- parentside names are dispreferred but not said to be dnssec-lame.

- parentside check for cached newname glue.


git-svn-id: file:///svn/unbound/trunk@2122 be551aaa-1e26-0410-a405-d3ace91eadb9

doc/Changelog

@@ -3,6 +3,8 @@
 	  flag from upstream servers.
 	- alloc_special_obtain out of memory is not a fatal error any more,
 	  enabling unbound to continue longer in out of memory conditions.
+	- parentside names are dispreferred but not said to be dnssec-lame.
+	- parentside check for cached newname glue.
 
 28 May 2010: Wouter
 	- iana portlist updated.

iterator/iter_utils.c

@@ -66,7 +66,7 @@
 /** time when nameserver glue is said to be 'recent' */
 #define SUSPICION_RECENT_EXPIRY 86400
 /** penalty to validation failed blacklisted IPs */
-#define BLACKLIST_PENALTY (USEFUL_SERVER_TOP_TIMEOUT*3)
+#define BLACKLIST_PENALTY (USEFUL_SERVER_TOP_TIMEOUT*4)
 
 /** fillup fetch policy array */
 static void
@@ -160,15 +160,17 @@ iter_apply_cfg(struct iter_env* iter_env, struct config_file* cfg)
  *		This value exactly is given for unresponsive blacklisted.
  *	USEFUL_SERVER_TOP_TIMEOUT+1
  *		For non-blacklisted servers: huge timeout, but has traffic.
- *	USEFUL_SERVER_TOP_TIMEOUT ..
+ *	USEFUL_SERVER_TOP_TIMEOUT*1 ..
- *		dnsseclame servers get penalty
+ *		parent-side lame servers get this penalty. A dispreferential
- *		also for parent-side lame servers (lame in delegpt).
+ *		server. (lame in delegpt).
  *	USEFUL_SERVER_TOP_TIMEOUT*2 ..
+ *		dnsseclame servers get penalty
+ *	USEFUL_SERVER_TOP_TIMEOUT*3 ..
  *		recursion lame servers get penalty
  *	UNKNOWN_SERVER_NICENESS 
  *		If no information is known about the server, this is
  *		returned. 376 msec or so.
- *	+BLACKLIST_PENALTY (of USEFUL_TOP_TIMEOUT*3) for dnssec failed IPs.
+ *	+BLACKLIST_PENALTY (of USEFUL_TOP_TIMEOUT*4) for dnssec failed IPs.
  *
  * When a final value is chosen that is dnsseclame ; dnsseclameness checking
  * is turned off (so we do not discard the reply).
@@ -206,19 +208,20 @@ iter_filter_unsuitable(struct iter_env* iter_env, struct module_env* env,
 			lost >= USEFUL_SERVER_MAX_LOST)
 			/* server is unresponsive, but keep trying slowly */
 			return USEFUL_SERVER_TOP_TIMEOUT+1;
+		/* select remainder from worst to best */
+		else if(reclame)
+			return rtt+USEFUL_SERVER_TOP_TIMEOUT*3; /* nonpref */
+		else if(dnsseclame )
+			return rtt+USEFUL_SERVER_TOP_TIMEOUT*2; /* nonpref */
 		else if(a->lame)
 			return rtt+USEFUL_SERVER_TOP_TIMEOUT+1; /* nonpref */
 		else if(rtt >= USEFUL_SERVER_TOP_TIMEOUT) /* not blacklisted*/
 			return USEFUL_SERVER_TOP_TIMEOUT+1;
-		else if(reclame)
-			return rtt+USEFUL_SERVER_TOP_TIMEOUT*2; /* nonpref */
-		else if(dnsseclame )
-			return rtt+USEFUL_SERVER_TOP_TIMEOUT; /* nonpref */
 		else	return rtt;
 	}
 	/* no server information present */
 	if(a->lame)
-		return USEFUL_SERVER_TOP_TIMEOUT+1; /* nonpref */
+		return USEFUL_SERVER_TOP_TIMEOUT+1+UNKNOWN_SERVER_NICENESS; /* nonpref */
 	return UNKNOWN_SERVER_NICENESS;
 }
 
@@ -323,22 +326,22 @@ iter_server_selection(struct iter_env* iter_env,
 		return NULL;
 	verbose(VERB_ALGO, "selrtt %d", selrtt);
 	if(selrtt > BLACKLIST_PENALTY) {
-		if(selrtt-BLACKLIST_PENALTY > USEFUL_SERVER_TOP_TIMEOUT*2) {
+		if(selrtt-BLACKLIST_PENALTY > USEFUL_SERVER_TOP_TIMEOUT*3) {
 			verbose(VERB_ALGO, "chase to "
 				"blacklisted recursion lame server");
 			*chase_to_rd = 1;
 		}
-		if(selrtt-BLACKLIST_PENALTY > USEFUL_SERVER_TOP_TIMEOUT) {
+		if(selrtt-BLACKLIST_PENALTY > USEFUL_SERVER_TOP_TIMEOUT*2) {
 			verbose(VERB_ALGO, "chase to "
 				"blacklisted dnssec lame server");
 			*dnssec_lame = 1;
 		}
 	} else {
-		if(selrtt > USEFUL_SERVER_TOP_TIMEOUT*2) {
+		if(selrtt > USEFUL_SERVER_TOP_TIMEOUT*3) {
 			verbose(VERB_ALGO, "chase to recursion lame server");
 			*chase_to_rd = 1;
 		}
-		if(selrtt > USEFUL_SERVER_TOP_TIMEOUT) {
+		if(selrtt > USEFUL_SERVER_TOP_TIMEOUT*2) {
 			verbose(VERB_ALGO, "chase to dnssec lame server");
 			*dnssec_lame = 1;
 		}

iterator/iterator.c

@@ -1406,6 +1406,14 @@ processLastResort(struct module_qstate* qstate, struct iter_qstate* iq,
 			return next_state(iq, INIT_REQUEST_STATE);
 		}
 	}
+	/* see if that makes new names available */
+	if(!cache_fill_missing(qstate->env, iq->qchase.qclass, 
+		qstate->region, iq->dp))
+		log_err("out of memory in cache_fill_missing");
+	if(iq->dp->usable_list) {
+		verbose(VERB_ALGO, "try parent-side-name, w. glue from cache");
+		return next_state(iq, QUERYTARGETS_STATE);
+	}
 	/* try to fill out parent glue from cache */
 	if(iter_lookup_parent_glue_from_cache(qstate->env, iq->dp,
 		qstate->region, &qstate->qinfo)) {

testdata/iter_pcname.rpl

@@ -0,0 +1,277 @@
+; config options
+server:
+	target-fetch-policy: "0 0 0 0 0"
+
+stub-zone:
+	name: "."
+	stub-addr: 193.0.14.129 	# K.ROOT-SERVERS.NET.
+CONFIG_END
+
+SCENARIO_BEGIN Test resolution with parent child differ in names.
+; the parent has an extra name that is the only working one.
+
+; K.ROOT-SERVERS.NET.
+RANGE_BEGIN 0 100
+	ADDRESS 193.0.14.129 
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+. IN NS
+SECTION ANSWER
+. IN NS	K.ROOT-SERVERS.NET.
+SECTION ADDITIONAL
+K.ROOT-SERVERS.NET.	IN	A	193.0.14.129
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode subdomain
+ADJUST copy_id copy_query
+REPLY QR NOERROR
+SECTION QUESTION
+com. IN NS
+SECTION AUTHORITY
+com.	IN NS	a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.	IN 	A	192.5.6.30
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode subdomain
+ADJUST copy_id copy_query
+REPLY QR NOERROR
+SECTION QUESTION
+net. IN NS
+SECTION AUTHORITY
+net.	IN NS	e.gtld-servers.net.
+SECTION ADDITIONAL
+e.gtld-servers.net.	IN 	A	192.12.94.30
+ENTRY_END
+
+RANGE_END
+
+; a.gtld-servers.net.
+RANGE_BEGIN 0 100
+	ADDRESS 192.5.6.30
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+com. IN NS
+SECTION ANSWER
+com.	IN NS	a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.	IN 	A	192.5.6.30
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode subdomain
+ADJUST copy_id copy_query
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN NS
+SECTION AUTHORITY
+example.com.    IN NS   ns.example.com.
+example.com.	IN NS	ns.example.net.
+SECTION ADDITIONAL
+ns.example.com. IN A 1.2.3.55
+ENTRY_END
+RANGE_END
+
+; e.gtld-servers.net.
+RANGE_BEGIN 0 100
+	ADDRESS 192.12.94.30
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+net. IN NS
+SECTION ANSWER
+net.	IN NS	e.gtld-servers.net.
+SECTION ADDITIONAL
+e.gtld-servers.net.	IN 	A	192.12.94.30
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode subdomain
+ADJUST copy_id copy_query
+REPLY QR NOERROR
+SECTION QUESTION
+example.net. IN NS
+SECTION AUTHORITY
+example.net.	IN NS	ns.example.net.
+SECTION ADDITIONAL
+ns.example.net.		IN 	A	1.2.3.44
+ENTRY_END
+
+RANGE_END
+
+; ns.example.net.
+; the working version.
+RANGE_BEGIN 0 100
+	ADDRESS 1.2.3.44
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY AA QR NOERROR
+SECTION QUESTION
+example.net. IN NS
+SECTION ANSWER
+example.net.	IN NS	ns.example.net.
+SECTION ADDITIONAL
+ns.example.net.		IN 	A	1.2.3.44
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY AA QR NOERROR
+SECTION QUESTION
+ns.example.net. IN A
+SECTION ANSWER
+ns.example.net. IN A	1.2.3.44
+SECTION AUTHORITY
+example.net.	IN NS	ns.example.net.
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY AA QR NOERROR
+SECTION QUESTION
+ns.example.net. IN AAAA
+SECTION AUTHORITY
+example.net.	IN NS	ns.example.net.
+SECTION ADDITIONAL
+ns.example.net. IN A	1.2.3.44
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY AA QR NOERROR
+SECTION QUESTION
+ns.example.com. IN A
+SECTION ANSWER
+ns.example.com. IN A	1.2.3.55
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY AA QR NOERROR
+SECTION QUESTION
+ns.example.com. IN AAAA
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+SECTION ADDITIONAL
+ns.example.com. IN A	1.2.3.55
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY AA QR NOERROR
+SECTION QUESTION
+example.com. IN NS
+SECTION ANSWER
+example.com.	IN NS	ns.example.com.
+SECTION ADDITIONAL
+ns.example.com. IN A 1.2.3.55
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY AA QR NOERROR
+SECTION QUESTION
+www.example.com. IN A
+SECTION ANSWER
+www.example.com. IN A	10.20.30.40
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+SECTION ADDITIONAL
+ns.example.com. IN A 1.2.3.55
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY AA QR NOERROR
+SECTION QUESTION
+mail.example.com. IN A
+SECTION ANSWER
+mail.example.com. IN A	10.20.30.20
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+SECTION ADDITIONAL
+ns.example.com. IN A 1.2.3.55
+ENTRY_END
+RANGE_END
+
+; ns.example.net
+; Broken.   Does not respond to anything (servfail instead
+; of timeouts since this is easier to encode in .rpl file format).
+RANGE_BEGIN 0 100
+	ADDRESS 1.2.3.55
+ENTRY_BEGIN
+MATCH opcode 
+ADJUST copy_id copy_query
+REPLY QR SERVFAIL
+SECTION QUESTION
+example.net. IN NS
+SECTION ANSWER
+ENTRY_END
+
+RANGE_END
+
+STEP 1 QUERY
+ENTRY_BEGIN
+REPLY RD
+SECTION QUESTION
+www.example.com. IN A
+ENTRY_END
+
+; recursion happens here.
+STEP 20 CHECK_ANSWER
+ENTRY_BEGIN
+MATCH all
+REPLY QR RD RA NOERROR
+SECTION QUESTION
+www.example.com. IN A
+SECTION ANSWER
+www.example.com. IN A	10.20.30.40
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+SECTION ADDITIONAL
+ns.example.com. 	IN A 	1.2.3.55
+ENTRY_END
+
+; now that the bad child NS record is in cache, ask something else.
+STEP 30 QUERY
+ENTRY_BEGIN
+REPLY RD
+SECTION QUESTION
+mail.example.com. IN A
+ENTRY_END
+
+STEP 40 CHECK_ANSWER
+ENTRY_BEGIN
+MATCH all
+REPLY QR RD RA NOERROR
+SECTION QUESTION
+mail.example.com. IN A
+SECTION ANSWER
+mail.example.com. IN A	10.20.30.20
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+SECTION ADDITIONAL
+ns.example.com. 	IN A 	1.2.3.55
+ENTRY_END
+
+SCENARIO_END