"dump-throttlemap",
"dump-non-resolving",
"dump-saved-parent-ns-sets",
- "dump-dot-probe-map"};
+ "dump-dot-probe-map",
+ };
try {
initArguments(argc, argv);
string sockname = "pdns_recursor";
If the probe determines an IP address supports DoT, the Recursor will use DoT to contact it for subsequent queries.
The results of probes are remembered and can be viewed by the ``rec_control dump-dot-probe-map`` command.
If the maximum number of pending probes is reached, no probes will be scheduled, even if no DoT status is known for an address.
-If the result of a probe is not yet available, the Recursor will contact the authoritative server in the regular way,
-unless an authoritative server is configured to be contacted over DoT always using :ref:`setting-dot-to-auth-names`.
+If the result of a probe is not yet available, the Recursor will contact the authoritative server in the regular way, unless an authoritative server is configured to be contacted over DoT always using :ref:`setting-dot-to-auth-names`.
In that case no probe will be scheduled.
Note::
bool ex = true;
try {
log->info(Logr::Warning, "trying DoT");
- bool ok = sr.tryDoT(task.d_qname, QType(task.d_qtype), DNSName("auth"), DNSName("ns"), task.d_ip, now.tv_sec);
+ bool ok = sr.tryDoT(task.d_qname, QType(task.d_qtype), task.d_nsname, task.d_ip, now.tv_sec);
ex = false;
log->info(Logr::Warning, "done", "ok", Logging::Loggable(ok));
}
log->error(Logr::Error, "Cannot push task", "qtype unsupported");
return;
}
- pdns::ResolveTask task{qname, qtype, deadline, true, resolve, {}};
+ pdns::ResolveTask task{qname, qtype, deadline, true, resolve, {}, {}};
if (s_taskQueue.lock()->queue.push(std::move(task))) {
++s_almost_expired_tasks.pushed;
}
log->error(Logr::Error, "Cannot push task", "qtype unsupported");
return;
}
- pdns::ResolveTask task{qname, qtype, deadline, false, resolve, {}};
+ pdns::ResolveTask task{qname, qtype, deadline, false, resolve, {}, {}};
auto lock = s_taskQueue.lock();
bool inserted = lock->rateLimitSet.insert(now, task);
if (inserted) {
}
}
-bool pushTryDoTTask(const DNSName& qname, uint16_t qtype, const ComboAddress& ip, time_t deadline)
+bool pushTryDoTTask(const DNSName& qname, uint16_t qtype, const ComboAddress& ip, time_t deadline, const DNSName& nsname)
{
if (SyncRes::isUnsupported(qtype)) {
auto log = g_slog->withName("taskq")->withValues("name", Logging::Loggable(qname), "qtype", Logging::Loggable(QType(qtype).toString()));
return false;
}
- pdns::ResolveTask task{qname, qtype, deadline, false, tryDoT, ip};
+ pdns::ResolveTask task{qname, qtype, deadline, false, tryDoT, ip, nsname};
bool pushed = s_taskQueue.lock()->queue.push(std::move(task));
if (pushed) {
++s_almost_expired_tasks.pushed;
void runTaskOnce(bool logErrors);
void pushAlmostExpiredTask(const DNSName& qname, uint16_t qtype, time_t deadline);
void pushResolveTask(const DNSName& qname, uint16_t qtype, time_t now, time_t deadline);
-bool pushTryDoTTask(const DNSName& qname, uint16_t qtype, const ComboAddress& ip, time_t deadline);
+bool pushTryDoTTask(const DNSName& qname, uint16_t qtype, const ComboAddress& ip, time_t deadline, const DNSName& nsname);
void taskQueueClear();
pdns::ResolveTask taskQueuePop();
TaskFunction d_func;
// IP used by DoT probe tasks
ComboAddress d_ip;
+ // NS name used by DoT probe task
+ DNSName d_nsname;
bool operator<(const ResolveTask& a) const
{
}
-static void submitTryDotTask(ComboAddress address, const DNSName& auth, time_t now)
+static void submitTryDotTask(ComboAddress address, const DNSName& auth, const DNSName nsname, time_t now)
{
if (address.getPort() == 853) {
return;
}
}
lock->d_map.modify(it, [=] (DoTStatus& st){ st.d_ttd = now + dotFailWait; });
- bool pushed = pushTryDoTTask(auth, QType::SOA, address, std::numeric_limits<time_t>::max());
+ bool pushed = pushTryDoTTask(auth, QType::SOA, address, std::numeric_limits<time_t>::max(), nsname);
if (pushed) {
it->d_status = DoTStatus::Busy;
++lock->d_numBusy;
return false;
}
-static void updateDoTStatus(ComboAddress address, const DNSName auth, DoTStatus::Status status, time_t time, bool updateBusy = false)
+static void updateDoTStatus(ComboAddress address, DoTStatus::Status status, time_t time, bool updateBusy = false)
{
address.setPort(853);
auto lock = s_dotMap.lock();
}
}
-bool SyncRes::tryDoT(const DNSName& qname, const QType qtype, const DNSName& auth, const DNSName& nsName, ComboAddress address, time_t now)
+bool SyncRes::tryDoT(const DNSName& qname, const QType qtype, const DNSName& nsName, ComboAddress address, time_t now)
{
LWResult lwr;
bool truncated;
bool spoofed;
boost::optional<Netmask> nm;
address.setPort(853);
- bool ok = doResolveAtThisIP("", qname, qtype, lwr, nm, auth, false, false, nsName, address, true, true, truncated, spoofed);
+ // We use the fact that qname equals auth
+ bool ok = doResolveAtThisIP("", qname, qtype, lwr, nm, qname, false, false, nsName, address, true, true, truncated, spoofed);
ok = ok && lwr.d_rcode == RCode::NoError && lwr.d_records.size() > 0;
- updateDoTStatus(address, auth, ok ? DoTStatus::Good : DoTStatus::Bad, now + (ok ? dotSuccessWait : dotFailWait), true);
+ updateDoTStatus(address, ok ? DoTStatus::Good : DoTStatus::Bad, now + (ok ? dotSuccessWait : dotFailWait), true);
return ok;
}
bool forceTCP = doDoT;
if (!doDoT && s_max_busy_dot_probes > 0) {
- submitTryDotTask(*remoteIP, auth, d_now.tv_sec);
+ submitTryDotTask(*remoteIP, auth, tns->first, d_now.tv_sec);
}
if (!forceTCP) {
gotAnswer = doResolveAtThisIP(prefix, qname, qtype, lwr, ednsmask, auth, sendRDQuery, wasForwarded,
if (!gotAnswer) {
if (doDoT && s_max_busy_dot_probes > 0) {
// This is quite pessimistic...
- updateDoTStatus(*remoteIP, auth, DoTStatus::Bad, d_now.tv_sec + dotFailWait);
+ updateDoTStatus(*remoteIP, DoTStatus::Bad, d_now.tv_sec + dotFailWait);
}
continue;
}
LOG(prefix<<qname<<": Got "<<(unsigned int)lwr.d_records.size()<<" answers from "<<tns->first<<" ("<< remoteIP->toString() <<"), rcode="<<lwr.d_rcode<<" ("<<RCode::to_s(lwr.d_rcode)<<"), aa="<<lwr.d_aabit<<", in "<<lwr.d_usec/1000<<"ms"<<endl);
if (doDoT && s_max_busy_dot_probes > 0) {
- updateDoTStatus(*remoteIP, auth, DoTStatus::Good, d_now.tv_sec + dotSuccessWait);
+ updateDoTStatus(*remoteIP, DoTStatus::Good, d_now.tv_sec + dotSuccessWait);
}
/* // for you IPv6 fanatics :-)
if(remoteIP->sin4.sin_family==AF_INET6)
explicit SyncRes(const struct timeval& now);
int beginResolve(const DNSName &qname, QType qtype, QClass qclass, vector<DNSRecord>&ret, unsigned int depth = 0);
- bool tryDoT(const DNSName& qname, QType qtype, const DNSName& auth, const DNSName& nsName, ComboAddress address, time_t);
+ bool tryDoT(const DNSName& qname, QType qtype, const DNSName& nsName, ComboAddress address, time_t);
void setId(int id)
{
projects / thirdparty / pdns.git / commitdiff
