From 398cad29609b193acd5e7a48a2d33dca8d4dce2f Mon Sep 17 00:00:00 2001 From: Wout Bertrums Date: Mon, 26 Jul 2021 17:11:32 +0200 Subject: [PATCH] pdns: Update to 4.5.1 TARGET_CXX is added, because PowerDNS now uses C++17. pdns.conf-dist is updated to the latest version shipped by PowerDNS. 010-time_t-check.patch, which is also used in pdns-recursor and dnsdist, is added to patch out the check for 64-bit time_t, because OpenWrt still supports 32-bit devices. 100-pdns-disable-pdns.conf-dist.patch is refreshed. Signed-off-by: Wout Bertrums --- net/pdns/Makefile | 6 +- net/pdns/files/pdns.conf-dist | 166 +++++++++++------- net/pdns/patches/010-time_t-check.patch | 10 ++ .../100-pdns-disable-pdns.conf-dist.patch | 18 +- 4 files changed, 126 insertions(+), 74 deletions(-) create mode 100644 net/pdns/patches/010-time_t-check.patch diff --git a/net/pdns/Makefile b/net/pdns/Makefile index 4b0a2e7fd..55a663294 100644 --- a/net/pdns/Makefile +++ b/net/pdns/Makefile @@ -1,12 +1,12 @@ include $(TOPDIR)/rules.mk PKG_NAME:=pdns -PKG_VERSION:=4.4.1 +PKG_VERSION:=4.5.1 PKG_RELEASE:=$(AUTORELEASE) PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2 PKG_SOURCE_URL:=https://downloads.powerdns.com/releases/ -PKG_HASH:=03fa7c181c666a5fc44a49affe7666bd385d46c1fe15088caff175967e85ab6c +PKG_HASH:=74d63c7aa0474de3c2137bb808164691a1a3a62942d2a9a70b648cd277923f9b PKG_MAINTAINER:=Peter van Dijk PKG_LICENCE:=GPL-2.0-only @@ -171,6 +171,8 @@ define Package/pdns/conffiles /etc/init.d/pdns endef +TARGET_CXX+=-std=c++17 + CONFIGURE_ARGS+= \ --sysconfdir=/etc/powerdns \ --libdir=/usr/lib/powerdns \ diff --git a/net/pdns/files/pdns.conf-dist b/net/pdns/files/pdns.conf-dist index 3d416adb0..12e805e19 100644 --- a/net/pdns/files/pdns.conf-dist +++ b/net/pdns/files/pdns.conf-dist @@ -1,4 +1,10 @@ # Autogenerated configuration file template + +################################# +# ignore-unknown-settings Configuration settings to ignore if they are unknown +# +# ignore-unknown-settings= + ################################# # 8bit-dns Allow 8bit dns queries # @@ -20,7 +26,12 @@ # allow-notify-from=0.0.0.0/0,::/0 ################################# -# allow-unsigned-notify Allow unsigned notifications for TSIG secured domains +# allow-unsigned-autoprimary Allow autoprimaries to create zones without TSIG signed NOTIFY +# +# allow-unsigned-autoprimary=yes + +################################# +# allow-unsigned-notify Allow unsigned notifications for TSIG secured zones # # allow-unsigned-notify=yes @@ -30,7 +41,7 @@ # allow-unsigned-supermaster=yes ################################# -# also-notify When notifying a domain, also notify these nameservers +# also-notify When notifying a zone, also notify these nameservers # # also-notify= @@ -49,6 +60,11 @@ # # api-key= +################################# +# autosecondary Act as an autosecondary (formerly superslave) +# +# autosecondary=no + ################################# # axfr-fetch-timeout Maximum time in seconds for inbound AXFR to start or be idle after starting # @@ -65,7 +81,7 @@ # cache-ttl=20 ################################# -# carbon-instance If set overwrites the the instance name default +# carbon-instance If set overwrites the instance name default # # carbon-instance=auth @@ -104,6 +120,11 @@ # # config-name= +################################# +# consistent-backends Assume individual zones are not divided over backends. Send only ANY lookup operations to the backend to reduce the number of lookups +# +# consistent-backends=yes + ################################# # control-console Debugging switch - don't use # @@ -130,24 +151,29 @@ # default-ksk-size=0 ################################# -# default-soa-edit Default SOA-EDIT value +# default-publish-cdnskey Default value for PUBLISH-CDNSKEY # -# default-soa-edit= +# default-publish-cdnskey= ################################# -# default-soa-edit-signed Default SOA-EDIT value for signed zones +# default-publish-cds Default value for PUBLISH-CDS # -# default-soa-edit-signed= +# default-publish-cds= + +################################# +# default-soa-content Default SOA content +# +# default-soa-content=a.misconfigured.dns.server.invalid hostmaster.@ 0 10800 3600 604800 3600 ################################# -# default-soa-mail mail address to insert in the SOA record if none set in the backend +# default-soa-edit Default SOA-EDIT value # -# default-soa-mail= +# default-soa-edit= ################################# -# default-soa-name name to insert in the SOA record if none set in the backend +# default-soa-edit-signed Default SOA-EDIT value for signed zones # -# default-soa-name=a.misconfigured.powerdns.server +# default-soa-edit-signed= ################################# # default-ttl Seconds a result is valid if not set otherwise @@ -205,14 +231,9 @@ # dnsupdate=no ################################# -# do-ipv6-additional-processing Do AAAA additional processing +# domain-metadata-cache-ttl Seconds to cache zone metadata from the database # -# do-ipv6-additional-processing=yes - -################################# -# domain-metadata-cache-ttl Seconds to cache domain metadata from the database -# -# domain-metadata-cache-ttl=60 +# domain-metadata-cache-ttl= ################################# # edns-subnet-processing If we should act on EDNS Subnet options @@ -235,7 +256,7 @@ # expand-alias=no ################################# -# forward-dnsupdate A global setting to allow DNS update packages that are for a Slave domain, to be forwarded to the master. +# forward-dnsupdate A global setting to allow DNS update packages that are for a Slave zone, to be forwarded to the master. # # forward-dnsupdate=yes @@ -267,23 +288,13 @@ ################################# # local-address Local IP addresses to which we bind # -# local-address=0.0.0.0 +# local-address=0.0.0.0, :: ################################# # local-address-nonexist-fail Fail to start if one or more of the local-address's do not exist on this server # # local-address-nonexist-fail=yes -################################# -# local-ipv6 Local IP address to which we bind -# -# local-ipv6=:: - -################################# -# local-ipv6-nonexist-fail Fail to start if one or more of the local-ipv6 addresses do not exist on this server -# -# local-ipv6-nonexist-fail=yes - ################################# # local-port The port on which we listen # @@ -324,6 +335,16 @@ # # lua-dnsupdate-policy-script= +################################# +# lua-health-checks-expire-delay Stops doing health checks after the record hasn't been used for that delay (in seconds) +# +# lua-health-checks-expire-delay=3600 + +################################# +# lua-health-checks-interval LUA records health checks monitoring interval in seconds +# +# lua-health-checks-interval=5 + ################################# # lua-prequery-script Lua script with prequery handler (DO NOT USE) # @@ -335,7 +356,7 @@ # lua-records-exec-limit=1000 ################################# -# master Act as a master +# master Act as a primary # # master=no @@ -349,10 +370,15 @@ # # max-ent-entries=100000 +################################# +# max-generate-steps Maximum number of $GENERATE steps when loading a zone from a file +# +# max-generate-steps=0 + ################################# # max-nsec3-iterations Limit the number of NSEC3 hash iterations # -# max-nsec3-iterations=500 +# max-nsec3-iterations=100 ################################# # max-packet-cache-entries Maximum number of entries in the packet cache @@ -430,19 +456,19 @@ # prevent-self-notification=yes ################################# -# query-cache-ttl Seconds to store query results in the QueryCache +# primary Act as a primary # -# query-cache-ttl=20 +# primary=no ################################# -# query-local-address Source IP address for sending queries +# query-cache-ttl Seconds to store query results in the QueryCache # -# query-local-address=0.0.0.0 +# query-cache-ttl=20 ################################# -# query-local-address6 Source IPv6 address for sending queries +# query-local-address Source IP addresses for sending queries # -# query-local-address6=:: +# query-local-address=0.0.0.0 :: ################################# # query-logging Hint backends that queries should be logged @@ -480,12 +506,22 @@ # rng=auto ################################# -# security-poll-suffix Domain name from which to query security update notifications +# secondary Act as a secondary +# +# secondary=no + +################################# +# secondary-do-renotify If this secondary should send out notifications after receiving zone transfers from a primary +# +# secondary-do-renotify=no + +################################# +# security-poll-suffix Zone name from which to query security update notifications # # security-poll-suffix=secpoll.powerdns.com. ################################# -# send-signed-notify Send TSIG secured NOTIFY if TSIG key is configured for a domain +# send-signed-notify Send TSIG secured NOTIFY if TSIG key is configured for a zone # # send-signed-notify=yes @@ -510,7 +546,7 @@ # signing-threads=3 ################################# -# slave Act as a slave +# slave Act as a secondary # # slave=no @@ -520,39 +556,24 @@ # slave-cycle-interval=60 ################################# -# slave-renotify If we should send out notifications for slaved updates +# slave-renotify If we should send out notifications for secondaried updates # # slave-renotify=no ################################# -# soa-expire-default Default SOA expire -# -# soa-expire-default=604800 - -################################# -# soa-minimum-ttl Default SOA minimum ttl -# -# soa-minimum-ttl=3600 - -################################# -# soa-refresh-default Default SOA refresh +# socket-dir Where the controlsocket will live, /var/run/pdns when unset and not chrooted. Set to the RUNTIME_DIRECTORY environment variable when that variable has a value (e.g. under systemd). # -# soa-refresh-default=10800 - -################################# -# soa-retry-default Default SOA retry -# -# soa-retry-default=3600 +# socket-dir= ################################# -# socket-dir Where the controlsocket will live, /var/run when unset and not chrooted +# superslave Act as a autosecondary # -# socket-dir= +# superslave=no ################################# -# superslave Act as a superslave +# svc-autohints Transparently fill ipv6hint=auto ipv4hint=auto SVC params with AAAA/A records for the target name of the record (if within the same zone) # -# superslave=no +# svc-autohints=no ################################# # tcp-control-address If set, PowerDNS can be controlled over TCP on this address @@ -599,6 +620,11 @@ # # udp-truncation-threshold=1232 +################################# +# upgrade-unknown-types Transparently upgrade known TYPExxx records. Recommended to keep off, except for PowerDNS upgrades until data sources are cleaned up +# +# upgrade-unknown-types=no + ################################# # version-string PowerDNS version in packets - full, anonymous, powerdns or custom # @@ -649,9 +675,23 @@ # # write-pid=yes +################################# +# xfr-cycle-interval Schedule primary/secondary SOA freshness checks once every .. seconds +# +# xfr-cycle-interval=60 + ################################# # xfr-max-received-mbytes Maximum number of megabytes received from an incoming XFR # # xfr-max-received-mbytes=100 +################################# +# zone-cache-refresh-interval Seconds to cache list of known zones +# +# zone-cache-refresh-interval=300 + +################################# +# zone-metadata-cache-ttl Seconds to cache zone metadata from the database +# +# zone-metadata-cache-ttl=60 diff --git a/net/pdns/patches/010-time_t-check.patch b/net/pdns/patches/010-time_t-check.patch new file mode 100644 index 000000000..ba477c5b7 --- /dev/null +++ b/net/pdns/patches/010-time_t-check.patch @@ -0,0 +1,10 @@ +--- a/configure.ac ++++ b/configure.ac +@@ -26,7 +26,6 @@ AC_PROG_CC + AC_PROG_CXX + AC_LANG([C++]) + +-PDNS_CHECK_TIME_T + PDNS_CHECK_BISON + PDNS_CHECK_FLEX + diff --git a/net/pdns/patches/100-pdns-disable-pdns.conf-dist.patch b/net/pdns/patches/100-pdns-disable-pdns.conf-dist.patch index 9ac7ab8e7..d32d84aa9 100644 --- a/net/pdns/patches/100-pdns-disable-pdns.conf-dist.patch +++ b/net/pdns/patches/100-pdns-disable-pdns.conf-dist.patch @@ -1,14 +1,14 @@ --- a/pdns/Makefile.am +++ b/pdns/Makefile.am @@ -71,7 +71,6 @@ CLEANFILES = \ + backends/gsql/gsqlbackend.gcda \ backends/gsql/gsqlbackend.gcno \ backends/gsql/gsqlbackend.gcov \ - dnsmessage.pb.cc dnsmessage.pb.h \ - pdns.conf-dist \ - apidocfiles.h \ - api-swagger.yaml \ - api-swagger.json -@@ -99,7 +98,6 @@ apidocfiles.h: api-swagger.yaml api-swag + apidocfiles.h + + if !HAVE_API_SWAGGER_JSON +@@ -105,7 +104,6 @@ apidocfiles.h: api-swagger.yaml api-swag ./incfiles $^ > $@ noinst_SCRIPTS = pdns.init @@ -16,7 +16,7 @@ sbin_PROGRAMS = pdns_server bin_PROGRAMS = \ -@@ -139,7 +137,7 @@ if IXFRDIST +@@ -146,7 +144,7 @@ if IXFRDIST bin_PROGRAMS += \ ixfrdist @@ -25,9 +25,9 @@ ixfrdist.example.yml endif -@@ -1278,9 +1276,6 @@ dnspcap2protobuf_LDADD = \ - endif - endif +@@ -1299,9 +1297,6 @@ dnspcap2protobuf_LDADD = \ + $(BOOST_PROGRAM_OPTIONS_LIBS) \ + $(RT_LIBS) -pdns.conf-dist: pdns_server - $(AM_V_GEN)./pdns_server --config=default 2>/dev/null > $@