From: TCY16 Date: Thu, 1 Sep 2022 12:10:14 +0000 (+0200) Subject: Add caching EDEs X-Git-Tag: release-1.18.0rc1~41 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=5f309d0018625747b8dd6fafff857c1607b6cf8c;p=thirdparty%2Funbound.git Add caching EDEs --- diff --git a/daemon/worker.c b/daemon/worker.c index 010c4dc0a..bbe9d07af 100644 --- a/daemon/worker.c +++ b/daemon/worker.c @@ -488,7 +488,7 @@ answer_norec_from_cache(struct worker* worker, struct query_info* qinfo, * and implement in here instead of the hardcoded EDE */ if (worker->env.cfg->ede) { EDNS_OPT_LIST_APPEND_EDE(&edns->opt_list_out, - worker->scratchpad, LDNS_EDE_DNSSEC_BOGUS, ""); + worker->scratchpad, msg->rep->reason_bogus, ""); } error_encode(repinfo->c->buffer, LDNS_RCODE_SERVFAIL, &msg->qinfo, id, flags, edns); @@ -664,7 +664,7 @@ answer_from_cache(struct worker* worker, struct query_info* qinfo, * and implement in here instead of the hardcoded EDE */ if (worker->env.cfg->ede) { EDNS_OPT_LIST_APPEND_EDE(&edns->opt_list_out, - worker->scratchpad, LDNS_EDE_DNSSEC_BOGUS, ""); + worker->scratchpad, rep->reason_bogus, ""); } error_encode(repinfo->c->buffer, LDNS_RCODE_SERVFAIL, qinfo, id, flags, edns); diff --git a/dns64/dns64.c b/dns64/dns64.c index 4b98b609e..9e3b98e58 100644 --- a/dns64/dns64.c +++ b/dns64/dns64.c @@ -841,7 +841,7 @@ dns64_adjust_a(int id, struct module_qstate* super, struct module_qstate* qstate cp = construct_reply_info_base(super->region, rep->flags, rep->qdcount, rep->ttl, rep->prefetch_ttl, rep->serve_expired_ttl, rep->an_numrrsets, rep->ns_numrrsets, rep->ar_numrrsets, - rep->rrset_count, rep->security); + rep->rrset_count, rep->security, LDNS_EDE_NONE); if(!cp) return; diff --git a/services/cache/dns.c b/services/cache/dns.c index 6bca8d85f..dafd53304 100644 --- a/services/cache/dns.c +++ b/services/cache/dns.c @@ -1064,7 +1064,6 @@ dns_cache_store(struct module_env* env, struct query_info* msgqinf, /* ttl must be relative ;i.e. 0..86400 not time(0)+86400. * the env->now is added to message and RRsets in this routine. */ /* the leeway is used to invalidate other rrsets earlier */ - if(is_referral) { /* store rrsets */ struct rrset_ref ref; diff --git a/services/rpz.c b/services/rpz.c index 77b6266fe..63869905f 100644 --- a/services/rpz.c +++ b/services/rpz.c @@ -1709,7 +1709,8 @@ rpz_synthesize_nodata(struct rpz* ATTR_UNUSED(r), struct module_qstate* ms, 0, /* ns */ 0, /* ar */ 0, /* total */ - sec_status_insecure); + sec_status_insecure, + LDNS_EDE_NONE); if(msg->rep) msg->rep->authoritative = 1; if(!rpz_add_soa(msg->rep, ms, az)) @@ -1738,7 +1739,8 @@ rpz_synthesize_nxdomain(struct rpz* r, struct module_qstate* ms, 0, /* ns */ 0, /* ar */ 0, /* total */ - sec_status_insecure); + sec_status_insecure, + LDNS_EDE_NONE); if(msg->rep) msg->rep->authoritative = 1; if(!rpz_add_soa(msg->rep, ms, az)) @@ -1768,7 +1770,8 @@ rpz_synthesize_localdata_from_rrset(struct rpz* ATTR_UNUSED(r), struct module_qs 0, /* ns */ 0, /* ar */ 1, /* total */ - sec_status_insecure); + sec_status_insecure, + LDNS_EDE_NONE); if(new_reply_info == NULL) { log_err("out of memory"); return NULL; diff --git a/util/data/msgreply.c b/util/data/msgreply.c index 1e6ee9704..59d7b957d 100644 --- a/util/data/msgreply.c +++ b/util/data/msgreply.c @@ -94,7 +94,7 @@ parse_create_qinfo(sldns_buffer* pkt, struct msg_parse* msg, struct reply_info* construct_reply_info_base(struct regional* region, uint16_t flags, size_t qd, time_t ttl, time_t prettl, time_t expttl, size_t an, size_t ns, - size_t ar, size_t total, enum sec_status sec) + size_t ar, size_t total, enum sec_status sec, sldns_ede_code reason_bogus) { struct reply_info* rep; /* rrset_count-1 because the first ref is part of the struct. */ @@ -117,7 +117,12 @@ construct_reply_info_base(struct regional* region, uint16_t flags, size_t qd, rep->ar_numrrsets = ar; rep->rrset_count = total; rep->security = sec; - rep->reason_bogus = LDNS_EDE_NONE; + /* veryify that we set the EDE to none by setting it explicitly */ + if (reason_bogus != LDNS_EDE_NONE) { + rep->reason_bogus = reason_bogus; + } else { + rep->reason_bogus = LDNS_EDE_NONE; + } rep->authoritative = 0; /* array starts after the refs */ if(region) @@ -137,7 +142,7 @@ parse_create_repinfo(struct msg_parse* msg, struct reply_info** rep, { *rep = construct_reply_info_base(region, msg->flags, msg->qdcount, 0, 0, 0, msg->an_rrsets, msg->ns_rrsets, msg->ar_rrsets, - msg->rrset_count, sec_status_unchecked); + msg->rrset_count, sec_status_unchecked, LDNS_EDE_NONE); if(!*rep) return 0; return 1; @@ -182,7 +187,7 @@ make_new_reply_info(const struct reply_info* rep, struct regional* region, new_rep = construct_reply_info_base(region, rep->flags, rep->qdcount, rep->ttl, rep->prefetch_ttl, rep->serve_expired_ttl, an_numrrsets, 0, 0, an_numrrsets, - sec_status_insecure); + sec_status_insecure, LDNS_EDE_NONE); if(!new_rep) return NULL; if(!reply_info_alloc_rrset_keys(new_rep, NULL, region)) @@ -745,7 +750,7 @@ reply_info_copy(struct reply_info* rep, struct alloc_cache* alloc, cp = construct_reply_info_base(region, rep->flags, rep->qdcount, rep->ttl, rep->prefetch_ttl, rep->serve_expired_ttl, rep->an_numrrsets, rep->ns_numrrsets, rep->ar_numrrsets, - rep->rrset_count, rep->security); + rep->rrset_count, rep->security, rep->reason_bogus); if(!cp) return NULL; /* allocate ub_key structures special or not */ diff --git a/util/data/msgreply.h b/util/data/msgreply.h index 9538adc5a..cca0d6c49 100644 --- a/util/data/msgreply.h +++ b/util/data/msgreply.h @@ -240,13 +240,15 @@ struct msgreply_entry { * @param ar: ar count * @param total: total rrset count (presumably an+ns+ar). * @param sec: security status of the reply info. + * @param: reason_bogus: the Extended DNS Error for DNSSEC bogus status * @return the reply_info base struct with the array for putting the rrsets * in. The array has been zeroed. Returns NULL on malloc failure. */ struct reply_info* construct_reply_info_base(struct regional* region, uint16_t flags, size_t qd, time_t ttl, time_t prettl, time_t expttl, size_t an, size_t ns, - size_t ar, size_t total, enum sec_status sec); + size_t ar, size_t total, enum sec_status sec, + sldns_ede_code reason_bogus); /** * Parse wire query into a queryinfo structure, return 0 on parse error.