From: Vladimír Čunát Date: Thu, 21 Aug 2025 12:26:09 +0000 (+0200) Subject: fallback: allow to disable in views: X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=bdaaf20061e5c7987c7f33b6fd031956c5fcc1bc;p=thirdparty%2Fknot-resolver.git fallback: allow to disable in views: Including config and docs for this. --- diff --git a/daemon/lua/kres-gen-33.lua b/daemon/lua/kres-gen-33.lua index 6a5482884..bae7c9f6e 100644 --- a/daemon/lua/kres-gen-33.lua +++ b/daemon/lua/kres-gen-33.lua @@ -142,6 +142,7 @@ struct kr_qflags { _Bool PKT_IS_SANE : 1; _Bool DNS64_DISABLE : 1; _Bool PASSTHRU_LEGACY : 1; + _Bool FALLBACK_DISABLE : 1; }; typedef struct ranked_rr_array_entry { uint32_t qry_uid; diff --git a/doc/user/config-views.rst b/doc/user/config-views.rst index f8de1fe2a..b9e46c51d 100644 --- a/doc/user/config-views.rst +++ b/doc/user/config-views.rst @@ -92,10 +92,15 @@ Actions .. option:: minimize: true|false Send minimum amount of information in recursive queries to enhance privacy. + Enabled by default. .. option:: dns64: true|false - Enable/disable DNS64. + Disable DNS64 if enabled globally. + + .. option:: fallback: true|false + + Disable fallback on resolution failure, if enabled globally. .. option:: price-factor: diff --git a/lib/rplan.h b/lib/rplan.h index 16dffd2d4..779d6d250 100644 --- a/lib/rplan.h +++ b/lib/rplan.h @@ -59,6 +59,7 @@ struct kr_qflags { * some basic aspects of the packet are OK, e.g. QNAME. */ bool DNS64_DISABLE : 1; /**< Don't do any DNS64 stuff (meant for view:addr). */ bool PASSTHRU_LEGACY : 1;/**< Ignore local-data overrides/blocks for this kr_request. */ + bool FALLBACK_DISABLE : 1;/**< Don't attempt fallback. Meant for views. */ }; /** Combine flags together. This means set union for simple flags. */ diff --git a/modules/fallback/fallback.lua b/modules/fallback/fallback.lua index 5d445ba93..09112862d 100644 --- a/modules/fallback/fallback.lua +++ b/modules/fallback/fallback.lua @@ -33,11 +33,12 @@ M.layer.produce = function (state, req, pkt) if not M.data_src or state == kres.FAIL or state == kres.DONE then return state end local qry = req:current() + if qry.flags.FALLBACK_DISABLE then return state end + -- Don't do anything for priming, prefetching, etc. -- TODO: not all cases detected ATM. if qry.flags.NO_CACHE then return state end - -- FIXME: also check the source of traffic local now = ffi.C.kr_now() local deadline = qry.creation_time_mono + M.timeout if now > deadline or qry.flags.NO_NS_FOUND then diff --git a/python/knot_resolver/datamodel/templates/macros/view_macros.lua.j2 b/python/knot_resolver/datamodel/templates/macros/view_macros.lua.j2 index 2f1a79646..c727eb2be 100644 --- a/python/knot_resolver/datamodel/templates/macros/view_macros.lua.j2 +++ b/python/knot_resolver/datamodel/templates/macros/view_macros.lua.j2 @@ -12,6 +12,9 @@ {% if not options.dns64 -%} "DNS64_DISABLE", {%- endif %} +{% if not options.fallback -%} +"FALLBACK_DISABLE", +{%- endif %} {%- endmacro %} {% macro view_answer(answer) -%} diff --git a/python/knot_resolver/datamodel/view_schema.py b/python/knot_resolver/datamodel/view_schema.py index 6d94b02af..fc9de6c74 100644 --- a/python/knot_resolver/datamodel/view_schema.py +++ b/python/knot_resolver/datamodel/view_schema.py @@ -12,11 +12,13 @@ class ViewOptionsSchema(ConfigSchema): minimize: Send minimum amount of information in recursive queries to enhance privacy. dns64: Enable/disable DNS64. price_factor: Multiplies rate-limiting and defer prices of operations, use 0 to whitelist. + fallback: Enable/disable fallback on resolution failure. """ minimize: bool = True dns64: bool = True price_factor: FloatNonNegative = FloatNonNegative(1.0) + fallback: bool = True class ViewSchema(ConfigSchema):