| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
| |
Thanks to Timo van Roermund for spotting this.
|
| |
|
| |
|
| |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
If there are multiple cache records with the same name but different
F_REVERSE and/or F_IMMORTAL flags, the code added in fe9a134b could
concievable break the REVERSE-FORWARD-IMMORTAL order invariant.
Reproducing this is damn near impossible, but it is responsible
for rare and otherwise inexplicable reversion between 2.87 and 2.88
which manifests itself as a cache internal error. All observed
cases have depended on DNSSEC being enabled, but the bug could in
theory manifest itself without DNSSEC
Thanks to Timo van Roermund for reporting the bug and huge
efforts to isolate it.
|
| |
|
| |
|
|
|
|
|
| |
This is code which should never run, but if it does,
we now log information useful for debugging.
|
|
|
|
| |
They are already in place for DHCPv4.
|
|
|
|
|
|
| |
If we detect that that reply from usptream is malformed,
transform it into a SERVFAIL reply before sending to the
original requestor.
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
When re-reading upstream servers from /etc/resolv.conf or other
sources that can change dnsmasq tries to avoid memory fragmentation by
re-using existing records that are being re-read unchanged. This
involves seaching all the server records for each new one installed.
During startup this search is pointless, and can cause long start
times with thousands of --server options because the work needed is
O(n^2). Handle this case more intelligently. Thanks to Ye Zhou for
spotting the problem and an initial patch.
|
| |
|
| |
|
| |
|
|
|
|
|
|
|
|
|
|
| |
The code added in6 c596f1cc1d92b2b90ef5ce043ace314eefa868b
fails to free the returned datastructures from gethostinfo()
because sdetails.hostinfo is used to loop through the addresses
and ends up NULL. In some libc implementations this results
in a SEGV when freeaddrinfo() is called.
Also fix FTBFS under BSD. Thanks to Johnny S. Lee for the bug report.
|
|
|
|
|
|
| |
Such a DS, as long as it is validated, should allow answers
in the domain is attests to be returned as unvalidated, and not
as a validation error.
|
|
|
|
|
|
|
|
| |
Use CryptoPro version of the hash function.
Handle the little-endian wire format of key data.
Get the wire order of S and R correct.
Note that Nettle version 3.6 or later is required for GOST support.
|
|
|
|
|
|
|
|
|
|
| |
This fixes a confusion if certain algorithms are not supported
because the version is the crypto library is too old. The validation
should be treated the same as for a completely unknown algorithm,
(ie return unverified answer) and not as a validation failure
(ie return SERVFAIL).
The algorithems affected are GOST and ED448.
|
| |
|
| |
|
| |
|
| |
|
|
|
|
|
|
|
|
| |
Also Dbus SetDomainServers method.
Revert getaddrinfo hints.ai_socktype to SOCK_DGRAM to eliminate
duplicating every address three times for DGRAM, STREAM and RAW
in the results.
|
| |
|
| |
|
| |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Saying we've "flushed x outdated entries" is confusing, since
the count is the total number of entries in the modified file,
most of which are going to get added straight back when the file
is re-read.
The log now looks like
dnsmasq: inotify: /tmp/dir/1 (new or modified)
dnsmasq: inotify: flushed 1 addresses read from /tmp/dir/1
dnsmasq: read /tmp/dir/1 - 2 addresses
which hopefully make it more obvious that /tmp/dir/1 contained one
address before, and now contains two.
|
| |
|
|
|
|
|
|
|
|
|
|
| |
1) Cosmetic: don't log the tags twice.
2) Functional. If a host has an old lease for a different address,
the rapid-commit will appear to work, but the old lease will
not be removed and the new lease will not be recorded, so
the client and server will have conflicting state, leading to
problems later.
|
| |
|
|
|
|
|
|
|
|
|
| |
A bug, introduced in 2.87, which could result in DNS
servers being removed from the configuration when reloading
server configuration from DBus, or re-reading /etc/resolv.conf
Only servers from the same source should be replaced, but some
servers from other sources (ie hard coded or another dynamic source)
could mysteriously disappear.
|
| |
|
|
|
|
| |
Initial patch from Dominik Derigs, re-written by Simon Kelley.
|
|
|
|
|
| |
Patch author Dominik Derigs <dl6er@dl6er.de> with subsequent bugfixes
and tweaks from Simon Kelley.
|
|
|
|
| |
These are 2.88 changes, but the branch merge put them unde 2.87.
|
|\ |
|
| | |
|
| |
| |
| |
| | |
Exclude DNSSEC entries from stale caching.
|
| | |
|
| |
| |
| |
| |
| | |
Use the first value, rather than initialising at zero,
which takes many queries to converge.
|
| | |
|
| | |
|