::arg().set("rng", "Specify random number generator to use. Valid values are auto,sodium,openssl,getrandom,arc4random,urandom.")="auto";
::arg().set("public-suffix-list-file", "Path to the Public Suffix List file, if any")="";
::arg().set("distribution-load-factor", "The load factor used when PowerDNS is distributing queries to worker threads")="0.0";
- ::arg().setSwitch("qname-minimization", "Use Query Name Minimization")="no";
+
+ ::arg().setSwitch("qname-minimization", "Use Query Name Minimization")="yes";
::arg().setSwitch("nothing-below-nxdomain", "When an NXDOMAIN exists in cache for a name with fewer labels than the qname, send NXDOMAIN without doing a lookup (see RFC 8020)")="dnssec";
::arg().set("max-generate-steps", "Maximum number of $GENERATE steps when loading a zone from a file")="0";
.. versionadded:: 4.3.0
- Boolean
-- Default: no
+- Default: yes
Enable Query Name Minimization. This is a experimental feature, implementing a relaxed form of Query Name Mimimization as
described in :rfc:`7816`.
::arg().set("version-string", "string reported on version.pdns or version.bind")="PowerDNS Unit Tests";
::arg().set("rng")="auto";
::arg().set("entropy-source")="/dev/urandom";
- ::arg().setSwitch("qname-minimization", "Use Query Name Minimization") = "no";
+ ::arg().setSwitch("qname-minimization", "Use Query Name Minimization") = "yes";
}
void initSR(std::unique_ptr<SyncRes>& sr, bool dnssec, bool debug, time_t fakeNow)
return doOOBResolve(iter->second, qname, qtype, ret, res);
}
+bool SyncRes::isForwardOrAuth(const DNSName &qname) const {
+ DNSName authname(qname);
+ domainmap_t::const_iterator iter = getBestAuthZone(&authname);
+ return iter != t_sstorage.domainmap->end();
+}
+
uint64_t SyncRes::doEDNSDump(int fd)
{
auto fp = std::unique_ptr<FILE, int(*)(FILE*)>(fdopen(dup(fd), "w"), fclose);
int SyncRes::doResolve(const DNSName &qname, const QType &qtype, vector<DNSRecord>&ret, unsigned int depth, set<GetBestNSAnswer>& beenthere, vState& state) {
- if (!getQNameMinimization()) {
+ if (!getQNameMinimization() || isForwardOrAuth(qname)) {
return doResolveNoQNameMinimization(qname, qtype, ret, depth, beenthere, state);
}
int doResolveNoQNameMinimization(const DNSName &qname, const QType &qtype, vector<DNSRecord>&ret, unsigned int depth, set<GetBestNSAnswer>& beenthere, vState& state, bool* fromCache = NULL, StopAtDelegation* stopAtDelegation = NULL);
bool doOOBResolve(const AuthDomain& domain, const DNSName &qname, const QType &qtype, vector<DNSRecord>&ret, int& res);
bool doOOBResolve(const DNSName &qname, const QType &qtype, vector<DNSRecord>&ret, unsigned int depth, int &res);
+ bool isForwardOrAuth(const DNSName &qname) const;
domainmap_t::const_iterator getBestAuthZone(DNSName* qname) const;
bool doCNAMECacheCheck(const DNSName &qname, const QType &qtype, vector<DNSRecord>&ret, unsigned int depth, int &res, vState& state, bool wasAuthZone, bool wasForwardRecurse);
bool doCacheCheck(const DNSName &qname, const DNSName& authname, bool wasForwardedOrAuthZone, bool wasAuthZone, bool wasForwardRecurse, const QType &qtype, vector<DNSRecord>&ret, unsigned int depth, int &res, vState& state);
_qnameSuffix = '.edns-tests.example.'
_config_template = """
+qname-minimization=no
forward-zones=edns-tests.example=%s.22
udp-truncation-threshold=%d
edns-outgoing-bufsize=%d
_qnameSuffix = '.edns-tests.example.'
_config_template = """
+qname-minimization=no
forward-zones=edns-tests.example=%s.22
udp-truncation-threshold=%d
edns-outgoing-bufsize=%d
_qnameSuffix = '.edns-tests.example.'
_config_template = """
+qname-minimization=no
forward-zones=edns-tests.example=%s.22
udp-truncation-threshold=%d
edns-outgoing-bufsize=%d
self.assertEquals(msg.id, query.id)
self.assertTrue(msg.HasField('inBytes'))
if normalQueryResponse:
- # compare inBytes with length of query/response
+ # compare inBytes with length off query/response
# Note that for responses, the size we received might differ
# because dnspython might compress labels differently from
# the recursor
if length is not None:
self.assertEquals(msg.inBytes, length)
else:
- # compare inBytes with length of query/response
+ # compare inBytes with length off query/response
self.assertEquals(msg.inBytes, len(query.to_wire()))
def checkProtobufQuery(self, msg, protocol, query, qclass, qtype, qname, initiator='127.0.0.1'):
_confdir = 'OutgoingProtobufDefault'
_config_template = """
-auth-zones=example=configs/%s/example.zone""" % _confdir
+ # Switch of QName Minimization, it generates much more protobuf messages
+ # (or make the test much more smart!)
+ qname-minimization=no
+ auth-zones=example=configs/%s/example.zone""" % _confdir
_lua_config_file = """
outgoingProtobufServer({"127.0.0.1:%d", "127.0.0.1:%d"})
""" % (protobufServersParameters[0].port, protobufServersParameters[1].port)
_confdir = 'OutgoingProtobufNoQueries'
_config_template = """
-auth-zones=example=configs/%s/example.zone""" % _confdir
+ # Switch of QName Minimization, it generates much more protobuf messages
+ # (or make the test much more smart!)
+ qname-minimization=no
+ auth-zones=example=configs/%s/example.zone""" % _confdir
_lua_config_file = """
outgoingProtobufServer({"127.0.0.1:%d", "127.0.0.1:%d"}, { logQueries=false, logResponses=true })
""" % (protobufServersParameters[0].port, protobufServersParameters[1].port)
_config_template = """
root-nx-trust=no
+qname-minimization=no
webserver=yes
webserver-port=%d
webserver-address=127.0.0.1
end
function prequery ( dnspacket )
qname, qtype = dnspacket:getQuestion()
- if (string.sub(tostring(qname), -21) == ".1.ghost.example.net." and posix.stat('drop-1')) or
- (string.sub(tostring(qname), -21) == ".2.ghost.example.net." and posix.stat('drop-2'))
+ if (string.sub(tostring(qname), -20) == "1.ghost.example.net." and posix.stat('drop-1')) or
+ (string.sub(tostring(qname), -20) == "2.ghost.example.net." and posix.stat('drop-2'))
then
dnspacket:setRcode(pdns.NXDOMAIN)
ret = {}
function prequery ( dnspacket )
i = i + 1
qname, qtype = dnspacket:getQuestion()
- if qtype == pdns.A and string.sub(tostring(qname), -25) == ".www.1.ghost.example.net."
+ if qtype == pdns.A and string.sub(tostring(qname), -24) == "www.1.ghost.example.net."
then
dnspacket:setRcode(pdns.NOERROR)
ret = {}