2 * Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC")
3 * Copyright (C) 1999-2003 Internet Software Consortium.
5 * Permission to use, copy, modify, and distribute this software for any
6 * purpose with or without fee is hereby granted, provided that the above
7 * copyright notice and this permission notice appear in all copies.
9 * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
10 * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
11 * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
12 * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
13 * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
14 * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
15 * PERFORMANCE OF THIS SOFTWARE.
18 /* $Id: resolver.c,v 1.284.18.57 2007/02/14 23:41:01 marka Exp $ */
24 #include <isc/print.h>
25 #include <isc/string.h>
27 #include <isc/timer.h>
32 #include <dns/cache.h>
34 #include <dns/dispatch.h>
36 #include <dns/events.h>
37 #include <dns/forward.h>
38 #include <dns/keytable.h>
40 #include <dns/message.h>
41 #include <dns/ncache.h>
42 #include <dns/opcode.h>
45 #include <dns/rcode.h>
46 #include <dns/rdata.h>
47 #include <dns/rdataclass.h>
48 #include <dns/rdatalist.h>
49 #include <dns/rdataset.h>
50 #include <dns/rdatastruct.h>
51 #include <dns/rdatatype.h>
52 #include <dns/resolver.h>
53 #include <dns/result.h>
54 #include <dns/rootns.h>
56 #include <dns/validator.h>
58 #define DNS_RESOLVER_TRACE
59 #ifdef DNS_RESOLVER_TRACE
60 #define RTRACE(m) isc_log_write(dns_lctx, \
61 DNS_LOGCATEGORY_RESOLVER, \
62 DNS_LOGMODULE_RESOLVER, \
64 "res %p: %s", res, (m))
65 #define RRTRACE(r, m) isc_log_write(dns_lctx, \
66 DNS_LOGCATEGORY_RESOLVER, \
67 DNS_LOGMODULE_RESOLVER, \
69 "res %p: %s", (r), (m))
70 #define FCTXTRACE(m) isc_log_write(dns_lctx, \
71 DNS_LOGCATEGORY_RESOLVER, \
72 DNS_LOGMODULE_RESOLVER, \
74 "fctx %p(%s'): %s", fctx, fctx->info, (m))
75 #define FCTXTRACE2(m1, m2) \
76 isc_log_write(dns_lctx, \
77 DNS_LOGCATEGORY_RESOLVER, \
78 DNS_LOGMODULE_RESOLVER, \
80 "fctx %p(%s): %s %s", \
81 fctx, fctx->info, (m1), (m2))
82 #define FTRACE(m) isc_log_write(dns_lctx, \
83 DNS_LOGCATEGORY_RESOLVER, \
84 DNS_LOGMODULE_RESOLVER, \
86 "fetch %p (fctx %p(%s)): %s", \
87 fetch, fetch->private, \
88 fetch->private->info, (m))
89 #define QTRACE(m) isc_log_write(dns_lctx, \
90 DNS_LOGCATEGORY_RESOLVER, \
91 DNS_LOGMODULE_RESOLVER, \
93 "resquery %p (fctx %p(%s)): %s", \
95 query->fctx->info, (m))
105 * Maximum EDNS0 input packet size.
107 #define RECV_BUFFER_SIZE 4096 /* XXXRTH Constant. */
110 * This defines the maximum number of timeouts we will permit before we
111 * disable EDNS0 on the query.
113 #define MAX_EDNS0_TIMEOUTS 3
115 typedef struct fetchctx fetchctx_t;
117 typedef struct query {
118 /* Locked by task event serialization. */
122 dns_dispatchmgr_t * dispatchmgr;
123 dns_dispatch_t * dispatch;
124 dns_adbaddrinfo_t * addrinfo;
125 isc_socket_t * tcpsocket;
128 dns_dispentry_t * dispentry;
129 ISC_LINK(struct query) link;
132 dns_tsigkey_t *tsigkey;
133 unsigned int options;
134 unsigned int attributes;
136 unsigned int connects;
137 unsigned char data[512];
140 #define QUERY_MAGIC ISC_MAGIC('Q', '!', '!', '!')
141 #define VALID_QUERY(query) ISC_MAGIC_VALID(query, QUERY_MAGIC)
143 #define RESQUERY_ATTR_CANCELED 0x02
145 #define RESQUERY_CONNECTING(q) ((q)->connects > 0)
146 #define RESQUERY_CANCELED(q) (((q)->attributes & \
147 RESQUERY_ATTR_CANCELED) != 0)
148 #define RESQUERY_SENDING(q) ((q)->sends > 0)
151 fetchstate_init = 0, /*%< Start event has not run yet. */
153 fetchstate_done /*%< FETCHDONE events posted. */
159 dns_resolver_t * res;
161 dns_rdatatype_t type;
162 unsigned int options;
163 unsigned int bucketnum;
165 /*% Locked by appropriate bucket lock. */
167 isc_boolean_t want_shutdown;
168 isc_boolean_t cloned;
169 isc_boolean_t spilled;
170 unsigned int references;
171 isc_event_t control_event;
172 ISC_LINK(struct fetchctx) link;
173 ISC_LIST(dns_fetchevent_t) events;
174 /*% Locked by task event serialization. */
176 dns_rdataset_t nameservers;
177 unsigned int attributes;
180 isc_interval_t interval;
181 dns_message_t * qmessage;
182 dns_message_t * rmessage;
183 ISC_LIST(resquery_t) queries;
184 dns_adbfindlist_t finds;
185 dns_adbfind_t * find;
186 dns_adbfindlist_t altfinds;
187 dns_adbfind_t * altfind;
188 dns_adbaddrinfolist_t forwaddrs;
189 dns_adbaddrinfolist_t altaddrs;
190 isc_sockaddrlist_t forwarders;
191 dns_fwdpolicy_t fwdpolicy;
192 isc_sockaddrlist_t bad;
193 isc_sockaddrlist_t edns;
194 isc_sockaddrlist_t edns512;
195 ISC_LIST(dns_validator_t) validators;
200 * The number of events we're waiting for.
202 unsigned int pending;
205 * The number of times we've "restarted" the current
206 * nameserver set. This acts as a failsafe to prevent
207 * us from pounding constantly on a particular set of
208 * servers that, for whatever reason, are not giving
209 * us useful responses, but are responding in such a
210 * way that they are not marked "bad".
212 unsigned int restarts;
215 * The number of timeouts that have occurred since we
216 * last successfully received a response packet. This
217 * is used for EDNS0 black hole detection.
219 unsigned int timeouts;
221 * Look aside state for DS lookups.
224 dns_fetch_t * nsfetch;
225 dns_rdataset_t nsrrset;
228 * Number of queries that reference this context.
230 unsigned int nqueries;
233 #define FCTX_MAGIC ISC_MAGIC('F', '!', '!', '!')
234 #define VALID_FCTX(fctx) ISC_MAGIC_VALID(fctx, FCTX_MAGIC)
236 #define FCTX_ATTR_HAVEANSWER 0x0001
237 #define FCTX_ATTR_GLUING 0x0002
238 #define FCTX_ATTR_ADDRWAIT 0x0004
239 #define FCTX_ATTR_SHUTTINGDOWN 0x0008
240 #define FCTX_ATTR_WANTCACHE 0x0010
241 #define FCTX_ATTR_WANTNCACHE 0x0020
242 #define FCTX_ATTR_NEEDEDNS0 0x0040
243 #define FCTX_ATTR_TRIEDFIND 0x0080
244 #define FCTX_ATTR_TRIEDALT 0x0100
246 #define HAVE_ANSWER(f) (((f)->attributes & FCTX_ATTR_HAVEANSWER) != \
248 #define GLUING(f) (((f)->attributes & FCTX_ATTR_GLUING) != \
250 #define ADDRWAIT(f) (((f)->attributes & FCTX_ATTR_ADDRWAIT) != \
252 #define SHUTTINGDOWN(f) (((f)->attributes & FCTX_ATTR_SHUTTINGDOWN) \
254 #define WANTCACHE(f) (((f)->attributes & FCTX_ATTR_WANTCACHE) != 0)
255 #define WANTNCACHE(f) (((f)->attributes & FCTX_ATTR_WANTNCACHE) != 0)
256 #define NEEDEDNS0(f) (((f)->attributes & FCTX_ATTR_NEEDEDNS0) != 0)
257 #define TRIEDFIND(f) (((f)->attributes & FCTX_ATTR_TRIEDFIND) != 0)
258 #define TRIEDALT(f) (((f)->attributes & FCTX_ATTR_TRIEDALT) != 0)
261 dns_adbaddrinfo_t * addrinfo;
267 fetchctx_t * private;
270 #define DNS_FETCH_MAGIC ISC_MAGIC('F', 't', 'c', 'h')
271 #define DNS_FETCH_VALID(fetch) ISC_MAGIC_VALID(fetch, DNS_FETCH_MAGIC)
273 typedef struct fctxbucket {
276 ISC_LIST(fetchctx_t) fctxs;
277 isc_boolean_t exiting;
281 typedef struct alternate {
282 isc_boolean_t isaddress;
290 ISC_LINK(struct alternate) link;
293 struct dns_resolver {
299 isc_mutex_t primelock;
300 dns_rdataclass_t rdclass;
301 isc_socketmgr_t * socketmgr;
302 isc_timermgr_t * timermgr;
303 isc_taskmgr_t * taskmgr;
305 isc_boolean_t frozen;
306 unsigned int options;
307 dns_dispatchmgr_t * dispatchmgr;
308 dns_dispatch_t * dispatchv4;
309 dns_dispatch_t * dispatchv6;
310 unsigned int nbuckets;
311 fctxbucket_t * buckets;
312 isc_uint32_t lame_ttl;
313 ISC_LIST(alternate_t) alternates;
314 isc_uint16_t udpsize;
316 isc_rwlock_t alglock;
318 dns_rbt_t * algorithms;
320 isc_rwlock_t mbslock;
322 dns_rbt_t * mustbesecure;
323 unsigned int spillatmax;
324 unsigned int spillatmin;
325 isc_timer_t * spillattimer;
326 isc_boolean_t zero_no_soa_ttl;
327 /* Locked by lock. */
328 unsigned int references;
329 isc_boolean_t exiting;
330 isc_eventlist_t whenshutdown;
331 unsigned int activebuckets;
332 isc_boolean_t priming;
333 unsigned int spillat;
334 /* Locked by primelock. */
335 dns_fetch_t * primefetch;
336 /* Locked by nlock. */
340 #define RES_MAGIC ISC_MAGIC('R', 'e', 's', '!')
341 #define VALID_RESOLVER(res) ISC_MAGIC_VALID(res, RES_MAGIC)
344 * Private addrinfo flags. These must not conflict with DNS_FETCHOPT_NOEDNS0,
345 * which we also use as an addrinfo flag.
347 #define FCTX_ADDRINFO_MARK 0x0001
348 #define FCTX_ADDRINFO_FORWARDER 0x1000
349 #define UNMARKED(a) (((a)->flags & FCTX_ADDRINFO_MARK) \
351 #define ISFORWARDER(a) (((a)->flags & \
352 FCTX_ADDRINFO_FORWARDER) != 0)
354 #define NXDOMAIN(r) (((r)->attributes & DNS_RDATASETATTR_NXDOMAIN) != 0)
356 static void destroy(dns_resolver_t *res);
357 static void empty_bucket(dns_resolver_t *res);
358 static isc_result_t resquery_send(resquery_t *query);
359 static void resquery_response(isc_task_t *task, isc_event_t *event);
360 static void resquery_connected(isc_task_t *task, isc_event_t *event);
361 static void fctx_try(fetchctx_t *fctx);
362 static isc_boolean_t fctx_destroy(fetchctx_t *fctx);
363 static isc_result_t ncache_adderesult(dns_message_t *message,
364 dns_db_t *cache, dns_dbnode_t *node,
365 dns_rdatatype_t covers,
366 isc_stdtime_t now, dns_ttl_t maxttl,
367 dns_rdataset_t *ardataset,
368 isc_result_t *eresultp);
369 static void validated(isc_task_t *task, isc_event_t *event);
370 static void maybe_destroy(fetchctx_t *fctx);
373 valcreate(fetchctx_t *fctx, dns_adbaddrinfo_t *addrinfo, dns_name_t *name,
374 dns_rdatatype_t type, dns_rdataset_t *rdataset,
375 dns_rdataset_t *sigrdataset, unsigned int valoptions,
378 dns_validator_t *validator = NULL;
379 dns_valarg_t *valarg;
382 valarg = isc_mem_get(fctx->res->buckets[fctx->bucketnum].mctx,
385 return (ISC_R_NOMEMORY);
388 valarg->addrinfo = addrinfo;
390 if (!ISC_LIST_EMPTY(fctx->validators))
391 INSIST((valoptions & DNS_VALIDATOR_DEFER) != 0);
393 result = dns_validator_create(fctx->res->view, name, type, rdataset,
394 sigrdataset, fctx->rmessage,
395 valoptions, task, validated, valarg,
397 if (result == ISC_R_SUCCESS)
398 ISC_LIST_APPEND(fctx->validators, validator, link);
400 isc_mem_put(fctx->res->buckets[fctx->bucketnum].mctx,
401 valarg, sizeof(*valarg));
406 fix_mustbedelegationornxdomain(dns_message_t *message, fetchctx_t *fctx) {
408 dns_name_t *domain = &fctx->domain;
409 dns_rdataset_t *rdataset;
410 dns_rdatatype_t type;
412 isc_boolean_t keep_auth = ISC_FALSE;
414 if (message->rcode == dns_rcode_nxdomain)
418 * Look for BIND 8 style delegations.
419 * Also look for answers to ANY queries where the duplicate NS RRset
420 * may have been stripped from the authority section.
422 if (message->counts[DNS_SECTION_ANSWER] != 0 &&
423 (fctx->type == dns_rdatatype_ns ||
424 fctx->type == dns_rdatatype_any)) {
425 result = dns_message_firstname(message, DNS_SECTION_ANSWER);
426 while (result == ISC_R_SUCCESS) {
428 dns_message_currentname(message, DNS_SECTION_ANSWER,
430 for (rdataset = ISC_LIST_HEAD(name->list);
432 rdataset = ISC_LIST_NEXT(rdataset, link)) {
433 type = rdataset->type;
434 if (type != dns_rdatatype_ns)
436 if (dns_name_issubdomain(name, domain))
439 result = dns_message_nextname(message,
444 /* Look for referral. */
445 if (message->counts[DNS_SECTION_AUTHORITY] == 0)
448 result = dns_message_firstname(message, DNS_SECTION_AUTHORITY);
449 while (result == ISC_R_SUCCESS) {
451 dns_message_currentname(message, DNS_SECTION_AUTHORITY, &name);
452 for (rdataset = ISC_LIST_HEAD(name->list);
454 rdataset = ISC_LIST_NEXT(rdataset, link)) {
455 type = rdataset->type;
456 if (type == dns_rdatatype_soa &&
457 dns_name_equal(name, domain))
458 keep_auth = ISC_TRUE;
459 if (type != dns_rdatatype_ns &&
460 type != dns_rdatatype_soa)
462 if (dns_name_equal(name, domain))
464 if (dns_name_issubdomain(name, domain))
467 result = dns_message_nextname(message, DNS_SECTION_AUTHORITY);
471 message->rcode = dns_rcode_nxdomain;
472 message->counts[DNS_SECTION_ANSWER] = 0;
474 message->counts[DNS_SECTION_AUTHORITY] = 0;
475 message->counts[DNS_SECTION_ADDITIONAL] = 0;
479 static inline isc_result_t
480 fctx_starttimer(fetchctx_t *fctx) {
482 * Start the lifetime timer for fctx.
484 * This is also used for stopping the idle timer; in that
485 * case we must purge events already posted to ensure that
486 * no further idle events are delivered.
488 return (isc_timer_reset(fctx->timer, isc_timertype_once,
489 &fctx->expires, NULL, ISC_TRUE));
493 fctx_stoptimer(fetchctx_t *fctx) {
497 * We don't return a result if resetting the timer to inactive fails
498 * since there's nothing to be done about it. Resetting to inactive
499 * should never fail anyway, since the code as currently written
500 * cannot fail in that case.
502 result = isc_timer_reset(fctx->timer, isc_timertype_inactive,
503 NULL, NULL, ISC_TRUE);
504 if (result != ISC_R_SUCCESS) {
505 UNEXPECTED_ERROR(__FILE__, __LINE__,
506 "isc_timer_reset(): %s",
507 isc_result_totext(result));
512 static inline isc_result_t
513 fctx_startidletimer(fetchctx_t *fctx) {
515 * Start the idle timer for fctx. The lifetime timer continues
518 return (isc_timer_reset(fctx->timer, isc_timertype_once,
519 &fctx->expires, &fctx->interval,
524 * Stopping the idle timer is equivalent to calling fctx_starttimer(), but
525 * we use fctx_stopidletimer for readability in the code below.
527 #define fctx_stopidletimer fctx_starttimer
531 resquery_destroy(resquery_t **queryp) {
534 REQUIRE(queryp != NULL);
536 REQUIRE(!ISC_LINK_LINKED(query, link));
538 INSIST(query->tcpsocket == NULL);
540 query->fctx->nqueries--;
541 if (SHUTTINGDOWN(query->fctx))
542 maybe_destroy(query->fctx); /* Locks bucket. */
544 isc_mem_put(query->mctx, query, sizeof(*query));
549 fctx_cancelquery(resquery_t **queryp, dns_dispatchevent_t **deventp,
550 isc_time_t *finish, isc_boolean_t no_response)
557 dns_adbaddrinfo_t *addrinfo;
562 FCTXTRACE("cancelquery");
564 REQUIRE(!RESQUERY_CANCELED(query));
566 query->attributes |= RESQUERY_ATTR_CANCELED;
569 * Should we update the RTT?
571 if (finish != NULL || no_response) {
572 if (finish != NULL) {
574 * We have both the start and finish times for this
575 * packet, so we can compute a real RTT.
577 rtt = (unsigned int)isc_time_microdiff(finish,
579 factor = DNS_ADB_RTTADJDEFAULT;
582 * We don't have an RTT for this query. Maybe the
583 * packet was lost, or maybe this server is very
584 * slow. We don't know. Increase the RTT.
587 rtt = query->addrinfo->srtt + 200000;
591 * Replace the current RTT with our value.
593 factor = DNS_ADB_RTTADJREPLACE;
595 dns_adb_adjustsrtt(fctx->adb, query->addrinfo, rtt, factor);
599 * Age RTTs of servers not tried.
601 factor = DNS_ADB_RTTADJAGE;
603 for (addrinfo = ISC_LIST_HEAD(fctx->forwaddrs);
605 addrinfo = ISC_LIST_NEXT(addrinfo, publink))
606 if (UNMARKED(addrinfo))
607 dns_adb_adjustsrtt(fctx->adb, addrinfo,
610 if (finish != NULL && TRIEDFIND(fctx))
611 for (find = ISC_LIST_HEAD(fctx->finds);
613 find = ISC_LIST_NEXT(find, publink))
614 for (addrinfo = ISC_LIST_HEAD(find->list);
616 addrinfo = ISC_LIST_NEXT(addrinfo, publink))
617 if (UNMARKED(addrinfo))
618 dns_adb_adjustsrtt(fctx->adb, addrinfo,
621 if (finish != NULL && TRIEDALT(fctx)) {
622 for (addrinfo = ISC_LIST_HEAD(fctx->altaddrs);
624 addrinfo = ISC_LIST_NEXT(addrinfo, publink))
625 if (UNMARKED(addrinfo))
626 dns_adb_adjustsrtt(fctx->adb, addrinfo,
628 for (find = ISC_LIST_HEAD(fctx->altfinds);
630 find = ISC_LIST_NEXT(find, publink))
631 for (addrinfo = ISC_LIST_HEAD(find->list);
633 addrinfo = ISC_LIST_NEXT(addrinfo, publink))
634 if (UNMARKED(addrinfo))
635 dns_adb_adjustsrtt(fctx->adb, addrinfo,
639 if (query->dispentry != NULL)
640 dns_dispatch_removeresponse(&query->dispentry, deventp);
642 ISC_LIST_UNLINK(fctx->queries, query, link);
644 if (query->tsig != NULL)
645 isc_buffer_free(&query->tsig);
647 if (query->tsigkey != NULL)
648 dns_tsigkey_detach(&query->tsigkey);
651 * Check for any outstanding socket events. If they exist, cancel
652 * them and let the event handlers finish the cleanup. The resolver
653 * only needs to worry about managing the connect and send events;
654 * the dispatcher manages the recv events.
656 if (RESQUERY_CONNECTING(query))
658 * Cancel the connect.
660 isc_socket_cancel(query->tcpsocket, NULL,
661 ISC_SOCKCANCEL_CONNECT);
662 else if (RESQUERY_SENDING(query))
664 * Cancel the pending send.
666 isc_socket_cancel(dns_dispatch_getsocket(query->dispatch),
667 NULL, ISC_SOCKCANCEL_SEND);
669 if (query->dispatch != NULL)
670 dns_dispatch_detach(&query->dispatch);
672 if (! (RESQUERY_CONNECTING(query) || RESQUERY_SENDING(query)))
674 * It's safe to destroy the query now.
676 resquery_destroy(&query);
680 fctx_cancelqueries(fetchctx_t *fctx, isc_boolean_t no_response) {
681 resquery_t *query, *next_query;
683 FCTXTRACE("cancelqueries");
685 for (query = ISC_LIST_HEAD(fctx->queries);
687 query = next_query) {
688 next_query = ISC_LIST_NEXT(query, link);
689 fctx_cancelquery(&query, NULL, NULL, no_response);
694 fctx_cleanupfinds(fetchctx_t *fctx) {
695 dns_adbfind_t *find, *next_find;
697 REQUIRE(ISC_LIST_EMPTY(fctx->queries));
699 for (find = ISC_LIST_HEAD(fctx->finds);
702 next_find = ISC_LIST_NEXT(find, publink);
703 ISC_LIST_UNLINK(fctx->finds, find, publink);
704 dns_adb_destroyfind(&find);
710 fctx_cleanupaltfinds(fetchctx_t *fctx) {
711 dns_adbfind_t *find, *next_find;
713 REQUIRE(ISC_LIST_EMPTY(fctx->queries));
715 for (find = ISC_LIST_HEAD(fctx->altfinds);
718 next_find = ISC_LIST_NEXT(find, publink);
719 ISC_LIST_UNLINK(fctx->altfinds, find, publink);
720 dns_adb_destroyfind(&find);
722 fctx->altfind = NULL;
726 fctx_cleanupforwaddrs(fetchctx_t *fctx) {
727 dns_adbaddrinfo_t *addr, *next_addr;
729 REQUIRE(ISC_LIST_EMPTY(fctx->queries));
731 for (addr = ISC_LIST_HEAD(fctx->forwaddrs);
734 next_addr = ISC_LIST_NEXT(addr, publink);
735 ISC_LIST_UNLINK(fctx->forwaddrs, addr, publink);
736 dns_adb_freeaddrinfo(fctx->adb, &addr);
741 fctx_cleanupaltaddrs(fetchctx_t *fctx) {
742 dns_adbaddrinfo_t *addr, *next_addr;
744 REQUIRE(ISC_LIST_EMPTY(fctx->queries));
746 for (addr = ISC_LIST_HEAD(fctx->altaddrs);
749 next_addr = ISC_LIST_NEXT(addr, publink);
750 ISC_LIST_UNLINK(fctx->altaddrs, addr, publink);
751 dns_adb_freeaddrinfo(fctx->adb, &addr);
756 fctx_stopeverything(fetchctx_t *fctx, isc_boolean_t no_response) {
757 FCTXTRACE("stopeverything");
758 fctx_cancelqueries(fctx, no_response);
759 fctx_cleanupfinds(fctx);
760 fctx_cleanupaltfinds(fctx);
761 fctx_cleanupforwaddrs(fctx);
762 fctx_cleanupaltaddrs(fctx);
763 fctx_stoptimer(fctx);
767 fctx_sendevents(fetchctx_t *fctx, isc_result_t result) {
768 dns_fetchevent_t *event, *next_event;
770 unsigned int count = 0;
772 isc_boolean_t logit = ISC_FALSE;
775 * Caller must be holding the appropriate bucket lock.
777 REQUIRE(fctx->state == fetchstate_done);
779 FCTXTRACE("sendevents");
781 for (event = ISC_LIST_HEAD(fctx->events);
783 event = next_event) {
784 next_event = ISC_LIST_NEXT(event, ev_link);
785 ISC_LIST_UNLINK(fctx->events, event, ev_link);
786 task = event->ev_sender;
787 event->ev_sender = fctx;
788 if (!HAVE_ANSWER(fctx))
789 event->result = result;
791 INSIST(result != ISC_R_SUCCESS ||
792 dns_rdataset_isassociated(event->rdataset) ||
793 fctx->type == dns_rdatatype_any ||
794 fctx->type == dns_rdatatype_rrsig ||
795 fctx->type == dns_rdatatype_sig);
797 isc_task_sendanddetach(&task, ISC_EVENT_PTR(&event));
801 if ((fctx->attributes & FCTX_ATTR_HAVEANSWER) != 0 &&
803 (count < fctx->res->spillatmax || fctx->res->spillatmax == 0)) {
804 LOCK(&fctx->res->lock);
805 if (count == fctx->res->spillat && !fctx->res->exiting) {
806 fctx->res->spillat += 5;
807 if (fctx->res->spillat > fctx->res->spillatmax &&
808 fctx->res->spillatmax != 0)
809 fctx->res->spillat = fctx->res->spillatmax;
810 isc_interval_set(&i, 20 * 60, 0);
811 result = isc_timer_reset(fctx->res->spillattimer,
812 isc_timertype_ticker, NULL,
814 RUNTIME_CHECK(result == ISC_R_SUCCESS);
817 UNLOCK(&fctx->res->lock);
819 isc_log_write(dns_lctx, DNS_LOGCATEGORY_RESOLVER,
820 DNS_LOGMODULE_RESOLVER, ISC_LOG_NOTICE,
821 "clients-per-query increased to %u",
827 fctx_done(fetchctx_t *fctx, isc_result_t result) {
829 isc_boolean_t no_response;
835 if (result == ISC_R_SUCCESS)
836 no_response = ISC_TRUE;
838 no_response = ISC_FALSE;
839 fctx_stopeverything(fctx, no_response);
841 LOCK(&res->buckets[fctx->bucketnum].lock);
843 fctx->state = fetchstate_done;
844 fctx->attributes &= ~FCTX_ATTR_ADDRWAIT;
845 fctx_sendevents(fctx, result);
847 UNLOCK(&res->buckets[fctx->bucketnum].lock);
851 resquery_senddone(isc_task_t *task, isc_event_t *event) {
852 isc_socketevent_t *sevent = (isc_socketevent_t *)event;
853 resquery_t *query = event->ev_arg;
854 isc_boolean_t retry = ISC_FALSE;
858 REQUIRE(event->ev_type == ISC_SOCKEVENT_SENDDONE);
865 * Currently we don't wait for the senddone event before retrying
866 * a query. This means that if we get really behind, we may end
867 * up doing extra work!
872 INSIST(RESQUERY_SENDING(query));
877 if (RESQUERY_CANCELED(query)) {
878 if (query->sends == 0) {
880 * This query was canceled while the
881 * isc_socket_sendto() was in progress.
883 if (query->tcpsocket != NULL)
884 isc_socket_detach(&query->tcpsocket);
885 resquery_destroy(&query);
888 switch (sevent->result) {
892 case ISC_R_HOSTUNREACH:
893 case ISC_R_NETUNREACH:
895 case ISC_R_ADDRNOTAVAIL:
896 case ISC_R_CONNREFUSED:
899 * No route to remote.
901 fctx_cancelquery(&query, NULL, NULL, ISC_TRUE);
906 fctx_cancelquery(&query, NULL, NULL, ISC_FALSE);
910 isc_event_free(&event);
914 * Behave as if the idle timer has expired. For TCP
915 * this may not actually reflect the latest timer.
917 fctx->attributes &= ~FCTX_ATTR_ADDRWAIT;
918 result = fctx_stopidletimer(fctx);
919 if (result != ISC_R_SUCCESS)
920 fctx_done(fctx, result);
926 static inline isc_result_t
927 fctx_addopt(dns_message_t *message, unsigned int version, isc_uint16_t udpsize)
929 dns_rdataset_t *rdataset;
930 dns_rdatalist_t *rdatalist;
935 result = dns_message_gettemprdatalist(message, &rdatalist);
936 if (result != ISC_R_SUCCESS)
939 result = dns_message_gettemprdata(message, &rdata);
940 if (result != ISC_R_SUCCESS)
943 result = dns_message_gettemprdataset(message, &rdataset);
944 if (result != ISC_R_SUCCESS)
946 dns_rdataset_init(rdataset);
948 rdatalist->type = dns_rdatatype_opt;
949 rdatalist->covers = 0;
952 * Set Maximum UDP buffer size.
954 rdatalist->rdclass = udpsize;
957 * Set EXTENDED-RCODE and Z to 0, DO to 1.
959 rdatalist->ttl = (version << 16);
960 rdatalist->ttl |= DNS_MESSAGEEXTFLAG_DO;
967 rdata->rdclass = rdatalist->rdclass;
968 rdata->type = rdatalist->type;
971 ISC_LIST_INIT(rdatalist->rdata);
972 ISC_LIST_APPEND(rdatalist->rdata, rdata, link);
973 RUNTIME_CHECK(dns_rdatalist_tordataset(rdatalist, rdataset) == ISC_R_SUCCESS);
975 return (dns_message_setopt(message, rdataset));
979 fctx_setretryinterval(fetchctx_t *fctx, unsigned int rtt) {
980 unsigned int seconds;
984 * We retry every .5 seconds the first two times through the address
985 * list, and then we do exponential back-off.
987 if (fctx->restarts < 3)
990 us = (500000 << (fctx->restarts - 2));
993 * Double the round-trip time.
998 * Always wait for at least the doubled round-trip time.
1004 * But don't ever wait for more than 10 seconds.
1009 seconds = us / 1000000;
1010 us -= seconds * 1000000;
1011 isc_interval_set(&fctx->interval, seconds, us * 1000);
1015 fctx_query(fetchctx_t *fctx, dns_adbaddrinfo_t *addrinfo,
1016 unsigned int options)
1018 dns_resolver_t *res;
1020 isc_result_t result;
1022 isc_sockaddr_t addr;
1023 isc_boolean_t have_addr = ISC_FALSE;
1028 task = res->buckets[fctx->bucketnum].task;
1030 fctx_setretryinterval(fctx, addrinfo->srtt);
1031 result = fctx_startidletimer(fctx);
1032 if (result != ISC_R_SUCCESS)
1035 INSIST(ISC_LIST_EMPTY(fctx->validators));
1037 dns_message_reset(fctx->rmessage, DNS_MESSAGE_INTENTPARSE);
1039 query = isc_mem_get(res->buckets[fctx->bucketnum].mctx,
1041 if (query == NULL) {
1042 result = ISC_R_NOMEMORY;
1043 goto stop_idle_timer;
1045 query->mctx = res->buckets[fctx->bucketnum].mctx;
1046 query->options = options;
1047 query->attributes = 0;
1049 query->connects = 0;
1051 * Note that the caller MUST guarantee that 'addrinfo' will remain
1052 * valid until this query is canceled.
1054 query->addrinfo = addrinfo;
1055 TIME_NOW(&query->start);
1058 * If this is a TCP query, then we need to make a socket and
1059 * a dispatch for it here. Otherwise we use the resolver's
1062 query->dispatchmgr = res->dispatchmgr;
1063 query->dispatch = NULL;
1064 query->tcpsocket = NULL;
1065 if (res->view->peers != NULL) {
1066 dns_peer_t *peer = NULL;
1067 isc_netaddr_t dstip;
1068 isc_netaddr_fromsockaddr(&dstip, &addrinfo->sockaddr);
1069 result = dns_peerlist_peerbyaddr(res->view->peers,
1071 if (result == ISC_R_SUCCESS) {
1072 result = dns_peer_getquerysource(peer, &addr);
1073 if (result == ISC_R_SUCCESS)
1074 have_addr = ISC_TRUE;
1078 if ((query->options & DNS_FETCHOPT_TCP) != 0) {
1081 pf = isc_sockaddr_pf(&addrinfo->sockaddr);
1086 dns_dispatch_getlocaladdress(res->dispatchv4,
1091 dns_dispatch_getlocaladdress(res->dispatchv6,
1095 result = ISC_R_NOTIMPLEMENTED;
1098 if (result != ISC_R_SUCCESS)
1101 isc_sockaddr_setport(&addr, 0);
1103 result = isc_socket_create(res->socketmgr, pf,
1106 if (result != ISC_R_SUCCESS)
1109 #ifndef BROKEN_TCP_BIND_BEFORE_CONNECT
1110 result = isc_socket_bind(query->tcpsocket, &addr);
1111 if (result != ISC_R_SUCCESS)
1112 goto cleanup_socket;
1116 * A dispatch will be created once the connect succeeds.
1120 unsigned int attrs, attrmask;
1121 attrs = DNS_DISPATCHATTR_UDP;
1122 switch (isc_sockaddr_pf(&addr)) {
1124 attrs |= DNS_DISPATCHATTR_IPV4;
1127 attrs |= DNS_DISPATCHATTR_IPV6;
1130 result = ISC_R_NOTIMPLEMENTED;
1133 attrmask = DNS_DISPATCHATTR_UDP;
1134 attrmask |= DNS_DISPATCHATTR_TCP;
1135 attrmask |= DNS_DISPATCHATTR_IPV4;
1136 attrmask |= DNS_DISPATCHATTR_IPV6;
1137 result = dns_dispatch_getudp(res->dispatchmgr,
1139 res->taskmgr, &addr,
1140 4096, 1000, 32768, 16411,
1141 16433, attrs, attrmask,
1143 if (result != ISC_R_SUCCESS)
1146 switch (isc_sockaddr_pf(&addrinfo->sockaddr)) {
1148 dns_dispatch_attach(res->dispatchv4,
1152 dns_dispatch_attach(res->dispatchv6,
1156 result = ISC_R_NOTIMPLEMENTED;
1161 * We should always have a valid dispatcher here. If we
1162 * don't support a protocol family, then its dispatcher
1163 * will be NULL, but we shouldn't be finding addresses for
1164 * protocol types we don't support, so the dispatcher
1165 * we found should never be NULL.
1167 INSIST(query->dispatch != NULL);
1170 query->dispentry = NULL;
1173 query->tsigkey = NULL;
1174 ISC_LINK_INIT(query, link);
1175 query->magic = QUERY_MAGIC;
1177 if ((query->options & DNS_FETCHOPT_TCP) != 0) {
1179 * Connect to the remote server.
1181 * XXXRTH Should we attach to the socket?
1183 result = isc_socket_connect(query->tcpsocket,
1184 &addrinfo->sockaddr, task,
1185 resquery_connected, query);
1186 if (result != ISC_R_SUCCESS)
1187 goto cleanup_socket;
1189 QTRACE("connecting via TCP");
1191 result = resquery_send(query);
1192 if (result != ISC_R_SUCCESS)
1193 goto cleanup_dispatch;
1196 ISC_LIST_APPEND(fctx->queries, query, link);
1197 query->fctx->nqueries++;
1199 return (ISC_R_SUCCESS);
1202 isc_socket_detach(&query->tcpsocket);
1205 if (query->dispatch != NULL)
1206 dns_dispatch_detach(&query->dispatch);
1210 isc_mem_put(res->buckets[fctx->bucketnum].mctx,
1211 query, sizeof(*query));
1214 RUNTIME_CHECK(fctx_stopidletimer(fctx) == ISC_R_SUCCESS);
1219 static isc_boolean_t
1220 triededns(fetchctx_t *fctx, isc_sockaddr_t *address) {
1223 for (sa = ISC_LIST_HEAD(fctx->edns);
1225 sa = ISC_LIST_NEXT(sa, link)) {
1226 if (isc_sockaddr_equal(sa, address))
1234 add_triededns(fetchctx_t *fctx, isc_sockaddr_t *address) {
1237 if (triededns(fctx, address))
1240 sa = isc_mem_get(fctx->res->buckets[fctx->bucketnum].mctx,
1246 ISC_LIST_INITANDAPPEND(fctx->edns, sa, link);
1249 static isc_boolean_t
1250 triededns512(fetchctx_t *fctx, isc_sockaddr_t *address) {
1253 for (sa = ISC_LIST_HEAD(fctx->edns512);
1255 sa = ISC_LIST_NEXT(sa, link)) {
1256 if (isc_sockaddr_equal(sa, address))
1264 add_triededns512(fetchctx_t *fctx, isc_sockaddr_t *address) {
1267 if (triededns512(fctx, address))
1270 sa = isc_mem_get(fctx->res->buckets[fctx->bucketnum].mctx,
1276 ISC_LIST_INITANDAPPEND(fctx->edns512, sa, link);
1280 resquery_send(resquery_t *query) {
1282 isc_result_t result;
1283 dns_name_t *qname = NULL;
1284 dns_rdataset_t *qrdataset = NULL;
1286 dns_resolver_t *res;
1288 isc_socket_t *socket;
1289 isc_buffer_t tcpbuffer;
1290 isc_sockaddr_t *address;
1291 isc_buffer_t *buffer;
1292 isc_netaddr_t ipaddr;
1293 dns_tsigkey_t *tsigkey = NULL;
1294 dns_peer_t *peer = NULL;
1295 isc_boolean_t useedns;
1296 dns_compress_t cctx;
1297 isc_boolean_t cleanup_cctx = ISC_FALSE;
1298 isc_boolean_t secure_domain;
1304 task = res->buckets[fctx->bucketnum].task;
1307 if ((query->options & DNS_FETCHOPT_TCP) != 0) {
1309 * Reserve space for the TCP message length.
1311 isc_buffer_init(&tcpbuffer, query->data, sizeof(query->data));
1312 isc_buffer_init(&query->buffer, query->data + 2,
1313 sizeof(query->data) - 2);
1314 buffer = &tcpbuffer;
1316 isc_buffer_init(&query->buffer, query->data,
1317 sizeof(query->data));
1318 buffer = &query->buffer;
1321 result = dns_message_gettempname(fctx->qmessage, &qname);
1322 if (result != ISC_R_SUCCESS)
1324 result = dns_message_gettemprdataset(fctx->qmessage, &qrdataset);
1325 if (result != ISC_R_SUCCESS)
1329 * Get a query id from the dispatch.
1331 result = dns_dispatch_addresponse(query->dispatch,
1332 &query->addrinfo->sockaddr,
1338 if (result != ISC_R_SUCCESS)
1341 fctx->qmessage->opcode = dns_opcode_query;
1346 dns_name_init(qname, NULL);
1347 dns_name_clone(&fctx->name, qname);
1348 dns_rdataset_init(qrdataset);
1349 dns_rdataset_makequestion(qrdataset, res->rdclass, fctx->type);
1350 ISC_LIST_APPEND(qname->list, qrdataset, link);
1351 dns_message_addname(fctx->qmessage, qname, DNS_SECTION_QUESTION);
1356 * Set RD if the client has requested that we do a recursive query,
1357 * or if we're sending to a forwarder.
1359 if ((query->options & DNS_FETCHOPT_RECURSIVE) != 0 ||
1360 ISFORWARDER(query->addrinfo))
1361 fctx->qmessage->flags |= DNS_MESSAGEFLAG_RD;
1364 * Set CD if the client says don't validate or the question is
1365 * under a secure entry point.
1367 if ((query->options & DNS_FETCHOPT_NOVALIDATE) != 0) {
1368 fctx->qmessage->flags |= DNS_MESSAGEFLAG_CD;
1369 } else if (res->view->enablevalidation) {
1370 result = dns_keytable_issecuredomain(res->view->secroots,
1373 if (result != ISC_R_SUCCESS)
1374 secure_domain = ISC_FALSE;
1375 if (res->view->dlv != NULL)
1376 secure_domain = ISC_TRUE;
1378 fctx->qmessage->flags |= DNS_MESSAGEFLAG_CD;
1382 * We don't have to set opcode because it defaults to query.
1384 fctx->qmessage->id = query->id;
1387 * Convert the question to wire format.
1389 result = dns_compress_init(&cctx, -1, fctx->res->mctx);
1390 if (result != ISC_R_SUCCESS)
1391 goto cleanup_message;
1392 cleanup_cctx = ISC_TRUE;
1394 result = dns_message_renderbegin(fctx->qmessage, &cctx,
1396 if (result != ISC_R_SUCCESS)
1397 goto cleanup_message;
1399 result = dns_message_rendersection(fctx->qmessage,
1400 DNS_SECTION_QUESTION, 0);
1401 if (result != ISC_R_SUCCESS)
1402 goto cleanup_message;
1405 isc_netaddr_fromsockaddr(&ipaddr, &query->addrinfo->sockaddr);
1406 (void) dns_peerlist_peerbyaddr(fctx->res->view->peers, &ipaddr, &peer);
1409 * The ADB does not know about servers with "edns no". Check this,
1410 * and then inform the ADB for future use.
1412 if ((query->addrinfo->flags & DNS_FETCHOPT_NOEDNS0) == 0 &&
1414 dns_peer_getsupportedns(peer, &useedns) == ISC_R_SUCCESS &&
1417 query->options |= DNS_FETCHOPT_NOEDNS0;
1418 dns_adb_changeflags(fctx->adb,
1420 DNS_FETCHOPT_NOEDNS0,
1421 DNS_FETCHOPT_NOEDNS0);
1425 * Use EDNS0, unless the caller doesn't want it, or we know that
1426 * the remote server doesn't like it.
1429 if ((triededns512(fctx, &query->addrinfo->sockaddr) ||
1430 fctx->timeouts >= (MAX_EDNS0_TIMEOUTS * 2)) &&
1431 (query->options & DNS_FETCHOPT_NOEDNS0) == 0) {
1432 query->options |= DNS_FETCHOPT_NOEDNS0;
1433 FCTXTRACE("too many timeouts, disabling EDNS0");
1434 } else if ((triededns(fctx, &query->addrinfo->sockaddr) ||
1435 fctx->timeouts >= MAX_EDNS0_TIMEOUTS) &&
1436 (query->options & DNS_FETCHOPT_NOEDNS0) == 0) {
1437 query->options |= DNS_FETCHOPT_EDNS512;
1438 FCTXTRACE("too many timeouts, setting EDNS size to 512");
1441 if ((query->options & DNS_FETCHOPT_NOEDNS0) == 0) {
1442 if ((query->addrinfo->flags & DNS_FETCHOPT_NOEDNS0) == 0) {
1443 unsigned int version = 0; /* Default version. */
1445 isc_uint16_t udpsize = res->udpsize;
1447 flags = query->addrinfo->flags;
1448 if ((flags & DNS_FETCHOPT_EDNSVERSIONSET) != 0) {
1449 version = flags & DNS_FETCHOPT_EDNSVERSIONMASK;
1450 version >>= DNS_FETCHOPT_EDNSVERSIONSHIFT;
1452 if ((query->options & DNS_FETCHOPT_EDNS512) != 0)
1454 else if (peer != NULL)
1455 (void)dns_peer_getudpsize(peer, &udpsize);
1456 result = fctx_addopt(fctx->qmessage, version, udpsize);
1457 if (result != ISC_R_SUCCESS) {
1459 * We couldn't add the OPT, but we'll press on.
1460 * We're not using EDNS0, so set the NOEDNS0
1463 query->options |= DNS_FETCHOPT_NOEDNS0;
1467 * We know this server doesn't like EDNS0, so we
1468 * won't use it. Set the NOEDNS0 bit since we're
1471 query->options |= DNS_FETCHOPT_NOEDNS0;
1476 * If we need EDNS0 to do this query and aren't using it, we lose.
1478 if (NEEDEDNS0(fctx) && (query->options & DNS_FETCHOPT_NOEDNS0) != 0) {
1479 result = DNS_R_SERVFAIL;
1480 goto cleanup_message;
1483 if ((query->options & DNS_FETCHOPT_NOEDNS0) == 0)
1484 add_triededns(fctx, &query->addrinfo->sockaddr);
1486 if ((query->options & DNS_FETCHOPT_EDNS512) != 0)
1487 add_triededns512(fctx, &query->addrinfo->sockaddr);
1490 * Clear CD if EDNS is not in use.
1492 if ((query->options & DNS_FETCHOPT_NOEDNS0) != 0)
1493 fctx->qmessage->flags &= ~DNS_MESSAGEFLAG_CD;
1496 * Add TSIG record tailored to the current recipient.
1498 result = dns_view_getpeertsig(fctx->res->view, &ipaddr, &tsigkey);
1499 if (result != ISC_R_SUCCESS && result != ISC_R_NOTFOUND)
1500 goto cleanup_message;
1502 if (tsigkey != NULL) {
1503 result = dns_message_settsigkey(fctx->qmessage, tsigkey);
1504 dns_tsigkey_detach(&tsigkey);
1505 if (result != ISC_R_SUCCESS)
1506 goto cleanup_message;
1509 result = dns_message_rendersection(fctx->qmessage,
1510 DNS_SECTION_ADDITIONAL, 0);
1511 if (result != ISC_R_SUCCESS)
1512 goto cleanup_message;
1514 result = dns_message_renderend(fctx->qmessage);
1515 if (result != ISC_R_SUCCESS)
1516 goto cleanup_message;
1518 dns_compress_invalidate(&cctx);
1519 cleanup_cctx = ISC_FALSE;
1521 if (dns_message_gettsigkey(fctx->qmessage) != NULL) {
1522 dns_tsigkey_attach(dns_message_gettsigkey(fctx->qmessage),
1524 result = dns_message_getquerytsig(fctx->qmessage,
1527 if (result != ISC_R_SUCCESS)
1528 goto cleanup_message;
1532 * If using TCP, write the length of the message at the beginning
1535 if ((query->options & DNS_FETCHOPT_TCP) != 0) {
1536 isc_buffer_usedregion(&query->buffer, &r);
1537 isc_buffer_putuint16(&tcpbuffer, (isc_uint16_t)r.length);
1538 isc_buffer_add(&tcpbuffer, r.length);
1542 * We're now done with the query message.
1544 dns_message_reset(fctx->qmessage, DNS_MESSAGE_INTENTRENDER);
1546 socket = dns_dispatch_getsocket(query->dispatch);
1550 if ((query->options & DNS_FETCHOPT_TCP) == 0)
1551 address = &query->addrinfo->sockaddr;
1552 isc_buffer_usedregion(buffer, &r);
1555 * XXXRTH Make sure we don't send to ourselves! We should probably
1556 * prune out these addresses when we get them from the ADB.
1558 result = isc_socket_sendto(socket, &r, task, resquery_senddone,
1559 query, address, NULL);
1560 if (result != ISC_R_SUCCESS)
1561 goto cleanup_message;
1565 return (ISC_R_SUCCESS);
1569 dns_compress_invalidate(&cctx);
1571 dns_message_reset(fctx->qmessage, DNS_MESSAGE_INTENTRENDER);
1574 * Stop the dispatcher from listening.
1576 dns_dispatch_removeresponse(&query->dispentry, NULL);
1580 dns_message_puttempname(fctx->qmessage, &qname);
1581 if (qrdataset != NULL)
1582 dns_message_puttemprdataset(fctx->qmessage, &qrdataset);
1588 resquery_connected(isc_task_t *task, isc_event_t *event) {
1589 isc_socketevent_t *sevent = (isc_socketevent_t *)event;
1590 resquery_t *query = event->ev_arg;
1591 isc_boolean_t retry = ISC_FALSE;
1592 isc_result_t result;
1596 REQUIRE(event->ev_type == ISC_SOCKEVENT_CONNECT);
1597 REQUIRE(VALID_QUERY(query));
1599 QTRACE("connected");
1606 * Currently we don't wait for the connect event before retrying
1607 * a query. This means that if we get really behind, we may end
1608 * up doing extra work!
1614 if (RESQUERY_CANCELED(query)) {
1616 * This query was canceled while the connect() was in
1619 isc_socket_detach(&query->tcpsocket);
1620 resquery_destroy(&query);
1622 switch (sevent->result) {
1625 * We are connected. Create a dispatcher and
1629 attrs |= DNS_DISPATCHATTR_TCP;
1630 attrs |= DNS_DISPATCHATTR_PRIVATE;
1631 attrs |= DNS_DISPATCHATTR_CONNECTED;
1632 if (isc_sockaddr_pf(&query->addrinfo->sockaddr) ==
1634 attrs |= DNS_DISPATCHATTR_IPV4;
1636 attrs |= DNS_DISPATCHATTR_IPV6;
1637 attrs |= DNS_DISPATCHATTR_MAKEQUERY;
1639 result = dns_dispatch_createtcp(query->dispatchmgr,
1641 query->fctx->res->taskmgr,
1642 4096, 2, 1, 1, 3, attrs,
1646 * Regardless of whether dns_dispatch_create()
1647 * succeeded or not, we don't need our reference
1648 * to the socket anymore.
1650 isc_socket_detach(&query->tcpsocket);
1652 if (result == ISC_R_SUCCESS)
1653 result = resquery_send(query);
1655 if (result != ISC_R_SUCCESS) {
1656 fctx_cancelquery(&query, NULL, NULL,
1658 fctx_done(fctx, result);
1662 case ISC_R_NETUNREACH:
1663 case ISC_R_HOSTUNREACH:
1664 case ISC_R_CONNREFUSED:
1666 case ISC_R_ADDRNOTAVAIL:
1667 case ISC_R_CONNECTIONRESET:
1669 * No route to remote.
1671 isc_socket_detach(&query->tcpsocket);
1672 fctx_cancelquery(&query, NULL, NULL, ISC_TRUE);
1677 isc_socket_detach(&query->tcpsocket);
1678 fctx_cancelquery(&query, NULL, NULL, ISC_FALSE);
1683 isc_event_free(&event);
1687 * Behave as if the idle timer has expired. For TCP
1688 * connections this may not actually reflect the latest timer.
1690 fctx->attributes &= ~FCTX_ATTR_ADDRWAIT;
1691 result = fctx_stopidletimer(fctx);
1692 if (result != ISC_R_SUCCESS)
1693 fctx_done(fctx, result);
1700 fctx_finddone(isc_task_t *task, isc_event_t *event) {
1702 dns_adbfind_t *find;
1703 dns_resolver_t *res;
1704 isc_boolean_t want_try = ISC_FALSE;
1705 isc_boolean_t want_done = ISC_FALSE;
1706 isc_boolean_t bucket_empty = ISC_FALSE;
1707 unsigned int bucketnum;
1709 find = event->ev_sender;
1710 fctx = event->ev_arg;
1711 REQUIRE(VALID_FCTX(fctx));
1716 FCTXTRACE("finddone");
1718 INSIST(fctx->pending > 0);
1721 if (ADDRWAIT(fctx)) {
1723 * The fetch is waiting for a name to be found.
1725 INSIST(!SHUTTINGDOWN(fctx));
1726 fctx->attributes &= ~FCTX_ATTR_ADDRWAIT;
1727 if (event->ev_type == DNS_EVENT_ADBMOREADDRESSES)
1728 want_try = ISC_TRUE;
1729 else if (fctx->pending == 0) {
1731 * We've got nothing else to wait for and don't
1732 * know the answer. There's nothing to do but
1735 want_done = ISC_TRUE;
1737 } else if (SHUTTINGDOWN(fctx) && fctx->pending == 0 &&
1738 fctx->nqueries == 0 && ISC_LIST_EMPTY(fctx->validators)) {
1739 bucketnum = fctx->bucketnum;
1740 LOCK(&res->buckets[bucketnum].lock);
1742 * Note that we had to wait until we had the lock before
1743 * looking at fctx->references.
1745 if (fctx->references == 0)
1746 bucket_empty = fctx_destroy(fctx);
1747 UNLOCK(&res->buckets[bucketnum].lock);
1750 isc_event_free(&event);
1751 dns_adb_destroyfind(&find);
1756 fctx_done(fctx, ISC_R_FAILURE);
1757 else if (bucket_empty)
1762 static inline isc_boolean_t
1763 bad_server(fetchctx_t *fctx, isc_sockaddr_t *address) {
1766 for (sa = ISC_LIST_HEAD(fctx->bad);
1768 sa = ISC_LIST_NEXT(sa, link)) {
1769 if (isc_sockaddr_equal(sa, address))
1776 static inline isc_boolean_t
1777 mark_bad(fetchctx_t *fctx) {
1778 dns_adbfind_t *curr;
1779 dns_adbaddrinfo_t *addrinfo;
1780 isc_boolean_t all_bad = ISC_TRUE;
1783 * Mark all known bad servers, so we don't try to talk to them
1788 * Mark any bad nameservers.
1790 for (curr = ISC_LIST_HEAD(fctx->finds);
1792 curr = ISC_LIST_NEXT(curr, publink)) {
1793 for (addrinfo = ISC_LIST_HEAD(curr->list);
1795 addrinfo = ISC_LIST_NEXT(addrinfo, publink)) {
1796 if (bad_server(fctx, &addrinfo->sockaddr))
1797 addrinfo->flags |= FCTX_ADDRINFO_MARK;
1799 all_bad = ISC_FALSE;
1804 * Mark any bad forwarders.
1806 for (addrinfo = ISC_LIST_HEAD(fctx->forwaddrs);
1808 addrinfo = ISC_LIST_NEXT(addrinfo, publink)) {
1809 if (bad_server(fctx, &addrinfo->sockaddr))
1810 addrinfo->flags |= FCTX_ADDRINFO_MARK;
1812 all_bad = ISC_FALSE;
1816 * Mark any bad alternates.
1818 for (curr = ISC_LIST_HEAD(fctx->altfinds);
1820 curr = ISC_LIST_NEXT(curr, publink)) {
1821 for (addrinfo = ISC_LIST_HEAD(curr->list);
1823 addrinfo = ISC_LIST_NEXT(addrinfo, publink)) {
1824 if (bad_server(fctx, &addrinfo->sockaddr))
1825 addrinfo->flags |= FCTX_ADDRINFO_MARK;
1827 all_bad = ISC_FALSE;
1831 for (addrinfo = ISC_LIST_HEAD(fctx->altaddrs);
1833 addrinfo = ISC_LIST_NEXT(addrinfo, publink)) {
1834 if (bad_server(fctx, &addrinfo->sockaddr))
1835 addrinfo->flags |= FCTX_ADDRINFO_MARK;
1837 all_bad = ISC_FALSE;
1844 add_bad(fetchctx_t *fctx, isc_sockaddr_t *address, isc_result_t reason) {
1845 char namebuf[DNS_NAME_FORMATSIZE];
1846 char addrbuf[ISC_SOCKADDR_FORMATSIZE];
1852 const char *sep1, *sep2;
1854 if (bad_server(fctx, address)) {
1856 * We already know this server is bad.
1861 FCTXTRACE("add_bad");
1863 sa = isc_mem_get(fctx->res->buckets[fctx->bucketnum].mctx,
1868 ISC_LIST_INITANDAPPEND(fctx->bad, sa, link);
1870 if (reason == DNS_R_LAME) /* already logged */
1873 if (reason == DNS_R_UNEXPECTEDRCODE) {
1874 isc_buffer_init(&b, code, sizeof(code) - 1);
1875 dns_rcode_totext(fctx->rmessage->rcode, &b);
1876 code[isc_buffer_usedlength(&b)] = '\0';
1879 } else if (reason == DNS_R_UNEXPECTEDOPCODE) {
1880 isc_buffer_init(&b, code, sizeof(code) - 1);
1881 dns_opcode_totext((dns_opcode_t)fctx->rmessage->opcode, &b);
1882 code[isc_buffer_usedlength(&b)] = '\0';
1890 dns_name_format(&fctx->name, namebuf, sizeof(namebuf));
1891 dns_rdatatype_format(fctx->type, typebuf, sizeof(typebuf));
1892 dns_rdataclass_format(fctx->res->rdclass, classbuf, sizeof(classbuf));
1893 isc_sockaddr_format(address, addrbuf, sizeof(addrbuf));
1894 isc_log_write(dns_lctx, DNS_LOGCATEGORY_LAME_SERVERS,
1895 DNS_LOGMODULE_RESOLVER, ISC_LOG_INFO,
1896 "%s %s%s%sresolving '%s/%s/%s': %s",
1897 dns_result_totext(reason), sep1, code, sep2,
1898 namebuf, typebuf, classbuf, addrbuf);
1902 sort_adbfind(dns_adbfind_t *find) {
1903 dns_adbaddrinfo_t *best, *curr;
1904 dns_adbaddrinfolist_t sorted;
1907 * Lame N^2 bubble sort.
1910 ISC_LIST_INIT(sorted);
1911 while (!ISC_LIST_EMPTY(find->list)) {
1912 best = ISC_LIST_HEAD(find->list);
1913 curr = ISC_LIST_NEXT(best, publink);
1914 while (curr != NULL) {
1915 if (curr->srtt < best->srtt)
1917 curr = ISC_LIST_NEXT(curr, publink);
1919 ISC_LIST_UNLINK(find->list, best, publink);
1920 ISC_LIST_APPEND(sorted, best, publink);
1922 find->list = sorted;
1926 sort_finds(fetchctx_t *fctx) {
1927 dns_adbfind_t *best, *curr;
1928 dns_adbfindlist_t sorted;
1929 dns_adbaddrinfo_t *addrinfo, *bestaddrinfo;
1932 * Lame N^2 bubble sort.
1935 ISC_LIST_INIT(sorted);
1936 while (!ISC_LIST_EMPTY(fctx->finds)) {
1937 best = ISC_LIST_HEAD(fctx->finds);
1938 bestaddrinfo = ISC_LIST_HEAD(best->list);
1939 INSIST(bestaddrinfo != NULL);
1940 curr = ISC_LIST_NEXT(best, publink);
1941 while (curr != NULL) {
1942 addrinfo = ISC_LIST_HEAD(curr->list);
1943 INSIST(addrinfo != NULL);
1944 if (addrinfo->srtt < bestaddrinfo->srtt) {
1946 bestaddrinfo = addrinfo;
1948 curr = ISC_LIST_NEXT(curr, publink);
1950 ISC_LIST_UNLINK(fctx->finds, best, publink);
1951 ISC_LIST_APPEND(sorted, best, publink);
1953 fctx->finds = sorted;
1955 ISC_LIST_INIT(sorted);
1956 while (!ISC_LIST_EMPTY(fctx->altfinds)) {
1957 best = ISC_LIST_HEAD(fctx->altfinds);
1958 bestaddrinfo = ISC_LIST_HEAD(best->list);
1959 INSIST(bestaddrinfo != NULL);
1960 curr = ISC_LIST_NEXT(best, publink);
1961 while (curr != NULL) {
1962 addrinfo = ISC_LIST_HEAD(curr->list);
1963 INSIST(addrinfo != NULL);
1964 if (addrinfo->srtt < bestaddrinfo->srtt) {
1966 bestaddrinfo = addrinfo;
1968 curr = ISC_LIST_NEXT(curr, publink);
1970 ISC_LIST_UNLINK(fctx->altfinds, best, publink);
1971 ISC_LIST_APPEND(sorted, best, publink);
1973 fctx->altfinds = sorted;
1977 findname(fetchctx_t *fctx, dns_name_t *name, in_port_t port,
1978 unsigned int options, unsigned int flags, isc_stdtime_t now,
1979 isc_boolean_t *need_alternate)
1981 dns_adbaddrinfo_t *ai;
1982 dns_adbfind_t *find;
1983 dns_resolver_t *res;
1984 isc_boolean_t unshared;
1985 isc_result_t result;
1988 unshared = ISC_TF((fctx->options | DNS_FETCHOPT_UNSHARED) != 0);
1990 * If this name is a subdomain of the query domain, tell
1991 * the ADB to start looking using zone/hint data. This keeps us
1992 * from getting stuck if the nameserver is beneath the zone cut
1993 * and we don't know its address (e.g. because the A record has
1996 if (dns_name_issubdomain(name, &fctx->domain))
1997 options |= DNS_ADBFIND_STARTATZONE;
1998 options |= DNS_ADBFIND_GLUEOK;
1999 options |= DNS_ADBFIND_HINTOK;
2002 * See what we know about this address.
2005 result = dns_adb_createfind(fctx->adb,
2006 res->buckets[fctx->bucketnum].task,
2007 fctx_finddone, fctx, name,
2008 &fctx->name, fctx->type,
2010 res->view->dstport, &find);
2011 if (result != ISC_R_SUCCESS) {
2012 if (result == DNS_R_ALIAS) {
2014 * XXXRTH Follow the CNAME/DNAME chain?
2016 dns_adb_destroyfind(&find);
2018 } else if (!ISC_LIST_EMPTY(find->list)) {
2020 * We have at least some of the addresses for the
2023 INSIST((find->options & DNS_ADBFIND_WANTEVENT) == 0);
2025 if (flags != 0 || port != 0) {
2026 for (ai = ISC_LIST_HEAD(find->list);
2028 ai = ISC_LIST_NEXT(ai, publink)) {
2031 isc_sockaddr_setport(&ai->sockaddr,
2035 if ((flags & FCTX_ADDRINFO_FORWARDER) != 0)
2036 ISC_LIST_APPEND(fctx->altfinds, find, publink);
2038 ISC_LIST_APPEND(fctx->finds, find, publink);
2041 * We don't know any of the addresses for this
2044 if ((find->options & DNS_ADBFIND_WANTEVENT) != 0) {
2046 * We're looking for them and will get an
2047 * event about it later.
2053 if (need_alternate != NULL &&
2054 !*need_alternate && unshared &&
2055 ((res->dispatchv4 == NULL &&
2056 find->result_v6 != DNS_R_NXDOMAIN) ||
2057 (res->dispatchv6 == NULL &&
2058 find->result_v4 != DNS_R_NXDOMAIN)))
2059 *need_alternate = ISC_TRUE;
2062 * If we know there are no addresses for
2063 * the family we are using then try to add
2064 * an alternative server.
2066 if (need_alternate != NULL && !*need_alternate &&
2067 ((res->dispatchv4 == NULL &&
2068 find->result_v6 == DNS_R_NXRRSET) ||
2069 (res->dispatchv6 == NULL &&
2070 find->result_v4 == DNS_R_NXRRSET)))
2071 *need_alternate = ISC_TRUE;
2072 dns_adb_destroyfind(&find);
2078 fctx_getaddresses(fetchctx_t *fctx) {
2079 dns_rdata_t rdata = DNS_RDATA_INIT;
2080 isc_result_t result;
2081 dns_resolver_t *res;
2083 unsigned int stdoptions;
2085 dns_adbaddrinfo_t *ai;
2086 isc_boolean_t all_bad;
2088 isc_boolean_t need_alternate = ISC_FALSE;
2090 FCTXTRACE("getaddresses");
2093 * Don't pound on remote servers. (Failsafe!)
2096 if (fctx->restarts > 10) {
2097 FCTXTRACE("too many restarts");
2098 return (DNS_R_SERVFAIL);
2102 stdoptions = 0; /* Keep compiler happy. */
2108 INSIST(ISC_LIST_EMPTY(fctx->forwaddrs));
2109 INSIST(ISC_LIST_EMPTY(fctx->altaddrs));
2112 * If this fctx has forwarders, use them; otherwise use any
2113 * selective forwarders specified in the view; otherwise use the
2114 * resolver's forwarders (if any).
2116 sa = ISC_LIST_HEAD(fctx->forwarders);
2118 dns_forwarders_t *forwarders = NULL;
2119 dns_name_t *name = &fctx->name;
2121 unsigned int labels;
2124 * DS records are found in the parent server.
2125 * Strip label to get the correct forwarder (if any).
2127 if (fctx->type == dns_rdatatype_ds &&
2128 dns_name_countlabels(name) > 1) {
2129 dns_name_init(&suffix, NULL);
2130 labels = dns_name_countlabels(name);
2131 dns_name_getlabelsequence(name, 1, labels - 1, &suffix);
2134 result = dns_fwdtable_find(fctx->res->view->fwdtable, name,
2136 if (result == ISC_R_SUCCESS) {
2137 sa = ISC_LIST_HEAD(forwarders->addrs);
2138 fctx->fwdpolicy = forwarders->fwdpolicy;
2142 while (sa != NULL) {
2144 result = dns_adb_findaddrinfo(fctx->adb,
2145 sa, &ai, 0); /* XXXMLG */
2146 if (result == ISC_R_SUCCESS) {
2147 dns_adbaddrinfo_t *cur;
2148 ai->flags |= FCTX_ADDRINFO_FORWARDER;
2149 cur = ISC_LIST_HEAD(fctx->forwaddrs);
2150 while (cur != NULL && cur->srtt < ai->srtt)
2151 cur = ISC_LIST_NEXT(cur, publink);
2153 ISC_LIST_INSERTBEFORE(fctx->forwaddrs, cur,
2156 ISC_LIST_APPEND(fctx->forwaddrs, ai, publink);
2158 sa = ISC_LIST_NEXT(sa, link);
2162 * If the forwarding policy is "only", we don't need the addresses
2163 * of the nameservers.
2165 if (fctx->fwdpolicy == dns_fwdpolicy_only)
2169 * Normal nameservers.
2172 stdoptions = DNS_ADBFIND_WANTEVENT | DNS_ADBFIND_EMPTYEVENT;
2173 if (fctx->restarts == 1) {
2175 * To avoid sending out a flood of queries likely to
2176 * result in NXRRSET, we suppress fetches for address
2177 * families we don't have the first time through,
2178 * provided that we have addresses in some family we
2181 * We don't want to set this option all the time, since
2182 * if fctx->restarts > 1, we've clearly been having trouble
2183 * with the addresses we had, so getting more could help.
2185 stdoptions |= DNS_ADBFIND_AVOIDFETCHES;
2187 if (res->dispatchv4 != NULL)
2188 stdoptions |= DNS_ADBFIND_INET;
2189 if (res->dispatchv6 != NULL)
2190 stdoptions |= DNS_ADBFIND_INET6;
2191 isc_stdtime_get(&now);
2193 INSIST(ISC_LIST_EMPTY(fctx->finds));
2194 INSIST(ISC_LIST_EMPTY(fctx->altfinds));
2196 for (result = dns_rdataset_first(&fctx->nameservers);
2197 result == ISC_R_SUCCESS;
2198 result = dns_rdataset_next(&fctx->nameservers))
2200 dns_rdataset_current(&fctx->nameservers, &rdata);
2202 * Extract the name from the NS record.
2204 result = dns_rdata_tostruct(&rdata, &ns, NULL);
2205 if (result != ISC_R_SUCCESS)
2208 findname(fctx, &ns.name, 0, stdoptions, 0, now,
2210 dns_rdata_reset(&rdata);
2211 dns_rdata_freestruct(&ns);
2213 if (result != ISC_R_NOMORE)
2217 * Do we need to use 6 to 4?
2219 if (need_alternate) {
2222 family = (res->dispatchv6 != NULL) ? AF_INET6 : AF_INET;
2223 for (a = ISC_LIST_HEAD(fctx->res->alternates);
2225 a = ISC_LIST_NEXT(a, link)) {
2226 if (!a->isaddress) {
2227 findname(fctx, &a->_u._n.name, a->_u._n.port,
2228 stdoptions, FCTX_ADDRINFO_FORWARDER,
2232 if (isc_sockaddr_pf(&a->_u.addr) != family)
2235 result = dns_adb_findaddrinfo(fctx->adb, &a->_u.addr,
2237 if (result == ISC_R_SUCCESS) {
2238 dns_adbaddrinfo_t *cur;
2239 ai->flags |= FCTX_ADDRINFO_FORWARDER;
2240 cur = ISC_LIST_HEAD(fctx->altaddrs);
2241 while (cur != NULL && cur->srtt < ai->srtt)
2242 cur = ISC_LIST_NEXT(cur, publink);
2244 ISC_LIST_INSERTBEFORE(fctx->altaddrs,
2247 ISC_LIST_APPEND(fctx->altaddrs, ai,
2255 * Mark all known bad servers.
2257 all_bad = mark_bad(fctx);
2264 * We've got no addresses.
2266 if (fctx->pending > 0) {
2268 * We're fetching the addresses, but don't have any
2269 * yet. Tell the caller to wait for an answer.
2271 result = DNS_R_WAIT;
2274 * We've lost completely. We don't know any
2275 * addresses, and the ADB has told us it can't get
2278 FCTXTRACE("no addresses");
2279 result = ISC_R_FAILURE;
2283 * We've found some addresses. We might still be looking
2284 * for more addresses.
2287 result = ISC_R_SUCCESS;
2294 possibly_mark(fetchctx_t *fctx, dns_adbaddrinfo_t *addr)
2297 char buf[ISC_NETADDR_FORMATSIZE];
2299 isc_boolean_t aborted = ISC_FALSE;
2300 isc_boolean_t bogus;
2301 dns_acl_t *blackhole;
2302 isc_netaddr_t ipaddr;
2303 dns_peer_t *peer = NULL;
2304 dns_resolver_t *res;
2305 const char *msg = NULL;
2307 sa = &addr->sockaddr;
2310 isc_netaddr_fromsockaddr(&ipaddr, sa);
2311 blackhole = dns_dispatchmgr_getblackhole(res->dispatchmgr);
2312 (void) dns_peerlist_peerbyaddr(res->view->peers, &ipaddr, &peer);
2314 if (blackhole != NULL) {
2317 if (dns_acl_match(&ipaddr, NULL, blackhole,
2319 &match, NULL) == ISC_R_SUCCESS &&
2325 dns_peer_getbogus(peer, &bogus) == ISC_R_SUCCESS &&
2330 addr->flags |= FCTX_ADDRINFO_MARK;
2331 msg = "ignoring blackholed / bogus server: ";
2332 } else if (isc_sockaddr_ismulticast(sa)) {
2333 addr->flags |= FCTX_ADDRINFO_MARK;
2334 msg = "ignoring multicast address: ";
2335 } else if (isc_sockaddr_isexperimental(sa)) {
2336 addr->flags |= FCTX_ADDRINFO_MARK;
2337 msg = "ignoring experimental address: ";
2338 } else if (sa->type.sa.sa_family != AF_INET6) {
2340 } else if (IN6_IS_ADDR_V4MAPPED(&sa->type.sin6.sin6_addr)) {
2341 addr->flags |= FCTX_ADDRINFO_MARK;
2342 msg = "ignoring IPv6 mapped IPV4 address: ";
2343 } else if (IN6_IS_ADDR_V4COMPAT(&sa->type.sin6.sin6_addr)) {
2344 addr->flags |= FCTX_ADDRINFO_MARK;
2345 msg = "ignoring IPv6 compatibility IPV4 address: ";
2349 if (!isc_log_wouldlog(dns_lctx, ISC_LOG_DEBUG(3)))
2352 isc_netaddr_fromsockaddr(&na, sa);
2353 isc_netaddr_format(&na, buf, sizeof(buf));
2354 FCTXTRACE2(msg, buf);
2357 static inline dns_adbaddrinfo_t *
2358 fctx_nextaddress(fetchctx_t *fctx) {
2359 dns_adbfind_t *find, *start;
2360 dns_adbaddrinfo_t *addrinfo;
2361 dns_adbaddrinfo_t *faddrinfo;
2364 * Return the next untried address, if any.
2368 * Find the first unmarked forwarder (if any).
2370 for (addrinfo = ISC_LIST_HEAD(fctx->forwaddrs);
2372 addrinfo = ISC_LIST_NEXT(addrinfo, publink)) {
2373 if (!UNMARKED(addrinfo))
2375 possibly_mark(fctx, addrinfo);
2376 if (UNMARKED(addrinfo)) {
2377 addrinfo->flags |= FCTX_ADDRINFO_MARK;
2384 * No forwarders. Move to the next find.
2387 fctx->attributes |= FCTX_ATTR_TRIEDFIND;
2391 find = ISC_LIST_HEAD(fctx->finds);
2393 find = ISC_LIST_NEXT(find, publink);
2395 find = ISC_LIST_HEAD(fctx->finds);
2399 * Find the first unmarked addrinfo.
2405 for (addrinfo = ISC_LIST_HEAD(find->list);
2407 addrinfo = ISC_LIST_NEXT(addrinfo, publink)) {
2408 if (!UNMARKED(addrinfo))
2410 possibly_mark(fctx, addrinfo);
2411 if (UNMARKED(addrinfo)) {
2412 addrinfo->flags |= FCTX_ADDRINFO_MARK;
2416 if (addrinfo != NULL)
2418 find = ISC_LIST_NEXT(find, publink);
2420 find = ISC_LIST_HEAD(fctx->finds);
2421 } while (find != start);
2425 if (addrinfo != NULL)
2429 * No nameservers left. Try alternates.
2432 fctx->attributes |= FCTX_ATTR_TRIEDALT;
2434 find = fctx->altfind;
2436 find = ISC_LIST_HEAD(fctx->altfinds);
2438 find = ISC_LIST_NEXT(find, publink);
2440 find = ISC_LIST_HEAD(fctx->altfinds);
2444 * Find the first unmarked addrinfo.
2450 for (addrinfo = ISC_LIST_HEAD(find->list);
2452 addrinfo = ISC_LIST_NEXT(addrinfo, publink)) {
2453 if (!UNMARKED(addrinfo))
2455 possibly_mark(fctx, addrinfo);
2456 if (UNMARKED(addrinfo)) {
2457 addrinfo->flags |= FCTX_ADDRINFO_MARK;
2461 if (addrinfo != NULL)
2463 find = ISC_LIST_NEXT(find, publink);
2465 find = ISC_LIST_HEAD(fctx->altfinds);
2466 } while (find != start);
2469 faddrinfo = addrinfo;
2472 * See if we have a better alternate server by address.
2475 for (addrinfo = ISC_LIST_HEAD(fctx->altaddrs);
2477 addrinfo = ISC_LIST_NEXT(addrinfo, publink)) {
2478 if (!UNMARKED(addrinfo))
2480 possibly_mark(fctx, addrinfo);
2481 if (UNMARKED(addrinfo) &&
2482 (faddrinfo == NULL ||
2483 addrinfo->srtt < faddrinfo->srtt)) {
2484 if (faddrinfo != NULL)
2485 faddrinfo->flags &= ~FCTX_ADDRINFO_MARK;
2486 addrinfo->flags |= FCTX_ADDRINFO_MARK;
2491 if (addrinfo == NULL) {
2492 addrinfo = faddrinfo;
2493 fctx->altfind = find;
2500 fctx_try(fetchctx_t *fctx) {
2501 isc_result_t result;
2502 dns_adbaddrinfo_t *addrinfo;
2506 REQUIRE(!ADDRWAIT(fctx));
2508 addrinfo = fctx_nextaddress(fctx);
2509 if (addrinfo == NULL) {
2511 * We have no more addresses. Start over.
2513 fctx_cancelqueries(fctx, ISC_TRUE);
2514 fctx_cleanupfinds(fctx);
2515 fctx_cleanupaltfinds(fctx);
2516 fctx_cleanupforwaddrs(fctx);
2517 fctx_cleanupaltaddrs(fctx);
2518 result = fctx_getaddresses(fctx);
2519 if (result == DNS_R_WAIT) {
2521 * Sleep waiting for addresses.
2523 FCTXTRACE("addrwait");
2524 fctx->attributes |= FCTX_ATTR_ADDRWAIT;
2526 } else if (result != ISC_R_SUCCESS) {
2528 * Something bad happened.
2530 fctx_done(fctx, result);
2534 addrinfo = fctx_nextaddress(fctx);
2536 * While we may have addresses from the ADB, they
2537 * might be bad ones. In this case, return SERVFAIL.
2539 if (addrinfo == NULL) {
2540 fctx_done(fctx, DNS_R_SERVFAIL);
2545 result = fctx_query(fctx, addrinfo, fctx->options);
2546 if (result != ISC_R_SUCCESS)
2547 fctx_done(fctx, result);
2550 static isc_boolean_t
2551 fctx_destroy(fetchctx_t *fctx) {
2552 dns_resolver_t *res;
2553 unsigned int bucketnum;
2554 isc_sockaddr_t *sa, *next_sa;
2557 * Caller must be holding the bucket lock.
2560 REQUIRE(VALID_FCTX(fctx));
2561 REQUIRE(fctx->state == fetchstate_done ||
2562 fctx->state == fetchstate_init);
2563 REQUIRE(ISC_LIST_EMPTY(fctx->events));
2564 REQUIRE(ISC_LIST_EMPTY(fctx->queries));
2565 REQUIRE(ISC_LIST_EMPTY(fctx->finds));
2566 REQUIRE(ISC_LIST_EMPTY(fctx->altfinds));
2567 REQUIRE(fctx->pending == 0);
2568 REQUIRE(fctx->references == 0);
2569 REQUIRE(ISC_LIST_EMPTY(fctx->validators));
2571 FCTXTRACE("destroy");
2574 bucketnum = fctx->bucketnum;
2576 ISC_LIST_UNLINK(res->buckets[bucketnum].fctxs, fctx, link);
2581 for (sa = ISC_LIST_HEAD(fctx->bad);
2584 next_sa = ISC_LIST_NEXT(sa, link);
2585 ISC_LIST_UNLINK(fctx->bad, sa, link);
2586 isc_mem_put(res->buckets[bucketnum].mctx, sa, sizeof(*sa));
2589 for (sa = ISC_LIST_HEAD(fctx->edns);
2592 next_sa = ISC_LIST_NEXT(sa, link);
2593 ISC_LIST_UNLINK(fctx->edns, sa, link);
2594 isc_mem_put(res->buckets[bucketnum].mctx, sa, sizeof(*sa));
2597 for (sa = ISC_LIST_HEAD(fctx->edns512);
2600 next_sa = ISC_LIST_NEXT(sa, link);
2601 ISC_LIST_UNLINK(fctx->edns512, sa, link);
2602 isc_mem_put(res->buckets[bucketnum].mctx, sa, sizeof(*sa));
2605 isc_timer_detach(&fctx->timer);
2606 dns_message_destroy(&fctx->rmessage);
2607 dns_message_destroy(&fctx->qmessage);
2608 if (dns_name_countlabels(&fctx->domain) > 0)
2609 dns_name_free(&fctx->domain, res->buckets[bucketnum].mctx);
2610 if (dns_rdataset_isassociated(&fctx->nameservers))
2611 dns_rdataset_disassociate(&fctx->nameservers);
2612 dns_name_free(&fctx->name, res->buckets[bucketnum].mctx);
2613 dns_db_detach(&fctx->cache);
2614 dns_adb_detach(&fctx->adb);
2615 isc_mem_free(res->buckets[bucketnum].mctx, fctx->info);
2616 isc_mem_put(res->buckets[bucketnum].mctx, fctx, sizeof(*fctx));
2620 UNLOCK(&res->nlock);
2622 if (res->buckets[bucketnum].exiting &&
2623 ISC_LIST_EMPTY(res->buckets[bucketnum].fctxs))
2630 * Fetch event handlers.
2634 fctx_timeout(isc_task_t *task, isc_event_t *event) {
2635 fetchctx_t *fctx = event->ev_arg;
2637 REQUIRE(VALID_FCTX(fctx));
2641 FCTXTRACE("timeout");
2643 if (event->ev_type == ISC_TIMEREVENT_LIFE) {
2644 fctx_done(fctx, ISC_R_TIMEDOUT);
2646 isc_result_t result;
2650 * We could cancel the running queries here, or we could let
2651 * them keep going. Right now we choose the latter...
2653 fctx->attributes &= ~FCTX_ATTR_ADDRWAIT;
2655 * Our timer has triggered. Reestablish the fctx lifetime
2658 result = fctx_starttimer(fctx);
2659 if (result != ISC_R_SUCCESS)
2660 fctx_done(fctx, result);
2668 isc_event_free(&event);
2672 fctx_shutdown(fetchctx_t *fctx) {
2673 isc_event_t *cevent;
2676 * Start the shutdown process for fctx, if it isn't already underway.
2679 FCTXTRACE("shutdown");
2682 * The caller must be holding the appropriate bucket lock.
2685 if (fctx->want_shutdown)
2688 fctx->want_shutdown = ISC_TRUE;
2691 * Unless we're still initializing (in which case the
2692 * control event is still outstanding), we need to post
2693 * the control event to tell the fetch we want it to
2696 if (fctx->state != fetchstate_init) {
2697 cevent = &fctx->control_event;
2698 isc_task_send(fctx->res->buckets[fctx->bucketnum].task,
2704 fctx_doshutdown(isc_task_t *task, isc_event_t *event) {
2705 fetchctx_t *fctx = event->ev_arg;
2706 isc_boolean_t bucket_empty = ISC_FALSE;
2707 dns_resolver_t *res;
2708 unsigned int bucketnum;
2709 dns_validator_t *validator;
2711 REQUIRE(VALID_FCTX(fctx));
2716 bucketnum = fctx->bucketnum;
2718 FCTXTRACE("doshutdown");
2721 * An fctx that is shutting down is no longer in ADDRWAIT mode.
2723 fctx->attributes &= ~FCTX_ATTR_ADDRWAIT;
2726 * Cancel all pending validators. Note that this must be done
2727 * without the bucket lock held, since that could cause deadlock.
2729 validator = ISC_LIST_HEAD(fctx->validators);
2730 while (validator != NULL) {
2731 dns_validator_cancel(validator);
2732 validator = ISC_LIST_NEXT(validator, link);
2735 if (fctx->nsfetch != NULL)
2736 dns_resolver_cancelfetch(fctx->nsfetch);
2739 * Shut down anything that is still running on behalf of this
2740 * fetch. To avoid deadlock with the ADB, we must do this
2741 * before we lock the bucket lock.
2743 fctx_stopeverything(fctx, ISC_FALSE);
2745 LOCK(&res->buckets[bucketnum].lock);
2747 fctx->attributes |= FCTX_ATTR_SHUTTINGDOWN;
2749 INSIST(fctx->state == fetchstate_active ||
2750 fctx->state == fetchstate_done);
2751 INSIST(fctx->want_shutdown);
2753 if (fctx->state != fetchstate_done) {
2754 fctx->state = fetchstate_done;
2755 fctx_sendevents(fctx, ISC_R_CANCELED);
2758 if (fctx->references == 0 && fctx->pending == 0 &&
2759 fctx->nqueries == 0 && ISC_LIST_EMPTY(fctx->validators))
2760 bucket_empty = fctx_destroy(fctx);
2762 UNLOCK(&res->buckets[bucketnum].lock);
2769 fctx_start(isc_task_t *task, isc_event_t *event) {
2770 fetchctx_t *fctx = event->ev_arg;
2771 isc_boolean_t done = ISC_FALSE, bucket_empty = ISC_FALSE;
2772 dns_resolver_t *res;
2773 unsigned int bucketnum;
2775 REQUIRE(VALID_FCTX(fctx));
2780 bucketnum = fctx->bucketnum;
2784 LOCK(&res->buckets[bucketnum].lock);
2786 INSIST(fctx->state == fetchstate_init);
2787 if (fctx->want_shutdown) {
2789 * We haven't started this fctx yet, and we've been requested
2792 fctx->attributes |= FCTX_ATTR_SHUTTINGDOWN;
2793 fctx->state = fetchstate_done;
2794 fctx_sendevents(fctx, ISC_R_CANCELED);
2796 * Since we haven't started, we INSIST that we have no
2797 * pending ADB finds and no pending validations.
2799 INSIST(fctx->pending == 0);
2800 INSIST(fctx->nqueries == 0);
2801 INSIST(ISC_LIST_EMPTY(fctx->validators));
2802 if (fctx->references == 0) {
2804 * It's now safe to destroy this fctx.
2806 bucket_empty = fctx_destroy(fctx);
2811 * Normal fctx startup.
2813 fctx->state = fetchstate_active;
2815 * Reset the control event for later use in shutting down
2818 ISC_EVENT_INIT(event, sizeof(*event), 0, NULL,
2819 DNS_EVENT_FETCHCONTROL, fctx_doshutdown, fctx,
2823 UNLOCK(&res->buckets[bucketnum].lock);
2826 isc_result_t result;
2829 * All is well. Start working on the fetch.
2831 result = fctx_starttimer(fctx);
2832 if (result != ISC_R_SUCCESS)
2833 fctx_done(fctx, result);
2836 } else if (bucket_empty)
2841 * Fetch Creation, Joining, and Cancelation.
2844 static inline isc_result_t
2845 fctx_join(fetchctx_t *fctx, isc_task_t *task, isc_sockaddr_t *client,
2846 dns_messageid_t id, isc_taskaction_t action, void *arg,
2847 dns_rdataset_t *rdataset, dns_rdataset_t *sigrdataset,
2851 dns_fetchevent_t *event;
2856 * We store the task we're going to send this event to in the
2857 * sender field. We'll make the fetch the sender when we actually
2861 isc_task_attach(task, &clone);
2862 event = (dns_fetchevent_t *)
2863 isc_event_allocate(fctx->res->mctx, clone, DNS_EVENT_FETCHDONE,
2864 action, arg, sizeof(*event));
2865 if (event == NULL) {
2866 isc_task_detach(&clone);
2867 return (ISC_R_NOMEMORY);
2869 event->result = DNS_R_SERVFAIL;
2870 event->qtype = fctx->type;
2873 event->rdataset = rdataset;
2874 event->sigrdataset = sigrdataset;
2875 event->fetch = fetch;
2876 event->client = client;
2878 dns_fixedname_init(&event->foundname);
2881 * Make sure that we can store the sigrdataset in the
2882 * first event if it is needed by any of the events.
2884 if (event->sigrdataset != NULL)
2885 ISC_LIST_PREPEND(fctx->events, event, ev_link);
2887 ISC_LIST_APPEND(fctx->events, event, ev_link);
2890 fetch->magic = DNS_FETCH_MAGIC;
2891 fetch->private = fctx;
2893 return (ISC_R_SUCCESS);
2897 fctx_create(dns_resolver_t *res, dns_name_t *name, dns_rdatatype_t type,
2898 dns_name_t *domain, dns_rdataset_t *nameservers,
2899 unsigned int options, unsigned int bucketnum, fetchctx_t **fctxp)
2902 isc_result_t result;
2903 isc_result_t iresult;
2904 isc_interval_t interval;
2905 dns_fixedname_t fixed;
2906 unsigned int findoptions = 0;
2907 char buf[DNS_NAME_FORMATSIZE + DNS_RDATATYPE_FORMATSIZE];
2908 char typebuf[DNS_RDATATYPE_FORMATSIZE];
2912 * Caller must be holding the lock for bucket number 'bucketnum'.
2914 REQUIRE(fctxp != NULL && *fctxp == NULL);
2916 fctx = isc_mem_get(res->buckets[bucketnum].mctx, sizeof(*fctx));
2918 return (ISC_R_NOMEMORY);
2919 dns_name_format(name, buf, sizeof(buf));
2920 dns_rdatatype_format(type, typebuf, sizeof(typebuf));
2921 strcat(buf, "/"); /* checked */
2922 strcat(buf, typebuf); /* checked */
2923 fctx->info = isc_mem_strdup(res->buckets[bucketnum].mctx, buf);
2924 if (fctx->info == NULL) {
2925 result = ISC_R_NOMEMORY;
2928 FCTXTRACE("create");
2929 dns_name_init(&fctx->name, NULL);
2930 result = dns_name_dup(name, res->buckets[bucketnum].mctx, &fctx->name);
2931 if (result != ISC_R_SUCCESS)
2933 dns_name_init(&fctx->domain, NULL);
2934 dns_rdataset_init(&fctx->nameservers);
2937 fctx->options = options;
2939 * Note! We do not attach to the task. We are relying on the
2940 * resolver to ensure that this task doesn't go away while we are
2944 fctx->references = 0;
2945 fctx->bucketnum = bucketnum;
2946 fctx->state = fetchstate_init;
2947 fctx->want_shutdown = ISC_FALSE;
2948 fctx->cloned = ISC_FALSE;
2949 ISC_LIST_INIT(fctx->queries);
2950 ISC_LIST_INIT(fctx->finds);
2951 ISC_LIST_INIT(fctx->altfinds);
2952 ISC_LIST_INIT(fctx->forwaddrs);
2953 ISC_LIST_INIT(fctx->altaddrs);
2954 ISC_LIST_INIT(fctx->forwarders);
2955 fctx->fwdpolicy = dns_fwdpolicy_none;
2956 ISC_LIST_INIT(fctx->bad);
2957 ISC_LIST_INIT(fctx->edns);
2958 ISC_LIST_INIT(fctx->edns512);
2959 ISC_LIST_INIT(fctx->validators);
2961 fctx->altfind = NULL;
2965 fctx->attributes = 0;
2966 fctx->spilled = ISC_FALSE;
2969 dns_name_init(&fctx->nsname, NULL);
2970 fctx->nsfetch = NULL;
2971 dns_rdataset_init(&fctx->nsrrset);
2973 if (domain == NULL) {
2974 dns_forwarders_t *forwarders = NULL;
2975 unsigned int labels;
2978 * DS records are found in the parent server.
2979 * Strip label to get the correct forwarder (if any).
2981 if (fctx->type == dns_rdatatype_ds &&
2982 dns_name_countlabels(name) > 1) {
2983 dns_name_init(&suffix, NULL);
2984 labels = dns_name_countlabels(name);
2985 dns_name_getlabelsequence(name, 1, labels - 1, &suffix);
2988 dns_fixedname_init(&fixed);
2989 domain = dns_fixedname_name(&fixed);
2990 result = dns_fwdtable_find2(fctx->res->view->fwdtable, name,
2991 domain, &forwarders);
2992 if (result == ISC_R_SUCCESS)
2993 fctx->fwdpolicy = forwarders->fwdpolicy;
2995 if (fctx->fwdpolicy != dns_fwdpolicy_only) {
2997 * The caller didn't supply a query domain and
2998 * nameservers, and we're not in forward-only mode,
2999 * so find the best nameservers to use.
3001 if (dns_rdatatype_atparent(type))
3002 findoptions |= DNS_DBFIND_NOEXACT;
3003 result = dns_view_findzonecut(res->view, name, domain,
3004 0, findoptions, ISC_TRUE,
3007 if (result != ISC_R_SUCCESS)
3009 result = dns_name_dup(domain,
3010 res->buckets[bucketnum].mctx,
3012 if (result != ISC_R_SUCCESS) {
3013 dns_rdataset_disassociate(&fctx->nameservers);
3018 * We're in forward-only mode. Set the query domain.
3020 result = dns_name_dup(domain,
3021 res->buckets[bucketnum].mctx,
3023 if (result != ISC_R_SUCCESS)
3027 result = dns_name_dup(domain,
3028 res->buckets[bucketnum].mctx,
3030 if (result != ISC_R_SUCCESS)
3032 dns_rdataset_clone(nameservers, &fctx->nameservers);
3035 INSIST(dns_name_issubdomain(&fctx->name, &fctx->domain));
3037 fctx->qmessage = NULL;
3038 result = dns_message_create(res->buckets[bucketnum].mctx,
3039 DNS_MESSAGE_INTENTRENDER,
3042 if (result != ISC_R_SUCCESS)
3043 goto cleanup_domain;
3045 fctx->rmessage = NULL;
3046 result = dns_message_create(res->buckets[bucketnum].mctx,
3047 DNS_MESSAGE_INTENTPARSE,
3050 if (result != ISC_R_SUCCESS)
3051 goto cleanup_qmessage;
3054 * Compute an expiration time for the entire fetch.
3056 isc_interval_set(&interval, 30, 0); /* XXXRTH constant */
3057 iresult = isc_time_nowplusinterval(&fctx->expires, &interval);
3058 if (iresult != ISC_R_SUCCESS) {
3059 UNEXPECTED_ERROR(__FILE__, __LINE__,
3060 "isc_time_nowplusinterval: %s",
3061 isc_result_totext(iresult));
3062 result = ISC_R_UNEXPECTED;
3063 goto cleanup_rmessage;
3067 * Default retry interval initialization. We set the interval now
3068 * mostly so it won't be uninitialized. It will be set to the
3069 * correct value before a query is issued.
3071 isc_interval_set(&fctx->interval, 2, 0);
3074 * Create an inactive timer. It will be made active when the fetch
3075 * is actually started.
3078 iresult = isc_timer_create(res->timermgr, isc_timertype_inactive,
3080 res->buckets[bucketnum].task, fctx_timeout,
3081 fctx, &fctx->timer);
3082 if (iresult != ISC_R_SUCCESS) {
3083 UNEXPECTED_ERROR(__FILE__, __LINE__,
3084 "isc_timer_create: %s",
3085 isc_result_totext(iresult));
3086 result = ISC_R_UNEXPECTED;
3087 goto cleanup_rmessage;
3091 * Attach to the view's cache and adb.
3094 dns_db_attach(res->view->cachedb, &fctx->cache);
3096 dns_adb_attach(res->view->adb, &fctx->adb);
3098 ISC_LIST_INIT(fctx->events);
3099 ISC_LINK_INIT(fctx, link);
3100 fctx->magic = FCTX_MAGIC;
3102 ISC_LIST_APPEND(res->buckets[bucketnum].fctxs, fctx, link);
3106 UNLOCK(&res->nlock);
3110 return (ISC_R_SUCCESS);
3113 dns_message_destroy(&fctx->rmessage);
3116 dns_message_destroy(&fctx->qmessage);
3119 if (dns_name_countlabels(&fctx->domain) > 0)
3120 dns_name_free(&fctx->domain, res->buckets[bucketnum].mctx);
3121 if (dns_rdataset_isassociated(&fctx->nameservers))
3122 dns_rdataset_disassociate(&fctx->nameservers);
3125 dns_name_free(&fctx->name, res->buckets[bucketnum].mctx);
3128 isc_mem_free(res->buckets[bucketnum].mctx, fctx->info);
3131 isc_mem_put(res->buckets[bucketnum].mctx, fctx, sizeof(*fctx));
3139 static inline isc_boolean_t
3140 is_lame(fetchctx_t *fctx) {
3141 dns_message_t *message = fctx->rmessage;
3143 dns_rdataset_t *rdataset;
3144 isc_result_t result;
3146 if (message->rcode != dns_rcode_noerror &&
3147 message->rcode != dns_rcode_nxdomain)
3150 if (message->counts[DNS_SECTION_ANSWER] != 0)
3153 if (message->counts[DNS_SECTION_AUTHORITY] == 0)
3156 result = dns_message_firstname(message, DNS_SECTION_AUTHORITY);
3157 while (result == ISC_R_SUCCESS) {
3159 dns_message_currentname(message, DNS_SECTION_AUTHORITY, &name);
3160 for (rdataset = ISC_LIST_HEAD(name->list);
3162 rdataset = ISC_LIST_NEXT(rdataset, link)) {
3163 dns_namereln_t namereln;
3165 unsigned int labels;
3166 if (rdataset->type != dns_rdatatype_ns)
3168 namereln = dns_name_fullcompare(name, &fctx->domain,
3170 if (namereln == dns_namereln_equal &&
3171 (message->flags & DNS_MESSAGEFLAG_AA) != 0)
3173 if (namereln == dns_namereln_subdomain)
3177 result = dns_message_nextname(message, DNS_SECTION_AUTHORITY);
3184 log_lame(fetchctx_t *fctx, dns_adbaddrinfo_t *addrinfo) {
3185 char namebuf[DNS_NAME_FORMATSIZE];
3186 char domainbuf[DNS_NAME_FORMATSIZE];
3187 char addrbuf[ISC_SOCKADDR_FORMATSIZE];
3189 dns_name_format(&fctx->name, namebuf, sizeof(namebuf));
3190 dns_name_format(&fctx->domain, domainbuf, sizeof(domainbuf));
3191 isc_sockaddr_format(&addrinfo->sockaddr, addrbuf, sizeof(addrbuf));
3192 isc_log_write(dns_lctx, DNS_LOGCATEGORY_LAME_SERVERS,
3193 DNS_LOGMODULE_RESOLVER, ISC_LOG_INFO,
3194 "lame server resolving '%s' (in '%s'?): %s",
3195 namebuf, domainbuf, addrbuf);
3198 static inline isc_result_t
3199 same_question(fetchctx_t *fctx) {
3200 isc_result_t result;
3201 dns_message_t *message = fctx->rmessage;
3203 dns_rdataset_t *rdataset;
3206 * Caller must be holding the fctx lock.
3210 * XXXRTH Currently we support only one question.
3212 if (message->counts[DNS_SECTION_QUESTION] != 1)
3213 return (DNS_R_FORMERR);
3215 result = dns_message_firstname(message, DNS_SECTION_QUESTION);
3216 if (result != ISC_R_SUCCESS)
3219 dns_message_currentname(message, DNS_SECTION_QUESTION, &name);
3220 rdataset = ISC_LIST_HEAD(name->list);
3221 INSIST(rdataset != NULL);
3222 INSIST(ISC_LIST_NEXT(rdataset, link) == NULL);
3223 if (fctx->type != rdataset->type ||
3224 fctx->res->rdclass != rdataset->rdclass ||
3225 !dns_name_equal(&fctx->name, name))
3226 return (DNS_R_FORMERR);
3228 return (ISC_R_SUCCESS);
3232 clone_results(fetchctx_t *fctx) {
3233 dns_fetchevent_t *event, *hevent;
3234 isc_result_t result;
3235 dns_name_t *name, *hname;
3237 FCTXTRACE("clone_results");
3240 * Set up any other events to have the same data as the first
3243 * Caller must be holding the appropriate lock.
3246 fctx->cloned = ISC_TRUE;
3247 hevent = ISC_LIST_HEAD(fctx->events);
3250 hname = dns_fixedname_name(&hevent->foundname);
3251 for (event = ISC_LIST_NEXT(hevent, ev_link);
3253 event = ISC_LIST_NEXT(event, ev_link)) {
3254 name = dns_fixedname_name(&event->foundname);
3255 result = dns_name_copy(hname, name, NULL);
3256 if (result != ISC_R_SUCCESS)
3257 event->result = result;
3259 event->result = hevent->result;
3260 dns_db_attach(hevent->db, &event->db);
3261 dns_db_attachnode(hevent->db, hevent->node, &event->node);
3262 INSIST(hevent->rdataset != NULL);
3263 INSIST(event->rdataset != NULL);
3264 if (dns_rdataset_isassociated(hevent->rdataset))
3265 dns_rdataset_clone(hevent->rdataset, event->rdataset);
3266 INSIST(! (hevent->sigrdataset == NULL &&
3267 event->sigrdataset != NULL));
3268 if (hevent->sigrdataset != NULL &&
3269 dns_rdataset_isassociated(hevent->sigrdataset) &&
3270 event->sigrdataset != NULL)
3271 dns_rdataset_clone(hevent->sigrdataset,
3272 event->sigrdataset);
3276 #define CACHE(r) (((r)->attributes & DNS_RDATASETATTR_CACHE) != 0)
3277 #define ANSWER(r) (((r)->attributes & DNS_RDATASETATTR_ANSWER) != 0)
3278 #define ANSWERSIG(r) (((r)->attributes & DNS_RDATASETATTR_ANSWERSIG) != 0)
3279 #define EXTERNAL(r) (((r)->attributes & DNS_RDATASETATTR_EXTERNAL) != 0)
3280 #define CHAINING(r) (((r)->attributes & DNS_RDATASETATTR_CHAINING) != 0)
3281 #define CHASE(r) (((r)->attributes & DNS_RDATASETATTR_CHASE) != 0)
3282 #define CHECKNAMES(r) (((r)->attributes & DNS_RDATASETATTR_CHECKNAMES) != 0)
3286 * Destroy '*fctx' if it is ready to be destroyed (i.e., if it has
3287 * no references and is no longer waiting for any events). If this
3288 * was the last fctx in the resolver, destroy the resolver.
3291 * '*fctx' is shutting down.
3294 maybe_destroy(fetchctx_t *fctx) {
3295 unsigned int bucketnum;
3296 isc_boolean_t bucket_empty = ISC_FALSE;
3297 dns_resolver_t *res = fctx->res;
3298 dns_validator_t *validator;
3300 REQUIRE(SHUTTINGDOWN(fctx));
3302 if (fctx->pending != 0 || fctx->nqueries != 0)
3305 for (validator = ISC_LIST_HEAD(fctx->validators);
3307 validator = ISC_LIST_HEAD(fctx->validators)) {
3308 ISC_LIST_UNLINK(fctx->validators, validator, link);
3309 dns_validator_cancel(validator);
3310 dns_validator_destroy(&validator);
3313 bucketnum = fctx->bucketnum;
3314 LOCK(&res->buckets[bucketnum].lock);
3315 if (fctx->references == 0)
3316 bucket_empty = fctx_destroy(fctx);
3317 UNLOCK(&res->buckets[bucketnum].lock);
3324 * The validator has finished.
3327 validated(isc_task_t *task, isc_event_t *event) {
3328 isc_result_t result = ISC_R_SUCCESS;
3329 isc_result_t eresult = ISC_R_SUCCESS;
3332 dns_validatorevent_t *vevent;
3333 dns_fetchevent_t *hevent;
3334 dns_rdataset_t *ardataset = NULL;
3335 dns_rdataset_t *asigrdataset = NULL;
3336 dns_dbnode_t *node = NULL;
3337 isc_boolean_t negative;
3338 isc_boolean_t chaining;
3339 isc_boolean_t sentresponse;
3341 dns_dbnode_t *nsnode = NULL;
3343 dns_rdataset_t *rdataset;
3344 dns_rdataset_t *sigrdataset;
3345 dns_valarg_t *valarg;
3346 dns_adbaddrinfo_t *addrinfo;
3348 UNUSED(task); /* for now */
3350 REQUIRE(event->ev_type == DNS_EVENT_VALIDATORDONE);
3351 valarg = event->ev_arg;
3352 fctx = valarg->fctx;
3353 addrinfo = valarg->addrinfo;
3354 REQUIRE(VALID_FCTX(fctx));
3355 REQUIRE(!ISC_LIST_EMPTY(fctx->validators));
3357 vevent = (dns_validatorevent_t *)event;
3359 FCTXTRACE("received validation completion event");
3361 ISC_LIST_UNLINK(fctx->validators, vevent->validator, link);
3364 * Destroy the validator early so that we can
3365 * destroy the fctx if necessary.
3367 dns_validator_destroy(&vevent->validator);
3368 isc_mem_put(fctx->res->buckets[fctx->bucketnum].mctx,
3369 valarg, sizeof(*valarg));
3371 negative = ISC_TF(vevent->rdataset == NULL);
3373 sentresponse = ISC_TF((fctx->options & DNS_FETCHOPT_NOVALIDATE) != 0);
3376 * If shutting down, ignore the results. Check to see if we're
3377 * done waiting for validator completions and ADB pending events; if
3378 * so, destroy the fctx.
3380 if (SHUTTINGDOWN(fctx) && !sentresponse) {
3381 maybe_destroy(fctx); /* Locks bucket. */
3385 LOCK(&fctx->res->buckets[fctx->bucketnum].lock);
3388 * If chaining, we need to make sure that the right result code is
3389 * returned, and that the rdatasets are bound.
3391 if (vevent->result == ISC_R_SUCCESS &&
3393 vevent->rdataset != NULL &&
3394 CHAINING(vevent->rdataset))
3396 if (vevent->rdataset->type == dns_rdatatype_cname)
3397 eresult = DNS_R_CNAME;
3399 INSIST(vevent->rdataset->type == dns_rdatatype_dname);
3400 eresult = DNS_R_DNAME;
3402 chaining = ISC_TRUE;
3404 chaining = ISC_FALSE;
3407 * Either we're not shutting down, or we are shutting down but want
3408 * to cache the result anyway (if this was a validation started by
3409 * a query with cd set)
3412 hevent = ISC_LIST_HEAD(fctx->events);
3413 if (hevent != NULL) {
3414 if (!negative && !chaining &&
3415 (fctx->type == dns_rdatatype_any ||
3416 fctx->type == dns_rdatatype_rrsig ||
3417 fctx->type == dns_rdatatype_sig)) {
3419 * Don't bind rdatasets; the caller
3420 * will iterate the node.
3423 ardataset = hevent->rdataset;
3424 asigrdataset = hevent->sigrdataset;
3428 if (vevent->result != ISC_R_SUCCESS) {
3429 FCTXTRACE("validation failed");
3430 result = ISC_R_NOTFOUND;
3431 if (vevent->rdataset != NULL)
3432 result = dns_db_findnode(fctx->cache, vevent->name,
3434 if (result == ISC_R_SUCCESS)
3435 (void)dns_db_deleterdataset(fctx->cache, node, NULL,
3437 if (result == ISC_R_SUCCESS && vevent->sigrdataset != NULL)
3438 (void)dns_db_deleterdataset(fctx->cache, node, NULL,
3439 dns_rdatatype_rrsig,
3441 if (result == ISC_R_SUCCESS)
3442 dns_db_detachnode(fctx->cache, &node);
3443 result = vevent->result;
3444 add_bad(fctx, &addrinfo->sockaddr, result);
3445 isc_event_free(&event);
3446 UNLOCK(&fctx->res->buckets[fctx->bucketnum].lock);
3447 if (!ISC_LIST_EMPTY(fctx->validators))
3448 dns_validator_send(ISC_LIST_HEAD(fctx->validators));
3449 else if (sentresponse)
3450 fctx_done(fctx, result); /* Locks bucket. */
3452 fctx_try(fctx); /* Locks bucket. */
3456 isc_stdtime_get(&now);
3459 dns_rdatatype_t covers;
3460 FCTXTRACE("nonexistence validation OK");
3462 if (fctx->rmessage->rcode == dns_rcode_nxdomain)
3463 covers = dns_rdatatype_any;
3465 covers = fctx->type;
3467 result = dns_db_findnode(fctx->cache, vevent->name, ISC_TRUE,
3469 if (result != ISC_R_SUCCESS)
3470 goto noanswer_response;
3473 * If we are asking for a SOA record set the cache time
3474 * to zero to facilitate locating the containing zone of
3477 ttl = fctx->res->view->maxncachettl;
3478 if (fctx->type == dns_rdatatype_soa &&
3479 covers == dns_rdatatype_any &&
3480 fctx->res->zero_no_soa_ttl)
3483 result = ncache_adderesult(fctx->rmessage, fctx->cache, node,
3485 ardataset, &eresult);
3486 if (result != ISC_R_SUCCESS)
3487 goto noanswer_response;
3488 goto answer_response;
3491 FCTXTRACE("validation OK");
3493 if (vevent->proofs[DNS_VALIDATOR_NOQNAMEPROOF] != NULL) {
3495 result = dns_rdataset_addnoqname(vevent->rdataset,
3496 vevent->proofs[DNS_VALIDATOR_NOQNAMEPROOF]);
3497 RUNTIME_CHECK(result == ISC_R_SUCCESS);
3498 INSIST(vevent->sigrdataset != NULL);
3499 vevent->sigrdataset->ttl = vevent->rdataset->ttl;
3503 * The data was already cached as pending data.
3504 * Re-cache it as secure and bind the cached
3505 * rdatasets to the first event on the fetch
3508 result = dns_db_findnode(fctx->cache, vevent->name, ISC_TRUE, &node);
3509 if (result != ISC_R_SUCCESS)
3510 goto noanswer_response;
3512 result = dns_db_addrdataset(fctx->cache, node, NULL, now,
3513 vevent->rdataset, 0, ardataset);
3514 if (result != ISC_R_SUCCESS &&
3515 result != DNS_R_UNCHANGED)
3516 goto noanswer_response;
3517 if (vevent->sigrdataset != NULL) {
3518 result = dns_db_addrdataset(fctx->cache, node, NULL, now,
3519 vevent->sigrdataset, 0,
3521 if (result != ISC_R_SUCCESS &&
3522 result != DNS_R_UNCHANGED)
3523 goto noanswer_response;
3528 * If we only deferred the destroy because we wanted to cache
3529 * the data, destroy now.
3531 UNLOCK(&fctx->res->buckets[fctx->bucketnum].lock);
3532 if (SHUTTINGDOWN(fctx))
3533 maybe_destroy(fctx); /* Locks bucket. */
3537 if (!ISC_LIST_EMPTY(fctx->validators)) {
3539 INSIST(fctx->type == dns_rdatatype_any ||
3540 fctx->type == dns_rdatatype_rrsig ||
3541 fctx->type == dns_rdatatype_sig);
3543 * Don't send a response yet - we have
3544 * more rdatasets that still need to
3547 UNLOCK(&fctx->res->buckets[fctx->bucketnum].lock);
3548 dns_validator_send(ISC_LIST_HEAD(fctx->validators));
3554 * Cache any NS/NSEC records that happened to be validated.
3556 result = dns_message_firstname(fctx->rmessage, DNS_SECTION_AUTHORITY);
3557 while (result == ISC_R_SUCCESS) {
3559 dns_message_currentname(fctx->rmessage, DNS_SECTION_AUTHORITY,
3561 for (rdataset = ISC_LIST_HEAD(name->list);
3563 rdataset = ISC_LIST_NEXT(rdataset, link)) {
3564 if ((rdataset->type != dns_rdatatype_ns &&
3565 rdataset->type != dns_rdatatype_nsec) ||
3566 rdataset->trust != dns_trust_secure)
3568 for (sigrdataset = ISC_LIST_HEAD(name->list);
3569 sigrdataset != NULL;
3570 sigrdataset = ISC_LIST_NEXT(sigrdataset, link)) {
3571 if (sigrdataset->type != dns_rdatatype_rrsig ||
3572 sigrdataset->covers != rdataset->type)
3576 if (sigrdataset == NULL ||
3577 sigrdataset->trust != dns_trust_secure)
3579 result = dns_db_findnode(fctx->cache, name, ISC_TRUE,
3581 if (result != ISC_R_SUCCESS)
3584 result = dns_db_addrdataset(fctx->cache, nsnode, NULL,
3585 now, rdataset, 0, NULL);
3586 if (result == ISC_R_SUCCESS)
3587 result = dns_db_addrdataset(fctx->cache, nsnode,
3591 dns_db_detachnode(fctx->cache, &nsnode);
3593 result = dns_message_nextname(fctx->rmessage,
3594 DNS_SECTION_AUTHORITY);
3597 result = ISC_R_SUCCESS;
3600 * Respond with an answer, positive or negative,
3601 * as opposed to an error. 'node' must be non-NULL.
3604 fctx->attributes |= FCTX_ATTR_HAVEANSWER;
3606 if (hevent != NULL) {
3607 hevent->result = eresult;
3608 RUNTIME_CHECK(dns_name_copy(vevent->name,
3609 dns_fixedname_name(&hevent->foundname), NULL)
3611 dns_db_attach(fctx->cache, &hevent->db);
3612 hevent->node = node;
3614 clone_results(fctx);
3619 dns_db_detachnode(fctx->cache, &node);
3621 UNLOCK(&fctx->res->buckets[fctx->bucketnum].lock);
3623 fctx_done(fctx, result); /* Locks bucket. */
3626 isc_event_free(&event);
3629 static inline isc_result_t
3630 cache_name(fetchctx_t *fctx, dns_name_t *name, dns_adbaddrinfo_t *addrinfo,
3631 isc_stdtime_t now) {
3632 dns_rdataset_t *rdataset, *sigrdataset;
3633 dns_rdataset_t *addedrdataset, *ardataset, *asigrdataset;
3634 dns_rdataset_t *valrdataset = NULL, *valsigrdataset = NULL;
3635 dns_dbnode_t *node, **anodep;
3638 dns_resolver_t *res;
3639 isc_boolean_t need_validation, secure_domain, have_answer;
3640 isc_result_t result, eresult;
3641 dns_fetchevent_t *event;
3642 unsigned int options;
3645 unsigned int valoptions = 0;
3648 * The appropriate bucket lock must be held.
3652 need_validation = ISC_FALSE;
3653 secure_domain = ISC_FALSE;
3654 have_answer = ISC_FALSE;
3655 eresult = ISC_R_SUCCESS;
3656 task = res->buckets[fctx->bucketnum].task;
3659 * Is DNSSEC validation required for this name?
3661 if (res->view->enablevalidation) {
3662 result = dns_keytable_issecuredomain(res->view->secroots, name,
3664 if (result != ISC_R_SUCCESS)
3667 if (!secure_domain && res->view->dlv != NULL) {
3668 valoptions = DNS_VALIDATOR_DLV;
3669 secure_domain = ISC_TRUE;
3673 if ((fctx->options & DNS_FETCHOPT_NOVALIDATE) != 0)
3674 need_validation = ISC_FALSE;
3676 need_validation = secure_domain;
3682 asigrdataset = NULL;
3684 if ((name->attributes & DNS_NAMEATTR_ANSWER) != 0 &&
3686 have_answer = ISC_TRUE;
3687 event = ISC_LIST_HEAD(fctx->events);
3688 if (event != NULL) {
3690 aname = dns_fixedname_name(&event->foundname);
3691 result = dns_name_copy(name, aname, NULL);
3692 if (result != ISC_R_SUCCESS)
3694 anodep = &event->node;
3696 * If this is an ANY, SIG or RRSIG query, we're not
3697 * going to return any rdatasets, unless we encountered
3698 * a CNAME or DNAME as "the answer". In this case,
3699 * we're going to return DNS_R_CNAME or DNS_R_DNAME
3700 * and we must set up the rdatasets.
3702 if ((fctx->type != dns_rdatatype_any &&
3703 fctx->type != dns_rdatatype_rrsig &&
3704 fctx->type != dns_rdatatype_sig) ||
3705 (name->attributes & DNS_NAMEATTR_CHAINING) != 0) {
3706 ardataset = event->rdataset;
3707 asigrdataset = event->sigrdataset;
3713 * Find or create the cache node.
3716 result = dns_db_findnode(fctx->cache, name, ISC_TRUE, &node);
3717 if (result != ISC_R_SUCCESS)
3721 * Cache or validate each cacheable rdataset.
3723 fail = ISC_TF((fctx->res->options & DNS_RESOLVER_CHECKNAMESFAIL) != 0);
3724 for (rdataset = ISC_LIST_HEAD(name->list);
3726 rdataset = ISC_LIST_NEXT(rdataset, link)) {
3727 if (!CACHE(rdataset))
3729 if (CHECKNAMES(rdataset)) {
3730 char namebuf[DNS_NAME_FORMATSIZE];
3731 char typebuf[DNS_RDATATYPE_FORMATSIZE];
3732 char classbuf[DNS_RDATATYPE_FORMATSIZE];
3734 dns_name_format(name, namebuf, sizeof(namebuf));
3735 dns_rdatatype_format(rdataset->type, typebuf,
3737 dns_rdataclass_format(rdataset->rdclass, classbuf,
3739 isc_log_write(dns_lctx, DNS_LOGCATEGORY_RESOLVER,
3740 DNS_LOGMODULE_RESOLVER, ISC_LOG_NOTICE,
3741 "check-names %s %s/%s/%s",
3742 fail ? "failure" : "warning",
3743 namebuf, typebuf, classbuf);
3745 if (ANSWER(rdataset))
3746 return (DNS_R_BADNAME);
3752 * Enforce the configure maximum cache TTL.
3754 if (rdataset->ttl > res->view->maxcachettl)
3755 rdataset->ttl = res->view->maxcachettl;
3758 * If this rrset is in a secure domain, do DNSSEC validation
3759 * for it, unless it is glue.
3761 if (secure_domain && rdataset->trust != dns_trust_glue) {
3763 * RRSIGs are validated as part of validating the
3766 if (rdataset->type == dns_rdatatype_rrsig)
3769 * Find the SIG for this rdataset, if we have it.
3771 for (sigrdataset = ISC_LIST_HEAD(name->list);
3772 sigrdataset != NULL;
3773 sigrdataset = ISC_LIST_NEXT(sigrdataset, link)) {
3774 if (sigrdataset->type == dns_rdatatype_rrsig &&
3775 sigrdataset->covers == rdataset->type)
3778 if (sigrdataset == NULL) {
3779 if (!ANSWER(rdataset) && need_validation) {
3781 * Ignore non-answer rdatasets that
3782 * are missing signatures.
3789 * Normalize the rdataset and sigrdataset TTLs.
3791 if (sigrdataset != NULL) {
3792 rdataset->ttl = ISC_MIN(rdataset->ttl,
3794 sigrdataset->ttl = rdataset->ttl;
3798 * Cache this rdataset/sigrdataset pair as
3801 rdataset->trust = dns_trust_pending;
3802 if (sigrdataset != NULL)
3803 sigrdataset->trust = dns_trust_pending;
3804 if (!need_validation)
3805 addedrdataset = ardataset;
3807 addedrdataset = NULL;
3808 result = dns_db_addrdataset(fctx->cache, node, NULL,
3811 if (result == DNS_R_UNCHANGED)
3812 result = ISC_R_SUCCESS;
3813 if (result != ISC_R_SUCCESS)
3815 if (sigrdataset != NULL) {
3816 if (!need_validation)
3817 addedrdataset = asigrdataset;
3819 addedrdataset = NULL;
3820 result = dns_db_addrdataset(fctx->cache,
3824 if (result == DNS_R_UNCHANGED)
3825 result = ISC_R_SUCCESS;
3826 if (result != ISC_R_SUCCESS)
3828 } else if (!ANSWER(rdataset))
3831 if (ANSWER(rdataset) && need_validation) {
3832 if (fctx->type != dns_rdatatype_any &&
3833 fctx->type != dns_rdatatype_rrsig &&
3834 fctx->type != dns_rdatatype_sig) {
3836 * This is The Answer. We will
3837 * validate it, but first we cache
3838 * the rest of the response - it may
3839 * contain useful keys.
3841 INSIST(valrdataset == NULL &&
3842 valsigrdataset == NULL);
3843 valrdataset = rdataset;
3844 valsigrdataset = sigrdataset;
3847 * This is one of (potentially)
3848 * multiple answers to an ANY
3849 * or SIG query. To keep things
3850 * simple, we just start the
3851 * validator right away rather
3852 * than caching first and
3853 * having to remember which
3854 * rdatasets needed validation.
3856 result = valcreate(fctx, addrinfo,
3857 name, rdataset->type,
3862 * Defer any further validations.
3863 * This prevents multiple validators
3864 * from manipulating fctx->rmessage
3867 valoptions |= DNS_VALIDATOR_DEFER;
3869 } else if (CHAINING(rdataset)) {
3870 if (rdataset->type == dns_rdatatype_cname)
3871 eresult = DNS_R_CNAME;
3873 INSIST(rdataset->type ==
3874 dns_rdatatype_dname);
3875 eresult = DNS_R_DNAME;
3878 } else if (!EXTERNAL(rdataset)) {
3880 * It's OK to cache this rdataset now.
3882 if (ANSWER(rdataset))
3883 addedrdataset = ardataset;
3884 else if (ANSWERSIG(rdataset))
3885 addedrdataset = asigrdataset;
3887 addedrdataset = NULL;
3888 if (CHAINING(rdataset)) {
3889 if (rdataset->type == dns_rdatatype_cname)
3890 eresult = DNS_R_CNAME;
3892 INSIST(rdataset->type ==
3893 dns_rdatatype_dname);
3894 eresult = DNS_R_DNAME;
3897 if (rdataset->trust == dns_trust_glue &&
3898 (rdataset->type == dns_rdatatype_ns ||
3899 (rdataset->type == dns_rdatatype_rrsig &&
3900 rdataset->covers == dns_rdatatype_ns))) {
3902 * If the trust level is 'dns_trust_glue'
3903 * then we are adding data from a referral
3904 * we got while executing the search algorithm.
3905 * New referral data always takes precedence
3906 * over the existing cache contents.
3908 options = DNS_DBADD_FORCE;
3912 * Now we can add the rdataset.
3914 result = dns_db_addrdataset(fctx->cache,
3919 if (result == DNS_R_UNCHANGED) {
3920 if (ANSWER(rdataset) &&
3921 ardataset != NULL &&
3922 ardataset->type == 0) {
3924 * The answer in the cache is better
3925 * than the answer we found, and is
3926 * a negative cache entry, so we
3927 * must set eresult appropriately.
3929 if (NXDOMAIN(ardataset))
3931 DNS_R_NCACHENXDOMAIN;
3934 DNS_R_NCACHENXRRSET;
3936 result = ISC_R_SUCCESS;
3937 } else if (result != ISC_R_SUCCESS)
3942 if (valrdataset != NULL)
3943 result = valcreate(fctx, addrinfo, name, fctx->type,
3944 valrdataset, valsigrdataset, valoptions,
3947 if (result == ISC_R_SUCCESS && have_answer) {
3948 fctx->attributes |= FCTX_ATTR_HAVEANSWER;
3949 if (event != NULL) {
3950 event->result = eresult;
3951 dns_db_attach(fctx->cache, adbp);
3954 clone_results(fctx);
3959 dns_db_detachnode(fctx->cache, &node);
3964 static inline isc_result_t
3965 cache_message(fetchctx_t *fctx, dns_adbaddrinfo_t *addrinfo, isc_stdtime_t now)
3967 isc_result_t result;
3968 dns_section_t section;
3971 FCTXTRACE("cache_message");
3973 fctx->attributes &= ~FCTX_ATTR_WANTCACHE;
3975 LOCK(&fctx->res->buckets[fctx->bucketnum].lock);
3977 for (section = DNS_SECTION_ANSWER;
3978 section <= DNS_SECTION_ADDITIONAL;
3980 result = dns_message_firstname(fctx->rmessage, section);
3981 while (result == ISC_R_SUCCESS) {
3983 dns_message_currentname(fctx->rmessage, section,
3985 if ((name->attributes & DNS_NAMEATTR_CACHE) != 0) {
3986 result = cache_name(fctx, name, addrinfo, now);
3987 if (result != ISC_R_SUCCESS)
3990 result = dns_message_nextname(fctx->rmessage, section);
3992 if (result != ISC_R_NOMORE)
3995 if (result == ISC_R_NOMORE)
3996 result = ISC_R_SUCCESS;
3998 UNLOCK(&fctx->res->buckets[fctx->bucketnum].lock);
4004 * Do what dns_ncache_add() does, and then compute an appropriate eresult.
4007 ncache_adderesult(dns_message_t *message, dns_db_t *cache, dns_dbnode_t *node,
4008 dns_rdatatype_t covers, isc_stdtime_t now, dns_ttl_t maxttl,
4009 dns_rdataset_t *ardataset,
4010 isc_result_t *eresultp)
4012 isc_result_t result;
4013 dns_rdataset_t rdataset;
4015 if (ardataset == NULL) {
4016 dns_rdataset_init(&rdataset);
4017 ardataset = &rdataset;
4019 result = dns_ncache_add(message, cache, node, covers, now,
4021 if (result == DNS_R_UNCHANGED || result == ISC_R_SUCCESS) {
4023 * If the cache now contains a negative entry and we
4024 * care about whether it is DNS_R_NCACHENXDOMAIN or
4025 * DNS_R_NCACHENXRRSET then extract it.
4027 if (ardataset->type == 0) {
4029 * The cache data is a negative cache entry.
4031 if (NXDOMAIN(ardataset))
4032 *eresultp = DNS_R_NCACHENXDOMAIN;
4034 *eresultp = DNS_R_NCACHENXRRSET;
4037 * Either we don't care about the nature of the
4038 * cache rdataset (because no fetch is interested
4039 * in the outcome), or the cache rdataset is not
4040 * a negative cache entry. Whichever case it is,
4041 * we can return success.
4043 * XXXRTH There's a CNAME/DNAME problem here.
4045 *eresultp = ISC_R_SUCCESS;
4047 result = ISC_R_SUCCESS;
4049 if (ardataset == &rdataset && dns_rdataset_isassociated(ardataset))
4050 dns_rdataset_disassociate(ardataset);
4055 static inline isc_result_t
4056 ncache_message(fetchctx_t *fctx, dns_adbaddrinfo_t *addrinfo,
4057 dns_rdatatype_t covers, isc_stdtime_t now)
4059 isc_result_t result, eresult;
4061 dns_resolver_t *res;
4063 dns_dbnode_t *node, **anodep;
4064 dns_rdataset_t *ardataset;
4065 isc_boolean_t need_validation, secure_domain;
4067 dns_fetchevent_t *event;
4069 unsigned int valoptions = 0;
4071 FCTXTRACE("ncache_message");
4073 fctx->attributes &= ~FCTX_ATTR_WANTNCACHE;
4076 need_validation = ISC_FALSE;
4077 secure_domain = ISC_FALSE;
4078 eresult = ISC_R_SUCCESS;
4083 * XXXMPA remove when we follow cnames and adjust the setting
4084 * of FCTX_ATTR_WANTNCACHE in noanswer_response().
4086 INSIST(fctx->rmessage->counts[DNS_SECTION_ANSWER] == 0);
4089 * Is DNSSEC validation required for this name?
4091 if (fctx->res->view->enablevalidation) {
4092 result = dns_keytable_issecuredomain(res->view->secroots, name,
4094 if (result != ISC_R_SUCCESS)
4097 if (!secure_domain && res->view->dlv != NULL) {
4098 valoptions = DNS_VALIDATOR_DLV;
4099 secure_domain = ISC_TRUE;
4103 if ((fctx->options & DNS_FETCHOPT_NOVALIDATE) != 0)
4104 need_validation = ISC_FALSE;
4106 need_validation = secure_domain;
4108 if (secure_domain) {
4110 * Mark all rdatasets as pending.
4112 dns_rdataset_t *trdataset;
4115 result = dns_message_firstname(fctx->rmessage,
4116 DNS_SECTION_AUTHORITY);
4117 while (result == ISC_R_SUCCESS) {
4119 dns_message_currentname(fctx->rmessage,
4120 DNS_SECTION_AUTHORITY,
4122 for (trdataset = ISC_LIST_HEAD(tname->list);
4124 trdataset = ISC_LIST_NEXT(trdataset, link))
4125 trdataset->trust = dns_trust_pending;
4126 result = dns_message_nextname(fctx->rmessage,
4127 DNS_SECTION_AUTHORITY);
4129 if (result != ISC_R_NOMORE)
4134 if (need_validation) {
4136 * Do negative response validation.
4138 result = valcreate(fctx, addrinfo, name, fctx->type,
4139 NULL, NULL, valoptions,
4140 res->buckets[fctx->bucketnum].task);
4142 * If validation is necessary, return now. Otherwise continue
4143 * to process the message, letting the validation complete
4144 * in its own good time.
4149 LOCK(&res->buckets[fctx->bucketnum].lock);
4155 if (!HAVE_ANSWER(fctx)) {
4156 event = ISC_LIST_HEAD(fctx->events);
4157 if (event != NULL) {
4159 aname = dns_fixedname_name(&event->foundname);
4160 result = dns_name_copy(name, aname, NULL);
4161 if (result != ISC_R_SUCCESS)
4163 anodep = &event->node;
4164 ardataset = event->rdataset;
4169 result = dns_db_findnode(fctx->cache, name, ISC_TRUE, &node);
4170 if (result != ISC_R_SUCCESS)
4174 * If we are asking for a SOA record set the cache time
4175 * to zero to facilitate locating the containing zone of
4178 ttl = fctx->res->view->maxncachettl;
4179 if (fctx->type == dns_rdatatype_soa &&
4180 covers == dns_rdatatype_any)
4183 result = ncache_adderesult(fctx->rmessage, fctx->cache, node,
4184 covers, now, ttl, ardataset, &eresult);
4185 if (result != ISC_R_SUCCESS)
4188 if (!HAVE_ANSWER(fctx)) {
4189 fctx->attributes |= FCTX_ATTR_HAVEANSWER;
4190 if (event != NULL) {
4191 event->result = eresult;
4192 dns_db_attach(fctx->cache, adbp);
4195 clone_results(fctx);
4200 UNLOCK(&res->buckets[fctx->bucketnum].lock);
4203 dns_db_detachnode(fctx->cache, &node);
4209 mark_related(dns_name_t *name, dns_rdataset_t *rdataset,
4210 isc_boolean_t external, isc_boolean_t gluing)
4212 name->attributes |= DNS_NAMEATTR_CACHE;
4214 rdataset->trust = dns_trust_glue;
4216 * Glue with 0 TTL causes problems. We force the TTL to
4217 * 1 second to prevent this.
4219 if (rdataset->ttl == 0)
4222 rdataset->trust = dns_trust_additional;
4224 * Avoid infinite loops by only marking new rdatasets.
4226 if (!CACHE(rdataset)) {
4227 name->attributes |= DNS_NAMEATTR_CHASE;
4228 rdataset->attributes |= DNS_RDATASETATTR_CHASE;
4230 rdataset->attributes |= DNS_RDATASETATTR_CACHE;
4232 rdataset->attributes |= DNS_RDATASETATTR_EXTERNAL;
4236 check_related(void *arg, dns_name_t *addname, dns_rdatatype_t type) {
4237 fetchctx_t *fctx = arg;
4238 isc_result_t result;
4240 dns_rdataset_t *rdataset;
4241 isc_boolean_t external;
4242 dns_rdatatype_t rtype;
4243 isc_boolean_t gluing;
4245 REQUIRE(VALID_FCTX(fctx));
4253 result = dns_message_findname(fctx->rmessage, DNS_SECTION_ADDITIONAL,
4254 addname, dns_rdatatype_any, 0, &name,
4256 if (result == ISC_R_SUCCESS) {
4257 external = ISC_TF(!dns_name_issubdomain(name, &fctx->domain));
4258 if (type == dns_rdatatype_a) {
4259 for (rdataset = ISC_LIST_HEAD(name->list);
4261 rdataset = ISC_LIST_NEXT(rdataset, link)) {
4262 if (rdataset->type == dns_rdatatype_rrsig)
4263 rtype = rdataset->covers;
4265 rtype = rdataset->type;
4266 if (rtype == dns_rdatatype_a ||
4267 rtype == dns_rdatatype_aaaa)
4268 mark_related(name, rdataset, external,
4272 result = dns_message_findtype(name, type, 0,
4274 if (result == ISC_R_SUCCESS) {
4275 mark_related(name, rdataset, external, gluing);
4277 * Do we have its SIG too?
4280 result = dns_message_findtype(name,
4281 dns_rdatatype_rrsig,
4283 if (result == ISC_R_SUCCESS)
4284 mark_related(name, rdataset, external,
4290 return (ISC_R_SUCCESS);
4294 chase_additional(fetchctx_t *fctx) {
4295 isc_boolean_t rescan;
4296 dns_section_t section = DNS_SECTION_ADDITIONAL;
4297 isc_result_t result;
4302 for (result = dns_message_firstname(fctx->rmessage, section);
4303 result == ISC_R_SUCCESS;
4304 result = dns_message_nextname(fctx->rmessage, section)) {
4305 dns_name_t *name = NULL;
4306 dns_rdataset_t *rdataset;
4307 dns_message_currentname(fctx->rmessage, DNS_SECTION_ADDITIONAL,
4309 if ((name->attributes & DNS_NAMEATTR_CHASE) == 0)
4311 name->attributes &= ~DNS_NAMEATTR_CHASE;
4312 for (rdataset = ISC_LIST_HEAD(name->list);
4314 rdataset = ISC_LIST_NEXT(rdataset, link)) {
4315 if (CHASE(rdataset)) {
4316 rdataset->attributes &= ~DNS_RDATASETATTR_CHASE;
4317 (void)dns_rdataset_additionaldata(rdataset,
4328 static inline isc_result_t
4329 cname_target(dns_rdataset_t *rdataset, dns_name_t *tname) {
4330 isc_result_t result;
4331 dns_rdata_t rdata = DNS_RDATA_INIT;
4332 dns_rdata_cname_t cname;
4334 result = dns_rdataset_first(rdataset);
4335 if (result != ISC_R_SUCCESS)
4337 dns_rdataset_current(rdataset, &rdata);
4338 result = dns_rdata_tostruct(&rdata, &cname, NULL);
4339 if (result != ISC_R_SUCCESS)
4341 dns_name_init(tname, NULL);
4342 dns_name_clone(&cname.cname, tname);
4343 dns_rdata_freestruct(&cname);
4345 return (ISC_R_SUCCESS);
4348 static inline isc_result_t
4349 dname_target(dns_rdataset_t *rdataset, dns_name_t *qname, dns_name_t *oname,
4350 dns_fixedname_t *fixeddname)
4352 isc_result_t result;
4353 dns_rdata_t rdata = DNS_RDATA_INIT;
4354 unsigned int nlabels;
4356 dns_namereln_t namereln;
4357 dns_rdata_dname_t dname;
4358 dns_fixedname_t prefix;
4361 * Get the target name of the DNAME.
4364 result = dns_rdataset_first(rdataset);
4365 if (result != ISC_R_SUCCESS)
4367 dns_rdataset_current(rdataset, &rdata);
4368 result = dns_rdata_tostruct(&rdata, &dname, NULL);
4369 if (result != ISC_R_SUCCESS)
4373 * Get the prefix of qname.
4375 namereln = dns_name_fullcompare(qname, oname, &order, &nlabels);
4376 if (namereln != dns_namereln_subdomain) {
4377 dns_rdata_freestruct(&dname);
4378 return (DNS_R_FORMERR);
4380 dns_fixedname_init(&prefix);
4381 dns_name_split(qname, nlabels, dns_fixedname_name(&prefix), NULL);
4382 dns_fixedname_init(fixeddname);
4383 result = dns_name_concatenate(dns_fixedname_name(&prefix),
4385 dns_fixedname_name(fixeddname), NULL);
4386 dns_rdata_freestruct(&dname);
4391 * Handle a no-answer response (NXDOMAIN, NXRRSET, or referral).
4392 * If bind8_ns_resp is ISC_TRUE, this is a suspected BIND 8
4393 * response to an NS query that should be treated as a referral
4394 * even though the NS records occur in the answer section
4395 * rather than the authority section.
4398 noanswer_response(fetchctx_t *fctx, dns_name_t *oqname,
4399 isc_boolean_t bind8_ns_resp)
4401 isc_result_t result;
4402 dns_message_t *message;
4403 dns_name_t *name, *qname, *ns_name, *soa_name, *ds_name;
4404 dns_rdataset_t *rdataset, *ns_rdataset;
4405 isc_boolean_t aa, negative_response;
4406 dns_rdatatype_t type;
4407 dns_section_t section =
4408 bind8_ns_resp ? DNS_SECTION_ANSWER : DNS_SECTION_AUTHORITY;
4410 FCTXTRACE("noanswer_response");
4412 message = fctx->rmessage;
4417 if (oqname == NULL) {
4419 * We have a normal, non-chained negative response or
4422 if ((message->flags & DNS_MESSAGEFLAG_AA) != 0)
4426 qname = &fctx->name;
4429 * We're being invoked by answer_response() after it has
4430 * followed a CNAME/DNAME chain.
4435 * If the current qname is not a subdomain of the query
4436 * domain, there's no point in looking at the authority
4437 * section without doing DNSSEC validation.
4439 * Until we do that validation, we'll just return success
4442 if (!dns_name_issubdomain(qname, &fctx->domain))
4443 return (ISC_R_SUCCESS);
4447 * We have to figure out if this is a negative response, or a
4452 * Sometimes we can tell if its a negative response by looking at
4453 * the message header.
4455 negative_response = ISC_FALSE;
4456 if (message->rcode == dns_rcode_nxdomain ||
4457 (message->counts[DNS_SECTION_ANSWER] == 0 &&
4458 message->counts[DNS_SECTION_AUTHORITY] == 0))
4459 negative_response = ISC_TRUE;
4462 * Process the authority section.
4468 result = dns_message_firstname(message, section);
4469 while (result == ISC_R_SUCCESS) {
4471 dns_message_currentname(message, section, &name);
4472 if (dns_name_issubdomain(name, &fctx->domain)) {
4474 * Look for NS/SOA RRsets first.
4476 for (rdataset = ISC_LIST_HEAD(name->list);
4478 rdataset = ISC_LIST_NEXT(rdataset, link)) {
4479 type = rdataset->type;
4480 if (type == dns_rdatatype_rrsig)
4481 type = rdataset->covers;
4482 if (((type == dns_rdatatype_ns ||
4483 type == dns_rdatatype_soa) &&
4484 !dns_name_issubdomain(qname, name)))
4485 return (DNS_R_FORMERR);
4486 if (type == dns_rdatatype_ns) {
4490 * Only one set of NS RRs is allowed.
4492 if (rdataset->type ==
4494 if (ns_name != NULL &&
4496 return (DNS_R_FORMERR);
4498 ns_rdataset = rdataset;
4502 rdataset->attributes |=
4503 DNS_RDATASETATTR_CACHE;
4504 rdataset->trust = dns_trust_glue;
4506 if (type == dns_rdatatype_soa) {
4508 * SOA, or RRSIG SOA.
4510 * Only one SOA is allowed.
4512 if (rdataset->type ==
4513 dns_rdatatype_soa) {
4514 if (soa_name != NULL &&
4516 return (DNS_R_FORMERR);
4520 DNS_NAMEATTR_NCACHE;
4521 rdataset->attributes |=
4522 DNS_RDATASETATTR_NCACHE;
4525 dns_trust_authauthority;
4528 dns_trust_additional;
4532 result = dns_message_nextname(message, section);
4533 if (result == ISC_R_NOMORE)
4535 else if (result != ISC_R_SUCCESS)
4540 * A negative response has a SOA record (Type 2)
4541 * and a optional NS RRset (Type 1) or it has neither
4542 * a SOA or a NS RRset (Type 3, handled above) or
4543 * rcode is NXDOMAIN (handled above) in which case
4544 * the NS RRset is allowed (Type 4).
4546 if (soa_name != NULL)
4547 negative_response = ISC_TRUE;
4549 result = dns_message_firstname(message, section);
4550 while (result == ISC_R_SUCCESS) {
4552 dns_message_currentname(message, section, &name);
4553 if (dns_name_issubdomain(name, &fctx->domain)) {
4554 for (rdataset = ISC_LIST_HEAD(name->list);
4556 rdataset = ISC_LIST_NEXT(rdataset, link)) {
4557 type = rdataset->type;
4558 if (type == dns_rdatatype_rrsig)
4559 type = rdataset->covers;
4560 if (type == dns_rdatatype_nsec) {
4562 * NSEC or RRSIG NSEC.
4564 if (negative_response) {
4566 DNS_NAMEATTR_NCACHE;
4567 rdataset->attributes |=
4568 DNS_RDATASETATTR_NCACHE;
4572 rdataset->attributes |=
4573 DNS_RDATASETATTR_CACHE;
4577 dns_trust_authauthority;
4580 dns_trust_additional;
4582 * No additional data needs to be
4585 } else if (type == dns_rdatatype_ds) {
4589 * These should only be here if
4590 * this is a referral, and there
4591 * should only be one DS.
4593 if (ns_name == NULL)
4594 return (DNS_R_FORMERR);
4595 if (rdataset->type ==
4597 if (ds_name != NULL &&
4599 return (DNS_R_FORMERR);
4604 rdataset->attributes |=
4605 DNS_RDATASETATTR_CACHE;
4608 dns_trust_authauthority;
4611 dns_trust_additional;
4615 result = dns_message_nextname(message, section);
4616 if (result == ISC_R_NOMORE)
4618 else if (result != ISC_R_SUCCESS)
4623 * Trigger lookups for DNS nameservers.
4625 if (negative_response && message->rcode == dns_rcode_noerror &&
4626 fctx->type == dns_rdatatype_ds && soa_name != NULL &&
4627 dns_name_equal(soa_name, qname) &&
4628 !dns_name_equal(qname, dns_rootname))
4629 return (DNS_R_CHASEDSSERVERS);
4632 * Did we find anything?
4634 if (!negative_response && ns_name == NULL) {
4638 if (oqname != NULL) {
4640 * We've already got a partial CNAME/DNAME chain,
4641 * and haven't found else anything useful here, but
4642 * no error has occurred since we have an answer.
4644 return (ISC_R_SUCCESS);
4647 * The responder is insane.
4649 return (DNS_R_FORMERR);
4654 * If we found both NS and SOA, they should be the same name.
4656 if (ns_name != NULL && soa_name != NULL && ns_name != soa_name)
4657 return (DNS_R_FORMERR);
4660 * Do we have a referral? (We only want to follow a referral if
4661 * we're not following a chain.)
4663 if (!negative_response && ns_name != NULL && oqname == NULL) {
4665 * We already know ns_name is a subdomain of fctx->domain.
4666 * If ns_name is equal to fctx->domain, we're not making
4667 * progress. We return DNS_R_FORMERR so that we'll keep
4668 * trying other servers.
4670 if (dns_name_equal(ns_name, &fctx->domain))
4671 return (DNS_R_FORMERR);
4674 * If the referral name is not a parent of the query
4675 * name, consider the responder insane.
4677 if (! dns_name_issubdomain(&fctx->name, ns_name)) {
4678 FCTXTRACE("referral to non-parent");
4679 return (DNS_R_FORMERR);
4683 * Mark any additional data related to this rdataset.
4684 * It's important that we do this before we change the
4687 INSIST(ns_rdataset != NULL);
4688 fctx->attributes |= FCTX_ATTR_GLUING;
4689 (void)dns_rdataset_additionaldata(ns_rdataset, check_related,
4691 fctx->attributes &= ~FCTX_ATTR_GLUING;
4693 * NS rdatasets with 0 TTL cause problems.
4694 * dns_view_findzonecut() will not find them when we
4695 * try to follow the referral, and we'll SERVFAIL
4696 * because the best nameservers are now above QDOMAIN.
4697 * We force the TTL to 1 second to prevent this.
4699 if (ns_rdataset->ttl == 0)
4700 ns_rdataset->ttl = 1;
4702 * Set the current query domain to the referral name.
4704 * XXXRTH We should check if we're in forward-only mode, and
4705 * if so we should bail out.
4707 INSIST(dns_name_countlabels(&fctx->domain) > 0);
4708 dns_name_free(&fctx->domain,
4709 fctx->res->buckets[fctx->bucketnum].mctx);
4710 if (dns_rdataset_isassociated(&fctx->nameservers))
4711 dns_rdataset_disassociate(&fctx->nameservers);
4712 dns_name_init(&fctx->domain, NULL);
4713 result = dns_name_dup(ns_name,
4714 fctx->res->buckets[fctx->bucketnum].mctx,
4716 if (result != ISC_R_SUCCESS)
4718 fctx->attributes |= FCTX_ATTR_WANTCACHE;
4719 return (DNS_R_DELEGATION);
4723 * Since we're not doing a referral, we don't want to cache any
4724 * NS RRs we may have found.
4726 if (ns_name != NULL)
4727 ns_name->attributes &= ~DNS_NAMEATTR_CACHE;
4729 if (negative_response && oqname == NULL)
4730 fctx->attributes |= FCTX_ATTR_WANTNCACHE;
4732 return (ISC_R_SUCCESS);
4736 answer_response(fetchctx_t *fctx) {
4737 isc_result_t result;
4738 dns_message_t *message;
4739 dns_name_t *name, *qname, tname;
4740 dns_rdataset_t *rdataset;
4741 isc_boolean_t done, external, chaining, aa, found, want_chaining;
4742 isc_boolean_t have_answer, found_cname, found_type, wanted_chaining;
4744 dns_rdatatype_t type;
4745 dns_fixedname_t dname, fqname;
4747 FCTXTRACE("answer_response");
4749 message = fctx->rmessage;
4752 * Examine the answer section, marking those rdatasets which are
4753 * part of the answer and should be cached.
4757 found_cname = ISC_FALSE;
4758 found_type = ISC_FALSE;
4759 chaining = ISC_FALSE;
4760 have_answer = ISC_FALSE;
4761 want_chaining = ISC_FALSE;
4762 if ((message->flags & DNS_MESSAGEFLAG_AA) != 0)
4766 qname = &fctx->name;
4768 result = dns_message_firstname(message, DNS_SECTION_ANSWER);
4769 while (!done && result == ISC_R_SUCCESS) {
4771 dns_message_currentname(message, DNS_SECTION_ANSWER, &name);
4772 external = ISC_TF(!dns_name_issubdomain(name, &fctx->domain));
4773 if (dns_name_equal(name, qname)) {
4774 wanted_chaining = ISC_FALSE;
4775 for (rdataset = ISC_LIST_HEAD(name->list);
4777 rdataset = ISC_LIST_NEXT(rdataset, link)) {
4779 want_chaining = ISC_FALSE;
4781 if (rdataset->type == type && !found_cname) {
4783 * We've found an ordinary answer.
4786 found_type = ISC_TRUE;
4788 aflag = DNS_RDATASETATTR_ANSWER;
4789 } else if (type == dns_rdatatype_any) {
4791 * We've found an answer matching
4792 * an ANY query. There may be
4796 aflag = DNS_RDATASETATTR_ANSWER;
4797 } else if (rdataset->type == dns_rdatatype_rrsig
4798 && rdataset->covers == type
4801 * We've found a signature that
4802 * covers the type we're looking for.
4805 found_type = ISC_TRUE;
4806 aflag = DNS_RDATASETATTR_ANSWERSIG;
4807 } else if (rdataset->type ==
4811 * We're looking for something else,
4812 * but we found a CNAME.
4814 * Getting a CNAME response for some
4815 * query types is an error.
4817 if (type == dns_rdatatype_rrsig ||
4818 type == dns_rdatatype_dnskey ||
4819 type == dns_rdatatype_nsec)
4820 return (DNS_R_FORMERR);
4822 found_cname = ISC_TRUE;
4823 want_chaining = ISC_TRUE;
4824 aflag = DNS_RDATASETATTR_ANSWER;
4825 result = cname_target(rdataset,
4827 if (result != ISC_R_SUCCESS)
4829 } else if (rdataset->type == dns_rdatatype_rrsig
4830 && rdataset->covers ==
4834 * We're looking for something else,
4835 * but we found a SIG CNAME.
4838 found_cname = ISC_TRUE;
4839 aflag = DNS_RDATASETATTR_ANSWERSIG;
4844 * We've found an answer to our
4849 rdataset->attributes |=
4850 DNS_RDATASETATTR_CACHE;
4851 rdataset->trust = dns_trust_answer;
4854 * This data is "the" answer
4855 * to our question only if
4856 * we're not chaining (i.e.
4857 * if we haven't followed
4858 * a CNAME or DNAME).
4862 DNS_RDATASETATTR_ANSWER)
4863 have_answer = ISC_TRUE;
4865 DNS_NAMEATTR_ANSWER;
4866 rdataset->attributes |= aflag;
4869 dns_trust_authanswer;
4870 } else if (external) {
4872 * This data is outside of
4873 * our query domain, and
4874 * may only be cached if it
4875 * comes from a secure zone
4878 rdataset->attributes |=
4879 DNS_RDATASETATTR_EXTERNAL;
4883 * Mark any additional data related
4886 (void)dns_rdataset_additionaldata(
4894 if (want_chaining) {
4895 wanted_chaining = ISC_TRUE;
4897 DNS_NAMEATTR_CHAINING;
4898 rdataset->attributes |=
4899 DNS_RDATASETATTR_CHAINING;
4904 * We could add an "else" clause here and
4905 * log that we're ignoring this rdataset.
4909 * If wanted_chaining is true, we've done
4910 * some chaining as the result of processing
4911 * this node, and thus we need to set
4914 * We don't set chaining inside of the
4915 * rdataset loop because doing that would
4916 * cause us to ignore the signatures of
4919 if (wanted_chaining)
4920 chaining = ISC_TRUE;
4923 * Look for a DNAME (or its SIG). Anything else is
4926 wanted_chaining = ISC_FALSE;
4927 for (rdataset = ISC_LIST_HEAD(name->list);
4929 rdataset = ISC_LIST_NEXT(rdataset, link)) {
4930 isc_boolean_t found_dname = ISC_FALSE;
4933 if (rdataset->type == dns_rdatatype_dname) {
4935 * We're looking for something else,
4936 * but we found a DNAME.
4938 * If we're not chaining, then the
4939 * DNAME should not be external.
4941 if (!chaining && external)
4942 return (DNS_R_FORMERR);
4944 want_chaining = ISC_TRUE;
4945 aflag = DNS_RDATASETATTR_ANSWER;
4946 result = dname_target(rdataset,
4949 if (result == ISC_R_NOSPACE) {
4951 * We can't construct the
4952 * DNAME target. Do not
4955 want_chaining = ISC_FALSE;
4956 } else if (result != ISC_R_SUCCESS)
4959 found_dname = ISC_TRUE;
4960 } else if (rdataset->type == dns_rdatatype_rrsig
4961 && rdataset->covers ==
4962 dns_rdatatype_dname) {
4964 * We've found a signature that
4968 aflag = DNS_RDATASETATTR_ANSWERSIG;
4973 * We've found an answer to our
4978 rdataset->attributes |=
4979 DNS_RDATASETATTR_CACHE;
4980 rdataset->trust = dns_trust_answer;
4983 * This data is "the" answer
4984 * to our question only if
4985 * we're not chaining.
4989 DNS_RDATASETATTR_ANSWER)
4990 have_answer = ISC_TRUE;
4992 DNS_NAMEATTR_ANSWER;
4993 rdataset->attributes |= aflag;
4996 dns_trust_authanswer;
4997 } else if (external) {
4998 rdataset->attributes |=
4999 DNS_RDATASETATTR_EXTERNAL;
5007 * Copy the the dname into the
5010 * Although we check for
5011 * failure of the copy
5012 * operation, in practice it
5013 * should never fail since
5014 * we already know that the
5015 * result fits in a fixedname.
5017 dns_fixedname_init(&fqname);
5018 result = dns_name_copy(
5019 dns_fixedname_name(&dname),
5020 dns_fixedname_name(&fqname),
5022 if (result != ISC_R_SUCCESS)
5024 wanted_chaining = ISC_TRUE;
5026 DNS_NAMEATTR_CHAINING;
5027 rdataset->attributes |=
5028 DNS_RDATASETATTR_CHAINING;
5029 qname = dns_fixedname_name(
5034 if (wanted_chaining)
5035 chaining = ISC_TRUE;
5037 result = dns_message_nextname(message, DNS_SECTION_ANSWER);
5039 if (result == ISC_R_NOMORE)
5040 result = ISC_R_SUCCESS;
5041 if (result != ISC_R_SUCCESS)
5045 * We should have found an answer.
5048 return (DNS_R_FORMERR);
5051 * This response is now potentially cacheable.
5053 fctx->attributes |= FCTX_ATTR_WANTCACHE;
5056 * Did chaining end before we got the final answer?
5060 * Yes. This may be a negative reply, so hand off
5061 * authority section processing to the noanswer code.
5062 * If it isn't a noanswer response, no harm will be
5065 return (noanswer_response(fctx, qname, ISC_FALSE));
5069 * We didn't end with an incomplete chain, so the rcode should be
5072 if (message->rcode != dns_rcode_noerror)
5073 return (DNS_R_FORMERR);
5076 * Examine the authority section (if there is one).
5078 * We expect there to be only one owner name for all the rdatasets
5079 * in this section, and we expect that it is not external.
5082 result = dns_message_firstname(message, DNS_SECTION_AUTHORITY);
5083 while (!done && result == ISC_R_SUCCESS) {
5085 dns_message_currentname(message, DNS_SECTION_AUTHORITY, &name);
5086 external = ISC_TF(!dns_name_issubdomain(name, &fctx->domain));
5089 * We expect to find NS or SIG NS rdatasets, and
5092 for (rdataset = ISC_LIST_HEAD(name->list);
5094 rdataset = ISC_LIST_NEXT(rdataset, link)) {
5095 if (rdataset->type == dns_rdatatype_ns ||
5096 (rdataset->type == dns_rdatatype_rrsig &&
5097 rdataset->covers == dns_rdatatype_ns)) {
5100 rdataset->attributes |=
5101 DNS_RDATASETATTR_CACHE;
5102 if (aa && !chaining)
5104 dns_trust_authauthority;
5107 dns_trust_additional;
5110 * Mark any additional data related
5113 (void)dns_rdataset_additionaldata(
5121 result = dns_message_nextname(message, DNS_SECTION_AUTHORITY);
5123 if (result == ISC_R_NOMORE)
5124 result = ISC_R_SUCCESS;
5130 resume_dslookup(isc_task_t *task, isc_event_t *event) {
5131 dns_fetchevent_t *fevent;
5132 dns_resolver_t *res;
5134 isc_result_t result;
5135 isc_boolean_t bucket_empty = ISC_FALSE;
5136 isc_boolean_t locked = ISC_FALSE;
5137 unsigned int bucketnum;
5138 dns_rdataset_t nameservers;
5139 dns_fixedname_t fixed;
5142 REQUIRE(event->ev_type == DNS_EVENT_FETCHDONE);
5143 fevent = (dns_fetchevent_t *)event;
5144 fctx = event->ev_arg;
5145 REQUIRE(VALID_FCTX(fctx));
5149 FCTXTRACE("resume_dslookup");
5151 if (fevent->node != NULL)
5152 dns_db_detachnode(fevent->db, &fevent->node);
5153 if (fevent->db != NULL)
5154 dns_db_detach(&fevent->db);
5156 dns_rdataset_init(&nameservers);
5158 bucketnum = fctx->bucketnum;
5159 if (fevent->result == ISC_R_CANCELED) {
5160 dns_resolver_destroyfetch(&fctx->nsfetch);
5161 fctx_done(fctx, ISC_R_CANCELED);
5162 } else if (fevent->result == ISC_R_SUCCESS) {
5164 FCTXTRACE("resuming DS lookup");
5166 dns_resolver_destroyfetch(&fctx->nsfetch);
5167 if (dns_rdataset_isassociated(&fctx->nameservers))
5168 dns_rdataset_disassociate(&fctx->nameservers);
5169 dns_rdataset_clone(fevent->rdataset, &fctx->nameservers);
5170 dns_name_free(&fctx->domain,
5171 fctx->res->buckets[bucketnum].mctx);
5172 dns_name_init(&fctx->domain, NULL);
5173 result = dns_name_dup(&fctx->nsname,
5174 fctx->res->buckets[bucketnum].mctx,
5176 if (result != ISC_R_SUCCESS) {
5177 fctx_done(fctx, DNS_R_SERVFAIL);
5186 dns_rdataset_t *nsrdataset = NULL;
5189 * Retrieve state from fctx->nsfetch before we destroy it.
5191 dns_fixedname_init(&fixed);
5192 domain = dns_fixedname_name(&fixed);
5193 dns_name_copy(&fctx->nsfetch->private->domain, domain, NULL);
5194 if (dns_name_equal(&fctx->nsname, domain)) {
5195 fctx_done(fctx, DNS_R_SERVFAIL);
5196 dns_resolver_destroyfetch(&fctx->nsfetch);
5199 if (dns_rdataset_isassociated(
5200 &fctx->nsfetch->private->nameservers)) {
5202 &fctx->nsfetch->private->nameservers,
5204 nsrdataset = &nameservers;
5207 dns_resolver_destroyfetch(&fctx->nsfetch);
5208 n = dns_name_countlabels(&fctx->nsname);
5209 dns_name_getlabelsequence(&fctx->nsname, 1, n - 1,
5212 if (dns_rdataset_isassociated(fevent->rdataset))
5213 dns_rdataset_disassociate(fevent->rdataset);
5214 FCTXTRACE("continuing to look for parent's NS records");
5215 result = dns_resolver_createfetch(fctx->res, &fctx->nsname,
5216 dns_rdatatype_ns, domain,
5217 nsrdataset, NULL, 0, task,
5218 resume_dslookup, fctx,
5219 &fctx->nsrrset, NULL,
5221 if (result != ISC_R_SUCCESS)
5222 fctx_done(fctx, result);
5224 LOCK(&res->buckets[bucketnum].lock);
5231 if (dns_rdataset_isassociated(&nameservers))
5232 dns_rdataset_disassociate(&nameservers);
5233 if (dns_rdataset_isassociated(fevent->rdataset))
5234 dns_rdataset_disassociate(fevent->rdataset);
5235 INSIST(fevent->sigrdataset == NULL);
5236 isc_event_free(&event);
5238 LOCK(&res->buckets[bucketnum].lock);
5240 if (fctx->references == 0)
5241 bucket_empty = fctx_destroy(fctx);
5242 UNLOCK(&res->buckets[bucketnum].lock);
5248 checknamessection(dns_message_t *message, dns_section_t section) {
5249 isc_result_t result;
5251 dns_rdata_t rdata = DNS_RDATA_INIT;
5252 dns_rdataset_t *rdataset;
5254 for (result = dns_message_firstname(message, section);
5255 result == ISC_R_SUCCESS;
5256 result = dns_message_nextname(message, section))
5259 dns_message_currentname(message, section, &name);
5260 for (rdataset = ISC_LIST_HEAD(name->list);
5262 rdataset = ISC_LIST_NEXT(rdataset, link)) {
5263 for (result = dns_rdataset_first(rdataset);
5264 result == ISC_R_SUCCESS;
5265 result = dns_rdataset_next(rdataset)) {
5266 dns_rdataset_current(rdataset, &rdata);
5267 if (!dns_rdata_checkowner(name, rdata.rdclass,
5270 !dns_rdata_checknames(&rdata, name, NULL))
5272 rdataset->attributes |=
5273 DNS_RDATASETATTR_CHECKNAMES;
5275 dns_rdata_reset(&rdata);
5282 checknames(dns_message_t *message) {
5284 checknamessection(message, DNS_SECTION_ANSWER);
5285 checknamessection(message, DNS_SECTION_AUTHORITY);
5286 checknamessection(message, DNS_SECTION_ADDITIONAL);
5290 log_packet(dns_message_t *message, int level, isc_mem_t *mctx) {
5291 isc_buffer_t buffer;
5294 isc_result_t result;
5296 if (! isc_log_wouldlog(dns_lctx, level))
5300 * Note that these are multiline debug messages. We want a newline
5301 * to appear in the log after each message.
5305 buf = isc_mem_get(mctx, len);
5308 isc_buffer_init(&buffer, buf, len);
5309 result = dns_message_totext(message, &dns_master_style_debug,
5311 if (result == ISC_R_NOSPACE) {
5312 isc_mem_put(mctx, buf, len);
5314 } else if (result == ISC_R_SUCCESS)
5315 isc_log_write(dns_lctx, DNS_LOGCATEGORY_RESOLVER,
5316 DNS_LOGMODULE_RESOLVER, level,
5317 "received packet:\n%.*s",
5318 (int)isc_buffer_usedlength(&buffer),
5320 } while (result == ISC_R_NOSPACE);
5323 isc_mem_put(mctx, buf, len);
5327 resquery_response(isc_task_t *task, isc_event_t *event) {
5328 isc_result_t result = ISC_R_SUCCESS;
5329 resquery_t *query = event->ev_arg;
5330 dns_dispatchevent_t *devent = (dns_dispatchevent_t *)event;
5331 isc_boolean_t keep_trying, get_nameservers, resend;
5332 isc_boolean_t truncated;
5333 dns_message_t *message;
5336 dns_fixedname_t foundname;
5338 isc_time_t tnow, *finish;
5339 dns_adbaddrinfo_t *addrinfo;
5340 unsigned int options;
5341 unsigned int findoptions;
5342 isc_result_t broken_server;
5344 REQUIRE(VALID_QUERY(query));
5346 options = query->options;
5347 REQUIRE(VALID_FCTX(fctx));
5348 REQUIRE(event->ev_type == DNS_EVENT_DISPATCH);
5352 (void)isc_timer_touch(fctx->timer);
5354 keep_trying = ISC_FALSE;
5355 broken_server = ISC_R_SUCCESS;
5356 get_nameservers = ISC_FALSE;
5358 truncated = ISC_FALSE;
5361 if (fctx->res->exiting) {
5362 result = ISC_R_SHUTTINGDOWN;
5369 * XXXRTH We should really get the current time just once. We
5370 * need a routine to convert from an isc_time_t to an
5375 isc_stdtime_get(&now);
5378 * Did the dispatcher have a problem?
5380 if (devent->result != ISC_R_SUCCESS) {
5381 if (devent->result == ISC_R_EOF &&
5382 (query->options & DNS_FETCHOPT_NOEDNS0) == 0) {
5384 * The problem might be that they
5385 * don't understand EDNS0. Turn it
5386 * off and try again.
5388 options |= DNS_FETCHOPT_NOEDNS0;
5391 * Remember that they don't like EDNS0.
5393 dns_adb_changeflags(fctx->adb,
5395 DNS_FETCHOPT_NOEDNS0,
5396 DNS_FETCHOPT_NOEDNS0);
5399 * There's no hope for this query.
5401 keep_trying = ISC_TRUE;
5406 message = fctx->rmessage;
5408 if (query->tsig != NULL) {
5409 result = dns_message_setquerytsig(message, query->tsig);
5410 if (result != ISC_R_SUCCESS)
5414 if (query->tsigkey) {
5415 result = dns_message_settsigkey(message, query->tsigkey);
5416 if (result != ISC_R_SUCCESS)
5420 result = dns_message_parse(message, &devent->buffer, 0);
5421 if (result != ISC_R_SUCCESS) {
5423 case ISC_R_UNEXPECTEDEND:
5424 if (!message->question_ok ||
5425 (message->flags & DNS_MESSAGEFLAG_TC) == 0 ||
5426 (options & DNS_FETCHOPT_TCP) != 0) {
5428 * Either the message ended prematurely,
5429 * and/or wasn't marked as being truncated,
5430 * and/or this is a response to a query we
5431 * sent over TCP. In all of these cases,
5432 * something is wrong with the remote
5433 * server and we don't want to retry using
5436 if ((query->options & DNS_FETCHOPT_NOEDNS0)
5439 * The problem might be that they
5440 * don't understand EDNS0. Turn it
5441 * off and try again.
5443 options |= DNS_FETCHOPT_NOEDNS0;
5446 * Remember that they don't like EDNS0.
5448 dns_adb_changeflags(
5451 DNS_FETCHOPT_NOEDNS0,
5452 DNS_FETCHOPT_NOEDNS0);
5454 broken_server = result;
5455 keep_trying = ISC_TRUE;
5460 * We defer retrying via TCP for a bit so we can
5461 * check out this message further.
5463 truncated = ISC_TRUE;
5466 if ((query->options & DNS_FETCHOPT_NOEDNS0) == 0) {
5468 * The problem might be that they
5469 * don't understand EDNS0. Turn it
5470 * off and try again.
5472 options |= DNS_FETCHOPT_NOEDNS0;
5475 * Remember that they don't like EDNS0.
5477 dns_adb_changeflags(fctx->adb,
5479 DNS_FETCHOPT_NOEDNS0,
5480 DNS_FETCHOPT_NOEDNS0);
5482 broken_server = DNS_R_UNEXPECTEDRCODE;
5483 keep_trying = ISC_TRUE;
5488 * Something bad has happened.
5495 * Log the incoming packet.
5497 log_packet(message, ISC_LOG_DEBUG(10), fctx->res->mctx);
5500 * If the message is signed, check the signature. If not, this
5501 * returns success anyway.
5503 result = dns_message_checksig(message, fctx->res->view);
5504 if (result != ISC_R_SUCCESS)
5508 * The dispatcher should ensure we only get responses with QR set.
5510 INSIST((message->flags & DNS_MESSAGEFLAG_QR) != 0);
5512 * INSIST() that the message comes from the place we sent it to,
5513 * since the dispatch code should ensure this.
5515 * INSIST() that the message id is correct (this should also be
5516 * ensured by the dispatch code).
5521 * Deal with truncated responses by retrying using TCP.
5523 if ((message->flags & DNS_MESSAGEFLAG_TC) != 0)
5524 truncated = ISC_TRUE;
5527 if ((options & DNS_FETCHOPT_TCP) != 0) {
5528 broken_server = DNS_R_TRUNCATEDTCP;
5529 keep_trying = ISC_TRUE;
5531 options |= DNS_FETCHOPT_TCP;
5538 * Is it a query response?
5540 if (message->opcode != dns_opcode_query) {
5542 broken_server = DNS_R_UNEXPECTEDOPCODE;
5543 keep_trying = ISC_TRUE;
5548 * Is the remote server broken, or does it dislike us?
5550 if (message->rcode != dns_rcode_noerror &&
5551 message->rcode != dns_rcode_nxdomain) {
5552 if ((message->rcode == dns_rcode_formerr ||
5553 message->rcode == dns_rcode_notimp ||
5554 message->rcode == dns_rcode_servfail) &&
5555 (query->options & DNS_FETCHOPT_NOEDNS0) == 0) {
5557 * It's very likely they don't like EDNS0.
5559 * XXXRTH We should check if the question
5560 * we're asking requires EDNS0, and
5561 * if so, we should bail out.
5563 options |= DNS_FETCHOPT_NOEDNS0;
5566 * Remember that they don't like EDNS0.
5568 if (message->rcode != dns_rcode_servfail)
5569 dns_adb_changeflags(fctx->adb, query->addrinfo,
5570 DNS_FETCHOPT_NOEDNS0,
5571 DNS_FETCHOPT_NOEDNS0);
5572 } else if (message->rcode == dns_rcode_formerr) {
5573 if (ISFORWARDER(query->addrinfo)) {
5575 * This forwarder doesn't understand us,
5576 * but other forwarders might. Keep trying.
5578 broken_server = DNS_R_REMOTEFORMERR;
5579 keep_trying = ISC_TRUE;
5582 * The server doesn't understand us. Since
5583 * all servers for a zone need similar
5584 * capabilities, we assume that we will get
5585 * FORMERR from all servers, and thus we
5586 * cannot make any more progress with this
5589 result = DNS_R_FORMERR;
5591 } else if (message->rcode == dns_rcode_yxdomain) {
5593 * DNAME mapping failed because the new name
5594 * was too long. There's no chance of success
5597 result = DNS_R_YXDOMAIN;
5598 } else if (message->rcode == dns_rcode_badvers) {
5599 dns_rdataset_t *opt;
5600 unsigned int flags, mask;
5601 unsigned int version;
5604 opt = dns_message_getopt(message);
5605 version = (opt->ttl >> 16) & 0xff;
5606 flags = (version << DNS_FETCHOPT_EDNSVERSIONSHIFT) |
5607 DNS_FETCHOPT_EDNSVERSIONSET;
5608 mask = DNS_FETCHOPT_EDNSVERSIONMASK |
5609 DNS_FETCHOPT_EDNSVERSIONSET;
5612 dns_adb_changeflags(fctx->adb, query->addrinfo,
5616 broken_server = DNS_R_BADVERS;
5617 keep_trying = ISC_TRUE;
5624 broken_server = DNS_R_UNEXPECTEDRCODE;
5625 INSIST(broken_server != ISC_R_SUCCESS);
5626 keep_trying = ISC_TRUE;
5632 * Is the question the same as the one we asked?
5634 result = same_question(fctx);
5635 if (result != ISC_R_SUCCESS) {
5637 if (result == DNS_R_FORMERR)
5638 keep_trying = ISC_TRUE;
5643 * Is the server lame?
5645 if (fctx->res->lame_ttl != 0 && !ISFORWARDER(query->addrinfo) &&
5647 log_lame(fctx, query->addrinfo);
5648 result = dns_adb_marklame(fctx->adb, query->addrinfo,
5649 &fctx->name, fctx->type,
5650 now + fctx->res->lame_ttl);
5651 if (result != ISC_R_SUCCESS)
5652 isc_log_write(dns_lctx, DNS_LOGCATEGORY_RESOLVER,
5653 DNS_LOGMODULE_RESOLVER, ISC_LOG_ERROR,
5654 "could not mark server as lame: %s",
5655 isc_result_totext(result));
5656 broken_server = DNS_R_LAME;
5657 keep_trying = ISC_TRUE;
5662 * Enforce delegations only zones like NET and COM.
5664 if (!ISFORWARDER(query->addrinfo) &&
5665 dns_view_isdelegationonly(fctx->res->view, &fctx->domain) &&
5666 !dns_name_equal(&fctx->domain, &fctx->name) &&
5667 fix_mustbedelegationornxdomain(message, fctx)) {
5668 char namebuf[DNS_NAME_FORMATSIZE];
5669 char domainbuf[DNS_NAME_FORMATSIZE];
5670 char addrbuf[ISC_SOCKADDR_FORMATSIZE];
5674 dns_name_format(&fctx->name, namebuf, sizeof(namebuf));
5675 dns_name_format(&fctx->domain, domainbuf, sizeof(domainbuf));
5676 dns_rdatatype_format(fctx->type, typebuf, sizeof(typebuf));
5677 dns_rdataclass_format(fctx->res->rdclass, classbuf,
5679 isc_sockaddr_format(&query->addrinfo->sockaddr, addrbuf,
5682 isc_log_write(dns_lctx, DNS_LOGCATEGORY_DELEGATION_ONLY,
5683 DNS_LOGMODULE_RESOLVER, ISC_LOG_NOTICE,
5684 "enforced delegation-only for '%s' (%s/%s/%s) "
5686 domainbuf, namebuf, typebuf, classbuf, addrbuf);
5689 if ((fctx->res->options & DNS_RESOLVER_CHECKNAMES) != 0)
5690 checknames(message);
5695 fctx->attributes &= ~(FCTX_ATTR_WANTNCACHE | FCTX_ATTR_WANTCACHE);
5698 * Did we get any answers?
5700 if (message->counts[DNS_SECTION_ANSWER] > 0 &&
5701 (message->rcode == dns_rcode_noerror ||
5702 message->rcode == dns_rcode_nxdomain)) {
5704 * We've got answers. However, if we sent
5705 * a BIND 8 server an NS query, it may have
5706 * incorrectly responded with a non-authoritative
5707 * answer instead of a referral. Since this
5708 * answer lacks the SIGs necessary to do DNSSEC
5709 * validation, we must invoke the following special
5710 * kludge to treat it as a referral.
5712 if (fctx->type == dns_rdatatype_ns &&
5713 (message->flags & DNS_MESSAGEFLAG_AA) == 0 &&
5714 !ISFORWARDER(query->addrinfo))
5716 result = noanswer_response(fctx, NULL, ISC_TRUE);
5717 if (result != DNS_R_DELEGATION) {
5719 * The answer section must have contained
5720 * something other than the NS records
5721 * we asked for. Since AA is not set
5722 * and the server is not a forwarder,
5723 * it is technically lame and it's easier
5724 * to treat it as such than to figure out
5725 * some more elaborate course of action.
5727 broken_server = DNS_R_LAME;
5728 keep_trying = ISC_TRUE;
5731 goto force_referral;
5733 result = answer_response(fctx);
5734 if (result != ISC_R_SUCCESS) {
5735 if (result == DNS_R_FORMERR)
5736 keep_trying = ISC_TRUE;
5739 } else if (message->counts[DNS_SECTION_AUTHORITY] > 0 ||
5740 message->rcode == dns_rcode_noerror ||
5741 message->rcode == dns_rcode_nxdomain) {
5743 * NXDOMAIN, NXRDATASET, or referral.
5745 result = noanswer_response(fctx, NULL, ISC_FALSE);
5746 if (result == DNS_R_CHASEDSSERVERS) {
5747 } else if (result == DNS_R_DELEGATION) {
5750 * We don't have the answer, but we know a better
5753 get_nameservers = ISC_TRUE;
5754 keep_trying = ISC_TRUE;
5756 * We have a new set of name servers, and it
5757 * has not experienced any restarts yet.
5760 result = ISC_R_SUCCESS;
5761 } else if (result != ISC_R_SUCCESS) {
5763 * Something has gone wrong.
5765 if (result == DNS_R_FORMERR)
5766 keep_trying = ISC_TRUE;
5771 * The server is insane.
5774 broken_server = DNS_R_UNEXPECTEDRCODE;
5775 keep_trying = ISC_TRUE;
5780 * Follow additional section data chains.
5782 chase_additional(fctx);
5785 * Cache the cacheable parts of the message. This may also cause
5786 * work to be queued to the DNSSEC validator.
5788 if (WANTCACHE(fctx)) {
5789 result = cache_message(fctx, query->addrinfo, now);
5790 if (result != ISC_R_SUCCESS)
5795 * Ncache the negatively cacheable parts of the message. This may
5796 * also cause work to be queued to the DNSSEC validator.
5798 if (WANTNCACHE(fctx)) {
5799 dns_rdatatype_t covers;
5800 if (message->rcode == dns_rcode_nxdomain)
5801 covers = dns_rdatatype_any;
5803 covers = fctx->type;
5806 * Cache any negative cache entries in the message.
5808 result = ncache_message(fctx, query->addrinfo, covers, now);
5813 * Remember the query's addrinfo, in case we need to mark the
5816 addrinfo = query->addrinfo;
5821 * XXXRTH Don't cancel the query if waiting for validation?
5823 fctx_cancelquery(&query, &devent, finish, ISC_FALSE);
5826 if (result == DNS_R_FORMERR)
5827 broken_server = DNS_R_FORMERR;
5828 if (broken_server != ISC_R_SUCCESS) {
5830 * Add this server to the list of bad servers for
5833 add_bad(fctx, &addrinfo->sockaddr, broken_server);
5836 if (get_nameservers) {
5838 dns_fixedname_init(&foundname);
5839 fname = dns_fixedname_name(&foundname);
5840 if (result != ISC_R_SUCCESS) {
5841 fctx_done(fctx, DNS_R_SERVFAIL);
5845 if (dns_rdatatype_atparent(fctx->type))
5846 findoptions |= DNS_DBFIND_NOEXACT;
5847 if ((options & DNS_FETCHOPT_UNSHARED) == 0)
5850 name = &fctx->domain;
5851 result = dns_view_findzonecut(fctx->res->view,
5857 if (result != ISC_R_SUCCESS) {
5858 FCTXTRACE("couldn't find a zonecut");
5859 fctx_done(fctx, DNS_R_SERVFAIL);
5862 if (!dns_name_issubdomain(fname, &fctx->domain)) {
5864 * The best nameservers are now above our
5867 FCTXTRACE("nameservers now above QDOMAIN");
5868 fctx_done(fctx, DNS_R_SERVFAIL);
5871 dns_name_free(&fctx->domain,
5872 fctx->res->buckets[fctx->bucketnum].mctx);
5873 dns_name_init(&fctx->domain, NULL);
5874 result = dns_name_dup(fname,
5875 fctx->res->buckets[fctx->bucketnum].mctx,
5877 if (result != ISC_R_SUCCESS) {
5878 fctx_done(fctx, DNS_R_SERVFAIL);
5881 fctx_cancelqueries(fctx, ISC_TRUE);
5882 fctx_cleanupfinds(fctx);
5883 fctx_cleanupaltfinds(fctx);
5884 fctx_cleanupforwaddrs(fctx);
5885 fctx_cleanupaltaddrs(fctx);
5891 } else if (resend) {
5893 * Resend (probably with changed options).
5895 FCTXTRACE("resend");
5896 result = fctx_query(fctx, addrinfo, options);
5897 if (result != ISC_R_SUCCESS)
5898 fctx_done(fctx, result);
5899 } else if (result == ISC_R_SUCCESS && !HAVE_ANSWER(fctx)) {
5901 * All has gone well so far, but we are waiting for the
5902 * DNSSEC validator to validate the answer.
5904 FCTXTRACE("wait for validator");
5905 fctx_cancelqueries(fctx, ISC_TRUE);
5907 * We must not retransmit while the validator is working;
5908 * it has references to the current rmessage.
5910 result = fctx_stopidletimer(fctx);
5911 if (result != ISC_R_SUCCESS)
5912 fctx_done(fctx, result);
5913 } else if (result == DNS_R_CHASEDSSERVERS) {
5915 add_bad(fctx, &addrinfo->sockaddr, result);
5916 fctx_cancelqueries(fctx, ISC_TRUE);
5917 fctx_cleanupfinds(fctx);
5918 fctx_cleanupforwaddrs(fctx);
5920 n = dns_name_countlabels(&fctx->name);
5921 dns_name_getlabelsequence(&fctx->name, 1, n - 1, &fctx->nsname);
5923 FCTXTRACE("suspending DS lookup to find parent's NS records");
5925 result = dns_resolver_createfetch(fctx->res, &fctx->nsname,
5927 NULL, NULL, NULL, 0, task,
5928 resume_dslookup, fctx,
5929 &fctx->nsrrset, NULL,
5931 if (result != ISC_R_SUCCESS)
5932 fctx_done(fctx, result);
5933 LOCK(&fctx->res->buckets[fctx->bucketnum].lock);
5935 UNLOCK(&fctx->res->buckets[fctx->bucketnum].lock);
5936 result = fctx_stopidletimer(fctx);
5937 if (result != ISC_R_SUCCESS)
5938 fctx_done(fctx, result);
5943 fctx_done(fctx, result);
5949 *** Resolver Methods
5953 destroy(dns_resolver_t *res) {
5957 REQUIRE(res->references == 0);
5958 REQUIRE(!res->priming);
5959 REQUIRE(res->primefetch == NULL);
5963 INSIST(res->nfctx == 0);
5965 DESTROYLOCK(&res->primelock);
5966 DESTROYLOCK(&res->nlock);
5967 DESTROYLOCK(&res->lock);
5968 for (i = 0; i < res->nbuckets; i++) {
5969 INSIST(ISC_LIST_EMPTY(res->buckets[i].fctxs));
5970 isc_task_shutdown(res->buckets[i].task);
5971 isc_task_detach(&res->buckets[i].task);
5972 DESTROYLOCK(&res->buckets[i].lock);
5973 isc_mem_detach(&res->buckets[i].mctx);
5975 isc_mem_put(res->mctx, res->buckets,
5976 res->nbuckets * sizeof(fctxbucket_t));
5977 if (res->dispatchv4 != NULL)
5978 dns_dispatch_detach(&res->dispatchv4);
5979 if (res->dispatchv6 != NULL)
5980 dns_dispatch_detach(&res->dispatchv6);
5981 while ((a = ISC_LIST_HEAD(res->alternates)) != NULL) {
5982 ISC_LIST_UNLINK(res->alternates, a, link);
5984 dns_name_free(&a->_u._n.name, res->mctx);
5985 isc_mem_put(res->mctx, a, sizeof(*a));
5987 dns_resolver_reset_algorithms(res);
5988 dns_resolver_resetmustbesecure(res);
5990 isc_rwlock_destroy(&res->alglock);
5993 isc_rwlock_destroy(&res->mbslock);
5995 isc_timer_detach(&res->spillattimer);
5997 isc_mem_put(res->mctx, res, sizeof(*res));
6001 send_shutdown_events(dns_resolver_t *res) {
6002 isc_event_t *event, *next_event;
6006 * Caller must be holding the resolver lock.
6009 for (event = ISC_LIST_HEAD(res->whenshutdown);
6011 event = next_event) {
6012 next_event = ISC_LIST_NEXT(event, ev_link);
6013 ISC_LIST_UNLINK(res->whenshutdown, event, ev_link);
6014 etask = event->ev_sender;
6015 event->ev_sender = res;
6016 isc_task_sendanddetach(&etask, &event);
6021 empty_bucket(dns_resolver_t *res) {
6022 RTRACE("empty_bucket");
6026 INSIST(res->activebuckets > 0);
6027 res->activebuckets--;
6028 if (res->activebuckets == 0)
6029 send_shutdown_events(res);
6035 spillattimer_countdown(isc_task_t *task, isc_event_t *event) {
6036 dns_resolver_t *res = event->ev_arg;
6037 isc_result_t result;
6039 isc_boolean_t logit = ISC_FALSE;
6041 REQUIRE(VALID_RESOLVER(res));
6046 INSIST(!res->exiting);
6047 if (res->spillat > res->spillatmin) {
6051 if (res->spillat <= res->spillatmin) {
6052 result = isc_timer_reset(res->spillattimer,
6053 isc_timertype_inactive, NULL,
6055 RUNTIME_CHECK(result == ISC_R_SUCCESS);
6057 count = res->spillat;
6060 isc_log_write(dns_lctx, DNS_LOGCATEGORY_RESOLVER,
6061 DNS_LOGMODULE_RESOLVER, ISC_LOG_NOTICE,
6062 "clients-per-query decreased to %u", count);
6064 isc_event_free(&event);
6068 dns_resolver_create(dns_view_t *view,
6069 isc_taskmgr_t *taskmgr, unsigned int ntasks,
6070 isc_socketmgr_t *socketmgr,
6071 isc_timermgr_t *timermgr,
6072 unsigned int options,
6073 dns_dispatchmgr_t *dispatchmgr,
6074 dns_dispatch_t *dispatchv4,
6075 dns_dispatch_t *dispatchv6,
6076 dns_resolver_t **resp)
6078 dns_resolver_t *res;
6079 isc_result_t result = ISC_R_SUCCESS;
6080 unsigned int i, buckets_created = 0;
6081 isc_task_t *task = NULL;
6085 * Create a resolver.
6088 REQUIRE(DNS_VIEW_VALID(view));
6089 REQUIRE(ntasks > 0);
6090 REQUIRE(resp != NULL && *resp == NULL);
6091 REQUIRE(dispatchmgr != NULL);
6092 REQUIRE(dispatchv4 != NULL || dispatchv6 != NULL);
6094 res = isc_mem_get(view->mctx, sizeof(*res));
6096 return (ISC_R_NOMEMORY);
6098 res->mctx = view->mctx;
6099 res->rdclass = view->rdclass;
6100 res->socketmgr = socketmgr;
6101 res->timermgr = timermgr;
6102 res->taskmgr = taskmgr;
6103 res->dispatchmgr = dispatchmgr;
6105 res->options = options;
6107 ISC_LIST_INIT(res->alternates);
6108 res->udpsize = RECV_BUFFER_SIZE;
6109 res->algorithms = NULL;
6110 res->mustbesecure = NULL;
6111 res->spillatmin = res->spillat = 10;
6112 res->spillatmax = 100;
6113 res->spillattimer = NULL;
6114 res->zero_no_soa_ttl = ISC_FALSE;
6116 res->nbuckets = ntasks;
6117 res->activebuckets = ntasks;
6118 res->buckets = isc_mem_get(view->mctx,
6119 ntasks * sizeof(fctxbucket_t));
6120 if (res->buckets == NULL) {
6121 result = ISC_R_NOMEMORY;
6124 for (i = 0; i < ntasks; i++) {
6125 result = isc_mutex_init(&res->buckets[i].lock);
6126 if (result != ISC_R_SUCCESS)
6127 goto cleanup_buckets;
6128 res->buckets[i].task = NULL;
6129 result = isc_task_create(taskmgr, 0, &res->buckets[i].task);
6130 if (result != ISC_R_SUCCESS) {
6131 DESTROYLOCK(&res->buckets[i].lock);
6132 goto cleanup_buckets;
6134 res->buckets[i].mctx = NULL;
6135 result = isc_mem_create(0, 0, &res->buckets[i].mctx);
6136 if (result != ISC_R_SUCCESS) {
6137 isc_task_detach(&res->buckets[i].task);
6138 DESTROYLOCK(&res->buckets[i].lock);
6139 goto cleanup_buckets;
6141 snprintf(name, sizeof(name), "res%u", i);
6142 isc_task_setname(res->buckets[i].task, name, res);
6143 ISC_LIST_INIT(res->buckets[i].fctxs);
6144 res->buckets[i].exiting = ISC_FALSE;
6148 res->dispatchv4 = NULL;
6149 if (dispatchv4 != NULL)
6150 dns_dispatch_attach(dispatchv4, &res->dispatchv4);
6151 res->dispatchv6 = NULL;
6152 if (dispatchv6 != NULL)
6153 dns_dispatch_attach(dispatchv6, &res->dispatchv6);
6155 res->references = 1;
6156 res->exiting = ISC_FALSE;
6157 res->frozen = ISC_FALSE;
6158 ISC_LIST_INIT(res->whenshutdown);
6159 res->priming = ISC_FALSE;
6160 res->primefetch = NULL;
6163 result = isc_mutex_init(&res->lock);
6164 if (result != ISC_R_SUCCESS)
6165 goto cleanup_dispatches;
6167 result = isc_mutex_init(&res->nlock);
6168 if (result != ISC_R_SUCCESS)
6171 result = isc_mutex_init(&res->primelock);
6172 if (result != ISC_R_SUCCESS)
6176 result = isc_task_create(taskmgr, 0, &task);
6177 if (result != ISC_R_SUCCESS)
6178 goto cleanup_primelock;
6180 result = isc_timer_create(timermgr, isc_timertype_inactive, NULL, NULL,
6181 task, spillattimer_countdown, res,
6182 &res->spillattimer);
6183 isc_task_detach(&task);
6184 if (result != ISC_R_SUCCESS)
6185 goto cleanup_primelock;
6188 result = isc_rwlock_init(&res->alglock, 0, 0);
6189 if (result != ISC_R_SUCCESS)
6190 goto cleanup_spillattimer;
6193 result = isc_rwlock_init(&res->mbslock, 0, 0);
6194 if (result != ISC_R_SUCCESS)
6195 goto cleanup_alglock;
6198 res->magic = RES_MAGIC;
6202 return (ISC_R_SUCCESS);
6207 isc_rwlock_destroy(&res->alglock);
6210 #if USE_ALGLOCK || USE_MBSLOCK
6211 cleanup_spillattimer:
6212 isc_timer_detach(&res->spillattimer);
6216 DESTROYLOCK(&res->primelock);
6219 DESTROYLOCK(&res->nlock);
6222 DESTROYLOCK(&res->lock);
6225 if (res->dispatchv6 != NULL)
6226 dns_dispatch_detach(&res->dispatchv6);
6227 if (res->dispatchv4 != NULL)
6228 dns_dispatch_detach(&res->dispatchv4);
6231 for (i = 0; i < buckets_created; i++) {
6232 isc_mem_detach(&res->buckets[i].mctx);
6233 DESTROYLOCK(&res->buckets[i].lock);
6234 isc_task_shutdown(res->buckets[i].task);
6235 isc_task_detach(&res->buckets[i].task);
6237 isc_mem_put(view->mctx, res->buckets,
6238 res->nbuckets * sizeof(fctxbucket_t));
6241 isc_mem_put(view->mctx, res, sizeof(*res));
6247 prime_done(isc_task_t *task, isc_event_t *event) {
6248 dns_resolver_t *res;
6249 dns_fetchevent_t *fevent;
6251 dns_db_t *db = NULL;
6253 REQUIRE(event->ev_type == DNS_EVENT_FETCHDONE);
6254 fevent = (dns_fetchevent_t *)event;
6255 res = event->ev_arg;
6256 REQUIRE(VALID_RESOLVER(res));
6262 INSIST(res->priming);
6263 res->priming = ISC_FALSE;
6264 LOCK(&res->primelock);
6265 fetch = res->primefetch;
6266 res->primefetch = NULL;
6267 UNLOCK(&res->primelock);
6271 if (fevent->result == ISC_R_SUCCESS &&
6272 res->view->cache != NULL && res->view->hints != NULL) {
6273 dns_cache_attachdb(res->view->cache, &db);
6274 dns_root_checkhints(res->view, res->view->hints, db);
6278 if (fevent->node != NULL)
6279 dns_db_detachnode(fevent->db, &fevent->node);
6280 if (fevent->db != NULL)
6281 dns_db_detach(&fevent->db);
6282 if (dns_rdataset_isassociated(fevent->rdataset))
6283 dns_rdataset_disassociate(fevent->rdataset);
6284 INSIST(fevent->sigrdataset == NULL);
6286 isc_mem_put(res->mctx, fevent->rdataset, sizeof(*fevent->rdataset));
6288 isc_event_free(&event);
6289 dns_resolver_destroyfetch(&fetch);
6293 dns_resolver_prime(dns_resolver_t *res) {
6294 isc_boolean_t want_priming = ISC_FALSE;
6295 dns_rdataset_t *rdataset;
6296 isc_result_t result;
6298 REQUIRE(VALID_RESOLVER(res));
6299 REQUIRE(res->frozen);
6301 RTRACE("dns_resolver_prime");
6305 if (!res->exiting && !res->priming) {
6306 INSIST(res->primefetch == NULL);
6307 res->priming = ISC_TRUE;
6308 want_priming = ISC_TRUE;
6315 * To avoid any possible recursive locking problems, we
6316 * start the priming fetch like any other fetch, and holding
6317 * no resolver locks. No one else will try to start it
6318 * because we're the ones who set res->priming to true.
6319 * Any other callers of dns_resolver_prime() while we're
6320 * running will see that res->priming is already true and
6324 rdataset = isc_mem_get(res->mctx, sizeof(*rdataset));
6325 if (rdataset == NULL) {
6327 INSIST(res->priming);
6328 INSIST(res->primefetch == NULL);
6329 res->priming = ISC_FALSE;
6333 dns_rdataset_init(rdataset);
6334 LOCK(&res->primelock);
6335 result = dns_resolver_createfetch(res, dns_rootname,
6337 NULL, NULL, NULL, 0,
6338 res->buckets[0].task,
6340 res, rdataset, NULL,
6342 UNLOCK(&res->primelock);
6343 if (result != ISC_R_SUCCESS) {
6345 INSIST(res->priming);
6346 res->priming = ISC_FALSE;
6353 dns_resolver_freeze(dns_resolver_t *res) {
6359 REQUIRE(VALID_RESOLVER(res));
6360 REQUIRE(!res->frozen);
6362 res->frozen = ISC_TRUE;
6366 dns_resolver_attach(dns_resolver_t *source, dns_resolver_t **targetp) {
6367 REQUIRE(VALID_RESOLVER(source));
6368 REQUIRE(targetp != NULL && *targetp == NULL);
6370 RRTRACE(source, "attach");
6371 LOCK(&source->lock);
6372 REQUIRE(!source->exiting);
6374 INSIST(source->references > 0);
6375 source->references++;
6376 INSIST(source->references != 0);
6377 UNLOCK(&source->lock);
6383 dns_resolver_whenshutdown(dns_resolver_t *res, isc_task_t *task,
6384 isc_event_t **eventp)
6389 REQUIRE(VALID_RESOLVER(res));
6390 REQUIRE(eventp != NULL);
6397 if (res->exiting && res->activebuckets == 0) {
6399 * We're already shutdown. Send the event.
6401 event->ev_sender = res;
6402 isc_task_send(task, &event);
6405 isc_task_attach(task, &clone);
6406 event->ev_sender = clone;
6407 ISC_LIST_APPEND(res->whenshutdown, event, ev_link);
6414 dns_resolver_shutdown(dns_resolver_t *res) {
6418 isc_result_t result;
6420 REQUIRE(VALID_RESOLVER(res));
6426 if (!res->exiting) {
6428 res->exiting = ISC_TRUE;
6430 for (i = 0; i < res->nbuckets; i++) {
6431 LOCK(&res->buckets[i].lock);
6432 for (fctx = ISC_LIST_HEAD(res->buckets[i].fctxs);
6434 fctx = ISC_LIST_NEXT(fctx, link))
6435 fctx_shutdown(fctx);
6436 if (res->dispatchv4 != NULL) {
6437 sock = dns_dispatch_getsocket(res->dispatchv4);
6438 isc_socket_cancel(sock, res->buckets[i].task,
6439 ISC_SOCKCANCEL_ALL);
6441 if (res->dispatchv6 != NULL) {
6442 sock = dns_dispatch_getsocket(res->dispatchv6);
6443 isc_socket_cancel(sock, res->buckets[i].task,
6444 ISC_SOCKCANCEL_ALL);
6446 res->buckets[i].exiting = ISC_TRUE;
6447 if (ISC_LIST_EMPTY(res->buckets[i].fctxs)) {
6448 INSIST(res->activebuckets > 0);
6449 res->activebuckets--;
6451 UNLOCK(&res->buckets[i].lock);
6453 if (res->activebuckets == 0)
6454 send_shutdown_events(res);
6455 result = isc_timer_reset(res->spillattimer,
6456 isc_timertype_inactive, NULL,
6458 RUNTIME_CHECK(result == ISC_R_SUCCESS);
6465 dns_resolver_detach(dns_resolver_t **resp) {
6466 dns_resolver_t *res;
6467 isc_boolean_t need_destroy = ISC_FALSE;
6469 REQUIRE(resp != NULL);
6471 REQUIRE(VALID_RESOLVER(res));
6477 INSIST(res->references > 0);
6479 if (res->references == 0) {
6480 INSIST(res->exiting && res->activebuckets == 0);
6481 need_destroy = ISC_TRUE;
6492 static inline isc_boolean_t
6493 fctx_match(fetchctx_t *fctx, dns_name_t *name, dns_rdatatype_t type,
6494 unsigned int options)
6496 if (fctx->type != type || fctx->options != options)
6498 return (dns_name_equal(&fctx->name, name));
6502 log_fetch(dns_name_t *name, dns_rdatatype_t type) {
6503 char namebuf[DNS_NAME_FORMATSIZE];
6504 char typebuf[DNS_RDATATYPE_FORMATSIZE];
6505 int level = ISC_LOG_DEBUG(1);
6507 if (! isc_log_wouldlog(dns_lctx, level))
6510 dns_name_format(name, namebuf, sizeof(namebuf));
6511 dns_rdatatype_format(type, typebuf, sizeof(typebuf));
6513 isc_log_write(dns_lctx, DNS_LOGCATEGORY_RESOLVER,
6514 DNS_LOGMODULE_RESOLVER, level,
6515 "createfetch: %s %s", namebuf, typebuf);
6519 dns_resolver_createfetch(dns_resolver_t *res, dns_name_t *name,
6520 dns_rdatatype_t type,
6521 dns_name_t *domain, dns_rdataset_t *nameservers,
6522 dns_forwarders_t *forwarders,
6523 unsigned int options, isc_task_t *task,
6524 isc_taskaction_t action, void *arg,
6525 dns_rdataset_t *rdataset,
6526 dns_rdataset_t *sigrdataset,
6527 dns_fetch_t **fetchp)
6529 return (dns_resolver_createfetch2(res, name, type, domain,
6530 nameservers, forwarders, NULL, 0,
6531 options, task, action, arg,
6532 rdataset, sigrdataset, fetchp));
6536 dns_resolver_createfetch2(dns_resolver_t *res, dns_name_t *name,
6537 dns_rdatatype_t type,
6538 dns_name_t *domain, dns_rdataset_t *nameservers,
6539 dns_forwarders_t *forwarders,
6540 isc_sockaddr_t *client, dns_messageid_t id,
6541 unsigned int options, isc_task_t *task,
6542 isc_taskaction_t action, void *arg,
6543 dns_rdataset_t *rdataset,
6544 dns_rdataset_t *sigrdataset,
6545 dns_fetch_t **fetchp)
6548 fetchctx_t *fctx = NULL;
6549 isc_result_t result = ISC_R_SUCCESS;
6550 unsigned int bucketnum;
6551 isc_boolean_t new_fctx = ISC_FALSE;
6553 unsigned int count = 0;
6554 unsigned int spillat;
6558 REQUIRE(VALID_RESOLVER(res));
6559 REQUIRE(res->frozen);
6560 /* XXXRTH Check for meta type */
6561 if (domain != NULL) {
6562 REQUIRE(DNS_RDATASET_VALID(nameservers));
6563 REQUIRE(nameservers->type == dns_rdatatype_ns);
6565 REQUIRE(nameservers == NULL);
6566 REQUIRE(forwarders == NULL);
6567 REQUIRE(!dns_rdataset_isassociated(rdataset));
6568 REQUIRE(sigrdataset == NULL ||
6569 !dns_rdataset_isassociated(sigrdataset));
6570 REQUIRE(fetchp != NULL && *fetchp == NULL);
6572 log_fetch(name, type);
6575 * XXXRTH use a mempool?
6577 fetch = isc_mem_get(res->mctx, sizeof(*fetch));
6579 return (ISC_R_NOMEMORY);
6581 bucketnum = dns_name_fullhash(name, ISC_FALSE) % res->nbuckets;
6584 spillat = res->spillat;
6586 LOCK(&res->buckets[bucketnum].lock);
6588 if (res->buckets[bucketnum].exiting) {
6589 result = ISC_R_SHUTTINGDOWN;
6593 if ((options & DNS_FETCHOPT_UNSHARED) == 0) {
6594 for (fctx = ISC_LIST_HEAD(res->buckets[bucketnum].fctxs);
6596 fctx = ISC_LIST_NEXT(fctx, link)) {
6597 if (fctx_match(fctx, name, type, options))
6603 * Is this a duplicate?
6605 if (fctx != NULL && client != NULL) {
6606 dns_fetchevent_t *fevent;
6607 for (fevent = ISC_LIST_HEAD(fctx->events);
6609 fevent = ISC_LIST_NEXT(fevent, ev_link)) {
6610 if (fevent->client != NULL && fevent->id == id &&
6611 isc_sockaddr_equal(fevent->client, client)) {
6612 result = DNS_R_DUPLICATE;
6618 if (count >= res->spillatmin && res->spillatmin != 0) {
6619 if (count >= spillat)
6620 fctx->spilled = ISC_TRUE;
6621 if (fctx->spilled) {
6622 result = DNS_R_DROP;
6628 * If we didn't have a fetch, would attach to a done fetch, this
6629 * fetch has already cloned its results, or if the fetch has gone
6630 * "idle" (no one was interested in it), we need to start a new
6631 * fetch instead of joining with the existing one.
6634 fctx->state == fetchstate_done ||
6636 ISC_LIST_EMPTY(fctx->events)) {
6638 result = fctx_create(res, name, type, domain, nameservers,
6639 options, bucketnum, &fctx);
6640 if (result != ISC_R_SUCCESS)
6642 new_fctx = ISC_TRUE;
6645 result = fctx_join(fctx, task, client, id, action, arg,
6646 rdataset, sigrdataset, fetch);
6648 if (result == ISC_R_SUCCESS) {
6652 event = &fctx->control_event;
6653 ISC_EVENT_INIT(event, sizeof(*event), 0, NULL,
6654 DNS_EVENT_FETCHCONTROL,
6655 fctx_start, fctx, NULL,
6657 isc_task_send(res->buckets[bucketnum].task, &event);
6660 * We don't care about the result of fctx_destroy()
6661 * since we know we're not exiting.
6663 (void)fctx_destroy(fctx);
6668 UNLOCK(&res->buckets[bucketnum].lock);
6670 if (result == ISC_R_SUCCESS) {
6674 isc_mem_put(res->mctx, fetch, sizeof(*fetch));
6680 dns_resolver_cancelfetch(dns_fetch_t *fetch) {
6682 dns_resolver_t *res;
6683 dns_fetchevent_t *event, *next_event;
6686 REQUIRE(DNS_FETCH_VALID(fetch));
6687 fctx = fetch->private;
6688 REQUIRE(VALID_FCTX(fctx));
6691 FTRACE("cancelfetch");
6693 LOCK(&res->buckets[fctx->bucketnum].lock);
6696 * Find the completion event for this fetch (as opposed
6697 * to those for other fetches that have joined the same
6698 * fctx) and send it with result = ISC_R_CANCELED.
6701 if (fctx->state != fetchstate_done) {
6702 for (event = ISC_LIST_HEAD(fctx->events);
6704 event = next_event) {
6705 next_event = ISC_LIST_NEXT(event, ev_link);
6706 if (event->fetch == fetch) {
6707 ISC_LIST_UNLINK(fctx->events, event, ev_link);
6712 if (event != NULL) {
6713 etask = event->ev_sender;
6714 event->ev_sender = fctx;
6715 event->result = ISC_R_CANCELED;
6716 isc_task_sendanddetach(&etask, ISC_EVENT_PTR(&event));
6719 * The fctx continues running even if no fetches remain;
6720 * the answer is still cached.
6723 UNLOCK(&res->buckets[fctx->bucketnum].lock);
6727 dns_resolver_destroyfetch(dns_fetch_t **fetchp) {
6729 dns_resolver_t *res;
6730 dns_fetchevent_t *event, *next_event;
6732 unsigned int bucketnum;
6733 isc_boolean_t bucket_empty = ISC_FALSE;
6735 REQUIRE(fetchp != NULL);
6737 REQUIRE(DNS_FETCH_VALID(fetch));
6738 fctx = fetch->private;
6739 REQUIRE(VALID_FCTX(fctx));
6742 FTRACE("destroyfetch");
6744 bucketnum = fctx->bucketnum;
6745 LOCK(&res->buckets[bucketnum].lock);
6748 * Sanity check: the caller should have gotten its event before
6749 * trying to destroy the fetch.
6752 if (fctx->state != fetchstate_done) {
6753 for (event = ISC_LIST_HEAD(fctx->events);
6755 event = next_event) {
6756 next_event = ISC_LIST_NEXT(event, ev_link);
6757 RUNTIME_CHECK(event->fetch != fetch);
6761 INSIST(fctx->references > 0);
6763 if (fctx->references == 0) {
6765 * No one cares about the result of this fetch anymore.
6767 if (fctx->pending == 0 && fctx->nqueries == 0 &&
6768 ISC_LIST_EMPTY(fctx->validators) &&
6769 SHUTTINGDOWN(fctx)) {
6771 * This fctx is already shutdown; we were just
6772 * waiting for the last reference to go away.
6774 bucket_empty = fctx_destroy(fctx);
6777 * Initiate shutdown.
6779 fctx_shutdown(fctx);
6783 UNLOCK(&res->buckets[bucketnum].lock);
6785 isc_mem_put(res->mctx, fetch, sizeof(*fetch));
6793 dns_resolver_dispatchmgr(dns_resolver_t *resolver) {
6794 REQUIRE(VALID_RESOLVER(resolver));
6795 return (resolver->dispatchmgr);
6799 dns_resolver_dispatchv4(dns_resolver_t *resolver) {
6800 REQUIRE(VALID_RESOLVER(resolver));
6801 return (resolver->dispatchv4);
6805 dns_resolver_dispatchv6(dns_resolver_t *resolver) {
6806 REQUIRE(VALID_RESOLVER(resolver));
6807 return (resolver->dispatchv6);
6811 dns_resolver_socketmgr(dns_resolver_t *resolver) {
6812 REQUIRE(VALID_RESOLVER(resolver));
6813 return (resolver->socketmgr);
6817 dns_resolver_taskmgr(dns_resolver_t *resolver) {
6818 REQUIRE(VALID_RESOLVER(resolver));
6819 return (resolver->taskmgr);
6823 dns_resolver_getlamettl(dns_resolver_t *resolver) {
6824 REQUIRE(VALID_RESOLVER(resolver));
6825 return (resolver->lame_ttl);
6829 dns_resolver_setlamettl(dns_resolver_t *resolver, isc_uint32_t lame_ttl) {
6830 REQUIRE(VALID_RESOLVER(resolver));
6831 resolver->lame_ttl = lame_ttl;
6835 dns_resolver_nrunning(dns_resolver_t *resolver) {
6837 LOCK(&resolver->nlock);
6838 n = resolver->nfctx;
6839 UNLOCK(&resolver->nlock);
6844 dns_resolver_addalternate(dns_resolver_t *resolver, isc_sockaddr_t *alt,
6845 dns_name_t *name, in_port_t port) {
6847 isc_result_t result;
6849 REQUIRE(VALID_RESOLVER(resolver));
6850 REQUIRE(!resolver->frozen);
6851 REQUIRE((alt == NULL) ^ (name == NULL));
6853 a = isc_mem_get(resolver->mctx, sizeof(*a));
6855 return (ISC_R_NOMEMORY);
6857 a->isaddress = ISC_TRUE;
6860 a->isaddress = ISC_FALSE;
6861 a->_u._n.port = port;
6862 dns_name_init(&a->_u._n.name, NULL);
6863 result = dns_name_dup(name, resolver->mctx, &a->_u._n.name);
6864 if (result != ISC_R_SUCCESS) {
6865 isc_mem_put(resolver->mctx, a, sizeof(*a));
6869 ISC_LINK_INIT(a, link);
6870 ISC_LIST_APPEND(resolver->alternates, a, link);
6872 return (ISC_R_SUCCESS);
6876 dns_resolver_setudpsize(dns_resolver_t *resolver, isc_uint16_t udpsize) {
6877 REQUIRE(VALID_RESOLVER(resolver));
6878 resolver->udpsize = udpsize;
6882 dns_resolver_getudpsize(dns_resolver_t *resolver) {
6883 REQUIRE(VALID_RESOLVER(resolver));
6884 return (resolver->udpsize);
6888 free_algorithm(void *node, void *arg) {
6889 unsigned char *algorithms = node;
6890 isc_mem_t *mctx = arg;
6892 isc_mem_put(mctx, algorithms, *algorithms);
6896 dns_resolver_reset_algorithms(dns_resolver_t *resolver) {
6898 REQUIRE(VALID_RESOLVER(resolver));
6901 RWLOCK(&resolver->alglock, isc_rwlocktype_write);
6903 if (resolver->algorithms != NULL)
6904 dns_rbt_destroy(&resolver->algorithms);
6906 RWUNLOCK(&resolver->alglock, isc_rwlocktype_write);
6911 dns_resolver_disable_algorithm(dns_resolver_t *resolver, dns_name_t *name,
6914 unsigned int len, mask;
6916 unsigned char *algorithms;
6917 isc_result_t result;
6918 dns_rbtnode_t *node = NULL;
6920 REQUIRE(VALID_RESOLVER(resolver));
6922 return (ISC_R_RANGE);
6925 RWLOCK(&resolver->alglock, isc_rwlocktype_write);
6927 if (resolver->algorithms == NULL) {
6928 result = dns_rbt_create(resolver->mctx, free_algorithm,
6929 resolver->mctx, &resolver->algorithms);
6930 if (result != ISC_R_SUCCESS)
6935 mask = 1 << (alg%8);
6937 result = dns_rbt_addnode(resolver->algorithms, name, &node);
6939 if (result == ISC_R_SUCCESS || result == ISC_R_EXISTS) {
6940 algorithms = node->data;
6941 if (algorithms == NULL || len > *algorithms) {
6942 new = isc_mem_get(resolver->mctx, len);
6944 result = ISC_R_NOMEMORY;
6947 memset(new, 0, len);
6948 if (algorithms != NULL)
6949 memcpy(new, algorithms, *algorithms);
6953 if (algorithms != NULL)
6954 isc_mem_put(resolver->mctx, algorithms,
6957 algorithms[len-1] |= mask;
6959 result = ISC_R_SUCCESS;
6962 RWUNLOCK(&resolver->alglock, isc_rwlocktype_write);
6968 dns_resolver_algorithm_supported(dns_resolver_t *resolver, dns_name_t *name,
6971 unsigned int len, mask;
6972 unsigned char *algorithms;
6974 isc_result_t result;
6975 isc_boolean_t found = ISC_FALSE;
6977 REQUIRE(VALID_RESOLVER(resolver));
6980 RWLOCK(&resolver->alglock, isc_rwlocktype_read);
6982 if (resolver->algorithms == NULL)
6984 result = dns_rbt_findname(resolver->algorithms, name, 0, NULL, &data);
6985 if (result == ISC_R_SUCCESS || result == DNS_R_PARTIALMATCH) {
6987 mask = 1 << (alg%8);
6989 if (len <= *algorithms && (algorithms[len-1] & mask) != 0)
6994 RWUNLOCK(&resolver->alglock, isc_rwlocktype_read);
6998 return (dst_algorithm_supported(alg));
7002 dns_resolver_digest_supported(dns_resolver_t *resolver, unsigned int digest) {
7005 return (dns_ds_digest_supported(digest));
7009 dns_resolver_resetmustbesecure(dns_resolver_t *resolver) {
7011 REQUIRE(VALID_RESOLVER(resolver));
7014 RWLOCK(&resolver->mbslock, isc_rwlocktype_write);
7016 if (resolver->mustbesecure != NULL)
7017 dns_rbt_destroy(&resolver->mustbesecure);
7019 RWUNLOCK(&resolver->mbslock, isc_rwlocktype_write);
7023 static isc_boolean_t yes = ISC_TRUE, no = ISC_FALSE;
7026 dns_resolver_setmustbesecure(dns_resolver_t *resolver, dns_name_t *name,
7027 isc_boolean_t value)
7029 isc_result_t result;
7031 REQUIRE(VALID_RESOLVER(resolver));
7034 RWLOCK(&resolver->mbslock, isc_rwlocktype_write);
7036 if (resolver->mustbesecure == NULL) {
7037 result = dns_rbt_create(resolver->mctx, NULL, NULL,
7038 &resolver->mustbesecure);
7039 if (result != ISC_R_SUCCESS)
7042 result = dns_rbt_addname(resolver->mustbesecure, name,
7043 value ? &yes : &no);
7046 RWUNLOCK(&resolver->mbslock, isc_rwlocktype_write);
7052 dns_resolver_getmustbesecure(dns_resolver_t *resolver, dns_name_t *name) {
7054 isc_boolean_t value = ISC_FALSE;
7055 isc_result_t result;
7057 REQUIRE(VALID_RESOLVER(resolver));
7060 RWLOCK(&resolver->mbslock, isc_rwlocktype_read);
7062 if (resolver->mustbesecure == NULL)
7064 result = dns_rbt_findname(resolver->mustbesecure, name, 0, NULL, &data);
7065 if (result == ISC_R_SUCCESS || result == DNS_R_PARTIALMATCH)
7066 value = *(isc_boolean_t*)data;
7069 RWUNLOCK(&resolver->mbslock, isc_rwlocktype_read);
7075 dns_resolver_getclientsperquery(dns_resolver_t *resolver, isc_uint32_t *cur,
7076 isc_uint32_t *min, isc_uint32_t *max)
7078 REQUIRE(VALID_RESOLVER(resolver));
7080 LOCK(&resolver->lock);
7082 *cur = resolver->spillat;
7084 *min = resolver->spillatmin;
7086 *max = resolver->spillatmax;
7087 UNLOCK(&resolver->lock);
7091 dns_resolver_setclientsperquery(dns_resolver_t *resolver, isc_uint32_t min,
7094 REQUIRE(VALID_RESOLVER(resolver));
7096 LOCK(&resolver->lock);
7097 resolver->spillatmin = resolver->spillat = min;
7098 resolver->spillatmax = max;
7099 UNLOCK(&resolver->lock);
7103 dns_resolver_getzeronosoattl(dns_resolver_t *resolver) {
7104 REQUIRE(VALID_RESOLVER(resolver));
7106 return (resolver->zero_no_soa_ttl);
7110 dns_resolver_setzeronosoattl(dns_resolver_t *resolver, isc_boolean_t state) {
7111 REQUIRE(VALID_RESOLVER(resolver));
7113 resolver->zero_no_soa_ttl = state;