Revisions of pdns-recursor
Yuchen Lin (maxlin_factory)
accepted
request 1069901
from
Adam Majer (adamm)
(revision 7)
- update to 4.8.3 * Fix serve-stale logic to not cause intermittent high CPU load by: + correcting the removal of a negative cache entry, + correcting the serve-stale main loop regarding exception handling, + correctly handle negcache entries with serve-state status. - changes in version 4.8.2 * Make cache cleaning of record an negative cache more fair * Do not report “not decreasing socket buf size” as an error * Do not use “message” as key, it has a special meaning to systemd-journal * Add the ‘parse packet from auth’ error message to structured logging * Refresh of negcache stale entry might use wrong qtype * Do not chain ECS enabled queries * Properly encode json string containing binary data
Yuchen Lin (maxlin_factory)
accepted
request 1059963
from
Adam Majer (adamm)
(revision 6)
- update to 4.8.1 * Avoid unbounded recursion when retrieving DS records from some misconfigured domains. (bsc#1207342, CVE-2023-22617) - update to 4.8.0 with these major changes: * Structured Logging has been implemented for almost all subsystems. * Optional Serve Stale functionality has been implemented, providing resilience against connectivity problems towards authoritative servers. * Optional Record Locking has been implemented, providing an extra layer of protection against spoofing attempts at the price of reduced cache efficiency. * Internal tables used to track information about authoritative servers are now shared instead of per-thread, resulting in better performance and lower memory usage. * EDNS padding of outgoing DoT queries has been implemented, providing better privacy protection. * Metrics have been added about the protobuf and dnstap logging subsystems and the rcodes received from authoritative servers. - update to 4.7.4 * Fix compilation of the event ports multiplexer. #12046, PR#12231 * Correct skip record condition in processRecords. #12198, PR#12230 * Also consider recursive forward in the “forwarded DS should not end up in negCache code.” #12189, #12199, PR#12227 * Timout handling for IXFRs as a client. #12125, PR#12190 * Detect invalid bytes in makeBytesFromHex(). #12066, PR#12173 * Log invalid RPZ content when obtained via IXFR. #12081, PR#12171 * When an expired NSEC3 entry is seen, move it to the front of the expiry queue. #12038, PR#12168
Yuchen Lin (maxlin_factory)
accepted
request 1011716
from
Yuchen Lin (maxlin_factory)
(revision 5)
Automatically create request by update submitter.This is going to update package to openSUSE:Backports:SLE-15-SP5 from openSUSE:Factory.Please review this change and decline it if Leap do not need it.
Yuchen Lin (maxlin_factory)
committed
(revision 4)
branch from SP4 Backports
Yuchen Lin (maxlin_factory)
accepted
request 964873
from
Adam Majer (adamm)
(revision 3)
- update to 4.6.1 fixes incomplete validation of incoming IXFR transfer in the Recursor. It applies to setups retrieving one or more RPZ zones from a remote server if the network path to the server is not trusted. (bsc#1197525, CVE-2022-27227) - update to 4.6.0 Compared to the previous major (4.5) release of PowerDNS Recursor, this release contains several sets of changes: * The ability to flush records from the caches on a incoming notify requests. * A rewrite of the outgoing TCP code, adding both re-use of connections and support for DoT to authoritative servers or forwarders. * Many improvements in the area of metrics: more metrics are collected and more metrics are now exported in a Prometheus friendly way. * A new Zone to Cache function that will retrieve a zone (using AXFR, HTTP, HTTPS or a local file) periodically and insert the contents into the record cache, allowing the cache to be always hot for a zone. This can be used for the root or any other zone. * An experimental Event Tracing function, providing insight into the time taken by the steps in the process of resolving a name.
Yuchen Lin (maxlin_factory)
accepted
request 938320
from
Yuchen Lin (maxlin_factory)
(revision 2)
Automatically create request by update submitter. This is trying to update package to openSUSE:Backports:SLE-15-SP4 from openSUSE:Factory. Please review this change and decline it if Leap do not need it.
Wolfgang Engel (bigironman)
committed
(revision 1)
osc copypac from project:openSUSE:Backports:SLE-15-SP3 package:pdns-recursor revision:2
Displaying all 7 revisions