From: Wouter Wijngaards Date: Thu, 11 Jun 2009 10:52:28 +0000 (+0000) Subject: And review fixup recommit. X-Git-Tag: release-1.3.1~60 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=add0079981215f9f419f12347b199e6e13c82e34;p=thirdparty%2Funbound.git And review fixup recommit. git-svn-id: file:///svn/unbound/trunk@1647 be551aaa-1e26-0410-a405-d3ace91eadb9 --- diff --git a/doc/Changelog b/doc/Changelog index 9d035be03..4ce11741b 100644 --- a/doc/Changelog +++ b/doc/Changelog @@ -3,6 +3,7 @@ before chrooting. This makes permissions on remote-control key files easier to set up. Fixes bug #251. - flush_type and flush_name remove msg cache entries. + - codereview - dp copy bogus setting fix. 8 June 2009: Wouter - Removed RFC5011 REVOKE flag support. Partial 5011 support may cause diff --git a/doc/TODO b/doc/TODO index ef9cc4615..733f8f555 100644 --- a/doc/TODO +++ b/doc/TODO @@ -62,6 +62,33 @@ o infra and lame cache: easier size config (in Mb), show usage in graphs. - check where queries go - otherwise reduce TTL on NS. - also make DS NSEC bogus. Also DS msg cache entry. - check BIT_DS in DS NSEC and do not take from cache if set. +- mark bogus under stringent conditions + - if DS at parent and validly signed. Then DNSKEY must exist. + - Also for trust anchor points themselves. DNSKEY must exist. + - so if then DNSKEY keyprime fails + - then it is not simply a server that only answers qtype A. + - then parent is agreeing (somewhat) with the DS record + - but it could still be a lame domain, these exist + The objective is to keep tries for genuinely lame domains to a + minimum, while detecting forgeries quickly. exponential backoff. + - for unbound we can check if we got something to verify while + building that chain of trust. If so - not lame, agressive retry. + - but security-lame zones also exist and should not pose + too high a burden. Exponential backoff again. + (fe. badly signed or dnskey reply too large fails). + - the delegation NS for the domain is bogus. + The referral retried, with exponential backoff. + This exponential backoff should go towards values which are close + to the TTLs that are used now (on lame delegations for example). + so that the extra traffic is manageable. + - for unbound, reset the TTL on the NS rrset. Let it timeout. + Set NS rrset bogus - no more queries to the domain are done. + Also set DNSKEY and DS (rrset, NSEC, msg) bogus and ttl like that. + (to the same absolute value, so a clean retry is done). + TTL of NS is (rounddown) timeout in seconds. + Until the NS times out and referral is done again. + Make sure multiple validations for chains of trust do not result + in a flood of queries or backoff too quickly. - bogus exponential backoff cache. hash(name,t,c), size(1M, 5%). TTL of 24h. Backoff from 200msec to 24h. x2 on bogus(18 tries), x8 backoff on lameness(6 tries), diff --git a/iterator/iter_delegpt.c b/iterator/iter_delegpt.c index 13bcdad47..c5bc66385 100644 --- a/iterator/iter_delegpt.c +++ b/iterator/iter_delegpt.c @@ -68,6 +68,7 @@ struct delegpt* delegpt_copy(struct delegpt* dp, struct regional* region) return NULL; if(!delegpt_set_name(copy, region, dp->name)) return NULL; + copy->bogus = dp->bogus; for(ns = dp->nslist; ns; ns = ns->next) { if(!delegpt_add_ns(copy, region, ns->name)) return NULL;