/* SPDX-License-Identifier: LGPL-2.1+ */
-/***
- This file is part of systemd.
-
- Copyright 2014 Lennart Poettering
-***/
#include "sd-messages.h"
#include "string-table.h"
#include "string-util.h"
-/* After how much time to repeat classic DNS requests */
-#define DNS_TIMEOUT_MIN_USEC (750 * USEC_PER_MSEC)
-#define DNS_TIMEOUT_MAX_USEC (SD_RESOLVED_QUERY_TIMEOUT_USEC / DNS_TRANSACTION_ATTEMPTS_MAX)
-
/* The amount of time to wait before retrying with a full feature set */
#define DNS_SERVER_FEATURE_GRACE_PERIOD_MAX_USEC (6 * USEC_PER_HOUR)
#define DNS_SERVER_FEATURE_GRACE_PERIOD_MIN_USEC (5 * USEC_PER_MINUTE)
s->linked = true;
-#if HAVE_GNUTLS
+#if ENABLE_DNS_OVER_TLS
/* Do not verify cerificate */
gnutls_certificate_allocate_credentials(&s->tls_cert_cred);
#endif
dns_stream_unref(s->stream);
-#if HAVE_GNUTLS
+#if ENABLE_DNS_OVER_TLS
if (s->tls_cert_cred)
gnutls_certificate_free_credentials(s->tls_cert_cred);
* incomplete. */
}
-void dns_server_packet_received(DnsServer *s, int protocol, DnsServerFeatureLevel level, usec_t rtt, size_t size) {
+void dns_server_packet_received(DnsServer *s, int protocol, DnsServerFeatureLevel level, size_t size) {
assert(s);
if (protocol == IPPROTO_UDP) {
this size. */
if (protocol == IPPROTO_UDP && s->received_udp_packet_max < size)
s->received_udp_packet_max = size;
-
- if (s->max_rtt < rtt) {
- s->max_rtt = rtt;
- s->resend_timeout = CLAMP(s->max_rtt * 2, DNS_TIMEOUT_MIN_USEC, DNS_TIMEOUT_MAX_USEC);
- } else if (s->resend_timeout > rtt)
- /* If we received the packet faster than the resend_timeout, bias
- * the resend_timeout back to the rtt. */
- s->resend_timeout = CLAMP((2 * s->resend_timeout + rtt) / 3, DNS_TIMEOUT_MIN_USEC, DNS_TIMEOUT_MAX_USEC);
}
-void dns_server_packet_lost(DnsServer *s, int protocol, DnsServerFeatureLevel level, usec_t usec) {
+void dns_server_packet_lost(DnsServer *s, int protocol, DnsServerFeatureLevel level) {
assert(s);
assert(s->manager);
s->n_failed_tcp++;
}
}
-
- if (s->resend_timeout > usec)
- return;
-
- s->resend_timeout = MIN(s->resend_timeout * 2, DNS_TIMEOUT_MAX_USEC);
}
void dns_server_packet_truncated(DnsServer *s, DnsServerFeatureLevel level) {
/* Determine the best feature level we care about. If DNSSEC mode is off there's no point in using anything
* better than EDNS0, hence don't even try. */
if (dns_server_get_dnssec_mode(s) != DNSSEC_NO)
- best = dns_server_get_private_dns_mode(s) == PRIVATE_DNS_NO ?
+ best = dns_server_get_dns_over_tls_mode(s) == DNS_OVER_TLS_NO ?
DNS_SERVER_FEATURE_LEVEL_LARGE :
DNS_SERVER_FEATURE_LEVEL_TLS_DO;
else
- best = dns_server_get_private_dns_mode(s) == PRIVATE_DNS_NO ?
+ best = dns_server_get_dns_over_tls_mode(s) == DNS_OVER_TLS_NO ?
DNS_SERVER_FEATURE_LEVEL_EDNS0 :
DNS_SERVER_FEATURE_LEVEL_TLS_PLAIN;
/* We tried to connect using DNS-over-TLS, and it didn't work. Downgrade to plaintext UDP
* if we don't require DNS-over-TLS */
- log_debug("Server doesn't support seem to support DNS-over-TLS, downgrading protocol...");
+ log_debug("Server doesn't support DNS-over-TLS, downgrading protocol...");
s->possible_feature_level--;
} else if (s->packet_bad_opt &&
s->possible_feature_level >= DNS_SERVER_FEATURE_LEVEL_EDNS0) {
return manager_get_dnssec_mode(s->manager);
}
-PrivateDnsMode dns_server_get_private_dns_mode(DnsServer *s) {
+DnsOverTlsMode dns_server_get_dns_over_tls_mode(DnsServer *s) {
assert(s);
if (s->link)
- return link_get_private_dns_mode(s->link);
+ return link_get_dns_over_tls_mode(s->link);
- return manager_get_private_dns_mode(s->manager);
+ return manager_get_dns_over_tls_mode(s->manager);
}
void dns_server_flush_cache(DnsServer *s) {
void dns_server_reset_features(DnsServer *s) {
assert(s);
- s->max_rtt = 0;
- s->resend_timeout = DNS_TIMEOUT_MIN_USEC;
-
s->verified_feature_level = _DNS_SERVER_FEATURE_LEVEL_INVALID;
s->possible_feature_level = DNS_SERVER_FEATURE_LEVEL_BEST;