upstream/unbound
1
0
Fork 0
mirror of https://github.com/NLnetLabs/unbound.git synced 2025-12-21 23:31:06 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions

Add infra-keep-probing: yes option. Hosts that are down are probed more

Browse source 
frequently.
This commit is contained in:
W.C.A. Wijngaards 2020-04-22 16:29:06 +02:00
parent 584c2cf804
commit 055f5e68a3
11 changed files with 4001 additions and 3920 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
doc/example.conf.in
View file

@ -188,6 +188,9 @@ server:
# minimum wait time for responses, increase if uplink is long. In msec.
# infra-cache-min-rtt: 50
# enable to make server probe down hosts more frequently.
# infra-keep-probing: no
# the number of slabs to use for the Infrastructure cache.
# the number of slabs must be a power of 2.
# more slabs reduce lock contention, but fragment memory usage.

6
doc/unbound.conf.5.in
View file

@ -376,6 +376,12 @@ Lower limit for dynamic retransmit timeout calculation in infrastructure
cache. Default is 50 milliseconds. Increase this value if using forwarders
needing more time to do recursive name resolution.
.TP
.B infra\-keep\-probing: \fI<yes or no>
If enabled the server keeps probing hosts that are down, in the one probe
at a time regime. Default is no. Hosts that are down, eg. they did
not respond during the one probe at a time period, are marked as down and
it may take \fBinfra\-host\-ttl\fR time to get probed again.
.TP
.B define\-tag: \fI<"list of tags">
Define the tags that can be used with local\-zone and access\-control.
Enclose the list between quotes ("") and put spaces between tags.

28
services/cache/infra.c vendored
View file

@ -244,6 +244,7 @@ infra_create(struct config_file* cfg)
return NULL;
}
infra->host_ttl = cfg->host_ttl;
infra->infra_keep_probing = cfg->infra_keep_probing;
infra_dp_ratelimit = cfg->ratelimit;
infra->domain_rates = slabhash_create(cfg->ratelimit_slabs,
INFRA_HOST_STARTSIZE, cfg->ratelimit_size,
@ -297,6 +298,7 @@ infra_adjust(struct infra_cache* infra, struct config_file* cfg)
if(!infra)
return infra_create(cfg);
infra->host_ttl = cfg->host_ttl;
infra->infra_keep_probing = cfg->infra_keep_probing;
infra_dp_ratelimit = cfg->ratelimit;
infra_ip_ratelimit = cfg->ip_ratelimit;
maxmem = cfg->infra_cache_numhosts * (sizeof(struct infra_key)+
@ -445,6 +447,7 @@ infra_host(struct infra_cache* infra, struct sockaddr_storage* addr,
if(e && ((struct infra_data*)e->data)->ttl < timenow) {
/* it expired, try to reuse existing entry */
int old = ((struct infra_data*)e->data)->rtt.rto;
time_t tprobe = ((struct infra_data*)e->data)->probedelay;
uint8_t tA = ((struct infra_data*)e->data)->timeout_A;
uint8_t tAAAA = ((struct infra_data*)e->data)->timeout_AAAA;
uint8_t tother = ((struct infra_data*)e->data)->timeout_other;
@ -460,6 +463,7 @@ infra_host(struct infra_cache* infra, struct sockaddr_storage* addr,
if(old >= USEFUL_SERVER_TOP_TIMEOUT) {
((struct infra_data*)e->data)->rtt.rto
= USEFUL_SERVER_TOP_TIMEOUT;
((struct infra_data*)e->data)->probedelay = tprobe;
((struct infra_data*)e->data)->timeout_A = tA;
((struct infra_data*)e->data)->timeout_AAAA = tAAAA;
((struct infra_data*)e->data)->timeout_other = tother;
@ -482,7 +486,8 @@ infra_host(struct infra_cache* infra, struct sockaddr_storage* addr,
*edns_vs = data->edns_version;
*edns_lame_known = data->edns_lame_known;
*to = rtt_timeout(&data->rtt);
if(*to >= PROBE_MAXRTO && rtt_notimeout(&data->rtt)*4 <= *to) {
if(*to >= PROBE_MAXRTO && (infra->infra_keep_probing ||
rtt_notimeout(&data->rtt)*4 <= *to)) {
/* delay other queries, this is the probe query */
if(!wr) {
lock_rw_unlock(&e->lock);
@ -566,18 +571,27 @@ infra_rtt_update(struct infra_cache* infra, struct sockaddr_storage* addr,
struct lruhash_entry* e = infra_lookup_nottl(infra, addr, addrlen,
nm, nmlen, 1);
struct infra_data* data;
int needtoinsert = 0;
int needtoinsert = 0, expired = 0;
int rto = 1;
time_t oldprobedelay = 0;
if(!e) {
if(!(e = new_entry(infra, addr, addrlen, nm, nmlen, timenow)))
return 0;
needtoinsert = 1;
} else if(((struct infra_data*)e->data)->ttl < timenow) {
oldprobedelay = ((struct infra_data*)e->data)->probedelay;
data_entry_init(infra, e, timenow);
expired = 1;
}
/* have an entry, update the rtt */
data = (struct infra_data*)e->data;
if(roundtrip == -1) {
if(needtoinsert || expired) {
/* timeout on entry that has expired before the timer
* keep old timeout from the function caller */
data->rtt.rto = orig_rtt;
data->probedelay = oldprobedelay;
}
rtt_lost(&data->rtt, orig_rtt);
if(qtype == LDNS_RR_TYPE_A) {
if(data->timeout_A < TIMEOUT_COUNT_MAX)
@ -681,7 +695,12 @@ infra_get_lame_rtt(struct infra_cache* infra,
return 0;
host = (struct infra_data*)e->data;
*rtt = rtt_unclamped(&host->rtt);
if(host->rtt.rto >= PROBE_MAXRTO && timenow < host->probedelay
if(host->rtt.rto >= PROBE_MAXRTO && timenow >= host->probedelay
&& infra->infra_keep_probing) {
/* single probe, keep probing */
if(*rtt >= USEFUL_SERVER_TOP_TIMEOUT)
*rtt = USEFUL_SERVER_TOP_TIMEOUT-1000;
} else if(host->rtt.rto >= PROBE_MAXRTO && timenow < host->probedelay
&& rtt_notimeout(&host->rtt)*4 <= host->rtt.rto) {
/* single probe for this domain, and we are not probing */
/* unless the query type allows a probe to happen */
@ -704,7 +723,8 @@ infra_get_lame_rtt(struct infra_cache* infra,
/* see if this can be a re-probe of an unresponsive server */
/* minus 1000 because that is outside of the RTTBAND, so
* blacklisted servers stay blacklisted if this is chosen */
if(host->rtt.rto >= USEFUL_SERVER_TOP_TIMEOUT) {
if(host->rtt.rto >= USEFUL_SERVER_TOP_TIMEOUT ||
infra->infra_keep_probing) {
lock_rw_unlock(&e->lock);
*rtt = USEFUL_SERVER_TOP_TIMEOUT-1000;
*lame = 0;

2
services/cache/infra.h vendored
View file

@ -114,6 +114,8 @@ struct infra_cache {
struct slabhash* hosts;
/** TTL value for host information, in seconds */
int host_ttl;
/** the hosts that are down are kept probed for recovery */
int infra_keep_probing;
/** hash table with query rates per name: rate_key, rate_data */
struct slabhash* domain_rates;
/** ratelimit settings for domains, struct domain_limit_data */

3
util/config_file.c
View file

@ -162,6 +162,7 @@ config_create(void)
cfg->infra_cache_slabs = 4;
cfg->infra_cache_numhosts = 10000;
cfg->infra_cache_min_rtt = 50;
cfg->infra_keep_probing = 0;
cfg->delay_close = 0;
if(!(cfg->outgoing_avail_ports = (int*)calloc(65536, sizeof(int))))
goto error_exit;
@ -544,6 +545,7 @@ int config_set_option(struct config_file* cfg, const char* opt,
IS_NUMBER_OR_ZERO; cfg->infra_cache_min_rtt = atoi(val);
RTT_MIN_TIMEOUT=cfg->infra_cache_min_rtt;
}
else S_YNO("infra-keep-probing:", infra_keep_probing)
else S_NUMBER_OR_ZERO("infra-host-ttl:", host_ttl)
else S_POW2("infra-cache-slabs:", infra_cache_slabs)
else S_SIZET_NONZERO("infra-cache-numhosts:", infra_cache_numhosts)
@ -940,6 +942,7 @@ config_get_option(struct config_file* cfg, const char* opt,
else O_DEC(opt, "infra-host-ttl", host_ttl)
else O_DEC(opt, "infra-cache-slabs", infra_cache_slabs)
else O_DEC(opt, "infra-cache-min-rtt", infra_cache_min_rtt)
else O_YNO(opt, "infra-keep-probing", infra_keep_probing)
else O_MEM(opt, "infra-cache-numhosts", infra_cache_numhosts)
else O_UNS(opt, "delay-close", delay_close)
else O_YNO(opt, "do-ip4", do_ip4)

2
util/config_file.h
View file

@ -166,6 +166,8 @@ struct config_file {
size_t infra_cache_numhosts;
/** min value for infra cache rtt */
int infra_cache_min_rtt;
/** keep probing hosts that are down */
int infra_keep_probing;
/** delay close of udp-timeouted ports, if 0 no delayclose. in msec */
int delay_close;

4279
util/configlexer.c
View file

File diff suppressed because it is too large Load diff

1
util/configlexer.lex
View file

@ -283,6 +283,7 @@ infra-cache-slabs{COLON} { YDVAR(1, VAR_INFRA_CACHE_SLABS) }
infra-cache-numhosts{COLON} { YDVAR(1, VAR_INFRA_CACHE_NUMHOSTS) }
infra-cache-lame-size{COLON} { YDVAR(1, VAR_INFRA_CACHE_LAME_SIZE) }
infra-cache-min-rtt{COLON} { YDVAR(1, VAR_INFRA_CACHE_MIN_RTT) }
infra-keep-probing{COLON} { YDVAR(1, VAR_INFRA_KEEP_PROBING) }
num-queries-per-thread{COLON} { YDVAR(1, VAR_NUM_QUERIES_PER_THREAD) }
jostle-timeout{COLON} { YDVAR(1, VAR_JOSTLE_TIMEOUT) }
delay-close{COLON} { YDVAR(1, VAR_DELAY_CLOSE) }

3023
util/configparser.c
View file

File diff suppressed because it is too large Load diff

560
util/configparser.h
View file

@ -195,145 +195,146 @@ extern int yydebug;
VAR_UNBLOCK_LAN_ZONES = 401,
VAR_INSECURE_LAN_ZONES = 402,
VAR_INFRA_CACHE_MIN_RTT = 403,
VAR_DNS64_PREFIX = 404,
VAR_DNS64_SYNTHALL = 405,
VAR_DNS64_IGNORE_AAAA = 406,
VAR_DNSTAP = 407,
VAR_DNSTAP_ENABLE = 408,
VAR_DNSTAP_SOCKET_PATH = 409,
VAR_DNSTAP_IP = 410,
VAR_DNSTAP_TLS = 411,
VAR_DNSTAP_TLS_SERVER_NAME = 412,
VAR_DNSTAP_TLS_CERT_BUNDLE = 413,
VAR_DNSTAP_TLS_CLIENT_KEY_FILE = 414,
VAR_DNSTAP_TLS_CLIENT_CERT_FILE = 415,
VAR_DNSTAP_SEND_IDENTITY = 416,
VAR_DNSTAP_SEND_VERSION = 417,
VAR_DNSTAP_IDENTITY = 418,
VAR_DNSTAP_VERSION = 419,
VAR_DNSTAP_LOG_RESOLVER_QUERY_MESSAGES = 420,
VAR_DNSTAP_LOG_RESOLVER_RESPONSE_MESSAGES = 421,
VAR_DNSTAP_LOG_CLIENT_QUERY_MESSAGES = 422,
VAR_DNSTAP_LOG_CLIENT_RESPONSE_MESSAGES = 423,
VAR_DNSTAP_LOG_FORWARDER_QUERY_MESSAGES = 424,
VAR_DNSTAP_LOG_FORWARDER_RESPONSE_MESSAGES = 425,
VAR_RESPONSE_IP_TAG = 426,
VAR_RESPONSE_IP = 427,
VAR_RESPONSE_IP_DATA = 428,
VAR_HARDEN_ALGO_DOWNGRADE = 429,
VAR_IP_TRANSPARENT = 430,
VAR_IP_DSCP = 431,
VAR_DISABLE_DNSSEC_LAME_CHECK = 432,
VAR_IP_RATELIMIT = 433,
VAR_IP_RATELIMIT_SLABS = 434,
VAR_IP_RATELIMIT_SIZE = 435,
VAR_RATELIMIT = 436,
VAR_RATELIMIT_SLABS = 437,
VAR_RATELIMIT_SIZE = 438,
VAR_RATELIMIT_FOR_DOMAIN = 439,
VAR_RATELIMIT_BELOW_DOMAIN = 440,
VAR_IP_RATELIMIT_FACTOR = 441,
VAR_RATELIMIT_FACTOR = 442,
VAR_SEND_CLIENT_SUBNET = 443,
VAR_CLIENT_SUBNET_ZONE = 444,
VAR_CLIENT_SUBNET_ALWAYS_FORWARD = 445,
VAR_CLIENT_SUBNET_OPCODE = 446,
VAR_MAX_CLIENT_SUBNET_IPV4 = 447,
VAR_MAX_CLIENT_SUBNET_IPV6 = 448,
VAR_MIN_CLIENT_SUBNET_IPV4 = 449,
VAR_MIN_CLIENT_SUBNET_IPV6 = 450,
VAR_MAX_ECS_TREE_SIZE_IPV4 = 451,
VAR_MAX_ECS_TREE_SIZE_IPV6 = 452,
VAR_CAPS_WHITELIST = 453,
VAR_CACHE_MAX_NEGATIVE_TTL = 454,
VAR_PERMIT_SMALL_HOLDDOWN = 455,
VAR_QNAME_MINIMISATION = 456,
VAR_QNAME_MINIMISATION_STRICT = 457,
VAR_IP_FREEBIND = 458,
VAR_DEFINE_TAG = 459,
VAR_LOCAL_ZONE_TAG = 460,
VAR_ACCESS_CONTROL_TAG = 461,
VAR_LOCAL_ZONE_OVERRIDE = 462,
VAR_ACCESS_CONTROL_TAG_ACTION = 463,
VAR_ACCESS_CONTROL_TAG_DATA = 464,
VAR_VIEW = 465,
VAR_ACCESS_CONTROL_VIEW = 466,
VAR_VIEW_FIRST = 467,
VAR_SERVE_EXPIRED = 468,
VAR_SERVE_EXPIRED_TTL = 469,
VAR_SERVE_EXPIRED_TTL_RESET = 470,
VAR_SERVE_EXPIRED_REPLY_TTL = 471,
VAR_SERVE_EXPIRED_CLIENT_TIMEOUT = 472,
VAR_FAKE_DSA = 473,
VAR_FAKE_SHA1 = 474,
VAR_LOG_IDENTITY = 475,
VAR_HIDE_TRUSTANCHOR = 476,
VAR_TRUST_ANCHOR_SIGNALING = 477,
VAR_AGGRESSIVE_NSEC = 478,
VAR_USE_SYSTEMD = 479,
VAR_SHM_ENABLE = 480,
VAR_SHM_KEY = 481,
VAR_ROOT_KEY_SENTINEL = 482,
VAR_DNSCRYPT = 483,
VAR_DNSCRYPT_ENABLE = 484,
VAR_DNSCRYPT_PORT = 485,
VAR_DNSCRYPT_PROVIDER = 486,
VAR_DNSCRYPT_SECRET_KEY = 487,
VAR_DNSCRYPT_PROVIDER_CERT = 488,
VAR_DNSCRYPT_PROVIDER_CERT_ROTATED = 489,
VAR_DNSCRYPT_SHARED_SECRET_CACHE_SIZE = 490,
VAR_DNSCRYPT_SHARED_SECRET_CACHE_SLABS = 491,
VAR_DNSCRYPT_NONCE_CACHE_SIZE = 492,
VAR_DNSCRYPT_NONCE_CACHE_SLABS = 493,
VAR_IPSECMOD_ENABLED = 494,
VAR_IPSECMOD_HOOK = 495,
VAR_IPSECMOD_IGNORE_BOGUS = 496,
VAR_IPSECMOD_MAX_TTL = 497,
VAR_IPSECMOD_WHITELIST = 498,
VAR_IPSECMOD_STRICT = 499,
VAR_CACHEDB = 500,
VAR_CACHEDB_BACKEND = 501,
VAR_CACHEDB_SECRETSEED = 502,
VAR_CACHEDB_REDISHOST = 503,
VAR_CACHEDB_REDISPORT = 504,
VAR_CACHEDB_REDISTIMEOUT = 505,
VAR_CACHEDB_REDISEXPIRERECORDS = 506,
VAR_UDP_UPSTREAM_WITHOUT_DOWNSTREAM = 507,
VAR_FOR_UPSTREAM = 508,
VAR_AUTH_ZONE = 509,
VAR_ZONEFILE = 510,
VAR_MASTER = 511,
VAR_URL = 512,
VAR_FOR_DOWNSTREAM = 513,
VAR_FALLBACK_ENABLED = 514,
VAR_TLS_ADDITIONAL_PORT = 515,
VAR_LOW_RTT = 516,
VAR_LOW_RTT_PERMIL = 517,
VAR_FAST_SERVER_PERMIL = 518,
VAR_FAST_SERVER_NUM = 519,
VAR_ALLOW_NOTIFY = 520,
VAR_TLS_WIN_CERT = 521,
VAR_TCP_CONNECTION_LIMIT = 522,
VAR_FORWARD_NO_CACHE = 523,
VAR_STUB_NO_CACHE = 524,
VAR_LOG_SERVFAIL = 525,
VAR_DENY_ANY = 526,
VAR_UNKNOWN_SERVER_TIME_LIMIT = 527,
VAR_LOG_TAG_QUERYREPLY = 528,
VAR_STREAM_WAIT_SIZE = 529,
VAR_TLS_CIPHERS = 530,
VAR_TLS_CIPHERSUITES = 531,
VAR_TLS_USE_SNI = 532,
VAR_IPSET = 533,
VAR_IPSET_NAME_V4 = 534,
VAR_IPSET_NAME_V6 = 535,
VAR_TLS_SESSION_TICKET_KEYS = 536,
VAR_RPZ = 537,
VAR_TAGS = 538,
VAR_RPZ_ACTION_OVERRIDE = 539,
VAR_RPZ_CNAME_OVERRIDE = 540,
VAR_RPZ_LOG = 541,
VAR_RPZ_LOG_NAME = 542
VAR_INFRA_KEEP_PROBING = 404,
VAR_DNS64_PREFIX = 405,
VAR_DNS64_SYNTHALL = 406,
VAR_DNS64_IGNORE_AAAA = 407,
VAR_DNSTAP = 408,
VAR_DNSTAP_ENABLE = 409,
VAR_DNSTAP_SOCKET_PATH = 410,
VAR_DNSTAP_IP = 411,
VAR_DNSTAP_TLS = 412,
VAR_DNSTAP_TLS_SERVER_NAME = 413,
VAR_DNSTAP_TLS_CERT_BUNDLE = 414,
VAR_DNSTAP_TLS_CLIENT_KEY_FILE = 415,
VAR_DNSTAP_TLS_CLIENT_CERT_FILE = 416,
VAR_DNSTAP_SEND_IDENTITY = 417,
VAR_DNSTAP_SEND_VERSION = 418,
VAR_DNSTAP_IDENTITY = 419,
VAR_DNSTAP_VERSION = 420,
VAR_DNSTAP_LOG_RESOLVER_QUERY_MESSAGES = 421,
VAR_DNSTAP_LOG_RESOLVER_RESPONSE_MESSAGES = 422,
VAR_DNSTAP_LOG_CLIENT_QUERY_MESSAGES = 423,
VAR_DNSTAP_LOG_CLIENT_RESPONSE_MESSAGES = 424,
VAR_DNSTAP_LOG_FORWARDER_QUERY_MESSAGES = 425,
VAR_DNSTAP_LOG_FORWARDER_RESPONSE_MESSAGES = 426,
VAR_RESPONSE_IP_TAG = 427,
VAR_RESPONSE_IP = 428,
VAR_RESPONSE_IP_DATA = 429,
VAR_HARDEN_ALGO_DOWNGRADE = 430,
VAR_IP_TRANSPARENT = 431,
VAR_IP_DSCP = 432,
VAR_DISABLE_DNSSEC_LAME_CHECK = 433,
VAR_IP_RATELIMIT = 434,
VAR_IP_RATELIMIT_SLABS = 435,
VAR_IP_RATELIMIT_SIZE = 436,
VAR_RATELIMIT = 437,
VAR_RATELIMIT_SLABS = 438,
VAR_RATELIMIT_SIZE = 439,
VAR_RATELIMIT_FOR_DOMAIN = 440,
VAR_RATELIMIT_BELOW_DOMAIN = 441,
VAR_IP_RATELIMIT_FACTOR = 442,
VAR_RATELIMIT_FACTOR = 443,
VAR_SEND_CLIENT_SUBNET = 444,
VAR_CLIENT_SUBNET_ZONE = 445,
VAR_CLIENT_SUBNET_ALWAYS_FORWARD = 446,
VAR_CLIENT_SUBNET_OPCODE = 447,
VAR_MAX_CLIENT_SUBNET_IPV4 = 448,
VAR_MAX_CLIENT_SUBNET_IPV6 = 449,
VAR_MIN_CLIENT_SUBNET_IPV4 = 450,
VAR_MIN_CLIENT_SUBNET_IPV6 = 451,
VAR_MAX_ECS_TREE_SIZE_IPV4 = 452,
VAR_MAX_ECS_TREE_SIZE_IPV6 = 453,
VAR_CAPS_WHITELIST = 454,
VAR_CACHE_MAX_NEGATIVE_TTL = 455,
VAR_PERMIT_SMALL_HOLDDOWN = 456,
VAR_QNAME_MINIMISATION = 457,
VAR_QNAME_MINIMISATION_STRICT = 458,
VAR_IP_FREEBIND = 459,
VAR_DEFINE_TAG = 460,
VAR_LOCAL_ZONE_TAG = 461,
VAR_ACCESS_CONTROL_TAG = 462,
VAR_LOCAL_ZONE_OVERRIDE = 463,
VAR_ACCESS_CONTROL_TAG_ACTION = 464,
VAR_ACCESS_CONTROL_TAG_DATA = 465,
VAR_VIEW = 466,
VAR_ACCESS_CONTROL_VIEW = 467,
VAR_VIEW_FIRST = 468,
VAR_SERVE_EXPIRED = 469,
VAR_SERVE_EXPIRED_TTL = 470,
VAR_SERVE_EXPIRED_TTL_RESET = 471,
VAR_SERVE_EXPIRED_REPLY_TTL = 472,
VAR_SERVE_EXPIRED_CLIENT_TIMEOUT = 473,
VAR_FAKE_DSA = 474,
VAR_FAKE_SHA1 = 475,
VAR_LOG_IDENTITY = 476,
VAR_HIDE_TRUSTANCHOR = 477,
VAR_TRUST_ANCHOR_SIGNALING = 478,
VAR_AGGRESSIVE_NSEC = 479,
VAR_USE_SYSTEMD = 480,
VAR_SHM_ENABLE = 481,
VAR_SHM_KEY = 482,
VAR_ROOT_KEY_SENTINEL = 483,
VAR_DNSCRYPT = 484,
VAR_DNSCRYPT_ENABLE = 485,
VAR_DNSCRYPT_PORT = 486,
VAR_DNSCRYPT_PROVIDER = 487,
VAR_DNSCRYPT_SECRET_KEY = 488,
VAR_DNSCRYPT_PROVIDER_CERT = 489,
VAR_DNSCRYPT_PROVIDER_CERT_ROTATED = 490,
VAR_DNSCRYPT_SHARED_SECRET_CACHE_SIZE = 491,
VAR_DNSCRYPT_SHARED_SECRET_CACHE_SLABS = 492,
VAR_DNSCRYPT_NONCE_CACHE_SIZE = 493,
VAR_DNSCRYPT_NONCE_CACHE_SLABS = 494,
VAR_IPSECMOD_ENABLED = 495,
VAR_IPSECMOD_HOOK = 496,
VAR_IPSECMOD_IGNORE_BOGUS = 497,
VAR_IPSECMOD_MAX_TTL = 498,
VAR_IPSECMOD_WHITELIST = 499,
VAR_IPSECMOD_STRICT = 500,
VAR_CACHEDB = 501,
VAR_CACHEDB_BACKEND = 502,
VAR_CACHEDB_SECRETSEED = 503,
VAR_CACHEDB_REDISHOST = 504,
VAR_CACHEDB_REDISPORT = 505,
VAR_CACHEDB_REDISTIMEOUT = 506,
VAR_CACHEDB_REDISEXPIRERECORDS = 507,
VAR_UDP_UPSTREAM_WITHOUT_DOWNSTREAM = 508,
VAR_FOR_UPSTREAM = 509,
VAR_AUTH_ZONE = 510,
VAR_ZONEFILE = 511,
VAR_MASTER = 512,
VAR_URL = 513,
VAR_FOR_DOWNSTREAM = 514,
VAR_FALLBACK_ENABLED = 515,
VAR_TLS_ADDITIONAL_PORT = 516,
VAR_LOW_RTT = 517,
VAR_LOW_RTT_PERMIL = 518,
VAR_FAST_SERVER_PERMIL = 519,
VAR_FAST_SERVER_NUM = 520,
VAR_ALLOW_NOTIFY = 521,
VAR_TLS_WIN_CERT = 522,
VAR_TCP_CONNECTION_LIMIT = 523,
VAR_FORWARD_NO_CACHE = 524,
VAR_STUB_NO_CACHE = 525,
VAR_LOG_SERVFAIL = 526,
VAR_DENY_ANY = 527,
VAR_UNKNOWN_SERVER_TIME_LIMIT = 528,
VAR_LOG_TAG_QUERYREPLY = 529,
VAR_STREAM_WAIT_SIZE = 530,
VAR_TLS_CIPHERS = 531,
VAR_TLS_CIPHERSUITES = 532,
VAR_TLS_USE_SNI = 533,
VAR_IPSET = 534,
VAR_IPSET_NAME_V4 = 535,
VAR_IPSET_NAME_V6 = 536,
VAR_TLS_SESSION_TICKET_KEYS = 537,
VAR_RPZ = 538,
VAR_TAGS = 539,
VAR_RPZ_ACTION_OVERRIDE = 540,
VAR_RPZ_CNAME_OVERRIDE = 541,
VAR_RPZ_LOG = 542,
VAR_RPZ_LOG_NAME = 543
};
#endif
/* Tokens. */
@ -483,145 +484,146 @@ extern int yydebug;
#define VAR_UNBLOCK_LAN_ZONES 401
#define VAR_INSECURE_LAN_ZONES 402
#define VAR_INFRA_CACHE_MIN_RTT 403
#define VAR_DNS64_PREFIX 404
#define VAR_DNS64_SYNTHALL 405
#define VAR_DNS64_IGNORE_AAAA 406
#define VAR_DNSTAP 407
#define VAR_DNSTAP_ENABLE 408
#define VAR_DNSTAP_SOCKET_PATH 409
#define VAR_DNSTAP_IP 410
#define VAR_DNSTAP_TLS 411
#define VAR_DNSTAP_TLS_SERVER_NAME 412
#define VAR_DNSTAP_TLS_CERT_BUNDLE 413
#define VAR_DNSTAP_TLS_CLIENT_KEY_FILE 414
#define VAR_DNSTAP_TLS_CLIENT_CERT_FILE 415
#define VAR_DNSTAP_SEND_IDENTITY 416
#define VAR_DNSTAP_SEND_VERSION 417
#define VAR_DNSTAP_IDENTITY 418
#define VAR_DNSTAP_VERSION 419
#define VAR_DNSTAP_LOG_RESOLVER_QUERY_MESSAGES 420
#define VAR_DNSTAP_LOG_RESOLVER_RESPONSE_MESSAGES 421
#define VAR_DNSTAP_LOG_CLIENT_QUERY_MESSAGES 422
#define VAR_DNSTAP_LOG_CLIENT_RESPONSE_MESSAGES 423
#define VAR_DNSTAP_LOG_FORWARDER_QUERY_MESSAGES 424
#define VAR_DNSTAP_LOG_FORWARDER_RESPONSE_MESSAGES 425
#define VAR_RESPONSE_IP_TAG 426
#define VAR_RESPONSE_IP 427
#define VAR_RESPONSE_IP_DATA 428
#define VAR_HARDEN_ALGO_DOWNGRADE 429
#define VAR_IP_TRANSPARENT 430
#define VAR_IP_DSCP 431
#define VAR_DISABLE_DNSSEC_LAME_CHECK 432
#define VAR_IP_RATELIMIT 433
#define VAR_IP_RATELIMIT_SLABS 434
#define VAR_IP_RATELIMIT_SIZE 435
#define VAR_RATELIMIT 436
#define VAR_RATELIMIT_SLABS 437
#define VAR_RATELIMIT_SIZE 438
#define VAR_RATELIMIT_FOR_DOMAIN 439
#define VAR_RATELIMIT_BELOW_DOMAIN 440
#define VAR_IP_RATELIMIT_FACTOR 441
#define VAR_RATELIMIT_FACTOR 442
#define VAR_SEND_CLIENT_SUBNET 443
#define VAR_CLIENT_SUBNET_ZONE 444
#define VAR_CLIENT_SUBNET_ALWAYS_FORWARD 445
#define VAR_CLIENT_SUBNET_OPCODE 446
#define VAR_MAX_CLIENT_SUBNET_IPV4 447
#define VAR_MAX_CLIENT_SUBNET_IPV6 448
#define VAR_MIN_CLIENT_SUBNET_IPV4 449
#define VAR_MIN_CLIENT_SUBNET_IPV6 450
#define VAR_MAX_ECS_TREE_SIZE_IPV4 451
#define VAR_MAX_ECS_TREE_SIZE_IPV6 452
#define VAR_CAPS_WHITELIST 453
#define VAR_CACHE_MAX_NEGATIVE_TTL 454
#define VAR_PERMIT_SMALL_HOLDDOWN 455
#define VAR_QNAME_MINIMISATION 456
#define VAR_QNAME_MINIMISATION_STRICT 457
#define VAR_IP_FREEBIND 458
#define VAR_DEFINE_TAG 459
#define VAR_LOCAL_ZONE_TAG 460
#define VAR_ACCESS_CONTROL_TAG 461
#define VAR_LOCAL_ZONE_OVERRIDE 462
#define VAR_ACCESS_CONTROL_TAG_ACTION 463
#define VAR_ACCESS_CONTROL_TAG_DATA 464
#define VAR_VIEW 465
#define VAR_ACCESS_CONTROL_VIEW 466
#define VAR_VIEW_FIRST 467
#define VAR_SERVE_EXPIRED 468
#define VAR_SERVE_EXPIRED_TTL 469
#define VAR_SERVE_EXPIRED_TTL_RESET 470
#define VAR_SERVE_EXPIRED_REPLY_TTL 471
#define VAR_SERVE_EXPIRED_CLIENT_TIMEOUT 472
#define VAR_FAKE_DSA 473
#define VAR_FAKE_SHA1 474
#define VAR_LOG_IDENTITY 475
#define VAR_HIDE_TRUSTANCHOR 476
#define VAR_TRUST_ANCHOR_SIGNALING 477
#define VAR_AGGRESSIVE_NSEC 478
#define VAR_USE_SYSTEMD 479
#define VAR_SHM_ENABLE 480
#define VAR_SHM_KEY 481
#define VAR_ROOT_KEY_SENTINEL 482
#define VAR_DNSCRYPT 483
#define VAR_DNSCRYPT_ENABLE 484
#define VAR_DNSCRYPT_PORT 485
#define VAR_DNSCRYPT_PROVIDER 486
#define VAR_DNSCRYPT_SECRET_KEY 487
#define VAR_DNSCRYPT_PROVIDER_CERT 488
#define VAR_DNSCRYPT_PROVIDER_CERT_ROTATED 489
#define VAR_DNSCRYPT_SHARED_SECRET_CACHE_SIZE 490
#define VAR_DNSCRYPT_SHARED_SECRET_CACHE_SLABS 491
#define VAR_DNSCRYPT_NONCE_CACHE_SIZE 492
#define VAR_DNSCRYPT_NONCE_CACHE_SLABS 493
#define VAR_IPSECMOD_ENABLED 494
#define VAR_IPSECMOD_HOOK 495
#define VAR_IPSECMOD_IGNORE_BOGUS 496
#define VAR_IPSECMOD_MAX_TTL 497
#define VAR_IPSECMOD_WHITELIST 498
#define VAR_IPSECMOD_STRICT 499
#define VAR_CACHEDB 500
#define VAR_CACHEDB_BACKEND 501
#define VAR_CACHEDB_SECRETSEED 502
#define VAR_CACHEDB_REDISHOST 503
#define VAR_CACHEDB_REDISPORT 504
#define VAR_CACHEDB_REDISTIMEOUT 505
#define VAR_CACHEDB_REDISEXPIRERECORDS 506
#define VAR_UDP_UPSTREAM_WITHOUT_DOWNSTREAM 507
#define VAR_FOR_UPSTREAM 508
#define VAR_AUTH_ZONE 509
#define VAR_ZONEFILE 510
#define VAR_MASTER 511
#define VAR_URL 512
#define VAR_FOR_DOWNSTREAM 513
#define VAR_FALLBACK_ENABLED 514
#define VAR_TLS_ADDITIONAL_PORT 515
#define VAR_LOW_RTT 516
#define VAR_LOW_RTT_PERMIL 517
#define VAR_FAST_SERVER_PERMIL 518
#define VAR_FAST_SERVER_NUM 519
#define VAR_ALLOW_NOTIFY 520
#define VAR_TLS_WIN_CERT 521
#define VAR_TCP_CONNECTION_LIMIT 522
#define VAR_FORWARD_NO_CACHE 523
#define VAR_STUB_NO_CACHE 524
#define VAR_LOG_SERVFAIL 525
#define VAR_DENY_ANY 526
#define VAR_UNKNOWN_SERVER_TIME_LIMIT 527
#define VAR_LOG_TAG_QUERYREPLY 528
#define VAR_STREAM_WAIT_SIZE 529
#define VAR_TLS_CIPHERS 530
#define VAR_TLS_CIPHERSUITES 531
#define VAR_TLS_USE_SNI 532
#define VAR_IPSET 533
#define VAR_IPSET_NAME_V4 534
#define VAR_IPSET_NAME_V6 535
#define VAR_TLS_SESSION_TICKET_KEYS 536
#define VAR_RPZ 537
#define VAR_TAGS 538
#define VAR_RPZ_ACTION_OVERRIDE 539
#define VAR_RPZ_CNAME_OVERRIDE 540
#define VAR_RPZ_LOG 541
#define VAR_RPZ_LOG_NAME 542
#define VAR_INFRA_KEEP_PROBING 404
#define VAR_DNS64_PREFIX 405
#define VAR_DNS64_SYNTHALL 406
#define VAR_DNS64_IGNORE_AAAA 407
#define VAR_DNSTAP 408
#define VAR_DNSTAP_ENABLE 409
#define VAR_DNSTAP_SOCKET_PATH 410
#define VAR_DNSTAP_IP 411
#define VAR_DNSTAP_TLS 412
#define VAR_DNSTAP_TLS_SERVER_NAME 413
#define VAR_DNSTAP_TLS_CERT_BUNDLE 414
#define VAR_DNSTAP_TLS_CLIENT_KEY_FILE 415
#define VAR_DNSTAP_TLS_CLIENT_CERT_FILE 416
#define VAR_DNSTAP_SEND_IDENTITY 417
#define VAR_DNSTAP_SEND_VERSION 418
#define VAR_DNSTAP_IDENTITY 419
#define VAR_DNSTAP_VERSION 420
#define VAR_DNSTAP_LOG_RESOLVER_QUERY_MESSAGES 421
#define VAR_DNSTAP_LOG_RESOLVER_RESPONSE_MESSAGES 422
#define VAR_DNSTAP_LOG_CLIENT_QUERY_MESSAGES 423
#define VAR_DNSTAP_LOG_CLIENT_RESPONSE_MESSAGES 424
#define VAR_DNSTAP_LOG_FORWARDER_QUERY_MESSAGES 425
#define VAR_DNSTAP_LOG_FORWARDER_RESPONSE_MESSAGES 426
#define VAR_RESPONSE_IP_TAG 427
#define VAR_RESPONSE_IP 428
#define VAR_RESPONSE_IP_DATA 429
#define VAR_HARDEN_ALGO_DOWNGRADE 430
#define VAR_IP_TRANSPARENT 431
#define VAR_IP_DSCP 432
#define VAR_DISABLE_DNSSEC_LAME_CHECK 433
#define VAR_IP_RATELIMIT 434
#define VAR_IP_RATELIMIT_SLABS 435
#define VAR_IP_RATELIMIT_SIZE 436
#define VAR_RATELIMIT 437
#define VAR_RATELIMIT_SLABS 438
#define VAR_RATELIMIT_SIZE 439
#define VAR_RATELIMIT_FOR_DOMAIN 440
#define VAR_RATELIMIT_BELOW_DOMAIN 441
#define VAR_IP_RATELIMIT_FACTOR 442
#define VAR_RATELIMIT_FACTOR 443
#define VAR_SEND_CLIENT_SUBNET 444
#define VAR_CLIENT_SUBNET_ZONE 445
#define VAR_CLIENT_SUBNET_ALWAYS_FORWARD 446
#define VAR_CLIENT_SUBNET_OPCODE 447
#define VAR_MAX_CLIENT_SUBNET_IPV4 448
#define VAR_MAX_CLIENT_SUBNET_IPV6 449
#define VAR_MIN_CLIENT_SUBNET_IPV4 450
#define VAR_MIN_CLIENT_SUBNET_IPV6 451
#define VAR_MAX_ECS_TREE_SIZE_IPV4 452
#define VAR_MAX_ECS_TREE_SIZE_IPV6 453
#define VAR_CAPS_WHITELIST 454
#define VAR_CACHE_MAX_NEGATIVE_TTL 455
#define VAR_PERMIT_SMALL_HOLDDOWN 456
#define VAR_QNAME_MINIMISATION 457
#define VAR_QNAME_MINIMISATION_STRICT 458
#define VAR_IP_FREEBIND 459
#define VAR_DEFINE_TAG 460
#define VAR_LOCAL_ZONE_TAG 461
#define VAR_ACCESS_CONTROL_TAG 462
#define VAR_LOCAL_ZONE_OVERRIDE 463
#define VAR_ACCESS_CONTROL_TAG_ACTION 464
#define VAR_ACCESS_CONTROL_TAG_DATA 465
#define VAR_VIEW 466
#define VAR_ACCESS_CONTROL_VIEW 467
#define VAR_VIEW_FIRST 468
#define VAR_SERVE_EXPIRED 469
#define VAR_SERVE_EXPIRED_TTL 470
#define VAR_SERVE_EXPIRED_TTL_RESET 471
#define VAR_SERVE_EXPIRED_REPLY_TTL 472
#define VAR_SERVE_EXPIRED_CLIENT_TIMEOUT 473
#define VAR_FAKE_DSA 474
#define VAR_FAKE_SHA1 475
#define VAR_LOG_IDENTITY 476
#define VAR_HIDE_TRUSTANCHOR 477
#define VAR_TRUST_ANCHOR_SIGNALING 478
#define VAR_AGGRESSIVE_NSEC 479
#define VAR_USE_SYSTEMD 480
#define VAR_SHM_ENABLE 481
#define VAR_SHM_KEY 482
#define VAR_ROOT_KEY_SENTINEL 483
#define VAR_DNSCRYPT 484
#define VAR_DNSCRYPT_ENABLE 485
#define VAR_DNSCRYPT_PORT 486
#define VAR_DNSCRYPT_PROVIDER 487
#define VAR_DNSCRYPT_SECRET_KEY 488
#define VAR_DNSCRYPT_PROVIDER_CERT 489
#define VAR_DNSCRYPT_PROVIDER_CERT_ROTATED 490
#define VAR_DNSCRYPT_SHARED_SECRET_CACHE_SIZE 491
#define VAR_DNSCRYPT_SHARED_SECRET_CACHE_SLABS 492
#define VAR_DNSCRYPT_NONCE_CACHE_SIZE 493
#define VAR_DNSCRYPT_NONCE_CACHE_SLABS 494
#define VAR_IPSECMOD_ENABLED 495
#define VAR_IPSECMOD_HOOK 496
#define VAR_IPSECMOD_IGNORE_BOGUS 497
#define VAR_IPSECMOD_MAX_TTL 498
#define VAR_IPSECMOD_WHITELIST 499
#define VAR_IPSECMOD_STRICT 500
#define VAR_CACHEDB 501
#define VAR_CACHEDB_BACKEND 502
#define VAR_CACHEDB_SECRETSEED 503
#define VAR_CACHEDB_REDISHOST 504
#define VAR_CACHEDB_REDISPORT 505
#define VAR_CACHEDB_REDISTIMEOUT 506
#define VAR_CACHEDB_REDISEXPIRERECORDS 507
#define VAR_UDP_UPSTREAM_WITHOUT_DOWNSTREAM 508
#define VAR_FOR_UPSTREAM 509
#define VAR_AUTH_ZONE 510
#define VAR_ZONEFILE 511
#define VAR_MASTER 512
#define VAR_URL 513
#define VAR_FOR_DOWNSTREAM 514
#define VAR_FALLBACK_ENABLED 515
#define VAR_TLS_ADDITIONAL_PORT 516
#define VAR_LOW_RTT 517
#define VAR_LOW_RTT_PERMIL 518
#define VAR_FAST_SERVER_PERMIL 519
#define VAR_FAST_SERVER_NUM 520
#define VAR_ALLOW_NOTIFY 521
#define VAR_TLS_WIN_CERT 522
#define VAR_TCP_CONNECTION_LIMIT 523
#define VAR_FORWARD_NO_CACHE 524
#define VAR_STUB_NO_CACHE 525
#define VAR_LOG_SERVFAIL 526
#define VAR_DENY_ANY 527
#define VAR_UNKNOWN_SERVER_TIME_LIMIT 528
#define VAR_LOG_TAG_QUERYREPLY 529
#define VAR_STREAM_WAIT_SIZE 530
#define VAR_TLS_CIPHERS 531
#define VAR_TLS_CIPHERSUITES 532
#define VAR_TLS_USE_SNI 533
#define VAR_IPSET 534
#define VAR_IPSET_NAME_V4 535
#define VAR_IPSET_NAME_V6 536
#define VAR_TLS_SESSION_TICKET_KEYS 537
#define VAR_RPZ 538
#define VAR_TAGS 539
#define VAR_RPZ_ACTION_OVERRIDE 540
#define VAR_RPZ_CNAME_OVERRIDE 541
#define VAR_RPZ_LOG 542
#define VAR_RPZ_LOG_NAME 543
/* Value type. */
#if ! defined YYSTYPE && ! defined YYSTYPE_IS_DECLARED
@ -631,7 +633,7 @@ union YYSTYPE
char* str;
#line 635 "util/configparser.h"
#line 637 "util/configparser.h"
};
typedef union YYSTYPE YYSTYPE;

14
util/configparser.y
View file

@ -114,7 +114,7 @@ extern struct config_parser_state* cfg_parser;
%token VAR_STUB_FIRST VAR_MINIMAL_RESPONSES VAR_RRSET_ROUNDROBIN
%token VAR_MAX_UDP_SIZE VAR_DELAY_CLOSE
%token VAR_UNBLOCK_LAN_ZONES VAR_INSECURE_LAN_ZONES
%token VAR_INFRA_CACHE_MIN_RTT
%token VAR_INFRA_CACHE_MIN_RTT VAR_INFRA_KEEP_PROBING
%token VAR_DNS64_PREFIX VAR_DNS64_SYNTHALL VAR_DNS64_IGNORE_AAAA
%token VAR_DNSTAP VAR_DNSTAP_ENABLE VAR_DNSTAP_SOCKET_PATH VAR_DNSTAP_IP
%token VAR_DNSTAP_TLS VAR_DNSTAP_TLS_SERVER_NAME VAR_DNSTAP_TLS_CERT_BUNDLE
@ -243,7 +243,7 @@ content_server: server_num_threads | server_verbosity | server_port |
server_dns64_prefix | server_dns64_synthall | server_dns64_ignore_aaaa |
server_infra_cache_min_rtt | server_harden_algo_downgrade |
server_ip_transparent | server_ip_ratelimit | server_ratelimit |
server_ip_dscp |
server_ip_dscp | server_infra_keep_probing |
server_ip_ratelimit_slabs | server_ratelimit_slabs |
server_ip_ratelimit_size | server_ratelimit_size |
server_ratelimit_for_domain |
@ -1462,6 +1462,16 @@ server_infra_cache_min_rtt: VAR_INFRA_CACHE_MIN_RTT STRING_ARG
free($2);
}
;
server_infra_keep_probing: VAR_INFRA_KEEP_PROBING STRING_ARG
{
OUTYY(("P(server_infra_keep_probing:%s)\n", $2));
if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
yyerror("expected yes or no.");
else cfg_parser->cfg->infra_keep_probing =
(strcmp($2, "yes")==0);
free($2);
}
;
server_target_fetch_policy: VAR_TARGET_FETCH_POLICY STRING_ARG
{
OUTYY(("P(server_target_fetch_policy:%s)\n", $2));