Hello community,
here is the log from the commit of package pdns-recursor
checked in at Mon Sep 8 16:27:08 CEST 2008.
--------
--- pdns-recursor/pdns-recursor.changes 2008-05-20 16:52:02.000000000 +0200
+++ /mounts/work_src_done/STABLE/pdns-recursor/pdns-recursor.changes 2008-09-08 15:33:12.000000000 +0200
@@ -1,0 +2,14 @@
+Mon Sep 8 15:17:27 CEST 2008 - anosek@suse.cz
+
+- updated to version 3.1.7
+ * this version contains powerful scripting abilities, allowing
+ operators to modify DNS responses in many interesting ways.
+ Among other things, these abilities can be used to filter out
+ malware domains, to perform load balancing, to comply with legal
+ and other requirements and finally, to implement 'NXDOMAIN'
+ redirection.
+ * number of bugfixes
+- dropped obsoleted patches:
+ (svn_fixes.patch) (make_it_compile.patch)
+
+-------------------------------------------------------------------
Old:
----
pdns-recursor-3.1.5_atomicity.patch
pdns-recursor-3.1.5_config.patch
pdns-recursor-3.1.5-strip.patch
pdns-recursor-3.1.5_svn_fixes.patch
pdns-recursor-3.1.5.tar.bz2
pdns-recursor-3.1.6_make_it_compile.patch
pdns-recursor-3.1.6_parentheses_warning.patch
New:
----
pdns-recursor-3.1.7_atomicity.patch
pdns-recursor-3.1.7_config.patch
pdns-recursor-3.1.7_parentheses_warning.patch
pdns-recursor-3.1.7-strip.patch
pdns-recursor-3.1.7.tar.bz2
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ pdns-recursor.spec ++++++
--- /var/tmp/diff_new_pack.FH4538/_old 2008-09-08 16:26:36.000000000 +0200
+++ /var/tmp/diff_new_pack.FH4538/_new 2008-09-08 16:26:36.000000000 +0200
@@ -1,10 +1,17 @@
#
-# spec file for package pdns-recursor (Version 3.1.5)
+# spec file for package pdns-recursor (Version 3.1.7)
#
# Copyright (c) 2008 SUSE LINUX Products GmbH, Nuernberg, Germany.
-# This file and all modifications and additions to the pristine
-# package are under the same license as the package itself.
#
+# All modifications and additions to the file contributed by third parties
+# remain the property of their copyright owners, unless otherwise agreed
+# upon. The license for this file, and modifications and additions to the
+# file, is the same license as for the pristine package itself (unless the
+# license for the pristine package is not an Open Source License, in which
+# case the license is the MIT License). An "Open Source License" is a
+# license that conforms to the Open Source Definition (Version 1.9)
+# published by the Open Source Initiative.
+
# Please submit bugfixes or comments via http://bugs.opensuse.org/
#
@@ -12,9 +19,9 @@
Name: pdns-recursor
-Version: 3.1.5
-Release: 11
-%define pkg_version 3.1.5
+Version: 3.1.7
+Release: 1
+%define pkg_version 3.1.7
#
Group: Productivity/Networking/DNS/Servers
License: GPL v2 or later
@@ -30,12 +37,10 @@
Source1: pdns-recursor.init
Source2: recursor.conf
Patch: %{name}-%{version}_config.patch
-Patch1: %{name}-3.1.5-strip.patch
-Patch2: %{name}-3.1.5_atomicity.patch
-Patch3: pdns-recursor-3.1.5_svn_fixes.patch
-Patch4: pdns-recursor-3.1.6_make_it_compile.patch
+Patch1: %{name}-%{version}-strip.patch
+Patch2: %{name}-%{version}_atomicity.patch
# patch is under review by upstream. disabled so long
-Patch5: pdns-recursor-3.1.6_parentheses_warning.patch
+Patch5: pdns-recursor-%{version}_parentheses_warning.patch
#
Summary: Modern, advanced and high performance recursing/non authoritative nameserver
@@ -54,8 +59,6 @@
%patch
%patch1
%patch2
-%patch3
-%patch4
# patch is under review by upstream. disabled so long
#patch5
@@ -102,6 +105,17 @@
%dir %{_localstatedir}
%changelog
+* Mon Sep 08 2008 anosek@suse.cz
+- updated to version 3.1.7
+ * this version contains powerful scripting abilities, allowing
+ operators to modify DNS responses in many interesting ways.
+ Among other things, these abilities can be used to filter out
+ malware domains, to perform load balancing, to comply with legal
+ and other requirements and finally, to implement 'NXDOMAIN'
+ redirection.
+ * number of bugfixes
+- dropped obsoleted patches:
+ (svn_fixes.patch) (make_it_compile.patch)
* Tue May 20 2008 mrueckert@suse.de
- backport the fixes from 3.1.6
- The new high-quality random generator was not used for all
++++++ pdns-recursor-3.1.5_atomicity.patch -> pdns-recursor-3.1.7_atomicity.patch ++++++
++++++ pdns-recursor-3.1.5_config.patch -> pdns-recursor-3.1.7_config.patch ++++++
--- pdns-recursor/pdns-recursor-3.1.5_config.patch 2008-05-20 16:21:09.000000000 +0200
+++ /mounts/work_src_done/STABLE/pdns-recursor/pdns-recursor-3.1.7_config.patch 2008-09-08 13:56:52.000000000 +0200
@@ -6,7 +6,7 @@
-#define SYSCONFDIR "/etc/powerdns/"
-#define LOCALSTATEDIR "/var/run/"
+#define SYSCONFDIR "/etc/dns/"
-+#define LOCALSTATEDIR "/var/run/pdns/"
- #define VERSION "3.1.5"
++#define LOCALSTATEDIR "/var/run/pdns"
+ #define VERSION "3.1.7"
#define RECURSOR
#ifndef WIN32
++++++ pdns-recursor-3.1.6_parentheses_warning.patch -> pdns-recursor-3.1.7_parentheses_warning.patch ++++++
++++++ pdns-recursor-3.1.5-strip.patch -> pdns-recursor-3.1.7-strip.patch ++++++
++++++ pdns-recursor-3.1.5.tar.bz2 -> pdns-recursor-3.1.7.tar.bz2 ++++++
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/pdns-recursor-3.1.5/config.h new/pdns-recursor-3.1.7/config.h
--- old/pdns-recursor-3.1.5/config.h 2008-03-30 22:41:25.000000000 +0200
+++ new/pdns-recursor-3.1.7/config.h 2008-06-24 20:23:33.000000000 +0200
@@ -1,6 +1,6 @@
#define SYSCONFDIR "/etc/powerdns/"
#define LOCALSTATEDIR "/var/run/"
-#define VERSION "3.1.5"
+#define VERSION "3.1.7"
#define RECURSOR
#ifndef WIN32
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/pdns-recursor-3.1.5/dns.hh new/pdns-recursor-3.1.7/dns.hh
--- old/pdns-recursor-3.1.5/dns.hh 2008-03-30 22:41:25.000000000 +0200
+++ new/pdns-recursor-3.1.7/dns.hh 2008-06-24 20:23:33.000000000 +0200
@@ -16,7 +16,7 @@
along with this program; if not, write to the Free Software
Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
*/
-// $Id: dns.hh 1094 2007-10-28 17:36:16Z ahu $
+// $Id: dns.hh 1185 2008-06-08 08:41:01Z ahu $
/* (C) 2002 POWERDNS.COM BV */
#ifndef DNS_HH
#define DNS_HH
@@ -169,7 +169,7 @@
#ifdef WIN32
#define BYTE_ORDER 1
#define LITTLE_ENDIAN 1
-#elif __FreeBSD__
+#elif __FreeBSD__ || __APPLE__
#include
#elif __linux__
# include
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/pdns-recursor-3.1.5/dns_random.cc new/pdns-recursor-3.1.7/dns_random.cc
--- old/pdns-recursor-3.1.5/dns_random.cc 2008-03-30 22:41:26.000000000 +0200
+++ new/pdns-recursor-3.1.7/dns_random.cc 2008-06-24 20:23:33.000000000 +0200
@@ -4,6 +4,7 @@
#include
#include
#include
+#include <limits>
#include "dns_random.hh"
using namespace std;
@@ -23,8 +24,7 @@
memcpy(g_counter, &now.tv_usec, sizeof(now.tv_usec));
memcpy(g_counter+sizeof(now.tv_usec), &now.tv_sec, sizeof(now.tv_sec));
g_in = getpid() | (getppid()<<16);
-
- srandom(now.tv_usec);
+ srandom(dns_random(numeric_limits::max()));
}
static void counterIncrement(unsigned char* counter)
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/pdns-recursor-3.1.5/iputils.hh new/pdns-recursor-3.1.7/iputils.hh
--- old/pdns-recursor-3.1.5/iputils.hh 2008-03-30 22:41:25.000000000 +0200
+++ new/pdns-recursor-3.1.7/iputils.hh 2008-06-24 20:23:33.000000000 +0200
@@ -207,13 +207,17 @@
d_bits = (uint8_t) atoi(split.second.c_str());
if(d_bits<32)
d_mask=~(0xFFFFFFFF>>d_bits);
+ else
+ d_mask=0xFFFFFFFF;
}
else if(d_network.sin4.sin_family==AF_INET) {
d_bits = 32;
d_mask = 0xFFFFFFFF;
}
- else
+ else {
d_bits=128;
+ d_mask=0; // silence silly warning - d_mask is unused for IPv6
+ }
}
bool match(const ComboAddress& ip) const
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/pdns-recursor-3.1.5/lua-pdns-recursor.cc new/pdns-recursor-3.1.7/lua-pdns-recursor.cc
--- old/pdns-recursor-3.1.5/lua-pdns-recursor.cc 1970-01-01 01:00:00.000000000 +0100
+++ new/pdns-recursor-3.1.7/lua-pdns-recursor.cc 2008-06-24 20:23:33.000000000 +0200
@@ -0,0 +1,238 @@
+#include "lua-pdns-recursor.hh"
+
+#if !defined(PDNS_ENABLE_LUA) && !defined(LIBDIR)
+
+// stub implementation
+
+PowerDNSLua::PowerDNSLua(const std::string& fname)
+{
+ throw runtime_error("Lua support disabled");
+}
+
+bool PowerDNSLua::nxdomain(const ComboAddress& remote, const string& query, const QType& qtype, vector<DNSResourceRecord>& ret, int& res)
+{
+ return false;
+}
+
+bool PowerDNSLua::preresolve(const ComboAddress& remote, const string& query, const QType& qtype, vector<DNSResourceRecord>& ret, int& res)
+{
+ return false;
+}
+
+PowerDNSLua::~PowerDNSLua()
+{
+
+}
+
+#else
+
+extern "C" {
+#undef L
+/* Include the Lua API header files. */
+#include
+#include
+#include
+}
+
+#include
+#include
+#include <string>
+#include <vector>
+#include <stdexcept>
+
+using namespace std;
+
+bool netmaskMatchTable(lua_State* lua, const std::string& ip)
+{
+ lua_pushnil(lua); /* first key */
+ while (lua_next(lua, 2) != 0) {
+ string netmask=lua_tostring(lua, -1);
+ Netmask nm(netmask);
+ ComboAddress ca(ip);
+ lua_pop(lua, 1);
+
+ if(nm.match(ip))
+ return true;
+ }
+ return false;
+}
+
+extern "C" int netmaskMatchLua(lua_State *lua)
+{
+ bool result=false;
+ if(lua_gettop(lua) >= 2) {
+ string ip=lua_tostring(lua, 1);
+ if(lua_istable(lua, 2)) {
+ result = netmaskMatchTable(lua, ip);
+ }
+ else {
+ for(int n=2 ; n <= lua_gettop(lua); ++n) {
+ string netmask=lua_tostring(lua, n);
+ Netmask nm(netmask);
+ ComboAddress ca(ip);
+
+ result = nm.match(ip);
+ if(result)
+ break;
+ }
+ }
+ }
+
+ lua_pushboolean(lua, result);
+ return 1;
+}
+
+PowerDNSLua::PowerDNSLua(const std::string& fname)
+{
+ d_lua = lua_open();
+
+#ifndef LUA_VERSION_NUM
+ luaopen_base(d_lua);
+ luaopen_string(d_lua);
+
+ if(lua_dofile(d_lua, fname.c_str()))
+#else
+ luaL_openlibs(d_lua);
+ if(luaL_dofile(d_lua, fname.c_str()))
+#endif
+ throw runtime_error(string("Error loading LUA file '")+fname+"': "+ string(lua_isstring(d_lua, -1) ? lua_tostring(d_lua, -1) : "unknown error"));
+
+ lua_settop(d_lua, 0);
+
+ lua_pushcfunction(d_lua, netmaskMatchLua);
+ lua_setglobal(d_lua, "matchnetmask");
+ lua_newtable(d_lua);
+
+ for(vectorQType::namenum::const_iterator iter = QType::names.begin(); iter != QType::names.end(); ++iter) {
+ lua_pushnumber(d_lua, iter->second);
+ lua_setfield(d_lua, -2, iter->first.c_str());
+ }
+ lua_pushnumber(d_lua, 3);
+ lua_setfield(d_lua, -2, "NXDOMAIN");
+ lua_setglobal(d_lua, "pdns");
+
+}
+
+bool PowerDNSLua::nxdomain(const ComboAddress& remote, const string& query, const QType& qtype, vector<DNSResourceRecord>& ret, int& res)
+{
+ return passthrough("nxdomain", remote, query, qtype, ret, res);
+}
+
+bool PowerDNSLua::preresolve(const ComboAddress& remote, const string& query, const QType& qtype, vector<DNSResourceRecord>& ret, int& res)
+{
+ return passthrough("preresolve", remote, query, qtype, ret, res);
+}
+
+bool PowerDNSLua::getFromTable(const std::string& key, std::string& value)
+{
+ lua_pushstring(d_lua, key.c_str()); // 4 is now '1'
+ lua_gettable(d_lua, -2); // replace by the first entry of our table we hope
+
+ bool ret=false;
+ if(!lua_isnil(d_lua, -1)) {
+ value = lua_tostring(d_lua, -1);
+ ret=true;
+ }
+ lua_pop(d_lua, 1);
+ return ret;
+}
+
+
+bool PowerDNSLua::getFromTable(const std::string& key, uint32_t& value)
+{
+ lua_pushstring(d_lua, key.c_str()); // 4 is now '1'
+ lua_gettable(d_lua, -2); // replace by the first entry of our table we hope
+
+ bool ret=false;
+ if(!lua_isnil(d_lua, -1)) {
+ value = (uint32_t)lua_tonumber(d_lua, -1);
+ ret=true;
+ }
+ lua_pop(d_lua, 1);
+ return ret;
+}
+
+
+bool PowerDNSLua::passthrough(const string& func, const ComboAddress& remote, const string& query, const QType& qtype, vector<DNSResourceRecord>& ret, int& res)
+{
+ lua_getglobal(d_lua, func.c_str());
+ if(!lua_isfunction(d_lua, -1)) {
+ // cerr<<"No such function '"<d_usec=dt.udiff();
+ *now=dt.getTimeval();
+
if(ret <= 0) // includes 'timeout'
return ret;
- lwr->d_usec=dt.udiff();
- *now=dt.getTimeval();
lwr->d_result.clear();
try {
MOADNSParser mdp((const char*)buf.get(), len);
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/pdns-recursor-3.1.5/Makefile new/pdns-recursor-3.1.7/Makefile
--- old/pdns-recursor-3.1.5/Makefile 2008-03-30 22:41:25.000000000 +0200
+++ new/pdns-recursor-3.1.7/Makefile 2008-06-24 20:23:33.000000000 +0200
@@ -8,14 +8,21 @@
LINKCC=$(CXX)
CC?=gcc
+# Lua 5.1 settings
+LUA_CPPFLAGS_CONFIG ?= -I/usr/include/lua5.1
+LUA_LIBS_CONFIG ?= -llua5.1
+
+# Lua 5.0 settings
+#LUA_CPPFLAGS_CONFIG=-I/usr/include/lua50
+#LUA_LIBS_CONFIG=-llua50 -llualib50
+
# static dependencies
PDNS_RECURSOR_OBJECTS=syncres.o misc.o unix_utility.o qtype.o logger.o \
arguments.o lwres.o pdns_recursor.o recursor_cache.o dnsparser.o \
dnswriter.o dnsrecords.o rcpgenerator.o base64.o zoneparser-tng.o \
-rec_channel.o rec_channel_rec.o malloc.o selectmplexer.o sillyrecords.o \
-dns_random.o aescrypt.o aeskey.o aes_modes.o aestab.o
-
+rec_channel.o rec_channel_rec.o selectmplexer.o sillyrecords.o \
+dns_random.o aescrypt.o aeskey.o aes_modes.o aestab.o lua-pdns-recursor.o
REC_CONTROL_OBJECTS=rec_channel.o rec_control.o arguments.o
@@ -25,15 +32,24 @@
# OS specific instructions
-include sysdeps/$(shell uname).inc
-ifeq ($(STATIC),semi)
- STATICFLAGS=-Wl,-Bstatic -lstdc++ -lgcc -Wl,-Bdynamic -static-libgcc -lm -lc
- LINKCC=$(CC)
+ifeq ($(LUA), 1)
+ LUALIBS=$(LUA_LIBS_CONFIG)
+ CXXFLAGS+=$(LUA_CPPFLAGS_CONFIG) -DPDNS_ENABLE_LUA
endif
-ifeq ($(STATIC),full)
- STATICFLAGS=-lstdc++ -lm -static
- LINKCC=$(CC)
+
+
+ifeq ($(STATIC),semi)
+ STATICFLAGS=-Wl,-Bstatic -lstdc++ $(LUALIBS) -lgcc -Wl,-Bdynamic -static-libgcc -lm -lc
+ LINKCC=$(CC)
+ LDFLAGS += malloc.o -ldl -lm
+else ifeq ($(STATIC),full)
+ STATICFLAGS=-lstdc++ $(LUALIBS) -ldl -lm -static
+ LINKCC=$(CC)
+else
+ LDFLAGS += malloc.o $(LUALIBS)
endif
+
LDFLAGS += $(PROFILEFLAGS) $(STATICFLAGS)
message:
@@ -77,7 +93,7 @@
optional:
mkdir optional
-pdns_recursor: optional $(OPTIONALS) $(PDNS_RECURSOR_OBJECTS)
+pdns_recursor: optional $(OPTIONALS) $(PDNS_RECURSOR_OBJECTS) malloc.o
$(LINKCC) $(PDNS_RECURSOR_OBJECTS) $(wildcard optional/*.o) $(LDFLAGS) -o $@
rec_control: $(REC_CONTROL_OBJECTS)
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/pdns-recursor-3.1.5/pdns_recursor.cc new/pdns-recursor-3.1.7/pdns_recursor.cc
--- old/pdns-recursor-3.1.5/pdns_recursor.cc 2008-03-30 22:41:25.000000000 +0200
+++ new/pdns-recursor-3.1.7/pdns_recursor.cc 2008-06-24 20:23:33.000000000 +0200
@@ -57,6 +57,7 @@
#include "iputils.hh"
#include "mplexer.hh"
#include "config.h"
+#include "lua-pdns-recursor.hh"
#ifndef RECURSOR
#include "statbag.hh"
@@ -66,6 +67,7 @@
FDMultiplexer* g_fdm;
unsigned int g_maxTCPPerClient;
bool g_logCommonErrors;
+shared_ptr<PowerDNSLua> g_pdl;
using namespace boost;
#ifdef __FreeBSD__ // see cvstrac ticket #26
@@ -271,7 +273,7 @@
int tries=10;
while(--tries) {
- uint16_t port=1025+Utility::random()%64510;
+ uint16_t port=1025+dns_random(64510);
if(tries==1) // fall back to kernel 'random'
port=0;
@@ -315,9 +317,9 @@
for(; chain.first != chain.second; chain.first++) {
if(chain.first->key.fd > -1) { // don't chain onto existing chained waiter!
- // cerr<<"Orig: "<key.domain<<", "<key.remote.toString()<<", id="<key.id
- // <<", count="<key.chain.size()<<", origfd: "<key.fd<key.domain<<", "<key.remote.toString()<<", id="<key.id
+ <<", count="<key.chain.size()<<", origfd: "<key.fd<key.chain.insert(id); // we can chain
*fd=-1; // gets used in waitEvent / sendEvent later on
@@ -534,7 +536,16 @@
if(!dc->d_mdp.d_header.rd)
sr.setCacheOnly();
- int res=sr.beginResolve(dc->d_mdp.d_qname, QType(dc->d_mdp.d_qtype), dc->d_mdp.d_qclass, ret);
+ int res;
+
+ if(!g_pdl.get() || !g_pdl->preresolve(dc->d_remote, dc->d_mdp.d_qname, QType(dc->d_mdp.d_qtype), ret, res)) {
+ res = sr.beginResolve(dc->d_mdp.d_qname, QType(dc->d_mdp.d_qtype), dc->d_mdp.d_qclass, ret);
+
+ if(g_pdl.get()) {
+ if(res == RCode::NXDomain)
+ g_pdl->nxdomain(dc->d_remote, dc->d_mdp.d_qname, QType(dc->d_mdp.d_qtype), ret, res);
+ }
+ }
if(res<0) {
pw.getHeader()->rcode=RCode::ServFail;
@@ -1234,15 +1245,18 @@
// resend event to everybody chained onto it
void doResends(MT_t::waiters_t::iterator& iter, PacketID resend, const string& content)
{
+
if(iter->key.chain.empty())
return;
+ cerr<<"doResends called!\n";
for(PacketID::chain_t::iterator i=iter->key.chain.begin(); i != iter->key.chain.end() ; ++i) {
resend.fd=-1;
resend.id=*i;
+ cerr<<"\tResending "<run(&g_now);
+ Utility::gettimeofday(&g_now, 0);
if(listenOnTCP) {
if(TCPConnection::s_currentConnections > maxTcpClients) { // shutdown
@@ -1886,6 +1945,7 @@
// HTimer mtimer("main");
// mtimer.start();
+
g_stats.startupTime=time(0);
reportBasicTypes();
@@ -1937,7 +1997,7 @@
::arg().set("max-negative-ttl", "maximum number of seconds to keep a negative cached entry in memory")="3600";
::arg().set("server-id", "Returned when queried for 'server.id' TXT, defaults to hostname")="";
::arg().set("remotes-ringbuffer-entries", "maximum number of packets to store statistics for")="0";
- ::arg().set("version-string", "string reported on version.pdns or version.bind")="PowerDNS Recursor "VERSION" $Id: pdns_recursor.cc 1170 2008-03-22 20:43:44Z ahu $";
+ ::arg().set("version-string", "string reported on version.pdns or version.bind")="PowerDNS Recursor "VERSION" $Id: pdns_recursor.cc 1200 2008-06-14 21:11:33Z ahu $";
::arg().set("allow-from", "If set, only allow these comma separated netmasks to recurse")="127.0.0.0/8, 10.0.0.0/8, 192.168.0.0/16, 172.16.0.0/12, ::1/128, fe80::/10";
::arg().set("allow-from-file", "If set, load allowed netmasks from this file")="";
::arg().set("entropy-source", "If set, read entropy from this file")="/dev/urandom";
@@ -1952,6 +2012,7 @@
::arg().set("export-etc-hosts", "If we should serve up contents from /etc/hosts")="off";
::arg().set("serve-rfc1918", "If we should be authoritative for RFC 1918 private IP space")="";
::arg().set("auth-can-lower-ttl", "If we follow RFC 2181 to the letter, an authoritative server can lower the TTL of NS records")="off";
+ ::arg().set("lua-dns-script", "Filename containing an optional 'lua' script that will be used to modify dns answers")="";
::arg().setSwitch( "ignore-rd-bit", "Assume each packet requires recursion, for compatability" )= "off";
::arg().setCmd("help","Provide a helpful message");
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/pdns-recursor-3.1.5/powerdns-example-script.lua new/pdns-recursor-3.1.7/powerdns-example-script.lua
--- old/pdns-recursor-3.1.5/powerdns-example-script.lua 1970-01-01 01:00:00.000000000 +0100
+++ new/pdns-recursor-3.1.7/powerdns-example-script.lua 2008-06-24 20:23:33.000000000 +0200
@@ -0,0 +1,46 @@
+function preresolve ( ip, domain, qtype )
+ print ("prequery handler called for: ", ip, domain, qtype)
+
+ if domain == "www.powerdns.org."
+ then
+ ret={}
+ ret[1]= {qtype=pdns.A, content="85.17.219.141", ttl=86400}
+ print "dealing!"
+ return 0, ret
+ elseif domain == "www.baddomain.com."
+ then
+ print "dealing - faking nx"
+ return pdns.NXDOMAIN, {}
+ elseif domain == "echo."
+ then
+ print "dealing with echo!"
+ return 0, {{qtype=pdns.A, content=ip}}
+ elseif domain == "echo6."
+ then
+ print "dealing with echo6!"
+ return 0, {{qtype=pdns.AAAA, content=ip}}
+ else
+ print "not dealing!"
+ return -1, {}
+ end
+end
+
+function nxdomain ( ip, domain, qtype )
+ print ("nxhandler called for: ", ip, domain, qtype, pdns.AAAA)
+ if qtype ~= pdns.A then return -1, {} end -- only A records
+ if not string.find(domain, "^www%.") then return -1, {} end -- only things that start with www.
+
+ if matchnetmask(ip, {"127.0.0.1/32", "10.1.0.0/16"})
+ then
+ print "dealing"
+ ret={}
+ ret[1]={qtype=pdns.CNAME, content="www.webserver.com", ttl=3602}
+ ret[2]={qname="www.webserver.com", qtype=pdns.A, content="1.2.3.4", ttl=3602}
+ ret[3]={qname="webserver.com", qtype=pdns.NS, content="ns1.webserver.com", place=2}
+-- ret[1]={15, "25 ds9a.nl", 3602}
+ return 0, ret
+ else
+ print "not dealing"
+ return -1, ret
+ end
+end
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/pdns-recursor-3.1.5/qtype.hh new/pdns-recursor-3.1.7/qtype.hh
--- old/pdns-recursor-3.1.5/qtype.hh 2008-03-30 22:41:25.000000000 +0200
+++ new/pdns-recursor-3.1.7/qtype.hh 2008-06-24 20:23:33.000000000 +0200
@@ -19,7 +19,7 @@
#ifndef QTYPE_HH
#define QTYPE_HH
/* (C) 2002 POWERDNS.COM BV */
-// $Id: qtype.hh 1148 2008-03-01 22:44:03Z ahu $
+// $Id: qtype.hh 1207 2008-06-19 12:12:27Z ahu $
#include <string>
#include <vector>
#include <utility>
@@ -71,16 +71,18 @@
int getCode() const; //!< Get the integer representation of this type
static int chartocode(const char *p); //!< convert a character string to a code
-
+// more solaris fun
+#undef DS
enum typeenum {A=1,NS=2,CNAME=5,SOA=6, MR=9, PTR=12,HINFO=13,MX=15,TXT=16,RP=17,AFSDB=18,KEY=25,AAAA=28,LOC=29,SRV=33,NAPTR=35, KX=36,
CERT=37,OPT=41, DS=43, SSHDP=44, IPSECKEY=45, RRSIG=46, NSEC=47, DNSKEY=48, DHCID=49,
SPF=99, AXFR=252, IXFR=251, ANY=255, URL=256, MBOXFW=257, CURL=258, ADDR=259} types;
+ typedef pair namenum;
+ static vector<namenum> names;
private:
short int code;
- typedef pair namenum;
void insert(const char *p, int n);
- static vector<namenum> names;
+
static bool uninit;
};
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/pdns-recursor-3.1.5/README new/pdns-recursor-3.1.7/README
--- old/pdns-recursor-3.1.5/README 2008-03-30 22:41:25.000000000 +0200
+++ new/pdns-recursor-3.1.7/README 2008-06-24 20:23:33.000000000 +0200
@@ -37,6 +37,22 @@
5) (g)make install
+(use gmake on many BSD variant and Solaris, regular make on Linux)
+
+OPTIONAL LUA SCRIPTING
+----------------------
+To benefit from Lua scripting, as described on
+http://doc.powerdns.com/recursor-scripting.html please compile like this:
+
+$ LUA=1 (g)make
+or even
+
+$ LUA=1 LUA_CPPFLAGS_CONFIG=-I/usr/local/include/lua5.1 LUA_LIBS_CONFIG=-llua5.1\
+ (g)make
+
+Use the _CONFIG settings to point out to PowerDNS where your Lua
+installation resides. PowerDNS supports both Lua 5.0 and 5.1.
+
PLATFORM SPECIFIC NOTES
-----------------------
When compiling on Solaris 8, use:
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/pdns-recursor-3.1.5/rec_channel_rec.cc new/pdns-recursor-3.1.7/rec_channel_rec.cc
--- old/pdns-recursor-3.1.5/rec_channel_rec.cc 2008-03-30 22:41:25.000000000 +0200
+++ new/pdns-recursor-3.1.7/rec_channel_rec.cc 2008-06-24 20:23:33.000000000 +0200
@@ -90,11 +90,16 @@
template<typename T>
string doWipeCache(T begin, T end)
{
- int count=0;
- for(T i=begin; i != end; ++i)
+ int count=0, countNeg=0;
+ for(T i=begin; i != end; ++i) {
count+=RC.doWipeCache(toCanonic("", *i));
+ string canon=toCanonic("", *i);
+ countNeg+=SyncRes::s_negcache.count(tie(canon));
+ pair range=SyncRes::s_negcache.equal_range(tie(canon));
+ SyncRes::s_negcache.erase(range.first, range.second);
+ }
- return "wiped "+lexical_cast<string>(count)+" records\n";
+ return "wiped "+lexical_cast<string>(count)+" records, "+lexical_cast<string>(countNeg)+" negative records\n";
}
template<typename T>
@@ -298,6 +303,16 @@
if(cmd=="wipe-cache")
return doWipeCache(begin, end);
+ if(cmd=="reload-lua-script")
+ return doReloadLuaScript(begin, end);
+
+ if(cmd=="unload-lua-script") {
+ vector<string> empty;
+ empty.push_back(string());
+ return doReloadLuaScript(empty.begin(), empty.end());
+ }
+
+
if(cmd=="top-remotes")
return doTopRemotes();
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/pdns-recursor-3.1.5/recursor_cache.cc new/pdns-recursor-3.1.7/recursor_cache.cc
--- old/pdns-recursor-3.1.5/recursor_cache.cc 2008-03-30 22:41:25.000000000 +0200
+++ new/pdns-recursor-3.1.7/recursor_cache.cc 2008-06-24 20:23:33.000000000 +0200
@@ -228,6 +228,34 @@
return -1;
}
+bool MemRecursorCache::attemptToRefreshNSTTL(const QType& qt, const set<DNSResourceRecord>& content, const CacheEntry& stored)
+{
+ if(!stored.d_auth) {
+// cerr<<"feel free to scribble non-auth data!"<d_ttd > content.begin()->ttl) {
+ // cerr<<"attempt to LOWER TTL - fine by us"< d_cachecache;
string d_cachedqname;
bool d_cachecachevalid;
+ bool attemptToRefreshNSTTL(const QType& qt, const set<DNSResourceRecord>& content, const CacheEntry& stored);
+
};
string DNSRR2String(const DNSResourceRecord& rr);
DNSResourceRecord String2DNSRR(const string& qname, const QType& qt, const string& serial, uint32_t ttd);
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/pdns-recursor-3.1.5/sstuff.hh new/pdns-recursor-3.1.7/sstuff.hh
--- old/pdns-recursor-3.1.5/sstuff.hh 2008-03-30 22:41:25.000000000 +0200
+++ new/pdns-recursor-3.1.7/sstuff.hh 2008-06-24 20:23:33.000000000 +0200
@@ -137,6 +137,18 @@
}
//! Bind the socket to a specified endpoint
+ void bind(const struct sockaddr_in &local)
+ {
+ int tmp=1;
+ if(setsockopt(d_socket,SOL_SOCKET,SO_REUSEADDR,(char*)&tmp,sizeof tmp)<0)
+ throw NetworkError(string("Setsockopt failed: ")+strerror(errno));
+
+ if(::bind(d_socket,(struct sockaddr *)&local,sizeof(local))<0)
+ throw NetworkError(strerror(errno));
+ }
+
+
+ //! Bind the socket to a specified endpoint
void bind(const IPEndpoint &ep)
{
struct sockaddr_in local;
@@ -145,12 +157,7 @@
local.sin_addr.s_addr=ep.address.byte;
local.sin_port=htons(ep.port);
- int tmp=1;
- if(setsockopt(d_socket,SOL_SOCKET,SO_REUSEADDR,(char*)&tmp,sizeof tmp)<0)
- throw NetworkError(string("Setsockopt failed: ")+strerror(errno));
-
- if(::bind(d_socket,(struct sockaddr *)&local,sizeof(local))<0)
- throw NetworkError(strerror(errno));
+ bind(local);
}
//! Connect the socket to a specified endpoint
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/pdns-recursor-3.1.5/syncres.cc new/pdns-recursor-3.1.7/syncres.cc
--- old/pdns-recursor-3.1.5/syncres.cc 2008-03-30 22:41:25.000000000 +0200
+++ new/pdns-recursor-3.1.7/syncres.cc 2008-06-24 20:23:33.000000000 +0200
@@ -581,7 +581,12 @@
}
};
-
+static bool magicAddrMatch(const QType& query, const QType& answer)
+{
+ if(query.getCode() != QType::ADDR)
+ return false;
+ return answer.getCode() == QType::A || answer.getCode() == QType::AAAA;
+}
/** returns -1 in case of no results, rcode otherwise */
int SyncRes::doResolveAt(set nameservers, string auth, bool flawedNSSet, const string &qname, const QType &qtype,
@@ -619,6 +624,7 @@
remoteIPs_t::const_iterator remoteIP;
bool doTCP=false;
int resolveret;
+ bool pierceDontQuery=false;
LWResult lwr;
if(tns->empty()) {
@@ -629,16 +635,20 @@
}
else {
LOG< ipport=splitField(*tns, ':');
ComboAddress addr(ipport.first, ipport.second.empty() ? 53 : lexical_cast(ipport.second));
-
+
remoteIPs.push_back(addr);
+ pierceDontQuery=true;
}
- else
+ else {
remoteIPs=getAs(*tns, depth+1, beenthere);
+ pierceDontQuery=false;
+ }
if(remoteIPs.empty()) {
LOG<match(&*remoteIP)) {
+ else if(!pierceDontQuery && g_dontQuery && g_dontQuery->match(&*remoteIP)) {
LOG<toString() << ", blocked by 'dont-query' setting" << endl;
continue;
}
@@ -673,6 +683,7 @@
s_outqueries++; d_outqueries++;
TryTCP:
if(doTCP) {
+ LOG<toStringWithPort() <d_place==DNSResourceRecord::ANSWER && !Utility::strcasecmp(i->qname.c_str(),qname.c_str()) &&
- (i->qtype==qtype ||
- (
- lwr.d_aabit &&
- ( qtype == QType(QType::ADDR) && (i->qtype.getCode()==QType::A || i->qtype.getCode()==QType::AAAA) ) || qtype==QType(QType::ANY)
- )
- )
- ) {
-
+ (
+ i->qtype==qtype || (lwr.d_aabit && (qtype==QType(QType::ANY) || magicAddrMatch(qtype, i->qtype) ) )
+ )
+ )
+ {
+
LOG<content<<"|"<<i->qtype.getName()<<"'"<