unbound
0.1
|
This file contains functions to assist the iterator module. More...
#include "config.h"
#include "iterator/iter_utils.h"
#include "iterator/iterator.h"
#include "iterator/iter_hints.h"
#include "iterator/iter_fwd.h"
#include "iterator/iter_donotq.h"
#include "iterator/iter_delegpt.h"
#include "iterator/iter_priv.h"
#include "services/cache/infra.h"
#include "services/cache/dns.h"
#include "services/cache/rrset.h"
#include "util/net_help.h"
#include "util/module.h"
#include "util/log.h"
#include "util/config_file.h"
#include "util/regional.h"
#include "util/data/msgparse.h"
#include "util/data/dname.h"
#include "util/random.h"
#include "util/fptr_wlist.h"
#include "validator/val_anchor.h"
#include "validator/val_kcache.h"
#include "validator/val_kentry.h"
#include "validator/val_utils.h"
#include "validator/val_sigcrypt.h"
#include "sldns/sbuffer.h"
#include "sldns/str2wire.h"
Macros | |
#define | SUSPICION_RECENT_EXPIRY 86400 |
time when nameserver glue is said to be 'recent' | |
#define | BLACKLIST_PENALTY (USEFUL_SERVER_TOP_TIMEOUT*4) |
penalty to validation failed blacklisted IPs | |
Functions | |
static void | fetch_fill (struct iter_env *ie, const char *str) |
fillup fetch policy array | |
static int | read_fetch_policy (struct iter_env *ie, const char *str) |
Read config string that represents the target fetch policy. | |
static int | caps_white_apply_cfg (rbtree_type *ntree, struct config_file *cfg) |
apply config caps whitelist items to name tree | |
int | iter_apply_cfg (struct iter_env *iter_env, struct config_file *cfg) |
Process config options and set iterator module state. More... | |
static int | iter_filter_unsuitable (struct iter_env *iter_env, struct module_env *env, uint8_t *name, size_t namelen, uint16_t qtype, time_t now, struct delegpt_addr *a) |
filter out unsuitable targets More... | |
static int | iter_fill_rtt (struct iter_env *iter_env, struct module_env *env, uint8_t *name, size_t namelen, uint16_t qtype, time_t now, struct delegpt *dp, int *best_rtt, struct sock_list *blacklist) |
lookup RTT information, and also store fastest rtt (if any) | |
static int | iter_filter_order (struct iter_env *iter_env, struct module_env *env, uint8_t *name, size_t namelen, uint16_t qtype, time_t now, struct delegpt *dp, int *selected_rtt, int open_target, struct sock_list *blacklist) |
filter the address list, putting best targets at front, returns number of best targets (or 0, no suitable targets) | |
struct delegpt_addr * | iter_server_selection (struct iter_env *iter_env, struct module_env *env, struct delegpt *dp, uint8_t *name, size_t namelen, uint16_t qtype, int *dnssec_lame, int *chase_to_rd, int open_target, struct sock_list *blacklist) |
Select a valid, nice target to send query to. More... | |
struct dns_msg * | dns_alloc_msg (sldns_buffer *pkt, struct msg_parse *msg, struct regional *region) |
Allocate dns_msg from parsed msg, in regional. More... | |
struct dns_msg * | dns_copy_msg (struct dns_msg *from, struct regional *region) |
Copy a dns_msg to this regional. More... | |
void | iter_dns_store (struct module_env *env, struct query_info *msgqinf, struct reply_info *msgrep, int is_referral, time_t leeway, int pside, struct regional *region, uint16_t flags) |
Allocate a dns_msg with malloc/alloc structure and store in dns cache. More... | |
int | iter_ns_probability (struct ub_randstate *rnd, int n, int m) |
Select randomly with n/m probability. More... | |
static int | causes_cycle (struct module_qstate *qstate, uint8_t *name, size_t namelen, uint16_t t, uint16_t c) |
detect dependency cycle for query and target | |
void | iter_mark_cycle_targets (struct module_qstate *qstate, struct delegpt *dp) |
Mark targets that result in a dependency cycle as done, so they will not get selected as targets. More... | |
void | iter_mark_pside_cycle_targets (struct module_qstate *qstate, struct delegpt *dp) |
Mark targets that result in a dependency cycle as done, so they will not get selected as targets. More... | |
int | iter_dp_is_useless (struct query_info *qinfo, uint16_t qflags, struct delegpt *dp) |
See if delegation is useful or offers immediately no targets for further recursion. More... | |
int | iter_indicates_dnssec_fwd (struct module_env *env, struct query_info *qinfo) |
See if qname has DNSSEC needs in the forwarding case. More... | |
int | iter_indicates_dnssec (struct module_env *env, struct delegpt *dp, struct dns_msg *msg, uint16_t dclass) |
See if delegation is expected to have DNSSEC information (RRSIGs) in its answers, or not. More... | |
int | iter_msg_has_dnssec (struct dns_msg *msg) |
See if a message contains DNSSEC. More... | |
int | iter_msg_from_zone (struct dns_msg *msg, struct delegpt *dp, enum response_type type, uint16_t dclass) |
See if a message is known to be from a certain zone. More... | |
static int | rrset_equal (struct ub_packed_rrset_key *k1, struct ub_packed_rrset_key *k2) |
check equality of two rrsets More... | |
int | reply_equal (struct reply_info *p, struct reply_info *q, struct regional *region) |
Check if two replies are equal For fallback procedures. More... | |
void | caps_strip_reply (struct reply_info *rep) |
Remove unused bits from the reply if possible. More... | |
int | caps_failed_rcode (struct reply_info *rep) |
see if reply has a 'useful' rcode for capsforid comparison, so not SERVFAIL or REFUSED, and thus NOERROR or NXDOMAIN. More... | |
void | iter_store_parentside_rrset (struct module_env *env, struct ub_packed_rrset_key *rrset) |
Store parent-side rrset in separate rrset cache entries for later last-resort * lookups in case the child-side versions of this information fails. More... | |
static struct ub_packed_rrset_key * | reply_get_NS_rrset (struct reply_info *rep) |
fetch NS record from reply, if any | |
void | iter_store_parentside_NS (struct module_env *env, struct reply_info *rep) |
Store parent-side NS records from a referral message. More... | |
void | iter_store_parentside_neg (struct module_env *env, struct query_info *qinfo, struct reply_info *rep) |
Store parent-side negative element, the parentside rrset does not exist, creates an rrset with empty rdata in the rrset cache with PARENTSIDE flag. More... | |
int | iter_lookup_parent_NS_from_cache (struct module_env *env, struct delegpt *dp, struct regional *region, struct query_info *qinfo) |
Add parent NS record if that exists in the cache. More... | |
int | iter_lookup_parent_glue_from_cache (struct module_env *env, struct delegpt *dp, struct regional *region, struct query_info *qinfo) |
Add parent-side glue if that exists in the cache. More... | |
int | iter_get_next_root (struct iter_hints *hints, struct iter_forwards *fwd, uint16_t *c) |
Lookup next root-hint or root-forward entry. More... | |
void | iter_scrub_ds (struct dns_msg *msg, struct ub_packed_rrset_key *ns, uint8_t *z) |
Remove DS records that are inappropriate before they are cached. More... | |
void | iter_dec_attempts (struct delegpt *dp, int d) |
Remove query attempts from all available ips. More... | |
void | iter_merge_retry_counts (struct delegpt *dp, struct delegpt *old) |
Add retry counts from older delegpt to newer delegpt. More... | |
int | iter_ds_toolow (struct dns_msg *msg, struct delegpt *dp) |
See if a DS response (type ANSWER) is too low: a nodata answer with a SOA record in the authority section at-or-below the qchase.qname. More... | |
int | iter_dp_cangodown (struct query_info *qinfo, struct delegpt *dp) |
See if delegpt can go down a step to the qname or not. More... | |
This file contains functions to assist the iterator module.
Configuration options. Forward zones.
int iter_apply_cfg | ( | struct iter_env * | iter_env, |
struct config_file * | cfg | ||
) |
Process config options and set iterator module state.
Sets default values if no config is found.
iter_env | iterator module state. |
cfg | config options. |
References iter_env::caps_white, caps_white_apply_cfg(), config_file::caps_whitelist, config_file::do_ip4, config_file::do_ip6, iter_env::donotq, donotq_apply_cfg(), donotq_create(), log_err(), iter_env::max_dependency_depth, name_tree_compare(), iter_env::priv, priv_apply_cfg(), priv_create(), rbtree_create(), read_fetch_policy(), iter_env::supports_ipv4, iter_env::supports_ipv6, iter_env::target_fetch_policy, config_file::target_fetch_policy, VERB_QUERY, and verbose().
Referenced by iter_init().
|
static |
filter out unsuitable targets
iter_env | iterator environment with ipv6-support flag. |
env | module environment with infra cache. |
name | zone name |
namelen | length of name |
qtype | query type (host order). |
now | current time |
a | address in delegation point we are examining. |
When a final value is chosen that is dnsseclame ; dnsseclameness checking is turned off (so we do not discard the reply). When a final value is chosen that is recursionlame; RD bit is set on query. Because of the numbers this means recursionlame also have dnssec lameness checking turned off.
References delegpt_addr::addr, addr_is_ip6(), delegpt_addr::addrlen, delegpt_addr::bogus, delegpt_addr::dnsseclame, iter_env::donotq, donotq_lookup(), module_env::infra_cache, infra_get_lame_rtt(), delegpt_addr::lame, log_addr(), name_tree_node::name, iter_env::supports_ipv4, iter_env::supports_ipv6, UNKNOWN_SERVER_NICENESS, USEFUL_SERVER_TOP_TIMEOUT, VERB_ALGO, and verbose().
Referenced by iter_fill_rtt().
struct delegpt_addr* iter_server_selection | ( | struct iter_env * | iter_env, |
struct module_env * | env, | ||
struct delegpt * | dp, | ||
uint8_t * | name, | ||
size_t | namelen, | ||
uint16_t | qtype, | ||
int * | dnssec_lame, | ||
int * | chase_to_rd, | ||
int | open_target, | ||
struct sock_list * | blacklist | ||
) |
Select a valid, nice target to send query to.
Sorting and removing unsuitable targets is combined.
iter_env | iterator module global state, with ip6 enabled and do-not-query-addresses. |
env | environment with infra cache (lameness, rtt info). |
dp | delegation point with result list. |
name | zone name (for lameness check). |
namelen | length of name. |
qtype | query type that we want to send. |
dnssec_lame | set to 1, if a known dnssec-lame server is selected these are not preferred, but are used as a last resort. |
chase_to_rd | set to 1 if a known recursion lame server is selected these are not preferred, but are used as a last resort. |
open_target | number of currently outstanding target queries. If we wait for these, perhaps more server addresses become available. |
blacklist | the IP blacklist to use. |
References delegpt_addr::attempts, BLACKLIST_PENALTY, iter_filter_order(), log_assert, delegpt_addr::next_result, module_env::now, OUTBOUND_MSG_RETRY, delegpt::result_list, module_env::rnd, ub_random_max(), USEFUL_SERVER_TOP_TIMEOUT, VERB_ALGO, and verbose().
struct dns_msg* dns_alloc_msg | ( | struct sldns_buffer * | pkt, |
struct msg_parse * | msg, | ||
struct regional * | regional | ||
) |
Allocate dns_msg from parsed msg, in regional.
pkt | packet. |
msg | parsed message (cleaned and ready for regional allocation). |
regional | regional to use for allocation. |
References log_err(), parse_create_msg(), dns_msg::qinfo, regional_alloc(), and dns_msg::rep.
Copy a dns_msg to this regional.
from | dns message, also in regional. |
regional | regional to use for allocation. |
References dns_msg::qinfo, query_info::qname, query_info::qname_len, regional_alloc(), regional_alloc_init(), dns_msg::rep, and reply_info_copy().
void iter_dns_store | ( | struct module_env * | env, |
struct query_info * | qinf, | ||
struct reply_info * | rep, | ||
int | is_referral, | ||
time_t | leeway, | ||
int | pside, | ||
struct regional * | region, | ||
uint16_t | flags | ||
) |
Allocate a dns_msg with malloc/alloc structure and store in dns cache.
env | environment, with alloc structure and dns cache. |
qinf | query info, the query for which answer is stored. |
rep | reply in dns_msg from dns_alloc_msg for example. |
is_referral | If true, then the given message to be stored is a referral. The cache implementation may use this as a hint. |
leeway | prefetch TTL leeway to expire old rrsets quicker. |
pside | true if dp is parentside, thus message is 'fresh' and NS can be prefetch-updates. |
region | to copy modified (cache is better) rrs back to. |
flags | with BIT_CD for dns64 AAAA translated queries. |
References dns_cache_store(), and log_err().
Referenced by error_response_cache().
int iter_ns_probability | ( | struct ub_randstate * | rnd, |
int | n, | ||
int | m | ||
) |
Select randomly with n/m probability.
For shuffle NS records for address fetching.
rnd | random table |
n | probability. |
m | divisor for probability. |
References ub_random_max().
Referenced by query_for_targets().
void iter_mark_cycle_targets | ( | struct module_qstate * | qstate, |
struct delegpt * | dp | ||
) |
Mark targets that result in a dependency cycle as done, so they will not get selected as targets.
qstate | query state. |
dp | delegpt to mark ns in. |
References causes_cycle(), LDNS_RR_TYPE_A, LDNS_RR_TYPE_AAAA, log_nametypeclass(), delegpt_ns::name, delegpt_ns::namelen, delegpt_ns::next, delegpt::nslist, query_info::qclass, module_qstate::qinfo, delegpt_ns::resolved, and VERB_QUERY.
Referenced by query_for_targets().
void iter_mark_pside_cycle_targets | ( | struct module_qstate * | qstate, |
struct delegpt * | dp | ||
) |
Mark targets that result in a dependency cycle as done, so they will not get selected as targets.
For the parent-side lookups.
qstate | query state. |
dp | delegpt to mark ns in. |
References causes_cycle(), delegpt_ns::done_pside4, delegpt_ns::done_pside6, LDNS_RR_TYPE_A, LDNS_RR_TYPE_AAAA, log_nametypeclass(), delegpt_ns::name, delegpt_ns::namelen, delegpt_ns::next, delegpt::nslist, query_info::qclass, module_qstate::qinfo, and VERB_QUERY.
int iter_dp_is_useless | ( | struct query_info * | qinfo, |
uint16_t | qflags, | ||
struct delegpt * | dp | ||
) |
See if delegation is useful or offers immediately no targets for further recursion.
qinfo | query name and type |
qflags | query flags with RD flag |
dp | delegpt to check. |
References BIT_RD, delegpt_find_ns(), dname_subdomain_c(), LDNS_RR_TYPE_A, LDNS_RR_TYPE_AAAA, delegpt::name, delegpt_ns::name, delegpt_ns::next, delegpt::nslist, query_info::qname, query_info::qname_len, query_info::qtype, delegpt_ns::resolved, delegpt::result_list, and delegpt::usable_list.
int iter_indicates_dnssec_fwd | ( | struct module_env * | env, |
struct query_info * | qinfo | ||
) |
See if qname has DNSSEC needs in the forwarding case.
This is true if there is a trust anchor above it. Whether there is an insecure delegation to the data is unknown, but CD-retry is needed.
env | environment with anchors. |
qinfo | query name and class. |
References module_env::anchors, anchors_lookup(), trust_anchor::lock, trust_anchor::numDNSKEY, trust_anchor::numDS, query_info::qclass, query_info::qname, and query_info::qname_len.
int iter_indicates_dnssec | ( | struct module_env * | env, |
struct delegpt * | dp, | ||
struct dns_msg * | msg, | ||
uint16_t | dclass | ||
) |
See if delegation is expected to have DNSSEC information (RRSIGs) in its answers, or not.
Inspects delegation point (name), trust anchors, and delegation message (DS RRset) to determine this.
env | module env with trust anchors. |
dp | delegation point. |
msg | delegation message, with DS if a secure referral. |
dclass | class of query. |
References anchor_find(), module_env::anchors, trust_anchor::dclass, module_env::key_cache, key_cache_obtain(), key_entry_isbad(), key_entry_isgood(), key_entry_isnull(), LDNS_RR_TYPE_DS, trust_anchor::lock, key_entry_key::name, delegpt::name, delegpt::namelabs, delegpt::namelen, module_env::now, query_dname_compare(), regional_free_all(), dns_msg::rep, reply_find_rrset_section_ns(), and module_env::scratch.
Referenced by generate_parentside_target_query(), prime_root(), and processInitRequest3().
int iter_msg_has_dnssec | ( | struct dns_msg * | msg | ) |
See if a message contains DNSSEC.
This is examined by looking for RRSIGs. With DNSSEC a valid answer, nxdomain, nodata, referral or cname reply has RRSIGs in answer or auth sections, sigs on answer data, SOA, DS, or NSEC/NSEC3 records.
msg | message to examine. |
References reply_info::an_numrrsets, reply_info::ns_numrrsets, dns_msg::rep, and reply_info::rrsets.
Referenced by processQueryResponse().
int iter_msg_from_zone | ( | struct dns_msg * | msg, |
struct delegpt * | dp, | ||
enum response_type | type, | ||
uint16_t | dclass | ||
) |
See if a message is known to be from a certain zone.
This looks for SOA or NS rrsets, for answers. For referrals, when one label is delegated, the zone is detected. Does not look at signatures.
msg | the message to inspect. |
dp | delegation point with zone name to look for. |
type | type of message. |
dclass | class of query. |
References reply_info::an_numrrsets, packed_rrset_key::dname, dname_count_labels(), dname_strict_subdomain(), LDNS_RR_TYPE_NS, LDNS_RR_TYPE_SOA, log_assert, delegpt::name, delegpt::namelabs, delegpt::namelen, reply_info::ns_numrrsets, dns_msg::rep, reply_find_rrset_section_an(), reply_find_rrset_section_ns(), RESPONSE_TYPE_ANSWER, RESPONSE_TYPE_CNAME, RESPONSE_TYPE_REFERRAL, ub_packed_rrset_key::rk, packed_rrset_key::rrset_class, reply_info::rrsets, and packed_rrset_key::type.
Referenced by processQueryResponse().
|
static |
check equality of two rrsets
k1 | rrset |
k2 | rrset |
References packed_rrset_data::count, lruhash_entry::data, packed_rrset_key::dname, packed_rrset_key::dname_len, ub_packed_rrset_key::entry, packed_rrset_key::flags, query_dname_compare(), ub_packed_rrset_key::rk, packed_rrset_data::rr_data, packed_rrset_data::rr_len, packed_rrset_key::rrset_class, packed_rrset_data::rrsig_count, packed_rrset_data::security, packed_rrset_data::trust, and packed_rrset_key::type.
Referenced by reply_equal().
int reply_equal | ( | struct reply_info * | p, |
struct reply_info * | q, | ||
struct regional * | region | ||
) |
Check if two replies are equal For fallback procedures.
p | reply one. The reply has rrset data pointers in region. Does not check rrset-IDs |
q | reply two |
region | scratch buffer. |
References reply_info::an_numrrsets, reply_info::ar_numrrsets, reply_info::flags, reply_info::ns_numrrsets, reply_info::qdcount, regional_free_all(), rrset_canonical_equal(), reply_info::rrset_count, rrset_equal(), reply_info::rrsets, and reply_info::security.
void caps_strip_reply | ( | struct reply_info * | rep | ) |
Remove unused bits from the reply if possible.
So that caps-for-id (0x20) fallback is more likely to be successful. This removes like, the additional section, and NS record in the authority section if those records are gratuitous (not for a referral).
rep | the reply to strip stuff out of. |
References reply_info::an_numrrsets, reply_info::ar_numrrsets, BIT_AA, reply_info::flags, LDNS_RR_TYPE_NS, reply_info::ns_numrrsets, ub_packed_rrset_key::rk, reply_info::rrset_count, reply_info::rrsets, packed_rrset_key::type, VERB_ALGO, and verbose().
int caps_failed_rcode | ( | struct reply_info * | rep | ) |
see if reply has a 'useful' rcode for capsforid comparison, so not SERVFAIL or REFUSED, and thus NOERROR or NXDOMAIN.
rep | reply to check. |
References reply_info::flags, and FLAGS_GET_RCODE.
void iter_store_parentside_rrset | ( | struct module_env * | env, |
struct ub_packed_rrset_key * | rrset | ||
) |
Store parent-side rrset in separate rrset cache entries for later last-resort * lookups in case the child-side versions of this information fails.
env | environment with cache, time, ... |
rrset | the rrset to store (copied). Failure to store is logged, but otherwise ignored. |
References module_env::alloc, rrset_ref::id, rrset_ref::key, log_err(), module_env::now, packed_rrset_copy_alloc(), PACKED_RRSET_PARENT_SIDE, module_env::rrset_cache, rrset_cache_update(), and rrset_key_hash().
Referenced by iter_store_parentside_NS().
void iter_store_parentside_NS | ( | struct module_env * | env, |
struct reply_info * | rep | ||
) |
Store parent-side NS records from a referral message.
env | environment with cache, time, ... |
rep | response with NS rrset. Failure to store is logged, but otherwise ignored. |
References iter_store_parentside_rrset(), log_rrset_key(), reply_get_NS_rrset(), and VERB_ALGO.
void iter_store_parentside_neg | ( | struct module_env * | env, |
struct query_info * | qinfo, | ||
struct reply_info * | rep | ||
) |
Store parent-side negative element, the parentside rrset does not exist, creates an rrset with empty rdata in the rrset cache with PARENTSIDE flag.
env | environment with cache, time, ... |
qinfo | the identity of the rrset that is missing. |
rep | delegation response or answer response, to glean TTL from. (malloc) failure is logged but otherwise ignored. |
References packed_rrset_data::count, lruhash_entry::data, packed_rrset_key::dname, packed_rrset_key::dname_len, ub_packed_rrset_key::entry, packed_rrset_key::flags, lruhash_entry::hash, lruhash_entry::key, log_err(), NORR_TTL, packed_rrset_ptr_fixup(), query_info::qclass, query_info::qname, query_info::qname_len, query_info::qtype, regional_alloc(), regional_alloc_init(), regional_alloc_zero(), reply_get_NS_rrset(), ub_packed_rrset_key::rk, packed_rrset_data::rr_len, packed_rrset_data::rr_ttl, packed_rrset_key::rrset_class, reply_info::rrset_count, rrset_key_hash(), rrset_trust_ans_noAA, reply_info::rrsets, packed_rrset_data::rrsig_count, module_env::scratch, packed_rrset_data::trust, packed_rrset_data::ttl, packed_rrset_key::type, and ub_packed_rrset_ttl().
Referenced by processFinished().
int iter_lookup_parent_NS_from_cache | ( | struct module_env * | env, |
struct delegpt * | dp, | ||
struct regional * | region, | ||
struct query_info * | qinfo | ||
) |
Add parent NS record if that exists in the cache.
This is both new information and acts like a timeout throttle on retries.
env | query env with rrset cache and time. |
dp | delegation point to store result in. Also this dp is used to see which NS name is needed. |
region | region to alloc result in. |
qinfo | pertinent information, the qclass. |
References delegpt_rrset_add_ns(), ub_packed_rrset_key::entry, delegpt::has_parent_side_NS, LDNS_RR_TYPE_NS, lruhash_entry::lock, log_rrset_key(), delegpt::name, delegpt::namelen, module_env::now, PACKED_RRSET_PARENT_SIDE, query_info::qclass, module_env::rrset_cache, rrset_cache_lookup(), and VERB_ALGO.
int iter_lookup_parent_glue_from_cache | ( | struct module_env * | env, |
struct delegpt * | dp, | ||
struct regional * | region, | ||
struct query_info * | qinfo | ||
) |
Add parent-side glue if that exists in the cache.
This is both new information and acts like a timeout throttle on retries to fetch them.
env | query env with rrset cache and time. |
dp | delegation point to store result in. Also this dp is used to see which NS name is needed. |
region | region to alloc result in. |
qinfo | pertinent information, the qclass. |
References delegpt_add_rrset_A(), delegpt_add_rrset_AAAA(), delegpt_count_targets(), delegpt_ns::done_pside4, delegpt_ns::done_pside6, ub_packed_rrset_key::entry, LDNS_RR_TYPE_A, LDNS_RR_TYPE_AAAA, lruhash_entry::lock, log_err(), log_rrset_key(), delegpt_ns::name, delegpt_ns::namelen, delegpt_ns::next, module_env::now, delegpt::nslist, PACKED_RRSET_PARENT_SIDE, query_info::qclass, module_env::rrset_cache, rrset_cache_lookup(), and VERB_ALGO.
int iter_get_next_root | ( | struct iter_hints * | hints, |
struct iter_forwards * | fwd, | ||
uint16_t * | c | ||
) |
Lookup next root-hint or root-forward entry.
hints | the hints. |
fwd | the forwards. |
c | the class to start searching at. 0 means find first one. |
References forwards_next_root(), and hints_next_root().
Referenced by processCollectClass().
void iter_scrub_ds | ( | struct dns_msg * | msg, |
struct ub_packed_rrset_key * | ns, | ||
uint8_t * | z | ||
) |
Remove DS records that are inappropriate before they are cached.
msg | the response to scrub. |
ns | RRSET that is the NS record for the referral. if NULL, then all DS records are removed from the authority section. |
z | zone name that the response is from. |
References reply_info::an_numrrsets, packed_rrset_key::dname, dname_subdomain_c(), LDNS_RR_TYPE_DS, log_nametypeclass(), reply_info::ns_numrrsets, query_dname_compare(), dns_msg::rep, ub_packed_rrset_key::rk, packed_rrset_key::rrset_class, reply_info::rrset_count, reply_info::rrsets, packed_rrset_key::type, and VERB_ALGO.
Referenced by processQueryResponse().
void iter_dec_attempts | ( | struct delegpt * | dp, |
int | d | ||
) |
Remove query attempts from all available ips.
For 0x20.
dp | delegpt. |
d | decrease. |
References delegpt_addr::attempts, delegpt_addr::next_result, delegpt_addr::next_target, OUTBOUND_MSG_RETRY, delegpt::result_list, and delegpt::target_list.
Referenced by process_response().
Add retry counts from older delegpt to newer delegpt.
Does not waste time on timeout'd (or other failing) addresses.
dp | new delegationpoint. |
old | old delegationpoint. |
References delegpt_addr::addr, delegpt_addr::addrlen, delegpt_addr::attempts, delegpt_find_addr(), log_addr(), delegpt_addr::next_target, delegpt_addr::next_usable, OUTBOUND_MSG_RETRY, delegpt::target_list, delegpt::usable_list, and VERB_ALGO.
See if a DS response (type ANSWER) is too low: a nodata answer with a SOA record in the authority section at-or-below the qchase.qname.
Also returns true if we are not sure (i.e. empty message, CNAME nosig).
msg | the response. |
dp | the dp name is used to check if the RRSIG gives a clue that it was originated from the correct nameserver. |
References reply_info::an_numrrsets, packed_rrset_key::dname, dname_subdomain_c(), LDNS_RR_TYPE_CNAME, LDNS_RR_TYPE_DNAME, LDNS_RR_TYPE_DS, LDNS_RR_TYPE_SOA, delegpt::name, reply_info::ns_numrrsets, dns_msg::qinfo, query_info::qname, query_dname_compare(), dns_msg::rep, ub_packed_rrset_key::rk, reply_info::rrsets, packed_rrset_key::type, and val_find_rrset_signer().
int iter_dp_cangodown | ( | struct query_info * | qinfo, |
struct delegpt * | dp | ||
) |
See if delegpt can go down a step to the qname or not.
qinfo | the query name looked up. |
dp | checked if the name can go lower to the qname |
References dname_count_labels(), delegpt::name, delegpt::namelabs, query_info::qname, and query_dname_compare().