2 * Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC")
3 * Copyright (C) 1999-2003 Internet Software Consortium.
5 * Permission to use, copy, modify, and distribute this software for any
6 * purpose with or without fee is hereby granted, provided that the above
7 * copyright notice and this permission notice appear in all copies.
9 * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
10 * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
11 * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
12 * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
13 * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
14 * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
15 * PERFORMANCE OF THIS SOFTWARE.
18 /* $Id: resolver.c,v 1.218.2.18.4.56 2005/10/14 01:38:48 marka Exp $ */
22 #include <isc/print.h>
23 #include <isc/string.h>
25 #include <isc/timer.h>
31 #include <dns/dispatch.h>
32 #include <dns/events.h>
33 #include <dns/forward.h>
34 #include <dns/keytable.h>
36 #include <dns/message.h>
37 #include <dns/ncache.h>
38 #include <dns/opcode.h>
41 #include <dns/rcode.h>
42 #include <dns/rdata.h>
43 #include <dns/rdataclass.h>
44 #include <dns/rdatalist.h>
45 #include <dns/rdataset.h>
46 #include <dns/rdatastruct.h>
47 #include <dns/rdatatype.h>
48 #include <dns/resolver.h>
49 #include <dns/result.h>
51 #include <dns/validator.h>
53 #define DNS_RESOLVER_TRACE
54 #ifdef DNS_RESOLVER_TRACE
55 #define RTRACE(m) isc_log_write(dns_lctx, \
56 DNS_LOGCATEGORY_RESOLVER, \
57 DNS_LOGMODULE_RESOLVER, \
59 "res %p: %s", res, (m))
60 #define RRTRACE(r, m) isc_log_write(dns_lctx, \
61 DNS_LOGCATEGORY_RESOLVER, \
62 DNS_LOGMODULE_RESOLVER, \
64 "res %p: %s", (r), (m))
65 #define FCTXTRACE(m) isc_log_write(dns_lctx, \
66 DNS_LOGCATEGORY_RESOLVER, \
67 DNS_LOGMODULE_RESOLVER, \
69 "fctx %p(%s'): %s", fctx, fctx->info, (m))
70 #define FCTXTRACE2(m1, m2) \
71 isc_log_write(dns_lctx, \
72 DNS_LOGCATEGORY_RESOLVER, \
73 DNS_LOGMODULE_RESOLVER, \
75 "fctx %p(%s): %s %s", \
76 fctx, fctx->info, (m1), (m2))
77 #define FTRACE(m) isc_log_write(dns_lctx, \
78 DNS_LOGCATEGORY_RESOLVER, \
79 DNS_LOGMODULE_RESOLVER, \
81 "fetch %p (fctx %p(%s)): %s", \
82 fetch, fetch->private, \
83 fetch->private->info, (m))
84 #define QTRACE(m) isc_log_write(dns_lctx, \
85 DNS_LOGCATEGORY_RESOLVER, \
86 DNS_LOGMODULE_RESOLVER, \
88 "resquery %p (fctx %p(%s)): %s", \
90 query->fctx->info, (m))
100 * Maximum EDNS0 input packet size.
102 #define RECV_BUFFER_SIZE 4096 /* XXXRTH Constant. */
105 * This defines the maximum number of timeouts we will permit before we
106 * disable EDNS0 on the query.
108 #define MAX_EDNS0_TIMEOUTS 3
110 typedef struct fetchctx fetchctx_t;
112 typedef struct query {
113 /* Locked by task event serialization. */
117 dns_dispatchmgr_t * dispatchmgr;
118 dns_dispatch_t * dispatch;
119 dns_adbaddrinfo_t * addrinfo;
120 isc_socket_t * tcpsocket;
123 dns_dispentry_t * dispentry;
124 ISC_LINK(struct query) link;
127 dns_tsigkey_t *tsigkey;
128 unsigned int options;
129 unsigned int attributes;
131 unsigned int connects;
132 unsigned char data[512];
135 #define QUERY_MAGIC ISC_MAGIC('Q', '!', '!', '!')
136 #define VALID_QUERY(query) ISC_MAGIC_VALID(query, QUERY_MAGIC)
138 #define RESQUERY_ATTR_CANCELED 0x02
140 #define RESQUERY_CONNECTING(q) ((q)->connects > 0)
141 #define RESQUERY_CANCELED(q) (((q)->attributes & \
142 RESQUERY_ATTR_CANCELED) != 0)
143 #define RESQUERY_SENDING(q) ((q)->sends > 0)
146 fetchstate_init = 0, /* Start event has not run yet. */
148 fetchstate_done /* FETCHDONE events posted. */
154 dns_resolver_t * res;
156 dns_rdatatype_t type;
157 unsigned int options;
158 unsigned int bucketnum;
160 /* Locked by appropriate bucket lock. */
162 isc_boolean_t want_shutdown;
163 isc_boolean_t cloned;
164 unsigned int references;
165 isc_event_t control_event;
166 ISC_LINK(struct fetchctx) link;
167 ISC_LIST(dns_fetchevent_t) events;
168 /* Locked by task event serialization. */
170 dns_rdataset_t nameservers;
171 unsigned int attributes;
174 isc_interval_t interval;
175 dns_message_t * qmessage;
176 dns_message_t * rmessage;
177 ISC_LIST(resquery_t) queries;
178 dns_adbfindlist_t finds;
179 dns_adbfind_t * find;
180 dns_adbfindlist_t altfinds;
181 dns_adbfind_t * altfind;
182 dns_adbaddrinfolist_t forwaddrs;
183 dns_adbaddrinfolist_t altaddrs;
184 isc_sockaddrlist_t forwarders;
185 dns_fwdpolicy_t fwdpolicy;
186 isc_sockaddrlist_t bad;
187 ISC_LIST(dns_validator_t) validators;
192 * The number of events we're waiting for.
194 unsigned int pending;
197 * The number of times we've "restarted" the current
198 * nameserver set. This acts as a failsafe to prevent
199 * us from pounding constantly on a particular set of
200 * servers that, for whatever reason, are not giving
201 * us useful responses, but are responding in such a
202 * way that they are not marked "bad".
204 unsigned int restarts;
207 * The number of timeouts that have occurred since we
208 * last successfully received a response packet. This
209 * is used for EDNS0 black hole detection.
211 unsigned int timeouts;
213 * Look aside state for DS lookups.
216 dns_fetch_t * nsfetch;
217 dns_rdataset_t nsrrset;
220 #define FCTX_MAGIC ISC_MAGIC('F', '!', '!', '!')
221 #define VALID_FCTX(fctx) ISC_MAGIC_VALID(fctx, FCTX_MAGIC)
223 #define FCTX_ATTR_HAVEANSWER 0x0001
224 #define FCTX_ATTR_GLUING 0x0002
225 #define FCTX_ATTR_ADDRWAIT 0x0004
226 #define FCTX_ATTR_SHUTTINGDOWN 0x0008
227 #define FCTX_ATTR_WANTCACHE 0x0010
228 #define FCTX_ATTR_WANTNCACHE 0x0020
229 #define FCTX_ATTR_NEEDEDNS0 0x0040
230 #define FCTX_ATTR_TRIEDFIND 0x0080
231 #define FCTX_ATTR_TRIEDALT 0x0100
233 #define HAVE_ANSWER(f) (((f)->attributes & FCTX_ATTR_HAVEANSWER) != \
235 #define GLUING(f) (((f)->attributes & FCTX_ATTR_GLUING) != \
237 #define ADDRWAIT(f) (((f)->attributes & FCTX_ATTR_ADDRWAIT) != \
239 #define SHUTTINGDOWN(f) (((f)->attributes & FCTX_ATTR_SHUTTINGDOWN) \
241 #define WANTCACHE(f) (((f)->attributes & FCTX_ATTR_WANTCACHE) != 0)
242 #define WANTNCACHE(f) (((f)->attributes & FCTX_ATTR_WANTNCACHE) != 0)
243 #define NEEDEDNS0(f) (((f)->attributes & FCTX_ATTR_NEEDEDNS0) != 0)
244 #define TRIEDFIND(f) (((f)->attributes & FCTX_ATTR_TRIEDFIND) != 0)
245 #define TRIEDALT(f) (((f)->attributes & FCTX_ATTR_TRIEDALT) != 0)
248 dns_adbaddrinfo_t * addrinfo;
254 fetchctx_t * private;
257 #define DNS_FETCH_MAGIC ISC_MAGIC('F', 't', 'c', 'h')
258 #define DNS_FETCH_VALID(fetch) ISC_MAGIC_VALID(fetch, DNS_FETCH_MAGIC)
260 typedef struct fctxbucket {
263 ISC_LIST(fetchctx_t) fctxs;
264 isc_boolean_t exiting;
267 typedef struct alternate {
268 isc_boolean_t isaddress;
276 ISC_LINK(struct alternate) link;
279 struct dns_resolver {
285 isc_mutex_t primelock;
286 dns_rdataclass_t rdclass;
287 isc_socketmgr_t * socketmgr;
288 isc_timermgr_t * timermgr;
289 isc_taskmgr_t * taskmgr;
291 isc_boolean_t frozen;
292 unsigned int options;
293 dns_dispatchmgr_t * dispatchmgr;
294 dns_dispatch_t * dispatchv4;
295 dns_dispatch_t * dispatchv6;
296 unsigned int nbuckets;
297 fctxbucket_t * buckets;
298 isc_uint32_t lame_ttl;
299 ISC_LIST(alternate_t) alternates;
300 isc_uint16_t udpsize;
302 isc_rwlock_t alglock;
304 dns_rbt_t * algorithms;
306 isc_rwlock_t mbslock;
308 dns_rbt_t * mustbesecure;
309 /* Locked by lock. */
310 unsigned int references;
311 isc_boolean_t exiting;
312 isc_eventlist_t whenshutdown;
313 unsigned int activebuckets;
314 isc_boolean_t priming;
315 /* Locked by primelock. */
316 dns_fetch_t * primefetch;
317 /* Locked by nlock. */
321 #define RES_MAGIC ISC_MAGIC('R', 'e', 's', '!')
322 #define VALID_RESOLVER(res) ISC_MAGIC_VALID(res, RES_MAGIC)
325 * Private addrinfo flags. These must not conflict with DNS_FETCHOPT_NOEDNS0,
326 * which we also use as an addrinfo flag.
328 #define FCTX_ADDRINFO_MARK 0x0001
329 #define FCTX_ADDRINFO_FORWARDER 0x1000
330 #define UNMARKED(a) (((a)->flags & FCTX_ADDRINFO_MARK) \
332 #define ISFORWARDER(a) (((a)->flags & \
333 FCTX_ADDRINFO_FORWARDER) != 0)
335 #define NXDOMAIN(r) (((r)->attributes & DNS_RDATASETATTR_NXDOMAIN) != 0)
337 static void destroy(dns_resolver_t *res);
338 static void empty_bucket(dns_resolver_t *res);
339 static isc_result_t resquery_send(resquery_t *query);
340 static void resquery_response(isc_task_t *task, isc_event_t *event);
341 static void resquery_connected(isc_task_t *task, isc_event_t *event);
342 static void fctx_try(fetchctx_t *fctx);
343 static isc_boolean_t fctx_destroy(fetchctx_t *fctx);
344 static isc_result_t ncache_adderesult(dns_message_t *message,
345 dns_db_t *cache, dns_dbnode_t *node,
346 dns_rdatatype_t covers,
347 isc_stdtime_t now, dns_ttl_t maxttl,
348 dns_rdataset_t *ardataset,
349 isc_result_t *eresultp);
350 static void validated(isc_task_t *task, isc_event_t *event);
353 valcreate(fetchctx_t *fctx, dns_adbaddrinfo_t *addrinfo, dns_name_t *name,
354 dns_rdatatype_t type, dns_rdataset_t *rdataset,
355 dns_rdataset_t *sigrdataset, unsigned int valoptions,
358 dns_validator_t *validator = NULL;
359 dns_valarg_t *valarg;
362 valarg = isc_mem_get(fctx->res->mctx, sizeof(*valarg));
364 return (ISC_R_NOMEMORY);
367 valarg->addrinfo = addrinfo;
369 result = dns_validator_create(fctx->res->view, name, type, rdataset,
370 sigrdataset, fctx->rmessage,
371 valoptions, task, validated, valarg,
373 if (result == ISC_R_SUCCESS)
374 ISC_LIST_APPEND(fctx->validators, validator, link);
376 isc_mem_put(fctx->res->mctx, valarg, sizeof(*valarg));
381 fix_mustbedelegationornxdomain(dns_message_t *message, fetchctx_t *fctx) {
383 dns_name_t *domain = &fctx->domain;
384 dns_rdataset_t *rdataset;
385 dns_rdatatype_t type;
387 isc_boolean_t keep_auth = ISC_FALSE;
389 if (message->rcode == dns_rcode_nxdomain)
393 * Look for BIND 8 style delegations.
394 * Also look for answers to ANY queries where the duplicate NS RRset
395 * may have been stripped from the authority section.
397 if (message->counts[DNS_SECTION_ANSWER] != 0 &&
398 (fctx->type == dns_rdatatype_ns ||
399 fctx->type == dns_rdatatype_any)) {
400 result = dns_message_firstname(message, DNS_SECTION_ANSWER);
401 while (result == ISC_R_SUCCESS) {
403 dns_message_currentname(message, DNS_SECTION_ANSWER,
405 for (rdataset = ISC_LIST_HEAD(name->list);
407 rdataset = ISC_LIST_NEXT(rdataset, link)) {
408 type = rdataset->type;
409 if (type != dns_rdatatype_ns)
411 if (dns_name_issubdomain(name, domain))
414 result = dns_message_nextname(message,
419 /* Look for referral. */
420 if (message->counts[DNS_SECTION_AUTHORITY] == 0)
423 result = dns_message_firstname(message, DNS_SECTION_AUTHORITY);
424 while (result == ISC_R_SUCCESS) {
426 dns_message_currentname(message, DNS_SECTION_AUTHORITY, &name);
427 for (rdataset = ISC_LIST_HEAD(name->list);
429 rdataset = ISC_LIST_NEXT(rdataset, link)) {
430 type = rdataset->type;
431 if (type == dns_rdatatype_soa &&
432 dns_name_equal(name, domain))
433 keep_auth = ISC_TRUE;
434 if (type != dns_rdatatype_ns &&
435 type != dns_rdatatype_soa)
437 if (dns_name_equal(name, domain))
439 if (dns_name_issubdomain(name, domain))
442 result = dns_message_nextname(message, DNS_SECTION_AUTHORITY);
446 message->rcode = dns_rcode_nxdomain;
447 message->counts[DNS_SECTION_ANSWER] = 0;
449 message->counts[DNS_SECTION_AUTHORITY] = 0;
450 message->counts[DNS_SECTION_ADDITIONAL] = 0;
454 static inline isc_result_t
455 fctx_starttimer(fetchctx_t *fctx) {
457 * Start the lifetime timer for fctx.
459 * This is also used for stopping the idle timer; in that
460 * case we must purge events already posted to ensure that
461 * no further idle events are delivered.
463 return (isc_timer_reset(fctx->timer, isc_timertype_once,
464 &fctx->expires, NULL,
469 fctx_stoptimer(fetchctx_t *fctx) {
473 * We don't return a result if resetting the timer to inactive fails
474 * since there's nothing to be done about it. Resetting to inactive
475 * should never fail anyway, since the code as currently written
476 * cannot fail in that case.
478 result = isc_timer_reset(fctx->timer, isc_timertype_inactive,
479 NULL, NULL, ISC_TRUE);
480 if (result != ISC_R_SUCCESS) {
481 UNEXPECTED_ERROR(__FILE__, __LINE__,
482 "isc_timer_reset(): %s",
483 isc_result_totext(result));
488 static inline isc_result_t
489 fctx_startidletimer(fetchctx_t *fctx) {
491 * Start the idle timer for fctx. The lifetime timer continues
494 return (isc_timer_reset(fctx->timer, isc_timertype_once,
495 &fctx->expires, &fctx->interval,
500 * Stopping the idle timer is equivalent to calling fctx_starttimer(), but
501 * we use fctx_stopidletimer for readability in the code below.
503 #define fctx_stopidletimer fctx_starttimer
507 resquery_destroy(resquery_t **queryp) {
510 REQUIRE(queryp != NULL);
512 REQUIRE(!ISC_LINK_LINKED(query, link));
514 INSIST(query->tcpsocket == NULL);
517 isc_mem_put(query->mctx, query, sizeof(*query));
522 fctx_cancelquery(resquery_t **queryp, dns_dispatchevent_t **deventp,
523 isc_time_t *finish, isc_boolean_t no_response)
530 dns_adbaddrinfo_t *addrinfo;
535 FCTXTRACE("cancelquery");
537 REQUIRE(!RESQUERY_CANCELED(query));
539 query->attributes |= RESQUERY_ATTR_CANCELED;
542 * Should we update the RTT?
544 if (finish != NULL || no_response) {
545 if (finish != NULL) {
547 * We have both the start and finish times for this
548 * packet, so we can compute a real RTT.
550 rtt = (unsigned int)isc_time_microdiff(finish,
552 factor = DNS_ADB_RTTADJDEFAULT;
555 * We don't have an RTT for this query. Maybe the
556 * packet was lost, or maybe this server is very
557 * slow. We don't know. Increase the RTT.
560 rtt = query->addrinfo->srtt +
561 (200000 * fctx->restarts);
565 * Replace the current RTT with our value.
567 factor = DNS_ADB_RTTADJREPLACE;
569 dns_adb_adjustsrtt(fctx->adb, query->addrinfo, rtt, factor);
573 * Age RTTs of servers not tried.
575 factor = DNS_ADB_RTTADJAGE;
577 for (addrinfo = ISC_LIST_HEAD(fctx->forwaddrs);
579 addrinfo = ISC_LIST_NEXT(addrinfo, publink))
580 if (UNMARKED(addrinfo))
581 dns_adb_adjustsrtt(fctx->adb, addrinfo,
584 if (finish != NULL && TRIEDFIND(fctx))
585 for (find = ISC_LIST_HEAD(fctx->finds);
587 find = ISC_LIST_NEXT(find, publink))
588 for (addrinfo = ISC_LIST_HEAD(find->list);
590 addrinfo = ISC_LIST_NEXT(addrinfo, publink))
591 if (UNMARKED(addrinfo))
592 dns_adb_adjustsrtt(fctx->adb, addrinfo,
595 if (finish != NULL && TRIEDALT(fctx)) {
596 for (addrinfo = ISC_LIST_HEAD(fctx->altaddrs);
598 addrinfo = ISC_LIST_NEXT(addrinfo, publink))
599 if (UNMARKED(addrinfo))
600 dns_adb_adjustsrtt(fctx->adb, addrinfo,
602 for (find = ISC_LIST_HEAD(fctx->altfinds);
604 find = ISC_LIST_NEXT(find, publink))
605 for (addrinfo = ISC_LIST_HEAD(find->list);
607 addrinfo = ISC_LIST_NEXT(addrinfo, publink))
608 if (UNMARKED(addrinfo))
609 dns_adb_adjustsrtt(fctx->adb, addrinfo,
613 if (query->dispentry != NULL)
614 dns_dispatch_removeresponse(&query->dispentry, deventp);
616 ISC_LIST_UNLINK(fctx->queries, query, link);
618 if (query->tsig != NULL)
619 isc_buffer_free(&query->tsig);
621 if (query->tsigkey != NULL)
622 dns_tsigkey_detach(&query->tsigkey);
625 * Check for any outstanding socket events. If they exist, cancel
626 * them and let the event handlers finish the cleanup. The resolver
627 * only needs to worry about managing the connect and send events;
628 * the dispatcher manages the recv events.
630 if (RESQUERY_CONNECTING(query))
632 * Cancel the connect.
634 isc_socket_cancel(query->tcpsocket, NULL,
635 ISC_SOCKCANCEL_CONNECT);
636 else if (RESQUERY_SENDING(query))
638 * Cancel the pending send.
640 isc_socket_cancel(dns_dispatch_getsocket(query->dispatch),
641 NULL, ISC_SOCKCANCEL_SEND);
643 if (query->dispatch != NULL)
644 dns_dispatch_detach(&query->dispatch);
646 if (! (RESQUERY_CONNECTING(query) || RESQUERY_SENDING(query)))
648 * It's safe to destroy the query now.
650 resquery_destroy(&query);
654 fctx_cancelqueries(fetchctx_t *fctx, isc_boolean_t no_response) {
655 resquery_t *query, *next_query;
657 FCTXTRACE("cancelqueries");
659 for (query = ISC_LIST_HEAD(fctx->queries);
661 query = next_query) {
662 next_query = ISC_LIST_NEXT(query, link);
663 fctx_cancelquery(&query, NULL, NULL, no_response);
668 fctx_cleanupfinds(fetchctx_t *fctx) {
669 dns_adbfind_t *find, *next_find;
671 REQUIRE(ISC_LIST_EMPTY(fctx->queries));
673 for (find = ISC_LIST_HEAD(fctx->finds);
676 next_find = ISC_LIST_NEXT(find, publink);
677 ISC_LIST_UNLINK(fctx->finds, find, publink);
678 dns_adb_destroyfind(&find);
684 fctx_cleanupaltfinds(fetchctx_t *fctx) {
685 dns_adbfind_t *find, *next_find;
687 REQUIRE(ISC_LIST_EMPTY(fctx->queries));
689 for (find = ISC_LIST_HEAD(fctx->altfinds);
692 next_find = ISC_LIST_NEXT(find, publink);
693 ISC_LIST_UNLINK(fctx->altfinds, find, publink);
694 dns_adb_destroyfind(&find);
696 fctx->altfind = NULL;
700 fctx_cleanupforwaddrs(fetchctx_t *fctx) {
701 dns_adbaddrinfo_t *addr, *next_addr;
703 REQUIRE(ISC_LIST_EMPTY(fctx->queries));
705 for (addr = ISC_LIST_HEAD(fctx->forwaddrs);
708 next_addr = ISC_LIST_NEXT(addr, publink);
709 ISC_LIST_UNLINK(fctx->forwaddrs, addr, publink);
710 dns_adb_freeaddrinfo(fctx->adb, &addr);
715 fctx_cleanupaltaddrs(fetchctx_t *fctx) {
716 dns_adbaddrinfo_t *addr, *next_addr;
718 REQUIRE(ISC_LIST_EMPTY(fctx->queries));
720 for (addr = ISC_LIST_HEAD(fctx->altaddrs);
723 next_addr = ISC_LIST_NEXT(addr, publink);
724 ISC_LIST_UNLINK(fctx->altaddrs, addr, publink);
725 dns_adb_freeaddrinfo(fctx->adb, &addr);
730 fctx_stopeverything(fetchctx_t *fctx, isc_boolean_t no_response) {
731 FCTXTRACE("stopeverything");
732 fctx_cancelqueries(fctx, no_response);
733 fctx_cleanupfinds(fctx);
734 fctx_cleanupaltfinds(fctx);
735 fctx_cleanupforwaddrs(fctx);
736 fctx_cleanupaltaddrs(fctx);
737 fctx_stoptimer(fctx);
741 fctx_sendevents(fetchctx_t *fctx, isc_result_t result) {
742 dns_fetchevent_t *event, *next_event;
746 * Caller must be holding the appropriate bucket lock.
748 REQUIRE(fctx->state == fetchstate_done);
750 FCTXTRACE("sendevents");
752 for (event = ISC_LIST_HEAD(fctx->events);
754 event = next_event) {
755 next_event = ISC_LIST_NEXT(event, ev_link);
756 ISC_LIST_UNLINK(fctx->events, event, ev_link);
757 task = event->ev_sender;
758 event->ev_sender = fctx;
759 if (!HAVE_ANSWER(fctx))
760 event->result = result;
762 INSIST(result != ISC_R_SUCCESS ||
763 dns_rdataset_isassociated(event->rdataset) ||
764 fctx->type == dns_rdatatype_any ||
765 fctx->type == dns_rdatatype_rrsig);
767 isc_task_sendanddetach(&task, ISC_EVENT_PTR(&event));
772 fctx_done(fetchctx_t *fctx, isc_result_t result) {
774 isc_boolean_t no_response;
780 if (result == ISC_R_SUCCESS)
781 no_response = ISC_TRUE;
783 no_response = ISC_FALSE;
784 fctx_stopeverything(fctx, no_response);
786 LOCK(&res->buckets[fctx->bucketnum].lock);
788 fctx->state = fetchstate_done;
789 fctx->attributes &= ~FCTX_ATTR_ADDRWAIT;
790 fctx_sendevents(fctx, result);
792 UNLOCK(&res->buckets[fctx->bucketnum].lock);
796 resquery_senddone(isc_task_t *task, isc_event_t *event) {
797 isc_socketevent_t *sevent = (isc_socketevent_t *)event;
798 resquery_t *query = event->ev_arg;
799 isc_boolean_t retry = ISC_FALSE;
803 REQUIRE(event->ev_type == ISC_SOCKEVENT_SENDDONE);
810 * Currently we don't wait for the senddone event before retrying
811 * a query. This means that if we get really behind, we may end
812 * up doing extra work!
817 INSIST(RESQUERY_SENDING(query));
822 if (RESQUERY_CANCELED(query)) {
823 if (query->sends == 0) {
825 * This query was canceled while the
826 * isc_socket_sendto() was in progress.
828 if (query->tcpsocket != NULL)
829 isc_socket_detach(&query->tcpsocket);
830 resquery_destroy(&query);
833 switch (sevent->result) {
837 case ISC_R_HOSTUNREACH:
838 case ISC_R_NETUNREACH:
840 case ISC_R_ADDRNOTAVAIL:
841 case ISC_R_CONNREFUSED:
844 * No route to remote.
846 fctx_cancelquery(&query, NULL, NULL, ISC_TRUE);
851 fctx_cancelquery(&query, NULL, NULL, ISC_FALSE);
855 isc_event_free(&event);
859 * Behave as if the idle timer has expired. For TCP
860 * this may not actually reflect the latest timer.
862 fctx->attributes &= ~FCTX_ATTR_ADDRWAIT;
863 result = fctx_stopidletimer(fctx);
864 if (result != ISC_R_SUCCESS)
865 fctx_done(fctx, result);
871 static inline isc_result_t
872 fctx_addopt(dns_message_t *message, dns_resolver_t *res) {
873 dns_rdataset_t *rdataset;
874 dns_rdatalist_t *rdatalist;
879 result = dns_message_gettemprdatalist(message, &rdatalist);
880 if (result != ISC_R_SUCCESS)
883 result = dns_message_gettemprdata(message, &rdata);
884 if (result != ISC_R_SUCCESS)
887 result = dns_message_gettemprdataset(message, &rdataset);
888 if (result != ISC_R_SUCCESS)
890 dns_rdataset_init(rdataset);
892 rdatalist->type = dns_rdatatype_opt;
893 rdatalist->covers = 0;
896 * Set Maximum UDP buffer size.
898 rdatalist->rdclass = res->udpsize;
901 * Set EXTENDED-RCODE, VERSION, and Z to 0, and the DO bit to 1.
903 rdatalist->ttl = DNS_MESSAGEEXTFLAG_DO;
910 rdata->rdclass = rdatalist->rdclass;
911 rdata->type = rdatalist->type;
914 ISC_LIST_INIT(rdatalist->rdata);
915 ISC_LIST_APPEND(rdatalist->rdata, rdata, link);
916 RUNTIME_CHECK(dns_rdatalist_tordataset(rdatalist, rdataset) == ISC_R_SUCCESS);
918 return (dns_message_setopt(message, rdataset));
922 fctx_setretryinterval(fetchctx_t *fctx, unsigned int rtt) {
923 unsigned int seconds;
926 * We retry every 2 seconds the first two times through the address
927 * list, and then we do exponential back-off.
929 if (fctx->restarts < 3)
932 seconds = (2 << (fctx->restarts - 1));
935 * Double the round-trip time and convert to seconds.
940 * Always wait for at least the doubled round-trip time.
946 * But don't ever wait for more than 30 seconds.
951 isc_interval_set(&fctx->interval, seconds, 0);
955 fctx_query(fetchctx_t *fctx, dns_adbaddrinfo_t *addrinfo,
956 unsigned int options)
966 task = res->buckets[fctx->bucketnum].task;
968 fctx_setretryinterval(fctx, addrinfo->srtt);
969 result = fctx_startidletimer(fctx);
970 if (result != ISC_R_SUCCESS)
973 dns_message_reset(fctx->rmessage, DNS_MESSAGE_INTENTPARSE);
975 query = isc_mem_get(res->mctx, sizeof(*query));
977 result = ISC_R_NOMEMORY;
978 goto stop_idle_timer;
980 query->mctx = res->mctx;
981 query->options = options;
982 query->attributes = 0;
986 * Note that the caller MUST guarantee that 'addrinfo' will remain
987 * valid until this query is canceled.
989 query->addrinfo = addrinfo;
990 TIME_NOW(&query->start);
993 * If this is a TCP query, then we need to make a socket and
994 * a dispatch for it here. Otherwise we use the resolver's
997 query->dispatchmgr = res->dispatchmgr;
998 query->dispatch = NULL;
999 query->tcpsocket = NULL;
1000 if ((query->options & DNS_FETCHOPT_TCP) != 0) {
1001 isc_sockaddr_t addr;
1004 pf = isc_sockaddr_pf(&addrinfo->sockaddr);
1008 result = dns_dispatch_getlocaladdress(res->dispatchv4,
1012 result = dns_dispatch_getlocaladdress(res->dispatchv6,
1016 result = ISC_R_NOTIMPLEMENTED;
1019 if (result != ISC_R_SUCCESS)
1022 isc_sockaddr_setport(&addr, 0);
1024 result = isc_socket_create(res->socketmgr, pf,
1027 if (result != ISC_R_SUCCESS)
1030 result = isc_socket_bind(query->tcpsocket, &addr);
1031 if (result != ISC_R_SUCCESS)
1032 goto cleanup_socket;
1035 * A dispatch will be created once the connect succeeds.
1038 switch (isc_sockaddr_pf(&addrinfo->sockaddr)) {
1040 dns_dispatch_attach(res->dispatchv4, &query->dispatch);
1043 dns_dispatch_attach(res->dispatchv6, &query->dispatch);
1046 result = ISC_R_NOTIMPLEMENTED;
1050 * We should always have a valid dispatcher here. If we
1051 * don't support a protocol family, then its dispatcher
1052 * will be NULL, but we shouldn't be finding addresses for
1053 * protocol types we don't support, so the dispatcher
1054 * we found should never be NULL.
1056 INSIST(query->dispatch != NULL);
1059 query->dispentry = NULL;
1062 query->tsigkey = NULL;
1063 ISC_LINK_INIT(query, link);
1064 query->magic = QUERY_MAGIC;
1066 if ((query->options & DNS_FETCHOPT_TCP) != 0) {
1068 * Connect to the remote server.
1070 * XXXRTH Should we attach to the socket?
1072 result = isc_socket_connect(query->tcpsocket,
1073 &addrinfo->sockaddr, task,
1074 resquery_connected, query);
1075 if (result != ISC_R_SUCCESS)
1076 goto cleanup_socket;
1078 QTRACE("connecting via TCP");
1080 result = resquery_send(query);
1081 if (result != ISC_R_SUCCESS)
1082 goto cleanup_dispatch;
1085 ISC_LIST_APPEND(fctx->queries, query, link);
1087 return (ISC_R_SUCCESS);
1090 isc_socket_detach(&query->tcpsocket);
1093 if (query->dispatch != NULL)
1094 dns_dispatch_detach(&query->dispatch);
1098 isc_mem_put(res->mctx, query, sizeof(*query));
1101 RUNTIME_CHECK(fctx_stopidletimer(fctx) == ISC_R_SUCCESS);
1107 resquery_send(resquery_t *query) {
1109 isc_result_t result;
1110 dns_name_t *qname = NULL;
1111 dns_rdataset_t *qrdataset = NULL;
1113 dns_resolver_t *res;
1115 isc_socket_t *socket;
1116 isc_buffer_t tcpbuffer;
1117 isc_sockaddr_t *address;
1118 isc_buffer_t *buffer;
1119 isc_netaddr_t ipaddr;
1120 dns_tsigkey_t *tsigkey = NULL;
1121 dns_peer_t *peer = NULL;
1122 isc_boolean_t useedns;
1123 dns_compress_t cctx;
1124 isc_boolean_t cleanup_cctx = ISC_FALSE;
1125 isc_boolean_t secure_domain;
1131 task = res->buckets[fctx->bucketnum].task;
1134 if ((query->options & DNS_FETCHOPT_TCP) != 0) {
1136 * Reserve space for the TCP message length.
1138 isc_buffer_init(&tcpbuffer, query->data, sizeof(query->data));
1139 isc_buffer_init(&query->buffer, query->data + 2,
1140 sizeof(query->data) - 2);
1141 buffer = &tcpbuffer;
1143 isc_buffer_init(&query->buffer, query->data,
1144 sizeof(query->data));
1145 buffer = &query->buffer;
1148 result = dns_message_gettempname(fctx->qmessage, &qname);
1149 if (result != ISC_R_SUCCESS)
1151 result = dns_message_gettemprdataset(fctx->qmessage, &qrdataset);
1152 if (result != ISC_R_SUCCESS)
1156 * Get a query id from the dispatch.
1158 result = dns_dispatch_addresponse(query->dispatch,
1159 &query->addrinfo->sockaddr,
1165 if (result != ISC_R_SUCCESS)
1168 fctx->qmessage->opcode = dns_opcode_query;
1173 dns_name_init(qname, NULL);
1174 dns_name_clone(&fctx->name, qname);
1175 dns_rdataset_init(qrdataset);
1176 dns_rdataset_makequestion(qrdataset, res->rdclass, fctx->type);
1177 ISC_LIST_APPEND(qname->list, qrdataset, link);
1178 dns_message_addname(fctx->qmessage, qname, DNS_SECTION_QUESTION);
1183 * Set RD if the client has requested that we do a recursive query,
1184 * or if we're sending to a forwarder.
1186 if ((query->options & DNS_FETCHOPT_RECURSIVE) != 0 ||
1187 ISFORWARDER(query->addrinfo))
1188 fctx->qmessage->flags |= DNS_MESSAGEFLAG_RD;
1191 * Set CD if the client says don't validate or the question is
1192 * under a secure entry point.
1194 if ((query->options & DNS_FETCHOPT_NOVALIDATE) == 0) {
1195 result = dns_keytable_issecuredomain(res->view->secroots,
1198 if (result != ISC_R_SUCCESS)
1199 secure_domain = ISC_FALSE;
1200 if (res->view->dlv != NULL)
1201 secure_domain = ISC_TRUE;
1203 fctx->qmessage->flags |= DNS_MESSAGEFLAG_CD;
1205 fctx->qmessage->flags |= DNS_MESSAGEFLAG_CD;
1208 * We don't have to set opcode because it defaults to query.
1210 fctx->qmessage->id = query->id;
1213 * Convert the question to wire format.
1215 result = dns_compress_init(&cctx, -1, fctx->res->mctx);
1216 if (result != ISC_R_SUCCESS)
1217 goto cleanup_message;
1218 cleanup_cctx = ISC_TRUE;
1220 result = dns_message_renderbegin(fctx->qmessage, &cctx,
1222 if (result != ISC_R_SUCCESS)
1223 goto cleanup_message;
1225 result = dns_message_rendersection(fctx->qmessage,
1226 DNS_SECTION_QUESTION, 0);
1227 if (result != ISC_R_SUCCESS)
1228 goto cleanup_message;
1231 isc_netaddr_fromsockaddr(&ipaddr, &query->addrinfo->sockaddr);
1232 (void) dns_peerlist_peerbyaddr(fctx->res->view->peers, &ipaddr, &peer);
1235 * The ADB does not know about servers with "edns no". Check this,
1236 * and then inform the ADB for future use.
1238 if ((query->addrinfo->flags & DNS_FETCHOPT_NOEDNS0) == 0 &&
1240 dns_peer_getsupportedns(peer, &useedns) == ISC_R_SUCCESS &&
1243 query->options |= DNS_FETCHOPT_NOEDNS0;
1244 dns_adb_changeflags(fctx->adb,
1246 DNS_FETCHOPT_NOEDNS0,
1247 DNS_FETCHOPT_NOEDNS0);
1251 * Use EDNS0, unless the caller doesn't want it, or we know that
1252 * the remote server doesn't like it.
1254 if (fctx->timeouts >= MAX_EDNS0_TIMEOUTS &&
1255 (query->options & DNS_FETCHOPT_NOEDNS0) == 0) {
1256 query->options |= DNS_FETCHOPT_NOEDNS0;
1257 FCTXTRACE("too many timeouts, disabling EDNS0");
1260 if ((query->options & DNS_FETCHOPT_NOEDNS0) == 0) {
1261 if ((query->addrinfo->flags & DNS_FETCHOPT_NOEDNS0) == 0) {
1262 result = fctx_addopt(fctx->qmessage, res);
1263 if (result != ISC_R_SUCCESS) {
1265 * We couldn't add the OPT, but we'll press on.
1266 * We're not using EDNS0, so set the NOEDNS0
1269 query->options |= DNS_FETCHOPT_NOEDNS0;
1273 * We know this server doesn't like EDNS0, so we
1274 * won't use it. Set the NOEDNS0 bit since we're
1277 query->options |= DNS_FETCHOPT_NOEDNS0;
1282 * If we need EDNS0 to do this query and aren't using it, we lose.
1284 if (NEEDEDNS0(fctx) && (query->options & DNS_FETCHOPT_NOEDNS0) != 0) {
1285 result = DNS_R_SERVFAIL;
1286 goto cleanup_message;
1290 * Add TSIG record tailored to the current recipient.
1292 result = dns_view_getpeertsig(fctx->res->view, &ipaddr, &tsigkey);
1293 if (result != ISC_R_SUCCESS && result != ISC_R_NOTFOUND)
1294 goto cleanup_message;
1296 if (tsigkey != NULL) {
1297 result = dns_message_settsigkey(fctx->qmessage, tsigkey);
1298 dns_tsigkey_detach(&tsigkey);
1299 if (result != ISC_R_SUCCESS)
1300 goto cleanup_message;
1303 result = dns_message_rendersection(fctx->qmessage,
1304 DNS_SECTION_ADDITIONAL, 0);
1305 if (result != ISC_R_SUCCESS)
1306 goto cleanup_message;
1308 result = dns_message_renderend(fctx->qmessage);
1309 if (result != ISC_R_SUCCESS)
1310 goto cleanup_message;
1312 dns_compress_invalidate(&cctx);
1313 cleanup_cctx = ISC_FALSE;
1315 if (dns_message_gettsigkey(fctx->qmessage) != NULL) {
1316 dns_tsigkey_attach(dns_message_gettsigkey(fctx->qmessage),
1318 result = dns_message_getquerytsig(fctx->qmessage,
1321 if (result != ISC_R_SUCCESS)
1322 goto cleanup_message;
1326 * If using TCP, write the length of the message at the beginning
1329 if ((query->options & DNS_FETCHOPT_TCP) != 0) {
1330 isc_buffer_usedregion(&query->buffer, &r);
1331 isc_buffer_putuint16(&tcpbuffer, (isc_uint16_t)r.length);
1332 isc_buffer_add(&tcpbuffer, r.length);
1336 * We're now done with the query message.
1338 dns_message_reset(fctx->qmessage, DNS_MESSAGE_INTENTRENDER);
1340 socket = dns_dispatch_getsocket(query->dispatch);
1344 if ((query->options & DNS_FETCHOPT_TCP) == 0)
1345 address = &query->addrinfo->sockaddr;
1346 isc_buffer_usedregion(buffer, &r);
1349 * XXXRTH Make sure we don't send to ourselves! We should probably
1350 * prune out these addresses when we get them from the ADB.
1352 result = isc_socket_sendto(socket, &r, task, resquery_senddone,
1353 query, address, NULL);
1354 if (result != ISC_R_SUCCESS)
1355 goto cleanup_message;
1359 return (ISC_R_SUCCESS);
1363 dns_compress_invalidate(&cctx);
1365 dns_message_reset(fctx->qmessage, DNS_MESSAGE_INTENTRENDER);
1368 * Stop the dispatcher from listening.
1370 dns_dispatch_removeresponse(&query->dispentry, NULL);
1374 dns_message_puttempname(fctx->qmessage, &qname);
1375 if (qrdataset != NULL)
1376 dns_message_puttemprdataset(fctx->qmessage, &qrdataset);
1382 resquery_connected(isc_task_t *task, isc_event_t *event) {
1383 isc_socketevent_t *sevent = (isc_socketevent_t *)event;
1384 resquery_t *query = event->ev_arg;
1385 isc_boolean_t retry = ISC_FALSE;
1386 isc_result_t result;
1390 REQUIRE(event->ev_type == ISC_SOCKEVENT_CONNECT);
1391 REQUIRE(VALID_QUERY(query));
1393 QTRACE("connected");
1400 * Currently we don't wait for the connect event before retrying
1401 * a query. This means that if we get really behind, we may end
1402 * up doing extra work!
1408 if (RESQUERY_CANCELED(query)) {
1410 * This query was canceled while the connect() was in
1413 isc_socket_detach(&query->tcpsocket);
1414 resquery_destroy(&query);
1416 switch (sevent->result) {
1419 * We are connected. Create a dispatcher and
1423 attrs |= DNS_DISPATCHATTR_TCP;
1424 attrs |= DNS_DISPATCHATTR_PRIVATE;
1425 attrs |= DNS_DISPATCHATTR_CONNECTED;
1426 if (isc_sockaddr_pf(&query->addrinfo->sockaddr) ==
1428 attrs |= DNS_DISPATCHATTR_IPV4;
1430 attrs |= DNS_DISPATCHATTR_IPV6;
1431 attrs |= DNS_DISPATCHATTR_MAKEQUERY;
1433 result = dns_dispatch_createtcp(query->dispatchmgr,
1435 query->fctx->res->taskmgr,
1436 4096, 2, 1, 1, 3, attrs,
1440 * Regardless of whether dns_dispatch_create()
1441 * succeeded or not, we don't need our reference
1442 * to the socket anymore.
1444 isc_socket_detach(&query->tcpsocket);
1446 if (result == ISC_R_SUCCESS)
1447 result = resquery_send(query);
1449 if (result != ISC_R_SUCCESS) {
1450 fctx_cancelquery(&query, NULL, NULL,
1452 fctx_done(fctx, result);
1456 case ISC_R_NETUNREACH:
1457 case ISC_R_HOSTUNREACH:
1458 case ISC_R_CONNREFUSED:
1460 case ISC_R_ADDRNOTAVAIL:
1461 case ISC_R_CONNECTIONRESET:
1463 * No route to remote.
1465 isc_socket_detach(&query->tcpsocket);
1466 fctx_cancelquery(&query, NULL, NULL, ISC_TRUE);
1471 isc_socket_detach(&query->tcpsocket);
1472 fctx_cancelquery(&query, NULL, NULL, ISC_FALSE);
1477 isc_event_free(&event);
1481 * Behave as if the idle timer has expired. For TCP
1482 * connections this may not actually reflect the latest timer.
1484 fctx->attributes &= ~FCTX_ATTR_ADDRWAIT;
1485 result = fctx_stopidletimer(fctx);
1486 if (result != ISC_R_SUCCESS)
1487 fctx_done(fctx, result);
1494 fctx_finddone(isc_task_t *task, isc_event_t *event) {
1496 dns_adbfind_t *find;
1497 dns_resolver_t *res;
1498 isc_boolean_t want_try = ISC_FALSE;
1499 isc_boolean_t want_done = ISC_FALSE;
1500 isc_boolean_t bucket_empty = ISC_FALSE;
1501 unsigned int bucketnum;
1503 find = event->ev_sender;
1504 fctx = event->ev_arg;
1505 REQUIRE(VALID_FCTX(fctx));
1510 FCTXTRACE("finddone");
1512 INSIST(fctx->pending > 0);
1515 if (ADDRWAIT(fctx)) {
1517 * The fetch is waiting for a name to be found.
1519 INSIST(!SHUTTINGDOWN(fctx));
1520 fctx->attributes &= ~FCTX_ATTR_ADDRWAIT;
1521 if (event->ev_type == DNS_EVENT_ADBMOREADDRESSES)
1522 want_try = ISC_TRUE;
1523 else if (fctx->pending == 0) {
1525 * We've got nothing else to wait for and don't
1526 * know the answer. There's nothing to do but
1529 want_done = ISC_TRUE;
1531 } else if (SHUTTINGDOWN(fctx) && fctx->pending == 0 &&
1532 ISC_LIST_EMPTY(fctx->validators)) {
1533 bucketnum = fctx->bucketnum;
1534 LOCK(&res->buckets[bucketnum].lock);
1536 * Note that we had to wait until we had the lock before
1537 * looking at fctx->references.
1539 if (fctx->references == 0)
1540 bucket_empty = fctx_destroy(fctx);
1541 UNLOCK(&res->buckets[bucketnum].lock);
1544 isc_event_free(&event);
1545 dns_adb_destroyfind(&find);
1550 fctx_done(fctx, ISC_R_FAILURE);
1551 else if (bucket_empty)
1556 static inline isc_boolean_t
1557 bad_server(fetchctx_t *fctx, isc_sockaddr_t *address) {
1560 for (sa = ISC_LIST_HEAD(fctx->bad);
1562 sa = ISC_LIST_NEXT(sa, link)) {
1563 if (isc_sockaddr_equal(sa, address))
1570 static inline isc_boolean_t
1571 mark_bad(fetchctx_t *fctx) {
1572 dns_adbfind_t *curr;
1573 dns_adbaddrinfo_t *addrinfo;
1574 isc_boolean_t all_bad = ISC_TRUE;
1577 * Mark all known bad servers, so we don't try to talk to them
1582 * Mark any bad nameservers.
1584 for (curr = ISC_LIST_HEAD(fctx->finds);
1586 curr = ISC_LIST_NEXT(curr, publink)) {
1587 for (addrinfo = ISC_LIST_HEAD(curr->list);
1589 addrinfo = ISC_LIST_NEXT(addrinfo, publink)) {
1590 if (bad_server(fctx, &addrinfo->sockaddr))
1591 addrinfo->flags |= FCTX_ADDRINFO_MARK;
1593 all_bad = ISC_FALSE;
1598 * Mark any bad forwarders.
1600 for (addrinfo = ISC_LIST_HEAD(fctx->forwaddrs);
1602 addrinfo = ISC_LIST_NEXT(addrinfo, publink)) {
1603 if (bad_server(fctx, &addrinfo->sockaddr))
1604 addrinfo->flags |= FCTX_ADDRINFO_MARK;
1606 all_bad = ISC_FALSE;
1610 * Mark any bad alternates.
1612 for (curr = ISC_LIST_HEAD(fctx->altfinds);
1614 curr = ISC_LIST_NEXT(curr, publink)) {
1615 for (addrinfo = ISC_LIST_HEAD(curr->list);
1617 addrinfo = ISC_LIST_NEXT(addrinfo, publink)) {
1618 if (bad_server(fctx, &addrinfo->sockaddr))
1619 addrinfo->flags |= FCTX_ADDRINFO_MARK;
1621 all_bad = ISC_FALSE;
1625 for (addrinfo = ISC_LIST_HEAD(fctx->altaddrs);
1627 addrinfo = ISC_LIST_NEXT(addrinfo, publink)) {
1628 if (bad_server(fctx, &addrinfo->sockaddr))
1629 addrinfo->flags |= FCTX_ADDRINFO_MARK;
1631 all_bad = ISC_FALSE;
1638 add_bad(fetchctx_t *fctx, isc_sockaddr_t *address, isc_result_t reason) {
1639 char namebuf[DNS_NAME_FORMATSIZE];
1640 char addrbuf[ISC_SOCKADDR_FORMATSIZE];
1646 const char *sep1, *sep2;
1648 if (bad_server(fctx, address)) {
1650 * We already know this server is bad.
1655 FCTXTRACE("add_bad");
1657 sa = isc_mem_get(fctx->res->mctx, sizeof(*sa));
1661 ISC_LIST_INITANDAPPEND(fctx->bad, sa, link);
1663 if (reason == DNS_R_LAME) /* already logged */
1666 if (reason == DNS_R_UNEXPECTEDRCODE) {
1667 isc_buffer_init(&b, code, sizeof(code) - 1);
1668 dns_rcode_totext(fctx->rmessage->rcode, &b);
1669 code[isc_buffer_usedlength(&b)] = '\0';
1672 } else if (reason == DNS_R_UNEXPECTEDOPCODE) {
1673 isc_buffer_init(&b, code, sizeof(code) - 1);
1674 dns_opcode_totext((dns_opcode_t)fctx->rmessage->opcode, &b);
1675 code[isc_buffer_usedlength(&b)] = '\0';
1683 dns_name_format(&fctx->name, namebuf, sizeof(namebuf));
1684 dns_rdatatype_format(fctx->type, typebuf, sizeof(typebuf));
1685 dns_rdataclass_format(fctx->res->rdclass, classbuf, sizeof(classbuf));
1686 isc_sockaddr_format(address, addrbuf, sizeof(addrbuf));
1687 isc_log_write(dns_lctx, DNS_LOGCATEGORY_LAME_SERVERS,
1688 DNS_LOGMODULE_RESOLVER, ISC_LOG_INFO,
1689 "%s %s%s%sresolving '%s/%s/%s': %s",
1690 dns_result_totext(reason), sep1, code, sep2,
1691 namebuf, typebuf, classbuf, addrbuf);
1695 sort_adbfind(dns_adbfind_t *find) {
1696 dns_adbaddrinfo_t *best, *curr;
1697 dns_adbaddrinfolist_t sorted;
1700 * Lame N^2 bubble sort.
1703 ISC_LIST_INIT(sorted);
1704 while (!ISC_LIST_EMPTY(find->list)) {
1705 best = ISC_LIST_HEAD(find->list);
1706 curr = ISC_LIST_NEXT(best, publink);
1707 while (curr != NULL) {
1708 if (curr->srtt < best->srtt)
1710 curr = ISC_LIST_NEXT(curr, publink);
1712 ISC_LIST_UNLINK(find->list, best, publink);
1713 ISC_LIST_APPEND(sorted, best, publink);
1715 find->list = sorted;
1719 sort_finds(fetchctx_t *fctx) {
1720 dns_adbfind_t *best, *curr;
1721 dns_adbfindlist_t sorted;
1722 dns_adbaddrinfo_t *addrinfo, *bestaddrinfo;
1725 * Lame N^2 bubble sort.
1728 ISC_LIST_INIT(sorted);
1729 while (!ISC_LIST_EMPTY(fctx->finds)) {
1730 best = ISC_LIST_HEAD(fctx->finds);
1731 bestaddrinfo = ISC_LIST_HEAD(best->list);
1732 INSIST(bestaddrinfo != NULL);
1733 curr = ISC_LIST_NEXT(best, publink);
1734 while (curr != NULL) {
1735 addrinfo = ISC_LIST_HEAD(curr->list);
1736 INSIST(addrinfo != NULL);
1737 if (addrinfo->srtt < bestaddrinfo->srtt) {
1739 bestaddrinfo = addrinfo;
1741 curr = ISC_LIST_NEXT(curr, publink);
1743 ISC_LIST_UNLINK(fctx->finds, best, publink);
1744 ISC_LIST_APPEND(sorted, best, publink);
1746 fctx->finds = sorted;
1748 ISC_LIST_INIT(sorted);
1749 while (!ISC_LIST_EMPTY(fctx->altfinds)) {
1750 best = ISC_LIST_HEAD(fctx->altfinds);
1751 bestaddrinfo = ISC_LIST_HEAD(best->list);
1752 INSIST(bestaddrinfo != NULL);
1753 curr = ISC_LIST_NEXT(best, publink);
1754 while (curr != NULL) {
1755 addrinfo = ISC_LIST_HEAD(curr->list);
1756 INSIST(addrinfo != NULL);
1757 if (addrinfo->srtt < bestaddrinfo->srtt) {
1759 bestaddrinfo = addrinfo;
1761 curr = ISC_LIST_NEXT(curr, publink);
1763 ISC_LIST_UNLINK(fctx->altfinds, best, publink);
1764 ISC_LIST_APPEND(sorted, best, publink);
1766 fctx->altfinds = sorted;
1770 findname(fetchctx_t *fctx, dns_name_t *name, in_port_t port,
1771 unsigned int options, unsigned int flags, isc_stdtime_t now,
1772 isc_boolean_t *pruned, isc_boolean_t *need_alternate)
1774 dns_adbaddrinfo_t *ai;
1775 dns_adbfind_t *find;
1776 dns_resolver_t *res;
1777 isc_boolean_t unshared;
1778 isc_result_t result;
1781 unshared = ISC_TF((fctx->options | DNS_FETCHOPT_UNSHARED) != 0);
1783 * If this name is a subdomain of the query domain, tell
1784 * the ADB to start looking using zone/hint data. This keeps us
1785 * from getting stuck if the nameserver is beneath the zone cut
1786 * and we don't know its address (e.g. because the A record has
1789 if (dns_name_issubdomain(name, &fctx->domain))
1790 options |= DNS_ADBFIND_STARTATZONE;
1791 options |= DNS_ADBFIND_GLUEOK;
1792 options |= DNS_ADBFIND_HINTOK;
1795 * See what we know about this address.
1798 result = dns_adb_createfind(fctx->adb,
1799 res->buckets[fctx->bucketnum].task,
1800 fctx_finddone, fctx, name,
1801 &fctx->domain, options, now, NULL,
1802 res->view->dstport, &find);
1803 if (result != ISC_R_SUCCESS) {
1804 if (result == DNS_R_ALIAS) {
1806 * XXXRTH Follow the CNAME/DNAME chain?
1808 dns_adb_destroyfind(&find);
1810 } else if (!ISC_LIST_EMPTY(find->list)) {
1812 * We have at least some of the addresses for the
1815 INSIST((find->options & DNS_ADBFIND_WANTEVENT) == 0);
1817 if (flags != 0 || port != 0) {
1818 for (ai = ISC_LIST_HEAD(find->list);
1820 ai = ISC_LIST_NEXT(ai, publink)) {
1823 isc_sockaddr_setport(&ai->sockaddr,
1827 if ((flags & FCTX_ADDRINFO_FORWARDER) != 0)
1828 ISC_LIST_APPEND(fctx->altfinds, find, publink);
1830 ISC_LIST_APPEND(fctx->finds, find, publink);
1833 * We don't know any of the addresses for this
1836 if ((find->options & DNS_ADBFIND_WANTEVENT) != 0) {
1838 * We're looking for them and will get an
1839 * event about it later.
1845 if (need_alternate != NULL &&
1846 !*need_alternate && unshared &&
1847 ((res->dispatchv4 == NULL &&
1848 find->result_v6 != DNS_R_NXDOMAIN) ||
1849 (res->dispatchv6 == NULL &&
1850 find->result_v4 != DNS_R_NXDOMAIN)))
1851 *need_alternate = ISC_TRUE;
1854 * If we know there are no addresses for
1855 * the family we are using then try to add
1856 * an alternative server.
1858 if (need_alternate != NULL && !*need_alternate &&
1859 ((res->dispatchv4 == NULL &&
1860 find->result_v6 == DNS_R_NXRRSET) ||
1861 (res->dispatchv6 == NULL &&
1862 find->result_v4 == DNS_R_NXRRSET)))
1863 *need_alternate = ISC_TRUE;
1865 * And ADB isn't going to send us any events
1866 * either. This find loses.
1868 if ((find->options & DNS_ADBFIND_LAMEPRUNED) != 0) {
1870 * The ADB pruned lame servers for
1871 * this name. Remember that in case
1872 * we get desperate later on.
1876 dns_adb_destroyfind(&find);
1882 fctx_getaddresses(fetchctx_t *fctx) {
1883 dns_rdata_t rdata = DNS_RDATA_INIT;
1884 isc_result_t result;
1885 dns_resolver_t *res;
1887 unsigned int stdoptions;
1889 dns_adbaddrinfo_t *ai;
1890 isc_boolean_t pruned, all_bad;
1892 isc_boolean_t need_alternate = ISC_FALSE;
1894 FCTXTRACE("getaddresses");
1897 * Don't pound on remote servers. (Failsafe!)
1900 if (fctx->restarts > 10) {
1901 FCTXTRACE("too many restarts");
1902 return (DNS_R_SERVFAIL);
1907 stdoptions = 0; /* Keep compiler happy. */
1913 INSIST(ISC_LIST_EMPTY(fctx->forwaddrs));
1914 INSIST(ISC_LIST_EMPTY(fctx->altaddrs));
1917 * If this fctx has forwarders, use them; otherwise use any
1918 * selective forwarders specified in the view; otherwise use the
1919 * resolver's forwarders (if any).
1921 sa = ISC_LIST_HEAD(fctx->forwarders);
1923 dns_forwarders_t *forwarders = NULL;
1924 dns_name_t *name = &fctx->name;
1926 unsigned int labels;
1929 * DS records are found in the parent server.
1930 * Strip label to get the correct forwarder (if any).
1932 if (fctx->type == dns_rdatatype_ds &&
1933 dns_name_countlabels(name) > 1) {
1934 dns_name_init(&suffix, NULL);
1935 labels = dns_name_countlabels(name);
1936 dns_name_getlabelsequence(name, 1, labels - 1, &suffix);
1939 result = dns_fwdtable_find(fctx->res->view->fwdtable, name,
1941 if (result == ISC_R_SUCCESS) {
1942 sa = ISC_LIST_HEAD(forwarders->addrs);
1943 fctx->fwdpolicy = forwarders->fwdpolicy;
1947 while (sa != NULL) {
1949 result = dns_adb_findaddrinfo(fctx->adb,
1950 sa, &ai, 0); /* XXXMLG */
1951 if (result == ISC_R_SUCCESS) {
1952 dns_adbaddrinfo_t *cur;
1953 ai->flags |= FCTX_ADDRINFO_FORWARDER;
1954 cur = ISC_LIST_HEAD(fctx->forwaddrs);
1955 while (cur != NULL && cur->srtt < ai->srtt)
1956 cur = ISC_LIST_NEXT(cur, publink);
1958 ISC_LIST_INSERTBEFORE(fctx->forwaddrs, cur,
1961 ISC_LIST_APPEND(fctx->forwaddrs, ai, publink);
1963 sa = ISC_LIST_NEXT(sa, link);
1967 * If the forwarding policy is "only", we don't need the addresses
1968 * of the nameservers.
1970 if (fctx->fwdpolicy == dns_fwdpolicy_only)
1974 * Normal nameservers.
1977 stdoptions = DNS_ADBFIND_WANTEVENT | DNS_ADBFIND_EMPTYEVENT;
1978 if (fctx->restarts == 1) {
1980 * To avoid sending out a flood of queries likely to
1981 * result in NXRRSET, we suppress fetches for address
1982 * families we don't have the first time through,
1983 * provided that we have addresses in some family we
1986 * We don't want to set this option all the time, since
1987 * if fctx->restarts > 1, we've clearly been having trouble
1988 * with the addresses we had, so getting more could help.
1990 stdoptions |= DNS_ADBFIND_AVOIDFETCHES;
1992 if (res->dispatchv4 != NULL)
1993 stdoptions |= DNS_ADBFIND_INET;
1994 if (res->dispatchv6 != NULL)
1995 stdoptions |= DNS_ADBFIND_INET6;
1996 isc_stdtime_get(&now);
1999 INSIST(ISC_LIST_EMPTY(fctx->finds));
2000 INSIST(ISC_LIST_EMPTY(fctx->altfinds));
2002 for (result = dns_rdataset_first(&fctx->nameservers);
2003 result == ISC_R_SUCCESS;
2004 result = dns_rdataset_next(&fctx->nameservers))
2006 dns_rdataset_current(&fctx->nameservers, &rdata);
2008 * Extract the name from the NS record.
2010 result = dns_rdata_tostruct(&rdata, &ns, NULL);
2011 if (result != ISC_R_SUCCESS)
2014 findname(fctx, &ns.name, 0, stdoptions, 0, now,
2015 &pruned, &need_alternate);
2016 dns_rdata_reset(&rdata);
2017 dns_rdata_freestruct(&ns);
2019 if (result != ISC_R_NOMORE)
2023 * Do we need to use 6 to 4?
2025 if (need_alternate) {
2028 family = (res->dispatchv6 != NULL) ? AF_INET6 : AF_INET;
2029 for (a = ISC_LIST_HEAD(fctx->res->alternates);
2031 a = ISC_LIST_NEXT(a, link)) {
2032 if (!a->isaddress) {
2033 findname(fctx, &a->_u._n.name, a->_u._n.port,
2034 stdoptions, FCTX_ADDRINFO_FORWARDER,
2035 now, &pruned, NULL);
2038 if (isc_sockaddr_pf(&a->_u.addr) != family)
2041 result = dns_adb_findaddrinfo(fctx->adb, &a->_u.addr,
2043 if (result == ISC_R_SUCCESS) {
2044 dns_adbaddrinfo_t *cur;
2045 ai->flags |= FCTX_ADDRINFO_FORWARDER;
2046 cur = ISC_LIST_HEAD(fctx->altaddrs);
2047 while (cur != NULL && cur->srtt < ai->srtt)
2048 cur = ISC_LIST_NEXT(cur, publink);
2050 ISC_LIST_INSERTBEFORE(fctx->altaddrs,
2053 ISC_LIST_APPEND(fctx->altaddrs, ai,
2061 * Mark all known bad servers.
2063 all_bad = mark_bad(fctx);
2070 * We've got no addresses.
2072 if (fctx->pending > 0) {
2074 * We're fetching the addresses, but don't have any
2075 * yet. Tell the caller to wait for an answer.
2077 result = DNS_R_WAIT;
2078 } else if (pruned) {
2080 * Some addresses were removed by lame pruning.
2081 * Turn pruning off and try again.
2083 FCTXTRACE("restarting with returnlame");
2084 INSIST((stdoptions & DNS_ADBFIND_RETURNLAME) == 0);
2085 stdoptions |= DNS_ADBFIND_RETURNLAME;
2087 fctx_cleanupaltfinds(fctx);
2088 fctx_cleanupfinds(fctx);
2092 * We've lost completely. We don't know any
2093 * addresses, and the ADB has told us it can't get
2096 FCTXTRACE("no addresses");
2097 result = ISC_R_FAILURE;
2101 * We've found some addresses. We might still be looking
2102 * for more addresses.
2105 result = ISC_R_SUCCESS;
2112 possibly_mark(fetchctx_t *fctx, dns_adbaddrinfo_t *addr)
2115 char buf[ISC_NETADDR_FORMATSIZE];
2117 isc_boolean_t aborted = ISC_FALSE;
2118 isc_boolean_t bogus;
2119 dns_acl_t *blackhole;
2120 isc_netaddr_t ipaddr;
2121 dns_peer_t *peer = NULL;
2122 dns_resolver_t *res;
2123 const char *msg = NULL;
2125 sa = &addr->sockaddr;
2128 isc_netaddr_fromsockaddr(&ipaddr, sa);
2129 blackhole = dns_dispatchmgr_getblackhole(res->dispatchmgr);
2130 (void) dns_peerlist_peerbyaddr(res->view->peers, &ipaddr, &peer);
2132 if (blackhole != NULL) {
2135 if (dns_acl_match(&ipaddr, NULL, blackhole,
2137 &match, NULL) == ISC_R_SUCCESS &&
2143 dns_peer_getbogus(peer, &bogus) == ISC_R_SUCCESS &&
2148 addr->flags |= FCTX_ADDRINFO_MARK;
2149 msg = "ignoring blackholed / bogus server: ";
2150 } else if (isc_sockaddr_ismulticast(sa)) {
2151 addr->flags |= FCTX_ADDRINFO_MARK;
2152 msg = "ignoring multicast address: ";
2153 } else if (isc_sockaddr_isexperimental(sa)) {
2154 addr->flags |= FCTX_ADDRINFO_MARK;
2155 msg = "ignoring experimental address: ";
2156 } else if (sa->type.sa.sa_family != AF_INET6) {
2158 } else if (IN6_IS_ADDR_V4MAPPED(&sa->type.sin6.sin6_addr)) {
2159 addr->flags |= FCTX_ADDRINFO_MARK;
2160 msg = "ignoring IPv6 mapped IPV4 address: ";
2161 } else if (IN6_IS_ADDR_V4COMPAT(&sa->type.sin6.sin6_addr)) {
2162 addr->flags |= FCTX_ADDRINFO_MARK;
2163 msg = "ignoring IPv6 compatibility IPV4 address: ";
2167 if (!isc_log_wouldlog(dns_lctx, ISC_LOG_DEBUG(3)))
2170 isc_netaddr_fromsockaddr(&na, sa);
2171 isc_netaddr_format(&na, buf, sizeof(buf));
2172 FCTXTRACE2(msg, buf);
2175 static inline dns_adbaddrinfo_t *
2176 fctx_nextaddress(fetchctx_t *fctx) {
2177 dns_adbfind_t *find, *start;
2178 dns_adbaddrinfo_t *addrinfo;
2179 dns_adbaddrinfo_t *faddrinfo;
2182 * Return the next untried address, if any.
2186 * Find the first unmarked forwarder (if any).
2188 for (addrinfo = ISC_LIST_HEAD(fctx->forwaddrs);
2190 addrinfo = ISC_LIST_NEXT(addrinfo, publink)) {
2191 if (!UNMARKED(addrinfo))
2193 possibly_mark(fctx, addrinfo);
2194 if (UNMARKED(addrinfo)) {
2195 addrinfo->flags |= FCTX_ADDRINFO_MARK;
2202 * No forwarders. Move to the next find.
2205 fctx->attributes |= FCTX_ATTR_TRIEDFIND;
2209 find = ISC_LIST_HEAD(fctx->finds);
2211 find = ISC_LIST_NEXT(find, publink);
2213 find = ISC_LIST_HEAD(fctx->finds);
2217 * Find the first unmarked addrinfo.
2223 for (addrinfo = ISC_LIST_HEAD(find->list);
2225 addrinfo = ISC_LIST_NEXT(addrinfo, publink)) {
2226 if (!UNMARKED(addrinfo))
2228 possibly_mark(fctx, addrinfo);
2229 if (UNMARKED(addrinfo)) {
2230 addrinfo->flags |= FCTX_ADDRINFO_MARK;
2234 if (addrinfo != NULL)
2236 find = ISC_LIST_NEXT(find, publink);
2238 find = ISC_LIST_HEAD(fctx->finds);
2239 } while (find != start);
2243 if (addrinfo != NULL)
2247 * No nameservers left. Try alternates.
2250 fctx->attributes |= FCTX_ATTR_TRIEDALT;
2252 find = fctx->altfind;
2254 find = ISC_LIST_HEAD(fctx->altfinds);
2256 find = ISC_LIST_NEXT(find, publink);
2258 find = ISC_LIST_HEAD(fctx->altfinds);
2262 * Find the first unmarked addrinfo.
2268 for (addrinfo = ISC_LIST_HEAD(find->list);
2270 addrinfo = ISC_LIST_NEXT(addrinfo, publink)) {
2271 if (!UNMARKED(addrinfo))
2273 possibly_mark(fctx, addrinfo);
2274 if (UNMARKED(addrinfo)) {
2275 addrinfo->flags |= FCTX_ADDRINFO_MARK;
2279 if (addrinfo != NULL)
2281 find = ISC_LIST_NEXT(find, publink);
2283 find = ISC_LIST_HEAD(fctx->altfinds);
2284 } while (find != start);
2287 faddrinfo = addrinfo;
2290 * See if we have a better alternate server by address.
2293 for (addrinfo = ISC_LIST_HEAD(fctx->altaddrs);
2295 addrinfo = ISC_LIST_NEXT(addrinfo, publink)) {
2296 if (!UNMARKED(addrinfo))
2298 possibly_mark(fctx, addrinfo);
2299 if (UNMARKED(addrinfo) &&
2300 (faddrinfo == NULL ||
2301 addrinfo->srtt < faddrinfo->srtt)) {
2302 if (faddrinfo != NULL)
2303 faddrinfo->flags &= ~FCTX_ADDRINFO_MARK;
2304 addrinfo->flags |= FCTX_ADDRINFO_MARK;
2309 if (addrinfo == NULL) {
2310 addrinfo = faddrinfo;
2311 fctx->altfind = find;
2318 fctx_try(fetchctx_t *fctx) {
2319 isc_result_t result;
2320 dns_adbaddrinfo_t *addrinfo;
2324 REQUIRE(!ADDRWAIT(fctx));
2326 addrinfo = fctx_nextaddress(fctx);
2327 if (addrinfo == NULL) {
2329 * We have no more addresses. Start over.
2331 fctx_cancelqueries(fctx, ISC_TRUE);
2332 fctx_cleanupfinds(fctx);
2333 fctx_cleanupaltfinds(fctx);
2334 fctx_cleanupforwaddrs(fctx);
2335 fctx_cleanupaltaddrs(fctx);
2336 result = fctx_getaddresses(fctx);
2337 if (result == DNS_R_WAIT) {
2339 * Sleep waiting for addresses.
2341 FCTXTRACE("addrwait");
2342 fctx->attributes |= FCTX_ATTR_ADDRWAIT;
2344 } else if (result != ISC_R_SUCCESS) {
2346 * Something bad happened.
2348 fctx_done(fctx, result);
2352 addrinfo = fctx_nextaddress(fctx);
2354 * While we may have addresses from the ADB, they
2355 * might be bad ones. In this case, return SERVFAIL.
2357 if (addrinfo == NULL) {
2358 fctx_done(fctx, DNS_R_SERVFAIL);
2363 result = fctx_query(fctx, addrinfo, fctx->options);
2364 if (result != ISC_R_SUCCESS)
2365 fctx_done(fctx, result);
2368 static isc_boolean_t
2369 fctx_destroy(fetchctx_t *fctx) {
2370 dns_resolver_t *res;
2371 unsigned int bucketnum;
2372 isc_sockaddr_t *sa, *next_sa;
2375 * Caller must be holding the bucket lock.
2378 REQUIRE(VALID_FCTX(fctx));
2379 REQUIRE(fctx->state == fetchstate_done ||
2380 fctx->state == fetchstate_init);
2381 REQUIRE(ISC_LIST_EMPTY(fctx->events));
2382 REQUIRE(ISC_LIST_EMPTY(fctx->queries));
2383 REQUIRE(ISC_LIST_EMPTY(fctx->finds));
2384 REQUIRE(ISC_LIST_EMPTY(fctx->altfinds));
2385 REQUIRE(fctx->pending == 0);
2386 REQUIRE(ISC_LIST_EMPTY(fctx->validators));
2387 REQUIRE(fctx->references == 0);
2389 FCTXTRACE("destroy");
2392 bucketnum = fctx->bucketnum;
2394 ISC_LIST_UNLINK(res->buckets[bucketnum].fctxs, fctx, link);
2399 for (sa = ISC_LIST_HEAD(fctx->bad);
2402 next_sa = ISC_LIST_NEXT(sa, link);
2403 ISC_LIST_UNLINK(fctx->bad, sa, link);
2404 isc_mem_put(res->mctx, sa, sizeof(*sa));
2407 isc_timer_detach(&fctx->timer);
2408 dns_message_destroy(&fctx->rmessage);
2409 dns_message_destroy(&fctx->qmessage);
2410 if (dns_name_countlabels(&fctx->domain) > 0)
2411 dns_name_free(&fctx->domain, res->mctx);
2412 if (dns_rdataset_isassociated(&fctx->nameservers))
2413 dns_rdataset_disassociate(&fctx->nameservers);
2414 dns_name_free(&fctx->name, res->mctx);
2415 dns_db_detach(&fctx->cache);
2416 dns_adb_detach(&fctx->adb);
2417 isc_mem_free(res->mctx, fctx->info);
2418 isc_mem_put(res->mctx, fctx, sizeof(*fctx));
2422 UNLOCK(&res->nlock);
2424 if (res->buckets[bucketnum].exiting &&
2425 ISC_LIST_EMPTY(res->buckets[bucketnum].fctxs))
2432 * Fetch event handlers.
2436 fctx_timeout(isc_task_t *task, isc_event_t *event) {
2437 fetchctx_t *fctx = event->ev_arg;
2439 REQUIRE(VALID_FCTX(fctx));
2443 FCTXTRACE("timeout");
2445 if (event->ev_type == ISC_TIMEREVENT_LIFE) {
2446 fctx_done(fctx, ISC_R_TIMEDOUT);
2448 isc_result_t result;
2452 * We could cancel the running queries here, or we could let
2453 * them keep going. Right now we choose the latter...
2455 fctx->attributes &= ~FCTX_ATTR_ADDRWAIT;
2457 * Our timer has triggered. Reestablish the fctx lifetime
2460 result = fctx_starttimer(fctx);
2461 if (result != ISC_R_SUCCESS)
2462 fctx_done(fctx, result);
2470 isc_event_free(&event);
2474 fctx_shutdown(fetchctx_t *fctx) {
2475 isc_event_t *cevent;
2478 * Start the shutdown process for fctx, if it isn't already underway.
2481 FCTXTRACE("shutdown");
2484 * The caller must be holding the appropriate bucket lock.
2487 if (fctx->want_shutdown)
2490 fctx->want_shutdown = ISC_TRUE;
2493 * Unless we're still initializing (in which case the
2494 * control event is still outstanding), we need to post
2495 * the control event to tell the fetch we want it to
2498 if (fctx->state != fetchstate_init) {
2499 cevent = &fctx->control_event;
2500 isc_task_send(fctx->res->buckets[fctx->bucketnum].task,
2506 fctx_doshutdown(isc_task_t *task, isc_event_t *event) {
2507 fetchctx_t *fctx = event->ev_arg;
2508 isc_boolean_t bucket_empty = ISC_FALSE;
2509 dns_resolver_t *res;
2510 unsigned int bucketnum;
2511 dns_validator_t *validator;
2513 REQUIRE(VALID_FCTX(fctx));
2518 bucketnum = fctx->bucketnum;
2520 FCTXTRACE("doshutdown");
2523 * An fctx that is shutting down is no longer in ADDRWAIT mode.
2525 fctx->attributes &= ~FCTX_ATTR_ADDRWAIT;
2528 * Cancel all pending validators. Note that this must be done
2529 * without the bucket lock held, since that could cause deadlock.
2531 validator = ISC_LIST_HEAD(fctx->validators);
2532 while (validator != NULL) {
2533 dns_validator_cancel(validator);
2534 validator = ISC_LIST_NEXT(validator, link);
2537 if (fctx->nsfetch != NULL)
2538 dns_resolver_cancelfetch(fctx->nsfetch);
2541 * Shut down anything that is still running on behalf of this
2542 * fetch. To avoid deadlock with the ADB, we must do this
2543 * before we lock the bucket lock.
2545 fctx_stopeverything(fctx, ISC_FALSE);
2547 LOCK(&res->buckets[bucketnum].lock);
2549 fctx->attributes |= FCTX_ATTR_SHUTTINGDOWN;
2551 INSIST(fctx->state == fetchstate_active ||
2552 fctx->state == fetchstate_done);
2553 INSIST(fctx->want_shutdown);
2555 if (fctx->state != fetchstate_done) {
2556 fctx->state = fetchstate_done;
2557 fctx_sendevents(fctx, ISC_R_CANCELED);
2560 if (fctx->references == 0 && fctx->pending == 0 &&
2561 ISC_LIST_EMPTY(fctx->validators))
2562 bucket_empty = fctx_destroy(fctx);
2564 UNLOCK(&res->buckets[bucketnum].lock);
2571 fctx_start(isc_task_t *task, isc_event_t *event) {
2572 fetchctx_t *fctx = event->ev_arg;
2573 isc_boolean_t done = ISC_FALSE, bucket_empty = ISC_FALSE;
2574 dns_resolver_t *res;
2575 unsigned int bucketnum;
2577 REQUIRE(VALID_FCTX(fctx));
2582 bucketnum = fctx->bucketnum;
2586 LOCK(&res->buckets[bucketnum].lock);
2588 INSIST(fctx->state == fetchstate_init);
2589 if (fctx->want_shutdown) {
2591 * We haven't started this fctx yet, and we've been requested
2594 fctx->attributes |= FCTX_ATTR_SHUTTINGDOWN;
2595 fctx->state = fetchstate_done;
2596 fctx_sendevents(fctx, ISC_R_CANCELED);
2598 * Since we haven't started, we INSIST that we have no
2599 * pending ADB finds and no pending validations.
2601 INSIST(fctx->pending == 0);
2602 INSIST(ISC_LIST_EMPTY(fctx->validators));
2603 if (fctx->references == 0) {
2605 * It's now safe to destroy this fctx.
2607 bucket_empty = fctx_destroy(fctx);
2612 * Normal fctx startup.
2614 fctx->state = fetchstate_active;
2616 * Reset the control event for later use in shutting down
2619 ISC_EVENT_INIT(event, sizeof(*event), 0, NULL,
2620 DNS_EVENT_FETCHCONTROL, fctx_doshutdown, fctx,
2624 UNLOCK(&res->buckets[bucketnum].lock);
2627 isc_result_t result;
2630 * All is well. Start working on the fetch.
2632 result = fctx_starttimer(fctx);
2633 if (result != ISC_R_SUCCESS)
2634 fctx_done(fctx, result);
2637 } else if (bucket_empty)
2642 * Fetch Creation, Joining, and Cancelation.
2645 static inline isc_result_t
2646 fctx_join(fetchctx_t *fctx, isc_task_t *task, isc_taskaction_t action,
2647 void *arg, dns_rdataset_t *rdataset, dns_rdataset_t *sigrdataset,
2651 dns_fetchevent_t *event;
2656 * We store the task we're going to send this event to in the
2657 * sender field. We'll make the fetch the sender when we actually
2661 isc_task_attach(task, &clone);
2662 event = (dns_fetchevent_t *)
2663 isc_event_allocate(fctx->res->mctx, clone,
2664 DNS_EVENT_FETCHDONE,
2665 action, arg, sizeof(*event));
2666 if (event == NULL) {
2667 isc_task_detach(&clone);
2668 return (ISC_R_NOMEMORY);
2670 event->result = DNS_R_SERVFAIL;
2671 event->qtype = fctx->type;
2674 event->rdataset = rdataset;
2675 event->sigrdataset = sigrdataset;
2676 event->fetch = fetch;
2677 dns_fixedname_init(&event->foundname);
2680 * Make sure that we can store the sigrdataset in the
2681 * first event if it is needed by any of the events.
2683 if (event->sigrdataset != NULL)
2684 ISC_LIST_PREPEND(fctx->events, event, ev_link);
2686 ISC_LIST_APPEND(fctx->events, event, ev_link);
2689 fetch->magic = DNS_FETCH_MAGIC;
2690 fetch->private = fctx;
2692 return (ISC_R_SUCCESS);
2696 fctx_create(dns_resolver_t *res, dns_name_t *name, dns_rdatatype_t type,
2697 dns_name_t *domain, dns_rdataset_t *nameservers,
2698 unsigned int options, unsigned int bucketnum, fetchctx_t **fctxp)
2701 isc_result_t result;
2702 isc_result_t iresult;
2703 isc_interval_t interval;
2704 dns_fixedname_t fixed;
2705 unsigned int findoptions = 0;
2706 char buf[DNS_NAME_FORMATSIZE + DNS_RDATATYPE_FORMATSIZE];
2707 char typebuf[DNS_RDATATYPE_FORMATSIZE];
2711 * Caller must be holding the lock for bucket number 'bucketnum'.
2713 REQUIRE(fctxp != NULL && *fctxp == NULL);
2715 fctx = isc_mem_get(res->mctx, sizeof(*fctx));
2717 return (ISC_R_NOMEMORY);
2718 dns_name_format(name, buf, sizeof(buf));
2719 dns_rdatatype_format(type, typebuf, sizeof(typebuf));
2720 strcat(buf, "/"); /* checked */
2721 strcat(buf, typebuf); /* checked */
2722 fctx->info = isc_mem_strdup(res->mctx, buf);
2723 if (fctx->info == NULL) {
2724 result = ISC_R_NOMEMORY;
2727 FCTXTRACE("create");
2728 dns_name_init(&fctx->name, NULL);
2729 result = dns_name_dup(name, res->mctx, &fctx->name);
2730 if (result != ISC_R_SUCCESS)
2732 dns_name_init(&fctx->domain, NULL);
2733 dns_rdataset_init(&fctx->nameservers);
2736 fctx->options = options;
2738 * Note! We do not attach to the task. We are relying on the
2739 * resolver to ensure that this task doesn't go away while we are
2743 fctx->references = 0;
2744 fctx->bucketnum = bucketnum;
2745 fctx->state = fetchstate_init;
2746 fctx->want_shutdown = ISC_FALSE;
2747 fctx->cloned = ISC_FALSE;
2748 ISC_LIST_INIT(fctx->queries);
2749 ISC_LIST_INIT(fctx->finds);
2750 ISC_LIST_INIT(fctx->altfinds);
2751 ISC_LIST_INIT(fctx->forwaddrs);
2752 ISC_LIST_INIT(fctx->altaddrs);
2753 ISC_LIST_INIT(fctx->forwarders);
2754 fctx->fwdpolicy = dns_fwdpolicy_none;
2755 ISC_LIST_INIT(fctx->bad);
2756 ISC_LIST_INIT(fctx->validators);
2758 fctx->altfind = NULL;
2762 fctx->attributes = 0;
2764 dns_name_init(&fctx->nsname, NULL);
2765 fctx->nsfetch = NULL;
2766 dns_rdataset_init(&fctx->nsrrset);
2768 if (domain == NULL) {
2769 dns_forwarders_t *forwarders = NULL;
2770 unsigned int labels;
2773 * DS records are found in the parent server.
2774 * Strip label to get the correct forwarder (if any).
2776 if (fctx->type == dns_rdatatype_ds &&
2777 dns_name_countlabels(name) > 1) {
2778 dns_name_init(&suffix, NULL);
2779 labels = dns_name_countlabels(name);
2780 dns_name_getlabelsequence(name, 1, labels - 1, &suffix);
2783 dns_fixedname_init(&fixed);
2784 domain = dns_fixedname_name(&fixed);
2785 result = dns_fwdtable_find2(fctx->res->view->fwdtable, name,
2786 domain, &forwarders);
2787 if (result == ISC_R_SUCCESS)
2788 fctx->fwdpolicy = forwarders->fwdpolicy;
2790 if (fctx->fwdpolicy != dns_fwdpolicy_only) {
2792 * The caller didn't supply a query domain and
2793 * nameservers, and we're not in forward-only mode,
2794 * so find the best nameservers to use.
2796 if (dns_rdatatype_atparent(type))
2797 findoptions |= DNS_DBFIND_NOEXACT;
2798 result = dns_view_findzonecut(res->view, name, domain,
2799 0, findoptions, ISC_TRUE,
2802 if (result != ISC_R_SUCCESS)
2804 result = dns_name_dup(domain, res->mctx, &fctx->domain);
2805 if (result != ISC_R_SUCCESS) {
2806 dns_rdataset_disassociate(&fctx->nameservers);
2811 * We're in forward-only mode. Set the query domain.
2813 result = dns_name_dup(domain, res->mctx, &fctx->domain);
2814 if (result != ISC_R_SUCCESS)
2818 result = dns_name_dup(domain, res->mctx, &fctx->domain);
2819 if (result != ISC_R_SUCCESS)
2821 dns_rdataset_clone(nameservers, &fctx->nameservers);
2824 INSIST(dns_name_issubdomain(&fctx->name, &fctx->domain));
2826 fctx->qmessage = NULL;
2827 result = dns_message_create(res->mctx, DNS_MESSAGE_INTENTRENDER,
2830 if (result != ISC_R_SUCCESS)
2831 goto cleanup_domain;
2833 fctx->rmessage = NULL;
2834 result = dns_message_create(res->mctx, DNS_MESSAGE_INTENTPARSE,
2837 if (result != ISC_R_SUCCESS)
2838 goto cleanup_qmessage;
2841 * Compute an expiration time for the entire fetch.
2843 isc_interval_set(&interval, 30, 0); /* XXXRTH constant */
2844 iresult = isc_time_nowplusinterval(&fctx->expires, &interval);
2845 if (iresult != ISC_R_SUCCESS) {
2846 UNEXPECTED_ERROR(__FILE__, __LINE__,
2847 "isc_time_nowplusinterval: %s",
2848 isc_result_totext(iresult));
2849 result = ISC_R_UNEXPECTED;
2850 goto cleanup_rmessage;
2854 * Default retry interval initialization. We set the interval now
2855 * mostly so it won't be uninitialized. It will be set to the
2856 * correct value before a query is issued.
2858 isc_interval_set(&fctx->interval, 2, 0);
2861 * Create an inactive timer. It will be made active when the fetch
2862 * is actually started.
2865 iresult = isc_timer_create(res->timermgr, isc_timertype_inactive,
2867 res->buckets[bucketnum].task, fctx_timeout,
2868 fctx, &fctx->timer);
2869 if (iresult != ISC_R_SUCCESS) {
2870 UNEXPECTED_ERROR(__FILE__, __LINE__,
2871 "isc_timer_create: %s",
2872 isc_result_totext(iresult));
2873 result = ISC_R_UNEXPECTED;
2874 goto cleanup_rmessage;
2878 * Attach to the view's cache and adb.
2881 dns_db_attach(res->view->cachedb, &fctx->cache);
2883 dns_adb_attach(res->view->adb, &fctx->adb);
2885 ISC_LIST_INIT(fctx->events);
2886 ISC_LINK_INIT(fctx, link);
2887 fctx->magic = FCTX_MAGIC;
2889 ISC_LIST_APPEND(res->buckets[bucketnum].fctxs, fctx, link);
2893 UNLOCK(&res->nlock);
2897 return (ISC_R_SUCCESS);
2900 dns_message_destroy(&fctx->rmessage);
2903 dns_message_destroy(&fctx->qmessage);
2906 if (dns_name_countlabels(&fctx->domain) > 0)
2907 dns_name_free(&fctx->domain, res->mctx);
2908 if (dns_rdataset_isassociated(&fctx->nameservers))
2909 dns_rdataset_disassociate(&fctx->nameservers);
2912 dns_name_free(&fctx->name, res->mctx);
2915 isc_mem_free(res->mctx, fctx->info);
2918 isc_mem_put(res->mctx, fctx, sizeof(*fctx));
2926 static inline isc_boolean_t
2927 is_lame(fetchctx_t *fctx) {
2928 dns_message_t *message = fctx->rmessage;
2930 dns_rdataset_t *rdataset;
2931 isc_result_t result;
2933 if (message->rcode != dns_rcode_noerror &&
2934 message->rcode != dns_rcode_nxdomain)
2937 if (message->counts[DNS_SECTION_ANSWER] != 0)
2940 if (message->counts[DNS_SECTION_AUTHORITY] == 0)
2943 result = dns_message_firstname(message, DNS_SECTION_AUTHORITY);
2944 while (result == ISC_R_SUCCESS) {
2946 dns_message_currentname(message, DNS_SECTION_AUTHORITY, &name);
2947 for (rdataset = ISC_LIST_HEAD(name->list);
2949 rdataset = ISC_LIST_NEXT(rdataset, link)) {
2950 dns_namereln_t namereln;
2952 unsigned int labels;
2953 if (rdataset->type != dns_rdatatype_ns)
2955 namereln = dns_name_fullcompare(name, &fctx->domain,
2957 if (namereln == dns_namereln_equal &&
2958 (message->flags & DNS_MESSAGEFLAG_AA) != 0)
2960 if (namereln == dns_namereln_subdomain)
2964 result = dns_message_nextname(message, DNS_SECTION_AUTHORITY);
2971 log_lame(fetchctx_t *fctx, dns_adbaddrinfo_t *addrinfo) {
2972 char namebuf[DNS_NAME_FORMATSIZE];
2973 char domainbuf[DNS_NAME_FORMATSIZE];
2974 char addrbuf[ISC_SOCKADDR_FORMATSIZE];
2976 dns_name_format(&fctx->name, namebuf, sizeof(namebuf));
2977 dns_name_format(&fctx->domain, domainbuf, sizeof(domainbuf));
2978 isc_sockaddr_format(&addrinfo->sockaddr, addrbuf, sizeof(addrbuf));
2979 isc_log_write(dns_lctx, DNS_LOGCATEGORY_LAME_SERVERS,
2980 DNS_LOGMODULE_RESOLVER, ISC_LOG_INFO,
2981 "lame server resolving '%s' (in '%s'?): %s",
2982 namebuf, domainbuf, addrbuf);
2985 static inline isc_result_t
2986 same_question(fetchctx_t *fctx) {
2987 isc_result_t result;
2988 dns_message_t *message = fctx->rmessage;
2990 dns_rdataset_t *rdataset;
2993 * Caller must be holding the fctx lock.
2997 * XXXRTH Currently we support only one question.
2999 if (message->counts[DNS_SECTION_QUESTION] != 1)
3000 return (DNS_R_FORMERR);
3002 result = dns_message_firstname(message, DNS_SECTION_QUESTION);
3003 if (result != ISC_R_SUCCESS)
3006 dns_message_currentname(message, DNS_SECTION_QUESTION, &name);
3007 rdataset = ISC_LIST_HEAD(name->list);
3008 INSIST(rdataset != NULL);
3009 INSIST(ISC_LIST_NEXT(rdataset, link) == NULL);
3010 if (fctx->type != rdataset->type ||
3011 fctx->res->rdclass != rdataset->rdclass ||
3012 !dns_name_equal(&fctx->name, name))
3013 return (DNS_R_FORMERR);
3015 return (ISC_R_SUCCESS);
3019 clone_results(fetchctx_t *fctx) {
3020 dns_fetchevent_t *event, *hevent;
3021 isc_result_t result;
3022 dns_name_t *name, *hname;
3024 FCTXTRACE("clone_results");
3027 * Set up any other events to have the same data as the first
3030 * Caller must be holding the appropriate lock.
3033 fctx->cloned = ISC_TRUE;
3034 hevent = ISC_LIST_HEAD(fctx->events);
3037 hname = dns_fixedname_name(&hevent->foundname);
3038 for (event = ISC_LIST_NEXT(hevent, ev_link);
3040 event = ISC_LIST_NEXT(event, ev_link)) {
3041 name = dns_fixedname_name(&event->foundname);
3042 result = dns_name_copy(hname, name, NULL);
3043 if (result != ISC_R_SUCCESS)
3044 event->result = result;
3046 event->result = hevent->result;
3047 dns_db_attach(hevent->db, &event->db);
3048 dns_db_attachnode(hevent->db, hevent->node, &event->node);
3049 INSIST(hevent->rdataset != NULL);
3050 INSIST(event->rdataset != NULL);
3051 if (dns_rdataset_isassociated(hevent->rdataset))
3052 dns_rdataset_clone(hevent->rdataset, event->rdataset);
3053 INSIST(! (hevent->sigrdataset == NULL &&
3054 event->sigrdataset != NULL));
3055 if (hevent->sigrdataset != NULL &&
3056 dns_rdataset_isassociated(hevent->sigrdataset) &&
3057 event->sigrdataset != NULL)
3058 dns_rdataset_clone(hevent->sigrdataset,
3059 event->sigrdataset);
3063 #define CACHE(r) (((r)->attributes & DNS_RDATASETATTR_CACHE) != 0)
3064 #define ANSWER(r) (((r)->attributes & DNS_RDATASETATTR_ANSWER) != 0)
3065 #define ANSWERSIG(r) (((r)->attributes & DNS_RDATASETATTR_ANSWERSIG) != 0)
3066 #define EXTERNAL(r) (((r)->attributes & DNS_RDATASETATTR_EXTERNAL) != 0)
3067 #define CHAINING(r) (((r)->attributes & DNS_RDATASETATTR_CHAINING) != 0)
3068 #define CHASE(r) (((r)->attributes & DNS_RDATASETATTR_CHASE) != 0)
3069 #define CHECKNAMES(r) (((r)->attributes & DNS_RDATASETATTR_CHECKNAMES) != 0)
3073 * Destroy '*fctx' if it is ready to be destroyed (i.e., if it has
3074 * no references and is no longer waiting for any events). If this
3075 * was the last fctx in the resolver, destroy the resolver.
3078 * '*fctx' is shutting down.
3081 maybe_destroy(fetchctx_t *fctx) {
3082 unsigned int bucketnum;
3083 isc_boolean_t bucket_empty = ISC_FALSE;
3084 dns_resolver_t *res = fctx->res;
3086 REQUIRE(SHUTTINGDOWN(fctx));
3088 if (fctx->pending != 0 || !ISC_LIST_EMPTY(fctx->validators))
3091 bucketnum = fctx->bucketnum;
3092 LOCK(&res->buckets[bucketnum].lock);
3093 if (fctx->references == 0)
3094 bucket_empty = fctx_destroy(fctx);
3095 UNLOCK(&res->buckets[bucketnum].lock);
3102 * The validator has finished.
3105 validated(isc_task_t *task, isc_event_t *event) {
3106 isc_result_t result = ISC_R_SUCCESS;
3107 isc_result_t eresult = ISC_R_SUCCESS;
3110 dns_validatorevent_t *vevent;
3111 dns_fetchevent_t *hevent;
3112 dns_rdataset_t *ardataset = NULL;
3113 dns_rdataset_t *asigrdataset = NULL;
3114 dns_dbnode_t *node = NULL;
3115 isc_boolean_t negative;
3116 isc_boolean_t chaining;
3117 isc_boolean_t sentresponse;
3119 dns_dbnode_t *nsnode = NULL;
3121 dns_rdataset_t *rdataset;
3122 dns_rdataset_t *sigrdataset;
3123 dns_valarg_t *valarg;
3124 dns_adbaddrinfo_t *addrinfo;
3126 UNUSED(task); /* for now */
3128 REQUIRE(event->ev_type == DNS_EVENT_VALIDATORDONE);
3129 valarg = event->ev_arg;
3130 fctx = valarg->fctx;
3131 addrinfo = valarg->addrinfo;
3132 REQUIRE(VALID_FCTX(fctx));
3133 REQUIRE(!ISC_LIST_EMPTY(fctx->validators));
3135 vevent = (dns_validatorevent_t *)event;
3137 FCTXTRACE("received validation completion event");
3139 ISC_LIST_UNLINK(fctx->validators, vevent->validator, link);
3142 * Destroy the validator early so that we can
3143 * destroy the fctx if necessary.
3145 dns_validator_destroy(&vevent->validator);
3146 isc_mem_put(fctx->res->mctx, valarg, sizeof(*valarg));
3148 negative = ISC_TF(vevent->rdataset == NULL);
3150 sentresponse = ISC_TF((fctx->options & DNS_FETCHOPT_NOVALIDATE) != 0);
3153 * If shutting down, ignore the results. Check to see if we're
3154 * done waiting for validator completions and ADB pending events; if
3155 * so, destroy the fctx.
3157 if (SHUTTINGDOWN(fctx) && !sentresponse) {
3158 maybe_destroy(fctx);
3163 * If chaining, we need to make sure that the right result code is
3164 * returned, and that the rdatasets are bound.
3166 if (vevent->result == ISC_R_SUCCESS &&
3168 vevent->rdataset != NULL &&
3169 CHAINING(vevent->rdataset))
3171 if (vevent->rdataset->type == dns_rdatatype_cname)
3172 eresult = DNS_R_CNAME;
3174 INSIST(vevent->rdataset->type == dns_rdatatype_dname);
3175 eresult = DNS_R_DNAME;
3177 chaining = ISC_TRUE;
3179 chaining = ISC_FALSE;
3182 * Either we're not shutting down, or we are shutting down but want
3183 * to cache the result anyway (if this was a validation started by
3184 * a query with cd set)
3187 hevent = ISC_LIST_HEAD(fctx->events);
3188 if (hevent != NULL) {
3189 if (!negative && !chaining &&
3190 (fctx->type == dns_rdatatype_any ||
3191 fctx->type == dns_rdatatype_rrsig)) {
3193 * Don't bind rdatasets; the caller
3194 * will iterate the node.
3197 ardataset = hevent->rdataset;
3198 asigrdataset = hevent->sigrdataset;
3202 if (vevent->result != ISC_R_SUCCESS) {
3203 FCTXTRACE("validation failed");
3204 result = ISC_R_NOTFOUND;
3205 if (vevent->rdataset != NULL)
3206 result = dns_db_findnode(fctx->cache, vevent->name,
3208 if (result == ISC_R_SUCCESS)
3209 (void)dns_db_deleterdataset(fctx->cache, node, NULL,
3211 if (result == ISC_R_SUCCESS && vevent->sigrdataset != NULL)
3212 (void)dns_db_deleterdataset(fctx->cache, node, NULL,
3213 dns_rdatatype_rrsig,
3215 if (result == ISC_R_SUCCESS)
3216 dns_db_detachnode(fctx->cache, &node);
3217 result = vevent->result;
3218 add_bad(fctx, &addrinfo->sockaddr, result);
3219 isc_event_free(&event);
3221 fctx_done(fctx, result);
3227 isc_stdtime_get(&now);
3230 dns_rdatatype_t covers;
3231 FCTXTRACE("nonexistence validation OK");
3233 if (fctx->rmessage->rcode == dns_rcode_nxdomain)
3234 covers = dns_rdatatype_any;
3236 covers = fctx->type;
3238 result = dns_db_findnode(fctx->cache, vevent->name, ISC_TRUE,
3240 if (result != ISC_R_SUCCESS)
3241 goto noanswer_response;
3244 * If we are asking for a SOA record set the cache time
3245 * to zero to facilitate locating the containing zone of
3248 ttl = fctx->res->view->maxncachettl;
3249 if (fctx->type == dns_rdatatype_soa &&
3250 covers == dns_rdatatype_any)
3253 result = ncache_adderesult(fctx->rmessage, fctx->cache, node,
3255 ardataset, &eresult);
3256 if (result != ISC_R_SUCCESS)
3257 goto noanswer_response;
3258 goto answer_response;
3261 FCTXTRACE("validation OK");
3263 if (vevent->proofs[DNS_VALIDATOR_NOQNAMEPROOF] != NULL) {
3265 result = dns_rdataset_addnoqname(vevent->rdataset,
3266 vevent->proofs[DNS_VALIDATOR_NOQNAMEPROOF]);
3267 RUNTIME_CHECK(result == ISC_R_SUCCESS);
3268 vevent->sigrdataset->ttl = vevent->rdataset->ttl;
3272 * The data was already cached as pending data.
3273 * Re-cache it as secure and bind the cached
3274 * rdatasets to the first event on the fetch
3277 result = dns_db_findnode(fctx->cache, vevent->name, ISC_TRUE, &node);
3278 if (result != ISC_R_SUCCESS)
3279 goto noanswer_response;
3281 result = dns_db_addrdataset(fctx->cache, node, NULL, now,
3282 vevent->rdataset, 0, ardataset);
3283 if (result != ISC_R_SUCCESS &&
3284 result != DNS_R_UNCHANGED)
3285 goto noanswer_response;
3286 if (vevent->sigrdataset != NULL) {
3287 result = dns_db_addrdataset(fctx->cache, node, NULL, now,
3288 vevent->sigrdataset, 0,
3290 if (result != ISC_R_SUCCESS &&
3291 result != DNS_R_UNCHANGED)
3292 goto noanswer_response;
3297 * If we only deferred the destroy because we wanted to cache
3298 * the data, destroy now.
3300 if (SHUTTINGDOWN(fctx))
3301 maybe_destroy(fctx);
3306 if (!ISC_LIST_EMPTY(fctx->validators)) {
3308 INSIST(fctx->type == dns_rdatatype_any ||
3309 fctx->type == dns_rdatatype_rrsig);
3311 * Don't send a response yet - we have
3312 * more rdatasets that still need to
3320 * Cache any NS/NSEC records that happened to be validated.
3322 result = dns_message_firstname(fctx->rmessage, DNS_SECTION_AUTHORITY);
3323 while (result == ISC_R_SUCCESS) {
3325 dns_message_currentname(fctx->rmessage, DNS_SECTION_AUTHORITY,
3327 for (rdataset = ISC_LIST_HEAD(name->list);
3329 rdataset = ISC_LIST_NEXT(rdataset, link)) {
3330 if ((rdataset->type != dns_rdatatype_ns &&
3331 rdataset->type != dns_rdatatype_nsec) ||
3332 rdataset->trust != dns_trust_secure)
3334 for (sigrdataset = ISC_LIST_HEAD(name->list);
3335 sigrdataset != NULL;
3336 sigrdataset = ISC_LIST_NEXT(sigrdataset, link)) {
3337 if (sigrdataset->type != dns_rdatatype_rrsig ||
3338 sigrdataset->covers != rdataset->type)
3342 if (sigrdataset == NULL ||
3343 sigrdataset->trust != dns_trust_secure)
3345 result = dns_db_findnode(fctx->cache, name, ISC_TRUE,
3347 if (result != ISC_R_SUCCESS)
3350 result = dns_db_addrdataset(fctx->cache, nsnode, NULL,
3351 now, rdataset, 0, NULL);
3352 if (result == ISC_R_SUCCESS)
3353 result = dns_db_addrdataset(fctx->cache, nsnode,
3357 dns_db_detachnode(fctx->cache, &nsnode);
3359 result = dns_message_nextname(fctx->rmessage,
3360 DNS_SECTION_AUTHORITY);
3363 result = ISC_R_SUCCESS;
3366 * Respond with an answer, positive or negative,
3367 * as opposed to an error. 'node' must be non-NULL.
3370 fctx->attributes |= FCTX_ATTR_HAVEANSWER;
3372 if (hevent != NULL) {
3373 hevent->result = eresult;
3374 RUNTIME_CHECK(dns_name_copy(vevent->name,
3375 dns_fixedname_name(&hevent->foundname), NULL)
3377 dns_db_attach(fctx->cache, &hevent->db);
3378 hevent->node = node;
3380 clone_results(fctx);
3385 dns_db_detachnode(fctx->cache, &node);
3387 fctx_done(fctx, result);
3390 isc_event_free(&event);
3393 static inline isc_result_t
3394 cache_name(fetchctx_t *fctx, dns_name_t *name, dns_adbaddrinfo_t *addrinfo,
3395 isc_stdtime_t now) {
3396 dns_rdataset_t *rdataset, *sigrdataset;
3397 dns_rdataset_t *addedrdataset, *ardataset, *asigrdataset;
3398 dns_rdataset_t *valrdataset = NULL, *valsigrdataset = NULL;
3399 dns_dbnode_t *node, **anodep;
3402 dns_resolver_t *res;
3403 isc_boolean_t need_validation, secure_domain, have_answer;
3404 isc_result_t result, eresult;
3405 dns_fetchevent_t *event;
3406 unsigned int options;
3409 unsigned int valoptions = 0;
3412 * The appropriate bucket lock must be held.
3416 need_validation = ISC_FALSE;
3417 secure_domain = ISC_FALSE;
3418 have_answer = ISC_FALSE;
3419 eresult = ISC_R_SUCCESS;
3420 task = res->buckets[fctx->bucketnum].task;
3423 * Is DNSSEC validation required for this name?
3425 result = dns_keytable_issecuredomain(res->view->secroots, name,
3427 if (result != ISC_R_SUCCESS)
3430 if (!secure_domain && res->view->dlv != NULL) {
3431 valoptions = DNS_VALIDATOR_DLV;
3432 secure_domain = ISC_TRUE;
3435 if ((fctx->options & DNS_FETCHOPT_NOVALIDATE) != 0)
3436 need_validation = ISC_FALSE;
3438 need_validation = secure_domain;
3444 asigrdataset = NULL;
3446 if ((name->attributes & DNS_NAMEATTR_ANSWER) != 0 &&
3448 have_answer = ISC_TRUE;
3449 event = ISC_LIST_HEAD(fctx->events);
3450 if (event != NULL) {
3452 aname = dns_fixedname_name(&event->foundname);
3453 result = dns_name_copy(name, aname, NULL);
3454 if (result != ISC_R_SUCCESS)
3456 anodep = &event->node;
3458 * If this is an ANY or SIG query, we're not going
3459 * to return any rdatasets, unless we encountered
3460 * a CNAME or DNAME as "the answer". In this case,
3461 * we're going to return DNS_R_CNAME or DNS_R_DNAME
3462 * and we must set up the rdatasets.
3464 if ((fctx->type != dns_rdatatype_any &&
3465 fctx->type != dns_rdatatype_rrsig) ||
3466 (name->attributes & DNS_NAMEATTR_CHAINING) != 0) {
3467 ardataset = event->rdataset;
3468 asigrdataset = event->sigrdataset;
3474 * Find or create the cache node.
3477 result = dns_db_findnode(fctx->cache, name, ISC_TRUE, &node);
3478 if (result != ISC_R_SUCCESS)
3482 * Cache or validate each cacheable rdataset.
3484 fail = ISC_TF((fctx->res->options & DNS_RESOLVER_CHECKNAMESFAIL) != 0);
3485 for (rdataset = ISC_LIST_HEAD(name->list);
3487 rdataset = ISC_LIST_NEXT(rdataset, link)) {
3488 if (!CACHE(rdataset))
3490 if (CHECKNAMES(rdataset)) {
3491 char namebuf[DNS_NAME_FORMATSIZE];
3492 char typebuf[DNS_RDATATYPE_FORMATSIZE];
3493 char classbuf[DNS_RDATATYPE_FORMATSIZE];
3495 dns_name_format(name, namebuf, sizeof(namebuf));
3496 dns_rdatatype_format(rdataset->type, typebuf,
3498 dns_rdataclass_format(rdataset->rdclass, classbuf,
3500 isc_log_write(dns_lctx, DNS_LOGCATEGORY_RESOLVER,
3501 DNS_LOGMODULE_RESOLVER, ISC_LOG_NOTICE,
3502 "check-names %s %s/%s/%s",
3503 fail ? "failure" : "warning",
3504 namebuf, typebuf, classbuf);
3506 if (ANSWER(rdataset))
3507 return (DNS_R_BADNAME);
3513 * Enforce the configure maximum cache TTL.
3515 if (rdataset->ttl > res->view->maxcachettl)
3516 rdataset->ttl = res->view->maxcachettl;
3519 * If this rrset is in a secure domain, do DNSSEC validation
3520 * for it, unless it is glue.
3522 if (secure_domain && rdataset->trust != dns_trust_glue) {
3524 * SIGs are validated as part of validating the
3527 if (rdataset->type == dns_rdatatype_rrsig)
3530 * Find the SIG for this rdataset, if we have it.
3532 for (sigrdataset = ISC_LIST_HEAD(name->list);
3533 sigrdataset != NULL;
3534 sigrdataset = ISC_LIST_NEXT(sigrdataset, link)) {
3535 if (sigrdataset->type == dns_rdatatype_rrsig &&
3536 sigrdataset->covers == rdataset->type)
3539 if (sigrdataset == NULL) {
3540 if (!ANSWER(rdataset) && need_validation) {
3542 * Ignore non-answer rdatasets that
3543 * are missing signatures.
3550 * Normalize the rdataset and sigrdataset TTLs.
3552 if (sigrdataset != NULL) {
3553 rdataset->ttl = ISC_MIN(rdataset->ttl,
3555 sigrdataset->ttl = rdataset->ttl;
3559 * Cache this rdataset/sigrdataset pair as
3562 rdataset->trust = dns_trust_pending;
3563 if (sigrdataset != NULL)
3564 sigrdataset->trust = dns_trust_pending;
3565 if (!need_validation)
3566 addedrdataset = ardataset;
3568 addedrdataset = NULL;
3569 result = dns_db_addrdataset(fctx->cache, node, NULL,
3572 if (result == DNS_R_UNCHANGED)
3573 result = ISC_R_SUCCESS;
3574 if (result != ISC_R_SUCCESS)
3576 if (sigrdataset != NULL) {
3577 if (!need_validation)
3578 addedrdataset = asigrdataset;
3580 addedrdataset = NULL;
3581 result = dns_db_addrdataset(fctx->cache,
3585 if (result == DNS_R_UNCHANGED)
3586 result = ISC_R_SUCCESS;
3587 if (result != ISC_R_SUCCESS)
3589 } else if (!ANSWER(rdataset))
3592 if (ANSWER(rdataset) && need_validation) {
3593 if (fctx->type != dns_rdatatype_any &&
3594 fctx->type != dns_rdatatype_rrsig) {
3596 * This is The Answer. We will
3597 * validate it, but first we cache
3598 * the rest of the response - it may
3599 * contain useful keys.
3601 INSIST(valrdataset == NULL &&
3602 valsigrdataset == NULL);
3603 valrdataset = rdataset;
3604 valsigrdataset = sigrdataset;
3607 * This is one of (potentially)
3608 * multiple answers to an ANY
3609 * or SIG query. To keep things
3610 * simple, we just start the
3611 * validator right away rather
3612 * than caching first and
3613 * having to remember which
3614 * rdatasets needed validation.
3616 result = valcreate(fctx, addrinfo,
3617 name, rdataset->type,
3622 } else if (CHAINING(rdataset)) {
3623 if (rdataset->type == dns_rdatatype_cname)
3624 eresult = DNS_R_CNAME;
3626 INSIST(rdataset->type ==
3627 dns_rdatatype_dname);
3628 eresult = DNS_R_DNAME;
3631 } else if (!EXTERNAL(rdataset)) {
3633 * It's OK to cache this rdataset now.
3635 if (ANSWER(rdataset))
3636 addedrdataset = ardataset;
3637 else if (ANSWERSIG(rdataset))
3638 addedrdataset = asigrdataset;
3640 addedrdataset = NULL;
3641 if (CHAINING(rdataset)) {
3642 if (rdataset->type == dns_rdatatype_cname)
3643 eresult = DNS_R_CNAME;
3645 INSIST(rdataset->type ==
3646 dns_rdatatype_dname);
3647 eresult = DNS_R_DNAME;
3650 if (rdataset->trust == dns_trust_glue &&
3651 (rdataset->type == dns_rdatatype_ns ||
3652 (rdataset->type == dns_rdatatype_rrsig &&
3653 rdataset->covers == dns_rdatatype_ns))) {
3655 * If the trust level is 'dns_trust_glue'
3656 * then we are adding data from a referral
3657 * we got while executing the search algorithm.
3658 * New referral data always takes precedence
3659 * over the existing cache contents.
3661 options = DNS_DBADD_FORCE;
3665 * Now we can add the rdataset.
3667 result = dns_db_addrdataset(fctx->cache,
3672 if (result == DNS_R_UNCHANGED) {
3673 if (ANSWER(rdataset) &&
3674 ardataset != NULL &&
3675 ardataset->type == 0) {
3677 * The answer in the cache is better
3678 * than the answer we found, and is
3679 * a negative cache entry, so we
3680 * must set eresult appropriately.
3682 if (NXDOMAIN(ardataset))
3684 DNS_R_NCACHENXDOMAIN;
3687 DNS_R_NCACHENXRRSET;
3689 result = ISC_R_SUCCESS;
3690 } else if (result != ISC_R_SUCCESS)
3695 if (valrdataset != NULL)
3696 result = valcreate(fctx, addrinfo, name, fctx->type,
3697 valrdataset, valsigrdataset, valoptions,
3700 if (result == ISC_R_SUCCESS && have_answer) {
3701 fctx->attributes |= FCTX_ATTR_HAVEANSWER;
3702 if (event != NULL) {
3703 event->result = eresult;
3704 dns_db_attach(fctx->cache, adbp);
3707 clone_results(fctx);
3712 dns_db_detachnode(fctx->cache, &node);
3717 static inline isc_result_t
3718 cache_message(fetchctx_t *fctx, dns_adbaddrinfo_t *addrinfo, isc_stdtime_t now)
3720 isc_result_t result;
3721 dns_section_t section;
3724 FCTXTRACE("cache_message");
3726 fctx->attributes &= ~FCTX_ATTR_WANTCACHE;
3728 LOCK(&fctx->res->buckets[fctx->bucketnum].lock);
3730 for (section = DNS_SECTION_ANSWER;
3731 section <= DNS_SECTION_ADDITIONAL;
3733 result = dns_message_firstname(fctx->rmessage, section);
3734 while (result == ISC_R_SUCCESS) {
3736 dns_message_currentname(fctx->rmessage, section,
3738 if ((name->attributes & DNS_NAMEATTR_CACHE) != 0) {
3739 result = cache_name(fctx, name, addrinfo, now);
3740 if (result != ISC_R_SUCCESS)
3743 result = dns_message_nextname(fctx->rmessage, section);
3745 if (result != ISC_R_NOMORE)
3748 if (result == ISC_R_NOMORE)
3749 result = ISC_R_SUCCESS;
3751 UNLOCK(&fctx->res->buckets[fctx->bucketnum].lock);
3757 * Do what dns_ncache_add() does, and then compute an appropriate eresult.
3760 ncache_adderesult(dns_message_t *message, dns_db_t *cache, dns_dbnode_t *node,
3761 dns_rdatatype_t covers, isc_stdtime_t now, dns_ttl_t maxttl,
3762 dns_rdataset_t *ardataset,
3763 isc_result_t *eresultp)
3765 isc_result_t result;
3766 result = dns_ncache_add(message, cache, node, covers, now,
3768 if (result == DNS_R_UNCHANGED) {
3770 * The data in the cache are better than the negative cache
3771 * entry we're trying to add.
3773 if (ardataset != NULL && ardataset->type == 0) {
3775 * The cache data is also a negative cache
3778 if (NXDOMAIN(ardataset))
3779 *eresultp = DNS_R_NCACHENXDOMAIN;
3781 *eresultp = DNS_R_NCACHENXRRSET;
3782 result = ISC_R_SUCCESS;
3785 * Either we don't care about the nature of the
3786 * cache rdataset (because no fetch is interested
3787 * in the outcome), or the cache rdataset is not
3788 * a negative cache entry. Whichever case it is,
3789 * we can return success.
3791 * XXXRTH There's a CNAME/DNAME problem here.
3793 *eresultp = ISC_R_SUCCESS;
3794 result = ISC_R_SUCCESS;
3796 } else if (result == ISC_R_SUCCESS) {
3797 if (NXDOMAIN(ardataset))
3798 *eresultp = DNS_R_NCACHENXDOMAIN;
3800 *eresultp = DNS_R_NCACHENXRRSET;
3806 static inline isc_result_t
3807 ncache_message(fetchctx_t *fctx, dns_adbaddrinfo_t *addrinfo,
3808 dns_rdatatype_t covers, isc_stdtime_t now)
3810 isc_result_t result, eresult;
3812 dns_resolver_t *res;
3814 dns_dbnode_t *node, **anodep;
3815 dns_rdataset_t *ardataset;
3816 isc_boolean_t need_validation, secure_domain;
3818 dns_fetchevent_t *event;
3820 unsigned int valoptions = 0;
3822 FCTXTRACE("ncache_message");
3824 fctx->attributes &= ~FCTX_ATTR_WANTNCACHE;
3827 need_validation = ISC_FALSE;
3828 secure_domain = ISC_FALSE;
3829 eresult = ISC_R_SUCCESS;
3834 * XXXMPA remove when we follow cnames and adjust the setting
3835 * of FCTX_ATTR_WANTNCACHE in noanswer_response().
3837 INSIST(fctx->rmessage->counts[DNS_SECTION_ANSWER] == 0);
3840 * Is DNSSEC validation required for this name?
3842 result = dns_keytable_issecuredomain(res->view->secroots, name,
3844 if (result != ISC_R_SUCCESS)
3847 if (!secure_domain && res->view->dlv != NULL) {
3848 valoptions = DNS_VALIDATOR_DLV;
3849 secure_domain = ISC_TRUE;
3852 if ((fctx->options & DNS_FETCHOPT_NOVALIDATE) != 0)
3853 need_validation = ISC_FALSE;
3855 need_validation = secure_domain;
3857 if (secure_domain) {
3859 * Mark all rdatasets as pending.
3861 dns_rdataset_t *trdataset;
3864 result = dns_message_firstname(fctx->rmessage,
3865 DNS_SECTION_AUTHORITY);
3866 while (result == ISC_R_SUCCESS) {
3868 dns_message_currentname(fctx->rmessage,
3869 DNS_SECTION_AUTHORITY,
3871 for (trdataset = ISC_LIST_HEAD(tname->list);
3873 trdataset = ISC_LIST_NEXT(trdataset, link))
3874 trdataset->trust = dns_trust_pending;
3875 result = dns_message_nextname(fctx->rmessage,
3876 DNS_SECTION_AUTHORITY);
3878 if (result != ISC_R_NOMORE)
3883 if (need_validation) {
3885 * Do negative response validation.
3887 result = valcreate(fctx, addrinfo, name, fctx->type,
3888 NULL, NULL, valoptions,
3889 res->buckets[fctx->bucketnum].task);
3891 * If validation is necessary, return now. Otherwise continue
3892 * to process the message, letting the validation complete
3893 * in its own good time.
3898 LOCK(&res->buckets[fctx->bucketnum].lock);
3904 if (!HAVE_ANSWER(fctx)) {
3905 event = ISC_LIST_HEAD(fctx->events);
3906 if (event != NULL) {
3908 aname = dns_fixedname_name(&event->foundname);
3909 result = dns_name_copy(name, aname, NULL);
3910 if (result != ISC_R_SUCCESS)
3912 anodep = &event->node;
3913 ardataset = event->rdataset;
3918 result = dns_db_findnode(fctx->cache, name, ISC_TRUE, &node);
3919 if (result != ISC_R_SUCCESS)
3923 * If we are asking for a SOA record set the cache time
3924 * to zero to facilitate locating the containing zone of
3927 ttl = fctx->res->view->maxncachettl;
3928 if (fctx->type == dns_rdatatype_soa &&
3929 covers == dns_rdatatype_any)
3932 result = ncache_adderesult(fctx->rmessage, fctx->cache, node,
3933 covers, now, ttl, ardataset, &eresult);
3934 if (result != ISC_R_SUCCESS)
3937 if (!HAVE_ANSWER(fctx)) {
3938 fctx->attributes |= FCTX_ATTR_HAVEANSWER;
3939 if (event != NULL) {
3940 event->result = eresult;
3941 dns_db_attach(fctx->cache, adbp);
3944 clone_results(fctx);
3949 UNLOCK(&res->buckets[fctx->bucketnum].lock);
3952 dns_db_detachnode(fctx->cache, &node);
3958 mark_related(dns_name_t *name, dns_rdataset_t *rdataset,
3959 isc_boolean_t external, isc_boolean_t gluing)
3961 name->attributes |= DNS_NAMEATTR_CACHE;
3963 rdataset->trust = dns_trust_glue;
3965 * Glue with 0 TTL causes problems. We force the TTL to
3966 * 1 second to prevent this.
3968 if (rdataset->ttl == 0)
3971 rdataset->trust = dns_trust_additional;
3973 * Avoid infinite loops by only marking new rdatasets.
3975 if (!CACHE(rdataset)) {
3976 name->attributes |= DNS_NAMEATTR_CHASE;
3977 rdataset->attributes |= DNS_RDATASETATTR_CHASE;
3979 rdataset->attributes |= DNS_RDATASETATTR_CACHE;
3981 rdataset->attributes |= DNS_RDATASETATTR_EXTERNAL;
3985 check_related(void *arg, dns_name_t *addname, dns_rdatatype_t type) {
3986 fetchctx_t *fctx = arg;
3987 isc_result_t result;
3989 dns_rdataset_t *rdataset;
3990 isc_boolean_t external;
3991 dns_rdatatype_t rtype;
3992 isc_boolean_t gluing;
3994 REQUIRE(VALID_FCTX(fctx));
4002 result = dns_message_findname(fctx->rmessage, DNS_SECTION_ADDITIONAL,
4003 addname, dns_rdatatype_any, 0, &name,
4005 if (result == ISC_R_SUCCESS) {
4006 external = ISC_TF(!dns_name_issubdomain(name, &fctx->domain));
4007 if (type == dns_rdatatype_a) {
4008 for (rdataset = ISC_LIST_HEAD(name->list);
4010 rdataset = ISC_LIST_NEXT(rdataset, link)) {
4011 if (rdataset->type == dns_rdatatype_rrsig)
4012 rtype = rdataset->covers;
4014 rtype = rdataset->type;
4015 if (rtype == dns_rdatatype_a ||
4016 rtype == dns_rdatatype_aaaa)
4017 mark_related(name, rdataset, external,
4021 result = dns_message_findtype(name, type, 0,
4023 if (result == ISC_R_SUCCESS) {
4024 mark_related(name, rdataset, external, gluing);
4026 * Do we have its SIG too?
4029 result = dns_message_findtype(name,
4030 dns_rdatatype_rrsig,
4032 if (result == ISC_R_SUCCESS)
4033 mark_related(name, rdataset, external,
4039 return (ISC_R_SUCCESS);
4043 chase_additional(fetchctx_t *fctx) {
4044 isc_boolean_t rescan;
4045 dns_section_t section = DNS_SECTION_ADDITIONAL;
4046 isc_result_t result;
4051 for (result = dns_message_firstname(fctx->rmessage, section);
4052 result == ISC_R_SUCCESS;
4053 result = dns_message_nextname(fctx->rmessage, section)) {
4054 dns_name_t *name = NULL;
4055 dns_rdataset_t *rdataset;
4056 dns_message_currentname(fctx->rmessage, DNS_SECTION_ADDITIONAL,
4058 if ((name->attributes & DNS_NAMEATTR_CHASE) == 0)
4060 name->attributes &= ~DNS_NAMEATTR_CHASE;
4061 for (rdataset = ISC_LIST_HEAD(name->list);
4063 rdataset = ISC_LIST_NEXT(rdataset, link)) {
4064 if (CHASE(rdataset)) {
4065 rdataset->attributes &= ~DNS_RDATASETATTR_CHASE;
4066 (void)dns_rdataset_additionaldata(rdataset,
4077 static inline isc_result_t
4078 cname_target(dns_rdataset_t *rdataset, dns_name_t *tname) {
4079 isc_result_t result;
4080 dns_rdata_t rdata = DNS_RDATA_INIT;
4081 dns_rdata_cname_t cname;
4083 result = dns_rdataset_first(rdataset);
4084 if (result != ISC_R_SUCCESS)
4086 dns_rdataset_current(rdataset, &rdata);
4087 result = dns_rdata_tostruct(&rdata, &cname, NULL);
4088 if (result != ISC_R_SUCCESS)
4090 dns_name_init(tname, NULL);
4091 dns_name_clone(&cname.cname, tname);
4092 dns_rdata_freestruct(&cname);
4094 return (ISC_R_SUCCESS);
4097 static inline isc_result_t
4098 dname_target(dns_rdataset_t *rdataset, dns_name_t *qname, dns_name_t *oname,
4099 dns_fixedname_t *fixeddname)
4101 isc_result_t result;
4102 dns_rdata_t rdata = DNS_RDATA_INIT;
4103 unsigned int nlabels;
4105 dns_namereln_t namereln;
4106 dns_rdata_dname_t dname;
4107 dns_fixedname_t prefix;
4110 * Get the target name of the DNAME.
4113 result = dns_rdataset_first(rdataset);
4114 if (result != ISC_R_SUCCESS)
4116 dns_rdataset_current(rdataset, &rdata);
4117 result = dns_rdata_tostruct(&rdata, &dname, NULL);
4118 if (result != ISC_R_SUCCESS)
4122 * Get the prefix of qname.
4124 namereln = dns_name_fullcompare(qname, oname, &order, &nlabels);
4125 if (namereln != dns_namereln_subdomain) {
4126 dns_rdata_freestruct(&dname);
4127 return (DNS_R_FORMERR);
4129 dns_fixedname_init(&prefix);
4130 dns_name_split(qname, nlabels, dns_fixedname_name(&prefix), NULL);
4131 dns_fixedname_init(fixeddname);
4132 result = dns_name_concatenate(dns_fixedname_name(&prefix),
4134 dns_fixedname_name(fixeddname), NULL);
4135 dns_rdata_freestruct(&dname);
4140 * Handle a no-answer response (NXDOMAIN, NXRRSET, or referral).
4141 * If bind8_ns_resp is ISC_TRUE, this is a suspected BIND 8
4142 * response to an NS query that should be treated as a referral
4143 * even though the NS records occur in the answer section
4144 * rather than the authority section.
4147 noanswer_response(fetchctx_t *fctx, dns_name_t *oqname,
4148 isc_boolean_t bind8_ns_resp)
4150 isc_result_t result;
4151 dns_message_t *message;
4152 dns_name_t *name, *qname, *ns_name, *soa_name, *ds_name;
4153 dns_rdataset_t *rdataset, *ns_rdataset;
4154 isc_boolean_t done, aa, negative_response;
4155 dns_rdatatype_t type;
4156 dns_section_t section =
4157 bind8_ns_resp ? DNS_SECTION_ANSWER : DNS_SECTION_AUTHORITY;
4159 FCTXTRACE("noanswer_response");
4161 message = fctx->rmessage;
4166 if (oqname == NULL) {
4168 * We have a normal, non-chained negative response or
4171 if ((message->flags & DNS_MESSAGEFLAG_AA) != 0)
4175 qname = &fctx->name;
4178 * We're being invoked by answer_response() after it has
4179 * followed a CNAME/DNAME chain.
4184 * If the current qname is not a subdomain of the query
4185 * domain, there's no point in looking at the authority
4186 * section without doing DNSSEC validation.
4188 * Until we do that validation, we'll just return success
4191 if (!dns_name_issubdomain(qname, &fctx->domain))
4192 return (ISC_R_SUCCESS);
4196 * We have to figure out if this is a negative response, or a
4201 * Sometimes we can tell if its a negative response by looking at
4202 * the message header.
4204 negative_response = ISC_FALSE;
4205 if (message->rcode == dns_rcode_nxdomain ||
4206 (message->counts[DNS_SECTION_ANSWER] == 0 &&
4207 message->counts[DNS_SECTION_AUTHORITY] == 0))
4208 negative_response = ISC_TRUE;
4211 * Process the authority section.
4218 result = dns_message_firstname(message, section);
4219 while (!done && result == ISC_R_SUCCESS) {
4221 dns_message_currentname(message, section, &name);
4222 if (dns_name_issubdomain(name, &fctx->domain)) {
4224 * Look for NS/SOA RRsets first.
4226 for (rdataset = ISC_LIST_HEAD(name->list);
4228 rdataset = ISC_LIST_NEXT(rdataset, link)) {
4229 type = rdataset->type;
4230 if (type == dns_rdatatype_rrsig)
4231 type = rdataset->covers;
4232 if (((type == dns_rdatatype_ns ||
4233 type == dns_rdatatype_soa) &&
4234 !dns_name_issubdomain(qname, name)))
4235 return (DNS_R_FORMERR);
4236 if (type == dns_rdatatype_ns) {
4240 * Only one set of NS RRs is allowed.
4242 if (rdataset->type ==
4244 if (ns_name != NULL &&
4246 return (DNS_R_FORMERR);
4248 ns_rdataset = rdataset;
4252 rdataset->attributes |=
4253 DNS_RDATASETATTR_CACHE;
4254 rdataset->trust = dns_trust_glue;
4256 if (type == dns_rdatatype_soa) {
4258 * SOA, or RRSIG SOA.
4260 * Only one SOA is allowed.
4262 if (rdataset->type ==
4263 dns_rdatatype_soa) {
4264 if (soa_name != NULL &&
4266 return (DNS_R_FORMERR);
4270 DNS_NAMEATTR_NCACHE;
4271 rdataset->attributes |=
4272 DNS_RDATASETATTR_NCACHE;
4275 dns_trust_authauthority;
4278 dns_trust_additional;
4282 * A negative response has a SOA record (Type 2)
4283 * and a optional NS RRset (Type 1) or it has neither
4284 * a SOA or a NS RRset (Type 3, handled above) or
4285 * rcode is NXDOMAIN (handled above) in which case
4286 * the NS RRset is allowed (Type 4).
4288 if (soa_name != NULL)
4289 negative_response = ISC_TRUE;
4290 for (rdataset = ISC_LIST_HEAD(name->list);
4292 rdataset = ISC_LIST_NEXT(rdataset, link)) {
4293 type = rdataset->type;
4294 if (type == dns_rdatatype_rrsig)
4295 type = rdataset->covers;
4296 if (type == dns_rdatatype_nsec) {
4298 * NSEC or RRSIG NSEC.
4300 if (negative_response) {
4302 DNS_NAMEATTR_NCACHE;
4303 rdataset->attributes |=
4304 DNS_RDATASETATTR_NCACHE;
4308 rdataset->attributes |=
4309 DNS_RDATASETATTR_CACHE;
4313 dns_trust_authauthority;
4316 dns_trust_additional;
4318 * No additional data needs to be
4321 } else if (type == dns_rdatatype_ds) {
4325 * These should only be here if
4326 * this is a referral, and there
4327 * should only be one DS.
4329 if (ns_name == NULL)
4330 return (DNS_R_FORMERR);
4331 if (rdataset->type ==
4333 if (ds_name != NULL &&
4335 return (DNS_R_FORMERR);
4340 rdataset->attributes |=
4341 DNS_RDATASETATTR_CACHE;
4344 dns_trust_authauthority;
4347 dns_trust_additional;
4351 result = dns_message_nextname(message, section);
4352 if (result == ISC_R_NOMORE)
4354 else if (result != ISC_R_SUCCESS)
4359 * Trigger lookups for DNS nameservers.
4361 if (negative_response && message->rcode == dns_rcode_noerror &&
4362 fctx->type == dns_rdatatype_ds && soa_name != NULL &&
4363 dns_name_equal(soa_name, qname) &&
4364 !dns_name_equal(qname, dns_rootname))
4365 return (DNS_R_CHASEDSSERVERS);
4368 * Did we find anything?
4370 if (!negative_response && ns_name == NULL) {
4374 if (oqname != NULL) {
4376 * We've already got a partial CNAME/DNAME chain,
4377 * and haven't found else anything useful here, but
4378 * no error has occurred since we have an answer.
4380 return (ISC_R_SUCCESS);
4383 * The responder is insane.
4385 return (DNS_R_FORMERR);
4390 * If we found both NS and SOA, they should be the same name.
4392 if (ns_name != NULL && soa_name != NULL && ns_name != soa_name)
4393 return (DNS_R_FORMERR);
4396 * Do we have a referral? (We only want to follow a referral if
4397 * we're not following a chain.)
4399 if (!negative_response && ns_name != NULL && oqname == NULL) {
4401 * We already know ns_name is a subdomain of fctx->domain.
4402 * If ns_name is equal to fctx->domain, we're not making
4403 * progress. We return DNS_R_FORMERR so that we'll keep
4404 * trying other servers.
4406 if (dns_name_equal(ns_name, &fctx->domain))
4407 return (DNS_R_FORMERR);
4410 * If the referral name is not a parent of the query
4411 * name, consider the responder insane.
4413 if (! dns_name_issubdomain(&fctx->name, ns_name)) {
4414 FCTXTRACE("referral to non-parent");
4415 return (DNS_R_FORMERR);
4419 * Mark any additional data related to this rdataset.
4420 * It's important that we do this before we change the
4423 INSIST(ns_rdataset != NULL);
4424 fctx->attributes |= FCTX_ATTR_GLUING;
4425 (void)dns_rdataset_additionaldata(ns_rdataset, check_related,
4427 fctx->attributes &= ~FCTX_ATTR_GLUING;
4429 * NS rdatasets with 0 TTL cause problems.
4430 * dns_view_findzonecut() will not find them when we
4431 * try to follow the referral, and we'll SERVFAIL
4432 * because the best nameservers are now above QDOMAIN.
4433 * We force the TTL to 1 second to prevent this.
4435 if (ns_rdataset->ttl == 0)
4436 ns_rdataset->ttl = 1;
4438 * Set the current query domain to the referral name.
4440 * XXXRTH We should check if we're in forward-only mode, and
4441 * if so we should bail out.
4443 INSIST(dns_name_countlabels(&fctx->domain) > 0);
4444 dns_name_free(&fctx->domain, fctx->res->mctx);
4445 if (dns_rdataset_isassociated(&fctx->nameservers))
4446 dns_rdataset_disassociate(&fctx->nameservers);
4447 dns_name_init(&fctx->domain, NULL);
4448 result = dns_name_dup(ns_name, fctx->res->mctx, &fctx->domain);
4449 if (result != ISC_R_SUCCESS)
4451 fctx->attributes |= FCTX_ATTR_WANTCACHE;
4452 return (DNS_R_DELEGATION);
4456 * Since we're not doing a referral, we don't want to cache any
4457 * NS RRs we may have found.
4459 if (ns_name != NULL)
4460 ns_name->attributes &= ~DNS_NAMEATTR_CACHE;
4462 if (negative_response && oqname == NULL)
4463 fctx->attributes |= FCTX_ATTR_WANTNCACHE;
4465 return (ISC_R_SUCCESS);
4469 answer_response(fetchctx_t *fctx) {
4470 isc_result_t result;
4471 dns_message_t *message;
4472 dns_name_t *name, *qname, tname;
4473 dns_rdataset_t *rdataset;
4474 isc_boolean_t done, external, chaining, aa, found, want_chaining;
4475 isc_boolean_t have_answer, found_cname, found_type, wanted_chaining;
4477 dns_rdatatype_t type;
4478 dns_fixedname_t dname, fqname;
4480 FCTXTRACE("answer_response");
4482 message = fctx->rmessage;
4485 * Examine the answer section, marking those rdatasets which are
4486 * part of the answer and should be cached.
4490 found_cname = ISC_FALSE;
4491 found_type = ISC_FALSE;
4492 chaining = ISC_FALSE;
4493 have_answer = ISC_FALSE;
4494 want_chaining = ISC_FALSE;
4495 if ((message->flags & DNS_MESSAGEFLAG_AA) != 0)
4499 qname = &fctx->name;
4501 result = dns_message_firstname(message, DNS_SECTION_ANSWER);
4502 while (!done && result == ISC_R_SUCCESS) {
4504 dns_message_currentname(message, DNS_SECTION_ANSWER, &name);
4505 external = ISC_TF(!dns_name_issubdomain(name, &fctx->domain));
4506 if (dns_name_equal(name, qname)) {
4507 wanted_chaining = ISC_FALSE;
4508 for (rdataset = ISC_LIST_HEAD(name->list);
4510 rdataset = ISC_LIST_NEXT(rdataset, link)) {
4512 want_chaining = ISC_FALSE;
4514 if (rdataset->type == type && !found_cname) {
4516 * We've found an ordinary answer.
4519 found_type = ISC_TRUE;
4521 aflag = DNS_RDATASETATTR_ANSWER;
4522 } else if (type == dns_rdatatype_any) {
4524 * We've found an answer matching
4525 * an ANY query. There may be
4529 aflag = DNS_RDATASETATTR_ANSWER;
4530 } else if (rdataset->type == dns_rdatatype_rrsig
4531 && rdataset->covers == type
4534 * We've found a signature that
4535 * covers the type we're looking for.
4538 found_type = ISC_TRUE;
4539 aflag = DNS_RDATASETATTR_ANSWERSIG;
4540 } else if (rdataset->type ==
4544 * We're looking for something else,
4545 * but we found a CNAME.
4547 * Getting a CNAME response for some
4548 * query types is an error.
4550 if (type == dns_rdatatype_rrsig ||
4551 type == dns_rdatatype_dnskey ||
4552 type == dns_rdatatype_nsec)
4553 return (DNS_R_FORMERR);
4555 found_cname = ISC_TRUE;
4556 want_chaining = ISC_TRUE;
4557 aflag = DNS_RDATASETATTR_ANSWER;
4558 result = cname_target(rdataset,
4560 if (result != ISC_R_SUCCESS)
4562 } else if (rdataset->type == dns_rdatatype_rrsig
4563 && rdataset->covers ==
4567 * We're looking for something else,
4568 * but we found a SIG CNAME.
4571 found_cname = ISC_TRUE;
4572 aflag = DNS_RDATASETATTR_ANSWERSIG;
4577 * We've found an answer to our
4582 rdataset->attributes |=
4583 DNS_RDATASETATTR_CACHE;
4584 rdataset->trust = dns_trust_answer;
4587 * This data is "the" answer
4588 * to our question only if
4589 * we're not chaining (i.e.
4590 * if we haven't followed
4591 * a CNAME or DNAME).
4595 DNS_RDATASETATTR_ANSWER)
4596 have_answer = ISC_TRUE;
4598 DNS_NAMEATTR_ANSWER;
4599 rdataset->attributes |= aflag;
4602 dns_trust_authanswer;
4603 } else if (external) {
4605 * This data is outside of
4606 * our query domain, and
4607 * may only be cached if it
4608 * comes from a secure zone
4611 rdataset->attributes |=
4612 DNS_RDATASETATTR_EXTERNAL;
4616 * Mark any additional data related
4619 (void)dns_rdataset_additionaldata(
4627 if (want_chaining) {
4628 wanted_chaining = ISC_TRUE;
4630 DNS_NAMEATTR_CHAINING;
4631 rdataset->attributes |=
4632 DNS_RDATASETATTR_CHAINING;
4637 * We could add an "else" clause here and
4638 * log that we're ignoring this rdataset.
4642 * If wanted_chaining is true, we've done
4643 * some chaining as the result of processing
4644 * this node, and thus we need to set
4647 * We don't set chaining inside of the
4648 * rdataset loop because doing that would
4649 * cause us to ignore the signatures of
4652 if (wanted_chaining)
4653 chaining = ISC_TRUE;
4656 * Look for a DNAME (or its SIG). Anything else is
4659 wanted_chaining = ISC_FALSE;
4660 for (rdataset = ISC_LIST_HEAD(name->list);
4662 rdataset = ISC_LIST_NEXT(rdataset, link)) {
4663 isc_boolean_t found_dname = ISC_FALSE;
4666 if (rdataset->type == dns_rdatatype_dname) {
4668 * We're looking for something else,
4669 * but we found a DNAME.
4671 * If we're not chaining, then the
4672 * DNAME should not be external.
4674 if (!chaining && external)
4675 return (DNS_R_FORMERR);
4677 want_chaining = ISC_TRUE;
4678 aflag = DNS_RDATASETATTR_ANSWER;
4679 result = dname_target(rdataset,
4682 if (result == ISC_R_NOSPACE) {
4684 * We can't construct the
4685 * DNAME target. Do not
4688 want_chaining = ISC_FALSE;
4689 } else if (result != ISC_R_SUCCESS)
4692 found_dname = ISC_TRUE;
4693 } else if (rdataset->type == dns_rdatatype_rrsig
4694 && rdataset->covers ==
4695 dns_rdatatype_dname) {
4697 * We've found a signature that
4701 aflag = DNS_RDATASETATTR_ANSWERSIG;
4706 * We've found an answer to our
4711 rdataset->attributes |=
4712 DNS_RDATASETATTR_CACHE;
4713 rdataset->trust = dns_trust_answer;
4716 * This data is "the" answer
4717 * to our question only if
4718 * we're not chaining.
4722 DNS_RDATASETATTR_ANSWER)
4723 have_answer = ISC_TRUE;
4725 DNS_NAMEATTR_ANSWER;
4726 rdataset->attributes |= aflag;
4729 dns_trust_authanswer;
4730 } else if (external) {
4731 rdataset->attributes |=
4732 DNS_RDATASETATTR_EXTERNAL;
4740 * Copy the the dname into the
4743 * Although we check for
4744 * failure of the copy
4745 * operation, in practice it
4746 * should never fail since
4747 * we already know that the
4748 * result fits in a fixedname.
4750 dns_fixedname_init(&fqname);
4751 result = dns_name_copy(
4752 dns_fixedname_name(&dname),
4753 dns_fixedname_name(&fqname),
4755 if (result != ISC_R_SUCCESS)
4757 wanted_chaining = ISC_TRUE;
4759 DNS_NAMEATTR_CHAINING;
4760 rdataset->attributes |=
4761 DNS_RDATASETATTR_CHAINING;
4762 qname = dns_fixedname_name(
4767 if (wanted_chaining)
4768 chaining = ISC_TRUE;
4770 result = dns_message_nextname(message, DNS_SECTION_ANSWER);
4772 if (result == ISC_R_NOMORE)
4773 result = ISC_R_SUCCESS;
4774 if (result != ISC_R_SUCCESS)
4778 * We should have found an answer.
4781 return (DNS_R_FORMERR);
4784 * This response is now potentially cacheable.
4786 fctx->attributes |= FCTX_ATTR_WANTCACHE;
4789 * Did chaining end before we got the final answer?
4793 * Yes. This may be a negative reply, so hand off
4794 * authority section processing to the noanswer code.
4795 * If it isn't a noanswer response, no harm will be
4798 return (noanswer_response(fctx, qname, ISC_FALSE));
4802 * We didn't end with an incomplete chain, so the rcode should be
4805 if (message->rcode != dns_rcode_noerror)
4806 return (DNS_R_FORMERR);
4809 * Examine the authority section (if there is one).
4811 * We expect there to be only one owner name for all the rdatasets
4812 * in this section, and we expect that it is not external.
4815 result = dns_message_firstname(message, DNS_SECTION_AUTHORITY);
4816 while (!done && result == ISC_R_SUCCESS) {
4818 dns_message_currentname(message, DNS_SECTION_AUTHORITY, &name);
4819 external = ISC_TF(!dns_name_issubdomain(name, &fctx->domain));
4822 * We expect to find NS or SIG NS rdatasets, and
4825 for (rdataset = ISC_LIST_HEAD(name->list);
4827 rdataset = ISC_LIST_NEXT(rdataset, link)) {
4828 if (rdataset->type == dns_rdatatype_ns ||
4829 (rdataset->type == dns_rdatatype_rrsig &&
4830 rdataset->covers == dns_rdatatype_ns)) {
4833 rdataset->attributes |=
4834 DNS_RDATASETATTR_CACHE;
4835 if (aa && !chaining)
4837 dns_trust_authauthority;
4840 dns_trust_additional;
4843 * Mark any additional data related
4846 (void)dns_rdataset_additionaldata(
4854 result = dns_message_nextname(message, DNS_SECTION_AUTHORITY);
4856 if (result == ISC_R_NOMORE)
4857 result = ISC_R_SUCCESS;
4863 resume_dslookup(isc_task_t *task, isc_event_t *event) {
4864 dns_fetchevent_t *fevent;
4865 dns_resolver_t *res;
4867 isc_result_t result;
4868 isc_boolean_t bucket_empty = ISC_FALSE;
4869 isc_boolean_t locked = ISC_FALSE;
4870 unsigned int bucketnum;
4871 dns_rdataset_t nameservers;
4872 dns_fixedname_t fixed;
4875 REQUIRE(event->ev_type == DNS_EVENT_FETCHDONE);
4876 fevent = (dns_fetchevent_t *)event;
4877 fctx = event->ev_arg;
4878 REQUIRE(VALID_FCTX(fctx));
4882 FCTXTRACE("resume_dslookup");
4884 if (fevent->node != NULL)
4885 dns_db_detachnode(fevent->db, &fevent->node);
4886 if (fevent->db != NULL)
4887 dns_db_detach(&fevent->db);
4889 dns_rdataset_init(&nameservers);
4891 bucketnum = fctx->bucketnum;
4892 if (fevent->result == ISC_R_CANCELED) {
4893 dns_resolver_destroyfetch(&fctx->nsfetch);
4894 fctx_done(fctx, ISC_R_CANCELED);
4895 } else if (fevent->result == ISC_R_SUCCESS) {
4897 FCTXTRACE("resuming DS lookup");
4899 dns_resolver_destroyfetch(&fctx->nsfetch);
4900 if (dns_rdataset_isassociated(&fctx->nameservers))
4901 dns_rdataset_disassociate(&fctx->nameservers);
4902 dns_rdataset_clone(fevent->rdataset, &fctx->nameservers);
4903 dns_name_free(&fctx->domain, fctx->res->mctx);
4904 dns_name_init(&fctx->domain, NULL);
4905 result = dns_name_dup(&fctx->nsname, fctx->res->mctx,
4907 if (result != ISC_R_SUCCESS) {
4908 fctx_done(fctx, DNS_R_SERVFAIL);
4919 * Retrieve state from fctx->nsfetch before we destroy it.
4921 dns_fixedname_init(&fixed);
4922 domain = dns_fixedname_name(&fixed);
4923 dns_name_copy(&fctx->nsfetch->private->domain, domain, NULL);
4924 dns_rdataset_clone(&fctx->nsfetch->private->nameservers,
4926 dns_resolver_destroyfetch(&fctx->nsfetch);
4927 if (dns_name_equal(&fctx->nsname, domain)) {
4928 fctx_done(fctx, DNS_R_SERVFAIL);
4931 n = dns_name_countlabels(&fctx->nsname);
4932 dns_name_getlabelsequence(&fctx->nsname, 1, n - 1,
4935 if (dns_rdataset_isassociated(fevent->rdataset))
4936 dns_rdataset_disassociate(fevent->rdataset);
4937 FCTXTRACE("continuing to look for parent's NS records");
4938 result = dns_resolver_createfetch(fctx->res, &fctx->nsname,
4939 dns_rdatatype_ns, domain,
4940 &nameservers, NULL, 0, task,
4941 resume_dslookup, fctx,
4942 &fctx->nsrrset, NULL,
4944 if (result != ISC_R_SUCCESS)
4945 fctx_done(fctx, result);
4947 LOCK(&res->buckets[bucketnum].lock);
4954 if (dns_rdataset_isassociated(&nameservers))
4955 dns_rdataset_disassociate(&nameservers);
4956 if (dns_rdataset_isassociated(fevent->rdataset))
4957 dns_rdataset_disassociate(fevent->rdataset);
4958 INSIST(fevent->sigrdataset == NULL);
4959 isc_event_free(&event);
4961 LOCK(&res->buckets[bucketnum].lock);
4963 if (fctx->references == 0)
4964 bucket_empty = fctx_destroy(fctx);
4965 UNLOCK(&res->buckets[bucketnum].lock);
4971 checknamessection(dns_message_t *message, dns_section_t section) {
4972 isc_result_t result;
4974 dns_rdata_t rdata = DNS_RDATA_INIT;
4975 dns_rdataset_t *rdataset;
4977 for (result = dns_message_firstname(message, section);
4978 result == ISC_R_SUCCESS;
4979 result = dns_message_nextname(message, section))
4982 dns_message_currentname(message, section, &name);
4983 for (rdataset = ISC_LIST_HEAD(name->list);
4985 rdataset = ISC_LIST_NEXT(rdataset, link)) {
4986 for (result = dns_rdataset_first(rdataset);
4987 result == ISC_R_SUCCESS;
4988 result = dns_rdataset_next(rdataset)) {
4989 dns_rdataset_current(rdataset, &rdata);
4990 if (!dns_rdata_checkowner(name, rdata.rdclass,
4993 !dns_rdata_checknames(&rdata, name, NULL))
4995 rdataset->attributes |=
4996 DNS_RDATASETATTR_CHECKNAMES;
4998 dns_rdata_reset(&rdata);
5005 checknames(dns_message_t *message) {
5007 checknamessection(message, DNS_SECTION_ANSWER);
5008 checknamessection(message, DNS_SECTION_AUTHORITY);
5009 checknamessection(message, DNS_SECTION_ADDITIONAL);
5013 log_packet(dns_message_t *message, int level, isc_mem_t *mctx) {
5014 isc_buffer_t buffer;
5017 isc_result_t result;
5019 if (! isc_log_wouldlog(dns_lctx, level))
5023 * Note that these are multiline debug messages. We want a newline
5024 * to appear in the log after each message.
5028 buf = isc_mem_get(mctx, len);
5031 isc_buffer_init(&buffer, buf, len);
5032 result = dns_message_totext(message, &dns_master_style_debug,
5034 if (result == ISC_R_NOSPACE) {
5035 isc_mem_put(mctx, buf, len);
5037 } else if (result == ISC_R_SUCCESS)
5038 isc_log_write(dns_lctx, DNS_LOGCATEGORY_RESOLVER,
5039 DNS_LOGMODULE_RESOLVER, level,
5040 "received packet:\n%.*s",
5041 (int)isc_buffer_usedlength(&buffer),
5043 } while (result == ISC_R_NOSPACE);
5046 isc_mem_put(mctx, buf, len);
5050 resquery_response(isc_task_t *task, isc_event_t *event) {
5051 isc_result_t result = ISC_R_SUCCESS;
5052 resquery_t *query = event->ev_arg;
5053 dns_dispatchevent_t *devent = (dns_dispatchevent_t *)event;
5054 isc_boolean_t keep_trying, get_nameservers, resend;
5055 isc_boolean_t truncated;
5056 dns_message_t *message;
5059 dns_fixedname_t foundname;
5061 isc_time_t tnow, *finish;
5062 dns_adbaddrinfo_t *addrinfo;
5063 unsigned int options;
5064 unsigned int findoptions;
5065 isc_result_t broken_server;
5067 REQUIRE(VALID_QUERY(query));
5069 options = query->options;
5070 REQUIRE(VALID_FCTX(fctx));
5071 REQUIRE(event->ev_type == DNS_EVENT_DISPATCH);
5075 (void)isc_timer_touch(fctx->timer);
5077 keep_trying = ISC_FALSE;
5078 broken_server = ISC_R_SUCCESS;
5079 get_nameservers = ISC_FALSE;
5081 truncated = ISC_FALSE;
5084 if (fctx->res->exiting) {
5085 result = ISC_R_SHUTTINGDOWN;
5092 * XXXRTH We should really get the current time just once. We
5093 * need a routine to convert from an isc_time_t to an
5098 isc_stdtime_get(&now);
5101 * Did the dispatcher have a problem?
5103 if (devent->result != ISC_R_SUCCESS) {
5104 if (devent->result == ISC_R_EOF &&
5105 (query->options & DNS_FETCHOPT_NOEDNS0) == 0) {
5107 * The problem might be that they
5108 * don't understand EDNS0. Turn it
5109 * off and try again.
5111 options |= DNS_FETCHOPT_NOEDNS0;
5114 * Remember that they don't like EDNS0.
5116 dns_adb_changeflags(fctx->adb,
5118 DNS_FETCHOPT_NOEDNS0,
5119 DNS_FETCHOPT_NOEDNS0);
5122 * There's no hope for this query.
5124 keep_trying = ISC_TRUE;
5129 message = fctx->rmessage;
5131 if (query->tsig != NULL) {
5132 result = dns_message_setquerytsig(message, query->tsig);
5133 if (result != ISC_R_SUCCESS)
5137 if (query->tsigkey) {
5138 result = dns_message_settsigkey(message, query->tsigkey);
5139 if (result != ISC_R_SUCCESS)
5143 result = dns_message_parse(message, &devent->buffer, 0);
5144 if (result != ISC_R_SUCCESS) {
5146 case ISC_R_UNEXPECTEDEND:
5147 if (!message->question_ok ||
5148 (message->flags & DNS_MESSAGEFLAG_TC) == 0 ||
5149 (options & DNS_FETCHOPT_TCP) != 0) {
5151 * Either the message ended prematurely,
5152 * and/or wasn't marked as being truncated,
5153 * and/or this is a response to a query we
5154 * sent over TCP. In all of these cases,
5155 * something is wrong with the remote
5156 * server and we don't want to retry using
5159 if ((query->options & DNS_FETCHOPT_NOEDNS0)
5162 * The problem might be that they
5163 * don't understand EDNS0. Turn it
5164 * off and try again.
5166 options |= DNS_FETCHOPT_NOEDNS0;
5169 * Remember that they don't like EDNS0.
5171 dns_adb_changeflags(
5174 DNS_FETCHOPT_NOEDNS0,
5175 DNS_FETCHOPT_NOEDNS0);
5177 broken_server = result;
5178 keep_trying = ISC_TRUE;
5183 * We defer retrying via TCP for a bit so we can
5184 * check out this message further.
5186 truncated = ISC_TRUE;
5189 if ((query->options & DNS_FETCHOPT_NOEDNS0) == 0) {
5191 * The problem might be that they
5192 * don't understand EDNS0. Turn it
5193 * off and try again.
5195 options |= DNS_FETCHOPT_NOEDNS0;
5198 * Remember that they don't like EDNS0.
5200 dns_adb_changeflags(fctx->adb,
5202 DNS_FETCHOPT_NOEDNS0,
5203 DNS_FETCHOPT_NOEDNS0);
5205 broken_server = DNS_R_UNEXPECTEDRCODE;
5206 keep_trying = ISC_TRUE;
5211 * Something bad has happened.
5218 * Log the incoming packet.
5220 log_packet(message, ISC_LOG_DEBUG(10), fctx->res->mctx);
5223 * If the message is signed, check the signature. If not, this
5224 * returns success anyway.
5226 result = dns_message_checksig(message, fctx->res->view);
5227 if (result != ISC_R_SUCCESS)
5231 * The dispatcher should ensure we only get responses with QR set.
5233 INSIST((message->flags & DNS_MESSAGEFLAG_QR) != 0);
5235 * INSIST() that the message comes from the place we sent it to,
5236 * since the dispatch code should ensure this.
5238 * INSIST() that the message id is correct (this should also be
5239 * ensured by the dispatch code).
5244 * Deal with truncated responses by retrying using TCP.
5246 if ((message->flags & DNS_MESSAGEFLAG_TC) != 0)
5247 truncated = ISC_TRUE;
5250 if ((options & DNS_FETCHOPT_TCP) != 0) {
5251 broken_server = DNS_R_TRUNCATEDTCP;
5252 keep_trying = ISC_TRUE;
5254 options |= DNS_FETCHOPT_TCP;
5261 * Is it a query response?
5263 if (message->opcode != dns_opcode_query) {
5265 broken_server = DNS_R_UNEXPECTEDOPCODE;
5266 keep_trying = ISC_TRUE;
5271 * Is the remote server broken, or does it dislike us?
5273 if (message->rcode != dns_rcode_noerror &&
5274 message->rcode != dns_rcode_nxdomain) {
5275 if ((message->rcode == dns_rcode_formerr ||
5276 message->rcode == dns_rcode_notimp ||
5277 message->rcode == dns_rcode_servfail) &&
5278 (query->options & DNS_FETCHOPT_NOEDNS0) == 0) {
5280 * It's very likely they don't like EDNS0.
5282 * XXXRTH We should check if the question
5283 * we're asking requires EDNS0, and
5284 * if so, we should bail out.
5286 options |= DNS_FETCHOPT_NOEDNS0;
5289 * Remember that they don't like EDNS0.
5291 if (message->rcode != dns_rcode_servfail)
5292 dns_adb_changeflags(fctx->adb, query->addrinfo,
5293 DNS_FETCHOPT_NOEDNS0,
5294 DNS_FETCHOPT_NOEDNS0);
5295 } else if (message->rcode == dns_rcode_formerr) {
5296 if (ISFORWARDER(query->addrinfo)) {
5298 * This forwarder doesn't understand us,
5299 * but other forwarders might. Keep trying.
5301 broken_server = DNS_R_REMOTEFORMERR;
5302 keep_trying = ISC_TRUE;
5305 * The server doesn't understand us. Since
5306 * all servers for a zone need similar
5307 * capabilities, we assume that we will get
5308 * FORMERR from all servers, and thus we
5309 * cannot make any more progress with this
5312 result = DNS_R_FORMERR;
5314 } else if (message->rcode == dns_rcode_yxdomain) {
5316 * DNAME mapping failed because the new name
5317 * was too long. There's no chance of success
5320 result = DNS_R_YXDOMAIN;
5325 broken_server = DNS_R_UNEXPECTEDRCODE;
5326 INSIST(broken_server != ISC_R_SUCCESS);
5327 keep_trying = ISC_TRUE;
5333 * Is the question the same as the one we asked?
5335 result = same_question(fctx);
5336 if (result != ISC_R_SUCCESS) {
5338 if (result == DNS_R_FORMERR)
5339 keep_trying = ISC_TRUE;
5344 * Is the server lame?
5346 if (fctx->res->lame_ttl != 0 && !ISFORWARDER(query->addrinfo) &&
5348 log_lame(fctx, query->addrinfo);
5349 result = dns_adb_marklame(fctx->adb, query->addrinfo,
5351 now + fctx->res->lame_ttl);
5352 if (result != ISC_R_SUCCESS)
5353 isc_log_write(dns_lctx, DNS_LOGCATEGORY_RESOLVER,
5354 DNS_LOGMODULE_RESOLVER, ISC_LOG_ERROR,
5355 "could not mark server as lame: %s",
5356 isc_result_totext(result));
5357 broken_server = DNS_R_LAME;
5358 keep_trying = ISC_TRUE;
5363 * Enforce delegations only zones like NET and COM.
5365 if (!ISFORWARDER(query->addrinfo) &&
5366 dns_view_isdelegationonly(fctx->res->view, &fctx->domain) &&
5367 !dns_name_equal(&fctx->domain, &fctx->name) &&
5368 fix_mustbedelegationornxdomain(message, fctx)) {
5369 char namebuf[DNS_NAME_FORMATSIZE];
5370 char domainbuf[DNS_NAME_FORMATSIZE];
5371 char addrbuf[ISC_SOCKADDR_FORMATSIZE];
5375 dns_name_format(&fctx->name, namebuf, sizeof(namebuf));
5376 dns_name_format(&fctx->domain, domainbuf, sizeof(domainbuf));
5377 dns_rdatatype_format(fctx->type, typebuf, sizeof(typebuf));
5378 dns_rdataclass_format(fctx->res->rdclass, classbuf,
5380 isc_sockaddr_format(&query->addrinfo->sockaddr, addrbuf,
5383 isc_log_write(dns_lctx, DNS_LOGCATEGORY_DELEGATION_ONLY,
5384 DNS_LOGMODULE_RESOLVER, ISC_LOG_NOTICE,
5385 "enforced delegation-only for '%s' (%s/%s/%s) "
5387 domainbuf, namebuf, typebuf, classbuf, addrbuf);
5390 if ((fctx->res->options & DNS_RESOLVER_CHECKNAMES) != 0)
5391 checknames(message);
5396 fctx->attributes &= ~(FCTX_ATTR_WANTNCACHE | FCTX_ATTR_WANTCACHE);
5399 * Did we get any answers?
5401 if (message->counts[DNS_SECTION_ANSWER] > 0 &&
5402 (message->rcode == dns_rcode_noerror ||
5403 message->rcode == dns_rcode_nxdomain)) {
5405 * We've got answers. However, if we sent
5406 * a BIND 8 server an NS query, it may have
5407 * incorrectly responded with a non-authoritative
5408 * answer instead of a referral. Since this
5409 * answer lacks the SIGs necessary to do DNSSEC
5410 * validation, we must invoke the following special
5411 * kludge to treat it as a referral.
5413 if (fctx->type == dns_rdatatype_ns &&
5414 (message->flags & DNS_MESSAGEFLAG_AA) == 0 &&
5415 !ISFORWARDER(query->addrinfo))
5417 result = noanswer_response(fctx, NULL, ISC_TRUE);
5418 if (result != DNS_R_DELEGATION) {
5420 * The answer section must have contained
5421 * something other than the NS records
5422 * we asked for. Since AA is not set
5423 * and the server is not a forwarder,
5424 * it is technically lame and it's easier
5425 * to treat it as such than to figure out
5426 * some more elaborate course of action.
5428 broken_server = DNS_R_LAME;
5429 keep_trying = ISC_TRUE;
5432 goto force_referral;
5434 result = answer_response(fctx);
5435 if (result != ISC_R_SUCCESS) {
5436 if (result == DNS_R_FORMERR)
5437 keep_trying = ISC_TRUE;
5440 } else if (message->counts[DNS_SECTION_AUTHORITY] > 0 ||
5441 message->rcode == dns_rcode_noerror ||
5442 message->rcode == dns_rcode_nxdomain) {
5444 * NXDOMAIN, NXRDATASET, or referral.
5446 result = noanswer_response(fctx, NULL, ISC_FALSE);
5447 if (result == DNS_R_CHASEDSSERVERS) {
5448 } else if (result == DNS_R_DELEGATION) {
5451 * We don't have the answer, but we know a better
5454 get_nameservers = ISC_TRUE;
5455 keep_trying = ISC_TRUE;
5457 * We have a new set of name servers, and it
5458 * has not experienced any restarts yet.
5461 result = ISC_R_SUCCESS;
5462 } else if (result != ISC_R_SUCCESS) {
5464 * Something has gone wrong.
5466 if (result == DNS_R_FORMERR)
5467 keep_trying = ISC_TRUE;
5472 * The server is insane.
5475 broken_server = DNS_R_UNEXPECTEDRCODE;
5476 keep_trying = ISC_TRUE;
5481 * Follow additional section data chains.
5483 chase_additional(fctx);
5486 * Cache the cacheable parts of the message. This may also cause
5487 * work to be queued to the DNSSEC validator.
5489 if (WANTCACHE(fctx)) {
5490 result = cache_message(fctx, query->addrinfo, now);
5491 if (result != ISC_R_SUCCESS)
5496 * Ncache the negatively cacheable parts of the message. This may
5497 * also cause work to be queued to the DNSSEC validator.
5499 if (WANTNCACHE(fctx)) {
5500 dns_rdatatype_t covers;
5501 if (message->rcode == dns_rcode_nxdomain)
5502 covers = dns_rdatatype_any;
5504 covers = fctx->type;
5507 * Cache any negative cache entries in the message.
5509 result = ncache_message(fctx, query->addrinfo, covers, now);
5514 * Remember the query's addrinfo, in case we need to mark the
5517 addrinfo = query->addrinfo;
5522 * XXXRTH Don't cancel the query if waiting for validation?
5524 fctx_cancelquery(&query, &devent, finish, ISC_FALSE);
5527 if (result == DNS_R_FORMERR)
5528 broken_server = DNS_R_FORMERR;
5529 if (broken_server != ISC_R_SUCCESS) {
5531 * Add this server to the list of bad servers for
5534 add_bad(fctx, &addrinfo->sockaddr, broken_server);
5537 if (get_nameservers) {
5539 dns_fixedname_init(&foundname);
5540 fname = dns_fixedname_name(&foundname);
5541 if (result != ISC_R_SUCCESS) {
5542 fctx_done(fctx, DNS_R_SERVFAIL);
5546 if (dns_rdatatype_atparent(fctx->type))
5547 findoptions |= DNS_DBFIND_NOEXACT;
5548 if ((options & DNS_FETCHOPT_UNSHARED) == 0)
5551 name = &fctx->domain;
5552 result = dns_view_findzonecut(fctx->res->view,
5558 if (result != ISC_R_SUCCESS) {
5559 FCTXTRACE("couldn't find a zonecut");
5560 fctx_done(fctx, DNS_R_SERVFAIL);
5563 if (!dns_name_issubdomain(fname, &fctx->domain)) {
5565 * The best nameservers are now above our
5568 FCTXTRACE("nameservers now above QDOMAIN");
5569 fctx_done(fctx, DNS_R_SERVFAIL);
5572 dns_name_free(&fctx->domain, fctx->res->mctx);
5573 dns_name_init(&fctx->domain, NULL);
5574 result = dns_name_dup(fname, fctx->res->mctx,
5576 if (result != ISC_R_SUCCESS) {
5577 fctx_done(fctx, DNS_R_SERVFAIL);
5580 fctx_cancelqueries(fctx, ISC_TRUE);
5581 fctx_cleanupfinds(fctx);
5582 fctx_cleanupaltfinds(fctx);
5583 fctx_cleanupforwaddrs(fctx);
5584 fctx_cleanupaltaddrs(fctx);
5590 } else if (resend) {
5592 * Resend (probably with changed options).
5594 FCTXTRACE("resend");
5595 result = fctx_query(fctx, addrinfo, options);
5596 if (result != ISC_R_SUCCESS)
5597 fctx_done(fctx, result);
5598 } else if (result == ISC_R_SUCCESS && !HAVE_ANSWER(fctx)) {
5600 * All has gone well so far, but we are waiting for the
5601 * DNSSEC validator to validate the answer.
5603 FCTXTRACE("wait for validator");
5604 fctx_cancelqueries(fctx, ISC_TRUE);
5606 * We must not retransmit while the validator is working;
5607 * it has references to the current rmessage.
5609 result = fctx_stopidletimer(fctx);
5610 if (result != ISC_R_SUCCESS)
5611 fctx_done(fctx, result);
5612 } else if (result == DNS_R_CHASEDSSERVERS) {
5614 add_bad(fctx, &addrinfo->sockaddr, result);
5615 fctx_cancelqueries(fctx, ISC_TRUE);
5616 fctx_cleanupfinds(fctx);
5617 fctx_cleanupforwaddrs(fctx);
5619 n = dns_name_countlabels(&fctx->name);
5620 dns_name_getlabelsequence(&fctx->name, 1, n - 1, &fctx->nsname);
5622 FCTXTRACE("suspending DS lookup to find parent's NS records");
5624 result = dns_resolver_createfetch(fctx->res, &fctx->nsname,
5626 NULL, NULL, NULL, 0, task,
5627 resume_dslookup, fctx,
5628 &fctx->nsrrset, NULL,
5630 if (result != ISC_R_SUCCESS)
5631 fctx_done(fctx, result);
5632 LOCK(&fctx->res->buckets[fctx->bucketnum].lock);
5634 UNLOCK(&fctx->res->buckets[fctx->bucketnum].lock);
5635 result = fctx_stopidletimer(fctx);
5636 if (result != ISC_R_SUCCESS)
5637 fctx_done(fctx, result);
5642 fctx_done(fctx, result);
5648 *** Resolver Methods
5652 destroy(dns_resolver_t *res) {
5656 REQUIRE(res->references == 0);
5657 REQUIRE(!res->priming);
5658 REQUIRE(res->primefetch == NULL);
5662 INSIST(res->nfctx == 0);
5664 DESTROYLOCK(&res->primelock);
5665 DESTROYLOCK(&res->nlock);
5666 DESTROYLOCK(&res->lock);
5667 for (i = 0; i < res->nbuckets; i++) {
5668 INSIST(ISC_LIST_EMPTY(res->buckets[i].fctxs));
5669 isc_task_shutdown(res->buckets[i].task);
5670 isc_task_detach(&res->buckets[i].task);
5671 DESTROYLOCK(&res->buckets[i].lock);
5673 isc_mem_put(res->mctx, res->buckets,
5674 res->nbuckets * sizeof(fctxbucket_t));
5675 if (res->dispatchv4 != NULL)
5676 dns_dispatch_detach(&res->dispatchv4);
5677 if (res->dispatchv6 != NULL)
5678 dns_dispatch_detach(&res->dispatchv6);
5679 while ((a = ISC_LIST_HEAD(res->alternates)) != NULL) {
5680 ISC_LIST_UNLINK(res->alternates, a, link);
5682 dns_name_free(&a->_u._n.name, res->mctx);
5683 isc_mem_put(res->mctx, a, sizeof(*a));
5685 dns_resolver_reset_algorithms(res);
5686 dns_resolver_resetmustbesecure(res);
5688 isc_rwlock_destroy(&res->alglock);
5691 isc_rwlock_destroy(&res->mbslock);
5694 isc_mem_put(res->mctx, res, sizeof(*res));
5698 send_shutdown_events(dns_resolver_t *res) {
5699 isc_event_t *event, *next_event;
5703 * Caller must be holding the resolver lock.
5706 for (event = ISC_LIST_HEAD(res->whenshutdown);
5708 event = next_event) {
5709 next_event = ISC_LIST_NEXT(event, ev_link);
5710 ISC_LIST_UNLINK(res->whenshutdown, event, ev_link);
5711 etask = event->ev_sender;
5712 event->ev_sender = res;
5713 isc_task_sendanddetach(&etask, &event);
5718 empty_bucket(dns_resolver_t *res) {
5719 RTRACE("empty_bucket");
5723 INSIST(res->activebuckets > 0);
5724 res->activebuckets--;
5725 if (res->activebuckets == 0)
5726 send_shutdown_events(res);
5732 dns_resolver_create(dns_view_t *view,
5733 isc_taskmgr_t *taskmgr, unsigned int ntasks,
5734 isc_socketmgr_t *socketmgr,
5735 isc_timermgr_t *timermgr,
5736 unsigned int options,
5737 dns_dispatchmgr_t *dispatchmgr,
5738 dns_dispatch_t *dispatchv4,
5739 dns_dispatch_t *dispatchv6,
5740 dns_resolver_t **resp)
5742 dns_resolver_t *res;
5743 isc_result_t result = ISC_R_SUCCESS;
5744 unsigned int i, buckets_created = 0;
5748 * Create a resolver.
5751 REQUIRE(DNS_VIEW_VALID(view));
5752 REQUIRE(ntasks > 0);
5753 REQUIRE(resp != NULL && *resp == NULL);
5754 REQUIRE(dispatchmgr != NULL);
5755 REQUIRE(dispatchv4 != NULL || dispatchv6 != NULL);
5757 res = isc_mem_get(view->mctx, sizeof(*res));
5759 return (ISC_R_NOMEMORY);
5761 res->mctx = view->mctx;
5762 res->rdclass = view->rdclass;
5763 res->socketmgr = socketmgr;
5764 res->timermgr = timermgr;
5765 res->taskmgr = taskmgr;
5766 res->dispatchmgr = dispatchmgr;
5768 res->options = options;
5770 ISC_LIST_INIT(res->alternates);
5771 res->udpsize = RECV_BUFFER_SIZE;
5772 res->algorithms = NULL;
5773 res->mustbesecure = NULL;
5775 res->nbuckets = ntasks;
5776 res->activebuckets = ntasks;
5777 res->buckets = isc_mem_get(view->mctx,
5778 ntasks * sizeof(fctxbucket_t));
5779 if (res->buckets == NULL) {
5780 result = ISC_R_NOMEMORY;
5783 for (i = 0; i < ntasks; i++) {
5784 result = isc_mutex_init(&res->buckets[i].lock);
5785 if (result != ISC_R_SUCCESS)
5786 goto cleanup_buckets;
5787 res->buckets[i].task = NULL;
5788 result = isc_task_create(taskmgr, 0, &res->buckets[i].task);
5789 if (result != ISC_R_SUCCESS) {
5790 DESTROYLOCK(&res->buckets[i].lock);
5791 goto cleanup_buckets;
5793 snprintf(name, sizeof(name), "res%u", i);
5794 isc_task_setname(res->buckets[i].task, name, res);
5795 ISC_LIST_INIT(res->buckets[i].fctxs);
5796 res->buckets[i].exiting = ISC_FALSE;
5800 res->dispatchv4 = NULL;
5801 if (dispatchv4 != NULL)
5802 dns_dispatch_attach(dispatchv4, &res->dispatchv4);
5803 res->dispatchv6 = NULL;
5804 if (dispatchv6 != NULL)
5805 dns_dispatch_attach(dispatchv6, &res->dispatchv6);
5807 res->references = 1;
5808 res->exiting = ISC_FALSE;
5809 res->frozen = ISC_FALSE;
5810 ISC_LIST_INIT(res->whenshutdown);
5811 res->priming = ISC_FALSE;
5812 res->primefetch = NULL;
5815 result = isc_mutex_init(&res->lock);
5816 if (result != ISC_R_SUCCESS)
5817 goto cleanup_dispatches;
5819 result = isc_mutex_init(&res->nlock);
5820 if (result != ISC_R_SUCCESS)
5823 result = isc_mutex_init(&res->primelock);
5824 if (result != ISC_R_SUCCESS)
5828 result = isc_rwlock_init(&res->alglock, 0, 0);
5829 if (result != ISC_R_SUCCESS)
5830 goto cleanup_primelock;
5833 result = isc_rwlock_init(&res->mbslock, 0, 0);
5834 if (result != ISC_R_SUCCESS)
5835 goto cleanup_alglock;
5838 res->magic = RES_MAGIC;
5842 return (ISC_R_SUCCESS);
5847 isc_rwlock_destroy(&res->alglock);
5850 #if USE_ALGLOCK || USE_MBSLOCK
5852 DESTROYLOCK(&res->primelock);
5856 DESTROYLOCK(&res->nlock);
5859 DESTROYLOCK(&res->lock);
5862 if (res->dispatchv6 != NULL)
5863 dns_dispatch_detach(&res->dispatchv6);
5864 if (res->dispatchv4 != NULL)
5865 dns_dispatch_detach(&res->dispatchv4);
5868 for (i = 0; i < buckets_created; i++) {
5869 DESTROYLOCK(&res->buckets[i].lock);
5870 isc_task_shutdown(res->buckets[i].task);
5871 isc_task_detach(&res->buckets[i].task);
5873 isc_mem_put(view->mctx, res->buckets,
5874 res->nbuckets * sizeof(fctxbucket_t));
5877 isc_mem_put(view->mctx, res, sizeof(*res));
5883 prime_done(isc_task_t *task, isc_event_t *event) {
5884 dns_resolver_t *res;
5885 dns_fetchevent_t *fevent;
5888 REQUIRE(event->ev_type == DNS_EVENT_FETCHDONE);
5889 fevent = (dns_fetchevent_t *)event;
5890 res = event->ev_arg;
5891 REQUIRE(VALID_RESOLVER(res));
5897 INSIST(res->priming);
5898 res->priming = ISC_FALSE;
5899 LOCK(&res->primelock);
5900 fetch = res->primefetch;
5901 res->primefetch = NULL;
5902 UNLOCK(&res->primelock);
5906 if (fevent->node != NULL)
5907 dns_db_detachnode(fevent->db, &fevent->node);
5908 if (fevent->db != NULL)
5909 dns_db_detach(&fevent->db);
5910 if (dns_rdataset_isassociated(fevent->rdataset))
5911 dns_rdataset_disassociate(fevent->rdataset);
5912 INSIST(fevent->sigrdataset == NULL);
5914 isc_mem_put(res->mctx, fevent->rdataset, sizeof(*fevent->rdataset));
5916 isc_event_free(&event);
5917 dns_resolver_destroyfetch(&fetch);
5921 dns_resolver_prime(dns_resolver_t *res) {
5922 isc_boolean_t want_priming = ISC_FALSE;
5923 dns_rdataset_t *rdataset;
5924 isc_result_t result;
5926 REQUIRE(VALID_RESOLVER(res));
5927 REQUIRE(res->frozen);
5929 RTRACE("dns_resolver_prime");
5933 if (!res->exiting && !res->priming) {
5934 INSIST(res->primefetch == NULL);
5935 res->priming = ISC_TRUE;
5936 want_priming = ISC_TRUE;
5943 * To avoid any possible recursive locking problems, we
5944 * start the priming fetch like any other fetch, and holding
5945 * no resolver locks. No one else will try to start it
5946 * because we're the ones who set res->priming to true.
5947 * Any other callers of dns_resolver_prime() while we're
5948 * running will see that res->priming is already true and
5952 rdataset = isc_mem_get(res->mctx, sizeof(*rdataset));
5953 if (rdataset == NULL) {
5955 INSIST(res->priming);
5956 INSIST(res->primefetch == NULL);
5957 res->priming = ISC_FALSE;
5961 dns_rdataset_init(rdataset);
5962 LOCK(&res->primelock);
5963 result = dns_resolver_createfetch(res, dns_rootname,
5965 NULL, NULL, NULL, 0,
5966 res->buckets[0].task,
5968 res, rdataset, NULL,
5970 UNLOCK(&res->primelock);
5971 if (result != ISC_R_SUCCESS) {
5973 INSIST(res->priming);
5974 res->priming = ISC_FALSE;
5981 dns_resolver_freeze(dns_resolver_t *res) {
5987 REQUIRE(VALID_RESOLVER(res));
5988 REQUIRE(!res->frozen);
5990 res->frozen = ISC_TRUE;
5994 dns_resolver_attach(dns_resolver_t *source, dns_resolver_t **targetp) {
5995 REQUIRE(VALID_RESOLVER(source));
5996 REQUIRE(targetp != NULL && *targetp == NULL);
5998 RRTRACE(source, "attach");
5999 LOCK(&source->lock);
6000 REQUIRE(!source->exiting);
6002 INSIST(source->references > 0);
6003 source->references++;
6004 INSIST(source->references != 0);
6005 UNLOCK(&source->lock);
6011 dns_resolver_whenshutdown(dns_resolver_t *res, isc_task_t *task,
6012 isc_event_t **eventp)
6017 REQUIRE(VALID_RESOLVER(res));
6018 REQUIRE(eventp != NULL);
6025 if (res->exiting && res->activebuckets == 0) {
6027 * We're already shutdown. Send the event.
6029 event->ev_sender = res;
6030 isc_task_send(task, &event);
6033 isc_task_attach(task, &clone);
6034 event->ev_sender = clone;
6035 ISC_LIST_APPEND(res->whenshutdown, event, ev_link);
6042 dns_resolver_shutdown(dns_resolver_t *res) {
6047 REQUIRE(VALID_RESOLVER(res));
6053 if (!res->exiting) {
6055 res->exiting = ISC_TRUE;
6057 for (i = 0; i < res->nbuckets; i++) {
6058 LOCK(&res->buckets[i].lock);
6059 for (fctx = ISC_LIST_HEAD(res->buckets[i].fctxs);
6061 fctx = ISC_LIST_NEXT(fctx, link))
6062 fctx_shutdown(fctx);
6063 if (res->dispatchv4 != NULL) {
6064 sock = dns_dispatch_getsocket(res->dispatchv4);
6065 isc_socket_cancel(sock, res->buckets[i].task,
6066 ISC_SOCKCANCEL_ALL);
6068 if (res->dispatchv6 != NULL) {
6069 sock = dns_dispatch_getsocket(res->dispatchv6);
6070 isc_socket_cancel(sock, res->buckets[i].task,
6071 ISC_SOCKCANCEL_ALL);
6073 res->buckets[i].exiting = ISC_TRUE;
6074 if (ISC_LIST_EMPTY(res->buckets[i].fctxs)) {
6075 INSIST(res->activebuckets > 0);
6076 res->activebuckets--;
6078 UNLOCK(&res->buckets[i].lock);
6080 if (res->activebuckets == 0)
6081 send_shutdown_events(res);
6088 dns_resolver_detach(dns_resolver_t **resp) {
6089 dns_resolver_t *res;
6090 isc_boolean_t need_destroy = ISC_FALSE;
6092 REQUIRE(resp != NULL);
6094 REQUIRE(VALID_RESOLVER(res));
6100 INSIST(res->references > 0);
6102 if (res->references == 0) {
6103 INSIST(res->exiting && res->activebuckets == 0);
6104 need_destroy = ISC_TRUE;
6115 static inline isc_boolean_t
6116 fctx_match(fetchctx_t *fctx, dns_name_t *name, dns_rdatatype_t type,
6117 unsigned int options)
6119 if (fctx->type != type || fctx->options != options)
6121 return (dns_name_equal(&fctx->name, name));
6125 log_fetch(dns_name_t *name, dns_rdatatype_t type) {
6126 char namebuf[DNS_NAME_FORMATSIZE];
6127 char typebuf[DNS_RDATATYPE_FORMATSIZE];
6128 int level = ISC_LOG_DEBUG(1);
6130 if (! isc_log_wouldlog(dns_lctx, level))
6133 dns_name_format(name, namebuf, sizeof(namebuf));
6134 dns_rdatatype_format(type, typebuf, sizeof(typebuf));
6136 isc_log_write(dns_lctx, DNS_LOGCATEGORY_RESOLVER,
6137 DNS_LOGMODULE_RESOLVER, level,
6138 "createfetch: %s %s", namebuf, typebuf);
6142 dns_resolver_createfetch(dns_resolver_t *res, dns_name_t *name,
6143 dns_rdatatype_t type,
6144 dns_name_t *domain, dns_rdataset_t *nameservers,
6145 dns_forwarders_t *forwarders,
6146 unsigned int options, isc_task_t *task,
6147 isc_taskaction_t action, void *arg,
6148 dns_rdataset_t *rdataset,
6149 dns_rdataset_t *sigrdataset,
6150 dns_fetch_t **fetchp)
6153 fetchctx_t *fctx = NULL;
6154 isc_result_t result;
6155 unsigned int bucketnum;
6156 isc_boolean_t new_fctx = ISC_FALSE;
6161 REQUIRE(VALID_RESOLVER(res));
6162 REQUIRE(res->frozen);
6163 /* XXXRTH Check for meta type */
6164 if (domain != NULL) {
6165 REQUIRE(DNS_RDATASET_VALID(nameservers));
6166 REQUIRE(nameservers->type == dns_rdatatype_ns);
6168 REQUIRE(nameservers == NULL);
6169 REQUIRE(forwarders == NULL);
6170 REQUIRE(!dns_rdataset_isassociated(rdataset));
6171 REQUIRE(sigrdataset == NULL ||
6172 !dns_rdataset_isassociated(sigrdataset));
6173 REQUIRE(fetchp != NULL && *fetchp == NULL);
6175 log_fetch(name, type);
6178 * XXXRTH use a mempool?
6180 fetch = isc_mem_get(res->mctx, sizeof(*fetch));
6182 return (ISC_R_NOMEMORY);
6184 bucketnum = dns_name_hash(name, ISC_FALSE) % res->nbuckets;
6186 LOCK(&res->buckets[bucketnum].lock);
6188 if (res->buckets[bucketnum].exiting) {
6189 result = ISC_R_SHUTTINGDOWN;
6193 if ((options & DNS_FETCHOPT_UNSHARED) == 0) {
6194 for (fctx = ISC_LIST_HEAD(res->buckets[bucketnum].fctxs);
6196 fctx = ISC_LIST_NEXT(fctx, link)) {
6197 if (fctx_match(fctx, name, type, options))
6203 * If we didn't have a fetch, would attach to a done fetch, this
6204 * fetch has already cloned its results, or if the fetch has gone
6205 * "idle" (no one was interested in it), we need to start a new
6206 * fetch instead of joining with the existing one.
6209 fctx->state == fetchstate_done ||
6211 ISC_LIST_EMPTY(fctx->events)) {
6213 result = fctx_create(res, name, type, domain, nameservers,
6214 options, bucketnum, &fctx);
6215 if (result != ISC_R_SUCCESS)
6217 new_fctx = ISC_TRUE;
6220 result = fctx_join(fctx, task, action, arg,
6221 rdataset, sigrdataset, fetch);
6223 if (result == ISC_R_SUCCESS) {
6227 event = &fctx->control_event;
6228 ISC_EVENT_INIT(event, sizeof(*event), 0, NULL,
6229 DNS_EVENT_FETCHCONTROL,
6230 fctx_start, fctx, NULL,
6232 isc_task_send(res->buckets[bucketnum].task, &event);
6235 * We don't care about the result of fctx_destroy()
6236 * since we know we're not exiting.
6238 (void)fctx_destroy(fctx);
6243 UNLOCK(&res->buckets[bucketnum].lock);
6245 if (result == ISC_R_SUCCESS) {
6249 isc_mem_put(res->mctx, fetch, sizeof(*fetch));
6255 dns_resolver_cancelfetch(dns_fetch_t *fetch) {
6257 dns_resolver_t *res;
6258 dns_fetchevent_t *event, *next_event;
6261 REQUIRE(DNS_FETCH_VALID(fetch));
6262 fctx = fetch->private;
6263 REQUIRE(VALID_FCTX(fctx));
6266 FTRACE("cancelfetch");
6268 LOCK(&res->buckets[fctx->bucketnum].lock);
6271 * Find the completion event for this fetch (as opposed
6272 * to those for other fetches that have joined the same
6273 * fctx) and send it with result = ISC_R_CANCELED.
6276 if (fctx->state != fetchstate_done) {
6277 for (event = ISC_LIST_HEAD(fctx->events);
6279 event = next_event) {
6280 next_event = ISC_LIST_NEXT(event, ev_link);
6281 if (event->fetch == fetch) {
6282 ISC_LIST_UNLINK(fctx->events, event, ev_link);
6287 if (event != NULL) {
6288 etask = event->ev_sender;
6289 event->ev_sender = fctx;
6290 event->result = ISC_R_CANCELED;
6291 isc_task_sendanddetach(&etask, ISC_EVENT_PTR(&event));
6294 * The fctx continues running even if no fetches remain;
6295 * the answer is still cached.
6298 UNLOCK(&res->buckets[fctx->bucketnum].lock);
6302 dns_resolver_destroyfetch(dns_fetch_t **fetchp) {
6304 dns_resolver_t *res;
6305 dns_fetchevent_t *event, *next_event;
6307 unsigned int bucketnum;
6308 isc_boolean_t bucket_empty = ISC_FALSE;
6310 REQUIRE(fetchp != NULL);
6312 REQUIRE(DNS_FETCH_VALID(fetch));
6313 fctx = fetch->private;
6314 REQUIRE(VALID_FCTX(fctx));
6317 FTRACE("destroyfetch");
6319 bucketnum = fctx->bucketnum;
6320 LOCK(&res->buckets[bucketnum].lock);
6323 * Sanity check: the caller should have gotten its event before
6324 * trying to destroy the fetch.
6327 if (fctx->state != fetchstate_done) {
6328 for (event = ISC_LIST_HEAD(fctx->events);
6330 event = next_event) {
6331 next_event = ISC_LIST_NEXT(event, ev_link);
6332 RUNTIME_CHECK(event->fetch != fetch);
6336 INSIST(fctx->references > 0);
6338 if (fctx->references == 0) {
6340 * No one cares about the result of this fetch anymore.
6342 if (fctx->pending == 0 && ISC_LIST_EMPTY(fctx->validators) &&
6343 SHUTTINGDOWN(fctx)) {
6345 * This fctx is already shutdown; we were just
6346 * waiting for the last reference to go away.
6348 bucket_empty = fctx_destroy(fctx);
6351 * Initiate shutdown.
6353 fctx_shutdown(fctx);
6357 UNLOCK(&res->buckets[bucketnum].lock);
6359 isc_mem_put(res->mctx, fetch, sizeof(*fetch));
6367 dns_resolver_dispatchmgr(dns_resolver_t *resolver) {
6368 REQUIRE(VALID_RESOLVER(resolver));
6369 return (resolver->dispatchmgr);
6373 dns_resolver_dispatchv4(dns_resolver_t *resolver) {
6374 REQUIRE(VALID_RESOLVER(resolver));
6375 return (resolver->dispatchv4);
6379 dns_resolver_dispatchv6(dns_resolver_t *resolver) {
6380 REQUIRE(VALID_RESOLVER(resolver));
6381 return (resolver->dispatchv6);
6385 dns_resolver_socketmgr(dns_resolver_t *resolver) {
6386 REQUIRE(VALID_RESOLVER(resolver));
6387 return (resolver->socketmgr);
6391 dns_resolver_taskmgr(dns_resolver_t *resolver) {
6392 REQUIRE(VALID_RESOLVER(resolver));
6393 return (resolver->taskmgr);
6397 dns_resolver_getlamettl(dns_resolver_t *resolver) {
6398 REQUIRE(VALID_RESOLVER(resolver));
6399 return (resolver->lame_ttl);
6403 dns_resolver_setlamettl(dns_resolver_t *resolver, isc_uint32_t lame_ttl) {
6404 REQUIRE(VALID_RESOLVER(resolver));
6405 resolver->lame_ttl = lame_ttl;
6409 dns_resolver_nrunning(dns_resolver_t *resolver) {
6411 LOCK(&resolver->nlock);
6412 n = resolver->nfctx;
6413 UNLOCK(&resolver->nlock);
6418 dns_resolver_addalternate(dns_resolver_t *resolver, isc_sockaddr_t *alt,
6419 dns_name_t *name, in_port_t port) {
6421 isc_result_t result;
6423 REQUIRE(VALID_RESOLVER(resolver));
6424 REQUIRE(!resolver->frozen);
6425 REQUIRE((alt == NULL) ^ (name == NULL));
6427 a = isc_mem_get(resolver->mctx, sizeof(*a));
6429 return (ISC_R_NOMEMORY);
6431 a->isaddress = ISC_TRUE;
6434 a->isaddress = ISC_FALSE;
6435 a->_u._n.port = port;
6436 dns_name_init(&a->_u._n.name, NULL);
6437 result = dns_name_dup(name, resolver->mctx, &a->_u._n.name);
6438 if (result != ISC_R_SUCCESS) {
6439 isc_mem_put(resolver->mctx, a, sizeof(*a));
6443 ISC_LINK_INIT(a, link);
6444 ISC_LIST_APPEND(resolver->alternates, a, link);
6446 return (ISC_R_SUCCESS);
6450 dns_resolver_setudpsize(dns_resolver_t *resolver, isc_uint16_t udpsize) {
6451 REQUIRE(VALID_RESOLVER(resolver));
6452 resolver->udpsize = udpsize;
6456 dns_resolver_getudpsize(dns_resolver_t *resolver) {
6457 REQUIRE(VALID_RESOLVER(resolver));
6458 return (resolver->udpsize);
6462 free_algorithm(void *node, void *arg) {
6463 unsigned char *algorithms = node;
6464 isc_mem_t *mctx = arg;
6466 isc_mem_put(mctx, algorithms, *algorithms);
6470 dns_resolver_reset_algorithms(dns_resolver_t *resolver) {
6472 REQUIRE(VALID_RESOLVER(resolver));
6475 RWLOCK(&resolver->alglock, isc_rwlocktype_write);
6477 if (resolver->algorithms != NULL)
6478 dns_rbt_destroy(&resolver->algorithms);
6480 RWUNLOCK(&resolver->alglock, isc_rwlocktype_write);
6485 dns_resolver_disable_algorithm(dns_resolver_t *resolver, dns_name_t *name,
6488 unsigned int len, mask;
6490 unsigned char *algorithms;
6491 isc_result_t result;
6492 dns_rbtnode_t *node = NULL;
6494 REQUIRE(VALID_RESOLVER(resolver));
6496 return (ISC_R_RANGE);
6499 RWLOCK(&resolver->alglock, isc_rwlocktype_write);
6501 if (resolver->algorithms == NULL) {
6502 result = dns_rbt_create(resolver->mctx, free_algorithm,
6503 resolver->mctx, &resolver->algorithms);
6504 if (result != ISC_R_SUCCESS)
6509 mask = 1 << (alg%8);
6511 result = dns_rbt_addnode(resolver->algorithms, name, &node);
6513 if (result == ISC_R_SUCCESS || result == ISC_R_EXISTS) {
6514 algorithms = node->data;
6515 if (algorithms == NULL || len > *algorithms) {
6516 new = isc_mem_get(resolver->mctx, len);
6518 result = ISC_R_NOMEMORY;
6521 memset(new, 0, len);
6522 if (algorithms != NULL)
6523 memcpy(new, algorithms, *algorithms);
6527 if (algorithms != NULL)
6528 isc_mem_put(resolver->mctx, algorithms,
6531 algorithms[len-1] |= mask;
6533 result = ISC_R_SUCCESS;
6536 RWUNLOCK(&resolver->alglock, isc_rwlocktype_write);
6542 dns_resolver_algorithm_supported(dns_resolver_t *resolver, dns_name_t *name,
6545 unsigned int len, mask;
6546 unsigned char *algorithms;
6548 isc_result_t result;
6549 isc_boolean_t found = ISC_FALSE;
6551 REQUIRE(VALID_RESOLVER(resolver));
6554 RWLOCK(&resolver->alglock, isc_rwlocktype_read);
6556 if (resolver->algorithms == NULL)
6558 result = dns_rbt_findname(resolver->algorithms, name, 0, NULL, &data);
6559 if (result == ISC_R_SUCCESS || result == DNS_R_PARTIALMATCH) {
6561 mask = 1 << (alg%8);
6563 if (len <= *algorithms && (algorithms[len-1] & mask) != 0)
6568 RWUNLOCK(&resolver->alglock, isc_rwlocktype_read);
6572 return (dst_algorithm_supported(alg));
6576 dns_resolver_resetmustbesecure(dns_resolver_t *resolver) {
6578 REQUIRE(VALID_RESOLVER(resolver));
6581 RWLOCK(&resolver->mbslock, isc_rwlocktype_write);
6583 if (resolver->mustbesecure != NULL)
6584 dns_rbt_destroy(&resolver->mustbesecure);
6586 RWUNLOCK(&resolver->mbslock, isc_rwlocktype_write);
6590 static isc_boolean_t yes = ISC_TRUE, no = ISC_FALSE;
6593 dns_resolver_setmustbesecure(dns_resolver_t *resolver, dns_name_t *name,
6594 isc_boolean_t value)
6596 isc_result_t result;
6598 REQUIRE(VALID_RESOLVER(resolver));
6601 RWLOCK(&resolver->mbslock, isc_rwlocktype_write);
6603 if (resolver->mustbesecure == NULL) {
6604 result = dns_rbt_create(resolver->mctx, NULL, NULL,
6605 &resolver->mustbesecure);
6606 if (result != ISC_R_SUCCESS)
6609 result = dns_rbt_addname(resolver->mustbesecure, name,
6610 value ? &yes : &no);
6613 RWUNLOCK(&resolver->mbslock, isc_rwlocktype_write);
6619 dns_resolver_getmustbesecure(dns_resolver_t *resolver, dns_name_t *name) {
6621 isc_boolean_t value = ISC_FALSE;
6622 isc_result_t result;
6624 REQUIRE(VALID_RESOLVER(resolver));
6627 RWLOCK(&resolver->mbslock, isc_rwlocktype_read);
6629 if (resolver->mustbesecure == NULL)
6631 result = dns_rbt_findname(resolver->mustbesecure, name, 0, NULL, &data);
6632 if (result == ISC_R_SUCCESS || result == DNS_R_PARTIALMATCH)
6633 value = *(isc_boolean_t*)data;
6636 RWUNLOCK(&resolver->mbslock, isc_rwlocktype_read);
projects / FreeBSD / FreeBSD.git / blob