Commit Diff
Diff:
c1841f103b5ad8ea80e49cec285a85f413fe568d
5416b6bfa47b5e09ec9e4ef16b368d050c8099a1
Commit:
5416b6bfa47b5e09ec9e4ef16b368d050c8099a1
Tree:
bd19c06be2906b703eb1fba8c06b7ac9eea63ce1
Author:
pjp <pjp@delphinusdns.org>
Committer:
pjp <pjp@delphinusdns.org>
Date:
Mon Jul 20 08:26:53 2020 UTC
Message:
if we have a cache of a record and it never got an AD flag we can't claim serve an AD flag, in that case expire the cache and get it anew with the AD flag hopefully. Adjust reply.c to add the AD flag if we are doing a non AA answer and have DNSSEC flag on the rbt.
blob - 742e2432efda25dc20283e7a9f04eaa5450920eb
blob + 3cbbef1888c35817f3aea0950642ab027a9d3d86
--- forward.c
+++ forward.c
@@ -27,7 +27,7 @@
*/
/*
- * $Id: forward.c,v 1.36 2020/07/18 14:10:16 pjp Exp $
+ * $Id: forward.c,v 1.37 2020/07/20 08:26:53 pjp Exp $
*/
#include <sys/types.h>
@@ -833,12 +833,22 @@ forwardthis(ddDB *db, struct cfg *cfg, int so, struct
rbt = lookup_zone(db, q, &returnval, &lzerrno, (char *)&replystring, sizeof(replystring));
if (rbt == NULL) {
dolog(LOG_INFO, "lookup_zone failed\n");
+ free_question(q);
goto newqueue;
}
q->edns0len = sforward->edns0len;
if (dnssec && sforward->dnssecok)
q->dnssecok = 1;
+
+ /* we have a cache but it's not DNSSEC'ed */
+ if (q->dnssecok && ! (rbt->flags & RBT_DNSSEC)) {
+ /* expire the record and grab it anew */
+ expire_rr(db, sforward->buf, sforward->buflen,
+ ntohs(sforward->type), highexpire);
+ free_question(q);
+ goto newqueue;
+ }
build_reply(&sreply,
(istcp ? so : cfg->dup[sforward->oldsel]),
blob - 780ecf4fae4410981eeaf5ab33c19315e14948e7
blob + 439c9c17abce6f182b3f27eb567d0257aceb5179
--- reply.c
+++ reply.c
@@ -27,7 +27,7 @@
*/
/*
- * $Id: reply.c,v 1.108 2020/07/18 16:49:51 pjp Exp $
+ * $Id: reply.c,v 1.109 2020/07/20 08:26:53 pjp Exp $
*/
#include <sys/types.h>
@@ -146,7 +146,7 @@ struct rbtree * find_nsec(char *name, int namelen, str
int nsec_comp(const void *a, const void *b);
int count_dots(char *name);
char * base32hex_encode(u_char *input, int len);
-void set_reply_flags(struct dns_header *, struct question *);
+void set_reply_flags(struct rbtree *, struct dns_header *, struct question *);
extern int debug, verbose, dnssec, tcpanyonly;
extern char *versionstring;
@@ -221,7 +221,7 @@ reply_a(struct sreply *sreply, ddDB *db)
outlen += (q->hdr->namelen + 4);
rollback = outlen;
- set_reply_flags(odh, q);
+ set_reply_flags(rbt, odh, q);
odh->question = htons(1);
odh->answer = htons(0);
@@ -423,7 +423,7 @@ reply_nsec3param(struct sreply *sreply, ddDB *db)
outlen += (q->hdr->namelen + 4);
rollback = outlen;
- set_reply_flags(odh, q);
+ set_reply_flags(rbt, odh, q);
odh->question = htons(1);
odh->answer = htons(1);
@@ -638,7 +638,7 @@ reply_nsec3(struct sreply *sreply, ddDB *db)
outlen += (q->hdr->namelen + 4);
rollback = outlen;
- set_reply_flags(odh, q);
+ set_reply_flags(rbt, odh, q);
odh->question = htons(1);
odh->answer = htons(1);
@@ -852,7 +852,7 @@ reply_nsec(struct sreply *sreply, ddDB *db)
rollback = outlen;
memset((char *)&odh->query, 0, sizeof(u_int16_t));
- set_reply_flags(odh, q);
+ set_reply_flags(rbt, odh, q);
odh->question = htons(1);
odh->answer = htons(1);
@@ -1053,7 +1053,7 @@ reply_ds(struct sreply *sreply, ddDB *db)
rollback = outlen;
memset((char *)&odh->query, 0, sizeof(u_int16_t));
- set_reply_flags(odh, q);
+ set_reply_flags(rbt, odh, q);
odh->question = htons(1);
odh->nsrr = 0;
@@ -1255,7 +1255,7 @@ reply_dnskey(struct sreply *sreply, ddDB *db)
rollback = outlen;
memset((char *)&odh->query, 0, sizeof(u_int16_t));
- set_reply_flags(odh, q);
+ set_reply_flags(rbt, odh, q);
odh->question = htons(1);
odh->answer = htons(0);
@@ -1443,7 +1443,7 @@ reply_rrsig(struct sreply *sreply, ddDB *db)
rollback = outlen;
memset((char *)&odh->query, 0, sizeof(u_int16_t));
- set_reply_flags(odh, q);
+ set_reply_flags(rbt, odh, q);
odh->question = htons(1);
odh->nsrr = 0;
@@ -1574,7 +1574,7 @@ reply_aaaa(struct sreply *sreply, ddDB *db)
rollback = outlen;
memset((char *)&odh->query, 0, sizeof(u_int16_t));
- set_reply_flags(odh, q);
+ set_reply_flags(rbt, odh, q);
odh->question = htons(1);
odh->answer = htons(0);
@@ -1768,7 +1768,7 @@ reply_mx(struct sreply *sreply, ddDB *db)
rollback = outlen;
memset((char *)&odh->query, 0, sizeof(u_int16_t));
- set_reply_flags(odh, q);
+ set_reply_flags(rbt, odh, q);
odh->question = htons(1);
odh->answer = htons(0);
@@ -2510,7 +2510,7 @@ reply_cname(struct sreply *sreply, ddDB *db)
/* blank query */
memset((char *)&odh->query, 0, sizeof(u_int16_t));
- set_reply_flags(odh, q);
+ set_reply_flags(rbt, odh, q);
odh->question = htons(1);
odh->answer = htons(1);
@@ -2851,7 +2851,7 @@ reply_ptr(struct sreply *sreply, ddDB *db)
/* blank query */
memset((char *)&odh->query, 0, sizeof(u_int16_t));
- set_reply_flags(odh, q);
+ set_reply_flags(rbt, odh, q);
odh->question = htons(1);
odh->answer = htons(1);
@@ -3041,7 +3041,7 @@ reply_soa(struct sreply *sreply, ddDB *db)
/* blank query */
memset((char *)&odh->query, 0, sizeof(u_int16_t));
- set_reply_flags(odh, q);
+ set_reply_flags(rbt, odh, q);
odh->question = htons(1);
odh->answer = htons(1);
@@ -3294,7 +3294,7 @@ reply_txt(struct sreply *sreply, ddDB *db)
/* blank query */
memset((char *)&odh->query, 0, sizeof(u_int16_t));
- set_reply_flags(odh, q);
+ set_reply_flags(rbt, odh, q);
odh->question = htons(1);
odh->answer = htons(1);
@@ -3487,7 +3487,7 @@ reply_version(struct sreply *sreply, ddDB *db)
/* blank query */
memset((char *)&odh->query, 0, sizeof(u_int16_t));
- set_reply_flags(odh, q);
+ set_reply_flags(NULL, odh, q);
odh->question = htons(1);
odh->answer = htons(1);
@@ -3616,7 +3616,7 @@ reply_tlsa(struct sreply *sreply, ddDB *db)
rollback = outlen;
memset((char *)&odh->query, 0, sizeof(u_int16_t));
- set_reply_flags(odh, q);
+ set_reply_flags(rbt, odh, q);
odh->question = htons(1);
odh->answer = htons(0);
@@ -3808,7 +3808,7 @@ reply_sshfp(struct sreply *sreply, ddDB *db)
rollback = outlen;
memset((char *)&odh->query, 0, sizeof(u_int16_t));
- set_reply_flags(odh, q);
+ set_reply_flags(rbt, odh, q);
odh->question = htons(1);
odh->answer = htons(0);
@@ -4000,7 +4000,7 @@ reply_naptr(struct sreply *sreply, ddDB *db)
rollback = outlen;
memset((char *)&odh->query, 0, sizeof(u_int16_t));
- set_reply_flags(odh, q);
+ set_reply_flags(rbt, odh, q);
odh->question = htons(1);
odh->answer = htons(0);
@@ -4225,7 +4225,7 @@ reply_srv(struct sreply *sreply, ddDB *db)
rollback = outlen;
memset((char *)&odh->query, 0, sizeof(u_int16_t));
- set_reply_flags(odh, q);
+ set_reply_flags(rbt, odh, q);
odh->question = htons(1);
odh->answer = htons(0);
@@ -4538,7 +4538,7 @@ reply_nxdomain(struct sreply *sreply, ddDB *db)
memset((char *)&odh->query, 0, sizeof(u_int16_t));
SET_DNS_RCODE_NAMEERR(odh);
HTONS(odh->query);
- set_reply_flags(odh, q);
+ set_reply_flags(rbt, odh, q);
odh->question = htons(1);
odh->answer = 0;
@@ -4867,7 +4867,7 @@ reply_refused(struct sreply *sreply, ddDB *db)
memset((char *)&odh->query, 0, sizeof(u_int16_t));
SET_DNS_RCODE_REFUSED(odh);
HTONS(odh->query);
- set_reply_flags(odh, q);
+ set_reply_flags(NULL, odh, q);
if (q->edns0len) {
/* tag on edns0 opt record */
@@ -5200,7 +5200,7 @@ reply_noerror(struct sreply *sreply, ddDB *db)
memcpy(reply, buf, len);
memset((char *)&odh->query, 0, sizeof(u_int16_t));
- set_reply_flags(odh, q);
+ set_reply_flags(rbt, odh, q);
if (istcp) {
char *tmpbuf;
@@ -5237,7 +5237,7 @@ reply_noerror(struct sreply *sreply, ddDB *db)
/* blank query */
memset((char *)&odh->query, 0, sizeof(u_int16_t));
- set_reply_flags(odh, q);
+ set_reply_flags(rbt, odh, q);
odh->question = htons(1);
odh->answer = 0;
@@ -5499,7 +5499,7 @@ reply_any(struct sreply *sreply, ddDB *db)
/* blank query */
memset((char *)&odh->query, 0, sizeof(u_int16_t));
- set_reply_flags(odh, q);
+ set_reply_flags(NULL, odh, q);
odh->question = htons(1);
odh->answer = 0;
@@ -6862,7 +6862,7 @@ reply_generic(struct sreply *sreply, ddDB *db)
rollback = outlen;
memset((char *)&odh->query, 0, sizeof(u_int16_t));
- set_reply_flags(odh, q);
+ set_reply_flags(rbt, odh, q);
odh->question = htons(1);
odh->answer = htons(0);
@@ -6992,7 +6992,7 @@ out:
}
void
-set_reply_flags(struct dns_header *odh, struct question *q)
+set_reply_flags(struct rbtree *rbt, struct dns_header *odh, struct question *q)
{
NTOHS(odh->query); /* just in case */
@@ -7004,8 +7004,14 @@ set_reply_flags(struct dns_header *odh, struct questio
if (q->rd) {
SET_DNS_RECURSION(odh);
- if (! q->aa)
+ if (! q->aa) {
SET_DNS_RECURSION_AVAIL(odh);
+
+ if (rbt && dnssec && q->dnssecok &&
+ (rbt->flags & RBT_DNSSEC)) {
+ SET_DNS_AUTHENTIC_DATA(odh);
+ }
+ }
}
HTONS(odh->query);
repomaster@centroid.eu