+18 March 2016: Ralph
+ - Validate QNAME minimised NXDOMAIN responses.
+ - If QNAME minimisation is enabled, do cache lookup for QTYPE NS in
+ harden-below-nxdomain.
+
17 March 2016: Ralph
- Limit number of QNAME minimisation iterations.
if(FLAGS_GET_RCODE(iq->response->rep->flags) !=
LDNS_RCODE_NOERROR)
iq->minimisation_state = DONOT_MINIMISE_STATE;
+ /* Make subrequest to validate intermediate NXDOMAIN if
+ * harden-below-nxdomain is enabled. */
+ if(FLAGS_GET_RCODE(iq->response->rep->flags) ==
+ LDNS_RCODE_NXDOMAIN &&
+ qstate->env->cfg->harden_below_nxdomain) {
+ struct module_qstate* subq = NULL;
+ log_query_info(VERB_QUERY,
+ "schedule NXDOMAIN validation:",
+ &iq->response->qinfo);
+ if(!generate_sub_request(
+ iq->response->qinfo.qname,
+ iq->response->qinfo.qname_len,
+ iq->response->qinfo.qtype,
+ iq->response->qinfo.qclass,
+ qstate, id, iq, INIT_REQUEST_STATE,
+ FINISHED_STATE, &subq, 1)) {
+ verbose(VERB_ALGO,
+ "could not validate NXDOMAIN response");
+ }
+ }
return next_state(iq, QUERYTARGETS_STATE);
}
return final_state(iq);
dname_remove_label(&k.qname, &k.qname_len);
h = query_info_hash(&k, flags);
e = slabhash_lookup(env->msg_cache, h, &k, 0);
+ if(!e && k.qtype != LDNS_RR_TYPE_NS &&
+ env->cfg->qname_minimisation) {
+ k.qtype = LDNS_RR_TYPE_NS;
+ h = query_info_hash(&k, flags);
+ e = slabhash_lookup(env->msg_cache, h, &k, 0);
+ }
if(e) {
struct reply_info* data = (struct reply_info*)e->data;
struct dns_msg* msg;
}
lock_rw_unlock(&e->lock);
}
+ k.qtype = qtype;
}
/* fill common RR types for ANY response to avoid requery */
projects / thirdparty / unbound.git / commitdiff
