summaryrefslogtreecommitdiffstats
path: root/modules (follow)
Commit message (Collapse)AuthorAgeFilesLines
...
| * | lib/rules: implement redirect zonesVladimír Čunát2023-06-121-56/+0
| | | | | | | | | | | | | | | Also switch the localhost rule there, finishing migration of all special names from the policy module.
| * | hints: cleanup unused parts of codeVladimír Čunát2023-06-121-20/+4
| | |
| * | hints: implement PTR and imperfect deletion (no .get)Vladimír Čunát2023-06-121-220/+68
| | |
| * | hints: implement .use_nodata(true) and .ttlVladimír Čunát2023-06-123-7/+18
| | | | | | | | | | | | fixes modules/dns64 test
| * | make policy.PASS also affect the new-policy rulesVladimír Čunát2023-06-122-2/+5
| | |
| * | new policy engine - prototypeVladimír Čunát2023-06-123-198/+38
| | | | | | | | | | | | | | | | | | Picked up old work, rebase-squashed after many months; then fixed up a little as needed in this newer version. (and later many minor fixes got squashed in)
| * | Create branch 6.0 by merging master and managerVladimír Čunát2023-06-09103-298/+4
| |\ \ | | |/ | |/|
| | * Merge branch 'master' into managerVasek Sraier2023-01-1014-33/+19
| | |\
| | * | tests: remove tests/packagingJakub Ružička2022-09-27101-298/+0
| | | | | | | | | | | | | | | | | | | | | | | | Cleanup before introduction of new packaging tests. See: https://gitlab.nic.cz/knot/knot-resolver/-/issues/612
| | * | Merge branch 'master' into managerVasek Sraier2022-09-233-7/+6
| | |\ \
| | * \ \ Merge branch 'master' into managerVasek Sraier2022-08-0210-44/+144
| | |\ \ \
| | * | | | modules/stats: add answer.sum_ms metricVladimír Čunát2022-04-082-0/+4
| | | | | | | | | | | | | | | | | | | | | | | | FIXME: add a NEWS entry for this
| * | | | | hints docs: explain root hints betterVladimír Čunát2023-05-101-4/+4
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The removed tip seemed especially misleading; I don't think our root hints could've ever been used that way. And latency to root servers has practically no impact on latency of replies to reasonable answers (just like... once per day and TLD).
* | | | | | Merge remote-tracking branch 'origin/master' into daemon-refactor-2Oto Šťáva2023-03-1712-8/+17
|\| | | | |
| * | | | | view: fix destination-based matchingVladimír Čunát2023-03-101-1/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Apparently it's never worked since its introduction. .addr is non-nil exactly when .dst_addr is non-nil (which hapens iff the query originated externally). Now we have semantics which was probably intended by the original code (982162956a from 2016) but that semantics is still problematic if you need both kinds of matching in a single request from client. This matching by destination has never made it to docs, so let's just add this simple fixup for now, and later we'll steer users to new policy configuration anyway.
| * | | | | Fix building on CygwinChristopher Ng2023-03-0810-2/+15
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This commit adds support for building on Cygwin/MSYS2. Signed-off-by: Christopher Ng <facboy@gmail.com>
| * | | | | Revert "meson: use correct luajit includes from pkgconfig"Vladimír Čunát2023-03-086-7/+2
| | |_|_|/ | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This reverts commit 0b9524b7d6680f892671fc4e7a2e5c603848cf60. The hack shouldn't be needed anymore: https://github.com/Homebrew/homebrew-core/commit/4369052170f4360b7ad545f23b8a01a4ccb37683#diff-59a7902ada251dd9dba99b5bd323c1dba1d102d244ce766c06ce00097fb82e8fL71 This isn't an exact revert, but differences are minor.
* | | | | lib/cache, modules/ta_update: increase buffer size in testsOto Šťáva2023-03-172-0/+2
| | | | |
* | | | | daemon: basic implementation of TCP and UDP with protolayersOto Šťáva2023-01-261-2/+2
| | | | |
* | | | | daemon: refactor stage 1Oto Šťáva2023-01-263-11/+5
|/ / / /
* | | | predict: fully deactivate prediction with `period = 0`Vladimír Čunát2022-12-221-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | That setting is recommended by documentation but it would still leave the timer triggering repeatedly. Maybe it didn't cause any practical difference, but it was unnecessary and possibly confusing.
* | | | Copyright notices: remove years and replace e-mailOto Šťáva2022-12-148-8/+8
| | | |
* | | | TTL bounds: improve the logicVladimír Čunát2022-12-131-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | - apply to first (uncached) answer already - don't extend over signature validity Nit: the tests were using too high TTL (RFCs disallow the "sign bit"). It was working because (manual) cache-insertion was applying bounds, but now the bounds don't get applied anymore, so it would fail.
* | | | lib/cache: tweak TTL computation for packetsVladimír Čunát2022-12-131-7/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | When a whole packet is cached (instead of individual RRs), let's simplify the way the packet's TTL gets computed. The previous mechanism came from commit 5b383a2bb7, probably a misunderstanding of: https://datatracker.ietf.org/doc/html/rfc2308#section-5 Anyway, I see no motivation to do it, and this way we should get rid of some weird cases where we might extend TTL of some records, except if they were below the cache.min_ttl() setting (5s default).
* | | | policy.STUB: avoid applying aggressive DNSSEC denial proofsVladimír Čunát2022-12-061-14/+3
| | | | | | | | | | | | | | | | | | | | In particular, avoids unintentional NXDOMAIN on grafted subtrees. Consequently the users can drop 'NO_CACHE' flag and get caching.
* | | | policy.DEBUG_IF: don't trigger .REQTRACE unconditionallyVladimír Čunát2022-12-051-1/+1
| | | | | | | | | | | | | | | | | | | | I broke this in 54ab3f78 or closely around, so this never worked well since 5.4.1, and maybe structured logging (5.4.0) had related issues.
* | | | modules/dns64: add recommendation to also disable DNS64 via IPv4Tom Herbers2022-10-141-1/+4
| |_|/ |/| | | | | | | | | | | | | | | | | It's resonable to assume that people would also want to disable DNS64 for IPv4 source addresses if they only enable it for some IPv6 sources. Close https://github.com/CZ-NIC/knot-resolver/pull/83
* | | modules/renumber: fix renumber.name behaviourOto Šťáva2022-08-082-6/+5
| | | | | | | | | | | | | | | | | | Fixes #760. Also removes a warning in policy.REROUTE that is no longer true.
* | | modules/dnstap nit: silence a lint:tidy warningVladimír Čunát2022-08-011-1/+1
| |/ |/| | | | | https://gitlab.nic.cz/knot/knot-resolver/-/jobs/635837#L219
* | hints.add_hosts(): respect comments anywhere in a lineVladimír Čunát2022-07-071-3/+9
| |
* | hints tests: simple check of comment parsingVladimír Čunát2022-07-072-1/+2
| |
* | modules/priming: downgrade logs to 'info' levelVladimír Čunát2022-06-271-3/+3
| | | | | | | | | | When kresd starts without working internet connection, these would spam logs by default every 10 seconds, which doesn't seem useful.
* | modules/priming: don't warn against unloading itVladimír Čunát2022-06-271-2/+1
| | | | | | | | | | | | | | | | | | | | I can't see sufficient motivation here. The cache will be slightly less ready, but it's not often that you need to contact a root server. Most importantly, kresd must work well anyway, even with empty cache. Also, the compiled-in address set of root servers should be quite accurate - the NS set has never changed, and the last address change was five years ago with just one of 26 records changing.
* | renumber: fix incorrect masking of bytes after netmask boundaryOto Šťáva2022-06-091-1/+1
| | | | | | | | (we changed the original fix a bit)
* | renumber: test for arbitrary netmaskOto Šťáva2022-06-091-1/+7
| |
* | renumber: get rid of netmask limitation, now support any netmaskcronfy2022-06-092-19/+39
| | | | | | | | (with minor cleanups from vcunat)
* | meson nit: deal with warning about future of run_commandVladimír Čunát2022-06-011-1/+2
| | | | | | | | | | | | | | | | | | | | WARNING: You should add the boolean check kwarg to the run_command call. It currently defaults to false, but it will default to true in future releases of meson. See also: https://github.com/mesonbuild/meson/issues/9300 In almost all cases we already check the return code explicitly and throw a more descriptive message than what would be the default.
* | renumber: named local variables for readabilityOto Šťáva2022-06-011-5/+11
| |
* | renumber: add test for single IP rewriteOto Šťáva2022-06-011-0/+10
| |
* | renumber: document additions from the parent commitVladimír Čunát2022-05-301-1/+5
| |
* | renumber: allow renumbering a subnet to a single IPKonstantin Amelichev2022-05-301-3/+24
| | | | | | | | | | https://github.com/CZ-NIC/knot-resolver/pull/77 originally but changed by vcunat quite a bit.
* | modules/stats: use trie_t instead of map_tOto Šťáva2022-05-111-13/+39
|/
* modules/dns64: fix incorrect packet writes for cached packetsOto Šťáva2022-03-211-1/+1
| | | | Also change the return type of kr_pkt_has_dnssec() and lua's :dobit()
* predict docs: be more explicit about recommended useVladimír Čunát2022-03-141-3/+2
| | | | | | We're still run into people who thought that the example config is a suitable default. Example where it caused practical issues: https://lists.nic.cz/hyperkitty/list/knot-resolver-users@lists.nic.cz/thread/WQDJJ3LLEIZ5U3VVSCITW6DZPICW4L7U/
* policy docs: explain non-ASCII namesVladimír Čunát2022-03-141-2/+13
|
* modules/dnstap: improve UX for common errorsVladimír Čunát2022-02-282-5/+10
| | | | | The main thing is the "failed to open socket" message. But let's also elevate other fatal one-off logs to ERROR level.
* modules/dnstap: don't do anything on loading the moduleVladimír Čunát2022-02-281-1/+2
| | | | | | | | | | | Usually in configuration the module is loaded in a separate command from passing configuration to it. For dnstap this loading would immediately lead to opening the default socket path, even if the configuration actually specifies (a different) path later. Users can still force using the default by passing an empty table: `dnstap.config({})` or `modules = { dnstap = {}}` (though I doubt the utility of the default /tmp/dnstap.sock anyway)
* lib/resolve, modules: NO_ANSWER for not responding to clientsOto Šťáva2022-02-282-0/+17
|
* meson: minor cleanupTomas Krizek2022-01-132-2/+2
|
* policy docs: warn about filters and forwardingVladimír Čunát2022-01-111-0/+14
| | | | | We've been notified about possibility of "cache poisoning" this way, so let's document this drawback to make the expectations clearer.
generated by cgit v1.2.3 (git 2.39.1) at 2025-01-29 23:51:26 +0100