Commit 4ebf7fb7 authored by Jan Včelák's avatar Jan Včelák 🚀

Merge branch 'master' into libdnssec

* master: (144 commits)
parents 6803ad70 cbdfd12c
Doxyfile
KNOWN_ISSUES
Makefile.am
README
configure.ac
configure.ac
configure.ac
dnssec/Makefile.am
dnssec/tests/Makefile.am
dnssec/utils/Makefile.am
......@@ -27,55 +27,43 @@ man/Makefile.am
patches/Makefile.am
samples/Makefile.am
src/Makefile.am
src/Makefile.am
src/Makefile.am
src/common-knot/array-sort.h
src/common-knot/binsearch.h
src/common-knot/crc.h
src/common-knot/evsched.c
src/common-knot/evsched.h
src/common-knot/fdset.c
src/common-knot/fdset.h
src/common-knot/hattrie/hat-trie.c
src/common-knot/hattrie/hat-trie.h
src/common-knot/hattrie/murmurhash3.c
src/common-knot/hattrie/murmurhash3.h
src/common-knot/heap.c
src/common-knot/heap.h
src/common-knot/hex.c
src/common-knot/hex.h
src/common-knot/hhash.c
src/common-knot/hhash.h
src/common-knot/lists.c
src/common-knot/lists.h
src/common-knot/print.c
src/common-knot/print.h
src/common-knot/ref.c
src/common-knot/ref.h
src/common-knot/slab/alloc-common.h
src/common-knot/slab/slab.c
src/common-knot/slab/slab.h
src/common-knot/sockaddr.c
src/common-knot/sockaddr.h
src/common-knot/strlcat.c
src/common-knot/strlcat.h
src/common-knot/strlcpy.c
src/common-knot/strlcpy.h
src/common-knot/strtonum.h
src/common-knot/trim.h
src/common/array-sort.h
src/common/base32hex.c
src/common/base32hex.h
src/common/base64.c
src/common/base64.h
src/common/binsearch.h
src/common/debug.h
src/common/errors.c
src/common/errors.h
src/common/getline.c
src/common/getline.h
src/common/hhash.c
src/common/hhash.h
src/common/lists.c
src/common/lists.h
src/common/log.c
src/common/log.h
src/common/macros.h
src/common/mem.c
src/common/mem.h
src/common/mempattern.c
src/common/mempattern.h
src/common/mempool.c
src/common/mempool.h
src/common/namedb/namedb.h
......@@ -83,6 +71,18 @@ src/common/namedb/namedb_lmdb.c
src/common/namedb/namedb_lmdb.h
src/common/namedb/namedb_trie.c
src/common/namedb/namedb_trie.h
src/common/net.c
src/common/net.h
src/common/print.c
src/common/print.h
src/common/sockaddr.c
src/common/sockaddr.h
src/common/strlcpy.c
src/common/strlcpy.h
src/common/trie/hat-trie.c
src/common/trie/hat-trie.h
src/common/trie/murmurhash3.c
src/common/trie/murmurhash3.h
src/dnstap/Makefile.am
src/dnstap/convert.c
src/dnstap/convert.h
......@@ -144,31 +144,39 @@ src/knot/nameserver/nsec_proofs.h
src/knot/nameserver/process_answer.c
src/knot/nameserver/process_answer.h
src/knot/nameserver/process_query.c
src/knot/nameserver/process_query.c
src/knot/nameserver/process_query.c
src/knot/nameserver/process_query.h
src/knot/nameserver/query_module.c
src/knot/nameserver/query_module.h
src/knot/nameserver/requestor.c
src/knot/nameserver/requestor.h
src/knot/nameserver/tsig_ctx.c
src/knot/nameserver/tsig_ctx.h
src/knot/nameserver/update.c
src/knot/nameserver/update.c
src/knot/nameserver/update.c
src/knot/nameserver/update.h
src/knot/other/debug.h
src/knot/server/dthreads.c
src/knot/server/dthreads.h
src/knot/server/journal.c
src/knot/server/journal.h
src/knot/server/net.c
src/knot/server/net.h
src/knot/server/rrl.c
src/knot/server/rrl.c
src/knot/server/rrl.c
src/knot/server/rrl.h
src/knot/server/serialization.c
src/knot/server/serialization.h
src/knot/server/server.c
src/knot/server/server.c
src/knot/server/server.c
src/knot/server/server.h
src/knot/server/tcp-handler.c
src/knot/server/tcp-handler.c
src/knot/server/tcp-handler.c
src/knot/server/tcp-handler.h
src/knot/server/udp-handler.c
src/knot/server/udp-handler.c
src/knot/server/udp-handler.c
src/knot/server/udp-handler.h
src/knot/updates/acl.c
src/knot/updates/acl.h
......@@ -186,10 +194,20 @@ src/knot/worker/queue.c
src/knot/worker/queue.h
src/knot/zone/contents.c
src/knot/zone/contents.h
src/knot/zone/events/events.c
src/knot/zone/events/events.h
src/knot/zone/events/handlers.c
src/knot/zone/events/handlers.c
src/knot/zone/events/handlers.c
src/knot/zone/events/handlers.h
src/knot/zone/events/replan.c
src/knot/zone/events/replan.h
src/knot/zone/node.c
src/knot/zone/node.h
src/knot/zone/semantic-check.c
src/knot/zone/semantic-check.h
src/knot/zone/timers.c
src/knot/zone/timers.h
src/knot/zone/zone-diff.c
src/knot/zone/zone-diff.h
src/knot/zone/zone-dump.c
......@@ -206,19 +224,14 @@ src/knot/zone/zonedb.c
src/knot/zone/zonedb.h
src/knot/zone/zonefile.c
src/knot/zone/zonefile.h
src/knot/zone/events/events.c
src/knot/zone/events/events.h
src/knot/zone/events/handlers.h
src/knot/zone/events/handlers.c
src/knot/zone/events/replan.c
src/knot/zone/events/replan.h
src/knot/zone/timers.c
src/knot/zone/timers.h
src/libknot/binary.c
src/libknot/binary.h
src/libknot/common.h
src/libknot/consts.c
src/libknot/consts.c
src/libknot/consts.c
src/libknot/consts.h
src/libknot/consts.h
src/libknot/consts.h
src/libknot/descriptor.c
src/libknot/descriptor.h
src/libknot/dname.c
......@@ -228,12 +241,14 @@ src/libknot/dnssec/key.h
src/libknot/dnssec/policy.c
src/libknot/dnssec/policy.h
src/libknot/dnssec/rrset-sign.c
src/libknot/dnssec/rrset-sign.c
src/libknot/dnssec/rrset-sign.c
src/libknot/dnssec/rrset-sign.h
src/libknot/dnssec/rrset-sign.h
src/libknot/dnssec/rrset-sign.h
src/libknot/errcode.c
src/libknot/errcode.h
src/libknot/libknot.h
src/libknot/mempattern.c
src/libknot/mempattern.h
src/libknot/packet/compr.c
src/libknot/packet/compr.h
src/libknot/packet/pkt.c
......@@ -241,17 +256,25 @@ src/libknot/packet/pkt.h
src/libknot/packet/rrset-wire.c
src/libknot/packet/rrset-wire.h
src/libknot/packet/wire.h
src/libknot/processing/process.c
src/libknot/processing/process.h
src/libknot/processing/layer.c
src/libknot/processing/layer.h
src/libknot/processing/overlay.c
src/libknot/processing/overlay.h
src/libknot/processing/requestor.c
src/libknot/processing/requestor.h
src/libknot/rdata.c
src/libknot/rdata.h
src/libknot/rdataset.c
src/libknot/rdataset.h
src/libknot/rrset-dump.c
src/libknot/rrset-dump.c
src/libknot/rrset-dump.c
src/libknot/rrset-dump.h
src/libknot/rrset.c
src/libknot/rrset.h
src/libknot/rrtype/aaaa.h
src/libknot/rrtype/dnskey.h
src/libknot/rrtype/naptr.h
src/libknot/rrtype/nsec.h
src/libknot/rrtype/nsec3.c
src/libknot/rrtype/nsec3.h
......@@ -263,7 +286,13 @@ src/libknot/rrtype/rdname.h
src/libknot/rrtype/rrsig.h
src/libknot/rrtype/soa.h
src/libknot/rrtype/tsig.c
src/libknot/rrtype/tsig.c
src/libknot/rrtype/tsig.c
src/libknot/rrtype/tsig.h
src/libknot/rrtype/tsig.h
src/libknot/rrtype/tsig.h
src/libknot/tsig-op.c
src/libknot/tsig-op.c
src/libknot/tsig-op.c
src/libknot/tsig-op.h
src/libknot/util/endian.h
......@@ -327,6 +356,7 @@ tests/hhash.c
tests/journal.c
tests/namedb.c
tests/node.c
tests/overlay.c
tests/pkt.c
tests/process_answer.c
tests/process_query.c
......@@ -339,12 +369,11 @@ tests/rrset.c
tests/rrset_wire.c
tests/sample_conf.h
tests/server.c
tests/slab.c
tests/wire.c
tests/worker_pool.c
tests/worker_queue.c
tests/zone_events.c
tests/zone_timers.c
tests/zone_update.c
tests/zonedb.c
tests/ztree.c
tests/zone_timers.c
Knot DNS 1.6.0 (2014-10-23)
===========================
Bugfixes:
---------
- Fix zone expiration when AXFR/IXFR is being refused by master
- Fix forced zone refresh on slave (knotc refresh -f)
Knot DNS 1.6.0-rc2 (2014-10-17)
===============================
Improvements:
-------------
- Maximal size of persistent timers database increased from 10 MB to 100 MB
- Added logging of persistent timers database errors
Bugfixes:
---------
- Persistent timers database opening after privileges has been dropped
Knot DNS 1.6.0-rc1 (2014-10-13)
===============================
Features:
---------
- Persistent timers for slave zones (expire, refresh, and flush)
Bugfixes:
---------
- DNSSEC: RFC compliant processing of letter case in RDATA domain names
- EDNS: Return minimal error response for queries with unsupported version
- EDNS: Fix interpretation of Extended RCODE
Knot DNS 1.5.3 (2014-09-15)
==========================
===========================
Bugfixes:
---------
......@@ -10,7 +43,7 @@ Bugfixes:
- Knot failed to send large messages to remote control (present since 1.5.1)
Knot DNS 1.5.2 (2014-09-08)
==========================
===========================
Bugfixes:
---------
......
......@@ -12,9 +12,11 @@ Knot DNS has several dependencies:
Optional packages:
* libcap-ng >= 0.6.4 (for POSIX 1003.1e capabilites(7))
* libidn (for IDNA2003 support in Knot utilities)
* lmdb (for persistent events for slave zones)
* libsystemd (for systemd init system support)
Dependencies for building documentation:
* texinfo
* python-sphinx
Installation
============
......@@ -38,7 +40,7 @@ Install prerequisites:
$ sudo apt-get install git-core libtool autoconf flex bison libssl-dev liburcu-dev
Install optional packages:
($ sudo apt-get install libcap-ng-dev)
($ sudo apt-get install libcap-ng-dev liblmdb-dev libsystemd-dev)
If the liburcu-dev package is not present, install it from the source code
(http://lttng.org/urcu)
......@@ -55,7 +57,7 @@ Ensure all prerequisites are installed:
$ yum install libtool autoconf flex bison openssl-devel userspace-rcu-devel
Install optional packages:
($ yum install libcap-ng-devel)
($ yum install libcap-ng-devel lmdb-devel systemd-devel)
2) Install Knot DNS
......
# -*- Autoconf -*-
AC_PREREQ([2.60])
AC_INIT([knot], [1.5.3], [knot-dns@labs.nic.cz])
AC_INIT([knot], [1.6.0], [knot-dns@labs.nic.cz])
AM_INIT_AUTOMAKE([gnits subdir-objects dist-xz -Wall -Werror])
AM_SILENT_RULES([yes])
AC_CONFIG_SRCDIR([src/knot/main.c])
......@@ -301,8 +301,8 @@ AC_LINK_IFELSE([AC_LANG_PROGRAM([[#include <sched.h>]], [[cpuset_t* set = cpuset
# Use -fvisibility=hidden when linking.
# Let's leave it default now and use -export-symbols-regex in LDFLAGS
#gl_VISIBILITY()
#CFLAGS="$CFLAGS $CFLAG_VISIBILITY"
gl_VISIBILITY()
CFLAGS="$CFLAGS $CFLAG_VISIBILITY"
# Add code coverage macro
AX_CODE_COVERAGE
......
......@@ -87,8 +87,10 @@ The preference list is reset on the configuration reload.
You can also use TSIG for access control. For this, you need to configure a TSIG key
and assign it to a remote. Supported algorithms for TSIG key are:
| ``hmac-md5, hmac-sha1, hmac-sha224, hmac-sha256, hmac-sha384, hmac-sha512``
Key secret is written in a base64 encoded format. See :ref:`keys`::
``hmac-md5``, ``hmac-sha1``, ``hmac-sha224``, ``hmac-sha256``, ``hmac-sha384``,
and ``hmac-sha512``. Key secret is written in a base64 encoded format.
As of now, it is not possible to associate multiple keys with a remote.
See :ref:`keys`::
keys {
key0 hmac-md5 "Wg=="; # keyname algorithm secret
......@@ -104,7 +106,11 @@ Key secret is written in a base64 encoded format. See :ref:`keys`::
}
}
As of now it is not possible to associate multiple keys with a remote.
If Knot DNS is compiled with the LMDB library, the server will be able to
preserve slave zone timers across full server restarts. The zone expire,
refresh, and flush timers are stored in a file-backed database in the
:ref:`storage` directory in the ``timers`` subdirectory.
Master configuration
====================
......
......@@ -9,10 +9,13 @@ Knot DNS Installation
Required build environment
==========================
GCC at least 4.1 is strictly required for atomic built-ins, but 4.2 or
newer is recommended. Another requirement is ``_GNU_SOURCE`` support,
otherwise it adapts to the compiler available features. LLVM clang
works, but it is not officially supported.
GCC at least 4.1 is strictly required for atomic built-ins, but the latest
available version is recommended. Another requirement is ``_GNU_SOURCE``
support, otherwise it adapts to the compiler available features.
LLVM clang compiler can be used as well. However, the compilation with
enabled optimizations will take a long time, unless the ``--disable-fastparser``
configure option is given.
Knot DNS build system relies on these standard tools:
......@@ -33,11 +36,20 @@ Knot DNS requires few libraries to be compiled:
* zlib
* Userspace RCU, at least 0.5.4
* libcap-ng, at least 0.6.4 (optional library)
* lmdb (optional library)
* libsystemd (optional library)
If libcap-ng library is available, Knot DNS will take advantage of the
If the libcap-ng library is available, Knot DNS will take advantage of the
POSIX 1003.1e capabilites(7) by sandboxing the exposed threads. Most
rights are stripped from the exposed threads for security reasons.
If the LMDB library is available, the server will be able to store timers
for slave zones in file-backed storage and the timers will persist across
server restarts.
If the libsystemd library is available, the server will use systemd's startup
notifications mechanism and journald for logging.
You can probably find OpenSSL and zlib libraries already included in
your system or distribution. If not, zlib resides at http://zlib.net,
and OpenSSL can be found at http://www.openssl.org.
......
......@@ -41,6 +41,7 @@ Server features:
* Reconfiguring server instance on-the-fly
* IPv4 / IPv6 support
* Semantic checks of zones
* Persistent zone timers
For more info and downloads see `www.knot-dns.cz <https://www.knot-dns.cz>`_.
......
......@@ -809,7 +809,8 @@ Statement ``query_module`` takes a list of ``module_name
^^^^^^^^^^^
Data directory for zones. It is used to store zone files and journal
files.
files. If compiled with LMDB support, a database storing persistent zone
event timers for slave zones will be created in the ``timers`` subdirectory.
Value of ``storage`` set in ``zone`` section is relative to
``storage`` in ``zones`` section.
......@@ -1093,7 +1094,7 @@ serious will be logged to both ``stderr`` and ``syslog``. The
* ``stdout`` - logging to standard output
* ``stderr`` - logging to standard error output
* ``syslog`` - logging to syslog
* ``syslog`` - logging to syslog (or systemd journal, if systemd support is enabled)
.. _category:
......@@ -1106,6 +1107,10 @@ Knot DNS allows user to choose from these logging categories:
* ``zone`` - Messages related to zones, zone parsing and loading.
* ``any`` - All categories.
If systemd support is enabled, the log messages in the `zone` category are
given the `ZONE` field containing a name of the zone. The field can be used
to filter the log entries in the journal.
.. _severity:
``severity``
......
......@@ -43,4 +43,4 @@ Supported operating system
Knot DNS itself is written in a portable way, but it depends on
several libraries. Namely userspace-rcu, which could be a constraint
when it comes to the operating system support. Knot DNS can be compiled
and run on most of UNIX-like systems, such as Linux, \*BSD and Mac OS X.
and run on most of UNIX-like systems, such as Linux, \*BSD, and OS X.
......@@ -8,9 +8,9 @@ noinst_LTLIBRARIES = libknotd.la libknots.la libknotus.la libknotcs.la
# $(YACC) will generate header file
AM_CPPFLAGS = \
-include $(top_builddir)/src/config.h \
-DCONFIG_DIR='"${config_dir}"' \
-DSTORAGE_DIR='"${storage_dir}"' \
-include $(top_builddir)/src/config.h \
-DCONFIG_DIR='"${config_dir}"' \
-DSTORAGE_DIR='"${storage_dir}"' \
-DRUN_DIR='"${run_dir}"'
AM_CFLAGS = $(CODE_COVERAGE_CFLAGS)
AM_LDFLAGS = $(CODE_COVERAGE_LDFLAGS)
......@@ -59,63 +59,65 @@ knsupdate_SOURCES = \
# static: shared (not in libknot)
libknots_la_SOURCES = \
common-knot/array-sort.h \
common-knot/binsearch.h \
common-knot/crc.h \
common-knot/evsched.c \
common-knot/evsched.h \
common-knot/fdset.c \
common-knot/fdset.h \
common-knot/hattrie/hat-trie.c \
common-knot/hattrie/hat-trie.h \
common-knot/hattrie/murmurhash3.c \
common-knot/hattrie/murmurhash3.h \
common-knot/heap.c \
common-knot/heap.h \
common-knot/hex.c \
common-knot/hex.h \
common-knot/hhash.c \
common-knot/hhash.h \
common-knot/lists.c \
common-knot/lists.h \
common-knot/print.c \
common-knot/print.h \
common-knot/ref.c \
common-knot/ref.h \
common-knot/slab/alloc-common.h \
common-knot/slab/slab.c \
common-knot/slab/slab.h \
common-knot/sockaddr.c \
common-knot/sockaddr.h \
common-knot/strlcat.c \
common-knot/strlcat.h \
common-knot/strlcpy.c \
common-knot/strlcpy.h \
common-knot/strtonum.h \
common-knot/trim.h
# static: common shared (also in libknot)
libknotcs_la_SOURCES = \
common/array-sort.h \
common/base32hex.c \
common/base32hex.h \
common/base64.c \
common/base64.h \
common/binsearch.h \
common/debug.h \
common/errors.c \
common/errors.h \
common/getline.c \
common/getline.h \
common/hhash.c \
common/hhash.h \
common/lists.c \
common/lists.h \
common/log.c \
common/log.h \
common/macros.h \
common/mem.c \
common/mem.h \
common/mempattern.c \
common/mempattern.h \
common/mempool.c \
common/mempool.h \
common/namedb/namedb.h \
common/namedb/namedb_lmdb.h \
common/namedb/namedb_lmdb.c \
common/namedb/namedb_trie.h \
common/namedb/namedb_lmdb.h \
common/namedb/namedb_trie.c \
common/log.c \
common/log.h
common/namedb/namedb_trie.h \
common/net.c \
common/net.h \
common/print.c \
common/print.h \
common/sockaddr.c \
common/sockaddr.h \
common/strlcpy.c \
common/strlcpy.h \
common/trie/hat-trie.c \
common/trie/hat-trie.h \
common/trie/murmurhash3.c \
common/trie/murmurhash3.h
# static: utilities shared
libknotus_la_SOURCES = \
......@@ -135,13 +137,11 @@ libknotus_la_SOURCES = \
# dynamic: libknot
libknot_la_LDFLAGS = \
$(AM_LDFLAGS) \
-version-info 0:1:0 \
-export-symbols-regex '^(knot|KNOT|rrset|tsig|zone|mm)_'
-version-info 0:1:0
libknot_la_SOURCES = \
libknot/binary.c \
libknot/binary.h \
libknot/common.h \
libknot/consts.c \
libknot/consts.h \
libknot/consts.h \
......@@ -158,8 +158,6 @@ libknot_la_SOURCES = \
libknot/errcode.c \
libknot/errcode.h \
libknot/libknot.h \
libknot/mempattern.c \
libknot/mempattern.h \
libknot/packet/compr.c \
libknot/packet/compr.h \
libknot/packet/pkt.c \
......@@ -167,30 +165,37 @@ libknot_la_SOURCES = \
libknot/packet/rrset-wire.c \
libknot/packet/rrset-wire.h \
libknot/packet/wire.h \
libknot/processing/process.c \
libknot/processing/process.h \
libknot/rrtype/rdname.h \
libknot/processing/layer.c \
libknot/processing/layer.h \
libknot/processing/overlay.c \
libknot/processing/overlay.h \
libknot/processing/requestor.c \
libknot/processing/requestor.h \
libknot/rdata.c \
libknot/rdata.h \
libknot/rdataset.c \
libknot/rdataset.h \
libknot/rrset-dump.c \
libknot/rrset-dump.h \
libknot/rrset.c \
libknot/rrset.h \
libknot/rrtype/aaaa.h \
libknot/rrtype/dnskey.h \
libknot/rrtype/naptr.h \
libknot/rrtype/nsec.h \
libknot/rrtype/nsec.h \
libknot/rrtype/nsec.h \
libknot/rrtype/nsec3.c \
libknot/rrtype/nsec3.h \
libknot/rrtype/nsec3param.h \
libknot/rrtype/nsec3param.c \
libknot/rrtype/nsec.h \
libknot/rrtype/nsec3param.h \
libknot/rrtype/opt.c \
libknot/rrtype/opt.h \
libknot/rrtype/rdname.h \
libknot/rrtype/rrsig.h \
libknot/rrtype/soa.h \
libknot/rrtype/tsig.c \
libknot/rrtype/tsig.h \
libknot/rrset-dump.c \
libknot/rrset-dump.h \
libknot/rdata.c \
libknot/rdata.h \
libknot/rdataset.c \
libknot/rdataset.h \
libknot/rrset.c \
libknot/rrset.h \
libknot/tsig-op.c \
libknot/tsig-op.h \
libknot/util/endian.h \
......@@ -228,34 +233,32 @@ libknotd_la_SOURCES = \
knot/dnssec/zone-sign.c \
knot/dnssec/zone-sign.h \
knot/knot.h \
knot/modules/synth_record.c \
knot/modules/synth_record.h \
knot/nameserver/axfr.c \
knot/nameserver/axfr.h \
knot/nameserver/chaos.c \
knot/nameserver/chaos.h \
knot/nameserver/capture.c \
knot/nameserver/capture.h \
knot/nameserver/chaos.c \
knot/nameserver/chaos.h \
knot/nameserver/internet.c \
knot/nameserver/internet.h \
knot/nameserver/ixfr.c \
knot/nameserver/ixfr.h \
knot/nameserver/notify.c \
knot/nameserver/notify.h \
knot/nameserver/nsec_proofs.c \
knot/nameserver/nsec_proofs.h \
knot/nameserver/process_query.c \
knot/nameserver/process_query.h \
knot/nameserver/process_answer.c \
knot/nameserver/process_answer.h \
knot/nameserver/requestor.c \
knot/nameserver/requestor.h \
knot/nameserver/process_query.c \
knot/nameserver/process_query.h \
knot/nameserver/query_module.c \
knot/nameserver/query_module.h \
knot/nameserver/update.c \
knot/nameserver/update.h \
knot/nameserver/notify.c \
knot/nameserver/notify.h \
knot/nameserver/tsig_ctx.c \
knot/nameserver/tsig_ctx.h \
knot/modules/synth_record.c \
knot/modules/synth_record.h \