiis980QnmyDOBg2oL01ITh/u+GTodEGwfRYJoNAJgUjcUMpWl0LuoG8lG6wukhA4QYFWpf2QPVgTR63VbpFgwCnUcSEPqHB0BRCsDHsd0k+/YSuPolABEBAAGJAh8EGAEIAAkFAlUIXh0CGwwACgkQPr/KqoyK2Z6zPA/+PkJTzP8kQw4GW0x2ZxXfOmkRVYpSEoHehf6y9YFN00+T8pb71RGItvuX5v6oPKPClOnIVg2WVHOq6Q3HsXEzl7oIbOtPE98WXHiVXud/djc54uHz9WjSPfy/idP7SMslo29BHR/K9nQkiGtayD57wdxgbLXObE3fA0gl4AsWl1EZzNcWVL4SIrvnBGpYIUGBcsTIiP3p09bu4Qf6HjJRXZlBuizigIgeO39l/G6tb6GA1cnbq4y6aCtQeXHLrnvak1jRqznlJWUqS1mQgOPF1MuOduHAvQbfMBQXAEfgOTzuH9PuKoGm7MePwTrU5GsOpNgS4LbvIRODJxYD+vIwA5BniijgfN9aj9KQVMURrd4Np7i0EVmj8P9FtNgYsEaDt7laGpNB9+9Y9heb6kNEulF7KI7y8CKikgvFGHHCyX2BCCbQBqi6wbEGq16qkTJmesYu9ig4v4xD/Q/cLJFziJLjEcWsL7hq7q2o6e7NL6hf5aTH0/bdeMXMqRzDCAFQ5Z+x0QUCgVonxzj+CuTD/LeOs/QHu/9emvm9EOMYY/X9vidLf58PT/AMqMiYbNWty6qY6k2LMw74Yd4+hO+Tjrk8MrqbCUs9h6ih9IOCo68JTWQQbgWSk2TAyd3U4OqTyBnHWr0HhHDRTOxyDbZUtXbk/r4Q4gTcAt+qjpswPyk=",
"\x99\x02\x0d\x04\x55\x08\x5e\x1d\x01\x10\x00\xcd\x3e\x52\xfa\x36\x95\x84\x69\x1d\x8a\x27\x1e\xa9\xd7\xdb\x1c\x21\x5a\x6c\x04\x8a\x3b\x52\xac\xc2\x23\x37\x85\x6d\x12\x5a\x18\x38\x67\xfc\x79\x50\x81\xcc\x00\x6a\x57\x15\x36\x65\x94\x5f\x46\x50\xb2\xb7\x67\xf4\x21\x1f\x2d\x6b\x85\xbb\xd3\x8d\xda\x8d\x53\xb2\x56\x22\xc2\x7f\xa8\x48\x09\x47\xda\xb6\x85\x9b\x67\xb2\x25\x3a\x7f\x88\xce\xc8\x51\x40\xad\x7b\x98\xe6\x7f\x77\x7e\x2f\xda\xe3\x54\x8e\xc9\x8e\x63\x27\x6d\x5a\x3a\x49\x56\x36\x28\x30\xc3\xef\x67\x54\x2d\xc8\x3b\x22\xa6\x1c\x08\x03\x78\x09\x3f\xad\x3d\x93\xf9\xcb\x87\x18\x7f\xe0\xf1\x46\x5a\x71\x87\x1b\xea\xaa\x21\xb2\x02\x2e\xa5\x01\xc2\x76\xe3\xff\x1f\x27\x88\x6c\x1b\x49\x52\xd6\xf5\x35\xd8\xb5\x9e\x59\x31\xda\xe5\xa4\x4c\x33\xec\x7d\x92\x6b\xf7\x19\x87\x57\x1b\xe1\x71\x16\xa6\x70\xe7\x69\x19\x12\x70\x2c\x72\x90\xb6\xca\x66\xd7\xfb\x56\x05\x0a\xbf\x2c\x8c\x66\x06\x75\xef\xc3\xfb\x97\x0b\xbe\xeb\xb8\x3c\x63\x59\xe1\xf9\x12\x79\x2f\xb4\xc9\x7b\xde\xfe\xce\xae\xd6\x65\xfa\x46\x49\x05\xe9\x23\x86\x5a\xe2\x5f\x04\x93\x86\x75\x6c\xd8\xc1\xb7\xab\xf6\x4a\xa0\xaa\x91\xd3\x8e\x9a\xfc\x1c\xec\x9b\xcd\x5a\xe8\x06\x28\xed\x4e\x50\x7f\xb6\x89\xa6\x21\x47\x78\x05\x39\x3d\x26\xfe\x1f\xbf\x68\x00\xe1\x49\x02\xd7\x75\x0c\xf4\xa0\x45\xd4\xd9\xf3\x52\x72\x82\xf8\x9b\x38\xf4\xed\xe6\x8f\x41\xd9\x0e\x80\xab\x91\x63\x27\x67\x20\xec\x12\x68\x4c\xc9\x03\xd4\xe9\x84\x45\x1d\x69\x81\xe8\xe4\xca\x78\x3f\xd9\x9e\x4f\x9b\xd6\xec\xfe\x1c\x80\x60\xad\xb3\x6e\x88\x6f\xc0\xd1\xcd\x34\x56\x78\xfb\x95\x1e\x29\xf7\x8a\x0e\xbb\x2a\x48\xd3\x45\xee\xb0\xbb\x09\xc0\xfb\x23\x23\x81\x20\x14\x62\x9d\xa1\x1b\x4c\xd2\xca\x49\x86\x2f\xb7\x81\xff\x3c\x56\xad\x0d\x10\xd0\x5a\x15\x51\xcb\x04\x65\x95\x15\xa5\x6b\x7d\xfb\xab\x19\xc0\xd9\x61\x40\x1d\x9e\xf9\xbc\x8d\x23\xc2\x80\x13\xdf\x17\x1a\x59\xba\xd7\xb1\x36\x42\xe3\xc9\xa6\x97\x8c\x3b\x60\x6b\x9f\xe7\xe6\x04\x9d\xff\x74\x69\x58\x2b\xe9\xf6\xed\xd6\xe6\x37\x13\x34\x36\x45\xe1\x33\x91\x9c\xe5\xd4\x58\x77\x28\xb7\xff\x97\x9b\x21\xfc\xff\xe7\x27\xf3\x27\x6d\xd2\x9a\xce\x2c\x64\x3e\x16\xd7\x48\xf8\x05\xb2\x30\x25\xc7\x7a\x7e\x9a\x69\x9d\x63\x79\x22\xd9\xab\x00\x11\x01\x00\x01\xb4\x5a\x70\x64\x6e\x73\x20\x72\x65\x67\x72\x65\x73\x73\x69\x6f\x6e\x20\x74\x65\x73\x74\x69\x6e\x67\x20\x6b\x65\x79\x20\x28\x6f\x6e\x6c\x79\x20\x66\x6f\x72\x20\x74\x65\x73\x74\x69\x6e\x67\x20\x74\x68\x65\x20\x6f\x70\x65\x6e\x70\x67\x70\x6b\x65\x79\x20\x72\x72\x29\x20\x3c\x72\x65\x67\x72\x65\x73\x73\x69\x6f\x6e\x40\x70\x6f\x77\x65\x72\x64\x6e\x73\x2e\x6f\x72\x67\x3e\x89\x02\x37\x04\x13\x01\x08\x00\x21\x05\x02\x55\x08\x5e\x1d\x02\x1b\x03\x05\x0b\x09\x08\x07\x02\x06\x15\x08\x09\x0a\x0b\x02\x04\x16\x02\x03\x01\x02\x1e\x01\x02\x17\x80\x00\x0a\x09\x10\x3e\xbf\xca\xaa\x8c\x8a\xd9\x9e\xc0\xe9\x0f\xff\x60\xe0\x6e\xf2\x7c\x2d\xf9\xf8\x2e\x4a\x8f\xef\xc8\x29\x67\xd0\xfa\xa7\x4e\x20\x66\xe1\x1b\xc4\xda\x03\xc3\x52\x7b\x0a\xba\x85\xe8\x3f\x91\x79\xe9\x71\xc1\x5c\xa9\x7d\x90\x48\x26\xc9\xc8\x6d\xfe\x77\x3b\x73\xb3\x51\x1f\x35\x21\x69\xc3\x36\x45\x06\xae\xe8\x28\x0d\x64\x4f\x0a\x2d\xaa\x83\x4c\xa9\x44\xb9\xcf\xc0\x36\xda\xe7\x18\x66\x06\xf2\x03\x08\x77\x84\xe5\xcd\x4e\x6d\x68\xb1\x00\xf3\x2a\xc7\x20\x79\xf0\x9c\xcb\x83\x0e\x9c\x75\x6b\x41\x13\x91\xb6\x02\xae\x3e\xc2\xca\x7a\x9d\x85\x70\x80\x06\xa1\x63\x81\x12\xfb\x41\xbd\xfb\x52\x72\xcf\x13\xb6\x1d\x16\xde\xdf\x44\x6c\x19\x54\xb9\xdb\xdc\x65\x59\x2c\xa1\xee\xad\x9d\x13\x00\xdb\xcb\x75\x15\x43\x49\x3d\xdf\xd2\x50\x9c\x60\xca\x69\x3d\xb1\xc0\xbe\x2d\x8c\x21\x4e\xf5\x14\xf1\xa4\x9a\xcf\xbe\xb6\x3e\x20\x4e\x5b\x6a\xd1\x54\x6f\xac\xc3\x66\xd5\xee\x6f\xe3\xe8\x47\x67\xef\x90\x37\x8b\x26\xe3\xe0\xc9\x1a\x5a\x3b\x97\xce\x74\x82\x73\x17\x73\xb7\x3b\x1a\x44\x46\xb6\x0f\x20\x57\x48\x79\x93\x98\xd7\xe6\x27\x1d\x83\x1c\xaf\x10\xd4\xee\x05\x0f\x90\xa6\xb9\x18\x4d\x18\x7d\xb9\x8c\xe9\xa1\x34\x3e\x35\x84\x59\x96\x06\x89\xc7\x16\x83\x22\xfd\x4a\xfe\x46\xf7\xa0\xfb\x67\x00\x42\x89\x04\x2d\x36\x21\x96\xc1\xd0\x48\x92\xdd\x1e\x69\xc5\x85\xe1\x50\xda\x16\x57\xb7\xb3\xd8\x0e\x21\x5f\x52\xfe\xb5\xfb\xe5\x80\x20\x1b\x6d\x0f\xdc\x04\xbb\xea\x5e\x0a\x60\xb1\xff\x71\xe3\x28\x12\x8b\x9d\xaf\x40\x1c\xb7\xb7\x06\x72\xae\xd2\xec\xa2\x0c\x5a\x73\x10\x03\x7c\xf7\x32\x95\xe1\xed\x8e\xef\xfe\x95\x29\x2e\xf9\x9e\xbe\x5b\xa3\xa8\x8c\x0d\x24\x63\x61\xe5\x68\xcc\x90\x01\x32\x4b\x21\x77\x7e\xe8\xd1\x3f\xb5\x8c\xbb\xd1\x1b\x14\xf4\xea\xb4\x3b\x25\x53\x8f\x18\x76\xd5\x23\xcb\xb0\x4c\x5e\x4b\x04\x9f\x72\x25\x52\x2e\x7e\xc8\xb8\xa1\x88\x39\x5f\x36\x30\x41\xc5\x86\x9a\x35\x52\x1b\xfe\x1b\x9d\x89\xf1\x3d\x5f\x23\xbd\xf4\xb1\x2e\x13\x97\x90\xde\x90\xb6\x82\xcf\x5a\x60\xfc\x59\x88\xfc\x44\x1e\x02\xc6\x2a\x9b\xdf\x2e\x0c\x06\x85\x41\xcb\x3a\x80\x3b\x1e\xf1\x56\x06\x9a\x9d\x97\x62\xca\x02\x5b\xbd\x9a\xb3\xc1\x25\x2a\x63\x08\x6d\x0f\xf1\x0f\xba\xb1\x0c\xe4\x4b\x9a\x30\xad\x56\x8c\x8a\x1f\x5f\x7e\xb3\xa3\xe9\xeb\x56\xb9\x02\x0d\x04\x55\x08\x5e\x1d\x01\x10\x00\xc3\x7a\xa5\xc2\xc9\x52\x1c\x3d\x6d\xf3\xb9\x92\xa8\x4b\xbf\x8a\x6b\xb7\x40\x2a\x54\x15\x28\x93\xa5\x3c\xb4\x86\x84\x73\xdb\xc3\x69\xab\x01\x70\x51\xd7\x80\xfb\x28\x38\x6f\x7b\x0d\x70\x7a\x05\xdb\xec\x1e\xe2\xbf\xe6\xe3\x15\x1f\x93\xcd\x7b\x9f\x0c\x2e\x9d\x3c\x88\x2a\x08\xb7\x40\xb4\x09\xb3\x77\xf8\x3f\x50\x6d\xe8\x37\xec\x0c\x8a\xc8\x56\xa7\x07\xf0\x97\xab\x5b\x4f\x29\x50\x89\x73\xa0\x4c\x36\x43\xbf\x06\xcc\x27\x52\xc4\xd3\x9a\x57\x1d\xe0\x6a\x2f\xa5\xa2\x54\x38\xe6\x73\x6e\x51\x94\x40\x16\xe1\xcd\x1a\x21\x86\x63\x86\x7d\xdb\x12\x70\x67\x9e\x60\xc1\x3f\xc8\xd1\x6a\xce\xdd\x59\x02\xb5\x78\xbd\xad\x61\x38\xb3\x94\xa4\xd1\x6f\xf5\x33\xb2\xd1\x95\x62\xff\x20\xe2\xfa\xc6\x00\xf5\xf0\x92\x65\x4f\x5a\x95\x62\x3f\x71\xb0\x5c\xb7\x92\x3e\xdd\xb8\x75\x97\x6e\xae\x9a\x56\x6c\x61\x09\xbc\xba\xa9\xd2\x82\x24\x16\xa5\x19\xba\x50\x93\xba\xc5\x06\xe6\x50\xdf\x46\xcc\x26\x32\x28\x29\xa9\xcd\x94\x5d\xba\xaa\xa3\x8e\xd8\x85\xd7\x45\xb5\xcb\x38\xa8\x4d\xf4\xed\xab\x67\x2f\x53\xa3\xdd\x20\xd6\x18\xf3\x0d\x94\xb8\xe8\xd1\x77\xd8\x02\x86\xdb\xc6\xb9\xdb\x8e\x23\x0a\xa5\x45\x36\x12\x69\x75\xf5\x74\x3a\x05\x7b\x5b\xd6\xa9\x9c\xd1\x9b\xea\x48\x0e\xe9\x8e\xf5\xe5\xf9\x8c\xc9\xb3\x15\x72\xc3\x1b\x6a\x43\xda\x5f\x7b\xce\x84\xa3\x54\x57\xff\xa5\x8a\x01\x6a\xc8\x17\xe3\x77\xb7\x57\xf6\x84\x93\xd3\xd4\x81\x76\xd8\x16\x6d\x90\xc4\x53\x1c\x21\x84\x8e\xf4\x61\x03\x32\x81\x3e\x43\x1a\x0c\x5d\xfd\x54\x8c\xbc\x4c\x08\xae\x60\x0f\x98\x87\x2f\x71\x5f\xdb\x3c\x97\x2f\x39\x53\x64\x4f\x9f\x1c\xf3\x0b\x70\x09\x33\x72\x9d\xae\xea\x92\x7d\xc6\x90\x06\x7a\x4a\xaa\x7a\xa9\xc8\x49\x76\x76\xa3\xcc\x97\xb2\xab\xfc\x35\x5b\xe5\xd7\x36\x92\x89\x2a\x94\xfa\x46\xa4\xf6\x62\x20\xff\x6f\x96\x0b\xd5\xb5\xa8\xed\x8f\x79\x22\xd6\xda\xd8\xa2\xb3\xdf\x34\x42\x79\xb2\x0c\xe0\x60\xda\x82\xf4\xd4\x84\xe1\xfe\xef\x86\x4e\x87\x44\x1b\x07\xd1\x60\x9a\x0d\x00\x98\x14\x8d\xc5\x0c\xa5\x69\x74\x2e\xea\x06\xf2\x51\xba\xc2\xe9\x21\x03\x84\x18\x15\x6a\x5f\xd9\x03\xd5\x81\x34\x7a\xdd\x56\xe9\x16\x0c\x02\x9d\x47\x12\x10\xfa\x87\x07\x40\x51\x0a\xc0\xc7\xb1\xdd\x24\xfb\xf6\x12\xb8\xfa\x25\x00\x11\x01\x00\x01\x89\x02\x1f\x04\x18\x01\x08\x00\x09\x05\x02\x55\x08\x5e\x1d\x02\x1b\x0c\x00\x0a\x09\x10\x3e\xbf\xca\xaa\x8c\x8a\xd9\x9e\xb3\x3c\x0f\xfe\x3e\x42\x53\xcc\xff\x24\x43\x0e\x06\x5b\x4c\x76\x67\x15\xdf\x3a\x69\x11\x55\x8a\x52\x12\x81\xde\x85\xfe\xb2\xf5\x81\x4d\xd3\x4f\x93\xf2\x96\xfb\xd5\x11\x88\xb6\xfb\x97\xe6\xfe\xa8\x3c\xa3\xc2\x94\xe9\xc8\x56\x0d\x96\x54\x73\xaa\xe9\x0d\xc7\xb1\x71\x33\x97\xba\x08\x6c\xeb\x4f\x13\xdf\x16\x5c\x78\x95\x5e\xe7\x7f\x76\x37\x39\xe2\xe1\xf3\xf5\x68\xd2\x3d\xfc\xbf\x89\xd3\xfb\x48\xcb\x25\xa3\x6f\x41\x1d\x1f\xca\xf6\x74\x24\x88\x6b\x5a\xc8\x3e\x7b\xc1\xdc\x60\x6c\xb5\xce\x6c\x4d\xdf\x03\x48\x25\xe0\x0b\x16\x97\x51\x19\xcc\xd7\x16\x54\xbe\x12\x22\xbb\xe7\x04\x6a\x58\x21\x41\x81\x72\xc4\xc8\x88\xfd\xe9\xd3\xd6\xee\xe1\x07\xfa\x1e\x32\x51\x5d\x99\x41\xba\x2c\xe2\x80\x88\x1e\x3b\x7f\x65\xfc\x6e\xad\x6f\xa1\x80\xd5\xc9\xdb\xab\x8c\xba\x68\x2b\x50\x79\x71\xcb\xae\x7b\xda\x93\x58\xd1\xab\x39\xe5\x25\x65\x2a\x4b\x59\x90\x80\xe3\xc5\xd4\xcb\x8e\x76\xe1\xc0\xbd\x06\xdf\x30\x14\x17\x00\x47\xe0\x39\x3c\xee\x1f\xd3\xee\x2a\x81\xa6\xec\xc7\x8f\xc1\x3a\xd4\xe4\x6b\x0e\xa4\xd8\x12\xe0\xb6\xef\x21\x13\x83\x27\x16\x03\xfa\xf2\x30\x03\x90\x67\x8a\x28\xe0\x7c\xdf\x5a\x8f\xd2\x90\x54\xc5\x11\xad\xde\x0d\xa7\xb8\xb4\x11\x59\xa3\xf0\xff\x45\xb4\xd8\x18\xb0\x46\x83\xb7\xb9\x5a\x1a\x93\x41\xf7\xef\x58\xf6\x17\x9b\xea\x43\x44\xba\x51\x7b\x28\x8e\xf2\xf0\x22\xa2\x92\x0b\xc5\x18\x71\xc2\xc9\x7d\x81\x08\x26\xd0\x06\xa8\xba\xc1\xb1\x06\xab\x5e\xaa\x91\x32\x66\x7a\xc6\x2e\xf6\x28\x38\xbf\x8c\x43\xfd\x0f\xdc\x2c\x91\x73\x88\x92\xe3\x11\xc5\xac\x2f\xb8\x6a\xee\xad\xa8\xe9\xee\xcd\x2f\xa8\x5f\xe5\xa4\xc7\xd3\xf6\xdd\x78\xc5\xcc\xa9\x1c\xc3\x08\x01\x50\xe5\x9f\xb1\xd1\x05\x02\x81\x5a\x27\xc7\x38\xfe\x0a\xe4\xc3\xfc\xb7\x8e\xb3\xf4\x07\xbb\xff\x5e\x9a\xf9\xbd\x10\xe3\x18\x63\xf5\xfd\xbe\x27\x4b\x7f\x9f\x0f\x4f\xf0\x0c\xa8\xc8\x98\x6c\xd5\xad\xcb\xaa\x98\xea\x4d\x8b\x33\x0e\xf8\x61\xde\x3e\x84\xef\x93\x8e\xb9\x3c\x32\xba\x9b\x09\x4b\x3d\x87\xa8\xa1\xf4\x83\x82\xa3\xaf\x09\x4d\x64\x10\x6e\x05\x92\x93\x64\xc0\xc9\xdd\xd4\xe0\xea\x93\xc8\x19\xc7\x5a\xbd\x07\x84\x70\xd1\x4c\xec\x72\x0d\xb6\x54\xb5\x76\xe4\xfe\xbe\x10\xe2\x04\xdc\x02\xdf\xaa\x8e\x9b\x30\x3f\x29",false))
+
(CASE_S(QType::SPF, "\"v=spf1 a:mail.rec.test ~all\"", "\x1bv=spf1
a:mail.rec.test ~all",false))
(CASE_S(QType::EUI48, "00-11-22-33-44-55",
"\x00\x11\x22\x33\x44\x55",false))
(CASE_S(QType::EUI64, "00-11-22-33-44-55-66-77",
"\x00\x11\x22\x33\x44\x55\x66\x77",false))
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/pdns-3.4.6/pdns/ueberbackend.cc
new/pdns-3.4.7/pdns/ueberbackend.cc
--- old/pdns-3.4.6/pdns/ueberbackend.cc 2015-08-24 11:12:00.000000000 +0200
+++ new/pdns-3.4.7/pdns/ueberbackend.cc 2015-10-13 10:37:24.000000000 +0200
@@ -278,11 +278,12 @@
{
int best_match_len = -1;
bool from_cache = false; // Was this result fetched from the cache?
+ map<string,int> negCacheMap;
// If not special case of caching explicitly disabled (sd->db = -1), first
// find the best match from the cache. If DS then we need to find parent so
// dont bother with caching as it confuses matters.
- if( sd->db != (DNSBackend *)-1 && d_cache_ttl && p->qtype != QType::DS ) {
+ if( sd->db != (DNSBackend *)-1 && (d_cache_ttl || d_negcache_ttl)) {
string subdomain(target);
int cstat, loops = 0;
do {
@@ -292,7 +293,7 @@
cstat = cacheHas(d_question,d_answers);
- if(cstat==1 && !d_answers.empty()) {
+ if(cstat==1 && !d_answers.empty() && d_cache_ttl) {
fillSOAData(d_answers[0].content,*sd);
sd->domain_id = d_answers[0].domain_id;
sd->ttl = d_answers[0].ttl;
@@ -301,29 +302,51 @@
//L<<Logger::Error<<"Best cache match: " << sd->qname << "
itteration " << loops <<endl;
// Found first time round this must be the best match
- if( loops == 0 )
+ if( loops == 0 && p->qtype != QType::DS)
return true;
from_cache = true;
best_match_len = sd->qname.length();
- break;
- }
+ if ( p->qtype != QType::DS || best_match_len < (int)target.length())
+ break;
+ } else if (cstat==0 && d_negcache_ttl) {
+ negCacheMap[subdomain]=1;
+ } else
+ negCacheMap[subdomain]=0;
loops++;
}
while( chopOff( subdomain ) ); // 'www.powerdns.org' -> 'powerdns.org'
-> 'org' -> ''
}
- for(vector<DNSBackend *>::const_iterator i=backends.begin();
i!=backends.end();++i)
- if((*i)->getAuth(p, sd, target, zoneId, best_match_len)) {
+ for(vector<DNSBackend *>::const_iterator i=backends.begin();
i!=backends.end();++i) {
+
+ // Shortcut for the case that we got a direct hit - no need to go
+ // through the other backends then.
+ if( best_match_len == (int)target.length() && p->qtype != QType::DS )
+ goto auth_found;
+
+ if((*i)->getAuth(p, sd, target, zoneId, best_match_len, negCacheMap)) {
best_match_len = sd->qname.length();
from_cache = false;
+ }
+ }
- // Shortcut for the case that we got a direct hit - no need to go
- // through the other backends then.
- if( best_match_len == (int)target.length() )
- goto auth_found;
+ if( sd->db != (DNSBackend *)-1 && d_negcache_ttl) {
+ string shorter(target);
+
+ d_question.qtype=QType::SOA;
+ d_question.zoneId=-1;
+ while((int)shorter.length() > best_match_len ) {
+ map<string,int>::iterator it = negCacheMap.find(shorter);
+ if (it == negCacheMap.end() || it->second == 0) {
+ d_question.qname=shorter;
+ addNegCache(d_question);
+ }
+ if (!chopOff(shorter))
+ break;
}
+ }
if( best_match_len == -1 )
return false;
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/pdns-3.4.6/pdns/ueberbackend.hh
new/pdns-3.4.7/pdns/ueberbackend.hh
--- old/pdns-3.4.6/pdns/ueberbackend.hh 2015-08-24 11:12:00.000000000 +0200
+++ new/pdns-3.4.7/pdns/ueberbackend.hh 2015-10-13 10:37:24.000000000 +0200
@@ -114,8 +114,8 @@
void lookup(const QType &, const string &qdomain, DNSPacket *pkt_p=0, int
zoneId=-1);
/* 5-arg version is only valid for backends and should never be called
directly */
- virtual bool getAuth(DNSPacket *p, SOAData *sd, const string &target, int
*zoneId, const int best_match_len) {
- throw PDNSException("5-arg version of getAuth should not be called in
UeberBackend");
+ virtual bool getAuth(DNSPacket *p, SOAData *sd, const string &target, int
*zoneId, const int best_match_len, map<string,int>& negCacheMap) {
+ throw PDNSException("6-arg version of getAuth should not be called in
UeberBackend");
}
bool getAuth(DNSPacket *p, SOAData *sd, const string &target, int *zoneId);
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/pdns-3.4.6/pdns/ws-auth.cc
new/pdns-3.4.7/pdns/ws-auth.cc
--- old/pdns-3.4.6/pdns/ws-auth.cc 2015-08-24 11:12:00.000000000 +0200
+++ new/pdns-3.4.7/pdns/ws-auth.cc 2015-09-30 13:07:31.000000000 +0200
@@ -122,6 +122,9 @@
case '>':
result += ">";
break;
+ case '"':
+ result += """;
+ break;
default:
result += *it;
}
@@ -141,15 +144,15 @@
}
ret<<"<div class=\"panel\">";
- ret<<"<span class=resetring><i></i><a
href=\"?resetring="<<ringname<<"\">Reset</a></span>"<<endl;
+ ret<<"<span class=resetring><i></i><a
href=\"?resetring="<<htmlescape(ringname)<<"\">Reset</a></span>"<<endl;
ret<<"<h2>"<<title<<"</h2>"<<endl;
ret<<"<div class=ringmeta>";
- ret<<"<a class=topXofY href=\"?ring="<<ringname<<"\">Showing: Top
"<<limit<<" of "<<entries<<"</a>"<<endl;
+ ret<<"<a class=topXofY href=\"?ring="<<htmlescape(ringname)<<"\">Showing:
Top "<<limit<<" of "<<entries<<"</a>"<<endl;
ret<<"<span class=resizering>Resize: ";
unsigned int sizes[]={10,100,500,1000,10000,500000,0};
for(int i=0;sizes[i];++i) {
if(S.getRingSize(ringname)!=sizes[i])
- ret<<"<a
href=\"?resizering="<<ringname<<"&size="<<sizes[i]<<"\">"<<sizes[i]<<"</a>
";
+ ret<<"<a
href=\"?resizering="<<htmlescape(ringname)<<"&size="<<sizes[i]<<"\">"<<sizes[i]<<"</a>
";
else
ret<<"("<<sizes[i]<<") ";
}
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/pdns-3.4.6/pdns.spec new/pdns-3.4.7/pdns.spec
--- old/pdns-3.4.6/pdns.spec 2015-08-27 15:17:34.000000000 +0200
+++ new/pdns-3.4.7/pdns.spec 2015-11-03 15:36:48.000000000 +0100
@@ -1,6 +1,6 @@
BuildRoot: /tmp/pdns
Name: pdns-static
-Version: 3.4.6
+Version: 3.4.7
Release: 1
Summary: extremely powerful and versatile nameserver
License: GPL
