Commit 265052df authored by Witold Krecicki's avatar Witold Krecicki
Browse files

qname-minimization: Some post-review style/minor fixes

parent 9cef87d8
......@@ -183,9 +183,9 @@ options {\n\
notify-source-v6 *;\n\
nsec3-test-zone no;\n\
provide-ixfr true;\n\
qname-minimization relaxed;\n\
query-source address *;\n\
query-source-v6 address *;\n\
qname-minimization relaxed;\n\
recursion true;\n\
request-expire true;\n\
request-ixfr true;\n\
......
......@@ -3690,6 +3690,7 @@ configure_view(dns_view_t *view, dns_viewlist_t *viewlist,
isc_dscp_t dscp4 = -1, dscp6 = -1;
dns_dyndbctx_t *dctx = NULL;
unsigned int resolver_param;
const char * qminmode = NULL;
REQUIRE(DNS_VIEW_VALID(view));
......@@ -4642,7 +4643,7 @@ configure_view(dns_view_t *view, dns_viewlist_t *viewlist,
obj = NULL;
result = named_config_get(maps, "qname-minimization", &obj);
INSIST(result == ISC_R_SUCCESS);
const char * qminmode = cfg_obj_asstring(obj);
qminmode = cfg_obj_asstring(obj);
INSIST(qminmode != NULL);
if (!strcmp(qminmode, "strict")) {
view->qminimization = ISC_TRUE;
......
......@@ -91,8 +91,8 @@ SEQUENTIALDIRS="acl additional addzone autosign builtin \
fetchlimit filter-aaaa formerr forward geoip glue idna inline ixfr \
keepalive @KEYMGR@ legacy limits logfileconfig masterfile \
masterformat metadata mkeys names notify nslookup nsupdate \
nzd2nzf padding pending pipelined @PKCS11_TEST@ qmin
reclimit redirect resolver rndc rpz rrchecker rrl \
nzd2nzf padding pending pipelined @PKCS11_TEST@ qmin \
reclimit redirect resolver rndc rpz rrchecker rrl \
rrsetorder rsabigexponent runtime sfcache smartsign sortlist \
spf staticstub statistics statschannel stub tcp tkey tsig \
tsiggss unknown upforwd verify views wildcard xfer xferquota \
......
......@@ -15,3 +15,4 @@ rm -f */named.run
rm -f dig.out.*
rm -f ns*/named.lock
rm -f ans*/query.log
rm -f query*.log
......@@ -35,6 +35,7 @@ AAAA a.bit.longer.ns.name.good.
__EOF
echo "A icky.icky.icky.ptang.zoop.boing.good." | diff ans3/query.log - > /dev/null || ret=1
echo "A icky.icky.icky.ptang.zoop.boing.good." | diff ans4/query.log - > /dev/null || ret=1
for ans in ans2 ans3 ans4; do mv -f $ans/query.log query-$ans-$n.log 2>/dev/null || true; done
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
......@@ -55,6 +56,7 @@ AAAA a.bit.longer.ns.name.bad.
__EOF
echo "A icky.icky.icky.ptang.zoop.boing.bad." | diff ans3/query.log - > /dev/null || ret=1
echo "A icky.icky.icky.ptang.zoop.boing.bad." | diff ans4/query.log - > /dev/null || ret=1
for ans in ans2 ans3 ans4; do mv -f $ans/query.log query-$ans-$n.log 2>/dev/null || true; done
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
......@@ -76,6 +78,7 @@ AAAA a.bit.longer.ns.name.slow.
__EOF
echo "A icky.icky.icky.ptang.zoop.boing.slow." | diff ans3/query.log - > /dev/null || ret=1
echo "A icky.icky.icky.ptang.zoop.boing.slow." | diff ans4/query.log - > /dev/null || ret=1
for ans in ans2 ans3 ans4; do mv -f $ans/query.log query-$ans-$n.log 2>/dev/null || true; done
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
......@@ -115,6 +118,7 @@ cat << __EOF | diff ans4/query.log - > /dev/null || ret=1
NS icky.icky.ptang.zoop.boing.good.
A icky.icky.icky.ptang.zoop.boing.good.
__EOF
for ans in ans2 ans3 ans4; do mv -f $ans/query.log query-$ans-$n.log 2>/dev/null || true; done
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
......@@ -126,6 +130,7 @@ $RNDCCMD 10.53.0.6 flush
$DIG $DIGOPTS icky.icky.icky.ptang.zoop.boing.bad. @10.53.0.6 > dig.out.test$n
grep "status: NXDOMAIN" dig.out.test$n > /dev/null || ret=1
echo "NS boing.bad." | diff ans2/query.log - > /dev/null || ret=1
for ans in ans2 ans3 ans4; do mv -f $ans/query.log query-$ans-$n.log 2>/dev/null || true; done
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
......@@ -149,6 +154,7 @@ AAAA a.bit.longer.ns.name.bad.
__EOF
echo "A icky.icky.icky.ptang.zoop.boing.bad." | diff ans3/query.log - > /dev/null || ret=1
echo "A icky.icky.icky.ptang.zoop.boing.bad." | diff ans4/query.log - > /dev/null || ret=1
for ans in ans2 ans3 ans4; do mv -f $ans/query.log query-$ans-$n.log 2>/dev/null || true; done
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
......@@ -183,6 +189,7 @@ cat << __EOF | diff ans4/query.log - > /dev/null || ret=1
NS icky.icky.ptang.zoop.boing.slow.
A icky.icky.icky.ptang.zoop.boing.slow.
__EOF
for ans in ans2 ans3 ans4; do mv -f $ans/query.log query-$ans-$n.log 2>/dev/null || true; done
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
......@@ -202,6 +209,7 @@ NS 0.0.0.0.0.0.8.f.4.0.1.0.0.2.ip6.arpa.
NS 0.0.0.0.0.0.0.0.8.f.4.0.1.0.0.2.ip6.arpa.
PTR 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.8.f.4.0.1.0.0.2.ip6.arpa.
__EOF
for ans in ans2 ans3 ans4; do mv -f $ans/query.log query-$ans-$n.log 2>/dev/null || true; done
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
......@@ -254,6 +262,7 @@ cat << __EOF | diff ans4/query.log - > /dev/null || ret=1
NS icky.icky.ptang.zoop.boing.good.
A more.icky.icky.icky.ptang.zoop.boing.good.
__EOF
for ans in ans2 ans3 ans4; do mv -f $ans/query.log query-$ans-$n.log 2>/dev/null || true; done
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
......
......@@ -118,7 +118,7 @@ for (;;) {
# expected to be accepted regardless of the filter setting.
$packet->push("authority", new Net::DNS::RR("sub.example.org 300 NS ns.sub.example.org"));
$packet->push("additional", new Net::DNS::RR("ns.sub.example.org 300 A 10.53.0.3"));
} elsif ($qname =~ /broken/) {
} elsif ($qname =~ /\.broken/ || $qname =~ /^broken/) {
# Delegation to broken TLD.
$packet->push("authority", new Net::DNS::RR("broken 300 NS ns.broken"));
$packet->push("additional", new Net::DNS::RR("ns.broken 300 A 10.53.0.4"));
......
......@@ -99,6 +99,15 @@
signatures covering DNSKEY RRsets. [GL #145]
</para>
</listitem>
<listitem>
<para>
Support for qname minimization was added and enabled by default in
<command>relaxed</command> mode - in which BIND will fall back to
normal resolution should the remote server return something
unexpected during query minimization process. This default setting
might change to <command>strict</command> in the future.
</para>
</listitem>
</itemizedlist>
</section>
......
......@@ -88,33 +88,33 @@ typedef enum {
/*
* Options that modify how a 'fetch' is done.
*/
#define DNS_FETCHOPT_TCP 0x0001 /*%< Use TCP. */
#define DNS_FETCHOPT_UNSHARED 0x0002 /*%< See below. */
#define DNS_FETCHOPT_RECURSIVE 0x0004 /*%< Set RD? */
#define DNS_FETCHOPT_NOEDNS0 0x0008 /*%< Do not use EDNS. */
#define DNS_FETCHOPT_FORWARDONLY 0x0010 /*%< Only use forwarders. */
#define DNS_FETCHOPT_NOVALIDATE 0x0020 /*%< Disable validation. */
#define DNS_FETCHOPT_EDNS512 0x0040 /*%< Advertise a 512 byte
UDP buffer. */
#define DNS_FETCHOPT_WANTNSID 0x0080 /*%< Request NSID */
#define DNS_FETCHOPT_PREFETCH 0x0100 /*%< Do prefetch */
#define DNS_FETCHOPT_NOCDFLAG 0x0200 /*%< Don't set CD flag. */
#define DNS_FETCHOPT_NONTA 0x0400 /*%< Ignore NTA table. */
/* RESERVED ECS 0x0000 */
/* RESERVED ECS 0x1000 */
/* RESERVED ECS 0x2000 */
/* RESERVED TCPCLIENT 0x4000 */
#define DNS_FETCHOPT_NOCACHED 0x8000 /*%< Force cache update. */
#define DNS_FETCHOPT_QMINIMIZE 0x00010000 /*%< Use qname
minimization. */
#define DNS_FETCHOPT_QMIN_STRICT 0x00020000 /*%< Do not work around
servers that return
errors on non-empty
terminals. */
#define DNS_FETCHOPT_QMIN_SKIP_IP6A 0x00040000 /*%< Skip some labels
when doing qname
minimization on
ip6.arpa. */
#define DNS_FETCHOPT_TCP 0x00000001 /*%< Use TCP. */
#define DNS_FETCHOPT_UNSHARED 0x00000002 /*%< See below. */
#define DNS_FETCHOPT_RECURSIVE 0x00000004 /*%< Set RD? */
#define DNS_FETCHOPT_NOEDNS0 0x00000008 /*%< Do not use EDNS. */
#define DNS_FETCHOPT_FORWARDONLY 0x00000010 /*%< Only use forwarders. */
#define DNS_FETCHOPT_NOVALIDATE 0x00000020 /*%< Disable validation. */
#define DNS_FETCHOPT_EDNS512 0x00000040 /*%< Advertise a 512 byte
UDP buffer. */
#define DNS_FETCHOPT_WANTNSID 0x00000080 /*%< Request NSID */
#define DNS_FETCHOPT_PREFETCH 0x00000100 /*%< Do prefetch */
#define DNS_FETCHOPT_NOCDFLAG 0x00000200 /*%< Don't set CD flag. */
#define DNS_FETCHOPT_NONTA 0x00000400 /*%< Ignore NTA table. */
/* RESERVED ECS 0x00000000 */
/* RESERVED ECS 0x00001000 */
/* RESERVED ECS 0x00002000 */
/* RESERVED TCPCLIENT 0x00004000 */
#define DNS_FETCHOPT_NOCACHED 0x00008000 /*%< Force cache update. */
#define DNS_FETCHOPT_QMINIMIZE 0x00010000 /*%< Use qname
minimization. */
#define DNS_FETCHOPT_QMIN_STRICT 0x00020000 /*%< Do not work around
servers that return
errors on non-empty
terminals. */
#define DNS_FETCHOPT_QMIN_SKIP_IP6A 0x00040000 /*%< Skip some labels
when doing qname
minimization on
ip6.arpa. */
/* Reserved in use by adb.c 0x00400000 */
#define DNS_FETCHOPT_EDNSVERSIONSET 0x00800000
......
......@@ -3120,8 +3120,9 @@ mark_bad(fetchctx_t *fctx) {
isc_boolean_t all_bad = ISC_TRUE;
#ifdef ENABLE_AFL
if (dns_fuzzing_resolver)
return ISC_FALSE;
if (dns_fuzzing_resolver) {
return (ISC_FALSE);
}
#endif
/*
......@@ -8544,7 +8545,7 @@ rctx_answer_none(respctx_t *rctx) {
* the next label to query and restart it.
*/
if (fctx->minimized && fctx->rmessage->rcode == dns_rcode_noerror) {
return rctx_answer_minimized(rctx);
return (rctx_answer_minimized(rctx));
}
/*
* Workaround for broken servers in relaxed mode - if we hit an
......@@ -8552,7 +8553,7 @@ rctx_answer_none(respctx_t *rctx) {
*/
if (fctx->minimized && !(fctx->options & DNS_FETCHOPT_QMIN_STRICT)) {
fctx->qmin_labels = DNS_MAX_LABELS + 1;
return rctx_answer_minimized(rctx);
return (rctx_answer_minimized(rctx));
}
/*
* Since we're not doing a referral, we don't want to cache any
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment