summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2015-11-27resolved: degrade the feature level on explicit failureTom Gundersen
Previously, we would only degrade on packet loss, but when adding EDNS0 support, we also have to handle the case where the server replies with an explicit error.
2015-11-27resolved: fallback to TCP if UDP failsTom Gundersen
This is inspired by the logic in BIND [0], follow-up patches will implement the reset of that scheme. If we get a server error back, or if after several attempts we don't get a reply at all, we switch from UDP to TCP for the given server for the current and all subsequent requests. However, if we ever successfully received a reply over UDP, we never fall back to TCP, and once a grace-period has passed, we try to upgrade again to using UDP. The grace-period starts off at five minutes after the current feature level was verified and then grows exponentially to six hours. This is to mitigate problems due to temporary lack of network connectivity, but at the same time avoid flooding the network with retries when the feature attempted feature level genuinely does not work. Note that UDP is likely much more commonly supported than TCP, but depending on the path between the client and the server, we may have more luck with TCP in case something is wrong. We really do prefer UDP though, as that is much more lightweight, that is why TCP is only the last resort. [0]: <https://kb.isc.org/article/AA-01219/0/Refinements-to-EDNS-fallback-behavior-can-cause-different-outcomes-in-Recursive-Servers.html>
2015-11-27Merge pull request #2042 from poettering/resolved-various-3Tom Gundersen
resolved: Flush caches more agressively, fixes #2038
2015-11-27update TODOLennart Poettering
2015-11-27resolved: never cache RRs originating from localhostLennart Poettering
After all, this is likely a local DNS forwarder that caches anyway, hence there's no point in caching twice. Fixes #2038.
2015-11-27resolved: flush the global DNS cache if /etc/resolv.conf is touchedLennart Poettering
After all /etc/resolv.conf is usually done when the network configuration changes, which is a good reason to flush the global cache. See: #2038
2015-11-27resolved: don't clear the server list too eagerlyLennart Poettering
If /etc/resolv.conf is missing, this should not result in the server list to be cleared, after all the native data from resolved.conf shouldn't be flushed out then. Hence flush out the data only if /etc/resolv.conf exists, but we cannot read it for some reason.
2015-11-27Merge pull request #2041 from poettering/resolved-various-2Tom Gundersen
various smaller fixes, plus one that makes the build succeed again
2015-11-27resolved: fix buildLennart Poettering
2015-11-27resolved: don't follow the global search list on local scopesLennart Poettering
It probably doesn't make sense to mix local and global configuration. Applying global search lists to local DNS servers appears unnecessary and creates problems because we'll traverse the search domains non-simultaneously on multiple scopes. Also see: https://github.com/systemd/systemd/pull/2031
2015-11-27resolved: handle properly if there are multiple transactions for the same ↵Lennart Poettering
key per scope When the zone probing code looks for a transaction to reuse it will refuse to look at transactions that have been answered from cache or the zone itself, but insist on the network. This has the effect that there might be multiple transactions around for the same key on the same scope. Previously we'd track all transactions in a hashmap, indexed by the key, which implied that there would be only one transaction per key, per scope. With this change the hashmap will only store the most recent transaction per key, and a linked list will be used to track all transactions per scope, allowing multiple per-key per-scope. Note that the linked list fields for this actually already existed in the DnsTransaction structure, but were previously unused.
2015-11-27resolved: for a transaction, keep track where the answer data came fromLennart Poettering
Let's track where the data came from: from the network, the cache or the local zone. This is not only useful for debugging purposes, but is also useful when the zone probing wants to ensure it's not reusing transactions that were answered from the cache or the zone itself.
2015-11-27resolved: store just the DnsAnswer instead of a DnsPacket as answer in ↵Lennart Poettering
DnsTransaction objects Previously we'd only store the DnsPacket in the DnsTransaction, and the DnsQuery would then take the DnsPacket's DnsAnswer and return it. With this change we already pull the DnsAnswer out inside the transaction. We still store the DnsPacket in the transaction, if we have it, since we still need to determine from which peer a response originates, to implement caching properly. However, the DnsQuery logic doesn't care anymore for the packet, it now only looks at answers and rcodes from the successfuly candidate. This also has the benefit of unifying how we propagate incoming packets, data from the local zone or the local cache.
2015-11-27resolved: change query flag definitionsLennart Poettering
Let's use a more useful way to write the flags. Also, leave some space in the middle for the mDNS flags. After all, these flags are exposed on the bus, and we should really make sure to expose flags that are going to be stable, hence allow some room here... (Not that the room really mattered, except to be nice to one's OCD)
2015-11-26Merge pull request #2031 from poettering/resolved-search-domainsTom Gundersen
resolved. Fully implement search domains for single-label names
2015-11-26Merge pull request #1994 from karelzak/rlimitsLennart Poettering
core: support <soft:hard> ranges for RLIMIT options
2015-11-26Merge pull request #2022 from alkino/masterLennart Poettering
man: Add a not that mount unit cannot be templated
2015-11-26Merge pull request #2034 from teg/resolved-fixDaniel Mack
minor resolved fixes
2015-11-26Merge pull request #2035 from evverx/man-fix-io-reventsDaniel Mack
man: fix function name
2015-11-26man: fix function nameEvgeny Vereshchagin
2015-11-26resolved: bus - follow CNAME chains when resolving addressesTom Gundersen
It may be unexpected to find a CNAME record when doing a reverse lookup, as we expect to find a PTR record directly. However, it is explicitly supported according to <https://tools.ietf.org/html/rfc2181#section-10.2>, and there seems to be no benefit to not supporting it.
2015-11-26resolved: do not reject NSEC records with empty bitmapsTom Gundersen
The assumption that no NSEC bitmap could be empty due to the presence of the bit representing the record itself turns out to be flawed. See (the admittedly experimental) RFC4956 for a counter example.
2015-11-25dns-domain: rework dns_label_escape() to not imply memory allocationLennart Poettering
The new dns_label_escape() call now operates on a buffer passed in, similar to dns_label_unescape(). This should make decoding a bit faster, and nicer.
2015-11-25dns-domain: change dns_srv_type_is_valid() return value to boolLennart Poettering
For similar reasons as dns_name_is_root() got changed in the previous commit.
2015-11-25dns-domain: simplify dns_name_is_root() and dns_name_is_single_label()Lennart Poettering
Let's change the return value to bool. If we encounter an error while parsing, return "false" instead of the actual parsing error, after all the specified hostname does not qualify for what the function is supposed to test. Dealing with the additional error codes was always cumbersome, and easily misused, like for example in the DHCP code. Let's also rename the functions from dns_name_root() to dns_name_is_root(), to indicate that this function checks something and returns a bool. Similar for dns_name_is_signal_label().
2015-11-25resolved: fully support DNS search domainsLennart Poettering
This adds support for searching single-label hostnames in a set of configured search domains. A new object DnsQueryCandidate is added that links queries to scopes. It keeps track of the search domain last used for a query on a specific link. Whenever a host name was unsuccessfuly resolved on a scope all its transactions are flushed out and replaced by a new set, with the next search domain appended. This also adds a new flag SD_RESOLVED_NO_SEARCH to disable search domain behaviour. The "systemd-resolve-host" tool is updated to make this configurable via --search=. Fixes #1697
2015-11-25resolved: expose some properties on the busLennart Poettering
For now, let's just expose the LLMNR hostname currently in use; a combined list of all dns servers with their interface indexes; a combined list of all search domains with their interface indexes.
2015-11-25resolved: split out calls to compile full list of dns servers and search domainsLennart Poettering
Let's split this out from the resolv.conf parser, so that this becomes generically useful.
2015-11-25util-lib: add ordered_set_ensure_allocated()Lennart Poettering
ordered_set_ensure_allocated() does for an OrderedSet, what set_ensure_allicated() does for a Set.
2015-11-25resolved: enforce a maximum limit on both dns servers and search domainsLennart Poettering
2015-11-25resolved: unify DnsServer handling code between Link and ManagerLennart Poettering
This copies concepts we introduced for the DnsSearchDomain stuff, and reworks the operations on lists of dns servers to be reusable and generic for use both with the Link and the Manager object.
2015-11-25resolved: add a generic DnsSearchDomain conceptLennart Poettering
With this change, we add a new object to resolved, "DnsSearchDomain=" which wraps a search domain. This is then used to introduce a global search domain list, in addition to the existing per-link search domain list which is reword to make use of this new object too. This is preparation for implement proper unicast DNS search domain support.
2015-11-25resolved: make sure order of dns servers is stableLennart Poettering
Previously, we'd keep adding new dns servers we discover to the end of our linked list of servers. When we encountered a pre-existing server, we'd just leave it where it was. In essence that meant that old servers ended up at the front, and new servers at the end, but not in an order that would reflect the configuration. With this change we ensure that every pre-existing server we want to add again we move to the back of the linked list, so that the order is stable and in sync with the requested configuration.
2015-11-25resolved: drop unused enum typeLennart Poettering
2015-11-25resolved: make sure FallbackDNS= overrides built-in servers, doesn't extend themLennart Poettering
Closes #342.
2015-11-25resolved: rework dns server lifecycle logicLennart Poettering
Previously, there was a chance of memory corruption, because when switching to the next DNS server we didn't care whether they linked list of DNS servers was still valid. Clean up lifecycle of the dns server logic: - When a DnsServer object is still in the linked list of DnsServers for a link or the manager, indicate so with a "linked" boolean field, and never follow the linked list if that boolean is not set. - When picking a DnsServer to use for a link ot manager, always explicitly take a reference. This also rearranges some logic, to make the tracking of dns servers by link and globally more alike.
2015-11-25resolved: move dns server picking code from resolved-manager.c to ↵Lennart Poettering
resolved-dns-server.c
2015-11-25resolved: indent less, by exiting earlierLennart Poettering
2015-11-25resolved: split out all code dealing with /etc/resolv.conf into its own .c fileLennart Poettering
No functional changes.
2015-11-25resolved: unify code for parsing dns server informationLennart Poettering
Let's use the same parser when parsing dns server information from /etc/resolv.conf and our native configuration file. Also, move all code that manages lists of dns servers to a single place. resolved-dns-server.c
2015-11-25resolved: /etc/resolved.conf missing is not an errorLennart Poettering
Don't propagate any error in this case, it's really not an error.
2015-11-25dns-domain: remove prototype for function that doesn't existLennart Poettering
2015-11-25man: fix documentation how /etc/resolv.conf is readLennart Poettering
/etc/resolv.conf is only read when the DNS= setting does not appear at all in resolved.conf, regardless if set to the empty list or anything else. Correct that in the man page.
2015-11-25resolved: don't claim DnsQuestion have to have the same namesLennart Poettering
Wen DnsQuestion objects are used for DnsQuery objects all contained keys have to share the same name, but otherwise they generally don't have to, and this can actually happen in real-life because DnsPacket objects for mDNS use DnsQuestion for the question section. Hence, rename: dns_question_is_valid() to dns_question_is_valid_for_query(), since the name uniqueness check it does is only relevant when used for a query. Similar, rename dns_question_name() to dns_question_first_name(), to be more accurate, as this difference matters if we keys don#t have to share the same name.
2015-11-25Merge pull request #2024 from eworm-de/netTom Gundersen
networkd: link - do not drop config for loopback device
2015-11-25networkd: link - do not drop config for loopback deviceChristian Hesse
Commit 5e5b137a (networkd: link - drop foreign config when configuring link) introduced a regression where addresses (including 127.0.0.1) are removed from loopback device. Do not handle loopback device when removing foreign configs. Signed-off-by: Christian Hesse <mail@eworm.de>
2015-11-25Merge pull request #2027 from evverx/remove-unnecessary-cgroup-systemd-checkingDaniel Mack
tests: remove unnecessary /sys/fs/cgroup/systemd checking
2015-11-25tests: remove unnecessary /sys/fs/cgroup/systemd checkingEvgeny Vereshchagin
A unified hierarchy obsoletes this checking
2015-11-25core: support <soft:hard> ranges for RLIMIT optionsKarel Zak
The new parser supports: <value> - specify both limits to the same value <soft:hard> - specify both limits the size or time specific suffixes are supported, for example LimitRTTIME=1sec LimitAS=4G:16G The patch introduces parse_rlimit_range() and rlim type (size, sec, usec, etc.) specific parsers. No code is duplicated now. The patch also sync docs for DefaultLimitXXX= and LimitXXX=. References: https://github.com/systemd/systemd/issues/1769
2015-11-24Merge pull request #2020 from evverx/signals-completionLennart Poettering
bash-completion: list valid signal names