upstream/unbound
1
0
Fork 0
mirror of https://github.com/NLnetLabs/unbound.git synced 2025-12-20 23:00:56 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions

Qname minimisation review fixes

Browse source 
git-svn-id: file:///svn/unbound/trunk@3561 be551aaa-1e26-0410-a405-d3ace91eadb9
This commit is contained in:
Ralph Dolmans 2015-12-01 13:14:00 +00:00
parent 05b0136f76
commit 014142d7bf
4 changed files with 14 additions and 5 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
doc/Changelog
View file

@ -1,3 +1,6 @@
1 December 2015: Ralph
- Qname minimisation review fixes
1 December 2015: Wouter 1 December 2015: Wouter
- Fixup 724 fix for fname_after_chroot() calls. - Fixup 724 fix for fname_after_chroot() calls.
- Remove stdout printout for unbound-service-install.exe - Remove stdout printout for unbound-service-install.exe

5
doc/example.conf.in
View file

@ -296,6 +296,11 @@ server:
# to validate the zone. # to validate the zone.
# harden-algo-downgrade: no # harden-algo-downgrade: no
# Sent minimum amount of information to upstream servers to enhance
# privacy. Only sent minimum required labels of the QNAME and set QTYPE
# to NS when possible.
# qname-minimisation: no
# Use 0x20-encoded random bits in the query to foil spoof attempts. # Use 0x20-encoded random bits in the query to foil spoof attempts.
# This feature is an experimental implementation of draft dns-0x20. # This feature is an experimental implementation of draft dns-0x20.
# use-caps-for-id: no # use-caps-for-id: no

9
iterator/iterator.c
View file

@ -117,8 +117,7 @@ iter_deinit(struct module_env* env, int id)
if(!env || !env->modinfo[id]) if(!env || !env->modinfo[id])
return; return;
iter_env = (struct iter_env*)env->modinfo[id]; iter_env = (struct iter_env*)env->modinfo[id];
if(env->cfg->qname_minimisation) free(iter_env->ip6arpa_dname);
free(iter_env->ip6arpa_dname);
free(iter_env->target_fetch_policy); free(iter_env->target_fetch_policy);
priv_delete(iter_env->priv); priv_delete(iter_env->priv);
donotq_delete(iter_env->donotq); donotq_delete(iter_env->donotq);
@ -2010,7 +2009,7 @@ processQueryTargets(struct module_qstate* qstate, struct iter_qstate* iq,
if(iq->minimisation_state == INIT_MINIMISE_STATE) { if(iq->minimisation_state == INIT_MINIMISE_STATE) {
/* (Re)set qinfo_out to (new) delegation point, except /* (Re)set qinfo_out to (new) delegation point, except
* when qinfo_out is already a subdomain op dp. This happens * when qinfo_out is already a subdomain of dp. This happens
* when resolving ip6.arpa dnames. */ * when resolving ip6.arpa dnames. */
if(!(iq->qinfo_out.qname_len if(!(iq->qinfo_out.qname_len
&& dname_subdomain_c(iq->qchase.qname, && dname_subdomain_c(iq->qchase.qname,
@ -2061,7 +2060,9 @@ processQueryTargets(struct module_qstate* qstate, struct iter_qstate* iq,
iq->qinfo_out.qtype, iq->qinfo_out.qclass, iq->qinfo_out.qtype, iq->qinfo_out.qclass,
qstate->query_flags, qstate->region, qstate->query_flags, qstate->region,
qstate->env->scratch); qstate->env->scratch);
if(msg && msg->rep->an_numrrsets == 0) if(msg && msg->rep->an_numrrsets == 0
&& FLAGS_GET_RCODE(msg->rep->flags) ==
LDNS_RCODE_NOERROR)
/* no need to send query if it is already /* no need to send query if it is already
* cached as NOERROR/NODATA */ * cached as NOERROR/NODATA */
return 1; return 1;

2
util/config_file.h
View file

@ -364,7 +364,7 @@ struct config_file {
struct config_str2list* ratelimit_below_domain; struct config_str2list* ratelimit_below_domain;
/** ratelimit factor, 0 blocks all, 10 allows 1/10 of traffic */ /** ratelimit factor, 0 blocks all, 10 allows 1/10 of traffic */
int ratelimit_factor; int ratelimit_factor;
/** minimise outgoing QNAME and hide original QTYPE if possible */
int qname_minimisation; int qname_minimisation;
}; };