diff --git a/external/Makefile b/external/Makefile
index eba90639..1a148694 100644
--- a/external/Makefile
+++ b/external/Makefile
@@ -329,6 +329,9 @@ assets: tor polipo jtorctl iptables pluto
-zip ../assets/$(APP_ABI)/meek-client.mp3 bin/meek-client
-$(STRIP) bin/obfs4proxy
-zip ../assets/$(APP_ABI)/obfs4proxy.mp3 bin/obfs4proxy
+ -$(STRIP) ../libs/$(APP_ABI)/pdnsd
+ -zip ../assets/$(APP_ABI)/pdnsd.mp3 ../libs/$(APP_ABI)/pdnsd
+ -rm ../libs/$(APP_ABI)/pdnsd
assets-clean:
-rm ../assets/$(APP_ABI)/polipo.mp3
@@ -336,6 +339,7 @@ assets-clean:
-rm ../assets/$(APP_ABI)/xtables.mp3
-rm ../assets/$(APP_ABI)/meek-client.mp3
-rm ../assets/$(APP_ABI)/obfs4proxy.mp3
+ -rm ../assets/$(APP_ABI)/pdnsd.mp3
-rm ../libs/jtorctl.jar
#------------------------------------------------------------------------------#
diff --git a/jni/Android.mk b/jni/Android.mk
index 2dd3ef90..f4af1d97 100644
--- a/jni/Android.mk
+++ b/jni/Android.mk
@@ -17,6 +17,20 @@ LOCAL_PATH := $(call my-dir)
ROOT_PATH := $(LOCAL_PATH)
EXTERN_PATH := $(LOCAL_PATH)/../external
+########################################################
+## pdnsd library
+########################################################
+
+include $(CLEAR_VARS)
+
+PDNSD_SOURCES := $(wildcard $(LOCAL_PATH)/pdnsd/src/*.c)
+
+LOCAL_MODULE := pdnsd
+LOCAL_SRC_FILES := $(PDNSD_SOURCES:$(LOCAL_PATH)/%=%)
+LOCAL_CFLAGS := -Wall -O2 -I$(LOCAL_PATH)/pdnsd -DHAVE_STPCPY
+
+include $(BUILD_EXECUTABLE)
+
########################################################
## libancillary
########################################################
diff --git a/jni/Application.mk b/jni/Application.mk
index 3ac89c03..3e5c8225 100644
--- a/jni/Application.mk
+++ b/jni/Application.mk
@@ -1,4 +1,4 @@
-APP_ABI := armeabi-v7a arm64-v8a mips x86
+APP_ABI := armeabi armeabi-v7a arm64-v8a mips x86
APP_PLATFORM := android-21
APP_STL := stlport_static
NDK_TOOLCHAIN_VERSION := 4.9
diff --git a/jni/pdnsd/AUTHORS b/jni/pdnsd/AUTHORS
new file mode 100644
index 00000000..fa0454e4
--- /dev/null
+++ b/jni/pdnsd/AUTHORS
@@ -0,0 +1,58 @@
+Most of pdnsd was written by Thomas Moestl (tmoestl@gmx.net).
+In the "par" versions large parts of the code have been revised
+and several features have been added by Paul Rombouts.
+
+Small parts of this program are based on code that was taken from nmap (IP
+checksumming), the isdn4k-utils (ippp interface uptest), glibc 2.1.2 (some
+definitions for kernel 2.2.x missing in 2.0 glibcs) and FreeBSD
+(SIZEOF_ADDR_IFREQ in netdev.c).
+nmap was written by Fyodor. The insd4k-utils were written by Fritz Elfert and
+others. The GNU C library (glibc) is copyright by the Free Software
+Foundation.
+
+The following people have contributed code:
+Andrew M. Bishop contributed support for server labels
+Carsten Block contributed 'configure'-able rc scripts
+Stephan Boettcher contributed the SCHEME= option.
+P.J. Bostley contributed patches to get pdnsd working on
+ alpha
+Frank Elsner contributed rc script fixes
+Christian Engstler contributed patches for SuSE compatability
+Bjoern Fischer contributed code to make pdnsd leave the case of names
+ in the cache unchanged
+Torben Janssen contributed RedHat rc scripts
+Olaf Kirch contributed a security fix for the run_as()
+ function
+Bernd Leibing contributed fixes to the spec file.
+Sourav K. Mandal contributed the autoconf/automake code, gdbm
+ caching facility and many suggestions
+Markus Mohr contributed Debian rc scripts
+Alexandre Nunes contributed autoconf fixes
+Wolfgang Ocker contributed the server_ip option
+Soenke J. Peters contributed patches and suggestions for RedHat
+ compatability
+Roman Shterenzon contributed many helpful hints and patches for
+ FreeBSD compatability.
+Andreas Steinmetz contributed the code for the query_port_start and
+ query_port_end options (which I changed slightly,
+ so blame any breakage on me ;)
+Marko Stolle contributed the contrib/pdnsd_update.pl script that
+ makes pdnsd usable in a DHCP setup.
+Lyonel Vincent extended the serve_aliases option to support an
+ arbitrary number of aliases
+Paul Wagland contributed a patches for bind9-compatability
+ and for some memory leaks on error paths.
+Sverker Wiberg contributed IPv6 build fixes
+Michael Wiedmann contributed the pdnsd-ctl.8 man page.
+Ron Yorston contributed the dev-uptest for Linux ppp dial-
+ on-demand devices
+Nikita V. Youshchenko contributed extensions to the "if" uptest
+Mahesh T. Pai contributed the pdnsd.8 man page.
+Nikola Kotur contributed the Slackware start-up script.
+Kiyo Kelvin Lee contributed a patch for Cygwin support.
+Rodney Brown contributed a patch for Darwin (Apple Mac OS X) support.
+Jan-Marek Glogowski contributed a patch implementing the "use_nss" option.
+
+Please look into the THANKS file for people who helped me in various ways on
+this project.
+If this list is incomplete, pease drop me a mail!
diff --git a/jni/pdnsd/COPYING b/jni/pdnsd/COPYING
new file mode 100644
index 00000000..94a9ed02
--- /dev/null
+++ b/jni/pdnsd/COPYING
@@ -0,0 +1,674 @@
+ GNU GENERAL PUBLIC LICENSE
+ Version 3, 29 June 2007
+
+ Copyright (C) 2007 Free Software Foundation, Inc.
+ Everyone is permitted to copy and distribute verbatim copies
+ of this license document, but changing it is not allowed.
+
+ Preamble
+
+ The GNU General Public License is a free, copyleft license for
+software and other kinds of works.
+
+ The licenses for most software and other practical works are designed
+to take away your freedom to share and change the works. By contrast,
+the GNU General Public License is intended to guarantee your freedom to
+share and change all versions of a program--to make sure it remains free
+software for all its users. We, the Free Software Foundation, use the
+GNU General Public License for most of our software; it applies also to
+any other work released this way by its authors. You can apply it to
+your programs, too.
+
+ When we speak of free software, we are referring to freedom, not
+price. Our General Public Licenses are designed to make sure that you
+have the freedom to distribute copies of free software (and charge for
+them if you wish), that you receive source code or can get it if you
+want it, that you can change the software or use pieces of it in new
+free programs, and that you know you can do these things.
+
+ To protect your rights, we need to prevent others from denying you
+these rights or asking you to surrender the rights. Therefore, you have
+certain responsibilities if you distribute copies of the software, or if
+you modify it: responsibilities to respect the freedom of others.
+
+ For example, if you distribute copies of such a program, whether
+gratis or for a fee, you must pass on to the recipients the same
+freedoms that you received. You must make sure that they, too, receive
+or can get the source code. And you must show them these terms so they
+know their rights.
+
+ Developers that use the GNU GPL protect your rights with two steps:
+(1) assert copyright on the software, and (2) offer you this License
+giving you legal permission to copy, distribute and/or modify it.
+
+ For the developers' and authors' protection, the GPL clearly explains
+that there is no warranty for this free software. For both users' and
+authors' sake, the GPL requires that modified versions be marked as
+changed, so that their problems will not be attributed erroneously to
+authors of previous versions.
+
+ Some devices are designed to deny users access to install or run
+modified versions of the software inside them, although the manufacturer
+can do so. This is fundamentally incompatible with the aim of
+protecting users' freedom to change the software. The systematic
+pattern of such abuse occurs in the area of products for individuals to
+use, which is precisely where it is most unacceptable. Therefore, we
+have designed this version of the GPL to prohibit the practice for those
+products. If such problems arise substantially in other domains, we
+stand ready to extend this provision to those domains in future versions
+of the GPL, as needed to protect the freedom of users.
+
+ Finally, every program is threatened constantly by software patents.
+States should not allow patents to restrict development and use of
+software on general-purpose computers, but in those that do, we wish to
+avoid the special danger that patents applied to a free program could
+make it effectively proprietary. To prevent this, the GPL assures that
+patents cannot be used to render the program non-free.
+
+ The precise terms and conditions for copying, distribution and
+modification follow.
+
+ TERMS AND CONDITIONS
+
+ 0. Definitions.
+
+ "This License" refers to version 3 of the GNU General Public License.
+
+ "Copyright" also means copyright-like laws that apply to other kinds of
+works, such as semiconductor masks.
+
+ "The Program" refers to any copyrightable work licensed under this
+License. Each licensee is addressed as "you". "Licensees" and
+"recipients" may be individuals or organizations.
+
+ To "modify" a work means to copy from or adapt all or part of the work
+in a fashion requiring copyright permission, other than the making of an
+exact copy. The resulting work is called a "modified version" of the
+earlier work or a work "based on" the earlier work.
+
+ A "covered work" means either the unmodified Program or a work based
+on the Program.
+
+ To "propagate" a work means to do anything with it that, without
+permission, would make you directly or secondarily liable for
+infringement under applicable copyright law, except executing it on a
+computer or modifying a private copy. Propagation includes copying,
+distribution (with or without modification), making available to the
+public, and in some countries other activities as well.
+
+ To "convey" a work means any kind of propagation that enables other
+parties to make or receive copies. Mere interaction with a user through
+a computer network, with no transfer of a copy, is not conveying.
+
+ An interactive user interface displays "Appropriate Legal Notices"
+to the extent that it includes a convenient and prominently visible
+feature that (1) displays an appropriate copyright notice, and (2)
+tells the user that there is no warranty for the work (except to the
+extent that warranties are provided), that licensees may convey the
+work under this License, and how to view a copy of this License. If
+the interface presents a list of user commands or options, such as a
+menu, a prominent item in the list meets this criterion.
+
+ 1. Source Code.
+
+ The "source code" for a work means the preferred form of the work
+for making modifications to it. "Object code" means any non-source
+form of a work.
+
+ A "Standard Interface" means an interface that either is an official
+standard defined by a recognized standards body, or, in the case of
+interfaces specified for a particular programming language, one that
+is widely used among developers working in that language.
+
+ The "System Libraries" of an executable work include anything, other
+than the work as a whole, that (a) is included in the normal form of
+packaging a Major Component, but which is not part of that Major
+Component, and (b) serves only to enable use of the work with that
+Major Component, or to implement a Standard Interface for which an
+implementation is available to the public in source code form. A
+"Major Component", in this context, means a major essential component
+(kernel, window system, and so on) of the specific operating system
+(if any) on which the executable work runs, or a compiler used to
+produce the work, or an object code interpreter used to run it.
+
+ The "Corresponding Source" for a work in object code form means all
+the source code needed to generate, install, and (for an executable
+work) run the object code and to modify the work, including scripts to
+control those activities. However, it does not include the work's
+System Libraries, or general-purpose tools or generally available free
+programs which are used unmodified in performing those activities but
+which are not part of the work. For example, Corresponding Source
+includes interface definition files associated with source files for
+the work, and the source code for shared libraries and dynamically
+linked subprograms that the work is specifically designed to require,
+such as by intimate data communication or control flow between those
+subprograms and other parts of the work.
+
+ The Corresponding Source need not include anything that users
+can regenerate automatically from other parts of the Corresponding
+Source.
+
+ The Corresponding Source for a work in source code form is that
+same work.
+
+ 2. Basic Permissions.
+
+ All rights granted under this License are granted for the term of
+copyright on the Program, and are irrevocable provided the stated
+conditions are met. This License explicitly affirms your unlimited
+permission to run the unmodified Program. The output from running a
+covered work is covered by this License only if the output, given its
+content, constitutes a covered work. This License acknowledges your
+rights of fair use or other equivalent, as provided by copyright law.
+
+ You may make, run and propagate covered works that you do not
+convey, without conditions so long as your license otherwise remains
+in force. You may convey covered works to others for the sole purpose
+of having them make modifications exclusively for you, or provide you
+with facilities for running those works, provided that you comply with
+the terms of this License in conveying all material for which you do
+not control copyright. Those thus making or running the covered works
+for you must do so exclusively on your behalf, under your direction
+and control, on terms that prohibit them from making any copies of
+your copyrighted material outside their relationship with you.
+
+ Conveying under any other circumstances is permitted solely under
+the conditions stated below. Sublicensing is not allowed; section 10
+makes it unnecessary.
+
+ 3. Protecting Users' Legal Rights From Anti-Circumvention Law.
+
+ No covered work shall be deemed part of an effective technological
+measure under any applicable law fulfilling obligations under article
+11 of the WIPO copyright treaty adopted on 20 December 1996, or
+similar laws prohibiting or restricting circumvention of such
+measures.
+
+ When you convey a covered work, you waive any legal power to forbid
+circumvention of technological measures to the extent such circumvention
+is effected by exercising rights under this License with respect to
+the covered work, and you disclaim any intention to limit operation or
+modification of the work as a means of enforcing, against the work's
+users, your or third parties' legal rights to forbid circumvention of
+technological measures.
+
+ 4. Conveying Verbatim Copies.
+
+ You may convey verbatim copies of the Program's source code as you
+receive it, in any medium, provided that you conspicuously and
+appropriately publish on each copy an appropriate copyright notice;
+keep intact all notices stating that this License and any
+non-permissive terms added in accord with section 7 apply to the code;
+keep intact all notices of the absence of any warranty; and give all
+recipients a copy of this License along with the Program.
+
+ You may charge any price or no price for each copy that you convey,
+and you may offer support or warranty protection for a fee.
+
+ 5. Conveying Modified Source Versions.
+
+ You may convey a work based on the Program, or the modifications to
+produce it from the Program, in the form of source code under the
+terms of section 4, provided that you also meet all of these conditions:
+
+ a) The work must carry prominent notices stating that you modified
+ it, and giving a relevant date.
+
+ b) The work must carry prominent notices stating that it is
+ released under this License and any conditions added under section
+ 7. This requirement modifies the requirement in section 4 to
+ "keep intact all notices".
+
+ c) You must license the entire work, as a whole, under this
+ License to anyone who comes into possession of a copy. This
+ License will therefore apply, along with any applicable section 7
+ additional terms, to the whole of the work, and all its parts,
+ regardless of how they are packaged. This License gives no
+ permission to license the work in any other way, but it does not
+ invalidate such permission if you have separately received it.
+
+ d) If the work has interactive user interfaces, each must display
+ Appropriate Legal Notices; however, if the Program has interactive
+ interfaces that do not display Appropriate Legal Notices, your
+ work need not make them do so.
+
+ A compilation of a covered work with other separate and independent
+works, which are not by their nature extensions of the covered work,
+and which are not combined with it such as to form a larger program,
+in or on a volume of a storage or distribution medium, is called an
+"aggregate" if the compilation and its resulting copyright are not
+used to limit the access or legal rights of the compilation's users
+beyond what the individual works permit. Inclusion of a covered work
+in an aggregate does not cause this License to apply to the other
+parts of the aggregate.
+
+ 6. Conveying Non-Source Forms.
+
+ You may convey a covered work in object code form under the terms
+of sections 4 and 5, provided that you also convey the
+machine-readable Corresponding Source under the terms of this License,
+in one of these ways:
+
+ a) Convey the object code in, or embodied in, a physical product
+ (including a physical distribution medium), accompanied by the
+ Corresponding Source fixed on a durable physical medium
+ customarily used for software interchange.
+
+ b) Convey the object code in, or embodied in, a physical product
+ (including a physical distribution medium), accompanied by a
+ written offer, valid for at least three years and valid for as
+ long as you offer spare parts or customer support for that product
+ model, to give anyone who possesses the object code either (1) a
+ copy of the Corresponding Source for all the software in the
+ product that is covered by this License, on a durable physical
+ medium customarily used for software interchange, for a price no
+ more than your reasonable cost of physically performing this
+ conveying of source, or (2) access to copy the
+ Corresponding Source from a network server at no charge.
+
+ c) Convey individual copies of the object code with a copy of the
+ written offer to provide the Corresponding Source. This
+ alternative is allowed only occasionally and noncommercially, and
+ only if you received the object code with such an offer, in accord
+ with subsection 6b.
+
+ d) Convey the object code by offering access from a designated
+ place (gratis or for a charge), and offer equivalent access to the
+ Corresponding Source in the same way through the same place at no
+ further charge. You need not require recipients to copy the
+ Corresponding Source along with the object code. If the place to
+ copy the object code is a network server, the Corresponding Source
+ may be on a different server (operated by you or a third party)
+ that supports equivalent copying facilities, provided you maintain
+ clear directions next to the object code saying where to find the
+ Corresponding Source. Regardless of what server hosts the
+ Corresponding Source, you remain obligated to ensure that it is
+ available for as long as needed to satisfy these requirements.
+
+ e) Convey the object code using peer-to-peer transmission, provided
+ you inform other peers where the object code and Corresponding
+ Source of the work are being offered to the general public at no
+ charge under subsection 6d.
+
+ A separable portion of the object code, whose source code is excluded
+from the Corresponding Source as a System Library, need not be
+included in conveying the object code work.
+
+ A "User Product" is either (1) a "consumer product", which means any
+tangible personal property which is normally used for personal, family,
+or household purposes, or (2) anything designed or sold for incorporation
+into a dwelling. In determining whether a product is a consumer product,
+doubtful cases shall be resolved in favor of coverage. For a particular
+product received by a particular user, "normally used" refers to a
+typical or common use of that class of product, regardless of the status
+of the particular user or of the way in which the particular user
+actually uses, or expects or is expected to use, the product. A product
+is a consumer product regardless of whether the product has substantial
+commercial, industrial or non-consumer uses, unless such uses represent
+the only significant mode of use of the product.
+
+ "Installation Information" for a User Product means any methods,
+procedures, authorization keys, or other information required to install
+and execute modified versions of a covered work in that User Product from
+a modified version of its Corresponding Source. The information must
+suffice to ensure that the continued functioning of the modified object
+code is in no case prevented or interfered with solely because
+modification has been made.
+
+ If you convey an object code work under this section in, or with, or
+specifically for use in, a User Product, and the conveying occurs as
+part of a transaction in which the right of possession and use of the
+User Product is transferred to the recipient in perpetuity or for a
+fixed term (regardless of how the transaction is characterized), the
+Corresponding Source conveyed under this section must be accompanied
+by the Installation Information. But this requirement does not apply
+if neither you nor any third party retains the ability to install
+modified object code on the User Product (for example, the work has
+been installed in ROM).
+
+ The requirement to provide Installation Information does not include a
+requirement to continue to provide support service, warranty, or updates
+for a work that has been modified or installed by the recipient, or for
+the User Product in which it has been modified or installed. Access to a
+network may be denied when the modification itself materially and
+adversely affects the operation of the network or violates the rules and
+protocols for communication across the network.
+
+ Corresponding Source conveyed, and Installation Information provided,
+in accord with this section must be in a format that is publicly
+documented (and with an implementation available to the public in
+source code form), and must require no special password or key for
+unpacking, reading or copying.
+
+ 7. Additional Terms.
+
+ "Additional permissions" are terms that supplement the terms of this
+License by making exceptions from one or more of its conditions.
+Additional permissions that are applicable to the entire Program shall
+be treated as though they were included in this License, to the extent
+that they are valid under applicable law. If additional permissions
+apply only to part of the Program, that part may be used separately
+under those permissions, but the entire Program remains governed by
+this License without regard to the additional permissions.
+
+ When you convey a copy of a covered work, you may at your option
+remove any additional permissions from that copy, or from any part of
+it. (Additional permissions may be written to require their own
+removal in certain cases when you modify the work.) You may place
+additional permissions on material, added by you to a covered work,
+for which you have or can give appropriate copyright permission.
+
+ Notwithstanding any other provision of this License, for material you
+add to a covered work, you may (if authorized by the copyright holders of
+that material) supplement the terms of this License with terms:
+
+ a) Disclaiming warranty or limiting liability differently from the
+ terms of sections 15 and 16 of this License; or
+
+ b) Requiring preservation of specified reasonable legal notices or
+ author attributions in that material or in the Appropriate Legal
+ Notices displayed by works containing it; or
+
+ c) Prohibiting misrepresentation of the origin of that material, or
+ requiring that modified versions of such material be marked in
+ reasonable ways as different from the original version; or
+
+ d) Limiting the use for publicity purposes of names of licensors or
+ authors of the material; or
+
+ e) Declining to grant rights under trademark law for use of some
+ trade names, trademarks, or service marks; or
+
+ f) Requiring indemnification of licensors and authors of that
+ material by anyone who conveys the material (or modified versions of
+ it) with contractual assumptions of liability to the recipient, for
+ any liability that these contractual assumptions directly impose on
+ those licensors and authors.
+
+ All other non-permissive additional terms are considered "further
+restrictions" within the meaning of section 10. If the Program as you
+received it, or any part of it, contains a notice stating that it is
+governed by this License along with a term that is a further
+restriction, you may remove that term. If a license document contains
+a further restriction but permits relicensing or conveying under this
+License, you may add to a covered work material governed by the terms
+of that license document, provided that the further restriction does
+not survive such relicensing or conveying.
+
+ If you add terms to a covered work in accord with this section, you
+must place, in the relevant source files, a statement of the
+additional terms that apply to those files, or a notice indicating
+where to find the applicable terms.
+
+ Additional terms, permissive or non-permissive, may be stated in the
+form of a separately written license, or stated as exceptions;
+the above requirements apply either way.
+
+ 8. Termination.
+
+ You may not propagate or modify a covered work except as expressly
+provided under this License. Any attempt otherwise to propagate or
+modify it is void, and will automatically terminate your rights under
+this License (including any patent licenses granted under the third
+paragraph of section 11).
+
+ However, if you cease all violation of this License, then your
+license from a particular copyright holder is reinstated (a)
+provisionally, unless and until the copyright holder explicitly and
+finally terminates your license, and (b) permanently, if the copyright
+holder fails to notify you of the violation by some reasonable means
+prior to 60 days after the cessation.
+
+ Moreover, your license from a particular copyright holder is
+reinstated permanently if the copyright holder notifies you of the
+violation by some reasonable means, this is the first time you have
+received notice of violation of this License (for any work) from that
+copyright holder, and you cure the violation prior to 30 days after
+your receipt of the notice.
+
+ Termination of your rights under this section does not terminate the
+licenses of parties who have received copies or rights from you under
+this License. If your rights have been terminated and not permanently
+reinstated, you do not qualify to receive new licenses for the same
+material under section 10.
+
+ 9. Acceptance Not Required for Having Copies.
+
+ You are not required to accept this License in order to receive or
+run a copy of the Program. Ancillary propagation of a covered work
+occurring solely as a consequence of using peer-to-peer transmission
+to receive a copy likewise does not require acceptance. However,
+nothing other than this License grants you permission to propagate or
+modify any covered work. These actions infringe copyright if you do
+not accept this License. Therefore, by modifying or propagating a
+covered work, you indicate your acceptance of this License to do so.
+
+ 10. Automatic Licensing of Downstream Recipients.
+
+ Each time you convey a covered work, the recipient automatically
+receives a license from the original licensors, to run, modify and
+propagate that work, subject to this License. You are not responsible
+for enforcing compliance by third parties with this License.
+
+ An "entity transaction" is a transaction transferring control of an
+organization, or substantially all assets of one, or subdividing an
+organization, or merging organizations. If propagation of a covered
+work results from an entity transaction, each party to that
+transaction who receives a copy of the work also receives whatever
+licenses to the work the party's predecessor in interest had or could
+give under the previous paragraph, plus a right to possession of the
+Corresponding Source of the work from the predecessor in interest, if
+the predecessor has it or can get it with reasonable efforts.
+
+ You may not impose any further restrictions on the exercise of the
+rights granted or affirmed under this License. For example, you may
+not impose a license fee, royalty, or other charge for exercise of
+rights granted under this License, and you may not initiate litigation
+(including a cross-claim or counterclaim in a lawsuit) alleging that
+any patent claim is infringed by making, using, selling, offering for
+sale, or importing the Program or any portion of it.
+
+ 11. Patents.
+
+ A "contributor" is a copyright holder who authorizes use under this
+License of the Program or a work on which the Program is based. The
+work thus licensed is called the contributor's "contributor version".
+
+ A contributor's "essential patent claims" are all patent claims
+owned or controlled by the contributor, whether already acquired or
+hereafter acquired, that would be infringed by some manner, permitted
+by this License, of making, using, or selling its contributor version,
+but do not include claims that would be infringed only as a
+consequence of further modification of the contributor version. For
+purposes of this definition, "control" includes the right to grant
+patent sublicenses in a manner consistent with the requirements of
+this License.
+
+ Each contributor grants you a non-exclusive, worldwide, royalty-free
+patent license under the contributor's essential patent claims, to
+make, use, sell, offer for sale, import and otherwise run, modify and
+propagate the contents of its contributor version.
+
+ In the following three paragraphs, a "patent license" is any express
+agreement or commitment, however denominated, not to enforce a patent
+(such as an express permission to practice a patent or covenant not to
+sue for patent infringement). To "grant" such a patent license to a
+party means to make such an agreement or commitment not to enforce a
+patent against the party.
+
+ If you convey a covered work, knowingly relying on a patent license,
+and the Corresponding Source of the work is not available for anyone
+to copy, free of charge and under the terms of this License, through a
+publicly available network server or other readily accessible means,
+then you must either (1) cause the Corresponding Source to be so
+available, or (2) arrange to deprive yourself of the benefit of the
+patent license for this particular work, or (3) arrange, in a manner
+consistent with the requirements of this License, to extend the patent
+license to downstream recipients. "Knowingly relying" means you have
+actual knowledge that, but for the patent license, your conveying the
+covered work in a country, or your recipient's use of the covered work
+in a country, would infringe one or more identifiable patents in that
+country that you have reason to believe are valid.
+
+ If, pursuant to or in connection with a single transaction or
+arrangement, you convey, or propagate by procuring conveyance of, a
+covered work, and grant a patent license to some of the parties
+receiving the covered work authorizing them to use, propagate, modify
+or convey a specific copy of the covered work, then the patent license
+you grant is automatically extended to all recipients of the covered
+work and works based on it.
+
+ A patent license is "discriminatory" if it does not include within
+the scope of its coverage, prohibits the exercise of, or is
+conditioned on the non-exercise of one or more of the rights that are
+specifically granted under this License. You may not convey a covered
+work if you are a party to an arrangement with a third party that is
+in the business of distributing software, under which you make payment
+to the third party based on the extent of your activity of conveying
+the work, and under which the third party grants, to any of the
+parties who would receive the covered work from you, a discriminatory
+patent license (a) in connection with copies of the covered work
+conveyed by you (or copies made from those copies), or (b) primarily
+for and in connection with specific products or compilations that
+contain the covered work, unless you entered into that arrangement,
+or that patent license was granted, prior to 28 March 2007.
+
+ Nothing in this License shall be construed as excluding or limiting
+any implied license or other defenses to infringement that may
+otherwise be available to you under applicable patent law.
+
+ 12. No Surrender of Others' Freedom.
+
+ If conditions are imposed on you (whether by court order, agreement or
+otherwise) that contradict the conditions of this License, they do not
+excuse you from the conditions of this License. If you cannot convey a
+covered work so as to satisfy simultaneously your obligations under this
+License and any other pertinent obligations, then as a consequence you may
+not convey it at all. For example, if you agree to terms that obligate you
+to collect a royalty for further conveying from those to whom you convey
+the Program, the only way you could satisfy both those terms and this
+License would be to refrain entirely from conveying the Program.
+
+ 13. Use with the GNU Affero General Public License.
+
+ Notwithstanding any other provision of this License, you have
+permission to link or combine any covered work with a work licensed
+under version 3 of the GNU Affero General Public License into a single
+combined work, and to convey the resulting work. The terms of this
+License will continue to apply to the part which is the covered work,
+but the special requirements of the GNU Affero General Public License,
+section 13, concerning interaction through a network will apply to the
+combination as such.
+
+ 14. Revised Versions of this License.
+
+ The Free Software Foundation may publish revised and/or new versions of
+the GNU General Public License from time to time. Such new versions will
+be similar in spirit to the present version, but may differ in detail to
+address new problems or concerns.
+
+ Each version is given a distinguishing version number. If the
+Program specifies that a certain numbered version of the GNU General
+Public License "or any later version" applies to it, you have the
+option of following the terms and conditions either of that numbered
+version or of any later version published by the Free Software
+Foundation. If the Program does not specify a version number of the
+GNU General Public License, you may choose any version ever published
+by the Free Software Foundation.
+
+ If the Program specifies that a proxy can decide which future
+versions of the GNU General Public License can be used, that proxy's
+public statement of acceptance of a version permanently authorizes you
+to choose that version for the Program.
+
+ Later license versions may give you additional or different
+permissions. However, no additional obligations are imposed on any
+author or copyright holder as a result of your choosing to follow a
+later version.
+
+ 15. Disclaimer of Warranty.
+
+ THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY
+APPLICABLE LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT
+HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY
+OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO,
+THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM
+IS WITH YOU. SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF
+ALL NECESSARY SERVICING, REPAIR OR CORRECTION.
+
+ 16. Limitation of Liability.
+
+ IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING
+WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MODIFIES AND/OR CONVEYS
+THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY
+GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE
+USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED TO LOSS OF
+DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD
+PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS),
+EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF
+SUCH DAMAGES.
+
+ 17. Interpretation of Sections 15 and 16.
+
+ If the disclaimer of warranty and limitation of liability provided
+above cannot be given local legal effect according to their terms,
+reviewing courts shall apply local law that most closely approximates
+an absolute waiver of all civil liability in connection with the
+Program, unless a warranty or assumption of liability accompanies a
+copy of the Program in return for a fee.
+
+ END OF TERMS AND CONDITIONS
+
+ How to Apply These Terms to Your New Programs
+
+ If you develop a new program, and you want it to be of the greatest
+possible use to the public, the best way to achieve this is to make it
+free software which everyone can redistribute and change under these terms.
+
+ To do so, attach the following notices to the program. It is safest
+to attach them to the start of each source file to most effectively
+state the exclusion of warranty; and each file should have at least
+the "copyright" line and a pointer to where the full notice is found.
+
+
+ Copyright (C)
+
+ This program is free software: you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation, either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see .
+
+Also add information on how to contact you by electronic and paper mail.
+
+ If the program does terminal interaction, make it output a short
+notice like this when it starts in an interactive mode:
+
+ Copyright (C)
+ This program comes with ABSOLUTELY NO WARRANTY; for details type `show w'.
+ This is free software, and you are welcome to redistribute it
+ under certain conditions; type `show c' for details.
+
+The hypothetical commands `show w' and `show c' should show the appropriate
+parts of the General Public License. Of course, your program's commands
+might be different; for a GUI interface, you would use an "about box".
+
+ You should also get your employer (if you work as a programmer) or school,
+if any, to sign a "copyright disclaimer" for the program, if necessary.
+For more information on this, and how to apply and follow the GNU GPL, see
+.
+
+ The GNU General Public License does not permit incorporating your program
+into proprietary programs. If your program is a subroutine library, you
+may consider it more useful to permit linking proprietary applications with
+the library. If this is what you want to do, use the GNU Lesser General
+Public License instead of this License. But first, please read
+.
diff --git a/jni/pdnsd/COPYING.BSD b/jni/pdnsd/COPYING.BSD
new file mode 100644
index 00000000..99fe14ae
--- /dev/null
+++ b/jni/pdnsd/COPYING.BSD
@@ -0,0 +1,26 @@
+A small part of the pdnsd source is licensed under the following BSD-style
+license:
+
+Copyright (C) 2001 Thomas Moestl
+
+This file is part of the pdnsd package.
+
+Redistribution and use in source and binary forms, with or without
+modification, are permitted provided that the following conditions
+are met:
+1. Redistributions of source code must retain the above copyright
+ notice, this list of conditions and the following disclaimer.
+2. Redistributions in binary form must reproduce the above copyright
+ notice, this list of conditions and the following disclaimer in the
+ documentation and/or other materials provided with the distribution.
+
+THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
+IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
+IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+(INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
+CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE
+USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
diff --git a/jni/pdnsd/ChangeLog b/jni/pdnsd/ChangeLog
new file mode 100644
index 00000000..fe774653
--- /dev/null
+++ b/jni/pdnsd/ChangeLog
@@ -0,0 +1,3304 @@
+2012-04-23 Paul A. Rombouts
+
+ * src/dns_query.c
+ Refine the return values of p_dns_cached_resolve(), p_dns_resolve() and
+ p_recursive_query() so that they distinguish between answers found in
+ the cache and replies obtained by querying other servers.
+ This, among other things, can be used to prevent data that was recently
+ obtained from the cache needlessly being added back to the cache.
+
+2012-04-22 Paul A. Rombouts
+
+ * configure.in
+ On the Linux platform, check if we can compile and link with the
+ -pthread flag instead of linking with -lpthread.
+
+2012-04-21 Paul A. Rombouts
+
+ * src/dns_query.c
+ When following the delegation chain trying to get an authoritative
+ answer, pdnsd would answer with SERVFAIL if it failed to get a reply
+ from the last server in the chain. Instead pdnsd will now use the last
+ reply in the chain with RCode=0 that raised the AA or RA flag, if there
+ is one.
+
+2012-04-19 Paul A. Rombouts
+
+ * src/cache.c
+ In report_cache_stat(), make copies of volatile data to get a
+ consistent data set before making calculations with cache size and
+ entry numbers.
+
+2012-04-16 Paul A. Rombouts
+
+ * src/netdev.c
+ If we can't open /proc/net/if_inet6 in is_local_addr() log a warning
+ message.
+
+2012-04-15 Paul A. Rombouts
+
+ * src/dns_query.c
+ The code checking for duplicate IP addresses obtained from NS records
+ in auth_ok() has been slightly optimized.
+
+2012-04-12 Paul A. Rombouts
+
+ * src/dns_query.c
+ When resolving nameservers obtained from NS records, allow pdnsd to use
+ more than one IP address per nameserver.
+ In rare cases, using just one IP address for each nameserver will cause
+ unnecessary resolve failures if the address chosen for each nameserver
+ happens to be unreachable while the other addresses would lead to
+ successful resolution, as demonstrated by Yuri Vorobyev.
+
+2012-03-16 Paul A. Rombouts
+
+ * src/cache.c
+ When adding RR records one by one to a cache entry using add_cent_rr(),
+ use the smallest ttl value in case of conflicting ttls.
+ Code for local/nonlocal conflict resolution has been taken out of
+ add_cent_rr_int() and put into add_cent_rr() and cr_check_add()
+ which should be slightly more efficient.
+
+2012-03-15 Paul A. Rombouts
+
+ * src/dns_query.c
+ Enforcing strict RFC 2181 compliance by rejecting all the answers
+ with inconsistent ttl timestamps can cause undesirable resolve failures.
+ I have tried to implement a more compromising solution, whereby
+ inconsistent answers that should be normally rejected are still never
+ cached, but are nevertheless used as intermediary or temporary results
+ if all else fails.
+
+2012-03-13 Paul A. Rombouts
+
+ * src/dns_query.c
+ Fixed a typo in rr_to_cache() that caused pdnsd to fail to compile when
+ configured with the --enable-strict-rfc2181 option.
+ Thanks to Gonzalo L. R. for reporting this problem.
+ Also changed the return value of rr_to_cache() from a simple boolean to
+ an RC code in order to properly distinguish between memory allocation
+ errors and time-stamp inconsistencies.
+
+2012-02-21 Paul A. Rombouts
+
+ * src/dns_query.c
+ If we have used EDNS in a query and the remote server answered
+ with rcode "format error", try again with the OPT pseudo-record
+ removed from the additional section of the query.
+
+ Also fixed a bug in p_exec_query() that caused pdnsd to behave
+ as if every reply with a non-empty additional section contained
+ an OPT record.
+
+2012-02-15 Paul A. Rombouts
+
+ * src/dns_answer.c,src/helpers.c,src/helpers.h,src/icmp.c,
+ src/ipvers.h,src/main.c,src/netdev.c
+ Introduced a new macro SEL_IPVER() to reduce some of the clutter in the
+ code caused by having to support both IPv4 and IPv6.
+
+2012-01-31 Paul A. Rombouts
+
+ * configure.in
+ Add AM_PROG_CC_C_O line to configure.in to prevent automake warning.
+
+2012-01-29 Paul A. Rombouts
+
+ * src/cache.c
+ In report_cache_stat(), add the average number of bytes used per cache
+ entry when reporting the cache status, as suggested by M. Galabant.
+
+2012-01-28 Paul A. Rombouts
+
+ * src/dns_answer.c,src/dns_query.c
+ Cleaned up the code a bit to avoid warning messages when
+ compiling with '-Wall -Winline' flags.
+
+2012-01-18 Paul A. Rombouts
+
+ * src/conff.c
+ Set the default of the edns_query option to false.
+
+2011-07-31 Paul Rombouts
+
+ * src/cache.c
+ Use a slightly more sophisticated merge-sort algorithm in sort_rrl().
+
+2011-05-09 Paul Rombouts
+
+ * src/dns_answer.c
+ In compose_answer(), also add an OPT pseudo-RR to the additional section
+ of a NXDOMAIN reply when appropriate.
+
+2011-05-08 Paul Rombouts
+
+ * src/cache.c,src/cache.h,src/dns_query.c,src/status.c
+ Make the dns_cent_t struct more compact by putting the fields that are
+ only used for either non-existent or existent domains, but not both,
+ into a union so that these fields can share memory.
+ When saving the cache to file, only write the TTL and time-stamp for
+ a whole domain when it is negatively cached.
+
+2011-05-06 Paul Rombouts
+
+ * src/cache.c,src/cache.h,src/dns_query.c
+ At the request of Andrei Caraman, the TTL of a negatively cached domain
+ is now adjusted in accordance with the min_ttl and max_ttl options, just
+ as it is done for (negatively) cached records.
+ Additional change to the TTL policy is that for negative records (and
+ negative domains) the neg_ttl setting overrides min_ttl if
+ neg_ttl < min_ttl.
+
+2011-04-26 Paul Rombouts
+
+ * src/conf-parser.c
+ Fixed memory leak that can occur when the configuration file is reloaded
+ and an error is encountered while parsing the definition of a TXT
+ record.
+
+2011-03-21 Paul Rombouts
+
+ * src/make_rr_types_h.pl,src/cache.h,src/cache.c,src/dns_answer.c
+ Introduced arrays rrmuiterlist and rrcachiterlist to make iterating
+ over all possible RR types in a cache entry in strict ascending order
+ a little more efficient.
+
+2011-03-09 Paul Rombouts
+
+ * src/dns_query.c,src/conf-parser.c,src/conf-keywords.h
+ Implemented a new config option "outgoing_ip", which
+ makes it possible to bind outgoing connections to
+ a specific interface.
+
+2011-02-21 Paul Rombouts
+
+ * src/netdev.c
+ Fixed UDP socket descriptors leak in the implementation of
+ is_local_addr() for the FreeBSD platform. Thanks to Ashish Shukla for
+ reporting this bug.
+
+2011-02-14 Paul Rombouts
+
+ * src/cache.c
+ In purge_all_rrsets(), also free the rrext array if it has become empty after
+ purging all the RR sets.
+
+2011-02-04 Paul Rombouts
+
+ * src/conff.c,src/conff.h,src/conf-parser.c,src/conf-keywords.h,
+ src/dns_query.c,src/dns_query.h,src/servers.c
+ Changed "edns_query" from a "global" option to a "server"
+ configuration option.
+
+2011-02-04 Paul Rombouts
+
+ * src/conff.c,src/conff.h,src/dns_query.c,src/dns_query.h,src/servers.c,
+ src/conf-parser.c
+ The query uptest sometimes fails because some DNS servers are configured
+ to ignore empty queries. The new config option "query_test_name" makes
+ it possible to query for a specific name instead.
+
+2011-02-01 Paul Rombouts
+
+ * src/dns_query.c
+ When processing a reply from a remote name server which seems to delegate
+ to other name servers, check if the names for which NS records have
+ been supplied have locally defined NS records. If so, the local
+ records will now override those supplied by the remote server.
+
+2011-01-31 Paul Rombouts
+
+ * src/conf-parser.c
+ Added support for defining TXT records in the configuration file.
+
+2011-01-30 Paul Rombouts
+
+ * src/dns_query.c
+ Do not cache additional records from a response that is rejected because
+ it contains IP addresses in the reject list, even when the reply
+ is processed as a NXDOMAIN reply.
+
+2011-01-25 Paul Rombouts
+
+ * src/conf-parser.c
+ Modified the function scan_string() to allow back-slashed escape
+ sequences in strings.
+
+2011-01-21 Paul Rombouts
+
+ * src/dns_answer.c,src/dns_query.c,src/conff.h,src/conff.c,
+ src/conf-parser.c
+ Added support for EDNS (Extension mechanisms for DNS).
+ Currently this is only useful for allowing UDP message sizes
+ to be larger than 512 bytes.
+
+2011-01-20 Paul Rombouts
+
+ * src/dns_answer.c
+ To avoid frequent reallocs when composing a DNS reply message,
+ grow the message buffer in multiples of a certain minimum chunk size.
+
+2011-01-19 Paul Rombouts
+
+ * src/dns.c,src/dns.h,src/dns_answer.c
+ Extended debugging info with DNS-message lengths and flags of incoming
+ messages.
+
+2011-01-17 Paul Rombouts
+
+ * src/conff.c,src/conff.h,src/conf-parser.c,src/dns_answer.c
+ Made "ignore_cd" option obsolete. It is now effectively always on.
+
+2010-12-27 Paul Rombouts
+
+ * src/cache.c,src/cache.h,src/dns_answer.c,src/dns_query.c,
+ src/make_rr_types.pl,src/rr_types.in,src/rr_types.c
+ The array of pointers to rr_set_t structs in the dns_cent_t struct
+ contains mostly null pointers in practice, so is somewhat
+ inefficient in storage usage. This problem is exacerbated if we add
+ support for caching more RR-types. To ameliorate to the problem
+ I have decided to split the array in two, with one part fixed in the
+ dns_cent_t struct as before, and an extension part that will be
+ separately allocated, if necessary. If the extension part is used only
+ for very rarely cached types, in most cases the extension array will not
+ need to be allocated thus hopefully saving memory overall.
+ The lookup tables which are necessary to support the new cache entry
+ structure are cumbersome to write by hand, so I have written a perl
+ script to do this automatically. As an additional benefit, which RR
+ types are cache-able is now configurable for each type separately via
+ rr_types.in.
+
+2010-03-14 Paul Rombouts
+
+ * src/dns_query.c
+ Using randomized source ports for outgoing queries in IPv6 mode failed
+ with the warning "Out of ports in the range 1024-65535, dropping query!",
+ because the pdnsd tried to bind to the fixed port for incoming queries,
+ instead of the dynamically chosen port. This is a very old bug, but it
+ has only become apparent since source port randomization has become the
+ default.
+ Thanks to Philip-André Fillion, Phil Sutter, Radoslaw Szkodzinski and
+ others for reporting this bug and sending patches.
+
+2009-12-25 Paul Rombouts
+
+ * src/status.c,src/status.h,src/pdnsd-ctl/pdnsd-ctl.c
+ Add a magic number to pdnsd-ctl command codes to guard against
+ possible incompatibility between the pdnsd-ctl utility and the
+ pdnsd server.
+
+2009-10-18 Paul Rombouts
+
+ * src/dns_query.c
+ Make root-server discovery a little more fault tolerant, i.e. if some
+ of the root-server names don't resolve don't necessarily reject the
+ whole result.
+
+2009-10-17 Paul Rombouts
+
+ * src/servers.c,src/dns_query.c,src/dns_query.h
+ Implemented automatic root-server discovery, which can now be configured
+ by setting "root_server=discover".
+
+2009-06-14 Paul Rombouts
+
+ * src/dns_query.c,src/consts.c,src/consts.h,src/conf-parser.c
+ Changed the default behaviour of the "neg_rrs_pol" option. The default
+ used to be to only cache records negatively in case the AA (authoritive
+ answer) bit in the reply was set. The new default is to also allow
+ negative caching in case the reply has the RA (recursion available) bit
+ set and the query had the RD (recursion desired) bit set.
+ This gives the behaviour that is usually wanted in case "proxy_only=on"
+ is set without having to set "neg_rrs_pol=on", which can be more
+ problematic. The new default can be explicitly set using
+ "neg_rrs_pol=default". The values "on","off" and "auth" are also
+ still available.
+
+2009-06-13 Paul Rombouts
+
+ * src/conff.c,src/conff.h,src/dns_answer.c,src/conf-parser.c,src/conf-keywords.h
+ Included a patch contributed by Andreas Steinmetz that implements a new
+ global configuration option "ignore_cd". pdnsd used to check that the CD
+ bit in the DNS header of queries is zero and return the error code
+ "format error" if it is not. However, considering the meaning of this
+ bit today it appears to be harmless to ignore it, so the new "ignore_cd"
+ is on by default. Setting "ignore_cd=off" gives the earlier strict
+ behavior.
+ Also renamed the the Z1, AU, Z2 bits to correspond with their modern names
+ CD, AD, Z.
+
+2008-12-19 Paul Rombouts
+
+ * pdnsd-1.2.7/src/dns_query.c
+ If pdnsd receives a SERVFAIL response with a non-empty answer section,
+ use the information tentatively if no better response is available.
+ The previous behaviour was to discard the reply completely, which could
+ cause failure to resolve some names.
+ Thanks to Rafal Wijata for providing an example involving PowerDNS servers
+ replying with CNAME records.
+
+2008-09-01 Paul Rombouts
+
+ * src/dns_query.c
+ In p_dns_resolve(), try to reduce the burden on root servers further for
+ names ending in "arpa".
+
+2008-08-31 Paul Rombouts
+
+ * src/dns_query.c
+ In p_exec_query(), if the reply from a remote name server is negative
+ (either because the rcode is NXDOMAIN or because the answer section
+ contains no records for the queried name), ignore the remaining records
+ in the answer section (in particular do not add them to the cache).
+
+2008-07-29 Paul Rombouts
+
+ * src/conff.c,src/dns_query.c
+ Made the default of the configuration option query_port_start equal to
+ 1024. Also improved the algorithm used by pdnsd to select random source
+ ports to ensure that each (free) port gets an equal chance of being
+ selected. This should guarantee random source ports in the range
+ 1024-65535, making pdnsd less vulnerable to some of the issues described
+ in CERT VU#800113.
+ The old situation, where pdnsd lets the kernel select the source ports,
+ is still available by specifying query_port_start=none.
+
+2008-07-25 Paul Rombouts
+
+ * src/dns_query.c
+ Fixed a dangling pointer bug in p_exec_query(), which could cause pdnsd
+ to crash when processing a long reply with many entries in the answer
+ section.
+
+2008-05-12 Paul Rombouts
+
+ * src/conf-parser.c,src/conff.c
+ Added a recursive-depth counter to the read_config_file() and
+ confparse() functions to prevent the possibility of infinite
+ recursion when processing include files.
+ In confparse(), warn when in a server section the root_server option is
+ set in combination with policy=simple_only or policy=fqdn_only.
+
+2008-05-10 Paul Rombouts
+
+ * src/ipvers.h
+ Included a patch contributed by Georg Schwarz which selectively undoes
+ a Debian patch contributed by Juliusz Chroboczek on platforms for which
+ the IPV6_RECVPKTINFO macro is not defined (e.g. MacOS X).
+
+2008-05-08 Paul Rombouts
+
+ * src/status.c,src/pdnsd-ctl/pdnsd-ctl.c
+ The pdnsd-ctl add command can now also be used to define NS records.
+ A wildcard record defined with this command now behaves the same way as
+ one defined in the config file.
+
+2008-05-07 Paul Rombouts
+
+ * src/conf-parser.c,src/conf-keywords.h,src/conff.c
+ Added the ability to process "include" sections in the configuration
+ file. This makes it possible to place local definitions in separate
+ files and include them from the main configuration file.
+
+2008-05-05 Paul Rombouts
+
+ * src/conff.c,src/conf-parser.c,src/status.c,src/pdnsd-ctl/pdnsd-ctl.c
+ Implemented two new pdnsd-ctl commands, which make it easier to add
+ definitions to the pdnsd cache at run time. "pdnsd-ctl include" is
+ similar to "pdnsd-ctl config" but only processes configuration sections
+ that effect the cache and disallows global and server sections.
+ "pdnsd-ctl eval" directly parses its string arguments as if they were
+ part of a configuration (include) file.
+
+2007-09-15 Paul Rombouts
+
+ * src/dns.h,src/dns_answer.c,src/dns_query.c
+ Changed the declarations of various packed structs, by moving the
+ __attribute__((packed)) specifiers from the field level to the struct level.
+ This was necessary to get the correct value for sizeof(rr_hdr_t) when
+ compiling with gcc for the ARM architecture.
+ Thanks to Dirk Armbrust for reporting the problem and supplying the solution.
+
+2007-08-10 Paul Rombouts
+
+ * src/dns_answer.c
+ Applied a Debian patch contributed by Juliusz Chroboczek which
+ reportedly fixes a problem with pdnsd running in IPv6 mode
+ (IPV6_RECVPKTINFO instead of IPV6_PKTINFO).
+
+2007-08-04 Paul Rombouts
+
+ * src/dns_query.c
+ When resolving a name recursively, pdnsd would stop querying further
+ name servers as soon as it received a reply with the authority (aa) flag
+ set. Unfortunately, it appears this flag is sometimes raised erroneously
+ in replies. I have implemented a work-around that ignores the aa flag
+ when there appears to be a clear delegation to a sub-domain.
+ Thanks to Nico Erfurth for reporting this problem.
+
+ It appears that pdnsd would also fail to consult servers in the authority
+ section when configured with neg_rrs_pol=on. This has been fixed.
+
+2007-08-01 Paul Rombouts
+
+ * src/pdnsd-ctl/pdnsd-ctl.c
+ Made the matching of pdnsd-ctl command names and most of the arguments
+ case-insensitive.
+
+2007-07-22 Paul Rombouts
+
+ * src/dns_answer.c
+ Instead of sharing the responsibility for freeing the answer buffer in
+ case of an error amongst different functions, only free it in
+ compose_answer().
+
+ * configure.in, src/Makefile.am, src/test/Makefile.am
+ Merged patch contributed by Pierre Habouzit to deal with CFLAGS the
+ automake way (allowing packagers to override CFLAGS properly).
+
+2007-07-21 Paul Rombouts
+
+ * src/dns_answer.c
+ For each target name in a SRV record in the answer section, add
+ addresses to the additional section of the response, as is recommended
+ by the RFCs.
+
+2007-07-14 Paul Rombouts
+
+ * src/list.c,src/list.h
+ Made modifications to the implementation of dynamic arrays, which
+ should ensure proper alignment on all supported architectures.
+
+2007-07-10 Paul Rombouts
+
+ * Upgraded pdnsd's license to GPL version 3.
+
+2007-07-08 Paul Rombouts
+
+ * src/cache.h,src/dns_query.c
+ The data field of the rr_bucket_t struct is now aligned such that
+ it possible to use straightforward assignment to copy IP addresses,
+ making memcpy unnecessary for this purpose.
+
+2007-07-07 Paul Rombouts
+
+ * src/dns_query.c
+ If pdnsd fails to connect to a name server using a IPv6 address, it will
+ now retry the connection using a IPv4 address, if available. This allows
+ pdnsd to recover from situations where IPv6 connectivity is temporarily
+ unavailable, but IPv4 connectivity still functions.
+ Thanks to Andreas Ferber for reporting this problem.
+
+2007-07-04 Paul Rombouts
+
+ * src/dns_answer.c
+ I have reordered the arguments of the add_rr() and related
+ functions to make them more consistent with each other.
+
+2007-07-03 Paul Rombouts
+
+ * src/cache.c,src/hash.c
+ pdnsd will no longer immediately abort in add_dns_hash() if it fails
+ to allocate memory for a new hash entry.
+
+2007-07-01 Paul Rombouts
+
+ * src/conff.c,src/conff.h,src/consts.c,src/consts.h,
+ src/conf-parser.c,src/conf-keywords.h,src/dns_query.c
+ Implemented the new "reject", "reject_policy" and "reject_recursively"
+ options for the server section of the configuration file.
+
+ * src/ipvers.h,src/conf-parser.c,src/dns.c,src/status.c,
+ src/pdnsd-ctl/pdnsd-ctl.c
+ Allow local AAAA records to be defined even if pdnsd is compiled
+ without --enable-ipv6, provided there is sufficient support in the
+ C libraries and --disable-new-rrs was not used.
+
+2007-06-30 Paul Rombouts
+
+ * src/dns_answer.c
+ Previously, when the answer buffer was realloced in add_rr(), an
+ extra 2 bytes used to be reserved, which are unnecessary, as far
+ as I can tell. I have decided to do without these extra 2 bytes,
+ which originate from Thomas Moestl's code. As compensation, I have
+ added extra PDNSD_ASSERT() statements to check that the answer
+ buffer does not overflow.
+
+2007-06-27 Paul Rombouts
+
+ * src/status.c, src/pdnsd-ctl/pdnsd-ctl.c
+ Extended the pdnsd-ctl 'add a' and 'add aaaa' commands to allow
+ multiple IP addresses to be specified.
+
+2007-06-25 Paul Rombouts
+
+ * src/conff.c,src/conff.h,src/conf-parser.c,src/conf-keywords.h,
+ src/dns_query.c
+ Implemented a new option for the server section of the configuration
+ file: randomize_servers.
+
+ * src/servers.c
+ Improved the debug messages in uptest().
+
+2007-01-30 Paul Rombouts
+
+ * src/icmp.c
+ Fixed up the code implementing the ping test in icmp.c,
+ which was broken for 64-bit systems.
+ Thanks to Michael Uleysky for reporting this bug.
+
+2007-01-09 Paul Rombouts
+
+ * src/dns_query.c
+ auth_ok() now returns 1 if the cache entry has the DF_NEGATIVE flag set,
+ without providing a list of authoritative servers to continue querying.
+ Otherwise if we receive a non-authoritative NXDOMAIN reply and pdnsd
+ is configured with neg_domain_pol=on, pdnsd will continue to try to
+ get an authoritative answer. The intention is that pdnsd
+ stops querying as soon as it gets an "unknown domain" answer.
+
+2006-04-29 Paul Rombouts
+
+ * src/main.c
+ pdnsd would segfault if it tried to call log_message() (via the
+ log_warn() and log_error() macros) before the FILE pointer to the debug
+ output stream was properly initialized.
+ Thanks to Thomas Cort for discovering this problem and suggesting a fix.
+
+2006-04-09 Paul Rombouts
+
+ * src/conf-parser.c,src/helpers.c,src/conff.h,src/conff.c
+ I have included a patch contributed by Jan-Marek Glogowski, that
+ implements the configuration option "use_nss". With use_nss=off pdnsd
+ will avoid system functions that may use NSS (i.e. initgroups()), which
+ may need DNS for LDAP lookups, which can lead to long timeouts and
+ stalls if pdnsd itself is used for the DNS lookup.
+
+2006-03-26 Paul Rombouts
+
+ * src/dns_query.c
+ Negative caching of RR sets is now also supported with lean_query=off.
+
+2006-03-25 Paul Rombouts
+
+ * src/dns_query.c,src/conf-parser.c,src/main.c
+ I have implemented a new query method: udp_tcp. With this method a UDP
+ query is tried first and, if the UDP answer is truncated, the query is
+ repeated using TCP. This is the behaviour that seems to be recommended
+ by the DNS standards. However, pdnsd wil not discard the truncated
+ answer if the TCP requery fails.
+
+2006-03-24 Paul Rombouts
+
+ * src/dns_answer.c
+ Previously, pdnsd would add at most one additional A (and AAA) record
+ for each record in the answer and authority sections. At the request of
+ Angel Marin, pdnsd will now add all A and AAA records it can find in the
+ cache for each name that produces additional records.
+
+2006-01-02 Paul Rombouts
+
+ * src/dns_answer.c
+ compose_answer() would leak memory if the query contained
+ an unsupported QTYPE or QCLASS. This has now been fixed.
+
+2005-12-27 Paul Rombouts
+
+ * configure.in
+ TCP-query support is now compiled in by default.
+ It can still be disabled using the configure option
+ --disable-tcp-queries.
+
+2005-12-23 Paul Rombouts
+
+ * src/dns_answer.c
+ Queries received from clients with non-empty answer, authority or
+ additional sections are now treated as malformed and rejected with
+ rcode 1 (format error).
+
+2005-11-06 Paul Rombouts
+
+ * src/conf-parser.c
+ Time intervals in the configuration files can now be expressed in
+ seconds, minutes, hours, days and weeks, using the suffixes
+ s,m,h,d,and w.
+
+2005-10-14 Paul Rombouts
+
+ * src/consts.c
+ In the pdnsd configuration file, true/false and yes/no are now accepted
+ as synonyms for the constants on/off.
+
+2005-08-24 Paul Rombouts
+
+ * src/helpers.c
+ I have fixed a potential buffer overflow problem that could occur with
+ the 'pdnsd-ctl dump' command.
+ In case of the root domain, the function rhn2str() would write 2 bytes
+ to the output buffer even if size==1. Theoretically (under pathological
+ circumstances) this could have allowed the dbuf buffer in the function
+ dump_cent() to overflow by one byte.
+
+2005-08-21 Paul Rombouts
+
+ * acconfig.h,src/cache.c,src/conff.c,src/conf-parser.c,src/dns.c,
+ src/dns_answer.c,src/dns_query.c,src/error.h,src/helpers.c,src/main.c,
+ status.c
+
+ It appears the newer versions of gcc won't convert a pointer to char
+ into a pointer to unsigned char and vice versa without complaining.
+ The changes I have made should get rid of these distracting warning
+ messages. Unfortunately I had to introduce casts in some cases,
+ which reduces type safety :-(.
+
+2005-08-16 Paul Rombouts
+
+ * src/dns.h
+ Some changes were made to the endianess detection code to
+ address problems on Mac OS X v10.4 Tiger.
+
+2005-08-15 Paul Rombouts
+
+ * configure.in
+ Some changes where made to address the reported problems with the
+ configure script on Mac OS X v10.4 Tiger.
+
+2005-08-05 Paul Rombouts
+
+ * src/status.c,src/dns_answer.c
+ The output of the 'pdnsd-ctl status' command now includes some
+ statistics on the number of query threads.
+
+2005-07-29 Paul Rombouts
+
+ * src/main.c
+ It appears that sigwait() can return EINTR under certain conditions.
+ This explains the problems reported by Sanjoy Mahajan with strace
+ and ACPI S3 sleep, which both caused pdnsd to exit prematurely.
+ The return value of sigwait() is now checked and sigwait() is retried
+ if the return value is EINTR.
+
+2005-07-04 Paul Rombouts
+
+ * src/dns_query.c
+ It appears that some servers that do not support recursive queries
+ answer with "query refused" instead of "not supported". The
+ p_exec_query() function now takes that possibility into account.
+
+2005-07-01 Paul Rombouts
+
+ * src/dns_query.c
+ In the processing of queries, I will make a distinction between
+ recoverable errors and non-recoverable ones (typically caused by out of
+ memory conditions). In the case of non-recoverable errors, no attempt to
+ query alternative name servers is made.
+
+2005-06-26 Paul Rombouts
+
+ * src/dns_query.c
+ In p_recursive_query(), as soon as one of the servers in the q list
+ replied "no error" or "name error", only this reply was examined and
+ the other servers in the q list were ignored. Joshua Coombs has brought
+ to my attention that this strategy sometimes fails when this reply is not
+ authoritative and doesn't contain any usable references to name servers
+ in the authority section.
+ I have modified p_recursive_query() to allow pdnsd to continue querying
+ the remaining servers in the q list as long as we haven't received an
+ authoritative answer or usable authority information. This will allow
+ pdnsd to arrive at the correct answer in some cases where it would
+ formerly fail.
+
+2005-06-25 Paul Rombouts
+
+ * src/status.c
+ The "pdnsd dump" command may now also be given an argument
+ consisting of a name beginning with a dot. This will dump information
+ about all names in the cache ending in the given name. An argument
+ consisting of a name without a leading dot will only give information
+ about the exact name, as it did before.
+
+2005-06-24 Paul Rombouts
+
+ * src/servers.c,src/status.c
+ All uptests are now conducted by the server status thread. If a retest
+ is requested via a "pdnsd-ctl server", an existing server status thread
+ is signaled or a new server status thread is spawned if the old one has
+ exited. This has the effect that a "pdnsd-ctl server label retest"
+ command will now return immediately without waiting for the tests to
+ finish.
+
+2005-06-20 Paul Rombouts
+
+ * src/conf-parser.c,src/servers.c,src/servers.h
+ At the request of Al-Junaid Walker I have added a new configuration
+ option for the uptest interval. With "interval=ontimeout" the server is
+ not tested at startup/reconfig, or at regular intervals, but only after
+ a DNS query to a server times out. However, once a server is declared
+ dead it is never considered again unless it is revived using a
+ "pdnsd-ctl config" or "pdnsd-ctl server" command.
+
+2005-06-19 Paul Rombouts
+
+ * src/servers.c,src/dns_query.c,src/icmp.c
+ During an uptest the server configuration data is locked. Especially
+ with ping or query uptests of unresponsive servers this means that the
+ execution of "pdnsd-ctl config" or "pdnsd-ctl server" commands can be
+ delayed for a long time (or even time out). I have made modifications
+ that allow a "pdnsd-ctl config" or "pdnsd-ctl server" commands to
+ interrupt pending uptests to allow these commands to proceed without
+ delay in most cases.
+
+ * src/thread.h
+ Use the POSIX sigaction() instead of signal() to install signal handlers.
+
+2005-06-08 Paul Rombouts
+
+ * src/dns_answer.c,src/dns_query.c
+ I have defined a struct dns_msg_t that includes a message length field.
+ In the case of sending a DNS message over TCP, we no longer need a
+ separate write() call to send the message length. This prevents possible
+ packet fragmentation.
+
+2005-06-07 Paul Rombouts
+
+ * src/dns_query.c
+ The query_method=tcp_udp option only used to work with cooperative name
+ servers, i.e. servers that either send back a TCP reply or explicitly
+ refuse the TCP connection request. This wasn't sufficiently satisfactory
+ in practice, because some name servers are completely unresponsive to TCP
+ connection requests. I have made modifications to allow pdnsd to try UDP
+ queries in case TCP connections time out. When a short server timeout is
+ combined with a global timeout that is at least twice as long, this may
+ allow a query to a name server that only responds to UDP queries to
+ succeed with query_method=tcp_udp.
+
+2005-04-20 Paul Rombouts
+
+ * src/cache.c,src/hash.c,src/conff.c,src/status.c,src/pdnsd-ctl/pdnsd-ctl.c
+ The "pdnsd-ctl empty-cache" command now accepts additional arguments;
+ these are interpreted as include/exclude names. During execution of the
+ command the name of each cache entry is matched against the names in the
+ include/exclude list. If the name ends in a name to be included, the
+ cache entry is deleted, otherwise not.
+ This feature was added at the request of Joshua Coombs.
+
+2005-04-19 Paul Rombouts
+
+ * src/cache.c, src/hash.c
+ pdnsd will now (temporarily) unlock the cache between emptying hash
+ buckets, this should allow pdnsd to remain responsive while executing
+ the "pdnsd-ctl empty-cache" command. However, this only applies to DNS
+ queries; pdnsd will not accept any new pdnsd-ctl commands while a
+ pdnsd-ctl command is still running.
+
+2005-03-29 Paul Rombouts
+
+ * configure.in, src/hash.h
+ I have added a new configure option --with-hash-buckets=...
+ This makes it possible to specify a different number of
+ hash buckets without editing the source files.
+
+2005-03-17 Paul Rombouts
+
+ * src/error.c
+ When running in both daemon and debug mode, print warning and
+ error messages to debug file as well as the syslog.
+
+2005-03-15 Paul Rombouts
+
+ * src/dns_answer.c
+ Only call pthread_setspecific() in debug mode, because
+ pthread_getspecific() is also only used in debug mode.
+ If pthread_setspecific() fails, treat this as a non-fatal error.
+
+2005-03-10 Paul Rombouts
+
+ * configure.in
+ On Linux systems the configure script will now try to detect automatically
+ whether the system implements the Native POSIX Thread Library, but
+ the method is not necessarily foolproof.
+
+ * src/dns.c
+ Local PTR records generated for resolving numeric IPv6 addresses back into
+ names, are now based on ip6.arpa instead of ip6.int, because the latter domain
+ will be phased out eventually.
+
+2005-03-06 Paul Rombouts
+
+ * Makefile.am,src/cache.c
+ Create an empty cache-file at install time and don't complain about empty
+ cache files at start up.
+
+2005-02-20 Paul Rombouts
+
+ * acconfig.h,configure.in,src/conf-parser.c,src/conff.h,src/dns.h,
+ src/dns_answer.c,src/dns_query.c,src/error.h,src/helpers.h,src/icmp.c,
+ src/ipvers.h
+
+ I have applied some changes to the code proposed by Rodney Brown to improve
+ portability. In particular, pdnsd should now compile on the Darwin platform
+ (Apple Mac OS X).
+ To support some of these changes, the source package is now built with a
+ slightly more modern version of autoconf (2.57) and automake (1.6.3).
+
+2005-01-29 Paul Rombouts
+
+ * src/dns.c,src/dns_answer.c,src/dns_query.c
+
+ I have added some extra debug code to make it easier to discover the
+ reason that pdnsd considers a query or reply malformed (format error).
+
+2005-01-12 Paul Rombouts
+
+ * src/dns.c,src/dns_answer.c,src/dns_query.c
+
+ I have extended some debug code contributed by Kiyo Kelvin Lee to dump
+ the data received by pdnsd in debug mode (queries from clients, replies
+ from name servers). Because this will give very verbose debug output,
+ I've arranged it so that this data dump only occurs if pdnsd has been
+ configured and compiled with --with-debug=9 and pdnsd has been called
+ with -v9.
+
+ Additionally, in the case that pdnsd rejects a reply from a name server
+ because it is not well formed, I have refined the debug messages to
+ distinguish between format errors due to unexpected truncation and
+ others kinds of format errors.
+
+2004-10-30 Paul Rombouts
+
+ * src/rr_types.c
+ I have included some changes proposed by Joseph Pecquet to address
+ the compilation problems reported by FreeBSD users.
+
+2004-10-18 Paul Rombouts
+
+ * acconfig.h,configure.in,src/helpers.c,src/helpers.h,src/dns.h
+ I have merged a patch for CYGWIN support by Kiyo Kelvin Lee into
+ my version of the code.
+
+2004-10-15 Paul Rombouts
+
+ * src/cache.c
+ Invalidating local records with the pdnsd-ctl did not work the way the
+ documentation described. An invalidated local record would be always be
+ purged at the next lookup, thus invalidation would practically have the
+ same effect as deletion. An invalidated local record is of no use at all and
+ would occupy space until it is purged during a lookup (but not by purge_cache).
+ The function invalidate_record() now behaves as the documentation describes, i.e.
+ invalidation of local records has no effect.
+
+2004-09-27 Paul Rombouts
+
+ * doc/pdnsd.conf.5.in
+ A new man page describing the format of the pdnsd config file has been
+ added to the pdnsd package. I've used a customized Perl script to generate
+ one automatically from the html documentation.
+
+2004-09-14 Paul Rombouts
+
+ * src/hash.c
+ The cache entries in a hash chain are now stored in order of increasing long hash
+ value. The advantage is that if an name is looked up that is not present in the
+ cache, this can be done by comparing with only half (on average) of the number
+ of entries in the hash chain. Not a huge speed up, but still worth while, I think.
+ Additionally, the number of hash computations for each add_cache() call has
+ been halved.
+
+2004-09-11 Paul Rombouts
+
+ * src/cache.c
+ insert_rrl() will no longer add local records to the rr_l list, because
+ purge_cache() ignores them anyway.
+
+2004-09-08 Paul Rombouts
+
+ * src/dns.h,src/cache.c,src/dns_query.c,src/dns_answer.c,src/conf-parser.c
+ I've started using GETINT16,GETINT32,PUTINT16,PUTINT32 macros, which are based
+ on the NS_GET/NS_PUT macros that can be found in the BIND source, instead of memcpy
+ for fetching and storing non-aligned integer data.
+
+2004-09-08 Paul Rombouts
+
+ * src/cache.c,src/status.c,src/pdnsd-ctl/pdnsd-ctl.c
+ New pdnsd-ctl command: "pdnsd-ctl dump" will print information about all the
+ entries contained in the cache.
+ "pdnsd-ctl dump " will only print entries belonging to .
+ The data fields of the more common rr-types will be printed in human readable
+ form, the remaining ones in a hexadecimal representation.
+ With thanks to Dan Jacobson for suggesting this feature.
+
+2004-08-31 Paul Rombouts
+
+ * src/conf-parser.c
+ At the suggestion of Dan Tihelka, I have expanded to the server_ip= option
+ to allow the name of an interface to be specified instead of an IP address.
+ pdnsd will not bind to the interface name, but will lookup the address the
+ interface has at start up, and listen on that address. If the address
+ of the interface changes while pdnsd is running, pdnsd will not notice that.
+
+2004-08-30 Paul Rombouts
+
+ * src/cache.h,src/cache.c
+ I've reversed the meaning of the CF_NOAUTH and renamed it CF_AUTH.
+ I've also added a domain level flag DF_AUTH, which is used to
+ mark cache entries obtained from authoritave replies in response to
+ a query of type * (all)..
+
+2004-08-30 Paul Rombouts
+
+ * src/cache.c
+ I've changed the format of the cache file. A typical cache entry has empty
+ sets for most RR types (even more if DNS_NEW_RRS is defined). In the old
+ format, each empty RR set was represented by a zero byte.
+ In the new format only non-empty sets are respresented, leading
+ to a (modest) reduction is size.
+
+2004-08-28 Paul Rombouts
+
+ * src/conf-parser.c
+ New option for "rr" sections in the config file: reverse=on/off.
+ If you want a locally defined name to resolve to a numeric address and vice
+ versa, you can now achieve this by setting reverse=on before defining the
+ A record, making it unnecessary to define a seperate PTR record for the reverse
+ resolving.
+
+2004-08-20 Paul Rombouts
+
+ * src/cache.h,src/cache.c,src/conf-parser.c,src/dns_query.c
+ At the request of Daniel Black, I have added support for defining local wildcard records
+ in pdnsd. The only type supported presently is records beginning with '*.'.
+
+2004-08-10 Paul Rombouts
+
+ * src/hash.c,src/cache.c,src/dns_query.c,src/dns_answer.c
+ Sampo Lehtinen has remarked that pdnsd sometimes failed to resolve classless
+ reversed-delegated IP addresses, and that this has something to do with the fact
+ that pdnsd did not accept '/' characters in domain names. After reading Sampo's
+ and Thomas' remarks, and also rfc2317 and some of the rfc's referenced in rfc2317,
+ I decided pdnsd should place no restrictions at all on the types of characters it
+ allows in domain names, only on the lengths of the byte sequences.
+ This led me to make some quite extensive internal changes to pdnsd. Among other
+ things domain names are now stored in transport format (sequences of bytes preceded
+ by length bytes) instead of C strings. This is also more efficient because there
+ is no need any more to convert from one representation to the other, except when
+ reading the config file, interacting with pdnsd-ctl or running in debug mode.
+ Conversion between the two representations isn't always possible, though.
+ For example, domain names in transport format might contain non-printable characters.
+ These are now printed as escape sequences (three octal digits preceded by a back slash).
+ Presently there are still restrictions on the characters in the domain names that can
+ be defined in local records. I doubt this will ever be considered a problem.
+
+2004-08-02 Paul Rombouts
+
+ * src/dns_query.c
+ The code for handling NXT records was flawed. A response from a remote server
+ containing NXT records (even well-formed ones) could cause pdnsd to crash.
+ The code for handling NAPTR records contained incorrect PDNSD_ASSERT statements,
+ which could cause pdnsd to abort unnecessarily.
+
+2004-07-25 Paul A. Rombouts
+
+ * src/list.h,src/list.c,src/dns.c,src/dns_query,src/dns_answer.c
+ I've noticed that some of the (dynamic) arrays that pdnsd uses are quite sparse.
+ Instead of using an array structure with elements that are large enough to contain
+ the largest possible domain name, I've implemented a "list" data structure that
+ is more compact. The elements of a list can only be accessed sequentially from
+ beginning to end, but it allows more efficient memory use in case the names are
+ significantly shorter that the maximum.
+
+2004-07-22 Paul Rombouts
+
+ * src/conf-parser.c
+ I've expanded pdnsd's configuration options by adding support in pdnsd for reading
+ /etc/resolv.conf style files. Instead of specifying IP addresses in a server section,
+ the option "file=" can be used.
+ The IP addresses in the lines beginning with "nameserver" will be added to
+ the list of address for that section, the remaining lines will be ignored.
+ To avoid the possibility that pdnsd will query itself, local addresses are skipped
+ (unless pdnsd is configured to listen on a different port number).
+
+2004-07-21 Paul Rombouts
+
+ * src/cache.h,src/cache.c,src/dns_query.c,src/conf-parser.c
+ New option for "server" sections in the config file: root_server=on/off.
+ In case a server section contains only addresses of root servers, which
+ usually only give the nameservers of top level domains in their reply,
+ setting root_server=on will enable certain optimizations. This involves using
+ cached information to reduce queries to the root servers, thus speeding up
+ the resolving of new names. This option is also necessary to make the
+ delegation_only option work in combination with root servers.
+
+2004-07-16 Paul Rombouts
+
+ * src/cache.c,src/status.c,src/pdnsd-ctl/pdnsd-ctl.c
+ New pdnsd-ctl command: "pdnsd-ctl empty-cache" will make pdnsd delete its entire
+ cache, freeing all entries. This is useful for debugging purposes, or in situations
+ where you suspect that stale cache entries are causing you problems, but you are not
+ sure which ones.
+
+2004-07-11 Paul Rombouts
+
+ * src/cache.c,src/dns_query.c
+ I've removed the use of the function add_cache_rr_add(), which was used to
+ add additional RR records to the cache one at a time. I've changed the code
+ in dns_query.c such that additional (or off-topic) records are first collected
+ in arrays of dns_cent_t structures, and then added to the cache using add_cache().
+ With this approach only one function, viz. add_cache(), is used for adding
+ new entries to the cache, which I believe leads to a cleaner programming
+ interface. Added benefit is that query serial numbers are no longer
+ necessary.
+
+2004-07-10 Paul Rombouts
+
+ * src/cache.h,src/cache.c,src/dns_query.c,src/dns_answer.c
+ I've added two new field to the dns_cent_t struct, namely c_ns and c_soa.
+ These will be used to remember references to NS and SOA records in the authority
+ sections of replies from remote name servers.
+ This information can be used by pdnsd to fill in the authority section of its
+ own reply.
+
+2004-06-25 Paul Rombouts
+
+ * src/dns_query.c,src/servers.c,src/consts.c
+ I've added an new server availability test which can be selected with "uptest=query".
+ This can be useful as an alternative to "uptest=ping" in case the remote server does not
+ respond to ICMP_ECHO requests at all, which unfortunately is quite common these days.
+ "uptest=query" causes pdnsd to send an empty query to remote nameservers. Any well-formed
+ response (apart from SERVFAIL) within the timeout period will be interpreted as a sign that the
+ server is "up".
+ In a sense this new availability test can actually be considered more reliable than the
+ other ones that pdnsd supports.
+ With thanks to Juliusz Chroboczek for suggesting this feature.
+
+2004-06-24 Paul Rombouts
+
+ * src/helpers.c
+ Don't use getpwnam() while we are multi-threaded, because it returns a pointer to
+ a statically allocated structure. I will use getpwnam_r() instead, which is thread
+ safe. Unfortunately there seem to be some portability problems with getpwnam_r().
+ For those platforms that lack getpwnam_r(), I will keep the old code with getpwnam()
+ as an alternative.
+
+2004-06-23 Paul Rombouts
+
+ * src/servers.c
+ Check that the number of IP addresses in a server section is nonzero before
+ testing servers for availability. Otherwise pdnsd could crash in debug mode.
+
+2004-06-21 Paul Rombouts
+
+ * src/conff.c,src/conf-parser.c,src/status.c,src/pdnsd-ctl/pdnsd-ctl.c
+ New pdnsd-ctl command: "pdnsd-ctl config" will make pdnsd re-load its configuration file.
+ In most cases (but there are still some exceptions) this is preferable
+ to restarting pdnsd after making changes to the configuration file.
+ An important advantage is that there should be no perceptible interruption in the dns service
+ when using the reload command.
+ An alternative config file can be specified with "pdnsd-ctl config ".
+
+2004-05-31 Paul Rombouts
+
+ * src/dns_answer.c,src/dns_query.c,src/dns_query.h
+ I've made an adjustment to p_recursive_query() and related functions, so that
+ when pdnsd chases name servers in pursuit of authoritative records, it avoids
+ all the name servers already queried for the same name in the recursive calling
+ chain, not just the servers most recently used.
+ Although the hops counter will already break any possible cycles, this will
+ allow pdnsd to detect pathological cycles earlier and waste less resources.
+
+ * src/cache.c
+ In add_cache(), don't add empty entries to the cache. Empty cache entries
+ waste memory and are more persistent than non-empty ones, because purge_cache()
+ cannot get rid of them.
+
+2004-05-30 Paul Rombouts
+
+ * src/dns_answer.c,src/dns_query.c,src/icmp.c,src/netdev.c
+ I've removed the calls to getprotobyname() and used the constants IPPROTO_TCP
+ and IPPROTO_UDP instead. First of all, it doesn't seem very efficient to call
+ a function repeatedly to look up the same well-known protocol numbers.
+ More importantly, getprotobyname() stores its results in a statically-allocated
+ structure and thus cannot be considered thread safe. (getprotobyname_r()
+ is thread safe, but is not portable.)
+
+2004-05-27 Paul Rombouts
+
+ * src/dns_answer.c
+ I've noticed that when pdnsd is restarted shortly after it has answered a TCP
+ query, it is often not able to bind to the TCP socket again, resulting in a
+ disabled TCP server thread. The solution appears to be to set the SO_REUSEADDR
+ socket option before binding the socket. This allows you to use the same port even
+ if it is busy (in the TIME_WAIT state).
+ I found the code for this in a patch file from an old Debian package.
+
+2004-05-20 Paul Rombouts
+
+ * src/dns_query.c
+ Joseph Pecquet has reported that version 1.1.11 does not compile under FreeBSD v4.x
+ because the macro ENONET is undefined. I've bypassed the problem by surrounding
+ the case line using this value with conditional preprocessor directives.
+
+2004-05-08 Paul Rombouts
+
+ * src/rc/Slackware/rc.pdnsd
+ I've included a Slackware start-up script contributed by Nikola Kotur.
+
+2004-05-05 Paul Rombouts
+
+ * doc/pdnsd.8
+ I'm very grateful to Mahesh T. Pai for contributing a pdnsd man page,
+ which was still missing up till now.
+
+2004-04-30 Paul Rombouts
+
+ * src/servers.c,src/dns_query.c
+ After considering some suggestions made by Juliusz Chroboczek I have made the
+ following changes:
+
+ - After receiving a reply from a remote server mark the server up and update the
+ timestamp so that pdnsd doesn't bother testing this server for availability for a
+ while.
+ - After detecting an error with an send/recv call that indicates a server is
+ unavailable, mark a server down so that pdnsd doesn't bother testing this server
+ for a while.
+ - After server timeouts, uptests are never performed by a query/answer thread,
+ because this may delay the sending of an answer to the client. Instead the
+ timestamp of a server that needs to be tested for availability is set to zero and
+ a condition signal is sent to alert the server status thread, which will carry out
+ the test. Unresponsive servers with uptest=ping will not be marked down
+ immediately any more, but only after the ping test has definitely failed.
+
+ * src/error.c,src/error.h
+ I've moved most of the code previously contained in the DEBUG_MSG macro to a new
+ function debug_msg().
+ The DEBUG_MSG macro now simply expands to "if(debug_p) debug_msg();".
+ This should make the executable a little smaller, and be just as fast when
+ debugging is off. The DEBUG_MSG macro still expands to nothing if pdnsd is built
+ without debugging support.
+
+2004-04-28 Paul Rombouts
+
+ * src/dns_query.h,src/dns_query.c
+ I've tried to simplify the finite state machine used for processing parallel
+ queries, by merging the "state" and "nstate" variables used by p_exec_query() and
+ p_query_sm() resp. into one "state" variable.
+ By introducing an extra field "iolen" to keep track of the number of bytes read
+ from or written to a socket, I could also reduce the number of states for TCP
+ queries. The new code has the additional advantage that it can handle situations
+ that require multiple read() calls to receive a response.
+
+2004-04-14 Paul Rombouts
+
+ * src/dns_query.c
+ I've added an extra check comparing the number if poll/select events actually
+ handled to the return value of poll/select. This should reduce the chance that
+ pdnsd will get caught in a busy spin due to unknown remaining bugs. An error
+ message is logged and an error code is returned when this comparison fails.
+
+2004-04-13 Paul Rombouts
+
+ * src/dns_query.h,src/dns_query.c
+ I got rid of the event field in the query_stat_t struct.
+ I think it is redundant, because its value can be quite simply derived from
+ the nstate field.
+
+2004-04-12 Paul Rombouts
+
+ * src/dns_query.c
+ I appears there was flaw in the code for handling a "Not Implemented" response
+ from a remote server with the RA (recursion available) bit equal to zero. This
+ could cause pdnsd to get into a busy spin. I traced the flaw back to Thomas
+ Moestl's code, so it must be in all the versions of pdnsd I know of. In previous
+ versions of pdnsd the busy spin would eventually time out. Due to some recent
+ changes the loop would no longer time out, making the bug more noticeable.
+ With thanks to Nicolas George for reporting the bug.
+
+ I also discovered a closely related flaw that would cause pdnsd to poll() closed
+ file descriptors. It usually works out OK in practice, but it is definitively not
+ the correct way to do it.
+
+ Additionally, I discovered some opportunities to save memory, e.g. by replacing
+ the nsname buffer in the query_stat_t struct by a pointer to an already existing
+ copy of a name.
+
+2004-04-10 Paul Rombouts
+
+ * src/cache.c
+ Nicolas George remarked that he thought it was strange that subdomains of domains
+ negated with "neg" sections in the config file were not also negated. I thought that
+ he had a point, and I've implemented a change so that negating example.com will
+ now also negate www.example.com, xxx.adserver.example.com, etc.
+
+2004-04-09 Paul Rombouts
+
+ * src/error.c,src/error.h
+ I noticed that the code for the log_warn() and log_error() functions was almost
+ identical, even to the point that log_warn() called syslog() with LOG_ERR
+ priority. I've merged these two functions into one log_message() function.
+
+2004-04-08 Paul Rombouts
+
+ * src/main.c,src/conf-parser.c
+ The -4 and -6 command-line options should now work as advertised.
+ This wasn't entirely trivial. The rule is that options on the command line
+ override those in the configuration file. The easiest way to implement this is to
+ process the command-line options after reading the configuration file. But this
+ doesn't work for the -4 and -6 options, because the run_ipv4 flag determines how
+ IP addresses in the config file are parsed. I've inserted some extra tests and
+ warning messages that will hopefully make this setting nearly foolproof.
+
+ I've added two new command-line options, "-a" and "-i ".
+ With the -a flag pdnsd will try to detect automatically if IPv6 support is
+ available on a system, and fall back to IPv4 if not. The -a flag can be used
+ instead of -4 or -6.
+
+ In IPv6 mode, pdnsd will now automatically convert IPv4 addresses to IPv6-mapped
+ addresses. The -i option can be used to specify a prefix for this mapping. The
+ default is ::ffff.0.0.0.0
+ There is also a corresponding ipv4_6_prefix= option for the config file.
+
+ In IPv4 mode, if IPv6 support is compiled in, pdnsd will now skip IPv6 addresses
+ in the config file (except for the server_ip and ping_ip options) with a warning
+ message. This allows you to have mixed sets of IPv4 and IPv6 address in the same
+ config file, although in IPv4 mode some server sections may become inactive.
+
+ With thanks to Juliusz Chroboczek for suggesting these changes.
+
+2004-04-07 Paul Rombouts
+
+ * src/cache.c
+ I've changed some of the cache-flag definitions to make debugging a little simpler.
+ Unfortunately, this makes the cache files of previous pdnsd versions incompatible
+ with the new one. I've introduced a cache version identifier to be added at the
+ beginning of each cache file. This enables pdnsd to recognize and discard
+ incompatible cache files.
+
+2004-04-05 Paul Rombouts
+
+ * src/cache.h,src/cache.c
+ I've changed the way CACHE_LAT (cache latency, normally 120 secs) is used to
+ determine whether a cache entry has timed out. Instead of simply adding it to the
+ ttl (time to live), I use CACHE_LAT if the ttl is less then CACHE_LAT, else the
+ ttl itself, making CACHE_LAT the minimum ammount of time a cache entry stays in
+ the cache.
+
+2004-04-02 Paul Rombouts
+
+ * src/dns_query.c
+ I've introduced a global timeout parameter. This is the minimum period of time
+ pdnsd will wait after sending the first query to a remote server before giving
+ up without having received a reply.
+ The timeout options in the configuration file are now only minimum timeout intervals.
+ Setting the global timeout option makes it possible to specify quite short timeout
+ intervals in the server sections. This will have the effect that pdnsd will start
+ querying additional servers fairly quickly if the first servers are slow to respond
+ (but will still continue to listen for responses from the first ones).
+ This may allow pdnsd to get an answer more quickly in certain situations.
+
+ * src/dns_query.c
+ When receiving a NXDOMAIN (unknown domain) response from a remote name server,
+ I think it is still useful to process the authority and additional sections,
+ so that pdnsd can possibly add a SOA record to its own response.
+
+2004-04-01 Paul Rombouts
+
+ * src/dns_query.c
+ In p_recursive_query(), I've slightly changed the way pdnsd does parallel
+ queries. Active queries or not canceled until we have received a useful response
+ from a remote name server, or all the queries have failed or timed out.
+ Thus the par_queries parameter is no longer the maximum number of parallel
+ queries, but rather the increment with which the number of parallel queries is
+ increased when the previous set has timed out.
+ In the worst case all the servers in the list of available servers will be queried
+ simultaneously. We may be wasting more system resources this way, but the advantage
+ is that we have a greater chance of catching a reply.
+ After all, if we wait longer anyway, why not for more servers.
+
+2004-03-31 Paul Rombouts
+
+ * src/dns_answer.c
+ I've noticed that in compose_answer() that while adding the name in the query
+ section it was not passed through compress_name(). While it is true that the
+ first name occurrence cannot be compressed, it is still sensible to process the
+ query name with compress_name() so that the offset can be stored and provide
+ additional opportunities for future compressions.
+ I've tested this with dig and the responses of pdnsd are now usually a little
+ smaller in size or can hold more information within the 512 byte limit.
+
+2004-03-30 Paul Rombouts
+
+ * src/cache.c
+ I've noticed that pdnsd stored rr records (of the same type) in reverse order
+ in the cache.
+ Although I don't see anything inherently wrong with that, I think it's neater to
+ store them in the order they are processed.
+
+2004-03-29 Paul Rombouts
+
+ * src/cache.c
+ I've rearranged the order of the arguments of some of the functions in cache.c
+ to obtain a more consistent calling interface.
+
+ * src/dns_answer.c
+ I've noticed that pdnsd would only add NS records to an authority section if it could
+ find such records matching the queried name (or the last CNAME in the answer) exactly.
+ However, I understand that a server should try to give NS records as close as possible
+ to the target name in the naming hierarchy.
+ I also understand that if a domain name is reported as nonexisting, or no record of
+ the requested type exists, it is customary to provide a SOA record, searching up the
+ name hierarchy if necessary.
+ I've tried to implement this in compose_answer(), although with some limitations.
+ I only look in the cache, I don't search more then three levels up, and stop before
+ the top level.
+
+2004-03-28 Paul Rombouts
+
+ * src/cache.c,src/dns_answer.c
+ There were some issues with add_cache_rr_add().
+
+ First of all, the way it was used in rr_to_cache() (or rather not used) meant
+ that if an "off topic" record was added for a name that lacked an entry in the
+ cache, the rr set would be created with an incorrect serial number (namely zero).
+ I've rewritten add_cache_rr_add so that it can create new cache entries if necessary.
+ This simplifies the code in rr_to_cache() and ensures correct serial numbers.
+
+ Secondly, in add_cache_rr_add() the ttl was compared with that of an existing rrset
+ without adjusting for the min_ttl and max_ttl options. This could lead to all the
+ previous records being deleted, retaining only the last one.
+
+2004-03-27 Paul Rombouts
+
+ * src/dns_answer.c
+ In compose_answer(), if the rd (recursion desired) bit is set in the query
+ and the response contains a CNAME record (while a different type of record was
+ requested), always do a recursive query on the CNAME, even if we have already
+ added a record of the requested type to the response.
+ Failing to honor the rd bit will cause some resolver libraries to complain,
+ even if the answer contains a record of the requested type.
+
+ I've slightly changed the calling interfaces of add_to_response() and add_rrset()
+ to make them more consistent and efficient.
+
+ In add_rrset() I've fixed a memory leak on one of the error paths.
+
+ In add_additional_rr(), the return value of add_rr() was not checked.
+ If add_rr() fails, it will free *ans, and functions higher up the calling
+ chain could be referencing freed memory.
+
+ I've fixed a potential referencing of freed memory or double freeing in add_additional_a().
+ If a call of add_additional_rr() fails, it will free *ans.
+ Previously, add_additional_rr() could be called a second time, in which case
+ the second call would be referencing freed memory or freeing it a second time..
+
+2004-03-23 Paul Rombouts
+
+ * configure.in, src/Makefile.in,src/pdnsd-ctl/Makefile.in,src/test/Makefile.in
+ Frédéric L. W. Meunier has reported that configure --srcdir option (for building
+ in directory separate from the source directory) was broken.
+ Should be fixed now.
+
+2004-03-20 Paul Rombouts
+
+ * src/dns_answer.c,src/dns_query.c,src/helpers.c,src/icmp.c,src/main.c,src/netdev.c,src/ipvers.h,src/test/if_up.c,src/test/is_local_addr.c,src/test/tping.c,src/test/random.c,src/conf-parser.c
+ I've eliminated the global variable run_ipv6 from the code.
+ Enabling both the IPv4 and IPv6 protocols at the same time is not supported
+ in pdnsd, so the value of run_ipv6 (if it is defined) is simply !run_ipv4.
+
+ * src/dns.c,src/test/is_local_addr.c,src/test/tping.c
+ It appears the option to compile pdnsd without IPv4 support (i.e. only IPv6
+ support) was broken. Should be fixed now.
+
+2004-03-19 Paul Rombouts
+
+ * src/cache.c
+ I've discovered an incorrect use of cache locks in lookup_cache().
+ We only read locks in place, it is possible for purge_cent() to delete a cache
+ entry while another thread is trying to read it at the same time, which could
+ lead to trouble. I've rewritten purge_cent() so that it can be used to test
+ whether something needs to be purged without actually deleting anything.
+ If something needs to be deleted, purge_cent() will be called again with
+ the proper read/write locks in place, excluding access to the cache for all
+ other threads.
+
+2004-03-18 Paul Rombouts
+
+ * src/cache.c
+ I've added a new function sort_rrl() for sorting the rr_l list using a merge-sort
+ algorithm. Usually the insertion sort used by insert_rrl() is good enough, because
+ new entries belong near the end most of the time. Reading entries from disk forms
+ an exception, though, because the rrsets in the file are completely out of order
+ w.r.t. timestamps, leading to quadratic time complexity of the insertion sort method.
+ In that case it should be faster to simply append items at the end of the rr_l list
+ and sort using a more efficient algorithm afterwords.
+ pdnsd now seems to start up noticeably faster when reading large cache files.
+ I've also considered using a more sophisticated data structure than a doubly linked
+ list, but this will add considerable complexity to the code and use more memory.
+
+2004-03-13 Paul Rombouts
+
+ * src/dns_answer.c
+ Changed a declaration in udp_answer_thread() so that the buffer used for passing
+ control messages on to sendmsg() is exactly the right size, instead of an arbitrary
+ 512 bytes.
+ Also initialized the msg_flags of the struct msghdr passed on to sendmsg() to zero,
+ to keep Valgrind from complaining about uninitialized bytes.
+
+2004-03-12 Paul Rombouts
+
+ * src/icmp.c
+ Fixed an incorrect call to select() in ping4(). A file descriptor set for detecting
+ exceptions was initialized but not passed on to select(). This would lead subsequent
+ code always to behave as if an IO exception had occurred.
+ Valgrind seems to indicate that when a poll() call times out and returns 0,
+ the revents field of the struct pollfd is not necessarily set.
+ I've changed the code to check that the return value is > 0 before examining the
+ revents field.
+
+2004-02-06 Paul Rombouts
+
+ * src/conf-parser.c,src/conf-parser.h,src/conf-keywords.h
+ I've rewritten the parser for the configuration file in C from scratch.
+ (f)lex and yacc/bison are no longer needed to build pdnsd.
+
+2004-01-16 Paul Rombouts
+
+ * src/main.c
+ Load the cache from disk without locking cache access because pdnsd
+ is still single-threaded at that point.
+
+2004-01-15 Paul Rombouts
+
+ * src/cache.c,src/hash.c
+ Moved the responsibility for freeing the cache entries referred by
+ the hash buckets from destroy_cache() to free_dns_hash() (which is called
+ by destroy_cache()). Previously, the cache and hash tables were already
+ completely destroyed by the time free_dns_hash() was called, and there was
+ nothing left for free_dns_hash() to free.
+
+2004-01-14 Paul Rombouts
+
+ * src/hash.c,src/make_hashconvtable.c
+ The hash conversion table is now generated at build time instead
+ of at run time when pdnsd is started up.
+
+2004-01-13 Paul Rombouts
+
+ * src/dns.c
+ In add_host() fixed incorrect generation of IPV6 type of name for PTR record
+ due to use of && instead of & as masking operator.
+
+2004-01-13 Paul Rombouts
+
+ * src/icmp.c, src/dns_answer.c
+ Use unsigned long instead of int error counters to reduce the danger
+ of wraparound.
+
+2004-01-06 Paul Rombouts
+
+ * src/main.c,src/thread.c,src/thread.h,src/server.c,src/status.c,src/dns_answer.c
+ Initialize a global thread attribute object in main.c and use it to create all the detached
+ threads, instead of initializing a separate attribute object for each new thread.
+
+2004-01-06 Paul Rombouts
+
+ * src/dns_answer.c
+ Check the return value of pthread_create() in udp_server_thread()
+ and tcp_server_thread() to ensure that a new answer thread has actually
+ been created and free resources if not.
+
+2004-01-04 Paul Rombouts
+
+ * src/helpers.c,src/cache.c,src/conff.c,src/status.c
+ Stop writing to control socket after an error has been detected.
+
+2004-01-03 Paul Rombouts
+
+ * src/pdnsd-ctl/pdnsd-ctl.c
+ Tried to make the error messages of pdnsd-ctl more helpful.
+ The complete usage description is now only printed if the 'help' command
+ is used. For problems with other commands a much shorter message is generated
+ specific for that command.
+
+2004-01-02 Paul Rombouts
+
+ * src/helpers.h
+ Changed the definition of rhnlen(). For valid data this will make no difference,
+ but it may change the behaviour of pdnsd in certain error situations.
+
+2004-01-02 Paul Rombouts
+
+ * src/dns.c
+ Optimized compress_name() some more.
+
+2004-01-02 Paul Rombouts
+
+ * src/dns_answer.c
+ Additional code cleanup in compose_answer().
+
+2004-01-01 Paul Rombouts
+
+ * doc/pdnsd-ctl.8
+ Updated the pdnsd-ctl man page.
+
+2003-12-31 Paul Rombouts
+
+ * src/pdnsd-ctl/pdnsd-ctl.c
+ Cleaned up some code.
+
+2003-12-31 Paul Rombouts
+
+ * src/status.c,src/conff.h,src/conff.c
+ Some further code cleanup in status.c.
+ Labels for server sections are no longer limited to 32 chars,
+ but can have arbitrary length. The string that is used to specify
+ new DNS-addresses with the "pdnsd-ctl server" command can now also
+ have arbitrary length.
+
+2003-12-30 Paul Rombouts
+
+ * doc/html/doc.html
+ Added information about CNAME and MX resource records, that were
+ previously undocumented.
+
+2003-12-26 Paul Rombouts
+
+ * src/dns_query.c
+ Removed the function p_dns_resolve_from(). This function was essentially
+ a call to p_recursive_query() with a dummy nocache argument.
+ p_recursive_query() can now be called with nocache=NULL instead.
+
+2003-12-26 Paul Rombouts
+
+ * src/dns_query.c
+ Using a variable length array instead of an malloced buffer to hold the struct pollfd array
+ in p_recursive_query(). This has the potential for causing portability problems, but I
+ think that's unlikely because almost all the major C compilers I work with support variable
+ length arrays nowadays.
+
+2003-10-18 Paul Rombouts
+
+ * src/helpers.h,src/helpers.c
+ Fixed a mistake that caused a compile error when using the --with-random-device
+ configuration option.
+ Thanks to Daniel Black for reporting this bug.
+
+2003-10-02 Paul Rombouts
+
+ * conf-lex.l.in,src/conf-parse.y,src/conff.h,src/conff.c,src/dns_query.c
+ Made the "delegation_only" feature configurable.
+
+2003-09-25 Paul Rombouts
+
+ * src/helpers.c,src/helpers.h
+ Added alternative implementations of strdup, strndup, stpcpy, getline and asprintf
+ in an effort to make the code more portable.
+
+2003-09-22 Paul Rombouts
+
+ * src/helpers.c,src/conf-parse.y
+ Made some changes to the parser of the configuration file so that domain names
+ missing a dot at the end will be tolerated.
+
+2003-09-21 Paul Rombouts
+
+ * src/dns_query.c
+ Implemented a first version of the "delegation-only" feature.
+ It has been "hard-coded" to work for "com" and "net" zones,
+ and is not yet configurable.
+
+2003-09-21 Paul Rombouts
+
+ * src/dns.c
+ Rewrote domain_match(). Also changed the way it is used.
+ I believe it has a cleaner semantics now.
+
+2003-09-21 Paul Rombouts
+
+ * src/dns_query.c
+ Changed the order of the arguments of p_exec_query() and p_recursive_query()
+ to make it more consistent with the other functions.
+
+2003-09-18 Paul Rombouts
+
+ * src/dns_answer.c
+ Reordered the code in process_query() so that a buffer for an error response is
+ allocated only when it is actually needed.
+
+2003-09-17 Paul Rombouts
+
+ * src/cache.c
+ Added parentheses to correct mistaken operator precedence assumption in cache.c.
+ !cent->flags&DF_NEGATIVE is parsed as (!(cent->flags))&DF_NEGATIVE but I think
+ what Thomas Moestl must have intended was !((cent->flags)&DF_NEGATIVE).
+
+2003-09-12 Paul Rombouts
+
+ * src/dns_query.c
+ Fixed a mistake which caused the effect of the proxy_only option to be reversed.
+ Thanks to Andrew M. Bishop for reporting this bug.
+
+2003-09-11 Paul Rombouts
+
+ * src/helpers.c
+ Rewrote str2rhn() and rhn2str().
+
+2003-09-10 Paul Rombouts
+
+ * src/dns.c
+ Rewrote read_hosts(), the function that reads /etc/hosts-style input.
+ I believe the parsing algorithm is more robust now.
+
+2003-09-09 Paul Rombouts
+
+ * src/status.c,src/pdnsd-ctl/pdnsd-ctl.c
+ Fixed a bug (my fault) that caused improper passing on of flags for the
+ pdnsd-ctl source command.
+ Also reordered some of the code, so that data is validated after all of it
+ has been read from the control socket. This should prevent a "broken pipe"
+ error message if data validation fails.
+ Also fixed the reporting of success or failure of the pdnsd-ctl "neg" command.
+
+2003-09-08 Paul Rombouts
+
+ * src/list.c
+ Rewrote da_grow1() and da_resize() so that they automatically allocate an array
+ if given a NULL argument. This makes the use of da_create() redundant in most cases.
+
+2003-09-08 Paul Rombouts
+
+ * src/conf-parse.y,src/servers.c
+ At the suggestion of Greg Norris, I changed the code to allow server sections in the
+ configuration file that don't specify any IP addresses. Such a section will remain
+ inactive until one or more IP addresses are assigned with the control utility pdnsd-ctl.
+
+2003-09-04 Paul Rombouts
+
+ * src/dns_answer.c,src/dns_query.c
+ Oops: in my zeal to declare variables in the smallest possible scope, I ended up
+ using a pointer to a struct that was out of scope. My understanding of compilers tells me
+ it should work out OK in practice, but it is definitely a no-no.
+ Used a union declared in a larger scope instead (which is ugly in another way,
+ but equally efficient).
+ Also removed a section of redundant code in udp_server_thread().
+
+2003-09-01 Paul Rombouts
+
+ * src/dns_query.c
+ Corrected the iteration range of a for loop in p_dns_cached_resolve(), which would
+ otherwise cause an array to be indexed out of bounds in the function set_flags_ttl().
+
+2003-08-31 Paul Rombouts
+
+ * src/dns_answer.c
+ Added cleanup handlers for freeing the resources passed on to udp_answer_thread() and
+ tcp_answer_thread(). This should ensure the resources are freed even if the threads get
+ canceled.
+
+2003-08-30 Paul Rombouts
+
+ * src/cache.c
+ Revised large portions of code in src/cache.c, used for adding and deleting entries in
+ the cache. In particular, I rewrote purge_cache(), which I believe was incorrect.
+ I wouldn't be surprised if this was the cause of the crashed (defunct) threads that some
+ people were reporting.
+ Also fixed some memory leaks.
+
+2003-08-28 Paul Rombouts
+
+ * src/cache.c
+ Eliminated the overhead of allocation debugging in the case that ALLOC_DEBUG is not defined.
+
+2003-08-24 Paul Rombouts
+
+ * src/conf-parse.y
+ No longer allow certain settings of the query_method option in the configuration file
+ if pdnsd is not compiled with the necessary support.
+ Thanks to Nikolaus Rath for reporting the bug.
+
+2003-08-23 Paul Rombouts
+
+ * src/netdev.c
+ Fixed a bug in is_local_addr() where the result of fgetc(f) is restricted to type char
+ before being compared to EOF, which can result in the comparison always being false.
+ Thanks to Gerhard Tonn for reporting the bug.
+
+2003-07-28 Paul Rombouts
+
+ * doc/html/index.html,doc/html/doc.html,doc/html/dl.html,doc/pdnsd-ctl.8,contrib/README
+ Revised the documentation.
+
+2003-07-21 Paul Rombouts
+
+ * src/main.c,src/status.c,src/icmp.c
+ Setting stat_pipe=0 after opening or binding the control socket fails.
+ This should prevent further use of the control socket if a problem with
+ it has been detected previously.
+ Also properly initialized the global variable int ping_isocket in src/icmp.c
+
+2003-07-13 Paul Rombouts
+
+ * src/main.c
+ Polished the code in main().
+
+2003-07-04 Paul Rombouts
+
+ * src/helpers.c,src/dns_answer.c,src/dns_query.c
+ Eliminated the use of inet_ntoa() in favor of the more modern inet_ntop().
+ inet_ntop() makes more sense in threaded code and is also recommended in
+ the glibc info pages.
+
+2003-07-03 Paul Rombouts
+
+ * src/dns_query.c
+ Fixed an allocation size error (not mine) in p_exec_query().
+ The erroneous size is almost always larger than necessary, so in practice this bug
+ just wastes memory. But there is also a possibility that the allocated buffer is too
+ small, which would mean trouble.
+ Also fixed two memory leaks on some of the error paths in p_exec_query().
+
+2003-06-28 Paul Rombouts
+
+ * acconfig.h,configure.in,src/thread.h
+ Extended the configuration option --with-thread-lib.
+ Configuring with --with-thread-lib=linuxthreads2 will cause the alternative
+ definition of THREAD_SIGINIT suggested by Thomas Moestl to be used.
+
+2003-06-27 Paul Rombouts
+
+ * src/consts.h,src/consts.c,src/conff.c,src/conf-parse.y,src/dns_answer.c
+ Added two new configuration options for policies of inclusion/exclusion lists.
+ The new policies options are "simple_only" and "fqdn_only".
+ This allows me to control to which name servers pdnsd will direct queries for
+ simple host names.
+ I also polished the code a bit in report_conf_stat(), used for reporting the current configuration.
+
+2003-06-20 Paul Rombouts
+
+ * acconfig.h,configure.in,src/thread.h,src/thread.c
+ Added a configuration option --with-thread-lib=nptl.
+ This causes the macro THREAD_SIGINIT to be defined as empty in src/thread.h,
+ and thread_sig() in src/thread.c is never used.
+
+2003-06-11 Paul Rombouts
+
+ * src/thread.h
+ Undid the change to the definition of THREAD_SIGINIT suggested to me by
+ Thomas Moestl, after receiving a report of a problem with this change
+ from someone running SuSE 7.0.
+
+2003-06-06 Paul Rombouts
+
+ * src/dns_query.c:
+ Discovered that I failed to preserve the semantics of Thomas Moestl's code
+ when I rewrote a section of code in use_server(). Fixed.
+
+2003-05-19 Paul Rombouts
+
+ * src/cache.c,src/conf-lex.l.in,src/conf-parse.y,src/conff.h,src/dns_answer.c,src/dns_query.c,src/servers.c:
+ Merged fixes contained in patch file sent to me by Thomas Moestl with my own version.
+ Changing the version to 1.1.8b1 as suggested by the patch file.
+
+2003-02-26 Paul Rombouts
+
+ * pdnsd-1.1.7a-par.diff:
+ Made one big patch file from all the changes I made up till now.
+ Wrote a description of the changes in a file README.par
+ Posted patch file on the web so others can use it.
+
+2003-02-24 Paul Rombouts
+
+ * src/cache.c
+ Changed the code that writes the cache to disk.
+ Data is now written strictly sequentially, eliminating the need for fseek().
+ This seems to have successfully solved the problem I had with corrupt cache files.
+
+2002-05-27 Paul Rombouts
+
+ * ChangeLog:
+ Started experimenting with the source code.
+ Made many changes between 2002-05-27 and 2002-07-13.
+ Too lazy to maintain the ChangeLog.
+
+2002-01-06 Thomas Moestl
+
+ * version: Call it 1.1.7.
+
+2002-01-04 Thomas Moestl
+
+ * src/dns_answer.c, src/dns_query.c:
+ Comment and debug message fixes, more assertions.
+
+2002-01-03 Thomas Moestl
+
+ * src/dns.c, src/dns_answer.c, src/dns_query.c:
+ More harmless fixes, correct some comments and debug messages, add more
+ assertions.
+
+ * NEWS, version: 1.1.7p2, correct NEWS entry.
+
+ * src/helpers.c:
+ Make sure the calling thread of pdnsd_exit() terminates immediately.
+
+2002-01-02 Thomas Moestl
+
+ * src/dns_answer.c, src/helpers.c, src/icmp.c:
+ Fix a few more harmless bugs, more paranoia.
+
+ * src/status.c: Fix yet more, probably harmless, problems.
+
+2002-01-01 Thomas Moestl
+
+ * src/dns.h, src/dns_answer.c, src/dns_query.c:
+ Fix a few more possible buffer size problems, and add a bunch of
+ assertions as last lines of defence.
+
+2001-12-30 Thomas Moestl
+
+ * src/dns.c: Build fix (include error.h).
+
+ * NEWS, version: Call it 1.1.7p1, and add a NEWS entry.
+
+ * TODO: Reduce TODO to what actually is still needed.
+
+ * src/dns.c, src/error.h, src/helpers.c:
+ Add a bunch of robustness PDNSD_ASSERT()'s.
+
+ * src/dns_query.c:
+ Fix a bug which may possibly be remotely exploitable to gain access as
+ the user pdnsd runs as.
+ This was caused by a dumb single-character mistake :(
+
+ * doc/Makefile.am, configure.in:
+ Avoid confusing automake 1.5 by not putting a comment into a make rule.
+ Fix CONFDIR passing.
+
+ Submitted by: GoTaR
+
+ * src/pdnsd-ctl/pdnsd-ctl.c:
+ Avoid crashing when the buffer contents received using the status command
+ are not terminated.
+
+2001-10-14 Thomas Moestl
+
+ * src/rc/SuSE/pdnsd.in, THANKS:
+ Fix the stop case for the SuSE rc script: killproc requires the full
+ path of the binary as argument (reported by Bernhard Pelz).
+
+2001-09-23 Thomas Moestl
+
+ * configure.in:
+ Revamp the OS autodetect test. OpenBSD and (hopefully) NetBSD are no longer
+ unsupported.
+
+ * src/helpers.c, THANKS:
+ Do not try to use arc4random when compiling for NetBSD (submitted by
+ Thomas Stromberg).
+
+2001-09-10 Thomas Moestl
+
+ * COPYING.BSD: s/REGENTS/AUTHOR/ in one place.
+
+ * src/cache.c:
+ It is possible no record of the requested type is present after calling
+ cr_add_cent_rr_int() (when the record was marked as being local), so
+ check before dereferencing the pointer to the respective rrset.
+ Leave the record unmodified when cr_check_add() returns 0.x
+
+2001-07-26 Thomas Moestl
+
+ * src/rc/RedHat/pdnsd.in:
+ Add a workaround for @sysconfdir@ substitutions containing ${prefix}.
+ Spotted by Robert Linden.
+
+2001-07-04 Thomas Moestl
+
+ * src/rc/RedHat/pdnsd.in:
+ Add a condrestart handler to the Red Hat rc script, and do some general
+ cleanup. Contributed by Christian Engstler.
+
+2001-07-02 Thomas Moestl
+
+ * src/error.h:
+ Attempt to detect a gcc that cannot yet handle ANSI variadic macros,
+ and work around this by using the old GCC-style variant.
+
+ * src/conff.c:
+ Remove a + at the start of a line that got in when merging a diff by
+ hand.
+
+ * src/servers.c: waitpid() returns a pid_t.
+
+ * src/dns.c:
+ It's sizeof, not sizof. This should unbreak the IPv6 build. Also silence
+ some warnings with appropriate casts.
+
+ * NEWS, version: Call it 1.1.6, and add a NEWS entry.
+
+2001-07-01 Thomas Moestl
+
+ * src/conf-lex.l.in, src/conf-parse.y, src/conff.c, src/conff.h, src/dns_query.c, THANKS, version, AUTHORS:
+ Added a modified version of Andreas Steinmetz's code for
+ query_port_start and query_port_range, and added him to AUTHORS and
+ THANKS.
+
+2001-06-23 Thomas Moestl
+
+ * src/cache.c:
+ Fix a bogon: deleted would not be reset correctly in the first
+ purge_cache loop, which could cause pdnsd to loop forever when a
+ negative record was after a deleted rr.
+
+2001-06-21 Thomas Moestl
+
+ * src/list.h:
+ Add (currently unused) list macros that are going to be used in future
+ code.
+
+ * src/cache.c:
+ Fix a bogon in the rw lock code: we need to wake up a writer if there
+ are no readers. The old code was a leftover from a time when
+ SUSP_THRESH was just r_pend * x.
+ Fix a typo.
+
+2001-06-13 Thomas Moestl
+
+ * AUTHORS: Add mention of FreeBSD code to AUTHORS.
+
+ * src/netdev.c:
+ Add SIZEOF_ADDR_IFREQ (taken from FreeBSD: _SIZEOF_ADDR_IFREQ, net/if.h
+ rev. 1.58.2.1) and add an appropriate copyright notice.
+ The reason for this is that other BSDs don't have it, and we are not
+ supposed to use underscored macros in portable software.
+
+2001-06-12 Thomas Moestl
+
+ * src/icmp.c: Fix double #inclusion of .
+ Noticed by Sebastian Stark.
+
+2001-06-08 Thomas Moestl
+
+ * src/dns_query.c, THANKS:
+ Allow underscores in the query names reported back, as the comment next
+ to the decompress_name call already indicated (but the call gave NULL
+ as the uscore parameter, which disables underscores normally).
+ Add Michael Ströder, who spotted this, to THANKS.
+
+2001-06-06 Thomas Moestl
+
+ * src/servers.c, THANKS:
+ Fix a bug discovered by Stefan Erhardt (and add him to THANKS): the
+ return value of waitpid was misinterpreted.
+
+2001-06-04 Thomas Moestl
+
+ * Makefile.am, file-list.base.in, version:
+ Bump version to 1.1.6p1; wire up COPYING.BSD so that it gets included
+ in RPM's and tarballs.
+
+ * COPYING.BSD:
+ Add the BSD-Style copyright notice so that it can be included in binary
+ distributions.
+
+2001-06-03 Thomas Moestl
+
+ * src/dns.c, src/dns_answer.c, src/dns_query.c, src/helpers.c, src/status.c, NEWS, version:
+ Bump version to 1.1.5, and add a NEWS entry for this release.
+
+ Miscellaneous cleanups, mainly in the status.c code; fix a bug that
+ could cause heap corruption (rhncpy always clobbered the whole buffer,
+ but only the needed space was reserved in add_rr). This should solve
+ the crashes some people were seeing (this bug is not an exploitable
+ security hole as far as I know; the respective buffer is on the heap,
+ as mentioned).
+
+ * src/error.c:
+ Paranoia: do not use the argument to crash_msg as a format string
+ (crash_msg is only used with constant strings, though).
+
+2001-06-02 Thomas Moestl
+
+ * src/dns.c, src/dns.h, src/dns_answer.c, src/dns_query.c, src/error.h, src/hash.c, src/helpers.c:
+ Correct underscore handling for SRV records, and a few comment fixes.
+
+ * src/cache.c, src/conff.c, src/dns_query.c, src/error.h, src/helpers.h, src/status.c:
+ Numerous non-critical argument fixes for printf-like functions.
+
+ * src/dns.c: Remove superfluous \n's.
+
+ * src/conf-parse.y, src/dns_answer.c, src/status.c:
+ Correct some DEBUG_MSG nits, and fix two format string bugs. One of
+ them could allow users that are allowed to use pdnsd-ctl with the
+ server (when the status socket is enabled) to gain the privileges of
+ the user that runs (the run_as user or the user that started pdnsd on
+ Linux when strict_setuid is set to off) pdnsd. The status socket is
+ disabled by default, and if it is enabled, it's default permissions
+ are quite restrictive, so this isn't a problem for most.
+
+2001-05-30 Thomas Moestl
+
+ * src/status.c:
+ Make the status permissions actually work (missed last time).
+
+ * src/dns_answer.c, src/main.c, src/status.c, src/status.h:
+ Move the status socket initialization to a place where it gets executed
+ before any threads are started; this way, we can use umask to set the
+ permissions, and avoid a (in this case harmless, but anyway) race
+ condition.
+ While being there, remove obsoleted comments and places referring to
+ the now-socket as fifo.
+
+2001-05-29 Thomas Moestl