Qname minimisation review fixes

git-svn-id: file:///svn/unbound/trunk@3561 be551aaa-1e26-0410-a405-d3ace91eadb9
2025-12-20 23:00:56 -05:00 · 2015-12-01 13:14:00 +00:00 · 2015-12-01 13:14:00 +00:00 · 014142d7bf
commit 014142d7bf
parent 05b0136f76
4 changed files with 14 additions and 5 deletions
--- a/doc/Changelog
+++ b/doc/Changelog
@ -1,3 +1,6 @@
+1 December 2015: Ralph
+	- Qname minimisation review fixes
+
 1 December 2015: Wouter
 	- Fixup 724 fix for fname_after_chroot() calls.
 	- Remove stdout printout for unbound-service-install.exe
--- a/doc/example.conf.in
+++ b/doc/example.conf.in
@ -296,6 +296,11 @@ server:
 	# to validate the zone.
 	# harden-algo-downgrade: no

+	# Sent minimum amount of information to upstream servers to enhance 
+	# privacy. Only sent minimum required labels of the QNAME and set QTYPE
+	# to NS when possible.
+	# qname-minimisation: no
+
 	# Use 0x20-encoded random bits in the query to foil spoof attempts.
 	# This feature is an experimental implementation of draft dns-0x20.
 	# use-caps-for-id: no
--- a/iterator/iterator.c
+++ b/iterator/iterator.c
@ -117,8 +117,7 @@ iter_deinit(struct module_env* env, int id)
 	if(!env || !env->modinfo[id])
 		return;
 	iter_env = (struct iter_env*)env->modinfo[id];
-	if(env->cfg->qname_minimisation)
-		free(iter_env->ip6arpa_dname);
+	free(iter_env->ip6arpa_dname);
 	free(iter_env->target_fetch_policy);
 	priv_delete(iter_env->priv);
 	donotq_delete(iter_env->donotq);
@ -2010,7 +2009,7 @@ processQueryTargets(struct module_qstate* qstate, struct iter_qstate* iq,

 	if(iq->minimisation_state == INIT_MINIMISE_STATE) {
 		/* (Re)set qinfo_out to (new) delegation point, except
- 		 * when qinfo_out is already a subdomain op dp. This happens
+ 		 * when qinfo_out is already a subdomain of dp. This happens
 		 * when resolving ip6.arpa dnames. */
 		if(!(iq->qinfo_out.qname_len 
 			&& dname_subdomain_c(iq->qchase.qname, 
@ -2061,7 +2060,9 @@ processQueryTargets(struct module_qstate* qstate, struct iter_qstate* iq,
 				iq->qinfo_out.qtype, iq->qinfo_out.qclass, 
 				qstate->query_flags, qstate->region, 
 				qstate->env->scratch);
-			if(msg && msg->rep->an_numrrsets == 0)
+			if(msg && msg->rep->an_numrrsets == 0
+				&& FLAGS_GET_RCODE(msg->rep->flags) == 
+				LDNS_RCODE_NOERROR)
 				/* no need to send query if it is already 
 				 * cached as NOERROR/NODATA */
 				return 1;
--- a/util/config_file.h
+++ b/util/config_file.h
@ -364,7 +364,7 @@ struct config_file {
 	struct config_str2list* ratelimit_below_domain;
 	/** ratelimit factor, 0 blocks all, 10 allows 1/10 of traffic */
 	int ratelimit_factor;
-
+	/** minimise outgoing QNAME and hide original QTYPE if possible */
 	int qname_minimisation;
 };