Untested change to libressl 2.1.1, I'll follow-up commit if this needs touchup

we now rely on libressl 2.0.5, one must download this if using linux and make it (takes about an hour on the raspberry pi) this is better though than having to maintain a utility for arc4random which portably is hard to get right, just let libressl take care of that. We also fix the Mac OS X port with this. At least it compiles now.

* add whitelisting * this mode is based on the filter which is a blacklist. * whitelist assumes everything as denied and opens access to listed ip ranges. * while there fix filtering for tcp6 which was broken

* add a defineable ratelimit between 1 and 127 packets per second per a 16 bit hash of IP (IPv4 and IPv6). * example configuration is in example8.conf where it's 6 packets per second. * this will add memory to the order of 65536 * (((pps * 2) * 8) + 1) so 12 pps would be 12648448 bytes of shared memory added... * also there is a race that I know about in the adding of a packet to the backlog, but I don't use the -n flag in production so it's limited compiles and tested on OpenBSD 5.5

* fix linux and macosx Makefile * fix use of SLIST_FOREACH macros on BSD with SLIST_FOREACH_SAFE, many many thank yous to Otto Moerbeek of OpenBSD in helping hint that there is a use after free involved and offering hints on how to fix. This fixes W on OpenBSD-current (5.5-current). Tested on OpenBSD-current, FreeBSD 10 Compiles on Linux Raspbian

* add filtering capability, this is like recurse and will traverse a singly linked list everytime a connect or received packet is made. I'm hoping on revisiting this some day. Thanks to the guys that were abusing/scanning my dns server. * rename some variables around the queue(3) macros that I used for singly linked lists. They should have less confusing reuse of names. I did this in search for a bug that is possibly caused by OpenBSD-current which I currently use as my main developing workstation. * add a sample filter entry in example8.conf Tested to work on OpenBSD 5.5-stable

* fix linux, it should compile now * change bsd-arc4random.c to a more updated version that doesn't use the unsafe RC4 cipher anymore but a ChaCha cipher developed by D.J.Bernstein (another DNS developer's code in W's code, yay!) * forgot the chacha.h file, will commit that seperately Tested on Linux Raspbian

* we don't have parse.c anymore, replace it with a yacc file (parse.y) * also update examples to version 6

Change to berkeley db 4.6+, this allows us to use shared sysv memory needed to have multiple server instances that do recursing. The database is now on disk with this change, with a 260KB (default) SYSV shared memory cache. The cache size can be tweaked with the newly added -c flag. The OS has upper limits for SYSV shared memory though and the -c value must account for 25% more for internal purposes. Revert db.h struct domain to static arrays instead of pointers, this is necessary because we want to use shared memory between the database. This reverts revision 1.13 of db.h which was commited on Sun Mar 28 20:18:26 2010 UTC. So far wildcarddnsd has been extremely stable with the pointers, I'm hoping we'll get this much stability back. Added passive AXFR code. The axfr server does NOT bind to port 53 but rather another port, luckily that is configurable with other nameservers like BIND9. BIND nameservers wanting to make use of a wildcarddnsd master should turn IXFR queries off. Fix a small error that would bring wildcarddnsd to a SIGSEGV due to doing an FD_ISSET() on a non-descriptor. This only happens when one doesn't have the logging system turned on so it took a while for me to find it. Added the -n flag which allows multiple forked copies of wdnsd to be started. This is similar to how apache 1.3 web server does it.

* add logging support, a syslog like service that allows one daemon to contact another wildcarddnsd daemon and send it its log, I like this because it aggregates all logs to a dns system. I had this running in production for a day now and it seems to be stable. Here is a sample log entry: logging "these hosts" { logbind yes; loghost ::1; logport 19999; logpasswd peter; } This particular one binds and is a listener, to be a logger leave the logbind out. * Also cleaned up mainloop() somewhat, using recvfrom() with a struct sockaddr caused some corruption in the buf array and recvmsg() would complain and nothing worked anymore. That is ironed out and I have also added a struct cfg to be passing to mainloop() since arguments to mainloop are growing with new ideas and functionality, this keeps the argument rather compacted. Also cfg is calloc'ed and resides on the heap. * adjust Makefiles, but not tested on any other than OpenBSD and FreeBSD 7.3

* res_random.c for better random number generators, taken from OpenBSD BSD license.

* add arc4random() to linux compatibility, from OpenSSH portable

* make linux compile not tested

* change BUILD_REPLY macro to build_reply() function * fixed A and AAAA answers with tcp, this was a bug * bumped version to 3 in the configfile * added "wildcard-only-for" command to configfile where a slinked list determines who will be wildcarded for, much like a firewall rule * fixed getmask() function that wouldn't allow a rightshift of 32 * did the same for the getmask6 function * removed the -W flag * updated README, examples and manpage tested on FreeBSD, OpenBSD, Linux

* spaces -> tabs

* this should allow make install on linux, taken from cryologd/cl

* part 1 of merging TTLPATCH branch to HEAD

* Makefile.linux for building on linux with -f * endian.h for those that don't have NTOHS