mirror of
https://github.com/freebsd/freebsd-src
synced 2024-10-15 21:05:08 +00:00
unbound: Vendor import 1.17.1
Release notes at https://www.nlnetlabs.nl/news/2023/Jan/12/unbound-1.17.1-released/.
This commit is contained in:
parent
643f9a0581
commit
7699e1386a
|
@ -616,7 +616,7 @@ install-all: all $(PYTHONMOD_INSTALL) $(PYUNBOUND_INSTALL) $(UNBOUND_EVENT_INSTA
|
|||
$(INSTALL) -c -m 644 doc/unbound.conf.5 $(DESTDIR)$(mandir)/man5
|
||||
$(INSTALL) -c -m 644 doc/unbound-host.1 $(DESTDIR)$(mandir)/man1
|
||||
$(INSTALL) -c -m 755 unbound-control-setup $(DESTDIR)$(sbindir)/unbound-control-setup
|
||||
if test ! -e $(DESTDIR)$(configfile); then $(INSTALL) -d `dirname $(DESTDIR)$(configfile)`; $(INSTALL) -c -m 644 doc/example.conf $(DESTDIR)$(configfile); fi
|
||||
if test ! -e "$(DESTDIR)$(configfile)"; then $(INSTALL) -d `dirname "$(DESTDIR)$(configfile)"`; $(INSTALL) -c -m 644 doc/example.conf "$(DESTDIR)$(configfile)"; fi
|
||||
|
||||
pythonmod-uninstall:
|
||||
rm -f -- $(DESTDIR)$(PYTHON_SITE_PKG)/unboundmodule.py
|
||||
|
@ -645,7 +645,7 @@ uninstall: $(PYTHONMOD_UNINSTALL) $(PYUNBOUND_UNINSTALL) $(UNBOUND_EVENT_UNINSTA
|
|||
rm -f -- $(DESTDIR)$(includedir)/unbound.h
|
||||
$(LIBTOOL) --mode=uninstall rm -f $(DESTDIR)$(libdir)/libunbound.la
|
||||
@echo
|
||||
@echo "You still need to remove "`dirname $(DESTDIR)$(configfile)`" , $(DESTDIR)$(configfile) by hand"
|
||||
@echo "You still need to remove "`dirname "$(DESTDIR)$(configfile)"`" , $(DESTDIR)$(configfile) by hand"
|
||||
|
||||
iana_update:
|
||||
curl -o port-numbers.tmp https://www.iana.org/assignments/service-names-port-numbers/service-names-port-numbers.xml --compressed
|
||||
|
|
|
@ -4,6 +4,7 @@
|
|||
[![Packaging status](https://repology.org/badge/tiny-repos/unbound.svg)](https://repology.org/project/unbound/versions)
|
||||
[![Fuzzing Status](https://oss-fuzz-build-logs.storage.googleapis.com/badges/unbound.svg)](https://bugs.chromium.org/p/oss-fuzz/issues/list?sort=-opened&can=1&q=proj:unbound)
|
||||
[![Documentation Status](https://readthedocs.org/projects/unbound/badge/?version=latest)](https://unbound.readthedocs.io/en/latest/?badge=latest)
|
||||
[![Mastodon Follow](https://img.shields.io/mastodon/follow/109262826617293067?domain=https%3A%2F%2Ffosstodon.org&style=social)](https://fosstodon.org/@nlnetlabs)
|
||||
|
||||
Unbound is a validating, recursive, caching DNS resolver. It is designed to be
|
||||
fast and lean and incorporates modern features based on open standards. If you
|
||||
|
|
|
@ -390,6 +390,15 @@ prep_data(struct module_qstate* qstate, struct sldns_buffer* buf)
|
|||
|
||||
if(!qstate->return_msg || !qstate->return_msg->rep)
|
||||
return 0;
|
||||
/* do not store failures like SERVFAIL in the cachedb, this avoids
|
||||
* overwriting expired, valid, content with broken content. */
|
||||
if(FLAGS_GET_RCODE(qstate->return_msg->rep->flags) !=
|
||||
LDNS_RCODE_NOERROR &&
|
||||
FLAGS_GET_RCODE(qstate->return_msg->rep->flags) !=
|
||||
LDNS_RCODE_NXDOMAIN &&
|
||||
FLAGS_GET_RCODE(qstate->return_msg->rep->flags) !=
|
||||
LDNS_RCODE_YXDOMAIN)
|
||||
return 0;
|
||||
/* We don't store the reply if its TTL is 0 unless serve-expired is
|
||||
* enabled. Such a reply won't be reusable and simply be a waste for
|
||||
* the backend. It's also compatible with the default behavior of
|
||||
|
@ -542,10 +551,16 @@ parse_data(struct module_qstate* qstate, struct sldns_buffer* buf)
|
|||
verbose(VERB_ALGO, "cachedb msg expired");
|
||||
/* If serve-expired is enabled, we still use an expired message
|
||||
* setting the TTL to 0. */
|
||||
if(qstate->env->cfg->serve_expired)
|
||||
adjust = -1;
|
||||
else
|
||||
if(!qstate->env->cfg->serve_expired ||
|
||||
(FLAGS_GET_RCODE(qstate->return_msg->rep->flags)
|
||||
!= LDNS_RCODE_NOERROR &&
|
||||
FLAGS_GET_RCODE(qstate->return_msg->rep->flags)
|
||||
!= LDNS_RCODE_NXDOMAIN &&
|
||||
FLAGS_GET_RCODE(qstate->return_msg->rep->flags)
|
||||
!= LDNS_RCODE_YXDOMAIN))
|
||||
return 0; /* message expired */
|
||||
else
|
||||
adjust = -1;
|
||||
}
|
||||
verbose(VERB_ALGO, "cachedb msg adjusted down by %d", (int)adjust);
|
||||
adjust_msg_ttl(qstate->return_msg, adjust);
|
||||
|
|
25
configure
vendored
25
configure
vendored
|
@ -1,6 +1,6 @@
|
|||
#! /bin/sh
|
||||
# Guess values for system-dependent variables and create Makefiles.
|
||||
# Generated by GNU Autoconf 2.69 for unbound 1.17.0.
|
||||
# Generated by GNU Autoconf 2.69 for unbound 1.17.1.
|
||||
#
|
||||
# Report bugs to <unbound-bugs@nlnetlabs.nl or https://github.com/NLnetLabs/unbound/issues>.
|
||||
#
|
||||
|
@ -591,8 +591,8 @@ MAKEFLAGS=
|
|||
# Identity of this package.
|
||||
PACKAGE_NAME='unbound'
|
||||
PACKAGE_TARNAME='unbound'
|
||||
PACKAGE_VERSION='1.17.0'
|
||||
PACKAGE_STRING='unbound 1.17.0'
|
||||
PACKAGE_VERSION='1.17.1'
|
||||
PACKAGE_STRING='unbound 1.17.1'
|
||||
PACKAGE_BUGREPORT='unbound-bugs@nlnetlabs.nl or https://github.com/NLnetLabs/unbound/issues'
|
||||
PACKAGE_URL=''
|
||||
|
||||
|
@ -1477,7 +1477,7 @@ if test "$ac_init_help" = "long"; then
|
|||
# Omit some internal or obsolete options to make the list less imposing.
|
||||
# This message is too long to be a string in the A/UX 3.1 sh.
|
||||
cat <<_ACEOF
|
||||
\`configure' configures unbound 1.17.0 to adapt to many kinds of systems.
|
||||
\`configure' configures unbound 1.17.1 to adapt to many kinds of systems.
|
||||
|
||||
Usage: $0 [OPTION]... [VAR=VALUE]...
|
||||
|
||||
|
@ -1543,7 +1543,7 @@ fi
|
|||
|
||||
if test -n "$ac_init_help"; then
|
||||
case $ac_init_help in
|
||||
short | recursive ) echo "Configuration of unbound 1.17.0:";;
|
||||
short | recursive ) echo "Configuration of unbound 1.17.1:";;
|
||||
esac
|
||||
cat <<\_ACEOF
|
||||
|
||||
|
@ -1785,7 +1785,7 @@ fi
|
|||
test -n "$ac_init_help" && exit $ac_status
|
||||
if $ac_init_version; then
|
||||
cat <<\_ACEOF
|
||||
unbound configure 1.17.0
|
||||
unbound configure 1.17.1
|
||||
generated by GNU Autoconf 2.69
|
||||
|
||||
Copyright (C) 2012 Free Software Foundation, Inc.
|
||||
|
@ -2494,7 +2494,7 @@ cat >config.log <<_ACEOF
|
|||
This file contains any messages produced by compilers while
|
||||
running configure, to aid debugging if configure makes a mistake.
|
||||
|
||||
It was created by unbound $as_me 1.17.0, which was
|
||||
It was created by unbound $as_me 1.17.1, which was
|
||||
generated by GNU Autoconf 2.69. Invocation command line was
|
||||
|
||||
$ $0 $@
|
||||
|
@ -2846,11 +2846,11 @@ UNBOUND_VERSION_MAJOR=1
|
|||
|
||||
UNBOUND_VERSION_MINOR=17
|
||||
|
||||
UNBOUND_VERSION_MICRO=0
|
||||
UNBOUND_VERSION_MICRO=1
|
||||
|
||||
|
||||
LIBUNBOUND_CURRENT=9
|
||||
LIBUNBOUND_REVISION=20
|
||||
LIBUNBOUND_REVISION=21
|
||||
LIBUNBOUND_AGE=1
|
||||
# 1.0.0 had 0:12:0
|
||||
# 1.0.1 had 0:13:0
|
||||
|
@ -2938,6 +2938,7 @@ LIBUNBOUND_AGE=1
|
|||
# 1.16.2 had 9:18:1
|
||||
# 1.16.3 had 9:19:1
|
||||
# 1.17.0 had 9:20:1
|
||||
# 1.17.1 had 9:21:1
|
||||
|
||||
# Current -- the number of the binary API that we're implementing
|
||||
# Revision -- which iteration of the implementation of the binary
|
||||
|
@ -22085,7 +22086,7 @@ _ACEOF
|
|||
|
||||
|
||||
|
||||
version=1.17.0
|
||||
version=1.17.1
|
||||
|
||||
date=`date +'%b %e, %Y'`
|
||||
|
||||
|
@ -22604,7 +22605,7 @@ cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
|
|||
# report actual input values of CONFIG_FILES etc. instead of their
|
||||
# values after options handling.
|
||||
ac_log="
|
||||
This file was extended by unbound $as_me 1.17.0, which was
|
||||
This file was extended by unbound $as_me 1.17.1, which was
|
||||
generated by GNU Autoconf 2.69. Invocation command line was
|
||||
|
||||
CONFIG_FILES = $CONFIG_FILES
|
||||
|
@ -22670,7 +22671,7 @@ _ACEOF
|
|||
cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
|
||||
ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`"
|
||||
ac_cs_version="\\
|
||||
unbound config.status 1.17.0
|
||||
unbound config.status 1.17.1
|
||||
configured by $0, generated by GNU Autoconf 2.69,
|
||||
with options \\"\$ac_cs_config\\"
|
||||
|
||||
|
|
|
@ -11,14 +11,14 @@ sinclude(dnscrypt/dnscrypt.m4)
|
|||
# must be numbers. ac_defun because of later processing
|
||||
m4_define([VERSION_MAJOR],[1])
|
||||
m4_define([VERSION_MINOR],[17])
|
||||
m4_define([VERSION_MICRO],[0])
|
||||
m4_define([VERSION_MICRO],[1])
|
||||
AC_INIT([unbound],m4_defn([VERSION_MAJOR]).m4_defn([VERSION_MINOR]).m4_defn([VERSION_MICRO]),[unbound-bugs@nlnetlabs.nl or https://github.com/NLnetLabs/unbound/issues],[unbound])
|
||||
AC_SUBST(UNBOUND_VERSION_MAJOR, [VERSION_MAJOR])
|
||||
AC_SUBST(UNBOUND_VERSION_MINOR, [VERSION_MINOR])
|
||||
AC_SUBST(UNBOUND_VERSION_MICRO, [VERSION_MICRO])
|
||||
|
||||
LIBUNBOUND_CURRENT=9
|
||||
LIBUNBOUND_REVISION=20
|
||||
LIBUNBOUND_REVISION=21
|
||||
LIBUNBOUND_AGE=1
|
||||
# 1.0.0 had 0:12:0
|
||||
# 1.0.1 had 0:13:0
|
||||
|
@ -106,6 +106,7 @@ LIBUNBOUND_AGE=1
|
|||
# 1.16.2 had 9:18:1
|
||||
# 1.16.3 had 9:19:1
|
||||
# 1.17.0 had 9:20:1
|
||||
# 1.17.1 had 9:21:1
|
||||
|
||||
# Current -- the number of the binary API that we're implementing
|
||||
# Revision -- which iteration of the implementation of the binary
|
||||
|
|
|
@ -42,9 +42,8 @@
|
|||
[Unit]
|
||||
Description=Validating, recursive, and caching DNS resolver
|
||||
Documentation=man:unbound(8)
|
||||
After=network-online.target
|
||||
Before=nss-lookup.target
|
||||
Wants=network-online.target nss-lookup.target
|
||||
After=network.target
|
||||
Before=network-online.target nss-lookup.target
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
||||
|
|
|
@ -387,7 +387,7 @@ move_into_cache(struct ub_packed_rrset_key* k,
|
|||
struct rrset_ref ref;
|
||||
uint8_t* p;
|
||||
|
||||
ak = alloc_special_obtain(&worker->alloc);
|
||||
ak = alloc_special_obtain(worker->alloc);
|
||||
if(!ak) {
|
||||
log_warn("error out of memory");
|
||||
return 0;
|
||||
|
@ -398,7 +398,7 @@ move_into_cache(struct ub_packed_rrset_key* k,
|
|||
ak->rk.dname = (uint8_t*)memdup(k->rk.dname, k->rk.dname_len);
|
||||
if(!ak->rk.dname) {
|
||||
log_warn("error out of memory");
|
||||
ub_packed_rrset_parsedelete(ak, &worker->alloc);
|
||||
ub_packed_rrset_parsedelete(ak, worker->alloc);
|
||||
return 0;
|
||||
}
|
||||
s = sizeof(*ad) + (sizeof(size_t) + sizeof(uint8_t*) +
|
||||
|
@ -408,7 +408,7 @@ move_into_cache(struct ub_packed_rrset_key* k,
|
|||
ad = (struct packed_rrset_data*)malloc(s);
|
||||
if(!ad) {
|
||||
log_warn("error out of memory");
|
||||
ub_packed_rrset_parsedelete(ak, &worker->alloc);
|
||||
ub_packed_rrset_parsedelete(ak, worker->alloc);
|
||||
return 0;
|
||||
}
|
||||
p = (uint8_t*)ad;
|
||||
|
@ -431,7 +431,8 @@ move_into_cache(struct ub_packed_rrset_key* k,
|
|||
ref.key = ak;
|
||||
ref.id = ak->id;
|
||||
(void)rrset_cache_update(worker->env.rrset_cache, &ref,
|
||||
&worker->alloc, *worker->env.now);
|
||||
worker->alloc, *worker->env.now);
|
||||
|
||||
return 1;
|
||||
}
|
||||
|
||||
|
|
|
@ -488,6 +488,27 @@ static int daemon_get_shufport(struct daemon* daemon, int* shufport)
|
|||
return avail;
|
||||
}
|
||||
|
||||
/**
|
||||
* Clear and delete per-worker alloc caches, and free memory maintained in
|
||||
* superalloc.
|
||||
* The rrset and message caches must be empty at the time of call.
|
||||
* @param daemon: the daemon that maintains the alloc caches to be cleared.
|
||||
*/
|
||||
static void
|
||||
daemon_clear_allocs(struct daemon* daemon)
|
||||
{
|
||||
int i;
|
||||
|
||||
for(i=0; i<daemon->num; i++) {
|
||||
alloc_clear(daemon->worker_allocs[i]);
|
||||
free(daemon->worker_allocs[i]);
|
||||
}
|
||||
free(daemon->worker_allocs);
|
||||
daemon->worker_allocs = NULL;
|
||||
|
||||
alloc_clear_special(&daemon->superalloc);
|
||||
}
|
||||
|
||||
/**
|
||||
* Allocate empty worker structures. With backptr and thread-number,
|
||||
* from 0..numthread initialised. Used as user arguments to new threads.
|
||||
|
@ -540,6 +561,21 @@ daemon_create_workers(struct daemon* daemon)
|
|||
/* the above is not ports/numthr, due to rounding */
|
||||
fatal_exit("could not create worker");
|
||||
}
|
||||
/* create per-worker alloc caches if not reusing existing ones. */
|
||||
if(!daemon->worker_allocs) {
|
||||
daemon->worker_allocs = (struct alloc_cache**)calloc(
|
||||
(size_t)daemon->num, sizeof(struct alloc_cache*));
|
||||
if(!daemon->worker_allocs)
|
||||
fatal_exit("could not allocate worker allocs");
|
||||
for(i=0; i<daemon->num; i++) {
|
||||
struct alloc_cache* alloc = calloc(1,
|
||||
sizeof(struct alloc_cache));
|
||||
if (!alloc)
|
||||
fatal_exit("could not allocate worker alloc");
|
||||
alloc_init(alloc, &daemon->superalloc, i);
|
||||
daemon->worker_allocs[i] = alloc;
|
||||
}
|
||||
}
|
||||
free(shufport);
|
||||
}
|
||||
|
||||
|
@ -771,6 +807,7 @@ daemon_fork(struct daemon* daemon)
|
|||
/* Shutdown SHM */
|
||||
shm_main_shutdown(daemon);
|
||||
|
||||
daemon->reuse_cache = daemon->workers[0]->reuse_cache;
|
||||
daemon->need_to_exit = daemon->workers[0]->need_to_exit;
|
||||
}
|
||||
|
||||
|
@ -785,9 +822,16 @@ daemon_cleanup(struct daemon* daemon)
|
|||
log_thread_set(NULL);
|
||||
/* clean up caches because
|
||||
* a) RRset IDs will be recycled after a reload, causing collisions
|
||||
* b) validation config can change, thus rrset, msg, keycache clear */
|
||||
slabhash_clear(&daemon->env->rrset_cache->table);
|
||||
slabhash_clear(daemon->env->msg_cache);
|
||||
* b) validation config can change, thus rrset, msg, keycache clear
|
||||
*
|
||||
* If we are trying to keep the cache as long as possible, we should
|
||||
* defer the cleanup until we know whether the new configuration allows
|
||||
* the reuse. (If we're exiting, cleanup should be done here). */
|
||||
if(!daemon->reuse_cache || daemon->need_to_exit) {
|
||||
slabhash_clear(&daemon->env->rrset_cache->table);
|
||||
slabhash_clear(daemon->env->msg_cache);
|
||||
}
|
||||
daemon->old_num = daemon->num; /* save the current num */
|
||||
local_zones_delete(daemon->local_zones);
|
||||
daemon->local_zones = NULL;
|
||||
respip_set_delete(daemon->respip_set);
|
||||
|
@ -802,8 +846,13 @@ daemon_cleanup(struct daemon* daemon)
|
|||
worker_delete(daemon->workers[i]);
|
||||
free(daemon->workers);
|
||||
daemon->workers = NULL;
|
||||
/* Unless we're trying to keep the cache, worker alloc_caches should be
|
||||
* cleared and freed here. We do this after deleting workers to
|
||||
* guarantee that the alloc caches are valid throughout the lifetime
|
||||
* of workers. */
|
||||
if(!daemon->reuse_cache || daemon->need_to_exit)
|
||||
daemon_clear_allocs(daemon);
|
||||
daemon->num = 0;
|
||||
alloc_clear_special(&daemon->superalloc);
|
||||
#ifdef USE_DNSTAP
|
||||
dt_delete(daemon->dtenv);
|
||||
daemon->dtenv = NULL;
|
||||
|
@ -900,8 +949,42 @@ daemon_delete(struct daemon* daemon)
|
|||
|
||||
void daemon_apply_cfg(struct daemon* daemon, struct config_file* cfg)
|
||||
{
|
||||
int new_num = cfg->num_threads?cfg->num_threads:1;
|
||||
|
||||
daemon->cfg = cfg;
|
||||
config_apply(cfg);
|
||||
|
||||
/* If this is a reload and we deferred the decision on whether to
|
||||
* reuse the alloc, RRset, and message caches, then check to see if
|
||||
* it's safe to keep the caches:
|
||||
* - changing the number of threads is obviously incompatible with
|
||||
* keeping the per-thread alloc caches. It also means we have to
|
||||
* clear RRset and message caches. (note that 'new_num' may be
|
||||
* adjusted in daemon_create_workers, but for our purpose we can
|
||||
* simply compare it with 'old_num'; if they are equal here,
|
||||
* 'new_num' won't be adjusted to a different value than 'old_num').
|
||||
* - changing RRset cache size effectively clears any remaining cache
|
||||
* entries. We could keep their keys in alloc caches, but it would
|
||||
* be more consistent with the sense of the change to clear allocs
|
||||
* and free memory. To do so we also have to clear message cache.
|
||||
* - only changing message cache size does not necessarily affect
|
||||
* RRset or alloc cache. But almost all new subsequent queries will
|
||||
* require recursive resolution anyway, so it doesn't help much to
|
||||
* just keep RRset and alloc caches. For simplicity we clear/free
|
||||
* the other two, too. */
|
||||
if(daemon->worker_allocs &&
|
||||
(new_num != daemon->old_num ||
|
||||
!slabhash_is_size(daemon->env->msg_cache, cfg->msg_cache_size,
|
||||
cfg->msg_cache_slabs) ||
|
||||
!slabhash_is_size(&daemon->env->rrset_cache->table,
|
||||
cfg->rrset_cache_size, cfg->rrset_cache_slabs)))
|
||||
{
|
||||
log_warn("cannot reuse caches due to critical config change");
|
||||
slabhash_clear(&daemon->env->rrset_cache->table);
|
||||
slabhash_clear(daemon->env->msg_cache);
|
||||
daemon_clear_allocs(daemon);
|
||||
}
|
||||
|
||||
if(!slabhash_is_size(daemon->env->msg_cache, cfg->msg_cache_size,
|
||||
cfg->msg_cache_slabs)) {
|
||||
slabhash_delete(daemon->env->msg_cache);
|
||||
|
|
|
@ -99,8 +99,12 @@ struct daemon {
|
|||
void* listen_sslctx, *connect_sslctx;
|
||||
/** num threads allocated */
|
||||
int num;
|
||||
/** num threads allocated in the previous config or 0 at first */
|
||||
int old_num;
|
||||
/** the worker entries */
|
||||
struct worker** workers;
|
||||
/** per-worker allocation cache */
|
||||
struct alloc_cache **worker_allocs;
|
||||
/** do we need to exit unbound (or is it only a reload?) */
|
||||
int need_to_exit;
|
||||
/** master random table ; used for port div between threads on reload*/
|
||||
|
@ -140,6 +144,8 @@ struct daemon {
|
|||
/** the dnscrypt environment */
|
||||
struct dnsc_env* dnscenv;
|
||||
#endif
|
||||
/** reuse existing cache on reload if other conditions allow it. */
|
||||
int reuse_cache;
|
||||
};
|
||||
|
||||
/**
|
||||
|
|
|
@ -105,8 +105,6 @@
|
|||
|
||||
/** what to put on statistics lines between var and value, ": " or "=" */
|
||||
#define SQ "="
|
||||
/** if true, inhibits a lot of =0 lines from the stats output */
|
||||
static const int inhibit_zero = 1;
|
||||
|
||||
/** subtract timers and the values do not overflow or become negative */
|
||||
static void
|
||||
|
@ -684,8 +682,9 @@ do_stop(RES* ssl, struct worker* worker)
|
|||
|
||||
/** do the reload command */
|
||||
static void
|
||||
do_reload(RES* ssl, struct worker* worker)
|
||||
do_reload(RES* ssl, struct worker* worker, int reuse_cache)
|
||||
{
|
||||
worker->reuse_cache = reuse_cache;
|
||||
worker->need_to_exit = 0;
|
||||
comm_base_exit(worker->base);
|
||||
send_ok(ssl);
|
||||
|
@ -920,7 +919,7 @@ print_hist(RES* ssl, struct ub_stats_info* s)
|
|||
|
||||
/** print extended stats */
|
||||
static int
|
||||
print_ext(RES* ssl, struct ub_stats_info* s)
|
||||
print_ext(RES* ssl, struct ub_stats_info* s, int inhibit_zero)
|
||||
{
|
||||
int i;
|
||||
char nm[32];
|
||||
|
@ -1129,7 +1128,7 @@ do_stats(RES* ssl, struct worker* worker, int reset)
|
|||
return;
|
||||
if(!print_hist(ssl, &total))
|
||||
return;
|
||||
if(!print_ext(ssl, &total))
|
||||
if(!print_ext(ssl, &total, daemon->cfg->stat_inhibit_zero))
|
||||
return;
|
||||
}
|
||||
}
|
||||
|
@ -1963,6 +1962,8 @@ do_flush_name(RES* ssl, struct worker* w, char* arg)
|
|||
do_cache_remove(w, nm, nmlen, LDNS_RR_TYPE_PTR, LDNS_RR_CLASS_IN);
|
||||
do_cache_remove(w, nm, nmlen, LDNS_RR_TYPE_SRV, LDNS_RR_CLASS_IN);
|
||||
do_cache_remove(w, nm, nmlen, LDNS_RR_TYPE_NAPTR, LDNS_RR_CLASS_IN);
|
||||
do_cache_remove(w, nm, nmlen, LDNS_RR_TYPE_SVCB, LDNS_RR_CLASS_IN);
|
||||
do_cache_remove(w, nm, nmlen, LDNS_RR_TYPE_HTTPS, LDNS_RR_CLASS_IN);
|
||||
|
||||
free(nm);
|
||||
send_ok(ssl);
|
||||
|
@ -3029,8 +3030,11 @@ execute_cmd(struct daemon_remote* rc, RES* ssl, char* cmd,
|
|||
if(cmdcmp(p, "stop", 4)) {
|
||||
do_stop(ssl, worker);
|
||||
return;
|
||||
} else if(cmdcmp(p, "reload_keep_cache", 17)) {
|
||||
do_reload(ssl, worker, 1);
|
||||
return;
|
||||
} else if(cmdcmp(p, "reload", 6)) {
|
||||
do_reload(ssl, worker);
|
||||
do_reload(ssl, worker, 0);
|
||||
return;
|
||||
} else if(cmdcmp(p, "stats_noreset", 13)) {
|
||||
do_stats(ssl, worker, 0);
|
||||
|
|
|
@ -133,7 +133,7 @@ worker_mem_report(struct worker* ATTR_UNUSED(worker),
|
|||
rrset = slabhash_get_mem(&worker->env.rrset_cache->table);
|
||||
infra = infra_get_mem(worker->env.infra_cache);
|
||||
mesh = mesh_get_mem(worker->env.mesh);
|
||||
ac = alloc_get_mem(&worker->alloc);
|
||||
ac = alloc_get_mem(worker->alloc);
|
||||
superac = alloc_get_mem(&worker->daemon->superalloc);
|
||||
anch = anchors_get_mem(worker->env.anchors);
|
||||
iter = 0;
|
||||
|
@ -623,6 +623,14 @@ answer_from_cache(struct worker* worker, struct query_info* qinfo,
|
|||
if(worker->env.cfg->serve_expired_ttl &&
|
||||
rep->serve_expired_ttl < timenow)
|
||||
return 0;
|
||||
/* Ignore expired failure answers */
|
||||
if(FLAGS_GET_RCODE(rep->flags) !=
|
||||
LDNS_RCODE_NOERROR &&
|
||||
FLAGS_GET_RCODE(rep->flags) !=
|
||||
LDNS_RCODE_NXDOMAIN &&
|
||||
FLAGS_GET_RCODE(rep->flags) !=
|
||||
LDNS_RCODE_YXDOMAIN)
|
||||
return 0;
|
||||
if(!rrset_array_lock(rep->ref, rep->rrset_count, 0))
|
||||
return 0;
|
||||
*is_expired_answer = 1;
|
||||
|
@ -730,8 +738,6 @@ answer_from_cache(struct worker* worker, struct query_info* qinfo,
|
|||
goto bail_out;
|
||||
}
|
||||
} else {
|
||||
/* We don't check the global ede as this is a warning, not
|
||||
* an error */
|
||||
if (*is_expired_answer == 1 &&
|
||||
worker->env.cfg->ede_serve_expired && worker->env.cfg->ede) {
|
||||
EDNS_OPT_LIST_APPEND_EDE(&edns->opt_list_out,
|
||||
|
@ -2059,15 +2065,14 @@ worker_init(struct worker* worker, struct config_file *cfg,
|
|||
}
|
||||
|
||||
server_stats_init(&worker->stats, cfg);
|
||||
alloc_init(&worker->alloc, &worker->daemon->superalloc,
|
||||
worker->thread_num);
|
||||
alloc_set_id_cleanup(&worker->alloc, &worker_alloc_cleanup, worker);
|
||||
worker->alloc = worker->daemon->worker_allocs[worker->thread_num];
|
||||
alloc_set_id_cleanup(worker->alloc, &worker_alloc_cleanup, worker);
|
||||
worker->env = *worker->daemon->env;
|
||||
comm_base_timept(worker->base, &worker->env.now, &worker->env.now_tv);
|
||||
worker->env.worker = worker;
|
||||
worker->env.worker_base = worker->base;
|
||||
worker->env.send_query = &worker_send_query;
|
||||
worker->env.alloc = &worker->alloc;
|
||||
worker->env.alloc = worker->alloc;
|
||||
worker->env.outnet = worker->back;
|
||||
worker->env.rnd = worker->rndstate;
|
||||
/* If case prefetch is triggered, the corresponding mesh will clear
|
||||
|
@ -2211,7 +2216,7 @@ worker_delete(struct worker* worker)
|
|||
#endif /* USE_DNSTAP */
|
||||
comm_base_delete(worker->base);
|
||||
ub_randfree(worker->rndstate);
|
||||
alloc_clear(&worker->alloc);
|
||||
/* don't touch worker->alloc, as it's maintained in daemon */
|
||||
regional_destroy(worker->env.scratch);
|
||||
regional_destroy(worker->scratchpad);
|
||||
free(worker);
|
||||
|
|
|
@ -118,7 +118,7 @@ struct worker {
|
|||
/** do we need to restart or quit (on signal) */
|
||||
int need_to_exit;
|
||||
/** allocation cache for this thread */
|
||||
struct alloc_cache alloc;
|
||||
struct alloc_cache *alloc;
|
||||
/** per thread statistics */
|
||||
struct ub_server_stats stats;
|
||||
/** thread scratch regional */
|
||||
|
@ -131,6 +131,8 @@ struct worker {
|
|||
/** dnstap environment, changed for this thread */
|
||||
struct dt_env dtenv;
|
||||
#endif
|
||||
/** reuse existing cache on reload if other conditions allow it. */
|
||||
int reuse_cache;
|
||||
};
|
||||
|
||||
/**
|
||||
|
|
|
@ -1,7 +1,93 @@
|
|||
5 January 2023: Wouter
|
||||
- Tag for 1.17.1 release.
|
||||
|
||||
2 January 2023: Wouter
|
||||
- Fix windows compile for libunbound subprocess reap comm point closes.
|
||||
- Update github workflows to use checkout v3.
|
||||
|
||||
14 December 2022: George
|
||||
- Merge #569 from JINMEI Tatuya: add keep-cache option to
|
||||
'unbound-control reload' to keep caches.
|
||||
|
||||
13 December 2022: George
|
||||
- Expose 'statistics-inhibit-zero' as a configuration option; the
|
||||
default value retains Unbound's behavior.
|
||||
- Expose 'max-sent-count' as a configuration option; the
|
||||
default value retains Unbound's behavior.
|
||||
- Merge #461 from Christian Allred: Add max-query-restarts option.
|
||||
Exposes an internal configuration but the default value retains
|
||||
Unbound's behavior.
|
||||
|
||||
13 December 2022: Wouter
|
||||
- Merge #808: Wrap Makefile script's directory variables in quotes.
|
||||
- Fix to wrap Makefile scripts directory in quotes for uninstall.
|
||||
|
||||
1 December 2022: Wouter
|
||||
- Fix #773: When used with systemd-networkd, unbound does not start
|
||||
until systemd-networkd-wait-online.service times out.
|
||||
|
||||
30 November 2022: George
|
||||
- Add SVCB and HTTPS to the types removed by 'unbound-control flush'.
|
||||
- Clear documentation for interactivity between the subnet module and
|
||||
the serve-expired and prefetch configuration options.
|
||||
|
||||
30 November 2022: Wouter
|
||||
- Fix #782: Segmentation fault in stats.c:404.
|
||||
|
||||
28 November 2022: Wouter
|
||||
- Fix for the ignore of tcp events for closed comm points, preserve
|
||||
the use after free protection features.
|
||||
|
||||
23 November 2022: Philip
|
||||
- Merge #720 from jonathangray: fix use after free when
|
||||
WSACreateEvent() fails.
|
||||
|
||||
22 November 2022: George
|
||||
- Ignore expired error responses.
|
||||
|
||||
11 November 2022: Wouter
|
||||
- Fix #779: [doc] Missing documention in ub_resolve_event() for
|
||||
callback parameter was_ratelimited.
|
||||
|
||||
9 November 2022: George
|
||||
- Complementary fix for distutils.sysconfig deprecation in Python 3.10
|
||||
to commit 62c5039ab9da42713e006e840b7578e01d66e7f2.
|
||||
|
||||
8 November 2022: Wouter
|
||||
- Fix to ignore tcp events for closed comm points.
|
||||
- Fix to make sure to not read again after a tcp comm point is closed.
|
||||
- Fix #775: libunbound: subprocess reap causes parent process reap
|
||||
to hang.
|
||||
- iana portlist update.
|
||||
|
||||
21 October 2022: George
|
||||
- Merge #767 from jonathangray: consistently use IPv4/IPv6 in
|
||||
unbound.conf.5.
|
||||
|
||||
21 October 2022: Wouter
|
||||
- Fix that cachedb does not store failures in the external cache.
|
||||
|
||||
18 October 2022: George
|
||||
- Clarify the use of MAX_SENT_COUNT in the iterator code.
|
||||
|
||||
17 October 2022: Wouter
|
||||
- testcode/dohclient sets log identity to its name.
|
||||
|
||||
14 October 2022: Wouter
|
||||
- Merge #768 from fobser: Arithmetic on a pointer to void is a GNU
|
||||
extension.
|
||||
- In unit test, print python script name list correctly.
|
||||
|
||||
13 October 2022: Wouter
|
||||
- Tag for 1.17.0 release. The code repository continues with 1.17.1.
|
||||
|
||||
11 October 2022: George
|
||||
- Fix PROXYv2 header read for TCP connections when no proxied addresses
|
||||
are provided.
|
||||
|
||||
7 October 2022: Wouter
|
||||
- Tag for 1.17.0rc1 release.
|
||||
|
||||
7 October 2022: George
|
||||
- Fix to stop possible loops in the tcp reuse code (write_wait list
|
||||
and tcp_wait list). Based on analysis and patch from Prad Seniappan
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
README for Unbound 1.17.0
|
||||
README for Unbound 1.17.1
|
||||
Copyright 2007 NLnet Labs
|
||||
http://unbound.net
|
||||
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
#
|
||||
# Example configuration file.
|
||||
#
|
||||
# See unbound.conf(5) man page, version 1.17.0.
|
||||
# See unbound.conf(5) man page, version 1.17.1.
|
||||
#
|
||||
# this is a comment.
|
||||
|
||||
|
@ -35,9 +35,14 @@ server:
|
|||
# statistics-cumulative: no
|
||||
|
||||
# enable extended statistics (query types, answer codes, status)
|
||||
# printed from unbound-control. default off, because of speed.
|
||||
# printed from unbound-control. Default off, because of speed.
|
||||
# extended-statistics: no
|
||||
|
||||
# Inhibits selected extended statistics (qtype, qclass, qopcode, rcode,
|
||||
# rpz-actions) from printing if their value is 0.
|
||||
# Default on.
|
||||
# statistics-inhibit-zero: yes
|
||||
|
||||
# number of threads to create. 1 disables threading.
|
||||
# num-threads: 1
|
||||
|
||||
|
@ -173,6 +178,15 @@ server:
|
|||
# a throwaway response (also timeouts) is received.
|
||||
# outbound-msg-retry: 5
|
||||
|
||||
# Hard limit on the number of outgoing queries Unbound will make while
|
||||
# resolving a name, making sure large NS sets do not loop.
|
||||
# It resets on query restarts (e.g., CNAME) and referrals.
|
||||
# max-sent-count: 32
|
||||
|
||||
# Hard limit on the number of times Unbound is allowed to restart a
|
||||
# query upon encountering a CNAME record.
|
||||
# max-query-restarts: 11
|
||||
|
||||
# msec for waiting for an unknown server to reply. Increase if you
|
||||
# are behind a slow satellite link, to eg. 1128.
|
||||
# unknown-server-time-limit: 376
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
.TH "libunbound" "3" "Oct 13, 2022" "NLnet Labs" "unbound 1.17.0"
|
||||
.TH "libunbound" "3" "Jan 12, 2023" "NLnet Labs" "unbound 1.17.1"
|
||||
.\"
|
||||
.\" libunbound.3 -- unbound library functions manual
|
||||
.\"
|
||||
|
@ -44,7 +44,7 @@
|
|||
.B ub_ctx_zone_remove,
|
||||
.B ub_ctx_data_add,
|
||||
.B ub_ctx_data_remove
|
||||
\- Unbound DNS validating resolver 1.17.0 functions.
|
||||
\- Unbound DNS validating resolver 1.17.1 functions.
|
||||
.SH "SYNOPSIS"
|
||||
.B #include <unbound.h>
|
||||
.LP
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
.TH "unbound-anchor" "8" "Oct 13, 2022" "NLnet Labs" "unbound 1.17.0"
|
||||
.TH "unbound-anchor" "8" "Jan 12, 2023" "NLnet Labs" "unbound 1.17.1"
|
||||
.\"
|
||||
.\" unbound-anchor.8 -- unbound anchor maintenance utility manual
|
||||
.\"
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
.TH "unbound-checkconf" "8" "Oct 13, 2022" "NLnet Labs" "unbound 1.17.0"
|
||||
.TH "unbound-checkconf" "8" "Jan 12, 2023" "NLnet Labs" "unbound 1.17.1"
|
||||
.\"
|
||||
.\" unbound-checkconf.8 -- unbound configuration checker manual
|
||||
.\"
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
.TH "unbound-control" "8" "Oct 13, 2022" "NLnet Labs" "unbound 1.17.0"
|
||||
.TH "unbound-control" "8" "Jan 12, 2023" "NLnet Labs" "unbound 1.17.1"
|
||||
.\"
|
||||
.\" unbound-control.8 -- unbound remote control manual
|
||||
.\"
|
||||
|
@ -54,6 +54,12 @@ Stop the server. The server daemon exits.
|
|||
.B reload
|
||||
Reload the server. This flushes the cache and reads the config file fresh.
|
||||
.TP
|
||||
.B reload_keep_cache
|
||||
Reload the server but try to keep the RRset and message cache if
|
||||
(re)configuration allows for it.
|
||||
That means the caches sizes and the number of threads must not change between
|
||||
reloads.
|
||||
.TP
|
||||
.B verbosity \fInumber
|
||||
Change verbosity value for logging. Same values as \fBverbosity\fR keyword in
|
||||
\fIunbound.conf\fR(5). This new setting lasts until the server is issued
|
||||
|
@ -130,7 +136,7 @@ name specified.
|
|||
.TP
|
||||
.B flush \fIname
|
||||
Remove the name from the cache. Removes the types
|
||||
A, AAAA, NS, SOA, CNAME, DNAME, MX, PTR, SRV and NAPTR.
|
||||
A, AAAA, NS, SOA, CNAME, DNAME, MX, PTR, SRV, NAPTR, SVCB and HTTPS.
|
||||
Because that is fast to do. Other record types can be removed using
|
||||
.B flush_type
|
||||
or
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
.TH "unbound\-host" "1" "Oct 13, 2022" "NLnet Labs" "unbound 1.17.0"
|
||||
.TH "unbound\-host" "1" "Jan 12, 2023" "NLnet Labs" "unbound 1.17.1"
|
||||
.\"
|
||||
.\" unbound-host.1 -- unbound DNS lookup utility
|
||||
.\"
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
.TH "unbound" "8" "Oct 13, 2022" "NLnet Labs" "unbound 1.17.0"
|
||||
.TH "unbound" "8" "Jan 12, 2023" "NLnet Labs" "unbound 1.17.1"
|
||||
.\"
|
||||
.\" unbound.8 -- unbound manual
|
||||
.\"
|
||||
|
@ -9,7 +9,7 @@
|
|||
.\"
|
||||
.SH "NAME"
|
||||
.B unbound
|
||||
\- Unbound DNS validating resolver 1.17.0.
|
||||
\- Unbound DNS validating resolver 1.17.1.
|
||||
.SH "SYNOPSIS"
|
||||
.B unbound
|
||||
.RB [ \-h ]
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
.TH "unbound.conf" "5" "Oct 13, 2022" "NLnet Labs" "unbound 1.17.0"
|
||||
.TH "unbound.conf" "5" "Jan 12, 2023" "NLnet Labs" "unbound 1.17.1"
|
||||
.\"
|
||||
.\" unbound.conf.5 -- unbound.conf manual
|
||||
.\"
|
||||
|
@ -112,6 +112,14 @@ If enabled, extended statistics are printed from \fIunbound\-control\fR(8).
|
|||
Default is off, because keeping track of more statistics takes time. The
|
||||
counters are listed in \fIunbound\-control\fR(8).
|
||||
.TP
|
||||
.B statistics\-inhibit\-zero: \fI<yes or no>
|
||||
If enabled, selected extended statistics with a value of 0 are inhibited from
|
||||
printing with \fIunbound\-control\fR(8).
|
||||
These are query types, query classes, query opcodes, answer rcodes
|
||||
(except NOERROR, FORMERR, SERVFAIL, NXDOMAIN, NOTIMPL, REFUSED) and
|
||||
RPZ actions.
|
||||
Default is on.
|
||||
.TP
|
||||
.B num\-threads: \fI<number>
|
||||
The number of threads to create to serve clients. Use 1 for no threading.
|
||||
.TP
|
||||
|
@ -349,7 +357,7 @@ ip\-transparent option is also available.
|
|||
The value of the Differentiated Services Codepoint (DSCP) in the
|
||||
differentiated services field (DS) of the outgoing IP packet headers.
|
||||
The field replaces the outdated IPv4 Type-Of-Service field and the
|
||||
IPV6 traffic class field.
|
||||
IPv6 traffic class field.
|
||||
.TP
|
||||
.B rrset\-cache\-size: \fI<number>
|
||||
Number of bytes size of the RRset cache. Default is 4 megabytes.
|
||||
|
@ -416,7 +424,7 @@ Enable or disable whether ip4 queries are answered or issued. Default is yes.
|
|||
Enable or disable whether ip6 queries are answered or issued. Default is yes.
|
||||
If disabled, queries are not answered on IPv6, and queries are not sent on
|
||||
IPv6 to the internet nameservers. With this option you can disable the
|
||||
ipv6 transport for sending DNS traffic, it does not impact the contents of
|
||||
IPv6 transport for sending DNS traffic, it does not impact the contents of
|
||||
the DNS traffic, which may have ip4 and ip6 addresses in it.
|
||||
.TP
|
||||
.B prefer\-ip4: \fI<yes or no>
|
||||
|
@ -1671,7 +1679,7 @@ This specifies the action data for \fIresponse-ip\fR with action being
|
|||
to redirect as specified by "\fIresource record string\fR". "Resource
|
||||
record string" is similar to that of \fIaccess-control-tag-action\fR,
|
||||
but it must be of either AAAA, A or CNAME types.
|
||||
If the IP-netblock is an IPv6/IPV4 prefix, the record
|
||||
If the IP-netblock is an IPv6/IPv4 prefix, the record
|
||||
must be AAAA/A respectively, unless it is a CNAME (which can be used
|
||||
for both versions of IP netblocks). If it is CNAME there must not be
|
||||
more than one \fIresponse-ip-data\fR for the same IP-netblock.
|
||||
|
@ -1820,6 +1828,21 @@ If a forward/stub zone is used, this is the number of retries per nameserver in
|
|||
the zone.
|
||||
Default is 5.
|
||||
.TP 5
|
||||
.B max\-sent\-count: \fI<number>
|
||||
Hard limit on the number of outgoing queries Unbound will make while resolving
|
||||
a name, making sure large NS sets do not loop.
|
||||
Results in SERVFAIL when reached.
|
||||
It resets on query restarts (e.g., CNAME) and referrals.
|
||||
Default is 32.
|
||||
.TP 5
|
||||
.B max\-query\-restarts: \fI<number>
|
||||
Hard limit on the number of times Unbound is allowed to restart a query upon
|
||||
encountering a CNAME record.
|
||||
Results in SERVFAIL when reached.
|
||||
Changing this value needs caution as it can allow long CNAME chains to be
|
||||
accepted, where Unbound needs to verify (resolve) each link individually.
|
||||
Default is 11.
|
||||
.TP 5
|
||||
.B fast\-server\-permil: \fI<number>
|
||||
Specify how many times out of 1000 to pick from the set of fastest servers.
|
||||
0 turns the feature off. A value of 900 would pick from the fastest
|
||||
|
@ -1853,7 +1876,7 @@ errors. Default is "no".
|
|||
When the \fBval-log-level\fR option is also set to \fB2\fR, responses with
|
||||
Extended DNS Errors concerning DNSSEC failures that are not served from cache,
|
||||
will also contain a descriptive text message about the reason for the failure.
|
||||
.TP
|
||||
.TP 5
|
||||
.B ede\-serve\-expired: \fI<yes or no>
|
||||
If enabled, Unbound will attach an Extended DNS Error (RFC8914) Code 3 - Stale
|
||||
Answer as EDNS0 option to the expired response. Note that this will not attach
|
||||
|
@ -2358,6 +2381,9 @@ The maximum size of the ECS cache is controlled by 'msg-cache-size' in the
|
|||
configuration file. On top of that, for each query only 100 different subnets
|
||||
are allowed to be stored for each address family. Exceeding that number, older
|
||||
entries will be purged from cache.
|
||||
.LP
|
||||
This module does not interact with the \fBserve\-expired*\fR and
|
||||
\fBprefetch:\fR options.
|
||||
.TP
|
||||
.B send\-client\-subnet: \fI<IP address>\fR
|
||||
Send client source address to this authority. Append /num to indicate a
|
||||
|
|
|
@ -204,6 +204,17 @@ subnetmod_init(struct module_env *env, int id)
|
|||
}
|
||||
alloc_init(&sn_env->alloc, NULL, 0);
|
||||
env->modinfo[id] = (void*)sn_env;
|
||||
|
||||
/* Warn that serve-expired and prefetch do not work with the subnet
|
||||
* module cache. */
|
||||
if(env->cfg->serve_expired)
|
||||
log_warn(
|
||||
"subnetcache: serve-expired is set but not working "
|
||||
"for data originating from the subnet module cache.");
|
||||
if(env->cfg->prefetch)
|
||||
log_warn(
|
||||
"subnetcache: prefetch is set but not working "
|
||||
"for data originating from the subnet module cache.");
|
||||
/* Copy msg_cache settings */
|
||||
sn_env->subnet_msg_cache = slabhash_create(env->cfg->msg_cache_slabs,
|
||||
HASH_DEFAULT_STARTARRAY, env->cfg->msg_cache_size,
|
||||
|
|
|
@ -175,6 +175,8 @@ iter_apply_cfg(struct iter_env* iter_env, struct config_file* cfg)
|
|||
iter_env->supports_ipv6 = cfg->do_ip6;
|
||||
iter_env->supports_ipv4 = cfg->do_ip4;
|
||||
iter_env->outbound_msg_retry = cfg->outbound_msg_retry;
|
||||
iter_env->max_sent_count = cfg->max_sent_count;
|
||||
iter_env->max_query_restarts = cfg->max_query_restarts;
|
||||
return 1;
|
||||
}
|
||||
|
||||
|
|
|
@ -1314,7 +1314,7 @@ processInitRequest(struct module_qstate* qstate, struct iter_qstate* iq,
|
|||
|
||||
/* We enforce a maximum number of query restarts. This is primarily a
|
||||
* cheap way to prevent CNAME loops. */
|
||||
if(iq->query_restart_count > MAX_RESTART_COUNT) {
|
||||
if(iq->query_restart_count > ie->max_query_restarts) {
|
||||
verbose(VERB_QUERY, "request has exceeded the maximum number"
|
||||
" of query restarts with %d", iq->query_restart_count);
|
||||
errinf(qstate, "request has exceeded the maximum number "
|
||||
|
@ -2276,14 +2276,13 @@ processQueryTargets(struct module_qstate* qstate, struct iter_qstate* iq,
|
|||
iq->num_current_queries, iq->sent_count);
|
||||
|
||||
/* Make sure that we haven't run away */
|
||||
/* FIXME: is this check even necessary? */
|
||||
if(iq->referral_count > MAX_REFERRAL_COUNT) {
|
||||
verbose(VERB_QUERY, "request has exceeded the maximum "
|
||||
"number of referrrals with %d", iq->referral_count);
|
||||
errinf(qstate, "exceeded the maximum of referrals");
|
||||
return error_response(qstate, id, LDNS_RCODE_SERVFAIL);
|
||||
}
|
||||
if(iq->sent_count > MAX_SENT_COUNT) {
|
||||
if(iq->sent_count > ie->max_sent_count) {
|
||||
verbose(VERB_QUERY, "request has exceeded the maximum "
|
||||
"number of sends with %d", iq->sent_count);
|
||||
errinf(qstate, "exceeded the maximum number of sends");
|
||||
|
@ -2630,7 +2629,7 @@ processQueryTargets(struct module_qstate* qstate, struct iter_qstate* iq,
|
|||
* the original query is one that matched too, so we have
|
||||
* caps_server+1 number of matching queries now */
|
||||
if(iq->caps_server+1 >= naddr*3 ||
|
||||
iq->caps_server*2+2 >= MAX_SENT_COUNT) {
|
||||
iq->caps_server*2+2 >= (size_t)ie->max_sent_count) {
|
||||
/* *2 on sentcount check because ipv6 may fail */
|
||||
/* we're done, process the response */
|
||||
verbose(VERB_ALGO, "0x20 fallback had %d responses "
|
||||
|
|
|
@ -63,12 +63,8 @@ struct rbtree_type;
|
|||
/** max number of nxdomains allowed for target lookups for a query and
|
||||
* its subqueries when fallback has kicked in */
|
||||
#define MAX_TARGET_NX_FALLBACK (MAX_TARGET_NX*2)
|
||||
/** max number of query restarts. Determines max number of CNAME chain. */
|
||||
#define MAX_RESTART_COUNT 11
|
||||
/** max number of referrals. Makes sure resolver does not run away */
|
||||
#define MAX_REFERRAL_COUNT 130
|
||||
/** max number of queries-sent-out. Make sure large NS set does not loop */
|
||||
#define MAX_SENT_COUNT 32
|
||||
/** max number of queries for which to perform dnsseclameness detection,
|
||||
* (rrsigs missing detection) after that, just pick up that response */
|
||||
#define DNSSEC_LAME_DETECT_COUNT 4
|
||||
|
@ -145,6 +141,12 @@ struct iter_env {
|
|||
|
||||
/** number of retries on outgoing queries */
|
||||
int outbound_msg_retry;
|
||||
|
||||
/** number of queries_sent */
|
||||
int max_sent_count;
|
||||
|
||||
/** max number of query restarts to limit length of CNAME chain */
|
||||
int max_query_restarts;
|
||||
};
|
||||
|
||||
/**
|
||||
|
|
|
@ -70,6 +70,7 @@ context_finalize(struct ub_ctx* ctx)
|
|||
} else {
|
||||
log_init(cfg->logfile, cfg->use_syslog, NULL);
|
||||
}
|
||||
ctx->pipe_pid = getpid();
|
||||
cfg_apply_local_port_policy(cfg, 65536);
|
||||
config_apply(cfg);
|
||||
if(!modstack_setup(&ctx->mods, cfg->module_conf, ctx->env))
|
||||
|
|
|
@ -89,6 +89,12 @@ struct ub_ctx {
|
|||
pid_t bg_pid;
|
||||
/** tid of bg worker thread */
|
||||
ub_thread_type bg_tid;
|
||||
/** pid when pipes are created. This was the process when the
|
||||
* setup was called. Helps with clean up, so we can tell after a fork
|
||||
* which side of the fork the delete is on. */
|
||||
pid_t pipe_pid;
|
||||
/** when threaded, the worker that exists in the created thread. */
|
||||
struct libworker* thread_worker;
|
||||
|
||||
/** do threading (instead of forking) for async resolution */
|
||||
int dothread;
|
||||
|
|
|
@ -305,11 +305,31 @@ ub_ctx_delete(struct ub_ctx* ctx)
|
|||
int do_stop = 1;
|
||||
if(!ctx) return;
|
||||
|
||||
/* if the delete is called but it has forked, and before the fork
|
||||
* the context was finalized, then the bg worker is not stopped
|
||||
* from here. There is one worker, but two contexts that refer to
|
||||
* it and only one should clean up, the one with getpid == pipe_pid.*/
|
||||
if(ctx->created_bg && ctx->pipe_pid != getpid()) {
|
||||
do_stop = 0;
|
||||
#ifndef USE_WINSOCK
|
||||
/* Stop events from getting deregistered, if the backend is
|
||||
* epoll, the epoll fd is the same as the other process.
|
||||
* That process should deregister them. */
|
||||
if(ctx->qq_pipe->listen_com)
|
||||
ctx->qq_pipe->listen_com->event_added = 0;
|
||||
if(ctx->qq_pipe->res_com)
|
||||
ctx->qq_pipe->res_com->event_added = 0;
|
||||
if(ctx->rr_pipe->listen_com)
|
||||
ctx->rr_pipe->listen_com->event_added = 0;
|
||||
if(ctx->rr_pipe->res_com)
|
||||
ctx->rr_pipe->res_com->event_added = 0;
|
||||
#endif
|
||||
}
|
||||
/* see if bg thread is created and if threads have been killed */
|
||||
/* no locks, because those may be held by terminated threads */
|
||||
/* for processes the read pipe is closed and we see that on read */
|
||||
#ifdef HAVE_PTHREAD
|
||||
if(ctx->created_bg && ctx->dothread) {
|
||||
if(ctx->created_bg && ctx->dothread && do_stop) {
|
||||
if(pthread_kill(ctx->bg_tid, 0) == ESRCH) {
|
||||
/* thread has been killed */
|
||||
do_stop = 0;
|
||||
|
@ -318,6 +338,23 @@ ub_ctx_delete(struct ub_ctx* ctx)
|
|||
#endif /* HAVE_PTHREAD */
|
||||
if(do_stop)
|
||||
ub_stop_bg(ctx);
|
||||
if(ctx->created_bg && ctx->pipe_pid != getpid() && ctx->thread_worker) {
|
||||
/* This delete is happening from a different process. Delete
|
||||
* the thread worker from this process memory space. The
|
||||
* thread is not there to do so, so it is freed here. */
|
||||
struct ub_event_base* evbase = comm_base_internal(
|
||||
ctx->thread_worker->base);
|
||||
libworker_delete_event(ctx->thread_worker);
|
||||
ctx->thread_worker = NULL;
|
||||
#ifdef USE_MINI_EVENT
|
||||
ub_event_base_free(evbase);
|
||||
#else
|
||||
/* cannot event_base_free, because the epoll_fd cleanup
|
||||
* in libevent could stop the original event_base in the
|
||||
* other process from working. */
|
||||
free(evbase);
|
||||
#endif
|
||||
}
|
||||
libworker_delete_event(ctx->event_worker);
|
||||
|
||||
modstack_desetup(&ctx->mods, ctx->env);
|
||||
|
|
|
@ -395,6 +395,7 @@ int libworker_bg(struct ub_ctx* ctx)
|
|||
w = libworker_setup(ctx, 1, NULL);
|
||||
if(!w) return UB_NOMEM;
|
||||
w->is_bg_thread = 1;
|
||||
ctx->thread_worker = w;
|
||||
#ifdef ENABLE_LOCK_CHECKS
|
||||
w->thread_num = 1; /* for nicer DEBUG checklocks */
|
||||
#endif
|
||||
|
|
|
@ -230,7 +230,7 @@ int ub_ctx_set_event(struct ub_ctx* ctx, struct event_base* base);
|
|||
* @param callback: this is called on completion of the resolution.
|
||||
* It is called as:
|
||||
* void callback(void* mydata, int rcode, void* packet, int packet_len,
|
||||
* int sec, char* why_bogus)
|
||||
* int sec, char* why_bogus, int was_ratelimited)
|
||||
* with mydata: the same as passed here, you may pass NULL,
|
||||
* with rcode: 0 on no error, nonzero for mostly SERVFAIL situations,
|
||||
* this is a DNS rcode.
|
||||
|
@ -241,6 +241,7 @@ int ub_ctx_set_event(struct ub_ctx* ctx, struct event_base* base);
|
|||
* with packet_len: length in bytes of the packet buffer.
|
||||
* with sec: 0 if insecure, 1 if bogus, 2 if DNSSEC secure.
|
||||
* with why_bogus: text string explaining why it is bogus (or NULL).
|
||||
* with was_ratelimited: if the query was ratelimited.
|
||||
* These point to buffers inside unbound; do not deallocate the packet or
|
||||
* error string.
|
||||
*
|
||||
|
|
|
@ -316,23 +316,37 @@ int pythonmod_init(struct module_env* env, int id)
|
|||
|
||||
if (py_mod_count==1) {
|
||||
/* Initialize Python */
|
||||
PyRun_SimpleString("import sys \n");
|
||||
if(PyRun_SimpleString("import sys \n") < 0 ) {
|
||||
goto python_init_fail;
|
||||
}
|
||||
PyRun_SimpleString("sys.path.append('.') \n");
|
||||
PyRun_SimpleString("sys.path.append('"RUN_DIR"') \n");
|
||||
PyRun_SimpleString("sys.path.append('"SHARE_DIR"') \n");
|
||||
if(env->cfg->directory && env->cfg->directory[0]) {
|
||||
char wdir[1524];
|
||||
snprintf(wdir, sizeof(wdir), "sys.path.append('%s') \n",
|
||||
env->cfg->directory);
|
||||
PyRun_SimpleString(wdir);
|
||||
}
|
||||
PyRun_SimpleString("sys.path.append('"RUN_DIR"') \n");
|
||||
PyRun_SimpleString("sys.path.append('"SHARE_DIR"') \n");
|
||||
PyRun_SimpleString("import distutils.sysconfig \n");
|
||||
PyRun_SimpleString("sys.path.append(distutils.sysconfig.get_python_lib(1,0)) \n");
|
||||
if (PyRun_SimpleString("from unboundmodule import *\n") < 0)
|
||||
/* Check if sysconfig is there and use that instead of distutils;
|
||||
* distutils.sysconfig is deprecated in Python 3.10. */
|
||||
if(PyRun_SimpleString("import sysconfig \n") < 0) {
|
||||
log_info("pythonmod: module sysconfig not available; "
|
||||
"falling back to distutils.sysconfig.");
|
||||
if(PyRun_SimpleString("import distutils.sysconfig \n") < 0
|
||||
|| PyRun_SimpleString("sys.path.append("
|
||||
"distutils.sysconfig.get_python_lib(1,0)) \n") < 0) {
|
||||
goto python_init_fail;
|
||||
}
|
||||
} else {
|
||||
if(PyRun_SimpleString("sys.path.append("
|
||||
"sysconfig.get_path('platlib')) \n") < 0) {
|
||||
goto python_init_fail;
|
||||
}
|
||||
}
|
||||
if(PyRun_SimpleString("from unboundmodule import *\n") < 0)
|
||||
{
|
||||
log_err("pythonmod: cannot initialize core module: unboundmodule.py");
|
||||
PyGILState_Release(gil);
|
||||
return 0;
|
||||
goto python_init_fail;
|
||||
}
|
||||
}
|
||||
|
||||
|
@ -480,6 +494,11 @@ int pythonmod_init(struct module_env* env, int id)
|
|||
PyGILState_Release(gil);
|
||||
|
||||
return 1;
|
||||
|
||||
python_init_fail:
|
||||
log_err("pythonmod: cannot initialize core module: unboundmodule.py");
|
||||
PyGILState_Release(gil);
|
||||
return 0;
|
||||
}
|
||||
|
||||
void pythonmod_deinit(struct module_env* env, int id)
|
||||
|
|
|
@ -2756,6 +2756,7 @@ az_change_dnames(struct dns_msg* msg, uint8_t* oldname, uint8_t* newname,
|
|||
== 0) {
|
||||
msg->rep->rrsets[i]->rk.dname = newname;
|
||||
msg->rep->rrsets[i]->rk.dname_len = newlen;
|
||||
msg->rep->rrsets[i]->entry.hash = rrset_key_hash(&msg->rep->rrsets[i]->rk);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
8
services/cache/dns.c
vendored
8
services/cache/dns.c
vendored
|
@ -636,6 +636,14 @@ tomsg(struct module_env* env, struct query_info* q, struct reply_info* r,
|
|||
r->serve_expired_ttl < now) {
|
||||
return NULL;
|
||||
}
|
||||
/* Ignore expired failure answers */
|
||||
if(FLAGS_GET_RCODE(r->flags) !=
|
||||
LDNS_RCODE_NOERROR &&
|
||||
FLAGS_GET_RCODE(r->flags) !=
|
||||
LDNS_RCODE_NXDOMAIN &&
|
||||
FLAGS_GET_RCODE(r->flags) !=
|
||||
LDNS_RCODE_YXDOMAIN)
|
||||
return 0;
|
||||
} else {
|
||||
return NULL;
|
||||
}
|
||||
|
|
|
@ -196,8 +196,8 @@ enum sldns_enum_rr_type
|
|||
LDNS_RR_TYPE_OPENPGPKEY = 61, /* RFC 7929 */
|
||||
LDNS_RR_TYPE_CSYNC = 62, /* RFC 7477 */
|
||||
LDNS_RR_TYPE_ZONEMD = 63, /* draft-ietf-dnsop-dns-zone-digest-12 */
|
||||
LDNS_RR_TYPE_SVCB = 64, /* draft-ietf-dnsop-svcb-https-04 */
|
||||
LDNS_RR_TYPE_HTTPS = 65, /* draft-ietf-dnsop-svcb-https-04 */
|
||||
LDNS_RR_TYPE_SVCB = 64, /* draft-ietf-dnsop-svcb-https-04 */
|
||||
LDNS_RR_TYPE_HTTPS = 65, /* draft-ietf-dnsop-svcb-https-04 */
|
||||
|
||||
LDNS_RR_TYPE_SPF = 99, /* RFC 4408 */
|
||||
|
||||
|
|
|
@ -102,6 +102,12 @@ usage(void)
|
|||
printf(" stop stops the server\n");
|
||||
printf(" reload reloads the server\n");
|
||||
printf(" (this flushes data, stats, requestlist)\n");
|
||||
printf(" reload_keep_cache reloads the server but tries to\n");
|
||||
printf(" keep the RRset and message cache\n");
|
||||
printf(" if (re)configuration allows for it.\n");
|
||||
printf(" That means the caches sizes and\n");
|
||||
printf(" the number of threads must not\n");
|
||||
printf(" change between reloads.\n");
|
||||
printf(" stats print statistics\n");
|
||||
printf(" stats_noreset peek at statistics\n");
|
||||
#ifdef HAVE_SHMGET
|
||||
|
@ -180,8 +186,6 @@ usage(void)
|
|||
#ifdef HAVE_SHMGET
|
||||
/** what to put on statistics lines between var and value, ": " or "=" */
|
||||
#define SQ "="
|
||||
/** if true, inhibits a lot of =0 lines from the stats output */
|
||||
static const int inhibit_zero = 1;
|
||||
/** divide sum of timers to get average */
|
||||
static void
|
||||
timeval_divide(struct timeval* avg, const struct timeval* sum, long long d)
|
||||
|
@ -316,7 +320,7 @@ static void print_hist(struct ub_stats_info* s)
|
|||
}
|
||||
|
||||
/** print extended */
|
||||
static void print_extended(struct ub_stats_info* s)
|
||||
static void print_extended(struct ub_stats_info* s, int inhibit_zero)
|
||||
{
|
||||
int i;
|
||||
char nm[16];
|
||||
|
@ -439,7 +443,7 @@ static void do_stats_shm(struct config_file* cfg, struct ub_stats_info* stats,
|
|||
if(cfg->stat_extended) {
|
||||
print_mem(shm_stat, &stats[0]);
|
||||
print_hist(stats);
|
||||
print_extended(stats);
|
||||
print_extended(stats, cfg->stat_inhibit_zero);
|
||||
}
|
||||
}
|
||||
#endif /* HAVE_SHMGET */
|
||||
|
|
|
@ -573,6 +573,7 @@ int main(int argc, char** argv)
|
|||
#endif
|
||||
checklock_start();
|
||||
log_init(0, 0, 0);
|
||||
log_ident_set("dohclient");
|
||||
|
||||
h2_session = http2_session_create();
|
||||
if(!h2_session) fatal_exit("out of memory");
|
||||
|
|
9
testdata/03-testbound.tdir/03-testbound.test
vendored
9
testdata/03-testbound.tdir/03-testbound.test
vendored
|
@ -103,6 +103,15 @@ for input in $PRE/testdata/*.rpl $PRE/testdata/*.crpl; do
|
|||
fi
|
||||
fi
|
||||
|
||||
# detect if cachedb is needed
|
||||
if echo $cleaninput | grep cachedb >/dev/null 2>&1; then
|
||||
if grep "define USE_CACHEDB 1" $PRE/config.h >/dev/null 2>&1; then
|
||||
: # CACHEDB is supported
|
||||
else
|
||||
continue
|
||||
fi
|
||||
fi
|
||||
|
||||
if test $do_valgrind = "yes"; then
|
||||
echo
|
||||
if (valgrind $VALGRIND_FLAGS $PRE/testbound -p $input >tmpout 2>&1;); then
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
server:
|
||||
verbosity: 2
|
||||
# num-threads: 1
|
||||
num-threads: 1
|
||||
interface: 127.0.0.1
|
||||
port: @PORT@
|
||||
use-syslog: no
|
||||
|
@ -9,6 +9,10 @@ server:
|
|||
chroot: ""
|
||||
username: ""
|
||||
do-not-query-localhost: no
|
||||
access-control: 127.0.0.1 allow_snoop
|
||||
msg-cache-size: 4m
|
||||
rrset-cache-size: 4m
|
||||
minimal-responses: yes
|
||||
remote-control:
|
||||
control-enable: yes
|
||||
control-interface: 127.0.0.1
|
||||
|
@ -21,4 +25,3 @@ remote-control:
|
|||
forward-zone:
|
||||
name: "."
|
||||
forward-addr: "127.0.0.1@@TOPORT@"
|
||||
|
||||
|
|
|
@ -5,364 +5,317 @@
|
|||
[ -f .tpkg.var.test ] && source .tpkg.var.test
|
||||
|
||||
PRE="../.."
|
||||
. ../common.sh
|
||||
|
||||
# exit value is 1 on usage
|
||||
$PRE/unbound-control -h
|
||||
if test $? -ne 1; then
|
||||
echo "wrong exit value for usage."
|
||||
exit 1
|
||||
else
|
||||
echo "exit value for usage: OK"
|
||||
fi
|
||||
# End the test
|
||||
# $1: exit value
|
||||
end () {
|
||||
echo "> cat logfiles"
|
||||
cat fwd.log
|
||||
cat unbound.log
|
||||
exit $1
|
||||
}
|
||||
|
||||
# Expect a given exit value of the previous command
|
||||
# $1: the expected exit value
|
||||
# $2: optional text to print when failing
|
||||
expect_exit_value () {
|
||||
if test $? -ne $1; then
|
||||
if test -z "$2"; then
|
||||
if test $1 -eq 1; then
|
||||
msg="on error"
|
||||
else
|
||||
msg="after success"
|
||||
fi
|
||||
else
|
||||
msg="$2"
|
||||
fi
|
||||
echo "wrong exit value $msg"
|
||||
end 1
|
||||
fi
|
||||
}
|
||||
|
||||
# Helper function for quering
|
||||
# $@: at least the domain name to query and optional dig arguments
|
||||
query () {
|
||||
echo "> dig $@"
|
||||
dig @127.0.0.1 -p $UNBOUND_PORT $@ | tee outfile
|
||||
}
|
||||
|
||||
# Expect something in the answer
|
||||
# $1: expected regular expression
|
||||
expect_answer () {
|
||||
echo "> check answer for \"$1\""
|
||||
if grep "$1" outfile; then
|
||||
echo "OK"
|
||||
else
|
||||
echo "Not OK"
|
||||
end 1
|
||||
fi
|
||||
}
|
||||
|
||||
# Fail the test for unexpected answers
|
||||
# $1: unexpected regular expression
|
||||
fail_answer () {
|
||||
echo "> \"$1\" should not be in answer"
|
||||
if grep "$1" outfile; then
|
||||
echo "Not OK"
|
||||
end 1
|
||||
else
|
||||
echo "OK"
|
||||
fi
|
||||
}
|
||||
|
||||
# Issue an unbound-control command
|
||||
# $@: command arguments
|
||||
control_command () {
|
||||
echo "$PRE/unbound-control $@"
|
||||
$PRE/unbound-control $@ > outfile
|
||||
}
|
||||
|
||||
# Dump the cache contents
|
||||
# $@: optional options to unbound-control
|
||||
cache_dump () {
|
||||
echo "$PRE/unbound-control $@ dump_cache > cache.dump"
|
||||
$PRE/unbound-control $@ dump_cache > cache.dump
|
||||
}
|
||||
|
||||
# Load cache contents
|
||||
# $@: optional options to unbound-control
|
||||
cache_load () {
|
||||
echo "$PRE/unbound-control $@ load_cache < cache.dump"
|
||||
$PRE/unbound-control $@ load_cache < cache.dump
|
||||
}
|
||||
|
||||
# Expect an entry in the cache dump
|
||||
# $1: expected regular expression
|
||||
expect_in_cache_dump () {
|
||||
echo "> check cache dump for \"$1\""
|
||||
if grep "$1" cache.dump; then
|
||||
echo "OK cache dump"
|
||||
else
|
||||
echo "Not OK cache dump"
|
||||
end 1
|
||||
fi
|
||||
}
|
||||
|
||||
# Fail the test for unexpected entry in the cache dump
|
||||
# $1: unexpected regular expression
|
||||
fail_in_cache_dump () {
|
||||
echo "> \"$1\" should not be in cache dump"
|
||||
if grep "$1" cache.dump; then
|
||||
echo "Not OK cache dump"
|
||||
end 1
|
||||
else
|
||||
echo "OK cache dump"
|
||||
fi
|
||||
}
|
||||
|
||||
# start the test
|
||||
cp ub.conf main.conf
|
||||
|
||||
teststep "exit value is 1 on usage"
|
||||
control_command -h
|
||||
expect_exit_value 1 "for usage"
|
||||
|
||||
# use lock-verify if possible
|
||||
|
||||
# test if the server is up.
|
||||
echo "> dig www.example.com."
|
||||
dig @127.0.0.1 -p $UNBOUND_PORT www.example.com. | tee outfile
|
||||
echo "> check answer"
|
||||
if grep "10.20.30.40" outfile; then
|
||||
echo "OK"
|
||||
else
|
||||
echo "> cat logfiles"
|
||||
cat fwd.log
|
||||
cat unbound.log
|
||||
echo "Not OK"
|
||||
exit 1
|
||||
fi
|
||||
teststep "test if the server is up"
|
||||
query www.example.com.
|
||||
expect_answer "10.20.30.40"
|
||||
|
||||
# exit value is 1 when a bad command is given.
|
||||
echo "$PRE/unbound-control -c ub.conf blablargh"
|
||||
$PRE/unbound-control -c ub.conf blablargh
|
||||
if test $? -ne 1; then
|
||||
echo "wrong exit value on error."
|
||||
echo "> cat logfiles"
|
||||
cat fwd.log
|
||||
cat unbound.lo
|
||||
exit 1
|
||||
else
|
||||
echo "correct exit value on error"
|
||||
fi
|
||||
teststep "exit value is 1 when a bad command is given"
|
||||
control_command -c ub.conf blablargh
|
||||
expect_exit_value 1
|
||||
|
||||
# reload the server. test if the server came up by putting a new
|
||||
# local-data element in the server.
|
||||
teststep "reload the server"
|
||||
echo "server: local-data: 'afterreload. IN A 5.6.7.8'" >> ub.conf
|
||||
echo "$PRE/unbound-control -c ub.conf reload"
|
||||
$PRE/unbound-control -c ub.conf reload
|
||||
if test $? -ne 0; then
|
||||
echo "wrong exit value after success"
|
||||
exit 1
|
||||
fi
|
||||
control_command -c ub.conf reload
|
||||
expect_exit_value 0
|
||||
query afterreload.
|
||||
expect_answer "5.6.7.8"
|
||||
|
||||
echo "> dig afterreload."
|
||||
dig @127.0.0.1 -p $UNBOUND_PORT afterreload. | tee outfile
|
||||
echo "> check answer"
|
||||
if grep "5.6.7.8" outfile; then
|
||||
echo "OK"
|
||||
else
|
||||
echo "> cat logfiles"
|
||||
cat fwd.log
|
||||
cat unbound.log
|
||||
echo "Not OK"
|
||||
exit 1
|
||||
fi
|
||||
teststep "must have had at least 1 query since reload"
|
||||
control_command -c ub.conf stats
|
||||
expect_exit_value 0
|
||||
expect_answer "^total.num.queries=[1-9][0-9]*$"
|
||||
|
||||
# must have had queries now. 1 since reload.
|
||||
echo "$PRE/unbound-control -c ub.conf stats"
|
||||
$PRE/unbound-control -c ub.conf stats > tmp.$$
|
||||
if test $? -ne 0; then
|
||||
echo "wrong exit value after success"
|
||||
exit 1
|
||||
fi
|
||||
if grep "^total.num.queries=[1-9][0-9]*$" tmp.$$; then
|
||||
echo "OK"
|
||||
else
|
||||
echo "bad stats"
|
||||
cat tmp.$$
|
||||
exit 1
|
||||
fi
|
||||
teststep "check verbosity"
|
||||
control_command -c ub.conf verbosity 2
|
||||
expect_exit_value 0
|
||||
|
||||
# verbosity
|
||||
echo "$PRE/unbound-control -c ub.conf verbosity 2"
|
||||
$PRE/unbound-control -c ub.conf verbosity 2
|
||||
if test $? -ne 0; then
|
||||
echo "wrong exit value after success"
|
||||
exit 1
|
||||
fi
|
||||
teststep "check syntax error in parse"
|
||||
control_command -c ub.conf verbosity jkdf
|
||||
expect_exit_value 1
|
||||
|
||||
# check syntax error in parse
|
||||
echo "$PRE/unbound-control -c ub.conf verbosity jkdf"
|
||||
$PRE/unbound-control -c ub.conf verbosity jkdf
|
||||
if test $? -ne 1; then
|
||||
echo "wrong exit value after failure"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
# check bad credentials
|
||||
teststep "check bad credentials"
|
||||
cp ub.conf bad.conf
|
||||
echo "remote-control:" >> bad.conf
|
||||
echo " server-key-file: bad_server.key" >> bad.conf
|
||||
echo " server-cert-file: bad_server.pem" >> bad.conf
|
||||
echo " control-key-file: bad_control.key" >> bad.conf
|
||||
echo " control-cert-file: bad_control.pem" >> bad.conf
|
||||
echo "$PRE/unbound-control -c bad.conf verbosity 2"
|
||||
$PRE/unbound-control -c bad.conf verbosity 2
|
||||
if test $? -ne 1; then
|
||||
echo "wrong exit value after failure"
|
||||
exit 1
|
||||
fi
|
||||
cat conf.bad_credentials >> bad.conf
|
||||
control_command -c bad.conf verbosity 2
|
||||
expect_exit_value 1
|
||||
|
||||
# check spoofedclient credentials
|
||||
teststep "check spoofed client credentials"
|
||||
rm -f bad.conf
|
||||
cp ub.conf bad.conf
|
||||
echo "remote-control:" >> bad.conf
|
||||
echo " server-key-file: unbound_server.key" >> bad.conf
|
||||
echo " server-cert-file: unbound_server.pem" >> bad.conf
|
||||
echo " control-key-file: bad_control.key" >> bad.conf
|
||||
echo " control-cert-file: bad_control.pem" >> bad.conf
|
||||
echo "$PRE/unbound-control -c bad.conf verbosity 2"
|
||||
$PRE/unbound-control -c bad.conf verbosity 2
|
||||
if test $? -ne 1; then
|
||||
echo "wrong exit value after failure"
|
||||
exit 1
|
||||
fi
|
||||
cat conf.spoofed_credentials >> bad.conf
|
||||
control_command -c bad.conf verbosity 2
|
||||
expect_exit_value 1
|
||||
|
||||
# create a new local zone
|
||||
echo "> test of local zone"
|
||||
echo "$PRE/unbound-control -c ub.conf local_zone example.net static"
|
||||
$PRE/unbound-control -c ub.conf local_zone example.net static
|
||||
if test $? -ne 0; then
|
||||
echo "wrong exit value after success"
|
||||
exit 1
|
||||
fi
|
||||
echo "$PRE/unbound-control -c ub.conf local_data www.example.net A 192.0.2.1"
|
||||
$PRE/unbound-control -c ub.conf local_data www.example.net A 192.0.2.1
|
||||
if test $? -ne 0; then
|
||||
echo "wrong exit value after success"
|
||||
exit 1
|
||||
fi
|
||||
teststep "create a new local zone"
|
||||
control_command -c ub.conf local_zone example.net static
|
||||
expect_exit_value 0
|
||||
control_command -c ub.conf local_data www.example.net A 192.0.2.1
|
||||
expect_exit_value 0
|
||||
|
||||
# check that www.example.net exists
|
||||
echo "> dig www.example.net."
|
||||
dig @127.0.0.1 -p $UNBOUND_PORT www.example.net. | tee outfile
|
||||
echo "> check answer"
|
||||
if grep "192.0.2.1" outfile; then
|
||||
echo "OK"
|
||||
else
|
||||
echo "> cat logfiles"
|
||||
cat fwd.log
|
||||
cat unbound.log
|
||||
echo "Not OK"
|
||||
exit 1
|
||||
fi
|
||||
teststep "check that www.example.net exists"
|
||||
query www.example.net.
|
||||
expect_answer "192.0.2.1"
|
||||
|
||||
# check that mail.example.net has nxdomain
|
||||
echo "> dig mail.example.net."
|
||||
dig @127.0.0.1 -p $UNBOUND_PORT mail.example.net. | tee outfile
|
||||
echo "> check answer"
|
||||
if grep "NXDOMAIN" outfile; then
|
||||
echo "OK"
|
||||
else
|
||||
echo "> cat logfiles"
|
||||
cat fwd.log
|
||||
cat unbound.log
|
||||
echo "Not OK"
|
||||
exit 1
|
||||
fi
|
||||
teststep "check that mail.example.net has nxdomain"
|
||||
query mail.example.net.
|
||||
expect_answer "NXDOMAIN"
|
||||
|
||||
# remove www.example.net - check it gets nxdomain
|
||||
echo "$PRE/unbound-control -c ub.conf local_data_remove www.example.net"
|
||||
$PRE/unbound-control -c ub.conf local_data_remove www.example.net
|
||||
if test $? -ne 0; then
|
||||
echo "wrong exit value after success"
|
||||
exit 1
|
||||
fi
|
||||
echo "> dig www.example.net."
|
||||
dig @127.0.0.1 -p $UNBOUND_PORT www.example.net. | tee outfile
|
||||
echo "> check answer"
|
||||
if grep "NXDOMAIN" outfile; then
|
||||
echo "OK"
|
||||
else
|
||||
echo "> cat logfiles"
|
||||
cat fwd.log
|
||||
cat unbound.log
|
||||
echo "Not OK"
|
||||
exit 1
|
||||
fi
|
||||
teststep "remove www.example.net - check it gets nxdomain"
|
||||
control_command -c ub.conf local_data_remove www.example.net
|
||||
expect_exit_value 0
|
||||
query www.example.net.
|
||||
expect_answer "NXDOMAIN"
|
||||
|
||||
# remove nonexistent name - check bug#287(segfault) does not happen.
|
||||
echo "$PRE/unbound-control -c ub.conf local_data_remove test.example.net"
|
||||
$PRE/unbound-control -c ub.conf local_data_remove test.example.net
|
||||
teststep "remove nonexistent name - check bug#287(segfault) does not happen"
|
||||
control_command -c ub.conf local_data_remove test.example.net
|
||||
# if crash then then we get: error: could not SSL_read from unbound-control
|
||||
if test $? -ne 0; then
|
||||
echo "wrong exit value after success"
|
||||
cat unbound.log
|
||||
echo "Not OK"
|
||||
exit 1
|
||||
fi
|
||||
expect_exit_value 0
|
||||
|
||||
# remove example.net - check its gone.
|
||||
echo "$PRE/unbound-control -c ub.conf local_zone_remove example.net"
|
||||
$PRE/unbound-control -c ub.conf local_zone_remove example.net
|
||||
if test $? -ne 0; then
|
||||
echo "wrong exit value after success"
|
||||
exit 1
|
||||
fi
|
||||
echo "> dig www.example.net."
|
||||
dig @127.0.0.1 -p $UNBOUND_PORT www.example.net. | tee outfile
|
||||
echo "> check answer"
|
||||
if grep "SERVFAIL" outfile; then
|
||||
echo "OK"
|
||||
else
|
||||
echo "> cat logfiles"
|
||||
cat fwd.log
|
||||
cat unbound.log
|
||||
echo "Not OK"
|
||||
exit 1
|
||||
fi
|
||||
teststep "remove example.net - check its gone"
|
||||
control_command -c ub.conf local_zone_remove example.net
|
||||
expect_exit_value 0
|
||||
query www.example.net.
|
||||
expect_answer "SERVFAIL"
|
||||
|
||||
# dump the cache
|
||||
echo "> test cache dump"
|
||||
# fillup cache
|
||||
echo "dig www.example.com"
|
||||
dig @127.0.0.1 -p $UNBOUND_PORT www.example.com.
|
||||
echo "$PRE/unbound-control -c ub.conf dump_cache"
|
||||
$PRE/unbound-control -c ub.conf dump_cache > tmp.$$
|
||||
if test $? -ne 0; then
|
||||
echo "wrong exit value after success"
|
||||
exit 1
|
||||
fi
|
||||
cat tmp.$$
|
||||
if grep 10.20.30.40 tmp.$$; then
|
||||
echo "OK example.com is in cache dump"
|
||||
else
|
||||
echo "Not OK cache dump"
|
||||
exit 1
|
||||
fi
|
||||
teststep "dump the cache"
|
||||
query www.example.com.
|
||||
cache_dump -c ub.conf
|
||||
expect_exit_value 0
|
||||
cat cache.dump
|
||||
expect_in_cache "10.20.30.40"
|
||||
|
||||
# test lookup
|
||||
echo "$PRE/unbound-control -c ub.conf lookup www.example.com"
|
||||
$PRE/unbound-control -c ub.conf lookup www.example.com
|
||||
if test $? -ne 0; then
|
||||
echo "wrong exit value after success"
|
||||
exit 1
|
||||
fi
|
||||
control_command -c ub.conf lookup www.example.com
|
||||
expect_exit_value 0
|
||||
# answer to lookup is meaningless because of use a forwarder, oh well.
|
||||
|
||||
# load the cache dump.
|
||||
echo "$PRE/unbound-control -c ub.conf load_cache < tmp.$$"
|
||||
$PRE/unbound-control -c ub.conf load_cache < tmp.$$
|
||||
if test $? -ne 0; then
|
||||
echo "wrong exit value after success"
|
||||
exit 1
|
||||
fi
|
||||
echo "> dig www.example.com."
|
||||
dig @127.0.0.1 -p $UNBOUND_PORT www.example.com. | tee outfile
|
||||
echo "> check answer"
|
||||
if grep "10.20.30.40" outfile; then
|
||||
echo "OK"
|
||||
else
|
||||
echo "> cat logfiles"
|
||||
cat fwd.log
|
||||
cat unbound.log
|
||||
echo "Not OK"
|
||||
exit 1
|
||||
fi
|
||||
teststep "load the cache dump"
|
||||
cache_load -c ub.conf
|
||||
expect_exit_value 0
|
||||
query www.example.com.
|
||||
expect_answer "10.20.30.40"
|
||||
|
||||
# load local-zones from file
|
||||
echo "$PRE/unbound-control -c ub.conf local_zones < local_zones"
|
||||
$PRE/unbound-control -c ub.conf local_zones < local_zones
|
||||
if test $? -ne 0; then
|
||||
echo "wrong exit value after success"
|
||||
exit 1
|
||||
fi
|
||||
echo "> dig localzonefromfile."
|
||||
dig @127.0.0.1 -p $UNBOUND_PORT localzonefromfile | tee outfile
|
||||
echo "> check answer"
|
||||
if grep "REFUSED" outfile; then
|
||||
echo "OK"
|
||||
else
|
||||
echo "Not OK"
|
||||
exit 1
|
||||
fi
|
||||
teststep "load local-zones from file"
|
||||
control_command -c ub.conf local_zones < local_zones
|
||||
expect_exit_value 0
|
||||
query localzonefromfile
|
||||
expect_answer "REFUSED"
|
||||
|
||||
# load local-data from file
|
||||
echo "$PRE/unbound-control -c ub.conf local_datas < local_data"
|
||||
$PRE/unbound-control -c ub.conf local_datas < local_data
|
||||
if test $? -ne 0; then
|
||||
echo "wrong exit value after success"
|
||||
exit 1
|
||||
fi
|
||||
echo "> dig localdatafromfile."
|
||||
dig @127.0.0.1 -p $UNBOUND_PORT -t txt localdatafromfile | tee outfile
|
||||
echo "> check answer"
|
||||
if grep "local data from file OK" outfile; then
|
||||
echo "OK"
|
||||
else
|
||||
echo "Not OK"
|
||||
exit 1
|
||||
fi
|
||||
teststep "load local-data from file"
|
||||
control_command -c ub.conf local_datas < local_data
|
||||
expect_exit_value 0
|
||||
query -t txt localdatafromfile
|
||||
expect_answer "local data from file OK"
|
||||
|
||||
# remove local-zone and local-data from file
|
||||
echo "$PRE/unbound-control -c ub.conf local_zones_remove < local_zones_remove"
|
||||
$PRE/unbound-control -c ub.conf local_zones_remove < local_zones_remove
|
||||
if test $? -ne 0; then
|
||||
echo "wrong exit value after success"
|
||||
exit 1
|
||||
fi
|
||||
echo "$PRE/unbound-control -c ub.conf local_datas_remove < local_data_remove"
|
||||
$PRE/unbound-control -c ub.conf local_datas_remove < local_data_remove
|
||||
if test $? -ne 0; then
|
||||
echo "wrong exit value after success"
|
||||
exit 1
|
||||
fi
|
||||
echo "> check zone and data removal list_local_zones"
|
||||
$PRE/unbound-control -c ub.conf list_local_zones | tee outfile
|
||||
if grep "localzonefromfile" outfile; then
|
||||
echo "Not OK"
|
||||
exit 1
|
||||
fi
|
||||
if grep "local data from file OK" outfile; then
|
||||
echo "Not OK"
|
||||
exit 1
|
||||
fi
|
||||
if grep "otherlocalzone" outfile; then
|
||||
echo "OK"
|
||||
else
|
||||
echo "Not OK"
|
||||
exit 1
|
||||
fi
|
||||
teststep "remove local-zone and local-data from file"
|
||||
control_command -c ub.conf local_zones_remove < local_zones_remove
|
||||
expect_exit_value 0
|
||||
control_command -c ub.conf local_datas_remove < local_data_remove
|
||||
expect_exit_value 0
|
||||
control_command -c ub.conf list_local_zones
|
||||
fail_answer "localzonefromfile"
|
||||
fail_answer "local data from file OK"
|
||||
expect_answer "otherlocalzone"
|
||||
|
||||
# flushing
|
||||
echo "$PRE/unbound-control -c ub.conf flush www.example.net"
|
||||
$PRE/unbound-control -c ub.conf flush www.example.net
|
||||
if test $? -ne 0; then
|
||||
echo "wrong exit value after success"
|
||||
exit 1
|
||||
fi
|
||||
teststep "flushing"
|
||||
control_command -c ub.conf flush www.example.net
|
||||
expect_exit_value 0
|
||||
control_command -c ub.conf flush_type www.example.net TXT
|
||||
expect_exit_value 0
|
||||
control_command -c ub.conf flush_zone example.net
|
||||
expect_exit_value 0
|
||||
|
||||
echo "$PRE/unbound-control -c ub.conf flush_type www.example.net TXT"
|
||||
$PRE/unbound-control -c ub.conf flush_type www.example.net TXT
|
||||
if test $? -ne 0; then
|
||||
echo "wrong exit value after success"
|
||||
exit 1
|
||||
fi
|
||||
teststep "reload the server for a clean state and populate the cache"
|
||||
cp main.conf ub.conf
|
||||
control_command -c ub.conf reload
|
||||
expect_exit_value 0
|
||||
query www.example.com
|
||||
expect_answer "10.20.30.40"
|
||||
|
||||
echo "$PRE/unbound-control -c ub.conf flush_zone example.net"
|
||||
$PRE/unbound-control -c ub.conf flush_zone example.net
|
||||
if test $? -ne 0; then
|
||||
echo "wrong exit value after success"
|
||||
exit 1
|
||||
fi
|
||||
teststep "reload and check cache dump - should be empty"
|
||||
control_command -c ub.conf reload
|
||||
expect_exit_value 0
|
||||
cache_dump -c ub.conf
|
||||
expect_exit_value 0
|
||||
fail_in_cache_dump "www.example.com.*10.20.30.40"
|
||||
fail_in_cache_dump "msg www.example.com. IN A"
|
||||
|
||||
# now stop the server
|
||||
echo "$PRE/unbound-control -c ub.conf stop"
|
||||
$PRE/unbound-control -c ub.conf stop
|
||||
if test $? -ne 0; then
|
||||
echo "wrong exit value after success"
|
||||
exit 1
|
||||
fi
|
||||
# see if the server has really exited.
|
||||
query www.example.com
|
||||
expect_answer "10.20.30.40"
|
||||
|
||||
teststep "reload_keep_cache and check cache dump - should not be empty"
|
||||
control_command -c ub.conf reload_keep_cache
|
||||
expect_exit_value 0
|
||||
cache_dump -c ub.conf
|
||||
expect_exit_value 0
|
||||
expect_in_cache_dump "www.example.com.*10.20.30.40"
|
||||
expect_in_cache_dump "msg www.example.com. IN A"
|
||||
query www.example.com +nordflag
|
||||
expect_answer "10.20.30.40"
|
||||
|
||||
teststep "change msg-cache-size and reload_keep_cache - should be empty"
|
||||
echo "server: msg-cache-size: 2m" >> ub.conf
|
||||
control_command -c ub.conf reload_keep_cache
|
||||
expect_exit_value 0
|
||||
cache_dump -c ub.conf
|
||||
expect_exit_value 0
|
||||
fail_in_cache_dump "www.example.com.*10.20.30.40"
|
||||
fail_in_cache_dump "msg www.example.com. IN A"
|
||||
query www.example.com
|
||||
expect_answer "10.20.30.40"
|
||||
|
||||
teststep "change rrset-cache-size and reload_keep_cache - should be empty"
|
||||
echo "server: rrset-cache-size: 2m" >> ub.conf
|
||||
control_command -c ub.conf reload_keep_cache
|
||||
expect_exit_value 0
|
||||
cache_dump -c ub.conf
|
||||
expect_exit_value 0
|
||||
fail_in_cache_dump "www.example.com.*10.20.30.40"
|
||||
fail_in_cache_dump "msg www.example.com. IN A"
|
||||
query www.example.com
|
||||
expect_answer "10.20.30.40"
|
||||
|
||||
teststep "change num-threads and reload_keep_cache - should be empty"
|
||||
echo "server: num-threads: 2" >> ub.conf
|
||||
control_command -c ub.conf reload_keep_cache
|
||||
expect_exit_value 0
|
||||
cache_dump -c ub.conf
|
||||
expect_exit_value 0
|
||||
fail_in_cache_dump "www.example.com.*10.20.30.40"
|
||||
fail_in_cache_dump "msg www.example.com. IN A"
|
||||
query www.example.com
|
||||
expect_answer "10.20.30.40"
|
||||
|
||||
teststep "change minimal-responses and reload_keep_cache - should not be empty"
|
||||
echo "server: minimal-responses: no" >> ub.conf
|
||||
control_command -c ub.conf reload_keep_cache
|
||||
expect_exit_value 0
|
||||
cache_dump -c ub.conf
|
||||
expect_exit_value 0
|
||||
expect_in_cache_dump "www.example.com.*10.20.30.40"
|
||||
expect_in_cache_dump "msg www.example.com. IN A"
|
||||
|
||||
teststep "now stop the server"
|
||||
control_command -c ub.conf stop
|
||||
expect_exit_value 0
|
||||
|
||||
teststep "see if the server has really exited"
|
||||
TRY_MAX=20
|
||||
for (( try=0 ; try <= $TRY_MAX ; try++ )) ; do
|
||||
if kill -0 $UNBOUND_PID 2>&1 | tee tmp.$$; then
|
||||
|
@ -379,11 +332,8 @@ for (( try=0 ; try <= $TRY_MAX ; try++ )) ; do
|
|||
done
|
||||
if kill -0 $UNBOUND_PID; then
|
||||
echo "still up!"
|
||||
echo "> cat logfiles"
|
||||
cat fwd.log
|
||||
cat unbound.log
|
||||
echo "not stopped, failure"
|
||||
exit 1
|
||||
end 1
|
||||
else
|
||||
echo "stopped OK"
|
||||
|
||||
|
@ -392,15 +342,9 @@ else
|
|||
echo "lock-verify test worked."
|
||||
else
|
||||
echo "lock-verify test failed."
|
||||
cat fwd.log
|
||||
cat unbound.log
|
||||
exit 1
|
||||
end 1
|
||||
fi
|
||||
fi
|
||||
fi
|
||||
|
||||
echo "> cat logfiles"
|
||||
cat fwd.log
|
||||
cat unbound.log
|
||||
echo "> OK"
|
||||
exit 0
|
||||
end 0
|
||||
|
|
5
testdata/09-unbound-control.tdir/conf.bad_credentials
vendored
Normal file
5
testdata/09-unbound-control.tdir/conf.bad_credentials
vendored
Normal file
|
@ -0,0 +1,5 @@
|
|||
remote-control:
|
||||
server-key-file: bad_server.key
|
||||
server-cert-file: bad_server.pem
|
||||
control-key-file: bad_control.key
|
||||
control-cert-file: bad_control.pem
|
5
testdata/09-unbound-control.tdir/conf.spoofed_credentials
vendored
Normal file
5
testdata/09-unbound-control.tdir/conf.spoofed_credentials
vendored
Normal file
|
@ -0,0 +1,5 @@
|
|||
remote-control:
|
||||
server-key-file: unbound_server.key
|
||||
server-cert-file: unbound_server.pem
|
||||
control-key-file: bad_control.key
|
||||
control-cert-file: bad_control.pem
|
181
testdata/cachedb_servfail_cname.crpl
vendored
Normal file
181
testdata/cachedb_servfail_cname.crpl
vendored
Normal file
|
@ -0,0 +1,181 @@
|
|||
; config options
|
||||
server:
|
||||
target-fetch-policy: "0 0 0 0 0"
|
||||
qname-minimisation: no
|
||||
minimal-responses: no
|
||||
;serve-expired: yes
|
||||
module-config: "cachedb iterator"
|
||||
|
||||
cachedb:
|
||||
backend: "testframe"
|
||||
secret-seed: "testvalue"
|
||||
|
||||
stub-zone:
|
||||
name: "."
|
||||
stub-addr: 193.0.14.129
|
||||
CONFIG_END
|
||||
|
||||
SCENARIO_BEGIN Test cachedb store and servfail reply from cname.
|
||||
; the servfail reply should not overwrite the cache contents.
|
||||
|
||||
; K.ROOT-SERVERS.NET.
|
||||
RANGE_BEGIN 0 100
|
||||
ADDRESS 193.0.14.129
|
||||
ENTRY_BEGIN
|
||||
MATCH opcode qtype qname
|
||||
ADJUST copy_id
|
||||
REPLY QR NOERROR
|
||||
SECTION QUESTION
|
||||
. IN NS
|
||||
SECTION ANSWER
|
||||
. IN NS K.ROOT-SERVERS.NET.
|
||||
SECTION ADDITIONAL
|
||||
K.ROOT-SERVERS.NET. IN A 193.0.14.129
|
||||
ENTRY_END
|
||||
|
||||
ENTRY_BEGIN
|
||||
MATCH opcode subdomain
|
||||
ADJUST copy_id copy_query
|
||||
REPLY QR NOERROR
|
||||
SECTION QUESTION
|
||||
com. IN NS
|
||||
SECTION AUTHORITY
|
||||
com. IN NS a.gtld-servers.net.
|
||||
SECTION ADDITIONAL
|
||||
a.gtld-servers.net. IN A 192.5.6.30
|
||||
ENTRY_END
|
||||
RANGE_END
|
||||
|
||||
; a.gtld-servers.net.
|
||||
RANGE_BEGIN 0 100
|
||||
ADDRESS 192.5.6.30
|
||||
ENTRY_BEGIN
|
||||
MATCH opcode subdomain
|
||||
ADJUST copy_id copy_query
|
||||
REPLY QR NOERROR
|
||||
SECTION QUESTION
|
||||
example.com. IN NS
|
||||
SECTION AUTHORITY
|
||||
example.com. IN NS ns2.example.com.
|
||||
SECTION ADDITIONAL
|
||||
ns2.example.com. IN A 1.2.3.5
|
||||
ENTRY_END
|
||||
|
||||
ENTRY_BEGIN
|
||||
MATCH opcode subdomain
|
||||
ADJUST copy_id copy_query
|
||||
REPLY QR NOERROR
|
||||
SECTION QUESTION
|
||||
foo.com. IN NS
|
||||
SECTION AUTHORITY
|
||||
foo.com. IN NS ns.example.com.
|
||||
ENTRY_END
|
||||
RANGE_END
|
||||
|
||||
; ns2.example.com.
|
||||
RANGE_BEGIN 0 20
|
||||
ADDRESS 1.2.3.5
|
||||
ENTRY_BEGIN
|
||||
MATCH opcode qname qtype
|
||||
REPLY QR AA NOERROR
|
||||
SECTION QUESTION
|
||||
www.example.com. IN A
|
||||
SECTION ANSWER
|
||||
www.example.com. 10 IN A 1.2.3.4
|
||||
ENTRY_END
|
||||
RANGE_END
|
||||
|
||||
; ns2.example.com., now failing
|
||||
RANGE_BEGIN 20 100
|
||||
ADDRESS 1.2.3.5
|
||||
ENTRY_BEGIN
|
||||
MATCH opcode qname qtype
|
||||
REPLY QR AA NOERROR
|
||||
SECTION QUESTION
|
||||
www.example.com. IN A
|
||||
SECTION ANSWER
|
||||
www.example.com. 10 IN CNAME foo.example.com.
|
||||
ENTRY_END
|
||||
|
||||
ENTRY_BEGIN
|
||||
MATCH opcode qname qtype
|
||||
REPLY QR AA SERVFAIL
|
||||
SECTION QUESTION
|
||||
foo.example.com. IN A
|
||||
ENTRY_END
|
||||
|
||||
ENTRY_BEGIN
|
||||
MATCH opcode qname qtype
|
||||
REPLY QR AA SERVFAIL
|
||||
SECTION QUESTION
|
||||
ns2.example.com. IN A
|
||||
SECTION ANSWER
|
||||
ENTRY_END
|
||||
|
||||
ENTRY_BEGIN
|
||||
MATCH opcode qname qtype
|
||||
REPLY QR AA SERVFAIL
|
||||
SECTION QUESTION
|
||||
ns2.example.com. IN AAAA
|
||||
SECTION ANSWER
|
||||
ENTRY_END
|
||||
RANGE_END
|
||||
|
||||
; get and entry in cache, to make it expired.
|
||||
STEP 1 QUERY
|
||||
ENTRY_BEGIN
|
||||
REPLY RD
|
||||
SECTION QUESTION
|
||||
www.example.com. IN A
|
||||
ENTRY_END
|
||||
|
||||
; get the answer for it
|
||||
STEP 10 CHECK_ANSWER
|
||||
ENTRY_BEGIN
|
||||
MATCH all
|
||||
REPLY QR RD RA NOERROR
|
||||
SECTION QUESTION
|
||||
www.example.com. IN A
|
||||
SECTION ANSWER
|
||||
www.example.com. 10 IN A 1.2.3.4
|
||||
ENTRY_END
|
||||
|
||||
; it is now expired
|
||||
STEP 20 TIME_PASSES ELAPSE 20
|
||||
|
||||
; get a servfail in cache for the destination
|
||||
STEP 30 QUERY
|
||||
ENTRY_BEGIN
|
||||
REPLY RD
|
||||
SECTION QUESTION
|
||||
foo.example.com. IN A
|
||||
ENTRY_END
|
||||
|
||||
STEP 40 CHECK_ANSWER
|
||||
ENTRY_BEGIN
|
||||
MATCH all
|
||||
REPLY QR RD RA SERVFAIL
|
||||
SECTION QUESTION
|
||||
foo.example.com. IN A
|
||||
ENTRY_END
|
||||
|
||||
; the query is now a CNAME to servfail.
|
||||
; there is a valid, but expired, entry in cache.
|
||||
STEP 50 QUERY
|
||||
ENTRY_BEGIN
|
||||
REPLY RD
|
||||
SECTION QUESTION
|
||||
www.example.com. IN A
|
||||
ENTRY_END
|
||||
|
||||
STEP 60 CHECK_ANSWER
|
||||
ENTRY_BEGIN
|
||||
MATCH all
|
||||
REPLY QR RD RA SERVFAIL
|
||||
SECTION QUESTION
|
||||
www.example.com. IN A
|
||||
SECTION ANSWER
|
||||
www.example.com. 10 IN CNAME foo.example.com.
|
||||
ENTRY_END
|
||||
|
||||
SCENARIO_END
|
6
testdata/common.sh
vendored
6
testdata/common.sh
vendored
|
@ -29,6 +29,7 @@
|
|||
# wait_server_up_or_fail: wait for server to come up or print a failure string
|
||||
# skip_test x : print message and skip test (must be called in .pre)
|
||||
# kill_pid : kill a server, make sure and wait for it to go down.
|
||||
# teststep : print the current test step in the output
|
||||
|
||||
|
||||
# print error and exit
|
||||
|
@ -272,3 +273,8 @@ set_doxygen_path () {
|
|||
fi
|
||||
}
|
||||
|
||||
# Print the current test step in the output
|
||||
teststep () {
|
||||
echo
|
||||
echo "STEP [ $1 ]"
|
||||
}
|
||||
|
|
3
testdata/fwd_0ttlservfail.rpl
vendored
3
testdata/fwd_0ttlservfail.rpl
vendored
|
@ -2,6 +2,7 @@
|
|||
; config options go here.
|
||||
server:
|
||||
serve-expired: yes
|
||||
prefetch: yes
|
||||
forward-zone: name: "." forward-addr: 216.0.0.1
|
||||
CONFIG_END
|
||||
|
||||
|
@ -45,7 +46,7 @@ SECTION ANSWER
|
|||
ENTRY_END
|
||||
|
||||
; enough to pass by the TTL of the servfail answer in cache
|
||||
STEP 50 TIME_PASSES ELAPSE 40
|
||||
STEP 50 TIME_PASSES ELAPSE 5
|
||||
|
||||
; this query triggers a prefetch
|
||||
STEP 210 QUERY
|
||||
|
|
7
testdata/pymod.tdir/pymod.py
vendored
7
testdata/pymod.tdir/pymod.py
vendored
|
@ -37,7 +37,12 @@
|
|||
import os
|
||||
|
||||
def init(id, cfg):
|
||||
log_info("pythonmod: init called, module id is %d port: %d script: %s" % (id, cfg.port, cfg.python_script))
|
||||
scripts=[]
|
||||
s = cfg.python_script
|
||||
while s != None:
|
||||
scripts.append(s.str)
|
||||
s = s.next
|
||||
log_info("pythonmod: init called, module id is %d port: %d script: %s" % (id, cfg.port, scripts))
|
||||
return True
|
||||
|
||||
def deinit(id):
|
||||
|
|
130
testdata/serve_expired_cached_servfail.rpl
vendored
Normal file
130
testdata/serve_expired_cached_servfail.rpl
vendored
Normal file
|
@ -0,0 +1,130 @@
|
|||
; config options
|
||||
server:
|
||||
module-config: "validator iterator"
|
||||
qname-minimisation: "no"
|
||||
minimal-responses: no
|
||||
serve-expired: yes
|
||||
serve-expired-reply-ttl: 123
|
||||
log-servfail: yes
|
||||
ede: yes
|
||||
ede-serve-expired: yes
|
||||
|
||||
|
||||
stub-zone:
|
||||
name: "example.com"
|
||||
stub-addr: 1.2.3.4
|
||||
CONFIG_END
|
||||
|
||||
SCENARIO_BEGIN Test serve-expired with client-timeout and a SERVFAIL upstream reply
|
||||
; Scenario overview:
|
||||
; - query for example.com. IN A
|
||||
; - answer from upstream is SERVFAIL; will be cached for NORR_TTL(5)
|
||||
; - check that the client gets the SERVFAIL; also cached
|
||||
; - query again right after the TTL expired
|
||||
; - cached SERVFAIL should be ignored and upstream queried
|
||||
; - check that we get the correct answer
|
||||
|
||||
; ns.example.com.
|
||||
RANGE_BEGIN 0 20
|
||||
ADDRESS 1.2.3.4
|
||||
; response to A query
|
||||
ENTRY_BEGIN
|
||||
MATCH opcode qtype qname
|
||||
ADJUST copy_id
|
||||
REPLY QR AA SERVFAIL
|
||||
SECTION QUESTION
|
||||
example.com. IN A
|
||||
ENTRY_END
|
||||
RANGE_END
|
||||
|
||||
; ns.example.com.
|
||||
RANGE_BEGIN 30 100
|
||||
ADDRESS 1.2.3.4
|
||||
ENTRY_BEGIN
|
||||
MATCH opcode qtype qname
|
||||
ADJUST copy_id
|
||||
REPLY QR NOERROR
|
||||
SECTION QUESTION
|
||||
example.com. 10 IN NS
|
||||
SECTION ANSWER
|
||||
example.com. 10 IN NS ns.example.com.
|
||||
SECTION ADDITIONAL
|
||||
ns.example.com. 10 IN A 1.2.3.4
|
||||
ENTRY_END
|
||||
|
||||
ENTRY_BEGIN
|
||||
MATCH opcode qtype qname
|
||||
ADJUST copy_id
|
||||
REPLY QR NOERROR
|
||||
SECTION QUESTION
|
||||
example.com. IN A
|
||||
SECTION ANSWER
|
||||
example.com. 10 IN A 5.6.7.8
|
||||
SECTION AUTHORITY
|
||||
example.com. 10 IN NS ns.example.com.
|
||||
SECTION ADDITIONAL
|
||||
ns.example.com. 10 IN A 1.2.3.4
|
||||
ENTRY_END
|
||||
RANGE_END
|
||||
|
||||
; Query with RD flag
|
||||
STEP 0 QUERY
|
||||
ENTRY_BEGIN
|
||||
REPLY RD
|
||||
SECTION QUESTION
|
||||
example.com. IN A
|
||||
ENTRY_END
|
||||
|
||||
; Check that we get the SERVFAIL (will be cached)
|
||||
STEP 10 CHECK_ANSWER
|
||||
ENTRY_BEGIN
|
||||
MATCH all
|
||||
REPLY QR RD RA SERVFAIL
|
||||
SECTION QUESTION
|
||||
example.com. IN A
|
||||
ENTRY_END
|
||||
|
||||
; Query again
|
||||
STEP 20 QUERY
|
||||
ENTRY_BEGIN
|
||||
REPLY RD
|
||||
SECTION QUESTION
|
||||
example.com. IN A
|
||||
ENTRY_END
|
||||
|
||||
; Check that we get the cached SERVFAIL
|
||||
STEP 30 CHECK_ANSWER
|
||||
ENTRY_BEGIN
|
||||
MATCH all
|
||||
REPLY QR RD RA SERVFAIL
|
||||
SECTION QUESTION
|
||||
example.com. IN A
|
||||
ENTRY_END
|
||||
|
||||
; Wait for the SERVFAIL to expire
|
||||
STEP 31 TIME_PASSES ELAPSE 6
|
||||
|
||||
; Query again
|
||||
STEP 40 QUERY
|
||||
ENTRY_BEGIN
|
||||
REPLY RD
|
||||
SECTION QUESTION
|
||||
example.com. IN A
|
||||
ENTRY_END
|
||||
|
||||
; Check that we got the correct answer
|
||||
STEP 50 CHECK_ANSWER
|
||||
ENTRY_BEGIN
|
||||
MATCH all ttl
|
||||
REPLY QR RD RA NOERROR
|
||||
SECTION QUESTION
|
||||
example.com. IN A
|
||||
SECTION ANSWER
|
||||
example.com. 10 IN A 5.6.7.8
|
||||
SECTION AUTHORITY
|
||||
example.com. 10 IN NS ns.example.com.
|
||||
SECTION ADDITIONAL
|
||||
ns.example.com. 10 IN A 1.2.3.4
|
||||
ENTRY_END
|
||||
|
||||
SCENARIO_END
|
|
@ -4,7 +4,7 @@ server:
|
|||
qname-minimisation: "no"
|
||||
minimal-responses: no
|
||||
serve-expired: yes
|
||||
serve-expired-client-timeout: 1800
|
||||
serve-expired-client-timeout: 1
|
||||
serve-expired-reply-ttl: 123
|
||||
log-servfail: yes
|
||||
ede: yes
|
||||
|
@ -32,11 +32,11 @@ RANGE_BEGIN 0 20
|
|||
ADJUST copy_id
|
||||
REPLY QR NOERROR
|
||||
SECTION QUESTION
|
||||
example.com. IN NS
|
||||
example.com. 10 IN NS
|
||||
SECTION ANSWER
|
||||
example.com. IN NS ns.example.com.
|
||||
example.com. 10 IN NS ns.example.com.
|
||||
SECTION ADDITIONAL
|
||||
ns.example.com. IN A 1.2.3.4
|
||||
ns.example.com. 10 IN A 1.2.3.4
|
||||
ENTRY_END
|
||||
|
||||
ENTRY_BEGIN
|
||||
|
@ -48,14 +48,14 @@ RANGE_BEGIN 0 20
|
|||
SECTION ANSWER
|
||||
example.com. 10 IN A 5.6.7.8
|
||||
SECTION AUTHORITY
|
||||
example.com. IN NS ns.example.com.
|
||||
example.com. 10 IN NS ns.example.com.
|
||||
SECTION ADDITIONAL
|
||||
ns.example.com. IN A 1.2.3.4
|
||||
ns.example.com. 10 IN A 1.2.3.4
|
||||
ENTRY_END
|
||||
RANGE_END
|
||||
|
||||
; ns.example.com.
|
||||
RANGE_BEGIN 30 100
|
||||
RANGE_BEGIN 30 70
|
||||
ADDRESS 1.2.3.4
|
||||
; response to A query
|
||||
ENTRY_BEGIN
|
||||
|
@ -85,13 +85,13 @@ ENTRY_BEGIN
|
|||
SECTION ANSWER
|
||||
example.com. 10 IN A 5.6.7.8
|
||||
SECTION AUTHORITY
|
||||
example.com. IN NS ns.example.com.
|
||||
example.com. 10 IN NS ns.example.com.
|
||||
SECTION ADDITIONAL
|
||||
ns.example.com. IN A 1.2.3.4
|
||||
ns.example.com. 10 IN A 1.2.3.4
|
||||
ENTRY_END
|
||||
|
||||
; Wait for the TTL to expire
|
||||
STEP 11 TIME_PASSES ELAPSE 3601
|
||||
STEP 11 TIME_PASSES ELAPSE 11
|
||||
|
||||
; Query again
|
||||
STEP 30 QUERY
|
167
testdata/subnet_cached_servfail.crpl
vendored
Normal file
167
testdata/subnet_cached_servfail.crpl
vendored
Normal file
|
@ -0,0 +1,167 @@
|
|||
; Check if an expired SERVFAIL answer stored in the global cache does not block
|
||||
; ECS queries to reach the ECS cache.
|
||||
|
||||
server:
|
||||
trust-anchor-signaling: no
|
||||
target-fetch-policy: "0 0 0 0 0"
|
||||
send-client-subnet: 1.2.3.4
|
||||
max-client-subnet-ipv4: 21
|
||||
module-config: "subnetcache iterator"
|
||||
verbosity: 3
|
||||
access-control: 127.0.0.1 allow_snoop
|
||||
qname-minimisation: no
|
||||
minimal-responses: no
|
||||
serve-expired: yes
|
||||
prefetch: yes
|
||||
|
||||
stub-zone:
|
||||
name: "example.com."
|
||||
stub-addr: 1.2.3.4
|
||||
CONFIG_END
|
||||
|
||||
SCENARIO_BEGIN Test that expired SERVFAIL in global cache does not block clients to reach the ECS cache
|
||||
|
||||
; ns.example.com.
|
||||
RANGE_BEGIN 0 10
|
||||
ADDRESS 1.2.3.4
|
||||
ENTRY_BEGIN
|
||||
MATCH opcode qtype qname
|
||||
ADJUST copy_id
|
||||
REPLY QR NOERROR
|
||||
SECTION QUESTION
|
||||
example.com. IN NS
|
||||
SECTION ANSWER
|
||||
example.com. IN NS ns.example.com.
|
||||
SECTION ADDITIONAL
|
||||
ns.example.com. IN A 1.2.3.4
|
||||
ENTRY_END
|
||||
|
||||
; response to query of interest
|
||||
ENTRY_BEGIN
|
||||
MATCH opcode qtype qname
|
||||
ADJUST copy_id
|
||||
REPLY QR SERVFAIL
|
||||
SECTION QUESTION
|
||||
www.example.com. IN A
|
||||
ENTRY_END
|
||||
RANGE_END
|
||||
|
||||
; ns.example.com.
|
||||
RANGE_BEGIN 11 100
|
||||
ADDRESS 1.2.3.4
|
||||
ENTRY_BEGIN
|
||||
MATCH opcode qtype qname
|
||||
ADJUST copy_id
|
||||
REPLY QR NOERROR
|
||||
SECTION QUESTION
|
||||
example.com. IN NS
|
||||
SECTION ANSWER
|
||||
example.com. IN NS ns.example.com.
|
||||
SECTION ADDITIONAL
|
||||
ns.example.com. IN A 1.2.3.4
|
||||
ENTRY_END
|
||||
|
||||
; response to query of interest
|
||||
ENTRY_BEGIN
|
||||
MATCH opcode qtype qname ednsdata
|
||||
ADJUST copy_id copy_ednsdata_assume_clientsubnet
|
||||
REPLY QR NOERROR
|
||||
SECTION QUESTION
|
||||
www.example.com. IN A
|
||||
SECTION ANSWER
|
||||
www.example.com. 10 IN A 10.20.30.40
|
||||
SECTION AUTHORITY
|
||||
example.com. IN NS ns.example.com.
|
||||
SECTION ADDITIONAL
|
||||
HEX_EDNSDATA_BEGIN
|
||||
; client is 127.0.0.1
|
||||
00 08 ; OPC
|
||||
00 05 ; option length
|
||||
00 01 ; Family
|
||||
08 00 ; source mask, scopemask
|
||||
7f ; address
|
||||
HEX_EDNSDATA_END
|
||||
ns.example.com. IN A 1.2.3.4
|
||||
ENTRY_END
|
||||
RANGE_END
|
||||
|
||||
STEP 1 QUERY
|
||||
ENTRY_BEGIN
|
||||
REPLY RD
|
||||
SECTION QUESTION
|
||||
www.example.com. IN A
|
||||
ENTRY_END
|
||||
|
||||
; This answer should be in the global cache
|
||||
STEP 2 CHECK_ANSWER
|
||||
ENTRY_BEGIN
|
||||
MATCH all
|
||||
REPLY QR RD RA SERVFAIL
|
||||
SECTION QUESTION
|
||||
www.example.com. IN A
|
||||
ENTRY_END
|
||||
|
||||
; Bring the cached SERVFAIL to prefetch time
|
||||
STEP 10 TIME_PASSES ELAPSE 5
|
||||
|
||||
STEP 11 QUERY
|
||||
ENTRY_BEGIN
|
||||
REPLY RD DO
|
||||
SECTION QUESTION
|
||||
www.example.com. IN A
|
||||
SECTION ADDITIONAL
|
||||
HEX_EDNSDATA_BEGIN
|
||||
00 08 00 05 ; OPC, optlen
|
||||
00 01 08 00 ; ip4, source 8, scope 0
|
||||
7f ; 127.0.0.0/8
|
||||
HEX_EDNSDATA_END
|
||||
ENTRY_END
|
||||
|
||||
; This answer was cached but a prefetch was triggerred
|
||||
STEP 12 CHECK_ANSWER
|
||||
ENTRY_BEGIN
|
||||
MATCH opcode qtype qname
|
||||
REPLY QR RD RA SERVFAIL
|
||||
SECTION QUESTION
|
||||
www.example.com. IN A
|
||||
ENTRY_END
|
||||
|
||||
; Wait for the SERVFAIL to expire
|
||||
STEP 13 TIME_PASSES ELAPSE 2
|
||||
|
||||
; Query again to verify that the record was prefetched and stored in the ECS
|
||||
; cache (because the server replied with ECS this time)
|
||||
STEP 14 QUERY
|
||||
ENTRY_BEGIN
|
||||
REPLY RD DO
|
||||
SECTION QUESTION
|
||||
www.example.com. IN A
|
||||
SECTION ADDITIONAL
|
||||
HEX_EDNSDATA_BEGIN
|
||||
00 08 00 05 ; OPC, optlen
|
||||
00 01 08 00 ; ip4, source 8, scope 0
|
||||
7f ; 127.0.0.0/8
|
||||
HEX_EDNSDATA_END
|
||||
ENTRY_END
|
||||
|
||||
; This record came from the ECS cache
|
||||
STEP 15 CHECK_ANSWER
|
||||
ENTRY_BEGIN
|
||||
MATCH all ttl
|
||||
REPLY QR RD RA DO NOERROR
|
||||
SECTION QUESTION
|
||||
www.example.com. IN A
|
||||
SECTION ANSWER
|
||||
www.example.com. 8 IN A 10.20.30.40
|
||||
SECTION AUTHORITY
|
||||
example.com. 3598 IN NS ns.example.com.
|
||||
SECTION ADDITIONAL
|
||||
HEX_EDNSDATA_BEGIN
|
||||
00 08 00 05 ; OPC, optlen
|
||||
00 01 08 08 ; ip4, source 8, scope 0
|
||||
7f ; 127.0.0.0/8
|
||||
HEX_EDNSDATA_END
|
||||
ns.example.com. 3598 IN A 1.2.3.4
|
||||
ENTRY_END
|
||||
|
||||
SCENARIO_END
|
|
@ -99,6 +99,7 @@ config_create(void)
|
|||
cfg->stat_interval = 0;
|
||||
cfg->stat_cumulative = 0;
|
||||
cfg->stat_extended = 0;
|
||||
cfg->stat_inhibit_zero = 1;
|
||||
cfg->num_threads = 1;
|
||||
cfg->port = UNBOUND_DNS_PORT;
|
||||
cfg->do_ip4 = 1;
|
||||
|
@ -336,6 +337,8 @@ config_create(void)
|
|||
cfg->ip_ratelimit_backoff = 0;
|
||||
cfg->ratelimit_backoff = 0;
|
||||
cfg->outbound_msg_retry = 5;
|
||||
cfg->max_sent_count = 32;
|
||||
cfg->max_query_restarts = 11;
|
||||
cfg->qname_minimisation = 1;
|
||||
cfg->qname_minimisation_strict = 0;
|
||||
cfg->shm_enable = 0;
|
||||
|
@ -516,6 +519,7 @@ int config_set_option(struct config_file* cfg, const char* opt,
|
|||
else S_YNO("use-syslog:", use_syslog)
|
||||
else S_STR("log-identity:", log_identity)
|
||||
else S_YNO("extended-statistics:", stat_extended)
|
||||
else S_YNO("statistics-inhibit-zero:", stat_inhibit_zero)
|
||||
else S_YNO("statistics-cumulative:", stat_cumulative)
|
||||
else S_YNO("shm-enable:", shm_enable)
|
||||
else S_NUMBER_OR_ZERO("shm-key:", shm_key)
|
||||
|
@ -778,6 +782,8 @@ int config_set_option(struct config_file* cfg, const char* opt,
|
|||
else S_YNO("ip-ratelimit-backoff:", ip_ratelimit_backoff)
|
||||
else S_YNO("ratelimit-backoff:", ratelimit_backoff)
|
||||
else S_NUMBER_NONZERO("outbound-msg-retry:", outbound_msg_retry)
|
||||
else S_NUMBER_NONZERO("max-sent-count:", max_sent_count)
|
||||
else S_NUMBER_NONZERO("max-query-restarts:", max_query_restarts)
|
||||
else S_SIZET_NONZERO("fast-server-num:", fast_server_num)
|
||||
else S_NUMBER_OR_ZERO("fast-server-permil:", fast_server_permil)
|
||||
else S_YNO("qname-minimisation:", qname_minimisation)
|
||||
|
@ -996,6 +1002,7 @@ config_get_option(struct config_file* cfg, const char* opt,
|
|||
else O_DEC(opt, "statistics-interval", stat_interval)
|
||||
else O_YNO(opt, "statistics-cumulative", stat_cumulative)
|
||||
else O_YNO(opt, "extended-statistics", stat_extended)
|
||||
else O_YNO(opt, "statistics-inhibit-zero", stat_inhibit_zero)
|
||||
else O_YNO(opt, "shm-enable", shm_enable)
|
||||
else O_DEC(opt, "shm-key", shm_key)
|
||||
else O_YNO(opt, "use-syslog", use_syslog)
|
||||
|
@ -1238,6 +1245,8 @@ config_get_option(struct config_file* cfg, const char* opt,
|
|||
else O_YNO(opt, "ip-ratelimit-backoff", ip_ratelimit_backoff)
|
||||
else O_YNO(opt, "ratelimit-backoff", ratelimit_backoff)
|
||||
else O_UNS(opt, "outbound-msg-retry", outbound_msg_retry)
|
||||
else O_UNS(opt, "max-sent-count", max_sent_count)
|
||||
else O_UNS(opt, "max-query-restarts", max_query_restarts)
|
||||
else O_DEC(opt, "fast-server-num", fast_server_num)
|
||||
else O_DEC(opt, "fast-server-permil", fast_server_permil)
|
||||
else O_DEC(opt, "val-sig-skew-min", val_sig_skew_min)
|
||||
|
|
|
@ -76,6 +76,8 @@ struct config_file {
|
|||
int stat_cumulative;
|
||||
/** if true, the statistics are kept in greater detail */
|
||||
int stat_extended;
|
||||
/** if true, inhibits a lot of =0 lines from the extended stats output */
|
||||
int stat_inhibit_zero;
|
||||
|
||||
/** number of threads to create */
|
||||
int num_threads;
|
||||
|
@ -608,6 +610,11 @@ struct config_file {
|
|||
|
||||
/** number of retries on outgoing queries */
|
||||
int outbound_msg_retry;
|
||||
/** max sent queries per qstate; resets on query restarts (e.g.,
|
||||
* CNAMES) and referrals */
|
||||
int max_sent_count;
|
||||
/** max number of query restarts; determines max length of CNAME chain */
|
||||
int max_query_restarts;
|
||||
/** minimise outgoing QNAME and hide original QTYPE if possible */
|
||||
int qname_minimisation;
|
||||
/** minimise QNAME in strict mode, minimise according to RFC.
|
||||
|
|
6837
util/configlexer.c
6837
util/configlexer.c
File diff suppressed because it is too large
Load diff
|
@ -438,6 +438,7 @@ insecure-lan-zones{COLON} { YDVAR(1, VAR_INSECURE_LAN_ZONES) }
|
|||
statistics-interval{COLON} { YDVAR(1, VAR_STATISTICS_INTERVAL) }
|
||||
statistics-cumulative{COLON} { YDVAR(1, VAR_STATISTICS_CUMULATIVE) }
|
||||
extended-statistics{COLON} { YDVAR(1, VAR_EXTENDED_STATISTICS) }
|
||||
statistics-inhibit-zero{COLON} { YDVAR(1, VAR_STATISTICS_INHIBIT_ZERO) }
|
||||
shm-enable{COLON} { YDVAR(1, VAR_SHM_ENABLE) }
|
||||
shm-key{COLON} { YDVAR(1, VAR_SHM_KEY) }
|
||||
remote-control{COLON} { YDVAR(0, VAR_REMOTE_CONTROL) }
|
||||
|
@ -514,6 +515,8 @@ ratelimit-factor{COLON} { YDVAR(1, VAR_RATELIMIT_FACTOR) }
|
|||
ip-ratelimit-backoff{COLON} { YDVAR(1, VAR_IP_RATELIMIT_BACKOFF) }
|
||||
ratelimit-backoff{COLON} { YDVAR(1, VAR_RATELIMIT_BACKOFF) }
|
||||
outbound-msg-retry{COLON} { YDVAR(1, VAR_OUTBOUND_MSG_RETRY) }
|
||||
max-sent-count{COLON} { YDVAR(1, VAR_MAX_SENT_COUNT) }
|
||||
max-query-restarts{COLON} { YDVAR(1, VAR_MAX_QUERY_RESTARTS) }
|
||||
low-rtt{COLON} { YDVAR(1, VAR_LOW_RTT) }
|
||||
fast-server-num{COLON} { YDVAR(1, VAR_FAST_SERVER_NUM) }
|
||||
low-rtt-pct{COLON} { YDVAR(1, VAR_FAST_SERVER_PERMIL) }
|
||||
|
|
4118
util/configparser.c
4118
util/configparser.c
File diff suppressed because it is too large
Load diff
|
@ -254,137 +254,140 @@ extern int yydebug;
|
|||
VAR_RATELIMIT_SLABS = 455, /* VAR_RATELIMIT_SLABS */
|
||||
VAR_RATELIMIT_SIZE = 456, /* VAR_RATELIMIT_SIZE */
|
||||
VAR_OUTBOUND_MSG_RETRY = 457, /* VAR_OUTBOUND_MSG_RETRY */
|
||||
VAR_RATELIMIT_FOR_DOMAIN = 458, /* VAR_RATELIMIT_FOR_DOMAIN */
|
||||
VAR_RATELIMIT_BELOW_DOMAIN = 459, /* VAR_RATELIMIT_BELOW_DOMAIN */
|
||||
VAR_IP_RATELIMIT_FACTOR = 460, /* VAR_IP_RATELIMIT_FACTOR */
|
||||
VAR_RATELIMIT_FACTOR = 461, /* VAR_RATELIMIT_FACTOR */
|
||||
VAR_IP_RATELIMIT_BACKOFF = 462, /* VAR_IP_RATELIMIT_BACKOFF */
|
||||
VAR_RATELIMIT_BACKOFF = 463, /* VAR_RATELIMIT_BACKOFF */
|
||||
VAR_SEND_CLIENT_SUBNET = 464, /* VAR_SEND_CLIENT_SUBNET */
|
||||
VAR_CLIENT_SUBNET_ZONE = 465, /* VAR_CLIENT_SUBNET_ZONE */
|
||||
VAR_CLIENT_SUBNET_ALWAYS_FORWARD = 466, /* VAR_CLIENT_SUBNET_ALWAYS_FORWARD */
|
||||
VAR_CLIENT_SUBNET_OPCODE = 467, /* VAR_CLIENT_SUBNET_OPCODE */
|
||||
VAR_MAX_CLIENT_SUBNET_IPV4 = 468, /* VAR_MAX_CLIENT_SUBNET_IPV4 */
|
||||
VAR_MAX_CLIENT_SUBNET_IPV6 = 469, /* VAR_MAX_CLIENT_SUBNET_IPV6 */
|
||||
VAR_MIN_CLIENT_SUBNET_IPV4 = 470, /* VAR_MIN_CLIENT_SUBNET_IPV4 */
|
||||
VAR_MIN_CLIENT_SUBNET_IPV6 = 471, /* VAR_MIN_CLIENT_SUBNET_IPV6 */
|
||||
VAR_MAX_ECS_TREE_SIZE_IPV4 = 472, /* VAR_MAX_ECS_TREE_SIZE_IPV4 */
|
||||
VAR_MAX_ECS_TREE_SIZE_IPV6 = 473, /* VAR_MAX_ECS_TREE_SIZE_IPV6 */
|
||||
VAR_CAPS_WHITELIST = 474, /* VAR_CAPS_WHITELIST */
|
||||
VAR_CACHE_MAX_NEGATIVE_TTL = 475, /* VAR_CACHE_MAX_NEGATIVE_TTL */
|
||||
VAR_PERMIT_SMALL_HOLDDOWN = 476, /* VAR_PERMIT_SMALL_HOLDDOWN */
|
||||
VAR_QNAME_MINIMISATION = 477, /* VAR_QNAME_MINIMISATION */
|
||||
VAR_QNAME_MINIMISATION_STRICT = 478, /* VAR_QNAME_MINIMISATION_STRICT */
|
||||
VAR_IP_FREEBIND = 479, /* VAR_IP_FREEBIND */
|
||||
VAR_DEFINE_TAG = 480, /* VAR_DEFINE_TAG */
|
||||
VAR_LOCAL_ZONE_TAG = 481, /* VAR_LOCAL_ZONE_TAG */
|
||||
VAR_ACCESS_CONTROL_TAG = 482, /* VAR_ACCESS_CONTROL_TAG */
|
||||
VAR_LOCAL_ZONE_OVERRIDE = 483, /* VAR_LOCAL_ZONE_OVERRIDE */
|
||||
VAR_ACCESS_CONTROL_TAG_ACTION = 484, /* VAR_ACCESS_CONTROL_TAG_ACTION */
|
||||
VAR_ACCESS_CONTROL_TAG_DATA = 485, /* VAR_ACCESS_CONTROL_TAG_DATA */
|
||||
VAR_VIEW = 486, /* VAR_VIEW */
|
||||
VAR_ACCESS_CONTROL_VIEW = 487, /* VAR_ACCESS_CONTROL_VIEW */
|
||||
VAR_VIEW_FIRST = 488, /* VAR_VIEW_FIRST */
|
||||
VAR_SERVE_EXPIRED = 489, /* VAR_SERVE_EXPIRED */
|
||||
VAR_SERVE_EXPIRED_TTL = 490, /* VAR_SERVE_EXPIRED_TTL */
|
||||
VAR_SERVE_EXPIRED_TTL_RESET = 491, /* VAR_SERVE_EXPIRED_TTL_RESET */
|
||||
VAR_SERVE_EXPIRED_REPLY_TTL = 492, /* VAR_SERVE_EXPIRED_REPLY_TTL */
|
||||
VAR_SERVE_EXPIRED_CLIENT_TIMEOUT = 493, /* VAR_SERVE_EXPIRED_CLIENT_TIMEOUT */
|
||||
VAR_EDE_SERVE_EXPIRED = 494, /* VAR_EDE_SERVE_EXPIRED */
|
||||
VAR_SERVE_ORIGINAL_TTL = 495, /* VAR_SERVE_ORIGINAL_TTL */
|
||||
VAR_FAKE_DSA = 496, /* VAR_FAKE_DSA */
|
||||
VAR_FAKE_SHA1 = 497, /* VAR_FAKE_SHA1 */
|
||||
VAR_LOG_IDENTITY = 498, /* VAR_LOG_IDENTITY */
|
||||
VAR_HIDE_TRUSTANCHOR = 499, /* VAR_HIDE_TRUSTANCHOR */
|
||||
VAR_HIDE_HTTP_USER_AGENT = 500, /* VAR_HIDE_HTTP_USER_AGENT */
|
||||
VAR_HTTP_USER_AGENT = 501, /* VAR_HTTP_USER_AGENT */
|
||||
VAR_TRUST_ANCHOR_SIGNALING = 502, /* VAR_TRUST_ANCHOR_SIGNALING */
|
||||
VAR_AGGRESSIVE_NSEC = 503, /* VAR_AGGRESSIVE_NSEC */
|
||||
VAR_USE_SYSTEMD = 504, /* VAR_USE_SYSTEMD */
|
||||
VAR_SHM_ENABLE = 505, /* VAR_SHM_ENABLE */
|
||||
VAR_SHM_KEY = 506, /* VAR_SHM_KEY */
|
||||
VAR_ROOT_KEY_SENTINEL = 507, /* VAR_ROOT_KEY_SENTINEL */
|
||||
VAR_DNSCRYPT = 508, /* VAR_DNSCRYPT */
|
||||
VAR_DNSCRYPT_ENABLE = 509, /* VAR_DNSCRYPT_ENABLE */
|
||||
VAR_DNSCRYPT_PORT = 510, /* VAR_DNSCRYPT_PORT */
|
||||
VAR_DNSCRYPT_PROVIDER = 511, /* VAR_DNSCRYPT_PROVIDER */
|
||||
VAR_DNSCRYPT_SECRET_KEY = 512, /* VAR_DNSCRYPT_SECRET_KEY */
|
||||
VAR_DNSCRYPT_PROVIDER_CERT = 513, /* VAR_DNSCRYPT_PROVIDER_CERT */
|
||||
VAR_DNSCRYPT_PROVIDER_CERT_ROTATED = 514, /* VAR_DNSCRYPT_PROVIDER_CERT_ROTATED */
|
||||
VAR_DNSCRYPT_SHARED_SECRET_CACHE_SIZE = 515, /* VAR_DNSCRYPT_SHARED_SECRET_CACHE_SIZE */
|
||||
VAR_DNSCRYPT_SHARED_SECRET_CACHE_SLABS = 516, /* VAR_DNSCRYPT_SHARED_SECRET_CACHE_SLABS */
|
||||
VAR_DNSCRYPT_NONCE_CACHE_SIZE = 517, /* VAR_DNSCRYPT_NONCE_CACHE_SIZE */
|
||||
VAR_DNSCRYPT_NONCE_CACHE_SLABS = 518, /* VAR_DNSCRYPT_NONCE_CACHE_SLABS */
|
||||
VAR_PAD_RESPONSES = 519, /* VAR_PAD_RESPONSES */
|
||||
VAR_PAD_RESPONSES_BLOCK_SIZE = 520, /* VAR_PAD_RESPONSES_BLOCK_SIZE */
|
||||
VAR_PAD_QUERIES = 521, /* VAR_PAD_QUERIES */
|
||||
VAR_PAD_QUERIES_BLOCK_SIZE = 522, /* VAR_PAD_QUERIES_BLOCK_SIZE */
|
||||
VAR_IPSECMOD_ENABLED = 523, /* VAR_IPSECMOD_ENABLED */
|
||||
VAR_IPSECMOD_HOOK = 524, /* VAR_IPSECMOD_HOOK */
|
||||
VAR_IPSECMOD_IGNORE_BOGUS = 525, /* VAR_IPSECMOD_IGNORE_BOGUS */
|
||||
VAR_IPSECMOD_MAX_TTL = 526, /* VAR_IPSECMOD_MAX_TTL */
|
||||
VAR_IPSECMOD_WHITELIST = 527, /* VAR_IPSECMOD_WHITELIST */
|
||||
VAR_IPSECMOD_STRICT = 528, /* VAR_IPSECMOD_STRICT */
|
||||
VAR_CACHEDB = 529, /* VAR_CACHEDB */
|
||||
VAR_CACHEDB_BACKEND = 530, /* VAR_CACHEDB_BACKEND */
|
||||
VAR_CACHEDB_SECRETSEED = 531, /* VAR_CACHEDB_SECRETSEED */
|
||||
VAR_CACHEDB_REDISHOST = 532, /* VAR_CACHEDB_REDISHOST */
|
||||
VAR_CACHEDB_REDISPORT = 533, /* VAR_CACHEDB_REDISPORT */
|
||||
VAR_CACHEDB_REDISTIMEOUT = 534, /* VAR_CACHEDB_REDISTIMEOUT */
|
||||
VAR_CACHEDB_REDISEXPIRERECORDS = 535, /* VAR_CACHEDB_REDISEXPIRERECORDS */
|
||||
VAR_UDP_UPSTREAM_WITHOUT_DOWNSTREAM = 536, /* VAR_UDP_UPSTREAM_WITHOUT_DOWNSTREAM */
|
||||
VAR_FOR_UPSTREAM = 537, /* VAR_FOR_UPSTREAM */
|
||||
VAR_AUTH_ZONE = 538, /* VAR_AUTH_ZONE */
|
||||
VAR_ZONEFILE = 539, /* VAR_ZONEFILE */
|
||||
VAR_MASTER = 540, /* VAR_MASTER */
|
||||
VAR_URL = 541, /* VAR_URL */
|
||||
VAR_FOR_DOWNSTREAM = 542, /* VAR_FOR_DOWNSTREAM */
|
||||
VAR_FALLBACK_ENABLED = 543, /* VAR_FALLBACK_ENABLED */
|
||||
VAR_TLS_ADDITIONAL_PORT = 544, /* VAR_TLS_ADDITIONAL_PORT */
|
||||
VAR_LOW_RTT = 545, /* VAR_LOW_RTT */
|
||||
VAR_LOW_RTT_PERMIL = 546, /* VAR_LOW_RTT_PERMIL */
|
||||
VAR_FAST_SERVER_PERMIL = 547, /* VAR_FAST_SERVER_PERMIL */
|
||||
VAR_FAST_SERVER_NUM = 548, /* VAR_FAST_SERVER_NUM */
|
||||
VAR_ALLOW_NOTIFY = 549, /* VAR_ALLOW_NOTIFY */
|
||||
VAR_TLS_WIN_CERT = 550, /* VAR_TLS_WIN_CERT */
|
||||
VAR_TCP_CONNECTION_LIMIT = 551, /* VAR_TCP_CONNECTION_LIMIT */
|
||||
VAR_FORWARD_NO_CACHE = 552, /* VAR_FORWARD_NO_CACHE */
|
||||
VAR_STUB_NO_CACHE = 553, /* VAR_STUB_NO_CACHE */
|
||||
VAR_LOG_SERVFAIL = 554, /* VAR_LOG_SERVFAIL */
|
||||
VAR_DENY_ANY = 555, /* VAR_DENY_ANY */
|
||||
VAR_UNKNOWN_SERVER_TIME_LIMIT = 556, /* VAR_UNKNOWN_SERVER_TIME_LIMIT */
|
||||
VAR_LOG_TAG_QUERYREPLY = 557, /* VAR_LOG_TAG_QUERYREPLY */
|
||||
VAR_STREAM_WAIT_SIZE = 558, /* VAR_STREAM_WAIT_SIZE */
|
||||
VAR_TLS_CIPHERS = 559, /* VAR_TLS_CIPHERS */
|
||||
VAR_TLS_CIPHERSUITES = 560, /* VAR_TLS_CIPHERSUITES */
|
||||
VAR_TLS_USE_SNI = 561, /* VAR_TLS_USE_SNI */
|
||||
VAR_IPSET = 562, /* VAR_IPSET */
|
||||
VAR_IPSET_NAME_V4 = 563, /* VAR_IPSET_NAME_V4 */
|
||||
VAR_IPSET_NAME_V6 = 564, /* VAR_IPSET_NAME_V6 */
|
||||
VAR_TLS_SESSION_TICKET_KEYS = 565, /* VAR_TLS_SESSION_TICKET_KEYS */
|
||||
VAR_RPZ = 566, /* VAR_RPZ */
|
||||
VAR_TAGS = 567, /* VAR_TAGS */
|
||||
VAR_RPZ_ACTION_OVERRIDE = 568, /* VAR_RPZ_ACTION_OVERRIDE */
|
||||
VAR_RPZ_CNAME_OVERRIDE = 569, /* VAR_RPZ_CNAME_OVERRIDE */
|
||||
VAR_RPZ_LOG = 570, /* VAR_RPZ_LOG */
|
||||
VAR_RPZ_LOG_NAME = 571, /* VAR_RPZ_LOG_NAME */
|
||||
VAR_DYNLIB = 572, /* VAR_DYNLIB */
|
||||
VAR_DYNLIB_FILE = 573, /* VAR_DYNLIB_FILE */
|
||||
VAR_EDNS_CLIENT_STRING = 574, /* VAR_EDNS_CLIENT_STRING */
|
||||
VAR_EDNS_CLIENT_STRING_OPCODE = 575, /* VAR_EDNS_CLIENT_STRING_OPCODE */
|
||||
VAR_NSID = 576, /* VAR_NSID */
|
||||
VAR_ZONEMD_PERMISSIVE_MODE = 577, /* VAR_ZONEMD_PERMISSIVE_MODE */
|
||||
VAR_ZONEMD_CHECK = 578, /* VAR_ZONEMD_CHECK */
|
||||
VAR_ZONEMD_REJECT_ABSENCE = 579, /* VAR_ZONEMD_REJECT_ABSENCE */
|
||||
VAR_RPZ_SIGNAL_NXDOMAIN_RA = 580, /* VAR_RPZ_SIGNAL_NXDOMAIN_RA */
|
||||
VAR_INTERFACE_AUTOMATIC_PORTS = 581, /* VAR_INTERFACE_AUTOMATIC_PORTS */
|
||||
VAR_EDE = 582, /* VAR_EDE */
|
||||
VAR_INTERFACE_ACTION = 583, /* VAR_INTERFACE_ACTION */
|
||||
VAR_INTERFACE_VIEW = 584, /* VAR_INTERFACE_VIEW */
|
||||
VAR_INTERFACE_TAG = 585, /* VAR_INTERFACE_TAG */
|
||||
VAR_INTERFACE_TAG_ACTION = 586, /* VAR_INTERFACE_TAG_ACTION */
|
||||
VAR_INTERFACE_TAG_DATA = 587, /* VAR_INTERFACE_TAG_DATA */
|
||||
VAR_PROXY_PROTOCOL_PORT = 588 /* VAR_PROXY_PROTOCOL_PORT */
|
||||
VAR_MAX_SENT_COUNT = 458, /* VAR_MAX_SENT_COUNT */
|
||||
VAR_MAX_QUERY_RESTARTS = 459, /* VAR_MAX_QUERY_RESTARTS */
|
||||
VAR_RATELIMIT_FOR_DOMAIN = 460, /* VAR_RATELIMIT_FOR_DOMAIN */
|
||||
VAR_RATELIMIT_BELOW_DOMAIN = 461, /* VAR_RATELIMIT_BELOW_DOMAIN */
|
||||
VAR_IP_RATELIMIT_FACTOR = 462, /* VAR_IP_RATELIMIT_FACTOR */
|
||||
VAR_RATELIMIT_FACTOR = 463, /* VAR_RATELIMIT_FACTOR */
|
||||
VAR_IP_RATELIMIT_BACKOFF = 464, /* VAR_IP_RATELIMIT_BACKOFF */
|
||||
VAR_RATELIMIT_BACKOFF = 465, /* VAR_RATELIMIT_BACKOFF */
|
||||
VAR_SEND_CLIENT_SUBNET = 466, /* VAR_SEND_CLIENT_SUBNET */
|
||||
VAR_CLIENT_SUBNET_ZONE = 467, /* VAR_CLIENT_SUBNET_ZONE */
|
||||
VAR_CLIENT_SUBNET_ALWAYS_FORWARD = 468, /* VAR_CLIENT_SUBNET_ALWAYS_FORWARD */
|
||||
VAR_CLIENT_SUBNET_OPCODE = 469, /* VAR_CLIENT_SUBNET_OPCODE */
|
||||
VAR_MAX_CLIENT_SUBNET_IPV4 = 470, /* VAR_MAX_CLIENT_SUBNET_IPV4 */
|
||||
VAR_MAX_CLIENT_SUBNET_IPV6 = 471, /* VAR_MAX_CLIENT_SUBNET_IPV6 */
|
||||
VAR_MIN_CLIENT_SUBNET_IPV4 = 472, /* VAR_MIN_CLIENT_SUBNET_IPV4 */
|
||||
VAR_MIN_CLIENT_SUBNET_IPV6 = 473, /* VAR_MIN_CLIENT_SUBNET_IPV6 */
|
||||
VAR_MAX_ECS_TREE_SIZE_IPV4 = 474, /* VAR_MAX_ECS_TREE_SIZE_IPV4 */
|
||||
VAR_MAX_ECS_TREE_SIZE_IPV6 = 475, /* VAR_MAX_ECS_TREE_SIZE_IPV6 */
|
||||
VAR_CAPS_WHITELIST = 476, /* VAR_CAPS_WHITELIST */
|
||||
VAR_CACHE_MAX_NEGATIVE_TTL = 477, /* VAR_CACHE_MAX_NEGATIVE_TTL */
|
||||
VAR_PERMIT_SMALL_HOLDDOWN = 478, /* VAR_PERMIT_SMALL_HOLDDOWN */
|
||||
VAR_QNAME_MINIMISATION = 479, /* VAR_QNAME_MINIMISATION */
|
||||
VAR_QNAME_MINIMISATION_STRICT = 480, /* VAR_QNAME_MINIMISATION_STRICT */
|
||||
VAR_IP_FREEBIND = 481, /* VAR_IP_FREEBIND */
|
||||
VAR_DEFINE_TAG = 482, /* VAR_DEFINE_TAG */
|
||||
VAR_LOCAL_ZONE_TAG = 483, /* VAR_LOCAL_ZONE_TAG */
|
||||
VAR_ACCESS_CONTROL_TAG = 484, /* VAR_ACCESS_CONTROL_TAG */
|
||||
VAR_LOCAL_ZONE_OVERRIDE = 485, /* VAR_LOCAL_ZONE_OVERRIDE */
|
||||
VAR_ACCESS_CONTROL_TAG_ACTION = 486, /* VAR_ACCESS_CONTROL_TAG_ACTION */
|
||||
VAR_ACCESS_CONTROL_TAG_DATA = 487, /* VAR_ACCESS_CONTROL_TAG_DATA */
|
||||
VAR_VIEW = 488, /* VAR_VIEW */
|
||||
VAR_ACCESS_CONTROL_VIEW = 489, /* VAR_ACCESS_CONTROL_VIEW */
|
||||
VAR_VIEW_FIRST = 490, /* VAR_VIEW_FIRST */
|
||||
VAR_SERVE_EXPIRED = 491, /* VAR_SERVE_EXPIRED */
|
||||
VAR_SERVE_EXPIRED_TTL = 492, /* VAR_SERVE_EXPIRED_TTL */
|
||||
VAR_SERVE_EXPIRED_TTL_RESET = 493, /* VAR_SERVE_EXPIRED_TTL_RESET */
|
||||
VAR_SERVE_EXPIRED_REPLY_TTL = 494, /* VAR_SERVE_EXPIRED_REPLY_TTL */
|
||||
VAR_SERVE_EXPIRED_CLIENT_TIMEOUT = 495, /* VAR_SERVE_EXPIRED_CLIENT_TIMEOUT */
|
||||
VAR_EDE_SERVE_EXPIRED = 496, /* VAR_EDE_SERVE_EXPIRED */
|
||||
VAR_SERVE_ORIGINAL_TTL = 497, /* VAR_SERVE_ORIGINAL_TTL */
|
||||
VAR_FAKE_DSA = 498, /* VAR_FAKE_DSA */
|
||||
VAR_FAKE_SHA1 = 499, /* VAR_FAKE_SHA1 */
|
||||
VAR_LOG_IDENTITY = 500, /* VAR_LOG_IDENTITY */
|
||||
VAR_HIDE_TRUSTANCHOR = 501, /* VAR_HIDE_TRUSTANCHOR */
|
||||
VAR_HIDE_HTTP_USER_AGENT = 502, /* VAR_HIDE_HTTP_USER_AGENT */
|
||||
VAR_HTTP_USER_AGENT = 503, /* VAR_HTTP_USER_AGENT */
|
||||
VAR_TRUST_ANCHOR_SIGNALING = 504, /* VAR_TRUST_ANCHOR_SIGNALING */
|
||||
VAR_AGGRESSIVE_NSEC = 505, /* VAR_AGGRESSIVE_NSEC */
|
||||
VAR_USE_SYSTEMD = 506, /* VAR_USE_SYSTEMD */
|
||||
VAR_SHM_ENABLE = 507, /* VAR_SHM_ENABLE */
|
||||
VAR_SHM_KEY = 508, /* VAR_SHM_KEY */
|
||||
VAR_ROOT_KEY_SENTINEL = 509, /* VAR_ROOT_KEY_SENTINEL */
|
||||
VAR_DNSCRYPT = 510, /* VAR_DNSCRYPT */
|
||||
VAR_DNSCRYPT_ENABLE = 511, /* VAR_DNSCRYPT_ENABLE */
|
||||
VAR_DNSCRYPT_PORT = 512, /* VAR_DNSCRYPT_PORT */
|
||||
VAR_DNSCRYPT_PROVIDER = 513, /* VAR_DNSCRYPT_PROVIDER */
|
||||
VAR_DNSCRYPT_SECRET_KEY = 514, /* VAR_DNSCRYPT_SECRET_KEY */
|
||||
VAR_DNSCRYPT_PROVIDER_CERT = 515, /* VAR_DNSCRYPT_PROVIDER_CERT */
|
||||
VAR_DNSCRYPT_PROVIDER_CERT_ROTATED = 516, /* VAR_DNSCRYPT_PROVIDER_CERT_ROTATED */
|
||||
VAR_DNSCRYPT_SHARED_SECRET_CACHE_SIZE = 517, /* VAR_DNSCRYPT_SHARED_SECRET_CACHE_SIZE */
|
||||
VAR_DNSCRYPT_SHARED_SECRET_CACHE_SLABS = 518, /* VAR_DNSCRYPT_SHARED_SECRET_CACHE_SLABS */
|
||||
VAR_DNSCRYPT_NONCE_CACHE_SIZE = 519, /* VAR_DNSCRYPT_NONCE_CACHE_SIZE */
|
||||
VAR_DNSCRYPT_NONCE_CACHE_SLABS = 520, /* VAR_DNSCRYPT_NONCE_CACHE_SLABS */
|
||||
VAR_PAD_RESPONSES = 521, /* VAR_PAD_RESPONSES */
|
||||
VAR_PAD_RESPONSES_BLOCK_SIZE = 522, /* VAR_PAD_RESPONSES_BLOCK_SIZE */
|
||||
VAR_PAD_QUERIES = 523, /* VAR_PAD_QUERIES */
|
||||
VAR_PAD_QUERIES_BLOCK_SIZE = 524, /* VAR_PAD_QUERIES_BLOCK_SIZE */
|
||||
VAR_IPSECMOD_ENABLED = 525, /* VAR_IPSECMOD_ENABLED */
|
||||
VAR_IPSECMOD_HOOK = 526, /* VAR_IPSECMOD_HOOK */
|
||||
VAR_IPSECMOD_IGNORE_BOGUS = 527, /* VAR_IPSECMOD_IGNORE_BOGUS */
|
||||
VAR_IPSECMOD_MAX_TTL = 528, /* VAR_IPSECMOD_MAX_TTL */
|
||||
VAR_IPSECMOD_WHITELIST = 529, /* VAR_IPSECMOD_WHITELIST */
|
||||
VAR_IPSECMOD_STRICT = 530, /* VAR_IPSECMOD_STRICT */
|
||||
VAR_CACHEDB = 531, /* VAR_CACHEDB */
|
||||
VAR_CACHEDB_BACKEND = 532, /* VAR_CACHEDB_BACKEND */
|
||||
VAR_CACHEDB_SECRETSEED = 533, /* VAR_CACHEDB_SECRETSEED */
|
||||
VAR_CACHEDB_REDISHOST = 534, /* VAR_CACHEDB_REDISHOST */
|
||||
VAR_CACHEDB_REDISPORT = 535, /* VAR_CACHEDB_REDISPORT */
|
||||
VAR_CACHEDB_REDISTIMEOUT = 536, /* VAR_CACHEDB_REDISTIMEOUT */
|
||||
VAR_CACHEDB_REDISEXPIRERECORDS = 537, /* VAR_CACHEDB_REDISEXPIRERECORDS */
|
||||
VAR_UDP_UPSTREAM_WITHOUT_DOWNSTREAM = 538, /* VAR_UDP_UPSTREAM_WITHOUT_DOWNSTREAM */
|
||||
VAR_FOR_UPSTREAM = 539, /* VAR_FOR_UPSTREAM */
|
||||
VAR_AUTH_ZONE = 540, /* VAR_AUTH_ZONE */
|
||||
VAR_ZONEFILE = 541, /* VAR_ZONEFILE */
|
||||
VAR_MASTER = 542, /* VAR_MASTER */
|
||||
VAR_URL = 543, /* VAR_URL */
|
||||
VAR_FOR_DOWNSTREAM = 544, /* VAR_FOR_DOWNSTREAM */
|
||||
VAR_FALLBACK_ENABLED = 545, /* VAR_FALLBACK_ENABLED */
|
||||
VAR_TLS_ADDITIONAL_PORT = 546, /* VAR_TLS_ADDITIONAL_PORT */
|
||||
VAR_LOW_RTT = 547, /* VAR_LOW_RTT */
|
||||
VAR_LOW_RTT_PERMIL = 548, /* VAR_LOW_RTT_PERMIL */
|
||||
VAR_FAST_SERVER_PERMIL = 549, /* VAR_FAST_SERVER_PERMIL */
|
||||
VAR_FAST_SERVER_NUM = 550, /* VAR_FAST_SERVER_NUM */
|
||||
VAR_ALLOW_NOTIFY = 551, /* VAR_ALLOW_NOTIFY */
|
||||
VAR_TLS_WIN_CERT = 552, /* VAR_TLS_WIN_CERT */
|
||||
VAR_TCP_CONNECTION_LIMIT = 553, /* VAR_TCP_CONNECTION_LIMIT */
|
||||
VAR_FORWARD_NO_CACHE = 554, /* VAR_FORWARD_NO_CACHE */
|
||||
VAR_STUB_NO_CACHE = 555, /* VAR_STUB_NO_CACHE */
|
||||
VAR_LOG_SERVFAIL = 556, /* VAR_LOG_SERVFAIL */
|
||||
VAR_DENY_ANY = 557, /* VAR_DENY_ANY */
|
||||
VAR_UNKNOWN_SERVER_TIME_LIMIT = 558, /* VAR_UNKNOWN_SERVER_TIME_LIMIT */
|
||||
VAR_LOG_TAG_QUERYREPLY = 559, /* VAR_LOG_TAG_QUERYREPLY */
|
||||
VAR_STREAM_WAIT_SIZE = 560, /* VAR_STREAM_WAIT_SIZE */
|
||||
VAR_TLS_CIPHERS = 561, /* VAR_TLS_CIPHERS */
|
||||
VAR_TLS_CIPHERSUITES = 562, /* VAR_TLS_CIPHERSUITES */
|
||||
VAR_TLS_USE_SNI = 563, /* VAR_TLS_USE_SNI */
|
||||
VAR_IPSET = 564, /* VAR_IPSET */
|
||||
VAR_IPSET_NAME_V4 = 565, /* VAR_IPSET_NAME_V4 */
|
||||
VAR_IPSET_NAME_V6 = 566, /* VAR_IPSET_NAME_V6 */
|
||||
VAR_TLS_SESSION_TICKET_KEYS = 567, /* VAR_TLS_SESSION_TICKET_KEYS */
|
||||
VAR_RPZ = 568, /* VAR_RPZ */
|
||||
VAR_TAGS = 569, /* VAR_TAGS */
|
||||
VAR_RPZ_ACTION_OVERRIDE = 570, /* VAR_RPZ_ACTION_OVERRIDE */
|
||||
VAR_RPZ_CNAME_OVERRIDE = 571, /* VAR_RPZ_CNAME_OVERRIDE */
|
||||
VAR_RPZ_LOG = 572, /* VAR_RPZ_LOG */
|
||||
VAR_RPZ_LOG_NAME = 573, /* VAR_RPZ_LOG_NAME */
|
||||
VAR_DYNLIB = 574, /* VAR_DYNLIB */
|
||||
VAR_DYNLIB_FILE = 575, /* VAR_DYNLIB_FILE */
|
||||
VAR_EDNS_CLIENT_STRING = 576, /* VAR_EDNS_CLIENT_STRING */
|
||||
VAR_EDNS_CLIENT_STRING_OPCODE = 577, /* VAR_EDNS_CLIENT_STRING_OPCODE */
|
||||
VAR_NSID = 578, /* VAR_NSID */
|
||||
VAR_ZONEMD_PERMISSIVE_MODE = 579, /* VAR_ZONEMD_PERMISSIVE_MODE */
|
||||
VAR_ZONEMD_CHECK = 580, /* VAR_ZONEMD_CHECK */
|
||||
VAR_ZONEMD_REJECT_ABSENCE = 581, /* VAR_ZONEMD_REJECT_ABSENCE */
|
||||
VAR_RPZ_SIGNAL_NXDOMAIN_RA = 582, /* VAR_RPZ_SIGNAL_NXDOMAIN_RA */
|
||||
VAR_INTERFACE_AUTOMATIC_PORTS = 583, /* VAR_INTERFACE_AUTOMATIC_PORTS */
|
||||
VAR_EDE = 584, /* VAR_EDE */
|
||||
VAR_INTERFACE_ACTION = 585, /* VAR_INTERFACE_ACTION */
|
||||
VAR_INTERFACE_VIEW = 586, /* VAR_INTERFACE_VIEW */
|
||||
VAR_INTERFACE_TAG = 587, /* VAR_INTERFACE_TAG */
|
||||
VAR_INTERFACE_TAG_ACTION = 588, /* VAR_INTERFACE_TAG_ACTION */
|
||||
VAR_INTERFACE_TAG_DATA = 589, /* VAR_INTERFACE_TAG_DATA */
|
||||
VAR_PROXY_PROTOCOL_PORT = 590, /* VAR_PROXY_PROTOCOL_PORT */
|
||||
VAR_STATISTICS_INHIBIT_ZERO = 591 /* VAR_STATISTICS_INHIBIT_ZERO */
|
||||
};
|
||||
typedef enum yytokentype yytoken_kind_t;
|
||||
#endif
|
||||
|
@ -593,137 +596,140 @@ extern int yydebug;
|
|||
#define VAR_RATELIMIT_SLABS 455
|
||||
#define VAR_RATELIMIT_SIZE 456
|
||||
#define VAR_OUTBOUND_MSG_RETRY 457
|
||||
#define VAR_RATELIMIT_FOR_DOMAIN 458
|
||||
#define VAR_RATELIMIT_BELOW_DOMAIN 459
|
||||
#define VAR_IP_RATELIMIT_FACTOR 460
|
||||
#define VAR_RATELIMIT_FACTOR 461
|
||||
#define VAR_IP_RATELIMIT_BACKOFF 462
|
||||
#define VAR_RATELIMIT_BACKOFF 463
|
||||
#define VAR_SEND_CLIENT_SUBNET 464
|
||||
#define VAR_CLIENT_SUBNET_ZONE 465
|
||||
#define VAR_CLIENT_SUBNET_ALWAYS_FORWARD 466
|
||||
#define VAR_CLIENT_SUBNET_OPCODE 467
|
||||
#define VAR_MAX_CLIENT_SUBNET_IPV4 468
|
||||
#define VAR_MAX_CLIENT_SUBNET_IPV6 469
|
||||
#define VAR_MIN_CLIENT_SUBNET_IPV4 470
|
||||
#define VAR_MIN_CLIENT_SUBNET_IPV6 471
|
||||
#define VAR_MAX_ECS_TREE_SIZE_IPV4 472
|
||||
#define VAR_MAX_ECS_TREE_SIZE_IPV6 473
|
||||
#define VAR_CAPS_WHITELIST 474
|
||||
#define VAR_CACHE_MAX_NEGATIVE_TTL 475
|
||||
#define VAR_PERMIT_SMALL_HOLDDOWN 476
|
||||
#define VAR_QNAME_MINIMISATION 477
|
||||
#define VAR_QNAME_MINIMISATION_STRICT 478
|
||||
#define VAR_IP_FREEBIND 479
|
||||
#define VAR_DEFINE_TAG 480
|
||||
#define VAR_LOCAL_ZONE_TAG 481
|
||||
#define VAR_ACCESS_CONTROL_TAG 482
|
||||
#define VAR_LOCAL_ZONE_OVERRIDE 483
|
||||
#define VAR_ACCESS_CONTROL_TAG_ACTION 484
|
||||
#define VAR_ACCESS_CONTROL_TAG_DATA 485
|
||||
#define VAR_VIEW 486
|
||||
#define VAR_ACCESS_CONTROL_VIEW 487
|
||||
#define VAR_VIEW_FIRST 488
|
||||
#define VAR_SERVE_EXPIRED 489
|
||||
#define VAR_SERVE_EXPIRED_TTL 490
|
||||
#define VAR_SERVE_EXPIRED_TTL_RESET 491
|
||||
#define VAR_SERVE_EXPIRED_REPLY_TTL 492
|
||||
#define VAR_SERVE_EXPIRED_CLIENT_TIMEOUT 493
|
||||
#define VAR_EDE_SERVE_EXPIRED 494
|
||||
#define VAR_SERVE_ORIGINAL_TTL 495
|
||||
#define VAR_FAKE_DSA 496
|
||||
#define VAR_FAKE_SHA1 497
|
||||
#define VAR_LOG_IDENTITY 498
|
||||
#define VAR_HIDE_TRUSTANCHOR 499
|
||||
#define VAR_HIDE_HTTP_USER_AGENT 500
|
||||
#define VAR_HTTP_USER_AGENT 501
|
||||
#define VAR_TRUST_ANCHOR_SIGNALING 502
|
||||
#define VAR_AGGRESSIVE_NSEC 503
|
||||
#define VAR_USE_SYSTEMD 504
|
||||
#define VAR_SHM_ENABLE 505
|
||||
#define VAR_SHM_KEY 506
|
||||
#define VAR_ROOT_KEY_SENTINEL 507
|
||||
#define VAR_DNSCRYPT 508
|
||||
#define VAR_DNSCRYPT_ENABLE 509
|
||||
#define VAR_DNSCRYPT_PORT 510
|
||||
#define VAR_DNSCRYPT_PROVIDER 511
|
||||
#define VAR_DNSCRYPT_SECRET_KEY 512
|
||||
#define VAR_DNSCRYPT_PROVIDER_CERT 513
|
||||
#define VAR_DNSCRYPT_PROVIDER_CERT_ROTATED 514
|
||||
#define VAR_DNSCRYPT_SHARED_SECRET_CACHE_SIZE 515
|
||||
#define VAR_DNSCRYPT_SHARED_SECRET_CACHE_SLABS 516
|
||||
#define VAR_DNSCRYPT_NONCE_CACHE_SIZE 517
|
||||
#define VAR_DNSCRYPT_NONCE_CACHE_SLABS 518
|
||||
#define VAR_PAD_RESPONSES 519
|
||||
#define VAR_PAD_RESPONSES_BLOCK_SIZE 520
|
||||
#define VAR_PAD_QUERIES 521
|
||||
#define VAR_PAD_QUERIES_BLOCK_SIZE 522
|
||||
#define VAR_IPSECMOD_ENABLED 523
|
||||
#define VAR_IPSECMOD_HOOK 524
|
||||
#define VAR_IPSECMOD_IGNORE_BOGUS 525
|
||||
#define VAR_IPSECMOD_MAX_TTL 526
|
||||
#define VAR_IPSECMOD_WHITELIST 527
|
||||
#define VAR_IPSECMOD_STRICT 528
|
||||
#define VAR_CACHEDB 529
|
||||
#define VAR_CACHEDB_BACKEND 530
|
||||
#define VAR_CACHEDB_SECRETSEED 531
|
||||
#define VAR_CACHEDB_REDISHOST 532
|
||||
#define VAR_CACHEDB_REDISPORT 533
|
||||
#define VAR_CACHEDB_REDISTIMEOUT 534
|
||||
#define VAR_CACHEDB_REDISEXPIRERECORDS 535
|
||||
#define VAR_UDP_UPSTREAM_WITHOUT_DOWNSTREAM 536
|
||||
#define VAR_FOR_UPSTREAM 537
|
||||
#define VAR_AUTH_ZONE 538
|
||||
#define VAR_ZONEFILE 539
|
||||
#define VAR_MASTER 540
|
||||
#define VAR_URL 541
|
||||
#define VAR_FOR_DOWNSTREAM 542
|
||||
#define VAR_FALLBACK_ENABLED 543
|
||||
#define VAR_TLS_ADDITIONAL_PORT 544
|
||||
#define VAR_LOW_RTT 545
|
||||
#define VAR_LOW_RTT_PERMIL 546
|
||||
#define VAR_FAST_SERVER_PERMIL 547
|
||||
#define VAR_FAST_SERVER_NUM 548
|
||||
#define VAR_ALLOW_NOTIFY 549
|
||||
#define VAR_TLS_WIN_CERT 550
|
||||
#define VAR_TCP_CONNECTION_LIMIT 551
|
||||
#define VAR_FORWARD_NO_CACHE 552
|
||||
#define VAR_STUB_NO_CACHE 553
|
||||
#define VAR_LOG_SERVFAIL 554
|
||||
#define VAR_DENY_ANY 555
|
||||
#define VAR_UNKNOWN_SERVER_TIME_LIMIT 556
|
||||
#define VAR_LOG_TAG_QUERYREPLY 557
|
||||
#define VAR_STREAM_WAIT_SIZE 558
|
||||
#define VAR_TLS_CIPHERS 559
|
||||
#define VAR_TLS_CIPHERSUITES 560
|
||||
#define VAR_TLS_USE_SNI 561
|
||||
#define VAR_IPSET 562
|
||||
#define VAR_IPSET_NAME_V4 563
|
||||
#define VAR_IPSET_NAME_V6 564
|
||||
#define VAR_TLS_SESSION_TICKET_KEYS 565
|
||||
#define VAR_RPZ 566
|
||||
#define VAR_TAGS 567
|
||||
#define VAR_RPZ_ACTION_OVERRIDE 568
|
||||
#define VAR_RPZ_CNAME_OVERRIDE 569
|
||||
#define VAR_RPZ_LOG 570
|
||||
#define VAR_RPZ_LOG_NAME 571
|
||||
#define VAR_DYNLIB 572
|
||||
#define VAR_DYNLIB_FILE 573
|
||||
#define VAR_EDNS_CLIENT_STRING 574
|
||||
#define VAR_EDNS_CLIENT_STRING_OPCODE 575
|
||||
#define VAR_NSID 576
|
||||
#define VAR_ZONEMD_PERMISSIVE_MODE 577
|
||||
#define VAR_ZONEMD_CHECK 578
|
||||
#define VAR_ZONEMD_REJECT_ABSENCE 579
|
||||
#define VAR_RPZ_SIGNAL_NXDOMAIN_RA 580
|
||||
#define VAR_INTERFACE_AUTOMATIC_PORTS 581
|
||||
#define VAR_EDE 582
|
||||
#define VAR_INTERFACE_ACTION 583
|
||||
#define VAR_INTERFACE_VIEW 584
|
||||
#define VAR_INTERFACE_TAG 585
|
||||
#define VAR_INTERFACE_TAG_ACTION 586
|
||||
#define VAR_INTERFACE_TAG_DATA 587
|
||||
#define VAR_PROXY_PROTOCOL_PORT 588
|
||||
#define VAR_MAX_SENT_COUNT 458
|
||||
#define VAR_MAX_QUERY_RESTARTS 459
|
||||
#define VAR_RATELIMIT_FOR_DOMAIN 460
|
||||
#define VAR_RATELIMIT_BELOW_DOMAIN 461
|
||||
#define VAR_IP_RATELIMIT_FACTOR 462
|
||||
#define VAR_RATELIMIT_FACTOR 463
|
||||
#define VAR_IP_RATELIMIT_BACKOFF 464
|
||||
#define VAR_RATELIMIT_BACKOFF 465
|
||||
#define VAR_SEND_CLIENT_SUBNET 466
|
||||
#define VAR_CLIENT_SUBNET_ZONE 467
|
||||
#define VAR_CLIENT_SUBNET_ALWAYS_FORWARD 468
|
||||
#define VAR_CLIENT_SUBNET_OPCODE 469
|
||||
#define VAR_MAX_CLIENT_SUBNET_IPV4 470
|
||||
#define VAR_MAX_CLIENT_SUBNET_IPV6 471
|
||||
#define VAR_MIN_CLIENT_SUBNET_IPV4 472
|
||||
#define VAR_MIN_CLIENT_SUBNET_IPV6 473
|
||||
#define VAR_MAX_ECS_TREE_SIZE_IPV4 474
|
||||
#define VAR_MAX_ECS_TREE_SIZE_IPV6 475
|
||||
#define VAR_CAPS_WHITELIST 476
|
||||
#define VAR_CACHE_MAX_NEGATIVE_TTL 477
|
||||
#define VAR_PERMIT_SMALL_HOLDDOWN 478
|
||||
#define VAR_QNAME_MINIMISATION 479
|
||||
#define VAR_QNAME_MINIMISATION_STRICT 480
|
||||
#define VAR_IP_FREEBIND 481
|
||||
#define VAR_DEFINE_TAG 482
|
||||
#define VAR_LOCAL_ZONE_TAG 483
|
||||
#define VAR_ACCESS_CONTROL_TAG 484
|
||||
#define VAR_LOCAL_ZONE_OVERRIDE 485
|
||||
#define VAR_ACCESS_CONTROL_TAG_ACTION 486
|
||||
#define VAR_ACCESS_CONTROL_TAG_DATA 487
|
||||
#define VAR_VIEW 488
|
||||
#define VAR_ACCESS_CONTROL_VIEW 489
|
||||
#define VAR_VIEW_FIRST 490
|
||||
#define VAR_SERVE_EXPIRED 491
|
||||
#define VAR_SERVE_EXPIRED_TTL 492
|
||||
#define VAR_SERVE_EXPIRED_TTL_RESET 493
|
||||
#define VAR_SERVE_EXPIRED_REPLY_TTL 494
|
||||
#define VAR_SERVE_EXPIRED_CLIENT_TIMEOUT 495
|
||||
#define VAR_EDE_SERVE_EXPIRED 496
|
||||
#define VAR_SERVE_ORIGINAL_TTL 497
|
||||
#define VAR_FAKE_DSA 498
|
||||
#define VAR_FAKE_SHA1 499
|
||||
#define VAR_LOG_IDENTITY 500
|
||||
#define VAR_HIDE_TRUSTANCHOR 501
|
||||
#define VAR_HIDE_HTTP_USER_AGENT 502
|
||||
#define VAR_HTTP_USER_AGENT 503
|
||||
#define VAR_TRUST_ANCHOR_SIGNALING 504
|
||||
#define VAR_AGGRESSIVE_NSEC 505
|
||||
#define VAR_USE_SYSTEMD 506
|
||||
#define VAR_SHM_ENABLE 507
|
||||
#define VAR_SHM_KEY 508
|
||||
#define VAR_ROOT_KEY_SENTINEL 509
|
||||
#define VAR_DNSCRYPT 510
|
||||
#define VAR_DNSCRYPT_ENABLE 511
|
||||
#define VAR_DNSCRYPT_PORT 512
|
||||
#define VAR_DNSCRYPT_PROVIDER 513
|
||||
#define VAR_DNSCRYPT_SECRET_KEY 514
|
||||
#define VAR_DNSCRYPT_PROVIDER_CERT 515
|
||||
#define VAR_DNSCRYPT_PROVIDER_CERT_ROTATED 516
|
||||
#define VAR_DNSCRYPT_SHARED_SECRET_CACHE_SIZE 517
|
||||
#define VAR_DNSCRYPT_SHARED_SECRET_CACHE_SLABS 518
|
||||
#define VAR_DNSCRYPT_NONCE_CACHE_SIZE 519
|
||||
#define VAR_DNSCRYPT_NONCE_CACHE_SLABS 520
|
||||
#define VAR_PAD_RESPONSES 521
|
||||
#define VAR_PAD_RESPONSES_BLOCK_SIZE 522
|
||||
#define VAR_PAD_QUERIES 523
|
||||
#define VAR_PAD_QUERIES_BLOCK_SIZE 524
|
||||
#define VAR_IPSECMOD_ENABLED 525
|
||||
#define VAR_IPSECMOD_HOOK 526
|
||||
#define VAR_IPSECMOD_IGNORE_BOGUS 527
|
||||
#define VAR_IPSECMOD_MAX_TTL 528
|
||||
#define VAR_IPSECMOD_WHITELIST 529
|
||||
#define VAR_IPSECMOD_STRICT 530
|
||||
#define VAR_CACHEDB 531
|
||||
#define VAR_CACHEDB_BACKEND 532
|
||||
#define VAR_CACHEDB_SECRETSEED 533
|
||||
#define VAR_CACHEDB_REDISHOST 534
|
||||
#define VAR_CACHEDB_REDISPORT 535
|
||||
#define VAR_CACHEDB_REDISTIMEOUT 536
|
||||
#define VAR_CACHEDB_REDISEXPIRERECORDS 537
|
||||
#define VAR_UDP_UPSTREAM_WITHOUT_DOWNSTREAM 538
|
||||
#define VAR_FOR_UPSTREAM 539
|
||||
#define VAR_AUTH_ZONE 540
|
||||
#define VAR_ZONEFILE 541
|
||||
#define VAR_MASTER 542
|
||||
#define VAR_URL 543
|
||||
#define VAR_FOR_DOWNSTREAM 544
|
||||
#define VAR_FALLBACK_ENABLED 545
|
||||
#define VAR_TLS_ADDITIONAL_PORT 546
|
||||
#define VAR_LOW_RTT 547
|
||||
#define VAR_LOW_RTT_PERMIL 548
|
||||
#define VAR_FAST_SERVER_PERMIL 549
|
||||
#define VAR_FAST_SERVER_NUM 550
|
||||
#define VAR_ALLOW_NOTIFY 551
|
||||
#define VAR_TLS_WIN_CERT 552
|
||||
#define VAR_TCP_CONNECTION_LIMIT 553
|
||||
#define VAR_FORWARD_NO_CACHE 554
|
||||
#define VAR_STUB_NO_CACHE 555
|
||||
#define VAR_LOG_SERVFAIL 556
|
||||
#define VAR_DENY_ANY 557
|
||||
#define VAR_UNKNOWN_SERVER_TIME_LIMIT 558
|
||||
#define VAR_LOG_TAG_QUERYREPLY 559
|
||||
#define VAR_STREAM_WAIT_SIZE 560
|
||||
#define VAR_TLS_CIPHERS 561
|
||||
#define VAR_TLS_CIPHERSUITES 562
|
||||
#define VAR_TLS_USE_SNI 563
|
||||
#define VAR_IPSET 564
|
||||
#define VAR_IPSET_NAME_V4 565
|
||||
#define VAR_IPSET_NAME_V6 566
|
||||
#define VAR_TLS_SESSION_TICKET_KEYS 567
|
||||
#define VAR_RPZ 568
|
||||
#define VAR_TAGS 569
|
||||
#define VAR_RPZ_ACTION_OVERRIDE 570
|
||||
#define VAR_RPZ_CNAME_OVERRIDE 571
|
||||
#define VAR_RPZ_LOG 572
|
||||
#define VAR_RPZ_LOG_NAME 573
|
||||
#define VAR_DYNLIB 574
|
||||
#define VAR_DYNLIB_FILE 575
|
||||
#define VAR_EDNS_CLIENT_STRING 576
|
||||
#define VAR_EDNS_CLIENT_STRING_OPCODE 577
|
||||
#define VAR_NSID 578
|
||||
#define VAR_ZONEMD_PERMISSIVE_MODE 579
|
||||
#define VAR_ZONEMD_CHECK 580
|
||||
#define VAR_ZONEMD_REJECT_ABSENCE 581
|
||||
#define VAR_RPZ_SIGNAL_NXDOMAIN_RA 582
|
||||
#define VAR_INTERFACE_AUTOMATIC_PORTS 583
|
||||
#define VAR_EDE 584
|
||||
#define VAR_INTERFACE_ACTION 585
|
||||
#define VAR_INTERFACE_VIEW 586
|
||||
#define VAR_INTERFACE_TAG 587
|
||||
#define VAR_INTERFACE_TAG_ACTION 588
|
||||
#define VAR_INTERFACE_TAG_DATA 589
|
||||
#define VAR_PROXY_PROTOCOL_PORT 590
|
||||
#define VAR_STATISTICS_INHIBIT_ZERO 591
|
||||
|
||||
/* Value type. */
|
||||
#if ! defined YYSTYPE && ! defined YYSTYPE_IS_DECLARED
|
||||
|
@ -733,7 +739,7 @@ union YYSTYPE
|
|||
|
||||
char* str;
|
||||
|
||||
#line 737 "util/configparser.h"
|
||||
#line 743 "util/configparser.h"
|
||||
|
||||
};
|
||||
typedef union YYSTYPE YYSTYPE;
|
||||
|
|
|
@ -140,7 +140,7 @@ extern struct config_parser_state* cfg_parser;
|
|||
%token VAR_DISABLE_DNSSEC_LAME_CHECK
|
||||
%token VAR_IP_RATELIMIT VAR_IP_RATELIMIT_SLABS VAR_IP_RATELIMIT_SIZE
|
||||
%token VAR_RATELIMIT VAR_RATELIMIT_SLABS VAR_RATELIMIT_SIZE
|
||||
%token VAR_OUTBOUND_MSG_RETRY
|
||||
%token VAR_OUTBOUND_MSG_RETRY VAR_MAX_SENT_COUNT VAR_MAX_QUERY_RESTARTS
|
||||
%token VAR_RATELIMIT_FOR_DOMAIN VAR_RATELIMIT_BELOW_DOMAIN
|
||||
%token VAR_IP_RATELIMIT_FACTOR VAR_RATELIMIT_FACTOR
|
||||
%token VAR_IP_RATELIMIT_BACKOFF VAR_RATELIMIT_BACKOFF
|
||||
|
@ -193,7 +193,7 @@ extern struct config_parser_state* cfg_parser;
|
|||
%token VAR_RPZ_SIGNAL_NXDOMAIN_RA VAR_INTERFACE_AUTOMATIC_PORTS VAR_EDE
|
||||
%token VAR_INTERFACE_ACTION VAR_INTERFACE_VIEW VAR_INTERFACE_TAG
|
||||
%token VAR_INTERFACE_TAG_ACTION VAR_INTERFACE_TAG_DATA
|
||||
%token VAR_PROXY_PROTOCOL_PORT
|
||||
%token VAR_PROXY_PROTOCOL_PORT VAR_STATISTICS_INHIBIT_ZERO
|
||||
|
||||
%%
|
||||
toplevelvars: /* empty */ | toplevelvars toplevelvar ;
|
||||
|
@ -282,6 +282,7 @@ content_server: server_num_threads | server_verbosity | server_port |
|
|||
server_ratelimit_below_domain | server_ratelimit_factor |
|
||||
server_ip_ratelimit_factor | server_ratelimit_backoff |
|
||||
server_ip_ratelimit_backoff | server_outbound_msg_retry |
|
||||
server_max_sent_count | server_max_query_restarts |
|
||||
server_send_client_subnet | server_client_subnet_zone |
|
||||
server_client_subnet_always_forward | server_client_subnet_opcode |
|
||||
server_max_client_subnet_ipv4 | server_max_client_subnet_ipv6 |
|
||||
|
@ -322,7 +323,7 @@ content_server: server_num_threads | server_verbosity | server_port |
|
|||
server_zonemd_permissive_mode | server_max_reuse_tcp_queries |
|
||||
server_tcp_reuse_timeout | server_tcp_auth_query_timeout |
|
||||
server_interface_automatic_ports | server_ede |
|
||||
server_proxy_protocol_port
|
||||
server_proxy_protocol_port | server_statistics_inhibit_zero
|
||||
;
|
||||
stubstart: VAR_STUB_ZONE
|
||||
{
|
||||
|
@ -554,6 +555,15 @@ server_extended_statistics: VAR_EXTENDED_STATISTICS STRING_ARG
|
|||
free($2);
|
||||
}
|
||||
;
|
||||
server_statistics_inhibit_zero: VAR_STATISTICS_INHIBIT_ZERO STRING_ARG
|
||||
{
|
||||
OUTYY(("P(server_statistics_inhibit_zero:%s)\n", $2));
|
||||
if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
|
||||
yyerror("expected yes or no.");
|
||||
else cfg_parser->cfg->stat_inhibit_zero = (strcmp($2, "yes")==0);
|
||||
free($2);
|
||||
}
|
||||
;
|
||||
server_shm_enable: VAR_SHM_ENABLE STRING_ARG
|
||||
{
|
||||
OUTYY(("P(server_shm_enable:%s)\n", $2));
|
||||
|
@ -2636,6 +2646,24 @@ server_outbound_msg_retry: VAR_OUTBOUND_MSG_RETRY STRING_ARG
|
|||
free($2);
|
||||
}
|
||||
;
|
||||
server_max_sent_count: VAR_MAX_SENT_COUNT STRING_ARG
|
||||
{
|
||||
OUTYY(("P(server_max_sent_count:%s)\n", $2));
|
||||
if(atoi($2) == 0 && strcmp($2, "0") != 0)
|
||||
yyerror("number expected");
|
||||
else cfg_parser->cfg->max_sent_count = atoi($2);
|
||||
free($2);
|
||||
}
|
||||
;
|
||||
server_max_query_restarts: VAR_MAX_QUERY_RESTARTS STRING_ARG
|
||||
{
|
||||
OUTYY(("P(server_max_query_restarts:%s)\n", $2));
|
||||
if(atoi($2) == 0 && strcmp($2, "0") != 0)
|
||||
yyerror("number expected");
|
||||
else cfg_parser->cfg->max_query_restarts = atoi($2);
|
||||
free($2);
|
||||
}
|
||||
;
|
||||
server_low_rtt: VAR_LOW_RTT STRING_ARG
|
||||
{
|
||||
OUTYY(("P(low-rtt option is deprecated, use fast-server-num instead)\n"));
|
||||
|
|
|
@ -4840,6 +4840,7 @@
|
|||
8403,
|
||||
8416,
|
||||
8417,
|
||||
8433,
|
||||
8442,
|
||||
8443,
|
||||
8444,
|
||||
|
|
|
@ -810,7 +810,7 @@ static int consume_pp2_header(struct sldns_buffer* buf, struct comm_reply* rep,
|
|||
/* We are reading a whole packet;
|
||||
* Move the rest of the data to overwrite the PROXYv2 header */
|
||||
/* XXX can we do better to avoid memmove? */
|
||||
memmove(header, ((void*)header)+size,
|
||||
memmove(header, ((char*)header)+size,
|
||||
sldns_buffer_limit(buf)-size);
|
||||
sldns_buffer_set_limit(buf, sldns_buffer_limit(buf)-size);
|
||||
}
|
||||
|
@ -2545,8 +2545,9 @@ comm_point_tcp_handle_write(int fd, struct comm_point* c)
|
|||
return 1;
|
||||
}
|
||||
|
||||
/** read again to drain buffers when there could be more to read */
|
||||
static void
|
||||
/** read again to drain buffers when there could be more to read, returns 0
|
||||
* on failure which means the comm point is closed. */
|
||||
static int
|
||||
tcp_req_info_read_again(int fd, struct comm_point* c)
|
||||
{
|
||||
while(c->tcp_req_info->read_again) {
|
||||
|
@ -2563,9 +2564,10 @@ tcp_req_info_read_again(int fd, struct comm_point* c)
|
|||
(void)(*c->callback)(c, c->cb_arg,
|
||||
NETEVENT_CLOSED, NULL);
|
||||
}
|
||||
return;
|
||||
return 0;
|
||||
}
|
||||
}
|
||||
return 1;
|
||||
}
|
||||
|
||||
/** read again to drain buffers when there could be more to read */
|
||||
|
@ -2623,6 +2625,9 @@ comm_point_tcp_handle_callback(int fd, short event, void* arg)
|
|||
log_assert(c->type == comm_tcp);
|
||||
ub_comm_base_now(c->ev->base);
|
||||
|
||||
if(c->fd == -1 || c->fd != fd)
|
||||
return; /* duplicate event, but commpoint closed. */
|
||||
|
||||
#ifdef USE_DNSCRYPT
|
||||
/* Initialize if this is a dnscrypt socket */
|
||||
if(c->tcp_parent) {
|
||||
|
@ -2671,8 +2676,10 @@ comm_point_tcp_handle_callback(int fd, short event, void* arg)
|
|||
}
|
||||
return;
|
||||
}
|
||||
if(has_tcpq && c->tcp_req_info && c->tcp_req_info->read_again)
|
||||
tcp_req_info_read_again(fd, c);
|
||||
if(has_tcpq && c->tcp_req_info && c->tcp_req_info->read_again) {
|
||||
if(!tcp_req_info_read_again(fd, c))
|
||||
return;
|
||||
}
|
||||
if(moreread && *moreread)
|
||||
tcp_more_read_again(fd, c);
|
||||
return;
|
||||
|
@ -2690,8 +2697,10 @@ comm_point_tcp_handle_callback(int fd, short event, void* arg)
|
|||
}
|
||||
return;
|
||||
}
|
||||
if(has_tcpq && c->tcp_req_info && c->tcp_req_info->read_again)
|
||||
tcp_req_info_read_again(fd, c);
|
||||
if(has_tcpq && c->tcp_req_info && c->tcp_req_info->read_again) {
|
||||
if(!tcp_req_info_read_again(fd, c))
|
||||
return;
|
||||
}
|
||||
if(morewrite && *morewrite)
|
||||
tcp_more_write_again(fd, c);
|
||||
return;
|
||||
|
@ -4488,6 +4497,11 @@ comm_point_close(struct comm_point* c)
|
|||
tcp_req_info_clear(c->tcp_req_info);
|
||||
if(c->h2_session)
|
||||
http2_session_server_delete(c->h2_session);
|
||||
/* stop the comm point from reading or writing after it is closed. */
|
||||
if(c->tcp_more_read_again && *c->tcp_more_read_again)
|
||||
*c->tcp_more_read_again = 0;
|
||||
if(c->tcp_more_write_again && *c->tcp_more_write_again)
|
||||
*c->tcp_more_write_again = 0;
|
||||
|
||||
/* close fd after removing from event lists, or epoll.. is messed up */
|
||||
if(c->fd != -1 && !c->do_not_close) {
|
||||
|
|
53
util/tube.c
53
util/tube.c
|
@ -45,6 +45,9 @@
|
|||
#include "util/netevent.h"
|
||||
#include "util/fptr_wlist.h"
|
||||
#include "util/ub_event.h"
|
||||
#ifdef HAVE_POLL_H
|
||||
#include <poll.h>
|
||||
#endif
|
||||
|
||||
#ifndef USE_WINSOCK
|
||||
/* on unix */
|
||||
|
@ -396,20 +399,28 @@ int tube_read_msg(struct tube* tube, uint8_t** buf, uint32_t* len,
|
|||
return 1;
|
||||
}
|
||||
|
||||
/** perform a select() on the fd */
|
||||
/** perform poll() on the fd */
|
||||
static int
|
||||
pollit(int fd, struct timeval* t)
|
||||
{
|
||||
fd_set r;
|
||||
struct pollfd fds;
|
||||
int pret;
|
||||
int msec = -1;
|
||||
memset(&fds, 0, sizeof(fds));
|
||||
fds.fd = fd;
|
||||
fds.events = POLLIN | POLLERR | POLLHUP;
|
||||
#ifndef S_SPLINT_S
|
||||
FD_ZERO(&r);
|
||||
FD_SET(FD_SET_T fd, &r);
|
||||
if(t)
|
||||
msec = t->tv_sec*1000 + t->tv_usec/1000;
|
||||
#endif
|
||||
if(select(fd+1, &r, NULL, NULL, t) == -1) {
|
||||
|
||||
pret = poll(&fds, 1, msec);
|
||||
|
||||
if(pret == -1)
|
||||
return 0;
|
||||
}
|
||||
errno = 0;
|
||||
return (int)(FD_ISSET(fd, &r));
|
||||
if(pret != 0)
|
||||
return 1;
|
||||
return 0;
|
||||
}
|
||||
|
||||
int tube_poll(struct tube* tube)
|
||||
|
@ -426,24 +437,27 @@ int tube_wait(struct tube* tube)
|
|||
|
||||
int tube_wait_timeout(struct tube* tube, int msec)
|
||||
{
|
||||
struct timeval t;
|
||||
int fd = tube->sr;
|
||||
fd_set r;
|
||||
t.tv_sec = msec/1000;
|
||||
t.tv_usec = (msec%1000)*1000;
|
||||
#ifndef S_SPLINT_S
|
||||
FD_ZERO(&r);
|
||||
FD_SET(FD_SET_T fd, &r);
|
||||
#endif
|
||||
int ret = 0;
|
||||
|
||||
while(1) {
|
||||
if(select(fd+1, &r, NULL, NULL, &t) == -1) {
|
||||
struct pollfd fds;
|
||||
memset(&fds, 0, sizeof(fds));
|
||||
|
||||
fds.fd = tube->sr;
|
||||
fds.events = POLLIN | POLLERR | POLLHUP;
|
||||
ret = poll(&fds, 1, msec);
|
||||
|
||||
if(ret == -1) {
|
||||
if(errno == EAGAIN || errno == EINTR)
|
||||
continue;
|
||||
return -1;
|
||||
}
|
||||
break;
|
||||
}
|
||||
return (int)(FD_ISSET(fd, &r));
|
||||
|
||||
if(ret != 0)
|
||||
return 1;
|
||||
return 0;
|
||||
}
|
||||
|
||||
int tube_read_fd(struct tube* tube)
|
||||
|
@ -529,6 +543,7 @@ struct tube* tube_create(void)
|
|||
if(tube->event == WSA_INVALID_EVENT) {
|
||||
free(tube);
|
||||
log_err("WSACreateEvent: %s", wsa_strerror(WSAGetLastError()));
|
||||
return NULL;
|
||||
}
|
||||
if(!WSAResetEvent(tube->event)) {
|
||||
log_err("WSAResetEvent: %s", wsa_strerror(WSAGetLastError()));
|
||||
|
|
Loading…
Reference in a new issue