[pull] master from PowerDNS:master

docs/secpoll.zone

@@ -1,4 +1,4 @@
-@       86400   IN  SOA pdns-public-ns1.powerdns.com. peter\.van\.dijk.powerdns.com. 2026052001 10800 3600 604800 10800
+@       86400   IN  SOA pdns-public-ns1.powerdns.com. peter\.van\.dijk.powerdns.com. 2026052101 10800 3600 604800 10800
 @       3600    IN  NS  pdns-public-ns1.powerdns.com.
 @       3600    IN  NS  pdns-public-ns2.powerdns.com.
 
@@ -656,6 +656,7 @@ dnsdist-2.0.2.security-status                              60 IN TXT "3 Upgrade
 dnsdist-2.0.3.security-status                              60 IN TXT "3 Upgrade now, see https://dnsdist.org/security-advisories/powerdns-advisory-for-dnsdist-2026-04.html"
 dnsdist-2.0.4.security-status                              60 IN TXT "1 OK"
 dnsdist-2.0.5.security-status                              60 IN TXT "1 OK"
+dnsdist-2.0.6.security-status                              60 IN TXT "1 OK"
 dnsdist-2.1.0-alpha1.security-status                       60 IN TXT "2 Superseded pre-release"
 dnsdist-2.1.0-beta1.security-status                        60 IN TXT "2 Superseded pre-release"
 dnsdist-2.1.0-beta2.security-status                        60 IN TXT "1 Unsupported pre-release"

modules/lmdbbackend/lmdbbackend.cc

@@ -1085,6 +1085,10 @@ constexpr size_t serialize_offset_ordername = serialize_offset_disabled + sizeof
 template <>
 void serializeToBuffer(std::string& buffer, const LMDBBackend::LMDBResourceRecord& value)
 {
+  if (value.content.length() > std::numeric_limits<uint16_t>::max()) {
+    throw PDNSException("DNS record is too large (" + std::to_string(value.content.length()) + "), unable to serialize in LMDB");
+  }
+
   // Data size of the resource record.
   uint16_t len = value.content.length();
 

pdns/dnsdistdist/dnsdist-tsan.supp

@@ -6,11 +6,12 @@ race:handleStats
 race:ClientState::updateTCPMetrics
 race:DownstreamState::updateTCPMetrics
 race:DownstreamState::updateTCPLatency
-# There is a race when we update the status of a backend,
+# There is a race when we update the latency of a backend,
 # but eventual consistency is fine there
 race:DownstreamState::setDown
 race:DownstreamState::setUp
 race:DownstreamState::setAuto
+race:DownstreamState::setUpStatus
 # Same thing for whether a backend has been stopped,
 # eventual consistency is fine
 race:DownstreamState::stop

pdns/dnsdistdist/docs/changelog.rst

@@ -1,6 +1,142 @@
 Changelog
 =========
 
+.. changelog::
+  :version: 2.0.6
+  :released: 21st of May 2026
+
+ .. change::
+    :tags: Bug Fixes
+    :pullreq: 17336
+
+    Fix invalid TCP rate limiting computation
+
+  .. change::
+    :tags: Bug Fixes
+    :pullreq: 17338
+
+    Bail out when a ``NULL`` pointer is passed to ``dnsdist_ffi_dnsquestion_get_proxy_protocol_values``
+
+  .. change::
+    :tags: Bug Fixes
+    :pullreq: 17340
+
+    Fix ``BPFFilter::addRangeRule``
+
+  .. change::
+    :tags: Bug Fixes, Webserver
+    :pullreq: 17343
+
+    Maintain a "current size of received body" counter.
+
+  .. change::
+    :tags: Improvements
+    :pullreq: 17345
+
+    Fix clang-tidy warnings
+
+  .. change::
+    :tags: Improvements
+    :pullreq: 17346
+
+    Also apply UDP socket buffer sizes to backend sockets
+
+  .. change::
+    :tags: Improvements
+    :pullreq: 17349
+
+    Make code boost-1.91 compatible
+
+  .. change::
+    :tags: Bug Fixes, YAML
+    :pullreq: 17404
+
+    Fix XSK configuration via YAML
+
+  .. change::
+    :tags: Bug Fixes, DNS over TLS, DNS over HTTPS
+    :pullreq: 17407
+
+   Fix outgoing TLS session cache cleanup
+
+  .. change::
+    :tags: Bug Fixes, Metrics
+    :pullreq: 17409
+
+    Fix the dynamic block top suffixes counters computation
+
+  .. change::
+    :tags: Bug Fixes, Performance
+    :pullreq: 17411
+
+    Compute a less inaccurate number of DNS records to pass to ``reserve()``
+
+  .. change::
+    :tags: Bug Fixes
+    :pullreq: 17412
+
+    Fix DownstreamState::setHealthCheckParams
+
+  .. change::
+    :tags: Bug Fixes
+    :pullreq: 17415
+
+    Fix a data race on concurrent CDB KVS lookups
+
+  .. change::
+    :tags: Bug Fixes
+    :pullreq: 17416
+
+    Fix a few issues in our AF_XDP/XSK code
+
+  .. change::
+    :tags: Bug Fixes
+    :pullreq: 17419
+
+    Fixes several eBPF issues
+
+  .. change::
+    :tags: Bug Fixes
+    :pullreq: 17420
+
+    Better handling of exceptions
+
+  .. change::
+    :tags: Bug Fixes
+    :pullreq: 17423
+
+    Fix two small EDNS addition related bugs
+
+  .. change::
+    :tags: Bug Fixes, Metrics
+    :pullreq: 17425
+
+    snmp-agent: Fix a memory leak
+
+  .. change::
+    :tags: Bug Fixes, DNS over QUIC
+    :pullreq: 17427
+
+    Check the DoQ query size against the received size
+
+  .. change::
+    :tags: Bug Fixes
+    :pullreq: 17429
+
+    More minor fixes
+
+  .. change::
+    :tags: Bug Fixes
+    :pullreq: 17432
+
+    Keep concurrent connection entries for live connections
+
+  .. change::
+    :tags: Bug Fixes, YAML
+    :pullreq: 17434
+
+    Ignore invalid backend weight coming from YAML
+
 .. changelog::
   :version: 2.0.5
   :released: 23rd of April 2026

pdns/dnslabeltext.rl

@@ -241,6 +241,76 @@ size_t parseRFC1035CharString(std::string_view in, std::string &val) {
   return counter;
 }
 
+// Similar to above, but allows ( ) ; within quoted parts.
+size_t parseRFC1035CharStringRelaxed(std::string_view in, std::string &val) {
+
+  val.clear();
+  val.reserve(in.size());
+  const char *p = in.data();
+  const char *pe = p + in.size();
+  int cs = 0;
+  uint8_t escaped_octet = 0;
+  // Keeps track of how many chars we read from the source string
+  size_t counter=0;
+
+/* This parses an RFC 1035 char-string, but allows ( ) and ; to occur in
+ * quoted parts.
+ */
+%%{
+  machine dns_text_to_string_r;
+
+  action doEscapedNumber {
+    escaped_octet *= 10;
+    escaped_octet += fc-'0';
+    counter++;
+  }
+
+  action doneEscapedNumber {
+    val += escaped_octet;
+    escaped_octet = 0;
+  }
+
+  action addToVal {
+    val += fc;
+    counter++;
+  }
+
+  action incrementCounter {
+    counter++;
+  }
+
+  # generated rules, define required actions
+  DIGIT = 0x30..0x39;
+  DQUOTE = "\"";
+  HTAB = "\t";
+  SP = " ";
+  WSP = (SP | HTAB)@addToVal;
+  non_special = "!" | 0x23..0x27 | 0x2a..0x3a | 0x3c..0x5b | 0x5d..0x7e;
+  special = 0x28..0x29 | 0x3b;
+  non_digit = 0x21..0x2f | 0x3a..0x7e;
+  dec_octet = ( ( "0" | "1" ) DIGIT{2} ) | ( "2" ( ( 0x30..0x34 DIGIT ) | ( "5" 0x30..0x35 ) ) );
+  escaped = '\\'@incrementCounter ( non_digit$addToVal | dec_octet$doEscapedNumber@doneEscapedNumber );
+  contiguous = ( non_special$addToVal | escaped )+;
+  # rules differ from parseRFC1035CharString starting from here
+  quotedcontiguous = ( non_special$addToVal | special$addToVal | escaped )+;
+  quoted = DQUOTE@incrementCounter ( quotedcontiguous | ( '\\'? WSP ) )* DQUOTE@incrementCounter;
+  char_string = (contiguous | quoted);
+
+  # instantiate machine rules
+  main := char_string;
+  write data;
+  write init;
+}%%
+
+  // silence warnings
+  (void) dns_text_to_string_r_first_final;
+  (void) dns_text_to_string_r_error;
+  (void) dns_text_to_string_r_en_main;
+  %% write exec;
+
+  return counter;
+}
+
 size_t parseSVCBValueListFromParsedRFC1035CharString(const std::string &in, std::vector<std::string> &val) {
   val.clear();
   const char *p = in.c_str();

pdns/dnsparser.cc

@@ -610,6 +610,10 @@ void PacketReader::xfrBlob(string& blob, int length)
     if (length < 0) {
       throw std::out_of_range("xfrBlob out of range (negative length)");
     }
+    auto available = (d_startrecordpos + d_recordlen) - d_pos;
+    if (available < length) {
+      throw std::out_of_range("xfrBlob out of range (excessive length)");
+    }
 
     blob.assign(&d_content.at(d_pos), &d_content.at(d_pos + length - 1 ) + 1 );
 

pdns/dnsrecords.cc

@@ -774,12 +774,15 @@ string APLRecordContent::getZoneRepresentation(bool /* noDot */) const {
     if (ard->d_family == APL_FAMILY_IPV4) { // IPv4
       s_family = std::to_string(APL_FAMILY_IPV4);
       ca = ComboAddress();
-      memcpy(&ca.sin4.sin_addr.s_addr, ard->d_ip.d_ip4, sizeof(ca.sin4.sin_addr.s_addr));
+      memset(&ca.sin4.sin_addr.s_addr, 0, sizeof(ca.sin4.sin_addr.s_addr));
+      // NOLINTNEXTLINE(cppcoreguidelines-pro-bounds-array-to-pointer-decay)
+      memcpy(&ca.sin4.sin_addr.s_addr, ard->d_ip.d_ip4, ard->d_afdlength);
     } else if (ard->d_family == APL_FAMILY_IPV6) { // IPv6
       s_family = std::to_string(APL_FAMILY_IPV6);
       ca = ComboAddress();
       ca.sin4.sin_family = AF_INET6;
       memset(&ca.sin6.sin6_addr.s6_addr, 0, sizeof(ca.sin6.sin6_addr.s6_addr));
+      // NOLINTNEXTLINE(cppcoreguidelines-pro-bounds-array-to-pointer-decay)
       memcpy(&ca.sin6.sin6_addr.s6_addr, ard->d_ip.d_ip6, ard->d_afdlength);
     } else {
       throw MOADNSException("Asked to decode APL record but got unknown Address Family");

pdns/misc.hh

@@ -835,10 +835,12 @@ std::vector<ComboAddress> getResolvers(const std::string& resolvConfPath);
 
 DNSName reverseNameFromIP(const ComboAddress& ip);
 
-// The following two routines are generated from Ragel code.
+// The following three routines are generated from Ragel code.
 // Note that parseRFC1035CharString will return zero if the first character
 // being processed is < 0x20, >= 07f, or equal to 0x28, 0x29 or 0x3b.
+// parseRFC1035CharStringRelaxed will too, except within a quoted section.
 size_t parseRFC1035CharString(std::string_view in, std::string &val);
+size_t parseRFC1035CharStringRelaxed(std::string_view in, std::string &val);
 size_t parseSVCBValueListFromParsedRFC1035CharString(const std::string &in, vector<std::string> &val);
 size_t parseSVCBValueList(const std::string &in, vector<std::string> &val);
 

pdns/rcpgenerator.cc

@@ -327,7 +327,7 @@ void RecordTextReader::xfrBlobNoSpaces(string& val, int len)
     throw RecordTextException("Record length "+std::to_string(val.size()) + " does not match expected length '"+std::to_string(len));
 }
 
-void RecordTextReader::xfrBlob(string& val, int)
+void RecordTextReader::xfrBlob(string& val, int len)
 {
   skipSpaces();
   auto pos = d_pos;
@@ -342,6 +342,10 @@ void RecordTextReader::xfrBlob(string& val, int)
   boost::erase_all(tmp," ");
   val.clear();
   B64Decode(tmp, val);
+
+  if (len>-1 && val.size() != static_cast<size_t>(len)) {
+    throw RecordTextException("Record length "+std::to_string(val.size()) + " does not match expected length '"+std::to_string(len));
+  }
 }
 
 void RecordTextReader::xfrRFC1035CharString(string &val) {