``hint-file``
-------------
- Path
+- Default: empty
-If set, the root-hints are read from this file. If unset, default root hints are used.
+If set, the root-hints are read from this file. If empty, the default built-in root hints are used.
+In some special cases, processing the root hints is not needed, for example when forwarding all queries to another recursor.
+For these special cases, it is possible to disable the processing of root hints by setting the value to ``no``.
.. _setting-ignore-unknown-settings:
// Divide by 12 to get the original 2 hour cycle if s_maxcachettl is default (1 day)
if (now.tv_sec - t_last_rootupdate > max(SyncRes::s_maxcachettl / 12, 10U)) {
int res = SyncRes::getRootNS(g_now, nullptr, 0);
- if (!res) {
+ if (res == 0) {
t_last_rootupdate = now.tv_sec;
try {
- primeRootNSZones(g_dnssecmode != DNSSECMode::Off, 0);
+ primeRootNSZones(g_dnssecmode, 0);
}
catch (const std::exception& e) {
g_log << Logger::Error << "Exception while priming the root NS zones: " << e.what() << endl;
g_log << Logger::Critical << "Priming cache failed, stopping" << endl;
return nullptr;
}
- g_log << Logger::Warning << "Done priming cache with root hints" << endl;
+ g_log << Logger::Debug << "Done priming cache with root hints" << endl;
}
t_packetCache = std::make_unique<RecursorPacketCache>();
return theArg;
}
-void primeRootNSZones(bool, unsigned int)
+void primeRootNSZones(DNSSECMode, unsigned int)
{
}
time_t now = time(nullptr);
- if (::arg()["hint-file"].empty()) {
+ const string hintfile = ::arg()["hint-file"];
+ if (hintfile == "no") {
+ g_log << Logger::Debug << "Priming root disabled by hint-file=no" << endl;
+ return true;
+ }
+ if (hintfile.empty()) {
DNSRecord arr, aaaarr, nsrr;
nsrr.d_name = g_rootdnsname;
arr.d_type = QType::A;
}
}
else {
- ZoneParserTNG zpt(::arg()["hint-file"]);
+ ZoneParserTNG zpt(hintfile);
zpt.setMaxGenerateSteps(::arg().asNum("max-generate-steps"));
zpt.setMaxIncludes(::arg().asNum("max-include-depth"));
DNSResourceRecord rr;
// servers are authoritative for root-servers.net, and some
// implementations reply not with a delegation on a root-servers.net
// DS query, but with a NODATA response (the domain is unsigned).
-void primeRootNSZones(bool dnssecmode, unsigned int depth)
+void primeRootNSZones(DNSSECMode mode, unsigned int depth)
{
struct timeval now;
gettimeofday(&now, 0);
SyncRes sr(now);
- if (dnssecmode) {
- sr.setDoDNSSEC(true);
- sr.setDNSSECValidationRequested(true);
- }
+ sr.setDoDNSSEC(mode != DNSSECMode::Off);
+ sr.setDNSSECValidationRequested(mode != DNSSECMode::Off && mode != DNSSECMode::ProcessNoValidate);
// beginResolve() can yield to another mthread that could trigger t_rootNSZones updates,
// so make a local copy
LOG(prefix<<qname<<": reprimed the root"<<endl);
/* let's prevent an infinite loop */
if (!d_updatingRootNS) {
- primeRootNSZones(g_dnssecmode != DNSSECMode::Off, depth);
+ primeRootNSZones(g_dnssecmode, depth);
getRootNS(d_now, d_asyncResolve, depth);
}
}
sr.setAsyncCallback(asyncCallback);
vector<DNSRecord> ret;
- int res=-1;
+ int res = -1;
try {
- res=sr.beginResolve(g_rootdnsname, QType::NS, 1, ret, depth + 1);
+ res = sr.beginResolve(g_rootdnsname, QType::NS, 1, ret, depth + 1);
if (g_dnssecmode != DNSSECMode::Off && g_dnssecmode != DNSSECMode::ProcessNoValidate) {
auto state = sr.getValidationState();
if (vStateIsBogus(state)) {
g_log<<Logger::Error<<"Failed to update . records, got an exception"<<endl;
}
- if(!res) {
- g_log<<Logger::Notice<<"Refreshed . records"<<endl;
+ if (res == 0) {
+ g_log<<Logger::Debug<<"Refreshed . records"<<endl;
+ }
+ else {
+ g_log<<Logger::Warning<<"Failed to update root NS records, RCODE="<<res<<endl;
}
- else
- g_log<<Logger::Warning<<"Failed to update . records, RCODE="<<res<<endl;
-
return res;
}
#include <boost/tuple/tuple_comparison.hpp>
#include "mtasker.hh"
#include "iputils.hh"
-#include "validate.hh"
+#include "validate-recursor.hh"
#include "ednssubnet.hh"
#include "filterpo.hh"
#include "negcache.hh"
uint64_t* pleaseGetPacketCacheSize();
void doCarbonDump(void*);
bool primeHints(time_t now = time(nullptr));
-void primeRootNSZones(bool, unsigned int depth);
+void primeRootNSZones(DNSSECMode, unsigned int depth);
struct WipeCacheResult
{
projects / thirdparty / pdns.git / commitdiff
