gdnsd

Source tarball available at: https://github.com/gdnsd/gdnsd/releases/ 1.11.4 - 2014-07-18 Major bugfix: The SOA record returned in the auth section of negative responses (NXDOMAIN and NODATA) had an incorrect TTL. RFC 2308 says ... [More] that auth servers should set the SOA record's own TTL to the minimum of the real SOA TTL and the SOA "minimum" field (aka ncache field), but gdnsd was simply using the real SOA TTL and assuming caches looked at the minimum/ncache field directly (which they do not). The fallout is that if you specified a minimum/ncache value of 3H but the TTL of the SOA record itself was 24H, your negative answers to caches would indicate that the answer should be cached for 24H. Luckily many caches limit ncache durations (e.g. BIND9 defaults to a limit of 3H), mitigating the issue somewhat, but it's still a pretty big deal. Bugfix: plugin_geoip was not correctly runtime-reloading geoip databases from geoip_db_v4_overlay due to a simple code error, which is now fixed. [Less]

Source tarball available at: https://github.com/gdnsd/gdnsd/releases/ 1.11.3 - 2014-05-14 Important code fixes: ---------------------------------- GeoIP country code support for South Sudan (SS) added, to support newer upstream ... [More] GeoIP data. GeoIP country code routines updated to handle unknown country codes more gracefully. Trivial code fixes: ------------------------------------ Avoid listening on a random pointless socket when bind() fails on an address from interface scan. Improved pathname formatting in various error and warning log outputs. Fixed two small leaks on failed reloads of plugin_geoip 'nets' database files. Fixed another small leak on bad resource values for geoip/metafo RR's in failed zonefiles. Fixed some bad libev state assertions related to timers, which may have caused racy failures in rare cases in debug builds. Fixed a crash-on-startup when loading certain forms of invalid configuration input to the meta-plugins. Build process fixes: ----------------------------------- autoconf detection of pthreads flags on newer versions of clang improved. automake use of objects in subdirectories has been removed, hopefully increasing compatibility. directory creation during "make install" cleaned up New deprecations: ------------------------------------- The SPF RR-type has been deprecated and will generate a warning on zonefile loading. *** This really will be the very last release of 1.x before 2.0.0, barring the necessity of serious bugfixes in the 1.x code. Please pay attention to the deprecation warnings in your log output; all of those things will become real issues when you upgrade to 2.x. [Less]

Source tarball available at: https://github.com/gdnsd/gdnsd/releases/ 1.11.2 - 2014-02-27 Bugfix: HTTP stats output network send code was horribly broken in theory, but the bugs were difficult to hit in practice. Triggering required ... [More] the combination of a large-enough set of monitored services and smallish TCP send buffers, such that the data wouldn't be completely sent by the first writev() call. Was finally noticed by someone monitoring 50+ services on a certain type of VM instance (thanks YTS for the report!) Bugfix: Stats output buffer calculations made more-robust. They were too small in some very corner cases, but I don't believe anyone ever hit this bug; it was found via source analysis. Bugfix: plugin_simplefo now works correctly with no service_types specified (default http checks). This has been broken for years. Apparently nobody uses it this way, if at all. *** This is a good time to re-iterate that v2.0.0 is due sometime "soon". 2.x will have some substantial backwards-compatibility breaks with 1.x, especially for any 3rd party plugin. Anything that currently gives a deprecation notice in 1.x will be removed/changed in 2.x for sure, so look out for those in your log output. The branch is available as it progresses at: https://github.com/gdnsd/gdnsd/tree/2.x [Less]

Source tarball available at: https://github.com/gdnsd/gdnsd/releases/ 1.11.1 - 2014-02-11 Bugfix for plugin_geoip's normalization of "nets" input data. This bug affected some forms of un-normalized "nets" inputs, resulting in ... [More] incorrect responses (or assertfail in debug builds). The replacement code is much simpler and more reliable, but also slower. Build Bugfix: plugins' dependencies on libm were being met indirectly via libgdnsd's library deps in automake/libtool terms. However, due to platform variances as to which math functions are inlined, combined with the "--as-needed" linker flag, sometimes libm was not linked for libgdnsd, which could result in plugins not finding math symbols. This has caused build problems on at least Ubuntu/i386 and Ubuntu/ppc64el. The fix moved the libm deps to their proper places in the respective Makefile.am's. The official tarball download URLs are moving back to github at https://github.com/gdnsd/gdnsd/releases/ . The old location will continue to host the tarballs that exist there for a while, so as not to disrupt automated things, and this bugfix release will also be published in both places just in case. [Less]

Source tarball available at: https://github.com/gdnsd/gdnsd/releases/ 1.11.0 - 2013-12-06 Bugfixes:----------- fixed edns-client-subnet issue with configurations that enclose a geoip resource within a metafo resource: the ... [More] metafo plugin would clear the edns scope mask set by the geoip plugin in this case, but no longer does so. fixed a segfault that could occur when parsing an illegal configuration for the metafo and geoip plugins. misc improvements to warning/error outputs misc doc fixups Features/Changes:--- New options 'udp_threads' and 'tcp_threads' (global or per-listen-address). Both default to 1, which is the previous behavior. If increased, SO_REUSEPORT is set on the affected listening sockets, and multiple sockets are bound to the same address with separate listening threads. If SO_REUSEPORT is not available (as is the case for Linux kernels < 3.9), the options will be forced down to 1. New option 'zones_strict_data', similar to the old 'strict_data' option, upgrades zone data warnings to full errors. Defaults false. New commandline option '-S' temporarily enables 'zones_strict_data' regardless of config-file setting, mostly useful for 'checkconf' New commandline option '-s', as above for 'zones_strict_startup' 'listen' option: new values 'any' and 'scan'. 'any' uses the ANY-addresses (IPv4 + v6 as applicable), and 'scan' scans the interface list via getifaddrs() and configures each valid address as a separate listener, which is still the default behavior. A warning has been added when using the implicit default 'scan' behavior, indicating that the default will change to the 'any' behavior in a future release. PTR records no longer do additional-section processing, as per the RFCs (not that any practical config ever made use of it anyways) Deprecations:------- The use of 'cnames' in the same resource as 'addrs_v[46]' in the 'weighted' plugin is deprecated. Please migrate away from this by placing the cnames in a separate resource. 'late_bind_secs' feature is deprecated, and should be unnecessary now that we fallback to attempting IP_FREEBIND (or the BSD equivalent) on initial bind() failure. 'zones_rfc1035_strict_startup' option was renamed to 'zones_strict_startup' with deprecated support for the old name. 'tcp_clients_per_socket' option was renamed to 'tcp_clients_per_thread' with deprecated support for the old name. 'tcp_disabled' option deprecated in favor of setting the new 'tcp_threads' option to zero. *** NOTE *** Version 2.0.0 will be coming up soon, it could even potentially be the very next release. 2.0.0 will contain major feature work related to plugins, and (as the bump of the leading version number indicates) it won't be a fully backwards-compatible release. Most things that have become "deprecated" over the past several releases will have their backwards-compatibility removed in 2.0.0, and notably the plugin API will have substantial changes for any 3rd-party plugin code to accomodate. You have been warned! [Less]

Source tarball available at: https://github.com/gdnsd/gdnsd/releases/ 1.10.1 - 2013-10-04 Bugfixes: A faulty assert() was removed from the plugin_geoip code: This assert failure could be triggered in a debug build of the ... [More] daemon by a carefully crafted request packet, but a normal cache would never generate such a packet intentionally. No known problems for non-debug builds (which should include all "normal" builds from debs/rpms, etc), but if you're running a debug build on the internet, it can be DoS'd with this. plugin_geoip "nets" data normalization was buggy when presented with certain odd sets of un-normalized networks which had overlapping and/or mergeable subnets in the data. All known cases are now handled correctly. In the case of a complete conflict (exact same subnet/mask mapped to two different results explicitly), the choice between the two variants is arbitrary and a warning is issued (before, this resulted in load failure). Removed debugging and gdnsd_geoip_test text output length limitations on very long dclists. Fixed a testsuite bug which resulted in a false failure if the system's /usr/share/GeoIP/ contained database formats other Country, Region, and City. [Less]