Macros | Functions
iter_utils.h File Reference

This file contains functions to assist the iterator module. More...

#include "iterator/iter_resptype.h"

Macros

#define ITERATOR_NAME_CACHELOOKUP_MAX   3
 
#define ITERATOR_NAME_CACHELOOKUP_MAX_PSIDE   5
 

Functions

int iter_apply_cfg (struct iter_env *iter_env, struct config_file *cfg)
 Process config options and set iterator module state. More...
 
struct delegpt_addriter_server_selection (struct iter_env *iter_env, struct module_env *env, struct delegpt *dp, uint8_t *name, size_t namelen, uint16_t qtype, int *dnssec_lame, int *chase_to_rd, int open_target, struct sock_list *blacklist, time_t prefetch)
 Select a valid, nice target to send query to. More...
 
struct dns_msgdns_alloc_msg (struct sldns_buffer *pkt, struct msg_parse *msg, struct regional *regional)
 Allocate dns_msg from parsed msg, in regional. More...
 
struct dns_msgdns_copy_msg (struct dns_msg *from, struct regional *regional)
 Copy a dns_msg to this regional. More...
 
void iter_dns_store (struct module_env *env, struct query_info *qinf, struct reply_info *rep, int is_referral, time_t leeway, int pside, struct regional *region, uint16_t flags, time_t qstarttime)
 Allocate a dns_msg with malloc/alloc structure and store in dns cache. More...
 
int iter_ns_probability (struct ub_randstate *rnd, int n, int m)
 Select randomly with n/m probability. More...
 
void iter_mark_cycle_targets (struct module_qstate *qstate, struct delegpt *dp)
 Mark targets that result in a dependency cycle as done, so they will not get selected as targets. More...
 
void iter_mark_pside_cycle_targets (struct module_qstate *qstate, struct delegpt *dp)
 Mark targets that result in a dependency cycle as done, so they will not get selected as targets. More...
 
int iter_dp_is_useless (struct query_info *qinfo, uint16_t qflags, struct delegpt *dp, int supports_ipv4, int supports_ipv6, int use_nat64)
 See if delegation is useful or offers immediately no targets for further recursion. More...
 
int iter_qname_indicates_dnssec (struct module_env *env, struct query_info *qinfo)
 See if qname has DNSSEC needs. More...
 
int iter_indicates_dnssec (struct module_env *env, struct delegpt *dp, struct dns_msg *msg, uint16_t dclass)
 See if delegation is expected to have DNSSEC information (RRSIGs) in its answers, or not. More...
 
int iter_msg_has_dnssec (struct dns_msg *msg)
 See if a message contains DNSSEC. More...
 
int iter_msg_from_zone (struct dns_msg *msg, struct delegpt *dp, enum response_type type, uint16_t dclass)
 See if a message is known to be from a certain zone. More...
 
int reply_equal (struct reply_info *p, struct reply_info *q, struct regional *region)
 Check if two replies are equal For fallback procedures. More...
 
void caps_strip_reply (struct reply_info *rep)
 Remove unused bits from the reply if possible. More...
 
int caps_failed_rcode (struct reply_info *rep)
 see if reply has a 'useful' rcode for capsforid comparison, so not SERVFAIL or REFUSED, and thus NOERROR or NXDOMAIN. More...
 
void iter_store_parentside_rrset (struct module_env *env, struct ub_packed_rrset_key *rrset)
 Store parent-side rrset in separate rrset cache entries for later last-resort * lookups in case the child-side versions of this information fails. More...
 
void iter_store_parentside_NS (struct module_env *env, struct reply_info *rep)
 Store parent-side NS records from a referral message. More...
 
void iter_store_parentside_neg (struct module_env *env, struct query_info *qinfo, struct reply_info *rep)
 Store parent-side negative element, the parentside rrset does not exist, creates an rrset with empty rdata in the rrset cache with PARENTSIDE flag. More...
 
int iter_lookup_parent_NS_from_cache (struct module_env *env, struct delegpt *dp, struct regional *region, struct query_info *qinfo)
 Add parent NS record if that exists in the cache. More...
 
int iter_lookup_parent_glue_from_cache (struct module_env *env, struct delegpt *dp, struct regional *region, struct query_info *qinfo)
 Add parent-side glue if that exists in the cache. More...
 
int iter_get_next_root (struct iter_hints *hints, struct iter_forwards *fwd, uint16_t *c)
 Lookup next root-hint or root-forward entry. More...
 
void iter_scrub_ds (struct dns_msg *msg, struct ub_packed_rrset_key *ns, uint8_t *z)
 Remove DS records that are inappropriate before they are cached. More...
 
void iter_scrub_nxdomain (struct dns_msg *msg)
 Prepare an NXDOMAIN message to be used for a subdomain answer by removing all RRs from the ANSWER section. More...
 
void iter_dec_attempts (struct delegpt *dp, int d, int outbound_msg_retry)
 Remove query attempts from all available ips. More...
 
void iter_merge_retry_counts (struct delegpt *dp, struct delegpt *old, int outbound_msg_retry)
 Add retry counts from older delegpt to newer delegpt. More...
 
int iter_ds_toolow (struct dns_msg *msg, struct delegpt *dp)
 See if a DS response (type ANSWER) is too low: a nodata answer with a SOA record in the authority section at-or-below the qchase.qname. More...
 
int iter_dp_cangodown (struct query_info *qinfo, struct delegpt *dp)
 See if delegpt can go down a step to the qname or not. More...
 
int iter_stub_fwd_no_cache (struct module_qstate *qstate, struct query_info *qinf, uint8_t **retdpname, size_t *retdpnamelen, uint8_t *dpname_storage, size_t dpname_storage_len)
 Lookup if no_cache is set in stub or fwd. More...
 
void iterator_set_ip46_support (struct module_stack *mods, struct module_env *env, struct outside_network *outnet)
 Set support for IP4 and IP6 depending on outgoing interfaces in the outside network. More...
 
void limit_nsec_ttl (struct dns_msg *msg)
 Limit NSEC and NSEC3 TTL in response, RFC9077. More...
 

Detailed Description

This file contains functions to assist the iterator module.

Configuration options. Forward zones.

Function Documentation

◆ iter_apply_cfg()

int iter_apply_cfg ( struct iter_env iter_env,
struct config_file cfg 
)

Process config options and set iterator module state.

Sets default values if no config is found.

Parameters
iter_enviterator module state.
cfgconfig options.
Returns
0 on error.

References addr_is_ip6(), iter_env::caps_white, caps_white_apply_cfg(), config_file::caps_whitelist, DEFAULT_NAT64_PREFIX, config_file::do_ip4, config_file::do_ip6, config_file::do_nat64, iter_env::donotq, donotq_apply_cfg(), donotq_create(), log_err(), iter_env::max_dependency_depth, iter_env::max_query_restarts, config_file::max_query_restarts, iter_env::max_sent_count, config_file::max_sent_count, name_tree_compare(), iter_env::nat64_prefix_addr, iter_env::nat64_prefix_addrlen, iter_env::nat64_prefix_net, netblockstrtoaddr(), iter_env::outbound_msg_retry, config_file::outbound_msg_retry, prefixnet_is_nat64(), iter_env::priv, priv_apply_cfg(), priv_create(), rbtree_create(), read_fetch_policy(), iter_env::supports_ipv4, iter_env::supports_ipv6, iter_env::target_fetch_policy, config_file::target_fetch_policy, iter_env::use_nat64, VERB_QUERY, and verbose().

Referenced by iter_init().

◆ iter_server_selection()

struct delegpt_addr* iter_server_selection ( struct iter_env iter_env,
struct module_env env,
struct delegpt dp,
uint8_t *  name,
size_t  namelen,
uint16_t  qtype,
int *  dnssec_lame,
int *  chase_to_rd,
int  open_target,
struct sock_list blacklist,
time_t  prefetch 
)

Select a valid, nice target to send query to.

Sorting and removing unsuitable targets is combined.

Parameters
iter_enviterator module global state, with ip6 enabled and do-not-query-addresses.
envenvironment with infra cache (lameness, rtt info).
dpdelegation point with result list.
namezone name (for lameness check).
namelenlength of name.
qtypequery type that we want to send.
dnssec_lameset to 1, if a known dnssec-lame server is selected these are not preferred, but are used as a last resort.
chase_to_rdset to 1 if a known recursion lame server is selected these are not preferred, but are used as a last resort.
open_targetnumber of currently outstanding target queries. If we wait for these, perhaps more server addresses become available.
blacklistthe IP blacklist to use.
prefetchif not 0, prefetch is in use for this query. This means the query can have different timing, because prefetch is not waited upon by the downstream client, and thus a good time to perform exploration of other targets.
Returns
best target or NULL if no target. if not null, that target is removed from the result list in the dp.

References delegpt_addr::attempts, BLACKLIST_PENALTY, iter_filter_order(), log_assert, delegpt_addr::next_result, module_env::now, iter_env::outbound_msg_retry, delegpt::result_list, module_env::rnd, ub_random_max(), USEFUL_SERVER_TOP_TIMEOUT, VERB_ALGO, and verbose().

◆ dns_alloc_msg()

struct dns_msg* dns_alloc_msg ( struct sldns_buffer pkt,
struct msg_parse msg,
struct regional regional 
)

Allocate dns_msg from parsed msg, in regional.

Parameters
pktpacket.
msgparsed message (cleaned and ready for regional allocation).
regionalregional to use for allocation.
Returns
newly allocated dns_msg, or NULL on memory error.

References log_err(), parse_create_msg(), dns_msg::qinfo, regional_alloc(), and dns_msg::rep.

◆ dns_copy_msg()

struct dns_msg* dns_copy_msg ( struct dns_msg from,
struct regional regional 
)

Copy a dns_msg to this regional.

Parameters
fromdns message, also in regional.
regionalregional to use for allocation.
Returns
newly allocated dns_msg, or NULL on memory error.

References dns_msg::qinfo, query_info::qname, query_info::qname_len, regional_alloc(), regional_alloc_init(), dns_msg::rep, and reply_info_copy().

◆ iter_dns_store()

void iter_dns_store ( struct module_env env,
struct query_info qinf,
struct reply_info rep,
int  is_referral,
time_t  leeway,
int  pside,
struct regional region,
uint16_t  flags,
time_t  qstarttime 
)

Allocate a dns_msg with malloc/alloc structure and store in dns cache.

Parameters
envenvironment, with alloc structure and dns cache.
qinfquery info, the query for which answer is stored.
repreply in dns_msg from dns_alloc_msg for example.
is_referralIf true, then the given message to be stored is a referral. The cache implementation may use this as a hint.
leewayprefetch TTL leeway to expire old rrsets quicker.
psidetrue if dp is parentside, thus message is 'fresh' and NS can be prefetch-updates.
regionto copy modified (cache is better) rrs back to.
flagswith BIT_CD for dns64 AAAA translated queries.
qstarttimetime of query start. return void, because we are not interested in alloc errors, the iterator and validator can operate on the results in their scratch space (the qstate.region) and are not dependent on the cache. It is useful to log the alloc failure (for the server operator), but the query resolution can continue without cache storage.

References dns_cache_store(), and log_err().

◆ iter_ns_probability()

int iter_ns_probability ( struct ub_randstate *  rnd,
int  n,
int  m 
)

Select randomly with n/m probability.

For shuffle NS records for address fetching.

Parameters
rndrandom table
nprobability.
mdivisor for probability.
Returns
true with n/m probability.

References ub_random_max().

Referenced by query_for_targets().

◆ iter_mark_cycle_targets()

void iter_mark_cycle_targets ( struct module_qstate qstate,
struct delegpt dp 
)

Mark targets that result in a dependency cycle as done, so they will not get selected as targets.

Parameters
qstatequery state.
dpdelegpt to mark ns in.

References causes_cycle(), LDNS_RR_TYPE_A, LDNS_RR_TYPE_AAAA, log_nametypeclass(), delegpt_ns::name, delegpt_ns::namelen, delegpt_ns::next, delegpt::nslist, query_info::qclass, module_qstate::qinfo, delegpt_ns::resolved, and VERB_QUERY.

Referenced by query_for_targets().

◆ iter_mark_pside_cycle_targets()

void iter_mark_pside_cycle_targets ( struct module_qstate qstate,
struct delegpt dp 
)

Mark targets that result in a dependency cycle as done, so they will not get selected as targets.

For the parent-side lookups.

Parameters
qstatequery state.
dpdelegpt to mark ns in.

References causes_cycle(), delegpt_ns::done_pside4, delegpt_ns::done_pside6, LDNS_RR_TYPE_A, LDNS_RR_TYPE_AAAA, log_nametypeclass(), delegpt_ns::name, delegpt_ns::namelen, delegpt_ns::next, delegpt::nslist, query_info::qclass, module_qstate::qinfo, and VERB_QUERY.

◆ iter_dp_is_useless()

int iter_dp_is_useless ( struct query_info qinfo,
uint16_t  qflags,
struct delegpt dp,
int  supports_ipv4,
int  supports_ipv6,
int  use_nat64 
)

See if delegation is useful or offers immediately no targets for further recursion.

Parameters
qinfoquery name and type
qflagsquery flags with RD flag
dpdelegpt to check.
supports_ipv4if we support ipv4 for lookups to the target. if not, then the IPv4 addresses are useless.
supports_ipv6if we support ipv6 for lookups to the target. if not, then the IPv6 addresses are useless.
use_nat64if we support NAT64 for lookups to the target. if yes, IPv4 addresses are useful even if we don't support IPv4.
Returns
true if dp is useless.

References delegpt_addr::addr, addr_is_ip6(), delegpt_addr::addrlen, BIT_RD, delegpt_find_ns(), dname_subdomain_c(), LDNS_RR_TYPE_A, LDNS_RR_TYPE_AAAA, delegpt::name, delegpt_ns::name, delegpt_ns::next, delegpt_addr::next_result, delegpt_addr::next_usable, delegpt::nslist, query_info::qname, query_info::qname_len, query_info::qtype, delegpt_ns::resolved, delegpt::result_list, and delegpt::usable_list.

◆ iter_qname_indicates_dnssec()

int iter_qname_indicates_dnssec ( struct module_env env,
struct query_info qinfo 
)

See if qname has DNSSEC needs.

This is true if there is a trust anchor above it. Whether there is an insecure delegation to the data is unknown.

Parameters
envenvironment with anchors.
qinfoquery name and class.
Returns
true if trust anchor above qname, false if no anchor or insecure point above qname.

References module_env::anchors, anchors_lookup(), trust_anchor::lock, trust_anchor::numDNSKEY, trust_anchor::numDS, query_info::qclass, query_info::qname, and query_info::qname_len.

◆ iter_indicates_dnssec()

int iter_indicates_dnssec ( struct module_env env,
struct delegpt dp,
struct dns_msg msg,
uint16_t  dclass 
)

See if delegation is expected to have DNSSEC information (RRSIGs) in its answers, or not.

Inspects delegation point (name), trust anchors, and delegation message (DS RRset) to determine this.

Parameters
envmodule env with trust anchors.
dpdelegation point.
msgdelegation message, with DS if a secure referral.
dclassclass of query.
Returns
1 if dnssec is expected, 0 if not or insecure point above qname.

References anchor_find(), module_env::anchors, trust_anchor::dclass, module_env::key_cache, key_cache_obtain(), key_entry_isbad(), key_entry_isgood(), key_entry_isnull(), LDNS_RR_TYPE_DS, trust_anchor::lock, delegpt::name, key_entry_key::name, delegpt::namelabs, delegpt::namelen, module_env::now, trust_anchor::numDNSKEY, trust_anchor::numDS, query_dname_compare(), regional_free_all(), dns_msg::rep, reply_find_rrset_section_ns(), and module_env::scratch.

Referenced by generate_parentside_target_query(), prime_root(), and processInitRequest3().

◆ iter_msg_has_dnssec()

int iter_msg_has_dnssec ( struct dns_msg msg)

See if a message contains DNSSEC.

This is examined by looking for RRSIGs. With DNSSEC a valid answer, nxdomain, nodata, referral or cname reply has RRSIGs in answer or auth sections, sigs on answer data, SOA, DS, or NSEC/NSEC3 records.

Parameters
msgmessage to examine.
Returns
true if DNSSEC information was found.

References reply_info::an_numrrsets, reply_info::ns_numrrsets, dns_msg::rep, and reply_info::rrsets.

Referenced by processQueryResponse().

◆ iter_msg_from_zone()

int iter_msg_from_zone ( struct dns_msg msg,
struct delegpt dp,
enum response_type  type,
uint16_t  dclass 
)

See if a message is known to be from a certain zone.

This looks for SOA or NS rrsets, for answers. For referrals, when one label is delegated, the zone is detected. Does not look at signatures.

Parameters
msgthe message to inspect.
dpdelegation point with zone name to look for.
typetype of message.
dclassclass of query.
Returns
true if message is certain to be from zone in dp->name. false if not sure (empty msg), or not from the zone.

References reply_info::an_numrrsets, packed_rrset_key::dname, dname_count_labels(), dname_strict_subdomain(), LDNS_RR_TYPE_NS, LDNS_RR_TYPE_SOA, log_assert, delegpt::name, delegpt::namelabs, delegpt::namelen, reply_info::ns_numrrsets, dns_msg::rep, reply_find_rrset_section_an(), reply_find_rrset_section_ns(), RESPONSE_TYPE_ANSWER, RESPONSE_TYPE_CNAME, RESPONSE_TYPE_REFERRAL, ub_packed_rrset_key::rk, packed_rrset_key::rrset_class, reply_info::rrsets, and packed_rrset_key::type.

Referenced by processQueryResponse().

◆ reply_equal()

int reply_equal ( struct reply_info p,
struct reply_info q,
struct regional region 
)

Check if two replies are equal For fallback procedures.

Parameters
preply one. The reply has rrset data pointers in region. Does not check rrset-IDs
qreply two
regionscratch buffer.
Returns
if one and two are equal.

References reply_info::an_numrrsets, reply_info::ar_numrrsets, reply_info::flags, log_assert, reply_info::ns_numrrsets, reply_info::qdcount, regional_alloc_init(), regional_free_all(), rrset_canonical_equal(), rrset_canonical_sort_cmp(), reply_info::rrset_count, rrset_equal(), reply_info::rrsets, and reply_info::security.

◆ caps_strip_reply()

void caps_strip_reply ( struct reply_info rep)

Remove unused bits from the reply if possible.

So that caps-for-id (0x20) fallback is more likely to be successful. This removes like, the additional section, and NS record in the authority section if those records are gratuitous (not for a referral).

Parameters
repthe reply to strip stuff out of.

References reply_info::an_numrrsets, reply_info::ar_numrrsets, BIT_AA, reply_info::flags, LDNS_RR_TYPE_NS, reply_info::ns_numrrsets, ub_packed_rrset_key::rk, reply_info::rrset_count, reply_info::rrsets, packed_rrset_key::type, VERB_ALGO, and verbose().

◆ caps_failed_rcode()

int caps_failed_rcode ( struct reply_info rep)

see if reply has a 'useful' rcode for capsforid comparison, so not SERVFAIL or REFUSED, and thus NOERROR or NXDOMAIN.

Parameters
repreply to check.
Returns
true if the rcode is a bad type of message.

References reply_info::flags, and FLAGS_GET_RCODE.

◆ iter_store_parentside_rrset()

void iter_store_parentside_rrset ( struct module_env env,
struct ub_packed_rrset_key rrset 
)

Store parent-side rrset in separate rrset cache entries for later last-resort * lookups in case the child-side versions of this information fails.

Parameters
envenvironment with cache, time, ...
rrsetthe rrset to store (copied). Failure to store is logged, but otherwise ignored.

References module_env::alloc, ub_packed_rrset_key::entry, packed_rrset_key::flags, lruhash_entry::hash, rrset_ref::id, ub_packed_rrset_key::id, rrset_ref::key, log_err(), module_env::now, packed_rrset_copy_alloc(), PACKED_RRSET_PARENT_SIDE, ub_packed_rrset_key::rk, module_env::rrset_cache, rrset_cache_update(), and rrset_key_hash().

Referenced by iter_store_parentside_NS().

◆ iter_store_parentside_NS()

void iter_store_parentside_NS ( struct module_env env,
struct reply_info rep 
)

Store parent-side NS records from a referral message.

Parameters
envenvironment with cache, time, ...
represponse with NS rrset. Failure to store is logged, but otherwise ignored.

References iter_store_parentside_rrset(), log_rrset_key(), reply_get_NS_rrset(), and VERB_ALGO.

◆ iter_store_parentside_neg()

void iter_store_parentside_neg ( struct module_env env,
struct query_info qinfo,
struct reply_info rep 
)

Store parent-side negative element, the parentside rrset does not exist, creates an rrset with empty rdata in the rrset cache with PARENTSIDE flag.

Parameters
envenvironment with cache, time, ...
qinfothe identity of the rrset that is missing.
repdelegation response or answer response, to glean TTL from. (malloc) failure is logged but otherwise ignored.

References packed_rrset_data::count, lruhash_entry::data, packed_rrset_key::dname, packed_rrset_key::dname_len, ub_packed_rrset_key::entry, packed_rrset_key::flags, lruhash_entry::hash, lruhash_entry::key, log_err(), NORR_TTL, packed_rrset_ptr_fixup(), query_info::qclass, query_info::qname, query_info::qname_len, query_info::qtype, regional_alloc(), regional_alloc_init(), regional_alloc_zero(), reply_get_NS_rrset(), ub_packed_rrset_key::rk, packed_rrset_data::rr_len, packed_rrset_data::rr_ttl, packed_rrset_key::rrset_class, reply_info::rrset_count, rrset_key_hash(), rrset_trust_ans_noAA, reply_info::rrsets, packed_rrset_data::rrsig_count, module_env::scratch, packed_rrset_data::trust, packed_rrset_data::ttl, packed_rrset_key::type, and ub_packed_rrset_ttl().

Referenced by processFinished().

◆ iter_lookup_parent_NS_from_cache()

int iter_lookup_parent_NS_from_cache ( struct module_env env,
struct delegpt dp,
struct regional region,
struct query_info qinfo 
)

Add parent NS record if that exists in the cache.

This is both new information and acts like a timeout throttle on retries.

Parameters
envquery env with rrset cache and time.
dpdelegation point to store result in. Also this dp is used to see which NS name is needed.
regionregion to alloc result in.
qinfopertinent information, the qclass.
Returns
false on malloc failure. if true, the routine worked and if such cached information existed dp->has_parent_side_NS is set true.

References delegpt_rrset_add_ns(), ub_packed_rrset_key::entry, delegpt::has_parent_side_NS, LDNS_RR_TYPE_NS, lruhash_entry::lock, log_rrset_key(), delegpt::name, delegpt::namelen, module_env::now, PACKED_RRSET_PARENT_SIDE, query_info::qclass, module_env::rrset_cache, rrset_cache_lookup(), and VERB_ALGO.

◆ iter_lookup_parent_glue_from_cache()

int iter_lookup_parent_glue_from_cache ( struct module_env env,
struct delegpt dp,
struct regional region,
struct query_info qinfo 
)

Add parent-side glue if that exists in the cache.

This is both new information and acts like a timeout throttle on retries to fetch them.

Parameters
envquery env with rrset cache and time.
dpdelegation point to store result in. Also this dp is used to see which NS name is needed.
regionregion to alloc result in.
qinfopertinent information, the qclass.
Returns
: true, it worked, no malloc failures, and new addresses (lame) have been added, giving extra options as query targets.

References delegpt_ns::cache_lookup_count, delegpt_count_targets(), delegpt_ns::next, and delegpt::nslist.

◆ iter_get_next_root()

int iter_get_next_root ( struct iter_hints hints,
struct iter_forwards fwd,
uint16_t *  c 
)

Lookup next root-hint or root-forward entry.

Parameters
hintsthe hints.
fwdthe forwards.
cthe class to start searching at. 0 means find first one.
Returns
false if no classes found, true if found and returned in c.

References forwards_next_root(), hints_next_root(), iter_forwards::lock, and iter_hints::lock.

Referenced by processCollectClass().

◆ iter_scrub_ds()

void iter_scrub_ds ( struct dns_msg msg,
struct ub_packed_rrset_key ns,
uint8_t *  z 
)

Remove DS records that are inappropriate before they are cached.

Parameters
msgthe response to scrub.
nsRRSET that is the NS record for the referral. if NULL, then all DS records are removed from the authority section.
zzone name that the response is from.

References reply_info::an_numrrsets, packed_rrset_key::dname, dname_subdomain_c(), LDNS_RR_TYPE_DS, log_nametypeclass(), reply_info::ns_numrrsets, query_dname_compare(), dns_msg::rep, ub_packed_rrset_key::rk, packed_rrset_key::rrset_class, reply_info::rrset_count, reply_info::rrsets, packed_rrset_key::type, and VERB_ALGO.

Referenced by processQueryResponse().

◆ iter_scrub_nxdomain()

void iter_scrub_nxdomain ( struct dns_msg msg)

Prepare an NXDOMAIN message to be used for a subdomain answer by removing all RRs from the ANSWER section.

Parameters
msgthe response to scrub.

References reply_info::an_numrrsets, dns_msg::rep, reply_info::rrset_count, and reply_info::rrsets.

◆ iter_dec_attempts()

void iter_dec_attempts ( struct delegpt dp,
int  d,
int  outbound_msg_retry 
)

Remove query attempts from all available ips.

For 0x20.

Parameters
dpdelegpt.
ddecrease.
outbound_msg_retrynumber of retries of outgoing queries

References delegpt_addr::attempts, delegpt_add_to_result_list(), delegpt_addr::next_target, and delegpt::target_list.

Referenced by process_response().

◆ iter_merge_retry_counts()

void iter_merge_retry_counts ( struct delegpt dp,
struct delegpt old,
int  outbound_msg_retry 
)

Add retry counts from older delegpt to newer delegpt.

Does not waste time on timeout'd (or other failing) addresses.

Parameters
dpnew delegationpoint.
oldold delegationpoint.
outbound_msg_retrynumber of retries of outgoing queries

References delegpt_addr::addr, delegpt_addr::addrlen, delegpt_addr::attempts, delegpt_find_addr(), log_addr(), delegpt_addr::next_target, delegpt_addr::next_usable, delegpt::target_list, delegpt::usable_list, and VERB_ALGO.

◆ iter_ds_toolow()

int iter_ds_toolow ( struct dns_msg msg,
struct delegpt dp 
)

See if a DS response (type ANSWER) is too low: a nodata answer with a SOA record in the authority section at-or-below the qchase.qname.

Also returns true if we are not sure (i.e. empty message, CNAME nosig).

Parameters
msgthe response.
dpthe dp name is used to check if the RRSIG gives a clue that it was originated from the correct nameserver.
Returns
true if too low.

References reply_info::an_numrrsets, packed_rrset_key::dname, dname_subdomain_c(), LDNS_RR_TYPE_CNAME, LDNS_RR_TYPE_DNAME, LDNS_RR_TYPE_DS, LDNS_RR_TYPE_SOA, delegpt::name, reply_info::ns_numrrsets, dns_msg::qinfo, query_info::qname, query_dname_compare(), dns_msg::rep, ub_packed_rrset_key::rk, reply_info::rrsets, packed_rrset_key::type, and val_find_rrset_signer().

◆ iter_dp_cangodown()

int iter_dp_cangodown ( struct query_info qinfo,
struct delegpt dp 
)

See if delegpt can go down a step to the qname or not.

Parameters
qinfothe query name looked up.
dpchecked if the name can go lower to the qname
Returns
true if can go down, false if that would not be possible. the current response seems to be the one and only, best possible, response.

References dname_count_labels(), delegpt::name, delegpt::namelabs, query_info::qname, and query_dname_compare().

◆ iter_stub_fwd_no_cache()

int iter_stub_fwd_no_cache ( struct module_qstate qstate,
struct query_info qinf,
uint8_t **  retdpname,
size_t *  retdpnamelen,
uint8_t *  dpname_storage,
size_t  dpname_storage_len 
)

Lookup if no_cache is set in stub or fwd.

Parameters
qstatequery state with env with hints and fwds.
qinfquery name to lookup for.
retdpnamereturns NULL or the deepest enclosing name of fwd or stub. This is the name under which the closest lookup is going to happen. Used for NXDOMAIN checks, above that it is an nxdomain from a different server and zone. You can pass NULL to not get it.
retdpnamelenreturns the length of the dpname.
dpname_storagethis is where the dpname buf is stored, if any. So that caller can manage the buffer.
dpname_storage_lensize of dpname_storage buffer.
Returns
true if no_cache is set in stub or fwd.

References dname_str(), dname_strict_subdomain(), iter_hints_stub::dp, module_qstate::env, forwards_lookup(), module_env::fwds, module_env::hints, hints_lookup_stub(), iter_forwards::lock, iter_hints::lock, delegpt::name, delegpt::namelabs, delegpt::namelen, query_info::qclass, query_info::qname, VERB_ALGO, and verbose().

◆ iterator_set_ip46_support()

void iterator_set_ip46_support ( struct module_stack mods,
struct module_env env,
struct outside_network outnet 
)

Set support for IP4 and IP6 depending on outgoing interfaces in the outside network.

If none, no support, so no use to lookup the AAAA and then attempt to use it if there is no outgoing-interface for it.

Parameters
modsmodstack to find iterator module in.
envmodule env, find iterator module (if one) in there.
outnetoutside network structure.

References module_env::modinfo, modstack_find(), outside_network::num_ip4, outside_network::num_ip6, outside_network::pending, iter_env::supports_ipv4, and iter_env::supports_ipv6.

◆ limit_nsec_ttl()

void limit_nsec_ttl ( struct dns_msg msg)

Limit NSEC and NSEC3 TTL in response, RFC9077.

Parameters
msgdns message, the SOA record ttl is used to restrict ttls of NSEC and NSEC3 RRsets. If no SOA record, nothing happens.

References lruhash_entry::data, ub_packed_rrset_key::entry, LDNS_RR_TYPE_SOA, dns_msg::rep, ub_packed_rrset_key::rk, reply_info::rrset_count, reply_info::rrsets, packed_rrset_data::ttl, and packed_rrset_key::type.