* [git.ipfire.org] IPFire 2.x development tree branch, next, updated. 15f3f5570302c9387930553a61247c9056525050
@ 2025-12-03 10:26 Michael Tremer
0 siblings, 0 replies; only message in thread
From: Michael Tremer @ 2025-12-03 10:26 UTC (permalink / raw)
To: ipfire-scm
[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #1: Type: text/plain, Size: 8080 bytes --]
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "IPFire 2.x development tree".
The branch, next has been updated
via 15f3f5570302c9387930553a61247c9056525050 (commit)
via 8ea75794b65bce7ad468cef4b2ac7085435e14bb (commit)
via b5ef91f2691185eed1016fe50959fa6ae26120d9 (commit)
from 32280102d774eb3b19c423efbd40145f2e524427 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 15f3f5570302c9387930553a61247c9056525050
Author: Michael Tremer <michael.tremer@ipfire.org>
Date: Wed Dec 3 10:26:01 2025 +0000
core200: Ship Unbound initscript
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
commit 8ea75794b65bce7ad468cef4b2ac7085435e14bb
Author: Michael Tremer <michael.tremer@ipfire.org>
Date: Fri Nov 28 12:23:08 2025 +0000
unbound: Launch more threads
This partially reverts 0f0f3ae7dc5da502c1aaf4bb295778d7657a0af5 which
attempted to remove lock contention. However, we are still observing
that Unbound sometimes just seems to hang. This should create multiple
independent threads which could compensate if one of the threads locks
up and is in line with upstream configuration.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
commit b5ef91f2691185eed1016fe50959fa6ae26120d9
Author: Michael Tremer <michael.tremer@ipfire.org>
Date: Wed Dec 3 10:24:34 2025 +0000
dnsdist: Update to 2.0.2
We released PowerDNS DNSdist 2.0.2 today, fixing several issues:
- the wrong reply address was used when using DNS over QUIC or DNS over HTTP/3 on FreeBSD
- query rules were not processed after setting a tag from a dynamic rule
- selecting the Lua version to use was not possible when building with meson
- rules executed from a timeout when invoked without a valid DNS header, causing issues with some selectors and actions
- large UDP responses received via AF_XDP/XSK were not always properly processed
- the round-robin load-balancing policy was not using an atomic counter, and could thus have a bias
- meta protocol buffer keys were not properly passed from query to response
- setting the hash perturbation to a custom value from YAML was not working properly
- TCP connections to backends could fail on macOS and some BSD systems
- invalid regular expressions from YAML are now properly handled
- unknown selectors and policies in YAML could lead to a crash when parsing the configuration
- "TimedIPSet" objects can now be used from YAML
- errors in Lua traceback handlers are now properly handled
- we added a workaround for a memory leak present in OpenSSL 3.6.0
A few performance improvements were also made:
- inserting into the in-memory rings is a bit faster
- using "recvmmsg" is now be faster
- change bogusV4/bogusV6 addresses to static constants to avoid parse in every call (delichik)
- the default maximum number of descriptors has been raised to 1M
- the FFI "alternate name" interface has been refactored
And the following new features were added:
- a new selector to match the incoming protocol
- a Date: response header is now included for rejected HTTP/1 requests
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
-----------------------------------------------------------------------
Summary of changes:
config/rootfiles/core/200/filelists/files | 1 +
lfs/dnsdist | 7 +++---
src/initscripts/system/unbound | 7 ++++++
src/patches/dnsdist-2.0.2-vloginfo.patch | 38 +++++++++++++++++++++++++++++++
4 files changed, 50 insertions(+), 3 deletions(-)
create mode 100644 src/patches/dnsdist-2.0.2-vloginfo.patch
Difference in files:
diff --git a/config/rootfiles/core/200/filelists/files b/config/rootfiles/core/200/filelists/files
index f7a8b3297..e8109af74 100644
--- a/config/rootfiles/core/200/filelists/files
+++ b/config/rootfiles/core/200/filelists/files
@@ -1 +1,2 @@
+etc/rc.d/init.d/unbound
srv/web/ipfire/cgi-bin/ovpnmain.cgi
diff --git a/lfs/dnsdist b/lfs/dnsdist
index e70584d67..d1dafabc5 100644
--- a/lfs/dnsdist
+++ b/lfs/dnsdist
@@ -26,7 +26,7 @@ include Config
SUMMARY = A highly DNS-, DoS- and abuse-aware loadbalancer
-VER = 2.0.1
+VER = 2.0.2
THISAPP = dnsdist-$(VER)
DL_FILE = $(THISAPP).tar.xz
@@ -34,7 +34,7 @@ DL_FROM = $(URL_IPFIRE)
DIR_APP = $(DIR_SRC)/$(THISAPP)
TARGET = $(DIR_INFO)/$(THISAPP)
PROG = dnsdist
-PAK_VER = 30
+PAK_VER = 31
DEPS =
@@ -50,7 +50,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_BLAKE2 = 6eee67a678ef1a044f60f8989befdcf84ce487bcbe03d2aedbb196b1393f7b5227e93ca25a56e4c400c4159e6e7ec1474e26311ae76c55116f438de234b724d7
+$(DL_FILE)_BLAKE2 = 87a4179f474d7f8117e4e03c4ff680f79207c8056765c6925ee21b3011e4555e47ad9c97950f30ab2876ac0978ee07555017cb1bbc6b93792992c1821f8da27a
install : $(TARGET)
@@ -83,6 +83,7 @@ $(subst %,%_BLAKE2,$(objects)) :
$(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
@$(PREBUILD)
@rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar axf $(DIR_DL)/$(DL_FILE)
+ cd $(DIR_APP) && patch -Np3 < $(DIR_SRC)/src/patches/dnsdist-2.0.2-vloginfo.patch
cd $(DIR_APP) && ./configure \
--prefix=/usr \
--sysconfdir=/etc \
diff --git a/src/initscripts/system/unbound b/src/initscripts/system/unbound
index 56f7f4ff0..c6b3821ac 100644
--- a/src/initscripts/system/unbound
+++ b/src/initscripts/system/unbound
@@ -217,6 +217,9 @@ write_forward_conf() {
write_tuning_conf() {
# https://www.unbound.net/documentation/howto_optimise.html
+ # Determine number of online processors
+ local processors=$(getconf _NPROCESSORS_ONLN)
+
# Determine amount of system memory
local mem=$(get_memory_amount)
@@ -251,6 +254,10 @@ write_tuning_conf() {
(
config_header
+ # We run one thread per processor
+ echo "num-threads: ${processors}"
+ echo "so-reuseport: yes"
+
# Slice up the cache
echo "rrset-cache-size: $(( ${mem} / 2 ))m"
echo "msg-cache-size: $(( ${mem} / 4 ))m"
diff --git a/src/patches/dnsdist-2.0.2-vloginfo.patch b/src/patches/dnsdist-2.0.2-vloginfo.patch
new file mode 100644
index 000000000..068c86728
--- /dev/null
+++ b/src/patches/dnsdist-2.0.2-vloginfo.patch
@@ -0,0 +1,38 @@
+From e01eb83ec8572248f7f661e27d67f731bfb1e5f7 Mon Sep 17 00:00:00 2001
+From: Remi Gacogne <remi.gacogne@powerdns.com>
+Date: Thu, 16 Oct 2025 15:11:56 +0200
+Subject: [PATCH] dnsdist: Fix build error when only protobuf is enabled
+MIME-Version: 1.0
+Content-Type: text/plain; charset=utf8
+Content-Transfer-Encoding: 8bit
+
+The build fails with:
+```
+../dnsdist-protobuf.cc: In member function ‘void DNSDistProtoBufMessage::serialize(std::string&) const’:
+../dnsdist-protobuf.cc:205:7: error: ‘vinfolog’ was not declared in this scope
+ 205 | vinfolog("Error while parsing the RRs from a response packet to add them to the protobuf message: %s", exp.what());
+ | ^~~~~~~~
+```
+because of a missing header.
+
+Signed-off-by: Remi Gacogne <remi.gacogne@powerdns.com>
+(cherry picked from commit a279a1453094d0abfc847aa790bc82addc14cc62)
+---
+ pdns/dnsdistdist/dnsdist-protobuf.cc | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/pdns/dnsdistdist/dnsdist-protobuf.cc b/pdns/dnsdistdist/dnsdist-protobuf.cc
+index e02b6d8755..cc4fae9139 100644
+--- a/pdns/dnsdistdist/dnsdist-protobuf.cc
++++ b/pdns/dnsdistdist/dnsdist-protobuf.cc
+@@ -25,6 +25,7 @@
+ #include "base64.hh"
+ #include "dnsdist.hh"
+ #include "dnsdist-protobuf.hh"
++#include "dolog.hh"
+ #include "protozero.hh"
+
+ DNSDistProtoBufMessage::DNSDistProtoBufMessage(const DNSQuestion& dnsquestion) :
+--
+2.47.3
+
hooks/post-receive
--
IPFire 2.x development tree
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2025-12-03 10:26 UTC | newest]
Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2025-12-03 10:26 [git.ipfire.org] IPFire 2.x development tree branch, next, updated. 15f3f5570302c9387930553a61247c9056525050 Michael Tremer
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox