#include "ednssubnet.hh"
#include "filterpo.hh"
#include "negcache.hh"
+#include "sholder.hh"
#ifdef HAVE_CONFIG_H
#include "config.h"
#endif /* HAVE_FSTRM */
#endif
+extern GlobalStateHolder<SuffixMatchNode> g_dontThrottleNames;
+extern GlobalStateHolder<NetmaskGroup> g_dontThrottleNetmasks;
+
class RecursorLua4;
typedef map<
s_ecsScopeZero.source = scopeZeroMask;
}
+ static void clearECSStats()
+ {
+ s_ecsqueries.store(0);
+ s_ecsresponses.store(0);
+
+ for (size_t idx = 0; idx < 32; idx++) {
+ SyncRes::s_ecsResponsesBySubnetSize4[idx].store(0);
+ }
+
+ for (size_t idx = 0; idx < 128; idx++) {
+ SyncRes::s_ecsResponsesBySubnetSize6[idx].store(0);
+ }
+ }
+
explicit SyncRes(const struct timeval& now);
int beginResolve(const DNSName &qname, const QType &qtype, uint16_t qclass, vector<DNSRecord>&ret);
#endif
#ifdef HAVE_FSTRM
- void setFrameStreamServers(std::shared_ptr<std::vector<std::unique_ptr<RemoteLoggerInterface>>>& servers)
+ void setFrameStreamServers(std::shared_ptr<std::vector<std::unique_ptr<FrameStreamLogger>>>& servers)
{
d_frameStreamServers = servers;
}
static std::atomic<uint64_t> s_unreachables;
static std::atomic<uint64_t> s_ecsqueries;
static std::atomic<uint64_t> s_ecsresponses;
+ static std::map<uint8_t, std::atomic<uint64_t>> s_ecsResponsesBySubnetSize4;
+ static std::map<uint8_t, std::atomic<uint64_t>> s_ecsResponsesBySubnetSize6;
static string s_serverID;
static unsigned int s_minimumTTL;
+ static unsigned int s_minimumECSTTL;
static unsigned int s_maxqperq;
static unsigned int s_maxtotusec;
static unsigned int s_maxdepth;
static unsigned int s_packetcacheservfailttl;
static unsigned int s_serverdownmaxfails;
static unsigned int s_serverdownthrottletime;
+ static unsigned int s_ecscachelimitttl;
static uint8_t s_ecsipv4limit;
static uint8_t s_ecsipv6limit;
+ static uint8_t s_ecsipv4cachelimit;
+ static uint8_t s_ecsipv6cachelimit;
static bool s_doIPv6;
static bool s_noEDNSPing;
static bool s_noEDNS;
static EDNSSubnetOpts s_ecsScopeZero;
static LogMode s_lm;
static std::unique_ptr<NetmaskGroup> s_dontQuery;
+ const static std::unordered_set<uint16_t> s_redirectionQTypes;
struct GetBestNSAnswer
{
void getBestNSFromCache(const DNSName &qname, const QType &qtype, vector<DNSRecord>&bestns, bool* flawedNSSet, unsigned int depth, set<GetBestNSAnswer>& beenthere);
DNSName getBestNSNamesFromCache(const DNSName &qname, const QType &qtype, NsSet& nsset, bool* flawedNSSet, unsigned int depth, set<GetBestNSAnswer>&beenthere);
- inline vector<DNSName> shuffleInSpeedOrder(NsSet &nameservers, const string &prefix);
+ inline vector<std::pair<DNSName, double>> shuffleInSpeedOrder(NsSet &nameservers, const string &prefix);
inline vector<ComboAddress> shuffleForwardSpeed(const vector<ComboAddress> &rnameservers, const string &prefix, const bool wasRd);
bool moreSpecificThan(const DNSName& a, const DNSName &b) const;
vector<ComboAddress> getAddrs(const DNSName &qname, unsigned int depth, set<GetBestNSAnswer>& beenthere, bool cacheOnly);
bool nameserverIPBlockedByRPZ(const DNSFilterEngine& dfe, const ComboAddress&);
bool throttledOrBlocked(const std::string& prefix, const ComboAddress& remoteIP, const DNSName& qname, const QType& qtype, bool pierceDontQuery);
- vector<ComboAddress> retrieveAddressesForNS(const std::string& prefix, const DNSName& qname, vector<DNSName >::const_iterator& tns, const unsigned int depth, set<GetBestNSAnswer>& beenthere, const vector<DNSName >& rnameservers, NsSet& nameservers, bool& sendRDQuery, bool& pierceDontQuery, bool& flawedNSSet, bool cacheOnly);
+ vector<ComboAddress> retrieveAddressesForNS(const std::string& prefix, const DNSName& qname, vector<std::pair<DNSName, double>>::const_iterator& tns, const unsigned int depth, set<GetBestNSAnswer>& beenthere, const vector<std::pair<DNSName, double>>& rnameservers, NsSet& nameservers, bool& sendRDQuery, bool& pierceDontQuery, bool& flawedNSSet, bool cacheOnly);
void sanitizeRecords(const std::string& prefix, LWResult& lwr, const DNSName& qname, const QType& qtype, const DNSName& auth, bool wasForwarded, bool rdQuery);
- RCode::rcodes_ updateCacheFromRecords(unsigned int depth, LWResult& lwr, const DNSName& qname, const QType& qtype, const DNSName& auth, bool wasForwarded, const boost::optional<Netmask>, vState& state, bool& needWildcardProof, unsigned int& wildcardLabelsCount, bool sendRDQuery);
- bool processRecords(const std::string& prefix, const DNSName& qname, const QType& qtype, const DNSName& auth, LWResult& lwr, const bool sendRDQuery, vector<DNSRecord>& ret, set<DNSName>& nsset, DNSName& newtarget, DNSName& newauth, bool& realreferral, bool& negindic, vState& state, const bool needWildcardProof, const unsigned int wildcardLabelsCount);
+ RCode::rcodes_ updateCacheFromRecords(unsigned int depth, LWResult& lwr, const DNSName& qname, const QType& qtype, const DNSName& auth, bool wasForwarded, const boost::optional<Netmask>, vState& state, bool& needWildcardProof, bool& gatherWildcardProof, unsigned int& wildcardLabelsCount, bool sendRDQuery);
+ bool processRecords(const std::string& prefix, const DNSName& qname, const QType& qtype, const DNSName& auth, LWResult& lwr, const bool sendRDQuery, vector<DNSRecord>& ret, set<DNSName>& nsset, DNSName& newtarget, DNSName& newauth, bool& realreferral, bool& negindic, vState& state, const bool needWildcardProof, const bool gatherwildcardProof, const unsigned int wildcardLabelsCount);
bool doSpecialNamesResolve(const DNSName &qname, const QType &qtype, const uint16_t qclass, vector<DNSRecord> &ret);
shared_ptr<RecursorLua4> d_pdl;
boost::optional<Netmask> d_outgoingECSNetwork;
std::shared_ptr<std::vector<std::unique_ptr<RemoteLogger>>> d_outgoingProtobufServers{nullptr};
- std::shared_ptr<std::vector<std::unique_ptr<RemoteLoggerInterface>>> d_frameStreamServers{nullptr};
+ std::shared_ptr<std::vector<std::unique_ptr<FrameStreamLogger>>> d_frameStreamServers{nullptr};
#ifdef HAVE_PROTOBUF
boost::optional<const boost::uuids::uuid&> d_initialRequestId;
#endif
std::atomic<uint64_t> dnssecValidations; // should be the sum of all dnssecResult* stats
std::map<vState, std::atomic<uint64_t> > dnssecResults;
std::map<DNSFilterEngine::PolicyKind, std::atomic<uint64_t> > policyResults;
+ std::atomic<uint64_t> rebalancedQueries{0};
};
//! represents a running TCP/IP client session
void primeHints(void);
extern __thread struct timeval g_now;
+
+struct ThreadTimes
+{
+ uint64_t msec;
+ vector<uint64_t> times;
+ ThreadTimes& operator+=(const ThreadTimes& rhs)
+ {
+ times.push_back(rhs.msec);
+ return *this;
+ }
+};