Commit 61367c60 authored by Evan Hunt's avatar Evan Hunt
Browse files

[master] refactor resquery_response() and related functions

4669.	[func]		Iterative query logic in resolver.c has been
			refactored into smaller functions and commented,
			for improved readability, maintainability and
			testability. [RT #45362]
parent 592d2ea9
4669. [func] Iterative query logic in resolver.c has been
refactored into smaller functions and commented,
for improved readability, maintainability and
testability. [RT #45362]
4668. [bug] Use localtime_r and gmtime_r for thread safety.
[RT #45664]
......
......@@ -232,7 +232,7 @@ rpz_ck_dnssec(ns_client_t *client, isc_result_t qresult,
dns_rdataset_t *rdataset, dns_rdataset_t *sigrdataset);
/*%
* The structure and functions define below implement the query logic
* The structure and functions defined below implement the query logic
* that previously lived in the single very complex function query_find().
* The query_ctx_t structure maintains state from function to function.
* The call flow for the general query processing algorithm is described
......
/*
* Copyright (C) 2013, 2016, 2017 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 2017 Internet Systems Consortium, Inc. ("ISC")
*
* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
......@@ -18,12 +18,6 @@ options {
pid-file "named.pid";
listen-on { 10.53.0.4; };
listen-on-v6 { none; };
recursion yes;
acache-enable no;
dnssec-enable yes;
dnssec-validation auto;
bindkeys-file "managed.conf";
dnssec-accept-expired yes;
};
key rndc_key {
......@@ -35,11 +29,6 @@ controls {
inet 10.53.0.4 port 9953 allow { any; } keys { rndc_key; };
};
zone "." {
type hint;
file "../../common/root.hint";
}
key auth {
secret "1234abcd8765";
algorithm hmac-sha256;
......
/*
* Copyright (C) 2017 Internet Systems Consortium, Inc. ("ISC")
*
* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/.
*/
// NS4
controls { /* empty */ };
options {
query-source address 10.53.0.4;
notify-source 10.53.0.4;
transfer-source 10.53.0.4;
port 5300;
pid-file "named.pid";
listen-on { 10.53.0.4; };
listen-on-v6 { none; };
};
key rndc_key {
secret "1234abcd8765";
algorithm hmac-sha256;
};
controls {
inet 10.53.0.4 port 9953 allow { any; } keys { rndc_key; };
};
key auth {
secret "1234abcd8765";
algorithm hmac-sha256;
};
include "trusted.conf";
view rec {
match-recursive-only yes;
recursion yes;
acache-enable yes;
dnssec-validation yes;
dnssec-accept-expired yes;
zone "." {
type hint;
file "../../common/root.hint";
};
zone secure.example {
type static-stub;
server-addresses { 10.53.0.4; };
};
zone insecure.secure.example {
type static-stub;
server-addresses { 10.53.0.4; };
};
};
view auth {
recursion no;
allow-recursion { none; };
zone secure.example {
type slave;
masters { 10.53.0.3; };
};
zone insecure.secure.example {
type slave;
masters { 10.53.0.2; };
};
};
......@@ -2705,10 +2705,6 @@ n=`expr $n + 1`
if [ $ret != 0 ]; then echo "I:failed"; fi
status=`expr $status + $ret`
cp ns4/named4.conf ns4/named.conf
$RNDC -c ../common/rndc.conf -s 10.53.0.4 -p 9953 reconfig 2>&1 | sed 's/^/I:ns4 /'
sleep 3
echo "I:testing TTL is capped at RRSIG expiry time for records in the additional section with dnssec-accept-expired yes; ($n)"
ret=0
$RNDC -c ../common/rndc.conf -s 10.53.0.4 -p 9953 flush
......@@ -2726,27 +2722,6 @@ n=`expr $n + 1`
if [ $ret != 0 ]; then echo "I:failed"; fi
status=`expr $status + $ret`
cp ns4/named4.conf ns4/named.conf
$RNDC -c ../common/rndc.conf -s 10.53.0.4 -p 9953 reconfig 2>&1 | sed 's/^/I:ns4 /'
sleep 3
echo "I:testing TTL is capped at RRSIG expiry time for records in the additional section with acache off; ($n)"
ret=0
$RNDC -c ../common/rndc.conf -s 10.53.0.4 -p 9953 flush
$DIG +noall +additional +dnssec +cd -p 5300 expiring.example mx @10.53.0.4 > dig.out.ns4.1.$n
$DIG +noall +additional +dnssec -p 5300 expiring.example mx @10.53.0.4 > dig.out.ns4.2.$n
ttls=`awk '$1 != ";;" {print $2}' dig.out.ns4.1.$n`
ttls2=`awk '$1 != ";;" {print $2}' dig.out.ns4.2.$n`
for ttl in ${ttls:-300}; do
[ $ttl -eq 300 ] || ret=1
done
for ttl in ${ttls2:-0}; do
[ $ttl -le 120 -a $ttl -gt 60 ] || ret=1
done
n=`expr $n + 1`
if [ $ret != 0 ]; then echo "I:failed"; fi
status=`expr $status + $ret`
echo "I:testing DNSKEY lookup via CNAME ($n)"
ret=0
$DIG $DIGOPTS +noauth cnameandkey.secure.example. \
......@@ -2917,7 +2892,7 @@ n=`expr $n + 1`
if test "$before" = "$after" ; then echo "I:failed"; ret=1; fi
status=`expr $status + $ret`
cp ns4/named5.conf ns4/named.conf
cp ns4/named4.conf ns4/named.conf
$RNDC -c ../common/rndc.conf -s 10.53.0.4 -p 9953 reconfig 2>&1 | sed 's/^/I:ns4 /'
sleep 3
......
......@@ -25,6 +25,7 @@ options {
dnstap { all; };
send-cookie no;
require-server-cookie no;
minimal-responses no;
};
server 10.53.0.1 { tcp-only yes; };
......
......@@ -358,6 +358,7 @@ if [ $HAS_PYYAML -ne 0 ] ; then
fi
echo "I:checking dnstap-read hex output"
ret=0
hex=`$DNSTAPREAD -x ns3/dnstap.out | tail -1`
echo $hex | $WIRETEST > dnstap.hex
grep 'status: NOERROR' dnstap.hex > /dev/null 2>&1 || ret=1
......
......@@ -273,11 +273,32 @@
</listitem>
<listitem>
<para>
Query logic has been substantially refactored (e.g. query_find
function has been split into smaller functions) for improved
readability, maintainability and testability. [RT #43929]
</para>
</listitem>
<listitem>
<para>
Several areas of code have been refactored for improved
readability, maintainability, and testability:
</para>
<itemizedlist>
<listitem>
<para>
The <command>named</command> query logic implemented in
<command>query_find()</command> has been split into
smaller functions with a context structure to maintain state
between them, and extensive comments have been added.
[RT #43929]
</para>
</listitem>
<listitem>
<para>
Similarly the iterative query logic implemented in
<command>resquery_response()</command> function has been
split into smaller functions and comments added. [RT #45362]
</para>
</listitem>
</itemizedlist>
</listitem>
<listitem>
<para>
<command>dnstap</command> logfiles can now be configured to
......
This diff is collapsed.
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment