update libunbound
This commit is contained in:
parent
ce974949e2
commit
6a1190792b
|
@ -25,6 +25,7 @@ DNSTAP_SRC=@DNSTAP_SRC@
|
|||
DNSTAP_OBJ=@DNSTAP_OBJ@
|
||||
WITH_PYTHONMODULE=@WITH_PYTHONMODULE@
|
||||
WITH_PYUNBOUND=@WITH_PYUNBOUND@
|
||||
PY_MAJOR_VERSION=@PY_MAJOR_VERSION@
|
||||
PYTHON_SITE_PKG=@PYTHON_SITE_PKG@
|
||||
PYTHONMOD_INSTALL=@PYTHONMOD_INSTALL@
|
||||
PYTHONMOD_UNINSTALL=@PYTHONMOD_UNINSTALL@
|
||||
|
@ -393,7 +394,7 @@ libunbound_wrap.lo libunbound_wrap.o: libunbound/python/libunbound_wrap.c \
|
|||
unbound.h
|
||||
libunbound/python/libunbound_wrap.c: $(srcdir)/libunbound/python/libunbound.i unbound.h
|
||||
@-if test ! -d libunbound/python; then $(INSTALL) -d libunbound/python; fi
|
||||
$(SWIG) -python -o $@ $(CPPFLAGS) $(srcdir)/libunbound/python/libunbound.i
|
||||
$(SWIG) -python -o $@ $(CPPFLAGS) -DPY_MAJOR_VERSION=$(PY_MAJOR_VERSION) $(srcdir)/libunbound/python/libunbound.i
|
||||
|
||||
# Pyunbound python unbound wrapper
|
||||
_unbound.la: libunbound_wrap.lo libunbound.la
|
||||
|
@ -599,12 +600,13 @@ dns.lo dns.o: $(srcdir)/services/cache/dns.c config.h $(srcdir)/iterator/iter_de
|
|||
$(srcdir)/services/cache/rrset.h $(srcdir)/util/storage/slabhash.h $(srcdir)/util/data/dname.h \
|
||||
$(srcdir)/util/module.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h \
|
||||
$(srcdir)/util/net_help.h $(srcdir)/util/regional.h $(srcdir)/util/config_file.h $(srcdir)/sldns/sbuffer.h
|
||||
infra.lo infra.o: $(srcdir)/services/cache/infra.c config.h $(srcdir)/sldns/rrdef.h \
|
||||
infra.lo infra.o: $(srcdir)/services/cache/infra.c config.h $(srcdir)/sldns/rrdef.h $(srcdir)/sldns/str2wire.h \
|
||||
$(srcdir)/services/cache/infra.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h \
|
||||
$(srcdir)/util/rtt.h $(srcdir)/util/storage/slabhash.h $(srcdir)/util/storage/lookup3.h \
|
||||
$(srcdir)/util/data/dname.h $(srcdir)/util/net_help.h $(srcdir)/util/config_file.h $(srcdir)/iterator/iterator.h \
|
||||
$(srcdir)/services/outbound_list.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h \
|
||||
$(srcdir)/util/module.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h
|
||||
$(srcdir)/util/storage/dnstree.h $(srcdir)/util/rbtree.h $(srcdir)/util/rtt.h $(srcdir)/util/storage/slabhash.h \
|
||||
$(srcdir)/util/storage/lookup3.h $(srcdir)/util/data/dname.h $(srcdir)/util/net_help.h \
|
||||
$(srcdir)/util/config_file.h $(srcdir)/iterator/iterator.h $(srcdir)/services/outbound_list.h \
|
||||
$(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/module.h \
|
||||
$(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h
|
||||
rrset.lo rrset.o: $(srcdir)/services/cache/rrset.c config.h $(srcdir)/services/cache/rrset.h \
|
||||
$(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/util/storage/slabhash.h \
|
||||
$(srcdir)/util/data/packed_rrset.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/config_file.h \
|
||||
|
@ -614,8 +616,9 @@ dname.lo dname.o: $(srcdir)/util/data/dname.c config.h $(srcdir)/util/data/dname
|
|||
$(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/storage/lookup3.h $(srcdir)/sldns/sbuffer.h
|
||||
msgencode.lo msgencode.o: $(srcdir)/util/data/msgencode.c config.h $(srcdir)/util/data/msgencode.h \
|
||||
$(srcdir)/util/data/msgreply.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h \
|
||||
$(srcdir)/util/data/packed_rrset.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h \
|
||||
$(srcdir)/util/data/dname.h $(srcdir)/util/regional.h $(srcdir)/util/net_help.h $(srcdir)/sldns/sbuffer.h
|
||||
$(srcdir)/util/data/packed_rrset.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h \
|
||||
$(srcdir)/sldns/rrdef.h $(srcdir)/util/data/dname.h $(srcdir)/util/regional.h $(srcdir)/util/net_help.h \
|
||||
$(srcdir)/sldns/sbuffer.h
|
||||
msgparse.lo msgparse.o: $(srcdir)/util/data/msgparse.c config.h $(srcdir)/util/data/msgparse.h \
|
||||
$(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/sldns/pkthdr.h \
|
||||
$(srcdir)/sldns/rrdef.h $(srcdir)/util/data/dname.h $(srcdir)/util/data/packed_rrset.h \
|
||||
|
@ -640,8 +643,8 @@ iterator.lo iterator.o: $(srcdir)/iterator/iterator.c config.h $(srcdir)/iterato
|
|||
$(srcdir)/validator/val_neg.h $(srcdir)/services/cache/dns.h $(srcdir)/services/cache/infra.h \
|
||||
$(srcdir)/util/rtt.h $(srcdir)/util/netevent.h $(srcdir)/util/net_help.h $(srcdir)/util/regional.h \
|
||||
$(srcdir)/util/data/dname.h $(srcdir)/util/data/msgencode.h $(srcdir)/util/fptr_wlist.h $(srcdir)/util/tube.h \
|
||||
$(srcdir)/services/mesh.h $(srcdir)/services/modstack.h $(srcdir)/util/config_file.h $(srcdir)/sldns/wire2str.h \
|
||||
$(srcdir)/sldns/parseutil.h $(srcdir)/sldns/sbuffer.h
|
||||
$(srcdir)/services/mesh.h $(srcdir)/services/modstack.h $(srcdir)/util/config_file.h $(srcdir)/util/random.h \
|
||||
$(srcdir)/sldns/wire2str.h $(srcdir)/sldns/parseutil.h $(srcdir)/sldns/sbuffer.h
|
||||
iter_delegpt.lo iter_delegpt.o: $(srcdir)/iterator/iter_delegpt.c config.h $(srcdir)/iterator/iter_delegpt.h \
|
||||
$(srcdir)/util/log.h $(srcdir)/services/cache/dns.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h \
|
||||
$(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/regional.h \
|
||||
|
@ -679,15 +682,16 @@ iter_utils.lo iter_utils.o: $(srcdir)/iterator/iter_utils.c config.h $(srcdir)/i
|
|||
$(srcdir)/iterator/iter_resptype.h $(srcdir)/iterator/iterator.h $(srcdir)/services/outbound_list.h \
|
||||
$(srcdir)/util/data/msgreply.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h \
|
||||
$(srcdir)/util/data/packed_rrset.h $(srcdir)/util/module.h $(srcdir)/util/data/msgparse.h \
|
||||
$(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/iterator/iter_hints.h $(srcdir)/util/storage/dnstree.h \
|
||||
$(srcdir)/util/rbtree.h $(srcdir)/iterator/iter_fwd.h $(srcdir)/iterator/iter_donotq.h \
|
||||
$(srcdir)/iterator/iter_delegpt.h $(srcdir)/iterator/iter_priv.h $(srcdir)/services/cache/infra.h \
|
||||
$(srcdir)/util/rtt.h $(srcdir)/services/cache/dns.h $(srcdir)/services/cache/rrset.h \
|
||||
$(srcdir)/util/storage/slabhash.h $(srcdir)/util/net_help.h $(srcdir)/util/config_file.h \
|
||||
$(srcdir)/util/regional.h $(srcdir)/util/data/dname.h $(srcdir)/util/random.h $(srcdir)/util/fptr_wlist.h \
|
||||
$(srcdir)/util/netevent.h $(srcdir)/util/tube.h $(srcdir)/services/mesh.h $(srcdir)/services/modstack.h \
|
||||
$(srcdir)/validator/val_anchor.h $(srcdir)/validator/val_kcache.h $(srcdir)/validator/val_kentry.h \
|
||||
$(srcdir)/validator/val_utils.h $(srcdir)/validator/val_sigcrypt.h $(srcdir)/sldns/sbuffer.h
|
||||
$(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/iterator/iter_hints.h \
|
||||
$(srcdir)/util/storage/dnstree.h $(srcdir)/util/rbtree.h $(srcdir)/iterator/iter_fwd.h \
|
||||
$(srcdir)/iterator/iter_donotq.h $(srcdir)/iterator/iter_delegpt.h $(srcdir)/iterator/iter_priv.h \
|
||||
$(srcdir)/services/cache/infra.h $(srcdir)/util/rtt.h $(srcdir)/services/cache/dns.h \
|
||||
$(srcdir)/services/cache/rrset.h $(srcdir)/util/storage/slabhash.h $(srcdir)/util/net_help.h \
|
||||
$(srcdir)/util/config_file.h $(srcdir)/util/regional.h $(srcdir)/util/data/dname.h $(srcdir)/util/random.h \
|
||||
$(srcdir)/util/fptr_wlist.h $(srcdir)/util/netevent.h $(srcdir)/util/tube.h $(srcdir)/services/mesh.h \
|
||||
$(srcdir)/services/modstack.h $(srcdir)/validator/val_anchor.h $(srcdir)/validator/val_kcache.h \
|
||||
$(srcdir)/validator/val_kentry.h $(srcdir)/validator/val_utils.h $(srcdir)/validator/val_sigcrypt.h \
|
||||
$(srcdir)/sldns/sbuffer.h $(srcdir)/sldns/str2wire.h
|
||||
listen_dnsport.lo listen_dnsport.o: $(srcdir)/services/listen_dnsport.c config.h \
|
||||
$(srcdir)/services/listen_dnsport.h $(srcdir)/util/netevent.h $(srcdir)/services/outside_network.h \
|
||||
$(srcdir)/util/rbtree.h $(srcdir)/util/log.h $(srcdir)/util/config_file.h \
|
||||
|
@ -700,29 +704,30 @@ localzone.lo localzone.o: $(srcdir)/services/localzone.c config.h $(srcdir)/serv
|
|||
$(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h
|
||||
mesh.lo mesh.o: $(srcdir)/services/mesh.c config.h $(srcdir)/services/mesh.h $(srcdir)/util/rbtree.h \
|
||||
$(srcdir)/util/netevent.h $(srcdir)/util/data/msgparse.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h \
|
||||
$(srcdir)/util/log.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/module.h $(srcdir)/util/data/msgreply.h \
|
||||
$(srcdir)/util/data/packed_rrset.h $(srcdir)/services/modstack.h $(srcdir)/services/outbound_list.h \
|
||||
$(srcdir)/services/cache/dns.h $(srcdir)/util/net_help.h $(srcdir)/util/regional.h \
|
||||
$(srcdir)/util/data/msgencode.h $(srcdir)/util/timehist.h $(srcdir)/util/fptr_wlist.h $(srcdir)/util/tube.h \
|
||||
$(srcdir)/util/alloc.h $(srcdir)/util/config_file.h $(srcdir)/sldns/sbuffer.h
|
||||
$(srcdir)/util/log.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/module.h \
|
||||
$(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/services/modstack.h \
|
||||
$(srcdir)/services/outbound_list.h $(srcdir)/services/cache/dns.h $(srcdir)/util/net_help.h \
|
||||
$(srcdir)/util/regional.h $(srcdir)/util/data/msgencode.h $(srcdir)/util/timehist.h $(srcdir)/util/fptr_wlist.h \
|
||||
$(srcdir)/util/tube.h $(srcdir)/util/alloc.h $(srcdir)/util/config_file.h $(srcdir)/sldns/sbuffer.h
|
||||
modstack.lo modstack.o: $(srcdir)/services/modstack.c config.h $(srcdir)/services/modstack.h \
|
||||
$(srcdir)/util/module.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h \
|
||||
$(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/data/msgparse.h \
|
||||
$(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/fptr_wlist.h $(srcdir)/util/netevent.h $(srcdir)/util/tube.h \
|
||||
$(srcdir)/services/mesh.h $(srcdir)/util/rbtree.h $(srcdir)/dns64/dns64.h $(srcdir)/iterator/iterator.h \
|
||||
$(srcdir)/services/outbound_list.h $(srcdir)/validator/validator.h $(srcdir)/validator/val_utils.h
|
||||
$(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/fptr_wlist.h $(srcdir)/util/netevent.h \
|
||||
$(srcdir)/util/tube.h $(srcdir)/services/mesh.h $(srcdir)/util/rbtree.h $(srcdir)/dns64/dns64.h \
|
||||
$(srcdir)/iterator/iterator.h $(srcdir)/services/outbound_list.h $(srcdir)/validator/validator.h \
|
||||
$(srcdir)/validator/val_utils.h
|
||||
outbound_list.lo outbound_list.o: $(srcdir)/services/outbound_list.c config.h \
|
||||
$(srcdir)/services/outbound_list.h $(srcdir)/services/outside_network.h $(srcdir)/util/rbtree.h \
|
||||
$(srcdir)/util/netevent.h
|
||||
outside_network.lo outside_network.o: $(srcdir)/services/outside_network.c config.h \
|
||||
$(srcdir)/services/outside_network.h $(srcdir)/util/rbtree.h $(srcdir)/util/netevent.h \
|
||||
$(srcdir)/services/listen_dnsport.h $(srcdir)/services/cache/infra.h \
|
||||
$(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/util/rtt.h \
|
||||
$(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/data/msgreply.h \
|
||||
$(srcdir)/util/data/packed_rrset.h $(srcdir)/util/data/msgencode.h $(srcdir)/util/data/dname.h \
|
||||
$(srcdir)/util/net_help.h $(srcdir)/util/random.h $(srcdir)/util/fptr_wlist.h $(srcdir)/util/module.h \
|
||||
$(srcdir)/util/tube.h $(srcdir)/services/mesh.h $(srcdir)/services/modstack.h $(srcdir)/sldns/sbuffer.h \
|
||||
$(srcdir)/dnstap/dnstap.h \
|
||||
$(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/util/storage/dnstree.h \
|
||||
$(srcdir)/util/rtt.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h \
|
||||
$(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/data/msgencode.h \
|
||||
$(srcdir)/util/data/dname.h $(srcdir)/util/net_help.h $(srcdir)/util/random.h $(srcdir)/util/fptr_wlist.h \
|
||||
$(srcdir)/util/module.h $(srcdir)/util/tube.h $(srcdir)/services/mesh.h $(srcdir)/services/modstack.h \
|
||||
$(srcdir)/sldns/sbuffer.h $(srcdir)/dnstap/dnstap.h \
|
||||
|
||||
alloc.lo alloc.o: $(srcdir)/util/alloc.c config.h $(srcdir)/util/alloc.h $(srcdir)/util/locks.h $(srcdir)/util/log.h \
|
||||
$(srcdir)/util/regional.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/storage/lruhash.h \
|
||||
|
@ -735,8 +740,9 @@ config_file.lo config_file.o: $(srcdir)/util/config_file.c config.h $(srcdir)/ut
|
|||
$(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/module.h $(srcdir)/util/data/msgreply.h \
|
||||
$(srcdir)/util/data/packed_rrset.h $(srcdir)/util/regional.h $(srcdir)/util/fptr_wlist.h \
|
||||
$(srcdir)/util/netevent.h $(srcdir)/util/tube.h $(srcdir)/services/mesh.h $(srcdir)/util/rbtree.h \
|
||||
$(srcdir)/services/modstack.h $(srcdir)/util/data/dname.h $(srcdir)/util/rtt.h $(srcdir)/sldns/wire2str.h \
|
||||
$(srcdir)/sldns/parseutil.h $(srcdir)/util/iana_ports.inc
|
||||
$(srcdir)/services/modstack.h $(srcdir)/util/data/dname.h $(srcdir)/util/rtt.h $(srcdir)/services/cache/infra.h \
|
||||
$(srcdir)/util/storage/dnstree.h $(srcdir)/sldns/wire2str.h $(srcdir)/sldns/parseutil.h \
|
||||
$(srcdir)/util/iana_ports.inc
|
||||
configlexer.lo configlexer.o: util/configlexer.c config.h $(srcdir)/util/configyyrename.h \
|
||||
$(srcdir)/util/config_file.h util/configparser.h
|
||||
configparser.lo configparser.o: util/configparser.c config.h $(srcdir)/util/configyyrename.h \
|
||||
|
@ -747,15 +753,14 @@ fptr_wlist.lo fptr_wlist.o: $(srcdir)/util/fptr_wlist.c config.h $(srcdir)/util/
|
|||
$(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/tube.h \
|
||||
$(srcdir)/services/mesh.h $(srcdir)/util/rbtree.h $(srcdir)/services/modstack.h $(srcdir)/util/mini_event.h \
|
||||
$(srcdir)/util/rbtree.h $(srcdir)/services/outside_network.h \
|
||||
$(srcdir)/services/localzone.h $(srcdir)/services/cache/infra.h $(srcdir)/util/rtt.h \
|
||||
$(srcdir)/services/cache/rrset.h $(srcdir)/util/storage/slabhash.h $(srcdir)/dns64/dns64.h \
|
||||
$(srcdir)/services/localzone.h $(srcdir)/services/cache/infra.h $(srcdir)/util/storage/dnstree.h \
|
||||
$(srcdir)/util/rtt.h $(srcdir)/services/cache/rrset.h $(srcdir)/util/storage/slabhash.h $(srcdir)/dns64/dns64.h \
|
||||
$(srcdir)/iterator/iterator.h $(srcdir)/services/outbound_list.h $(srcdir)/iterator/iter_fwd.h \
|
||||
$(srcdir)/validator/validator.h $(srcdir)/validator/val_utils.h $(srcdir)/validator/val_anchor.h \
|
||||
$(srcdir)/validator/val_nsec3.h $(srcdir)/validator/val_sigcrypt.h $(srcdir)/validator/val_kentry.h \
|
||||
$(srcdir)/validator/val_neg.h $(srcdir)/validator/autotrust.h $(srcdir)/util/storage/dnstree.h \
|
||||
$(srcdir)/libunbound/libworker.h $(srcdir)/libunbound/context.h $(srcdir)/util/alloc.h \
|
||||
$(srcdir)/libunbound/unbound.h $(srcdir)/libunbound/worker.h $(srcdir)/sldns/sbuffer.h \
|
||||
$(srcdir)/util/config_file.h
|
||||
$(srcdir)/validator/val_neg.h $(srcdir)/validator/autotrust.h $(srcdir)/libunbound/libworker.h \
|
||||
$(srcdir)/libunbound/context.h $(srcdir)/util/alloc.h $(srcdir)/libunbound/unbound.h \
|
||||
$(srcdir)/libunbound/worker.h $(srcdir)/sldns/sbuffer.h $(srcdir)/util/config_file.h
|
||||
locks.lo locks.o: $(srcdir)/util/locks.c config.h $(srcdir)/util/locks.h $(srcdir)/util/log.h
|
||||
log.lo log.o: $(srcdir)/util/log.c config.h $(srcdir)/util/log.h $(srcdir)/util/locks.h $(srcdir)/sldns/sbuffer.h
|
||||
mini_event.lo mini_event.o: $(srcdir)/util/mini_event.c config.h $(srcdir)/util/mini_event.h $(srcdir)/util/rbtree.h \
|
||||
|
@ -823,13 +828,14 @@ val_anchor.lo val_anchor.o: $(srcdir)/validator/val_anchor.c config.h $(srcdir)/
|
|||
validator.lo validator.o: $(srcdir)/validator/validator.c config.h $(srcdir)/validator/validator.h \
|
||||
$(srcdir)/util/module.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h \
|
||||
$(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/data/msgparse.h \
|
||||
$(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/validator/val_utils.h $(srcdir)/validator/val_anchor.h \
|
||||
$(srcdir)/util/rbtree.h $(srcdir)/validator/val_kcache.h $(srcdir)/util/storage/slabhash.h \
|
||||
$(srcdir)/validator/val_kentry.h $(srcdir)/validator/val_nsec.h $(srcdir)/validator/val_nsec3.h \
|
||||
$(srcdir)/validator/val_neg.h $(srcdir)/validator/val_sigcrypt.h $(srcdir)/validator/autotrust.h \
|
||||
$(srcdir)/services/cache/dns.h $(srcdir)/util/data/dname.h $(srcdir)/util/net_help.h $(srcdir)/util/regional.h \
|
||||
$(srcdir)/util/config_file.h $(srcdir)/util/fptr_wlist.h $(srcdir)/util/netevent.h $(srcdir)/util/tube.h \
|
||||
$(srcdir)/services/mesh.h $(srcdir)/services/modstack.h $(srcdir)/sldns/wire2str.h
|
||||
$(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/validator/val_utils.h \
|
||||
$(srcdir)/validator/val_anchor.h $(srcdir)/util/rbtree.h $(srcdir)/validator/val_kcache.h \
|
||||
$(srcdir)/util/storage/slabhash.h $(srcdir)/validator/val_kentry.h $(srcdir)/validator/val_nsec.h \
|
||||
$(srcdir)/validator/val_nsec3.h $(srcdir)/validator/val_neg.h $(srcdir)/validator/val_sigcrypt.h \
|
||||
$(srcdir)/validator/autotrust.h $(srcdir)/services/cache/dns.h $(srcdir)/util/data/dname.h \
|
||||
$(srcdir)/util/net_help.h $(srcdir)/util/regional.h $(srcdir)/util/config_file.h $(srcdir)/util/fptr_wlist.h \
|
||||
$(srcdir)/util/netevent.h $(srcdir)/util/tube.h $(srcdir)/services/mesh.h $(srcdir)/services/modstack.h \
|
||||
$(srcdir)/sldns/wire2str.h
|
||||
val_kcache.lo val_kcache.o: $(srcdir)/validator/val_kcache.c config.h $(srcdir)/validator/val_kcache.h \
|
||||
$(srcdir)/util/storage/slabhash.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h \
|
||||
$(srcdir)/validator/val_kentry.h $(srcdir)/util/config_file.h $(srcdir)/util/data/dname.h \
|
||||
|
@ -882,11 +888,11 @@ val_utils.lo val_utils.o: $(srcdir)/validator/val_utils.c config.h $(srcdir)/val
|
|||
$(srcdir)/util/net_help.h $(srcdir)/util/regional.h
|
||||
dns64.lo dns64.o: $(srcdir)/dns64/dns64.c config.h $(srcdir)/dns64/dns64.h $(srcdir)/util/module.h \
|
||||
$(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/util/data/msgreply.h \
|
||||
$(srcdir)/util/data/packed_rrset.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h \
|
||||
$(srcdir)/services/cache/dns.h $(srcdir)/services/cache/rrset.h $(srcdir)/util/storage/slabhash.h \
|
||||
$(srcdir)/util/config_file.h $(srcdir)/util/fptr_wlist.h $(srcdir)/util/netevent.h $(srcdir)/util/tube.h \
|
||||
$(srcdir)/services/mesh.h $(srcdir)/util/rbtree.h $(srcdir)/services/modstack.h $(srcdir)/util/net_help.h \
|
||||
$(srcdir)/util/regional.h
|
||||
$(srcdir)/util/data/packed_rrset.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h \
|
||||
$(srcdir)/sldns/rrdef.h $(srcdir)/services/cache/dns.h $(srcdir)/services/cache/rrset.h \
|
||||
$(srcdir)/util/storage/slabhash.h $(srcdir)/util/config_file.h $(srcdir)/util/fptr_wlist.h \
|
||||
$(srcdir)/util/netevent.h $(srcdir)/util/tube.h $(srcdir)/services/mesh.h $(srcdir)/util/rbtree.h \
|
||||
$(srcdir)/services/modstack.h $(srcdir)/util/net_help.h $(srcdir)/util/regional.h
|
||||
checklocks.lo checklocks.o: $(srcdir)/testcode/checklocks.c config.h $(srcdir)/util/locks.h $(srcdir)/util/log.h \
|
||||
$(srcdir)/testcode/checklocks.h
|
||||
dnstap.lo dnstap.o: $(srcdir)/dnstap/dnstap.c config.h $(srcdir)/sldns/sbuffer.h \
|
||||
|
@ -904,10 +910,10 @@ unitlruhash.lo unitlruhash.o: $(srcdir)/testcode/unitlruhash.c config.h $(srcdir
|
|||
$(srcdir)/util/log.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/storage/slabhash.h
|
||||
unitmain.lo unitmain.o: $(srcdir)/testcode/unitmain.c config.h \
|
||||
$(srcdir)/sldns/rrdef.h $(srcdir)/sldns/keyraw.h \
|
||||
$(srcdir)/util/log.h \
|
||||
$(srcdir)/testcode/unitmain.h $(srcdir)/util/alloc.h $(srcdir)/util/locks.h $(srcdir)/util/net_help.h \
|
||||
$(srcdir)/util/log.h $(srcdir)/testcode/unitmain.h $(srcdir)/util/alloc.h $(srcdir)/util/locks.h $(srcdir)/util/net_help.h \
|
||||
$(srcdir)/util/config_file.h $(srcdir)/util/rtt.h $(srcdir)/services/cache/infra.h \
|
||||
$(srcdir)/util/storage/lruhash.h $(srcdir)/util/random.h
|
||||
$(srcdir)/util/storage/lruhash.h $(srcdir)/util/storage/dnstree.h $(srcdir)/util/rbtree.h \
|
||||
$(srcdir)/util/random.h
|
||||
unitmsgparse.lo unitmsgparse.o: $(srcdir)/testcode/unitmsgparse.c config.h $(srcdir)/util/log.h \
|
||||
$(srcdir)/testcode/unitmain.h $(srcdir)/util/data/msgparse.h $(srcdir)/util/storage/lruhash.h \
|
||||
$(srcdir)/util/locks.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/data/msgreply.h \
|
||||
|
@ -948,11 +954,11 @@ cachedump.lo cachedump.o: $(srcdir)/daemon/cachedump.c config.h \
|
|||
$(srcdir)/util/data/msgreply.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h \
|
||||
$(srcdir)/daemon/stats.h $(srcdir)/util/timehist.h $(srcdir)/util/module.h $(srcdir)/dnstap/dnstap.h \
|
||||
$(srcdir)/services/cache/rrset.h $(srcdir)/util/storage/slabhash.h \
|
||||
$(srcdir)/services/cache/dns.h $(srcdir)/services/cache/infra.h $(srcdir)/util/rtt.h $(srcdir)/util/regional.h \
|
||||
$(srcdir)/util/net_help.h $(srcdir)/util/data/dname.h $(srcdir)/iterator/iterator.h \
|
||||
$(srcdir)/services/outbound_list.h $(srcdir)/iterator/iter_delegpt.h $(srcdir)/iterator/iter_utils.h \
|
||||
$(srcdir)/iterator/iter_resptype.h $(srcdir)/iterator/iter_fwd.h $(srcdir)/util/rbtree.h \
|
||||
$(srcdir)/iterator/iter_hints.h $(srcdir)/util/storage/dnstree.h $(srcdir)/sldns/wire2str.h \
|
||||
$(srcdir)/services/cache/dns.h $(srcdir)/services/cache/infra.h $(srcdir)/util/storage/dnstree.h \
|
||||
$(srcdir)/util/rbtree.h $(srcdir)/util/rtt.h $(srcdir)/util/regional.h $(srcdir)/util/net_help.h \
|
||||
$(srcdir)/util/data/dname.h $(srcdir)/iterator/iterator.h $(srcdir)/services/outbound_list.h \
|
||||
$(srcdir)/iterator/iter_delegpt.h $(srcdir)/iterator/iter_utils.h $(srcdir)/iterator/iter_resptype.h \
|
||||
$(srcdir)/iterator/iter_fwd.h $(srcdir)/iterator/iter_hints.h $(srcdir)/sldns/wire2str.h \
|
||||
$(srcdir)/sldns/str2wire.h
|
||||
daemon.lo daemon.o: $(srcdir)/daemon/daemon.c config.h \
|
||||
$(srcdir)/daemon/daemon.h $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/util/alloc.h $(srcdir)/services/modstack.h \
|
||||
|
@ -971,18 +977,18 @@ remote.lo remote.o: $(srcdir)/daemon/remote.c config.h \
|
|||
$(srcdir)/daemon/worker.h $(srcdir)/libunbound/worker.h $(srcdir)/sldns/sbuffer.h \
|
||||
$(srcdir)/util/data/packed_rrset.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h \
|
||||
$(srcdir)/util/netevent.h $(srcdir)/util/alloc.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/msgparse.h \
|
||||
$(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/daemon/stats.h $(srcdir)/util/timehist.h $(srcdir)/util/module.h \
|
||||
$(srcdir)/dnstap/dnstap.h $(srcdir)/daemon/daemon.h \
|
||||
$(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/daemon/stats.h $(srcdir)/util/timehist.h \
|
||||
$(srcdir)/util/module.h $(srcdir)/dnstap/dnstap.h $(srcdir)/daemon/daemon.h \
|
||||
$(srcdir)/services/modstack.h $(srcdir)/daemon/cachedump.h $(srcdir)/util/config_file.h \
|
||||
$(srcdir)/util/net_help.h $(srcdir)/services/listen_dnsport.h $(srcdir)/services/cache/rrset.h \
|
||||
$(srcdir)/util/storage/slabhash.h $(srcdir)/services/cache/infra.h $(srcdir)/util/rtt.h \
|
||||
$(srcdir)/services/mesh.h $(srcdir)/util/rbtree.h $(srcdir)/services/localzone.h $(srcdir)/util/fptr_wlist.h \
|
||||
$(srcdir)/util/tube.h $(srcdir)/util/data/dname.h $(srcdir)/validator/validator.h \
|
||||
$(srcdir)/util/storage/slabhash.h $(srcdir)/services/cache/infra.h $(srcdir)/util/storage/dnstree.h \
|
||||
$(srcdir)/util/rbtree.h $(srcdir)/util/rtt.h $(srcdir)/services/mesh.h $(srcdir)/services/localzone.h \
|
||||
$(srcdir)/util/fptr_wlist.h $(srcdir)/util/tube.h $(srcdir)/util/data/dname.h $(srcdir)/validator/validator.h \
|
||||
$(srcdir)/validator/val_utils.h $(srcdir)/validator/val_kcache.h $(srcdir)/validator/val_kentry.h \
|
||||
$(srcdir)/validator/val_anchor.h $(srcdir)/iterator/iterator.h $(srcdir)/services/outbound_list.h \
|
||||
$(srcdir)/iterator/iter_fwd.h $(srcdir)/iterator/iter_hints.h $(srcdir)/util/storage/dnstree.h \
|
||||
$(srcdir)/iterator/iter_delegpt.h $(srcdir)/services/outside_network.h $(srcdir)/sldns/str2wire.h \
|
||||
$(srcdir)/sldns/parseutil.h $(srcdir)/sldns/wire2str.h
|
||||
$(srcdir)/iterator/iter_fwd.h $(srcdir)/iterator/iter_hints.h $(srcdir)/iterator/iter_delegpt.h \
|
||||
$(srcdir)/services/outside_network.h $(srcdir)/sldns/str2wire.h $(srcdir)/sldns/parseutil.h \
|
||||
$(srcdir)/sldns/wire2str.h
|
||||
stats.lo stats.o: $(srcdir)/daemon/stats.c config.h $(srcdir)/daemon/stats.h $(srcdir)/util/timehist.h \
|
||||
$(srcdir)/daemon/worker.h $(srcdir)/libunbound/worker.h $(srcdir)/sldns/sbuffer.h \
|
||||
$(srcdir)/util/data/packed_rrset.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h \
|
||||
|
@ -990,25 +996,26 @@ stats.lo stats.o: $(srcdir)/daemon/stats.c config.h $(srcdir)/daemon/stats.h $(s
|
|||
$(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/module.h $(srcdir)/dnstap/dnstap.h \
|
||||
$(srcdir)/daemon/daemon.h $(srcdir)/services/modstack.h \
|
||||
$(srcdir)/services/mesh.h $(srcdir)/util/rbtree.h $(srcdir)/services/outside_network.h \
|
||||
$(srcdir)/util/config_file.h $(srcdir)/util/tube.h $(srcdir)/util/net_help.h $(srcdir)/validator/validator.h \
|
||||
$(srcdir)/validator/val_utils.h $(srcdir)/services/cache/rrset.h $(srcdir)/util/storage/slabhash.h \
|
||||
$(srcdir)/services/cache/infra.h $(srcdir)/util/rtt.h $(srcdir)/validator/val_kcache.h
|
||||
$(srcdir)/services/listen_dnsport.h $(srcdir)/util/config_file.h $(srcdir)/util/tube.h $(srcdir)/util/net_help.h \
|
||||
$(srcdir)/validator/validator.h $(srcdir)/validator/val_utils.h $(srcdir)/services/cache/rrset.h \
|
||||
$(srcdir)/util/storage/slabhash.h $(srcdir)/services/cache/infra.h $(srcdir)/util/storage/dnstree.h \
|
||||
$(srcdir)/util/rtt.h $(srcdir)/validator/val_kcache.h
|
||||
unbound.lo unbound.o: $(srcdir)/daemon/unbound.c config.h $(srcdir)/util/log.h $(srcdir)/daemon/daemon.h \
|
||||
$(srcdir)/util/locks.h $(srcdir)/util/alloc.h $(srcdir)/services/modstack.h \
|
||||
$(srcdir)/daemon/remote.h \
|
||||
$(srcdir)/util/config_file.h $(srcdir)/util/storage/slabhash.h $(srcdir)/util/storage/lruhash.h \
|
||||
$(srcdir)/services/listen_dnsport.h $(srcdir)/util/netevent.h $(srcdir)/services/cache/rrset.h \
|
||||
$(srcdir)/util/data/packed_rrset.h $(srcdir)/services/cache/infra.h $(srcdir)/util/rtt.h \
|
||||
$(srcdir)/util/fptr_wlist.h $(srcdir)/util/module.h $(srcdir)/util/data/msgreply.h \
|
||||
$(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/tube.h \
|
||||
$(srcdir)/services/mesh.h $(srcdir)/util/rbtree.h $(srcdir)/util/net_help.h $(srcdir)/util/mini_event.h \
|
||||
$(srcdir)/util/data/packed_rrset.h $(srcdir)/services/cache/infra.h $(srcdir)/util/storage/dnstree.h \
|
||||
$(srcdir)/util/rbtree.h $(srcdir)/util/rtt.h $(srcdir)/util/fptr_wlist.h $(srcdir)/util/module.h \
|
||||
$(srcdir)/util/data/msgreply.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h \
|
||||
$(srcdir)/util/tube.h $(srcdir)/services/mesh.h $(srcdir)/util/net_help.h $(srcdir)/util/mini_event.h \
|
||||
$(srcdir)/util/rbtree.h
|
||||
worker.lo worker.o: $(srcdir)/daemon/worker.c config.h $(srcdir)/util/log.h $(srcdir)/util/net_help.h \
|
||||
$(srcdir)/util/random.h $(srcdir)/daemon/worker.h $(srcdir)/libunbound/worker.h $(srcdir)/sldns/sbuffer.h \
|
||||
$(srcdir)/util/data/packed_rrset.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h \
|
||||
$(srcdir)/util/netevent.h $(srcdir)/util/alloc.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/msgparse.h \
|
||||
$(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/daemon/stats.h $(srcdir)/util/timehist.h $(srcdir)/util/module.h \
|
||||
$(srcdir)/dnstap/dnstap.h $(srcdir)/daemon/daemon.h \
|
||||
$(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/daemon/stats.h $(srcdir)/util/timehist.h \
|
||||
$(srcdir)/util/module.h $(srcdir)/dnstap/dnstap.h $(srcdir)/daemon/daemon.h \
|
||||
$(srcdir)/services/modstack.h $(srcdir)/daemon/remote.h \
|
||||
$(srcdir)/daemon/acl_list.h $(srcdir)/util/storage/dnstree.h $(srcdir)/util/rbtree.h \
|
||||
$(srcdir)/util/config_file.h $(srcdir)/util/regional.h $(srcdir)/util/storage/slabhash.h \
|
||||
|
@ -1026,8 +1033,8 @@ testbound.lo testbound.o: $(srcdir)/testcode/testbound.c config.h $(srcdir)/test
|
|||
$(srcdir)/daemon/daemon.h $(srcdir)/util/locks.h $(srcdir)/util/alloc.h $(srcdir)/services/modstack.h \
|
||||
$(srcdir)/util/storage/slabhash.h $(srcdir)/util/storage/lruhash.h \
|
||||
$(srcdir)/services/listen_dnsport.h $(srcdir)/services/cache/rrset.h \
|
||||
$(srcdir)/util/data/packed_rrset.h $(srcdir)/services/cache/infra.h $(srcdir)/util/rtt.h \
|
||||
$(srcdir)/util/fptr_wlist.h $(srcdir)/util/module.h $(srcdir)/util/data/msgreply.h \
|
||||
$(srcdir)/util/data/packed_rrset.h $(srcdir)/services/cache/infra.h $(srcdir)/util/storage/dnstree.h \
|
||||
$(srcdir)/util/rtt.h $(srcdir)/util/fptr_wlist.h $(srcdir)/util/module.h $(srcdir)/util/data/msgreply.h \
|
||||
$(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/tube.h \
|
||||
$(srcdir)/services/mesh.h $(srcdir)/util/net_help.h $(srcdir)/util/mini_event.h $(srcdir)/util/rbtree.h
|
||||
testpkts.lo testpkts.o: $(srcdir)/testcode/testpkts.c config.h $(srcdir)/testcode/testpkts.h \
|
||||
|
@ -1037,8 +1044,8 @@ worker.lo worker.o: $(srcdir)/daemon/worker.c config.h $(srcdir)/util/log.h $(sr
|
|||
$(srcdir)/util/random.h $(srcdir)/daemon/worker.h $(srcdir)/libunbound/worker.h $(srcdir)/sldns/sbuffer.h \
|
||||
$(srcdir)/util/data/packed_rrset.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h \
|
||||
$(srcdir)/util/netevent.h $(srcdir)/util/alloc.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/msgparse.h \
|
||||
$(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/daemon/stats.h $(srcdir)/util/timehist.h $(srcdir)/util/module.h \
|
||||
$(srcdir)/dnstap/dnstap.h $(srcdir)/daemon/daemon.h \
|
||||
$(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/daemon/stats.h $(srcdir)/util/timehist.h \
|
||||
$(srcdir)/util/module.h $(srcdir)/dnstap/dnstap.h $(srcdir)/daemon/daemon.h \
|
||||
$(srcdir)/services/modstack.h $(srcdir)/daemon/remote.h \
|
||||
$(srcdir)/daemon/acl_list.h $(srcdir)/util/storage/dnstree.h $(srcdir)/util/rbtree.h \
|
||||
$(srcdir)/util/config_file.h $(srcdir)/util/regional.h $(srcdir)/util/storage/slabhash.h \
|
||||
|
@ -1070,10 +1077,11 @@ stats.lo stats.o: $(srcdir)/daemon/stats.c config.h $(srcdir)/daemon/stats.h $(s
|
|||
$(srcdir)/util/netevent.h $(srcdir)/util/alloc.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/msgparse.h \
|
||||
$(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/module.h $(srcdir)/dnstap/dnstap.h \
|
||||
$(srcdir)/daemon/daemon.h $(srcdir)/services/modstack.h \
|
||||
$(srcdir)/services/mesh.h $(srcdir)/util/rbtree.h $(srcdir)/services/outside_network.h $(srcdir)/services/listen_dnsport.h \
|
||||
$(srcdir)/util/config_file.h $(srcdir)/util/tube.h $(srcdir)/util/net_help.h $(srcdir)/validator/validator.h \
|
||||
$(srcdir)/validator/val_utils.h $(srcdir)/services/cache/rrset.h $(srcdir)/util/storage/slabhash.h \
|
||||
$(srcdir)/services/cache/infra.h $(srcdir)/util/rtt.h $(srcdir)/validator/val_kcache.h
|
||||
$(srcdir)/services/mesh.h $(srcdir)/util/rbtree.h $(srcdir)/services/outside_network.h \
|
||||
$(srcdir)/services/listen_dnsport.h $(srcdir)/util/config_file.h $(srcdir)/util/tube.h $(srcdir)/util/net_help.h \
|
||||
$(srcdir)/validator/validator.h $(srcdir)/validator/val_utils.h $(srcdir)/services/cache/rrset.h \
|
||||
$(srcdir)/util/storage/slabhash.h $(srcdir)/services/cache/infra.h $(srcdir)/util/storage/dnstree.h \
|
||||
$(srcdir)/util/rtt.h $(srcdir)/validator/val_kcache.h
|
||||
replay.lo replay.o: $(srcdir)/testcode/replay.c config.h $(srcdir)/util/log.h $(srcdir)/util/net_help.h \
|
||||
$(srcdir)/util/config_file.h $(srcdir)/testcode/replay.h $(srcdir)/util/netevent.h $(srcdir)/testcode/testpkts.h \
|
||||
$(srcdir)/util/rbtree.h $(srcdir)/testcode/fake_event.h $(srcdir)/sldns/str2wire.h $(srcdir)/sldns/rrdef.h
|
||||
|
@ -1083,9 +1091,10 @@ fake_event.lo fake_event.o: $(srcdir)/testcode/fake_event.c config.h $(srcdir)/t
|
|||
$(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/data/msgencode.h \
|
||||
$(srcdir)/util/data/dname.h $(srcdir)/util/config_file.h $(srcdir)/services/listen_dnsport.h \
|
||||
$(srcdir)/services/outside_network.h $(srcdir)/util/rbtree.h \
|
||||
$(srcdir)/services/cache/infra.h $(srcdir)/util/rtt.h $(srcdir)/testcode/replay.h $(srcdir)/testcode/testpkts.h \
|
||||
$(srcdir)/util/fptr_wlist.h $(srcdir)/util/module.h $(srcdir)/util/tube.h $(srcdir)/services/mesh.h \
|
||||
$(srcdir)/services/modstack.h $(srcdir)/sldns/sbuffer.h $(srcdir)/sldns/wire2str.h $(srcdir)/sldns/str2wire.h
|
||||
$(srcdir)/services/cache/infra.h $(srcdir)/util/storage/dnstree.h $(srcdir)/util/rtt.h \
|
||||
$(srcdir)/testcode/replay.h $(srcdir)/testcode/testpkts.h $(srcdir)/util/fptr_wlist.h $(srcdir)/util/module.h \
|
||||
$(srcdir)/util/tube.h $(srcdir)/services/mesh.h $(srcdir)/services/modstack.h $(srcdir)/sldns/sbuffer.h \
|
||||
$(srcdir)/sldns/wire2str.h $(srcdir)/sldns/str2wire.h
|
||||
lock_verify.lo lock_verify.o: $(srcdir)/testcode/lock_verify.c config.h $(srcdir)/util/log.h $(srcdir)/util/rbtree.h \
|
||||
$(srcdir)/util/locks.h $(srcdir)/util/fptr_wlist.h $(srcdir)/util/netevent.h $(srcdir)/util/storage/lruhash.h \
|
||||
$(srcdir)/util/module.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h \
|
||||
|
@ -1122,7 +1131,7 @@ context.lo context.o: $(srcdir)/libunbound/context.c config.h $(srcdir)/libunbou
|
|||
$(srcdir)/util/module.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h \
|
||||
$(srcdir)/sldns/rrdef.h $(srcdir)/util/config_file.h $(srcdir)/util/net_help.h $(srcdir)/services/localzone.h \
|
||||
$(srcdir)/services/cache/rrset.h $(srcdir)/util/storage/slabhash.h $(srcdir)/services/cache/infra.h \
|
||||
$(srcdir)/util/rtt.h $(srcdir)/sldns/sbuffer.h
|
||||
$(srcdir)/util/storage/dnstree.h $(srcdir)/util/rtt.h $(srcdir)/sldns/sbuffer.h
|
||||
libunbound.lo libunbound.o: $(srcdir)/libunbound/libunbound.c $(srcdir)/libunbound/unbound.h \
|
||||
$(srcdir)/libunbound/unbound-event.h config.h $(srcdir)/libunbound/context.h $(srcdir)/util/locks.h \
|
||||
$(srcdir)/util/log.h $(srcdir)/util/alloc.h $(srcdir)/util/rbtree.h $(srcdir)/services/modstack.h \
|
||||
|
@ -1130,8 +1139,8 @@ libunbound.lo libunbound.o: $(srcdir)/libunbound/libunbound.c $(srcdir)/libunbou
|
|||
$(srcdir)/util/config_file.h $(srcdir)/util/module.h $(srcdir)/util/data/msgreply.h \
|
||||
$(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/regional.h \
|
||||
$(srcdir)/util/random.h $(srcdir)/util/net_help.h $(srcdir)/util/tube.h $(srcdir)/services/localzone.h \
|
||||
$(srcdir)/services/cache/infra.h $(srcdir)/util/rtt.h $(srcdir)/services/cache/rrset.h \
|
||||
$(srcdir)/util/storage/slabhash.h $(srcdir)/sldns/sbuffer.h
|
||||
$(srcdir)/services/cache/infra.h $(srcdir)/util/storage/dnstree.h $(srcdir)/util/rtt.h \
|
||||
$(srcdir)/services/cache/rrset.h $(srcdir)/util/storage/slabhash.h $(srcdir)/sldns/sbuffer.h
|
||||
libworker.lo libworker.o: $(srcdir)/libunbound/libworker.c config.h \
|
||||
$(srcdir)/libunbound/libworker.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/storage/lruhash.h \
|
||||
$(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/libunbound/context.h $(srcdir)/util/alloc.h $(srcdir)/util/rbtree.h \
|
||||
|
@ -1159,13 +1168,12 @@ streamtcp.lo streamtcp.o: $(srcdir)/testcode/streamtcp.c config.h $(srcdir)/util
|
|||
|
||||
perf.lo perf.o: $(srcdir)/testcode/perf.c config.h $(srcdir)/util/log.h $(srcdir)/util/locks.h $(srcdir)/util/net_help.h \
|
||||
$(srcdir)/util/data/msgencode.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/storage/lruhash.h \
|
||||
$(srcdir)/util/data/packed_rrset.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h \
|
||||
$(srcdir)/sldns/sbuffer.h $(srcdir)/sldns/wire2str.h $(srcdir)/sldns/str2wire.h
|
||||
$(srcdir)/util/data/packed_rrset.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h \
|
||||
$(srcdir)/sldns/rrdef.h $(srcdir)/sldns/sbuffer.h $(srcdir)/sldns/wire2str.h $(srcdir)/sldns/str2wire.h
|
||||
delayer.lo delayer.o: $(srcdir)/testcode/delayer.c config.h $(srcdir)/util/net_help.h $(srcdir)/util/log.h \
|
||||
$(srcdir)/util/config_file.h $(srcdir)/sldns/sbuffer.h
|
||||
unbound-control.lo unbound-control.o: $(srcdir)/smallapp/unbound-control.c config.h \
|
||||
$(srcdir)/util/log.h \
|
||||
$(srcdir)/util/config_file.h $(srcdir)/util/locks.h $(srcdir)/util/net_help.h
|
||||
$(srcdir)/util/log.h $(srcdir)/util/config_file.h $(srcdir)/util/locks.h $(srcdir)/util/net_help.h
|
||||
unbound-anchor.lo unbound-anchor.o: $(srcdir)/smallapp/unbound-anchor.c config.h $(srcdir)/libunbound/unbound.h \
|
||||
$(srcdir)/sldns/rrdef.h \
|
||||
|
||||
|
@ -1173,8 +1181,8 @@ petal.lo petal.o: $(srcdir)/testcode/petal.c config.h \
|
|||
|
||||
pythonmod_utils.lo pythonmod_utils.o: $(srcdir)/pythonmod/pythonmod_utils.c config.h $(srcdir)/util/module.h \
|
||||
$(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/util/data/msgreply.h \
|
||||
$(srcdir)/util/data/packed_rrset.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h \
|
||||
$(srcdir)/util/netevent.h $(srcdir)/util/net_help.h $(srcdir)/services/cache/dns.h \
|
||||
$(srcdir)/util/data/packed_rrset.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h \
|
||||
$(srcdir)/sldns/rrdef.h $(srcdir)/util/netevent.h $(srcdir)/util/net_help.h $(srcdir)/services/cache/dns.h \
|
||||
$(srcdir)/services/cache/rrset.h $(srcdir)/util/storage/slabhash.h $(srcdir)/util/regional.h \
|
||||
$(srcdir)/iterator/iter_delegpt.h $(srcdir)/sldns/sbuffer.h
|
||||
win_svc.lo win_svc.o: $(srcdir)/winrc/win_svc.c config.h $(srcdir)/winrc/win_svc.h $(srcdir)/winrc/w_inst.h \
|
||||
|
@ -1197,7 +1205,8 @@ keyraw.lo keyraw.o: $(srcdir)/sldns/keyraw.c config.h $(srcdir)/sldns/keyraw.h \
|
|||
|
||||
sbuffer.lo sbuffer.o: $(srcdir)/sldns/sbuffer.c config.h $(srcdir)/sldns/sbuffer.h
|
||||
wire2str.lo wire2str.o: $(srcdir)/sldns/wire2str.c config.h $(srcdir)/sldns/wire2str.h $(srcdir)/sldns/str2wire.h \
|
||||
$(srcdir)/sldns/rrdef.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/parseutil.h $(srcdir)/sldns/sbuffer.h $(srcdir)/sldns/keyraw.h \
|
||||
$(srcdir)/sldns/rrdef.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/parseutil.h $(srcdir)/sldns/sbuffer.h \
|
||||
$(srcdir)/sldns/keyraw.h \
|
||||
|
||||
parse.lo parse.o: $(srcdir)/sldns/parse.c config.h $(srcdir)/sldns/parse.h $(srcdir)/sldns/parseutil.h \
|
||||
$(srcdir)/sldns/sbuffer.h
|
||||
|
@ -1217,7 +1226,6 @@ memmove.lo memmove.o: $(srcdir)/compat/memmove.c config.h
|
|||
snprintf.lo snprintf.o: $(srcdir)/compat/snprintf.c config.h
|
||||
strlcat.lo strlcat.o: $(srcdir)/compat/strlcat.c config.h
|
||||
strlcpy.lo strlcpy.o: $(srcdir)/compat/strlcpy.c config.h
|
||||
reallocarray.lo reallocarray.o: $(srcdir)/compat/reallocarray.c config.h
|
||||
strptime.lo strptime.o: $(srcdir)/compat/strptime.c config.h
|
||||
getentropy_linux.lo getentropy_linux.o: $(srcdir)/compat/getentropy_linux.c config.h \
|
||||
|
||||
|
@ -1229,3 +1237,4 @@ arc4random.lo arc4random.o: $(srcdir)/compat/arc4random.c config.h $(srcdir)/com
|
|||
arc4random_uniform.lo arc4random_uniform.o: $(srcdir)/compat/arc4random_uniform.c config.h
|
||||
arc4_lock.lo arc4_lock.o: $(srcdir)/compat/arc4_lock.c config.h $(srcdir)/util/locks.h
|
||||
sha512.lo sha512.o: $(srcdir)/compat/sha512.c config.h
|
||||
reallocarray.lo reallocarray.o: $(srcdir)/compat/reallocarray.c config.h
|
||||
|
|
|
@ -677,6 +677,7 @@ WITH_PYTHONMODULE
|
|||
swig
|
||||
SWIG_LIB
|
||||
SWIG
|
||||
PY_MAJOR_VERSION
|
||||
PYTHON_SITE_PKG
|
||||
PYTHON_LDFLAGS
|
||||
PYTHON_CPPFLAGS
|
||||
|
@ -16100,6 +16101,8 @@ ac_compiler_gnu=$ac_cv_c_compiler_gnu
|
|||
as_fn_error $? "Python version >= 2.4.0 is required" "$LINENO" 5
|
||||
fi
|
||||
|
||||
PY_MAJOR_VERSION="`$PYTHON -c "import sys; print(sys.version_info.major)"`"
|
||||
|
||||
# Have Python
|
||||
|
||||
$as_echo "#define HAVE_PYTHON 1" >>confdefs.h
|
||||
|
|
|
@ -475,6 +475,8 @@ if test x_$ub_test_python != x_no; then
|
|||
AC_ERROR([Python version >= 2.4.0 is required])
|
||||
fi
|
||||
|
||||
PY_MAJOR_VERSION="`$PYTHON -c "import sys; print(sys.version_info.major)"`"
|
||||
AC_SUBST(PY_MAJOR_VERSION)
|
||||
# Have Python
|
||||
AC_DEFINE(HAVE_PYTHON,1,[Define if you have Python libraries and header files.])
|
||||
LIBS="$PYTHON_LDFLAGS $LIBS"
|
||||
|
|
|
@ -15,8 +15,6 @@ distribution but may be helpful.
|
|||
a local-zone and local-data include file for unbound.conf.
|
||||
* unbound-host.nagios.patch: makes unbound-host return status that fits right
|
||||
in with the nagios monitoring framework. Contributed by Migiel de Vos.
|
||||
* unbound_unixsock.diff: Add Unix socket support for unbound-control.
|
||||
Contributed by Ilya Bakulin, 2012-08-28.
|
||||
* patch_rsamd5_enable.diff: this patch enables RSAMD5 validation (otherwise
|
||||
it is treated as insecure). The RSAMD5 algorithm is deprecated (RFC6725).
|
||||
* create_unbound_ad_servers.sh: shell script to enter anti-ad server lists.
|
||||
|
|
|
@ -18,7 +18,6 @@ Source2: unbound.conf
|
|||
Source3: unbound.munin
|
||||
Source4: unbound_munin_
|
||||
Source5: root.key
|
||||
Source6: dlv.isc.org.key
|
||||
Patch1: unbound-1.2-glob.patch
|
||||
|
||||
Group: System Environment/Daemons
|
||||
|
@ -140,7 +139,6 @@ rm -rf ${RPM_BUILD_ROOT}
|
|||
%attr(0755,root,root) %dir %{_sysconfdir}/%{name}
|
||||
%ghost %attr(0755,unbound,unbound) %dir %{_localstatedir}/run/%{name}
|
||||
%attr(0644,root,root) %config(noreplace) %{_sysconfdir}/%{name}/unbound.conf
|
||||
%attr(0644,root,root) %config(noreplace) %{_sysconfdir}/%{name}/dlv.isc.org.key
|
||||
%attr(0644,root,root) %config(noreplace) %{_sysconfdir}/%{name}/root.key
|
||||
%{_sbindir}/*
|
||||
%{_mandir}/*/*
|
||||
|
@ -178,11 +176,6 @@ exit 0
|
|||
|
||||
%post
|
||||
/sbin/chkconfig --add %{name}
|
||||
# dnssec-conf used to contain our DLV key, but now we include it via unbound
|
||||
# If unbound had previously been configured with dnssec-configure, we need
|
||||
# to migrate the location of the DLV key file (to keep DLV enabled, and because
|
||||
# unbound won't start with a bad location for a DLV key file.
|
||||
sed -i "s:/etc/pki/dnssec-keys[/]*dlv:/etc/unbound:" %{_sysconfdir}/unbound/unbound.conf
|
||||
|
||||
%post libs -p /sbin/ldconfig
|
||||
|
||||
|
|
|
@ -1,305 +0,0 @@
|
|||
diff --git a/daemon/remote.c b/daemon/remote.c
|
||||
index a2b2204..b6990f3 100644
|
||||
--- a/daemon/remote.c
|
||||
+++ b/daemon/remote.c
|
||||
@@ -81,6 +81,11 @@
|
||||
#ifdef HAVE_NETDB_H
|
||||
#include <netdb.h>
|
||||
#endif
|
||||
+#ifdef HAVE_PWD_H
|
||||
+#include <pwd.h>
|
||||
+#include <sys/stat.h>
|
||||
+#include <fcntl.h>
|
||||
+#endif
|
||||
|
||||
/* just for portability */
|
||||
#ifdef SQ
|
||||
@@ -235,7 +240,8 @@ void daemon_remote_delete(struct daemon_remote* rc)
|
||||
* @return false on failure.
|
||||
*/
|
||||
static int
|
||||
-add_open(const char* ip, int nr, struct listen_port** list, int noproto_is_err)
|
||||
+add_open(const char* ip, int nr, struct listen_port** list, int noproto_is_err,
|
||||
+ struct config_file* cfg)
|
||||
{
|
||||
struct addrinfo hints;
|
||||
struct addrinfo* res;
|
||||
@@ -246,29 +252,74 @@ add_open(const char* ip, int nr, struct listen_port** list, int noproto_is_err)
|
||||
snprintf(port, sizeof(port), "%d", nr);
|
||||
port[sizeof(port)-1]=0;
|
||||
memset(&hints, 0, sizeof(hints));
|
||||
- hints.ai_socktype = SOCK_STREAM;
|
||||
- hints.ai_flags = AI_PASSIVE | AI_NUMERICHOST;
|
||||
- if((r = getaddrinfo(ip, port, &hints, &res)) != 0 || !res) {
|
||||
-#ifdef USE_WINSOCK
|
||||
- if(!noproto_is_err && r == EAI_NONAME) {
|
||||
- /* tried to lookup the address as name */
|
||||
- return 1; /* return success, but do nothing */
|
||||
+
|
||||
+ if(ip[0] == '/') {
|
||||
+ /* This looks like UNIX socket! */
|
||||
+ fd = create_domain_accept_sock(ip);
|
||||
+/*
|
||||
+ * When unbound starts, it first creates a socket and then
|
||||
+ * drops privs, so the socket is created as root user.
|
||||
+ * This is fine, but we would like to set _unbound user group
|
||||
+ * for this socket, and permissions should be 0660 so only
|
||||
+ * root and _unbound group members can invoke unbound-control.
|
||||
+ * The username used here is the same as username that unbound
|
||||
+ * uses for its worker processes.
|
||||
+ */
|
||||
+
|
||||
+/*
|
||||
+ * Note: this code is an exact copy of code from daemon.c
|
||||
+ * Normally this should be either wrapped into a function,
|
||||
+ * or gui/gid values should be retrieved at config parsing time
|
||||
+ * and then stored in configfile structure.
|
||||
+ * This requires action from unbound developers!
|
||||
+*/
|
||||
+#ifdef HAVE_GETPWNAM
|
||||
+ struct passwd *pwd = NULL;
|
||||
+ uid_t uid;
|
||||
+ gid_t gid;
|
||||
+ /* initialize, but not to 0 (root) */
|
||||
+ memset(&uid, 112, sizeof(uid));
|
||||
+ memset(&gid, 112, sizeof(gid));
|
||||
+ log_assert(cfg);
|
||||
+
|
||||
+ if(cfg->username && cfg->username[0]) {
|
||||
+ if((pwd = getpwnam(cfg->username)) == NULL)
|
||||
+ fatal_exit("user '%s' does not exist.",
|
||||
+ cfg->username);
|
||||
+ uid = pwd->pw_uid;
|
||||
+ gid = pwd->pw_gid;
|
||||
+ endpwent();
|
||||
}
|
||||
+
|
||||
+ chown(ip, 0, gid);
|
||||
+ chmod(ip, S_IRUSR | S_IWUSR | S_IRGRP | S_IWGRP);
|
||||
+#endif
|
||||
+ } else {
|
||||
+ hints.ai_socktype = SOCK_STREAM;
|
||||
+ hints.ai_flags = AI_PASSIVE | AI_NUMERICHOST;
|
||||
+ if((r = getaddrinfo(ip, port, &hints, &res)) != 0 || !res) {
|
||||
+#ifdef USE_WINSOCK
|
||||
+ if(!noproto_is_err && r == EAI_NONAME) {
|
||||
+ /* tried to lookup the address as name */
|
||||
+ return 1; /* return success, but do nothing */
|
||||
+ }
|
||||
#endif /* USE_WINSOCK */
|
||||
- log_err("control interface %s:%s getaddrinfo: %s %s",
|
||||
- ip?ip:"default", port, gai_strerror(r),
|
||||
+ log_err("control interface %s:%s getaddrinfo: %s %s",
|
||||
+ ip?ip:"default", port, gai_strerror(r),
|
||||
#ifdef EAI_SYSTEM
|
||||
r==EAI_SYSTEM?(char*)strerror(errno):""
|
||||
#else
|
||||
""
|
||||
#endif
|
||||
);
|
||||
- return 0;
|
||||
+ return 0;
|
||||
+ }
|
||||
+
|
||||
+ /* open fd */
|
||||
+ fd = create_tcp_accept_sock(res, 1, &noproto);
|
||||
+ freeaddrinfo(res);
|
||||
}
|
||||
|
||||
- /* open fd */
|
||||
- fd = create_tcp_accept_sock(res, 1, &noproto);
|
||||
- freeaddrinfo(res);
|
||||
if(fd == -1 && noproto) {
|
||||
if(!noproto_is_err)
|
||||
return 1; /* return success, but do nothing */
|
||||
@@ -305,7 +356,7 @@ struct listen_port* daemon_remote_open_ports(struct config_file* cfg)
|
||||
if(cfg->control_ifs) {
|
||||
struct config_strlist* p;
|
||||
for(p = cfg->control_ifs; p; p = p->next) {
|
||||
- if(!add_open(p->str, cfg->control_port, &l, 1)) {
|
||||
+ if(!add_open(p->str, cfg->control_port, &l, 1, cfg)) {
|
||||
listening_ports_free(l);
|
||||
return NULL;
|
||||
}
|
||||
@@ -313,12 +364,12 @@ struct listen_port* daemon_remote_open_ports(struct config_file* cfg)
|
||||
} else {
|
||||
/* defaults */
|
||||
if(cfg->do_ip6 &&
|
||||
- !add_open("::1", cfg->control_port, &l, 0)) {
|
||||
+ !add_open("::1", cfg->control_port, &l, 0, cfg)) {
|
||||
listening_ports_free(l);
|
||||
return NULL;
|
||||
}
|
||||
if(cfg->do_ip4 &&
|
||||
- !add_open("127.0.0.1", cfg->control_port, &l, 1)) {
|
||||
+ !add_open("127.0.0.1", cfg->control_port, &l, 1, cfg)) {
|
||||
listening_ports_free(l);
|
||||
return NULL;
|
||||
}
|
||||
diff --git a/services/listen_dnsport.c b/services/listen_dnsport.c
|
||||
index ea7ec3a..4cb04e2 100644
|
||||
--- a/services/listen_dnsport.c
|
||||
+++ b/services/listen_dnsport.c
|
||||
@@ -55,6 +55,10 @@
|
||||
#endif
|
||||
#include <fcntl.h>
|
||||
|
||||
+#ifndef USE_WINSOCK
|
||||
+#include <sys/un.h>
|
||||
+#endif
|
||||
+
|
||||
/** number of queued TCP connections for listen() */
|
||||
#define TCP_BACKLOG 5
|
||||
|
||||
@@ -376,6 +380,53 @@ create_udp_sock(int family, int socktype, struct sockaddr* addr,
|
||||
}
|
||||
|
||||
int
|
||||
+create_domain_accept_sock(char *path) {
|
||||
+ int s;
|
||||
+ struct sockaddr_un unixaddr;
|
||||
+
|
||||
+#ifndef USE_WINSOCK
|
||||
+ unixaddr.sun_len = sizeof(unixaddr);
|
||||
+ unixaddr.sun_family = AF_UNIX;
|
||||
+ strlcpy(unixaddr.sun_path, path, 104);
|
||||
+
|
||||
+ if((s = socket(AF_UNIX, SOCK_STREAM, 0)) == -1) {
|
||||
+ log_err("Cannot create UNIX socket %s (%s)",
|
||||
+ path, strerror(errno));
|
||||
+ return -1;
|
||||
+ }
|
||||
+
|
||||
+ if(unlink(path) && errno != ENOENT) {
|
||||
+ /* The socket already exists and cannot be removed */
|
||||
+ log_err("Cannot remove old UNIX socket %s (%s)",
|
||||
+ path, strerror(errno));
|
||||
+ return -1;
|
||||
+ }
|
||||
+
|
||||
+ if(bind(s, (struct sockaddr *) &unixaddr,
|
||||
+ sizeof(struct sockaddr_un)) == -1) {
|
||||
+ log_err("Cannot bind UNIX socket %s (%s)",
|
||||
+ path, strerror(errno));
|
||||
+ return -1;
|
||||
+ }
|
||||
+
|
||||
+ if(!fd_set_nonblock(s)) {
|
||||
+ log_err("Cannot set non-blocking mode");
|
||||
+ return -1;
|
||||
+ }
|
||||
+
|
||||
+ if(listen(s, TCP_BACKLOG) == -1) {
|
||||
+ log_err("can't listen: %s", strerror(errno));
|
||||
+ return -1;
|
||||
+ }
|
||||
+
|
||||
+ return s;
|
||||
+#else
|
||||
+ log_err("UNIX sockets are not supported");
|
||||
+ return -1;
|
||||
+#endif
|
||||
+}
|
||||
+
|
||||
+int
|
||||
create_tcp_accept_sock(struct addrinfo *addr, int v6only, int* noproto)
|
||||
{
|
||||
int s;
|
||||
diff --git a/smallapp/unbound-control.c b/smallapp/unbound-control.c
|
||||
index a872f92..10631fd 100644
|
||||
--- a/smallapp/unbound-control.c
|
||||
+++ b/smallapp/unbound-control.c
|
||||
@@ -59,6 +59,8 @@
|
||||
#include "util/locks.h"
|
||||
#include "util/net_help.h"
|
||||
|
||||
+#include <sys/un.h>
|
||||
+
|
||||
/** Give unbound-control usage, and exit (1). */
|
||||
static void
|
||||
usage()
|
||||
@@ -158,6 +160,7 @@ contact_server(const char* svr, struct config_file* cfg, int statuscmd)
|
||||
{
|
||||
struct sockaddr_storage addr;
|
||||
socklen_t addrlen;
|
||||
+ int addrfamily = 0;
|
||||
int fd;
|
||||
/* use svr or the first config entry */
|
||||
if(!svr) {
|
||||
@@ -176,12 +179,21 @@ contact_server(const char* svr, struct config_file* cfg, int statuscmd)
|
||||
if(strchr(svr, '@')) {
|
||||
if(!extstrtoaddr(svr, &addr, &addrlen))
|
||||
fatal_exit("could not parse IP@port: %s", svr);
|
||||
+ } else if(svr[0] == '/') {
|
||||
+ struct sockaddr_un* unixsock = (struct sockaddr_un *) &addr;
|
||||
+ unixsock->sun_family = AF_UNIX;
|
||||
+ unixsock->sun_len = sizeof(unixsock);
|
||||
+ strlcpy(unixsock->sun_path, svr, 104);
|
||||
+ addrlen = sizeof(struct sockaddr_un);
|
||||
+ addrfamily = AF_UNIX;
|
||||
} else {
|
||||
if(!ipstrtoaddr(svr, cfg->control_port, &addr, &addrlen))
|
||||
fatal_exit("could not parse IP: %s", svr);
|
||||
}
|
||||
- fd = socket(addr_is_ip6(&addr, addrlen)?AF_INET6:AF_INET,
|
||||
- SOCK_STREAM, 0);
|
||||
+
|
||||
+ if(addrfamily != AF_UNIX)
|
||||
+ addrfamily = addr_is_ip6(&addr, addrlen)?AF_INET6:AF_INET;
|
||||
+ fd = socket(addrfamily, SOCK_STREAM, 0);
|
||||
if(fd == -1) {
|
||||
#ifndef USE_WINSOCK
|
||||
fatal_exit("socket: %s", strerror(errno));
|
||||
diff --git a/util/net_help.c b/util/net_help.c
|
||||
index b3136a3..5b5b4a3 100644
|
||||
--- a/util/net_help.c
|
||||
+++ b/util/net_help.c
|
||||
@@ -45,6 +45,7 @@
|
||||
#include "util/module.h"
|
||||
#include "util/regional.h"
|
||||
#include <fcntl.h>
|
||||
+#include <sys/un.h>
|
||||
#include <openssl/ssl.h>
|
||||
#include <openssl/err.h>
|
||||
|
||||
@@ -135,7 +136,7 @@ log_addr(enum verbosity_value v, const char* str,
|
||||
{
|
||||
uint16_t port;
|
||||
const char* family = "unknown";
|
||||
- char dest[100];
|
||||
+ char dest[108];
|
||||
int af = (int)((struct sockaddr_in*)addr)->sin_family;
|
||||
void* sinaddr = &((struct sockaddr_in*)addr)->sin_addr;
|
||||
if(verbosity < v)
|
||||
@@ -148,15 +149,23 @@ log_addr(enum verbosity_value v, const char* str,
|
||||
case AF_UNIX: family="unix"; break;
|
||||
default: break;
|
||||
}
|
||||
- if(inet_ntop(af, sinaddr, dest, (socklen_t)sizeof(dest)) == 0) {
|
||||
- strncpy(dest, "(inet_ntop error)", sizeof(dest));
|
||||
+
|
||||
+ if(af != AF_UNIX) {
|
||||
+ if(inet_ntop(af, sinaddr, dest, (socklen_t)sizeof(dest)) == 0) {
|
||||
+ strncpy(dest, "(inet_ntop error)", sizeof(dest));
|
||||
+ }
|
||||
+ dest[sizeof(dest)-1] = 0;
|
||||
+ port = ntohs(((struct sockaddr_in*)addr)->sin_port);
|
||||
+ if(verbosity >= 4)
|
||||
+ verbose(v, "%s %s %s port %d (len %d)", str, family,
|
||||
+ dest, (int)port, (int)addrlen);
|
||||
+ else verbose(v, "%s %s port %d", str, dest, (int)port);
|
||||
+ } else {
|
||||
+ struct sockaddr_un* unixsock;
|
||||
+ unixsock = (struct sockaddr_un *) addr;
|
||||
+ strlcpy(dest, unixsock->sun_path, sizeof(dest));
|
||||
+ verbose(v, "%s %s %s", str, family, dest);
|
||||
}
|
||||
- dest[sizeof(dest)-1] = 0;
|
||||
- port = ntohs(((struct sockaddr_in*)addr)->sin_port);
|
||||
- if(verbosity >= 4)
|
||||
- verbose(v, "%s %s %s port %d (len %d)", str, family, dest,
|
||||
- (int)port, (int)addrlen);
|
||||
- else verbose(v, "%s %s port %d", str, dest, (int)port);
|
||||
}
|
||||
|
||||
int
|
|
@ -140,32 +140,43 @@ timeval_divide(struct timeval* avg, const struct timeval* sum, size_t d)
|
|||
|
||||
/*
|
||||
* The following function was generated using the openssl utility, using
|
||||
* the command : "openssl dhparam -dsaparam -C 512"
|
||||
* the command : "openssl dhparam -dsaparam -C 1024"
|
||||
* (some openssl versions reject DH that is 'too small', eg. 512).
|
||||
*/
|
||||
#ifndef S_SPLINT_S
|
||||
DH *get_dh512()
|
||||
DH *get_dh1024()
|
||||
{
|
||||
static unsigned char dh512_p[]={
|
||||
0xC9,0xD7,0x05,0xDA,0x5F,0xAB,0x14,0xE8,0x11,0x56,0x77,0x85,
|
||||
0xB1,0x24,0x2C,0x95,0x60,0xEA,0xE2,0x10,0x6F,0x0F,0x84,0xEC,
|
||||
0xF4,0x45,0xE8,0x90,0x7A,0xA7,0x03,0xFF,0x5B,0x88,0x53,0xDE,
|
||||
0xC4,0xDE,0xBC,0x42,0x78,0x71,0x23,0x7E,0x24,0xA5,0x5E,0x4E,
|
||||
0xEF,0x6F,0xFF,0x5F,0xAF,0xBE,0x8A,0x77,0x62,0xB4,0x65,0x82,
|
||||
0x7E,0xC9,0xED,0x2F,
|
||||
static unsigned char dh1024_p[]={
|
||||
0xB3,0x67,0x2E,0x3B,0x68,0xC5,0xDA,0x58,0x46,0xD6,0x2B,0xD3,
|
||||
0x41,0x78,0x97,0xE4,0xE1,0x61,0x71,0x68,0xE6,0x0F,0x1D,0x78,
|
||||
0x05,0xAA,0xF0,0xFF,0x30,0xDF,0xAC,0x49,0x7F,0xE0,0x90,0xFE,
|
||||
0xB9,0x56,0x4E,0x3F,0xE2,0x98,0x8A,0xED,0xF5,0x28,0x39,0xEF,
|
||||
0x2E,0xA6,0xB7,0x67,0xB2,0x43,0xE4,0x53,0xF8,0xEB,0x2C,0x1F,
|
||||
0x06,0x77,0x3A,0x6F,0x62,0x98,0xC1,0x3B,0xF7,0xBA,0x4D,0x93,
|
||||
0xF7,0xEB,0x5A,0xAD,0xC5,0x5F,0xF0,0xB7,0x24,0x35,0x81,0xF7,
|
||||
0x7F,0x1F,0x24,0xC0,0xDF,0xD3,0xD8,0x40,0x72,0x7E,0xF3,0x19,
|
||||
0x2B,0x26,0x27,0xF4,0xB6,0xB3,0xD4,0x7D,0x08,0x23,0xBE,0x68,
|
||||
0x2B,0xCA,0xB4,0x46,0xA8,0x9E,0xDD,0x6C,0x3D,0x75,0xA6,0x48,
|
||||
0xF7,0x44,0x43,0xBF,0x91,0xC2,0xB4,0x49,
|
||||
};
|
||||
static unsigned char dh512_g[]={
|
||||
0x8D,0x3A,0x52,0xBC,0x8A,0x71,0x94,0x33,0x2F,0xE1,0xE8,0x4C,
|
||||
0x73,0x47,0x03,0x4E,0x7D,0x40,0xE5,0x84,0xA0,0xB5,0x6D,0x10,
|
||||
0x6F,0x90,0x43,0x05,0x1A,0xF9,0x0B,0x6A,0xD1,0x2A,0x9C,0x25,
|
||||
0x0A,0xB9,0xD1,0x14,0xDC,0x35,0x1C,0x48,0x7C,0xC6,0x0C,0x6D,
|
||||
0x32,0x1D,0xD3,0xC8,0x10,0xA8,0x82,0x14,0xA2,0x1C,0xF4,0x53,
|
||||
0x23,0x3B,0x1C,0xB9,
|
||||
static unsigned char dh1024_g[]={
|
||||
0x5F,0x37,0xB5,0x80,0x4D,0xB4,0xC4,0xB2,0x37,0x12,0xD5,0x2F,
|
||||
0x56,0x81,0xB0,0xDF,0x3D,0x27,0xA2,0x54,0xE7,0x14,0x65,0x2D,
|
||||
0x72,0xA8,0x97,0xE0,0xA9,0x4A,0x09,0x5E,0x89,0xBE,0x34,0x9A,
|
||||
0x90,0x98,0xC1,0xE8,0xBB,0x01,0x2B,0xC2,0x74,0x74,0x90,0x59,
|
||||
0x0B,0x72,0x62,0x5C,0xFD,0x49,0x63,0x4B,0x38,0x91,0xF1,0x7F,
|
||||
0x13,0x25,0xEB,0x52,0x50,0x47,0xA2,0x8C,0x32,0x28,0x42,0xAC,
|
||||
0xBD,0x7A,0xCC,0x58,0xBE,0x36,0xDA,0x6A,0x24,0x06,0xC7,0xF1,
|
||||
0xDA,0x8D,0x8A,0x3B,0x03,0xFA,0x6F,0x25,0xE5,0x20,0xA7,0xD6,
|
||||
0x6F,0x74,0x61,0x53,0x14,0x81,0x29,0x04,0xB5,0x61,0x12,0x53,
|
||||
0xA3,0xD6,0x09,0x98,0x0C,0x8F,0x1C,0xBB,0xD7,0x1C,0x2C,0xEE,
|
||||
0x56,0x4B,0x74,0x8F,0x4A,0xF8,0xA9,0xD5,
|
||||
};
|
||||
DH *dh;
|
||||
|
||||
if ((dh=DH_new()) == NULL) return(NULL);
|
||||
dh->p=BN_bin2bn(dh512_p,sizeof(dh512_p),NULL);
|
||||
dh->g=BN_bin2bn(dh512_g,sizeof(dh512_g),NULL);
|
||||
dh->p=BN_bin2bn(dh1024_p,sizeof(dh1024_p),NULL);
|
||||
dh->g=BN_bin2bn(dh1024_g,sizeof(dh1024_g),NULL);
|
||||
if ((dh->p == NULL) || (dh->g == NULL))
|
||||
{ DH_free(dh); return(NULL); }
|
||||
dh->length = 160;
|
||||
|
@ -218,7 +229,7 @@ daemon_remote_create(struct config_file* cfg)
|
|||
/* Since we have no certificates and hence no source of
|
||||
* DH params, let's generate and set them
|
||||
*/
|
||||
if(!SSL_CTX_set_tmp_dh(rc->ctx,get_dh512())) {
|
||||
if(!SSL_CTX_set_tmp_dh(rc->ctx,get_dh1024())) {
|
||||
log_crypto_err("Wanted to set DH param, but failed");
|
||||
return NULL;
|
||||
}
|
||||
|
@ -1892,6 +1903,21 @@ do_insecure_remove(SSL* ssl, struct worker* worker, char* arg)
|
|||
send_ok(ssl);
|
||||
}
|
||||
|
||||
static void
|
||||
do_insecure_list(SSL* ssl, struct worker* worker)
|
||||
{
|
||||
char buf[257];
|
||||
struct trust_anchor* a;
|
||||
if(worker->env.anchors) {
|
||||
RBTREE_FOR(a, struct trust_anchor*, worker->env.anchors->tree) {
|
||||
if(a->numDS == 0 && a->numDNSKEY == 0) {
|
||||
dname_str(a->name, buf);
|
||||
ssl_printf(ssl, "%s\n", buf);
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
/** do the status command */
|
||||
static void
|
||||
do_status(SSL* ssl, struct worker* worker)
|
||||
|
@ -2252,6 +2278,54 @@ do_list_local_data(SSL* ssl, struct worker* worker)
|
|||
lock_rw_unlock(&zones->lock);
|
||||
}
|
||||
|
||||
/** struct for user arg ratelimit list */
|
||||
struct ratelimit_list_arg {
|
||||
/** the infra cache */
|
||||
struct infra_cache* infra;
|
||||
/** the SSL to print to */
|
||||
SSL* ssl;
|
||||
/** all or only ratelimited */
|
||||
int all;
|
||||
/** current time */
|
||||
time_t now;
|
||||
};
|
||||
|
||||
/** list items in the ratelimit table */
|
||||
static void
|
||||
rate_list(struct lruhash_entry* e, void* arg)
|
||||
{
|
||||
struct ratelimit_list_arg* a = (struct ratelimit_list_arg*)arg;
|
||||
struct rate_key* k = (struct rate_key*)e->key;
|
||||
struct rate_data* d = (struct rate_data*)e->data;
|
||||
char buf[257];
|
||||
int lim = infra_find_ratelimit(a->infra, k->name, k->namelen);
|
||||
int max = infra_rate_max(d, a->now);
|
||||
if(a->all == 0) {
|
||||
if(max < lim)
|
||||
return;
|
||||
}
|
||||
dname_str(k->name, buf);
|
||||
ssl_printf(a->ssl, "%s %d limit %d\n", buf, max, lim);
|
||||
}
|
||||
|
||||
/** do the ratelimit_list command */
|
||||
static void
|
||||
do_ratelimit_list(SSL* ssl, struct worker* worker, char* arg)
|
||||
{
|
||||
struct ratelimit_list_arg a;
|
||||
a.all = 0;
|
||||
a.infra = worker->env.infra_cache;
|
||||
a.now = *worker->env.now;
|
||||
a.ssl = ssl;
|
||||
arg = skipwhite(arg);
|
||||
if(strcmp(arg, "+a") == 0)
|
||||
a.all = 1;
|
||||
if(a.infra->domain_rates==NULL ||
|
||||
(a.all == 0 && infra_dp_ratelimit == 0))
|
||||
return;
|
||||
slabhash_traverse(a.infra->domain_rates, 0, rate_list, &a);
|
||||
}
|
||||
|
||||
/** tell other processes to execute the command */
|
||||
static void
|
||||
distribute_cmd(struct daemon_remote* rc, SSL* ssl, char* cmd)
|
||||
|
@ -2312,12 +2386,18 @@ execute_cmd(struct daemon_remote* rc, SSL* ssl, char* cmd,
|
|||
} else if(cmdcmp(p, "list_stubs", 10)) {
|
||||
do_list_stubs(ssl, worker);
|
||||
return;
|
||||
} else if(cmdcmp(p, "list_insecure", 13)) {
|
||||
do_insecure_list(ssl, worker);
|
||||
return;
|
||||
} else if(cmdcmp(p, "list_local_zones", 16)) {
|
||||
do_list_local_zones(ssl, worker);
|
||||
return;
|
||||
} else if(cmdcmp(p, "list_local_data", 15)) {
|
||||
do_list_local_data(ssl, worker);
|
||||
return;
|
||||
} else if(cmdcmp(p, "ratelimit_list", 14)) {
|
||||
do_ratelimit_list(ssl, worker, p+14);
|
||||
return;
|
||||
} else if(cmdcmp(p, "stub_add", 8)) {
|
||||
/* must always distribute this cmd */
|
||||
if(rc) distribute_cmd(rc, ssl, cmd);
|
||||
|
|
|
@ -86,6 +86,8 @@
|
|||
|
||||
/** Size of an UDP datagram */
|
||||
#define NORMAL_UDP_SIZE 512 /* bytes */
|
||||
/** ratelimit for error responses */
|
||||
#define ERROR_RATELIMIT 100 /* qps */
|
||||
|
||||
/**
|
||||
* seconds to add to prefetch leeway. This is a TTL that expires old rrsets
|
||||
|
@ -291,6 +293,26 @@ worker_handle_service_reply(struct comm_point* c, void* arg, int error,
|
|||
return 0;
|
||||
}
|
||||
|
||||
/** ratelimit error replies
|
||||
* @param worker: the worker struct with ratelimit counter
|
||||
* @param err: error code that would be wanted.
|
||||
* @return value of err if okay, or -1 if it should be discarded instead.
|
||||
*/
|
||||
static int
|
||||
worker_err_ratelimit(struct worker* worker, int err)
|
||||
{
|
||||
if(worker->err_limit_time == *worker->env.now) {
|
||||
/* see if limit is exceeded for this second */
|
||||
if(worker->err_limit_count++ > ERROR_RATELIMIT)
|
||||
return -1;
|
||||
} else {
|
||||
/* new second, new limits */
|
||||
worker->err_limit_time = *worker->env.now;
|
||||
worker->err_limit_count = 1;
|
||||
}
|
||||
return err;
|
||||
}
|
||||
|
||||
/** check request sanity.
|
||||
* @param pkt: the wire packet to examine for sanity.
|
||||
* @param worker: parameters for checking.
|
||||
|
@ -315,32 +337,32 @@ worker_check_request(sldns_buffer* pkt, struct worker* worker)
|
|||
if(LDNS_TC_WIRE(sldns_buffer_begin(pkt))) {
|
||||
LDNS_TC_CLR(sldns_buffer_begin(pkt));
|
||||
verbose(VERB_QUERY, "request bad, has TC bit on");
|
||||
return LDNS_RCODE_FORMERR;
|
||||
return worker_err_ratelimit(worker, LDNS_RCODE_FORMERR);
|
||||
}
|
||||
if(LDNS_OPCODE_WIRE(sldns_buffer_begin(pkt)) != LDNS_PACKET_QUERY) {
|
||||
verbose(VERB_QUERY, "request unknown opcode %d",
|
||||
LDNS_OPCODE_WIRE(sldns_buffer_begin(pkt)));
|
||||
return LDNS_RCODE_NOTIMPL;
|
||||
return worker_err_ratelimit(worker, LDNS_RCODE_NOTIMPL);
|
||||
}
|
||||
if(LDNS_QDCOUNT(sldns_buffer_begin(pkt)) != 1) {
|
||||
verbose(VERB_QUERY, "request wrong nr qd=%d",
|
||||
LDNS_QDCOUNT(sldns_buffer_begin(pkt)));
|
||||
return LDNS_RCODE_FORMERR;
|
||||
return worker_err_ratelimit(worker, LDNS_RCODE_FORMERR);
|
||||
}
|
||||
if(LDNS_ANCOUNT(sldns_buffer_begin(pkt)) != 0) {
|
||||
verbose(VERB_QUERY, "request wrong nr an=%d",
|
||||
LDNS_ANCOUNT(sldns_buffer_begin(pkt)));
|
||||
return LDNS_RCODE_FORMERR;
|
||||
return worker_err_ratelimit(worker, LDNS_RCODE_FORMERR);
|
||||
}
|
||||
if(LDNS_NSCOUNT(sldns_buffer_begin(pkt)) != 0) {
|
||||
verbose(VERB_QUERY, "request wrong nr ns=%d",
|
||||
LDNS_NSCOUNT(sldns_buffer_begin(pkt)));
|
||||
return LDNS_RCODE_FORMERR;
|
||||
return worker_err_ratelimit(worker, LDNS_RCODE_FORMERR);
|
||||
}
|
||||
if(LDNS_ARCOUNT(sldns_buffer_begin(pkt)) > 1) {
|
||||
verbose(VERB_QUERY, "request wrong nr ar=%d",
|
||||
LDNS_ARCOUNT(sldns_buffer_begin(pkt)));
|
||||
return LDNS_RCODE_FORMERR;
|
||||
return worker_err_ratelimit(worker, LDNS_RCODE_FORMERR);
|
||||
}
|
||||
return 0;
|
||||
}
|
||||
|
@ -813,6 +835,10 @@ worker_handle_request(struct comm_point* c, void* arg, int error,
|
|||
if(!query_info_parse(&qinfo, c->buffer)) {
|
||||
verbose(VERB_ALGO, "worker parse request: formerror.");
|
||||
log_addr(VERB_CLIENT,"from",&repinfo->addr, repinfo->addrlen);
|
||||
if(worker_err_ratelimit(worker, LDNS_RCODE_FORMERR) == -1) {
|
||||
comm_point_drop_reply(repinfo);
|
||||
return 0;
|
||||
}
|
||||
sldns_buffer_rewind(c->buffer);
|
||||
LDNS_QR_SET(sldns_buffer_begin(c->buffer));
|
||||
LDNS_RCODE_SET(sldns_buffer_begin(c->buffer),
|
||||
|
|
|
@ -103,6 +103,10 @@ struct worker {
|
|||
struct comm_point* cmd_com;
|
||||
/** timer for statistics */
|
||||
struct comm_timer* stat_timer;
|
||||
/** ratelimit for errors, time value */
|
||||
time_t err_limit_time;
|
||||
/** ratelimit for errors, packet count */
|
||||
unsigned int err_limit_count;
|
||||
|
||||
/** random() table for this worker. */
|
||||
struct ub_randstate* rndstate;
|
||||
|
|
|
@ -1,3 +1,81 @@
|
|||
29 May 2015: Wouter
|
||||
- Fix that unparseable error responses are ratelimited.
|
||||
- SOA negative TTL is capped at minimumttl in its rdata section.
|
||||
- cache-max-negative-ttl config option, default 3600.
|
||||
|
||||
26 May 2015: Wouter
|
||||
- Document that ratelimit works with unbound-control set_option.
|
||||
|
||||
21 May 2015: Wouter
|
||||
- iana portlist update.
|
||||
- documentation proposes ratelimit of 1000 (closer to what upstream
|
||||
servers expect from us).
|
||||
|
||||
20 May 2015: Wouter
|
||||
- DLV is going to be decommissioned. Advice to stop using it, and
|
||||
put text in the example configuration and man page to that effect.
|
||||
|
||||
10 May 2015: Wouter
|
||||
- Change syntax of particular validator error to be easier for
|
||||
machine parse, swap rrset and ip adres info so it looks like:
|
||||
validation failure <www.example.nl. TXT IN>: signature crypto
|
||||
failed from 2001:DB8:7:bba4::53 for <*.example.nl. NSEC IN>
|
||||
|
||||
1 May 2015: Wouter
|
||||
- caps-whitelist in unbound.conf allows whitelist of loadbalancers
|
||||
that cannot work with caps-for-id or its fallback.
|
||||
|
||||
30 April 2015: Wouter
|
||||
- Unit test for type ANY synthesis.
|
||||
|
||||
22 April 2015: Wouter
|
||||
- Removed contrib/unbound_unixsock.diff, because it has been
|
||||
integrated, use control-interface: /path in unbound.conf.
|
||||
- iana portlist update.
|
||||
|
||||
17 April 2015: Wouter
|
||||
- Synthesize ANY responses from cache. Does not search exhaustively,
|
||||
but MX,A,AAAA,SOA,NS also CNAME.
|
||||
- Fix leaked dns64prefix configuration string.
|
||||
|
||||
16 April 2015: Wouter
|
||||
- Add local-zone type inform_deny, that logs query and drops answer.
|
||||
- Ratelimit does not apply to prefetched queries, and ratelimit-factor
|
||||
is default 10. Repeated normal queries get resolved and with
|
||||
prefetch stay in the cache.
|
||||
- Fix bug#664: libunbound python3 related fixes (from Tomas Hozza)
|
||||
Use print_function also for Python2.
|
||||
libunbound examples: produce sorted output.
|
||||
libunbound-Python: libldns is not used anymore.
|
||||
Fix issue with Python 3 mapping of FILE* using file_py3.i from ldns.
|
||||
|
||||
10 April 2015: Wouter
|
||||
- unbound-control ratelimit_list lists high rate domains.
|
||||
- ratelimit feature, ratelimit: 100, or some sensible qps, can be
|
||||
used to turn it on. It ratelimits recursion effort per zone.
|
||||
For particular names you can configure exceptions in unbound.conf.
|
||||
- Fix that get_option for cache-sizes does not print double newline.
|
||||
- Fix#663: ssl handshake fails when using unix socket because dh size
|
||||
is too small.
|
||||
|
||||
8 April 2015: Wouter
|
||||
- Fix crash in dnstap: Do not try to log TCP responses after timeout.
|
||||
|
||||
7 April 2015: Wouter
|
||||
- Libunbound skips dos-line-endings from etc/hosts.
|
||||
- Unbound exits with a fatal error when the auto-trust-anchor-file
|
||||
fails to be writable. This is seconds after startup. You can
|
||||
load a readonly auto-trust-anchor-file with trust-anchor-file.
|
||||
The file has to be writable to notice the trust anchor change,
|
||||
without it, a trust anchor change will be unnoticed and the system
|
||||
will then become inoperable.
|
||||
- unbound-control list_insecure command shows the negative trust
|
||||
anchors currently configured, patch from Jelte Jansen.
|
||||
|
||||
2 April 2015: Wouter
|
||||
- Fix #660: Fix interface-automatic broken in the presence of
|
||||
asymmetric routing.
|
||||
|
||||
26 March 2015: Wouter
|
||||
- remote.c probedelay line is easier to read.
|
||||
- rename ldns subdirectory to sldns to avoid name collision.
|
||||
|
|
|
@ -139,6 +139,9 @@ server:
|
|||
# cache. Items are not cached for longer. In seconds.
|
||||
# cache-max-ttl: 86400
|
||||
|
||||
# the time to live (TTL) value cap for negative responses in the cache
|
||||
# cache-max-negative-ttl: 3600
|
||||
|
||||
# the time to live (TTL) value for cached roundtrip times, lameness and
|
||||
# EDNS version information for hosts. In seconds.
|
||||
# infra-host-ttl: 900
|
||||
|
@ -297,6 +300,10 @@ server:
|
|||
# This feature is an experimental implementation of draft dns-0x20.
|
||||
# use-caps-for-id: no
|
||||
|
||||
# Domains (and domains in them) without support for dns-0x20 and
|
||||
# the fallback fails because they keep sending different answers.
|
||||
# caps-whitelist: "licdn.com"
|
||||
|
||||
# Enforce privacy of these addresses. Strips them away from answers.
|
||||
# It may cause DNSSEC validation to additionally mark it as bogus.
|
||||
# Protects against 'DNS Rebinding' (uses browser as network proxy).
|
||||
|
@ -358,7 +365,7 @@ server:
|
|||
|
||||
# File with DLV trusted keys. Same format as trust-anchor-file.
|
||||
# There can be only one DLV configured, it is trusted from root down.
|
||||
# Download http://ftp.isc.org/www/dlv/dlv.isc.org.key
|
||||
# DLV is going to be decommissioned. Please do not use it any more.
|
||||
# dlv-anchor-file: "dlv.isc.org.key"
|
||||
|
||||
# File with trusted keys for validation. Specify more than one file
|
||||
|
@ -510,6 +517,7 @@ server:
|
|||
# o nodefault can be used to normally resolve AS112 zones.
|
||||
# o typetransparent resolves normally for other types and other names
|
||||
# o inform resolves normally, but logs client IP address
|
||||
# o inform_deny drops queries and logs client IP address
|
||||
#
|
||||
# defaults are localhost address, reverse for 127.0.0.1 and ::1
|
||||
# and nxdomain for AS112 zones. If you configure one of these zones
|
||||
|
@ -551,6 +559,26 @@ server:
|
|||
# Enable dns64 in module-config. Used to synthesize IPv6 from IPv4.
|
||||
# dns64-prefix: 64:ff9b::0/96
|
||||
|
||||
# ratelimit for uncached, new queries, this limits recursion effort.
|
||||
# ratelimiting is experimental, and may help against randomqueryflood.
|
||||
# if 0(default) it is disabled, otherwise state qps allowed per zone.
|
||||
# ratelimit: 0
|
||||
|
||||
# ratelimits are tracked in a cache, size in bytes of cache (or k,m).
|
||||
# ratelimit-size: 4m
|
||||
# ratelimit cache slabs, reduces lock contention if equal to cpucount.
|
||||
# ratelimit-slabs: 4
|
||||
|
||||
# 0 blocks when ratelimited, otherwise let 1/xth traffic through
|
||||
# ratelimit-factor: 10
|
||||
|
||||
# override the ratelimit for a specific domain name.
|
||||
# give this setting multiple times to have multiple overrides.
|
||||
# ratelimit-for-domain: example.com 1000
|
||||
# override the ratelimits for all domains below a domain name
|
||||
# can give this multiple times, the name closest to the zone is used.
|
||||
# ratelimit-below-domain: example 1000
|
||||
|
||||
# Python config section. To enable:
|
||||
# o use --with-pythonmodule to configure before compiling.
|
||||
# o list python in the module-config string (above) to enable.
|
||||
|
|
|
@ -177,7 +177,8 @@ harden\-glue, harden\-dnssec\-stripped, harden\-below\-nxdomain,
|
|||
harden\-referral\-path, prefetch, prefetch\-key, log\-queries,
|
||||
hide\-identity, hide\-version, identity, version, val\-log\-level,
|
||||
val\-log\-squelch, ignore\-cd\-flag, add\-holddown, del\-holddown,
|
||||
keep\-missing, tcp\-upstream, ssl\-upstream, max\-udp\-size.
|
||||
keep\-missing, tcp\-upstream, ssl\-upstream, max\-udp\-size, ratelimit,
|
||||
cache\-max\-ttl, cache\-min\-ttl, cache\-max\-negative\-ttl.
|
||||
.TP
|
||||
.B get_option \fIopt
|
||||
Get the value of the option. Give the option name without a trailing ':'.
|
||||
|
@ -197,6 +198,9 @@ This includes the root hints in use.
|
|||
.B list_forwards
|
||||
List the forward zones in use. These are printed zone by zone to the output.
|
||||
.TP
|
||||
.B list_insecure
|
||||
List the zones with domain\-insecure.
|
||||
.TP
|
||||
.B list_local_zones
|
||||
List the local zones in use. These are printed one per line with zone type.
|
||||
.TP
|
||||
|
@ -252,6 +256,13 @@ port number can be set explicitly (default port is 53 (DNS)).
|
|||
By default the forwarder information from the config file for the root "." is
|
||||
used. The config file is not changed, so after a reload these changes are
|
||||
gone. Other forward zones from the config file are not affected by this command.
|
||||
.TP
|
||||
.B ratelimit_list \fR[\fI+a\fR]
|
||||
List the domains that are ratelimited. Printed one per line with current
|
||||
estimated qps and qps limit from config. With +a it prints all domains, not
|
||||
just the ratelimited domains, with their estimated qps. The ratelimited
|
||||
domains return an error for uncached (new) queries, but cached queries work
|
||||
as normal.
|
||||
.SH "EXIT CODE"
|
||||
The unbound\-control program exits with status code 1 on error, 0 on success.
|
||||
.SH "SET UP"
|
||||
|
|
|
@ -302,6 +302,10 @@ Zero makes sure the data in the cache is as the domain owner intended,
|
|||
higher values, especially more than an hour or so, can lead to trouble as
|
||||
the data in the cache does not match up with the actual data any more.
|
||||
.TP
|
||||
.B cache\-max\-negative\-ttl: \fI<seconds>
|
||||
Time to live maximum for negative responses, these have a SOA in the
|
||||
authority section that is limited in time. Default is 3600.
|
||||
.TP
|
||||
.B infra\-host\-ttl: \fI<seconds>
|
||||
Time to live for entries in the host cache. The host cache contains
|
||||
roundtrip timing, lameness and EDNS support information. Default is 900.
|
||||
|
@ -574,6 +578,12 @@ authority servers and checks if the reply still has the correct casing.
|
|||
Disabled by default.
|
||||
This feature is an experimental implementation of draft dns\-0x20.
|
||||
.TP
|
||||
.B caps\-whitelist: \fI<domain>
|
||||
Whitelist the domain so that it does not receive caps\-for\-id perturbed
|
||||
queries. For domains that do not support 0x20 and also fail with fallback
|
||||
because they keep sending different answers, like some load balancers.
|
||||
Can be given multiple times, for different domains.
|
||||
.TP
|
||||
.B private\-address: \fI<IP address or subnet>
|
||||
Give IPv4 of IPv6 addresses or classless subnets. These are addresses
|
||||
on your private network, and are not allowed to be returned for public
|
||||
|
@ -674,14 +684,19 @@ It is possible to use wildcards with this statement, the wildcard is
|
|||
expanded on start and on reload.
|
||||
.TP
|
||||
.B dlv\-anchor\-file: \fI<filename>
|
||||
This option was used during early days DNSSEC deployment when no parent-side
|
||||
DS record registrations were easily available. Nowadays, it is best to have
|
||||
DS records registered with the parent zone (many top level zones are signed).
|
||||
File with trusted keys for DLV (DNSSEC Lookaside Validation). Both DS and
|
||||
DNSKEY entries can be used in the file, in the same format as for
|
||||
\fItrust\-anchor\-file:\fR statements. Only one DLV can be configured, more
|
||||
would be slow. The DLV configured is used as a root trusted DLV, this
|
||||
means that it is a lookaside for the root. Default is "", or no dlv anchor file.
|
||||
DLV is going to be decommissioned. Please do not use it any more.
|
||||
.TP
|
||||
.B dlv\-anchor: \fI<"Resource Record">
|
||||
Much like trust\-anchor, this is a DLV anchor with the DS or DNSKEY inline.
|
||||
DLV is going to be decommissioned. Please do not use it any more.
|
||||
.TP
|
||||
.B domain\-insecure: \fI<domain name>
|
||||
Sets domain name to be insecure, DNSSEC chain of trust is ignored towards
|
||||
|
@ -815,10 +830,10 @@ data leakage about the local network to the upstream DNS servers.
|
|||
.B local\-zone: \fI<zone> <type>
|
||||
Configure a local zone. The type determines the answer to give if
|
||||
there is no match from local\-data. The types are deny, refuse, static,
|
||||
transparent, redirect, nodefault, typetransparent, inform, and are explained
|
||||
below. After that the default settings are listed. Use local\-data: to
|
||||
enter data into the local zone. Answers for local zones are authoritative
|
||||
DNS answers. By default the zones are class IN.
|
||||
transparent, redirect, nodefault, typetransparent, inform, inform_deny,
|
||||
and are explained below. After that the default settings are listed. Use
|
||||
local\-data: to enter data into the local zone. Answers for local zones
|
||||
are authoritative DNS answers. By default the zones are class IN.
|
||||
.IP
|
||||
If you need more complicated authoritative data, with referrals, wildcards,
|
||||
CNAME/DNAME support, or DNSSEC authoritative service, setup a stub\-zone for
|
||||
|
@ -872,6 +887,10 @@ info: zonename inform IP@port queryname type class. This option can be
|
|||
used for normal resolution, but machines looking up infected names are
|
||||
logged, eg. to run antivirus on them.
|
||||
.TP 10
|
||||
\h'5'\fIinform_deny\fR
|
||||
The query is dropped, like 'deny', and logged, like 'inform'. Ie. find
|
||||
infected machines without answering the queries.
|
||||
.TP 10
|
||||
\h'5'\fInodefault\fR
|
||||
Used to turn off default contents for AS112 zones. The other types
|
||||
also turn off default contents for the zone. The 'nodefault' option
|
||||
|
@ -978,6 +997,51 @@ it as detailed in the stub zone section below.
|
|||
Configure local data shorthand for a PTR record with the reversed IPv4 or
|
||||
IPv6 address and the host name. For example "192.0.2.4 www.example.com".
|
||||
TTL can be inserted like this: "2001:DB8::4 7200 www.example.com"
|
||||
.TP 5
|
||||
.B ratelimit: \fI<number or 0>
|
||||
Enable ratelimiting of queries sent to nameserver for performing recursion.
|
||||
If 0, the default, it is disabled. This option is experimental at this time.
|
||||
The ratelimit is in queries per second that are allowed. More queries are
|
||||
turned away with an error (servfail). This stops recursive floods, eg. random
|
||||
query names, but not spoofed reflection floods. Cached responses are not
|
||||
ratelimited by this setting. The zone of the query is determined by examining
|
||||
the nameservers for it, the zone name is used to keep track of the rate.
|
||||
For example, 1000 may be a suitable value to stop the server from being
|
||||
overloaded with random names, and keeps unbound from sending traffic to the
|
||||
nameservers for those zones.
|
||||
.TP 5
|
||||
.B ratelimit\-size: \fI<memory size>
|
||||
Give the size of the data structure in which the current ongoing rates are
|
||||
kept track in. Default 4m. In bytes or use m(mega), k(kilo), g(giga).
|
||||
The ratelimit structure is small, so this data structure likely does
|
||||
not need to be large.
|
||||
.TP 5
|
||||
.B ratelimit\-slabs: \fI<number>
|
||||
Give power of 2 number of slabs, this is used to reduce lock contention
|
||||
in the ratelimit tracking data structure. Close to the number of cpus is
|
||||
a fairly good setting.
|
||||
.TP 5
|
||||
.B ratelimit\-factor: \fI<number>
|
||||
Set the amount of queries to rate limit when the limit is exceeded.
|
||||
If set to 0, all queries are dropped for domains where the limit is
|
||||
exceeded. If set to another value, 1 in that number is allowed through
|
||||
to complete. Default is 10, allowing 1/10 traffic to flow normally.
|
||||
This can make ordinary queries complete (if repeatedly queried for),
|
||||
and enter the cache, whilst also mitigiting the traffic flow by the
|
||||
factor given.
|
||||
.TP 5
|
||||
.B ratelimit\-for\-domain: \fI<domain> <number qps>
|
||||
Override the global ratelimit for an exact match domain name with the listed
|
||||
number. You can give this for any number of names. For example, for
|
||||
a top\-level\-domain you may want to have a higher limit than other names.
|
||||
.TP 5
|
||||
.B ratelimit\-below\-domain: \fI<domain> <number qps>
|
||||
Override the global ratelimit for a domain name that ends in this name.
|
||||
You can give this multiple times, it then describes different settings
|
||||
in different parts of the namespace. The closest matching suffix is used
|
||||
to determine the qps limit. The rate for the exact matching domain name
|
||||
is not changed, use ratelimit\-for\-domain to set that, you might want
|
||||
to use different settings for a top\-level\-domain and subdomains.
|
||||
.SS "Remote Control Options"
|
||||
In the
|
||||
.B remote\-control:
|
||||
|
|
|
@ -65,6 +65,7 @@
|
|||
#include "validator/val_utils.h"
|
||||
#include "validator/val_sigcrypt.h"
|
||||
#include "sldns/sbuffer.h"
|
||||
#include "sldns/str2wire.h"
|
||||
|
||||
/** time when nameserver glue is said to be 'recent' */
|
||||
#define SUSPICION_RECENT_EXPIRY 86400
|
||||
|
@ -105,6 +106,40 @@ read_fetch_policy(struct iter_env* ie, const char* str)
|
|||
return 1;
|
||||
}
|
||||
|
||||
/** apply config caps whitelist items to name tree */
|
||||
static int
|
||||
caps_white_apply_cfg(rbtree_t* ntree, struct config_file* cfg)
|
||||
{
|
||||
struct config_strlist* p;
|
||||
for(p=cfg->caps_whitelist; p; p=p->next) {
|
||||
struct name_tree_node* n;
|
||||
size_t len;
|
||||
uint8_t* nm = sldns_str2wire_dname(p->str, &len);
|
||||
if(!nm) {
|
||||
log_err("could not parse %s", p->str);
|
||||
return 0;
|
||||
}
|
||||
n = (struct name_tree_node*)calloc(1, sizeof(*n));
|
||||
if(!n) {
|
||||
log_err("out of memory");
|
||||
free(nm);
|
||||
return 0;
|
||||
}
|
||||
n->node.key = n;
|
||||
n->name = nm;
|
||||
n->len = len;
|
||||
n->labs = dname_count_labels(nm);
|
||||
n->dclass = LDNS_RR_CLASS_IN;
|
||||
if(!name_tree_insert(ntree, n, nm, len, n->labs, n->dclass)) {
|
||||
/* duplicate element ignored, idempotent */
|
||||
free(n->name);
|
||||
free(n);
|
||||
}
|
||||
}
|
||||
name_tree_init_parents(ntree);
|
||||
return 1;
|
||||
}
|
||||
|
||||
int
|
||||
iter_apply_cfg(struct iter_env* iter_env, struct config_file* cfg)
|
||||
{
|
||||
|
@ -128,6 +163,16 @@ iter_apply_cfg(struct iter_env* iter_env, struct config_file* cfg)
|
|||
log_err("Could not set private addresses");
|
||||
return 0;
|
||||
}
|
||||
if(cfg->caps_whitelist) {
|
||||
if(!iter_env->caps_white)
|
||||
iter_env->caps_white = rbtree_create(name_tree_compare);
|
||||
if(!iter_env->caps_white || !caps_white_apply_cfg(
|
||||
iter_env->caps_white, cfg)) {
|
||||
log_err("Could not set capsforid whitelist");
|
||||
return 0;
|
||||
}
|
||||
|
||||
}
|
||||
iter_env->supports_ipv6 = cfg->do_ip6;
|
||||
iter_env->supports_ipv4 = cfg->do_ip4;
|
||||
return 1;
|
||||
|
|
|
@ -61,6 +61,7 @@
|
|||
#include "util/data/msgencode.h"
|
||||
#include "util/fptr_wlist.h"
|
||||
#include "util/config_file.h"
|
||||
#include "util/random.h"
|
||||
#include "sldns/rrdef.h"
|
||||
#include "sldns/wire2str.h"
|
||||
#include "sldns/parseutil.h"
|
||||
|
@ -83,6 +84,16 @@ iter_init(struct module_env* env, int id)
|
|||
return 1;
|
||||
}
|
||||
|
||||
/** delete caps_whitelist element */
|
||||
static void
|
||||
caps_free(struct rbnode_t* n, void* ATTR_UNUSED(d))
|
||||
{
|
||||
if(n) {
|
||||
free(((struct name_tree_node*)n)->name);
|
||||
free(n);
|
||||
}
|
||||
}
|
||||
|
||||
void
|
||||
iter_deinit(struct module_env* env, int id)
|
||||
{
|
||||
|
@ -93,6 +104,10 @@ iter_deinit(struct module_env* env, int id)
|
|||
free(iter_env->target_fetch_policy);
|
||||
priv_delete(iter_env->priv);
|
||||
donotq_delete(iter_env->donotq);
|
||||
if(iter_env->caps_white) {
|
||||
traverse_postorder(iter_env->caps_white, caps_free, NULL);
|
||||
free(iter_env->caps_white);
|
||||
}
|
||||
free(iter_env);
|
||||
env->modinfo[id] = NULL;
|
||||
}
|
||||
|
@ -120,6 +135,7 @@ iter_new(struct module_qstate* qstate, int id)
|
|||
iq->query_restart_count = 0;
|
||||
iq->referral_count = 0;
|
||||
iq->sent_count = 0;
|
||||
iq->ratelimit_ok = 0;
|
||||
iq->target_count = NULL;
|
||||
iq->wait_priming_stub = 0;
|
||||
iq->refetch_glue = 0;
|
||||
|
@ -457,6 +473,16 @@ handle_cname_response(struct module_qstate* qstate, struct iter_qstate* iq,
|
|||
return 1;
|
||||
}
|
||||
|
||||
/** see if target name is caps-for-id whitelisted */
|
||||
static int
|
||||
is_caps_whitelisted(struct iter_env* ie, struct iter_qstate* iq)
|
||||
{
|
||||
if(!ie->caps_white) return 0; /* no whitelist, or no capsforid */
|
||||
return name_tree_lookup(ie->caps_white, iq->qchase.qname,
|
||||
iq->qchase.qname_len, dname_count_labels(iq->qchase.qname),
|
||||
iq->qchase.qclass) != NULL;
|
||||
}
|
||||
|
||||
/** create target count structure for this query */
|
||||
static void
|
||||
target_count_create(struct iter_qstate* iq)
|
||||
|
@ -1125,6 +1151,32 @@ processInitRequest(struct module_qstate* qstate, struct iter_qstate* iq,
|
|||
* results of priming. */
|
||||
return 0;
|
||||
}
|
||||
if(!iq->ratelimit_ok && qstate->prefetch_leeway)
|
||||
iq->ratelimit_ok = 1; /* allow prefetches, this keeps
|
||||
otherwise valid data in the cache */
|
||||
if(!iq->ratelimit_ok && infra_ratelimit_exceeded(
|
||||
qstate->env->infra_cache, iq->dp->name,
|
||||
iq->dp->namelen, *qstate->env->now)) {
|
||||
/* and increment the rate, so that the rate for time
|
||||
* now will also exceed the rate, keeping cache fresh */
|
||||
(void)infra_ratelimit_inc(qstate->env->infra_cache,
|
||||
iq->dp->name, iq->dp->namelen,
|
||||
*qstate->env->now);
|
||||
/* see if we are passed through with slip factor */
|
||||
if(qstate->env->cfg->ratelimit_factor != 0 &&
|
||||
ub_random_max(qstate->env->rnd,
|
||||
qstate->env->cfg->ratelimit_factor) == 1) {
|
||||
iq->ratelimit_ok = 1;
|
||||
log_nametypeclass(VERB_ALGO, "ratelimit allowed through for "
|
||||
"delegation point", iq->dp->name,
|
||||
LDNS_RR_TYPE_NS, LDNS_RR_CLASS_IN);
|
||||
} else {
|
||||
log_nametypeclass(VERB_ALGO, "ratelimit exceeded with "
|
||||
"delegation point", iq->dp->name,
|
||||
LDNS_RR_TYPE_NS, LDNS_RR_CLASS_IN);
|
||||
return error_response(qstate, id, LDNS_RCODE_SERVFAIL);
|
||||
}
|
||||
}
|
||||
|
||||
/* see if this dp not useless.
|
||||
* It is useless if:
|
||||
|
@ -1914,6 +1966,15 @@ processQueryTargets(struct module_qstate* qstate, struct iter_qstate* iq,
|
|||
return 0;
|
||||
}
|
||||
|
||||
/* if not forwarding, check ratelimits per delegationpoint name */
|
||||
if(!(iq->chase_flags & BIT_RD) && !iq->ratelimit_ok) {
|
||||
if(!infra_ratelimit_inc(qstate->env->infra_cache, iq->dp->name,
|
||||
iq->dp->namelen, *qstate->env->now)) {
|
||||
verbose(VERB_ALGO, "query exceeded ratelimits");
|
||||
return error_response(qstate, id, LDNS_RCODE_SERVFAIL);
|
||||
}
|
||||
}
|
||||
|
||||
/* We have a valid target. */
|
||||
if(verbosity >= VERB_QUERY) {
|
||||
log_query_info(VERB_QUERY, "sending query:", &iq->qchase);
|
||||
|
@ -1928,11 +1989,15 @@ processQueryTargets(struct module_qstate* qstate, struct iter_qstate* iq,
|
|||
iq->qchase.qname, iq->qchase.qname_len,
|
||||
iq->qchase.qtype, iq->qchase.qclass,
|
||||
iq->chase_flags | (iq->chase_to_rd?BIT_RD:0), EDNS_DO|BIT_CD,
|
||||
iq->dnssec_expected, iq->caps_fallback, &target->addr,
|
||||
target->addrlen, iq->dp->name, iq->dp->namelen, qstate);
|
||||
iq->dnssec_expected, iq->caps_fallback || is_caps_whitelisted(
|
||||
ie, iq), &target->addr, target->addrlen, iq->dp->name,
|
||||
iq->dp->namelen, qstate);
|
||||
if(!outq) {
|
||||
log_addr(VERB_DETAIL, "error sending query to auth server",
|
||||
&target->addr, target->addrlen);
|
||||
if(!(iq->chase_flags & BIT_RD) && !iq->ratelimit_ok)
|
||||
infra_ratelimit_dec(qstate->env->infra_cache, iq->dp->name,
|
||||
iq->dp->namelen, *qstate->env->now);
|
||||
return next_state(iq, QUERYTARGETS_STATE);
|
||||
}
|
||||
outbound_list_insert(&iq->outlist, outq);
|
||||
|
@ -2083,6 +2148,14 @@ processQueryResponse(struct module_qstate* qstate, struct iter_qstate* iq,
|
|||
* delegation point, and back to the QUERYTARGETS_STATE. */
|
||||
verbose(VERB_DETAIL, "query response was REFERRAL");
|
||||
|
||||
if(!(iq->chase_flags & BIT_RD) && !iq->ratelimit_ok) {
|
||||
/* we have a referral, no ratelimit, we can send
|
||||
* our queries to the given name */
|
||||
infra_ratelimit_dec(qstate->env->infra_cache,
|
||||
iq->dp->name, iq->dp->namelen,
|
||||
*qstate->env->now);
|
||||
}
|
||||
|
||||
/* if hardened, only store referral if we asked for it */
|
||||
if(!qstate->env->cfg->harden_referral_path ||
|
||||
( qstate->qinfo.qtype == LDNS_RR_TYPE_NS
|
||||
|
|
|
@ -51,6 +51,7 @@ struct iter_forwards;
|
|||
struct iter_donotq;
|
||||
struct iter_prep_list;
|
||||
struct iter_priv;
|
||||
struct rbtree_t;
|
||||
|
||||
/** max number of targets spawned for a query and its subqueries */
|
||||
#define MAX_TARGET_COUNT 32
|
||||
|
@ -96,6 +97,9 @@ struct iter_env {
|
|||
/** private address space and private domains */
|
||||
struct iter_priv* priv;
|
||||
|
||||
/** whitelist for capsforid names */
|
||||
struct rbtree_t* caps_white;
|
||||
|
||||
/** The maximum dependency depth that this resolver will pursue. */
|
||||
int max_dependency_depth;
|
||||
|
||||
|
@ -259,6 +263,9 @@ struct iter_qstate {
|
|||
* subqueries, the malloced-array is shared, [0] refcount. */
|
||||
int* target_count;
|
||||
|
||||
/** if true, already tested for ratelimiting and passed the test */
|
||||
int ratelimit_ok;
|
||||
|
||||
/**
|
||||
* The query must store NS records from referrals as parentside RRs
|
||||
* Enabled once it hits resolution problems, to throttle retries.
|
||||
|
|
|
@ -1028,6 +1028,7 @@ ub_ctx_hosts(struct ub_ctx* ctx, const char* fname)
|
|||
"\\hosts");
|
||||
retval=ub_ctx_hosts(ctx, buf);
|
||||
}
|
||||
free(name);
|
||||
return retval;
|
||||
}
|
||||
return UB_READFILE;
|
||||
|
@ -1052,6 +1053,8 @@ ub_ctx_hosts(struct ub_ctx* ctx, const char* fname)
|
|||
/* skip addr */
|
||||
while(isxdigit((unsigned char)*parse) || *parse == '.' || *parse == ':')
|
||||
parse++;
|
||||
if(*parse == '\r')
|
||||
parse++;
|
||||
if(*parse == '\n' || *parse == 0)
|
||||
continue;
|
||||
if(*parse == '%')
|
||||
|
@ -1065,7 +1068,8 @@ ub_ctx_hosts(struct ub_ctx* ctx, const char* fname)
|
|||
*parse++ = 0; /* end delimiter for addr ... */
|
||||
/* go to names and add them */
|
||||
while(*parse) {
|
||||
while(*parse == ' ' || *parse == '\t' || *parse=='\n')
|
||||
while(*parse == ' ' || *parse == '\t' || *parse=='\n'
|
||||
|| *parse=='\r')
|
||||
parse++;
|
||||
if(*parse == 0 || *parse == '#')
|
||||
break;
|
||||
|
|
|
@ -48,17 +48,14 @@ help:
|
|||
#../../.libs/libunbound.so.0: ../../Makefile
|
||||
#$(MAKE) -C ../..
|
||||
|
||||
#../../ldns-src/lib/libldns.so: ../../ldns-src/Makefile
|
||||
#$(MAKE) -C ../../ldns-src
|
||||
|
||||
clean:
|
||||
rm -rdf examples/unbound
|
||||
rm -f _unbound.so libunbound_wrap.o
|
||||
$(MAKE) -C ../.. clean
|
||||
|
||||
testenv: ../../.libs/libunbound.so.2 ../../ldns-src/lib/libldns.so ../../.libs/_unbound.so
|
||||
testenv: ../../.libs/libunbound.so.2 ../../.libs/_unbound.so
|
||||
rm -rdf examples/unbound
|
||||
cd examples && mkdir unbound && ln -s ../../unbound.py unbound/__init__.py && ln -s ../../_unbound.so unbound/_unbound.so && ln -s ../../../../.libs/libunbound.so.2 unbound/libunbound.so.2 && ln -s ../../../../ldns-src/lib/libldns.so.1 unbound/libldns.so.1 && ls -la
|
||||
cd examples && mkdir unbound && ln -s ../../unbound.py unbound/__init__.py && ln -s ../../_unbound.so unbound/_unbound.so && ln -s ../../../../.libs/libunbound.so.2 unbound/libunbound.so.2 && ls -la
|
||||
cd examples && if test -f ../../../.libs/_unbound.so; then cp ../../../.libs/_unbound.so . ; fi
|
||||
@echo "Run a script by typing ./script_name.py"
|
||||
cd examples && LD_LIBRARY_PATH=unbound bash
|
||||
|
|
|
@ -32,6 +32,7 @@
|
|||
ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
|
||||
POSSIBILITY OF SUCH DAMAGE.
|
||||
'''
|
||||
from __future__ import print_function
|
||||
import unbound
|
||||
import time
|
||||
|
||||
|
@ -39,9 +40,9 @@ ctx = unbound.ub_ctx()
|
|||
ctx.resolvconf("/etc/resolv.conf")
|
||||
|
||||
def call_back(my_data,status,result):
|
||||
print("Call_back:", my_data)
|
||||
print("Call_back:", sorted(my_data))
|
||||
if status == 0 and result.havedata:
|
||||
print("Result:", result.data.address_list)
|
||||
print("Result:", sorted(result.data.address_list))
|
||||
my_data['done_flag'] = True
|
||||
|
||||
|
||||
|
|
|
@ -32,6 +32,7 @@
|
|||
ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
|
||||
POSSIBILITY OF SUCH DAMAGE.
|
||||
'''
|
||||
from __future__ import print_function
|
||||
import unbound
|
||||
|
||||
ctx = unbound.ub_ctx()
|
||||
|
@ -39,6 +40,6 @@ ctx.resolvconf("/etc/resolv.conf")
|
|||
|
||||
status, result = ctx.resolve("www.nic.cz", unbound.RR_TYPE_A, unbound.RR_CLASS_IN)
|
||||
if status == 0 and result.havedata:
|
||||
print("Result:", result.data.address_list)
|
||||
print("Result:", sorted(result.data.address_list))
|
||||
elif status != 0:
|
||||
print("Error:", unbound.ub_strerror(status))
|
||||
|
|
|
@ -32,6 +32,7 @@
|
|||
ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
|
||||
POSSIBILITY OF SUCH DAMAGE.
|
||||
'''
|
||||
from __future__ import print_function
|
||||
import os
|
||||
from unbound import ub_ctx,RR_TYPE_A,RR_CLASS_IN
|
||||
|
||||
|
@ -48,7 +49,7 @@ if os.path.isfile("keys"):
|
|||
status, result = ctx.resolve("www.nic.cz", RR_TYPE_A, RR_CLASS_IN)
|
||||
if status == 0 and result.havedata:
|
||||
|
||||
print("Result:", result.data.address_list)
|
||||
print("Result:", sorted(result.data.address_list))
|
||||
|
||||
if result.secure:
|
||||
print("Result is secure")
|
||||
|
|
|
@ -1,4 +1,5 @@
|
|||
#!/usr/bin/env python
|
||||
from __future__ import print_function
|
||||
from unbound import ub_ctx, RR_TYPE_A, RR_TYPE_RRSIG, RR_TYPE_NSEC, RR_TYPE_NSEC3
|
||||
import ldns
|
||||
|
||||
|
@ -12,16 +13,16 @@ def dnssecParse(domain, rrType=RR_TYPE_A):
|
|||
raise RuntimeError("Error parsing DNS packet")
|
||||
|
||||
rrsigs = pkt.rr_list_by_type(RR_TYPE_RRSIG, ldns.LDNS_SECTION_ANSWER)
|
||||
print("RRSIGs from answer:", rrsigs)
|
||||
print("RRSIGs from answer:", sorted(rrsigs))
|
||||
|
||||
rrsigs = pkt.rr_list_by_type(RR_TYPE_RRSIG, ldns.LDNS_SECTION_AUTHORITY)
|
||||
print("RRSIGs from authority:", rrsigs)
|
||||
print("RRSIGs from authority:", sorted(rrsigs))
|
||||
|
||||
nsecs = pkt.rr_list_by_type(RR_TYPE_NSEC, ldns.LDNS_SECTION_AUTHORITY)
|
||||
print("NSECs:", nsecs)
|
||||
print("NSECs:", sorted(nsecs))
|
||||
|
||||
nsec3s = pkt.rr_list_by_type(RR_TYPE_NSEC3, ldns.LDNS_SECTION_AUTHORITY)
|
||||
print("NSEC3s:", nsec3s)
|
||||
print("NSEC3s:", sorted(nsec3s))
|
||||
|
||||
print("---")
|
||||
|
||||
|
|
|
@ -33,6 +33,7 @@
|
|||
ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
|
||||
POSSIBILITY OF SUCH DAMAGE.
|
||||
'''
|
||||
from __future__ import print_function
|
||||
import unbound
|
||||
|
||||
ctx = unbound.ub_ctx()
|
||||
|
@ -42,20 +43,20 @@ status, result = ctx.resolve("nic.cz", unbound.RR_TYPE_MX, unbound.RR_CLASS_IN)
|
|||
if status == 0 and result.havedata:
|
||||
print("Result:")
|
||||
print(" raw data:", result.data)
|
||||
for k in result.data.mx_list:
|
||||
for k in sorted(result.data.mx_list):
|
||||
print(" priority:%d address:%s" % k)
|
||||
|
||||
status, result = ctx.resolve("nic.cz", unbound.RR_TYPE_A, unbound.RR_CLASS_IN)
|
||||
if status == 0 and result.havedata:
|
||||
print("Result:")
|
||||
print(" raw data:", result.data)
|
||||
for k in result.data.address_list:
|
||||
for k in sorted(result.data.address_list):
|
||||
print(" address:%s" % k)
|
||||
|
||||
status, result = ctx.resolve("nic.cz", unbound.RR_TYPE_NS, unbound.RR_CLASS_IN)
|
||||
if status == 0 and result.havedata:
|
||||
print("Result:")
|
||||
print(" raw data:", result.data)
|
||||
for k in result.data.domain_list:
|
||||
for k in sorted(result.data.domain_list):
|
||||
print(" host: %s" % k)
|
||||
|
||||
|
|
|
@ -33,6 +33,7 @@
|
|||
ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
|
||||
POSSIBILITY OF SUCH DAMAGE.
|
||||
'''
|
||||
from __future__ import print_function
|
||||
import unbound
|
||||
import locale
|
||||
|
||||
|
@ -45,18 +46,18 @@ status, result = ctx.resolve(u"www.háčkyčárky.cz", unbound.RR_TYPE_A, unboun
|
|||
if status == 0 and result.havedata:
|
||||
print("Result:")
|
||||
print(" raw data:", result.data)
|
||||
for k in result.data.address_list:
|
||||
for k in sorted(result.data.address_list):
|
||||
print(" address:%s" % k)
|
||||
|
||||
status, result = ctx.resolve(u"háčkyčárky.cz", unbound.RR_TYPE_MX, unbound.RR_CLASS_IN)
|
||||
if status == 0 and result.havedata:
|
||||
print("Result:")
|
||||
print(" raw data:", result.data)
|
||||
for k in result.data.mx_list_idn:
|
||||
for k in sorted(result.data.mx_list_idn):
|
||||
print(" priority:%d address:%s" % k)
|
||||
|
||||
status, result = ctx.resolve(unbound.reverse('217.31.204.66')+'.in-addr.arpa', unbound.RR_TYPE_PTR, unbound.RR_CLASS_IN)
|
||||
if status == 0 and result.havedata:
|
||||
print("Result.data:", result.data)
|
||||
for k in result.data.domain_list_idn:
|
||||
for k in sorted(result.data.domain_list_idn):
|
||||
print(" dname:%s" % k)
|
||||
|
|
|
@ -33,6 +33,7 @@
|
|||
ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
|
||||
POSSIBILITY OF SUCH DAMAGE.
|
||||
'''
|
||||
from __future__ import print_function
|
||||
import unbound
|
||||
|
||||
ctx = unbound.ub_ctx()
|
||||
|
@ -42,12 +43,12 @@ status, result = ctx.resolve("nic.cz", unbound.RR_TYPE_MX, unbound.RR_CLASS_IN)
|
|||
if status == 0 and result.havedata:
|
||||
print("Result:")
|
||||
print(" raw data:", result.data)
|
||||
for k in result.data.mx_list:
|
||||
for k in sorted(result.data.mx_list):
|
||||
print(" priority:%d address:%s" % k)
|
||||
|
||||
status, result = ctx.resolve("nic.cz", unbound.RR_TYPE_A, unbound.RR_CLASS_IN)
|
||||
if status == 0 and result.havedata:
|
||||
print("Result:")
|
||||
print(" raw data:", result.data)
|
||||
for k in result.data.address_list:
|
||||
for k in sorted(result.data.address_list):
|
||||
print(" address:%s" % k)
|
||||
|
|
|
@ -33,6 +33,7 @@
|
|||
ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
|
||||
POSSIBILITY OF SUCH DAMAGE.
|
||||
'''
|
||||
from __future__ import print_function
|
||||
import unbound
|
||||
|
||||
ctx = unbound.ub_ctx()
|
||||
|
@ -42,6 +43,6 @@ status, result = ctx.resolve("vutbr.cz", unbound.RR_TYPE_NS, unbound.RR_CLASS_IN
|
|||
if status == 0 and result.havedata:
|
||||
print("Result:")
|
||||
print(" raw data:", result.data)
|
||||
for k in result.data.domain_list:
|
||||
for k in sorted(result.data.domain_list):
|
||||
print(" host: %s" % k)
|
||||
|
||||
|
|
|
@ -32,6 +32,7 @@
|
|||
ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
|
||||
POSSIBILITY OF SUCH DAMAGE.
|
||||
'''
|
||||
from __future__ import print_function
|
||||
import unbound
|
||||
|
||||
ctx = unbound.ub_ctx()
|
||||
|
@ -39,5 +40,5 @@ ctx.resolvconf("/etc/resolv.conf")
|
|||
|
||||
status, result = ctx.resolve(unbound.reverse("74.125.43.147") + ".in-addr.arpa.", unbound.RR_TYPE_PTR, unbound.RR_CLASS_IN)
|
||||
if status == 0 and result.havedata:
|
||||
print("Result.data:", result.data, result.data.domain_list)
|
||||
print("Result.data:", result.data, sorted(result.data.domain_list))
|
||||
|
||||
|
|
|
@ -0,0 +1,155 @@
|
|||
/*
|
||||
* file_py3.i: Typemaps for FILE* for Python 3
|
||||
*
|
||||
* Copyright (c) 2011, Karel Slany (karel.slany AT nic.cz)
|
||||
* All rights reserved.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions are met:
|
||||
*
|
||||
* * Redistributions of source code must retain the above copyright notice,
|
||||
* this list of conditions and the following disclaimer.
|
||||
* * Redistributions in binary form must reproduce the above copyright
|
||||
* notice, this list of conditions and the following disclaimer in the
|
||||
* documentation and/or other materials provided with the distribution.
|
||||
* * Neither the name of the organization nor the names of its
|
||||
* contributors may be used to endorse or promote products derived from this
|
||||
* software without specific prior written permission.
|
||||
*
|
||||
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
|
||||
* AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
||||
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
||||
* ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
|
||||
* LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
|
||||
* CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
|
||||
* SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
|
||||
* INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
|
||||
* CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
|
||||
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
|
||||
* POSSIBILITY OF SUCH DAMAGE.
|
||||
*/
|
||||
|
||||
%{
|
||||
#include <unistd.h>
|
||||
#include <fcntl.h>
|
||||
%}
|
||||
|
||||
%types(FILE *);
|
||||
|
||||
//#define SWIG_FILE3_DEBUG
|
||||
|
||||
/* converts basic file descriptor flags onto a string */
|
||||
%fragment("fdfl_to_str", "header") {
|
||||
const char *
|
||||
fdfl_to_str(int fdfl) {
|
||||
|
||||
static const char * const file_mode[] = {"w+", "w", "r"};
|
||||
|
||||
if (fdfl & O_RDWR) {
|
||||
return file_mode[0];
|
||||
} else if (fdfl & O_WRONLY) {
|
||||
return file_mode[1];
|
||||
} else {
|
||||
return file_mode[2];
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
%fragment("is_obj_file", "header") {
|
||||
int
|
||||
is_obj_file(PyObject *obj) {
|
||||
int fd, fdfl;
|
||||
if (!PyLong_Check(obj) && /* is not an integer */
|
||||
PyObject_HasAttrString(obj, "fileno") && /* has fileno method */
|
||||
(PyObject_CallMethod(obj, "flush", NULL) != NULL) && /* flush() succeeded */
|
||||
((fd = PyObject_AsFileDescriptor(obj)) != -1) && /* got file descriptor */
|
||||
((fdfl = fcntl(fd, F_GETFL)) != -1) /* got descriptor flags */
|
||||
) {
|
||||
return 1;
|
||||
}
|
||||
else {
|
||||
return 0;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
%fragment("obj_to_file","header", fragment="fdfl_to_str,is_obj_file") {
|
||||
FILE *
|
||||
obj_to_file(PyObject *obj) {
|
||||
int fd, fdfl;
|
||||
FILE *fp;
|
||||
if (is_obj_file(obj)) {
|
||||
fd = PyObject_AsFileDescriptor(obj);
|
||||
fdfl = fcntl(fd, F_GETFL);
|
||||
fp = fdopen(dup(fd), fdfl_to_str(fdfl)); /* the FILE* must be flushed
|
||||
and closed after being used */
|
||||
#ifdef SWIG_FILE3_DEBUG
|
||||
fprintf(stderr, "opening fd %d (fl %d \"%s\") as FILE %p\n",
|
||||
fd, fdfl, fdfl_to_str(fdfl), (void *)fp);
|
||||
#endif
|
||||
return fp;
|
||||
}
|
||||
return NULL;
|
||||
}
|
||||
}
|
||||
|
||||
/* returns -1 if error occurred */
|
||||
/* caused magic SWIG Syntax errors when was commented out */
|
||||
#if 0
|
||||
%fragment("dispose_file", "header") {
|
||||
int
|
||||
dispose_file(FILE **fp) {
|
||||
#ifdef SWIG_FILE3_DEBUG
|
||||
fprintf(stderr, "flushing FILE %p\n", (void *)fp);
|
||||
#endif
|
||||
if (*fp == NULL) {
|
||||
return 0;
|
||||
}
|
||||
if ((fflush(*fp) == 0) && /* flush file */
|
||||
(fclose(*fp) == 0)) { /* close file */
|
||||
*fp = NULL;
|
||||
return 0;
|
||||
}
|
||||
return -1;
|
||||
}
|
||||
}
|
||||
#endif
|
||||
|
||||
%typemap(arginit, noblock = 1) FILE* {
|
||||
$1 = NULL;
|
||||
}
|
||||
|
||||
/*
|
||||
* added due to ub_ctx_debugout since since it is overloaded:
|
||||
* takes void* and FILE*. In reality only FILE* but the wrapper
|
||||
* and the function is declared in such way.
|
||||
*/
|
||||
%typemap(typecheck, noblock = 1, fragment = "is_obj_file", precedence = SWIG_TYPECHECK_POINTER) FILE* {
|
||||
$1 = is_obj_file($input);
|
||||
}
|
||||
|
||||
%typemap(check, noblock = 1) FILE* {
|
||||
if ($1 == NULL) {
|
||||
/* The generated wrapper function raises TypeError on mismatching types. */
|
||||
SWIG_exception_fail(SWIG_TypeError, "in method '" "$symname" "', argument "
|
||||
"$argnum"" of type '" "$type""'");
|
||||
}
|
||||
}
|
||||
|
||||
%typemap(in, noblock = 1, fragment = "obj_to_file") FILE* {
|
||||
$1 = obj_to_file($input);
|
||||
}
|
||||
|
||||
/*
|
||||
* Commented out due the way how ub_ctx_debugout() uses the parameter.
|
||||
* This typemap would cause the FILE* to be closed after return from
|
||||
* the function. This caused Python interpreter to crash, since the
|
||||
* function just stores the FILE* internally in ctx and use it for
|
||||
* logging. So we'll leave the closing of the file on the OS.
|
||||
*/
|
||||
/*%typemap(freearg, noblock = 1, fragment = "dispose_file") FILE* {
|
||||
if (dispose_file(&$1) == -1) {
|
||||
SWIG_exception_fail(SWIG_IOError, "closing file in method '" "$symname" "', argument "
|
||||
"$argnum"" of type '" "$type""'");
|
||||
}
|
||||
}*/
|
|
@ -60,7 +60,11 @@
|
|||
%}
|
||||
|
||||
//%include "doc.i"
|
||||
#if PY_MAJOR_VERSION >= 3
|
||||
%include "file_py3.i" // python 3 FILE *
|
||||
#else
|
||||
%include "file.i"
|
||||
#endif
|
||||
|
||||
%feature("docstring") strerror "Convert error value to a human readable string."
|
||||
|
||||
|
|
|
@ -29,15 +29,15 @@
|
|||
#include "iterator/iter_delegpt.h"
|
||||
#include "iterator/iter_hints.h"
|
||||
#include "iterator/iter_utils.h"
|
||||
#include "ldns/wire2str.h"
|
||||
#include "ldns/str2wire.h"
|
||||
#include "ldns/pkthdr.h"
|
||||
#include "sldns/wire2str.h"
|
||||
#include "sldns/str2wire.h"
|
||||
#include "sldns/pkthdr.h"
|
||||
%}
|
||||
|
||||
%include "stdint.i" // uint_16_t can be known type now
|
||||
|
||||
%inline %{
|
||||
//converts [len][data][len][data][0] string to a List of labels (PyStrings)
|
||||
//converts [len][data][len][data][0] string to a List of labels (PyBytes)
|
||||
PyObject* GetNameAsLabelList(const char* name, int len) {
|
||||
PyObject* list;
|
||||
int cnt=0, i;
|
||||
|
@ -164,7 +164,7 @@ struct query_info {
|
|||
char buf[LDNS_MAX_DOMAINLEN+1];
|
||||
buf[0] = '\0';
|
||||
dname_str((uint8_t*)dname, buf);
|
||||
return PyString_FromString(buf);
|
||||
return PyBytes_FromString(buf);
|
||||
}
|
||||
%}
|
||||
|
||||
|
@ -440,7 +440,7 @@ struct comm_reply {
|
|||
reply_addr2str(reply, dest, 64);
|
||||
if (dest[0] == 0)
|
||||
return Py_None;
|
||||
return PyString_FromString(dest);
|
||||
return PyBytes_FromString(dest);
|
||||
}
|
||||
|
||||
PyObject* _comm_reply_family_get(struct comm_reply* reply) {
|
||||
|
@ -448,9 +448,9 @@ struct comm_reply {
|
|||
int af = (int)((struct sockaddr_in*) &(reply->addr))->sin_family;
|
||||
|
||||
switch(af) {
|
||||
case AF_INET: return PyString_FromString("ip4");
|
||||
case AF_INET6: return PyString_FromString("ip6");
|
||||
case AF_UNIX: return PyString_FromString("unix");
|
||||
case AF_INET: return PyBytes_FromString("ip4");
|
||||
case AF_INET6: return PyBytes_FromString("ip6");
|
||||
case AF_UNIX: return PyBytes_FromString("unix");
|
||||
}
|
||||
|
||||
return Py_None;
|
||||
|
@ -711,13 +711,13 @@ struct delegpt {
|
|||
|
||||
%inline %{
|
||||
PyObject* _get_dp_dname(struct delegpt* dp) {
|
||||
return PyString_FromStringAndSize((char*)dp->name, dp->namelen);
|
||||
return PyBytes_FromStringAndSize((char*)dp->name, dp->namelen);
|
||||
}
|
||||
PyObject* _get_dp_dname_components(struct delegpt* dp) {
|
||||
return GetNameAsLabelList((char*)dp->name, dp->namelen);
|
||||
}
|
||||
PyObject* _get_dpns_dname(struct delegpt_ns* dpns) {
|
||||
return PyString_FromStringAndSize((char*)dpns->name, dpns->namelen);
|
||||
return PyBytes_FromStringAndSize((char*)dpns->name, dpns->namelen);
|
||||
}
|
||||
PyObject* _get_dpns_dname_components(struct delegpt_ns* dpns) {
|
||||
return GetNameAsLabelList((char*)dpns->name, dpns->namelen);
|
||||
|
@ -728,7 +728,7 @@ struct delegpt {
|
|||
delegpt_addr_addr2str(target, dest, 64);
|
||||
if (dest[0] == 0)
|
||||
return Py_None;
|
||||
return PyString_FromString(dest);
|
||||
return PyBytes_FromString(dest);
|
||||
}
|
||||
|
||||
%}
|
||||
|
@ -842,7 +842,7 @@ int checkList(PyObject *l)
|
|||
for (i=0; i < PyList_Size(l); i++)
|
||||
{
|
||||
item = PyList_GetItem(l, i);
|
||||
if (!PyString_Check(item))
|
||||
if (!PyBytes_Check(item))
|
||||
return 0;
|
||||
}
|
||||
return 1;
|
||||
|
@ -864,12 +864,12 @@ int pushRRList(sldns_buffer* qb, PyObject *l, uint32_t default_ttl, int qsec,
|
|||
|
||||
len = sldns_buffer_remaining(qb);
|
||||
if(qsec) {
|
||||
if(sldns_str2wire_rr_question_buf(PyString_AsString(item),
|
||||
if(sldns_str2wire_rr_question_buf(PyBytes_AsString(item),
|
||||
sldns_buffer_current(qb), &len, NULL, NULL, 0, NULL, 0)
|
||||
!= 0)
|
||||
return 0;
|
||||
} else {
|
||||
if(sldns_str2wire_rr_buf(PyString_AsString(item),
|
||||
if(sldns_str2wire_rr_buf(PyBytes_AsString(item),
|
||||
sldns_buffer_current(qb), &len, NULL, default_ttl,
|
||||
NULL, 0, NULL, 0) != 0)
|
||||
return 0;
|
||||
|
|
|
@ -133,7 +133,13 @@ int pythonmod_init(struct module_env* env, int id)
|
|||
/* Initialize Python libraries */
|
||||
if (!Py_IsInitialized())
|
||||
{
|
||||
Py_SetProgramName("unbound");
|
||||
#if PY_MAJOR_VERSION >= 3
|
||||
wchar_t progname[8];
|
||||
mbstowcs(progname, "unbound", 8);
|
||||
#else
|
||||
char *progname = "unbound";
|
||||
#endif
|
||||
Py_SetProgramName(progname);
|
||||
Py_NoSiteFlag = 1;
|
||||
Py_Initialize();
|
||||
PyEval_InitThreads();
|
||||
|
|
|
@ -389,6 +389,18 @@ dns_msg_authadd(struct dns_msg* msg, struct regional* region,
|
|||
return 1;
|
||||
}
|
||||
|
||||
/** add rrset to answer section */
|
||||
static int
|
||||
dns_msg_ansadd(struct dns_msg* msg, struct regional* region,
|
||||
struct ub_packed_rrset_key* rrset, time_t now)
|
||||
{
|
||||
if(!(msg->rep->rrsets[msg->rep->rrset_count++] =
|
||||
packed_rrset_copy_region(rrset, region, now)))
|
||||
return 0;
|
||||
msg->rep->an_numrrsets++;
|
||||
return 1;
|
||||
}
|
||||
|
||||
struct delegpt*
|
||||
dns_cache_find_delegation(struct module_env* env, uint8_t* qname,
|
||||
size_t qnamelen, uint16_t qtype, uint16_t qclass,
|
||||
|
@ -635,6 +647,58 @@ synth_dname_msg(struct ub_packed_rrset_key* rrset, struct regional* region,
|
|||
return msg;
|
||||
}
|
||||
|
||||
/** Fill TYPE_ANY response with some data from cache */
|
||||
static struct dns_msg*
|
||||
fill_any(struct module_env* env,
|
||||
uint8_t* qname, size_t qnamelen, uint16_t qtype, uint16_t qclass,
|
||||
struct regional* region)
|
||||
{
|
||||
time_t now = *env->now;
|
||||
struct dns_msg* msg = NULL;
|
||||
uint16_t lookup[] = {LDNS_RR_TYPE_A, LDNS_RR_TYPE_AAAA,
|
||||
LDNS_RR_TYPE_MX, LDNS_RR_TYPE_SOA, LDNS_RR_TYPE_NS, 0};
|
||||
int i, num=5; /* number of RR types to look up */
|
||||
log_assert(lookup[num] == 0);
|
||||
|
||||
for(i=0; i<num; i++) {
|
||||
/* look up this RR for inclusion in type ANY response */
|
||||
struct ub_packed_rrset_key* rrset = rrset_cache_lookup(
|
||||
env->rrset_cache, qname, qnamelen, lookup[i],
|
||||
qclass, 0, now, 0);
|
||||
struct packed_rrset_data *d;
|
||||
if(!rrset)
|
||||
continue;
|
||||
|
||||
/* only if rrset from answer section */
|
||||
d = (struct packed_rrset_data*)rrset->entry.data;
|
||||
if(d->trust == rrset_trust_add_noAA ||
|
||||
d->trust == rrset_trust_auth_noAA ||
|
||||
d->trust == rrset_trust_add_AA ||
|
||||
d->trust == rrset_trust_auth_AA) {
|
||||
lock_rw_unlock(&rrset->entry.lock);
|
||||
continue;
|
||||
}
|
||||
|
||||
/* create msg if none */
|
||||
if(!msg) {
|
||||
msg = dns_msg_create(qname, qnamelen, qtype, qclass,
|
||||
region, (size_t)(num-i));
|
||||
if(!msg) {
|
||||
lock_rw_unlock(&rrset->entry.lock);
|
||||
return NULL;
|
||||
}
|
||||
}
|
||||
|
||||
/* add RRset to response */
|
||||
if(!dns_msg_ansadd(msg, region, rrset, now)) {
|
||||
lock_rw_unlock(&rrset->entry.lock);
|
||||
return NULL;
|
||||
}
|
||||
lock_rw_unlock(&rrset->entry.lock);
|
||||
}
|
||||
return msg;
|
||||
}
|
||||
|
||||
struct dns_msg*
|
||||
dns_cache_lookup(struct module_env* env,
|
||||
uint8_t* qname, size_t qnamelen, uint16_t qtype, uint16_t qclass,
|
||||
|
@ -747,6 +811,11 @@ dns_cache_lookup(struct module_env* env,
|
|||
}
|
||||
}
|
||||
|
||||
/* fill common RR types for ANY response to avoid requery */
|
||||
if(qtype == LDNS_RR_TYPE_ANY) {
|
||||
return fill_any(env, qname, qnamelen, qtype, qclass, region);
|
||||
}
|
||||
|
||||
return NULL;
|
||||
}
|
||||
|
||||
|
|
|
@ -40,6 +40,7 @@
|
|||
*/
|
||||
#include "config.h"
|
||||
#include "sldns/rrdef.h"
|
||||
#include "sldns/str2wire.h"
|
||||
#include "services/cache/infra.h"
|
||||
#include "util/storage/slabhash.h"
|
||||
#include "util/storage/lookup3.h"
|
||||
|
@ -57,6 +58,9 @@
|
|||
* can do this number of packets (until those all timeout too) */
|
||||
#define TIMEOUT_COUNT_MAX 3
|
||||
|
||||
/** ratelimit value for delegation point */
|
||||
int infra_dp_ratelimit = 0;
|
||||
|
||||
size_t
|
||||
infra_sizefunc(void* k, void* ATTR_UNUSED(d))
|
||||
{
|
||||
|
@ -99,6 +103,114 @@ infra_deldatafunc(void* d, void* ATTR_UNUSED(arg))
|
|||
free(data);
|
||||
}
|
||||
|
||||
size_t
|
||||
rate_sizefunc(void* k, void* ATTR_UNUSED(d))
|
||||
{
|
||||
struct rate_key* key = (struct rate_key*)k;
|
||||
return sizeof(*key) + sizeof(struct rate_data) + key->namelen
|
||||
+ lock_get_mem(&key->entry.lock);
|
||||
}
|
||||
|
||||
int
|
||||
rate_compfunc(void* key1, void* key2)
|
||||
{
|
||||
struct rate_key* k1 = (struct rate_key*)key1;
|
||||
struct rate_key* k2 = (struct rate_key*)key2;
|
||||
if(k1->namelen != k2->namelen) {
|
||||
if(k1->namelen < k2->namelen)
|
||||
return -1;
|
||||
return 1;
|
||||
}
|
||||
return query_dname_compare(k1->name, k2->name);
|
||||
}
|
||||
|
||||
void
|
||||
rate_delkeyfunc(void* k, void* ATTR_UNUSED(arg))
|
||||
{
|
||||
struct rate_key* key = (struct rate_key*)k;
|
||||
if(!key)
|
||||
return;
|
||||
lock_rw_destroy(&key->entry.lock);
|
||||
free(key->name);
|
||||
free(key);
|
||||
}
|
||||
|
||||
void
|
||||
rate_deldatafunc(void* d, void* ATTR_UNUSED(arg))
|
||||
{
|
||||
struct rate_data* data = (struct rate_data*)d;
|
||||
free(data);
|
||||
}
|
||||
|
||||
/** find or create element in domainlimit tree */
|
||||
static struct domain_limit_data* domain_limit_findcreate(
|
||||
struct infra_cache* infra, char* name)
|
||||
{
|
||||
uint8_t* nm;
|
||||
int labs;
|
||||
size_t nmlen;
|
||||
struct domain_limit_data* d;
|
||||
|
||||
/* parse name */
|
||||
nm = sldns_str2wire_dname(name, &nmlen);
|
||||
if(!nm) {
|
||||
log_err("could not parse %s", name);
|
||||
return NULL;
|
||||
}
|
||||
labs = dname_count_labels(nm);
|
||||
|
||||
/* can we find it? */
|
||||
d = (struct domain_limit_data*)name_tree_find(&infra->domain_limits,
|
||||
nm, nmlen, labs, LDNS_RR_CLASS_IN);
|
||||
if(d) {
|
||||
free(nm);
|
||||
return d;
|
||||
}
|
||||
|
||||
/* create it */
|
||||
d = (struct domain_limit_data*)calloc(1, sizeof(*d));
|
||||
if(!d) {
|
||||
free(nm);
|
||||
return NULL;
|
||||
}
|
||||
d->node.node.key = &d->node;
|
||||
d->node.name = nm;
|
||||
d->node.len = nmlen;
|
||||
d->node.labs = labs;
|
||||
d->node.dclass = LDNS_RR_CLASS_IN;
|
||||
d->lim = -1;
|
||||
d->below = -1;
|
||||
if(!name_tree_insert(&infra->domain_limits, &d->node, nm, nmlen,
|
||||
labs, LDNS_RR_CLASS_IN)) {
|
||||
log_err("duplicate element in domainlimit tree");
|
||||
free(nm);
|
||||
free(d);
|
||||
return NULL;
|
||||
}
|
||||
return d;
|
||||
}
|
||||
|
||||
/** insert rate limit configuration into lookup tree */
|
||||
static int infra_ratelimit_cfg_insert(struct infra_cache* infra,
|
||||
struct config_file* cfg)
|
||||
{
|
||||
struct config_str2list* p;
|
||||
struct domain_limit_data* d;
|
||||
for(p = cfg->ratelimit_for_domain; p; p = p->next) {
|
||||
d = domain_limit_findcreate(infra, p->str);
|
||||
if(!d)
|
||||
return 0;
|
||||
d->lim = atoi(p->str2);
|
||||
}
|
||||
for(p = cfg->ratelimit_below_domain; p; p = p->next) {
|
||||
d = domain_limit_findcreate(infra, p->str);
|
||||
if(!d)
|
||||
return 0;
|
||||
d->below = atoi(p->str2);
|
||||
}
|
||||
return 1;
|
||||
}
|
||||
|
||||
struct infra_cache*
|
||||
infra_create(struct config_file* cfg)
|
||||
{
|
||||
|
@ -114,15 +226,44 @@ infra_create(struct config_file* cfg)
|
|||
return NULL;
|
||||
}
|
||||
infra->host_ttl = cfg->host_ttl;
|
||||
name_tree_init(&infra->domain_limits);
|
||||
infra_dp_ratelimit = cfg->ratelimit;
|
||||
if(cfg->ratelimit != 0) {
|
||||
infra->domain_rates = slabhash_create(cfg->ratelimit_slabs,
|
||||
INFRA_HOST_STARTSIZE, cfg->ratelimit_size,
|
||||
&rate_sizefunc, &rate_compfunc, &rate_delkeyfunc,
|
||||
&rate_deldatafunc, NULL);
|
||||
if(!infra->domain_rates) {
|
||||
infra_delete(infra);
|
||||
return NULL;
|
||||
}
|
||||
/* insert config data into ratelimits */
|
||||
if(!infra_ratelimit_cfg_insert(infra, cfg)) {
|
||||
infra_delete(infra);
|
||||
return NULL;
|
||||
}
|
||||
name_tree_init_parents(&infra->domain_limits);
|
||||
}
|
||||
return infra;
|
||||
}
|
||||
|
||||
/** delete domain_limit entries */
|
||||
static void domain_limit_free(rbnode_t* n, void* ATTR_UNUSED(arg))
|
||||
{
|
||||
if(n) {
|
||||
free(((struct domain_limit_data*)n)->node.name);
|
||||
free(n);
|
||||
}
|
||||
}
|
||||
|
||||
void
|
||||
infra_delete(struct infra_cache* infra)
|
||||
{
|
||||
if(!infra)
|
||||
return;
|
||||
slabhash_delete(infra->hosts);
|
||||
slabhash_delete(infra->domain_rates);
|
||||
traverse_postorder(&infra->domain_limits, domain_limit_free, NULL);
|
||||
free(infra);
|
||||
}
|
||||
|
||||
|
@ -562,8 +703,178 @@ infra_get_lame_rtt(struct infra_cache* infra,
|
|||
return 1;
|
||||
}
|
||||
|
||||
int infra_find_ratelimit(struct infra_cache* infra, uint8_t* name,
|
||||
size_t namelen)
|
||||
{
|
||||
int labs = dname_count_labels(name);
|
||||
struct domain_limit_data* d = (struct domain_limit_data*)
|
||||
name_tree_lookup(&infra->domain_limits, name, namelen, labs,
|
||||
LDNS_RR_CLASS_IN);
|
||||
if(!d) return infra_dp_ratelimit;
|
||||
|
||||
if(d->node.labs == labs && d->lim != -1)
|
||||
return d->lim; /* exact match */
|
||||
|
||||
/* find 'below match' */
|
||||
if(d->node.labs == labs)
|
||||
d = (struct domain_limit_data*)d->node.parent;
|
||||
while(d) {
|
||||
if(d->below != -1)
|
||||
return d->below;
|
||||
d = (struct domain_limit_data*)d->node.parent;
|
||||
}
|
||||
return infra_dp_ratelimit;
|
||||
}
|
||||
|
||||
/** find data item in array, for write access, caller unlocks */
|
||||
static struct lruhash_entry* infra_find_ratedata(struct infra_cache* infra,
|
||||
uint8_t* name, size_t namelen, int wr)
|
||||
{
|
||||
struct rate_key key;
|
||||
hashvalue_t h = dname_query_hash(name, 0xab);
|
||||
memset(&key, 0, sizeof(key));
|
||||
key.name = name;
|
||||
key.namelen = namelen;
|
||||
key.entry.hash = h;
|
||||
return slabhash_lookup(infra->domain_rates, h, &key, wr);
|
||||
}
|
||||
|
||||
/** create rate data item for name, number 1 in now */
|
||||
static void infra_create_ratedata(struct infra_cache* infra,
|
||||
uint8_t* name, size_t namelen, time_t timenow)
|
||||
{
|
||||
hashvalue_t h = dname_query_hash(name, 0xab);
|
||||
struct rate_key* k = (struct rate_key*)calloc(1, sizeof(*k));
|
||||
struct rate_data* d = (struct rate_data*)calloc(1, sizeof(*d));
|
||||
if(!k || !d) {
|
||||
free(k);
|
||||
free(d);
|
||||
return; /* alloc failure */
|
||||
}
|
||||
k->namelen = namelen;
|
||||
k->name = memdup(name, namelen);
|
||||
if(!k->name) {
|
||||
free(k);
|
||||
free(d);
|
||||
return; /* alloc failure */
|
||||
}
|
||||
lock_rw_init(&k->entry.lock);
|
||||
k->entry.hash = h;
|
||||
k->entry.key = k;
|
||||
k->entry.data = d;
|
||||
d->qps[0] = 1;
|
||||
d->timestamp[0] = timenow;
|
||||
slabhash_insert(infra->domain_rates, h, &k->entry, d, NULL);
|
||||
}
|
||||
|
||||
/** find the second and return its rate counter, if none, remove oldest */
|
||||
static int* infra_rate_find_second(void* data, time_t t)
|
||||
{
|
||||
struct rate_data* d = (struct rate_data*)data;
|
||||
int i, oldest;
|
||||
for(i=0; i<RATE_WINDOW; i++) {
|
||||
if(d->timestamp[i] == t)
|
||||
return &(d->qps[i]);
|
||||
}
|
||||
/* remove oldest timestamp, and insert it at t with 0 qps */
|
||||
oldest = 0;
|
||||
for(i=0; i<RATE_WINDOW; i++) {
|
||||
if(d->timestamp[i] < d->timestamp[oldest])
|
||||
oldest = i;
|
||||
}
|
||||
d->timestamp[oldest] = t;
|
||||
d->qps[oldest] = 0;
|
||||
return &(d->qps[oldest]);
|
||||
}
|
||||
|
||||
int infra_rate_max(void* data, time_t now)
|
||||
{
|
||||
struct rate_data* d = (struct rate_data*)data;
|
||||
int i, max = 0;
|
||||
for(i=0; i<RATE_WINDOW; i++) {
|
||||
if(now-d->timestamp[i] <= RATE_WINDOW) {
|
||||
if(d->qps[i] > max)
|
||||
max = d->qps[i];
|
||||
}
|
||||
}
|
||||
return max;
|
||||
}
|
||||
|
||||
int infra_ratelimit_inc(struct infra_cache* infra, uint8_t* name,
|
||||
size_t namelen, time_t timenow)
|
||||
{
|
||||
int lim, max;
|
||||
struct lruhash_entry* entry;
|
||||
|
||||
if(!infra_dp_ratelimit)
|
||||
return 1; /* not enabled */
|
||||
|
||||
/* find ratelimit */
|
||||
lim = infra_find_ratelimit(infra, name, namelen);
|
||||
|
||||
/* find or insert ratedata */
|
||||
entry = infra_find_ratedata(infra, name, namelen, 1);
|
||||
if(entry) {
|
||||
int premax = infra_rate_max(entry->data, timenow);
|
||||
int* cur = infra_rate_find_second(entry->data, timenow);
|
||||
(*cur)++;
|
||||
max = infra_rate_max(entry->data, timenow);
|
||||
lock_rw_unlock(&entry->lock);
|
||||
|
||||
if(premax < lim && max >= lim) {
|
||||
char buf[257];
|
||||
dname_str(name, buf);
|
||||
verbose(VERB_OPS, "ratelimit exceeded %s %d", buf, lim);
|
||||
}
|
||||
return (max < lim);
|
||||
}
|
||||
|
||||
/* create */
|
||||
infra_create_ratedata(infra, name, namelen, timenow);
|
||||
return (1 < lim);
|
||||
}
|
||||
|
||||
void infra_ratelimit_dec(struct infra_cache* infra, uint8_t* name,
|
||||
size_t namelen, time_t timenow)
|
||||
{
|
||||
struct lruhash_entry* entry;
|
||||
int* cur;
|
||||
if(!infra_dp_ratelimit)
|
||||
return; /* not enabled */
|
||||
entry = infra_find_ratedata(infra, name, namelen, 1);
|
||||
if(!entry) return; /* not cached */
|
||||
cur = infra_rate_find_second(entry->data, timenow);
|
||||
if((*cur) > 0)
|
||||
(*cur)--;
|
||||
lock_rw_unlock(&entry->lock);
|
||||
}
|
||||
|
||||
int infra_ratelimit_exceeded(struct infra_cache* infra, uint8_t* name,
|
||||
size_t namelen, time_t timenow)
|
||||
{
|
||||
struct lruhash_entry* entry;
|
||||
int lim, max;
|
||||
if(!infra_dp_ratelimit)
|
||||
return 0; /* not enabled */
|
||||
|
||||
/* find ratelimit */
|
||||
lim = infra_find_ratelimit(infra, name, namelen);
|
||||
|
||||
/* find current rate */
|
||||
entry = infra_find_ratedata(infra, name, namelen, 0);
|
||||
if(!entry)
|
||||
return 0; /* not cached */
|
||||
max = infra_rate_max(entry->data, timenow);
|
||||
lock_rw_unlock(&entry->lock);
|
||||
|
||||
return (max >= lim);
|
||||
}
|
||||
|
||||
size_t
|
||||
infra_get_mem(struct infra_cache* infra)
|
||||
{
|
||||
return sizeof(*infra) + slabhash_get_mem(infra->hosts);
|
||||
size_t s = sizeof(*infra) + slabhash_get_mem(infra->hosts);
|
||||
if(infra->domain_rates) s += slabhash_get_mem(infra->domain_rates);
|
||||
/* ignore domain_limits because walk through tree is big */
|
||||
return s;
|
||||
}
|
||||
|
|
|
@ -42,6 +42,7 @@
|
|||
#ifndef SERVICES_CACHE_INFRA_H
|
||||
#define SERVICES_CACHE_INFRA_H
|
||||
#include "util/storage/lruhash.h"
|
||||
#include "util/storage/dnstree.h"
|
||||
#include "util/rtt.h"
|
||||
struct slabhash;
|
||||
struct config_file;
|
||||
|
@ -108,6 +109,55 @@ struct infra_cache {
|
|||
struct slabhash* hosts;
|
||||
/** TTL value for host information, in seconds */
|
||||
int host_ttl;
|
||||
/** hash table with query rates per name: rate_key, rate_data */
|
||||
struct slabhash* domain_rates;
|
||||
/** ratelimit settings for domains, struct domain_limit_data */
|
||||
rbtree_t domain_limits;
|
||||
};
|
||||
|
||||
/** ratelimit, unless overridden by domain_limits, 0 is off */
|
||||
extern int infra_dp_ratelimit;
|
||||
|
||||
/**
|
||||
* ratelimit settings for domains
|
||||
*/
|
||||
struct domain_limit_data {
|
||||
/** key for rbtree, must be first in struct, name of domain */
|
||||
struct name_tree_node node;
|
||||
/** ratelimit for exact match with this name, -1 if not set */
|
||||
int lim;
|
||||
/** ratelimit for names below this name, -1 if not set */
|
||||
int below;
|
||||
};
|
||||
|
||||
/**
|
||||
* key for ratelimit lookups, a domain name
|
||||
*/
|
||||
struct rate_key {
|
||||
/** lruhash key entry */
|
||||
struct lruhash_entry entry;
|
||||
/** domain name in uncompressed wireformat */
|
||||
uint8_t* name;
|
||||
/** length of name */
|
||||
size_t namelen;
|
||||
};
|
||||
|
||||
/** number of seconds to track qps rate */
|
||||
#define RATE_WINDOW 2
|
||||
|
||||
/**
|
||||
* Data for ratelimits per domain name
|
||||
* It is incremented when a non-cache-lookup happens for that domain name.
|
||||
* The name is the delegation point we have for the name.
|
||||
* If a new delegation point is found (a referral reply), the previous
|
||||
* delegation point is decremented, and the new one is charged with the query.
|
||||
*/
|
||||
struct rate_data {
|
||||
/** queries counted, for that second. 0 if not in use. */
|
||||
int qps[RATE_WINDOW];
|
||||
/** what the timestamp is of the qps array members, counter is
|
||||
* valid for that timestamp. Usually now and now-1. */
|
||||
time_t timestamp[RATE_WINDOW];
|
||||
};
|
||||
|
||||
/** infra host cache default hash lookup size */
|
||||
|
@ -286,6 +336,51 @@ long long infra_get_host_rto(struct infra_cache* infra,
|
|||
size_t namelen, struct rtt_info* rtt, int* delay, time_t timenow,
|
||||
int* tA, int* tAAAA, int* tother);
|
||||
|
||||
/**
|
||||
* Increment the query rate counter for a delegation point.
|
||||
* @param infra: infra cache.
|
||||
* @param name: zone name
|
||||
* @param namelen: zone name length
|
||||
* @param timenow: what time it is now.
|
||||
* @return 1 if it could be incremented. 0 if the increment overshot the
|
||||
* ratelimit or if in the previous second the ratelimit was exceeded.
|
||||
* Failures like alloc failures are not returned (probably as 1).
|
||||
*/
|
||||
int infra_ratelimit_inc(struct infra_cache* infra, uint8_t* name,
|
||||
size_t namelen, time_t timenow);
|
||||
|
||||
/**
|
||||
* Decrement the query rate counter for a delegation point.
|
||||
* Because the reply received for the delegation point was pleasant,
|
||||
* we do not charge this delegation point with it (i.e. it was a referral).
|
||||
* Should call it with same second as when inc() was called.
|
||||
* @param infra: infra cache.
|
||||
* @param name: zone name
|
||||
* @param namelen: zone name length
|
||||
* @param timenow: what time it is now.
|
||||
*/
|
||||
void infra_ratelimit_dec(struct infra_cache* infra, uint8_t* name,
|
||||
size_t namelen, time_t timenow);
|
||||
|
||||
/**
|
||||
* See if the query rate counter for a delegation point is exceeded.
|
||||
* So, no queries are going to be allowed.
|
||||
* @param infra: infra cache.
|
||||
* @param name: zone name
|
||||
* @param namelen: zone name length
|
||||
* @param timenow: what time it is now.
|
||||
* @return true if exceeded.
|
||||
*/
|
||||
int infra_ratelimit_exceeded(struct infra_cache* infra, uint8_t* name,
|
||||
size_t namelen, time_t timenow);
|
||||
|
||||
/** find the maximum rate stored, not too old. 0 if no information. */
|
||||
int infra_rate_max(void* data, time_t now);
|
||||
|
||||
/** find the ratelimit in qps for a domain */
|
||||
int infra_find_ratelimit(struct infra_cache* infra, uint8_t* name,
|
||||
size_t namelen);
|
||||
|
||||
/**
|
||||
* Get memory used by the infra cache.
|
||||
* @param infra: infrastructure cache.
|
||||
|
@ -306,4 +401,16 @@ void infra_delkeyfunc(void* k, void* arg);
|
|||
/** delete data and destroy the lameness hashtable */
|
||||
void infra_deldatafunc(void* d, void* arg);
|
||||
|
||||
/** calculate size for the hashtable */
|
||||
size_t rate_sizefunc(void* k, void* d);
|
||||
|
||||
/** compare two names, returns -1, 0, or +1 */
|
||||
int rate_compfunc(void* key1, void* key2);
|
||||
|
||||
/** delete key, and destroy the lock */
|
||||
void rate_delkeyfunc(void* k, void* arg);
|
||||
|
||||
/** delete data */
|
||||
void rate_deldatafunc(void* d, void* arg);
|
||||
|
||||
#endif /* SERVICES_CACHE_INFRA_H */
|
||||
|
|
|
@ -1027,6 +1027,10 @@ void local_zones_print(struct local_zones* zones)
|
|||
log_nametypeclass(0, "inform zone",
|
||||
z->name, 0, z->dclass);
|
||||
break;
|
||||
case local_zone_inform_deny:
|
||||
log_nametypeclass(0, "inform_deny zone",
|
||||
z->name, 0, z->dclass);
|
||||
break;
|
||||
default:
|
||||
log_nametypeclass(0, "badtyped zone",
|
||||
z->name, 0, z->dclass);
|
||||
|
@ -1124,7 +1128,7 @@ lz_zone_answer(struct local_zone* z, struct query_info* qinfo,
|
|||
struct edns_data* edns, sldns_buffer* buf, struct regional* temp,
|
||||
struct local_data* ld)
|
||||
{
|
||||
if(z->type == local_zone_deny) {
|
||||
if(z->type == local_zone_deny || z->type == local_zone_inform_deny) {
|
||||
/** no reply at all, signal caller by clearing buffer. */
|
||||
sldns_buffer_clear(buf);
|
||||
sldns_buffer_flip(buf);
|
||||
|
@ -1211,7 +1215,8 @@ local_zones_answer(struct local_zones* zones, struct query_info* qinfo,
|
|||
lock_rw_rdlock(&z->lock);
|
||||
lock_rw_unlock(&zones->lock);
|
||||
|
||||
if(z->type == local_zone_inform && repinfo)
|
||||
if((z->type == local_zone_inform || z->type == local_zone_inform_deny)
|
||||
&& repinfo)
|
||||
lz_inform_print(z, qinfo, repinfo);
|
||||
|
||||
if(local_data_answer(z, qinfo, edns, buf, temp, labs, &ld)) {
|
||||
|
@ -1234,6 +1239,7 @@ const char* local_zone_type2str(enum localzone_type t)
|
|||
case local_zone_static: return "static";
|
||||
case local_zone_nodefault: return "nodefault";
|
||||
case local_zone_inform: return "inform";
|
||||
case local_zone_inform_deny: return "inform_deny";
|
||||
}
|
||||
return "badtyped";
|
||||
}
|
||||
|
@ -1254,6 +1260,8 @@ int local_zone_str2type(const char* type, enum localzone_type* t)
|
|||
*t = local_zone_redirect;
|
||||
else if(strcmp(type, "inform") == 0)
|
||||
*t = local_zone_inform;
|
||||
else if(strcmp(type, "inform_deny") == 0)
|
||||
*t = local_zone_inform_deny;
|
||||
else return 0;
|
||||
return 1;
|
||||
}
|
||||
|
|
|
@ -73,7 +73,9 @@ enum localzone_type {
|
|||
* nodefault is used in config not during service. */
|
||||
local_zone_nodefault,
|
||||
/** log client address, but no block (transparent) */
|
||||
local_zone_inform
|
||||
local_zone_inform,
|
||||
/** log client address, and block (drop) */
|
||||
local_zone_inform_deny
|
||||
};
|
||||
|
||||
/**
|
||||
|
|
|
@ -1510,7 +1510,8 @@ serviced_callbacks(struct serviced_query* sq, int error, struct comm_point* c,
|
|||
log_assert(rem); /* should have been present */
|
||||
sq->to_be_deleted = 1;
|
||||
verbose(VERB_ALGO, "svcd callbacks start");
|
||||
if(sq->outnet->use_caps_for_id && error == NETEVENT_NOERROR && c) {
|
||||
if(sq->outnet->use_caps_for_id && error == NETEVENT_NOERROR && c &&
|
||||
!sq->nocaps) {
|
||||
/* noerror and nxdomain must have a qname in reply */
|
||||
if(sldns_buffer_read_u16_at(c->buffer, 4) == 0 &&
|
||||
(LDNS_RCODE_WIRE(sldns_buffer_begin(c->buffer))
|
||||
|
@ -1590,7 +1591,7 @@ serviced_tcp_callback(struct comm_point* c, void* arg, int error,
|
|||
infra_update_tcp_works(sq->outnet->infra, &sq->addr,
|
||||
sq->addrlen, sq->zone, sq->zonelen);
|
||||
#ifdef USE_DNSTAP
|
||||
if(sq->outnet->dtenv &&
|
||||
if(error==NETEVENT_NOERROR && sq->outnet->dtenv &&
|
||||
(sq->outnet->dtenv->log_resolver_response_messages ||
|
||||
sq->outnet->dtenv->log_forwarder_response_messages))
|
||||
dt_msg_send_outside_response(sq->outnet->dtenv, &sq->addr,
|
||||
|
|
|
@ -109,6 +109,7 @@ usage()
|
|||
printf(" get_option opt get option value\n");
|
||||
printf(" list_stubs list stub-zones and root hints in use\n");
|
||||
printf(" list_forwards list forward-zones in use\n");
|
||||
printf(" list_insecure list domain-insecure zones\n");
|
||||
printf(" list_local_zones list local-zones in use\n");
|
||||
printf(" list_local_data list local-data RRs in use\n");
|
||||
printf(" insecure_add zone add domain-insecure zone\n");
|
||||
|
@ -122,6 +123,8 @@ usage()
|
|||
printf(" forward [off | addr ...] without arg show forward setup\n");
|
||||
printf(" or off to turn off root forwarding\n");
|
||||
printf(" or give list of ip addresses\n");
|
||||
printf(" ratelimit_list [+a] list ratelimited domains\n");
|
||||
printf(" +a list all, also not ratelimited\n");
|
||||
printf("Version %s\n", PACKAGE_VERSION);
|
||||
printf("BSD licensed, see LICENSE in source package for details.\n");
|
||||
printf("Report bugs to %s\n", PACKAGE_BUGREPORT);
|
||||
|
|
|
@ -497,9 +497,11 @@ testfromdrillfile(sldns_buffer* pkt, struct alloc_cache* alloc,
|
|||
|
||||
void msgparse_test(void)
|
||||
{
|
||||
time_t origttl = MAX_NEG_TTL;
|
||||
sldns_buffer* pkt = sldns_buffer_new(65553);
|
||||
sldns_buffer* out = sldns_buffer_new(65553);
|
||||
struct alloc_cache super_a, alloc;
|
||||
MAX_NEG_TTL = 86400;
|
||||
/* init */
|
||||
alloc_init(&super_a, NULL, 0);
|
||||
alloc_init(&alloc, &super_a, 2);
|
||||
|
@ -536,4 +538,5 @@ void msgparse_test(void)
|
|||
alloc_clear(&super_a);
|
||||
sldns_buffer_free(pkt);
|
||||
sldns_buffer_free(out);
|
||||
MAX_NEG_TTL = origttl;
|
||||
}
|
||||
|
|
|
@ -0,0 +1,161 @@
|
|||
; This is a comment.
|
||||
; config options go here.
|
||||
forward-zone: name: "." forward-addr: 216.0.0.1
|
||||
CONFIG_END
|
||||
|
||||
SCENARIO_BEGIN Test query and cache with type ANY
|
||||
RANGE_BEGIN 0 1000
|
||||
ENTRY_BEGIN
|
||||
MATCH opcode qtype qname
|
||||
ADJUST copy_id
|
||||
REPLY QR RD RA NOERROR
|
||||
SECTION QUESTION
|
||||
www.example.com. IN A
|
||||
SECTION ANSWER
|
||||
www.example.com. IN A 10.20.30.40
|
||||
SECTION AUTHORITY
|
||||
www.example.com. IN NS ns.example.com.
|
||||
SECTION ADDITIONAL
|
||||
ns.example.com. IN A 10.20.30.50
|
||||
ENTRY_END
|
||||
|
||||
ENTRY_BEGIN
|
||||
MATCH opcode qtype qname
|
||||
ADJUST copy_id
|
||||
REPLY QR RD RA NOERROR
|
||||
SECTION QUESTION
|
||||
www.example.com. IN ANY
|
||||
SECTION ANSWER
|
||||
;; different type in this answer.
|
||||
www.example.com. IN TXT "text"
|
||||
ENTRY_END
|
||||
|
||||
ENTRY_BEGIN
|
||||
MATCH opcode qtype qname
|
||||
ADJUST copy_id
|
||||
REPLY QR RD RA NOERROR
|
||||
SECTION QUESTION
|
||||
www.example.com. IN AAAA
|
||||
SECTION ANSWER
|
||||
www.example.com. IN AAAA ::5
|
||||
ENTRY_END
|
||||
|
||||
ENTRY_BEGIN
|
||||
MATCH opcode qname qtype
|
||||
ADJUST copy_id
|
||||
REPLY QR RD RA NOERROR
|
||||
SECTION QUESTION
|
||||
www.foo.com. IN ANY
|
||||
SECTION ANSWER
|
||||
www.foo.com. IN A 1.2.3.77
|
||||
www.foo.com. IN AAAA ::77
|
||||
ENTRY_END
|
||||
|
||||
RANGE_END
|
||||
|
||||
STEP 10 QUERY
|
||||
ENTRY_BEGIN
|
||||
REPLY RD
|
||||
SECTION QUESTION
|
||||
www.example.com. IN A
|
||||
ENTRY_END
|
||||
; unneccesary nothing steps.
|
||||
STEP 20 NOTHING
|
||||
STEP 30 CHECK_ANSWER
|
||||
ENTRY_BEGIN
|
||||
MATCH opcode qname qtype
|
||||
SECTION QUESTION
|
||||
www.example.com. IN A
|
||||
SECTION ANSWER
|
||||
www.example.com. IN A 10.20.30.40
|
||||
ENTRY_END
|
||||
|
||||
; test cache synthesis
|
||||
STEP 40 QUERY
|
||||
ENTRY_BEGIN
|
||||
REPLY RD
|
||||
SECTION QUESTION
|
||||
www.example.com. IN ANY
|
||||
ENTRY_END
|
||||
STEP 50 NOTHING
|
||||
STEP 60 CHECK_ANSWER
|
||||
ENTRY_BEGIN
|
||||
MATCH opcode qname qtype
|
||||
SECTION QUESTION
|
||||
www.example.com. IN ANY
|
||||
SECTION ANSWER
|
||||
www.example.com. IN A 10.20.30.40
|
||||
ENTRY_END
|
||||
|
||||
; and again
|
||||
; the synthesized result itself is not added to the cache
|
||||
STEP 62 QUERY
|
||||
ENTRY_BEGIN
|
||||
REPLY RD
|
||||
SECTION QUESTION
|
||||
www.example.com. IN ANY
|
||||
ENTRY_END
|
||||
STEP 63 NOTHING
|
||||
STEP 64 CHECK_ANSWER
|
||||
ENTRY_BEGIN
|
||||
MATCH opcode qname qtype
|
||||
SECTION QUESTION
|
||||
www.example.com. IN ANY
|
||||
SECTION ANSWER
|
||||
www.example.com. IN A 10.20.30.40
|
||||
ENTRY_END
|
||||
|
||||
; AAAA lookup to add more data in cache
|
||||
STEP 70 QUERY
|
||||
ENTRY_BEGIN
|
||||
REPLY RD
|
||||
SECTION QUESTION
|
||||
www.example.com. IN AAAA
|
||||
ENTRY_END
|
||||
STEP 80 NOTHING
|
||||
STEP 90 CHECK_ANSWER
|
||||
ENTRY_BEGIN
|
||||
MATCH opcode qname qtype
|
||||
SECTION QUESTION
|
||||
www.example.com. IN AAAA
|
||||
SECTION ANSWER
|
||||
www.example.com. IN AAAA ::5
|
||||
ENTRY_END
|
||||
|
||||
; test cache synthesis of AAAA, and two rrsets.
|
||||
STEP 100 QUERY
|
||||
ENTRY_BEGIN
|
||||
REPLY RD
|
||||
SECTION QUESTION
|
||||
www.example.com. IN ANY
|
||||
ENTRY_END
|
||||
STEP 110 NOTHING
|
||||
STEP 120 CHECK_ANSWER
|
||||
ENTRY_BEGIN
|
||||
MATCH opcode qname qtype
|
||||
SECTION QUESTION
|
||||
www.example.com. IN ANY
|
||||
SECTION ANSWER
|
||||
www.example.com. IN A 10.20.30.40
|
||||
www.example.com. IN AAAA ::5
|
||||
ENTRY_END
|
||||
|
||||
; test query that is not synthesized from cache.
|
||||
STEP 130 QUERY
|
||||
ENTRY_BEGIN
|
||||
REPLY RD
|
||||
SECTION QUESTION
|
||||
www.foo.com. IN ANY
|
||||
ENTRY_END
|
||||
STEP 140 NOTHING
|
||||
STEP 150 CHECK_ANSWER
|
||||
ENTRY_BEGIN
|
||||
MATCH opcode qname qtype
|
||||
SECTION QUESTION
|
||||
www.foo.com. IN ANY
|
||||
SECTION ANSWER
|
||||
www.foo.com. IN A 1.2.3.77
|
||||
www.foo.com. IN AAAA ::77
|
||||
ENTRY_END
|
||||
|
||||
SCENARIO_END
|
Binary file not shown.
|
@ -0,0 +1,273 @@
|
|||
; config options
|
||||
server:
|
||||
target-fetch-policy: "0 0 0 0 0"
|
||||
|
||||
stub-zone:
|
||||
name: "."
|
||||
stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET.
|
||||
CONFIG_END
|
||||
|
||||
SCENARIO_BEGIN Test resolver with a domain sale
|
||||
; and the old operator is nasty, keeps running his server with the old data.
|
||||
; and lots of lookups keep going towards the domain.
|
||||
; eventually, the NS record has to timeout.
|
||||
|
||||
; K.ROOT-SERVERS.NET.
|
||||
RANGE_BEGIN 0 100
|
||||
ADDRESS 193.0.14.129
|
||||
ENTRY_BEGIN
|
||||
MATCH opcode qtype qname
|
||||
ADJUST copy_id
|
||||
REPLY QR NOERROR
|
||||
SECTION QUESTION
|
||||
. IN NS
|
||||
SECTION ANSWER
|
||||
. IN NS K.ROOT-SERVERS.NET.
|
||||
SECTION ADDITIONAL
|
||||
K.ROOT-SERVERS.NET. IN A 193.0.14.129
|
||||
ENTRY_END
|
||||
|
||||
ENTRY_BEGIN
|
||||
MATCH opcode subdomain
|
||||
ADJUST copy_id copy_query
|
||||
REPLY QR NOERROR
|
||||
SECTION QUESTION
|
||||
com. IN A
|
||||
SECTION AUTHORITY
|
||||
com. IN NS a.gtld-servers.net.
|
||||
SECTION ADDITIONAL
|
||||
a.gtld-servers.net. IN A 192.5.6.30
|
||||
ENTRY_END
|
||||
RANGE_END
|
||||
|
||||
; a.gtld-servers.net. (before sale of domain)
|
||||
RANGE_BEGIN 0 20
|
||||
ADDRESS 192.5.6.30
|
||||
ENTRY_BEGIN
|
||||
MATCH opcode qtype qname
|
||||
ADJUST copy_id
|
||||
REPLY QR NOERROR
|
||||
SECTION QUESTION
|
||||
com. IN NS
|
||||
SECTION ANSWER
|
||||
com. IN NS a.gtld-servers.net.
|
||||
SECTION ADDITIONAL
|
||||
a.gtld-servers.net. IN A 192.5.6.30
|
||||
ENTRY_END
|
||||
|
||||
ENTRY_BEGIN
|
||||
MATCH opcode subdomain
|
||||
ADJUST copy_id copy_query
|
||||
REPLY QR NOERROR
|
||||
SECTION QUESTION
|
||||
example.com. IN A
|
||||
SECTION AUTHORITY
|
||||
example.com. IN NS ns.example.com.
|
||||
SECTION ADDITIONAL
|
||||
ns.example.com. IN A 1.2.3.4
|
||||
ENTRY_END
|
||||
RANGE_END
|
||||
|
||||
; a.gtld-servers.net. (after sale of domain)
|
||||
RANGE_BEGIN 30 200
|
||||
ADDRESS 192.5.6.30
|
||||
ENTRY_BEGIN
|
||||
MATCH opcode qtype qname
|
||||
ADJUST copy_id
|
||||
REPLY QR NOERROR
|
||||
SECTION QUESTION
|
||||
com. IN NS
|
||||
SECTION ANSWER
|
||||
com. IN NS a.gtld-servers.net.
|
||||
SECTION ADDITIONAL
|
||||
a.gtld-servers.net. IN A 192.5.6.30
|
||||
ENTRY_END
|
||||
|
||||
ENTRY_BEGIN
|
||||
MATCH opcode subdomain
|
||||
ADJUST copy_id copy_query
|
||||
REPLY QR NOERROR
|
||||
SECTION QUESTION
|
||||
example.com. IN A
|
||||
SECTION AUTHORITY
|
||||
example.com. IN NS ns.example.com.
|
||||
SECTION ADDITIONAL
|
||||
ns.example.com. IN A 8.8.8.8
|
||||
ENTRY_END
|
||||
RANGE_END
|
||||
|
||||
; ns.example.com. first owner
|
||||
RANGE_BEGIN 0 200
|
||||
ADDRESS 1.2.3.4
|
||||
ENTRY_BEGIN
|
||||
MATCH opcode qtype qname
|
||||
ADJUST copy_id
|
||||
REPLY QR AA NOERROR
|
||||
SECTION QUESTION
|
||||
example.com. IN NS
|
||||
SECTION ANSWER
|
||||
example.com. IN NS ns.example.com.
|
||||
SECTION ADDITIONAL
|
||||
ns.example.com. IN A 1.2.3.4
|
||||
ENTRY_END
|
||||
|
||||
ENTRY_BEGIN
|
||||
MATCH opcode qname
|
||||
ADJUST copy_id copy_query
|
||||
REPLY QR AA NOERROR
|
||||
SECTION QUESTION
|
||||
www.example.com. IN A
|
||||
SECTION ANSWER
|
||||
www.example.com. 3600 IN A 10.20.30.40
|
||||
SECTION AUTHORITY
|
||||
example.com. 3600 IN NS ns.example.com.
|
||||
SECTION ADDITIONAL
|
||||
ns.example.com. 3600 IN A 1.2.3.4
|
||||
ENTRY_END
|
||||
|
||||
; nxdomains for any name,type
|
||||
; last in RANGE so that it matches everything left over.
|
||||
; it includes the NS record.
|
||||
ENTRY_BEGIN
|
||||
MATCH opcode
|
||||
ADJUST copy_id copy_query
|
||||
REPLY QR AA NXDOMAIN
|
||||
SECTION QUESTION
|
||||
www.example.com. IN A
|
||||
SECTION ANSWER
|
||||
SECTION AUTHORITY
|
||||
example.com. 3600 IN SOA a. b. 1 2 3 4 5
|
||||
example.com. 3600 IN NS ns.example.com.
|
||||
SECTION ADDITIONAL
|
||||
ns.example.com. 3600 IN A 1.2.3.4
|
||||
ENTRY_END
|
||||
RANGE_END
|
||||
|
||||
; ns.example.com. new owner
|
||||
RANGE_BEGIN 0 200
|
||||
ADDRESS 8.8.8.8
|
||||
ENTRY_BEGIN
|
||||
MATCH opcode qtype qname
|
||||
ADJUST copy_id
|
||||
REPLY QR AA NOERROR
|
||||
SECTION QUESTION
|
||||
example.com. IN NS
|
||||
SECTION ANSWER
|
||||
example.com. IN NS ns.example.com.
|
||||
SECTION ADDITIONAL
|
||||
ns.example.com. IN A 8.8.8.8
|
||||
ENTRY_END
|
||||
|
||||
ENTRY_BEGIN
|
||||
MATCH opcode qtype qname
|
||||
ADJUST copy_id
|
||||
REPLY QR AA NOERROR
|
||||
SECTION QUESTION
|
||||
www.example.com. IN A
|
||||
SECTION ANSWER
|
||||
www.example.com. 3600 IN A 88.88.88.88
|
||||
SECTION AUTHORITY
|
||||
example.com. 3600 IN NS ns.example.com.
|
||||
SECTION ADDITIONAL
|
||||
ns.example.com. 3600 IN A 8.8.8.8
|
||||
ENTRY_END
|
||||
RANGE_END
|
||||
|
||||
; Fetch the old record from the old owner.
|
||||
STEP 1 QUERY
|
||||
ENTRY_BEGIN
|
||||
REPLY RD
|
||||
SECTION QUESTION
|
||||
www.example.com. IN A
|
||||
ENTRY_END
|
||||
; recursion happens here.
|
||||
STEP 5 CHECK_ANSWER
|
||||
ENTRY_BEGIN
|
||||
MATCH all ttl
|
||||
REPLY QR RD RA NOERROR
|
||||
SECTION QUESTION
|
||||
www.example.com. IN A
|
||||
SECTION ANSWER
|
||||
www.example.com. 3600 IN A 10.20.30.40
|
||||
SECTION AUTHORITY
|
||||
example.com. 3600 IN NS ns.example.com.
|
||||
SECTION ADDITIONAL
|
||||
ns.example.com. 3600 IN A 1.2.3.4
|
||||
ENTRY_END
|
||||
|
||||
; the domain is sold (right at this time).
|
||||
; but the information stays in the cache.
|
||||
|
||||
; after 1800 secs still the cached answer
|
||||
STEP 20 TIME_PASSES ELAPSE 1800
|
||||
|
||||
STEP 30 QUERY
|
||||
ENTRY_BEGIN
|
||||
REPLY RD
|
||||
SECTION QUESTION
|
||||
www.example.com. IN A
|
||||
ENTRY_END
|
||||
; recursion happens here.
|
||||
STEP 40 CHECK_ANSWER
|
||||
ENTRY_BEGIN
|
||||
MATCH all ttl
|
||||
REPLY QR RD RA NOERROR
|
||||
SECTION QUESTION
|
||||
www.example.com. IN A
|
||||
SECTION ANSWER
|
||||
www.example.com. 1800 IN A 10.20.30.40
|
||||
SECTION AUTHORITY
|
||||
example.com. 1800 IN NS ns.example.com.
|
||||
SECTION ADDITIONAL
|
||||
ns.example.com. 1800 IN A 1.2.3.4
|
||||
ENTRY_END
|
||||
|
||||
; and ask another query
|
||||
STEP 50 QUERY
|
||||
ENTRY_BEGIN
|
||||
REPLY RD
|
||||
SECTION QUESTION
|
||||
nx1.example.com. IN A
|
||||
ENTRY_END
|
||||
; recursion happens here.
|
||||
STEP 60 CHECK_ANSWER
|
||||
ENTRY_BEGIN
|
||||
MATCH all ttl
|
||||
REPLY QR RD RA NXDOMAIN
|
||||
SECTION QUESTION
|
||||
nx1.example.com. IN A
|
||||
SECTION ANSWER
|
||||
SECTION AUTHORITY
|
||||
; at TTL 5 because TTL is capped at min-ttl of 5 in rdata of SOA
|
||||
example.com. 5 IN SOA a. b. 1 2 3 4 5
|
||||
example.com. 1800 IN NS ns.example.com.
|
||||
SECTION ADDITIONAL
|
||||
ns.example.com. 1800 IN A 1.2.3.4
|
||||
ENTRY_END
|
||||
|
||||
; after another 1900 seconds the domain must have timed out.
|
||||
STEP 70 TIME_PASSES ELAPSE 1900
|
||||
|
||||
; the NS record should have timed out.
|
||||
STEP 80 QUERY
|
||||
ENTRY_BEGIN
|
||||
REPLY RD
|
||||
SECTION QUESTION
|
||||
www.example.com. IN A
|
||||
ENTRY_END
|
||||
; recursion happens here.
|
||||
STEP 90 CHECK_ANSWER
|
||||
ENTRY_BEGIN
|
||||
MATCH all ttl
|
||||
REPLY QR RD RA NOERROR
|
||||
SECTION QUESTION
|
||||
www.example.com. IN A
|
||||
SECTION ANSWER
|
||||
www.example.com. 3600 IN A 88.88.88.88
|
||||
SECTION AUTHORITY
|
||||
example.com. 3600 IN NS ns.example.com.
|
||||
SECTION ADDITIONAL
|
||||
ns.example.com. 3600 IN A 8.8.8.8
|
||||
ENTRY_END
|
||||
|
||||
SCENARIO_END
|
|
@ -0,0 +1,342 @@
|
|||
; config options
|
||||
server:
|
||||
target-fetch-policy: "0 0 0 0 0"
|
||||
|
||||
stub-zone:
|
||||
name: "."
|
||||
stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET.
|
||||
CONFIG_END
|
||||
|
||||
SCENARIO_BEGIN Test resolver with a domain sale and NS changes
|
||||
; and the old operator is nasty, keeps running his server with the old data.
|
||||
; and lots of lookups keep going towards the domain.
|
||||
; and the old server is changing the NS record of the old domain.
|
||||
|
||||
; K.ROOT-SERVERS.NET.
|
||||
RANGE_BEGIN 0 100
|
||||
ADDRESS 193.0.14.129
|
||||
ENTRY_BEGIN
|
||||
MATCH opcode qtype qname
|
||||
ADJUST copy_id
|
||||
REPLY QR NOERROR
|
||||
SECTION QUESTION
|
||||
. IN NS
|
||||
SECTION ANSWER
|
||||
. IN NS K.ROOT-SERVERS.NET.
|
||||
SECTION ADDITIONAL
|
||||
K.ROOT-SERVERS.NET. IN A 193.0.14.129
|
||||
ENTRY_END
|
||||
|
||||
ENTRY_BEGIN
|
||||
MATCH opcode subdomain
|
||||
ADJUST copy_id copy_query
|
||||
REPLY QR NOERROR
|
||||
SECTION QUESTION
|
||||
com. IN A
|
||||
SECTION AUTHORITY
|
||||
com. IN NS a.gtld-servers.net.
|
||||
SECTION ADDITIONAL
|
||||
a.gtld-servers.net. IN A 192.5.6.30
|
||||
ENTRY_END
|
||||
RANGE_END
|
||||
|
||||
; a.gtld-servers.net. (before sale of domain)
|
||||
RANGE_BEGIN 0 20
|
||||
ADDRESS 192.5.6.30
|
||||
ENTRY_BEGIN
|
||||
MATCH opcode qtype qname
|
||||
ADJUST copy_id
|
||||
REPLY QR NOERROR
|
||||
SECTION QUESTION
|
||||
com. IN NS
|
||||
SECTION ANSWER
|
||||
com. IN NS a.gtld-servers.net.
|
||||
SECTION ADDITIONAL
|
||||
a.gtld-servers.net. IN A 192.5.6.30
|
||||
ENTRY_END
|
||||
|
||||
ENTRY_BEGIN
|
||||
MATCH opcode subdomain
|
||||
ADJUST copy_id copy_query
|
||||
REPLY QR NOERROR
|
||||
SECTION QUESTION
|
||||
example.com. IN A
|
||||
SECTION AUTHORITY
|
||||
example.com. IN NS ns.example.com.
|
||||
SECTION ADDITIONAL
|
||||
ns.example.com. IN A 1.2.3.4
|
||||
ENTRY_END
|
||||
RANGE_END
|
||||
|
||||
; a.gtld-servers.net. (after sale of domain)
|
||||
RANGE_BEGIN 30 200
|
||||
ADDRESS 192.5.6.30
|
||||
ENTRY_BEGIN
|
||||
MATCH opcode qtype qname
|
||||
ADJUST copy_id
|
||||
REPLY QR NOERROR
|
||||
SECTION QUESTION
|
||||
com. IN NS
|
||||
SECTION ANSWER
|
||||
com. IN NS a.gtld-servers.net.
|
||||
SECTION ADDITIONAL
|
||||
a.gtld-servers.net. IN A 192.5.6.30
|
||||
ENTRY_END
|
||||
|
||||
ENTRY_BEGIN
|
||||
MATCH opcode subdomain
|
||||
ADJUST copy_id copy_query
|
||||
REPLY QR NOERROR
|
||||
SECTION QUESTION
|
||||
example.com. IN A
|
||||
SECTION AUTHORITY
|
||||
example.com. IN NS ns.example.com.
|
||||
SECTION ADDITIONAL
|
||||
ns.example.com. IN A 8.8.8.8
|
||||
ENTRY_END
|
||||
RANGE_END
|
||||
|
||||
; ns.example.com. first owner
|
||||
RANGE_BEGIN 0 30
|
||||
ADDRESS 1.2.3.4
|
||||
ENTRY_BEGIN
|
||||
MATCH opcode qtype qname
|
||||
ADJUST copy_id
|
||||
REPLY QR AA NOERROR
|
||||
SECTION QUESTION
|
||||
example.com. IN NS
|
||||
SECTION ANSWER
|
||||
example.com. IN NS ns.example.com.
|
||||
SECTION ADDITIONAL
|
||||
ns.example.com. IN A 1.2.3.4
|
||||
ENTRY_END
|
||||
|
||||
ENTRY_BEGIN
|
||||
MATCH opcode qname
|
||||
ADJUST copy_id copy_query
|
||||
REPLY QR AA NOERROR
|
||||
SECTION QUESTION
|
||||
www.example.com. IN A
|
||||
SECTION ANSWER
|
||||
www.example.com. 3600 IN A 10.20.30.40
|
||||
SECTION AUTHORITY
|
||||
example.com. 3600 IN NS ns.example.com.
|
||||
SECTION ADDITIONAL
|
||||
ns.example.com. 3600 IN A 1.2.3.4
|
||||
ENTRY_END
|
||||
|
||||
; nxdomains for any name,type
|
||||
; last in RANGE so that it matches everything left over.
|
||||
; it includes the NS record.
|
||||
ENTRY_BEGIN
|
||||
MATCH opcode
|
||||
ADJUST copy_id copy_query
|
||||
REPLY QR AA NXDOMAIN
|
||||
SECTION QUESTION
|
||||
www.example.com. IN A
|
||||
SECTION ANSWER
|
||||
SECTION AUTHORITY
|
||||
example.com. 3600 IN SOA a. b. 1 2 3 4 5
|
||||
example.com. 3600 IN NS ns.example.com.
|
||||
SECTION ADDITIONAL
|
||||
ns.example.com. 3600 IN A 1.2.3.4
|
||||
ENTRY_END
|
||||
RANGE_END
|
||||
|
||||
; ns.example.com. first owner, NS changed
|
||||
RANGE_BEGIN 40 200
|
||||
ADDRESS 1.2.3.4
|
||||
ENTRY_BEGIN
|
||||
MATCH opcode qtype qname
|
||||
ADJUST copy_id
|
||||
REPLY QR AA NOERROR
|
||||
SECTION QUESTION
|
||||
example.com. IN NS
|
||||
SECTION ANSWER
|
||||
example.com. IN NS nsb.example.com.
|
||||
SECTION ADDITIONAL
|
||||
nsb.example.com. IN A 1.2.3.4
|
||||
ENTRY_END
|
||||
|
||||
ENTRY_BEGIN
|
||||
MATCH opcode qname
|
||||
ADJUST copy_id copy_query
|
||||
REPLY QR AA NOERROR
|
||||
SECTION QUESTION
|
||||
www.example.com. IN A
|
||||
SECTION ANSWER
|
||||
www.example.com. 3600 IN A 10.20.30.40
|
||||
SECTION AUTHORITY
|
||||
example.com. 3600 IN NS nsb.example.com.
|
||||
SECTION ADDITIONAL
|
||||
nsb.example.com. 3600 IN A 1.2.3.4
|
||||
ENTRY_END
|
||||
|
||||
; nxdomains for any name,type
|
||||
; last in RANGE so that it matches everything left over.
|
||||
; it includes the NS record.
|
||||
ENTRY_BEGIN
|
||||
MATCH opcode
|
||||
ADJUST copy_id copy_query
|
||||
REPLY QR AA NXDOMAIN
|
||||
SECTION QUESTION
|
||||
www.example.com. IN A
|
||||
SECTION ANSWER
|
||||
SECTION AUTHORITY
|
||||
example.com. 3600 IN SOA a. b. 1 2 3 4 5
|
||||
example.com. 3600 IN NS nsb.example.com.
|
||||
SECTION ADDITIONAL
|
||||
nsb.example.com. 3600 IN A 1.2.3.4
|
||||
ENTRY_END
|
||||
RANGE_END
|
||||
|
||||
; ns.example.com. new owner
|
||||
RANGE_BEGIN 0 200
|
||||
ADDRESS 8.8.8.8
|
||||
ENTRY_BEGIN
|
||||
MATCH opcode qtype qname
|
||||
ADJUST copy_id
|
||||
REPLY QR AA NOERROR
|
||||
SECTION QUESTION
|
||||
example.com. IN NS
|
||||
SECTION ANSWER
|
||||
example.com. IN NS ns.example.com.
|
||||
SECTION ADDITIONAL
|
||||
ns.example.com. IN A 8.8.8.8
|
||||
ENTRY_END
|
||||
|
||||
ENTRY_BEGIN
|
||||
MATCH opcode qtype qname
|
||||
ADJUST copy_id
|
||||
REPLY QR AA NOERROR
|
||||
SECTION QUESTION
|
||||
www.example.com. IN A
|
||||
SECTION ANSWER
|
||||
www.example.com. 3600 IN A 88.88.88.88
|
||||
SECTION AUTHORITY
|
||||
example.com. 3600 IN NS ns.example.com.
|
||||
SECTION ADDITIONAL
|
||||
ns.example.com. 3600 IN A 8.8.8.8
|
||||
ENTRY_END
|
||||
RANGE_END
|
||||
|
||||
; Fetch the old record from the old owner.
|
||||
STEP 1 QUERY
|
||||
ENTRY_BEGIN
|
||||
REPLY RD
|
||||
SECTION QUESTION
|
||||
www.example.com. IN A
|
||||
ENTRY_END
|
||||
; recursion happens here.
|
||||
STEP 5 CHECK_ANSWER
|
||||
ENTRY_BEGIN
|
||||
MATCH all ttl
|
||||
REPLY QR RD RA NOERROR
|
||||
SECTION QUESTION
|
||||
www.example.com. IN A
|
||||
SECTION ANSWER
|
||||
www.example.com. 3600 IN A 10.20.30.40
|
||||
SECTION AUTHORITY
|
||||
example.com. 3600 IN NS ns.example.com.
|
||||
SECTION ADDITIONAL
|
||||
ns.example.com. 3600 IN A 1.2.3.4
|
||||
ENTRY_END
|
||||
|
||||
; the domain is sold (right at this time).
|
||||
; but the information stays in the cache.
|
||||
|
||||
; after 1800 secs still the cached answer
|
||||
STEP 20 TIME_PASSES ELAPSE 1800
|
||||
|
||||
STEP 30 QUERY
|
||||
ENTRY_BEGIN
|
||||
REPLY RD
|
||||
SECTION QUESTION
|
||||
www.example.com. IN A
|
||||
ENTRY_END
|
||||
; recursion happens here.
|
||||
STEP 40 CHECK_ANSWER
|
||||
ENTRY_BEGIN
|
||||
MATCH all ttl
|
||||
REPLY QR RD RA NOERROR
|
||||
SECTION QUESTION
|
||||
www.example.com. IN A
|
||||
SECTION ANSWER
|
||||
www.example.com. 1800 IN A 10.20.30.40
|
||||
SECTION AUTHORITY
|
||||
example.com. 1800 IN NS ns.example.com.
|
||||
SECTION ADDITIONAL
|
||||
ns.example.com. 1800 IN A 1.2.3.4
|
||||
ENTRY_END
|
||||
|
||||
; and ask another query
|
||||
STEP 50 QUERY
|
||||
ENTRY_BEGIN
|
||||
REPLY RD
|
||||
SECTION QUESTION
|
||||
nx1.example.com. IN A
|
||||
ENTRY_END
|
||||
; recursion happens here.
|
||||
STEP 60 CHECK_ANSWER
|
||||
ENTRY_BEGIN
|
||||
MATCH all ttl
|
||||
REPLY QR RD RA NXDOMAIN
|
||||
SECTION QUESTION
|
||||
nx1.example.com. IN A
|
||||
SECTION ANSWER
|
||||
SECTION AUTHORITY
|
||||
; at TTL 5 because TTL capped at ttl of minttl in rdata of SOA.
|
||||
example.com. 5 IN SOA a. b. 1 2 3 4 5
|
||||
example.com. 3600 IN NS nsb.example.com.
|
||||
SECTION ADDITIONAL
|
||||
nsb.example.com. 3600 IN A 1.2.3.4
|
||||
ENTRY_END
|
||||
|
||||
STEP 62 QUERY
|
||||
ENTRY_BEGIN
|
||||
REPLY RD
|
||||
SECTION QUESTION
|
||||
nx1.example.com. IN A
|
||||
ENTRY_END
|
||||
; recursion happens here.
|
||||
STEP 63 CHECK_ANSWER
|
||||
ENTRY_BEGIN
|
||||
MATCH all ttl
|
||||
REPLY QR RD RA NXDOMAIN
|
||||
SECTION QUESTION
|
||||
nx1.example.com. IN A
|
||||
SECTION ANSWER
|
||||
SECTION AUTHORITY
|
||||
; at TTL 5 because TTL capped at ttl of minttl in rdata of SOA.
|
||||
example.com. 5 IN SOA a. b. 1 2 3 4 5
|
||||
example.com. 1800 IN NS nsb.example.com.
|
||||
SECTION ADDITIONAL
|
||||
nsb.example.com. 3600 IN A 1.2.3.4
|
||||
ENTRY_END
|
||||
|
||||
; after another 1900 seconds the domain must have timed out.
|
||||
STEP 70 TIME_PASSES ELAPSE 1900
|
||||
|
||||
; the NS record should have timed out.
|
||||
STEP 80 QUERY
|
||||
ENTRY_BEGIN
|
||||
REPLY RD
|
||||
SECTION QUESTION
|
||||
www.example.com. IN A
|
||||
ENTRY_END
|
||||
; recursion happens here.
|
||||
STEP 90 CHECK_ANSWER
|
||||
ENTRY_BEGIN
|
||||
MATCH all ttl
|
||||
REPLY QR RD RA NOERROR
|
||||
SECTION QUESTION
|
||||
www.example.com. IN A
|
||||
SECTION ANSWER
|
||||
www.example.com. 3600 IN A 88.88.88.88
|
||||
SECTION AUTHORITY
|
||||
example.com. 3600 IN NS ns.example.com.
|
||||
SECTION ADDITIONAL
|
||||
ns.example.com. 3600 IN A 8.8.8.8
|
||||
ENTRY_END
|
||||
|
||||
SCENARIO_END
|
Binary file not shown.
|
@ -56,6 +56,7 @@
|
|||
#include "util/fptr_wlist.h"
|
||||
#include "util/data/dname.h"
|
||||
#include "util/rtt.h"
|
||||
#include "services/cache/infra.h"
|
||||
#include "sldns/wire2str.h"
|
||||
#include "sldns/parseutil.h"
|
||||
#ifdef HAVE_GLOB_H
|
||||
|
@ -131,6 +132,7 @@ config_create(void)
|
|||
cfg->bogus_ttl = 60;
|
||||
cfg->min_ttl = 0;
|
||||
cfg->max_ttl = 3600 * 24;
|
||||
cfg->max_negative_ttl = 3600;
|
||||
cfg->prefetch = 0;
|
||||
cfg->prefetch_key = 0;
|
||||
cfg->infra_cache_slabs = 4;
|
||||
|
@ -172,6 +174,7 @@ config_create(void)
|
|||
cfg->harden_referral_path = 0;
|
||||
cfg->harden_algo_downgrade = 1;
|
||||
cfg->use_caps_bits_for_id = 0;
|
||||
cfg->caps_whitelist = NULL;
|
||||
cfg->private_address = NULL;
|
||||
cfg->private_domain = NULL;
|
||||
cfg->unwanted_threshold = 0;
|
||||
|
@ -228,6 +231,12 @@ config_create(void)
|
|||
if(!(cfg->dnstap_socket_path = strdup(DNSTAP_SOCKET_PATH)))
|
||||
goto error_exit;
|
||||
#endif
|
||||
cfg->ratelimit = 0;
|
||||
cfg->ratelimit_slabs = 4;
|
||||
cfg->ratelimit_size = 4*1024*1024;
|
||||
cfg->ratelimit_for_domain = NULL;
|
||||
cfg->ratelimit_below_domain = NULL;
|
||||
cfg->ratelimit_factor = 10;
|
||||
return cfg;
|
||||
error_exit:
|
||||
config_delete(cfg);
|
||||
|
@ -381,6 +390,8 @@ int config_set_option(struct config_file* cfg, const char* opt,
|
|||
else S_YNO("prefetch-key:", prefetch_key)
|
||||
else if(strcmp(opt, "cache-max-ttl:") == 0)
|
||||
{ IS_NUMBER_OR_ZERO; cfg->max_ttl = atoi(val); MAX_TTL=(time_t)cfg->max_ttl;}
|
||||
else if(strcmp(opt, "cache-max-negative-ttl:") == 0)
|
||||
{ IS_NUMBER_OR_ZERO; cfg->max_negative_ttl = atoi(val); MAX_NEG_TTL=(time_t)cfg->max_negative_ttl;}
|
||||
else if(strcmp(opt, "cache-min-ttl:") == 0)
|
||||
{ IS_NUMBER_OR_ZERO; cfg->min_ttl = atoi(val); MIN_TTL=(time_t)cfg->min_ttl;}
|
||||
else if(strcmp(opt, "infra-cache-min-rtt:") == 0) {
|
||||
|
@ -409,6 +420,7 @@ int config_set_option(struct config_file* cfg, const char* opt,
|
|||
else S_YNO("harden-referral-path:", harden_referral_path)
|
||||
else S_YNO("harden-algo-downgrade:", harden_algo_downgrade)
|
||||
else S_YNO("use-caps-for-id", use_caps_bits_for_id)
|
||||
else S_STRLIST("caps-whitelist:", caps_whitelist)
|
||||
else S_SIZET_OR_ZERO("unwanted-reply-threshold:", unwanted_threshold)
|
||||
else S_STRLIST("private-address:", private_address)
|
||||
else S_STRLIST("private-domain:", private_domain)
|
||||
|
@ -448,6 +460,13 @@ int config_set_option(struct config_file* cfg, const char* opt,
|
|||
else S_STR("control-cert-file:", control_cert_file)
|
||||
else S_STR("module-config:", module_conf)
|
||||
else S_STR("python-script:", python_script)
|
||||
else if(strcmp(opt, "ratelimit:") == 0) {
|
||||
IS_NUMBER_OR_ZERO; cfg->ratelimit = atoi(val);
|
||||
infra_dp_ratelimit=cfg->ratelimit;
|
||||
}
|
||||
else S_MEMSIZE("ratelimit-size:", ratelimit_size)
|
||||
else S_POW2("ratelimit-slabs:", ratelimit_slabs)
|
||||
else S_NUMBER_OR_ZERO("ratelimit-factor:", ratelimit_factor)
|
||||
/* val_sig_skew_min and max are copied into val_env during init,
|
||||
* so this does not update val_env with set_option */
|
||||
else if(strcmp(opt, "val-sig-skew-min:") == 0)
|
||||
|
@ -470,7 +489,8 @@ int config_set_option(struct config_file* cfg, const char* opt,
|
|||
* interface, outgoing-interface, access-control,
|
||||
* stub-zone, name, stub-addr, stub-host, stub-prime
|
||||
* forward-first, stub-first,
|
||||
* forward-zone, name, forward-addr, forward-host */
|
||||
* forward-zone, name, forward-addr, forward-host,
|
||||
* ratelimit-for-domain, ratelimit-below-domain */
|
||||
return 0;
|
||||
}
|
||||
return 1;
|
||||
|
@ -582,8 +602,8 @@ config_collate_cat(struct config_strlist* list)
|
|||
#define O_MEM(opt, str, var) if(strcmp(opt, str)==0) { \
|
||||
if(cfg->var > 1024*1024*1024) { \
|
||||
size_t f=cfg->var/(size_t)1000000, b=cfg->var%(size_t)1000000; \
|
||||
snprintf(buf, len, "%u%6.6u\n", (unsigned)f, (unsigned)b); \
|
||||
} else snprintf(buf, len, "%u\n", (unsigned)cfg->var); \
|
||||
snprintf(buf, len, "%u%6.6u", (unsigned)f, (unsigned)b); \
|
||||
} else snprintf(buf, len, "%u", (unsigned)cfg->var); \
|
||||
func(buf, arg);}
|
||||
/** compare and print list option */
|
||||
#define O_LST(opt, name, lst) if(strcmp(opt, name)==0) { \
|
||||
|
@ -635,6 +655,7 @@ config_get_option(struct config_file* cfg, const char* opt,
|
|||
else O_YNO(opt, "prefetch-key", prefetch_key)
|
||||
else O_YNO(opt, "prefetch", prefetch)
|
||||
else O_DEC(opt, "cache-max-ttl", max_ttl)
|
||||
else O_DEC(opt, "cache-max-negative-ttl", max_negative_ttl)
|
||||
else O_DEC(opt, "cache-min-ttl", min_ttl)
|
||||
else O_DEC(opt, "infra-host-ttl", host_ttl)
|
||||
else O_DEC(opt, "infra-cache-slabs", infra_cache_slabs)
|
||||
|
@ -670,6 +691,7 @@ config_get_option(struct config_file* cfg, const char* opt,
|
|||
else O_YNO(opt, "harden-referral-path", harden_referral_path)
|
||||
else O_YNO(opt, "harden-algo-downgrade", harden_algo_downgrade)
|
||||
else O_YNO(opt, "use-caps-for-id", use_caps_bits_for_id)
|
||||
else O_LST(opt, "caps-whitelist", caps_whitelist)
|
||||
else O_DEC(opt, "unwanted-reply-threshold", unwanted_threshold)
|
||||
else O_YNO(opt, "do-not-query-localhost", donotquery_localhost)
|
||||
else O_STR(opt, "module-config", module_conf)
|
||||
|
@ -710,6 +732,12 @@ config_get_option(struct config_file* cfg, const char* opt,
|
|||
else O_YNO(opt, "unblock-lan-zones", unblock_lan_zones)
|
||||
else O_DEC(opt, "max-udp-size", max_udp_size)
|
||||
else O_STR(opt, "python-script", python_script)
|
||||
else O_DEC(opt, "ratelimit", ratelimit)
|
||||
else O_MEM(opt, "ratelimit-size", ratelimit_size)
|
||||
else O_DEC(opt, "ratelimit-slabs", ratelimit_slabs)
|
||||
else O_LS2(opt, "ratelimit-for-domain", ratelimit_for_domain)
|
||||
else O_LS2(opt, "ratelimit-below-domain", ratelimit_below_domain)
|
||||
else O_DEC(opt, "ratelimit-factor", ratelimit_factor)
|
||||
else O_DEC(opt, "val-sig-skew-min", val_sig_skew_min)
|
||||
else O_DEC(opt, "val-sig-skew-max", val_sig_skew_max)
|
||||
/* not here:
|
||||
|
@ -897,6 +925,7 @@ config_delete(struct config_file* cfg)
|
|||
free(cfg->version);
|
||||
free(cfg->module_conf);
|
||||
free(cfg->outgoing_avail_ports);
|
||||
config_delstrlist(cfg->caps_whitelist);
|
||||
config_delstrlist(cfg->private_address);
|
||||
config_delstrlist(cfg->private_domain);
|
||||
config_delstrlist(cfg->auto_trust_anchor_file_list);
|
||||
|
@ -916,9 +945,12 @@ config_delete(struct config_file* cfg)
|
|||
free(cfg->server_cert_file);
|
||||
free(cfg->control_key_file);
|
||||
free(cfg->control_cert_file);
|
||||
free(cfg->dns64_prefix);
|
||||
free(cfg->dnstap_socket_path);
|
||||
free(cfg->dnstap_identity);
|
||||
free(cfg->dnstap_version);
|
||||
config_deldblstrlist(cfg->ratelimit_for_domain);
|
||||
config_deldblstrlist(cfg->ratelimit_below_domain);
|
||||
free(cfg);
|
||||
}
|
||||
|
||||
|
@ -1205,6 +1237,7 @@ config_apply(struct config_file* config)
|
|||
{
|
||||
MAX_TTL = (time_t)config->max_ttl;
|
||||
MIN_TTL = (time_t)config->min_ttl;
|
||||
MAX_NEG_TTL = (time_t)config->max_negative_ttl;
|
||||
RTT_MIN_TIMEOUT = config->infra_cache_min_rtt;
|
||||
EDNS_ADVERTISED_SIZE = (uint16_t)config->edns_buffer_size;
|
||||
MINIMAL_RESPONSES = config->minimal_responses;
|
||||
|
|
|
@ -179,6 +179,8 @@ struct config_file {
|
|||
int harden_algo_downgrade;
|
||||
/** use 0x20 bits in query as random ID bits */
|
||||
int use_caps_bits_for_id;
|
||||
/** 0x20 whitelist, domains that do not use capsforid */
|
||||
struct config_strlist* caps_whitelist;
|
||||
/** strip away these private addrs from answers, no DNS Rebinding */
|
||||
struct config_strlist* private_address;
|
||||
/** allow domain (and subdomains) to use private address space */
|
||||
|
@ -189,6 +191,8 @@ struct config_file {
|
|||
int max_ttl;
|
||||
/** the number of seconds minimum TTL used for RRsets and messages */
|
||||
int min_ttl;
|
||||
/** the number of seconds maximal negative TTL for SOA in auth */
|
||||
int max_negative_ttl;
|
||||
/** if prefetching of messages should be performed. */
|
||||
int prefetch;
|
||||
/** if prefetching of DNSKEYs should be performed. */
|
||||
|
@ -345,6 +349,19 @@ struct config_file {
|
|||
int dnstap_log_forwarder_query_messages;
|
||||
/** true to log dnstap FORWARDER_RESPONSE message events */
|
||||
int dnstap_log_forwarder_response_messages;
|
||||
|
||||
/** ratelimit 0 is off, otherwise qps (unless overridden) */
|
||||
int ratelimit;
|
||||
/** number of slabs for ratelimit cache */
|
||||
size_t ratelimit_slabs;
|
||||
/** memory size in bytes for ratelimit cache */
|
||||
size_t ratelimit_size;
|
||||
/** ratelimits for domain (exact match) */
|
||||
struct config_str2list* ratelimit_for_domain;
|
||||
/** ratelimits below domain */
|
||||
struct config_str2list* ratelimit_below_domain;
|
||||
/** ratelimit factor, 0 blocks all, 10 allows 1/10 of traffic */
|
||||
int ratelimit_factor;
|
||||
};
|
||||
|
||||
/** from cfg username, after daemonise setup performed */
|
||||
|
|
File diff suppressed because it is too large
Load Diff
|
@ -240,6 +240,7 @@ msg-cache-slabs{COLON} { YDVAR(1, VAR_MSG_CACHE_SLABS) }
|
|||
rrset-cache-size{COLON} { YDVAR(1, VAR_RRSET_CACHE_SIZE) }
|
||||
rrset-cache-slabs{COLON} { YDVAR(1, VAR_RRSET_CACHE_SLABS) }
|
||||
cache-max-ttl{COLON} { YDVAR(1, VAR_CACHE_MAX_TTL) }
|
||||
cache-max-negative-ttl{COLON} { YDVAR(1, VAR_CACHE_MAX_NEGATIVE_TTL) }
|
||||
cache-min-ttl{COLON} { YDVAR(1, VAR_CACHE_MIN_TTL) }
|
||||
infra-host-ttl{COLON} { YDVAR(1, VAR_INFRA_HOST_TTL) }
|
||||
infra-lame-ttl{COLON} { YDVAR(1, VAR_INFRA_LAME_TTL) }
|
||||
|
@ -259,6 +260,7 @@ harden-below-nxdomain{COLON} { YDVAR(1, VAR_HARDEN_BELOW_NXDOMAIN) }
|
|||
harden-referral-path{COLON} { YDVAR(1, VAR_HARDEN_REFERRAL_PATH) }
|
||||
harden-algo-downgrade{COLON} { YDVAR(1, VAR_HARDEN_ALGO_DOWNGRADE) }
|
||||
use-caps-for-id{COLON} { YDVAR(1, VAR_USE_CAPS_FOR_ID) }
|
||||
caps-whitelist{COLON} { YDVAR(1, VAR_CAPS_WHITELIST) }
|
||||
unwanted-reply-threshold{COLON} { YDVAR(1, VAR_UNWANTED_REPLY_THRESHOLD) }
|
||||
private-address{COLON} { YDVAR(1, VAR_PRIVATE_ADDRESS) }
|
||||
private-domain{COLON} { YDVAR(1, VAR_PRIVATE_DOMAIN) }
|
||||
|
@ -350,6 +352,12 @@ dnstap-log-forwarder-query-messages{COLON} {
|
|||
YDVAR(1, VAR_DNSTAP_LOG_FORWARDER_QUERY_MESSAGES) }
|
||||
dnstap-log-forwarder-response-messages{COLON} {
|
||||
YDVAR(1, VAR_DNSTAP_LOG_FORWARDER_RESPONSE_MESSAGES) }
|
||||
ratelimit{COLON} { YDVAR(1, VAR_RATELIMIT) }
|
||||
ratelimit-slabs{COLON} { YDVAR(1, VAR_RATELIMIT_SLABS) }
|
||||
ratelimit-size{COLON} { YDVAR(1, VAR_RATELIMIT_SIZE) }
|
||||
ratelimit-for-domain{COLON} { YDVAR(2, VAR_RATELIMIT_FOR_DOMAIN) }
|
||||
ratelimit-below-domain{COLON} { YDVAR(2, VAR_RATELIMIT_BELOW_DOMAIN) }
|
||||
ratelimit-factor{COLON} { YDVAR(1, VAR_RATELIMIT_FACTOR) }
|
||||
<INITIAL,val>{NEWLINE} { LEXOUT(("NL\n")); cfg_parser->line++; }
|
||||
|
||||
/* Quoted strings. Strip leading and ending quotes */
|
||||
|
|
File diff suppressed because it is too large
Load Diff
|
@ -195,7 +195,15 @@ extern int yydebug;
|
|||
VAR_DNSTAP_LOG_FORWARDER_QUERY_MESSAGES = 404,
|
||||
VAR_DNSTAP_LOG_FORWARDER_RESPONSE_MESSAGES = 405,
|
||||
VAR_HARDEN_ALGO_DOWNGRADE = 406,
|
||||
VAR_IP_TRANSPARENT = 407
|
||||
VAR_IP_TRANSPARENT = 407,
|
||||
VAR_RATELIMIT = 408,
|
||||
VAR_RATELIMIT_SLABS = 409,
|
||||
VAR_RATELIMIT_SIZE = 410,
|
||||
VAR_RATELIMIT_FOR_DOMAIN = 411,
|
||||
VAR_RATELIMIT_BELOW_DOMAIN = 412,
|
||||
VAR_RATELIMIT_FACTOR = 413,
|
||||
VAR_CAPS_WHITELIST = 414,
|
||||
VAR_CACHE_MAX_NEGATIVE_TTL = 415
|
||||
};
|
||||
#endif
|
||||
/* Tokens. */
|
||||
|
@ -349,6 +357,14 @@ extern int yydebug;
|
|||
#define VAR_DNSTAP_LOG_FORWARDER_RESPONSE_MESSAGES 405
|
||||
#define VAR_HARDEN_ALGO_DOWNGRADE 406
|
||||
#define VAR_IP_TRANSPARENT 407
|
||||
#define VAR_RATELIMIT 408
|
||||
#define VAR_RATELIMIT_SLABS 409
|
||||
#define VAR_RATELIMIT_SIZE 410
|
||||
#define VAR_RATELIMIT_FOR_DOMAIN 411
|
||||
#define VAR_RATELIMIT_BELOW_DOMAIN 412
|
||||
#define VAR_RATELIMIT_FACTOR 413
|
||||
#define VAR_CAPS_WHITELIST 414
|
||||
#define VAR_CACHE_MAX_NEGATIVE_TTL 415
|
||||
|
||||
|
||||
|
||||
|
@ -362,7 +378,7 @@ typedef union YYSTYPE
|
|||
|
||||
|
||||
/* Line 2058 of yacc.c */
|
||||
#line 366 "util/configparser.h"
|
||||
#line 382 "util/configparser.h"
|
||||
} YYSTYPE;
|
||||
# define YYSTYPE_IS_TRIVIAL 1
|
||||
# define yystype YYSTYPE /* obsolescent; will be withdrawn */
|
||||
|
|
|
@ -119,6 +119,9 @@ extern struct config_parser_state* cfg_parser;
|
|||
%token VAR_DNSTAP_LOG_FORWARDER_QUERY_MESSAGES
|
||||
%token VAR_DNSTAP_LOG_FORWARDER_RESPONSE_MESSAGES
|
||||
%token VAR_HARDEN_ALGO_DOWNGRADE VAR_IP_TRANSPARENT
|
||||
%token VAR_RATELIMIT VAR_RATELIMIT_SLABS VAR_RATELIMIT_SIZE
|
||||
%token VAR_RATELIMIT_FOR_DOMAIN VAR_RATELIMIT_BELOW_DOMAIN VAR_RATELIMIT_FACTOR
|
||||
%token VAR_CAPS_WHITELIST VAR_CACHE_MAX_NEGATIVE_TTL
|
||||
|
||||
%%
|
||||
toplevelvars: /* empty */ | toplevelvars toplevelvar ;
|
||||
|
@ -179,7 +182,10 @@ content_server: server_num_threads | server_verbosity | server_port |
|
|||
server_so_reuseport | server_delay_close | server_unblock_lan_zones |
|
||||
server_dns64_prefix | server_dns64_synthall |
|
||||
server_infra_cache_min_rtt | server_harden_algo_downgrade |
|
||||
server_ip_transparent
|
||||
server_ip_transparent | server_ratelimit | server_ratelimit_slabs |
|
||||
server_ratelimit_size | server_ratelimit_for_domain |
|
||||
server_ratelimit_below_domain | server_ratelimit_factor |
|
||||
server_caps_whitelist | server_cache_max_negative_ttl
|
||||
;
|
||||
stubstart: VAR_STUB_ZONE
|
||||
{
|
||||
|
@ -878,6 +884,13 @@ server_use_caps_for_id: VAR_USE_CAPS_FOR_ID STRING_ARG
|
|||
free($2);
|
||||
}
|
||||
;
|
||||
server_caps_whitelist: VAR_CAPS_WHITELIST STRING_ARG
|
||||
{
|
||||
OUTYY(("P(server_caps_whitelist:%s)\n", $2));
|
||||
if(!cfg_strlist_insert(&cfg_parser->cfg->caps_whitelist, $2))
|
||||
yyerror("out of memory");
|
||||
}
|
||||
;
|
||||
server_private_address: VAR_PRIVATE_ADDRESS STRING_ARG
|
||||
{
|
||||
OUTYY(("P(server_private_address:%s)\n", $2));
|
||||
|
@ -1013,6 +1026,15 @@ server_cache_max_ttl: VAR_CACHE_MAX_TTL STRING_ARG
|
|||
free($2);
|
||||
}
|
||||
;
|
||||
server_cache_max_negative_ttl: VAR_CACHE_MAX_NEGATIVE_TTL STRING_ARG
|
||||
{
|
||||
OUTYY(("P(server_cache_max_negative_ttl:%s)\n", $2));
|
||||
if(atoi($2) == 0 && strcmp($2, "0") != 0)
|
||||
yyerror("number expected");
|
||||
else cfg_parser->cfg->max_negative_ttl = atoi($2);
|
||||
free($2);
|
||||
}
|
||||
;
|
||||
server_cache_min_ttl: VAR_CACHE_MIN_TTL STRING_ARG
|
||||
{
|
||||
OUTYY(("P(server_cache_min_ttl:%s)\n", $2));
|
||||
|
@ -1139,10 +1161,11 @@ server_local_zone: VAR_LOCAL_ZONE STRING_ARG STRING_ARG
|
|||
strcmp($3, "refuse")!=0 && strcmp($3, "redirect")!=0 &&
|
||||
strcmp($3, "transparent")!=0 && strcmp($3, "nodefault")!=0
|
||||
&& strcmp($3, "typetransparent")!=0 &&
|
||||
strcmp($3, "inform")!=0)
|
||||
strcmp($3, "inform")!=0 && strcmp($3, "inform_deny")!=0)
|
||||
yyerror("local-zone type: expected static, deny, "
|
||||
"refuse, redirect, transparent, "
|
||||
"typetransparent, inform or nodefault");
|
||||
"typetransparent, inform, inform_deny "
|
||||
"or nodefault");
|
||||
else if(strcmp($3, "nodefault")==0) {
|
||||
if(!cfg_strlist_insert(&cfg_parser->cfg->
|
||||
local_zones_nodefault, $2))
|
||||
|
@ -1220,6 +1243,71 @@ server_dns64_synthall: VAR_DNS64_SYNTHALL STRING_ARG
|
|||
free($2);
|
||||
}
|
||||
;
|
||||
server_ratelimit: VAR_RATELIMIT STRING_ARG
|
||||
{
|
||||
OUTYY(("P(server_ratelimit:%s)\n", $2));
|
||||
if(atoi($2) == 0 && strcmp($2, "0") != 0)
|
||||
yyerror("number expected");
|
||||
else cfg_parser->cfg->ratelimit = atoi($2);
|
||||
free($2);
|
||||
}
|
||||
;
|
||||
server_ratelimit_size: VAR_RATELIMIT_SIZE STRING_ARG
|
||||
{
|
||||
OUTYY(("P(server_ratelimit_size:%s)\n", $2));
|
||||
if(!cfg_parse_memsize($2, &cfg_parser->cfg->ratelimit_size))
|
||||
yyerror("memory size expected");
|
||||
free($2);
|
||||
}
|
||||
;
|
||||
server_ratelimit_slabs: VAR_RATELIMIT_SLABS STRING_ARG
|
||||
{
|
||||
OUTYY(("P(server_ratelimit_slabs:%s)\n", $2));
|
||||
if(atoi($2) == 0)
|
||||
yyerror("number expected");
|
||||
else {
|
||||
cfg_parser->cfg->ratelimit_slabs = atoi($2);
|
||||
if(!is_pow2(cfg_parser->cfg->ratelimit_slabs))
|
||||
yyerror("must be a power of 2");
|
||||
}
|
||||
free($2);
|
||||
}
|
||||
;
|
||||
server_ratelimit_for_domain: VAR_RATELIMIT_FOR_DOMAIN STRING_ARG STRING_ARG
|
||||
{
|
||||
OUTYY(("P(server_ratelimit_for_domain:%s %s)\n", $2, $3));
|
||||
if(atoi($3) == 0 && strcmp($3, "0") != 0) {
|
||||
yyerror("number expected");
|
||||
} else {
|
||||
if(!cfg_str2list_insert(&cfg_parser->cfg->
|
||||
ratelimit_for_domain, $2, $3))
|
||||
fatal_exit("out of memory adding "
|
||||
"ratelimit-for-domain");
|
||||
}
|
||||
}
|
||||
;
|
||||
server_ratelimit_below_domain: VAR_RATELIMIT_BELOW_DOMAIN STRING_ARG STRING_ARG
|
||||
{
|
||||
OUTYY(("P(server_ratelimit_below_domain:%s %s)\n", $2, $3));
|
||||
if(atoi($3) == 0 && strcmp($3, "0") != 0) {
|
||||
yyerror("number expected");
|
||||
} else {
|
||||
if(!cfg_str2list_insert(&cfg_parser->cfg->
|
||||
ratelimit_below_domain, $2, $3))
|
||||
fatal_exit("out of memory adding "
|
||||
"ratelimit-below-domain");
|
||||
}
|
||||
}
|
||||
;
|
||||
server_ratelimit_factor: VAR_RATELIMIT_FACTOR STRING_ARG
|
||||
{
|
||||
OUTYY(("P(server_ratelimit_factor:%s)\n", $2));
|
||||
if(atoi($2) == 0 && strcmp($2, "0") != 0)
|
||||
yyerror("number expected");
|
||||
else cfg_parser->cfg->ratelimit_factor = atoi($2);
|
||||
free($2);
|
||||
}
|
||||
;
|
||||
stub_name: VAR_NAME STRING_ARG
|
||||
{
|
||||
OUTYY(("P(name:%s)\n", $2));
|
||||
|
|
|
@ -76,6 +76,8 @@ struct regional;
|
|||
extern time_t MAX_TTL;
|
||||
/** Minimum TTL that is allowed. */
|
||||
extern time_t MIN_TTL;
|
||||
/** Maximum Negative TTL that is allowed */
|
||||
extern time_t MAX_NEG_TTL;
|
||||
/** Negative cache time (for entries without any RRs.) */
|
||||
#define NORR_TTL 5 /* seconds */
|
||||
|
||||
|
|
|
@ -57,6 +57,8 @@
|
|||
time_t MAX_TTL = 3600 * 24 * 10; /* ten days */
|
||||
/** MIN TTL default for messages and rrsets */
|
||||
time_t MIN_TTL = 0;
|
||||
/** MAX Negative TTL, for SOA records in authority section */
|
||||
time_t MAX_NEG_TTL = 3600; /* one hour */
|
||||
|
||||
/** allocate qinfo, return 0 on error */
|
||||
static int
|
||||
|
@ -153,10 +155,23 @@ repinfo_alloc_rrset_keys(struct reply_info* rep, struct alloc_cache* alloc,
|
|||
return 1;
|
||||
}
|
||||
|
||||
/** find the minimumttl in the rdata of SOA record */
|
||||
static time_t
|
||||
soa_find_minttl(struct rr_parse* rr)
|
||||
{
|
||||
uint16_t rlen = sldns_read_uint16(rr->ttl_data+4);
|
||||
if(rlen < 20)
|
||||
return 0; /* rdata too small for SOA (dname, dname, 5*32bit) */
|
||||
/* minimum TTL is the last 32bit value in the rdata of the record */
|
||||
/* at position ttl_data + 4(ttl) + 2(rdatalen) + rdatalen - 4(timeval)*/
|
||||
return (time_t)sldns_read_uint32(rr->ttl_data+6+rlen-4);
|
||||
}
|
||||
|
||||
/** do the rdata copy */
|
||||
static int
|
||||
rdata_copy(sldns_buffer* pkt, struct packed_rrset_data* data, uint8_t* to,
|
||||
struct rr_parse* rr, time_t* rr_ttl, uint16_t type)
|
||||
struct rr_parse* rr, time_t* rr_ttl, uint16_t type,
|
||||
sldns_pkt_section section)
|
||||
{
|
||||
uint16_t pkt_len;
|
||||
const sldns_rr_descriptor* desc;
|
||||
|
@ -165,6 +180,14 @@ rdata_copy(sldns_buffer* pkt, struct packed_rrset_data* data, uint8_t* to,
|
|||
/* RFC 2181 Section 8. if msb of ttl is set treat as if zero. */
|
||||
if(*rr_ttl & 0x80000000U)
|
||||
*rr_ttl = 0;
|
||||
if(type == LDNS_RR_TYPE_SOA && section == LDNS_SECTION_AUTHORITY) {
|
||||
/* negative response. see if TTL of SOA record larger than the
|
||||
* minimum-ttl in the rdata of the SOA record */
|
||||
if(*rr_ttl > soa_find_minttl(rr))
|
||||
*rr_ttl = soa_find_minttl(rr);
|
||||
if(*rr_ttl > MAX_NEG_TTL)
|
||||
*rr_ttl = MAX_NEG_TTL;
|
||||
}
|
||||
if(*rr_ttl < MIN_TTL)
|
||||
*rr_ttl = MIN_TTL;
|
||||
if(*rr_ttl < data->ttl)
|
||||
|
@ -254,7 +277,7 @@ parse_rr_copy(sldns_buffer* pkt, struct rrset_parse* pset,
|
|||
data->rr_data[i] = nextrdata;
|
||||
nextrdata += rr->size;
|
||||
if(!rdata_copy(pkt, data, data->rr_data[i], rr,
|
||||
&data->rr_ttl[i], pset->type))
|
||||
&data->rr_ttl[i], pset->type, pset->section))
|
||||
return 0;
|
||||
rr = rr->next;
|
||||
}
|
||||
|
@ -265,7 +288,7 @@ parse_rr_copy(sldns_buffer* pkt, struct rrset_parse* pset,
|
|||
data->rr_data[i] = nextrdata;
|
||||
nextrdata += rr->size;
|
||||
if(!rdata_copy(pkt, data, data->rr_data[i], rr,
|
||||
&data->rr_ttl[i], LDNS_RR_TYPE_RRSIG))
|
||||
&data->rr_ttl[i], LDNS_RR_TYPE_RRSIG, pset->section))
|
||||
return 0;
|
||||
rr = rr->next;
|
||||
}
|
||||
|
|
|
@ -210,6 +210,7 @@ fptr_whitelist_hash_sizefunc(lruhash_sizefunc_t fptr)
|
|||
else if(fptr == &ub_rrset_sizefunc) return 1;
|
||||
else if(fptr == &infra_sizefunc) return 1;
|
||||
else if(fptr == &key_entry_sizefunc) return 1;
|
||||
else if(fptr == &rate_sizefunc) return 1;
|
||||
else if(fptr == &test_slabhash_sizefunc) return 1;
|
||||
return 0;
|
||||
}
|
||||
|
@ -221,6 +222,7 @@ fptr_whitelist_hash_compfunc(lruhash_compfunc_t fptr)
|
|||
else if(fptr == &ub_rrset_compare) return 1;
|
||||
else if(fptr == &infra_compfunc) return 1;
|
||||
else if(fptr == &key_entry_compfunc) return 1;
|
||||
else if(fptr == &rate_compfunc) return 1;
|
||||
else if(fptr == &test_slabhash_compfunc) return 1;
|
||||
return 0;
|
||||
}
|
||||
|
@ -232,6 +234,7 @@ fptr_whitelist_hash_delkeyfunc(lruhash_delkeyfunc_t fptr)
|
|||
else if(fptr == &ub_rrset_key_delete) return 1;
|
||||
else if(fptr == &infra_delkeyfunc) return 1;
|
||||
else if(fptr == &key_entry_delkeyfunc) return 1;
|
||||
else if(fptr == &rate_delkeyfunc) return 1;
|
||||
else if(fptr == &test_slabhash_delkey) return 1;
|
||||
return 0;
|
||||
}
|
||||
|
@ -243,6 +246,7 @@ fptr_whitelist_hash_deldatafunc(lruhash_deldatafunc_t fptr)
|
|||
else if(fptr == &rrset_data_delete) return 1;
|
||||
else if(fptr == &infra_deldatafunc) return 1;
|
||||
else if(fptr == &key_entry_deldatafunc) return 1;
|
||||
else if(fptr == &rate_deldatafunc) return 1;
|
||||
else if(fptr == &test_slabhash_deldata) return 1;
|
||||
return 0;
|
||||
}
|
||||
|
|
|
@ -3791,7 +3791,6 @@
|
|||
4321,
|
||||
4322,
|
||||
4323,
|
||||
4324,
|
||||
4325,
|
||||
4326,
|
||||
4327,
|
||||
|
@ -4015,6 +4014,7 @@
|
|||
4952,
|
||||
4969,
|
||||
4970,
|
||||
4980,
|
||||
4986,
|
||||
4987,
|
||||
4988,
|
||||
|
@ -4434,6 +4434,7 @@
|
|||
6389,
|
||||
6390,
|
||||
6417,
|
||||
6419,
|
||||
6420,
|
||||
6421,
|
||||
6443,
|
||||
|
|
|
@ -498,12 +498,16 @@ comm_point_send_udp_msg_if(struct comm_point *c, sldns_buffer* packet,
|
|||
cmsg = CMSG_FIRSTHDR(&msg);
|
||||
if(r->srctype == 4) {
|
||||
#ifdef IP_PKTINFO
|
||||
void* cmsg_data;
|
||||
msg.msg_controllen = CMSG_SPACE(sizeof(struct in_pktinfo));
|
||||
log_assert(msg.msg_controllen <= sizeof(control));
|
||||
cmsg->cmsg_level = IPPROTO_IP;
|
||||
cmsg->cmsg_type = IP_PKTINFO;
|
||||
memmove(CMSG_DATA(cmsg), &r->pktinfo.v4info,
|
||||
sizeof(struct in_pktinfo));
|
||||
/* unset the ifindex to not bypass the routing tables */
|
||||
cmsg_data = CMSG_DATA(cmsg);
|
||||
((struct in_pktinfo *) cmsg_data)->ipi_ifindex = 0;
|
||||
cmsg->cmsg_len = CMSG_LEN(sizeof(struct in_pktinfo));
|
||||
#elif defined(IP_SENDSRCADDR)
|
||||
msg.msg_controllen = CMSG_SPACE(sizeof(struct in_addr));
|
||||
|
@ -518,12 +522,16 @@ comm_point_send_udp_msg_if(struct comm_point *c, sldns_buffer* packet,
|
|||
msg.msg_control = NULL;
|
||||
#endif /* IP_PKTINFO or IP_SENDSRCADDR */
|
||||
} else if(r->srctype == 6) {
|
||||
void* cmsg_data;
|
||||
msg.msg_controllen = CMSG_SPACE(sizeof(struct in6_pktinfo));
|
||||
log_assert(msg.msg_controllen <= sizeof(control));
|
||||
cmsg->cmsg_level = IPPROTO_IPV6;
|
||||
cmsg->cmsg_type = IPV6_PKTINFO;
|
||||
memmove(CMSG_DATA(cmsg), &r->pktinfo.v6info,
|
||||
sizeof(struct in6_pktinfo));
|
||||
/* unset the ifindex to not bypass the routing tables */
|
||||
cmsg_data = CMSG_DATA(cmsg);
|
||||
((struct in6_pktinfo *) cmsg_data)->ipi6_ifindex = 0;
|
||||
cmsg->cmsg_len = CMSG_LEN(sizeof(struct in6_pktinfo));
|
||||
} else {
|
||||
/* try to pass all 0 to use default route */
|
||||
|
|
|
@ -1184,7 +1184,7 @@ void autr_write_file(struct module_env* env, struct trust_anchor* tp)
|
|||
verbose(VERB_ALGO, "autotrust: write to disk: %s", tempf);
|
||||
out = fopen(tempf, "w");
|
||||
if(!out) {
|
||||
log_err("could not open autotrust file for writing, %s: %s",
|
||||
fatal_exit("could not open autotrust file for writing, %s: %s",
|
||||
tempf, strerror(errno));
|
||||
return;
|
||||
}
|
||||
|
@ -1192,11 +1192,11 @@ void autr_write_file(struct module_env* env, struct trust_anchor* tp)
|
|||
/* failed to write contents (completely) */
|
||||
fclose(out);
|
||||
unlink(tempf);
|
||||
log_err("could not completely write: %s", fname);
|
||||
fatal_exit("could not completely write: %s", fname);
|
||||
return;
|
||||
}
|
||||
if(fclose(out) != 0) {
|
||||
log_err("could not complete write: %s: %s",
|
||||
fatal_exit("could not complete write: %s: %s",
|
||||
fname, strerror(errno));
|
||||
unlink(tempf);
|
||||
return;
|
||||
|
@ -1207,7 +1207,7 @@ void autr_write_file(struct module_env* env, struct trust_anchor* tp)
|
|||
(void)unlink(fname); /* windows does not replace file with rename() */
|
||||
#endif
|
||||
if(rename(tempf, fname) < 0) {
|
||||
log_err("rename(%s to %s): %s", tempf, fname, strerror(errno));
|
||||
fatal_exit("rename(%s to %s): %s", tempf, fname, strerror(errno));
|
||||
}
|
||||
}
|
||||
|
||||
|
|
|
@ -519,8 +519,8 @@ validate_msg_signatures(struct module_qstate* qstate, struct module_env* env,
|
|||
"has failed AUTHORITY rrset:", s->rk.dname,
|
||||
ntohs(s->rk.type), ntohs(s->rk.rrset_class));
|
||||
errinf(qstate, reason);
|
||||
errinf_rrset(qstate, s);
|
||||
errinf_origin(qstate, qstate->reply_origin);
|
||||
errinf_rrset(qstate, s);
|
||||
chase_reply->security = sec_status_bogus;
|
||||
return 0;
|
||||
}
|
||||
|
@ -1815,6 +1815,8 @@ processValidate(struct module_qstate* qstate, struct val_qstate* vq,
|
|||
|
||||
/**
|
||||
* Init DLV check.
|
||||
* DLV is going to be decommissioned, but the code is still here for some time.
|
||||
*
|
||||
* Called when a query is determined by other trust anchors to be insecure
|
||||
* (or indeterminate). Then we look if there is a key in the DLV.
|
||||
* Performs aggressive negative cache check to see if there is no key.
|
||||
|
|
|
@ -75,25 +75,6 @@ section "Root anchor - DNSSEC" SectionRootKey
|
|||
AddSize 2
|
||||
sectionEnd
|
||||
|
||||
# the /o means it is not selected by default.
|
||||
section /o "DLV - dlv.isc.org" SectionDLV
|
||||
# add estimated size for key (Kb)
|
||||
AddSize 2
|
||||
SetOutPath $INSTDIR
|
||||
|
||||
# libgcc exception lib used by NSISdl plugin (in crosscompile).
|
||||
File /nonfatal "/oname=$PLUGINSDIR\libgcc_s_sjlj-1.dll" "/usr/i686-w64-mingw32/sys-root/mingw/bin/libgcc_s_sjlj-1.dll"
|
||||
|
||||
NSISdl::download "http://ftp.isc.org/www/dlv/dlv.isc.org.key" "$INSTDIR\dlv.isc.org.key"
|
||||
Pop $R0 # result from Inetc::get
|
||||
${If} $R0 != "success"
|
||||
MessageBox MB_OK|MB_ICONEXCLAMATION "Download error (ftp.isc.org: $R0), click OK to abort installation" /SD IDOK
|
||||
SetOutPath "C:\"
|
||||
RMDir "$INSTDIR" # doesnt work directory in use by us ...
|
||||
Abort
|
||||
${EndIf}
|
||||
sectionEnd
|
||||
|
||||
section "-hidden.postinstall"
|
||||
# copy files
|
||||
setOutPath $INSTDIR
|
||||
|
@ -128,25 +109,10 @@ section "-hidden.postinstall"
|
|||
WriteRegStr HKLM "Software\Unbound" "RootAnchor" ""
|
||||
${EndIf}
|
||||
|
||||
# Store DLV choice
|
||||
SectionGetFlags ${SectionDLV} $R0
|
||||
IntOp $R0 $R0 & ${SF_SELECTED}
|
||||
${If} $R0 == ${SF_SELECTED}
|
||||
ClearErrors
|
||||
FileOpen $R1 "$INSTDIR\service.conf" a
|
||||
IfErrors done_dlv
|
||||
FileSeek $R1 0 END
|
||||
FileWrite $R1 "$\nserver: dlv-anchor-file: $\"$INSTDIR\dlv.isc.org.key$\"$\n"
|
||||
FileClose $R1
|
||||
done_dlv:
|
||||
WriteRegStr HKLM "Software\Unbound" "CronAction" "$\"$INSTDIR\anchor-update.exe$\" dlv.isc.org $\"$INSTDIR\dlv.isc.org.key$\""
|
||||
${Else}
|
||||
WriteRegStr HKLM "Software\Unbound" "CronAction" ""
|
||||
${EndIf}
|
||||
|
||||
# store installation folder
|
||||
WriteRegStr HKLM "Software\Unbound" "InstallLocation" "$INSTDIR"
|
||||
WriteRegStr HKLM "Software\Unbound" "ConfigFile" "$INSTDIR\service.conf"
|
||||
WriteRegStr HKLM "Software\Unbound" "CronAction" ""
|
||||
WriteRegDWORD HKLM "Software\Unbound" "CronTime" 86400
|
||||
|
||||
# uninstaller
|
||||
|
@ -177,12 +143,10 @@ sectionEnd
|
|||
# set section descriptions
|
||||
LangString DESC_unbound ${LANG_ENGLISH} "The base unbound DNS(SEC) validating caching resolver. $\r$\n$\r$\nStarted at boot from the Services control panel, logs to the Application Log, and the config file is its Program Files folder."
|
||||
LangString DESC_rootkey ${LANG_ENGLISH} "Set up to use the DNSSEC root trust anchor. It is automatically updated. $\r$\n$\r$\nThis provides the main key that is used for security verification."
|
||||
LangString DESC_dlv ${LANG_ENGLISH} "Set up to use DLV with dlv.isc.org. Downloads the key during install. $\r$\n$\r$\nIt fetches additional public keys that are used for security verification by querying the isc.org server with names encountered."
|
||||
|
||||
!insertmacro MUI_FUNCTION_DESCRIPTION_BEGIN
|
||||
!insertmacro MUI_DESCRIPTION_TEXT ${SectionUnbound} $(DESC_unbound)
|
||||
!insertmacro MUI_DESCRIPTION_TEXT ${SectionRootKey} $(DESC_rootkey)
|
||||
!insertmacro MUI_DESCRIPTION_TEXT ${SectionDLV} $(DESC_dlv)
|
||||
!insertmacro MUI_FUNCTION_DESCRIPTION_END
|
||||
|
||||
# setup macros for uninstall functions.
|
||||
|
@ -214,7 +178,6 @@ section "un.Unbound"
|
|||
Delete "$INSTDIR\unbound-website.url"
|
||||
Delete "$INSTDIR\service.conf"
|
||||
Delete "$INSTDIR\example.conf"
|
||||
Delete "$INSTDIR\dlv.isc.org.key"
|
||||
Delete "$INSTDIR\root.key"
|
||||
RMDir "$INSTDIR"
|
||||
|
||||
|
|
Loading…
Reference in New Issue