mirror of
https://github.com/NLnetLabs/unbound.git
synced 2025-12-20 23:00:56 -05:00
- Validate QNAME minimised NXDOMAIN responses.
- If QNAME minimisation is enabled, do cache lookup for QTYPE NS in harden-below-nxdomain. git-svn-id: file:///svn/unbound/trunk@3682 be551aaa-1e26-0410-a405-d3ace91eadb9
This commit is contained in:
Ralph Dolmans
parent
6362a12bd7
commit
5d061f13f9
3 changed files with 32 additions and 0 deletions
|
|
@ -1,3 +1,8 @@
|
||||||
|
18 March 2016: Ralph
|
||||||
|
- Validate QNAME minimised NXDOMAIN responses.
|
||||||
|
- If QNAME minimisation is enabled, do cache lookup for QTYPE NS in
|
||||||
|
harden-below-nxdomain.
|
||||||
|
|
||||||
17 March 2016: Ralph
|
17 March 2016: Ralph
|
||||||
- Limit number of QNAME minimisation iterations.
|
- Limit number of QNAME minimisation iterations.
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -2265,6 +2265,26 @@ processQueryResponse(struct module_qstate* qstate, struct iter_qstate* iq,
|
||||||
if(FLAGS_GET_RCODE(iq->response->rep->flags) !=
|
if(FLAGS_GET_RCODE(iq->response->rep->flags) !=
|
||||||
LDNS_RCODE_NOERROR)
|
LDNS_RCODE_NOERROR)
|
||||||
iq->minimisation_state = DONOT_MINIMISE_STATE;
|
iq->minimisation_state = DONOT_MINIMISE_STATE;
|
||||||
|
/* Make subrequest to validate intermediate NXDOMAIN if
|
||||||
|
* harden-below-nxdomain is enabled. */
|
||||||
|
if(FLAGS_GET_RCODE(iq->response->rep->flags) ==
|
||||||
|
LDNS_RCODE_NXDOMAIN &&
|
||||||
|
qstate->env->cfg->harden_below_nxdomain) {
|
||||||
|
struct module_qstate* subq = NULL;
|
||||||
|
log_query_info(VERB_QUERY,
|
||||||
|
"schedule NXDOMAIN validation:",
|
||||||
|
&iq->response->qinfo);
|
||||||
|
if(!generate_sub_request(
|
||||||
|
iq->response->qinfo.qname,
|
||||||
|
iq->response->qinfo.qname_len,
|
||||||
|
iq->response->qinfo.qtype,
|
||||||
|
iq->response->qinfo.qclass,
|
||||||
|
qstate, id, iq, INIT_REQUEST_STATE,
|
||||||
|
FINISHED_STATE, &subq, 1)) {
|
||||||
|
verbose(VERB_ALGO,
|
||||||
|
"could not validate NXDOMAIN response");
|
||||||
|
}
|
||||||
|
}
|
||||||
return next_state(iq, QUERYTARGETS_STATE);
|
return next_state(iq, QUERYTARGETS_STATE);
|
||||||
}
|
}
|
||||||
return final_state(iq);
|
return final_state(iq);
|
||||||
|
|
|
||||||
7
services/cache/dns.c
vendored
7
services/cache/dns.c
vendored
|
|
@ -795,6 +795,12 @@ dns_cache_lookup(struct module_env* env,
|
||||||
dname_remove_label(&k.qname, &k.qname_len);
|
dname_remove_label(&k.qname, &k.qname_len);
|
||||||
h = query_info_hash(&k, flags);
|
h = query_info_hash(&k, flags);
|
||||||
e = slabhash_lookup(env->msg_cache, h, &k, 0);
|
e = slabhash_lookup(env->msg_cache, h, &k, 0);
|
||||||
|
if(!e && k.qtype != LDNS_RR_TYPE_NS &&
|
||||||
|
env->cfg->qname_minimisation) {
|
||||||
|
k.qtype = LDNS_RR_TYPE_NS;
|
||||||
|
h = query_info_hash(&k, flags);
|
||||||
|
e = slabhash_lookup(env->msg_cache, h, &k, 0);
|
||||||
|
}
|
||||||
if(e) {
|
if(e) {
|
||||||
struct reply_info* data = (struct reply_info*)e->data;
|
struct reply_info* data = (struct reply_info*)e->data;
|
||||||
struct dns_msg* msg;
|
struct dns_msg* msg;
|
||||||
|
|
@ -810,6 +816,7 @@ dns_cache_lookup(struct module_env* env,
|
||||||
}
|
}
|
||||||
lock_rw_unlock(&e->lock);
|
lock_rw_unlock(&e->lock);
|
||||||
}
|
}
|
||||||
|
k.qtype = qtype;
|
||||||
}
|
}
|
||||||
|
|
||||||
/* fill common RR types for ANY response to avoid requery */
|
/* fill common RR types for ANY response to avoid requery */
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue