mirror of
https://github.com/freebsd/freebsd-src
synced 2024-07-21 18:27:22 +00:00
unbound: Vendor import 1.16.2
Security update to unbound. PR: 265645 Security: CVE-2022-30698, CVE-2022-30699 Security: bc43a578-14ec-11ed-856e-d4c9ef517024
This commit is contained in:
parent
d573514655
commit
9b76d32f23
31
SECURITY.md
Normal file
31
SECURITY.md
Normal file
|
@ -0,0 +1,31 @@
|
|||
# Security Policy
|
||||
|
||||
## Supported Versions
|
||||
|
||||
NLnet Labs adheres to the straightforward, semantic versioning scheme that is
|
||||
commonly used in the software industry.
|
||||
|
||||
Support is provided in respect of the latest release, i.e. releases with the
|
||||
highest minor and patch version level. We do not backport security fixes to
|
||||
older (minor) versions. In the event a new major version is released (e.g. from
|
||||
3.2.18 to 4.0.0), support will also be provided on the latest minor version of
|
||||
the previous major version (3.2.18) for a period of one year from the release of
|
||||
the new major version (4.0.0).
|
||||
|
||||
In the event that, during this period, a new patch or minor version of the
|
||||
previous major version is released, then support on these versions will only be
|
||||
provided for the remainder of the one-year-period.
|
||||
|
||||
You can find detailed information on our software support policy here:
|
||||
|
||||
https://www.nlnetlabs.nl/support/software-support-policy/
|
||||
|
||||
## Reporting a Vulnerability
|
||||
|
||||
We take security very seriously. If you have discovered a security vulnerability
|
||||
in one of our projects and you would like to report it to us, you can send an
|
||||
encrypted message to our Security Entry Point.
|
||||
|
||||
Details are described here:
|
||||
|
||||
https://www.nlnetlabs.nl/security-report/
|
|
@ -662,7 +662,7 @@ cachedb_intcache_store(struct module_qstate* qstate)
|
|||
return;
|
||||
(void)dns_cache_store(qstate->env, &qstate->qinfo,
|
||||
qstate->return_msg->rep, 0, qstate->prefetch_leeway, 0,
|
||||
qstate->region, store_flags);
|
||||
qstate->region, store_flags, qstate->qstarttime);
|
||||
}
|
||||
|
||||
/**
|
||||
|
|
25
configure
vendored
25
configure
vendored
|
@ -1,6 +1,6 @@
|
|||
#! /bin/sh
|
||||
# Guess values for system-dependent variables and create Makefiles.
|
||||
# Generated by GNU Autoconf 2.69 for unbound 1.16.1.
|
||||
# Generated by GNU Autoconf 2.69 for unbound 1.16.2.
|
||||
#
|
||||
# Report bugs to <unbound-bugs@nlnetlabs.nl or https://github.com/NLnetLabs/unbound/issues>.
|
||||
#
|
||||
|
@ -591,8 +591,8 @@ MAKEFLAGS=
|
|||
# Identity of this package.
|
||||
PACKAGE_NAME='unbound'
|
||||
PACKAGE_TARNAME='unbound'
|
||||
PACKAGE_VERSION='1.16.1'
|
||||
PACKAGE_STRING='unbound 1.16.1'
|
||||
PACKAGE_VERSION='1.16.2'
|
||||
PACKAGE_STRING='unbound 1.16.2'
|
||||
PACKAGE_BUGREPORT='unbound-bugs@nlnetlabs.nl or https://github.com/NLnetLabs/unbound/issues'
|
||||
PACKAGE_URL=''
|
||||
|
||||
|
@ -1477,7 +1477,7 @@ if test "$ac_init_help" = "long"; then
|
|||
# Omit some internal or obsolete options to make the list less imposing.
|
||||
# This message is too long to be a string in the A/UX 3.1 sh.
|
||||
cat <<_ACEOF
|
||||
\`configure' configures unbound 1.16.1 to adapt to many kinds of systems.
|
||||
\`configure' configures unbound 1.16.2 to adapt to many kinds of systems.
|
||||
|
||||
Usage: $0 [OPTION]... [VAR=VALUE]...
|
||||
|
||||
|
@ -1543,7 +1543,7 @@ fi
|
|||
|
||||
if test -n "$ac_init_help"; then
|
||||
case $ac_init_help in
|
||||
short | recursive ) echo "Configuration of unbound 1.16.1:";;
|
||||
short | recursive ) echo "Configuration of unbound 1.16.2:";;
|
||||
esac
|
||||
cat <<\_ACEOF
|
||||
|
||||
|
@ -1785,7 +1785,7 @@ fi
|
|||
test -n "$ac_init_help" && exit $ac_status
|
||||
if $ac_init_version; then
|
||||
cat <<\_ACEOF
|
||||
unbound configure 1.16.1
|
||||
unbound configure 1.16.2
|
||||
generated by GNU Autoconf 2.69
|
||||
|
||||
Copyright (C) 2012 Free Software Foundation, Inc.
|
||||
|
@ -2494,7 +2494,7 @@ cat >config.log <<_ACEOF
|
|||
This file contains any messages produced by compilers while
|
||||
running configure, to aid debugging if configure makes a mistake.
|
||||
|
||||
It was created by unbound $as_me 1.16.1, which was
|
||||
It was created by unbound $as_me 1.16.2, which was
|
||||
generated by GNU Autoconf 2.69. Invocation command line was
|
||||
|
||||
$ $0 $@
|
||||
|
@ -2846,11 +2846,11 @@ UNBOUND_VERSION_MAJOR=1
|
|||
|
||||
UNBOUND_VERSION_MINOR=16
|
||||
|
||||
UNBOUND_VERSION_MICRO=1
|
||||
UNBOUND_VERSION_MICRO=2
|
||||
|
||||
|
||||
LIBUNBOUND_CURRENT=9
|
||||
LIBUNBOUND_REVISION=17
|
||||
LIBUNBOUND_REVISION=18
|
||||
LIBUNBOUND_AGE=1
|
||||
# 1.0.0 had 0:12:0
|
||||
# 1.0.1 had 0:13:0
|
||||
|
@ -2935,6 +2935,7 @@ LIBUNBOUND_AGE=1
|
|||
# 1.15.0 had 9:15:1
|
||||
# 1.16.0 had 9:16:1
|
||||
# 1.16.1 had 9:17:1
|
||||
# 1.16.2 had 9:18:1
|
||||
|
||||
# Current -- the number of the binary API that we're implementing
|
||||
# Revision -- which iteration of the implementation of the binary
|
||||
|
@ -22013,7 +22014,7 @@ _ACEOF
|
|||
|
||||
|
||||
|
||||
version=1.16.1
|
||||
version=1.16.2
|
||||
|
||||
date=`date +'%b %e, %Y'`
|
||||
|
||||
|
@ -22532,7 +22533,7 @@ cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
|
|||
# report actual input values of CONFIG_FILES etc. instead of their
|
||||
# values after options handling.
|
||||
ac_log="
|
||||
This file was extended by unbound $as_me 1.16.1, which was
|
||||
This file was extended by unbound $as_me 1.16.2, which was
|
||||
generated by GNU Autoconf 2.69. Invocation command line was
|
||||
|
||||
CONFIG_FILES = $CONFIG_FILES
|
||||
|
@ -22598,7 +22599,7 @@ _ACEOF
|
|||
cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
|
||||
ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`"
|
||||
ac_cs_version="\\
|
||||
unbound config.status 1.16.1
|
||||
unbound config.status 1.16.2
|
||||
configured by $0, generated by GNU Autoconf 2.69,
|
||||
with options \\"\$ac_cs_config\\"
|
||||
|
||||
|
|
|
@ -11,14 +11,14 @@ sinclude(dnscrypt/dnscrypt.m4)
|
|||
# must be numbers. ac_defun because of later processing
|
||||
m4_define([VERSION_MAJOR],[1])
|
||||
m4_define([VERSION_MINOR],[16])
|
||||
m4_define([VERSION_MICRO],[1])
|
||||
m4_define([VERSION_MICRO],[2])
|
||||
AC_INIT([unbound],m4_defn([VERSION_MAJOR]).m4_defn([VERSION_MINOR]).m4_defn([VERSION_MICRO]),[unbound-bugs@nlnetlabs.nl or https://github.com/NLnetLabs/unbound/issues],[unbound])
|
||||
AC_SUBST(UNBOUND_VERSION_MAJOR, [VERSION_MAJOR])
|
||||
AC_SUBST(UNBOUND_VERSION_MINOR, [VERSION_MINOR])
|
||||
AC_SUBST(UNBOUND_VERSION_MICRO, [VERSION_MICRO])
|
||||
|
||||
LIBUNBOUND_CURRENT=9
|
||||
LIBUNBOUND_REVISION=17
|
||||
LIBUNBOUND_REVISION=18
|
||||
LIBUNBOUND_AGE=1
|
||||
# 1.0.0 had 0:12:0
|
||||
# 1.0.1 had 0:13:0
|
||||
|
@ -103,6 +103,7 @@ LIBUNBOUND_AGE=1
|
|||
# 1.15.0 had 9:15:1
|
||||
# 1.16.0 had 9:16:1
|
||||
# 1.16.1 had 9:17:1
|
||||
# 1.16.2 had 9:18:1
|
||||
|
||||
# Current -- the number of the binary API that we're implementing
|
||||
# Revision -- which iteration of the implementation of the binary
|
||||
|
|
|
@ -679,7 +679,8 @@ load_msg(RES* ssl, sldns_buffer* buf, struct worker* worker)
|
|||
if(!go_on)
|
||||
return 1; /* skip this one, not all references satisfied */
|
||||
|
||||
if(!dns_cache_store(&worker->env, &qinf, &rep, 0, 0, 0, NULL, flags)) {
|
||||
if(!dns_cache_store(&worker->env, &qinf, &rep, 0, 0, 0, NULL, flags,
|
||||
*worker->env.now)) {
|
||||
log_warn("error out of memory");
|
||||
return 0;
|
||||
}
|
||||
|
@ -850,7 +851,7 @@ int print_deleg_lookup(RES* ssl, struct worker* worker, uint8_t* nm,
|
|||
while(1) {
|
||||
dp = dns_cache_find_delegation(&worker->env, nm, nmlen,
|
||||
qinfo.qtype, qinfo.qclass, region, &msg,
|
||||
*worker->env.now);
|
||||
*worker->env.now, 0, NULL, 0);
|
||||
if(!dp) {
|
||||
return ssl_printf(ssl, "no delegation from "
|
||||
"cache; goes to configured roots\n");
|
||||
|
|
|
@ -459,7 +459,7 @@ answer_norec_from_cache(struct worker* worker, struct query_info* qinfo,
|
|||
|
||||
dp = dns_cache_find_delegation(&worker->env, qinfo->qname,
|
||||
qinfo->qname_len, qinfo->qtype, qinfo->qclass,
|
||||
worker->scratchpad, &msg, timenow);
|
||||
worker->scratchpad, &msg, timenow, 0, NULL, 0);
|
||||
if(!dp) { /* no delegation, need to reprime */
|
||||
return 0;
|
||||
}
|
||||
|
|
|
@ -652,7 +652,7 @@ handle_event_moddone(struct module_qstate* qstate, int id)
|
|||
if ( (!iq || !iq->started_no_cache_store) &&
|
||||
qstate->return_msg && qstate->return_msg->rep &&
|
||||
!dns_cache_store(qstate->env, &qstate->qinfo, qstate->return_msg->rep,
|
||||
0, 0, 0, NULL, qstate->query_flags))
|
||||
0, 0, 0, NULL, qstate->query_flags, qstate->qstarttime))
|
||||
log_err("out of memory");
|
||||
|
||||
/* do nothing */
|
||||
|
@ -991,7 +991,7 @@ dns64_inform_super(struct module_qstate* qstate, int id,
|
|||
/* Store the generated response in cache. */
|
||||
if ( (!super_dq || !super_dq->started_no_cache_store) &&
|
||||
!dns_cache_store(super->env, &super->qinfo, super->return_msg->rep,
|
||||
0, 0, 0, NULL, super->query_flags))
|
||||
0, 0, 0, NULL, super->query_flags, qstate->qstarttime))
|
||||
log_err("out of memory");
|
||||
}
|
||||
|
||||
|
|
|
@ -1,3 +1,30 @@
|
|||
1 August 2022: Wouter
|
||||
- Fix the novel ghost domain issues CVE-2022-30698 and CVE-2022-30699.
|
||||
- Tests for ghost domain fixes.
|
||||
|
||||
19 July 2022: George
|
||||
- Update documentation for 'outbound-msg-retry:'.
|
||||
|
||||
19 July 2022: Wouter
|
||||
- Merge #718: Introduce infra-cache-max-rtt option to config max
|
||||
retransmit timeout.
|
||||
|
||||
15 July 2022: Wouter
|
||||
- Merge PR 714: Avoid treat normal hosts as unresponsive servers.
|
||||
And fixup the lock code.
|
||||
- iana portlist update.
|
||||
|
||||
12 July 2022: George
|
||||
- For windows crosscompile, fix setting the IPV6_MTU socket option
|
||||
equivalent (IPV6_USER_MTU); allows cross compiling with latest
|
||||
cross-compiler versions.
|
||||
|
||||
12 July 2022: Wouter
|
||||
- Fix dname count in sldns parse type descriptor for SVCB and HTTPS.
|
||||
|
||||
11 July 2022: Wouter
|
||||
- Fix verbose EDE error printout.
|
||||
|
||||
4 July 2022: George
|
||||
- Fix bug introduced in 'improve val_sigcrypt.c::algo_needs_missing for
|
||||
one loop pass'.
|
||||
|
@ -5,7 +32,8 @@
|
|||
outbound tcp sockets.
|
||||
|
||||
4 July 2022: Wouter
|
||||
- Tag for 1.16.1rc1 release.
|
||||
- Tag for 1.16.1rc1 release. This became 1.16.1 on 11 July 2022.
|
||||
The code repo continues with version 1.16.2 under development.
|
||||
|
||||
3 July 2022: George
|
||||
- Merge PR #671 from Petr Menšík: Disable ED25519 and ED448 in FIPS
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
README for Unbound 1.16.1
|
||||
README for Unbound 1.16.2
|
||||
Copyright 2007 NLnet Labs
|
||||
http://unbound.net
|
||||
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
#
|
||||
# Example configuration file.
|
||||
#
|
||||
# See unbound.conf(5) man page, version 1.16.1.
|
||||
# See unbound.conf(5) man page, version 1.16.2.
|
||||
#
|
||||
# this is a comment.
|
||||
|
||||
|
@ -168,7 +168,8 @@ server:
|
|||
# perform connect for UDP sockets to mitigate ICMP side channel.
|
||||
# udp-connect: yes
|
||||
|
||||
# The number of retries when a non-positive response is received.
|
||||
# The number of retries, per upstream nameserver in a delegation, when
|
||||
# a throwaway response (also timeouts) is received.
|
||||
# outbound-msg-retry: 5
|
||||
|
||||
# msec for waiting for an unknown server to reply. Increase if you
|
||||
|
@ -202,6 +203,9 @@ server:
|
|||
# minimum wait time for responses, increase if uplink is long. In msec.
|
||||
# infra-cache-min-rtt: 50
|
||||
|
||||
# maximum wait time for responses. In msec.
|
||||
# infra-cache-max-rtt: 120000
|
||||
|
||||
# enable to make server probe down hosts more frequently.
|
||||
# infra-keep-probing: no
|
||||
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
.TH "libunbound" "3" "Jul 11, 2022" "NLnet Labs" "unbound 1.16.1"
|
||||
.TH "libunbound" "3" "Aug 1, 2022" "NLnet Labs" "unbound 1.16.2"
|
||||
.\"
|
||||
.\" libunbound.3 -- unbound library functions manual
|
||||
.\"
|
||||
|
@ -44,7 +44,7 @@
|
|||
.B ub_ctx_zone_remove,
|
||||
.B ub_ctx_data_add,
|
||||
.B ub_ctx_data_remove
|
||||
\- Unbound DNS validating resolver 1.16.1 functions.
|
||||
\- Unbound DNS validating resolver 1.16.2 functions.
|
||||
.SH "SYNOPSIS"
|
||||
.B #include <unbound.h>
|
||||
.LP
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
.TH "unbound-anchor" "8" "Jul 11, 2022" "NLnet Labs" "unbound 1.16.1"
|
||||
.TH "unbound-anchor" "8" "Aug 1, 2022" "NLnet Labs" "unbound 1.16.2"
|
||||
.\"
|
||||
.\" unbound-anchor.8 -- unbound anchor maintenance utility manual
|
||||
.\"
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
.TH "unbound-checkconf" "8" "Jul 11, 2022" "NLnet Labs" "unbound 1.16.1"
|
||||
.TH "unbound-checkconf" "8" "Aug 1, 2022" "NLnet Labs" "unbound 1.16.2"
|
||||
.\"
|
||||
.\" unbound-checkconf.8 -- unbound configuration checker manual
|
||||
.\"
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
.TH "unbound-control" "8" "Jul 11, 2022" "NLnet Labs" "unbound 1.16.1"
|
||||
.TH "unbound-control" "8" "Aug 1, 2022" "NLnet Labs" "unbound 1.16.2"
|
||||
.\"
|
||||
.\" unbound-control.8 -- unbound remote control manual
|
||||
.\"
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
.TH "unbound\-host" "1" "Jul 11, 2022" "NLnet Labs" "unbound 1.16.1"
|
||||
.TH "unbound\-host" "1" "Aug 1, 2022" "NLnet Labs" "unbound 1.16.2"
|
||||
.\"
|
||||
.\" unbound-host.1 -- unbound DNS lookup utility
|
||||
.\"
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
.TH "unbound" "8" "Jul 11, 2022" "NLnet Labs" "unbound 1.16.1"
|
||||
.TH "unbound" "8" "Aug 1, 2022" "NLnet Labs" "unbound 1.16.2"
|
||||
.\"
|
||||
.\" unbound.8 -- unbound manual
|
||||
.\"
|
||||
|
@ -9,7 +9,7 @@
|
|||
.\"
|
||||
.SH "NAME"
|
||||
.B unbound
|
||||
\- Unbound DNS validating resolver 1.16.1.
|
||||
\- Unbound DNS validating resolver 1.16.2.
|
||||
.SH "SYNOPSIS"
|
||||
.B unbound
|
||||
.RB [ \-h ]
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
.TH "unbound.conf" "5" "Jul 11, 2022" "NLnet Labs" "unbound 1.16.1"
|
||||
.TH "unbound.conf" "5" "Aug 1, 2022" "NLnet Labs" "unbound 1.16.2"
|
||||
.\"
|
||||
.\" unbound.conf.5 -- unbound.conf manual
|
||||
.\"
|
||||
|
@ -395,6 +395,10 @@ Lower limit for dynamic retransmit timeout calculation in infrastructure
|
|||
cache. Default is 50 milliseconds. Increase this value if using forwarders
|
||||
needing more time to do recursive name resolution.
|
||||
.TP
|
||||
.B infra\-cache\-max\-rtt: \fI<msec>
|
||||
Upper limit for dynamic retransmit timeout calculation in infrastructure
|
||||
cache. Default is 2 minutes.
|
||||
.TP
|
||||
.B infra\-keep\-probing: \fI<yes or no>
|
||||
If enabled the server keeps probing hosts that are down, in the one probe
|
||||
at a time regime. Default is no. Hosts that are down, eg. they did
|
||||
|
@ -1758,9 +1762,12 @@ set ip\-ratelimit to a suspicious rate to aggressively limit unusually high
|
|||
traffic. Default is off.
|
||||
.TP 5
|
||||
.B outbound\-msg\-retry: \fI<number>
|
||||
The number of retries Unbound will do in case of a non positive response is
|
||||
received. If a forward nameserver is used, this is the number of retries per
|
||||
forward nameserver in case of throwaway response.
|
||||
The number of retries, per upstream nameserver in a delegation, that Unbound
|
||||
will attempt in case a throwaway response is received.
|
||||
No response (timeout) contributes to the retry counter.
|
||||
If a forward/stub zone is used, this is the number of retries per nameserver in
|
||||
the zone.
|
||||
Default is 5.
|
||||
.TP 5
|
||||
.B fast\-server\-permil: \fI<number>
|
||||
Specify how many times out of 1000 to pick from the set of fastest servers.
|
||||
|
|
|
@ -456,7 +456,7 @@ ipsecmod_handle_query(struct module_qstate* qstate,
|
|||
/* Store A/AAAA in cache. */
|
||||
if(!dns_cache_store(qstate->env, &qstate->qinfo,
|
||||
qstate->return_msg->rep, 0, qstate->prefetch_leeway,
|
||||
0, qstate->region, qstate->query_flags)) {
|
||||
0, qstate->region, qstate->query_flags, qstate->qstarttime)) {
|
||||
log_err("ipsecmod: out of memory caching record");
|
||||
}
|
||||
qstate->ext_state[id] = module_finished;
|
||||
|
|
|
@ -70,8 +70,6 @@
|
|||
|
||||
/** time when nameserver glue is said to be 'recent' */
|
||||
#define SUSPICION_RECENT_EXPIRY 86400
|
||||
/** penalty to validation failed blacklisted IPs */
|
||||
#define BLACKLIST_PENALTY (USEFUL_SERVER_TOP_TIMEOUT*4)
|
||||
|
||||
/** fillup fetch policy array */
|
||||
static void
|
||||
|
@ -661,10 +659,10 @@ dns_copy_msg(struct dns_msg* from, struct regional* region)
|
|||
void
|
||||
iter_dns_store(struct module_env* env, struct query_info* msgqinf,
|
||||
struct reply_info* msgrep, int is_referral, time_t leeway, int pside,
|
||||
struct regional* region, uint16_t flags)
|
||||
struct regional* region, uint16_t flags, time_t qstarttime)
|
||||
{
|
||||
if(!dns_cache_store(env, msgqinf, msgrep, is_referral, leeway,
|
||||
pside, region, flags))
|
||||
pside, region, flags, qstarttime))
|
||||
log_err("out of memory: cannot store data in cache");
|
||||
}
|
||||
|
||||
|
|
|
@ -132,6 +132,7 @@ struct dns_msg* dns_copy_msg(struct dns_msg* from, struct regional* regional);
|
|||
* can be prefetch-updates.
|
||||
* @param region: to copy modified (cache is better) rrs back to.
|
||||
* @param flags: with BIT_CD for dns64 AAAA translated queries.
|
||||
* @param qstarttime: time of query start.
|
||||
* return void, because we are not interested in alloc errors,
|
||||
* the iterator and validator can operate on the results in their
|
||||
* scratch space (the qstate.region) and are not dependent on the cache.
|
||||
|
@ -140,7 +141,7 @@ struct dns_msg* dns_copy_msg(struct dns_msg* from, struct regional* regional);
|
|||
*/
|
||||
void iter_dns_store(struct module_env* env, struct query_info* qinf,
|
||||
struct reply_info* rep, int is_referral, time_t leeway, int pside,
|
||||
struct regional* region, uint16_t flags);
|
||||
struct regional* region, uint16_t flags, time_t qstarttime);
|
||||
|
||||
/**
|
||||
* Select randomly with n/m probability.
|
||||
|
|
|
@ -71,6 +71,10 @@
|
|||
|
||||
/* in msec */
|
||||
int UNKNOWN_SERVER_NICENESS = 376;
|
||||
/* in msec */
|
||||
int USEFUL_SERVER_TOP_TIMEOUT = 120000;
|
||||
/* Equals USEFUL_SERVER_TOP_TIMEOUT*4 */
|
||||
int BLACKLIST_PENALTY = (120000*4);
|
||||
|
||||
static void target_count_increase_nx(struct iter_qstate* iq, int num);
|
||||
|
||||
|
@ -371,7 +375,7 @@ error_response_cache(struct module_qstate* qstate, int id, int rcode)
|
|||
err.security = sec_status_indeterminate;
|
||||
verbose(VERB_ALGO, "store error response in message cache");
|
||||
iter_dns_store(qstate->env, &qstate->qinfo, &err, 0, 0, 0, NULL,
|
||||
qstate->query_flags);
|
||||
qstate->query_flags, qstate->qstarttime);
|
||||
}
|
||||
return error_response(qstate, id, rcode);
|
||||
}
|
||||
|
@ -1485,7 +1489,8 @@ processInitRequest(struct module_qstate* qstate, struct iter_qstate* iq,
|
|||
iq->dp = dns_cache_find_delegation(qstate->env, delname,
|
||||
delnamelen, iq->qchase.qtype, iq->qchase.qclass,
|
||||
qstate->region, &iq->deleg_msg,
|
||||
*qstate->env->now+qstate->prefetch_leeway);
|
||||
*qstate->env->now+qstate->prefetch_leeway, 1,
|
||||
dpname, dpnamelen);
|
||||
else iq->dp = NULL;
|
||||
|
||||
/* If the cache has returned nothing, then we have a
|
||||
|
@ -1777,7 +1782,8 @@ generate_parentside_target_query(struct module_qstate* qstate,
|
|||
subiq->dp = dns_cache_find_delegation(qstate->env,
|
||||
name, namelen, qtype, qclass, subq->region,
|
||||
&subiq->deleg_msg,
|
||||
*qstate->env->now+subq->prefetch_leeway);
|
||||
*qstate->env->now+subq->prefetch_leeway,
|
||||
1, NULL, 0);
|
||||
/* if no dp, then it's from root, refetch unneeded */
|
||||
if(subiq->dp) {
|
||||
subiq->dnssec_expected = iter_indicates_dnssec(
|
||||
|
@ -2943,7 +2949,8 @@ processQueryResponse(struct module_qstate* qstate, struct iter_qstate* iq,
|
|||
iq->qchase.qtype != iq->response->qinfo.qtype,
|
||||
qstate->prefetch_leeway,
|
||||
iq->dp&&iq->dp->has_parent_side_NS,
|
||||
qstate->region, qstate->query_flags);
|
||||
qstate->region, qstate->query_flags,
|
||||
qstate->qstarttime);
|
||||
/* close down outstanding requests to be discarded */
|
||||
outbound_list_clear(&iq->outlist);
|
||||
iq->num_current_queries = 0;
|
||||
|
@ -3032,7 +3039,8 @@ processQueryResponse(struct module_qstate* qstate, struct iter_qstate* iq,
|
|||
/* Store the referral under the current query */
|
||||
/* no prefetch-leeway, since its not the answer */
|
||||
iter_dns_store(qstate->env, &iq->response->qinfo,
|
||||
iq->response->rep, 1, 0, 0, NULL, 0);
|
||||
iq->response->rep, 1, 0, 0, NULL, 0,
|
||||
qstate->qstarttime);
|
||||
if(iq->store_parent_NS)
|
||||
iter_store_parentside_NS(qstate->env,
|
||||
iq->response->rep);
|
||||
|
@ -3146,7 +3154,7 @@ processQueryResponse(struct module_qstate* qstate, struct iter_qstate* iq,
|
|||
iter_dns_store(qstate->env, &iq->response->qinfo,
|
||||
iq->response->rep, 1, qstate->prefetch_leeway,
|
||||
iq->dp&&iq->dp->has_parent_side_NS, NULL,
|
||||
qstate->query_flags);
|
||||
qstate->query_flags, qstate->qstarttime);
|
||||
/* set the current request's qname to the new value. */
|
||||
iq->qchase.qname = sname;
|
||||
iq->qchase.qname_len = snamelen;
|
||||
|
@ -3752,7 +3760,8 @@ processFinished(struct module_qstate* qstate, struct iter_qstate* iq,
|
|||
iter_dns_store(qstate->env, &qstate->qinfo,
|
||||
iq->response->rep, 0, qstate->prefetch_leeway,
|
||||
iq->dp&&iq->dp->has_parent_side_NS,
|
||||
qstate->region, qstate->query_flags);
|
||||
qstate->region, qstate->query_flags,
|
||||
qstate->qstarttime);
|
||||
}
|
||||
}
|
||||
qstate->return_rcode = LDNS_RCODE_NOERROR;
|
||||
|
|
|
@ -94,15 +94,17 @@ struct rbtree_type;
|
|||
extern int UNKNOWN_SERVER_NICENESS;
|
||||
/** maximum timeout before a host is deemed unsuitable, in msec.
|
||||
* After host_ttl this will be timed out and the host will be tried again.
|
||||
* Equals RTT_MAX_TIMEOUT
|
||||
*/
|
||||
#define USEFUL_SERVER_TOP_TIMEOUT 120000
|
||||
* Equals RTT_MAX_TIMEOUT, and thus when RTT_MAX_TIMEOUT is overwritten by
|
||||
* config infra_cache_max_rtt, it will be overwritten as well. */
|
||||
extern int USEFUL_SERVER_TOP_TIMEOUT;
|
||||
/** penalty to validation failed blacklisted IPs
|
||||
* Equals USEFUL_SERVER_TOP_TIMEOUT*4, and thus when RTT_MAX_TIMEOUT is
|
||||
* overwritten by config infra_cache_max_rtt, it will be overwritten as well. */
|
||||
extern int BLACKLIST_PENALTY;
|
||||
/** RTT band, within this amount from the best, servers are chosen randomly.
|
||||
* Chosen so that the UNKNOWN_SERVER_NICENESS falls within the band of a
|
||||
* fast server, this causes server exploration as a side benefit. msec. */
|
||||
#define RTT_BAND 400
|
||||
/** Start value for blacklisting a host, 2*USEFUL_SERVER_TOP_TIMEOUT in sec */
|
||||
#define INFRA_BACKOFF_INITIAL 240
|
||||
|
||||
/**
|
||||
* Global state for the iterator.
|
||||
|
|
|
@ -1375,7 +1375,8 @@ int set_return_msg(struct module_qstate* qstate,
|
|||
/* Functions which we will need to lookup delegations */
|
||||
struct delegpt* dns_cache_find_delegation(struct module_env* env,
|
||||
uint8_t* qname, size_t qnamelen, uint16_t qtype, uint16_t qclass,
|
||||
struct regional* region, struct dns_msg** msg, uint32_t timenow);
|
||||
struct regional* region, struct dns_msg** msg, uint32_t timenow,
|
||||
int noexpiredabove, uint8_t* expiretop, size_t expiretoplen);
|
||||
int iter_dp_is_useless(struct query_info* qinfo, uint16_t qflags,
|
||||
struct delegpt* dp, int supports_ipv4, int supports_ipv6);
|
||||
struct iter_hints_stub* hints_lookup_stub(struct iter_hints* hints,
|
||||
|
@ -1404,7 +1405,7 @@ struct delegpt* find_delegation(struct module_qstate* qstate, char *nm, size_t n
|
|||
qinfo.qclass = LDNS_RR_CLASS_IN;
|
||||
|
||||
while(1) {
|
||||
dp = dns_cache_find_delegation(qstate->env, (uint8_t*)nm, nmlen, qinfo.qtype, qinfo.qclass, region, &msg, timenow);
|
||||
dp = dns_cache_find_delegation(qstate->env, (uint8_t*)nm, nmlen, qinfo.qtype, qinfo.qclass, region, &msg, timenow, 0, NULL, 0);
|
||||
if(!dp)
|
||||
return NULL;
|
||||
if(iter_dp_is_useless(&qinfo, BIT_RD, dp,
|
||||
|
|
|
@ -72,7 +72,8 @@ int storeQueryInCache(struct module_qstate* qstate, struct query_info* qinfo,
|
|||
}
|
||||
|
||||
return dns_cache_store(qstate->env, qinfo, msgrep, is_referral,
|
||||
qstate->prefetch_leeway, 0, NULL, qstate->query_flags);
|
||||
qstate->prefetch_leeway, 0, NULL, qstate->query_flags,
|
||||
qstate->qstarttime);
|
||||
}
|
||||
|
||||
/* Invalidate the message associated with query_info stored in message cache */
|
||||
|
|
|
@ -8189,7 +8189,6 @@ auth_zone_verify_zonemd_key_with_ds(struct auth_zone* z,
|
|||
keystorage->rk.type = htons(LDNS_RR_TYPE_DNSKEY);
|
||||
keystorage->rk.rrset_class = htons(z->dclass);
|
||||
auth_zone_log(z->name, VERB_QUERY, "zonemd: verify zone DNSKEY with DS");
|
||||
// @TODO add EDE here? we currently just pass NULL
|
||||
sec = val_verify_DNSKEY_with_DS(env, ve, keystorage, ds, sigalg,
|
||||
why_bogus, NULL, NULL);
|
||||
regional_free_all(env->scratch);
|
||||
|
|
111
services/cache/dns.c
vendored
111
services/cache/dns.c
vendored
|
@ -68,11 +68,16 @@
|
|||
* in a prefetch situation to be updated (without becoming sticky).
|
||||
* @param qrep: update rrsets here if cache is better
|
||||
* @param region: for qrep allocs.
|
||||
* @param qstarttime: time when delegations were looked up, this is perhaps
|
||||
* earlier than the time in now. The time is used to determine if RRsets
|
||||
* of type NS have expired, so that they can only be updated using
|
||||
* lookups of delegation points that did not use them, since they had
|
||||
* expired then.
|
||||
*/
|
||||
static void
|
||||
store_rrsets(struct module_env* env, struct reply_info* rep, time_t now,
|
||||
time_t leeway, int pside, struct reply_info* qrep,
|
||||
struct regional* region)
|
||||
struct regional* region, time_t qstarttime)
|
||||
{
|
||||
size_t i;
|
||||
/* see if rrset already exists in cache, if not insert it. */
|
||||
|
@ -81,8 +86,8 @@ store_rrsets(struct module_env* env, struct reply_info* rep, time_t now,
|
|||
rep->ref[i].id = rep->rrsets[i]->id;
|
||||
/* update ref if it was in the cache */
|
||||
switch(rrset_cache_update(env->rrset_cache, &rep->ref[i],
|
||||
env->alloc, now + ((ntohs(rep->ref[i].key->rk.type)==
|
||||
LDNS_RR_TYPE_NS && !pside)?0:leeway))) {
|
||||
env->alloc, ((ntohs(rep->ref[i].key->rk.type)==
|
||||
LDNS_RR_TYPE_NS && !pside)?qstarttime:now + leeway))) {
|
||||
case 0: /* ref unchanged, item inserted */
|
||||
break;
|
||||
case 2: /* ref updated, cache is superior */
|
||||
|
@ -155,7 +160,8 @@ msg_del_servfail(struct module_env* env, struct query_info* qinfo,
|
|||
void
|
||||
dns_cache_store_msg(struct module_env* env, struct query_info* qinfo,
|
||||
hashvalue_type hash, struct reply_info* rep, time_t leeway, int pside,
|
||||
struct reply_info* qrep, uint32_t flags, struct regional* region)
|
||||
struct reply_info* qrep, uint32_t flags, struct regional* region,
|
||||
time_t qstarttime)
|
||||
{
|
||||
struct msgreply_entry* e;
|
||||
time_t ttl = rep->ttl;
|
||||
|
@ -170,7 +176,8 @@ dns_cache_store_msg(struct module_env* env, struct query_info* qinfo,
|
|||
/* there was a reply_info_sortref(rep) here but it seems to be
|
||||
* unnecessary, because the cache gets locked per rrset. */
|
||||
reply_info_set_ttls(rep, *env->now);
|
||||
store_rrsets(env, rep, *env->now, leeway, pside, qrep, region);
|
||||
store_rrsets(env, rep, *env->now, leeway, pside, qrep, region,
|
||||
qstarttime);
|
||||
if(ttl == 0 && !(flags & DNSCACHE_STORE_ZEROTTL)) {
|
||||
/* we do not store the message, but we did store the RRs,
|
||||
* which could be useful for delegation information */
|
||||
|
@ -194,10 +201,51 @@ dns_cache_store_msg(struct module_env* env, struct query_info* qinfo,
|
|||
slabhash_insert(env->msg_cache, hash, &e->entry, rep, env->alloc);
|
||||
}
|
||||
|
||||
/** see if an rrset is expired above the qname, return upper qname. */
|
||||
static int
|
||||
rrset_expired_above(struct module_env* env, uint8_t** qname, size_t* qnamelen,
|
||||
uint16_t searchtype, uint16_t qclass, time_t now, uint8_t* expiretop,
|
||||
size_t expiretoplen)
|
||||
{
|
||||
struct ub_packed_rrset_key *rrset;
|
||||
uint8_t lablen;
|
||||
|
||||
while(*qnamelen > 0) {
|
||||
/* look one label higher */
|
||||
lablen = **qname;
|
||||
*qname += lablen + 1;
|
||||
*qnamelen -= lablen + 1;
|
||||
if(*qnamelen <= 0)
|
||||
break;
|
||||
|
||||
/* looks up with a time of 0, to see expired entries */
|
||||
if((rrset = rrset_cache_lookup(env->rrset_cache, *qname,
|
||||
*qnamelen, searchtype, qclass, 0, 0, 0))) {
|
||||
struct packed_rrset_data* data =
|
||||
(struct packed_rrset_data*)rrset->entry.data;
|
||||
if(now > data->ttl) {
|
||||
/* it is expired, this is not wanted */
|
||||
lock_rw_unlock(&rrset->entry.lock);
|
||||
log_nametypeclass(VERB_ALGO, "this rrset is expired", *qname, searchtype, qclass);
|
||||
return 1;
|
||||
}
|
||||
/* it is not expired, continue looking */
|
||||
lock_rw_unlock(&rrset->entry.lock);
|
||||
}
|
||||
|
||||
/* do not look above the expiretop. */
|
||||
if(expiretop && *qnamelen == expiretoplen &&
|
||||
query_dname_compare(*qname, expiretop)==0)
|
||||
break;
|
||||
}
|
||||
return 0;
|
||||
}
|
||||
|
||||
/** find closest NS or DNAME and returns the rrset (locked) */
|
||||
static struct ub_packed_rrset_key*
|
||||
find_closest_of_type(struct module_env* env, uint8_t* qname, size_t qnamelen,
|
||||
uint16_t qclass, time_t now, uint16_t searchtype, int stripfront)
|
||||
uint16_t qclass, time_t now, uint16_t searchtype, int stripfront,
|
||||
int noexpiredabove, uint8_t* expiretop, size_t expiretoplen)
|
||||
{
|
||||
struct ub_packed_rrset_key *rrset;
|
||||
uint8_t lablen;
|
||||
|
@ -212,8 +260,40 @@ find_closest_of_type(struct module_env* env, uint8_t* qname, size_t qnamelen,
|
|||
/* snip off front part of qname until the type is found */
|
||||
while(qnamelen > 0) {
|
||||
if((rrset = rrset_cache_lookup(env->rrset_cache, qname,
|
||||
qnamelen, searchtype, qclass, 0, now, 0)))
|
||||
return rrset;
|
||||
qnamelen, searchtype, qclass, 0, now, 0))) {
|
||||
uint8_t* origqname = qname;
|
||||
size_t origqnamelen = qnamelen;
|
||||
if(!noexpiredabove)
|
||||
return rrset;
|
||||
/* if expiretop set, do not look above it, but
|
||||
* qname is equal, so the just found result is also
|
||||
* the nonexpired above part. */
|
||||
if(expiretop && qnamelen == expiretoplen &&
|
||||
query_dname_compare(qname, expiretop)==0)
|
||||
return rrset;
|
||||
/* check for expiry, but we have to let go of the rrset
|
||||
* for the lock ordering */
|
||||
lock_rw_unlock(&rrset->entry.lock);
|
||||
/* the expired_above function always takes off one
|
||||
* label (if qnamelen>0) and returns the final qname
|
||||
* where it searched, so we can continue from there
|
||||
* turning the O N*N search into O N. */
|
||||
if(!rrset_expired_above(env, &qname, &qnamelen,
|
||||
searchtype, qclass, now, expiretop,
|
||||
expiretoplen)) {
|
||||
/* we want to return rrset, but it may be
|
||||
* gone from cache, if so, just loop like
|
||||
* it was not in the cache in the first place.
|
||||
*/
|
||||
if((rrset = rrset_cache_lookup(env->
|
||||
rrset_cache, origqname, origqnamelen,
|
||||
searchtype, qclass, 0, now, 0))) {
|
||||
return rrset;
|
||||
}
|
||||
}
|
||||
log_nametypeclass(VERB_ALGO, "ignoring rrset because expired rrsets exist above it", origqname, searchtype, qclass);
|
||||
continue;
|
||||
}
|
||||
|
||||
/* snip off front label */
|
||||
lablen = *qname;
|
||||
|
@ -462,7 +542,8 @@ dns_msg_ansadd(struct dns_msg* msg, struct regional* region,
|
|||
struct delegpt*
|
||||
dns_cache_find_delegation(struct module_env* env, uint8_t* qname,
|
||||
size_t qnamelen, uint16_t qtype, uint16_t qclass,
|
||||
struct regional* region, struct dns_msg** msg, time_t now)
|
||||
struct regional* region, struct dns_msg** msg, time_t now,
|
||||
int noexpiredabove, uint8_t* expiretop, size_t expiretoplen)
|
||||
{
|
||||
/* try to find closest NS rrset */
|
||||
struct ub_packed_rrset_key* nskey;
|
||||
|
@ -470,7 +551,7 @@ dns_cache_find_delegation(struct module_env* env, uint8_t* qname,
|
|||
struct delegpt* dp;
|
||||
|
||||
nskey = find_closest_of_type(env, qname, qnamelen, qclass, now,
|
||||
LDNS_RR_TYPE_NS, 0);
|
||||
LDNS_RR_TYPE_NS, 0, noexpiredabove, expiretop, expiretoplen);
|
||||
if(!nskey) /* hope the caller has hints to prime or something */
|
||||
return NULL;
|
||||
nsdata = (struct packed_rrset_data*)nskey->entry.data;
|
||||
|
@ -840,7 +921,7 @@ dns_cache_lookup(struct module_env* env,
|
|||
* consistent with the DNAME */
|
||||
if(!no_partial &&
|
||||
(rrset=find_closest_of_type(env, qname, qnamelen, qclass, now,
|
||||
LDNS_RR_TYPE_DNAME, 1))) {
|
||||
LDNS_RR_TYPE_DNAME, 1, 0, NULL, 0))) {
|
||||
/* synthesize a DNAME+CNAME message based on this */
|
||||
enum sec_status sec_status = sec_status_unchecked;
|
||||
struct dns_msg* msg = synth_dname_msg(rrset, region, now, &k,
|
||||
|
@ -973,7 +1054,7 @@ dns_cache_lookup(struct module_env* env,
|
|||
int
|
||||
dns_cache_store(struct module_env* env, struct query_info* msgqinf,
|
||||
struct reply_info* msgrep, int is_referral, time_t leeway, int pside,
|
||||
struct regional* region, uint32_t flags)
|
||||
struct regional* region, uint32_t flags, time_t qstarttime)
|
||||
{
|
||||
struct reply_info* rep = NULL;
|
||||
/* alloc, malloc properly (not in region, like msg is) */
|
||||
|
@ -996,9 +1077,9 @@ dns_cache_store(struct module_env* env, struct query_info* msgqinf,
|
|||
/*ignore ret: it was in the cache, ref updated */
|
||||
/* no leeway for typeNS */
|
||||
(void)rrset_cache_update(env->rrset_cache, &ref,
|
||||
env->alloc, *env->now +
|
||||
env->alloc,
|
||||
((ntohs(ref.key->rk.type)==LDNS_RR_TYPE_NS
|
||||
&& !pside) ? 0:leeway));
|
||||
&& !pside) ? qstarttime:*env->now + leeway));
|
||||
}
|
||||
free(rep);
|
||||
return 1;
|
||||
|
@ -1020,7 +1101,7 @@ dns_cache_store(struct module_env* env, struct query_info* msgqinf,
|
|||
rep->flags &= ~(BIT_AA | BIT_CD);
|
||||
h = query_info_hash(&qinf, (uint16_t)flags);
|
||||
dns_cache_store_msg(env, &qinf, h, rep, leeway, pside, msgrep,
|
||||
flags, region);
|
||||
flags, region, qstarttime);
|
||||
/* qname is used inside query_info_entrysetup, and set to
|
||||
* NULL. If it has not been used, free it. free(0) is safe. */
|
||||
free(qinf.qname);
|
||||
|
|
18
services/cache/dns.h
vendored
18
services/cache/dns.h
vendored
|
@ -88,11 +88,13 @@ struct dns_msg {
|
|||
* @param flags: flags with BIT_CD for AAAA queries in dns64 translation.
|
||||
* The higher 16 bits are used internally to customize the cache policy.
|
||||
* (See DNSCACHE_STORE_xxx flags).
|
||||
* @param qstarttime: time when the query was started, and thus when the
|
||||
* delegations were looked up.
|
||||
* @return 0 on alloc error (out of memory).
|
||||
*/
|
||||
int dns_cache_store(struct module_env* env, struct query_info* qinf,
|
||||
struct reply_info* rep, int is_referral, time_t leeway, int pside,
|
||||
struct regional* region, uint32_t flags);
|
||||
struct regional* region, uint32_t flags, time_t qstarttime);
|
||||
|
||||
/**
|
||||
* Store message in the cache. Stores in message cache and rrset cache.
|
||||
|
@ -112,11 +114,14 @@ int dns_cache_store(struct module_env* env, struct query_info* qinf,
|
|||
* can be updated to full TTL even in prefetch situations.
|
||||
* @param qrep: message that can be altered with better rrs from cache.
|
||||
* @param flags: customization flags for the cache policy.
|
||||
* @param qstarttime: time when the query was started, and thus when the
|
||||
* delegations were looked up.
|
||||
* @param region: to allocate into for qmsg.
|
||||
*/
|
||||
void dns_cache_store_msg(struct module_env* env, struct query_info* qinfo,
|
||||
hashvalue_type hash, struct reply_info* rep, time_t leeway, int pside,
|
||||
struct reply_info* qrep, uint32_t flags, struct regional* region);
|
||||
struct reply_info* qrep, uint32_t flags, struct regional* region,
|
||||
time_t qstarttime);
|
||||
|
||||
/**
|
||||
* Find a delegation from the cache.
|
||||
|
@ -129,11 +134,18 @@ void dns_cache_store_msg(struct module_env* env, struct query_info* qinfo,
|
|||
* @param msg: if not NULL, delegation message is returned here, synthesized
|
||||
* from the cache.
|
||||
* @param timenow: the time now, for checking if TTL on cache entries is OK.
|
||||
* @param noexpiredabove: if set, no expired NS rrsets above the one found
|
||||
* are tolerated. It only returns delegations where the delegations above
|
||||
* it are valid.
|
||||
* @param expiretop: if not NULL, name where check for expiry ends for
|
||||
* noexpiredabove.
|
||||
* @param expiretoplen: length of expiretop dname.
|
||||
* @return new delegation or NULL on error or if not found in cache.
|
||||
*/
|
||||
struct delegpt* dns_cache_find_delegation(struct module_env* env,
|
||||
uint8_t* qname, size_t qnamelen, uint16_t qtype, uint16_t qclass,
|
||||
struct regional* region, struct dns_msg** msg, time_t timenow);
|
||||
struct regional* region, struct dns_msg** msg, time_t timenow,
|
||||
int noexpiredabove, uint8_t* expiretop, size_t expiretoplen);
|
||||
|
||||
/**
|
||||
* generate dns_msg from cached message
|
||||
|
|
6
services/cache/infra.c
vendored
6
services/cache/infra.c
vendored
|
@ -721,13 +721,13 @@ infra_get_lame_rtt(struct infra_cache* infra,
|
|||
else *rtt = USEFUL_SERVER_TOP_TIMEOUT-1000;
|
||||
}
|
||||
}
|
||||
/* expired entry */
|
||||
if(timenow > host->ttl) {
|
||||
/* expired entry */
|
||||
|
||||
/* see if this can be a re-probe of an unresponsive server */
|
||||
/* minus 1000 because that is outside of the RTTBAND, so
|
||||
* blacklisted servers stay blacklisted if this is chosen */
|
||||
if(host->rtt.rto >= USEFUL_SERVER_TOP_TIMEOUT ||
|
||||
infra->infra_keep_probing) {
|
||||
if(host->rtt.rto >= USEFUL_SERVER_TOP_TIMEOUT) {
|
||||
lock_rw_unlock(&e->lock);
|
||||
*rtt = USEFUL_SERVER_TOP_TIMEOUT-1000;
|
||||
*lame = 0;
|
||||
|
|
|
@ -490,6 +490,7 @@ create_udp_sock(int family, int socktype, struct sockaddr* addr,
|
|||
return -1;
|
||||
}
|
||||
# elif defined(IPV6_MTU)
|
||||
# ifndef USE_WINSOCK
|
||||
/*
|
||||
* On Linux, to send no larger than 1280, the PMTUD is
|
||||
* disabled by default for datagrams anyway, so we set
|
||||
|
@ -497,13 +498,27 @@ create_udp_sock(int family, int socktype, struct sockaddr* addr,
|
|||
*/
|
||||
if (setsockopt(s, IPPROTO_IPV6, IPV6_MTU,
|
||||
(void*)&mtu, (socklen_t)sizeof(mtu)) < 0) {
|
||||
log_err("setsockopt(..., IPV6_MTU, ...) failed: %s",
|
||||
log_err("setsockopt(..., IPV6_MTU, ...) failed: %s",
|
||||
sock_strerror(errno));
|
||||
sock_close(s);
|
||||
*noproto = 0;
|
||||
*inuse = 0;
|
||||
return -1;
|
||||
}
|
||||
# elif defined(IPV6_USER_MTU)
|
||||
/* As later versions of the mingw crosscompiler define
|
||||
* IPV6_MTU, do the same for windows but use IPV6_USER_MTU
|
||||
* instead which is writable; IPV6_MTU is readonly there. */
|
||||
if (setsockopt(s, IPPROTO_IPV6, IPV6_USER_MTU,
|
||||
(void*)&mtu, (socklen_t)sizeof(mtu)) < 0) {
|
||||
log_err("setsockopt(..., IPV6_USER_MTU, ...) failed: %s",
|
||||
wsa_strerror(WSAGetLastError()));
|
||||
sock_close(s);
|
||||
*noproto = 0;
|
||||
*inuse = 0;
|
||||
return -1;
|
||||
}
|
||||
# endif /* USE_WINSOCK */
|
||||
# endif /* IPv6 MTU */
|
||||
# if defined(IPV6_MTU_DISCOVER) && defined(IP_PMTUDISC_DONT)
|
||||
# if defined(IP_PMTUDISC_OMIT)
|
||||
|
|
|
@ -954,6 +954,7 @@ mesh_state_create(struct module_env* env, struct query_info* qinfo,
|
|||
mstate->s.no_cache_store = 0;
|
||||
mstate->s.need_refetch = 0;
|
||||
mstate->s.was_ratelimited = 0;
|
||||
mstate->s.qstarttime = *env->now;
|
||||
|
||||
/* init modules */
|
||||
for(i=0; i<env->mesh->mods.num; i++) {
|
||||
|
|
|
@ -381,9 +381,9 @@ static sldns_rr_descriptor rdata_field_descriptors[] = {
|
|||
/* 63 */
|
||||
{LDNS_RR_TYPE_ZONEMD, "ZONEMD", 4, 4, type_zonemd_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
|
||||
/* 64 */
|
||||
{LDNS_RR_TYPE_SVCB, "SVCB", 2, 2, type_svcb_wireformat, LDNS_RDF_TYPE_SVCPARAM, LDNS_RR_NO_COMPRESS, 0 },
|
||||
{LDNS_RR_TYPE_SVCB, "SVCB", 2, 2, type_svcb_wireformat, LDNS_RDF_TYPE_SVCPARAM, LDNS_RR_NO_COMPRESS, 1 },
|
||||
/* 65 */
|
||||
{LDNS_RR_TYPE_HTTPS, "HTTPS", 2, 2, type_svcb_wireformat, LDNS_RDF_TYPE_SVCPARAM, LDNS_RR_NO_COMPRESS, 0 },
|
||||
{LDNS_RR_TYPE_HTTPS, "HTTPS", 2, 2, type_svcb_wireformat, LDNS_RDF_TYPE_SVCPARAM, LDNS_RR_NO_COMPRESS, 1 },
|
||||
{(enum sldns_enum_rr_type)0, "TYPE66", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
|
||||
{(enum sldns_enum_rr_type)0, "TYPE67", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
|
||||
{(enum sldns_enum_rr_type)0, "TYPE68", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
|
||||
|
|
|
@ -1071,7 +1071,7 @@ static int sldns_wire2str_svcparam_mandatory2str(char** s,
|
|||
assert(data_len > 0);
|
||||
|
||||
if (data_len % sizeof(uint16_t))
|
||||
return -1; // wireformat error, data_len must be multiple of shorts
|
||||
return -1; /* wireformat error, data_len must be multiple of shorts */
|
||||
w += sldns_str_print(s, slen, "=");
|
||||
w += sldns_print_svcparamkey(s, slen, sldns_read_uint16(data));
|
||||
data += 2;
|
||||
|
|
309
testdata/iter_ghost_sub.rpl
vendored
Normal file
309
testdata/iter_ghost_sub.rpl
vendored
Normal file
|
@ -0,0 +1,309 @@
|
|||
; config options
|
||||
server:
|
||||
target-fetch-policy: "0 0 0 0 0"
|
||||
qname-minimisation: "no"
|
||||
minimal-responses: no
|
||||
|
||||
stub-zone:
|
||||
name: "."
|
||||
stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET.
|
||||
CONFIG_END
|
||||
|
||||
SCENARIO_BEGIN Test ghost subdomain of another subdomain.
|
||||
|
||||
; K.ROOT-SERVERS.NET.
|
||||
RANGE_BEGIN 0 100
|
||||
ADDRESS 193.0.14.129
|
||||
ENTRY_BEGIN
|
||||
MATCH opcode qtype qname
|
||||
ADJUST copy_id
|
||||
REPLY QR NOERROR
|
||||
SECTION QUESTION
|
||||
. 86400 IN NS
|
||||
SECTION ANSWER
|
||||
. 86400 IN NS K.ROOT-SERVERS.NET.
|
||||
SECTION ADDITIONAL
|
||||
K.ROOT-SERVERS.NET. 86400 IN A 193.0.14.129
|
||||
ENTRY_END
|
||||
|
||||
ENTRY_BEGIN
|
||||
MATCH opcode subdomain
|
||||
ADJUST copy_id copy_query
|
||||
REPLY QR NOERROR
|
||||
SECTION QUESTION
|
||||
com. IN NS
|
||||
SECTION AUTHORITY
|
||||
com. 86400 IN NS a.gtld-servers.net.
|
||||
SECTION ADDITIONAL
|
||||
a.gtld-servers.net. 86400 IN A 192.5.6.30
|
||||
ENTRY_END
|
||||
|
||||
RANGE_END
|
||||
|
||||
; a.gtld-servers.net.
|
||||
; this is the one where example.com is delegated.
|
||||
RANGE_BEGIN 0 100
|
||||
ADDRESS 192.5.6.30
|
||||
ENTRY_BEGIN
|
||||
MATCH opcode qtype qname
|
||||
ADJUST copy_id
|
||||
REPLY QR NOERROR
|
||||
SECTION QUESTION
|
||||
com. IN NS
|
||||
SECTION ANSWER
|
||||
com. 86400 IN NS a.gtld-servers.net.
|
||||
SECTION ADDITIONAL
|
||||
a.gtld-servers.net. 86400 IN A 192.5.6.30
|
||||
ENTRY_END
|
||||
|
||||
ENTRY_BEGIN
|
||||
MATCH opcode subdomain
|
||||
ADJUST copy_id copy_query
|
||||
REPLY QR NOERROR
|
||||
SECTION QUESTION
|
||||
example.com. IN NS
|
||||
SECTION AUTHORITY
|
||||
example.com. IN NS ns.example.com.
|
||||
SECTION ADDITIONAL
|
||||
ns.example.com. IN A 1.2.3.4
|
||||
ENTRY_END
|
||||
RANGE_END
|
||||
|
||||
; a.gtld-servers.net.
|
||||
; this is the one where example.com is no longer delegated.
|
||||
RANGE_BEGIN 100 200
|
||||
ADDRESS 192.5.6.30
|
||||
ENTRY_BEGIN
|
||||
MATCH opcode qtype qname
|
||||
ADJUST copy_id
|
||||
REPLY QR NOERROR
|
||||
SECTION QUESTION
|
||||
com. IN NS
|
||||
SECTION ANSWER
|
||||
com. 86400 IN NS a.gtld-servers.net.
|
||||
SECTION ADDITIONAL
|
||||
a.gtld-servers.net. 86400 IN A 192.5.6.30
|
||||
ENTRY_END
|
||||
|
||||
ENTRY_BEGIN
|
||||
MATCH opcode subdomain
|
||||
ADJUST copy_id copy_query
|
||||
REPLY QR NXDOMAIN
|
||||
SECTION QUESTION
|
||||
example.com. IN NS
|
||||
SECTION AUTHORITY
|
||||
com. 86400 IN SOA a. b. 1 2 3 4 5
|
||||
ENTRY_END
|
||||
RANGE_END
|
||||
|
||||
; ns.example.com.
|
||||
RANGE_BEGIN 0 100
|
||||
ADDRESS 1.2.3.4
|
||||
ENTRY_BEGIN
|
||||
MATCH opcode qtype qname
|
||||
ADJUST copy_id
|
||||
REPLY QR NOERROR
|
||||
SECTION QUESTION
|
||||
example.com. IN NS
|
||||
SECTION ANSWER
|
||||
example.com. IN NS ns.example.com.
|
||||
SECTION ADDITIONAL
|
||||
ns.example.com. IN A 1.2.3.4
|
||||
ENTRY_END
|
||||
|
||||
ENTRY_BEGIN
|
||||
MATCH opcode qtype qname
|
||||
ADJUST copy_id
|
||||
REPLY QR NOERROR
|
||||
SECTION QUESTION
|
||||
ns.example.com. IN A
|
||||
SECTION ANSWER
|
||||
ns.example.com. IN A 1.2.3.4
|
||||
SECTION AUTHORITY
|
||||
example.com. IN NS ns.example.com.
|
||||
ENTRY_END
|
||||
|
||||
ENTRY_BEGIN
|
||||
MATCH opcode qtype qname
|
||||
ADJUST copy_id
|
||||
REPLY QR NOERROR
|
||||
SECTION QUESTION
|
||||
ns.example.com. IN AAAA
|
||||
SECTION AUTHORITY
|
||||
example.com. IN NS ns.example.com.
|
||||
SECTION ADDITIONAL
|
||||
ns.example.com. IN A 1.2.3.4
|
||||
ENTRY_END
|
||||
|
||||
ENTRY_BEGIN
|
||||
MATCH opcode qtype qname
|
||||
ADJUST copy_id
|
||||
REPLY QR NOERROR
|
||||
SECTION QUESTION
|
||||
www.example.com. IN A
|
||||
SECTION ANSWER
|
||||
www.example.com. IN A 10.20.30.40
|
||||
SECTION AUTHORITY
|
||||
example.com. IN NS ns.example.com.
|
||||
SECTION ADDITIONAL
|
||||
ns.example.com IN A 1.2.3.4
|
||||
ENTRY_END
|
||||
|
||||
ENTRY_BEGIN
|
||||
MATCH opcode qtype qname
|
||||
ADJUST copy_id
|
||||
REPLY QR NOERROR
|
||||
SECTION QUESTION
|
||||
s.example.com. IN A
|
||||
SECTION ANSWER
|
||||
s.example.com. IN A 1.2.3.4
|
||||
SECTION AUTHORITY
|
||||
s.example.com. IN NS s.example.com.
|
||||
SECTION ADDITIONAL
|
||||
s.example.com IN A 1.2.3.4
|
||||
ENTRY_END
|
||||
|
||||
ENTRY_BEGIN
|
||||
MATCH opcode qtype qname
|
||||
ADJUST copy_id
|
||||
REPLY QR NOERROR
|
||||
SECTION QUESTION
|
||||
s.s.example.com. IN A
|
||||
SECTION ANSWER
|
||||
s.s.example.com. IN A 1.2.3.4
|
||||
SECTION AUTHORITY
|
||||
s.s.example.com. IN NS s.s.example.com.
|
||||
SECTION ADDITIONAL
|
||||
s.s.example.com IN A 1.2.3.4
|
||||
ENTRY_END
|
||||
RANGE_END
|
||||
|
||||
STEP 1 QUERY
|
||||
ENTRY_BEGIN
|
||||
REPLY RD
|
||||
SECTION QUESTION
|
||||
www.example.com. IN A
|
||||
ENTRY_END
|
||||
|
||||
; get the delegation in cache
|
||||
STEP 20 CHECK_ANSWER
|
||||
ENTRY_BEGIN
|
||||
MATCH all
|
||||
REPLY QR RD RA NOERROR
|
||||
SECTION QUESTION
|
||||
www.example.com. IN A
|
||||
SECTION ANSWER
|
||||
www.example.com. IN A 10.20.30.40
|
||||
SECTION AUTHORITY
|
||||
example.com. IN NS ns.example.com.
|
||||
SECTION ADDITIONAL
|
||||
ns.example.com IN A 1.2.3.4
|
||||
ENTRY_END
|
||||
|
||||
; time passes
|
||||
STEP 25 TIME_PASSES ELAPSE 1800
|
||||
|
||||
; get another delegation in cache
|
||||
STEP 30 QUERY
|
||||
ENTRY_BEGIN
|
||||
REPLY RD
|
||||
SECTION QUESTION
|
||||
s.example.com. IN A
|
||||
ENTRY_END
|
||||
|
||||
STEP 40 CHECK_ANSWER
|
||||
ENTRY_BEGIN
|
||||
MATCH all
|
||||
REPLY QR RD RA NOERROR
|
||||
SECTION QUESTION
|
||||
s.example.com. IN A
|
||||
SECTION ANSWER
|
||||
s.example.com. IN A 1.2.3.4
|
||||
SECTION AUTHORITY
|
||||
s.example.com. IN NS s.example.com.
|
||||
ENTRY_END
|
||||
|
||||
; time passes, 1800 + 1000 = 2800 of 3600 TTL on NS of s.example.com. and
|
||||
; example.com.
|
||||
STEP 45 TIME_PASSES ELAPSE 1000
|
||||
|
||||
; get another delegation in cache
|
||||
STEP 50 QUERY
|
||||
ENTRY_BEGIN
|
||||
REPLY RD
|
||||
SECTION QUESTION
|
||||
s.s.example.com. IN A
|
||||
ENTRY_END
|
||||
|
||||
STEP 60 CHECK_ANSWER
|
||||
ENTRY_BEGIN
|
||||
MATCH all
|
||||
REPLY QR RD RA NOERROR
|
||||
SECTION QUESTION
|
||||
s.s.example.com. IN A
|
||||
SECTION ANSWER
|
||||
s.s.example.com. IN A 1.2.3.4
|
||||
SECTION AUTHORITY
|
||||
s.s.example.com. IN NS s.s.example.com.
|
||||
ENTRY_END
|
||||
|
||||
|
||||
; time passes, 1800 + 2000 = 3800 of 3600 TTL on NS of s.example.com. and
|
||||
; example.com.
|
||||
STEP 75 TIME_PASSES ELAPSE 1000
|
||||
|
||||
; domain no longer delegated
|
||||
; is the domain still up?
|
||||
|
||||
STEP 100 QUERY
|
||||
ENTRY_BEGIN
|
||||
REPLY RD
|
||||
SECTION QUESTION
|
||||
www.s.example.com. IN A
|
||||
ENTRY_END
|
||||
|
||||
STEP 110 CHECK_ANSWER
|
||||
ENTRY_BEGIN
|
||||
MATCH all
|
||||
REPLY QR RD RA NXDOMAIN
|
||||
SECTION QUESTION
|
||||
www.s.example.com. IN A
|
||||
SECTION AUTHORITY
|
||||
com. 86400 IN SOA a. b. 1 2 3 4 5
|
||||
ENTRY_END
|
||||
|
||||
STEP 120 QUERY
|
||||
ENTRY_BEGIN
|
||||
REPLY RD
|
||||
SECTION QUESTION
|
||||
www.s.s.example.com. IN A
|
||||
ENTRY_END
|
||||
|
||||
STEP 130 CHECK_ANSWER
|
||||
ENTRY_BEGIN
|
||||
MATCH all
|
||||
REPLY QR RD RA NXDOMAIN
|
||||
SECTION QUESTION
|
||||
www.s.s.example.com. IN A
|
||||
SECTION AUTHORITY
|
||||
com. 86400 IN SOA a. b. 1 2 3 4 5
|
||||
ENTRY_END
|
||||
|
||||
STEP 140 QUERY
|
||||
ENTRY_BEGIN
|
||||
REPLY RD
|
||||
SECTION QUESTION
|
||||
www.example.com. IN A
|
||||
ENTRY_END
|
||||
|
||||
STEP 150 CHECK_ANSWER
|
||||
ENTRY_BEGIN
|
||||
MATCH all
|
||||
REPLY QR RD RA NXDOMAIN
|
||||
SECTION QUESTION
|
||||
www.example.com. IN A
|
||||
SECTION AUTHORITY
|
||||
com. 86400 IN SOA a. b. 1 2 3 4 5
|
||||
ENTRY_END
|
||||
|
||||
SCENARIO_END
|
391
testdata/iter_ghost_timewindow.rpl
vendored
Normal file
391
testdata/iter_ghost_timewindow.rpl
vendored
Normal file
|
@ -0,0 +1,391 @@
|
|||
; config options
|
||||
server:
|
||||
target-fetch-policy: "0 0 0 0 0"
|
||||
qname-minimisation: "no"
|
||||
minimal-responses: no
|
||||
|
||||
stub-zone:
|
||||
name: "."
|
||||
stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET.
|
||||
CONFIG_END
|
||||
|
||||
SCENARIO_BEGIN Test ghost subdomain with extension reply in timewindow.
|
||||
|
||||
; K.ROOT-SERVERS.NET.
|
||||
RANGE_BEGIN 0 100
|
||||
ADDRESS 193.0.14.129
|
||||
ENTRY_BEGIN
|
||||
MATCH opcode qtype qname
|
||||
ADJUST copy_id
|
||||
REPLY QR AA NOERROR
|
||||
SECTION QUESTION
|
||||
. 86400 IN NS
|
||||
SECTION ANSWER
|
||||
. 86400 IN NS K.ROOT-SERVERS.NET.
|
||||
SECTION ADDITIONAL
|
||||
K.ROOT-SERVERS.NET. 86400 IN A 193.0.14.129
|
||||
ENTRY_END
|
||||
|
||||
ENTRY_BEGIN
|
||||
MATCH opcode subdomain
|
||||
ADJUST copy_id copy_query
|
||||
REPLY QR NOERROR
|
||||
SECTION QUESTION
|
||||
com. IN NS
|
||||
SECTION AUTHORITY
|
||||
com. 86400 IN NS a.gtld-servers.net.
|
||||
SECTION ADDITIONAL
|
||||
a.gtld-servers.net. 86400 IN A 192.5.6.30
|
||||
ENTRY_END
|
||||
|
||||
RANGE_END
|
||||
|
||||
; a.gtld-servers.net.
|
||||
; this is the one where example.com is delegated.
|
||||
RANGE_BEGIN 0 100
|
||||
ADDRESS 192.5.6.30
|
||||
ENTRY_BEGIN
|
||||
MATCH opcode qtype qname
|
||||
ADJUST copy_id
|
||||
REPLY QR AA NOERROR
|
||||
SECTION QUESTION
|
||||
com. IN NS
|
||||
SECTION ANSWER
|
||||
com. 86400 IN NS a.gtld-servers.net.
|
||||
SECTION ADDITIONAL
|
||||
a.gtld-servers.net. 86400 IN A 192.5.6.30
|
||||
ENTRY_END
|
||||
|
||||
ENTRY_BEGIN
|
||||
MATCH opcode subdomain
|
||||
ADJUST copy_id copy_query
|
||||
REPLY QR NOERROR
|
||||
SECTION QUESTION
|
||||
example.com. IN NS
|
||||
SECTION AUTHORITY
|
||||
example.com. IN NS ns.example.com.
|
||||
SECTION ADDITIONAL
|
||||
ns.example.com. IN A 1.2.3.4
|
||||
ENTRY_END
|
||||
|
||||
ENTRY_BEGIN
|
||||
MATCH opcode subdomain
|
||||
ADJUST copy_id copy_query
|
||||
REPLY QR NOERROR
|
||||
SECTION QUESTION
|
||||
example2.com. IN NS
|
||||
SECTION AUTHORITY
|
||||
example2.com. 3610 IN NS ns.example2.com.
|
||||
SECTION ADDITIONAL
|
||||
ns.example2.com. 3610 IN A 1.2.3.5
|
||||
ENTRY_END
|
||||
RANGE_END
|
||||
|
||||
; a.gtld-servers.net.
|
||||
; this is the one where example.com is no longer delegated.
|
||||
RANGE_BEGIN 100 300
|
||||
ADDRESS 192.5.6.30
|
||||
ENTRY_BEGIN
|
||||
MATCH opcode qtype qname
|
||||
ADJUST copy_id
|
||||
REPLY QR AA NOERROR
|
||||
SECTION QUESTION
|
||||
com. IN NS
|
||||
SECTION ANSWER
|
||||
com. 86400 IN NS a.gtld-servers.net.
|
||||
SECTION ADDITIONAL
|
||||
a.gtld-servers.net. 86400 IN A 192.5.6.30
|
||||
ENTRY_END
|
||||
|
||||
ENTRY_BEGIN
|
||||
MATCH opcode subdomain
|
||||
ADJUST copy_id copy_query
|
||||
REPLY QR NXDOMAIN
|
||||
SECTION QUESTION
|
||||
example.com. IN NS
|
||||
SECTION AUTHORITY
|
||||
com. 86400 IN SOA a. b. 1 2 3 4 5
|
||||
ENTRY_END
|
||||
|
||||
ENTRY_BEGIN
|
||||
MATCH opcode subdomain
|
||||
ADJUST copy_id copy_query
|
||||
REPLY QR NXDOMAIN
|
||||
SECTION QUESTION
|
||||
example2.com. IN NS
|
||||
SECTION AUTHORITY
|
||||
com. 86400 IN SOA a. b. 1 2 3 4 5
|
||||
ENTRY_END
|
||||
RANGE_END
|
||||
|
||||
; ns.example.com.
|
||||
RANGE_BEGIN 0 100
|
||||
ADDRESS 1.2.3.4
|
||||
ENTRY_BEGIN
|
||||
MATCH opcode qtype qname
|
||||
ADJUST copy_id
|
||||
REPLY QR AA NOERROR
|
||||
SECTION QUESTION
|
||||
example.com. IN NS
|
||||
SECTION ANSWER
|
||||
example.com. IN NS ns.example.com.
|
||||
SECTION ADDITIONAL
|
||||
ns.example.com. IN A 1.2.3.4
|
||||
ENTRY_END
|
||||
|
||||
ENTRY_BEGIN
|
||||
MATCH opcode qtype qname
|
||||
ADJUST copy_id
|
||||
REPLY QR AA NOERROR
|
||||
SECTION QUESTION
|
||||
ns.example.com. IN A
|
||||
SECTION ANSWER
|
||||
ns.example.com. IN A 1.2.3.4
|
||||
SECTION AUTHORITY
|
||||
example.com. IN NS ns.example.com.
|
||||
ENTRY_END
|
||||
|
||||
ENTRY_BEGIN
|
||||
MATCH opcode qtype qname
|
||||
ADJUST copy_id
|
||||
REPLY QR AA NOERROR
|
||||
SECTION QUESTION
|
||||
ns.example.com. IN AAAA
|
||||
SECTION AUTHORITY
|
||||
example.com. IN NS ns.example.com.
|
||||
SECTION ADDITIONAL
|
||||
ns.example.com. IN A 1.2.3.4
|
||||
ENTRY_END
|
||||
|
||||
ENTRY_BEGIN
|
||||
MATCH opcode qtype qname
|
||||
ADJUST copy_id
|
||||
REPLY QR AA NOERROR
|
||||
SECTION QUESTION
|
||||
www.example.com. IN A
|
||||
SECTION ANSWER
|
||||
www.example.com. IN A 10.20.30.40
|
||||
SECTION AUTHORITY
|
||||
example.com. IN NS ns.example.com.
|
||||
SECTION ADDITIONAL
|
||||
ns.example.com IN A 1.2.3.4
|
||||
ENTRY_END
|
||||
RANGE_END
|
||||
|
||||
; ns.example2.com.
|
||||
RANGE_BEGIN 0 100
|
||||
ADDRESS 1.2.3.5
|
||||
ENTRY_BEGIN
|
||||
MATCH opcode qtype qname
|
||||
ADJUST copy_id
|
||||
REPLY QR AA NOERROR
|
||||
SECTION QUESTION
|
||||
example2.com. IN NS
|
||||
SECTION ANSWER
|
||||
example2.com. 3610 IN NS ns.example2.com.
|
||||
SECTION ADDITIONAL
|
||||
ns.example2.com. 3610 IN A 1.2.3.5
|
||||
ENTRY_END
|
||||
|
||||
ENTRY_BEGIN
|
||||
MATCH opcode qtype qname
|
||||
ADJUST copy_id
|
||||
REPLY QR AA NOERROR
|
||||
SECTION QUESTION
|
||||
ns.example2.com. IN A
|
||||
SECTION ANSWER
|
||||
ns.example2.com. 3610 IN A 1.2.3.5
|
||||
SECTION AUTHORITY
|
||||
example2.com. 3610 IN NS ns.example2.com.
|
||||
ENTRY_END
|
||||
|
||||
ENTRY_BEGIN
|
||||
MATCH opcode qtype qname
|
||||
ADJUST copy_id
|
||||
REPLY QR AA NOERROR
|
||||
SECTION QUESTION
|
||||
ns.example2.com. IN AAAA
|
||||
SECTION AUTHORITY
|
||||
example2.com. 3610 IN NS ns.example2.com.
|
||||
SECTION ADDITIONAL
|
||||
ns.example2.com. 3610 IN A 1.2.3.5
|
||||
ENTRY_END
|
||||
|
||||
ENTRY_BEGIN
|
||||
MATCH opcode qtype qname
|
||||
ADJUST copy_id
|
||||
REPLY QR AA NOERROR
|
||||
SECTION QUESTION
|
||||
www.example2.com. IN A
|
||||
SECTION ANSWER
|
||||
www.example2.com. 3610 IN A 10.20.30.40
|
||||
SECTION AUTHORITY
|
||||
example2.com. 3610 IN NS ns.example2.com.
|
||||
SECTION ADDITIONAL
|
||||
ns.example2.com 3610 IN A 1.2.3.5
|
||||
ENTRY_END
|
||||
RANGE_END
|
||||
|
||||
STEP 1 QUERY
|
||||
ENTRY_BEGIN
|
||||
REPLY RD
|
||||
SECTION QUESTION
|
||||
www.example.com. IN A
|
||||
ENTRY_END
|
||||
|
||||
; get the delegation in cache
|
||||
STEP 20 CHECK_ANSWER
|
||||
ENTRY_BEGIN
|
||||
MATCH all
|
||||
REPLY QR RD RA NOERROR
|
||||
SECTION QUESTION
|
||||
www.example.com. IN A
|
||||
SECTION ANSWER
|
||||
www.example.com. IN A 10.20.30.40
|
||||
SECTION AUTHORITY
|
||||
example.com. IN NS ns.example.com.
|
||||
SECTION ADDITIONAL
|
||||
ns.example.com IN A 1.2.3.4
|
||||
ENTRY_END
|
||||
|
||||
; get example2 in cache too to check other response type
|
||||
STEP 30 QUERY
|
||||
ENTRY_BEGIN
|
||||
REPLY RD
|
||||
SECTION QUESTION
|
||||
www.example2.com. IN A
|
||||
ENTRY_END
|
||||
|
||||
STEP 40 CHECK_ANSWER
|
||||
ENTRY_BEGIN
|
||||
MATCH all
|
||||
REPLY QR RD RA NOERROR
|
||||
SECTION QUESTION
|
||||
www.example2.com. IN A
|
||||
SECTION ANSWER
|
||||
www.example2.com. IN A 10.20.30.40
|
||||
SECTION AUTHORITY
|
||||
example2.com. IN NS ns.example2.com.
|
||||
SECTION ADDITIONAL
|
||||
ns.example2.com IN A 1.2.3.5
|
||||
ENTRY_END
|
||||
|
||||
; time passes
|
||||
STEP 95 TIME_PASSES ELAPSE 3595
|
||||
|
||||
STEP 100 QUERY
|
||||
ENTRY_BEGIN
|
||||
REPLY RD
|
||||
SECTION QUESTION
|
||||
ns.example.com. IN A
|
||||
ENTRY_END
|
||||
|
||||
; ns.example.com RANGE does not answer, only until step 100,
|
||||
; so we provide an answer, but first, let time pass beyond the TTL.
|
||||
; it is going to time 3605, just passed the 3600 expire TTL, but the
|
||||
; query started at 3595 before the TTL expired.
|
||||
STEP 110 TIME_PASSES ELAPSE 10
|
||||
|
||||
; provide the answer to the query sent.
|
||||
STEP 120 CHECK_OUT_QUERY
|
||||
ENTRY_BEGIN
|
||||
MATCH opcode qtype qname
|
||||
ADJUST copy_id
|
||||
REPLY QR AA NOERROR
|
||||
SECTION QUESTION
|
||||
ns.example.com. IN A
|
||||
SECTION ANSWER
|
||||
SECTION AUTHORITY
|
||||
example.com. IN NS ns.example.com.
|
||||
SECTION ADDITIONAL
|
||||
ns.example.com IN A 1.2.3.4
|
||||
ENTRY_END
|
||||
|
||||
STEP 130 CHECK_ANSWER
|
||||
ENTRY_BEGIN
|
||||
MATCH all
|
||||
REPLY QR RD RA NOERROR
|
||||
SECTION QUESTION
|
||||
ns.example.com. IN A
|
||||
SECTION AUTHORITY
|
||||
example.com. IN NS ns.example.com.
|
||||
SECTION ADDITIONAL
|
||||
ns.example.com. IN A 1.2.3.4
|
||||
ENTRY_END
|
||||
|
||||
; check if the domain is still live.
|
||||
STEP 140 QUERY
|
||||
ENTRY_BEGIN
|
||||
REPLY RD
|
||||
SECTION QUESTION
|
||||
www2.example.com. IN A
|
||||
ENTRY_END
|
||||
|
||||
STEP 150 CHECK_ANSWER
|
||||
ENTRY_BEGIN
|
||||
MATCH all
|
||||
REPLY QR RD RA NXDOMAIN
|
||||
SECTION QUESTION
|
||||
www2.example.com. IN A
|
||||
SECTION AUTHORITY
|
||||
com. 86400 IN SOA a. b. 1 2 3 4 5
|
||||
ENTRY_END
|
||||
|
||||
; example2 is valid with TTL of 3610, it is time 3605
|
||||
STEP 160 QUERY
|
||||
ENTRY_BEGIN
|
||||
REPLY RD
|
||||
SECTION QUESTION
|
||||
ns.example2.com. IN A
|
||||
ENTRY_END
|
||||
|
||||
; move to time 3615
|
||||
STEP 170 TIME_PASSES ELAPSE 10
|
||||
|
||||
STEP 180 CHECK_OUT_QUERY
|
||||
ENTRY_BEGIN
|
||||
MATCH opcode qtype qname
|
||||
ADJUST copy_id
|
||||
REPLY QR AA NOERROR
|
||||
SECTION QUESTION
|
||||
ns.example2.com. IN A
|
||||
SECTION ANSWER
|
||||
ns.example2.com. IN A 1.2.3.5
|
||||
SECTION AUTHORITY
|
||||
example2.com. IN NS ns.example2.com.
|
||||
SECTION ADDITIONAL
|
||||
ns.example2.com. IN A 1.2.3.5
|
||||
ENTRY_END
|
||||
|
||||
STEP 190 CHECK_ANSWER
|
||||
ENTRY_BEGIN
|
||||
MATCH all
|
||||
REPLY QR RD RA NOERROR
|
||||
SECTION QUESTION
|
||||
ns.example2.com. IN A
|
||||
SECTION ANSWER
|
||||
ns.example2.com IN A 1.2.3.5
|
||||
SECTION AUTHORITY
|
||||
example2.com. IN NS ns.example2.com.
|
||||
SECTION ADDITIONAL
|
||||
ENTRY_END
|
||||
|
||||
; check if the domain is still live.
|
||||
STEP 200 QUERY
|
||||
ENTRY_BEGIN
|
||||
REPLY RD
|
||||
SECTION QUESTION
|
||||
www2.example2.com. IN A
|
||||
ENTRY_END
|
||||
|
||||
STEP 210 CHECK_ANSWER
|
||||
ENTRY_BEGIN
|
||||
MATCH all
|
||||
REPLY QR RD RA NXDOMAIN
|
||||
SECTION QUESTION
|
||||
www2.example2.com. IN A
|
||||
SECTION AUTHORITY
|
||||
com. 86400 IN SOA a. b. 1 2 3 4 5
|
||||
ENTRY_END
|
||||
|
||||
SCENARIO_END
|
16
testdata/iter_prefetch_change.rpl
vendored
16
testdata/iter_prefetch_change.rpl
vendored
|
@ -22,9 +22,9 @@ REPLY QR NOERROR
|
|||
SECTION QUESTION
|
||||
. IN NS
|
||||
SECTION ANSWER
|
||||
. IN NS K.ROOT-SERVERS.NET.
|
||||
. 86400 IN NS K.ROOT-SERVERS.NET.
|
||||
SECTION ADDITIONAL
|
||||
K.ROOT-SERVERS.NET. IN A 193.0.14.129
|
||||
K.ROOT-SERVERS.NET. 86400 IN A 193.0.14.129
|
||||
ENTRY_END
|
||||
|
||||
ENTRY_BEGIN
|
||||
|
@ -34,9 +34,9 @@ REPLY QR NOERROR
|
|||
SECTION QUESTION
|
||||
com. IN A
|
||||
SECTION AUTHORITY
|
||||
com. IN NS a.gtld-servers.net.
|
||||
com. 86400 IN NS a.gtld-servers.net.
|
||||
SECTION ADDITIONAL
|
||||
a.gtld-servers.net. IN A 192.5.6.30
|
||||
a.gtld-servers.net. 86400 IN A 192.5.6.30
|
||||
ENTRY_END
|
||||
RANGE_END
|
||||
|
||||
|
@ -50,9 +50,9 @@ REPLY QR NOERROR
|
|||
SECTION QUESTION
|
||||
com. IN NS
|
||||
SECTION ANSWER
|
||||
com. IN NS a.gtld-servers.net.
|
||||
com. 86400 IN NS a.gtld-servers.net.
|
||||
SECTION ADDITIONAL
|
||||
a.gtld-servers.net. IN A 192.5.6.30
|
||||
a.gtld-servers.net. 86400 IN A 192.5.6.30
|
||||
ENTRY_END
|
||||
|
||||
ENTRY_BEGIN
|
||||
|
@ -78,9 +78,9 @@ REPLY QR NOERROR
|
|||
SECTION QUESTION
|
||||
com. IN NS
|
||||
SECTION ANSWER
|
||||
com. IN NS a.gtld-servers.net.
|
||||
com. 86400 IN NS a.gtld-servers.net.
|
||||
SECTION ADDITIONAL
|
||||
a.gtld-servers.net. IN A 192.5.6.30
|
||||
a.gtld-servers.net. 86400 IN A 192.5.6.30
|
||||
ENTRY_END
|
||||
|
||||
ENTRY_BEGIN
|
||||
|
|
|
@ -173,6 +173,7 @@ config_create(void)
|
|||
cfg->infra_cache_slabs = 4;
|
||||
cfg->infra_cache_numhosts = 10000;
|
||||
cfg->infra_cache_min_rtt = 50;
|
||||
cfg->infra_cache_max_rtt = 120000;
|
||||
cfg->infra_keep_probing = 0;
|
||||
cfg->delay_close = 0;
|
||||
cfg->udp_connect = 1;
|
||||
|
@ -595,8 +596,14 @@ int config_set_option(struct config_file* cfg, const char* opt,
|
|||
else if(strcmp(opt, "cache-min-ttl:") == 0)
|
||||
{ IS_NUMBER_OR_ZERO; cfg->min_ttl = atoi(val); MIN_TTL=(time_t)cfg->min_ttl;}
|
||||
else if(strcmp(opt, "infra-cache-min-rtt:") == 0) {
|
||||
IS_NUMBER_OR_ZERO; cfg->infra_cache_min_rtt = atoi(val);
|
||||
RTT_MIN_TIMEOUT=cfg->infra_cache_min_rtt;
|
||||
IS_NUMBER_OR_ZERO; cfg->infra_cache_min_rtt = atoi(val);
|
||||
RTT_MIN_TIMEOUT=cfg->infra_cache_min_rtt;
|
||||
}
|
||||
else if(strcmp(opt, "infra-cache-max-rtt:") == 0) {
|
||||
IS_NUMBER_OR_ZERO; cfg->infra_cache_max_rtt = atoi(val);
|
||||
RTT_MAX_TIMEOUT=cfg->infra_cache_max_rtt;
|
||||
USEFUL_SERVER_TOP_TIMEOUT = RTT_MAX_TIMEOUT;
|
||||
BLACKLIST_PENALTY = USEFUL_SERVER_TOP_TIMEOUT*4;
|
||||
}
|
||||
else S_YNO("infra-keep-probing:", infra_keep_probing)
|
||||
else S_NUMBER_OR_ZERO("infra-host-ttl:", host_ttl)
|
||||
|
@ -1026,6 +1033,7 @@ config_get_option(struct config_file* cfg, const char* opt,
|
|||
else O_DEC(opt, "infra-host-ttl", host_ttl)
|
||||
else O_DEC(opt, "infra-cache-slabs", infra_cache_slabs)
|
||||
else O_DEC(opt, "infra-cache-min-rtt", infra_cache_min_rtt)
|
||||
else O_UNS(opt, "infra-cache-max-rtt", infra_cache_max_rtt)
|
||||
else O_YNO(opt, "infra-keep-probing", infra_keep_probing)
|
||||
else O_MEM(opt, "infra-cache-numhosts", infra_cache_numhosts)
|
||||
else O_UNS(opt, "delay-close", delay_close)
|
||||
|
@ -2222,11 +2230,14 @@ config_apply(struct config_file* config)
|
|||
SERVE_ORIGINAL_TTL = config->serve_original_ttl;
|
||||
MAX_NEG_TTL = (time_t)config->max_negative_ttl;
|
||||
RTT_MIN_TIMEOUT = config->infra_cache_min_rtt;
|
||||
RTT_MAX_TIMEOUT = config->infra_cache_max_rtt;
|
||||
EDNS_ADVERTISED_SIZE = (uint16_t)config->edns_buffer_size;
|
||||
MINIMAL_RESPONSES = config->minimal_responses;
|
||||
RRSET_ROUNDROBIN = config->rrset_roundrobin;
|
||||
LOG_TAG_QUERYREPLY = config->log_tag_queryreply;
|
||||
UNKNOWN_SERVER_NICENESS = config->unknown_server_time_limit;
|
||||
USEFUL_SERVER_TOP_TIMEOUT = RTT_MAX_TIMEOUT;
|
||||
BLACKLIST_PENALTY = USEFUL_SERVER_TOP_TIMEOUT*4;
|
||||
log_set_time_asc(config->log_time_ascii);
|
||||
autr_permit_small_holddown = config->permit_small_holddown;
|
||||
stream_wait_max = config->stream_wait_size;
|
||||
|
|
|
@ -186,8 +186,10 @@ struct config_file {
|
|||
size_t infra_cache_slabs;
|
||||
/** max number of hosts in the infra cache */
|
||||
size_t infra_cache_numhosts;
|
||||
/** min value for infra cache rtt */
|
||||
/** min value for infra cache rtt (min retransmit timeout) */
|
||||
int infra_cache_min_rtt;
|
||||
/** max value for infra cache rtt (max retransmit timeout) */
|
||||
int infra_cache_max_rtt;
|
||||
/** keep probing hosts that are down */
|
||||
int infra_keep_probing;
|
||||
/** delay close of udp-timeouted ports, if 0 no delayclose. in msec */
|
||||
|
|
4547
util/configlexer.c
4547
util/configlexer.c
File diff suppressed because it is too large
Load diff
|
@ -302,6 +302,7 @@ infra-cache-slabs{COLON} { YDVAR(1, VAR_INFRA_CACHE_SLABS) }
|
|||
infra-cache-numhosts{COLON} { YDVAR(1, VAR_INFRA_CACHE_NUMHOSTS) }
|
||||
infra-cache-lame-size{COLON} { YDVAR(1, VAR_INFRA_CACHE_LAME_SIZE) }
|
||||
infra-cache-min-rtt{COLON} { YDVAR(1, VAR_INFRA_CACHE_MIN_RTT) }
|
||||
infra-cache-max-rtt{COLON} { YDVAR(1, VAR_INFRA_CACHE_MAX_RTT) }
|
||||
infra-keep-probing{COLON} { YDVAR(1, VAR_INFRA_KEEP_PROBING) }
|
||||
num-queries-per-thread{COLON} { YDVAR(1, VAR_NUM_QUERIES_PER_THREAD) }
|
||||
jostle-timeout{COLON} { YDVAR(1, VAR_JOSTLE_TIMEOUT) }
|
||||
|
|
3875
util/configparser.c
3875
util/configparser.c
File diff suppressed because it is too large
Load diff
|
@ -215,169 +215,170 @@ extern int yydebug;
|
|||
VAR_UNBLOCK_LAN_ZONES = 416, /* VAR_UNBLOCK_LAN_ZONES */
|
||||
VAR_INSECURE_LAN_ZONES = 417, /* VAR_INSECURE_LAN_ZONES */
|
||||
VAR_INFRA_CACHE_MIN_RTT = 418, /* VAR_INFRA_CACHE_MIN_RTT */
|
||||
VAR_INFRA_KEEP_PROBING = 419, /* VAR_INFRA_KEEP_PROBING */
|
||||
VAR_DNS64_PREFIX = 420, /* VAR_DNS64_PREFIX */
|
||||
VAR_DNS64_SYNTHALL = 421, /* VAR_DNS64_SYNTHALL */
|
||||
VAR_DNS64_IGNORE_AAAA = 422, /* VAR_DNS64_IGNORE_AAAA */
|
||||
VAR_DNSTAP = 423, /* VAR_DNSTAP */
|
||||
VAR_DNSTAP_ENABLE = 424, /* VAR_DNSTAP_ENABLE */
|
||||
VAR_DNSTAP_SOCKET_PATH = 425, /* VAR_DNSTAP_SOCKET_PATH */
|
||||
VAR_DNSTAP_IP = 426, /* VAR_DNSTAP_IP */
|
||||
VAR_DNSTAP_TLS = 427, /* VAR_DNSTAP_TLS */
|
||||
VAR_DNSTAP_TLS_SERVER_NAME = 428, /* VAR_DNSTAP_TLS_SERVER_NAME */
|
||||
VAR_DNSTAP_TLS_CERT_BUNDLE = 429, /* VAR_DNSTAP_TLS_CERT_BUNDLE */
|
||||
VAR_DNSTAP_TLS_CLIENT_KEY_FILE = 430, /* VAR_DNSTAP_TLS_CLIENT_KEY_FILE */
|
||||
VAR_DNSTAP_TLS_CLIENT_CERT_FILE = 431, /* VAR_DNSTAP_TLS_CLIENT_CERT_FILE */
|
||||
VAR_DNSTAP_SEND_IDENTITY = 432, /* VAR_DNSTAP_SEND_IDENTITY */
|
||||
VAR_DNSTAP_SEND_VERSION = 433, /* VAR_DNSTAP_SEND_VERSION */
|
||||
VAR_DNSTAP_BIDIRECTIONAL = 434, /* VAR_DNSTAP_BIDIRECTIONAL */
|
||||
VAR_DNSTAP_IDENTITY = 435, /* VAR_DNSTAP_IDENTITY */
|
||||
VAR_DNSTAP_VERSION = 436, /* VAR_DNSTAP_VERSION */
|
||||
VAR_DNSTAP_LOG_RESOLVER_QUERY_MESSAGES = 437, /* VAR_DNSTAP_LOG_RESOLVER_QUERY_MESSAGES */
|
||||
VAR_DNSTAP_LOG_RESOLVER_RESPONSE_MESSAGES = 438, /* VAR_DNSTAP_LOG_RESOLVER_RESPONSE_MESSAGES */
|
||||
VAR_DNSTAP_LOG_CLIENT_QUERY_MESSAGES = 439, /* VAR_DNSTAP_LOG_CLIENT_QUERY_MESSAGES */
|
||||
VAR_DNSTAP_LOG_CLIENT_RESPONSE_MESSAGES = 440, /* VAR_DNSTAP_LOG_CLIENT_RESPONSE_MESSAGES */
|
||||
VAR_DNSTAP_LOG_FORWARDER_QUERY_MESSAGES = 441, /* VAR_DNSTAP_LOG_FORWARDER_QUERY_MESSAGES */
|
||||
VAR_DNSTAP_LOG_FORWARDER_RESPONSE_MESSAGES = 442, /* VAR_DNSTAP_LOG_FORWARDER_RESPONSE_MESSAGES */
|
||||
VAR_RESPONSE_IP_TAG = 443, /* VAR_RESPONSE_IP_TAG */
|
||||
VAR_RESPONSE_IP = 444, /* VAR_RESPONSE_IP */
|
||||
VAR_RESPONSE_IP_DATA = 445, /* VAR_RESPONSE_IP_DATA */
|
||||
VAR_HARDEN_ALGO_DOWNGRADE = 446, /* VAR_HARDEN_ALGO_DOWNGRADE */
|
||||
VAR_IP_TRANSPARENT = 447, /* VAR_IP_TRANSPARENT */
|
||||
VAR_IP_DSCP = 448, /* VAR_IP_DSCP */
|
||||
VAR_DISABLE_DNSSEC_LAME_CHECK = 449, /* VAR_DISABLE_DNSSEC_LAME_CHECK */
|
||||
VAR_IP_RATELIMIT = 450, /* VAR_IP_RATELIMIT */
|
||||
VAR_IP_RATELIMIT_SLABS = 451, /* VAR_IP_RATELIMIT_SLABS */
|
||||
VAR_IP_RATELIMIT_SIZE = 452, /* VAR_IP_RATELIMIT_SIZE */
|
||||
VAR_RATELIMIT = 453, /* VAR_RATELIMIT */
|
||||
VAR_RATELIMIT_SLABS = 454, /* VAR_RATELIMIT_SLABS */
|
||||
VAR_RATELIMIT_SIZE = 455, /* VAR_RATELIMIT_SIZE */
|
||||
VAR_OUTBOUND_MSG_RETRY = 456, /* VAR_OUTBOUND_MSG_RETRY */
|
||||
VAR_RATELIMIT_FOR_DOMAIN = 457, /* VAR_RATELIMIT_FOR_DOMAIN */
|
||||
VAR_RATELIMIT_BELOW_DOMAIN = 458, /* VAR_RATELIMIT_BELOW_DOMAIN */
|
||||
VAR_IP_RATELIMIT_FACTOR = 459, /* VAR_IP_RATELIMIT_FACTOR */
|
||||
VAR_RATELIMIT_FACTOR = 460, /* VAR_RATELIMIT_FACTOR */
|
||||
VAR_IP_RATELIMIT_BACKOFF = 461, /* VAR_IP_RATELIMIT_BACKOFF */
|
||||
VAR_RATELIMIT_BACKOFF = 462, /* VAR_RATELIMIT_BACKOFF */
|
||||
VAR_SEND_CLIENT_SUBNET = 463, /* VAR_SEND_CLIENT_SUBNET */
|
||||
VAR_CLIENT_SUBNET_ZONE = 464, /* VAR_CLIENT_SUBNET_ZONE */
|
||||
VAR_CLIENT_SUBNET_ALWAYS_FORWARD = 465, /* VAR_CLIENT_SUBNET_ALWAYS_FORWARD */
|
||||
VAR_CLIENT_SUBNET_OPCODE = 466, /* VAR_CLIENT_SUBNET_OPCODE */
|
||||
VAR_MAX_CLIENT_SUBNET_IPV4 = 467, /* VAR_MAX_CLIENT_SUBNET_IPV4 */
|
||||
VAR_MAX_CLIENT_SUBNET_IPV6 = 468, /* VAR_MAX_CLIENT_SUBNET_IPV6 */
|
||||
VAR_MIN_CLIENT_SUBNET_IPV4 = 469, /* VAR_MIN_CLIENT_SUBNET_IPV4 */
|
||||
VAR_MIN_CLIENT_SUBNET_IPV6 = 470, /* VAR_MIN_CLIENT_SUBNET_IPV6 */
|
||||
VAR_MAX_ECS_TREE_SIZE_IPV4 = 471, /* VAR_MAX_ECS_TREE_SIZE_IPV4 */
|
||||
VAR_MAX_ECS_TREE_SIZE_IPV6 = 472, /* VAR_MAX_ECS_TREE_SIZE_IPV6 */
|
||||
VAR_CAPS_WHITELIST = 473, /* VAR_CAPS_WHITELIST */
|
||||
VAR_CACHE_MAX_NEGATIVE_TTL = 474, /* VAR_CACHE_MAX_NEGATIVE_TTL */
|
||||
VAR_PERMIT_SMALL_HOLDDOWN = 475, /* VAR_PERMIT_SMALL_HOLDDOWN */
|
||||
VAR_QNAME_MINIMISATION = 476, /* VAR_QNAME_MINIMISATION */
|
||||
VAR_QNAME_MINIMISATION_STRICT = 477, /* VAR_QNAME_MINIMISATION_STRICT */
|
||||
VAR_IP_FREEBIND = 478, /* VAR_IP_FREEBIND */
|
||||
VAR_DEFINE_TAG = 479, /* VAR_DEFINE_TAG */
|
||||
VAR_LOCAL_ZONE_TAG = 480, /* VAR_LOCAL_ZONE_TAG */
|
||||
VAR_ACCESS_CONTROL_TAG = 481, /* VAR_ACCESS_CONTROL_TAG */
|
||||
VAR_LOCAL_ZONE_OVERRIDE = 482, /* VAR_LOCAL_ZONE_OVERRIDE */
|
||||
VAR_ACCESS_CONTROL_TAG_ACTION = 483, /* VAR_ACCESS_CONTROL_TAG_ACTION */
|
||||
VAR_ACCESS_CONTROL_TAG_DATA = 484, /* VAR_ACCESS_CONTROL_TAG_DATA */
|
||||
VAR_VIEW = 485, /* VAR_VIEW */
|
||||
VAR_ACCESS_CONTROL_VIEW = 486, /* VAR_ACCESS_CONTROL_VIEW */
|
||||
VAR_VIEW_FIRST = 487, /* VAR_VIEW_FIRST */
|
||||
VAR_SERVE_EXPIRED = 488, /* VAR_SERVE_EXPIRED */
|
||||
VAR_SERVE_EXPIRED_TTL = 489, /* VAR_SERVE_EXPIRED_TTL */
|
||||
VAR_SERVE_EXPIRED_TTL_RESET = 490, /* VAR_SERVE_EXPIRED_TTL_RESET */
|
||||
VAR_SERVE_EXPIRED_REPLY_TTL = 491, /* VAR_SERVE_EXPIRED_REPLY_TTL */
|
||||
VAR_SERVE_EXPIRED_CLIENT_TIMEOUT = 492, /* VAR_SERVE_EXPIRED_CLIENT_TIMEOUT */
|
||||
VAR_EDE_SERVE_EXPIRED = 493, /* VAR_EDE_SERVE_EXPIRED */
|
||||
VAR_SERVE_ORIGINAL_TTL = 494, /* VAR_SERVE_ORIGINAL_TTL */
|
||||
VAR_FAKE_DSA = 495, /* VAR_FAKE_DSA */
|
||||
VAR_FAKE_SHA1 = 496, /* VAR_FAKE_SHA1 */
|
||||
VAR_LOG_IDENTITY = 497, /* VAR_LOG_IDENTITY */
|
||||
VAR_HIDE_TRUSTANCHOR = 498, /* VAR_HIDE_TRUSTANCHOR */
|
||||
VAR_HIDE_HTTP_USER_AGENT = 499, /* VAR_HIDE_HTTP_USER_AGENT */
|
||||
VAR_HTTP_USER_AGENT = 500, /* VAR_HTTP_USER_AGENT */
|
||||
VAR_TRUST_ANCHOR_SIGNALING = 501, /* VAR_TRUST_ANCHOR_SIGNALING */
|
||||
VAR_AGGRESSIVE_NSEC = 502, /* VAR_AGGRESSIVE_NSEC */
|
||||
VAR_USE_SYSTEMD = 503, /* VAR_USE_SYSTEMD */
|
||||
VAR_SHM_ENABLE = 504, /* VAR_SHM_ENABLE */
|
||||
VAR_SHM_KEY = 505, /* VAR_SHM_KEY */
|
||||
VAR_ROOT_KEY_SENTINEL = 506, /* VAR_ROOT_KEY_SENTINEL */
|
||||
VAR_DNSCRYPT = 507, /* VAR_DNSCRYPT */
|
||||
VAR_DNSCRYPT_ENABLE = 508, /* VAR_DNSCRYPT_ENABLE */
|
||||
VAR_DNSCRYPT_PORT = 509, /* VAR_DNSCRYPT_PORT */
|
||||
VAR_DNSCRYPT_PROVIDER = 510, /* VAR_DNSCRYPT_PROVIDER */
|
||||
VAR_DNSCRYPT_SECRET_KEY = 511, /* VAR_DNSCRYPT_SECRET_KEY */
|
||||
VAR_DNSCRYPT_PROVIDER_CERT = 512, /* VAR_DNSCRYPT_PROVIDER_CERT */
|
||||
VAR_DNSCRYPT_PROVIDER_CERT_ROTATED = 513, /* VAR_DNSCRYPT_PROVIDER_CERT_ROTATED */
|
||||
VAR_DNSCRYPT_SHARED_SECRET_CACHE_SIZE = 514, /* VAR_DNSCRYPT_SHARED_SECRET_CACHE_SIZE */
|
||||
VAR_DNSCRYPT_SHARED_SECRET_CACHE_SLABS = 515, /* VAR_DNSCRYPT_SHARED_SECRET_CACHE_SLABS */
|
||||
VAR_DNSCRYPT_NONCE_CACHE_SIZE = 516, /* VAR_DNSCRYPT_NONCE_CACHE_SIZE */
|
||||
VAR_DNSCRYPT_NONCE_CACHE_SLABS = 517, /* VAR_DNSCRYPT_NONCE_CACHE_SLABS */
|
||||
VAR_PAD_RESPONSES = 518, /* VAR_PAD_RESPONSES */
|
||||
VAR_PAD_RESPONSES_BLOCK_SIZE = 519, /* VAR_PAD_RESPONSES_BLOCK_SIZE */
|
||||
VAR_PAD_QUERIES = 520, /* VAR_PAD_QUERIES */
|
||||
VAR_PAD_QUERIES_BLOCK_SIZE = 521, /* VAR_PAD_QUERIES_BLOCK_SIZE */
|
||||
VAR_IPSECMOD_ENABLED = 522, /* VAR_IPSECMOD_ENABLED */
|
||||
VAR_IPSECMOD_HOOK = 523, /* VAR_IPSECMOD_HOOK */
|
||||
VAR_IPSECMOD_IGNORE_BOGUS = 524, /* VAR_IPSECMOD_IGNORE_BOGUS */
|
||||
VAR_IPSECMOD_MAX_TTL = 525, /* VAR_IPSECMOD_MAX_TTL */
|
||||
VAR_IPSECMOD_WHITELIST = 526, /* VAR_IPSECMOD_WHITELIST */
|
||||
VAR_IPSECMOD_STRICT = 527, /* VAR_IPSECMOD_STRICT */
|
||||
VAR_CACHEDB = 528, /* VAR_CACHEDB */
|
||||
VAR_CACHEDB_BACKEND = 529, /* VAR_CACHEDB_BACKEND */
|
||||
VAR_CACHEDB_SECRETSEED = 530, /* VAR_CACHEDB_SECRETSEED */
|
||||
VAR_CACHEDB_REDISHOST = 531, /* VAR_CACHEDB_REDISHOST */
|
||||
VAR_CACHEDB_REDISPORT = 532, /* VAR_CACHEDB_REDISPORT */
|
||||
VAR_CACHEDB_REDISTIMEOUT = 533, /* VAR_CACHEDB_REDISTIMEOUT */
|
||||
VAR_CACHEDB_REDISEXPIRERECORDS = 534, /* VAR_CACHEDB_REDISEXPIRERECORDS */
|
||||
VAR_UDP_UPSTREAM_WITHOUT_DOWNSTREAM = 535, /* VAR_UDP_UPSTREAM_WITHOUT_DOWNSTREAM */
|
||||
VAR_FOR_UPSTREAM = 536, /* VAR_FOR_UPSTREAM */
|
||||
VAR_AUTH_ZONE = 537, /* VAR_AUTH_ZONE */
|
||||
VAR_ZONEFILE = 538, /* VAR_ZONEFILE */
|
||||
VAR_MASTER = 539, /* VAR_MASTER */
|
||||
VAR_URL = 540, /* VAR_URL */
|
||||
VAR_FOR_DOWNSTREAM = 541, /* VAR_FOR_DOWNSTREAM */
|
||||
VAR_FALLBACK_ENABLED = 542, /* VAR_FALLBACK_ENABLED */
|
||||
VAR_TLS_ADDITIONAL_PORT = 543, /* VAR_TLS_ADDITIONAL_PORT */
|
||||
VAR_LOW_RTT = 544, /* VAR_LOW_RTT */
|
||||
VAR_LOW_RTT_PERMIL = 545, /* VAR_LOW_RTT_PERMIL */
|
||||
VAR_FAST_SERVER_PERMIL = 546, /* VAR_FAST_SERVER_PERMIL */
|
||||
VAR_FAST_SERVER_NUM = 547, /* VAR_FAST_SERVER_NUM */
|
||||
VAR_ALLOW_NOTIFY = 548, /* VAR_ALLOW_NOTIFY */
|
||||
VAR_TLS_WIN_CERT = 549, /* VAR_TLS_WIN_CERT */
|
||||
VAR_TCP_CONNECTION_LIMIT = 550, /* VAR_TCP_CONNECTION_LIMIT */
|
||||
VAR_FORWARD_NO_CACHE = 551, /* VAR_FORWARD_NO_CACHE */
|
||||
VAR_STUB_NO_CACHE = 552, /* VAR_STUB_NO_CACHE */
|
||||
VAR_LOG_SERVFAIL = 553, /* VAR_LOG_SERVFAIL */
|
||||
VAR_DENY_ANY = 554, /* VAR_DENY_ANY */
|
||||
VAR_UNKNOWN_SERVER_TIME_LIMIT = 555, /* VAR_UNKNOWN_SERVER_TIME_LIMIT */
|
||||
VAR_LOG_TAG_QUERYREPLY = 556, /* VAR_LOG_TAG_QUERYREPLY */
|
||||
VAR_STREAM_WAIT_SIZE = 557, /* VAR_STREAM_WAIT_SIZE */
|
||||
VAR_TLS_CIPHERS = 558, /* VAR_TLS_CIPHERS */
|
||||
VAR_TLS_CIPHERSUITES = 559, /* VAR_TLS_CIPHERSUITES */
|
||||
VAR_TLS_USE_SNI = 560, /* VAR_TLS_USE_SNI */
|
||||
VAR_IPSET = 561, /* VAR_IPSET */
|
||||
VAR_IPSET_NAME_V4 = 562, /* VAR_IPSET_NAME_V4 */
|
||||
VAR_IPSET_NAME_V6 = 563, /* VAR_IPSET_NAME_V6 */
|
||||
VAR_TLS_SESSION_TICKET_KEYS = 564, /* VAR_TLS_SESSION_TICKET_KEYS */
|
||||
VAR_RPZ = 565, /* VAR_RPZ */
|
||||
VAR_TAGS = 566, /* VAR_TAGS */
|
||||
VAR_RPZ_ACTION_OVERRIDE = 567, /* VAR_RPZ_ACTION_OVERRIDE */
|
||||
VAR_RPZ_CNAME_OVERRIDE = 568, /* VAR_RPZ_CNAME_OVERRIDE */
|
||||
VAR_RPZ_LOG = 569, /* VAR_RPZ_LOG */
|
||||
VAR_RPZ_LOG_NAME = 570, /* VAR_RPZ_LOG_NAME */
|
||||
VAR_DYNLIB = 571, /* VAR_DYNLIB */
|
||||
VAR_DYNLIB_FILE = 572, /* VAR_DYNLIB_FILE */
|
||||
VAR_EDNS_CLIENT_STRING = 573, /* VAR_EDNS_CLIENT_STRING */
|
||||
VAR_EDNS_CLIENT_STRING_OPCODE = 574, /* VAR_EDNS_CLIENT_STRING_OPCODE */
|
||||
VAR_NSID = 575, /* VAR_NSID */
|
||||
VAR_ZONEMD_PERMISSIVE_MODE = 576, /* VAR_ZONEMD_PERMISSIVE_MODE */
|
||||
VAR_ZONEMD_CHECK = 577, /* VAR_ZONEMD_CHECK */
|
||||
VAR_ZONEMD_REJECT_ABSENCE = 578, /* VAR_ZONEMD_REJECT_ABSENCE */
|
||||
VAR_RPZ_SIGNAL_NXDOMAIN_RA = 579, /* VAR_RPZ_SIGNAL_NXDOMAIN_RA */
|
||||
VAR_INTERFACE_AUTOMATIC_PORTS = 580, /* VAR_INTERFACE_AUTOMATIC_PORTS */
|
||||
VAR_EDE = 581 /* VAR_EDE */
|
||||
VAR_INFRA_CACHE_MAX_RTT = 419, /* VAR_INFRA_CACHE_MAX_RTT */
|
||||
VAR_INFRA_KEEP_PROBING = 420, /* VAR_INFRA_KEEP_PROBING */
|
||||
VAR_DNS64_PREFIX = 421, /* VAR_DNS64_PREFIX */
|
||||
VAR_DNS64_SYNTHALL = 422, /* VAR_DNS64_SYNTHALL */
|
||||
VAR_DNS64_IGNORE_AAAA = 423, /* VAR_DNS64_IGNORE_AAAA */
|
||||
VAR_DNSTAP = 424, /* VAR_DNSTAP */
|
||||
VAR_DNSTAP_ENABLE = 425, /* VAR_DNSTAP_ENABLE */
|
||||
VAR_DNSTAP_SOCKET_PATH = 426, /* VAR_DNSTAP_SOCKET_PATH */
|
||||
VAR_DNSTAP_IP = 427, /* VAR_DNSTAP_IP */
|
||||
VAR_DNSTAP_TLS = 428, /* VAR_DNSTAP_TLS */
|
||||
VAR_DNSTAP_TLS_SERVER_NAME = 429, /* VAR_DNSTAP_TLS_SERVER_NAME */
|
||||
VAR_DNSTAP_TLS_CERT_BUNDLE = 430, /* VAR_DNSTAP_TLS_CERT_BUNDLE */
|
||||
VAR_DNSTAP_TLS_CLIENT_KEY_FILE = 431, /* VAR_DNSTAP_TLS_CLIENT_KEY_FILE */
|
||||
VAR_DNSTAP_TLS_CLIENT_CERT_FILE = 432, /* VAR_DNSTAP_TLS_CLIENT_CERT_FILE */
|
||||
VAR_DNSTAP_SEND_IDENTITY = 433, /* VAR_DNSTAP_SEND_IDENTITY */
|
||||
VAR_DNSTAP_SEND_VERSION = 434, /* VAR_DNSTAP_SEND_VERSION */
|
||||
VAR_DNSTAP_BIDIRECTIONAL = 435, /* VAR_DNSTAP_BIDIRECTIONAL */
|
||||
VAR_DNSTAP_IDENTITY = 436, /* VAR_DNSTAP_IDENTITY */
|
||||
VAR_DNSTAP_VERSION = 437, /* VAR_DNSTAP_VERSION */
|
||||
VAR_DNSTAP_LOG_RESOLVER_QUERY_MESSAGES = 438, /* VAR_DNSTAP_LOG_RESOLVER_QUERY_MESSAGES */
|
||||
VAR_DNSTAP_LOG_RESOLVER_RESPONSE_MESSAGES = 439, /* VAR_DNSTAP_LOG_RESOLVER_RESPONSE_MESSAGES */
|
||||
VAR_DNSTAP_LOG_CLIENT_QUERY_MESSAGES = 440, /* VAR_DNSTAP_LOG_CLIENT_QUERY_MESSAGES */
|
||||
VAR_DNSTAP_LOG_CLIENT_RESPONSE_MESSAGES = 441, /* VAR_DNSTAP_LOG_CLIENT_RESPONSE_MESSAGES */
|
||||
VAR_DNSTAP_LOG_FORWARDER_QUERY_MESSAGES = 442, /* VAR_DNSTAP_LOG_FORWARDER_QUERY_MESSAGES */
|
||||
VAR_DNSTAP_LOG_FORWARDER_RESPONSE_MESSAGES = 443, /* VAR_DNSTAP_LOG_FORWARDER_RESPONSE_MESSAGES */
|
||||
VAR_RESPONSE_IP_TAG = 444, /* VAR_RESPONSE_IP_TAG */
|
||||
VAR_RESPONSE_IP = 445, /* VAR_RESPONSE_IP */
|
||||
VAR_RESPONSE_IP_DATA = 446, /* VAR_RESPONSE_IP_DATA */
|
||||
VAR_HARDEN_ALGO_DOWNGRADE = 447, /* VAR_HARDEN_ALGO_DOWNGRADE */
|
||||
VAR_IP_TRANSPARENT = 448, /* VAR_IP_TRANSPARENT */
|
||||
VAR_IP_DSCP = 449, /* VAR_IP_DSCP */
|
||||
VAR_DISABLE_DNSSEC_LAME_CHECK = 450, /* VAR_DISABLE_DNSSEC_LAME_CHECK */
|
||||
VAR_IP_RATELIMIT = 451, /* VAR_IP_RATELIMIT */
|
||||
VAR_IP_RATELIMIT_SLABS = 452, /* VAR_IP_RATELIMIT_SLABS */
|
||||
VAR_IP_RATELIMIT_SIZE = 453, /* VAR_IP_RATELIMIT_SIZE */
|
||||
VAR_RATELIMIT = 454, /* VAR_RATELIMIT */
|
||||
VAR_RATELIMIT_SLABS = 455, /* VAR_RATELIMIT_SLABS */
|
||||
VAR_RATELIMIT_SIZE = 456, /* VAR_RATELIMIT_SIZE */
|
||||
VAR_OUTBOUND_MSG_RETRY = 457, /* VAR_OUTBOUND_MSG_RETRY */
|
||||
VAR_RATELIMIT_FOR_DOMAIN = 458, /* VAR_RATELIMIT_FOR_DOMAIN */
|
||||
VAR_RATELIMIT_BELOW_DOMAIN = 459, /* VAR_RATELIMIT_BELOW_DOMAIN */
|
||||
VAR_IP_RATELIMIT_FACTOR = 460, /* VAR_IP_RATELIMIT_FACTOR */
|
||||
VAR_RATELIMIT_FACTOR = 461, /* VAR_RATELIMIT_FACTOR */
|
||||
VAR_IP_RATELIMIT_BACKOFF = 462, /* VAR_IP_RATELIMIT_BACKOFF */
|
||||
VAR_RATELIMIT_BACKOFF = 463, /* VAR_RATELIMIT_BACKOFF */
|
||||
VAR_SEND_CLIENT_SUBNET = 464, /* VAR_SEND_CLIENT_SUBNET */
|
||||
VAR_CLIENT_SUBNET_ZONE = 465, /* VAR_CLIENT_SUBNET_ZONE */
|
||||
VAR_CLIENT_SUBNET_ALWAYS_FORWARD = 466, /* VAR_CLIENT_SUBNET_ALWAYS_FORWARD */
|
||||
VAR_CLIENT_SUBNET_OPCODE = 467, /* VAR_CLIENT_SUBNET_OPCODE */
|
||||
VAR_MAX_CLIENT_SUBNET_IPV4 = 468, /* VAR_MAX_CLIENT_SUBNET_IPV4 */
|
||||
VAR_MAX_CLIENT_SUBNET_IPV6 = 469, /* VAR_MAX_CLIENT_SUBNET_IPV6 */
|
||||
VAR_MIN_CLIENT_SUBNET_IPV4 = 470, /* VAR_MIN_CLIENT_SUBNET_IPV4 */
|
||||
VAR_MIN_CLIENT_SUBNET_IPV6 = 471, /* VAR_MIN_CLIENT_SUBNET_IPV6 */
|
||||
VAR_MAX_ECS_TREE_SIZE_IPV4 = 472, /* VAR_MAX_ECS_TREE_SIZE_IPV4 */
|
||||
VAR_MAX_ECS_TREE_SIZE_IPV6 = 473, /* VAR_MAX_ECS_TREE_SIZE_IPV6 */
|
||||
VAR_CAPS_WHITELIST = 474, /* VAR_CAPS_WHITELIST */
|
||||
VAR_CACHE_MAX_NEGATIVE_TTL = 475, /* VAR_CACHE_MAX_NEGATIVE_TTL */
|
||||
VAR_PERMIT_SMALL_HOLDDOWN = 476, /* VAR_PERMIT_SMALL_HOLDDOWN */
|
||||
VAR_QNAME_MINIMISATION = 477, /* VAR_QNAME_MINIMISATION */
|
||||
VAR_QNAME_MINIMISATION_STRICT = 478, /* VAR_QNAME_MINIMISATION_STRICT */
|
||||
VAR_IP_FREEBIND = 479, /* VAR_IP_FREEBIND */
|
||||
VAR_DEFINE_TAG = 480, /* VAR_DEFINE_TAG */
|
||||
VAR_LOCAL_ZONE_TAG = 481, /* VAR_LOCAL_ZONE_TAG */
|
||||
VAR_ACCESS_CONTROL_TAG = 482, /* VAR_ACCESS_CONTROL_TAG */
|
||||
VAR_LOCAL_ZONE_OVERRIDE = 483, /* VAR_LOCAL_ZONE_OVERRIDE */
|
||||
VAR_ACCESS_CONTROL_TAG_ACTION = 484, /* VAR_ACCESS_CONTROL_TAG_ACTION */
|
||||
VAR_ACCESS_CONTROL_TAG_DATA = 485, /* VAR_ACCESS_CONTROL_TAG_DATA */
|
||||
VAR_VIEW = 486, /* VAR_VIEW */
|
||||
VAR_ACCESS_CONTROL_VIEW = 487, /* VAR_ACCESS_CONTROL_VIEW */
|
||||
VAR_VIEW_FIRST = 488, /* VAR_VIEW_FIRST */
|
||||
VAR_SERVE_EXPIRED = 489, /* VAR_SERVE_EXPIRED */
|
||||
VAR_SERVE_EXPIRED_TTL = 490, /* VAR_SERVE_EXPIRED_TTL */
|
||||
VAR_SERVE_EXPIRED_TTL_RESET = 491, /* VAR_SERVE_EXPIRED_TTL_RESET */
|
||||
VAR_SERVE_EXPIRED_REPLY_TTL = 492, /* VAR_SERVE_EXPIRED_REPLY_TTL */
|
||||
VAR_SERVE_EXPIRED_CLIENT_TIMEOUT = 493, /* VAR_SERVE_EXPIRED_CLIENT_TIMEOUT */
|
||||
VAR_EDE_SERVE_EXPIRED = 494, /* VAR_EDE_SERVE_EXPIRED */
|
||||
VAR_SERVE_ORIGINAL_TTL = 495, /* VAR_SERVE_ORIGINAL_TTL */
|
||||
VAR_FAKE_DSA = 496, /* VAR_FAKE_DSA */
|
||||
VAR_FAKE_SHA1 = 497, /* VAR_FAKE_SHA1 */
|
||||
VAR_LOG_IDENTITY = 498, /* VAR_LOG_IDENTITY */
|
||||
VAR_HIDE_TRUSTANCHOR = 499, /* VAR_HIDE_TRUSTANCHOR */
|
||||
VAR_HIDE_HTTP_USER_AGENT = 500, /* VAR_HIDE_HTTP_USER_AGENT */
|
||||
VAR_HTTP_USER_AGENT = 501, /* VAR_HTTP_USER_AGENT */
|
||||
VAR_TRUST_ANCHOR_SIGNALING = 502, /* VAR_TRUST_ANCHOR_SIGNALING */
|
||||
VAR_AGGRESSIVE_NSEC = 503, /* VAR_AGGRESSIVE_NSEC */
|
||||
VAR_USE_SYSTEMD = 504, /* VAR_USE_SYSTEMD */
|
||||
VAR_SHM_ENABLE = 505, /* VAR_SHM_ENABLE */
|
||||
VAR_SHM_KEY = 506, /* VAR_SHM_KEY */
|
||||
VAR_ROOT_KEY_SENTINEL = 507, /* VAR_ROOT_KEY_SENTINEL */
|
||||
VAR_DNSCRYPT = 508, /* VAR_DNSCRYPT */
|
||||
VAR_DNSCRYPT_ENABLE = 509, /* VAR_DNSCRYPT_ENABLE */
|
||||
VAR_DNSCRYPT_PORT = 510, /* VAR_DNSCRYPT_PORT */
|
||||
VAR_DNSCRYPT_PROVIDER = 511, /* VAR_DNSCRYPT_PROVIDER */
|
||||
VAR_DNSCRYPT_SECRET_KEY = 512, /* VAR_DNSCRYPT_SECRET_KEY */
|
||||
VAR_DNSCRYPT_PROVIDER_CERT = 513, /* VAR_DNSCRYPT_PROVIDER_CERT */
|
||||
VAR_DNSCRYPT_PROVIDER_CERT_ROTATED = 514, /* VAR_DNSCRYPT_PROVIDER_CERT_ROTATED */
|
||||
VAR_DNSCRYPT_SHARED_SECRET_CACHE_SIZE = 515, /* VAR_DNSCRYPT_SHARED_SECRET_CACHE_SIZE */
|
||||
VAR_DNSCRYPT_SHARED_SECRET_CACHE_SLABS = 516, /* VAR_DNSCRYPT_SHARED_SECRET_CACHE_SLABS */
|
||||
VAR_DNSCRYPT_NONCE_CACHE_SIZE = 517, /* VAR_DNSCRYPT_NONCE_CACHE_SIZE */
|
||||
VAR_DNSCRYPT_NONCE_CACHE_SLABS = 518, /* VAR_DNSCRYPT_NONCE_CACHE_SLABS */
|
||||
VAR_PAD_RESPONSES = 519, /* VAR_PAD_RESPONSES */
|
||||
VAR_PAD_RESPONSES_BLOCK_SIZE = 520, /* VAR_PAD_RESPONSES_BLOCK_SIZE */
|
||||
VAR_PAD_QUERIES = 521, /* VAR_PAD_QUERIES */
|
||||
VAR_PAD_QUERIES_BLOCK_SIZE = 522, /* VAR_PAD_QUERIES_BLOCK_SIZE */
|
||||
VAR_IPSECMOD_ENABLED = 523, /* VAR_IPSECMOD_ENABLED */
|
||||
VAR_IPSECMOD_HOOK = 524, /* VAR_IPSECMOD_HOOK */
|
||||
VAR_IPSECMOD_IGNORE_BOGUS = 525, /* VAR_IPSECMOD_IGNORE_BOGUS */
|
||||
VAR_IPSECMOD_MAX_TTL = 526, /* VAR_IPSECMOD_MAX_TTL */
|
||||
VAR_IPSECMOD_WHITELIST = 527, /* VAR_IPSECMOD_WHITELIST */
|
||||
VAR_IPSECMOD_STRICT = 528, /* VAR_IPSECMOD_STRICT */
|
||||
VAR_CACHEDB = 529, /* VAR_CACHEDB */
|
||||
VAR_CACHEDB_BACKEND = 530, /* VAR_CACHEDB_BACKEND */
|
||||
VAR_CACHEDB_SECRETSEED = 531, /* VAR_CACHEDB_SECRETSEED */
|
||||
VAR_CACHEDB_REDISHOST = 532, /* VAR_CACHEDB_REDISHOST */
|
||||
VAR_CACHEDB_REDISPORT = 533, /* VAR_CACHEDB_REDISPORT */
|
||||
VAR_CACHEDB_REDISTIMEOUT = 534, /* VAR_CACHEDB_REDISTIMEOUT */
|
||||
VAR_CACHEDB_REDISEXPIRERECORDS = 535, /* VAR_CACHEDB_REDISEXPIRERECORDS */
|
||||
VAR_UDP_UPSTREAM_WITHOUT_DOWNSTREAM = 536, /* VAR_UDP_UPSTREAM_WITHOUT_DOWNSTREAM */
|
||||
VAR_FOR_UPSTREAM = 537, /* VAR_FOR_UPSTREAM */
|
||||
VAR_AUTH_ZONE = 538, /* VAR_AUTH_ZONE */
|
||||
VAR_ZONEFILE = 539, /* VAR_ZONEFILE */
|
||||
VAR_MASTER = 540, /* VAR_MASTER */
|
||||
VAR_URL = 541, /* VAR_URL */
|
||||
VAR_FOR_DOWNSTREAM = 542, /* VAR_FOR_DOWNSTREAM */
|
||||
VAR_FALLBACK_ENABLED = 543, /* VAR_FALLBACK_ENABLED */
|
||||
VAR_TLS_ADDITIONAL_PORT = 544, /* VAR_TLS_ADDITIONAL_PORT */
|
||||
VAR_LOW_RTT = 545, /* VAR_LOW_RTT */
|
||||
VAR_LOW_RTT_PERMIL = 546, /* VAR_LOW_RTT_PERMIL */
|
||||
VAR_FAST_SERVER_PERMIL = 547, /* VAR_FAST_SERVER_PERMIL */
|
||||
VAR_FAST_SERVER_NUM = 548, /* VAR_FAST_SERVER_NUM */
|
||||
VAR_ALLOW_NOTIFY = 549, /* VAR_ALLOW_NOTIFY */
|
||||
VAR_TLS_WIN_CERT = 550, /* VAR_TLS_WIN_CERT */
|
||||
VAR_TCP_CONNECTION_LIMIT = 551, /* VAR_TCP_CONNECTION_LIMIT */
|
||||
VAR_FORWARD_NO_CACHE = 552, /* VAR_FORWARD_NO_CACHE */
|
||||
VAR_STUB_NO_CACHE = 553, /* VAR_STUB_NO_CACHE */
|
||||
VAR_LOG_SERVFAIL = 554, /* VAR_LOG_SERVFAIL */
|
||||
VAR_DENY_ANY = 555, /* VAR_DENY_ANY */
|
||||
VAR_UNKNOWN_SERVER_TIME_LIMIT = 556, /* VAR_UNKNOWN_SERVER_TIME_LIMIT */
|
||||
VAR_LOG_TAG_QUERYREPLY = 557, /* VAR_LOG_TAG_QUERYREPLY */
|
||||
VAR_STREAM_WAIT_SIZE = 558, /* VAR_STREAM_WAIT_SIZE */
|
||||
VAR_TLS_CIPHERS = 559, /* VAR_TLS_CIPHERS */
|
||||
VAR_TLS_CIPHERSUITES = 560, /* VAR_TLS_CIPHERSUITES */
|
||||
VAR_TLS_USE_SNI = 561, /* VAR_TLS_USE_SNI */
|
||||
VAR_IPSET = 562, /* VAR_IPSET */
|
||||
VAR_IPSET_NAME_V4 = 563, /* VAR_IPSET_NAME_V4 */
|
||||
VAR_IPSET_NAME_V6 = 564, /* VAR_IPSET_NAME_V6 */
|
||||
VAR_TLS_SESSION_TICKET_KEYS = 565, /* VAR_TLS_SESSION_TICKET_KEYS */
|
||||
VAR_RPZ = 566, /* VAR_RPZ */
|
||||
VAR_TAGS = 567, /* VAR_TAGS */
|
||||
VAR_RPZ_ACTION_OVERRIDE = 568, /* VAR_RPZ_ACTION_OVERRIDE */
|
||||
VAR_RPZ_CNAME_OVERRIDE = 569, /* VAR_RPZ_CNAME_OVERRIDE */
|
||||
VAR_RPZ_LOG = 570, /* VAR_RPZ_LOG */
|
||||
VAR_RPZ_LOG_NAME = 571, /* VAR_RPZ_LOG_NAME */
|
||||
VAR_DYNLIB = 572, /* VAR_DYNLIB */
|
||||
VAR_DYNLIB_FILE = 573, /* VAR_DYNLIB_FILE */
|
||||
VAR_EDNS_CLIENT_STRING = 574, /* VAR_EDNS_CLIENT_STRING */
|
||||
VAR_EDNS_CLIENT_STRING_OPCODE = 575, /* VAR_EDNS_CLIENT_STRING_OPCODE */
|
||||
VAR_NSID = 576, /* VAR_NSID */
|
||||
VAR_ZONEMD_PERMISSIVE_MODE = 577, /* VAR_ZONEMD_PERMISSIVE_MODE */
|
||||
VAR_ZONEMD_CHECK = 578, /* VAR_ZONEMD_CHECK */
|
||||
VAR_ZONEMD_REJECT_ABSENCE = 579, /* VAR_ZONEMD_REJECT_ABSENCE */
|
||||
VAR_RPZ_SIGNAL_NXDOMAIN_RA = 580, /* VAR_RPZ_SIGNAL_NXDOMAIN_RA */
|
||||
VAR_INTERFACE_AUTOMATIC_PORTS = 581, /* VAR_INTERFACE_AUTOMATIC_PORTS */
|
||||
VAR_EDE = 582 /* VAR_EDE */
|
||||
};
|
||||
typedef enum yytokentype yytoken_kind_t;
|
||||
#endif
|
||||
|
@ -547,169 +548,170 @@ extern int yydebug;
|
|||
#define VAR_UNBLOCK_LAN_ZONES 416
|
||||
#define VAR_INSECURE_LAN_ZONES 417
|
||||
#define VAR_INFRA_CACHE_MIN_RTT 418
|
||||
#define VAR_INFRA_KEEP_PROBING 419
|
||||
#define VAR_DNS64_PREFIX 420
|
||||
#define VAR_DNS64_SYNTHALL 421
|
||||
#define VAR_DNS64_IGNORE_AAAA 422
|
||||
#define VAR_DNSTAP 423
|
||||
#define VAR_DNSTAP_ENABLE 424
|
||||
#define VAR_DNSTAP_SOCKET_PATH 425
|
||||
#define VAR_DNSTAP_IP 426
|
||||
#define VAR_DNSTAP_TLS 427
|
||||
#define VAR_DNSTAP_TLS_SERVER_NAME 428
|
||||
#define VAR_DNSTAP_TLS_CERT_BUNDLE 429
|
||||
#define VAR_DNSTAP_TLS_CLIENT_KEY_FILE 430
|
||||
#define VAR_DNSTAP_TLS_CLIENT_CERT_FILE 431
|
||||
#define VAR_DNSTAP_SEND_IDENTITY 432
|
||||
#define VAR_DNSTAP_SEND_VERSION 433
|
||||
#define VAR_DNSTAP_BIDIRECTIONAL 434
|
||||
#define VAR_DNSTAP_IDENTITY 435
|
||||
#define VAR_DNSTAP_VERSION 436
|
||||
#define VAR_DNSTAP_LOG_RESOLVER_QUERY_MESSAGES 437
|
||||
#define VAR_DNSTAP_LOG_RESOLVER_RESPONSE_MESSAGES 438
|
||||
#define VAR_DNSTAP_LOG_CLIENT_QUERY_MESSAGES 439
|
||||
#define VAR_DNSTAP_LOG_CLIENT_RESPONSE_MESSAGES 440
|
||||
#define VAR_DNSTAP_LOG_FORWARDER_QUERY_MESSAGES 441
|
||||
#define VAR_DNSTAP_LOG_FORWARDER_RESPONSE_MESSAGES 442
|
||||
#define VAR_RESPONSE_IP_TAG 443
|
||||
#define VAR_RESPONSE_IP 444
|
||||
#define VAR_RESPONSE_IP_DATA 445
|
||||
#define VAR_HARDEN_ALGO_DOWNGRADE 446
|
||||
#define VAR_IP_TRANSPARENT 447
|
||||
#define VAR_IP_DSCP 448
|
||||
#define VAR_DISABLE_DNSSEC_LAME_CHECK 449
|
||||
#define VAR_IP_RATELIMIT 450
|
||||
#define VAR_IP_RATELIMIT_SLABS 451
|
||||
#define VAR_IP_RATELIMIT_SIZE 452
|
||||
#define VAR_RATELIMIT 453
|
||||
#define VAR_RATELIMIT_SLABS 454
|
||||
#define VAR_RATELIMIT_SIZE 455
|
||||
#define VAR_OUTBOUND_MSG_RETRY 456
|
||||
#define VAR_RATELIMIT_FOR_DOMAIN 457
|
||||
#define VAR_RATELIMIT_BELOW_DOMAIN 458
|
||||
#define VAR_IP_RATELIMIT_FACTOR 459
|
||||
#define VAR_RATELIMIT_FACTOR 460
|
||||
#define VAR_IP_RATELIMIT_BACKOFF 461
|
||||
#define VAR_RATELIMIT_BACKOFF 462
|
||||
#define VAR_SEND_CLIENT_SUBNET 463
|
||||
#define VAR_CLIENT_SUBNET_ZONE 464
|
||||
#define VAR_CLIENT_SUBNET_ALWAYS_FORWARD 465
|
||||
#define VAR_CLIENT_SUBNET_OPCODE 466
|
||||
#define VAR_MAX_CLIENT_SUBNET_IPV4 467
|
||||
#define VAR_MAX_CLIENT_SUBNET_IPV6 468
|
||||
#define VAR_MIN_CLIENT_SUBNET_IPV4 469
|
||||
#define VAR_MIN_CLIENT_SUBNET_IPV6 470
|
||||
#define VAR_MAX_ECS_TREE_SIZE_IPV4 471
|
||||
#define VAR_MAX_ECS_TREE_SIZE_IPV6 472
|
||||
#define VAR_CAPS_WHITELIST 473
|
||||
#define VAR_CACHE_MAX_NEGATIVE_TTL 474
|
||||
#define VAR_PERMIT_SMALL_HOLDDOWN 475
|
||||
#define VAR_QNAME_MINIMISATION 476
|
||||
#define VAR_QNAME_MINIMISATION_STRICT 477
|
||||
#define VAR_IP_FREEBIND 478
|
||||
#define VAR_DEFINE_TAG 479
|
||||
#define VAR_LOCAL_ZONE_TAG 480
|
||||
#define VAR_ACCESS_CONTROL_TAG 481
|
||||
#define VAR_LOCAL_ZONE_OVERRIDE 482
|
||||
#define VAR_ACCESS_CONTROL_TAG_ACTION 483
|
||||
#define VAR_ACCESS_CONTROL_TAG_DATA 484
|
||||
#define VAR_VIEW 485
|
||||
#define VAR_ACCESS_CONTROL_VIEW 486
|
||||
#define VAR_VIEW_FIRST 487
|
||||
#define VAR_SERVE_EXPIRED 488
|
||||
#define VAR_SERVE_EXPIRED_TTL 489
|
||||
#define VAR_SERVE_EXPIRED_TTL_RESET 490
|
||||
#define VAR_SERVE_EXPIRED_REPLY_TTL 491
|
||||
#define VAR_SERVE_EXPIRED_CLIENT_TIMEOUT 492
|
||||
#define VAR_EDE_SERVE_EXPIRED 493
|
||||
#define VAR_SERVE_ORIGINAL_TTL 494
|
||||
#define VAR_FAKE_DSA 495
|
||||
#define VAR_FAKE_SHA1 496
|
||||
#define VAR_LOG_IDENTITY 497
|
||||
#define VAR_HIDE_TRUSTANCHOR 498
|
||||
#define VAR_HIDE_HTTP_USER_AGENT 499
|
||||
#define VAR_HTTP_USER_AGENT 500
|
||||
#define VAR_TRUST_ANCHOR_SIGNALING 501
|
||||
#define VAR_AGGRESSIVE_NSEC 502
|
||||
#define VAR_USE_SYSTEMD 503
|
||||
#define VAR_SHM_ENABLE 504
|
||||
#define VAR_SHM_KEY 505
|
||||
#define VAR_ROOT_KEY_SENTINEL 506
|
||||
#define VAR_DNSCRYPT 507
|
||||
#define VAR_DNSCRYPT_ENABLE 508
|
||||
#define VAR_DNSCRYPT_PORT 509
|
||||
#define VAR_DNSCRYPT_PROVIDER 510
|
||||
#define VAR_DNSCRYPT_SECRET_KEY 511
|
||||
#define VAR_DNSCRYPT_PROVIDER_CERT 512
|
||||
#define VAR_DNSCRYPT_PROVIDER_CERT_ROTATED 513
|
||||
#define VAR_DNSCRYPT_SHARED_SECRET_CACHE_SIZE 514
|
||||
#define VAR_DNSCRYPT_SHARED_SECRET_CACHE_SLABS 515
|
||||
#define VAR_DNSCRYPT_NONCE_CACHE_SIZE 516
|
||||
#define VAR_DNSCRYPT_NONCE_CACHE_SLABS 517
|
||||
#define VAR_PAD_RESPONSES 518
|
||||
#define VAR_PAD_RESPONSES_BLOCK_SIZE 519
|
||||
#define VAR_PAD_QUERIES 520
|
||||
#define VAR_PAD_QUERIES_BLOCK_SIZE 521
|
||||
#define VAR_IPSECMOD_ENABLED 522
|
||||
#define VAR_IPSECMOD_HOOK 523
|
||||
#define VAR_IPSECMOD_IGNORE_BOGUS 524
|
||||
#define VAR_IPSECMOD_MAX_TTL 525
|
||||
#define VAR_IPSECMOD_WHITELIST 526
|
||||
#define VAR_IPSECMOD_STRICT 527
|
||||
#define VAR_CACHEDB 528
|
||||
#define VAR_CACHEDB_BACKEND 529
|
||||
#define VAR_CACHEDB_SECRETSEED 530
|
||||
#define VAR_CACHEDB_REDISHOST 531
|
||||
#define VAR_CACHEDB_REDISPORT 532
|
||||
#define VAR_CACHEDB_REDISTIMEOUT 533
|
||||
#define VAR_CACHEDB_REDISEXPIRERECORDS 534
|
||||
#define VAR_UDP_UPSTREAM_WITHOUT_DOWNSTREAM 535
|
||||
#define VAR_FOR_UPSTREAM 536
|
||||
#define VAR_AUTH_ZONE 537
|
||||
#define VAR_ZONEFILE 538
|
||||
#define VAR_MASTER 539
|
||||
#define VAR_URL 540
|
||||
#define VAR_FOR_DOWNSTREAM 541
|
||||
#define VAR_FALLBACK_ENABLED 542
|
||||
#define VAR_TLS_ADDITIONAL_PORT 543
|
||||
#define VAR_LOW_RTT 544
|
||||
#define VAR_LOW_RTT_PERMIL 545
|
||||
#define VAR_FAST_SERVER_PERMIL 546
|
||||
#define VAR_FAST_SERVER_NUM 547
|
||||
#define VAR_ALLOW_NOTIFY 548
|
||||
#define VAR_TLS_WIN_CERT 549
|
||||
#define VAR_TCP_CONNECTION_LIMIT 550
|
||||
#define VAR_FORWARD_NO_CACHE 551
|
||||
#define VAR_STUB_NO_CACHE 552
|
||||
#define VAR_LOG_SERVFAIL 553
|
||||
#define VAR_DENY_ANY 554
|
||||
#define VAR_UNKNOWN_SERVER_TIME_LIMIT 555
|
||||
#define VAR_LOG_TAG_QUERYREPLY 556
|
||||
#define VAR_STREAM_WAIT_SIZE 557
|
||||
#define VAR_TLS_CIPHERS 558
|
||||
#define VAR_TLS_CIPHERSUITES 559
|
||||
#define VAR_TLS_USE_SNI 560
|
||||
#define VAR_IPSET 561
|
||||
#define VAR_IPSET_NAME_V4 562
|
||||
#define VAR_IPSET_NAME_V6 563
|
||||
#define VAR_TLS_SESSION_TICKET_KEYS 564
|
||||
#define VAR_RPZ 565
|
||||
#define VAR_TAGS 566
|
||||
#define VAR_RPZ_ACTION_OVERRIDE 567
|
||||
#define VAR_RPZ_CNAME_OVERRIDE 568
|
||||
#define VAR_RPZ_LOG 569
|
||||
#define VAR_RPZ_LOG_NAME 570
|
||||
#define VAR_DYNLIB 571
|
||||
#define VAR_DYNLIB_FILE 572
|
||||
#define VAR_EDNS_CLIENT_STRING 573
|
||||
#define VAR_EDNS_CLIENT_STRING_OPCODE 574
|
||||
#define VAR_NSID 575
|
||||
#define VAR_ZONEMD_PERMISSIVE_MODE 576
|
||||
#define VAR_ZONEMD_CHECK 577
|
||||
#define VAR_ZONEMD_REJECT_ABSENCE 578
|
||||
#define VAR_RPZ_SIGNAL_NXDOMAIN_RA 579
|
||||
#define VAR_INTERFACE_AUTOMATIC_PORTS 580
|
||||
#define VAR_EDE 581
|
||||
#define VAR_INFRA_CACHE_MAX_RTT 419
|
||||
#define VAR_INFRA_KEEP_PROBING 420
|
||||
#define VAR_DNS64_PREFIX 421
|
||||
#define VAR_DNS64_SYNTHALL 422
|
||||
#define VAR_DNS64_IGNORE_AAAA 423
|
||||
#define VAR_DNSTAP 424
|
||||
#define VAR_DNSTAP_ENABLE 425
|
||||
#define VAR_DNSTAP_SOCKET_PATH 426
|
||||
#define VAR_DNSTAP_IP 427
|
||||
#define VAR_DNSTAP_TLS 428
|
||||
#define VAR_DNSTAP_TLS_SERVER_NAME 429
|
||||
#define VAR_DNSTAP_TLS_CERT_BUNDLE 430
|
||||
#define VAR_DNSTAP_TLS_CLIENT_KEY_FILE 431
|
||||
#define VAR_DNSTAP_TLS_CLIENT_CERT_FILE 432
|
||||
#define VAR_DNSTAP_SEND_IDENTITY 433
|
||||
#define VAR_DNSTAP_SEND_VERSION 434
|
||||
#define VAR_DNSTAP_BIDIRECTIONAL 435
|
||||
#define VAR_DNSTAP_IDENTITY 436
|
||||
#define VAR_DNSTAP_VERSION 437
|
||||
#define VAR_DNSTAP_LOG_RESOLVER_QUERY_MESSAGES 438
|
||||
#define VAR_DNSTAP_LOG_RESOLVER_RESPONSE_MESSAGES 439
|
||||
#define VAR_DNSTAP_LOG_CLIENT_QUERY_MESSAGES 440
|
||||
#define VAR_DNSTAP_LOG_CLIENT_RESPONSE_MESSAGES 441
|
||||
#define VAR_DNSTAP_LOG_FORWARDER_QUERY_MESSAGES 442
|
||||
#define VAR_DNSTAP_LOG_FORWARDER_RESPONSE_MESSAGES 443
|
||||
#define VAR_RESPONSE_IP_TAG 444
|
||||
#define VAR_RESPONSE_IP 445
|
||||
#define VAR_RESPONSE_IP_DATA 446
|
||||
#define VAR_HARDEN_ALGO_DOWNGRADE 447
|
||||
#define VAR_IP_TRANSPARENT 448
|
||||
#define VAR_IP_DSCP 449
|
||||
#define VAR_DISABLE_DNSSEC_LAME_CHECK 450
|
||||
#define VAR_IP_RATELIMIT 451
|
||||
#define VAR_IP_RATELIMIT_SLABS 452
|
||||
#define VAR_IP_RATELIMIT_SIZE 453
|
||||
#define VAR_RATELIMIT 454
|
||||
#define VAR_RATELIMIT_SLABS 455
|
||||
#define VAR_RATELIMIT_SIZE 456
|
||||
#define VAR_OUTBOUND_MSG_RETRY 457
|
||||
#define VAR_RATELIMIT_FOR_DOMAIN 458
|
||||
#define VAR_RATELIMIT_BELOW_DOMAIN 459
|
||||
#define VAR_IP_RATELIMIT_FACTOR 460
|
||||
#define VAR_RATELIMIT_FACTOR 461
|
||||
#define VAR_IP_RATELIMIT_BACKOFF 462
|
||||
#define VAR_RATELIMIT_BACKOFF 463
|
||||
#define VAR_SEND_CLIENT_SUBNET 464
|
||||
#define VAR_CLIENT_SUBNET_ZONE 465
|
||||
#define VAR_CLIENT_SUBNET_ALWAYS_FORWARD 466
|
||||
#define VAR_CLIENT_SUBNET_OPCODE 467
|
||||
#define VAR_MAX_CLIENT_SUBNET_IPV4 468
|
||||
#define VAR_MAX_CLIENT_SUBNET_IPV6 469
|
||||
#define VAR_MIN_CLIENT_SUBNET_IPV4 470
|
||||
#define VAR_MIN_CLIENT_SUBNET_IPV6 471
|
||||
#define VAR_MAX_ECS_TREE_SIZE_IPV4 472
|
||||
#define VAR_MAX_ECS_TREE_SIZE_IPV6 473
|
||||
#define VAR_CAPS_WHITELIST 474
|
||||
#define VAR_CACHE_MAX_NEGATIVE_TTL 475
|
||||
#define VAR_PERMIT_SMALL_HOLDDOWN 476
|
||||
#define VAR_QNAME_MINIMISATION 477
|
||||
#define VAR_QNAME_MINIMISATION_STRICT 478
|
||||
#define VAR_IP_FREEBIND 479
|
||||
#define VAR_DEFINE_TAG 480
|
||||
#define VAR_LOCAL_ZONE_TAG 481
|
||||
#define VAR_ACCESS_CONTROL_TAG 482
|
||||
#define VAR_LOCAL_ZONE_OVERRIDE 483
|
||||
#define VAR_ACCESS_CONTROL_TAG_ACTION 484
|
||||
#define VAR_ACCESS_CONTROL_TAG_DATA 485
|
||||
#define VAR_VIEW 486
|
||||
#define VAR_ACCESS_CONTROL_VIEW 487
|
||||
#define VAR_VIEW_FIRST 488
|
||||
#define VAR_SERVE_EXPIRED 489
|
||||
#define VAR_SERVE_EXPIRED_TTL 490
|
||||
#define VAR_SERVE_EXPIRED_TTL_RESET 491
|
||||
#define VAR_SERVE_EXPIRED_REPLY_TTL 492
|
||||
#define VAR_SERVE_EXPIRED_CLIENT_TIMEOUT 493
|
||||
#define VAR_EDE_SERVE_EXPIRED 494
|
||||
#define VAR_SERVE_ORIGINAL_TTL 495
|
||||
#define VAR_FAKE_DSA 496
|
||||
#define VAR_FAKE_SHA1 497
|
||||
#define VAR_LOG_IDENTITY 498
|
||||
#define VAR_HIDE_TRUSTANCHOR 499
|
||||
#define VAR_HIDE_HTTP_USER_AGENT 500
|
||||
#define VAR_HTTP_USER_AGENT 501
|
||||
#define VAR_TRUST_ANCHOR_SIGNALING 502
|
||||
#define VAR_AGGRESSIVE_NSEC 503
|
||||
#define VAR_USE_SYSTEMD 504
|
||||
#define VAR_SHM_ENABLE 505
|
||||
#define VAR_SHM_KEY 506
|
||||
#define VAR_ROOT_KEY_SENTINEL 507
|
||||
#define VAR_DNSCRYPT 508
|
||||
#define VAR_DNSCRYPT_ENABLE 509
|
||||
#define VAR_DNSCRYPT_PORT 510
|
||||
#define VAR_DNSCRYPT_PROVIDER 511
|
||||
#define VAR_DNSCRYPT_SECRET_KEY 512
|
||||
#define VAR_DNSCRYPT_PROVIDER_CERT 513
|
||||
#define VAR_DNSCRYPT_PROVIDER_CERT_ROTATED 514
|
||||
#define VAR_DNSCRYPT_SHARED_SECRET_CACHE_SIZE 515
|
||||
#define VAR_DNSCRYPT_SHARED_SECRET_CACHE_SLABS 516
|
||||
#define VAR_DNSCRYPT_NONCE_CACHE_SIZE 517
|
||||
#define VAR_DNSCRYPT_NONCE_CACHE_SLABS 518
|
||||
#define VAR_PAD_RESPONSES 519
|
||||
#define VAR_PAD_RESPONSES_BLOCK_SIZE 520
|
||||
#define VAR_PAD_QUERIES 521
|
||||
#define VAR_PAD_QUERIES_BLOCK_SIZE 522
|
||||
#define VAR_IPSECMOD_ENABLED 523
|
||||
#define VAR_IPSECMOD_HOOK 524
|
||||
#define VAR_IPSECMOD_IGNORE_BOGUS 525
|
||||
#define VAR_IPSECMOD_MAX_TTL 526
|
||||
#define VAR_IPSECMOD_WHITELIST 527
|
||||
#define VAR_IPSECMOD_STRICT 528
|
||||
#define VAR_CACHEDB 529
|
||||
#define VAR_CACHEDB_BACKEND 530
|
||||
#define VAR_CACHEDB_SECRETSEED 531
|
||||
#define VAR_CACHEDB_REDISHOST 532
|
||||
#define VAR_CACHEDB_REDISPORT 533
|
||||
#define VAR_CACHEDB_REDISTIMEOUT 534
|
||||
#define VAR_CACHEDB_REDISEXPIRERECORDS 535
|
||||
#define VAR_UDP_UPSTREAM_WITHOUT_DOWNSTREAM 536
|
||||
#define VAR_FOR_UPSTREAM 537
|
||||
#define VAR_AUTH_ZONE 538
|
||||
#define VAR_ZONEFILE 539
|
||||
#define VAR_MASTER 540
|
||||
#define VAR_URL 541
|
||||
#define VAR_FOR_DOWNSTREAM 542
|
||||
#define VAR_FALLBACK_ENABLED 543
|
||||
#define VAR_TLS_ADDITIONAL_PORT 544
|
||||
#define VAR_LOW_RTT 545
|
||||
#define VAR_LOW_RTT_PERMIL 546
|
||||
#define VAR_FAST_SERVER_PERMIL 547
|
||||
#define VAR_FAST_SERVER_NUM 548
|
||||
#define VAR_ALLOW_NOTIFY 549
|
||||
#define VAR_TLS_WIN_CERT 550
|
||||
#define VAR_TCP_CONNECTION_LIMIT 551
|
||||
#define VAR_FORWARD_NO_CACHE 552
|
||||
#define VAR_STUB_NO_CACHE 553
|
||||
#define VAR_LOG_SERVFAIL 554
|
||||
#define VAR_DENY_ANY 555
|
||||
#define VAR_UNKNOWN_SERVER_TIME_LIMIT 556
|
||||
#define VAR_LOG_TAG_QUERYREPLY 557
|
||||
#define VAR_STREAM_WAIT_SIZE 558
|
||||
#define VAR_TLS_CIPHERS 559
|
||||
#define VAR_TLS_CIPHERSUITES 560
|
||||
#define VAR_TLS_USE_SNI 561
|
||||
#define VAR_IPSET 562
|
||||
#define VAR_IPSET_NAME_V4 563
|
||||
#define VAR_IPSET_NAME_V6 564
|
||||
#define VAR_TLS_SESSION_TICKET_KEYS 565
|
||||
#define VAR_RPZ 566
|
||||
#define VAR_TAGS 567
|
||||
#define VAR_RPZ_ACTION_OVERRIDE 568
|
||||
#define VAR_RPZ_CNAME_OVERRIDE 569
|
||||
#define VAR_RPZ_LOG 570
|
||||
#define VAR_RPZ_LOG_NAME 571
|
||||
#define VAR_DYNLIB 572
|
||||
#define VAR_DYNLIB_FILE 573
|
||||
#define VAR_EDNS_CLIENT_STRING 574
|
||||
#define VAR_EDNS_CLIENT_STRING_OPCODE 575
|
||||
#define VAR_NSID 576
|
||||
#define VAR_ZONEMD_PERMISSIVE_MODE 577
|
||||
#define VAR_ZONEMD_CHECK 578
|
||||
#define VAR_ZONEMD_REJECT_ABSENCE 579
|
||||
#define VAR_RPZ_SIGNAL_NXDOMAIN_RA 580
|
||||
#define VAR_INTERFACE_AUTOMATIC_PORTS 581
|
||||
#define VAR_EDE 582
|
||||
|
||||
/* Value type. */
|
||||
#if ! defined YYSTYPE && ! defined YYSTYPE_IS_DECLARED
|
||||
|
@ -719,7 +721,7 @@ union YYSTYPE
|
|||
|
||||
char* str;
|
||||
|
||||
#line 723 "util/configparser.h"
|
||||
#line 725 "util/configparser.h"
|
||||
|
||||
};
|
||||
typedef union YYSTYPE YYSTYPE;
|
||||
|
|
|
@ -120,7 +120,7 @@ extern struct config_parser_state* cfg_parser;
|
|||
%token VAR_STUB_FIRST VAR_MINIMAL_RESPONSES VAR_RRSET_ROUNDROBIN
|
||||
%token VAR_MAX_UDP_SIZE VAR_DELAY_CLOSE VAR_UDP_CONNECT
|
||||
%token VAR_UNBLOCK_LAN_ZONES VAR_INSECURE_LAN_ZONES
|
||||
%token VAR_INFRA_CACHE_MIN_RTT VAR_INFRA_KEEP_PROBING
|
||||
%token VAR_INFRA_CACHE_MIN_RTT VAR_INFRA_CACHE_MAX_RTT VAR_INFRA_KEEP_PROBING
|
||||
%token VAR_DNS64_PREFIX VAR_DNS64_SYNTHALL VAR_DNS64_IGNORE_AAAA
|
||||
%token VAR_DNSTAP VAR_DNSTAP_ENABLE VAR_DNSTAP_SOCKET_PATH VAR_DNSTAP_IP
|
||||
%token VAR_DNSTAP_TLS VAR_DNSTAP_TLS_SERVER_NAME VAR_DNSTAP_TLS_CERT_BUNDLE
|
||||
|
@ -267,7 +267,7 @@ content_server: server_num_threads | server_verbosity | server_port |
|
|||
server_so_reuseport | server_delay_close | server_udp_connect |
|
||||
server_unblock_lan_zones | server_insecure_lan_zones |
|
||||
server_dns64_prefix | server_dns64_synthall | server_dns64_ignore_aaaa |
|
||||
server_infra_cache_min_rtt | server_harden_algo_downgrade |
|
||||
server_infra_cache_min_rtt | server_infra_cache_max_rtt | server_harden_algo_downgrade |
|
||||
server_ip_transparent | server_ip_ratelimit | server_ratelimit |
|
||||
server_ip_dscp | server_infra_keep_probing |
|
||||
server_ip_ratelimit_slabs | server_ratelimit_slabs |
|
||||
|
@ -1659,6 +1659,15 @@ server_infra_cache_min_rtt: VAR_INFRA_CACHE_MIN_RTT STRING_ARG
|
|||
free($2);
|
||||
}
|
||||
;
|
||||
server_infra_cache_max_rtt: VAR_INFRA_CACHE_MAX_RTT STRING_ARG
|
||||
{
|
||||
OUTYY(("P(server_infra_cache_max_rtt:%s)\n", $2));
|
||||
if(atoi($2) == 0 && strcmp($2, "0") != 0)
|
||||
yyerror("number expected");
|
||||
else cfg_parser->cfg->infra_cache_max_rtt = atoi($2);
|
||||
free($2);
|
||||
}
|
||||
;
|
||||
server_infra_keep_probing: VAR_INFRA_KEEP_PROBING STRING_ARG
|
||||
{
|
||||
OUTYY(("P(server_infra_keep_probing:%s)\n", $2));
|
||||
|
|
|
@ -1015,7 +1015,7 @@ int edns_opt_list_append_ede(struct edns_option** list, struct regional* region,
|
|||
prevp = list;
|
||||
while(*prevp != NULL)
|
||||
prevp = &((*prevp)->next);
|
||||
verbose(VERB_ALGO, "attached EDE code: %d with message: %s", code, txt);
|
||||
verbose(VERB_ALGO, "attached EDE code: %d with message: %s", code, (txt?txt:"\"\""));
|
||||
*prevp = opt;
|
||||
return 1;
|
||||
}
|
||||
|
|
|
@ -3976,6 +3976,7 @@
|
|||
4789,
|
||||
4790,
|
||||
4791,
|
||||
4792,
|
||||
4800,
|
||||
4801,
|
||||
4802,
|
||||
|
|
|
@ -665,6 +665,12 @@ struct module_qstate {
|
|||
int need_refetch;
|
||||
/** whether the query (or a subquery) was ratelimited */
|
||||
int was_ratelimited;
|
||||
/** time when query was started. This is when the qstate is created.
|
||||
* This is used so that type NS data cannot be overwritten by them
|
||||
* expiring while the lookup is in progress, using data fetched from
|
||||
* those servers. By comparing expiry time with qstarttime for type NS.
|
||||
*/
|
||||
time_t qstarttime;
|
||||
|
||||
/**
|
||||
* Attributes of clients that share the qstate that may affect IP-based
|
||||
|
|
|
@ -45,6 +45,9 @@
|
|||
|
||||
/* overwritten by config: infra_cache_min_rtt: */
|
||||
int RTT_MIN_TIMEOUT = 50;
|
||||
/* overwritten by config: infra_cache_max_rtt: */
|
||||
int RTT_MAX_TIMEOUT = 120000;
|
||||
|
||||
/** calculate RTO from rtt information */
|
||||
static int
|
||||
calc_rto(const struct rtt_info* rtt)
|
||||
|
|
|
@ -58,7 +58,7 @@ struct rtt_info {
|
|||
/** min retransmit timeout value, in milliseconds */
|
||||
extern int RTT_MIN_TIMEOUT;
|
||||
/** max retransmit timeout value, in milliseconds */
|
||||
#define RTT_MAX_TIMEOUT 120000
|
||||
extern int RTT_MAX_TIMEOUT;
|
||||
|
||||
/**
|
||||
* Initialize RTT estimators.
|
||||
|
|
|
@ -489,7 +489,6 @@ int val_favorite_ds_algo(struct ub_packed_rrset_key* ds_rrset)
|
|||
return digest_algo;
|
||||
}
|
||||
|
||||
// @TODO change the use of this function to _ede function in authzone.c:8111
|
||||
enum sec_status
|
||||
val_verify_DNSKEY_with_DS(struct module_env* env, struct val_env* ve,
|
||||
struct ub_packed_rrset_key* dnskey_rrset,
|
||||
|
|
|
@ -2202,7 +2202,7 @@ processFinished(struct module_qstate* qstate, struct val_qstate* vq,
|
|||
if(!qstate->no_cache_store) {
|
||||
if(!dns_cache_store(qstate->env, &vq->orig_msg->qinfo,
|
||||
vq->orig_msg->rep, 0, qstate->prefetch_leeway, 0, NULL,
|
||||
qstate->query_flags)) {
|
||||
qstate->query_flags, qstate->qstarttime)) {
|
||||
log_err("out of memory caching validator results");
|
||||
}
|
||||
}
|
||||
|
@ -2211,7 +2211,7 @@ processFinished(struct module_qstate* qstate, struct val_qstate* vq,
|
|||
/* and this does not get prefetched, so no leeway */
|
||||
if(!dns_cache_store(qstate->env, &vq->orig_msg->qinfo,
|
||||
vq->orig_msg->rep, 1, 0, 0, NULL,
|
||||
qstate->query_flags)) {
|
||||
qstate->query_flags, qstate->qstarttime)) {
|
||||
log_err("out of memory caching validator results");
|
||||
}
|
||||
}
|
||||
|
@ -2493,7 +2493,8 @@ ds_response_to_ke(struct module_qstate* qstate, struct val_qstate* vq,
|
|||
/* If they aren't usable, then we treat it like
|
||||
* there was no DS. */
|
||||
|
||||
// @TODO add EDE Unsupported DS Digest Type
|
||||
/* TODO add EDE Unsupported DS Digest Type; this needs
|
||||
* EDE to be added on non SERVFAIL answers. */
|
||||
|
||||
*ke = key_entry_create_null(qstate->region,
|
||||
qinfo->qname, qinfo->qname_len, qinfo->qclass,
|
||||
|
|
Loading…
Reference in a new issue