upstream/unbound
1
0
Fork 0
mirror of https://github.com/NLnetLabs/unbound.git synced 2025-12-20 23:00:56 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions

Merge pull request #228 from NLnetLabs/infra-keep-probing

Browse source 
infra-keep-probing option to probe hosts that are down
This commit is contained in:
Wouter Wijngaards 2020-10-21 10:34:40 +02:00 committed by GitHub
commit 5ec15bc333
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
11 changed files with 4237 additions and 4154 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
doc/example.conf.in
View file

@ -192,6 +192,9 @@ server:
# minimum wait time for responses, increase if uplink is long. In msec.
# infra-cache-min-rtt: 50
# enable to make server probe down hosts more frequently.
# infra-keep-probing: no
# the number of slabs to use for the Infrastructure cache.
# the number of slabs must be a power of 2.
# more slabs reduce lock contention, but fragment memory usage.

6
doc/unbound.conf.5.in
View file

@ -382,6 +382,12 @@ Lower limit for dynamic retransmit timeout calculation in infrastructure
cache. Default is 50 milliseconds. Increase this value if using forwarders
needing more time to do recursive name resolution.
.TP
.B infra\-keep\-probing: \fI<yes or no>
If enabled the server keeps probing hosts that are down, in the one probe
at a time regime. Default is no. Hosts that are down, eg. they did
not respond during the one probe at a time period, are marked as down and
it may take \fBinfra\-host\-ttl\fR time to get probed again.
.TP
.B define\-tag: \fI<"list of tags">
Define the tags that can be used with local\-zone and access\-control.
Enclose the list between quotes ("") and put spaces between tags.

28
services/cache/infra.c vendored
View file

@ -244,6 +244,7 @@ infra_create(struct config_file* cfg)
return NULL;
}
infra->host_ttl = cfg->host_ttl;
infra->infra_keep_probing = cfg->infra_keep_probing;
infra_dp_ratelimit = cfg->ratelimit;
infra->domain_rates = slabhash_create(cfg->ratelimit_slabs,
INFRA_HOST_STARTSIZE, cfg->ratelimit_size,
@ -297,6 +298,7 @@ infra_adjust(struct infra_cache* infra, struct config_file* cfg)
if(!infra)
return infra_create(cfg);
infra->host_ttl = cfg->host_ttl;
infra->infra_keep_probing = cfg->infra_keep_probing;
infra_dp_ratelimit = cfg->ratelimit;
infra_ip_ratelimit = cfg->ip_ratelimit;
maxmem = cfg->infra_cache_numhosts * (sizeof(struct infra_key)+
@ -445,6 +447,7 @@ infra_host(struct infra_cache* infra, struct sockaddr_storage* addr,
if(e && ((struct infra_data*)e->data)->ttl < timenow) {
/* it expired, try to reuse existing entry */
int old = ((struct infra_data*)e->data)->rtt.rto;
time_t tprobe = ((struct infra_data*)e->data)->probedelay;
uint8_t tA = ((struct infra_data*)e->data)->timeout_A;
uint8_t tAAAA = ((struct infra_data*)e->data)->timeout_AAAA;
uint8_t tother = ((struct infra_data*)e->data)->timeout_other;
@ -460,6 +463,7 @@ infra_host(struct infra_cache* infra, struct sockaddr_storage* addr,
if(old >= USEFUL_SERVER_TOP_TIMEOUT) {
((struct infra_data*)e->data)->rtt.rto
= USEFUL_SERVER_TOP_TIMEOUT;
((struct infra_data*)e->data)->probedelay = tprobe;
((struct infra_data*)e->data)->timeout_A = tA;
((struct infra_data*)e->data)->timeout_AAAA = tAAAA;
((struct infra_data*)e->data)->timeout_other = tother;
@ -482,7 +486,8 @@ infra_host(struct infra_cache* infra, struct sockaddr_storage* addr,
*edns_vs = data->edns_version;
*edns_lame_known = data->edns_lame_known;
*to = rtt_timeout(&data->rtt);
if(*to >= PROBE_MAXRTO && rtt_notimeout(&data->rtt)*4 <= *to) {
if(*to >= PROBE_MAXRTO && (infra->infra_keep_probing ||
rtt_notimeout(&data->rtt)*4 <= *to)) {
/* delay other queries, this is the probe query */
if(!wr) {
lock_rw_unlock(&e->lock);
@ -566,18 +571,27 @@ infra_rtt_update(struct infra_cache* infra, struct sockaddr_storage* addr,
struct lruhash_entry* e = infra_lookup_nottl(infra, addr, addrlen,
nm, nmlen, 1);
struct infra_data* data;
int needtoinsert = 0;
int needtoinsert = 0, expired = 0;
int rto = 1;
time_t oldprobedelay = 0;
if(!e) {
if(!(e = new_entry(infra, addr, addrlen, nm, nmlen, timenow)))
return 0;
needtoinsert = 1;
} else if(((struct infra_data*)e->data)->ttl < timenow) {
oldprobedelay = ((struct infra_data*)e->data)->probedelay;
data_entry_init(infra, e, timenow);
expired = 1;
}
/* have an entry, update the rtt */
data = (struct infra_data*)e->data;
if(roundtrip == -1) {
if(needtoinsert || expired) {
/* timeout on entry that has expired before the timer
* keep old timeout from the function caller */
data->rtt.rto = orig_rtt;
data->probedelay = oldprobedelay;
}
rtt_lost(&data->rtt, orig_rtt);
if(qtype == LDNS_RR_TYPE_A) {
if(data->timeout_A < TIMEOUT_COUNT_MAX)
@ -681,7 +695,12 @@ infra_get_lame_rtt(struct infra_cache* infra,
return 0;
host = (struct infra_data*)e->data;
*rtt = rtt_unclamped(&host->rtt);
if(host->rtt.rto >= PROBE_MAXRTO && timenow < host->probedelay
if(host->rtt.rto >= PROBE_MAXRTO && timenow >= host->probedelay
&& infra->infra_keep_probing) {
/* single probe, keep probing */
if(*rtt >= USEFUL_SERVER_TOP_TIMEOUT)
*rtt = USEFUL_SERVER_TOP_TIMEOUT-1000;
} else if(host->rtt.rto >= PROBE_MAXRTO && timenow < host->probedelay
&& rtt_notimeout(&host->rtt)*4 <= host->rtt.rto) {
/* single probe for this domain, and we are not probing */
/* unless the query type allows a probe to happen */
@ -704,7 +723,8 @@ infra_get_lame_rtt(struct infra_cache* infra,
/* see if this can be a re-probe of an unresponsive server */
/* minus 1000 because that is outside of the RTTBAND, so
* blacklisted servers stay blacklisted if this is chosen */
if(host->rtt.rto >= USEFUL_SERVER_TOP_TIMEOUT) {
if(host->rtt.rto >= USEFUL_SERVER_TOP_TIMEOUT ||
infra->infra_keep_probing) {
lock_rw_unlock(&e->lock);
*rtt = USEFUL_SERVER_TOP_TIMEOUT-1000;
*lame = 0;

2
services/cache/infra.h vendored
View file

@ -114,6 +114,8 @@ struct infra_cache {
struct slabhash* hosts;
/** TTL value for host information, in seconds */
int host_ttl;
/** the hosts that are down are kept probed for recovery */
int infra_keep_probing;
/** hash table with query rates per name: rate_key, rate_data */
struct slabhash* domain_rates;
/** ratelimit settings for domains, struct domain_limit_data */

3
util/config_file.c
View file

@ -170,6 +170,7 @@ config_create(void)
cfg->infra_cache_slabs = 4;
cfg->infra_cache_numhosts = 10000;
cfg->infra_cache_min_rtt = 50;
cfg->infra_keep_probing = 0;
cfg->delay_close = 0;
if(!(cfg->outgoing_avail_ports = (int*)calloc(65536, sizeof(int))))
goto error_exit;
@ -563,6 +564,7 @@ int config_set_option(struct config_file* cfg, const char* opt,
IS_NUMBER_OR_ZERO; cfg->infra_cache_min_rtt = atoi(val);
RTT_MIN_TIMEOUT=cfg->infra_cache_min_rtt;
}
else S_YNO("infra-keep-probing:", infra_keep_probing)
else S_NUMBER_OR_ZERO("infra-host-ttl:", host_ttl)
else S_POW2("infra-cache-slabs:", infra_cache_slabs)
else S_SIZET_NONZERO("infra-cache-numhosts:", infra_cache_numhosts)
@ -959,6 +961,7 @@ config_get_option(struct config_file* cfg, const char* opt,
else O_DEC(opt, "infra-host-ttl", host_ttl)
else O_DEC(opt, "infra-cache-slabs", infra_cache_slabs)
else O_DEC(opt, "infra-cache-min-rtt", infra_cache_min_rtt)
else O_YNO(opt, "infra-keep-probing", infra_keep_probing)
else O_MEM(opt, "infra-cache-numhosts", infra_cache_numhosts)
else O_UNS(opt, "delay-close", delay_close)
else O_YNO(opt, "do-ip4", do_ip4)

2
util/config_file.h
View file

@ -181,6 +181,8 @@ struct config_file {
size_t infra_cache_numhosts;
/** min value for infra cache rtt */
int infra_cache_min_rtt;
/** keep probing hosts that are down */
int infra_keep_probing;
/** delay close of udp-timeouted ports, if 0 no delayclose. in msec */
int delay_close;

4572
util/configlexer.c
View file

File diff suppressed because it is too large Load diff

1
util/configlexer.lex
View file

@ -297,6 +297,7 @@ infra-cache-slabs{COLON} { YDVAR(1, VAR_INFRA_CACHE_SLABS) }
infra-cache-numhosts{COLON} { YDVAR(1, VAR_INFRA_CACHE_NUMHOSTS) }
infra-cache-lame-size{COLON} { YDVAR(1, VAR_INFRA_CACHE_LAME_SIZE) }
infra-cache-min-rtt{COLON} { YDVAR(1, VAR_INFRA_CACHE_MIN_RTT) }
infra-keep-probing{COLON} { YDVAR(1, VAR_INFRA_KEEP_PROBING) }
num-queries-per-thread{COLON} { YDVAR(1, VAR_NUM_QUERIES_PER_THREAD) }
jostle-timeout{COLON} { YDVAR(1, VAR_JOSTLE_TIMEOUT) }
delay-close{COLON} { YDVAR(1, VAR_DELAY_CLOSE) }

3180
util/configparser.c
View file

File diff suppressed because it is too large Load diff

580
util/configparser.h
View file

@ -203,150 +203,151 @@ extern int yydebug;
VAR_UNBLOCK_LAN_ZONES = 409,
VAR_INSECURE_LAN_ZONES = 410,
VAR_INFRA_CACHE_MIN_RTT = 411,
VAR_DNS64_PREFIX = 412,
VAR_DNS64_SYNTHALL = 413,
VAR_DNS64_IGNORE_AAAA = 414,
VAR_DNSTAP = 415,
VAR_DNSTAP_ENABLE = 416,
VAR_DNSTAP_SOCKET_PATH = 417,
VAR_DNSTAP_IP = 418,
VAR_DNSTAP_TLS = 419,
VAR_DNSTAP_TLS_SERVER_NAME = 420,
VAR_DNSTAP_TLS_CERT_BUNDLE = 421,
VAR_DNSTAP_TLS_CLIENT_KEY_FILE = 422,
VAR_DNSTAP_TLS_CLIENT_CERT_FILE = 423,
VAR_DNSTAP_SEND_IDENTITY = 424,
VAR_DNSTAP_SEND_VERSION = 425,
VAR_DNSTAP_BIDIRECTIONAL = 426,
VAR_DNSTAP_IDENTITY = 427,
VAR_DNSTAP_VERSION = 428,
VAR_DNSTAP_LOG_RESOLVER_QUERY_MESSAGES = 429,
VAR_DNSTAP_LOG_RESOLVER_RESPONSE_MESSAGES = 430,
VAR_DNSTAP_LOG_CLIENT_QUERY_MESSAGES = 431,
VAR_DNSTAP_LOG_CLIENT_RESPONSE_MESSAGES = 432,
VAR_DNSTAP_LOG_FORWARDER_QUERY_MESSAGES = 433,
VAR_DNSTAP_LOG_FORWARDER_RESPONSE_MESSAGES = 434,
VAR_RESPONSE_IP_TAG = 435,
VAR_RESPONSE_IP = 436,
VAR_RESPONSE_IP_DATA = 437,
VAR_HARDEN_ALGO_DOWNGRADE = 438,
VAR_IP_TRANSPARENT = 439,
VAR_IP_DSCP = 440,
VAR_DISABLE_DNSSEC_LAME_CHECK = 441,
VAR_IP_RATELIMIT = 442,
VAR_IP_RATELIMIT_SLABS = 443,
VAR_IP_RATELIMIT_SIZE = 444,
VAR_RATELIMIT = 445,
VAR_RATELIMIT_SLABS = 446,
VAR_RATELIMIT_SIZE = 447,
VAR_RATELIMIT_FOR_DOMAIN = 448,
VAR_RATELIMIT_BELOW_DOMAIN = 449,
VAR_IP_RATELIMIT_FACTOR = 450,
VAR_RATELIMIT_FACTOR = 451,
VAR_SEND_CLIENT_SUBNET = 452,
VAR_CLIENT_SUBNET_ZONE = 453,
VAR_CLIENT_SUBNET_ALWAYS_FORWARD = 454,
VAR_CLIENT_SUBNET_OPCODE = 455,
VAR_MAX_CLIENT_SUBNET_IPV4 = 456,
VAR_MAX_CLIENT_SUBNET_IPV6 = 457,
VAR_MIN_CLIENT_SUBNET_IPV4 = 458,
VAR_MIN_CLIENT_SUBNET_IPV6 = 459,
VAR_MAX_ECS_TREE_SIZE_IPV4 = 460,
VAR_MAX_ECS_TREE_SIZE_IPV6 = 461,
VAR_CAPS_WHITELIST = 462,
VAR_CACHE_MAX_NEGATIVE_TTL = 463,
VAR_PERMIT_SMALL_HOLDDOWN = 464,
VAR_QNAME_MINIMISATION = 465,
VAR_QNAME_MINIMISATION_STRICT = 466,
VAR_IP_FREEBIND = 467,
VAR_DEFINE_TAG = 468,
VAR_LOCAL_ZONE_TAG = 469,
VAR_ACCESS_CONTROL_TAG = 470,
VAR_LOCAL_ZONE_OVERRIDE = 471,
VAR_ACCESS_CONTROL_TAG_ACTION = 472,
VAR_ACCESS_CONTROL_TAG_DATA = 473,
VAR_VIEW = 474,
VAR_ACCESS_CONTROL_VIEW = 475,
VAR_VIEW_FIRST = 476,
VAR_SERVE_EXPIRED = 477,
VAR_SERVE_EXPIRED_TTL = 478,
VAR_SERVE_EXPIRED_TTL_RESET = 479,
VAR_SERVE_EXPIRED_REPLY_TTL = 480,
VAR_SERVE_EXPIRED_CLIENT_TIMEOUT = 481,
VAR_FAKE_DSA = 482,
VAR_FAKE_SHA1 = 483,
VAR_LOG_IDENTITY = 484,
VAR_HIDE_TRUSTANCHOR = 485,
VAR_TRUST_ANCHOR_SIGNALING = 486,
VAR_AGGRESSIVE_NSEC = 487,
VAR_USE_SYSTEMD = 488,
VAR_SHM_ENABLE = 489,
VAR_SHM_KEY = 490,
VAR_ROOT_KEY_SENTINEL = 491,
VAR_DNSCRYPT = 492,
VAR_DNSCRYPT_ENABLE = 493,
VAR_DNSCRYPT_PORT = 494,
VAR_DNSCRYPT_PROVIDER = 495,
VAR_DNSCRYPT_SECRET_KEY = 496,
VAR_DNSCRYPT_PROVIDER_CERT = 497,
VAR_DNSCRYPT_PROVIDER_CERT_ROTATED = 498,
VAR_DNSCRYPT_SHARED_SECRET_CACHE_SIZE = 499,
VAR_DNSCRYPT_SHARED_SECRET_CACHE_SLABS = 500,
VAR_DNSCRYPT_NONCE_CACHE_SIZE = 501,
VAR_DNSCRYPT_NONCE_CACHE_SLABS = 502,
VAR_IPSECMOD_ENABLED = 503,
VAR_IPSECMOD_HOOK = 504,
VAR_IPSECMOD_IGNORE_BOGUS = 505,
VAR_IPSECMOD_MAX_TTL = 506,
VAR_IPSECMOD_WHITELIST = 507,
VAR_IPSECMOD_STRICT = 508,
VAR_CACHEDB = 509,
VAR_CACHEDB_BACKEND = 510,
VAR_CACHEDB_SECRETSEED = 511,
VAR_CACHEDB_REDISHOST = 512,
VAR_CACHEDB_REDISPORT = 513,
VAR_CACHEDB_REDISTIMEOUT = 514,
VAR_CACHEDB_REDISEXPIRERECORDS = 515,
VAR_UDP_UPSTREAM_WITHOUT_DOWNSTREAM = 516,
VAR_FOR_UPSTREAM = 517,
VAR_AUTH_ZONE = 518,
VAR_ZONEFILE = 519,
VAR_MASTER = 520,
VAR_URL = 521,
VAR_FOR_DOWNSTREAM = 522,
VAR_FALLBACK_ENABLED = 523,
VAR_TLS_ADDITIONAL_PORT = 524,
VAR_LOW_RTT = 525,
VAR_LOW_RTT_PERMIL = 526,
VAR_FAST_SERVER_PERMIL = 527,
VAR_FAST_SERVER_NUM = 528,
VAR_ALLOW_NOTIFY = 529,
VAR_TLS_WIN_CERT = 530,
VAR_TCP_CONNECTION_LIMIT = 531,
VAR_FORWARD_NO_CACHE = 532,
VAR_STUB_NO_CACHE = 533,
VAR_LOG_SERVFAIL = 534,
VAR_DENY_ANY = 535,
VAR_UNKNOWN_SERVER_TIME_LIMIT = 536,
VAR_LOG_TAG_QUERYREPLY = 537,
VAR_STREAM_WAIT_SIZE = 538,
VAR_TLS_CIPHERS = 539,
VAR_TLS_CIPHERSUITES = 540,
VAR_TLS_USE_SNI = 541,
VAR_IPSET = 542,
VAR_IPSET_NAME_V4 = 543,
VAR_IPSET_NAME_V6 = 544,
VAR_TLS_SESSION_TICKET_KEYS = 545,
VAR_RPZ = 546,
VAR_TAGS = 547,
VAR_RPZ_ACTION_OVERRIDE = 548,
VAR_RPZ_CNAME_OVERRIDE = 549,
VAR_RPZ_LOG = 550,
VAR_RPZ_LOG_NAME = 551,
VAR_DYNLIB = 552,
VAR_DYNLIB_FILE = 553,
VAR_EDNS_CLIENT_TAG = 554,
VAR_EDNS_CLIENT_TAG_OPCODE = 555
VAR_INFRA_KEEP_PROBING = 412,
VAR_DNS64_PREFIX = 413,
VAR_DNS64_SYNTHALL = 414,
VAR_DNS64_IGNORE_AAAA = 415,
VAR_DNSTAP = 416,
VAR_DNSTAP_ENABLE = 417,
VAR_DNSTAP_SOCKET_PATH = 418,
VAR_DNSTAP_IP = 419,
VAR_DNSTAP_TLS = 420,
VAR_DNSTAP_TLS_SERVER_NAME = 421,
VAR_DNSTAP_TLS_CERT_BUNDLE = 422,
VAR_DNSTAP_TLS_CLIENT_KEY_FILE = 423,
VAR_DNSTAP_TLS_CLIENT_CERT_FILE = 424,
VAR_DNSTAP_SEND_IDENTITY = 425,
VAR_DNSTAP_SEND_VERSION = 426,
VAR_DNSTAP_BIDIRECTIONAL = 427,
VAR_DNSTAP_IDENTITY = 428,
VAR_DNSTAP_VERSION = 429,
VAR_DNSTAP_LOG_RESOLVER_QUERY_MESSAGES = 430,
VAR_DNSTAP_LOG_RESOLVER_RESPONSE_MESSAGES = 431,
VAR_DNSTAP_LOG_CLIENT_QUERY_MESSAGES = 432,
VAR_DNSTAP_LOG_CLIENT_RESPONSE_MESSAGES = 433,
VAR_DNSTAP_LOG_FORWARDER_QUERY_MESSAGES = 434,
VAR_DNSTAP_LOG_FORWARDER_RESPONSE_MESSAGES = 435,
VAR_RESPONSE_IP_TAG = 436,
VAR_RESPONSE_IP = 437,
VAR_RESPONSE_IP_DATA = 438,
VAR_HARDEN_ALGO_DOWNGRADE = 439,
VAR_IP_TRANSPARENT = 440,
VAR_IP_DSCP = 441,
VAR_DISABLE_DNSSEC_LAME_CHECK = 442,
VAR_IP_RATELIMIT = 443,
VAR_IP_RATELIMIT_SLABS = 444,
VAR_IP_RATELIMIT_SIZE = 445,
VAR_RATELIMIT = 446,
VAR_RATELIMIT_SLABS = 447,
VAR_RATELIMIT_SIZE = 448,
VAR_RATELIMIT_FOR_DOMAIN = 449,
VAR_RATELIMIT_BELOW_DOMAIN = 450,
VAR_IP_RATELIMIT_FACTOR = 451,
VAR_RATELIMIT_FACTOR = 452,
VAR_SEND_CLIENT_SUBNET = 453,
VAR_CLIENT_SUBNET_ZONE = 454,
VAR_CLIENT_SUBNET_ALWAYS_FORWARD = 455,
VAR_CLIENT_SUBNET_OPCODE = 456,
VAR_MAX_CLIENT_SUBNET_IPV4 = 457,
VAR_MAX_CLIENT_SUBNET_IPV6 = 458,
VAR_MIN_CLIENT_SUBNET_IPV4 = 459,
VAR_MIN_CLIENT_SUBNET_IPV6 = 460,
VAR_MAX_ECS_TREE_SIZE_IPV4 = 461,
VAR_MAX_ECS_TREE_SIZE_IPV6 = 462,
VAR_CAPS_WHITELIST = 463,
VAR_CACHE_MAX_NEGATIVE_TTL = 464,
VAR_PERMIT_SMALL_HOLDDOWN = 465,
VAR_QNAME_MINIMISATION = 466,
VAR_QNAME_MINIMISATION_STRICT = 467,
VAR_IP_FREEBIND = 468,
VAR_DEFINE_TAG = 469,
VAR_LOCAL_ZONE_TAG = 470,
VAR_ACCESS_CONTROL_TAG = 471,
VAR_LOCAL_ZONE_OVERRIDE = 472,
VAR_ACCESS_CONTROL_TAG_ACTION = 473,
VAR_ACCESS_CONTROL_TAG_DATA = 474,
VAR_VIEW = 475,
VAR_ACCESS_CONTROL_VIEW = 476,
VAR_VIEW_FIRST = 477,
VAR_SERVE_EXPIRED = 478,
VAR_SERVE_EXPIRED_TTL = 479,
VAR_SERVE_EXPIRED_TTL_RESET = 480,
VAR_SERVE_EXPIRED_REPLY_TTL = 481,
VAR_SERVE_EXPIRED_CLIENT_TIMEOUT = 482,
VAR_FAKE_DSA = 483,
VAR_FAKE_SHA1 = 484,
VAR_LOG_IDENTITY = 485,
VAR_HIDE_TRUSTANCHOR = 486,
VAR_TRUST_ANCHOR_SIGNALING = 487,
VAR_AGGRESSIVE_NSEC = 488,
VAR_USE_SYSTEMD = 489,
VAR_SHM_ENABLE = 490,
VAR_SHM_KEY = 491,
VAR_ROOT_KEY_SENTINEL = 492,
VAR_DNSCRYPT = 493,
VAR_DNSCRYPT_ENABLE = 494,
VAR_DNSCRYPT_PORT = 495,
VAR_DNSCRYPT_PROVIDER = 496,
VAR_DNSCRYPT_SECRET_KEY = 497,
VAR_DNSCRYPT_PROVIDER_CERT = 498,
VAR_DNSCRYPT_PROVIDER_CERT_ROTATED = 499,
VAR_DNSCRYPT_SHARED_SECRET_CACHE_SIZE = 500,
VAR_DNSCRYPT_SHARED_SECRET_CACHE_SLABS = 501,
VAR_DNSCRYPT_NONCE_CACHE_SIZE = 502,
VAR_DNSCRYPT_NONCE_CACHE_SLABS = 503,
VAR_IPSECMOD_ENABLED = 504,
VAR_IPSECMOD_HOOK = 505,
VAR_IPSECMOD_IGNORE_BOGUS = 506,
VAR_IPSECMOD_MAX_TTL = 507,
VAR_IPSECMOD_WHITELIST = 508,
VAR_IPSECMOD_STRICT = 509,
VAR_CACHEDB = 510,
VAR_CACHEDB_BACKEND = 511,
VAR_CACHEDB_SECRETSEED = 512,
VAR_CACHEDB_REDISHOST = 513,
VAR_CACHEDB_REDISPORT = 514,
VAR_CACHEDB_REDISTIMEOUT = 515,
VAR_CACHEDB_REDISEXPIRERECORDS = 516,
VAR_UDP_UPSTREAM_WITHOUT_DOWNSTREAM = 517,
VAR_FOR_UPSTREAM = 518,
VAR_AUTH_ZONE = 519,
VAR_ZONEFILE = 520,
VAR_MASTER = 521,
VAR_URL = 522,
VAR_FOR_DOWNSTREAM = 523,
VAR_FALLBACK_ENABLED = 524,
VAR_TLS_ADDITIONAL_PORT = 525,
VAR_LOW_RTT = 526,
VAR_LOW_RTT_PERMIL = 527,
VAR_FAST_SERVER_PERMIL = 528,
VAR_FAST_SERVER_NUM = 529,
VAR_ALLOW_NOTIFY = 530,
VAR_TLS_WIN_CERT = 531,
VAR_TCP_CONNECTION_LIMIT = 532,
VAR_FORWARD_NO_CACHE = 533,
VAR_STUB_NO_CACHE = 534,
VAR_LOG_SERVFAIL = 535,
VAR_DENY_ANY = 536,
VAR_UNKNOWN_SERVER_TIME_LIMIT = 537,
VAR_LOG_TAG_QUERYREPLY = 538,
VAR_STREAM_WAIT_SIZE = 539,
VAR_TLS_CIPHERS = 540,
VAR_TLS_CIPHERSUITES = 541,
VAR_TLS_USE_SNI = 542,
VAR_IPSET = 543,
VAR_IPSET_NAME_V4 = 544,
VAR_IPSET_NAME_V6 = 545,
VAR_TLS_SESSION_TICKET_KEYS = 546,
VAR_RPZ = 547,
VAR_TAGS = 548,
VAR_RPZ_ACTION_OVERRIDE = 549,
VAR_RPZ_CNAME_OVERRIDE = 550,
VAR_RPZ_LOG = 551,
VAR_RPZ_LOG_NAME = 552,
VAR_DYNLIB = 553,
VAR_DYNLIB_FILE = 554,
VAR_EDNS_CLIENT_TAG = 555,
VAR_EDNS_CLIENT_TAG_OPCODE = 556
};
#endif
/* Tokens. */
@ -504,150 +505,151 @@ extern int yydebug;
#define VAR_UNBLOCK_LAN_ZONES 409
#define VAR_INSECURE_LAN_ZONES 410
#define VAR_INFRA_CACHE_MIN_RTT 411
#define VAR_DNS64_PREFIX 412
#define VAR_DNS64_SYNTHALL 413
#define VAR_DNS64_IGNORE_AAAA 414
#define VAR_DNSTAP 415
#define VAR_DNSTAP_ENABLE 416
#define VAR_DNSTAP_SOCKET_PATH 417
#define VAR_DNSTAP_IP 418
#define VAR_DNSTAP_TLS 419
#define VAR_DNSTAP_TLS_SERVER_NAME 420
#define VAR_DNSTAP_TLS_CERT_BUNDLE 421
#define VAR_DNSTAP_TLS_CLIENT_KEY_FILE 422
#define VAR_DNSTAP_TLS_CLIENT_CERT_FILE 423
#define VAR_DNSTAP_SEND_IDENTITY 424
#define VAR_DNSTAP_SEND_VERSION 425
#define VAR_DNSTAP_BIDIRECTIONAL 426
#define VAR_DNSTAP_IDENTITY 427
#define VAR_DNSTAP_VERSION 428
#define VAR_DNSTAP_LOG_RESOLVER_QUERY_MESSAGES 429
#define VAR_DNSTAP_LOG_RESOLVER_RESPONSE_MESSAGES 430
#define VAR_DNSTAP_LOG_CLIENT_QUERY_MESSAGES 431
#define VAR_DNSTAP_LOG_CLIENT_RESPONSE_MESSAGES 432
#define VAR_DNSTAP_LOG_FORWARDER_QUERY_MESSAGES 433
#define VAR_DNSTAP_LOG_FORWARDER_RESPONSE_MESSAGES 434
#define VAR_RESPONSE_IP_TAG 435
#define VAR_RESPONSE_IP 436
#define VAR_RESPONSE_IP_DATA 437
#define VAR_HARDEN_ALGO_DOWNGRADE 438
#define VAR_IP_TRANSPARENT 439
#define VAR_IP_DSCP 440
#define VAR_DISABLE_DNSSEC_LAME_CHECK 441
#define VAR_IP_RATELIMIT 442
#define VAR_IP_RATELIMIT_SLABS 443
#define VAR_IP_RATELIMIT_SIZE 444
#define VAR_RATELIMIT 445
#define VAR_RATELIMIT_SLABS 446
#define VAR_RATELIMIT_SIZE 447
#define VAR_RATELIMIT_FOR_DOMAIN 448
#define VAR_RATELIMIT_BELOW_DOMAIN 449
#define VAR_IP_RATELIMIT_FACTOR 450
#define VAR_RATELIMIT_FACTOR 451
#define VAR_SEND_CLIENT_SUBNET 452
#define VAR_CLIENT_SUBNET_ZONE 453
#define VAR_CLIENT_SUBNET_ALWAYS_FORWARD 454
#define VAR_CLIENT_SUBNET_OPCODE 455
#define VAR_MAX_CLIENT_SUBNET_IPV4 456
#define VAR_MAX_CLIENT_SUBNET_IPV6 457
#define VAR_MIN_CLIENT_SUBNET_IPV4 458
#define VAR_MIN_CLIENT_SUBNET_IPV6 459
#define VAR_MAX_ECS_TREE_SIZE_IPV4 460
#define VAR_MAX_ECS_TREE_SIZE_IPV6 461
#define VAR_CAPS_WHITELIST 462
#define VAR_CACHE_MAX_NEGATIVE_TTL 463
#define VAR_PERMIT_SMALL_HOLDDOWN 464
#define VAR_QNAME_MINIMISATION 465
#define VAR_QNAME_MINIMISATION_STRICT 466
#define VAR_IP_FREEBIND 467
#define VAR_DEFINE_TAG 468
#define VAR_LOCAL_ZONE_TAG 469
#define VAR_ACCESS_CONTROL_TAG 470
#define VAR_LOCAL_ZONE_OVERRIDE 471
#define VAR_ACCESS_CONTROL_TAG_ACTION 472
#define VAR_ACCESS_CONTROL_TAG_DATA 473
#define VAR_VIEW 474
#define VAR_ACCESS_CONTROL_VIEW 475
#define VAR_VIEW_FIRST 476
#define VAR_SERVE_EXPIRED 477
#define VAR_SERVE_EXPIRED_TTL 478
#define VAR_SERVE_EXPIRED_TTL_RESET 479
#define VAR_SERVE_EXPIRED_REPLY_TTL 480
#define VAR_SERVE_EXPIRED_CLIENT_TIMEOUT 481
#define VAR_FAKE_DSA 482
#define VAR_FAKE_SHA1 483
#define VAR_LOG_IDENTITY 484
#define VAR_HIDE_TRUSTANCHOR 485
#define VAR_TRUST_ANCHOR_SIGNALING 486
#define VAR_AGGRESSIVE_NSEC 487
#define VAR_USE_SYSTEMD 488
#define VAR_SHM_ENABLE 489
#define VAR_SHM_KEY 490
#define VAR_ROOT_KEY_SENTINEL 491
#define VAR_DNSCRYPT 492
#define VAR_DNSCRYPT_ENABLE 493
#define VAR_DNSCRYPT_PORT 494
#define VAR_DNSCRYPT_PROVIDER 495
#define VAR_DNSCRYPT_SECRET_KEY 496
#define VAR_DNSCRYPT_PROVIDER_CERT 497
#define VAR_DNSCRYPT_PROVIDER_CERT_ROTATED 498
#define VAR_DNSCRYPT_SHARED_SECRET_CACHE_SIZE 499
#define VAR_DNSCRYPT_SHARED_SECRET_CACHE_SLABS 500
#define VAR_DNSCRYPT_NONCE_CACHE_SIZE 501
#define VAR_DNSCRYPT_NONCE_CACHE_SLABS 502
#define VAR_IPSECMOD_ENABLED 503
#define VAR_IPSECMOD_HOOK 504
#define VAR_IPSECMOD_IGNORE_BOGUS 505
#define VAR_IPSECMOD_MAX_TTL 506
#define VAR_IPSECMOD_WHITELIST 507
#define VAR_IPSECMOD_STRICT 508
#define VAR_CACHEDB 509
#define VAR_CACHEDB_BACKEND 510
#define VAR_CACHEDB_SECRETSEED 511
#define VAR_CACHEDB_REDISHOST 512
#define VAR_CACHEDB_REDISPORT 513
#define VAR_CACHEDB_REDISTIMEOUT 514
#define VAR_CACHEDB_REDISEXPIRERECORDS 515
#define VAR_UDP_UPSTREAM_WITHOUT_DOWNSTREAM 516
#define VAR_FOR_UPSTREAM 517
#define VAR_AUTH_ZONE 518
#define VAR_ZONEFILE 519
#define VAR_MASTER 520
#define VAR_URL 521
#define VAR_FOR_DOWNSTREAM 522
#define VAR_FALLBACK_ENABLED 523
#define VAR_TLS_ADDITIONAL_PORT 524
#define VAR_LOW_RTT 525
#define VAR_LOW_RTT_PERMIL 526
#define VAR_FAST_SERVER_PERMIL 527
#define VAR_FAST_SERVER_NUM 528
#define VAR_ALLOW_NOTIFY 529
#define VAR_TLS_WIN_CERT 530
#define VAR_TCP_CONNECTION_LIMIT 531
#define VAR_FORWARD_NO_CACHE 532
#define VAR_STUB_NO_CACHE 533
#define VAR_LOG_SERVFAIL 534
#define VAR_DENY_ANY 535
#define VAR_UNKNOWN_SERVER_TIME_LIMIT 536
#define VAR_LOG_TAG_QUERYREPLY 537
#define VAR_STREAM_WAIT_SIZE 538
#define VAR_TLS_CIPHERS 539
#define VAR_TLS_CIPHERSUITES 540
#define VAR_TLS_USE_SNI 541
#define VAR_IPSET 542
#define VAR_IPSET_NAME_V4 543
#define VAR_IPSET_NAME_V6 544
#define VAR_TLS_SESSION_TICKET_KEYS 545
#define VAR_RPZ 546
#define VAR_TAGS 547
#define VAR_RPZ_ACTION_OVERRIDE 548
#define VAR_RPZ_CNAME_OVERRIDE 549
#define VAR_RPZ_LOG 550
#define VAR_RPZ_LOG_NAME 551
#define VAR_DYNLIB 552
#define VAR_DYNLIB_FILE 553
#define VAR_EDNS_CLIENT_TAG 554
#define VAR_EDNS_CLIENT_TAG_OPCODE 555
#define VAR_INFRA_KEEP_PROBING 412
#define VAR_DNS64_PREFIX 413
#define VAR_DNS64_SYNTHALL 414
#define VAR_DNS64_IGNORE_AAAA 415
#define VAR_DNSTAP 416
#define VAR_DNSTAP_ENABLE 417
#define VAR_DNSTAP_SOCKET_PATH 418
#define VAR_DNSTAP_IP 419
#define VAR_DNSTAP_TLS 420
#define VAR_DNSTAP_TLS_SERVER_NAME 421
#define VAR_DNSTAP_TLS_CERT_BUNDLE 422
#define VAR_DNSTAP_TLS_CLIENT_KEY_FILE 423
#define VAR_DNSTAP_TLS_CLIENT_CERT_FILE 424
#define VAR_DNSTAP_SEND_IDENTITY 425
#define VAR_DNSTAP_SEND_VERSION 426
#define VAR_DNSTAP_BIDIRECTIONAL 427
#define VAR_DNSTAP_IDENTITY 428
#define VAR_DNSTAP_VERSION 429
#define VAR_DNSTAP_LOG_RESOLVER_QUERY_MESSAGES 430
#define VAR_DNSTAP_LOG_RESOLVER_RESPONSE_MESSAGES 431
#define VAR_DNSTAP_LOG_CLIENT_QUERY_MESSAGES 432
#define VAR_DNSTAP_LOG_CLIENT_RESPONSE_MESSAGES 433
#define VAR_DNSTAP_LOG_FORWARDER_QUERY_MESSAGES 434
#define VAR_DNSTAP_LOG_FORWARDER_RESPONSE_MESSAGES 435
#define VAR_RESPONSE_IP_TAG 436
#define VAR_RESPONSE_IP 437
#define VAR_RESPONSE_IP_DATA 438
#define VAR_HARDEN_ALGO_DOWNGRADE 439
#define VAR_IP_TRANSPARENT 440
#define VAR_IP_DSCP 441
#define VAR_DISABLE_DNSSEC_LAME_CHECK 442
#define VAR_IP_RATELIMIT 443
#define VAR_IP_RATELIMIT_SLABS 444
#define VAR_IP_RATELIMIT_SIZE 445
#define VAR_RATELIMIT 446
#define VAR_RATELIMIT_SLABS 447
#define VAR_RATELIMIT_SIZE 448
#define VAR_RATELIMIT_FOR_DOMAIN 449
#define VAR_RATELIMIT_BELOW_DOMAIN 450
#define VAR_IP_RATELIMIT_FACTOR 451
#define VAR_RATELIMIT_FACTOR 452
#define VAR_SEND_CLIENT_SUBNET 453
#define VAR_CLIENT_SUBNET_ZONE 454
#define VAR_CLIENT_SUBNET_ALWAYS_FORWARD 455
#define VAR_CLIENT_SUBNET_OPCODE 456
#define VAR_MAX_CLIENT_SUBNET_IPV4 457
#define VAR_MAX_CLIENT_SUBNET_IPV6 458
#define VAR_MIN_CLIENT_SUBNET_IPV4 459
#define VAR_MIN_CLIENT_SUBNET_IPV6 460
#define VAR_MAX_ECS_TREE_SIZE_IPV4 461
#define VAR_MAX_ECS_TREE_SIZE_IPV6 462
#define VAR_CAPS_WHITELIST 463
#define VAR_CACHE_MAX_NEGATIVE_TTL 464
#define VAR_PERMIT_SMALL_HOLDDOWN 465
#define VAR_QNAME_MINIMISATION 466
#define VAR_QNAME_MINIMISATION_STRICT 467
#define VAR_IP_FREEBIND 468
#define VAR_DEFINE_TAG 469
#define VAR_LOCAL_ZONE_TAG 470
#define VAR_ACCESS_CONTROL_TAG 471
#define VAR_LOCAL_ZONE_OVERRIDE 472
#define VAR_ACCESS_CONTROL_TAG_ACTION 473
#define VAR_ACCESS_CONTROL_TAG_DATA 474
#define VAR_VIEW 475
#define VAR_ACCESS_CONTROL_VIEW 476
#define VAR_VIEW_FIRST 477
#define VAR_SERVE_EXPIRED 478
#define VAR_SERVE_EXPIRED_TTL 479
#define VAR_SERVE_EXPIRED_TTL_RESET 480
#define VAR_SERVE_EXPIRED_REPLY_TTL 481
#define VAR_SERVE_EXPIRED_CLIENT_TIMEOUT 482
#define VAR_FAKE_DSA 483
#define VAR_FAKE_SHA1 484
#define VAR_LOG_IDENTITY 485
#define VAR_HIDE_TRUSTANCHOR 486
#define VAR_TRUST_ANCHOR_SIGNALING 487
#define VAR_AGGRESSIVE_NSEC 488
#define VAR_USE_SYSTEMD 489
#define VAR_SHM_ENABLE 490
#define VAR_SHM_KEY 491
#define VAR_ROOT_KEY_SENTINEL 492
#define VAR_DNSCRYPT 493
#define VAR_DNSCRYPT_ENABLE 494
#define VAR_DNSCRYPT_PORT 495
#define VAR_DNSCRYPT_PROVIDER 496
#define VAR_DNSCRYPT_SECRET_KEY 497
#define VAR_DNSCRYPT_PROVIDER_CERT 498
#define VAR_DNSCRYPT_PROVIDER_CERT_ROTATED 499
#define VAR_DNSCRYPT_SHARED_SECRET_CACHE_SIZE 500
#define VAR_DNSCRYPT_SHARED_SECRET_CACHE_SLABS 501
#define VAR_DNSCRYPT_NONCE_CACHE_SIZE 502
#define VAR_DNSCRYPT_NONCE_CACHE_SLABS 503
#define VAR_IPSECMOD_ENABLED 504
#define VAR_IPSECMOD_HOOK 505
#define VAR_IPSECMOD_IGNORE_BOGUS 506
#define VAR_IPSECMOD_MAX_TTL 507
#define VAR_IPSECMOD_WHITELIST 508
#define VAR_IPSECMOD_STRICT 509
#define VAR_CACHEDB 510
#define VAR_CACHEDB_BACKEND 511
#define VAR_CACHEDB_SECRETSEED 512
#define VAR_CACHEDB_REDISHOST 513
#define VAR_CACHEDB_REDISPORT 514
#define VAR_CACHEDB_REDISTIMEOUT 515
#define VAR_CACHEDB_REDISEXPIRERECORDS 516
#define VAR_UDP_UPSTREAM_WITHOUT_DOWNSTREAM 517
#define VAR_FOR_UPSTREAM 518
#define VAR_AUTH_ZONE 519
#define VAR_ZONEFILE 520
#define VAR_MASTER 521
#define VAR_URL 522
#define VAR_FOR_DOWNSTREAM 523
#define VAR_FALLBACK_ENABLED 524
#define VAR_TLS_ADDITIONAL_PORT 525
#define VAR_LOW_RTT 526
#define VAR_LOW_RTT_PERMIL 527
#define VAR_FAST_SERVER_PERMIL 528
#define VAR_FAST_SERVER_NUM 529
#define VAR_ALLOW_NOTIFY 530
#define VAR_TLS_WIN_CERT 531
#define VAR_TCP_CONNECTION_LIMIT 532
#define VAR_FORWARD_NO_CACHE 533
#define VAR_STUB_NO_CACHE 534
#define VAR_LOG_SERVFAIL 535
#define VAR_DENY_ANY 536
#define VAR_UNKNOWN_SERVER_TIME_LIMIT 537
#define VAR_LOG_TAG_QUERYREPLY 538
#define VAR_STREAM_WAIT_SIZE 539
#define VAR_TLS_CIPHERS 540
#define VAR_TLS_CIPHERSUITES 541
#define VAR_TLS_USE_SNI 542
#define VAR_IPSET 543
#define VAR_IPSET_NAME_V4 544
#define VAR_IPSET_NAME_V6 545
#define VAR_TLS_SESSION_TICKET_KEYS 546
#define VAR_RPZ 547
#define VAR_TAGS 548
#define VAR_RPZ_ACTION_OVERRIDE 549
#define VAR_RPZ_CNAME_OVERRIDE 550
#define VAR_RPZ_LOG 551
#define VAR_RPZ_LOG_NAME 552
#define VAR_DYNLIB 553
#define VAR_DYNLIB_FILE 554
#define VAR_EDNS_CLIENT_TAG 555
#define VAR_EDNS_CLIENT_TAG_OPCODE 556
/* Value type. */
#if ! defined YYSTYPE && ! defined YYSTYPE_IS_DECLARED
@ -657,7 +659,7 @@ union YYSTYPE
char* str;
#line 661 "util/configparser.h"
#line 663 "util/configparser.h"
};
typedef union YYSTYPE YYSTYPE;

14
util/configparser.y
View file

@ -118,7 +118,7 @@ extern struct config_parser_state* cfg_parser;
%token VAR_STUB_FIRST VAR_MINIMAL_RESPONSES VAR_RRSET_ROUNDROBIN
%token VAR_MAX_UDP_SIZE VAR_DELAY_CLOSE
%token VAR_UNBLOCK_LAN_ZONES VAR_INSECURE_LAN_ZONES
%token VAR_INFRA_CACHE_MIN_RTT
%token VAR_INFRA_CACHE_MIN_RTT VAR_INFRA_KEEP_PROBING
%token VAR_DNS64_PREFIX VAR_DNS64_SYNTHALL VAR_DNS64_IGNORE_AAAA
%token VAR_DNSTAP VAR_DNSTAP_ENABLE VAR_DNSTAP_SOCKET_PATH VAR_DNSTAP_IP
%token VAR_DNSTAP_TLS VAR_DNSTAP_TLS_SERVER_NAME VAR_DNSTAP_TLS_CERT_BUNDLE
@ -256,7 +256,7 @@ content_server: server_num_threads | server_verbosity | server_port |
server_dns64_prefix | server_dns64_synthall | server_dns64_ignore_aaaa |
server_infra_cache_min_rtt | server_harden_algo_downgrade |
server_ip_transparent | server_ip_ratelimit | server_ratelimit |
server_ip_dscp |
server_ip_dscp | server_infra_keep_probing |
server_ip_ratelimit_slabs | server_ratelimit_slabs |
server_ip_ratelimit_size | server_ratelimit_size |
server_ratelimit_for_domain |
@ -1540,6 +1540,16 @@ server_infra_cache_min_rtt: VAR_INFRA_CACHE_MIN_RTT STRING_ARG
free($2);
}
;
server_infra_keep_probing: VAR_INFRA_KEEP_PROBING STRING_ARG
{
OUTYY(("P(server_infra_keep_probing:%s)\n", $2));
if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
yyerror("expected yes or no.");
else cfg_parser->cfg->infra_keep_probing =
(strcmp($2, "yes")==0);
free($2);
}
;
server_target_fetch_policy: VAR_TARGET_FETCH_POLICY STRING_ARG
{
OUTYY(("P(server_target_fetch_policy:%s)\n", $2));