Commits

replicant process doesn't need UDP AXFR ports, those are for UDP and TCP

plug a file descriptor leak

plug more potential memory leakage. When we remove_rbt() and we can't find an rr as pointed to in an rrset, don't just return.. free the rrset and continue as there may be more data.

There is a circumstance where reply_refused() is called without having done any build_question() prior. The filter "" {} would core to this, this fixes it. This will be backported to 1.5.1.

a usleep makes it unnecessary slow, I guess it forces a context switch...

move computation of value up so that we don't waste time securing a lock.

add a sm_lock()/sm_unlock() convert all '*' lockings to these convert struct parsequestion imsg transfer to use shared memory, this should speed this up a little perhaps, not sure if it will be noticeable, the UDP and TCP parse childs share this memory region and so do several -n childs hopefully the shared memory segment is big enough.

simplify around sm_init (shared memory init) and sm_size...this saves a bit of code and is much easier to read.

big OOPS! Since the 7th at 8:05AM CEST dnssec was broken, this is the fix. I didn't check for all flag_rr()'s. This fixes commit: a0b7a6744b2bb1800a33d0c22a5aec064bccc021

update CHANGES - rdomain support in OpenBSD - fudgesize in forwarding mode for setting higher FUDGE value - ntphack in main daemon for allowing *.ntp.org through - setproctitle setting of an identifier for identifying a delphinusdnsd in systems that have multiple delphinusdnsd running

one more of the recent TODO's done

this allows an rdomain to be set on the main options and the forward options allowing for example: options "" { ... rdomain 1; } forward "" { ... rdomain 0; } This setup would allow a delphinusdnsd to answer on rdomain 1 interface but look up its info on rdomain 0. If forward has left out its rdomain 0; it will be in the same rdomain as options. Similarily if options has no rdomain but forward has rdomain 2; then I would thing that it looks up all data on rdomain 2. I don't use this setup yet, but may in the future.

forgot to add this. Here it is. the tsigpassname routines...

another one off my TODO list

Add tsigpassname option to the tsig options. This overrides the time of day and fudge check for certain domain names. It is good in case of pool.ntp.org for example. But beware as soon as this is used you must change the passphrase for the TSIG key in question, otherwise you invite a replay attack if the link was monitored. It is a cheap hack but does bypass the chicken-egg problem of DNS vs. NTP (which relies on DNS). This is a good hack for SBC's that don't have a real time clock.

add caa, rp and hinfo to RR list in manpage that was forgotten at 1.5.0 release add fudge option to forward options.

update copyrights to reflect the year 2021

make additional_tsig()'s fudge value variable, add a "fudge" keyword with value in the forwarding options (from 1 through 65535), set this value in forwarding additional_tsig(). This allows hosts who are preposterously out of time to temporarily raise their fudge window (at the cost of replay security)

attempt to shave some time off answering cache contents by flagging the RBT RBT_CACHE, which I just introduced. It may be a millisecond faster now.

oops, zonenumber has to be 0 - this fixes a caching problem

document option -I in the manpages

* fix up error messages that either used -i instead of -I or didn't have the correct wording. Spotted after last push/sync.

mark identstring as done

add the -I option to dddctl start/stop/restart and delphinusdnsd, this options allows one to identify a delphinusdnsd quickly either in process listing (ps) or by specifying -I identstring. This is good for environments where there is a lot of delphinusdnsd's running.

Here is a list of minor TODO's that I thought out over new years long weekend. The eventual direction for the 1.6.0 release is to have it ready to be run in a production environment with many delphinusdnsd's (a pod? :-))

remove mention of CVS, we changed to git/got on November 23rd, 2020

fix the last commit, it was too slow, this speeds it up by identifying what domainname is used as glue with match_zoneglue() because those are identified with 2 different zone numbers

enumerate every zone with a zonenumber, this is then later used to differentiate between glue data and zone data, unfortunately it also slows down the time to start in populate_zone(), but perhaps I can refine the alg later

TODO / Add windows portation work, move DNS Updates to the back (1.7.0 release) time permitting I'd do everything this year but I want to reflect some reality here too. I do want a windows port for another project (and work opportunity of mine).

Second wave of hunting for a memory leak. I nailed a big leak here. Introduce remove_rbt() function to remove an entire rbtree and underlying objects otherwise these pointers may just be dangling around. Update Copyright to 2021.

update copyright

find_rrset() returns with data, which needs to be static. First wave of safening around the forward process, looking for a memory leak.

copy the EDNS0 packetsize from query, reset all additional packets to 0

I wrote this a few hours before New Years 2021, finally get the chance to commit it. This moves compress_label() to util.c and hardens it and does a logic correction. I tested this for 4 days and it doesn't seem to have fallout.

split out two issues that were one in the todo

OpenBSD just changed its software checking for NULL, so we do the same. Thank you OpenBSD! The change is with getifaddrs()...

Remove $Id$ now that we're on git/got it doesn't make sense to keep this around. There is no real equivalent in git afaik, and after some research.

bump versions

take out IODINE functionality (it may make it back one day)

update README before 1.5.0 release

last commit was still wrong, I was trying to avoid what I have here now but it seems that's the only way.

attempt fixing last commit, I think I wasn't thinking right then...

up the debug a bit further while we're chasing a bug.

add example on how to create a ZSK and a KSK key and nothing else

put RFC 7858 (DNS over TLS) as a want/TODO for the forwarding mode.

Fix a segmentation fault. It just so happens that res can equal NULL in odd configs, in order to avoid a segfault, just continue here. Found the hard way by Ricardo M. Santos. tested on OpenBSD/amd64

update delphinusdnsd.conf(5) manpage for max-udp-payload option

add a max-udp-payload section in time for dns flag day 2020.

add a max-udp-payload option that is setable (defaults to 0xffff and will most likely always be overridden by edns0) that allows an operator to force udp sizes, just in case there is resolvers out there that don't do 1232 size by means of edns0. This makes us compliant to DNS Flag day 2020. https://dnsflagday.net/2020/ Tested on OpenBSD

do not reply AA on BADVERS