Commit 32bcafc3 authored by Mukund Sivaraman's avatar Mukund Sivaraman
Browse files

Change default minimal-responses setting to no-auth-recursive (#46016)

parent e2ed24aa
4782. [func] Change default minimal-responses setting to
no-auth-recursive. [RT #46016]
4781. [bug] Fix use after free when closing an LMDB. [RT #46000]
 
4780. [bug] Fix out of bounds access in DHCID totext() method.
......
......@@ -181,7 +181,7 @@ options {\n\
message-compression yes;\n\
# min-roots <obsolete>;\n\
minimal-any false;\n\
minimal-responses true;\n\
minimal-responses no-auth-recursive;\n\
notify-source *;\n\
notify-source-v6 *;\n\
nsec3-test-zone no;\n\
......
......@@ -19,7 +19,8 @@ ns A 10.53.0.4
$TTL 5
to-be-removed NS ns.to-be-removed
ns.to-be-removed A 10.53.0.6
fetch 10 TXT A short ttl
fetch.tld. NS ns.fetch.tld.
ns.fetch.tld. A 10.53.0.6
no-edns-version.tld. NS ns.no-edns-version.tld.
ns.no-edns-version.tld. A 10.53.0.6
edns-version.tld. NS ns.edns-version.tld.
......
......@@ -16,7 +16,8 @@ $TTL 300
)
@ NS ns.tld.
ns A 10.53.0.4
fetch 10 TXT A short ttl
fetch.tld. NS ns.fetch.tld.
ns.fetch.tld. A 10.53.0.6
fetchall 10 TXT A short ttl
fetchall 10 A 1.2.3.4
fetchall 10 AAAA ::1
......
; Copyright (C) 2011, 2016 Internet Systems Consortium, Inc. ("ISC")
;
; This Source Code Form is subject to the terms of the Mozilla Public
; License, v. 2.0. If a copy of the MPL was not distributed with this
; file, You can obtain one at http://mozilla.org/MPL/2.0/.
; $Id: moves.db,v 1.3 2011/03/13 23:47:36 tbox Exp $
$TTL 300
@ IN SOA marka.isc.org. ns.fetch.tld. (
2010 ; serial
600 ; refresh
600 ; retry
1200 ; expire
600 ; minimum
)
@ NS ns.fetch.tld.
ns.fetch.tld. A 10.53.0.6
@ 10 TXT A short ttl
......@@ -68,3 +68,8 @@ zone "delegation-only" {
type master;
file "delegation-only.db";
};
zone "fetch.tld" {
type master;
file "fetch.tld.db";
};
......@@ -6239,7 +6239,9 @@ options {
unless they are required, but it may still add
records to the additional section. When set to
<userinput>no-auth-recursive</userinput>, this
is only done if the query is recursive. These
is only done if the query is recursive. When the
query is not recursive, the effect is same as if
<userinput>no</userinput> was specified. These
settings are useful when answering stub clients,
which usually ignore the authority section.
<userinput>no-auth-recursive</userinput> is
......@@ -6247,7 +6249,8 @@ options {
both authoritative and recursive queries.
</para>
<para>
The default is <userinput>yes</userinput>.
The default is
<userinput>no-auth-recursive</userinput>.
</para>
</listitem>
</varlistentry>
......@@ -6269,11 +6272,6 @@ options {
at the cost of increased memory usage for the zone. If
you don't want this, set it to <userinput>no</userinput>.
</para>
<para>
The glue cache is only used when
<userinput>minimal-responses</userinput> is also set
to <userinput>yes</userinput>.
</para>
</listitem>
</varlistentry>
 
......
......@@ -2063,10 +2063,12 @@ query_addadditional(void *arg, const dns_name_t *name, dns_rdatatype_t qtype) {
return (eresult);
}
static inline void
query_addrdataset(ns_client_t *client, dns_name_t *fname,
dns_rdataset_t *rdataset)
static void
query_addrdataset(ns_client_t *client, dns_section_t section,
dns_name_t *fname, dns_rdataset_t *rdataset)
{
UNUSED(section);
/*
* Add 'rdataset' and any pertinent additional data to
* 'fname', a name in the response message for 'client'.
......@@ -2089,7 +2091,6 @@ query_addrdataset(ns_client_t *client, dns_name_t *fname,
* Try to process glue directly.
*/
if (client->view->use_glue_cache &&
(client->view->minimalresponses == dns_minimal_yes) &&
(rdataset->type == dns_rdatatype_ns) &&
(client->query.gluedb != NULL) &&
dns_db_iszone(client->query.gluedb))
......@@ -2191,7 +2192,7 @@ query_addrrset(ns_client_t *client, dns_name_t **namep,
* we do not need to check if the SIG rdataset is already in the
* response.
*/
query_addrdataset(client, mname, rdataset);
query_addrdataset(client, section, mname, rdataset);
*rdatasetp = NULL;
if (sigrdataset != NULL && dns_rdataset_isassociated(sigrdataset)) {
/*
......@@ -7051,6 +7052,7 @@ query_dns64(query_ctx_t *qctx) {
isc_netaddr_t netaddr;
dns_dns64_t *dns64;
unsigned int flags = 0;
const dns_section_t section = DNS_SECTION_ANSWER;
/*%
* To the current response for 'qctx->client', add the answer RRset
......@@ -7074,7 +7076,7 @@ query_dns64(query_ctx_t *qctx) {
dns64_rdata = NULL;
dns64_rdataset = NULL;
dns64_rdatalist = NULL;
result = dns_message_findname(client->message, DNS_SECTION_ANSWER,
result = dns_message_findname(client->message, section,
name, dns_rdatatype_aaaa,
qctx->rdataset->covers,
&mname, &mrdataset);
......@@ -7094,7 +7096,7 @@ query_dns64(query_ctx_t *qctx) {
*/
if (qctx->dbuf != NULL)
query_keepname(client, name, qctx->dbuf);
dns_message_addname(client->message, name, DNS_SECTION_ANSWER);
dns_message_addname(client->message, name, section);
qctx->fname = NULL;
mname = name;
} else {
......@@ -7187,7 +7189,7 @@ query_dns64(query_ctx_t *qctx) {
dns_rdataset_setownercase(dns64_rdataset, mname);
client->query.attributes |= NS_QUERYATTR_NOADDITIONAL;
dns64_rdataset->trust = qctx->rdataset->trust;
query_addrdataset(client, mname, dns64_rdataset);
query_addrdataset(client, section, mname, dns64_rdataset);
dns64_rdataset = NULL;
dns64_rdatalist = NULL;
dns_message_takebuffer(client->message, &buffer);
......@@ -7232,6 +7234,7 @@ query_filter64(query_ctx_t *qctx) {
isc_region_t r;
isc_result_t result;
unsigned int i;
const dns_section_t section = DNS_SECTION_ANSWER;
CTRACE(ISC_LOG_DEBUG(3), "query_filter64");
......@@ -7245,7 +7248,7 @@ query_filter64(query_ctx_t *qctx) {
myrdata = NULL;
myrdataset = NULL;
myrdatalist = NULL;
result = dns_message_findname(client->message, DNS_SECTION_ANSWER,
result = dns_message_findname(client->message, section,
name, dns_rdatatype_aaaa,
qctx->rdataset->covers,
&mname, &myrdataset);
......@@ -7322,11 +7325,11 @@ query_filter64(query_ctx_t *qctx) {
if (qctx->dbuf != NULL)
query_keepname(client, name, qctx->dbuf);
dns_message_addname(client->message, name,
DNS_SECTION_ANSWER);
section);
qctx->dbuf = NULL;
}
myrdataset->trust = qctx->rdataset->trust;
query_addrdataset(client, mname, myrdataset);
query_addrdataset(client, section, mname, myrdataset);
myrdataset = NULL;
myrdatalist = NULL;
dns_message_takebuffer(client->message, &buffer);
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment