This file contains functions to assist the iterator module. More...
#include "config.h"
#include "iterator/iter_utils.h"
#include "iterator/iterator.h"
#include "iterator/iter_hints.h"
#include "iterator/iter_fwd.h"
#include "iterator/iter_donotq.h"
#include "iterator/iter_delegpt.h"
#include "iterator/iter_priv.h"
#include "services/cache/infra.h"
#include "services/cache/dns.h"
#include "services/cache/rrset.h"
#include "services/outside_network.h"
#include "util/net_help.h"
#include "util/module.h"
#include "util/log.h"
#include "util/config_file.h"
#include "util/regional.h"
#include "util/data/msgparse.h"
#include "util/data/dname.h"
#include "util/random.h"
#include "util/fptr_wlist.h"
#include "validator/val_anchor.h"
#include "validator/val_kcache.h"
#include "validator/val_kentry.h"
#include "validator/val_utils.h"
#include "validator/val_sigcrypt.h"
#include "sldns/sbuffer.h"
#include "sldns/str2wire.h"
Macros | |
#define | SUSPICION_RECENT_EXPIRY 86400 |
time when nameserver glue is said to be 'recent' | |
Functions | |
static void | fetch_fill (struct iter_env *ie, const char *str) |
fillup fetch policy array | |
static int | read_fetch_policy (struct iter_env *ie, const char *str) |
Read config string that represents the target fetch policy. | |
static int | caps_white_apply_cfg (rbtree_type *ntree, struct config_file *cfg) |
apply config caps whitelist items to name tree | |
int | iter_apply_cfg (struct iter_env *iter_env, struct config_file *cfg) |
Process config options and set iterator module state. More... | |
static int | iter_filter_unsuitable (struct iter_env *iter_env, struct module_env *env, uint8_t *name, size_t namelen, uint16_t qtype, time_t now, struct delegpt_addr *a) |
filter out unsuitable targets More... | |
static int | iter_fill_rtt (struct iter_env *iter_env, struct module_env *env, uint8_t *name, size_t namelen, uint16_t qtype, time_t now, struct delegpt *dp, int *best_rtt, struct sock_list *blacklist, size_t *num_suitable_results) |
lookup RTT information, and also store fastest rtt (if any) | |
static int | rtt_compare (const void *x, const void *y) |
compare two rtts, return -1, 0 or 1 | |
static int | nth_rtt (struct delegpt_addr *result_list, size_t num_results, size_t n) |
get RTT for the Nth fastest server | |
static int | iter_filter_order (struct iter_env *iter_env, struct module_env *env, uint8_t *name, size_t namelen, uint16_t qtype, time_t now, struct delegpt *dp, int *selected_rtt, int open_target, struct sock_list *blacklist, time_t prefetch) |
filter the address list, putting best targets at front, returns number of best targets (or 0, no suitable targets) | |
struct delegpt_addr * | iter_server_selection (struct iter_env *iter_env, struct module_env *env, struct delegpt *dp, uint8_t *name, size_t namelen, uint16_t qtype, int *dnssec_lame, int *chase_to_rd, int open_target, struct sock_list *blacklist, time_t prefetch) |
Select a valid, nice target to send query to. More... | |
struct dns_msg * | dns_alloc_msg (sldns_buffer *pkt, struct msg_parse *msg, struct regional *region) |
Allocate dns_msg from parsed msg, in regional. More... | |
struct dns_msg * | dns_copy_msg (struct dns_msg *from, struct regional *region) |
Copy a dns_msg to this regional. More... | |
void | iter_dns_store (struct module_env *env, struct query_info *msgqinf, struct reply_info *msgrep, int is_referral, time_t leeway, int pside, struct regional *region, uint16_t flags, time_t qstarttime) |
Allocate a dns_msg with malloc/alloc structure and store in dns cache. More... | |
int | iter_ns_probability (struct ub_randstate *rnd, int n, int m) |
Select randomly with n/m probability. More... | |
static int | causes_cycle (struct module_qstate *qstate, uint8_t *name, size_t namelen, uint16_t t, uint16_t c) |
detect dependency cycle for query and target | |
void | iter_mark_cycle_targets (struct module_qstate *qstate, struct delegpt *dp) |
Mark targets that result in a dependency cycle as done, so they will not get selected as targets. More... | |
void | iter_mark_pside_cycle_targets (struct module_qstate *qstate, struct delegpt *dp) |
Mark targets that result in a dependency cycle as done, so they will not get selected as targets. More... | |
int | iter_dp_is_useless (struct query_info *qinfo, uint16_t qflags, struct delegpt *dp, int supports_ipv4, int supports_ipv6, int use_nat64) |
See if delegation is useful or offers immediately no targets for further recursion. More... | |
int | iter_qname_indicates_dnssec (struct module_env *env, struct query_info *qinfo) |
See if qname has DNSSEC needs. More... | |
int | iter_indicates_dnssec (struct module_env *env, struct delegpt *dp, struct dns_msg *msg, uint16_t dclass) |
See if delegation is expected to have DNSSEC information (RRSIGs) in its answers, or not. More... | |
int | iter_msg_has_dnssec (struct dns_msg *msg) |
See if a message contains DNSSEC. More... | |
int | iter_msg_from_zone (struct dns_msg *msg, struct delegpt *dp, enum response_type type, uint16_t dclass) |
See if a message is known to be from a certain zone. More... | |
static int | rrset_equal (struct ub_packed_rrset_key *k1, struct ub_packed_rrset_key *k2) |
check equality of two rrsets More... | |
static int | rrset_canonical_sort_cmp (const void *x, const void *y) |
compare rrsets and sort canonically. More... | |
int | reply_equal (struct reply_info *p, struct reply_info *q, struct regional *region) |
Check if two replies are equal For fallback procedures. More... | |
void | caps_strip_reply (struct reply_info *rep) |
Remove unused bits from the reply if possible. More... | |
int | caps_failed_rcode (struct reply_info *rep) |
see if reply has a 'useful' rcode for capsforid comparison, so not SERVFAIL or REFUSED, and thus NOERROR or NXDOMAIN. More... | |
void | iter_store_parentside_rrset (struct module_env *env, struct ub_packed_rrset_key *rrset) |
Store parent-side rrset in separate rrset cache entries for later last-resort * lookups in case the child-side versions of this information fails. More... | |
static struct ub_packed_rrset_key * | reply_get_NS_rrset (struct reply_info *rep) |
fetch NS record from reply, if any | |
void | iter_store_parentside_NS (struct module_env *env, struct reply_info *rep) |
Store parent-side NS records from a referral message. More... | |
void | iter_store_parentside_neg (struct module_env *env, struct query_info *qinfo, struct reply_info *rep) |
Store parent-side negative element, the parentside rrset does not exist, creates an rrset with empty rdata in the rrset cache with PARENTSIDE flag. More... | |
int | iter_lookup_parent_NS_from_cache (struct module_env *env, struct delegpt *dp, struct regional *region, struct query_info *qinfo) |
Add parent NS record if that exists in the cache. More... | |
int | iter_lookup_parent_glue_from_cache (struct module_env *env, struct delegpt *dp, struct regional *region, struct query_info *qinfo) |
Add parent-side glue if that exists in the cache. More... | |
int | iter_get_next_root (struct iter_hints *hints, struct iter_forwards *fwd, uint16_t *c) |
Lookup next root-hint or root-forward entry. More... | |
void | iter_scrub_ds (struct dns_msg *msg, struct ub_packed_rrset_key *ns, uint8_t *z) |
Remove DS records that are inappropriate before they are cached. More... | |
void | iter_scrub_nxdomain (struct dns_msg *msg) |
Prepare an NXDOMAIN message to be used for a subdomain answer by removing all RRs from the ANSWER section. More... | |
void | iter_dec_attempts (struct delegpt *dp, int d, int outbound_msg_retry) |
Remove query attempts from all available ips. More... | |
void | iter_merge_retry_counts (struct delegpt *dp, struct delegpt *old, int outbound_msg_retry) |
Add retry counts from older delegpt to newer delegpt. More... | |
int | iter_ds_toolow (struct dns_msg *msg, struct delegpt *dp) |
See if a DS response (type ANSWER) is too low: a nodata answer with a SOA record in the authority section at-or-below the qchase.qname. More... | |
int | iter_dp_cangodown (struct query_info *qinfo, struct delegpt *dp) |
See if delegpt can go down a step to the qname or not. More... | |
int | iter_stub_fwd_no_cache (struct module_qstate *qstate, struct query_info *qinf, uint8_t **retdpname, size_t *retdpnamelen, uint8_t *dpname_storage, size_t dpname_storage_len) |
Lookup if no_cache is set in stub or fwd. More... | |
void | iterator_set_ip46_support (struct module_stack *mods, struct module_env *env, struct outside_network *outnet) |
Set support for IP4 and IP6 depending on outgoing interfaces in the outside network. More... | |
void | limit_nsec_ttl (struct dns_msg *msg) |
Limit NSEC and NSEC3 TTL in response, RFC9077. More... | |
Variables | |
static const char | DEFAULT_NAT64_PREFIX [] = "64:ff9b::/96" |
if NAT64 is enabled and no NAT64 prefix is configured, first fall back to DNS64 prefix. More... | |
This file contains functions to assist the iterator module.
Configuration options. Forward zones.
int iter_apply_cfg | ( | struct iter_env * | iter_env, |
struct config_file * | cfg | ||
) |
Process config options and set iterator module state.
Sets default values if no config is found.
iter_env | iterator module state. |
cfg | config options. |
References addr_is_ip6(), iter_env::caps_white, caps_white_apply_cfg(), config_file::caps_whitelist, DEFAULT_NAT64_PREFIX, config_file::do_ip4, config_file::do_ip6, config_file::do_nat64, iter_env::donotq, donotq_apply_cfg(), donotq_create(), log_err(), iter_env::max_dependency_depth, iter_env::max_query_restarts, config_file::max_query_restarts, iter_env::max_sent_count, config_file::max_sent_count, name_tree_compare(), iter_env::nat64_prefix_addr, iter_env::nat64_prefix_addrlen, iter_env::nat64_prefix_net, netblockstrtoaddr(), iter_env::outbound_msg_retry, config_file::outbound_msg_retry, prefixnet_is_nat64(), iter_env::priv, priv_apply_cfg(), priv_create(), rbtree_create(), read_fetch_policy(), iter_env::supports_ipv4, iter_env::supports_ipv6, iter_env::target_fetch_policy, config_file::target_fetch_policy, iter_env::use_nat64, VERB_QUERY, and verbose().
Referenced by iter_init().
|
static |
filter out unsuitable targets
iter_env | iterator environment with ipv6-support flag. |
env | module environment with infra cache. |
name | zone name |
namelen | length of name |
qtype | query type (host order). |
now | current time |
a | address in delegation point we are examining. |
When a final value is chosen that is dnsseclame ; dnsseclameness checking is turned off (so we do not discard the reply). When a final value is chosen that is recursionlame; RD bit is set on query. Because of the numbers this means recursionlame also have dnssec lameness checking turned off.
References delegpt_addr::addr, addr_is_ip6(), delegpt_addr::addrlen, delegpt_addr::bogus, delegpt_addr::dnsseclame, iter_env::donotq, donotq_lookup(), module_env::infra_cache, infra_get_lame_rtt(), delegpt_addr::lame, log_addr(), name_tree_node::name, iter_env::supports_ipv4, iter_env::supports_ipv6, UNKNOWN_SERVER_NICENESS, iter_env::use_nat64, USEFUL_SERVER_TOP_TIMEOUT, VERB_ALGO, and verbose().
Referenced by iter_fill_rtt().
struct delegpt_addr* iter_server_selection | ( | struct iter_env * | iter_env, |
struct module_env * | env, | ||
struct delegpt * | dp, | ||
uint8_t * | name, | ||
size_t | namelen, | ||
uint16_t | qtype, | ||
int * | dnssec_lame, | ||
int * | chase_to_rd, | ||
int | open_target, | ||
struct sock_list * | blacklist, | ||
time_t | prefetch | ||
) |
Select a valid, nice target to send query to.
Sorting and removing unsuitable targets is combined.
iter_env | iterator module global state, with ip6 enabled and do-not-query-addresses. |
env | environment with infra cache (lameness, rtt info). |
dp | delegation point with result list. |
name | zone name (for lameness check). |
namelen | length of name. |
qtype | query type that we want to send. |
dnssec_lame | set to 1, if a known dnssec-lame server is selected these are not preferred, but are used as a last resort. |
chase_to_rd | set to 1 if a known recursion lame server is selected these are not preferred, but are used as a last resort. |
open_target | number of currently outstanding target queries. If we wait for these, perhaps more server addresses become available. |
blacklist | the IP blacklist to use. |
prefetch | if not 0, prefetch is in use for this query. This means the query can have different timing, because prefetch is not waited upon by the downstream client, and thus a good time to perform exploration of other targets. |
References delegpt_addr::attempts, BLACKLIST_PENALTY, iter_filter_order(), log_assert, delegpt_addr::next_result, module_env::now, iter_env::outbound_msg_retry, delegpt::result_list, module_env::rnd, ub_random_max(), USEFUL_SERVER_TOP_TIMEOUT, VERB_ALGO, and verbose().
struct dns_msg* dns_alloc_msg | ( | struct sldns_buffer * | pkt, |
struct msg_parse * | msg, | ||
struct regional * | regional | ||
) |
Allocate dns_msg from parsed msg, in regional.
pkt | packet. |
msg | parsed message (cleaned and ready for regional allocation). |
regional | regional to use for allocation. |
References log_err(), parse_create_msg(), dns_msg::qinfo, regional_alloc(), and dns_msg::rep.
Copy a dns_msg to this regional.
from | dns message, also in regional. |
regional | regional to use for allocation. |
References dns_msg::qinfo, query_info::qname, query_info::qname_len, regional_alloc(), regional_alloc_init(), dns_msg::rep, and reply_info_copy().
void iter_dns_store | ( | struct module_env * | env, |
struct query_info * | qinf, | ||
struct reply_info * | rep, | ||
int | is_referral, | ||
time_t | leeway, | ||
int | pside, | ||
struct regional * | region, | ||
uint16_t | flags, | ||
time_t | qstarttime | ||
) |
Allocate a dns_msg with malloc/alloc structure and store in dns cache.
env | environment, with alloc structure and dns cache. |
qinf | query info, the query for which answer is stored. |
rep | reply in dns_msg from dns_alloc_msg for example. |
is_referral | If true, then the given message to be stored is a referral. The cache implementation may use this as a hint. |
leeway | prefetch TTL leeway to expire old rrsets quicker. |
pside | true if dp is parentside, thus message is 'fresh' and NS can be prefetch-updates. |
region | to copy modified (cache is better) rrs back to. |
flags | with BIT_CD for dns64 AAAA translated queries. |
qstarttime | time of query start. return void, because we are not interested in alloc errors, the iterator and validator can operate on the results in their scratch space (the qstate.region) and are not dependent on the cache. It is useful to log the alloc failure (for the server operator), but the query resolution can continue without cache storage. |
References dns_cache_store(), and log_err().
int iter_ns_probability | ( | struct ub_randstate * | rnd, |
int | n, | ||
int | m | ||
) |
Select randomly with n/m probability.
For shuffle NS records for address fetching.
rnd | random table |
n | probability. |
m | divisor for probability. |
References ub_random_max().
Referenced by query_for_targets().
void iter_mark_cycle_targets | ( | struct module_qstate * | qstate, |
struct delegpt * | dp | ||
) |
Mark targets that result in a dependency cycle as done, so they will not get selected as targets.
qstate | query state. |
dp | delegpt to mark ns in. |
References causes_cycle(), LDNS_RR_TYPE_A, LDNS_RR_TYPE_AAAA, log_nametypeclass(), delegpt_ns::name, delegpt_ns::namelen, delegpt_ns::next, delegpt::nslist, query_info::qclass, module_qstate::qinfo, delegpt_ns::resolved, and VERB_QUERY.
Referenced by query_for_targets().
void iter_mark_pside_cycle_targets | ( | struct module_qstate * | qstate, |
struct delegpt * | dp | ||
) |
Mark targets that result in a dependency cycle as done, so they will not get selected as targets.
For the parent-side lookups.
qstate | query state. |
dp | delegpt to mark ns in. |
References causes_cycle(), delegpt_ns::done_pside4, delegpt_ns::done_pside6, LDNS_RR_TYPE_A, LDNS_RR_TYPE_AAAA, log_nametypeclass(), delegpt_ns::name, delegpt_ns::namelen, delegpt_ns::next, delegpt::nslist, query_info::qclass, module_qstate::qinfo, and VERB_QUERY.
int iter_dp_is_useless | ( | struct query_info * | qinfo, |
uint16_t | qflags, | ||
struct delegpt * | dp, | ||
int | supports_ipv4, | ||
int | supports_ipv6, | ||
int | use_nat64 | ||
) |
See if delegation is useful or offers immediately no targets for further recursion.
qinfo | query name and type |
qflags | query flags with RD flag |
dp | delegpt to check. |
supports_ipv4 | if we support ipv4 for lookups to the target. if not, then the IPv4 addresses are useless. |
supports_ipv6 | if we support ipv6 for lookups to the target. if not, then the IPv6 addresses are useless. |
use_nat64 | if we support NAT64 for lookups to the target. if yes, IPv4 addresses are useful even if we don't support IPv4. |
References delegpt_addr::addr, addr_is_ip6(), delegpt_addr::addrlen, BIT_RD, delegpt_find_ns(), dname_subdomain_c(), LDNS_RR_TYPE_A, LDNS_RR_TYPE_AAAA, delegpt::name, delegpt_ns::name, delegpt_ns::next, delegpt_addr::next_result, delegpt_addr::next_usable, delegpt::nslist, query_info::qname, query_info::qname_len, query_info::qtype, delegpt_ns::resolved, delegpt::result_list, and delegpt::usable_list.
int iter_qname_indicates_dnssec | ( | struct module_env * | env, |
struct query_info * | qinfo | ||
) |
See if qname has DNSSEC needs.
This is true if there is a trust anchor above it. Whether there is an insecure delegation to the data is unknown.
env | environment with anchors. |
qinfo | query name and class. |
References module_env::anchors, anchors_lookup(), trust_anchor::lock, trust_anchor::numDNSKEY, trust_anchor::numDS, query_info::qclass, query_info::qname, and query_info::qname_len.
int iter_indicates_dnssec | ( | struct module_env * | env, |
struct delegpt * | dp, | ||
struct dns_msg * | msg, | ||
uint16_t | dclass | ||
) |
See if delegation is expected to have DNSSEC information (RRSIGs) in its answers, or not.
Inspects delegation point (name), trust anchors, and delegation message (DS RRset) to determine this.
env | module env with trust anchors. |
dp | delegation point. |
msg | delegation message, with DS if a secure referral. |
dclass | class of query. |
References anchor_find(), module_env::anchors, trust_anchor::dclass, module_env::key_cache, key_cache_obtain(), key_entry_isbad(), key_entry_isgood(), key_entry_isnull(), LDNS_RR_TYPE_DS, trust_anchor::lock, delegpt::name, key_entry_key::name, delegpt::namelabs, delegpt::namelen, module_env::now, trust_anchor::numDNSKEY, trust_anchor::numDS, query_dname_compare(), regional_free_all(), dns_msg::rep, reply_find_rrset_section_ns(), and module_env::scratch.
Referenced by generate_parentside_target_query(), prime_root(), and processInitRequest3().
int iter_msg_has_dnssec | ( | struct dns_msg * | msg | ) |
See if a message contains DNSSEC.
This is examined by looking for RRSIGs. With DNSSEC a valid answer, nxdomain, nodata, referral or cname reply has RRSIGs in answer or auth sections, sigs on answer data, SOA, DS, or NSEC/NSEC3 records.
msg | message to examine. |
References reply_info::an_numrrsets, reply_info::ns_numrrsets, dns_msg::rep, and reply_info::rrsets.
Referenced by processQueryResponse().
int iter_msg_from_zone | ( | struct dns_msg * | msg, |
struct delegpt * | dp, | ||
enum response_type | type, | ||
uint16_t | dclass | ||
) |
See if a message is known to be from a certain zone.
This looks for SOA or NS rrsets, for answers. For referrals, when one label is delegated, the zone is detected. Does not look at signatures.
msg | the message to inspect. |
dp | delegation point with zone name to look for. |
type | type of message. |
dclass | class of query. |
References reply_info::an_numrrsets, packed_rrset_key::dname, dname_count_labels(), dname_strict_subdomain(), LDNS_RR_TYPE_NS, LDNS_RR_TYPE_SOA, log_assert, delegpt::name, delegpt::namelabs, delegpt::namelen, reply_info::ns_numrrsets, dns_msg::rep, reply_find_rrset_section_an(), reply_find_rrset_section_ns(), RESPONSE_TYPE_ANSWER, RESPONSE_TYPE_CNAME, RESPONSE_TYPE_REFERRAL, ub_packed_rrset_key::rk, packed_rrset_key::rrset_class, reply_info::rrsets, and packed_rrset_key::type.
Referenced by processQueryResponse().
|
static |
check equality of two rrsets
k1 | rrset |
k2 | rrset |
References packed_rrset_data::count, lruhash_entry::data, packed_rrset_key::dname, packed_rrset_key::dname_len, ub_packed_rrset_key::entry, packed_rrset_key::flags, query_dname_compare(), ub_packed_rrset_key::rk, packed_rrset_data::rr_data, packed_rrset_data::rr_len, packed_rrset_key::rrset_class, packed_rrset_data::rrsig_count, packed_rrset_data::security, packed_rrset_data::trust, and packed_rrset_key::type.
Referenced by reply_equal().
|
static |
compare rrsets and sort canonically.
Compares rrset name, type, class. return 0 if equal, +1 if x > y, and -1 if x < y.
References packed_rrset_key::dname, dname_canonical_compare(), ub_packed_rrset_key::rk, packed_rrset_key::rrset_class, and packed_rrset_key::type.
Referenced by reply_equal().
int reply_equal | ( | struct reply_info * | p, |
struct reply_info * | q, | ||
struct regional * | region | ||
) |
Check if two replies are equal For fallback procedures.
p | reply one. The reply has rrset data pointers in region. Does not check rrset-IDs |
q | reply two |
region | scratch buffer. |
References reply_info::an_numrrsets, reply_info::ar_numrrsets, reply_info::flags, log_assert, reply_info::ns_numrrsets, reply_info::qdcount, regional_alloc_init(), regional_free_all(), rrset_canonical_equal(), rrset_canonical_sort_cmp(), reply_info::rrset_count, rrset_equal(), reply_info::rrsets, and reply_info::security.
void caps_strip_reply | ( | struct reply_info * | rep | ) |
Remove unused bits from the reply if possible.
So that caps-for-id (0x20) fallback is more likely to be successful. This removes like, the additional section, and NS record in the authority section if those records are gratuitous (not for a referral).
rep | the reply to strip stuff out of. |
References reply_info::an_numrrsets, reply_info::ar_numrrsets, BIT_AA, reply_info::flags, LDNS_RR_TYPE_NS, reply_info::ns_numrrsets, ub_packed_rrset_key::rk, reply_info::rrset_count, reply_info::rrsets, packed_rrset_key::type, VERB_ALGO, and verbose().
int caps_failed_rcode | ( | struct reply_info * | rep | ) |
see if reply has a 'useful' rcode for capsforid comparison, so not SERVFAIL or REFUSED, and thus NOERROR or NXDOMAIN.
rep | reply to check. |
References reply_info::flags, and FLAGS_GET_RCODE.
void iter_store_parentside_rrset | ( | struct module_env * | env, |
struct ub_packed_rrset_key * | rrset | ||
) |
Store parent-side rrset in separate rrset cache entries for later last-resort * lookups in case the child-side versions of this information fails.
env | environment with cache, time, ... |
rrset | the rrset to store (copied). Failure to store is logged, but otherwise ignored. |
References module_env::alloc, ub_packed_rrset_key::entry, packed_rrset_key::flags, lruhash_entry::hash, rrset_ref::id, ub_packed_rrset_key::id, rrset_ref::key, log_err(), module_env::now, packed_rrset_copy_alloc(), PACKED_RRSET_PARENT_SIDE, ub_packed_rrset_key::rk, module_env::rrset_cache, rrset_cache_update(), and rrset_key_hash().
Referenced by iter_store_parentside_NS().
void iter_store_parentside_NS | ( | struct module_env * | env, |
struct reply_info * | rep | ||
) |
Store parent-side NS records from a referral message.
env | environment with cache, time, ... |
rep | response with NS rrset. Failure to store is logged, but otherwise ignored. |
References iter_store_parentside_rrset(), log_rrset_key(), reply_get_NS_rrset(), and VERB_ALGO.
void iter_store_parentside_neg | ( | struct module_env * | env, |
struct query_info * | qinfo, | ||
struct reply_info * | rep | ||
) |
Store parent-side negative element, the parentside rrset does not exist, creates an rrset with empty rdata in the rrset cache with PARENTSIDE flag.
env | environment with cache, time, ... |
qinfo | the identity of the rrset that is missing. |
rep | delegation response or answer response, to glean TTL from. (malloc) failure is logged but otherwise ignored. |
References packed_rrset_data::count, lruhash_entry::data, packed_rrset_key::dname, packed_rrset_key::dname_len, ub_packed_rrset_key::entry, packed_rrset_key::flags, lruhash_entry::hash, lruhash_entry::key, log_err(), NORR_TTL, packed_rrset_ptr_fixup(), query_info::qclass, query_info::qname, query_info::qname_len, query_info::qtype, regional_alloc(), regional_alloc_init(), regional_alloc_zero(), reply_get_NS_rrset(), ub_packed_rrset_key::rk, packed_rrset_data::rr_len, packed_rrset_data::rr_ttl, packed_rrset_key::rrset_class, reply_info::rrset_count, rrset_key_hash(), rrset_trust_ans_noAA, reply_info::rrsets, packed_rrset_data::rrsig_count, module_env::scratch, packed_rrset_data::trust, packed_rrset_data::ttl, packed_rrset_key::type, and ub_packed_rrset_ttl().
Referenced by processFinished().
int iter_lookup_parent_NS_from_cache | ( | struct module_env * | env, |
struct delegpt * | dp, | ||
struct regional * | region, | ||
struct query_info * | qinfo | ||
) |
Add parent NS record if that exists in the cache.
This is both new information and acts like a timeout throttle on retries.
env | query env with rrset cache and time. |
dp | delegation point to store result in. Also this dp is used to see which NS name is needed. |
region | region to alloc result in. |
qinfo | pertinent information, the qclass. |
References delegpt_rrset_add_ns(), ub_packed_rrset_key::entry, delegpt::has_parent_side_NS, LDNS_RR_TYPE_NS, lruhash_entry::lock, log_rrset_key(), delegpt::name, delegpt::namelen, module_env::now, PACKED_RRSET_PARENT_SIDE, query_info::qclass, module_env::rrset_cache, rrset_cache_lookup(), and VERB_ALGO.
int iter_lookup_parent_glue_from_cache | ( | struct module_env * | env, |
struct delegpt * | dp, | ||
struct regional * | region, | ||
struct query_info * | qinfo | ||
) |
Add parent-side glue if that exists in the cache.
This is both new information and acts like a timeout throttle on retries to fetch them.
env | query env with rrset cache and time. |
dp | delegation point to store result in. Also this dp is used to see which NS name is needed. |
region | region to alloc result in. |
qinfo | pertinent information, the qclass. |
References delegpt_ns::cache_lookup_count, delegpt_count_targets(), delegpt_ns::next, and delegpt::nslist.
int iter_get_next_root | ( | struct iter_hints * | hints, |
struct iter_forwards * | fwd, | ||
uint16_t * | c | ||
) |
Lookup next root-hint or root-forward entry.
hints | the hints. |
fwd | the forwards. |
c | the class to start searching at. 0 means find first one. |
References forwards_next_root(), hints_next_root(), iter_forwards::lock, and iter_hints::lock.
Referenced by processCollectClass().
void iter_scrub_ds | ( | struct dns_msg * | msg, |
struct ub_packed_rrset_key * | ns, | ||
uint8_t * | z | ||
) |
Remove DS records that are inappropriate before they are cached.
msg | the response to scrub. |
ns | RRSET that is the NS record for the referral. if NULL, then all DS records are removed from the authority section. |
z | zone name that the response is from. |
References reply_info::an_numrrsets, packed_rrset_key::dname, dname_subdomain_c(), LDNS_RR_TYPE_DS, log_nametypeclass(), reply_info::ns_numrrsets, query_dname_compare(), dns_msg::rep, ub_packed_rrset_key::rk, packed_rrset_key::rrset_class, reply_info::rrset_count, reply_info::rrsets, packed_rrset_key::type, and VERB_ALGO.
Referenced by processQueryResponse().
void iter_scrub_nxdomain | ( | struct dns_msg * | msg | ) |
Prepare an NXDOMAIN message to be used for a subdomain answer by removing all RRs from the ANSWER section.
msg | the response to scrub. |
References reply_info::an_numrrsets, dns_msg::rep, reply_info::rrset_count, and reply_info::rrsets.
void iter_dec_attempts | ( | struct delegpt * | dp, |
int | d, | ||
int | outbound_msg_retry | ||
) |
Remove query attempts from all available ips.
For 0x20.
dp | delegpt. |
d | decrease. |
outbound_msg_retry | number of retries of outgoing queries |
References delegpt_addr::attempts, delegpt_add_to_result_list(), delegpt_addr::next_target, and delegpt::target_list.
Referenced by process_response().
Add retry counts from older delegpt to newer delegpt.
Does not waste time on timeout'd (or other failing) addresses.
dp | new delegationpoint. |
old | old delegationpoint. |
outbound_msg_retry | number of retries of outgoing queries |
References delegpt_addr::addr, delegpt_addr::addrlen, delegpt_addr::attempts, delegpt_find_addr(), log_addr(), delegpt_addr::next_target, delegpt_addr::next_usable, delegpt::target_list, delegpt::usable_list, and VERB_ALGO.
See if a DS response (type ANSWER) is too low: a nodata answer with a SOA record in the authority section at-or-below the qchase.qname.
Also returns true if we are not sure (i.e. empty message, CNAME nosig).
msg | the response. |
dp | the dp name is used to check if the RRSIG gives a clue that it was originated from the correct nameserver. |
References reply_info::an_numrrsets, packed_rrset_key::dname, dname_subdomain_c(), LDNS_RR_TYPE_CNAME, LDNS_RR_TYPE_DNAME, LDNS_RR_TYPE_DS, LDNS_RR_TYPE_SOA, delegpt::name, reply_info::ns_numrrsets, dns_msg::qinfo, query_info::qname, query_dname_compare(), dns_msg::rep, ub_packed_rrset_key::rk, reply_info::rrsets, packed_rrset_key::type, and val_find_rrset_signer().
int iter_dp_cangodown | ( | struct query_info * | qinfo, |
struct delegpt * | dp | ||
) |
See if delegpt can go down a step to the qname or not.
qinfo | the query name looked up. |
dp | checked if the name can go lower to the qname |
References dname_count_labels(), delegpt::name, delegpt::namelabs, query_info::qname, and query_dname_compare().
int iter_stub_fwd_no_cache | ( | struct module_qstate * | qstate, |
struct query_info * | qinf, | ||
uint8_t ** | retdpname, | ||
size_t * | retdpnamelen, | ||
uint8_t * | dpname_storage, | ||
size_t | dpname_storage_len | ||
) |
Lookup if no_cache is set in stub or fwd.
qstate | query state with env with hints and fwds. |
qinf | query name to lookup for. |
retdpname | returns NULL or the deepest enclosing name of fwd or stub. This is the name under which the closest lookup is going to happen. Used for NXDOMAIN checks, above that it is an nxdomain from a different server and zone. You can pass NULL to not get it. |
retdpnamelen | returns the length of the dpname. |
dpname_storage | this is where the dpname buf is stored, if any. So that caller can manage the buffer. |
dpname_storage_len | size of dpname_storage buffer. |
References dname_str(), dname_strict_subdomain(), iter_hints_stub::dp, module_qstate::env, forwards_lookup(), module_env::fwds, module_env::hints, hints_lookup_stub(), iter_forwards::lock, iter_hints::lock, delegpt::name, delegpt::namelabs, delegpt::namelen, query_info::qclass, query_info::qname, VERB_ALGO, and verbose().
void iterator_set_ip46_support | ( | struct module_stack * | mods, |
struct module_env * | env, | ||
struct outside_network * | outnet | ||
) |
Set support for IP4 and IP6 depending on outgoing interfaces in the outside network.
If none, no support, so no use to lookup the AAAA and then attempt to use it if there is no outgoing-interface for it.
mods | modstack to find iterator module in. |
env | module env, find iterator module (if one) in there. |
outnet | outside network structure. |
References module_env::modinfo, modstack_find(), outside_network::num_ip4, outside_network::num_ip6, outside_network::pending, iter_env::supports_ipv4, and iter_env::supports_ipv6.
void limit_nsec_ttl | ( | struct dns_msg * | msg | ) |
Limit NSEC and NSEC3 TTL in response, RFC9077.
msg | dns message, the SOA record ttl is used to restrict ttls of NSEC and NSEC3 RRsets. If no SOA record, nothing happens. |
References lruhash_entry::data, ub_packed_rrset_key::entry, LDNS_RR_TYPE_SOA, dns_msg::rep, ub_packed_rrset_key::rk, reply_info::rrset_count, reply_info::rrsets, packed_rrset_data::ttl, and packed_rrset_key::type.
|
static |
if NAT64 is enabled and no NAT64 prefix is configured, first fall back to DNS64 prefix.
If that is not configured, fall back to this default value.
Referenced by iter_apply_cfg().