2 * Copyright (C) 2004-2012 Internet Systems Consortium, Inc. ("ISC")
3 * Copyright (C) 1999-2001, 2003 Internet Software Consortium.
5 * Permission to use, copy, modify, and/or distribute this software for any
6 * purpose with or without fee is hereby granted, provided that the above
7 * copyright notice and this permission notice appear in all copies.
9 * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
10 * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
11 * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
12 * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
13 * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
14 * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
15 * PERFORMANCE OF THIS SOFTWARE.
20 #ifndef DNS_RESOLVER_H
21 #define DNS_RESOLVER_H 1
27 /*! \file dns/resolver.h
30 * This is the BIND 9 resolver, the module responsible for resolving DNS
31 * requests by iteratively querying authoritative servers and following
32 * referrals. This is a "full resolver", not to be confused with
33 * the stub resolvers most people associate with the word "resolver".
34 * The full resolver is part of the caching name server or resolver
35 * daemon the stub resolver talks to.
38 *\li The module ensures appropriate synchronization of data structures it
39 * creates and manipulates.
42 *\li No anticipated impact.
48 *\li No anticipated impact.
51 *\li RFCs: 1034, 1035, 2181, TBS
56 #include <isc/socket.h>
58 #include <dns/types.h>
59 #include <dns/fixedname.h>
64 * A dns_fetchevent_t is sent when a 'fetch' completes. Any of 'db',
65 * 'node', 'rdataset', and 'sigrdataset' may be bound. It is the
66 * receiver's responsibility to detach before freeing the event.
68 * 'rdataset', 'sigrdataset', 'client' and 'id' are the values that were
69 * supplied when dns_resolver_createfetch() was called. They are returned
70 * to the caller so that they may be freed.
72 typedef struct dns_fetchevent {
73 ISC_EVENT_COMMON(struct dns_fetchevent);
76 dns_rdatatype_t qtype;
79 dns_rdataset_t * rdataset;
80 dns_rdataset_t * sigrdataset;
81 dns_fixedname_t foundname;
82 isc_sockaddr_t * client;
88 * Options that modify how a 'fetch' is done.
90 #define DNS_FETCHOPT_TCP 0x01 /*%< Use TCP. */
91 #define DNS_FETCHOPT_UNSHARED 0x02 /*%< See below. */
92 #define DNS_FETCHOPT_RECURSIVE 0x04 /*%< Set RD? */
93 #define DNS_FETCHOPT_NOEDNS0 0x08 /*%< Do not use EDNS. */
94 #define DNS_FETCHOPT_FORWARDONLY 0x10 /*%< Only use forwarders. */
95 #define DNS_FETCHOPT_NOVALIDATE 0x20 /*%< Disable validation. */
96 #define DNS_FETCHOPT_EDNS512 0x40 /*%< Advertise a 512 byte
98 #define DNS_FETCHOPT_WANTNSID 0x80 /*%< Request NSID */
100 #define DNS_FETCHOPT_EDNSVERSIONSET 0x00800000
101 #define DNS_FETCHOPT_EDNSVERSIONMASK 0xff000000
102 #define DNS_FETCHOPT_EDNSVERSIONSHIFT 24
105 * Upper bounds of class of query RTT (ms). Corresponds to
106 * dns_resstatscounter_queryrttX statistics counters.
108 #define DNS_RESOLVER_QRYRTTCLASS0 10
109 #define DNS_RESOLVER_QRYRTTCLASS0STR "10"
110 #define DNS_RESOLVER_QRYRTTCLASS1 100
111 #define DNS_RESOLVER_QRYRTTCLASS1STR "100"
112 #define DNS_RESOLVER_QRYRTTCLASS2 500
113 #define DNS_RESOLVER_QRYRTTCLASS2STR "500"
114 #define DNS_RESOLVER_QRYRTTCLASS3 800
115 #define DNS_RESOLVER_QRYRTTCLASS3STR "800"
116 #define DNS_RESOLVER_QRYRTTCLASS4 1600
117 #define DNS_RESOLVER_QRYRTTCLASS4STR "1600"
120 * XXXRTH Should this API be made semi-private? (I.e.
121 * _dns_resolver_create()).
124 #define DNS_RESOLVER_CHECKNAMES 0x01
125 #define DNS_RESOLVER_CHECKNAMESFAIL 0x02
128 dns_resolver_create(dns_view_t *view,
129 isc_taskmgr_t *taskmgr, unsigned int ntasks,
130 isc_socketmgr_t *socketmgr,
131 isc_timermgr_t *timermgr,
132 unsigned int options,
133 dns_dispatchmgr_t *dispatchmgr,
134 dns_dispatch_t *dispatchv4,
135 dns_dispatch_t *dispatchv6,
136 dns_resolver_t **resp);
143 *\li Generally, applications should not create a resolver directly, but
144 * should instead call dns_view_createresolver().
148 *\li 'view' is a valid view.
150 *\li 'taskmgr' is a valid task manager.
154 *\li 'socketmgr' is a valid socket manager.
156 *\li 'timermgr' is a valid timer manager.
158 *\li 'dispatchv4' is a valid dispatcher with an IPv4 UDP socket, or is NULL.
160 *\li 'dispatchv6' is a valid dispatcher with an IPv6 UDP socket, or is NULL.
162 *\li resp != NULL && *resp == NULL.
166 *\li #ISC_R_SUCCESS On success.
168 *\li Anything else Failure.
172 dns_resolver_freeze(dns_resolver_t *res);
178 *\li Certain configuration changes cannot be made after the resolver
179 * is frozen. Fetches cannot be created until the resolver is frozen.
183 *\li 'res' is a valid resolver.
187 *\li 'res' is frozen.
191 dns_resolver_prime(dns_resolver_t *res);
197 *\li Resolvers which have a forwarding policy other than dns_fwdpolicy_only
198 * need to be primed with the root nameservers, otherwise the root
199 * nameserver hints data may be used indefinitely. This function requests
200 * that the resolver start a priming fetch, if it isn't already priming.
204 *\li 'res' is a valid, frozen resolver.
209 dns_resolver_whenshutdown(dns_resolver_t *res, isc_task_t *task,
210 isc_event_t **eventp);
212 * Send '*eventp' to 'task' when 'res' has completed shutdown.
216 *\li It is not safe to detach the last reference to 'res' until
217 * shutdown is complete.
221 *\li 'res' is a valid resolver.
223 *\li 'task' is a valid task.
225 *\li *eventp is a valid event.
229 *\li *eventp == NULL.
233 dns_resolver_shutdown(dns_resolver_t *res);
235 * Start the shutdown process for 'res'.
239 *\li This call has no effect if the resolver is already shutting down.
243 *\li 'res' is a valid resolver.
247 dns_resolver_attach(dns_resolver_t *source, dns_resolver_t **targetp);
250 dns_resolver_detach(dns_resolver_t **resp);
253 dns_resolver_createfetch(dns_resolver_t *res, dns_name_t *name,
254 dns_rdatatype_t type,
255 dns_name_t *domain, dns_rdataset_t *nameservers,
256 dns_forwarders_t *forwarders,
257 unsigned int options, isc_task_t *task,
258 isc_taskaction_t action, void *arg,
259 dns_rdataset_t *rdataset,
260 dns_rdataset_t *sigrdataset,
261 dns_fetch_t **fetchp);
264 dns_resolver_createfetch2(dns_resolver_t *res, dns_name_t *name,
265 dns_rdatatype_t type,
266 dns_name_t *domain, dns_rdataset_t *nameservers,
267 dns_forwarders_t *forwarders,
268 isc_sockaddr_t *client, isc_uint16_t id,
269 unsigned int options, isc_task_t *task,
270 isc_taskaction_t action, void *arg,
271 dns_rdataset_t *rdataset,
272 dns_rdataset_t *sigrdataset,
273 dns_fetch_t **fetchp);
275 dns_resolver_createfetch3(dns_resolver_t *res, dns_name_t *name,
276 dns_rdatatype_t type,
277 dns_name_t *domain, dns_rdataset_t *nameservers,
278 dns_forwarders_t *forwarders,
279 isc_sockaddr_t *client, isc_uint16_t id,
280 unsigned int options, unsigned int depth,
281 isc_counter_t *qc, isc_task_t *task,
282 isc_taskaction_t action, void *arg,
283 dns_rdataset_t *rdataset,
284 dns_rdataset_t *sigrdataset,
285 dns_fetch_t **fetchp);
287 * Recurse to answer a question.
291 *\li This call starts a query for 'name', type 'type'.
293 *\li The 'domain' is a parent domain of 'name' for which
294 * a set of name servers 'nameservers' is known. If no
295 * such name server information is available, set
296 * 'domain' and 'nameservers' to NULL.
298 *\li 'forwarders' is unimplemented, and subject to change when
299 * we figure out how selective forwarding will work.
301 *\li When the fetch completes (successfully or otherwise), a
302 * #DNS_EVENT_FETCHDONE event with action 'action' and arg 'arg' will be
305 *\li The values of 'rdataset' and 'sigrdataset' will be returned in
306 * the FETCHDONE event.
308 *\li 'client' and 'id' are used for duplicate query detection. '*client'
309 * must remain stable until after 'action' has been called or
310 * dns_resolver_cancelfetch() is called.
314 *\li 'res' is a valid resolver that has been frozen.
316 *\li 'name' is a valid name.
318 *\li 'type' is not a meta type other than ANY.
320 *\li 'domain' is a valid name or NULL.
322 *\li 'nameservers' is a valid NS rdataset (whose owner name is 'domain')
323 * iff. 'domain' is not NULL.
325 *\li 'forwarders' is NULL.
327 *\li 'client' is a valid sockaddr or NULL.
329 *\li 'options' contains valid options.
331 *\li 'rdataset' is a valid, disassociated rdataset.
333 *\li 'sigrdataset' is NULL, or is a valid, disassociated rdataset.
335 *\li fetchp != NULL && *fetchp == NULL.
339 *\li #ISC_R_SUCCESS Success
340 *\li #DNS_R_DUPLICATE
343 *\li Many other values are possible, all of which indicate failure.
347 dns_resolver_cancelfetch(dns_fetch_t *fetch);
353 *\li If 'fetch' has not completed, post its FETCHDONE event with a
354 * result code of #ISC_R_CANCELED.
358 *\li 'fetch' is a valid fetch.
362 dns_resolver_destroyfetch(dns_fetch_t **fetchp);
368 *\li '*fetchp' is a valid fetch.
370 *\li The caller has received the FETCHDONE event (either because the
371 * fetch completed or because dns_resolver_cancelfetch() was called).
375 *\li *fetchp == NULL.
379 dns_resolver_logfetch(dns_fetch_t *fetch, isc_log_t *lctx,
380 isc_logcategory_t *category, isc_logmodule_t *module,
381 int level, isc_boolean_t duplicateok);
383 * Dump a log message on internal state at the completion of given 'fetch'.
384 * 'lctx', 'category', 'module', and 'level' are used to write the log message.
385 * By default, only one log message is written even if the corresponding fetch
386 * context serves multiple clients; if 'duplicateok' is true the suppression
387 * is disabled and the message can be written every time this function is
392 *\li 'fetch' is a valid fetch, and has completed.
396 dns_resolver_dispatchmgr(dns_resolver_t *resolver);
399 dns_resolver_dispatchv4(dns_resolver_t *resolver);
402 dns_resolver_dispatchv6(dns_resolver_t *resolver);
405 dns_resolver_socketmgr(dns_resolver_t *resolver);
408 dns_resolver_taskmgr(dns_resolver_t *resolver);
411 dns_resolver_getlamettl(dns_resolver_t *resolver);
413 * Get the resolver's lame-ttl. zero => no lame processing.
416 *\li 'resolver' to be valid.
420 dns_resolver_setlamettl(dns_resolver_t *resolver, isc_uint32_t lame_ttl);
422 * Set the resolver's lame-ttl. zero => no lame processing.
425 *\li 'resolver' to be valid.
429 dns_resolver_nrunning(dns_resolver_t *resolver);
431 * Return the number of currently running resolutions in this
432 * resolver. This is may be less than the number of outstanding
433 * fetches due to multiple identical fetches, or more than the
434 * number of of outstanding fetches due to the fact that resolution
435 * can continue even though a fetch has been canceled.
439 dns_resolver_addalternate(dns_resolver_t *resolver, isc_sockaddr_t *alt,
440 dns_name_t *name, in_port_t port);
442 * Add alternate addresses to be tried in the event that the nameservers
443 * for a zone are not available in the address families supported by the
447 * \li only one of 'name' or 'alt' to be valid.
451 dns_resolver_setudpsize(dns_resolver_t *resolver, isc_uint16_t udpsize);
453 * Set the EDNS UDP buffer size advertised by the server.
457 dns_resolver_getudpsize(dns_resolver_t *resolver);
459 * Get the current EDNS UDP buffer size.
463 dns_resolver_reset_algorithms(dns_resolver_t *resolver);
465 * Clear the disabled DNSSEC algorithms.
469 dns_resolver_disable_algorithm(dns_resolver_t *resolver, dns_name_t *name,
472 * Mark the give DNSSEC algorithm as disabled and below 'name'.
473 * Valid algorithms are less than 256.
482 dns_resolver_algorithm_supported(dns_resolver_t *resolver, dns_name_t *name,
485 * Check if the given algorithm is supported by this resolver.
486 * This checks if the algorithm has been disabled via
487 * dns_resolver_disable_algorithm() then the underlying
488 * crypto libraries if not specifically disabled.
492 dns_resolver_digest_supported(dns_resolver_t *resolver, unsigned int digest_type);
494 * Is this digest type supported.
498 dns_resolver_resetmustbesecure(dns_resolver_t *resolver);
501 dns_resolver_setmustbesecure(dns_resolver_t *resolver, dns_name_t *name,
502 isc_boolean_t value);
505 dns_resolver_getmustbesecure(dns_resolver_t *resolver, dns_name_t *name);
509 dns_resolver_settimeout(dns_resolver_t *resolver, unsigned int seconds);
511 * Set the length of time the resolver will work on a query, in seconds.
513 * If timeout is 0, the default timeout will be applied.
516 * \li resolver to be valid.
520 dns_resolver_gettimeout(dns_resolver_t *resolver);
522 * Get the current length of time the resolver will work on a query, in seconds.
525 * \li resolver to be valid.
529 dns_resolver_setclientsperquery(dns_resolver_t *resolver,
530 isc_uint32_t min, isc_uint32_t max);
533 dns_resolver_getclientsperquery(dns_resolver_t *resolver, isc_uint32_t *cur,
534 isc_uint32_t *min, isc_uint32_t *max);
537 dns_resolver_getzeronosoattl(dns_resolver_t *resolver);
540 dns_resolver_setzeronosoattl(dns_resolver_t *resolver, isc_boolean_t state);
543 dns_resolver_getoptions(dns_resolver_t *resolver);
546 dns_resolver_addbadcache(dns_resolver_t *resolver, dns_name_t *name,
547 dns_rdatatype_t type, isc_time_t *expire);
549 * Add a entry to the bad cache for <name,type> that will expire at 'expire'.
552 * \li resolver to be valid.
553 * \li name to be valid.
557 dns_resolver_getbadcache(dns_resolver_t *resolver, dns_name_t *name,
558 dns_rdatatype_t type, isc_time_t *now);
560 * Check to see if there is a unexpired entry in the bad cache for
564 * \li resolver to be valid.
565 * \li name to be valid.
569 dns_resolver_flushbadcache(dns_resolver_t *resolver, dns_name_t *name);
571 * Flush the bad cache of all entries at 'name' if 'name' is non NULL.
572 * Flush the entire bad cache if 'name' is NULL.
575 * \li resolver to be valid.
579 dns_resolver_printbadcache(dns_resolver_t *resolver, FILE *fp);
581 * Print out the contents of the bad cache to 'fp'.
584 * \li resolver to be valid.
588 dns_resolver_setmaxdepth(dns_resolver_t *resolver, unsigned int maxdepth);
590 dns_resolver_getmaxdepth(dns_resolver_t *resolver);
592 * Get and set how many NS indirections will be followed when looking for
593 * nameserver addresses.
596 * \li resolver to be valid.
600 dns_resolver_setmaxqueries(dns_resolver_t *resolver, unsigned int queries);
602 dns_resolver_getmaxqueries(dns_resolver_t *resolver);
604 * Get and set how many iterative queries will be allowed before
605 * terminating a recursive query.
608 * \li resolver to be valid.
613 #endif /* DNS_RESOLVER_H */