The MSVS C compiler requires every struct to have at least one member.
The dns_geoip_databases_t structure had one set of members for
HAVE_GEOIP and a different set for HAVE_GEOIP2, and none when neither
API is in use.
This commit silences the compiler error by moving the declaration of
dns_geoip_databases_t to types.h as an opaque reference, and commenting
out the contents of geoip.h when neither version of GeoIP is enabled.
(cherry picked from commit 81fcde5953)
When trying to extract the key ID from a key file name, some test code
incorrectly attempts to strip all leading zeros. This breaks tests when
keys with ID 0 are generated. Add a new helper shell function,
keyfile_to_key_id(), which properly handles keys with ID 0 and use it in
test code whenever a key ID needs to be extracted from a key file name.
(cherry picked from commit 7d6eaad1bd)
When printing a packet, dnstap-read checks whether its text form takes
up more than the 2048 bytes allocated for the output buffer by default.
If that is the case, the output buffer is automatically expanded, but
the truncated output is left in the buffer, resulting in malformed data
being printed. Clear the output buffer before expanding it to prevent
this issue from occurring.
(cherry picked from commit 3549abe81d)
- revise mapping of search terms to database types to match the
GeoIP2 schemas.
- open GeoIP2 databases when starting up; close when shutting down.
- clarify the logged error message when an unknown database type
is configured.
- add new geoip ACL subtypes to support searching for continent in
country databases.
- map geoip ACL subtypes to specific MMDB database queries.
- perform MMDB lookups based on subtype, saving state between
queries so repeated lookups for the same address aren't necessary.
(cherry picked from commit 6e0b93e5a0)
- "--with-geoip" is used to enable the legacy GeoIP library.
- "--with-geoip2" is used to enable the new GeoIP2 library
(libmaxminddb), and is on by default if the library is found.
- using both "--with-geoip" and "--with-geoip2" at the same time
is an error.
- an attempt is made to determine the default GeoIP2 database path at
compile time if pkg-config is able to report the module prefix. if
this fails, it will be necessary to set the path in named.conf with
geoip-directory
- Makefiles have been updated, and a stub lib/dns/geoip2.c has been
added for the eventual GeoIP2 search implementation.
(cherry picked from commit fea6b5bf10)
When GNU C Compiler is used on Solaris (11), the Thread Local Storage
is completely broken. The behaviour doesn't manifest when GNU ld is
used. Thus, we need to enforce usage of GNU ld when GNU C Compiler is
the compiler of choice.
For more background for this change, see https://gcc.gnu.org/bugzilla/show_bug.cgi?id=90912
(cherry picked from commit d584223653)
Add some information about the new statistic-channel DNS sign
metrics. Also add a CHANGES and release note entry.
(cherry picked from commit 3a3f40e372)
In addition to gather how many times signatures are created per
key in a zone, also count how many of those signature creations are
because of DNSSEC maintenance. These maintenance counters are
incremented if a signature is refreshed (but the RRset did not
changed), when the DNSKEY RRset is changed, and when that leads
to additional RRset / RRSIG updates (for example SOA, NSEC).
(cherry picked from commit 6f67546cd6)
This adds tests to the statschannel system test for testing if
the dnskey sign operation counters are incremented correctly.
It tests three cases:
1. A zone maintenance event where all the signatures that are about
to expire are resigned.
2. A dynamic update event where the new RR and other relevant records
(SOA, NSEC) are resigned.
3. Adding a standby key, that means the DNSKEY and SOA RRset are
resigned.
(cherry picked from commit a8750a8805)
Update per key tag the stats counter when it creates a new signature.
This can happen upon a dynamic update, or when doing DNSSEC
maintenance.
(cherry picked from commit 312fa7f65e)
In ISC-Bugs 45340, I wrote:
The Statistics channel offers links to Zones and Traffic.
Both produce valid data, but display as blank pages with
a web browser.
Zones never had XSL (I provided the original
implementation, but punted on the XSL).
Traffic has XSL, but it wasn't updated to reflect the
split between IPv4 and IPv6 data.
I've picked up enough XSL to fix my original omission,
and as penance for my sloth, fixed the Traffic bug as well.
(cherry picked from commit 96f0bbd4d5)
- when processing authoritative queries for ./NS, set 'gluedb' so
that glue will be included in the response, regardless of how
'minimal-responses' has been configured.
(cherry picked from commit e7684c7b64)
