dan
/
tor-android
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
tor-android/tor-android-binary/src/main/jni/pdnsd/README.par.old

250 lines
14 KiB
Plaintext
Raw Blame History

pdnsd maintenance version 1.1.11-par by Paul Rombouts
=======================================================
This file describes the version of pdnsd that I maintain personally and am
making available so other people can enjoy the latest features and fixes.
Thomas Moestl no longer maintains pdnsd himself, so I am effectively the new
maintainer. The current version is 1.1.11-par, which has a rather large number
of small changes. Among the bugs fixed are a race condition in the cache lookup
code, a flaw in the code that caused a busy spin when a remote server answered
with "Not Implemented", and problems with the -4 and -6 command-line options.
Among the improvements are an alternative sorting algorithm which should allow
pdnsd to start up faster when reading a large cache file from disk, automatic
mapping of IPv4 to IPv6 addresses when running in IPv6 mode, somewhat more
efficient memory use, and better compression of the replies. Some of the new
features are described in the second half of this file (look for "new in version
1.1.11"). For the rest of the changes I will have to refer you to the ChangeLog.
For a short history about recent releases have a look at doc/html/index.html.
Since version 1.1.9 I've added some missing pieces to the documentation (the
manual doc/html/doc.html,doc/txt/manual.txt and the man page doc/pdnsd-ctl.8).
Version 1.1.11 finally has a man page doc/pdnsd.8, thanks to a contribution by
Mahesh T. Pai.
The first part of this file describes how to patch, compile, install and run
pdnsd. The second part describes some of the changes I've made to Thomas
Moestl's code.
Unless you're using the pre-patched source archive pdnsd-1.1.11-par.tar.gz you
must first apply my patch file pdnsd-1.1.11-par.diff.gz before compiling and
installing pdnsd according to Thomas Moestl's instructions described in the the
documentation. Use a freshly untarred copy of Thomas Moestl's original version
1.1.7a source, cd into the source directory pdnsd-1.1.7a and apply the command:
gzip -cd <path_to_patch>/pdnsd-1.1.11-par.diff.gz | patch -p2 -N -Z
Note: I have used GNU extensions so there may be some portability issues. I have
supplied alternatives for some of the less portable functions. There should be no
problem with most Linux distributions.
That's it! You should now be able to compile, install and run pdnsd. See the
documentation in doc/html/doc.html or doc/txt/manual.txt for more detailed
instructions.
Some people may want change the compiler optimization flag. I use the -O2 flag,
but it might be safer to use a lower level of optimization or no optimization at
all. In that case prefix the configure command with the desired compiler flags
like this (assuming you're using a bash shell):
CFLAGS="-O1 -g -Wall" ./configure ...
I have added a new configuration option "--with-thread-lib=<lib>", which you
should use if you experience problems with signal handling under Linux. The
usual symptom is failure by pdnsd to save the cache to disk, and
/var/cache/pdnsd/pdnsd.cache remaining empty. If you experience this kind of
trouble, try reconfiguring with different values for the --with-thread-lib
option. The allowable values are "linuxthreads" (the default), "linuxthreads2"
(or "lt2" for short), and "nptl". I recommend that you first configure and
compile without the --with-thread-lib option, then if you experience trouble try
again with --with-thread-lib=lt2 and recompile.
If your Linux system has an implementation of the Native POSIX Thread Library,
which is the case with Red Hat 9 for instance, you should use
--with-thread-lib=nptl .
Ideally, I would like to write a configure script which automatically detects
which kind of thread library is being used on a Linux system, but I don't have a
clue yet how to do this. If you can help me with this please write to me at the
email address listed at the end of this file.
The rest of this file describes some of the modifications I've made, but you
don't have to read it if you simply want to run pdnsd as you're used to.
- The main new feature I've added enables you to change the server addresses
that pdnsd uses at run-time using pdnsd-ctl. I've done this because the ISPs I
use do not specify fixed DNS server addresses, but expect their clients to use
dynamic DNS configuration (DHCP in the case of the cable connection, RFC1877
in case of isdn). I've extended the options that can be given with the
"server" command to pdnsd-ctl, to allow IP addresses to be specified as an
additional argument after "up|down|retest". This allows me to put something
like this in my ifup-local script:
pdnsd-ctl server isp-label up "$DNS1 $DNS2"
For more details how to use pdnsd-ctl read the updated documentation in
the doc/html directory. There is also a manpage for pdnsd-ctl.
This was quite tricky to implement because there might be pending queries
while the addresses are being changed. It certainly was an interesting
exercise in writing multi-threaded code for me.
- I've implemented a feature which allowed me to specify multiple IP addresses
per server section in the configuration file. This allowed for a much more
compact configuration file (3 server sections instead of 7 in my case),
because most configuration options are identical for servers belonging to the
same ISP. It also made the output of "pdnsd-ctl status" more compact. And it
was necessary to enable a satisfactory implementation of the previous feature.
Example of the new syntax:
ip = 123.456.789.001, 123.456.789.002, 123.456.789.003;
At the suggestion of Greg Norris server sections no longer have to specify IP
addresses. A server section without IP addresses will remain inactive until it
is assigned one more addresses at run-time with pdnsd-ctl.
- I've changed the implementation of dynamic arrays to make it slightly more
efficient, and improve type safety. I also got rid of several arrays of fixed
size in favor of dynamically allocated arrays. In particular, I got rid of
all occurrences of MAXPATH. I also made several static variables "automatic".
- The output of the "status" command of pdnsd-ctl now gives more meaningful
constant names "ping|none|if|exec" instead of numbers for the "uptest" option.
I've also added some information that was previously missing.
- I've fixed I a problem that caused pdnsd to use up a lot of CPU time and slow
down my system considerably when it received a query that took a long time to
resolve. It turned out that pdnsd can get into a "busy spin" when one of the
DNS servers pdnsd is querying refuses the connection. Apart from fixing this
bug, to speed things up additionally, I thought it would be a good idea to
mark a server down (without retesting it) after detecting errno==ECONNREFUSED.
This gives me very satisfactory performance, with the problematic server being
tried only once during every testing interval.
New in version 1.1.11: An additional busy spin condition, triggered when a
remote server answers with "Not Implemented", has been discovered and fixed.
In case there are remaining bugs in the multiplexing code, I've added a test
that checks if the number of events reported by poll/select matches the number
of events handled by pdnsd. If not, pdnsd will log an error message and give
up. Although the bugs still need to be reported and fixed, at least this
should prevent pdnsd from wasting CPU cycles.
- Due to a bug in Thomas' code, pdnsd tries, but fails, to remove the control
socket "pdnsd.status" before exiting. This has also been fixed. In version
1.1.8b1-par6 I have cleaned this up some more so that pdnsd will handle
situations where it can't open or bind the control socket more gracefully.
- I've rewritten some of the code that saves the contents of the cache to the
file "pdnsd.cache" just before pdnsd exits. This is because I noticed in my
logfiles that pdnsd occasionally had problems reading this file back at
startup. I eliminated the use of fseek() in Thomas' code. I could not find
anything that was demonstrably incorrect about his use of fseek(), but it
seemed better to me to do without it and write the file in a strictly
sequential order. Anyway, it turned out my hunch paid off: no more error
messages about "pdnsd.cache" in my logfile.
New in version 1.1.11: I've added some new code for sorting the queue used for
purging stale cache entries. This should allow pdnsd to start up faster when
reading large cache files from disk.
- I've extended the configuration options for policies of inclusion/exclusion
lists in server sections. The new policies options are "simple_only" and
"fqdn_only". Setting policy=simple_only will cause the server to used only for
simple hostnames if no other rule matches. On the other hand, setting
policy=fqdn_only will cause the server to be used only for fully qualified
domain names (i.e. the name has at least one dot in-between). I find these
options useful for controlling which name servers (if any) will be used by
pdnsd for simple host names.
- I've added a new "delegation_only" option that can be used to undo the
unwanted effects of DNS "wildcards". It works roughly as the feature by the
same name in BIND. It is turned off by default. To block Verisign's
Sitefinder, add the following line to the global section of the configuration
file:
delegation_only= com, net;
If you find that this feature blocks some legitimate domain names, you will
probably need to add the address of a nameserver that provides good authority
information. More information can be found at
http://www.phys.uu.nl/~rombouts/pdnsd/delegationonly.html
- It is no longer mandatory that domain names in the configuration file end in a
dot.
- The parser for configuration files has been rewritten purely in C, so (f)lex
and yacc/bison are no longer needed to build pdnsd.
It is no longer necessary to place strings between quotes in the configuration
file, unless a string contains a special character such as whitespace, a token
that normally starts a comment, or one of the characters ",;{}". Note that
these special characters are illegal in domain names anyway.
- New in version 1.1.11: Negating whole domains with a neg section in the
config file will result in all the subdomains being negated as well.
For example, adding the lines
neg {name=doubleclick.com; types=domain;}
neg {name=doubleclick.net; types=domain;}
will also negate ad.doubleclick.com, ad.fr.doubleclick.net, etc.
- New in version 1.1.11: When running in IPv6 mode, pdnsd will now automatically
map any IPv4 addresses it reads in the config file to IPv6 addresses.
When pdnsd has been compiled with IPv6 support and runs in IPv4 mode, it will
skip IPv6 addresses with a warning message. This may result in certain server
sections becoming inactive, though.
The -4 and -6 options should now work as advertised.
I've added two new command-line options, "-a" and "-i <prefix>".
With the -a flag pdnsd will try to detect automatically if IPv6 support is
available on a system, and fall back to IPv4 if not. The -a flag can be used
instead of -4 or -6.
The -i option can be used to specify a prefix for mapping IPv4 to IPv6
address. The default is ::ffff.0.0.0.0. There is also a corresponding
ipv4_6_prefix= option for the config file.
- New in version 1.1.11: I've slightly changed the way pdnsd does parallel
queries. Active queries or not canceled until we have received a useful
response from a remote name server, or all the queries have failed or timed
out. Thus the par_queries parameter is no longer the maximum number of
parallel queries, but rather the increment with which the number of parallel
queries is increased when the previous set has timed out. In the worst case
there will be pending queries to all the servers in the list of available
servers simultaneously. We may be wasting more system resources this way, but
the advantage is that we have a greater chance of catching a reply. After all,
if we wait longer anyway, why not for more servers.
I've also introduced a global timeout parameter. This is the minimum period of
time pdnsd will wait after sending the first query to a remote server before
giving up without having received a reply. The timeout options in the
configuration file are now only minimum timeout intervals. Setting the global
timeout option makes it possible to specify quite short timeout intervals in
the server sections. This will have the effect that pdnsd will start querying
additional servers fairly quickly if the first servers are slow to respond
(but will still continue to listen for responses from the first ones). This
may allow pdnsd to get an answer more quickly in certain situations.
After receiving a reply from a remote server the server is marked up and its
time stamp is updated. This will have the effect that pdnsd doesn't bother
testing this server for availability for a period of time, and thus the
overhead caused by testing is reduced. After server timeouts, uptests are
performed by the separate server status thread, not by threads that have to
answer queries. Unresponsive servers with uptest=ping will not be marked down
immediately any more, but only after the ping test has definitely failed.
I've also included a number of bug-fixes contained in a patch file supplied to
me by Thomas Moestl. In addition to the things I had already fixed, the
following issues are addressed: some memory leaks, dropping of root privileges
before calling uptest scripts in case pdnsd was started setuid root (which is a
bad idea anyway), passing on open fd's to uptests, integer overruns in the
status reporting code, fixing string passing from the lexer, more consistent
treatment of underscores in domain names.
In addition to the things I've listed above, I've made various little changes to
fix minor bugs, improve efficiency or elegance, or simply to suit my my own
coding style. These changes are too numerous to list here, but some of them are
listed in the ChangeLog. Of course if you are really interested in the
nitty-gritty you can always compare the source of my version with Thomas'
original code.
If you have any questions about the modifications I've made, you can send these
to <p.a.rombouts@home.nl>. Questions about the original pdnsd version should
be sent to <tmoestl@gmx.net> or <t.moestl@tu-bs.de>.
Reference in New Issue View Git Blame Copy Permalink