Commit 50df71a8 authored by Ondřej Surý's avatar Ondřej Surý
Browse files

Merge branch '2183-dns-flag-day-2020' into 'main'

Resolve "DNS Flag Day 2020"

Closes #2183

See merge request isc-projects/bind9!4179
parents d51f09a8 096d41b4
5516. [func] The default EDNS buffer size has been changed from 4096
to 1232, the EDNS buffer size probing has been removed
and ``named`` now sets the DON'T FRAGMENT flag on
outgoing UDP packets. [GL #2183]
5515. [func] Add 'rndc dnssec -rollover' command to trigger a 5515. [func] Add 'rndc dnssec -rollover' command to trigger a
manual rollover for a specific key. [GL #1749] manual rollover for a specific key. [GL #1749]
......
...@@ -73,7 +73,7 @@ ...@@ -73,7 +73,7 @@
#define LOOKUP_LIMIT 64 #define LOOKUP_LIMIT 64
#define DEFAULT_EDNS_VERSION 0 #define DEFAULT_EDNS_VERSION 0
#define DEFAULT_EDNS_BUFSIZE 4096 #define DEFAULT_EDNS_BUFSIZE 1232
/*% /*%
* Lookup_limit is just a limiter, keeping too many lookups from being * Lookup_limit is just a limiter, keeping too many lookups from being
......
...@@ -59,7 +59,7 @@ options {\n\ ...@@ -59,7 +59,7 @@ options {\n\
# directory <none>\n\ # directory <none>\n\
dnssec-policy \"none\";\n\ dnssec-policy \"none\";\n\
dump-file \"named_dump.db\";\n\ dump-file \"named_dump.db\";\n\
edns-udp-size 4096;\n\ edns-udp-size 1232;\n\
# fake-iquery <obsolete>;\n" # fake-iquery <obsolete>;\n"
#ifndef WIN32 #ifndef WIN32
" files unlimited;\n" " files unlimited;\n"
...@@ -83,11 +83,11 @@ options {\n\ ...@@ -83,11 +83,11 @@ options {\n\
match-mapped-addresses no;\n\ match-mapped-addresses no;\n\
max-ixfr-ratio 100%;\n\ max-ixfr-ratio 100%;\n\
max-rsa-exponent-size 0; /* no limit */\n\ max-rsa-exponent-size 0; /* no limit */\n\
max-udp-size 4096;\n\ max-udp-size 1232;\n\
memstatistics-file \"named.memstats\";\n\ memstatistics-file \"named.memstats\";\n\
# multiple-cnames <obsolete>;\n\ # multiple-cnames <obsolete>;\n\
# named-xfer <obsolete>;\n\ # named-xfer <obsolete>;\n\
nocookie-udp-size 4096;\n\ nocookie-udp-size 1232;\n\
notify-rate 20;\n\ notify-rate 20;\n\
nta-lifetime 3600;\n\ nta-lifetime 3600;\n\
nta-recheck 300;\n\ nta-recheck 300;\n\
......
...@@ -958,8 +958,10 @@ if [ -x "$DIG" ] ; then ...@@ -958,8 +958,10 @@ if [ -x "$DIG" ] ; then
echo_i "check that dig +bufsize restores default bufsize ($n)" echo_i "check that dig +bufsize restores default bufsize ($n)"
ret=0 ret=0
dig_with_opts @10.53.0.3 a.example +bufsize=0 +bufsize +qr > dig.out.test$n 2>&1 || ret=1 dig_with_opts @10.53.0.3 a.example +bufsize=0 +bufsize +qr > dig.out.test$n 2>&1 || ret=1
lines=`grep "EDNS:.* udp: 4096" dig.out.test$n | wc -l` lines=`grep "EDNS:.* udp:" dig.out.test$n | wc -l`
lines1232=`grep "EDNS:.* udp: 1232" dig.out.test$n | wc -l`
test $lines -eq 2 || ret=1 test $lines -eq 2 || ret=1
test $lines1232 -eq 2 || ret=1
if [ $ret -ne 0 ]; then echo_i "failed"; fi if [ $ret -ne 0 ]; then echo_i "failed"; fi
status=$((status+ret)) status=$((status+ret))
......
...@@ -199,9 +199,9 @@ if [ $ret != 0 ]; then echo_i "failed"; fi ...@@ -199,9 +199,9 @@ if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret` status=`expr $status + $ret`
n=`expr $n + 1` n=`expr $n + 1`
echo_i "checking recursive lookup to edns 512 server succeeds ($n)" echo_i "checking recursive lookup to edns 512 server fails ($n)"
ret=0 ret=0
resolution_succeeds edns512. || ret=1 resolution_fails edns512. || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret` status=`expr $status + $ret`
......
...@@ -638,7 +638,7 @@ sendquery(struct query *query, isc_task_t *task) { ...@@ -638,7 +638,7 @@ sendquery(struct query *query, isc_task_t *task) {
unsigned char cookie[40]; unsigned char cookie[40];
if (query->udpsize == 0) { if (query->udpsize == 0) {
query->udpsize = 4096; query->udpsize = 1232;
} }
if (query->edns < 0) { if (query->edns < 0) {
query->edns = 0; query->edns = 0;
......
...@@ -1842,7 +1842,7 @@ Boolean Options ...@@ -1842,7 +1842,7 @@ Boolean Options
``nocookie-udp-size`` ``nocookie-udp-size``
This sets the maximum size of UDP responses that are sent to queries This sets the maximum size of UDP responses that are sent to queries
without a valid server COOKIE. A value below 128 is silently without a valid server COOKIE. A value below 128 is silently
raised to 128. The default value is 4096, but the ``max-udp-size`` raised to 128. The default value is 1232, but the ``max-udp-size``
option may further limit the response size. option may further limit the response size.
``sit-secret`` ``sit-secret``
...@@ -3399,7 +3399,7 @@ Tuning ...@@ -3399,7 +3399,7 @@ Tuning
the size of packets received from authoritative servers in response the size of packets received from authoritative servers in response
to recursive queries. Valid values are 512 to 4096; values outside to recursive queries. Valid values are 512 to 4096; values outside
this range are silently adjusted to the nearest value within it. this range are silently adjusted to the nearest value within it.
The default value is 4096. The default value is 1232.
The usual reason for setting ``edns-udp-size`` to a non-default value The usual reason for setting ``edns-udp-size`` to a non-default value
is to get UDP answers to pass through broken firewalls that block is to get UDP answers to pass through broken firewalls that block
...@@ -3407,26 +3407,22 @@ Tuning ...@@ -3407,26 +3407,22 @@ Tuning
512 bytes. 512 bytes.
When ``named`` first queries a remote server, it advertises a UDP When ``named`` first queries a remote server, it advertises a UDP
buffer size of 512, as this has the greatest chance of success on the buffer size of 1232.
first try.
Query timeouts observed for any given server affect the buffer size
If the initial query is successful with EDNS advertising a buffer advertised in queries sent to that server. Depending on observed packet
size of 512, then ``named`` switches to advertising a buffer size dropping patterns, the query is retried over TCP. Per-server EDNS statistics
of 4096 bytes (unless ``edns-udp-size`` is lower, in which case the are only retained in memory for the lifetime of a given server's ADB entry.
latter will be used).
The ``named`` now sets the DON'T FRAGMENT flag on outgoing UDP packets.
Query timeouts observed for any given server affect the buffer According to the measurements done by multiple parties this should not be
size advertised in queries sent to that server. Depending on causing any operational problems as most of the Internet "core" is able to
observed packet dropping patterns, the advertised buffer size is cope with IP message sizes between 1400-1500 bytes, the 1232 size was picked
lowered to 1432 bytes, 1232 bytes, 512 bytes, or the size of the as a conservative minimal number that could be changed by the DNS operator to
largest UDP response ever received from a given server, and then a estimated path MTU minus the estimated header space. In practice, the
clamped to the ``<512, edns-udp-size>`` range. Per-server EDNS smallest MTU witnessed in the operational DNS community is 1500 octets, the
statistics are only retained in memory for the lifetime of a given Ethernet maximum payload size, so a a useful default for maximum DNS/UDP
server's ADB entry. payload size on **reliable** networks would be 1400.
(The values 1232 and 1432 are chosen to allow for an
IPv4-/IPv6-encapsulated UDP message to be sent without fragmentation at the
minimum MTU sizes for Ethernet and IPv6 networks.)
Any server-specific ``edns-udp-size`` setting has precedence over all Any server-specific ``edns-udp-size`` setting has precedence over all
the above rules. the above rules.
...@@ -3435,7 +3431,7 @@ Tuning ...@@ -3435,7 +3431,7 @@ Tuning
This sets the maximum EDNS UDP message size that ``named`` sends, in bytes. This sets the maximum EDNS UDP message size that ``named`` sends, in bytes.
Valid values are 512 to 4096; values outside this range are Valid values are 512 to 4096; values outside this range are
silently adjusted to the nearest value within it. The default value silently adjusted to the nearest value within it. The default value
is 4096. is 1232.
This value applies to responses sent by a server; to set the This value applies to responses sent by a server; to set the
advertised buffer size in queries, see ``edns-udp-size``. advertised buffer size in queries, see ``edns-udp-size``.
......
...@@ -24,8 +24,6 @@ Known Issues ...@@ -24,8 +24,6 @@ Known Issues
New Features New Features
~~~~~~~~~~~~ ~~~~~~~~~~~~
- None.
- Add a new ``rndc`` command, ``rndc dnssec -rollover``, which triggers - Add a new ``rndc`` command, ``rndc dnssec -rollover``, which triggers
a manual rollover for a specific key. [GL #1749] a manual rollover for a specific key. [GL #1749]
...@@ -42,7 +40,17 @@ Removed Features ...@@ -42,7 +40,17 @@ Removed Features
Feature Changes Feature Changes
~~~~~~~~~~~~~~~ ~~~~~~~~~~~~~~~
- None. - [DNS Flag Day 2020]: The default EDNS buffer size has been changed from 4096
to 1232, the EDNS buffer size probing has been removed and ``named`` now sets
the DON'T FRAGMENT flag on outgoing UDP packets. According to the
measurements done by multiple parties this should not be causing any
operational problems as most of the Internet "core" is able to cope with IP
message sizes between 1400-1500 bytes, the 1232 size was picked as a
conservative minimal number that could be changed by the DNS operator to a
estimated path MTU minus the estimated header space. In practice, the smallest
MTU witnessed in the operational DNS community is 1500 octets, the Ethernet
maximum payload size, so a a useful default for maximum DNS/UDP payload size
on reliable networks would be 1400. [GL #2183]
Bug Fixes Bug Fixes
~~~~~~~~~ ~~~~~~~~~
......
...@@ -249,20 +249,13 @@ struct dns_adbentry { ...@@ -249,20 +249,13 @@ struct dns_adbentry {
unsigned char plain; unsigned char plain;
unsigned char plainto; unsigned char plainto;
unsigned char edns; unsigned char edns;
unsigned char to4096; /* Our max. */ unsigned char ednsto;
uint8_t mode; uint8_t mode;
atomic_uint_fast32_t quota; atomic_uint_fast32_t quota;
atomic_uint_fast32_t active; atomic_uint_fast32_t active;
double atr; double atr;
/*
* Allow for encapsulated IPv4/IPv6 UDP packet over ethernet.
* Ethernet 1500 - IP(20) - IP6(40) - UDP(8) = 1432.
*/
unsigned char to1432; /* Ethernet */
unsigned char to1232; /* IPv6 nofrag */
unsigned char to512; /* plain DNS */
isc_sockaddr_t sockaddr; isc_sockaddr_t sockaddr;
unsigned char *cookie; unsigned char *cookie;
uint16_t cookielen; uint16_t cookielen;
...@@ -1893,14 +1886,11 @@ new_adbentry(dns_adb_t *adb) { ...@@ -1893,14 +1886,11 @@ new_adbentry(dns_adb_t *adb) {
e->flags = 0; e->flags = 0;
e->udpsize = 0; e->udpsize = 0;
e->edns = 0; e->edns = 0;
e->ednsto = 0;
e->completed = 0; e->completed = 0;
e->timeouts = 0; e->timeouts = 0;
e->plain = 0; e->plain = 0;
e->plainto = 0; e->plainto = 0;
e->to4096 = 0;
e->to1432 = 0;
e->to1232 = 0;
e->to512 = 0;
e->cookie = NULL; e->cookie = NULL;
e->cookielen = 0; e->cookielen = 0;
e->srtt = (isc_random_uniform(0x1f)) + 1; e->srtt = (isc_random_uniform(0x1f)) + 1;
...@@ -3529,8 +3519,7 @@ dump_adb(dns_adb_t *adb, FILE *f, bool debug, isc_stdtime_t now) { ...@@ -3529,8 +3519,7 @@ dump_adb(dns_adb_t *adb, FILE *f, bool debug, isc_stdtime_t now) {
dns_adbentry_t *entry; dns_adbentry_t *entry;
fprintf(f, ";\n; Address database dump\n;\n"); fprintf(f, ";\n; Address database dump\n;\n");
fprintf(f, "; [edns success/4096 timeout/1432 timeout/1232 timeout/" fprintf(f, "; [edns success/timeout]\n");
"512 timeout]\n");
fprintf(f, "; [plain success/timeout]\n;\n"); fprintf(f, "; [plain success/timeout]\n;\n");
if (debug) { if (debug) {
LOCK(&adb->reflock); LOCK(&adb->reflock);
...@@ -3656,11 +3645,10 @@ dump_entry(FILE *f, dns_adb_t *adb, dns_adbentry_t *entry, bool debug, ...@@ -3656,11 +3645,10 @@ dump_entry(FILE *f, dns_adb_t *adb, dns_adbentry_t *entry, bool debug,
} }
fprintf(f, fprintf(f,
";\t%s [srtt %u] [flags %08x] [edns %u/%u/%u/%u/%u] " ";\t%s [srtt %u] [flags %08x] [edns %u/%u] "
"[plain %u/%u]", "[plain %u/%u]",
addrbuf, entry->srtt, entry->flags, entry->edns, entry->to4096, addrbuf, entry->srtt, entry->flags, entry->edns, entry->ednsto,
entry->to1432, entry->to1232, entry->to512, entry->plain, entry->plain, entry->plainto);
entry->plainto);
if (entry->udpsize != 0U) { if (entry->udpsize != 0U) {
fprintf(f, " [udpsize %u]", entry->udpsize); fprintf(f, " [udpsize %u]", entry->udpsize);
} }
...@@ -4437,41 +4425,6 @@ maybe_adjust_quota(dns_adb_t *adb, dns_adbaddrinfo_t *addr, bool timeout) { ...@@ -4437,41 +4425,6 @@ maybe_adjust_quota(dns_adb_t *adb, dns_adbaddrinfo_t *addr, bool timeout) {
} }
#define EDNSTOS 3U #define EDNSTOS 3U
bool
dns_adb_noedns(dns_adb_t *adb, dns_adbaddrinfo_t *addr) {
int bucket;
bool noedns = false;
REQUIRE(DNS_ADB_VALID(adb));
REQUIRE(DNS_ADBADDRINFO_VALID(addr));
bucket = addr->entry->lock_bucket;
LOCK(&adb->entrylocks[bucket]);
if (addr->entry->edns == 0U &&
(addr->entry->plain > EDNSTOS || addr->entry->to4096 > EDNSTOS))
{
if (((addr->entry->plain + addr->entry->to4096) & 0x3f) != 0) {
noedns = true;
} else {
/*
* Increment plain so we don't get stuck.
*/
addr->entry->plain++;
if (addr->entry->plain == 0xff) {
addr->entry->edns >>= 1;
addr->entry->to4096 >>= 1;
addr->entry->to1432 >>= 1;
addr->entry->to1232 >>= 1;
addr->entry->to512 >>= 1;
addr->entry->plain >>= 1;
addr->entry->plainto >>= 1;
}
}
}
UNLOCK(&adb->entrylocks[bucket]);
return (noedns);
}
void void
dns_adb_plainresponse(dns_adb_t *adb, dns_adbaddrinfo_t *addr) { dns_adb_plainresponse(dns_adb_t *adb, dns_adbaddrinfo_t *addr) {
...@@ -4488,10 +4441,7 @@ dns_adb_plainresponse(dns_adb_t *adb, dns_adbaddrinfo_t *addr) { ...@@ -4488,10 +4441,7 @@ dns_adb_plainresponse(dns_adb_t *adb, dns_adbaddrinfo_t *addr) {
addr->entry->plain++; addr->entry->plain++;
if (addr->entry->plain == 0xff) { if (addr->entry->plain == 0xff) {
addr->entry->edns >>= 1; addr->entry->edns >>= 1;
addr->entry->to4096 >>= 1; addr->entry->ednsto >>= 1;
addr->entry->to1432 >>= 1;
addr->entry->to1232 >>= 1;
addr->entry->to512 >>= 1;
addr->entry->plain >>= 1; addr->entry->plain >>= 1;
addr->entry->plainto >>= 1; addr->entry->plainto >>= 1;
} }
...@@ -4510,25 +4460,10 @@ dns_adb_timeout(dns_adb_t *adb, dns_adbaddrinfo_t *addr) { ...@@ -4510,25 +4460,10 @@ dns_adb_timeout(dns_adb_t *adb, dns_adbaddrinfo_t *addr) {
maybe_adjust_quota(adb, addr, true); maybe_adjust_quota(adb, addr, true);
/*
* If we have not had a successful query then clear all
* edns timeout information.
*/
if (addr->entry->edns == 0 && addr->entry->plain == 0) {
addr->entry->to512 = 0;
addr->entry->to1232 = 0;
addr->entry->to1432 = 0;
addr->entry->to4096 = 0;
} else {
addr->entry->to512 >>= 1;
addr->entry->to1232 >>= 1;
addr->entry->to1432 >>= 1;
addr->entry->to4096 >>= 1;
}
addr->entry->plainto++; addr->entry->plainto++;
if (addr->entry->plainto == 0xff) { if (addr->entry->plainto == 0xff) {
addr->entry->edns >>= 1; addr->entry->edns >>= 1;
addr->entry->ednsto >>= 1;
addr->entry->plain >>= 1; addr->entry->plain >>= 1;
addr->entry->plainto >>= 1; addr->entry->plainto >>= 1;
} }
...@@ -4536,7 +4471,7 @@ dns_adb_timeout(dns_adb_t *adb, dns_adbaddrinfo_t *addr) { ...@@ -4536,7 +4471,7 @@ dns_adb_timeout(dns_adb_t *adb, dns_adbaddrinfo_t *addr) {
} }
void void
dns_adb_ednsto(dns_adb_t *adb, dns_adbaddrinfo_t *addr, unsigned int size) { dns_adb_ednsto(dns_adb_t *adb, dns_adbaddrinfo_t *addr) {
int bucket; int bucket;
REQUIRE(DNS_ADB_VALID(adb)); REQUIRE(DNS_ADB_VALID(adb));
...@@ -4547,36 +4482,10 @@ dns_adb_ednsto(dns_adb_t *adb, dns_adbaddrinfo_t *addr, unsigned int size) { ...@@ -4547,36 +4482,10 @@ dns_adb_ednsto(dns_adb_t *adb, dns_adbaddrinfo_t *addr, unsigned int size) {
maybe_adjust_quota(adb, addr, true); maybe_adjust_quota(adb, addr, true);
if (size <= 512U) { addr->entry->ednsto++;
if (addr->entry->to512 <= EDNSTOS) { if (addr->entry->ednsto == 0xff) {
addr->entry->to512++;
addr->entry->to1232++;
addr->entry->to1432++;
addr->entry->to4096++;
}
} else if (size <= 1232U) {
if (addr->entry->to1232 <= EDNSTOS) {
addr->entry->to1232++;
addr->entry->to1432++;
addr->entry->to4096++;
}
} else if (size <= 1432U) {
if (addr->entry->to1432 <= EDNSTOS) {
addr->entry->to1432++;
addr->entry->to4096++;
}
} else {
if (addr->entry->to4096 <= EDNSTOS) {
addr->entry->to4096++;
}
}
if (addr->entry->to4096 == 0xff) {
addr->entry->edns >>= 1; addr->entry->edns >>= 1;
addr->entry->to4096 >>= 1; addr->entry->ednsto >>= 1;
addr->entry->to1432 >>= 1;
addr->entry->to1232 >>= 1;
addr->entry->to512 >>= 1;
addr->entry->plain >>= 1; addr->entry->plain >>= 1;
addr->entry->plainto >>= 1; addr->entry->plainto >>= 1;
} }
...@@ -4604,10 +4513,7 @@ dns_adb_setudpsize(dns_adb_t *adb, dns_adbaddrinfo_t *addr, unsigned int size) { ...@@ -4604,10 +4513,7 @@ dns_adb_setudpsize(dns_adb_t *adb, dns_adbaddrinfo_t *addr, unsigned int size) {
addr->entry->edns++; addr->entry->edns++;
if (addr->entry->edns == 0xff) { if (addr->entry->edns == 0xff) {
addr->entry->edns >>= 1; addr->entry->edns >>= 1;
addr->entry->to4096 >>= 1; addr->entry->ednsto >>= 1;
addr->entry->to1432 >>= 1;
addr->entry->to1232 >>= 1;
addr->entry->to512 >>= 1;
addr->entry->plain >>= 1; addr->entry->plain >>= 1;
addr->entry->plainto >>= 1; addr->entry->plainto >>= 1;
} }
...@@ -4630,38 +4536,6 @@ dns_adb_getudpsize(dns_adb_t *adb, dns_adbaddrinfo_t *addr) { ...@@ -4630,38 +4536,6 @@ dns_adb_getudpsize(dns_adb_t *adb, dns_adbaddrinfo_t *addr) {
return (size); return (size);
} }
unsigned int
dns_adb_probesize(dns_adb_t *adb, dns_adbaddrinfo_t *addr, int lookups) {
int bucket;
unsigned int size;
REQUIRE(DNS_ADB_VALID(adb));
REQUIRE(DNS_ADBADDRINFO_VALID(addr));
bucket = addr->entry->lock_bucket;
LOCK(&adb->entrylocks[bucket]);
if (addr->entry->to1232 > EDNSTOS || lookups >= 2) {
size = 512;
} else if (addr->entry->to1432 > EDNSTOS || lookups >= 1) {
size = 1232;
} else if (addr->entry->to4096 > EDNSTOS) {
size = 1432;
} else {
size = 4096;
}
/*
* Don't shrink probe size below what we have seen due to multiple
* lookups.
*/
if (lookups > 0 && size < addr->entry->udpsize &&
addr->entry->udpsize < 4096) {
size = addr->entry->udpsize;
}
UNLOCK(&adb->entrylocks[bucket]);
return (size);
}
void void
dns_adb_setcookie(dns_adb_t *adb, dns_adbaddrinfo_t *addr, dns_adb_setcookie(dns_adb_t *adb, dns_adbaddrinfo_t *addr,
const unsigned char *cookie, size_t len) { const unsigned char *cookie, size_t len) {
......
...@@ -606,19 +606,6 @@ dns_adb_getudpsize(dns_adb_t *adb, dns_adbaddrinfo_t *addr); ...@@ -606,19 +606,6 @@ dns_adb_getudpsize(dns_adb_t *adb, dns_adbaddrinfo_t *addr);
*\li addr be valid. *\li addr be valid.
*/ */
unsigned int
dns_adb_probesize(dns_adb_t *adb, dns_adbaddrinfo_t *addr, int lookups);
/*%
* Return suggested EDNS UDP size based on observed responses / failures.
* 'lookups' is the number of times the current lookup has been attempted.
*
* Requires:
*
*\li adb be valid.
*
*\li addr be valid.
*/
void void
dns_adb_plainresponse(dns_adb_t *adb, dns_adbaddrinfo_t *addr); dns_adb_plainresponse(dns_adb_t *adb, dns_adbaddrinfo_t *addr);
/*% /*%
...@@ -644,22 +631,9 @@ dns_adb_timeout(dns_adb_t *adb, dns_adbaddrinfo_t *addr); ...@@ -644,22 +631,9 @@ dns_adb_timeout(dns_adb_t *adb, dns_adbaddrinfo_t *addr);
*/ */
void void
dns_adb_ednsto(dns_adb_t *adb, dns_adbaddrinfo_t *addr, unsigned int size); dns_adb_ednsto(dns_adb_t *adb, dns_adbaddrinfo_t *addr);
/*%
* Record a failed EDNS UDP response and the advertised EDNS UDP buffer size
* used.
*
* Requires:
*
*\li adb be valid.
*
*\li addr be valid.
*/
bool
dns_adb_noedns(dns_adb_t *adb, dns_adbaddrinfo_t *addr);
/*% /*%
* Return whether EDNS should be disabled for this server. * Record a EDNS UDP query failed.
* *
* Requires: * Requires:
* *
......
...@@ -94,13 +94,11 @@ typedef enum { dns_quotatype_zone = 0, dns_quotatype_server } dns_quotatype_t; ...@@ -94,13 +94,11 @@ typedef enum { dns_quotatype_zone = 0, dns_quotatype_server } dns_quotatype_t;
#define DNS_FETCHOPT_NOEDNS0 0x00000008 /*%< Do not use EDNS. */ #define DNS_FETCHOPT_NOEDNS0 0x00000008 /*%< Do not use EDNS. */
#define DNS_FETCHOPT_FORWARDONLY 0x00000010 /*%< Only use forwarders. */ #define DNS_FETCHOPT_FORWARDONLY 0x00000010 /*%< Only use forwarders. */
#define DNS_FETCHOPT_NOVALIDATE 0x00000020 /*%< Disable validation. */ #define DNS_FETCHOPT_NOVALIDATE 0x00000020 /*%< Disable validation. */
#define DNS_FETCHOPT_EDNS512 \ #define DNS_FETCHOPT_OBSOLETE1 0x00000040 /*%< Obsolete */
0x00000040 /*%< Advertise a 512 byte \ #define DNS_FETCHOPT_WANTNSID 0x00000080 /*%< Request NSID */
* UDP buffer. */ #define DNS_FETCHOPT_PREFETCH 0x00000100 /*%< Do prefetch */
#define DNS_FETCHOPT_WANTNSID 0x00000080 /*%< Request NSID */ #define DNS_FETCHOPT_NOCDFLAG 0x00000200 /*%< Don't set CD flag. */
#define DNS_FETCHOPT_PREFETCH 0x00000100 /*%< Do prefetch */ #define DNS_FETCHOPT_NONTA 0x00000400 /*%< Ignore NTA table. */
#define DNS_FETCHOPT_NOCDFLAG 0x00000200 /*%< Don't set CD flag. */
#define DNS_FETCHOPT_NONTA 0x00000400 /*%< Ignore NTA table. */
/* RESERVED ECS 0x00000000 */ /* RESERVED ECS 0x00000000 */
/* RESERVED ECS 0x00001000 */ /* RESERVED ECS 0x00001000 */
/* RESERVED ECS 0x00002000 */ /* RESERVED ECS 0x00002000 */
......
...@@ -203,6 +203,11 @@ ...@@ -203,6 +203,11 @@
*/ */
#define RECV_BUFFER_SIZE 4096 /* XXXRTH Constant. */ #define RECV_BUFFER_SIZE 4096 /* XXXRTH Constant. */