From f10a67dad21d7dd87ee2144964faa639f96766b5 Mon Sep 17 00:00:00 2001
From: Witold Krecicki <wpk@culm.net>
Date: Thu, 25 Jun 2015 09:21:50 +0200
Subject: [PATCH] Add statistics counters for nxdomain redirections. [RT
 #39790]

---
 CHANGES                            |  3 +++
 bin/named/include/named/server.h   | 21 ++++++++++++---------
 bin/named/query.c                  | 24 ++++++++++++++++++++----
 bin/named/statschannel.c           |  7 +++++++
 bin/tests/system/redirect/tests.sh | 30 ++++++++++++++++++++++++++++++
 doc/arm/Bv9ARM-book.xml            | 27 +++++++++++++++++++++++++++
 6 files changed, 99 insertions(+), 13 deletions(-)

diff --git a/CHANGES b/CHANGES
index 05502d8a3b..94a5158743 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,3 +1,6 @@
+4144.	[func]		Add statistics counters for nxdomain redirections.
+			[RT #39790]
+
 4143.	[placeholder]
 
 4142.	[bug]		rndc addzone with view specified saved NZF config
diff --git a/bin/named/include/named/server.h b/bin/named/include/named/server.h
index b19055d62d..8d9c9bab4c 100644
--- a/bin/named/include/named/server.h
+++ b/bin/named/include/named/server.h
@@ -187,17 +187,20 @@ enum {
 	dns_nsstatscounter_otheropt = 45,
 	dns_nsstatscounter_ecsopt = 46,
 
-#ifdef ISC_PLATFORM_USESIT
-	dns_nsstatscounter_sitopt = 47,
-	dns_nsstatscounter_sitbadsize = 48,
-	dns_nsstatscounter_sitbadtime = 49,
-	dns_nsstatscounter_sitnomatch = 50,
-	dns_nsstatscounter_sitmatch = 51,
-	dns_nsstatscounter_sitnew = 52,
+	dns_nsstatscounter_nxdomainredirect = 47,
+	dns_nsstatscounter_nxdomainredirect_rlookup = 48,
 
-	dns_nsstatscounter_max = 53
+#ifdef ISC_PLATFORM_USESIT
+	dns_nsstatscounter_sitopt = 49,
+	dns_nsstatscounter_sitbadsize = 50,
+	dns_nsstatscounter_sitbadtime = 51,
+	dns_nsstatscounter_sitnomatch = 52,
+	dns_nsstatscounter_sitmatch = 53,
+	dns_nsstatscounter_sitnew = 54,
+
+	dns_nsstatscounter_max = 55
 #else
-	dns_nsstatscounter_max = 47
+	dns_nsstatscounter_max = 49
 #endif
 };
 
diff --git a/bin/named/query.c b/bin/named/query.c
index e686b51b34..cae6f3ffff 100644
--- a/bin/named/query.c
+++ b/bin/named/query.c
@@ -7646,8 +7646,11 @@ query_find(ns_client_t *client, dns_fetchevent_t *event, dns_rdatatype_t qtype)
 		if (!empty_wild) {
 			tresult = redirect(client, fname, rdataset, &node,
 					   &db, &version, type);
-			if (tresult == ISC_R_SUCCESS)
+			if (tresult == ISC_R_SUCCESS) {
+				inc_stats(client,
+					dns_nsstatscounter_nxdomainredirect);
 				break;
+			}
 			if (tresult == DNS_R_NXRRSET) {
 				redirected = ISC_TRUE;
 				goto iszone_nxrrset;
@@ -7660,6 +7663,8 @@ query_find(ns_client_t *client, dns_fetchevent_t *event, dns_rdatatype_t qtype)
 			tresult = redirect2(client, fname, rdataset, &node,
 					    &db, &version, type);
 			if (tresult == DNS_R_CONTINUE) {
+				inc_stats(client,
+				          dns_nsstatscounter_nxdomainredirect_rlookup);
 				client->query.redirect.qtype = qtype;
 				client->query.redirect.rdataset = rdataset;
 				client->query.redirect.sigrdataset =
@@ -7680,8 +7685,11 @@ query_find(ns_client_t *client, dns_fetchevent_t *event, dns_rdatatype_t qtype)
 				sigrdataset = NULL;
 				goto cleanup;
 			}
-			if (tresult == ISC_R_SUCCESS)
+			if (tresult == ISC_R_SUCCESS) {
+				inc_stats(client,
+					  dns_nsstatscounter_nxdomainredirect);
 				break;
+			}
 			if (tresult == DNS_R_NXRRSET) {
 				redirected = ISC_TRUE;
 				goto iszone_nxrrset;
@@ -7756,8 +7764,11 @@ query_find(ns_client_t *client, dns_fetchevent_t *event, dns_rdatatype_t qtype)
 	case DNS_R_NCACHENXDOMAIN:
 		tresult = redirect(client, fname, rdataset, &node,
 				   &db, &version, type);
-		if (tresult == ISC_R_SUCCESS)
+		if (tresult == ISC_R_SUCCESS) {
+			inc_stats(client,
+				  dns_nsstatscounter_nxdomainredirect);
 			break;
+		}
 		if (tresult == DNS_R_NXRRSET) {
 			redirected = ISC_TRUE;
 			is_zone = ISC_TRUE;
@@ -7771,6 +7782,8 @@ query_find(ns_client_t *client, dns_fetchevent_t *event, dns_rdatatype_t qtype)
 		tresult = redirect2(client, fname, rdataset, &node,
 				    &db, &version, type);
 		if (tresult == DNS_R_CONTINUE) {
+			inc_stats(client,
+			          dns_nsstatscounter_nxdomainredirect_rlookup);
 			client->query.redirect.db = db;
 			client->query.redirect.node = node;
 			client->query.redirect.zone = zone;
@@ -7787,8 +7800,11 @@ query_find(ns_client_t *client, dns_fetchevent_t *event, dns_rdatatype_t qtype)
 			sigrdataset = NULL;
 			goto cleanup;
 		}
-		if (tresult == ISC_R_SUCCESS)
+		if (tresult == ISC_R_SUCCESS) {
+			inc_stats(client,
+				  dns_nsstatscounter_nxdomainredirect);
 			break;
+		}
 		if (tresult == DNS_R_NXRRSET) {
 			redirected = ISC_TRUE;
 			is_zone = ISC_TRUE;
diff --git a/bin/named/statschannel.c b/bin/named/statschannel.c
index 2b4ffbb88b..d8f8ef625c 100644
--- a/bin/named/statschannel.c
+++ b/bin/named/statschannel.c
@@ -238,6 +238,13 @@ init_desc(void) {
 	SET_NSSTATDESC(sitmatch, "source identity token - match", "SitMatch");
 #endif
 	SET_NSSTATDESC(ecsopt, "EDNS client subnet option recieved", "ECSOpt");
+	SET_NSSTATDESC(nxdomainredirect,
+	        "queries resulted in NXDOMAIN that were redirected",
+                "QryNXRedir");
+	SET_NSSTATDESC(nxdomainredirect_rlookup,
+	        "queries resulted in NXDOMAIN that were redirected and "
+	        "resulted in a successful remote lookup",
+	        "QryNXRedirRLookup");
 	INSIST(i == dns_nsstatscounter_max);
 
 	/* Initialize resolver statistics */
diff --git a/bin/tests/system/redirect/tests.sh b/bin/tests/system/redirect/tests.sh
index 7948415f21..38c47f95d3 100644
--- a/bin/tests/system/redirect/tests.sh
+++ b/bin/tests/system/redirect/tests.sh
@@ -55,6 +55,20 @@ n=`expr $n + 1`
 if [ $ret != 0 ]; then echo "I:failed"; fi
 status=`expr $status + $ret`
 
+echo "I:checking A zone redirect updates statistics ($n)"
+ret=0
+rm ns2/named.stats 2>/dev/null
+$RNDC -c ../common/rndc.conf -s 10.53.0.2 -p 9953 stats || ret=1
+PRE=`sed -n -e "s/[    ]*\([0-9]*\).queries resulted in NXDOMAIN that were redirected$/\1/p"  ns2/named.stats`
+$DIG $DIGOPTS nonexist. @10.53.0.2 -b 10.53.0.2 a > dig.out.ns2.test$n || ret=1
+rm ns2/named.stats 2>/dev/null
+$RNDC -c ../common/rndc.conf -s 10.53.0.2 -p 9953 stats || ret=1
+POST=`sed -n -e "s/[    ]*\([0-9]*\).queries resulted in NXDOMAIN that were redirected$/\1/p"  ns2/named.stats`
+if [ `expr $POST - $PRE` != 1 ]; then ret=1; fi
+n=`expr $n + 1`
+if [ $ret != 0 ]; then echo "I:failed"; fi
+status=`expr $status + $ret`
+
 echo "I:checking AAAA zone redirect works for nonexist ($n)"
 ret=0
 $DIG $DIGOPTS nonexist. @10.53.0.2 -b 10.53.0.2 aaaa > dig.out.ns2.test$n || ret=1
@@ -374,6 +388,10 @@ status=`expr $status + $ret`
 
 echo "I:checking AAAA nxdomain-redirect works for nonexist ($n)"
 ret=0
+rm ns4/named.stats 2>/dev/null
+$RNDC -c ../common/rndc.conf -s 10.53.0.4 -p 9953 stats || ret=1
+PRE_RED=`sed -n -e "s/[    ]*\([0-9]*\).queries resulted in NXDOMAIN that were redirected$/\1/p"  ns4/named.stats`
+PRE_SUC=`sed -n -e "s/[    ]*\([0-9]*\).queries resulted in NXDOMAIN that were redirected and resulted in a successful remote lookup$/\1/p"  ns4/named.stats`
 $DIG $DIGOPTS nonexist. @10.53.0.4 -b 10.53.0.2 aaaa > dig.out.ns4.test$n || ret=1
 grep "status: NOERROR" dig.out.ns4.test$n > /dev/null || ret=1
 grep "nonexist.	.*2001:ffff:ffff::6464:6401" dig.out.ns4.test$n > /dev/null || ret=1
@@ -381,6 +399,18 @@ n=`expr $n + 1`
 if [ $ret != 0 ]; then echo "I:failed"; fi
 status=`expr $status + $ret`
 
+echo "I:checking AAAA nxdomain-redirect updates statistics ($n)"
+ret=0
+rm ns4/named.stats 2>/dev/null
+$RNDC -c ../common/rndc.conf -s 10.53.0.4 -p 9953 stats || ret=1
+POST_RED=`sed -n -e "s/[    ]*\([0-9]*\).queries resulted in NXDOMAIN that were redirected$/\1/p"  ns4/named.stats`
+POST_SUC=`sed -n -e "s/[    ]*\([0-9]*\).queries resulted in NXDOMAIN that were redirected and resulted in a successful remote lookup$/\1/p"  ns4/named.stats`
+if [ `expr $POST_RED - $PRE_RED` != 1 ]; then ret=1; fi
+if [ `expr $POST_SUC - $PRE_SUC` != 1 ]; then ret=1; fi
+n=`expr $n + 1`
+if [ $ret != 0 ]; then echo "I:failed"; fi
+status=`expr $status + $ret`
+
 echo "I:checking ANY nxdomain-redirect works for nonexist ($n)"
 ret=0
 $DIG $DIGOPTS nonexist. @10.53.0.4 -b 10.53.0.2 any > dig.out.ns4.test$n || ret=1
diff --git a/doc/arm/Bv9ARM-book.xml b/doc/arm/Bv9ARM-book.xml
index 633ff0d169..3f8a988e42 100644
--- a/doc/arm/Bv9ARM-book.xml
+++ b/doc/arm/Bv9ARM-book.xml
@@ -15446,6 +15446,33 @@ HOST-127.EXAMPLE. MX 0 .
 		      </para>
 		    </entry>
 		  </row>
+		  <row rowsep="0">
+		    <entry colname="1">
+		      <para><command>QryNXRedir</command></para>
+		    </entry>
+		    <entry colname="2">
+		      <para><command></command></para>
+		    </entry>
+		    <entry colname="3">
+		      <para>
+			Queries resulted in NXDOMAIN that were redirected.
+		      </para>
+		    </entry>
+		  </row>
+		  <row rowsep="0">
+		    <entry colname="1">
+		      <para><command>QryNXRedirRLookup</command></para>
+		    </entry>
+		    <entry colname="2">
+		      <para><command></command></para>
+		    </entry>
+		    <entry colname="3">
+		      <para>
+			Queries resulted in NXDOMAIN that were redirected
+			and resulted in a successful remote lookup.
+		      </para>
+		    </entry>
+		  </row>
 		  <row rowsep="0">
 		    <entry colname="1">
 		      <para><command>XfrReqDone</command></para>