Commits


* NAPTR (RFC 2915) support * while there I did some checking against replysize for large packets in reply_* instead of UDP_MAXSIZE * the NAPTR pointers take up 20KB more per record, so if you got 200 records your database will grow by roughly 4 MB


* add filtering capability, this is like recurse and will traverse a singly linked list everytime a connect or received packet is made. I'm hoping on revisiting this some day. Thanks to the guys that were abusing/scanning my dns server. * rename some variables around the queue(3) macros that I used for singly linked lists. They should have less confusing reuse of names. I did this in search for a bug that is possibly caused by OpenBSD-current which I currently use as my main developing workstation. * add a sample filter entry in example8.conf Tested to work on OpenBSD 5.5-stable


* SSHFP support (RR# 44) RFC 4255 This supports SHA1 and SHA256 fingerprints * instead of replying from an area on the stack, move it to the heap This fixes truncation between udp and tcp queries. Tested on OpenBSD


* SPF (RR 99) rfc 4408 support tested on OpenBSD


* reflect the year 2014 in the copyright


* update my copyright to include the year 2013


* SRV RR support The srv configfile sample would look like this: ; srv record test _sip._udp.centroid.eu,srv,3600,0,0,0,. The first three values after the TTL are in order, priority, weight and port followed by a domain name. Much of this code is based on reply_mx() so any bugs carried over would be carried over. Tested and compiled on OpenBSD/amd64


Change to berkeley db 4.6+, this allows us to use shared sysv memory needed to have multiple server instances that do recursing. The database is now on disk with this change, with a 260KB (default) SYSV shared memory cache. The cache size can be tweaked with the newly added -c flag. The OS has upper limits for SYSV shared memory though and the -c value must account for 25% more for internal purposes. Revert db.h struct domain to static arrays instead of pointers, this is necessary because we want to use shared memory between the database. This reverts revision 1.13 of db.h which was commited on Sun Mar 28 20:18:26 2010 UTC. So far wildcarddnsd has been extremely stable with the pointers, I'm hoping we'll get this much stability back. Added passive AXFR code. The axfr server does NOT bind to port 53 but rather another port, luckily that is configurable with other nameservers like BIND9. BIND nameservers wanting to make use of a wildcarddnsd master should turn IXFR queries off. Fix a small error that would bring wildcarddnsd to a SIGSEGV due to doing an FD_ISSET() on a non-descriptor. This only happens when one doesn't have the logging system turned on so it took a while for me to find it. Added the -n flag which allows multiple forked copies of wdnsd to be started. This is similar to how apache 1.3 web server does it.


* add logging support, a syslog like service that allows one daemon to contact another wildcarddnsd daemon and send it its log, I like this because it aggregates all logs to a dns system. I had this running in production for a day now and it seems to be stable. Here is a sample log entry: logging "these hosts" { logbind yes; loghost ::1; logport 19999; logpasswd peter; } This particular one binds and is a listener, to be a logger leave the logbind out. * Also cleaned up mainloop() somewhat, using recvfrom() with a struct sockaddr caused some corruption in the buf array and recvmsg() would complain and nothing worked anymore. That is ironed out and I have also added a struct cfg to be passing to mainloop() since arguments to mainloop are growing with new ideas and functionality, this keeps the argument rather compacted. Also cfg is calloc'ed and resides on the heap. * adjust Makefiles, but not tested on any other than OpenBSD and FreeBSD 7.3


* bump copyright date to include 2011


* use a "lookrecord" field to see from what we're looking up stuff in parse_recurse, basically this protects us from inheriting bad glue tested on OpenBSD


* add a packetcount to struct recurses, this should in theory prevent a flood of requests if there is a bug in the code. The server will abort() when 50 packets have gone out. This should save me from always having a packet dump next to me looking over this baby. compiles on OpenBSD.


* when querying an A record and the remote end has no A record but there is a zone they reply with a NOERROR and SOA set to authoritative. We now honor that instead of repeating/flooding (sorry bsi.de) and reply to the client as well. tested on zones bsi.de and ipv6.solarscale.de compiles and tested with OpenBSD


* FreeBSD compatibility in recurse code * fakerecurse() now checks to see if there is other fakerecurse requests for the same name and returns if there is so * when a record is cached do some math to show the remaining cache ttl * fix a divide by zero bug (which btw saved gtld-servers.net from a flood for a few minutes, which should be fixed with this commit) Compiles on FreeBSD and OpenBSD, tested on FreeBSD


* shuffle some functions around to make it easier to reply to a raw socket


* negative caching support, not all finished yet compiles on OpenBSD


* start development towards recursive lookups, the -r flag (for now) turns on the recursive mode and the "recurse-for" access list allows clients to be recursed. This doesn't work yet but I like the philosophy of commit early and commit often, till the next BETA tag anyhow. * this has the new compress_label() function in it


* change BUILD_REPLY macro to build_reply() function * fixed A and AAAA answers with tcp, this was a bug * bumped version to 3 in the configfile * added "wildcard-only-for" command to configfile where a slinked list determines who will be wildcarded for, much like a firewall rule * fixed getmask() function that wouldn't allow a rightshift of 32 * did the same for the getmask6 function * removed the -W flag * updated README, examples and manpage tested on FreeBSD, OpenBSD, Linux


* add a root "hint" RR, much like in BIND this is for the DNS root database a "hint" is like a "ns" RR only that it's never authoritative * fix a bug introduced in reply.c version 1.11 where in reply_ns() only 5 NS hosts could be served instead of 10. * instead of 10 RR's allow 20 and alias this as RECORD_COUNT, this allows all 13 root nameservers to be served now. * in reply_ns() compress NS answers, which we didn't do before.


* change struct domain to use pointers instead of having character arrays for every address. This saves memory and may speed things up a tad. Tested on OpenBSD, Ubuntu 64, FreeBSD 64


* TXT RR support tested on OpenBSD


* "delegate" records, these are ns records but intended for delegation which reply a NS differently than just a zones NS records. This problem was reported by Evgeniy Bogdanov last October, and I finally got the fix/time now. * Fix a few ntohs() to htons(). The problem wasn't seen on little endian machines but may have caused problems on big endian machines. I don't know. I just noticed this per eyeball, now.


* TCP support, this _may_ have a memory leak so it will have to be watched closely in a test environment first. compiles and runs on OpenBSD


* part 1 of merging TTLPATCH branch to HEAD


* merge the ROUNDROBIN tree into BETA_2/HEAD, the TTLPATCH branch is broken from merging by now just as a reminder. * A, AAAA and NS records now do round-robin'ing of records. This could slow down wildcarddnsd a little bit.