diff --git a/bin/named/client.c b/bin/named/client.c index be771f4044..dfa7a5be3b 100644 --- a/bin/named/client.c +++ b/bin/named/client.c @@ -15,7 +15,7 @@ * WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: client.c,v 1.202 2001/12/10 23:09:21 marka Exp $ */ +/* $Id: client.c,v 1.203 2002/01/23 08:46:36 bwelling Exp $ */ #include @@ -841,6 +841,7 @@ ns_client_send(ns_client_t *client) { dns_compress_t cctx; isc_boolean_t cleanup_cctx = ISC_FALSE; unsigned char sendbuf[SEND_BUFFER_SIZE]; + unsigned int dnssec_opts; REQUIRE(NS_CLIENT_VALID(client)); @@ -849,6 +850,11 @@ ns_client_send(ns_client_t *client) { if ((client->attributes & NS_CLIENTATTR_RA) != 0) client->message->flags |= DNS_MESSAGEFLAG_RA; + if ((client->attributes & NS_CLIENTATTR_WANTDNSSEC) != 0) + dnssec_opts = 0; + else + dnssec_opts = DNS_MESSAGERENDER_OMITDNSSEC; + /* * XXXRTH The following doesn't deal with TCP buffer resizing. */ @@ -884,7 +890,8 @@ ns_client_send(ns_client_t *client) { goto done; result = dns_message_rendersection(client->message, DNS_SECTION_ANSWER, - DNS_MESSAGERENDER_PARTIAL); + DNS_MESSAGERENDER_PARTIAL | + dnssec_opts); if (result == ISC_R_NOSPACE) { client->message->flags |= DNS_MESSAGEFLAG_TC; goto renderend; @@ -893,7 +900,8 @@ ns_client_send(ns_client_t *client) { goto done; result = dns_message_rendersection(client->message, DNS_SECTION_AUTHORITY, - DNS_MESSAGERENDER_PARTIAL); + DNS_MESSAGERENDER_PARTIAL | + dnssec_opts); if (result == ISC_R_NOSPACE) { client->message->flags |= DNS_MESSAGEFLAG_TC; goto renderend; @@ -901,7 +909,8 @@ ns_client_send(ns_client_t *client) { if (result != ISC_R_SUCCESS) goto done; result = dns_message_rendersection(client->message, - DNS_SECTION_ADDITIONAL, 0); + DNS_SECTION_ADDITIONAL, + dnssec_opts); if (result != ISC_R_SUCCESS && result != ISC_R_NOSPACE) goto done; renderend: diff --git a/bin/named/include/named/client.h b/bin/named/include/named/client.h index 862fbbf63c..1c0f2fd218 100644 --- a/bin/named/include/named/client.h +++ b/bin/named/include/named/client.h @@ -15,7 +15,7 @@ * WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: client.h,v 1.64 2001/12/10 23:09:24 marka Exp $ */ +/* $Id: client.h,v 1.65 2002/01/23 08:46:39 bwelling Exp $ */ #ifndef NAMED_CLIENT_H #define NAMED_CLIENT_H 1 @@ -153,6 +153,8 @@ struct ns_client { #define NS_CLIENTATTR_RA 0x02 /* Client gets recusive service */ #define NS_CLIENTATTR_PKTINFO 0x04 /* pktinfo is valid */ #define NS_CLIENTATTR_MULTICAST 0x08 /* recv'd from multicast */ +#define NS_CLIENTATTR_WANTDNSSEC 0x10 /* include dnssec records */ + /*** *** Functions diff --git a/bin/named/include/named/query.h b/bin/named/include/named/query.h index 6ff646bc41..8d4cd0aa3e 100644 --- a/bin/named/include/named/query.h +++ b/bin/named/include/named/query.h @@ -15,7 +15,7 @@ * WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: query.h,v 1.31 2001/10/24 03:10:18 marka Exp $ */ +/* $Id: query.h,v 1.32 2002/01/23 08:46:40 bwelling Exp $ */ #ifndef NAMED_QUERY_H #define NAMED_QUERY_H 1 @@ -72,7 +72,7 @@ struct ns_query { #define NS_QUERYATTR_QUERYOKVALID 0x0040 #define NS_QUERYATTR_QUERYOK 0x0080 #define NS_QUERYATTR_WANTRECURSION 0x0100 -#define NS_QUERYATTR_WANTDNSSEC 0x0200 +/* unused */ #define NS_QUERYATTR_NOAUTHORITY 0x0400 #define NS_QUERYATTR_NOADDITIONAL 0x0800 diff --git a/bin/named/query.c b/bin/named/query.c index dac6a22670..6995f2f082 100644 --- a/bin/named/query.c +++ b/bin/named/query.c @@ -15,7 +15,7 @@ * WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: query.c,v 1.215 2001/12/29 05:31:26 marka Exp $ */ +/* $Id: query.c,v 1.216 2002/01/23 08:46:37 bwelling Exp $ */ #include @@ -62,8 +62,8 @@ NS_QUERYATTR_CACHEGLUEOK) != 0) #define WANTRECURSION(c) (((c)->query.attributes & \ NS_QUERYATTR_WANTRECURSION) != 0) -#define WANTDNSSEC(c) (((c)->query.attributes & \ - NS_QUERYATTR_WANTDNSSEC) != 0) +#define WANTDNSSEC(c) (((c)->attributes & \ + NS_CLIENTATTR_WANTDNSSEC) != 0) #define NOAUTHORITY(c) (((c)->query.attributes & \ NS_QUERYATTR_NOAUTHORITY) != 0) #define NOADDITIONAL(c) (((c)->query.attributes & \ @@ -3341,7 +3341,7 @@ ns_query_start(ns_client_t *client) { if ((client->extflags & DNS_MESSAGEEXTFLAG_DO) != 0 || (message->flags & DNS_MESSAGEFLAG_AD) != 0) - client->query.attributes |= NS_QUERYATTR_WANTDNSSEC; + client->attributes |= NS_CLIENTATTR_WANTDNSSEC; if (client->view->minimalresponses) client->query.attributes |= (NS_QUERYATTR_NOAUTHORITY | diff --git a/lib/dns/include/dns/ncache.h b/lib/dns/include/dns/ncache.h index 25b66a3153..9478c46d56 100644 --- a/lib/dns/include/dns/ncache.h +++ b/lib/dns/include/dns/ncache.h @@ -15,7 +15,7 @@ * WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: ncache.h,v 1.13 2002/01/22 09:07:27 bwelling Exp $ */ +/* $Id: ncache.h,v 1.14 2002/01/23 08:46:35 bwelling Exp $ */ #ifndef DNS_NCACHE_H #define DNS_NCACHE_H 1 @@ -52,6 +52,12 @@ ISC_LANG_BEGINDECLS +/* + * _OMITDNSSEC: + * Omit DNSSEC records when rendering. + */ +#define DNS_NCACHETOWIRE_OMITDNSSEC 0x0001 + isc_result_t dns_ncache_add(dns_message_t *message, dns_db_t *cache, dns_dbnode_t *node, dns_rdatatype_t covers, isc_stdtime_t now, dns_ttl_t maxttl, @@ -85,7 +91,7 @@ dns_ncache_add(dns_message_t *message, dns_db_t *cache, dns_dbnode_t *node, isc_result_t dns_ncache_towire(dns_rdataset_t *rdataset, dns_compress_t *cctx, - isc_buffer_t *target, isc_boolean_t omit_dnssec, + isc_buffer_t *target, unsigned int options, unsigned int *countp); /* * Convert the negative caching rdataset 'rdataset' to wire format, diff --git a/lib/dns/ncache.c b/lib/dns/ncache.c index e003fb07e8..27373ec8c0 100644 --- a/lib/dns/ncache.c +++ b/lib/dns/ncache.c @@ -15,7 +15,7 @@ * WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: ncache.c,v 1.27 2002/01/22 09:07:22 bwelling Exp $ */ +/* $Id: ncache.c,v 1.28 2002/01/23 08:46:32 bwelling Exp $ */ #include @@ -254,7 +254,7 @@ dns_ncache_add(dns_message_t *message, dns_db_t *cache, dns_dbnode_t *node, isc_result_t dns_ncache_towire(dns_rdataset_t *rdataset, dns_compress_t *cctx, - isc_buffer_t *target, isc_boolean_t omit_dnssec, + isc_buffer_t *target, unsigned int options, unsigned int *countp) { dns_rdata_t rdata = DNS_RDATA_INIT; @@ -313,7 +313,8 @@ dns_ncache_towire(dns_rdataset_t *rdataset, dns_compress_t *cctx, INSIST(remaining.length >= rdata.length); isc_buffer_forward(&source, rdata.length); - if (omit_dnssec && dns_rdatatype_isdnssec(type)) + if ((options & DNS_NCACHETOWIRE_OMITDNSSEC) != 0 && + dns_rdatatype_isdnssec(type)) continue; /* diff --git a/lib/dns/rdataset.c b/lib/dns/rdataset.c index f76946d60f..eb87e82071 100644 --- a/lib/dns/rdataset.c +++ b/lib/dns/rdataset.c @@ -15,7 +15,7 @@ * WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: rdataset.c,v 1.59 2002/01/22 09:07:23 bwelling Exp $ */ +/* $Id: rdataset.c,v 1.60 2002/01/23 08:46:33 bwelling Exp $ */ #include @@ -308,9 +308,10 @@ towiresorted(dns_rdataset_t *rdataset, dns_name_t *owner_name, /* * This is a negative caching rdataset. */ - isc_boolean_t omit_dnssec; - omit_dnssec = ISC_TF(DNS_RDATASETTOWIRE_OMITDNSSEC != 0); - return (dns_ncache_towire(rdataset, cctx, target, omit_dnssec, + unsigned int ncache_opts = 0; + if ((options & DNS_RDATASETTOWIRE_OMITDNSSEC) != 0) + ncache_opts |= DNS_NCACHETOWIRE_OMITDNSSEC; + return (dns_ncache_towire(rdataset, cctx, target, ncache_opts, countp)); } else { count = (rdataset->methods->count)(rdataset);