diff -Nru pdns-recursor-4.3.0/config.h.in pdns-recursor-4.3.1/config.h.in --- pdns-recursor-4.3.0/config.h.in 2020-03-02 12:50:21.000000000 +0000 +++ pdns-recursor-4.3.1/config.h.in 2020-05-08 09:56:26.000000000 +0000 @@ -24,6 +24,9 @@ /* Define to 1 if you have */ #undef HAVE_BOOST_CONTEXT_FCONTEXT_HPP +/* Define to 1 if you have */ +#undef HAVE_BOOST_CONTEXT_FIBER_HPP + /* Defined if the Boost filesystem library is available */ #undef HAVE_BOOST_FILESYSTEM diff -Nru pdns-recursor-4.3.0/configure pdns-recursor-4.3.1/configure --- pdns-recursor-4.3.0/configure 2020-03-02 12:50:20.000000000 +0000 +++ pdns-recursor-4.3.1/configure 2020-05-08 09:56:25.000000000 +0000 @@ -1,6 +1,6 @@ #! /bin/sh # Guess values for system-dependent variables and create Makefiles. -# Generated by GNU Autoconf 2.69 for pdns-recursor 4.3.0. +# Generated by GNU Autoconf 2.69 for pdns-recursor 4.3.1. # # # Copyright (C) 1992-1996, 1998-2012 Free Software Foundation, Inc. @@ -587,8 +587,8 @@ # Identity of this package. PACKAGE_NAME='pdns-recursor' PACKAGE_TARNAME='pdns-recursor' -PACKAGE_VERSION='4.3.0' -PACKAGE_STRING='pdns-recursor 4.3.0' +PACKAGE_VERSION='4.3.1' +PACKAGE_STRING='pdns-recursor 4.3.1' PACKAGE_BUGREPORT='' PACKAGE_URL='' @@ -1519,7 +1519,7 @@ # Omit some internal or obsolete options to make the list less imposing. # This message is too long to be a string in the A/UX 3.1 sh. cat <<_ACEOF -\`configure' configures pdns-recursor 4.3.0 to adapt to many kinds of systems. +\`configure' configures pdns-recursor 4.3.1 to adapt to many kinds of systems. Usage: $0 [OPTION]... [VAR=VALUE]... @@ -1590,7 +1590,7 @@ if test -n "$ac_init_help"; then case $ac_init_help in - short | recursive ) echo "Configuration of pdns-recursor 4.3.0:";; + short | recursive ) echo "Configuration of pdns-recursor 4.3.1:";; esac cat <<\_ACEOF @@ -1772,7 +1772,7 @@ test -n "$ac_init_help" && exit $ac_status if $ac_init_version; then cat <<\_ACEOF -pdns-recursor configure 4.3.0 +pdns-recursor configure 4.3.1 generated by GNU Autoconf 2.69 Copyright (C) 2012 Free Software Foundation, Inc. @@ -2365,7 +2365,7 @@ This file contains any messages produced by compilers while running configure, to aid debugging if configure makes a mistake. -It was created by pdns-recursor $as_me 4.3.0, which was +It was created by pdns-recursor $as_me 4.3.1, which was generated by GNU Autoconf 2.69. Invocation command line was $ $0 $@ @@ -3233,7 +3233,7 @@ # Define the identity of the package. PACKAGE='pdns-recursor' - VERSION='4.3.0' + VERSION='4.3.1' cat >>confdefs.h <<_ACEOF @@ -17479,7 +17479,7 @@ fi -echo "$as_me: this is boost.m4 serial 31" >&5 +echo "$as_me: this is boost.m4 serial 32" >&5 boost_save_IFS=$IFS boost_version_req=1.42 IFS=. @@ -18715,7 +18715,335 @@ LDFLAGS="$LDFLAGS $BOOST_THREAD_LDFLAGS" fi -if test $boost_major_version -ge 161; then +if test $boost_major_version -ge 169; then + +if test x"$boost_cv_inc_path" = xno; then + { $as_echo "$as_me:${as_lineno-$LINENO}: Boost not available, not searching for the Boost context library" >&5 +$as_echo "$as_me: Boost not available, not searching for the Boost context library" >&6;} +else +ac_ext=cpp +ac_cpp='$CXXCPP $CPPFLAGS' +ac_compile='$CXX -c $CXXFLAGS $CPPFLAGS conftest.$ac_ext >&5' +ac_link='$CXX -o conftest$ac_exeext $CXXFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' +ac_compiler_gnu=$ac_cv_cxx_compiler_gnu +if test x"no" = "xno"; then : + not_found_header='true' +fi +if test x"$boost_cv_inc_path" = xno; then + $not_found_header +else +ac_ext=cpp +ac_cpp='$CXXCPP $CPPFLAGS' +ac_compile='$CXX -c $CXXFLAGS $CPPFLAGS conftest.$ac_ext >&5' +ac_link='$CXX -o conftest$ac_exeext $CXXFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' +ac_compiler_gnu=$ac_cv_cxx_compiler_gnu +boost_save_CPPFLAGS=$CPPFLAGS +CPPFLAGS="$CPPFLAGS $BOOST_CPPFLAGS" +ac_fn_cxx_check_header_mongrel "$LINENO" "boost/context/fiber.hpp" "ac_cv_header_boost_context_fiber_hpp" "$ac_includes_default" +if test "x$ac_cv_header_boost_context_fiber_hpp" = xyes; then : + +$as_echo "#define HAVE_BOOST_CONTEXT_FIBER_HPP 1" >>confdefs.h + +else + $not_found_header +fi + + +CPPFLAGS=$boost_save_CPPFLAGS +ac_ext=cpp +ac_cpp='$CXXCPP $CPPFLAGS' +ac_compile='$CXX -c $CXXFLAGS $CPPFLAGS conftest.$ac_ext >&5' +ac_link='$CXX -o conftest$ac_exeext $CXXFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' +ac_compiler_gnu=$ac_cv_cxx_compiler_gnu +fi + +boost_save_CPPFLAGS=$CPPFLAGS +CPPFLAGS="$CPPFLAGS $BOOST_CPPFLAGS" +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for the Boost context library" >&5 +$as_echo_n "checking for the Boost context library... " >&6; } +if ${boost_cv_lib_context+:} false; then : + $as_echo_n "(cached) " >&6 +else + boost_cv_lib_context=no + case "" in #( + (mt | mt-) boost_mt=-mt; boost_rtopt=;; #( + (mt* | mt-*) boost_mt=-mt; boost_rtopt=`expr "X" : 'Xmt-*\(.*\)'`;; #( + (*) boost_mt=; boost_rtopt=;; + esac + if test $enable_static_boost = yes; then + boost_rtopt="s$boost_rtopt" + fi + # Find the proper debug variant depending on what we've been asked to find. + case $boost_rtopt in #( + (*d*) boost_rt_d=$boost_rtopt;; #( + (*[sgpn]*) # Insert the `d' at the right place (in between `sg' and `pn') + boost_rt_d=`echo "$boost_rtopt" | sed 's/\(s*g*\)\(p*n*\)/\1\2/'`;; #( + (*) boost_rt_d='-d';; + esac + # If the PREFERRED-RT-OPT are not empty, prepend a `-'. + test -n "$boost_rtopt" && boost_rtopt="-$boost_rtopt" + $boost_guess_use_mt && boost_mt=-mt + # Look for the abs path the static archive. + # $libext is computed by Libtool but let's make sure it's non empty. + test -z "$libext" && + as_fn_error $? "the libext variable is empty, did you invoke Libtool?" "$LINENO" 5 + boost_save_ac_objext=$ac_objext + # Generate the test file. + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +#include + +int +main () +{ + +namespace ctx=boost::context; +int a; +ctx::fiber source{[&a](ctx::fiber&& sink){ + a=0; + int b=1; + for(;;){ + sink=std::move(sink).resume(); + int next=a+b; + a=b; + b=next; + } + return std::move(sink); +}}; +for (int j=0;j<10;++j) { + source=std::move(source).resume(); +} +return a == 34; + + ; + return 0; +} +_ACEOF + if ac_fn_cxx_try_compile "$LINENO"; then : + ac_objext=do_not_rm_me_plz +else + if test x"no" != x"no"; then : + + as_fn_error $? "cannot compile a test that uses Boost context" "$LINENO" 5 + +fi + +fi +rm -f core conftest.err conftest.$ac_objext + ac_objext=$boost_save_ac_objext + boost_failed_libs= +# Don't bother to ident the following nested for loops, only the 2 +# innermost ones matter. +for boost_lib_ in context; do +for boost_tag_ in -$boost_cv_lib_tag ''; do +for boost_ver_ in -$boost_cv_lib_version ''; do +for boost_mt_ in $boost_mt -mt ''; do +for boost_rtopt_ in $boost_rtopt '' -d; do + for boost_full_suffix in \ + $boost_last_suffix \ + x$boost_tag_$boost_mt_$boost_rtopt_$boost_ver_ \ + x$boost_tag_$boost_rtopt_$boost_ver_ \ + x$boost_tag_$boost_mt_$boost_ver_ \ + x$boost_tag_$boost_ver_ + do + boost_real_suffix=`echo "$boost_full_suffix" | sed 's/^x//'` + boost_lib="boost_$boost_lib_$boost_real_suffix" + # Avoid testing twice the same lib + case $boost_failed_libs in #( + (*@$boost_lib@*) continue;; + esac + # If with_boost is empty, we'll search in /lib first, which is not quite + # right so instead we'll try to a location based on where the headers are. + boost_tmp_lib=$with_boost + test x"$with_boost" = x && boost_tmp_lib=${boost_cv_inc_path%/include} + for boost_ldpath in "$boost_tmp_lib/lib" '' \ + /opt/local/lib* /usr/local/lib* /opt/lib* /usr/lib* \ + "$with_boost" C:/Boost/lib /lib* + do + # Don't waste time with directories that don't exist. + if test x"$boost_ldpath" != x && test ! -e "$boost_ldpath"; then + continue + fi + boost_save_LDFLAGS=$LDFLAGS + # Are we looking for a static library? + case $boost_ldpath:$boost_rtopt_ in #( + (*?*:*s*) # Yes (Non empty boost_ldpath + s in rt opt) + boost_cv_lib_context_LIBS="$boost_ldpath/lib$boost_lib.$libext" + test -e "$boost_cv_lib_context_LIBS" || continue;; #( + (*) # No: use -lboost_foo to find the shared library. + boost_cv_lib_context_LIBS="-l$boost_lib";; + esac + boost_save_LIBS=$LIBS + LIBS="$boost_cv_lib_context_LIBS $LIBS" + test x"$boost_ldpath" != x && LDFLAGS="$LDFLAGS -L$boost_ldpath" + rm -f conftest$ac_exeext +boost_save_ac_ext=$ac_ext +boost_use_source=: +# If we already have a .o, re-use it. We change $ac_ext so that $ac_link +# tries to link the existing object file instead of compiling from source. +test -f conftest.$ac_objext && ac_ext=$ac_objext && boost_use_source=false && + $as_echo "$as_me:${as_lineno-$LINENO}: re-using the existing conftest.$ac_objext" >&5 +if { { ac_try="$ac_link" +case "(($ac_try" in + *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; + *) ac_try_echo=$ac_try;; +esac +eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" +$as_echo "$ac_try_echo"; } >&5 + (eval "$ac_link") 2>conftest.err + ac_status=$? + if test -s conftest.err; then + grep -v '^ *+' conftest.err >conftest.er1 + cat conftest.er1 >&5 + mv -f conftest.er1 conftest.err + fi + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; } && { + test -z "$ac_cxx_werror_flag" || + test ! -s conftest.err + } && test -s conftest$ac_exeext && { + test "$cross_compiling" = yes || + $as_executable_p conftest$ac_exeext + }; then : + boost_cv_lib_context=yes +else + if $boost_use_source; then + $as_echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + + fi + boost_cv_lib_context=no +fi +ac_objext=$boost_save_ac_objext +ac_ext=$boost_save_ac_ext +rm -f core conftest.err conftest_ipa8_conftest.oo \ + conftest$ac_exeext + ac_objext=$boost_save_ac_objext + LDFLAGS=$boost_save_LDFLAGS + LIBS=$boost_save_LIBS + if test x"$boost_cv_lib_context" = xyes; then + # Check or used cached result of whether or not using -R or + # -rpath makes sense. Some implementations of ld, such as for + # Mac OSX, require -rpath but -R is the flag known to work on + # other systems. https://github.com/tsuna/boost.m4/issues/19 + if ${boost_cv_rpath_link_ldflag+:} false; then : + $as_echo_n "(cached) " >&6 +else + case $boost_ldpath in + '') # Nothing to do. + boost_cv_rpath_link_ldflag= + boost_rpath_link_ldflag_found=yes;; + *) + for boost_cv_rpath_link_ldflag in -Wl,-R, -Wl,-rpath,; do + LDFLAGS="$boost_save_LDFLAGS -L$boost_ldpath $boost_cv_rpath_link_ldflag$boost_ldpath" + LIBS="$boost_cv_lib_context_LIBS $boost_save_LIBS" + rm -f conftest$ac_exeext +boost_save_ac_ext=$ac_ext +boost_use_source=: +# If we already have a .o, re-use it. We change $ac_ext so that $ac_link +# tries to link the existing object file instead of compiling from source. +test -f conftest.$ac_objext && ac_ext=$ac_objext && boost_use_source=false && + $as_echo "$as_me:${as_lineno-$LINENO}: re-using the existing conftest.$ac_objext" >&5 +if { { ac_try="$ac_link" +case "(($ac_try" in + *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; + *) ac_try_echo=$ac_try;; +esac +eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" +$as_echo "$ac_try_echo"; } >&5 + (eval "$ac_link") 2>conftest.err + ac_status=$? + if test -s conftest.err; then + grep -v '^ *+' conftest.err >conftest.er1 + cat conftest.er1 >&5 + mv -f conftest.er1 conftest.err + fi + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; } && { + test -z "$ac_cxx_werror_flag" || + test ! -s conftest.err + } && test -s conftest$ac_exeext && { + test "$cross_compiling" = yes || + $as_executable_p conftest$ac_exeext + }; then : + boost_rpath_link_ldflag_found=yes + break +else + if $boost_use_source; then + $as_echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + + fi + boost_rpath_link_ldflag_found=no +fi +ac_objext=$boost_save_ac_objext +ac_ext=$boost_save_ac_ext +rm -f core conftest.err conftest_ipa8_conftest.oo \ + conftest$ac_exeext + done + ;; + esac + if test "x$boost_rpath_link_ldflag_found" != "xyes"; then : + as_fn_error $? "Unable to determine whether to use -R or -rpath" "$LINENO" 5 +fi + LDFLAGS=$boost_save_LDFLAGS + LIBS=$boost_save_LIBS + +fi + + test x"$boost_ldpath" != x && + boost_cv_lib_context_LDFLAGS="-L$boost_ldpath $boost_cv_rpath_link_ldflag$boost_ldpath" + boost_cv_lib_context_LDPATH="$boost_ldpath" + boost_last_suffix="$boost_full_suffix" + break 7 + else + boost_failed_libs="$boost_failed_libs@$boost_lib@" + fi + done + done +done +done +done +done +done # boost_lib_ +rm -f conftest.$ac_objext + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $boost_cv_lib_context" >&5 +$as_echo "$boost_cv_lib_context" >&6; } +case $boost_cv_lib_context in #( + (yes) $as_echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + + +$as_echo "#define HAVE_BOOST_CONTEXT 1" >>confdefs.h + BOOST_CONTEXT_LDFLAGS=$boost_cv_lib_context_LDFLAGS + BOOST_CONTEXT_LDPATH=$boost_cv_lib_context_LDPATH + BOOST_LDPATH=$boost_cv_lib_context_LDPATH + BOOST_CONTEXT_LIBS=$boost_cv_lib_context_LIBS + ;; + (no) $as_echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + + if test x"no" != "xno"; then : + + as_fn_error $? "cannot find flags to link with the Boost context library (libboost-context)" "$LINENO" 5 + +fi + ;; +esac +CPPFLAGS=$boost_save_CPPFLAGS +ac_ext=cpp +ac_cpp='$CXXCPP $CPPFLAGS' +ac_compile='$CXX -c $CXXFLAGS $CPPFLAGS conftest.$ac_ext >&5' +ac_link='$CXX -o conftest$ac_exeext $CXXFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' +ac_compiler_gnu=$ac_cv_cxx_compiler_gnu +fi + + +elif test $boost_major_version -ge 161; then + if test x"$boost_cv_inc_path" = xno; then { $as_echo "$as_me:${as_lineno-$LINENO}: Boost not available, not searching for the Boost context library" >&5 $as_echo "$as_me: Boost not available, not searching for the Boost context library" >&6;} @@ -25063,7 +25391,7 @@ # report actual input values of CONFIG_FILES etc. instead of their # values after options handling. ac_log=" -This file was extended by pdns-recursor $as_me 4.3.0, which was +This file was extended by pdns-recursor $as_me 4.3.1, which was generated by GNU Autoconf 2.69. Invocation command line was CONFIG_FILES = $CONFIG_FILES @@ -25129,7 +25457,7 @@ cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`" ac_cs_version="\\ -pdns-recursor config.status 4.3.0 +pdns-recursor config.status 4.3.1 configured by $0, generated by GNU Autoconf 2.69, with options \\"\$ac_cs_config\\" diff -Nru pdns-recursor-4.3.0/configure.ac pdns-recursor-4.3.1/configure.ac --- pdns-recursor-4.3.0/configure.ac 2020-03-02 12:50:08.000000000 +0000 +++ pdns-recursor-4.3.1/configure.ac 2020-05-08 09:56:13.000000000 +0000 @@ -1,6 +1,6 @@ AC_PREREQ([2.61]) -AC_INIT([pdns-recursor], [4.3.0]) +AC_INIT([pdns-recursor], [4.3.1]) AC_CONFIG_AUX_DIR([build-aux]) AM_INIT_AUTOMAKE([foreign dist-bzip2 no-dist-gzip tar-ustar -Wno-portability subdir-objects parallel-tests 1.11]) AM_SILENT_RULES([yes]) diff -Nru pdns-recursor-4.3.0/debian/changelog pdns-recursor-4.3.1/debian/changelog --- pdns-recursor-4.3.0/debian/changelog 2020-05-01 21:54:26.000000000 +0000 +++ pdns-recursor-4.3.1/debian/changelog 2020-05-19 16:14:57.000000000 +0000 @@ -1,3 +1,10 @@ +pdns-recursor (4.3.1-1) unstable; urgency=medium + + * New upstream version 4.3.1, includes fixes for security issues + CVE-2020-10995, CVE-2020-12244, CVE-2020-10030. + + -- Chris Hofstaedtler Tue, 19 May 2020 16:14:57 +0000 + pdns-recursor (4.3.0-2) unstable; urgency=medium * Stop embedding version in shipped config file diff -Nru pdns-recursor-4.3.0/effective_tld_names.dat pdns-recursor-4.3.1/effective_tld_names.dat --- pdns-recursor-4.3.0/effective_tld_names.dat 2020-03-02 12:52:19.000000000 +0000 +++ pdns-recursor-4.3.1/effective_tld_names.dat 2020-05-08 09:46:58.000000000 +0000 @@ -79,7 +79,6 @@ express.aero federation.aero flight.aero -freight.aero fuel.aero gliding.aero government.aero @@ -213,6 +212,7 @@ co.at gv.at or.at +sth.ac.at // au : https://en.wikipedia.org/wiki/.au // http://www.auda.org.au/ @@ -719,11 +719,13 @@ *.ck !www.ck -// cl : https://en.wikipedia.org/wiki/.cl +// cl : https://www.nic.cl +// Confirmed by .CL registry cl -gov.cl -gob.cl +aprendemas.cl co.cl +gob.cl +gov.cl mil.cl // cm : https://en.wikipedia.org/wiki/.cm plus bug 981927 @@ -6519,7 +6521,7 @@ k12.or.us k12.pa.us k12.pr.us -k12.ri.us +// k12.ri.us Removed at request of Kim Cournoyer k12.sc.us // k12.sd.us Bug 934131 - Removed at request of James Booze k12.tn.us @@ -7090,7 +7092,7 @@ // newGTLDs -// List of new gTLDs imported from https://www.icann.org/resources/registries/gtlds/v2/gtlds.json on 2020-02-25T18:19:40Z +// List of new gTLDs imported from https://www.icann.org/resources/registries/gtlds/v2/gtlds.json on 2020-05-06T16:23:34Z // This list is auto-generated, don't edit it manually. // aaa : 2015-02-26 American Automobile Association, Inc. aaa @@ -7212,7 +7214,7 @@ // alstom : 2015-07-30 ALSTOM alstom -// amazon : 2019-12-19 Amazon EU S.à r.l. +// amazon : 2019-12-19 Amazon Registry Services, Inc. amazon // americanexpress : 2015-07-31 American Express Travel Related Services Company, Inc. @@ -7239,7 +7241,7 @@ // android : 2014-08-07 Charleston Road Registry Inc. android -// anquan : 2015-01-08 QIHOO 360 TECHNOLOGY CO. LTD. +// anquan : 2015-01-08 Beijing Qihu Keji Co., Ltd. anquan // anz : 2015-07-31 Australia and New Zealand Banking Group Limited @@ -9093,9 +9095,6 @@ // nab : 2015-08-20 National Australia Bank Limited nab -// nadex : 2014-12-11 Nadex Domains, Inc. -nadex - // nagoya : 2013-10-24 GMO Registry, Inc. nagoya @@ -9750,7 +9749,7 @@ // shopping : 2016-03-31 Binky Moon, LLC shopping -// shouji : 2015-01-08 QIHOO 360 TECHNOLOGY CO. LTD. +// shouji : 2015-01-08 Beijing Qihu Keji Co., Ltd. shouji // show : 2015-03-05 Binky Moon, LLC @@ -10173,9 +10172,6 @@ // vision : 2013-12-05 Binky Moon, LLC vision -// vistaprint : 2014-09-18 Vistaprint Limited -vistaprint - // viva : 2014-11-07 Saudi Telecom Company viva @@ -10317,7 +10313,7 @@ // xfinity : 2015-07-09 Comcast IP Holdings I, LLC xfinity -// xihuan : 2015-01-08 QIHOO 360 TECHNOLOGY CO. LTD. +// xihuan : 2015-01-08 Beijing Qihu Keji Co., Ltd. xihuan // xin : 2014-12-11 Elegant Leader Limited @@ -10353,7 +10349,7 @@ // xn--45q11c : 2013-11-21 Zodiac Gemini Ltd 八卦 -// xn--4gbrim : 2013-10-04 Suhub Electronic Establishment +// xn--4gbrim : 2013-10-04 Fans TLD Limited موقع // xn--55qw42g : 2013-11-08 China Organizational Name Administration Center @@ -10413,7 +10409,7 @@ // xn--cck2b3b : 2015-02-26 Amazon Registry Services, Inc. ストア -// xn--cckwcxetd : 2019-12-19 Amazon EU S.à r.l. +// xn--cckwcxetd : 2019-12-19 Amazon Registry Services, Inc. アマゾン // xn--cg4bki : 2013-09-27 SAMSUNG SDS CO., LTD @@ -10437,9 +10433,6 @@ // xn--efvy88h : 2014-08-22 Guangzhou YU Wei Information Technology Co., Ltd. 新闻 -// xn--estv75g : 2015-02-19 Industrial and Commercial Bank of China Limited -工行 - // xn--fct429k : 2015-04-09 Amazon Registry Services, Inc. 家電 @@ -10485,7 +10478,7 @@ // xn--j1aef : 2015-01-15 VeriSign Sarl ком -// xn--jlq480n2rg : 2019-12-19 Amazon EU S.à r.l. +// xn--jlq480n2rg : 2019-12-19 Amazon Registry Services, Inc. 亚马逊 // xn--jlq61u9w7b : 2015-01-08 Nokia Corporation @@ -10641,7 +10634,7 @@ // youtube : 2014-05-01 Charleston Road Registry Inc. youtube -// yun : 2015-01-08 QIHOO 360 TECHNOLOGY CO. LTD. +// yun : 2015-01-08 Beijing Qihu Keji Co., Ltd. yun // zappos : 2015-06-25 Amazon Registry Services, Inc. @@ -10987,6 +10980,10 @@ *.lcl.dev *.stg.dev +// Clic2000 : https://clic2000.fr +// Submitted by Mathilde Blanchemanche +clic2000.net + // Cloud66 : https://www.cloud66.com/ // Submitted by Khash Sajadi c66.me @@ -11102,6 +11099,10 @@ // Submitted by Jonathan Rudenberg cupcake.is +// Curv UG : https://curv-labs.de/ +// Submitted by Marvin Wiesner +curv.dev + // Customer OCI - Oracle Dyn https://cloud.oracle.com/home https://dyn.com/dns/ // Submitted by Gregory Drake // Note: This is intended to also include customer-oci.com due to wildcards implicitly including the current label @@ -11137,6 +11138,10 @@ reg.dk store.dk +// dappnode.io : https://dappnode.io/ +// Submitted by Abel Boldu / DAppNode Team +dyndns.dappnode.io + // dapps.earth : https://dapps.earth/ // Submitted by Daniil Burdakov *.dapps.earth @@ -11619,6 +11624,10 @@ mymailer.com.tw url.tw +// Fabrica Technologies, Inc. : https://www.fabrica.dev/ +// Submitted by Eric Jiang +onfabrica.com + // Facebook, Inc. // Submitted by Peter Ruibal apps.fbsbx.com @@ -11721,6 +11730,10 @@ // Submitted by Likhachev Vasiliy fastpanel.direct fastvps-server.com +myfast.space +myfast.host +fastvps.site +fastvps.host // Featherhead : https://featherhead.xyz/ // Submitted by Simon Menke @@ -11734,6 +11747,13 @@ app.os.fedoraproject.org app.os.stg.fedoraproject.org +// FearWorks Media Ltd. : https://fearworksmedia.co.uk +// submitted by Keith Fairley +conn.uk +copro.uk +couk.me +ukco.me + // Fermax : https://fermax.com/ // submitted by Koen Van Isterdael mydobiss.com @@ -11754,7 +11774,6 @@ // Flynn : https://flynn.io // Submitted by Jonathan Rudenberg -flynnhub.com flynnhosting.net // Frederik Braun https://frederik-braun.com @@ -11926,6 +11945,10 @@ withgoogle.com withyoutube.com +// Aaron Marais' Gitlab pages: https://lab.aaronleem.co.za +// Submitted by Aaron Marais +graphox.us + // Group 53, LLC : https://www.group53.com // Submitted by Tyler Todd awsmppl.com @@ -12056,8 +12079,9 @@ ipifony.net // IServ GmbH : https://iserv.eu -// Submitted by Kim-Alexander Brodowski +// Submitted by Kim-Alexander Brodowski mein-iserv.de +schulserver.de test-iserv.de iserv.dev @@ -12243,8 +12267,8 @@ co.pl // Microsoft Corporation : http://microsoft.com -// Submitted by Justin Luk -azurecontainer.io +// Submitted by Mostafa Elzeiny +*.azurecontainer.io azurewebsites.net azure-mobile.net cloudapp.net @@ -12290,6 +12314,7 @@ // Netlify : https://www.netlify.com // Submitted by Jessica Parsons bitballoon.com +netlify.app netlify.com // Neustar Inc. @@ -12447,12 +12472,13 @@ nyc.mn // NymNom : https://nymnom.com/ -// Submitted by Dave McCormack +// Submitted by NymNom nom.ae nom.af nom.ai nom.al nym.by +nom.bz nym.bz nom.cl nym.ec @@ -12474,6 +12500,7 @@ nym.li nym.lt nym.lu +nom.lv nym.me nom.mk nym.mn @@ -12581,6 +12608,12 @@ *.platform.sh *.platformsh.site +// Platter: https://platter.dev +// Submitted by Patrick Flor +platter-app.com +platter-app.dev +platterp.us + // Port53 : https://port53.io/ // Submitted by Maximilian Schieder dyn53.io @@ -12762,6 +12795,10 @@ // Submitted by Craig McMahon shopitsite.com +// shopware AG : https://shopware.com +// Submitted by Jens Küper +shopware.store + // Siemens Mobility GmbH // Submitted by Oliver Graebner mo-siemens.io @@ -12794,6 +12831,10 @@ dev.static.land sites.static.land +// Sony Interactive Entertainment LLC : https://sie.com/ +// Submitted by David Coles +playstation-cloud.com + // SourceLair PC : https://www.sourcelair.com // Submitted by Antonis Kalipetis apps.lair.io @@ -12968,6 +13009,11 @@ virtualuser.de virtual-user.de +// urown.net : https://urown.net +// Submitted by Hostmaster +urown.cloud +dnsupdate.info + // .US // Submitted by Ed Moore lib.de.us @@ -13011,8 +13057,15 @@ remotewd.com // Wikimedia Labs : https://wikitech.wikimedia.org -// Submitted by Yuvi Panda +// Submitted by Arturo Borrero Gonzalez wmflabs.org +toolforge.org +wmcloud.org + +// WISP : https://wisp.gg +// Submitted by Stepan Fedotov +panel.gg +daemon.panel.gg // WoltLab GmbH : https://www.woltlab.com // Submitted by Tim Düsterhus @@ -13084,7 +13137,10 @@ // Submitted by Emil Stahl basicserver.io virtualserver.io -site.builder.nu enterprisecloud.nu +// Mintere : https://mintere.com/ +// Submitted by Ben Aubin +mintere.site + // ===END PRIVATE DOMAINS=== diff -Nru pdns-recursor-4.3.0/m4/boost.m4 pdns-recursor-4.3.1/m4/boost.m4 --- pdns-recursor-4.3.0/m4/boost.m4 2020-03-02 12:49:54.000000000 +0000 +++ pdns-recursor-4.3.1/m4/boost.m4 2020-03-25 14:50:55.000000000 +0000 @@ -22,7 +22,7 @@ # along with this program. If not, see . m4_define([_BOOST_SERIAL], [m4_translit([ -# serial 31 +# serial 32 ], [# ], [])]) @@ -666,6 +666,8 @@ # * The implementation details were moved to boost::context::detail in 1.61.0 # * 1.61 also introduces execution_context_v2, which is the "lowest common # denominator" for boost::context presence since then. +# * boost::context::fiber was introduced in 1.69 and execution_context_v2 was +# removed in 1.72 BOOST_DEFUN([Context], [boost_context_save_LIBS=$LIBS boost_context_save_LDFLAGS=$LDFLAGS @@ -676,7 +678,31 @@ LDFLAGS="$LDFLAGS $BOOST_THREAD_LDFLAGS" fi -if test $boost_major_version -ge 161; then +if test $boost_major_version -ge 169; then + +BOOST_FIND_LIB([context], [$1], + [boost/context/fiber.hpp], [[ +namespace ctx=boost::context; +int a; +ctx::fiber source{[&a](ctx::fiber&& sink){ + a=0; + int b=1; + for(;;){ + sink=std::move(sink).resume(); + int next=a+b; + a=b; + b=next; + } + return std::move(sink); +}}; +for (int j=0;j<10;++j) { + source=std::move(source).resume(); +} +return a == 34; +]], [], [], [$2]) + +elif test $boost_major_version -ge 161; then + BOOST_FIND_LIB([context], [$1], [boost/context/execution_context_v2.hpp], [[ namespace ctx=boost::context; diff -Nru pdns-recursor-4.3.0/pdns_recursor.1 pdns-recursor-4.3.1/pdns_recursor.1 --- pdns-recursor-4.3.0/pdns_recursor.1 2020-03-02 12:52:19.000000000 +0000 +++ pdns-recursor-4.3.1/pdns_recursor.1 2020-05-08 09:49:09.000000000 +0000 @@ -1,6 +1,6 @@ .\" Man page generated from reStructuredText. . -.TH "PDNS_RECURSOR" "1" "Mar 02, 2020" "" "PowerDNS Recursor" +.TH "PDNS_RECURSOR" "1" "May 08, 2020" "" "PowerDNS Recursor" .SH NAME pdns_recursor \- The PowerDNS Recursor binary . diff -Nru pdns-recursor-4.3.0/pdns_recursor.cc pdns-recursor-4.3.1/pdns_recursor.cc --- pdns-recursor-4.3.0/pdns_recursor.cc 2020-03-02 12:49:54.000000000 +0000 +++ pdns-recursor-4.3.1/pdns_recursor.cc 2020-05-08 09:31:59.000000000 +0000 @@ -3984,6 +3984,7 @@ SyncRes::s_serverdownthrottletime=::arg().asNum("server-down-throttle-time"); SyncRes::s_serverID=::arg()["server-id"]; SyncRes::s_maxqperq=::arg().asNum("max-qperq"); + SyncRes::s_maxnsaddressqperq=::arg().asNum("max-ns-address-qperq"); SyncRes::s_maxtotusec=1000*::arg().asNum("max-total-msec"); SyncRes::s_maxdepth=::arg().asNum("max-recursion-depth"); SyncRes::s_rootNXTrust = ::arg().mustDo( "root-nx-trust"); @@ -4737,6 +4738,7 @@ ::arg().set("edns-outgoing-bufsize", "Outgoing EDNS buffer size")="1232"; ::arg().set("minimum-ttl-override", "Set under adverse conditions, a minimum TTL")="0"; ::arg().set("max-qperq", "Maximum outgoing queries per query")="60"; + ::arg().set("max-ns-address-qperq", "Maximum outgoing NS address queries per query")="10"; ::arg().set("max-total-msec", "Maximum total wall-clock time per query in milliseconds, 0 for unlimited")="7000"; ::arg().set("max-recursion-depth", "Maximum number of internal recursion calls per query, 0 for unlimited")="40"; ::arg().set("max-udp-queries-per-round", "Maximum number of UDP queries processed per recvmsg() round, before returning back to normal processing")="10000"; diff -Nru pdns-recursor-4.3.0/pubsuffix.cc pdns-recursor-4.3.1/pubsuffix.cc --- pdns-recursor-4.3.0/pubsuffix.cc 2020-03-02 12:52:19.000000000 +0000 +++ pdns-recursor-4.3.1/pubsuffix.cc 2020-05-08 09:48:49.000000000 +0000 @@ -57,7 +57,6 @@ "express.aero", "federation.aero", "flight.aero", -"freight.aero", "fuel.aero", "gliding.aero", "government.aero", @@ -152,6 +151,7 @@ "co.at", "gv.at", "or.at", +"sth.ac.at", "com.au", "net.au", "org.au", @@ -519,13 +519,15 @@ "net.ci", "go.ci", "asso.ci", +"aéroport.ci", "int.ci", "presse.ci", "md.ci", "gouv.ci", -"gov.cl", -"gob.cl", +"aprendemas.cl", "co.cl", +"gob.cl", +"gov.cl", "mil.cl", "co.cm", "com.cm", @@ -961,7 +963,9 @@ "tos.it", "toscana.it", "trentin-sud-tirol.it", +"trentin-süd-tirol.it", "trentin-sudtirol.it", +"trentin-südtirol.it", "trentin-sued-tirol.it", "trentin-suedtirol.it", "trentino-a-adige.it", @@ -971,7 +975,9 @@ "trentino-s-tirol.it", "trentino-stirol.it", "trentino-sud-tirol.it", +"trentino-süd-tirol.it", "trentino-sudtirol.it", +"trentino-südtirol.it", "trentino-sued-tirol.it", "trentino-suedtirol.it", "trentino.it", @@ -982,11 +988,15 @@ "trentinos-tirol.it", "trentinostirol.it", "trentinosud-tirol.it", +"trentinosüd-tirol.it", "trentinosudtirol.it", +"trentinosüdtirol.it", "trentinosued-tirol.it", "trentinosuedtirol.it", "trentinsud-tirol.it", +"trentinsüd-tirol.it", "trentinsudtirol.it", +"trentinsüdtirol.it", "trentinsued-tirol.it", "trentinsuedtirol.it", "tuscany.it", @@ -1003,9 +1013,13 @@ "valled-aosta.it", "valledaosta.it", "vallee-aoste.it", +"vallée-aoste.it", "vallee-d-aoste.it", +"vallée-d-aoste.it", "valleeaoste.it", +"valléeaoste.it", "valleedaoste.it", +"valléedaoste.it", "vao.it", "vda.it", "ven.it", @@ -1038,6 +1052,7 @@ "avellino.it", "ba.it", "balsan-sudtirol.it", +"balsan-südtirol.it", "balsan-suedtirol.it", "balsan.it", "bari.it", @@ -1056,6 +1071,7 @@ "bolzano-altoadige.it", "bolzano.it", "bozen-sudtirol.it", +"bozen-südtirol.it", "bozen-suedtirol.it", "bozen.it", "br.it", @@ -1064,6 +1080,7 @@ "bs.it", "bt.it", "bulsan-sudtirol.it", +"bulsan-südtirol.it", "bulsan-suedtirol.it", "bulsan.it", "bz.it", @@ -1083,7 +1100,9 @@ "cb.it", "ce.it", "cesena-forli.it", +"cesena-forlì.it", "cesenaforli.it", +"cesenaforlì.it", "ch.it", "chieti.it", "ci.it", @@ -1114,7 +1133,9 @@ "fm.it", "foggia.it", "forli-cesena.it", +"forlì-cesena.it", "forlicesena.it", +"forlìcesena.it", "fr.it", "frosinone.it", "ge.it", @@ -1245,6 +1266,7 @@ "sr.it", "ss.it", "suedtirol.it", +"südtirol.it", "sv.it", "ta.it", "taranto.it", @@ -3388,11 +3410,13 @@ "community.museum", "computer.museum", "computerhistory.museum", +"comunicações.museum", "contemporary.museum", "contemporaryart.museum", "convent.museum", "copenhagen.museum", "corporation.museum", +"correios-e-telecomunicações.museum", "corvette.museum", "costume.museum", "countryestate.museum", @@ -3541,6 +3565,7 @@ "lancashire.museum", "landes.museum", "lans.museum", +"läns.museum", "larsson.museum", "lewismiller.museum", "lincoln.museum", @@ -3953,112 +3978,160 @@ "gs.va.no", "gs.vf.no", "akrehamn.no", +"åkrehamn.no", "algard.no", +"ålgård.no", "arna.no", "brumunddal.no", "bryne.no", "bronnoysund.no", +"brønnøysund.no", "drobak.no", +"drøbak.no", "egersund.no", "fetsund.no", "floro.no", +"florø.no", "fredrikstad.no", "hokksund.no", "honefoss.no", +"hønefoss.no", "jessheim.no", "jorpeland.no", +"jørpeland.no", "kirkenes.no", "kopervik.no", "krokstadelva.no", "langevag.no", +"langevåg.no", "leirvik.no", "mjondalen.no", +"mjøndalen.no", "mo-i-rana.no", "mosjoen.no", +"mosjøen.no", "nesoddtangen.no", "orkanger.no", "osoyro.no", +"osøyro.no", "raholt.no", +"råholt.no", "sandnessjoen.no", +"sandnessjøen.no", "skedsmokorset.no", "slattum.no", "spjelkavik.no", "stathelle.no", "stavern.no", "stjordalshalsen.no", +"stjørdalshalsen.no", "tananger.no", "tranby.no", "vossevangen.no", "afjord.no", +"åfjord.no", "agdenes.no", "al.no", +"ål.no", "alesund.no", +"ålesund.no", "alstahaug.no", "alta.no", +"áltá.no", "alaheadju.no", +"álaheadju.no", "alvdal.no", "amli.no", +"åmli.no", "amot.no", +"åmot.no", "andebu.no", "andoy.no", +"andøy.no", "andasuolo.no", "ardal.no", +"årdal.no", "aremark.no", "arendal.no", +"ås.no", "aseral.no", +"åseral.no", "asker.no", "askim.no", "askvoll.no", "askoy.no", +"askøy.no", "asnes.no", +"åsnes.no", "audnedaln.no", "aukra.no", "aure.no", "aurland.no", "aurskog-holand.no", +"aurskog-høland.no", "austevoll.no", "austrheim.no", "averoy.no", +"averøy.no", "balestrand.no", "ballangen.no", "balat.no", +"bálát.no", "balsfjord.no", "bahccavuotna.no", +"báhccavuotna.no", "bamble.no", "bardu.no", "beardu.no", "beiarn.no", "bajddar.no", +"bájddar.no", "baidar.no", +"báidár.no", "berg.no", "bergen.no", "berlevag.no", +"berlevåg.no", "bearalvahki.no", +"bearalváhki.no", "bindal.no", "birkenes.no", "bjarkoy.no", +"bjarkøy.no", "bjerkreim.no", "bjugn.no", "bodo.no", +"bodø.no", "badaddja.no", +"bådåddjå.no", "budejju.no", "bokn.no", "bremanger.no", "bronnoy.no", +"brønnøy.no", "bygland.no", "bykle.no", "barum.no", +"bærum.no", "bo.telemark.no", +"bø.telemark.no", "bo.nordland.no", +"bø.nordland.no", "bievat.no", +"bievát.no", "bomlo.no", +"bømlo.no", "batsfjord.no", +"båtsfjord.no", "bahcavuotna.no", +"báhcavuotna.no", "dovre.no", "drammen.no", "drangedal.no", "dyroy.no", +"dyrøy.no", "donna.no", +"dønna.no", "eid.no", "eidfjord.no", "eidsberg.no", @@ -4072,6 +4145,7 @@ "etnedal.no", "evenes.no", "evenassi.no", +"evenášši.no", "evje-og-hornnes.no", "farsund.no", "fauske.no", @@ -4080,6 +4154,7 @@ "fedje.no", "fet.no", "finnoy.no", +"finnøy.no", "fitjar.no", "fjaler.no", "fjell.no", @@ -4089,6 +4164,7 @@ "flesberg.no", "flora.no", "fla.no", +"flå.no", "folldal.no", "forsand.no", "fosnes.no", @@ -4097,21 +4173,27 @@ "froland.no", "frosta.no", "frana.no", +"fræna.no", "froya.no", +"frøya.no", "fusa.no", "fyresdal.no", "forde.no", +"førde.no", "gamvik.no", "gangaviika.no", +"gáŋgaviika.no", "gaular.no", "gausdal.no", "gildeskal.no", +"gildeskål.no", "giske.no", "gjemnes.no", "gjerdrum.no", "gjerstad.no", "gjesdal.no", "gjovik.no", +"gjøvik.no", "gloppen.no", "gol.no", "gran.no", @@ -4121,6 +4203,7 @@ "grimstad.no", "grong.no", "kraanghke.no", +"kråanghke.no", "grue.no", "gulen.no", "hadsel.no", @@ -4129,14 +4212,18 @@ "hamar.no", "hamaroy.no", "habmer.no", +"hábmer.no", "hapmir.no", +"hápmir.no", "hammerfest.no", "hammarfeasta.no", +"hámmárfeasta.no", "haram.no", "hareid.no", "harstad.no", "hasvik.no", "aknoluokta.no", +"ákŋoluokta.no", "hattfjelldal.no", "aarborte.no", "haugesund.no", @@ -4144,16 +4231,20 @@ "hemnes.no", "hemsedal.no", "heroy.more-og-romsdal.no", +"herøy.møre-og-romsdal.no", "heroy.nordland.no", +"herøy.nordland.no", "hitra.no", "hjartdal.no", "hjelmeland.no", "hobol.no", +"hobøl.no", "hof.no", "hol.no", "hole.no", "holmestrand.no", "holtalen.no", +"holtålen.no", "hornindal.no", "horten.no", "hurdal.no", @@ -4161,47 +4252,67 @@ "hvaler.no", "hyllestad.no", "hagebostad.no", +"hægebostad.no", "hoyanger.no", +"høyanger.no", "hoylandet.no", +"høylandet.no", "ha.no", +"hå.no", "ibestad.no", "inderoy.no", +"inderøy.no", "iveland.no", "jevnaker.no", "jondal.no", "jolster.no", +"jølster.no", "karasjok.no", "karasjohka.no", +"kárášjohka.no", "karlsoy.no", "galsa.no", +"gálsá.no", "karmoy.no", +"karmøy.no", "kautokeino.no", "guovdageaidnu.no", "klepp.no", "klabu.no", +"klæbu.no", "kongsberg.no", "kongsvinger.no", "kragero.no", +"kragerø.no", "kristiansand.no", "kristiansund.no", "krodsherad.no", +"krødsherad.no", "kvalsund.no", "rahkkeravju.no", +"ráhkkerávju.no", "kvam.no", "kvinesdal.no", "kvinnherad.no", "kviteseid.no", "kvitsoy.no", +"kvitsøy.no", "kvafjord.no", +"kvæfjord.no", "giehtavuoatna.no", "kvanangen.no", +"kvænangen.no", "navuotna.no", +"návuotna.no", "kafjord.no", +"kåfjord.no", "gaivuotna.no", +"gáivuotna.no", "larvik.no", "lavangen.no", "lavagis.no", "loabat.no", +"loabát.no", "lebesby.no", "davvesiida.no", "leikanger.no", @@ -4210,6 +4321,7 @@ "leksvik.no", "lenvik.no", "leangaviika.no", +"leaŋgaviika.no", "lesja.no", "levanger.no", "lier.no", @@ -4218,24 +4330,33 @@ "lillesand.no", "lindesnes.no", "lindas.no", +"lindås.no", "lom.no", "loppa.no", "lahppi.no", +"láhppi.no", "lund.no", "lunner.no", "luroy.no", +"lurøy.no", "luster.no", "lyngdal.no", "lyngen.no", "ivgu.no", "lardal.no", "lerdal.no", +"lærdal.no", "lodingen.no", +"lødingen.no", "lorenskog.no", +"lørenskog.no", "loten.no", +"løten.no", "malvik.no", "masoy.no", +"måsøy.no", "muosat.no", +"muosát.no", "mandal.no", "marker.no", "marnardal.no", @@ -4244,8 +4365,11 @@ "meldal.no", "melhus.no", "meloy.no", +"meløy.no", "meraker.no", +"meråker.no", "moareke.no", +"moåreke.no", "midsund.no", "midtre-gauldal.no", "modalen.no", @@ -4255,12 +4379,15 @@ "moss.no", "mosvik.no", "malselv.no", +"målselv.no", "malatvuopmi.no", +"málatvuopmi.no", "namdalseid.no", "aejrie.no", "namsos.no", "namsskogan.no", "naamesjevuemie.no", +"nååmesjevuemie.no", "laakesvuemie.no", "nannestad.no", "narvik.no", @@ -4273,6 +4400,7 @@ "nesodden.no", "nesseby.no", "unjarga.no", +"unjárga.no", "nesset.no", "nissedal.no", "nittedal.no", @@ -4282,35 +4410,52 @@ "norddal.no", "nordkapp.no", "davvenjarga.no", +"davvenjárga.no", "nordre-land.no", "nordreisa.no", "raisa.no", +"ráisa.no", "nore-og-uvdal.no", "notodden.no", "naroy.no", +"nærøy.no", "notteroy.no", +"nøtterøy.no", "odda.no", "oksnes.no", +"øksnes.no", "oppdal.no", "oppegard.no", +"oppegård.no", "orkdal.no", "orland.no", +"ørland.no", "orskog.no", +"ørskog.no", "orsta.no", +"ørsta.no", "os.hedmark.no", "os.hordaland.no", "osen.no", "osteroy.no", +"osterøy.no", "ostre-toten.no", +"østre-toten.no", "overhalla.no", "ovre-eiker.no", +"øvre-eiker.no", "oyer.no", +"øyer.no", "oygarden.no", +"øygarden.no", "oystre-slidre.no", +"øystre-slidre.no", "porsanger.no", "porsangu.no", +"porsáŋgu.no", "porsgrunn.no", "radoy.no", +"radøy.no", "rakkestad.no", "rana.no", "ruovat.no", @@ -4319,33 +4464,47 @@ "rendalen.no", "rennebu.no", "rennesoy.no", +"rennesøy.no", "rindal.no", "ringebu.no", "ringerike.no", "ringsaker.no", "rissa.no", "risor.no", +"risør.no", "roan.no", "rollag.no", "rygge.no", "ralingen.no", +"rælingen.no", "rodoy.no", +"rødøy.no", "romskog.no", +"rømskog.no", "roros.no", +"røros.no", "rost.no", +"røst.no", "royken.no", +"røyken.no", "royrvik.no", +"røyrvik.no", "rade.no", +"råde.no", "salangen.no", "siellak.no", "saltdal.no", "salat.no", +"sálát.no", +"sálat.no", "samnanger.no", "sande.more-og-romsdal.no", +"sande.møre-og-romsdal.no", "sande.vestfold.no", "sandefjord.no", "sandnes.no", "sandoy.no", +"sandøy.no", "sarpsborg.no", "sauda.no", "sauherad.no", @@ -4362,16 +4521,24 @@ "skien.no", "skiptvet.no", "skjervoy.no", +"skjervøy.no", "skierva.no", +"skiervá.no", "skjak.no", +"skjåk.no", "skodje.no", "skanland.no", +"skånland.no", "skanit.no", +"skánit.no", "smola.no", +"smøla.no", "snillfjord.no", "snasa.no", +"snåsa.no", "snoasa.no", "snaase.no", +"snåase.no", "sogndal.no", "sokndal.no", "sola.no", @@ -4384,6 +4551,7 @@ "steigen.no", "steinkjer.no", "stjordal.no", +"stjørdal.no", "stokke.no", "stor-elvdal.no", "stord.no", @@ -4402,16 +4570,27 @@ "svelvik.no", "sykkylven.no", "sogne.no", +"søgne.no", "somna.no", +"sømna.no", "sondre-land.no", +"søndre-land.no", "sor-aurdal.no", +"sør-aurdal.no", "sor-fron.no", +"sør-fron.no", "sor-odal.no", +"sør-odal.no", "sor-varanger.no", +"sør-varanger.no", "matta-varjjat.no", +"mátta-várjjat.no", "sorfold.no", +"sørfold.no", "sorreisa.no", +"sørreisa.no", "sorum.no", +"sørum.no", "tana.no", "deatnu.no", "time.no", @@ -4420,18 +4599,23 @@ "tjeldsund.no", "dielddanuorri.no", "tjome.no", +"tjøme.no", "tokke.no", "tolga.no", "torsken.no", "tranoy.no", +"tranøy.no", "tromso.no", +"tromsø.no", "tromsa.no", "romsa.no", "trondheim.no", "troandin.no", "trysil.no", "trana.no", +"træna.no", "trogstad.no", +"trøgstad.no", "tvedestrand.no", "tydal.no", "tynset.no", @@ -4440,23 +4624,30 @@ "divttasvuotna.no", "tysnes.no", "tysvar.no", +"tysvær.no", "tonsberg.no", +"tønsberg.no", "ullensaker.no", "ullensvang.no", "ulvik.no", "utsira.no", "vadso.no", +"vadsø.no", "cahcesuolo.no", +"čáhcesuolo.no", "vaksdal.no", "valle.no", "vang.no", "vanylven.no", "vardo.no", +"vardø.no", "varggat.no", +"várggát.no", "vefsn.no", "vaapste.no", "vega.no", "vegarshei.no", +"vegårshei.no", "vennesla.no", "verdal.no", "verran.no", @@ -4465,6 +4656,7 @@ "vestre-slidre.no", "vestre-toten.no", "vestvagoy.no", +"vestvågøy.no", "vevelstad.no", "vik.no", "vikna.no", @@ -4472,12 +4664,18 @@ "volda.no", "voss.no", "varoy.no", +"værøy.no", "vagan.no", +"vågan.no", "voagat.no", "vagsoy.no", +"vågsøy.no", "vaga.no", +"vågå.no", "valer.ostfold.no", +"våler.østfold.no", "valer.hedmark.no", +"våler.hedmark.no", "biz.nr", "info.nr", "gov.nr", @@ -4496,6 +4694,7 @@ "kiwi.nz", "maori.nz", "mil.nz", +"māori.nz", "net.nz", "org.nz", "parliament.nz", @@ -5284,7 +5483,6 @@ "k12.or.us", "k12.pa.us", "k12.pr.us", -"k12.ri.us", "k12.sc.us", "k12.tn.us", "k12.tx.us", @@ -5669,6 +5867,7 @@ "discourse.team", "virtueeldomein.nl", "cleverapps.io", +"clic2000.net", "c66.me", "cloud66.ws", "cloud66.zone", @@ -5724,6 +5923,7 @@ "static-access.net", "realm.cz", "cupcake.is", +"curv.dev", "cyon.link", "cyon.site", "daplie.me", @@ -5739,6 +5939,7 @@ "firm.dk", "reg.dk", "store.dk", +"dyndns.dappnode.io", "builtwithdark.com", "edgestack.me", "debian.net", @@ -6139,6 +6340,7 @@ "twmail.org", "mymailer.com.tw", "url.tw", +"onfabrica.com", "apps.fbsbx.com", "ru.net", "adygeya.ru", @@ -6226,12 +6428,20 @@ "global.ssl.fastly.net", "fastpanel.direct", "fastvps-server.com", +"myfast.space", +"myfast.host", +"fastvps.site", +"fastvps.host", "fhapp.xyz", "fedorainfracloud.org", "fedorapeople.org", "cloud.fedoraproject.org", "app.os.fedoraproject.org", "app.os.stg.fedoraproject.org", +"conn.uk", +"copro.uk", +"couk.me", +"ukco.me", "mydobiss.com", "filegear.me", "filegear-au.me", @@ -6241,7 +6451,6 @@ "filegear-jp.me", "filegear-sg.me", "firebaseapp.com", -"flynnhub.com", "flynnhosting.net", "0e.vc", "freebox-os.com", @@ -6356,6 +6565,7 @@ "publishproxy.com", "withgoogle.com", "withyoutube.com", +"graphox.us", "awsmppl.com", "fin.ci", "free.hr", @@ -6387,6 +6597,7 @@ "ngo.ng", "ng.school", "sch.so", +"häkkinen.fi", "moonscale.net", "iki.fi", "dyn-berlin.de", @@ -6432,6 +6643,7 @@ "pixolino.com", "ipifony.net", "mein-iserv.de", +"schulserver.de", "test-iserv.de", "iserv.dev", "iobb.net", @@ -6517,7 +6729,6 @@ "meteorapp.com", "eu.meteorapp.com", "co.pl", -"azurecontainer.io", "azurewebsites.net", "azure-mobile.net", "cloudapp.net", @@ -6542,6 +6753,7 @@ "to.work", "nctu.me", "bitballoon.com", +"netlify.app", "netlify.com", "4u.com", "ngrok.io", @@ -6669,6 +6881,7 @@ "nom.ai", "nom.al", "nym.by", +"nom.bz", "nym.bz", "nom.cl", "nym.ec", @@ -6690,6 +6903,7 @@ "nym.li", "nym.lt", "nym.lu", +"nom.lv", "nym.me", "nom.mk", "nym.mn", @@ -6738,6 +6952,9 @@ "mypep.link", "perspecta.cloud", "on-web.fr", +"platter-app.com", +"platter-app.dev", +"platterp.us", "dyn53.io", "co.bn", "xen.prgmr.com", @@ -6796,6 +7013,7 @@ "shiftedit.io", "myshopblocks.com", "shopitsite.com", +"shopware.store", "mo-siemens.io", "1kapp.com", "appchizi.com", @@ -6810,6 +7028,7 @@ "static.land", "dev.static.land", "sites.static.land", +"playstation-cloud.com", "apps.lair.io", "spacekit.io", "customer.speedpartner.de", @@ -6896,6 +7115,8 @@ "inc.hk", "virtualuser.de", "virtual-user.de", +"urown.cloud", +"dnsupdate.info", "lib.de.us", "2038.io", "router.management", @@ -6908,6 +7129,10 @@ "wedeploy.sh", "remotewd.com", "wmflabs.org", +"toolforge.org", +"wmcloud.org", +"panel.gg", +"daemon.panel.gg", "myforum.community", "community-pro.de", "diskussionsbereich.de", @@ -6940,6 +7165,6 @@ "bss.design", "basicserver.io", "virtualserver.io", -"site.builder.nu", "enterprisecloud.nu", +"mintere.site", 0}; diff -Nru pdns-recursor-4.3.0/rec-carbon.cc pdns-recursor-4.3.1/rec-carbon.cc --- pdns-recursor-4.3.0/rec-carbon.cc 2020-02-27 00:17:30.000000000 +0000 +++ pdns-recursor-4.3.1/rec-carbon.cc 2020-05-08 09:31:59.000000000 +0000 @@ -33,9 +33,11 @@ namespace_name="pdns"; } if(hostname.empty()) { - char tmp[80]; + char tmp[HOST_NAME_MAX+1]; memset(tmp, 0, sizeof(tmp)); - gethostname(tmp, sizeof(tmp)); + if (gethostname(tmp, sizeof(tmp)) != 0) { + throw std::runtime_error("The 'carbon-ourname' setting has not been set and we are unable to determine the system's hostname: " + stringerror()); + } char *p = strchr(tmp, '.'); if(p) *p=0; diff -Nru pdns-recursor-4.3.0/rec_control.1 pdns-recursor-4.3.1/rec_control.1 --- pdns-recursor-4.3.0/rec_control.1 2020-03-02 12:52:19.000000000 +0000 +++ pdns-recursor-4.3.1/rec_control.1 2020-05-08 09:49:09.000000000 +0000 @@ -1,6 +1,6 @@ .\" Man page generated from reStructuredText. . -.TH "REC_CONTROL" "1" "Mar 02, 2020" "" "PowerDNS Recursor" +.TH "REC_CONTROL" "1" "May 08, 2020" "" "PowerDNS Recursor" .SH NAME rec_control \- Command line tool to control a running Recursor . diff -Nru pdns-recursor-4.3.0/rec-lua-conf.cc pdns-recursor-4.3.1/rec-lua-conf.cc --- pdns-recursor-4.3.0/rec-lua-conf.cc 2020-03-02 12:49:54.000000000 +0000 +++ pdns-recursor-4.3.1/rec-lua-conf.cc 2020-05-08 09:31:59.000000000 +0000 @@ -300,6 +300,9 @@ if(have.count("refresh")) { refresh = boost::get(have["refresh"]); + if (refresh == 0) { + g_log<setDomain(domain); zone->setName(polName); - zone->setRefresh(refresh); zoneIdx = lci.dfe.addZone(zone); if (!seedFile.empty()) { @@ -365,7 +367,7 @@ exit(1); // FIXME proper exit code? } - delayedThreads.rpzMasterThreads.push_back(std::make_tuple(masters, defpol, defpolOverrideLocal, maxTTL, zoneIdx, tt, maxReceivedXFRMBytes, localAddress, axfrTimeout, sr, dumpFile)); + delayedThreads.rpzMasterThreads.push_back(std::make_tuple(masters, defpol, defpolOverrideLocal, maxTTL, zoneIdx, tt, maxReceivedXFRMBytes, localAddress, axfrTimeout, refresh, sr, dumpFile)); }); typedef vector > > > > argvec_t; @@ -598,7 +600,7 @@ { for (const auto& rpzMaster : delayedThreads.rpzMasterThreads) { try { - std::thread t(RPZIXFRTracker, std::get<0>(rpzMaster), std::get<1>(rpzMaster), std::get<2>(rpzMaster), std::get<3>(rpzMaster), std::get<4>(rpzMaster), std::get<5>(rpzMaster), std::get<6>(rpzMaster) * 1024 * 1024, std::get<7>(rpzMaster), std::get<8>(rpzMaster), std::get<9>(rpzMaster), std::get<10>(rpzMaster), generation); + std::thread t(RPZIXFRTracker, std::get<0>(rpzMaster), std::get<1>(rpzMaster), std::get<2>(rpzMaster), std::get<3>(rpzMaster), std::get<4>(rpzMaster), std::get<5>(rpzMaster), std::get<6>(rpzMaster) * 1024 * 1024, std::get<7>(rpzMaster), std::get<8>(rpzMaster), std::get<9>(rpzMaster), std::get<10>(rpzMaster), std::get<11>(rpzMaster), generation); t.detach(); } catch(const std::exception& e) { diff -Nru pdns-recursor-4.3.0/rec-lua-conf.hh pdns-recursor-4.3.1/rec-lua-conf.hh --- pdns-recursor-4.3.0/rec-lua-conf.hh 2020-03-02 12:49:54.000000000 +0000 +++ pdns-recursor-4.3.1/rec-lua-conf.hh 2020-05-08 09:30:45.000000000 +0000 @@ -85,7 +85,7 @@ struct luaConfigDelayedThreads { - std::vector, boost::optional, bool, uint32_t, size_t, TSIGTriplet, size_t, ComboAddress, uint16_t, std::shared_ptr, std::string> > rpzMasterThreads; + std::vector, boost::optional, bool, uint32_t, size_t, TSIGTriplet, size_t, ComboAddress, uint16_t, uint32_t, std::shared_ptr, std::string> > rpzMasterThreads; }; void loadRecursorLuaConfig(const std::string& fname, luaConfigDelayedThreads& delayedThreads); diff -Nru pdns-recursor-4.3.0/rpzloader.cc pdns-recursor-4.3.1/rpzloader.cc --- pdns-recursor-4.3.0/rpzloader.cc 2020-03-02 12:49:54.000000000 +0000 +++ pdns-recursor-4.3.1/rpzloader.cc 2020-05-08 09:31:59.000000000 +0000 @@ -262,6 +262,9 @@ } } + if (sr != nullptr) { + zone->setRefresh(sr->d_st.refresh); + } return sr; } @@ -346,18 +349,20 @@ return true; } -void RPZIXFRTracker(const std::vector& masters, boost::optional defpol, bool defpolOverrideLocal, uint32_t maxTTL, size_t zoneIdx, const TSIGTriplet& tt, size_t maxReceivedBytes, const ComboAddress& localAddress, const uint16_t axfrTimeout, std::shared_ptr sr, std::string dumpZoneFileName, uint64_t configGeneration) +void RPZIXFRTracker(const std::vector& masters, boost::optional defpol, bool defpolOverrideLocal, uint32_t maxTTL, size_t zoneIdx, const TSIGTriplet& tt, size_t maxReceivedBytes, const ComboAddress& localAddress, const uint16_t axfrTimeout, const uint32_t refreshFromConf, std::shared_ptr sr, std::string dumpZoneFileName, uint64_t configGeneration) { setThreadName("pdns-r/RPZIXFR"); bool isPreloaded = sr != nullptr; auto luaconfsLocal = g_luaconfs.getLocal(); + /* we can _never_ modify this zone directly, we need to do a full copy then replace the existing zone */ std::shared_ptr oldZone = luaconfsLocal->dfe.getZone(zoneIdx); if (!oldZone) { g_log<getRefresh(); + + time_t refresh; DNSName zoneName = oldZone->getDomain(); std::string polName = oldZone->getName() ? *(oldZone->getName()) : zoneName.toString(); @@ -368,11 +373,10 @@ std::shared_ptr newZone = std::make_shared(*oldZone); for (const auto& master : masters) { try { + refresh = refreshFromConf ? refreshFromConf : 10U; sr = loadRPZFromServer(master, zoneName, newZone, defpol, defpolOverrideLocal, maxTTL, tt, maxReceivedBytes, localAddress, axfrTimeout); - if(refresh == 0) { - refresh = sr->d_st.refresh; - } newZone->setSerial(sr->d_st.serial); + newZone->setRefresh(sr->d_st.refresh); setRPZZoneNewState(polName, sr->d_st.serial, newZone->size(), true); g_luaconfs.modify([zoneIdx, &newZone](LuaConfigItems& lci) { @@ -387,24 +391,21 @@ break; } catch(const std::exception& e) { - g_log< 0 ? refresh : 10)<<" seconds...)"< 0 ? refresh : 10)<<" seconds...)"<getRefresh(), 1U); bool skipRefreshDelay = isPreloaded; for(;;) { @@ -451,71 +452,84 @@ continue; } - g_log<dfe.getZone(zoneIdx); - /* we need to make a _full copy_ of the zone we are going to work on */ - std::shared_ptr newZone = std::make_shared(*oldZone); + oldZone = luaconfsLocal->dfe.getZone(zoneIdx); + /* we need to make a _full copy_ of the zone we are going to work on */ + std::shared_ptr newZone = std::make_shared(*oldZone); + std::shared_ptr newSR{nullptr}; + + int totremove=0, totadd=0; + bool fullUpdate = false; + for(const auto& delta : deltas) { + const auto& remove = delta.first; + const auto& add = delta.second; + if(remove.empty()) { + g_log<clear(); + fullUpdate = true; + } + for(const auto& rr : remove) { // should always contain the SOA + if(rr.d_type == QType::NS) + continue; + if(rr.d_type == QType::SOA) { + auto oldsr = getRR(rr); + if(oldsr && oldsr->d_st.serial == sr->d_st.serial) { + // cout<<"Got good removal of SOA serial "<d_st.serial<clear(); - fullUpdate = true; + for(const auto& rr : add) { // should always contain the new SOA + if(rr.d_type == QType::NS) + continue; + if(rr.d_type == QType::SOA) { + auto tempSR = getRR(rr); + // g_log<d_st.serial<(rr); - if(oldsr && oldsr->d_st.serial == sr->d_st.serial) { - // cout<<"Got good removal of SOA serial "<d_st.serial<d_st.serial<setSerial(sr->d_st.serial); + newZone->setRefresh(sr->d_st.refresh); + setRPZZoneNewState(polName, sr->d_st.serial, newZone->size(), fullUpdate); + + /* we need to replace the existing zone with the new one, + but we don't want to touch anything else, especially other zones, + since they might have been updated by another RPZ IXFR tracker thread. + */ + g_luaconfs.modify([zoneIdx, &newZone](LuaConfigItems& lci) { + lci.dfe.setZone(zoneIdx, newZone); + }); - for(const auto& rr : add) { // should always contain the new SOA - if(rr.d_type == QType::NS) - continue; - if(rr.d_type == QType::SOA) { - auto newsr = getRR(rr); - // g_log<d_st.serial<getRefresh(), 1U); } - g_log<d_st.serial<setSerial(sr->d_st.serial); - setRPZZoneNewState(polName, sr->d_st.serial, newZone->size(), fullUpdate); - - /* we need to replace the existing zone with the new one, - but we don't want to touch anything else, especially other zones, - since they might have been updated by another RPZ IXFR tracker thread. - */ - g_luaconfs.modify([zoneIdx, &newZone](LuaConfigItems& lci) { - lci.dfe.setZone(zoneIdx, newZone); - }); - - if (!dumpZoneFileName.empty()) { - dumpZoneToDisk(zoneName, newZone, dumpZoneFileName); + catch (const std::exception& e) { + g_log << Logger::Error << "Error while applying the update received over XFR for "< loadRPZFromFile(const std::string& fname, std::shared_ptr zone, boost::optional defpol, bool defpolOverrideLocal, uint32_t maxTTL); -void RPZIXFRTracker(const std::vector& masters, boost::optional defpol, bool defpolOverrideLocal, uint32_t maxTTL, size_t zoneIdx, const TSIGTriplet& tt, size_t maxReceivedBytes, const ComboAddress& localAddress, const uint16_t axfrTimeout, shared_ptr sr, std::string dumpZoneFileName, uint64_t configGeneration); +void RPZIXFRTracker(const std::vector& masters, boost::optional defpol, bool defpolOverrideLocal, uint32_t maxTTL, size_t zoneIdx, const TSIGTriplet& tt, size_t maxReceivedBytes, const ComboAddress& localAddress, const uint16_t axfrTimeout, const uint32_t reloadFromConf, shared_ptr sr, std::string dumpZoneFileName, uint64_t configGeneration); struct rpzStats { diff -Nru pdns-recursor-4.3.0/syncres.cc pdns-recursor-4.3.1/syncres.cc --- pdns-recursor-4.3.0/syncres.cc 2020-03-02 12:49:54.000000000 +0000 +++ pdns-recursor-4.3.1/syncres.cc 2020-05-08 09:31:59.000000000 +0000 @@ -53,6 +53,7 @@ unsigned int SyncRes::s_maxbogusttl; unsigned int SyncRes::s_maxcachettl; unsigned int SyncRes::s_maxqperq; +unsigned int SyncRes::s_maxnsaddressqperq; unsigned int SyncRes::s_maxtotusec; unsigned int SyncRes::s_maxdepth; unsigned int SyncRes::s_minimumTTL; @@ -909,7 +910,7 @@ /** This function explicitly goes out for A or AAAA addresses */ -vector SyncRes::getAddrs(const DNSName &qname, unsigned int depth, set& beenthere, bool cacheOnly) +vector SyncRes::getAddrs(const DNSName &qname, unsigned int depth, set& beenthere, bool cacheOnly, unsigned int& addressQueriesForNS) { typedef vector res_t; typedef vector ret_t; @@ -918,6 +919,7 @@ bool oldCacheOnly = setCacheOnly(cacheOnly); bool oldRequireAuthData = d_requireAuthData; bool oldValidationRequested = d_DNSSECValidationRequested; + const unsigned int startqueries = d_outqueries; d_requireAuthData = false; d_DNSSECValidationRequested = false; @@ -968,6 +970,10 @@ of a NS and keep processing the current query */ } + if (ret.empty() && d_outqueries > startqueries) { + // We did 1 or more outgoing queries to resolve this NS name but returned empty handed + addressQueriesForNS++; + } d_requireAuthData = oldRequireAuthData; d_DNSSECValidationRequested = oldValidationRequested; setCacheOnly(oldCacheOnly); @@ -1839,13 +1845,13 @@ return false; } -vector SyncRes::retrieveAddressesForNS(const std::string& prefix, const DNSName& qname, std::vector>::const_iterator& tns, const unsigned int depth, set& beenthere, const vector>& rnameservers, NsSet& nameservers, bool& sendRDQuery, bool& pierceDontQuery, bool& flawedNSSet, bool cacheOnly) +vector SyncRes::retrieveAddressesForNS(const std::string& prefix, const DNSName& qname, std::vector>::const_iterator& tns, const unsigned int depth, set& beenthere, const vector>& rnameservers, NsSet& nameservers, bool& sendRDQuery, bool& pierceDontQuery, bool& flawedNSSet, bool cacheOnly, unsigned int &retrieveAddressesForNS) { vector result; if(!tns->first.empty()) { LOG(prefix<first<< "' ("<<1+tns-rnameservers.begin()<<"/"<<(unsigned int)rnameservers.size()<<")"<first, depth+2, beenthere, cacheOnly); + result = getAddrs(tns->first, depth+2, beenthere, cacheOnly, retrieveAddressesForNS); pierceDontQuery=false; } else { @@ -3375,6 +3381,10 @@ if(lwr.d_rcode == RCode::NXDomain) { LOG(prefix< nsLimit) { + int newLimit = static_cast(nsLimit) - (rnameservers.size() - nsLimit); + nsLimit = std::max(5, newLimit); + } + for(auto tns=rnameservers.cbegin();;++tns) { + if (addressQueriesForNS >= nsLimit) { + throw ImmediateServFailException(std::to_string(nsLimit)+" (adjusted max-ns-address-qperq) or more queries with empty results for NS addresses sent resolving "+qname.toLogString()); + } if(tns==rnameservers.cend()) { LOG(prefix<first<<", trying next if available"<> shuffleInSpeedOrder(NsSet &nameservers, const string &prefix); inline vector shuffleForwardSpeed(const vector &rnameservers, const string &prefix, const bool wasRd); bool moreSpecificThan(const DNSName& a, const DNSName &b) const; - vector getAddrs(const DNSName &qname, unsigned int depth, set& beenthere, bool cacheOnly); + vector getAddrs(const DNSName &qname, unsigned int depth, set& beenthere, bool cacheOnly, unsigned int& addressQueriesForNS); bool nameserversBlockedByRPZ(const DNSFilterEngine& dfe, const NsSet& nameservers); bool nameserverIPBlockedByRPZ(const DNSFilterEngine& dfe, const ComboAddress&); bool throttledOrBlocked(const std::string& prefix, const ComboAddress& remoteIP, const DNSName& qname, const QType& qtype, bool pierceDontQuery); - vector retrieveAddressesForNS(const std::string& prefix, const DNSName& qname, vector>::const_iterator& tns, const unsigned int depth, set& beenthere, const vector>& rnameservers, NsSet& nameservers, bool& sendRDQuery, bool& pierceDontQuery, bool& flawedNSSet, bool cacheOnly); + vector retrieveAddressesForNS(const std::string& prefix, const DNSName& qname, vector>::const_iterator& tns, const unsigned int depth, set& beenthere, const vector>& rnameservers, NsSet& nameservers, bool& sendRDQuery, bool& pierceDontQuery, bool& flawedNSSet, bool cacheOnly, unsigned int& addressQueriesForNS); void sanitizeRecords(const std::string& prefix, LWResult& lwr, const DNSName& qname, const QType& qtype, const DNSName& auth, bool wasForwarded, bool rdQuery); RCode::rcodes_ updateCacheFromRecords(unsigned int depth, LWResult& lwr, const DNSName& qname, const QType& qtype, const DNSName& auth, bool wasForwarded, const boost::optional, vState& state, bool& needWildcardProof, bool& gatherWildcardProof, unsigned int& wildcardLabelsCount, bool sendRDQuery); diff -Nru pdns-recursor-4.3.0/test-syncres_cc2.cc pdns-recursor-4.3.1/test-syncres_cc2.cc --- pdns-recursor-4.3.0/test-syncres_cc2.cc 2020-02-27 00:17:30.000000000 +0000 +++ pdns-recursor-4.3.1/test-syncres_cc2.cc 2020-05-08 09:31:59.000000000 +0000 @@ -1244,6 +1244,48 @@ BOOST_CHECK_EQUAL(queriesCount, 5U); } +BOOST_AUTO_TEST_CASE(test_completely_flawed_big_nsset) +{ + std::unique_ptr sr; + initSR(sr); + + primeHints(); + + const DNSName target("powerdns.com."); + size_t queriesCount = 0; + + sr->setAsyncCallback([&queriesCount, target](const ComboAddress& ip, const DNSName& domain, int type, bool doTCP, bool sendRDQuery, int EDNS0Level, struct timeval* now, boost::optional& srcmask, boost::optional context, LWResult* res, bool* chained) { + queriesCount++; + + if (isRootServer(ip) && domain == target) { + setLWResult(res, 0, false, false, true); + // 20 NS records + for (int i = 0; i < 20; i++) { + string n = string("pdns-public-ns") + std::to_string(i) + string(".powerdns.com."); + addRecordToLW(res, domain, QType::NS, n, DNSResourceRecord::AUTHORITY, 172800); + } + return 1; + } + else if (domain.toString().length() > 14 && domain.toString().substr(0, 14) == "pdns-public-ns") { + setLWResult(res, 0, true, false, true); + addRecordToLW(res, ".", QType::SOA, "a.root-servers.net. nstld.verisign-grs.com. 2017032800 1800 900 604800 86400", DNSResourceRecord::AUTHORITY, 86400); + return 1; + } + return 0; + }); + + vector ret; + try { + sr->beginResolve(target, QType(QType::A), QClass::IN, ret); + BOOST_CHECK(0); + } catch (const ImmediateServFailException& ex) { + BOOST_CHECK_EQUAL(ret.size(), 0U); + // one query to get NSs, then A and AAAA for each NS, 5th NS hits the limit + // limit is reduced to 5, because zone publishes many (20) NS + BOOST_CHECK_EQUAL(queriesCount, 11); + } +} + BOOST_AUTO_TEST_CASE(test_cache_hit) { std::unique_ptr sr; diff -Nru pdns-recursor-4.3.0/test-syncres_cc7.cc pdns-recursor-4.3.1/test-syncres_cc7.cc --- pdns-recursor-4.3.0/test-syncres_cc7.cc 2020-02-27 00:17:30.000000000 +0000 +++ pdns-recursor-4.3.1/test-syncres_cc7.cc 2020-05-08 09:31:59.000000000 +0000 @@ -1403,4 +1403,57 @@ BOOST_CHECK_EQUAL(queriesCount, 4U); } +BOOST_AUTO_TEST_CASE(test_dnssec_bogus_nxdomain) +{ + std::unique_ptr sr; + initSR(sr, true); + + setDNSSECValidation(sr, DNSSECMode::ValidateAll); + + primeHints(); + const DNSName target("powerdns.com."); + testkeysset_t keys; + + auto luaconfsCopy = g_luaconfs.getCopy(); + luaconfsCopy.dsAnchors.clear(); + generateKeyMaterial(DNSName("."), DNSSECKeeper::ECDSA256, DNSSECKeeper::DIGEST_SHA256, keys, luaconfsCopy.dsAnchors); + generateKeyMaterial(DNSName("com."), DNSSECKeeper::ECDSA256, DNSSECKeeper::DIGEST_SHA256, keys, luaconfsCopy.dsAnchors); + generateKeyMaterial(DNSName("powerdns.com."), DNSSECKeeper::ECDSA256, DNSSECKeeper::DIGEST_SHA256, keys); + g_luaconfs.setState(luaconfsCopy); + + size_t queriesCount = 0; + + sr->setAsyncCallback([target, &queriesCount, keys](const ComboAddress& ip, const DNSName& domain, int type, bool doTCP, bool sendRDQuery, int EDNS0Level, struct timeval* now, boost::optional& srcmask, boost::optional context, LWResult* res, bool* chained) { + queriesCount++; + + if (type == QType::DS || type == QType::DNSKEY) { + return genericDSAndDNSKEYHandler(res, domain, domain, type, keys); + } + else { + + setLWResult(res, RCode::NXDomain, true, false, true); + return 1; + } + + return 0; + }); + + vector ret; + int res = sr->beginResolve(target, QType(QType::A), QClass::IN, ret); + BOOST_CHECK_EQUAL(res, RCode::NXDomain); + BOOST_CHECK_EQUAL(sr->getValidationState(), Bogus); + BOOST_REQUIRE_EQUAL(ret.size(), 0U); + /* com|NS, powerdns.com|NS, powerdns.com|A */ + BOOST_CHECK_EQUAL(queriesCount, 3U); + + /* again, to test the cache */ + ret.clear(); + res = sr->beginResolve(target, QType(QType::A), QClass::IN, ret); + BOOST_CHECK_EQUAL(res, RCode::NXDomain); + BOOST_CHECK_EQUAL(sr->getValidationState(), Bogus); + BOOST_REQUIRE_EQUAL(ret.size(), 0U); + /* we don't store empty results */ + BOOST_CHECK_EQUAL(queriesCount, 4U); +} + BOOST_AUTO_TEST_SUITE_END() diff -Nru pdns-recursor-4.3.0/test-syncres_cc.cc pdns-recursor-4.3.1/test-syncres_cc.cc --- pdns-recursor-4.3.0/test-syncres_cc.cc 2020-02-27 00:17:30.000000000 +0000 +++ pdns-recursor-4.3.1/test-syncres_cc.cc 2020-05-08 09:31:59.000000000 +0000 @@ -113,6 +113,7 @@ t_RC = std::unique_ptr(new MemRecursorCache()); SyncRes::s_maxqperq = 50; + SyncRes::s_maxnsaddressqperq = 10; SyncRes::s_maxtotusec = 1000 * 7000; SyncRes::s_maxdepth = 40; SyncRes::s_maxnegttl = 3600;