Commits


* make wildcarddnsd compile and run on NetBSD 6.1.5


we now rely on libressl 2.0.5, one must download this if using linux and make it (takes about an hour on the raspberry pi) this is better though than having to maintain a utility for arc4random which portably is hard to get right, just let libressl take care of that. We also fix the Mac OS X port with this. At least it compiles now.


* Makefile updates for including the manpage wildcarddns.conf(5) for NetBSD (untested) and FreeBSD (tested)


* add whitelisting * this mode is based on the filter which is a blacklist. * whitelist assumes everything as denied and opens access to listed ip ranges. * while there fix filtering for tcp6 which was broken


* add a defineable ratelimit between 1 and 127 packets per second per a 16 bit hash of IP (IPv4 and IPv6). * example configuration is in example8.conf where it's 6 packets per second. * this will add memory to the order of 65536 * (((pps * 2) * 8) + 1) so 12 pps would be 12648448 bytes of shared memory added... * also there is a race that I know about in the adding of a packet to the backlog, but I don't use the -n flag in production so it's limited compiles and tested on OpenBSD 5.5


* add filtering capability, this is like recurse and will traverse a singly linked list everytime a connect or received packet is made. I'm hoping on revisiting this some day. Thanks to the guys that were abusing/scanning my dns server. * rename some variables around the queue(3) macros that I used for singly linked lists. They should have less confusing reuse of names. I did this in search for a bug that is possibly caused by OpenBSD-current which I currently use as my main developing workstation. * add a sample filter entry in example8.conf Tested to work on OpenBSD 5.5-stable


* we don't have parse.c anymore, replace it with a yacc file (parse.y) * also update examples to version 6


Change to berkeley db 4.6+, this allows us to use shared sysv memory needed to have multiple server instances that do recursing. The database is now on disk with this change, with a 260KB (default) SYSV shared memory cache. The cache size can be tweaked with the newly added -c flag. The OS has upper limits for SYSV shared memory though and the -c value must account for 25% more for internal purposes. Revert db.h struct domain to static arrays instead of pointers, this is necessary because we want to use shared memory between the database. This reverts revision 1.13 of db.h which was commited on Sun Mar 28 20:18:26 2010 UTC. So far wildcarddnsd has been extremely stable with the pointers, I'm hoping we'll get this much stability back. Added passive AXFR code. The axfr server does NOT bind to port 53 but rather another port, luckily that is configurable with other nameservers like BIND9. BIND nameservers wanting to make use of a wildcarddnsd master should turn IXFR queries off. Fix a small error that would bring wildcarddnsd to a SIGSEGV due to doing an FD_ISSET() on a non-descriptor. This only happens when one doesn't have the logging system turned on so it took a while for me to find it. Added the -n flag which allows multiple forked copies of wdnsd to be started. This is similar to how apache 1.3 web server does it.


* add logging support, a syslog like service that allows one daemon to contact another wildcarddnsd daemon and send it its log, I like this because it aggregates all logs to a dns system. I had this running in production for a day now and it seems to be stable. Here is a sample log entry: logging "these hosts" { logbind yes; loghost ::1; logport 19999; logpasswd peter; } This particular one binds and is a listener, to be a logger leave the logbind out. * Also cleaned up mainloop() somewhat, using recvfrom() with a struct sockaddr caused some corruption in the buf array and recvmsg() would complain and nothing worked anymore. That is ironed out and I have also added a struct cfg to be passing to mainloop() since arguments to mainloop are growing with new ideas and functionality, this keeps the argument rather compacted. Also cfg is calloc'ed and resides on the heap. * adjust Makefiles, but not tested on any other than OpenBSD and FreeBSD 7.3


* make netbsd happy