{
};
-static bool tcpconnect(const ComboAddress& remote, const std::optional<ComboAddress> localBind, TCPOutConnectionManager::Connection& connection, bool& dnsOverTLS, const std::string& nsName)
+static bool tcpconnect(const OptLog& log, const ComboAddress& remote, const std::optional<ComboAddress> localBind, TCPOutConnectionManager::Connection& connection, bool& dnsOverTLS, const std::string& nsName)
{
dnsOverTLS = SyncRes::s_dot_to_port_853 && remote.getPort() == 853;
setTCPNoDelay(s.getHandle());
ComboAddress localip = localBind ? *localBind : pdns::getQueryLocalAddress(remote.sin4.sin_family, 0);
if (localBind) {
- cerr << "Connecting TCP to " << remote.toString() << " with specific local address " << localip.toString() << endl;
+ VLOG(log, "Connecting TCP to " << remote.toString() << " with specific local address " << localip.toString() << endl);
}
else {
- cerr << "Connecting TCP to " << remote.toString() << " with no specific local address" << endl;
+ VLOG(log, "Connecting TCP to " << remote.toString() << " with no specific local address" << endl);
}
try {
Never throws!
*/
// NOLINTNEXTLINE(readability-function-cognitive-complexity): https://github.com/PowerDNS/pdns/issues/12791
-static LWResult::Result asyncresolve(const ComboAddress& address, const DNSName& domain, int type, bool doTCP, bool sendRDQuery, int EDNS0Level, struct timeval* now, boost::optional<Netmask>& srcmask, const ResolveContext& context, const std::shared_ptr<std::vector<std::unique_ptr<RemoteLogger>>>& outgoingLoggers, [[maybe_unused]] const std::shared_ptr<std::vector<std::unique_ptr<FrameStreamLogger>>>& fstrmLoggers, const std::set<uint16_t>& exportTypes, LWResult* lwr, bool* chained, TCPOutConnectionManager::Connection& connection)
+static LWResult::Result asyncresolve(const OptLog& log, const ComboAddress& address, const DNSName& domain, int type, bool doTCP, bool sendRDQuery, int EDNS0Level, struct timeval* now, boost::optional<Netmask>& srcmask, const ResolveContext& context, const std::shared_ptr<std::vector<std::unique_ptr<RemoteLogger>>>& outgoingLoggers, [[maybe_unused]] const std::shared_ptr<std::vector<std::unique_ptr<FrameStreamLogger>>>& fstrmLoggers, const std::set<uint16_t>& exportTypes, LWResult* lwr, bool* chained, TCPOutConnectionManager::Connection& connection)
{
size_t len;
size_t bufsize = g_outgoingEDNSBufsize;
addressToBindTo = found->d_localaddress;
opts.emplace_back(EDNSOptionCode::COOKIE, cookieSentOut->makeOptString());
found->d_lastupdate = now->tv_sec;
- cerr << "Sending stored cookie info to " << address.toString() << ": " << found->d_cookie.toDisplayString() << endl;
+ VLOG(log, "Sending stored cookie info to " << address.toString() << ": " << found->d_cookie.toDisplayString() << endl);
break;
case CookieEntry::Support::Unknown:
assert(0);
case CookieEntry::Support::Unsupported:
- cerr << "This server does not support cookies" << endl;
+ VLOG(log, "Server << " << address.toString() << " does not support cookies" << endl);
break;
}
}
entry.setSupport(CookieEntry::Support::Probing);
lock->emplace(entry);
opts.emplace_back(EDNSOptionCode::COOKIE, cookieSentOut->makeOptString());
- cerr << "We're sending new client cookie info from to " << address.toString() << ": " << entry.d_cookie.toDisplayString() << endl;
+ VLOG(log, "Sending new client cookie info to " << address.toString() << ": " << entry.d_cookie.toDisplayString() << endl);
}
}
// peer has closed it on error, so we retry. At some point we
// *will* get a new connection, so this loop is not endless.
isNew = true; // tcpconnect() might throw for new connections. In that case, we want to break the loop, scanbuild complains here, which is a false positive afaik
- isNew = tcpconnect(address, addressToBindTo, connection, dnsOverTLS, nsName);
+ isNew = tcpconnect(log, address, addressToBindTo, connection, dnsOverTLS, nsName);
ret = tcpsendrecv(address, connection, localip, vpacket, len, buf);
#ifdef HAVE_FSTRM
if (fstrmQEnabled) {
EDNSCookiesOpt received;
if (received.makeFromString(opt.second)) {
cookieFoundInReply = true;
- cerr << "Received cookie info back from " << address.toString() << ": " << received.toDisplayString() << endl;
+ VLOG(log, "Received cookie info back from " << address.toString() << ": " << received.toDisplayString() << endl);
auto lock = s_cookiestore.lock();
auto found = lock->find(address);
if (found != lock->end()) {
if (received.getClient() == cookieSentOut->getClient()) {
- cerr << "Client cookie matched! Storing with localAddress " << localip.toString() << endl;
+ VLOG(log, "Client cookie matched! Storing with localAddress " << localip.toString() << endl);
found->d_localaddress = localip;
found->d_cookie = received;
found->d_lastupdate = now->tv_sec;
uint16_t ercode = (edo.d_extRCode << 4) | lwr->d_rcode;
if (ercode == ERCode::BADCOOKIE) {
lwr->d_validpacket = true;
+ VLOG(log, "Server: " << localip.toString() << " returned BADCOOKIE " << endl);
return LWResult::Result::BadCookie; // proper use of BacCookie, we did update he entry
}
}
else {
if (!doTCP) {
// Server responded with a wrong client cookie, fall back to TCP
- cerr << "Wrong cookie" << endl;
+ VLOG(log, "Server responded with wrong client cookie, fall back to TCP" << endl);
lwr->d_validpacket = true;
return LWResult::Result::Spoofed;
}
}
else {
// We receivd cookie (we might have sent one out) but it's not in the table?
- cerr << "Cookie not found back"<< endl;
+ VLOG(log, "Cookie not found back in table" << endl);
lwr->d_rcode = RCode::FormErr;
lwr->d_validpacket = false;
return LWResult::Result::Success; // success - oddly enough
}
}
else {
- cerr << "Malformed cookie in reply" << endl;
+ VLOG(log, "Malformed cookie in reply" << endl);
// Do something special if we get malformed repeatedly? And or consider current status: Supported
lwr->d_rcode = RCode::FormErr;
lwr->d_validpacket = false;
// Case: we sent out a cookie but did not get one back
if (cookieSentOut && !cookieFoundInReply && !*chained) {
- cerr << "No cookie in reply"<< endl;
auto lock = s_cookiestore.lock();
auto found = lock->find(address);
if (found != lock->end()) {
case CookieEntry::Support::Unknown:
assert(0);
case CookieEntry::Support::Probing:
- cerr << "Was probing, setting support to Unsupported" << endl;
+ VLOG(log, "No cookie in repy, was probing, setting support to Unsupported" << endl);
found->setSupport(CookieEntry::Support::Unsupported);
break;
case CookieEntry::Support::Unsupported:
+ // We could have detected the server does not support cookies in the meantime
break;
case CookieEntry::Support::Supported:
lwr->d_validpacket = true;
return LWResult::Result::PermanentError;
}
-LWResult::Result asyncresolve(const ComboAddress& address, const DNSName& domain, int type, bool doTCP, bool sendRDQuery, int EDNS0Level, struct timeval* now, boost::optional<Netmask>& srcmask, const ResolveContext& context, const std::shared_ptr<std::vector<std::unique_ptr<RemoteLogger>>>& outgoingLoggers, const std::shared_ptr<std::vector<std::unique_ptr<FrameStreamLogger>>>& fstrmLoggers, const std::set<uint16_t>& exportTypes, LWResult* lwr, bool* chained)
+LWResult::Result asyncresolve(const OptLog& log, const ComboAddress& address, const DNSName& domain, int type, bool doTCP, bool sendRDQuery, int EDNS0Level, struct timeval* now, boost::optional<Netmask>& srcmask, const ResolveContext& context, const std::shared_ptr<std::vector<std::unique_ptr<RemoteLogger>>>& outgoingLoggers, const std::shared_ptr<std::vector<std::unique_ptr<FrameStreamLogger>>>& fstrmLoggers, const std::set<uint16_t>& exportTypes, LWResult* lwr, bool* chained)
{
TCPOutConnectionManager::Connection connection;
- auto ret = asyncresolve(address, domain, type, doTCP, sendRDQuery, EDNS0Level, now, srcmask, context, outgoingLoggers, fstrmLoggers, exportTypes, lwr, chained, connection);
+ auto ret = asyncresolve(log, address, domain, type, doTCP, sendRDQuery, EDNS0Level, now, srcmask, context, outgoingLoggers, fstrmLoggers, exportTypes, lwr, chained, connection);
if (doTCP) {
if (connection.d_handler && lwr->d_validpacket) {
For now this means we can't be clever, but will turn off DNSSEC if you reply with FormError or gibberish.
*/
-LWResult::Result SyncRes::asyncresolveWrapper(const ComboAddress& address, bool ednsMANDATORY, const DNSName& domain, [[maybe_unused]] const DNSName& auth, int type, bool doTCP, bool sendRDQuery, struct timeval* now, boost::optional<Netmask>& srcmask, LWResult* res, bool* chained, const DNSName& nsName) const
+LWResult::Result SyncRes::asyncresolveWrapper(const OptLog& log, const ComboAddress& address, bool ednsMANDATORY, const DNSName& domain, [[maybe_unused]] const DNSName& auth, int type, bool doTCP, bool sendRDQuery, struct timeval* now, boost::optional<Netmask>& srcmask, LWResult* res, bool* chained, const DNSName& nsName) const
{
/* what is your QUEST?
the goal is to get as many remotes as possible on the best level of EDNS support
ret = d_asyncResolve(address, sendQname, type, doTCP, sendRDQuery, EDNSLevel, now, srcmask, ctx, res, chained);
}
else {
- ret = asyncresolve(address, sendQname, type, doTCP, sendRDQuery, EDNSLevel, now, srcmask, ctx, d_outgoingProtobufServers, d_frameStreamServers, luaconfsLocal->outgoingProtobufExportConfig.exportTypes, res, chained);
+ ret = asyncresolve(log, address, sendQname, type, doTCP, sendRDQuery, EDNSLevel, now, srcmask, ctx, d_outgoingProtobufServers, d_frameStreamServers, luaconfsLocal->outgoingProtobufExportConfig.exportTypes, res, chained);
}
if (ret == LWResult::Result::PermanentError || LWResult::isLimitError(ret) || ret == LWResult::Result::Spoofed) {
}
auto match = d_eventTrace.add(RecEventTrace::AuthRequest, qname.toLogString() + '/' + qtype.toString(), true, 0);
updateQueryCounts(prefix, qname, remoteIP, doTCP, doDoT);
- cerr << "doTCP " << doTCP << endl;
- resolveret = asyncresolveWrapper(remoteIP, d_doDNSSEC, qname, auth, qtype.getCode(),
+ resolveret = asyncresolveWrapper(LogObject(prefix), remoteIP, d_doDNSSEC, qname, auth, qtype.getCode(),
doTCP, sendRDQuery, &d_now, ednsmask, &lwr, &chained, nsName); // <- we go out on the wire!
d_eventTrace.add(RecEventTrace::AuthRequest, static_cast<int64_t>(lwr.d_rcode), false, match);
ednsStats(ednsmask, qname, prefix);
gotAnswer = doResolveAtThisIP(prefix, qname, qtype, lwr, ednsmask, auth, sendRDQuery, wasForwarded,
tns->first, *remoteIP, false, false, truncated, spoofed, context.extendedError);
}
- if (spoofed) cerr << "Got spoofed! " << spoofed << endl;
+ if (spoofed) {
+ LOG(prefix << qname << ": potentially spoofed, retrying over TCP" << endl);
+ }
if (forceTCP || (spoofed || (gotAnswer && truncated))) {
/* retry, over TCP this time */
gotAnswer = doResolveAtThisIP(prefix, qname, qtype, lwr, ednsmask, auth, sendRDQuery, wasForwarded,
projects / thirdparty / pdns.git / commitdiff
