]>
Commit | Line | Data |
---|---|---|
86c152f2 BH |
1 | /* |
2 | PowerDNS Versatile Database Driven Nameserver | |
30b13ef7 | 3 | Copyright (C) 2003 - 2014 PowerDNS.COM BV |
86c152f2 BH |
4 | |
5 | This program is free software; you can redistribute it and/or modify | |
36c5ee42 BH |
6 | it under the terms of the GNU General Public License version 2 as published |
7 | by the Free Software Foundation | |
86c152f2 | 8 | |
f782fe38 MH |
9 | Additionally, the license of this program contains a special |
10 | exception which allows to distribute the program in binary form when | |
11 | it is linked against OpenSSL. | |
12 | ||
86c152f2 BH |
13 | This program is distributed in the hope that it will be useful, |
14 | but WITHOUT ANY WARRANTY; without even the implied warranty of | |
15 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | |
16 | GNU General Public License for more details. | |
17 | ||
18 | You should have received a copy of the GNU General Public License | |
19 | along with this program; if not, write to the Free Software | |
06bd9ccf | 20 | Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA |
86c152f2 | 21 | */ |
caa6eefa | 22 | |
c9f52071 | 23 | #include <boost/algorithm/string.hpp> |
21f0f88b | 24 | #include <boost/foreach.hpp> |
caa6eefa | 25 | #include "utility.hh" |
288f4aa9 | 26 | #include "syncres.hh" |
86c152f2 BH |
27 | #include <iostream> |
28 | #include <map> | |
29 | #include <algorithm> | |
afbe2787 | 30 | #include <set> |
86c152f2 BH |
31 | #include <cerrno> |
32 | #include <cstdio> | |
33 | #include <cstdlib> | |
86c152f2 | 34 | #include <utility> |
3de83124 | 35 | #include <deque> |
c836dc19 | 36 | #include "logger.hh" |
20177d1d | 37 | #include "misc.hh" |
86c152f2 BH |
38 | #include "arguments.hh" |
39 | #include "lwres.hh" | |
eefd15f9 | 40 | #include "recursor_cache.hh" |
ea634573 | 41 | #include "dnsparser.hh" |
51e2144e | 42 | #include "dns_random.hh" |
bb4bdbaf | 43 | #include "lock.hh" |
c2567ad1 | 44 | #include "cachecleaner.hh" |
eefd15f9 | 45 | |
ac0e821b | 46 | __thread SyncRes::StaticStorage* t_sstorage; |
bb4bdbaf | 47 | |
a9af3782 | 48 | unsigned int SyncRes::s_maxnegttl; |
c3e753c7 | 49 | unsigned int SyncRes::s_maxcachettl; |
1051f8a9 BH |
50 | unsigned int SyncRes::s_packetcachettl; |
51 | unsigned int SyncRes::s_packetcacheservfailttl; | |
628e2c7b PA |
52 | unsigned int SyncRes::s_serverdownmaxfails; |
53 | unsigned int SyncRes::s_serverdownthrottletime; | |
75ba907b | 54 | uint64_t SyncRes::s_queries; |
55 | uint64_t SyncRes::s_outgoingtimeouts; | |
56 | uint64_t SyncRes::s_outqueries; | |
57 | uint64_t SyncRes::s_tcpoutqueries; | |
58 | uint64_t SyncRes::s_throttledqueries; | |
59 | uint64_t SyncRes::s_dontqueries; | |
60 | uint64_t SyncRes::s_nodelegated; | |
61 | uint64_t SyncRes::s_unreachables; | |
aadceba8 | 62 | unsigned int SyncRes::s_minimumTTL; |
996c89cc | 63 | bool SyncRes::s_doIPv6; |
1051f8a9 | 64 | bool SyncRes::s_nopacketcache; |
173d790e | 65 | unsigned int SyncRes::s_maxqperq; |
a9af3782 | 66 | string SyncRes::s_serverID; |
77499b05 | 67 | SyncRes::LogMode SyncRes::s_lm; |
c836dc19 | 68 | |
77499b05 | 69 | #define LOG(x) if(d_lm == Log) { L <<Logger::Warning << x; } else if(d_lm == Store) { d_trace << x; } |
728485ca | 70 | |
840c10ec | 71 | bool SyncRes::s_noEDNSPing; |
4bfae16d | 72 | bool SyncRes::s_noEDNS; |
3de83124 | 73 | |
ac0e821b | 74 | SyncRes::SyncRes(const struct timeval& now) : d_outqueries(0), d_tcpoutqueries(0), d_throttledqueries(0), d_timeouts(0), d_unreachables(0), |
232f0877 CH |
75 | d_now(now), |
76 | d_cacheonly(false), d_nocache(false), d_doEDNS0(false), d_lm(s_lm) | |
77 | ||
ac0e821b BH |
78 | { |
79 | if(!t_sstorage) { | |
80 | t_sstorage = new StaticStorage(); | |
81 | } | |
82 | } | |
83 | ||
728485ca | 84 | /** everything begins here - this is the entry point just after receiving a packet */ |
a9af3782 | 85 | int SyncRes::beginResolve(const string &qname, const QType &qtype, uint16_t qclass, vector<DNSResourceRecord>&ret) |
728485ca | 86 | { |
c836dc19 | 87 | s_queries++; |
693dbe65 BH |
88 | |
89 | if( (qtype.getCode() == QType::AXFR)) | |
90 | return -1; | |
91 | ||
ec6480f3 BH |
92 | if( (qtype.getCode()==QType::PTR && pdns_iequals(qname, "1.0.0.127.in-addr.arpa.")) || |
93 | (qtype.getCode()==QType::A && qname.length()==10 && pdns_iequals(qname, "localhost."))) { | |
31ad43ab BH |
94 | ret.clear(); |
95 | DNSResourceRecord rr; | |
96 | rr.qname=qname; | |
97 | rr.qtype=qtype; | |
703761cc | 98 | rr.qclass=QClass::IN; |
31ad43ab BH |
99 | rr.ttl=86400; |
100 | if(qtype.getCode()==QType::PTR) | |
101 | rr.content="localhost."; | |
102 | else | |
103 | rr.content="127.0.0.1"; | |
104 | ret.push_back(rr); | |
105 | return 0; | |
106 | } | |
107 | ||
703761cc | 108 | if(qclass==QClass::CHAOS && qtype.getCode()==QType::TXT && |
ec6480f3 | 109 | (pdns_iequals(qname, "version.bind.") || pdns_iequals(qname, "id.server.") || pdns_iequals(qname, "version.pdns.") ) |
a9af3782 BH |
110 | ) { |
111 | ret.clear(); | |
112 | DNSResourceRecord rr; | |
113 | rr.qname=qname; | |
114 | rr.qtype=qtype; | |
115 | rr.qclass=qclass; | |
116 | rr.ttl=86400; | |
ec6480f3 | 117 | if(pdns_iequals(qname,"version.bind.") || pdns_iequals(qname,"version.pdns.")) |
a9af3782 BH |
118 | rr.content="\""+::arg()["version-string"]+"\""; |
119 | else | |
120 | rr.content="\""+s_serverID+"\""; | |
121 | ret.push_back(rr); | |
122 | return 0; | |
123 | } | |
9a97cc5c | 124 | |
703761cc KM |
125 | if(qclass==QClass::ANY) |
126 | qclass=QClass::IN; | |
127 | else if(qclass!=QClass::IN) | |
9a97cc5c BH |
128 | return -1; |
129 | ||
31ad43ab | 130 | set<GetBestNSAnswer> beenthere; |
809fe23f | 131 | int res=doResolve(qname, qtype, ret, 0, beenthere); |
728485ca BH |
132 | return res; |
133 | } | |
afbe2787 | 134 | |
ab5c053d | 135 | //! This is the 'out of band resolver', in other words, the authoritative server |
e93c956b BH |
136 | bool SyncRes::doOOBResolve(const string &qname, const QType &qtype, vector<DNSResourceRecord>&ret, int depth, int& res) |
137 | { | |
5605c067 | 138 | string prefix; |
77499b05 | 139 | if(doLog()) { |
5605c067 BH |
140 | prefix=d_prefix; |
141 | prefix.append(depth, ' '); | |
142 | } | |
143 | ||
77499b05 | 144 | LOG(prefix<<qname<<": checking auth storage for '"<<qname<<"|"<<qtype.getName()<<"'"<<endl); |
5605c067 BH |
145 | string authdomain(qname); |
146 | ||
147 | domainmap_t::const_iterator iter=getBestAuthZone(&authdomain); | |
49a699c4 | 148 | if(iter==t_sstorage->domainmap->end()) { |
77499b05 | 149 | LOG(prefix<<qname<<": auth storage has no zone for this query!"<<endl); |
5605c067 BH |
150 | return false; |
151 | } | |
77499b05 | 152 | LOG(prefix<<qname<<": auth storage has data, zone='"<<authdomain<<"'"<<endl); |
5605c067 BH |
153 | pair<AuthDomain::records_t::const_iterator, AuthDomain::records_t::const_iterator> range; |
154 | ||
155 | range=iter->second.d_records.equal_range(tie(qname)); // partial lookup | |
7bddb139 | 156 | |
5605c067 BH |
157 | ret.clear(); |
158 | AuthDomain::records_t::const_iterator ziter; | |
9e9844e2 | 159 | bool somedata=false; |
5605c067 | 160 | for(ziter=range.first; ziter!=range.second; ++ziter) { |
9e9844e2 | 161 | somedata=true; |
9bc8c14c | 162 | if(qtype.getCode()==QType::ANY || ziter->qtype==qtype || ziter->qtype.getCode()==QType::CNAME) // let rest of nameserver do the legwork on this one |
5605c067 BH |
163 | ret.push_back(*ziter); |
164 | } | |
9bc8c14c | 165 | if(!ret.empty()) { |
77499b05 | 166 | LOG(prefix<<qname<<": exact match in zone '"<<authdomain<<"'"<<endl); |
9bc8c14c BH |
167 | res=0; |
168 | return true; | |
5605c067 | 169 | } |
9e9844e2 | 170 | if(somedata) { |
77499b05 | 171 | LOG(prefix<<qname<<": found record in '"<<authdomain<<"', but nothing of the right type, sending SOA"<<endl); |
41ea0e50 | 172 | ziter=iter->second.d_records.find(boost::make_tuple(authdomain, QType(QType::SOA))); |
9e9844e2 BH |
173 | if(ziter!=iter->second.d_records.end()) { |
174 | DNSResourceRecord rr=*ziter; | |
175 | rr.d_place=DNSResourceRecord::AUTHORITY; | |
176 | ret.push_back(rr); | |
177 | } | |
178 | else | |
77499b05 | 179 | LOG(prefix<<qname<<": can't find SOA record '"<<authdomain<<"' in our zone!"<<endl); |
9e9844e2 BH |
180 | res=RCode::NoError; |
181 | return true; | |
182 | } | |
5605c067 | 183 | |
77499b05 | 184 | LOG(prefix<<qname<<": nothing found so far in '"<<authdomain<<"', trying wildcards"<<endl); |
0d1e259a BH |
185 | string wcarddomain(qname); |
186 | while(!pdns_iequals(wcarddomain, iter->first) && chopOffDotted(wcarddomain)) { | |
77499b05 | 187 | LOG(prefix<<qname<<": trying '*."+wcarddomain+"' in "<<authdomain<<endl); |
41ea0e50 | 188 | range=iter->second.d_records.equal_range(boost::make_tuple("*."+wcarddomain)); |
0d1e259a BH |
189 | if(range.first==range.second) |
190 | continue; | |
191 | ||
192 | for(ziter=range.first; ziter!=range.second; ++ziter) { | |
193 | DNSResourceRecord rr=*ziter; | |
194 | if(rr.qtype == qtype || qtype.getCode() == QType::ANY) { | |
195 | rr.qname = qname; | |
196 | rr.d_place=DNSResourceRecord::ANSWER; | |
197 | ret.push_back(rr); | |
198 | } | |
199 | } | |
77499b05 | 200 | LOG(prefix<<qname<<": in '"<<authdomain<<"', had wildcard match on '*."+wcarddomain+"'"<<endl); |
0d1e259a BH |
201 | res=RCode::NoError; |
202 | return true; | |
203 | } | |
204 | ||
5605c067 BH |
205 | string nsdomain(qname); |
206 | ||
ec6480f3 | 207 | while(chopOffDotted(nsdomain) && !pdns_iequals(nsdomain, iter->first)) { |
41ea0e50 | 208 | range=iter->second.d_records.equal_range(boost::make_tuple(nsdomain,QType(QType::NS))); |
5605c067 BH |
209 | if(range.first==range.second) |
210 | continue; | |
211 | ||
212 | for(ziter=range.first; ziter!=range.second; ++ziter) { | |
213 | DNSResourceRecord rr=*ziter; | |
214 | rr.d_place=DNSResourceRecord::AUTHORITY; | |
215 | ret.push_back(rr); | |
216 | } | |
217 | } | |
7bddb139 | 218 | if(ret.empty()) { |
77499b05 | 219 | LOG(prefix<<qname<<": no NS match in zone '"<<authdomain<<"' either, handing out SOA"<<endl); |
41ea0e50 | 220 | ziter=iter->second.d_records.find(boost::make_tuple(authdomain, QType(QType::SOA))); |
5605c067 BH |
221 | if(ziter!=iter->second.d_records.end()) { |
222 | DNSResourceRecord rr=*ziter; | |
223 | rr.d_place=DNSResourceRecord::AUTHORITY; | |
224 | ret.push_back(rr); | |
225 | } | |
226 | else | |
77499b05 | 227 | LOG(prefix<<qname<<": can't find SOA record '"<<authdomain<<"' in our zone!"<<endl); |
5605c067 BH |
228 | res=RCode::NXDomain; |
229 | } | |
230 | else | |
231 | res=0; | |
232 | ||
9e9844e2 | 233 | return true; |
e93c956b BH |
234 | } |
235 | ||
ff1872cf BH |
236 | void SyncRes::doEDNSDumpAndClose(int fd) |
237 | { | |
238 | FILE* fp=fdopen(fd, "w"); | |
239 | fprintf(fp,"IP Address\tMode\tMode last updated at\n"); | |
bb4bdbaf | 240 | |
49a699c4 | 241 | for(ednsstatus_t::const_iterator iter = t_sstorage->ednsstatus.begin(); iter != t_sstorage->ednsstatus.end(); ++iter) { |
ff1872cf BH |
242 | fprintf(fp, "%s\t%d\t%s", iter->first.toString().c_str(), (int)iter->second.mode, ctime(&iter->second.modeSetAt)); |
243 | } | |
bb4bdbaf | 244 | |
ff1872cf BH |
245 | fclose(fp); |
246 | } | |
247 | ||
c1d73d94 | 248 | int SyncRes::asyncresolveWrapper(const ComboAddress& ip, const string& domain, int type, bool doTCP, bool sendRDQuery, struct timeval* now, LWResult* res) |
81883dcc BH |
249 | { |
250 | /* what is your QUEST? | |
251 | the goal is to get as many remotes as possible on the highest level of hipness: EDNS PING responders. | |
252 | The levels are: | |
253 | ||
254 | -1) CONFIRMEDPINGER: Confirmed pinger! | |
255 | 0) UNKNOWN Unknown state | |
256 | 1) EDNSNOPING: Honors EDNS0 if no PING is included | |
257 | 2) EDNSPINGOK: Ignores EDNS0+PING, but does generate EDNS0 response | |
258 | 3) EDNSIGNORANT: Ignores EDNS0+PING, gives replies without EDNS0 nor PING | |
259 | 4) NOEDNS: Generates FORMERR on EDNS queries | |
260 | ||
261 | Everybody starts out assumed to be '0'. | |
262 | If '-1', send out EDNS0+Ping | |
263 | If we get a FormErr, ignore | |
4957a608 BH |
264 | If we get a incorrect PING, ignore |
265 | If we get no PING, ignore | |
81883dcc BH |
266 | If '0', send out EDNS0+Ping |
267 | If we get a pure EDNS response, you are downgraded to '2'. | |
268 | If you FORMERR us, go to '1', | |
269 | If no EDNS in response, go to '3' - 3 and 0 are really identical, except confirmed | |
4957a608 | 270 | If with correct PING, upgrade to -1 |
81883dcc BH |
271 | If '1', send out EDNS0, no PING |
272 | If FORMERR, downgrade to 4 | |
273 | If '2', keep on including EDNS0+PING, just don't expect PING to be correct | |
274 | If PING correct, move to '0', and cheer in the log file! | |
275 | If '3', keep on including EDNS0+PING, see what happens | |
276 | Same behaviour as 0 | |
277 | If '4', send bare queries | |
278 | */ | |
279 | ||
4bfae16d BH |
280 | if(s_noEDNS) { |
281 | g_stats.noEdnsOutQueries++; | |
282 | return asyncresolve(ip, domain, type, doTCP, sendRDQuery, 0, now, res); | |
283 | } | |
284 | ||
bb4bdbaf | 285 | SyncRes::EDNSStatus* ednsstatus; |
49a699c4 | 286 | ednsstatus = &t_sstorage->ednsstatus[ip]; |
81883dcc | 287 | |
bb4bdbaf BH |
288 | if(ednsstatus->modeSetAt && ednsstatus->modeSetAt + 3600 < d_now.tv_sec) { |
289 | *ednsstatus=SyncRes::EDNSStatus(); | |
77499b05 | 290 | // cerr<<"Resetting EDNS Status for "<<ip.toString()<<endl); |
81883dcc BH |
291 | } |
292 | ||
bb4bdbaf BH |
293 | if(s_noEDNSPing && ednsstatus->mode == EDNSStatus::UNKNOWN) |
294 | ednsstatus->mode = EDNSStatus::EDNSNOPING; | |
840c10ec | 295 | |
bb4bdbaf | 296 | SyncRes::EDNSStatus::EDNSMode& mode=ednsstatus->mode; |
81883dcc BH |
297 | SyncRes::EDNSStatus::EDNSMode oldmode = mode; |
298 | int EDNSLevel=0; | |
299 | ||
300 | int ret; | |
ff1872cf | 301 | for(int tries = 0; tries < 3; ++tries) { |
77499b05 | 302 | // cerr<<"Remote '"<<ip.toString()<<"' currently in mode "<<mode<<endl); |
81883dcc BH |
303 | |
304 | if(mode==EDNSStatus::CONFIRMEDPINGER || mode==EDNSStatus::UNKNOWN || mode==EDNSStatus::EDNSPINGOK || mode==EDNSStatus::EDNSIGNORANT) | |
305 | EDNSLevel = 2; | |
306 | else if(mode==EDNSStatus::EDNSNOPING) { | |
307 | EDNSLevel = 1; | |
308 | g_stats.noPingOutQueries++; | |
309 | } | |
310 | else if(mode==EDNSStatus::NOEDNS) { | |
311 | g_stats.noEdnsOutQueries++; | |
312 | EDNSLevel = 0; | |
313 | } | |
314 | ||
c1d73d94 | 315 | ret=asyncresolve(ip, domain, type, doTCP, sendRDQuery, EDNSLevel, now, res); |
81883dcc | 316 | if(ret == 0 || ret < 0) { |
77499b05 | 317 | // cerr<<"Transport error or timeout (ret="<<ret<<"), no change in mode"<<endl); |
81883dcc BH |
318 | return ret; |
319 | } | |
320 | ||
321 | if(mode== EDNSStatus::CONFIRMEDPINGER) { // confirmed pinger! | |
322 | if(!res->d_pingCorrect) { | |
4957a608 | 323 | L<<Logger::Error<<"Confirmed EDNS-PING enabled host "<<ip.toString()<<" did not send back correct ping"<<endl; |
232f0877 | 324 | // perhaps lower some kind of count here, don't want to punnish a downgrader too long! |
4957a608 BH |
325 | ret = 0; |
326 | res->d_rcode = RCode::ServFail; | |
327 | g_stats.ednsPingMismatches++; | |
81883dcc BH |
328 | } |
329 | else { | |
4957a608 BH |
330 | g_stats.ednsPingMatches++; |
331 | ednsstatus->modeSetAt=d_now.tv_sec; // only the very best mode self-perpetuates | |
81883dcc BH |
332 | } |
333 | } | |
334 | else if(mode==EDNSStatus::UNKNOWN || mode==EDNSStatus::EDNSPINGOK || mode == EDNSStatus::EDNSIGNORANT ) { | |
335 | if(res->d_rcode == RCode::FormErr) { | |
232f0877 | 336 | // cerr<<"Downgrading to EDNSNOPING because of FORMERR!"<<endl); |
4957a608 BH |
337 | mode = EDNSStatus::EDNSNOPING; |
338 | continue; | |
98b58a72 BH |
339 | } |
340 | else if(mode==EDNSStatus::UNKNOWN && (res->d_rcode == RCode::Refused || res->d_rcode == RCode::NotImp) ) { // this "fixes" F5 | |
232f0877 | 341 | // cerr<<"Downgrading an unknown status to EDNSNOPING because of RCODE="<<res->d_rcode<<endl; |
4957a608 BH |
342 | mode = EDNSStatus::EDNSNOPING; |
343 | continue; | |
81883dcc BH |
344 | } |
345 | else if(!res->d_pingCorrect && res->d_haveEDNS) | |
4957a608 | 346 | mode = EDNSStatus::EDNSPINGOK; |
81883dcc | 347 | else if(res->d_pingCorrect) { |
4957a608 BH |
348 | L<<Logger::Warning<<"We welcome "<<ip.toString()<<" to the land of EDNS-PING!"<<endl; |
349 | mode = EDNSStatus::CONFIRMEDPINGER; | |
350 | g_stats.ednsPingMatches++; | |
81883dcc BH |
351 | } |
352 | else if(!res->d_haveEDNS) { | |
4957a608 BH |
353 | if(mode != EDNSStatus::EDNSIGNORANT) { |
354 | mode = EDNSStatus::EDNSIGNORANT; | |
232f0877 | 355 | // cerr<<"We find that "<<ip.toString()<<" is an EDNS-ignorer, moving to mode 3"<<endl); |
4957a608 | 356 | } |
81883dcc BH |
357 | } |
358 | } | |
359 | else if(mode==EDNSStatus::EDNSNOPING) { | |
360 | if(res->d_rcode == RCode::FormErr) { | |
232f0877 | 361 | // cerr<<"Downgrading to mode 4, FORMERR!"<<endl); |
4957a608 BH |
362 | mode = EDNSStatus::NOEDNS; |
363 | continue; | |
81883dcc BH |
364 | } |
365 | } | |
366 | else if(mode==EDNSStatus::EDNSPINGOK) { | |
367 | if(res->d_pingCorrect) { | |
4957a608 BH |
368 | // an upgrade! |
369 | L<<Logger::Warning<<"We welcome "<<ip.toString()<<" to the land of EDNS-PING!"<<endl; | |
370 | mode = EDNSStatus::CONFIRMEDPINGER; | |
81883dcc BH |
371 | } |
372 | } | |
373 | if(oldmode != mode) | |
bb4bdbaf | 374 | ednsstatus->modeSetAt=d_now.tv_sec; |
77499b05 | 375 | // cerr<<"Result: ret="<<ret<<", EDNS-level: "<<EDNSLevel<<", haveEDNS: "<<res->d_haveEDNS<<", EDNS-PING correct: "<<res->d_pingCorrect<<", new mode: "<<mode<<endl); |
81883dcc BH |
376 | |
377 | return ret; | |
378 | } | |
379 | return ret; | |
380 | } | |
381 | ||
7b35aa49 | 382 | int SyncRes::doResolve(const string &qname, const QType &qtype, vector<DNSResourceRecord>&ret, int depth, set<GetBestNSAnswer>& beenthere) |
afbe2787 | 383 | { |
ded77b10 | 384 | string prefix; |
77499b05 | 385 | if(doLog()) { |
ded77b10 BH |
386 | prefix=d_prefix; |
387 | prefix.append(depth, ' '); | |
388 | } | |
728485ca | 389 | |
f4df5e89 | 390 | int res=0; |
5605c067 | 391 | if(!(d_nocache && qtype.getCode()==QType::NS && qname==".")) { |
115d07ad | 392 | if(d_cacheonly) { // very limited OOB support |
263f6a5a | 393 | LWResult lwr; |
77499b05 | 394 | LOG(prefix<<qname<<": Recursion not requested for '"<<qname<<"|"<<qtype.getName()<<"', peeking at auth/forward zones"<<endl); |
115d07ad BH |
395 | string authname(qname); |
396 | domainmap_t::const_iterator iter=getBestAuthZone(&authname); | |
49a699c4 | 397 | if(iter != t_sstorage->domainmap->end()) { |
4957a608 BH |
398 | const vector<ComboAddress>& servers = iter->second.d_servers; |
399 | if(servers.empty()) { | |
400 | ret.clear(); | |
401 | doOOBResolve(qname, qtype, ret, depth, res); | |
402 | return res; | |
403 | } | |
404 | else { | |
405 | const ComboAddress remoteIP = servers.front(); | |
77499b05 | 406 | LOG(prefix<<qname<<": forwarding query to hardcoded nameserver '"<< remoteIP.toStringWithPort()<<"' for zone '"<<authname<<"'"<<endl); |
4957a608 BH |
407 | |
408 | res=asyncresolveWrapper(remoteIP, qname, qtype.getCode(), false, false, &d_now, &lwr); | |
409 | // filter out the good stuff from lwr.result() | |
410 | ||
411 | for(LWResult::res_t::const_iterator i=lwr.d_result.begin();i!=lwr.d_result.end();++i) { | |
412 | if(i->d_place == DNSResourceRecord::ANSWER) | |
413 | ret.push_back(*i); | |
414 | } | |
415 | return res; | |
416 | } | |
115d07ad BH |
417 | } |
418 | } | |
419 | ||
c836dc19 BH |
420 | if(doCNAMECacheCheck(qname,qtype,ret,depth,res)) // will reroute us if needed |
421 | return res; | |
422 | ||
423 | if(doCacheCheck(qname,qtype,ret,depth,res)) // we done | |
424 | return res; | |
425 | } | |
afbe2787 | 426 | |
115d07ad | 427 | if(d_cacheonly) |
c836dc19 | 428 | return 0; |
115d07ad | 429 | |
77499b05 | 430 | LOG(prefix<<qname<<": No cache hit for '"<<qname<<"|"<<qtype.getName()<<"', trying to find an appropriate NS record"<<endl); |
728485ca BH |
431 | |
432 | string subdomain(qname); | |
433 | ||
7738a23f | 434 | set<string, CIStringCompare> nsset; |
7305df82 | 435 | bool flawedNSSet=false; |
97df07f8 PD |
436 | |
437 | // the two retries allow getBestNSNamesFromCache&co to reprime the root | |
438 | // hints, in case they ever go missing | |
bdf40704 | 439 | for(int tries=0;tries<2 && nsset.empty();++tries) { |
7305df82 | 440 | subdomain=getBestNSNamesFromCache(subdomain, nsset, &flawedNSSet, depth, beenthere); // pass beenthere to both occasions |
bdf40704 BH |
441 | } |
442 | ||
7305df82 | 443 | if(!(res=doResolveAt(nsset, subdomain, flawedNSSet, qname, qtype, ret, depth, beenthere))) |
728485ca BH |
444 | return 0; |
445 | ||
77499b05 | 446 | LOG(prefix<<qname<<": failed (res="<<res<<")"<<endl); |
20177d1d | 447 | return res<0 ? RCode::ServFail : res; |
afbe2787 BH |
448 | } |
449 | ||
c2567ad1 | 450 | #if 0 |
a67dd0cf | 451 | // for testing purposes |
fdf05fd4 BH |
452 | static bool ipv6First(const ComboAddress& a, const ComboAddress& b) |
453 | { | |
454 | return !(a.sin4.sin_family < a.sin4.sin_family); | |
455 | } | |
c2567ad1 | 456 | #endif |
fdf05fd4 | 457 | |
21f0f88b | 458 | /** This function explicitly goes out for A or AAAA addresses |
996c89cc | 459 | */ |
d96e88da | 460 | vector<ComboAddress> SyncRes::getAddrs(const string &qname, int depth, set<GetBestNSAnswer>& beenthere) |
75b49099 | 461 | { |
bfea0d0b BH |
462 | typedef vector<DNSResourceRecord> res_t; |
463 | res_t res; | |
75b49099 | 464 | |
996c89cc BH |
465 | typedef vector<ComboAddress> ret_t; |
466 | ret_t ret; | |
75b49099 | 467 | |
d96e88da | 468 | QType type; |
76c01aec | 469 | for(int j=1-s_doIPv6; j<2+s_doIPv6; j++) |
d96e88da | 470 | { |
76c01aec PD |
471 | bool done=false; |
472 | // j=0: ANY | |
473 | // j=1: A | |
474 | // j=2: AAAA | |
475 | ||
476 | switch(j) { | |
477 | case 0: | |
478 | type = QType::ANY; | |
479 | break; | |
480 | case 1: | |
481 | type = QType::A; | |
482 | break; | |
483 | case 2: | |
484 | type = QType::AAAA; | |
485 | break; | |
486 | } | |
d96e88da PD |
487 | |
488 | if(!doResolve(qname, type, res,depth+1,beenthere) && !res.empty()) { // this consults cache, OR goes out | |
489 | for(res_t::const_iterator i=res.begin(); i!= res.end(); ++i) { | |
490 | if(i->qtype.getCode()==QType::A || i->qtype.getCode()==QType::AAAA) { | |
76c01aec PD |
491 | ret.push_back(ComboAddress(i->content, 53)); |
492 | if(!j) done=true; | |
d96e88da | 493 | } |
42724edf | 494 | } |
f4df5e89 | 495 | } |
76c01aec | 496 | if(done) break; |
bfea0d0b | 497 | } |
21f0f88b | 498 | |
996c89cc | 499 | if(ret.size() > 1) { |
51e2144e | 500 | random_shuffle(ret.begin(), ret.end(), dns_random); |
996c89cc | 501 | |
ae4d8cf1 | 502 | // move 'best' address for this nameserver name up front |
5ea6f7de | 503 | nsspeeds_t::iterator best = t_sstorage->nsSpeeds.find(qname); |
996c89cc | 504 | |
49a699c4 | 505 | if(best != t_sstorage->nsSpeeds.end()) |
ae4d8cf1 | 506 | for(ret_t::iterator i=ret.begin(); i != ret.end(); ++i) { |
4957a608 BH |
507 | if(*i==best->second.d_best) { // got the fastest one |
508 | if(i!=ret.begin()) { | |
509 | *i=*ret.begin(); | |
510 | *ret.begin()=best->second.d_best; | |
511 | } | |
512 | break; | |
513 | } | |
996c89cc BH |
514 | } |
515 | } | |
fdf05fd4 | 516 | |
728485ca | 517 | return ret; |
75b49099 BH |
518 | } |
519 | ||
7305df82 | 520 | void SyncRes::getBestNSFromCache(const string &qname, set<DNSResourceRecord>&bestns, bool* flawedNSSet, int depth, set<GetBestNSAnswer>& beenthere) |
86c152f2 | 521 | { |
ded77b10 | 522 | string prefix, subdomain(qname); |
77499b05 | 523 | if(doLog()) { |
ded77b10 BH |
524 | prefix=d_prefix; |
525 | prefix.append(depth, ' '); | |
526 | } | |
75b49099 BH |
527 | bestns.clear(); |
528 | ||
75b49099 | 529 | do { |
77499b05 | 530 | LOG(prefix<<qname<<": Checking if we have NS in cache for '"<<subdomain<<"'"<<endl); |
7738a23f | 531 | set<DNSResourceRecord> ns; |
7305df82 | 532 | *flawedNSSet = false; |
49a699c4 | 533 | if(t_RC->get(d_now.tv_sec, subdomain, QType(QType::NS), &ns) > 0) { |
7bf26383 | 534 | for(set<DNSResourceRecord>::const_iterator k=ns.begin();k!=ns.end();++k) { |
4957a608 BH |
535 | if(k->ttl > (unsigned int)d_now.tv_sec ) { |
536 | set<DNSResourceRecord> aset; | |
537 | ||
538 | DNSResourceRecord rr=*k; | |
539 | rr.content=k->content; | |
49a699c4 | 540 | if(!dottedEndsOn(rr.content, subdomain) || t_RC->get(d_now.tv_sec, rr.content, s_doIPv6 ? QType(QType::ADDR) : QType(QType::A), |
232f0877 | 541 | doLog() ? &aset : 0) > 5) { |
4957a608 | 542 | bestns.insert(rr); |
77499b05 BH |
543 | LOG(prefix<<qname<<": NS (with ip, or non-glue) in cache for '"<<subdomain<<"' -> '"<<rr.content<<"'"<<endl); |
544 | LOG(prefix<<qname<<": within bailiwick: "<<dottedEndsOn(rr.content, subdomain)); | |
4957a608 | 545 | if(!aset.empty()) { |
77499b05 | 546 | LOG(", in cache, ttl="<<(unsigned int)(((time_t)aset.begin()->ttl- d_now.tv_sec ))<<endl); |
4957a608 BH |
547 | } |
548 | else { | |
77499b05 | 549 | LOG(", not in cache / did not look at cache"<<endl); |
4957a608 BH |
550 | } |
551 | } | |
552 | else { | |
553 | *flawedNSSet=true; | |
77499b05 | 554 | LOG(prefix<<qname<<": NS in cache for '"<<subdomain<<"', but needs glue ("<<k->content<<") which we miss or is expired"<<endl); |
4957a608 BH |
555 | } |
556 | } | |
afbe2787 | 557 | } |
75b49099 | 558 | if(!bestns.empty()) { |
4957a608 BH |
559 | GetBestNSAnswer answer; |
560 | answer.qname=qname; answer.bestns=bestns; | |
561 | if(beenthere.count(answer)) { | |
8a1ff051 | 562 | LOG(prefix<<qname<<": We have NS in cache for '"<<subdomain<<"' but part of LOOP (already seen "<<answer.qname<<")! Trying less specific NS"<<endl); |
77499b05 BH |
563 | if(doLog()) |
564 | for( set<GetBestNSAnswer>::const_iterator j=beenthere.begin();j!=beenthere.end();++j) { | |
565 | LOG(prefix<<qname<<": beenthere: "<<j->qname<<" ("<<(unsigned int)j->bestns.size()<<")"<<endl); | |
566 | } | |
4957a608 BH |
567 | bestns.clear(); |
568 | } | |
569 | else { | |
570 | beenthere.insert(answer); | |
77499b05 | 571 | LOG(prefix<<qname<<": We have NS in cache for '"<<subdomain<<"' (flawedNSSet="<<*flawedNSSet<<")"<<endl); |
4957a608 BH |
572 | return; |
573 | } | |
75b49099 | 574 | } |
afbe2787 | 575 | } |
77499b05 | 576 | LOG(prefix<<qname<<": no valid/useful NS in cache for '"<<subdomain<<"'"<<endl); |
97df07f8 | 577 | if(subdomain==".") { primeHints(); } |
7738a23f | 578 | }while(chopOffDotted(subdomain)); |
75b49099 BH |
579 | } |
580 | ||
5605c067 BH |
581 | SyncRes::domainmap_t::const_iterator SyncRes::getBestAuthZone(string* qname) |
582 | { | |
583 | SyncRes::domainmap_t::const_iterator ret; | |
584 | do { | |
49a699c4 BH |
585 | ret=t_sstorage->domainmap->find(*qname); |
586 | if(ret!=t_sstorage->domainmap->end()) | |
5605c067 BH |
587 | break; |
588 | }while(chopOffDotted(*qname)); | |
589 | return ret; | |
590 | } | |
288f4aa9 | 591 | |
7bf26383 | 592 | /** doesn't actually do the work, leaves that to getBestNSFromCache */ |
7305df82 | 593 | string SyncRes::getBestNSNamesFromCache(const string &qname, set<string, CIStringCompare>& nsset, bool* flawedNSSet, int depth, set<GetBestNSAnswer>&beenthere) |
75b49099 BH |
594 | { |
595 | string subdomain(qname); | |
5605c067 BH |
596 | string authdomain(qname); |
597 | ||
598 | domainmap_t::const_iterator iter=getBestAuthZone(&authdomain); | |
49a699c4 | 599 | if(iter!=t_sstorage->domainmap->end()) { |
2e5ae2b2 BH |
600 | if( iter->second.d_servers.empty() ) |
601 | nsset.insert(string()); // this gets picked up in doResolveAt, if empty it means "we are auth", otherwise it denotes a forward | |
602 | else { | |
603 | for(vector<ComboAddress>::const_iterator server=iter->second.d_servers.begin(); server != iter->second.d_servers.end(); ++server) | |
4957a608 | 604 | nsset.insert((iter->second.d_rdForward ? "+" : "-") + server->toStringWithPort()); // add a '+' if the rd bit should be set |
2e5ae2b2 BH |
605 | } |
606 | ||
5605c067 BH |
607 | return authdomain; |
608 | } | |
609 | ||
75b49099 | 610 | set<DNSResourceRecord> bestns; |
7305df82 | 611 | getBestNSFromCache(subdomain, bestns, flawedNSSet, depth, beenthere); |
75b49099 BH |
612 | |
613 | for(set<DNSResourceRecord>::const_iterator k=bestns.begin();k!=bestns.end();++k) { | |
614 | nsset.insert(k->content); | |
e93c956b BH |
615 | if(k==bestns.begin()) |
616 | subdomain=k->qname; | |
86c152f2 | 617 | } |
75b49099 | 618 | return subdomain; |
afbe2787 BH |
619 | } |
620 | ||
7b35aa49 | 621 | bool SyncRes::doCNAMECacheCheck(const string &qname, const QType &qtype, vector<DNSResourceRecord>&ret, int depth, int &res) |
afbe2787 | 622 | { |
ded77b10 | 623 | string prefix; |
77499b05 | 624 | if(doLog()) { |
ded77b10 BH |
625 | prefix=d_prefix; |
626 | prefix.append(depth, ' '); | |
627 | } | |
36f5e3db | 628 | |
40de2910 | 629 | if((depth>9 && d_outqueries>10 && d_throttledqueries>5) || depth > 15) { |
5bc8686b | 630 | LOG(prefix<<qname<<": recursing (CNAME or other indirection) too deep, depth="<<depth<<endl); |
c6644fc5 BH |
631 | res=RCode::ServFail; |
632 | return true; | |
633 | } | |
36f5e3db | 634 | |
77499b05 | 635 | LOG(prefix<<qname<<": Looking for CNAME cache hit of '"<<(qname+"|CNAME")<<"'"<<endl); |
7bf26383 | 636 | set<DNSResourceRecord> cset; |
49a699c4 | 637 | if(t_RC->get(d_now.tv_sec, qname,QType(QType::CNAME),&cset) > 0) { |
36c5ee42 | 638 | |
7bf26383 | 639 | for(set<DNSResourceRecord>::const_iterator j=cset.begin();j!=cset.end();++j) { |
d6d5dea7 | 640 | if(j->ttl>(unsigned int) d_now.tv_sec) { |
77499b05 | 641 | LOG(prefix<<qname<<": Found cache CNAME hit for '"<< (qname+"|CNAME") <<"' to '"<<j->content<<"'"<<endl); |
4957a608 BH |
642 | DNSResourceRecord rr=*j; |
643 | rr.ttl-=d_now.tv_sec; | |
644 | ret.push_back(rr); | |
645 | if(!(qtype==QType(QType::CNAME))) { // perhaps they really wanted a CNAME! | |
646 | set<GetBestNSAnswer>beenthere; | |
647 | res=doResolve(j->content, qtype, ret, depth+1, beenthere); | |
648 | } | |
649 | else | |
650 | res=0; | |
651 | return true; | |
ac539791 BH |
652 | } |
653 | } | |
afbe2787 | 654 | } |
77499b05 | 655 | LOG(prefix<<qname<<": No CNAME cache hit of '"<< (qname+"|CNAME") <<"' found"<<endl); |
75b49099 BH |
656 | return false; |
657 | } | |
658 | ||
bb4bdbaf BH |
659 | |
660 | ||
661 | ||
7b35aa49 | 662 | bool SyncRes::doCacheCheck(const string &qname, const QType &qtype, vector<DNSResourceRecord>&ret, int depth, int &res) |
75b49099 | 663 | { |
fd8bc993 | 664 | bool giveNegative=false; |
ded77b10 | 665 | |
be718669 | 666 | string prefix; |
77499b05 | 667 | if(doLog()) { |
ded77b10 BH |
668 | prefix=d_prefix; |
669 | prefix.append(depth, ' '); | |
670 | } | |
afbe2787 | 671 | |
288f4aa9 BH |
672 | string sqname(qname); |
673 | QType sqt(qtype); | |
092f210a | 674 | uint32_t sttl=0; |
f4df5e89 | 675 | // cout<<"Lookup for '"<<qname<<"|"<<qtype.getName()<<"'\n"; |
bb4bdbaf | 676 | |
49a699c4 BH |
677 | pair<negcache_t::const_iterator, negcache_t::const_iterator> range=t_sstorage->negcache.equal_range(tie(qname)); |
678 | negcache_t::iterator ni; | |
679 | for(ni=range.first; ni != range.second; ni++) { | |
680 | // we have something | |
681 | if(ni->d_qtype.getCode() == 0 || ni->d_qtype == qtype) { | |
682 | res=0; | |
683 | if((uint32_t)d_now.tv_sec < ni->d_ttd) { | |
684 | sttl=ni->d_ttd - d_now.tv_sec; | |
685 | if(ni->d_qtype.getCode()) { | |
77499b05 | 686 | LOG(prefix<<qname<<": "<<qtype.getName()<<" is negatively cached via '"<<ni->d_qname<<"' for another "<<sttl<<" seconds"<<endl); |
49a699c4 | 687 | res = RCode::NoError; |
4957a608 BH |
688 | } |
689 | else { | |
77499b05 | 690 | LOG(prefix<<qname<<": Entire record '"<<qname<<"', is negatively cached via '"<<ni->d_qname<<"' for another "<<sttl<<" seconds"<<endl); |
49a699c4 | 691 | res= RCode::NXDomain; |
4957a608 | 692 | } |
49a699c4 BH |
693 | giveNegative=true; |
694 | sqname=ni->d_qname; | |
695 | sqt=QType::SOA; | |
c2567ad1 | 696 | moveCacheItemToBack(t_sstorage->negcache, ni); |
49a699c4 BH |
697 | break; |
698 | } | |
699 | else { | |
77499b05 | 700 | LOG(prefix<<qname<<": Entire record '"<<qname<<"' or type was negatively cached, but entry expired"<<endl); |
c2567ad1 | 701 | moveCacheItemToFront(t_sstorage->negcache, ni); |
38e22b5a | 702 | } |
fd8bc993 BH |
703 | } |
704 | } | |
20177d1d | 705 | |
7bf26383 | 706 | set<DNSResourceRecord> cset; |
75b49099 | 707 | bool found=false, expired=false; |
be718669 | 708 | |
49a699c4 | 709 | if(t_RC->get(d_now.tv_sec, sqname, sqt, &cset) > 0) { |
77499b05 | 710 | LOG(prefix<<sqname<<": Found cache hit for "<<sqt.getName()<<": "); |
7bf26383 | 711 | for(set<DNSResourceRecord>::const_iterator j=cset.begin();j!=cset.end();++j) { |
77499b05 | 712 | LOG(j->content); |
d6d5dea7 | 713 | if(j->ttl>(unsigned int) d_now.tv_sec) { |
4957a608 BH |
714 | DNSResourceRecord rr=*j; |
715 | rr.ttl-=d_now.tv_sec; | |
716 | if(giveNegative) { | |
717 | rr.d_place=DNSResourceRecord::AUTHORITY; | |
718 | rr.ttl=sttl; | |
719 | } | |
720 | ret.push_back(rr); | |
77499b05 | 721 | LOG("[ttl="<<rr.ttl<<"] "); |
4957a608 | 722 | found=true; |
ac539791 | 723 | } |
75b49099 | 724 | else { |
77499b05 | 725 | LOG("[expired] "); |
4957a608 | 726 | expired=true; |
75b49099 | 727 | } |
afbe2787 | 728 | } |
ac539791 | 729 | |
77499b05 | 730 | LOG(endl); |
f4df5e89 | 731 | if(found && !expired) { |
f15a5b2a | 732 | if(!giveNegative) |
4957a608 | 733 | res=0; |
75b49099 | 734 | return true; |
f4df5e89 | 735 | } |
75b49099 | 736 | else |
77499b05 | 737 | LOG(prefix<<qname<<": cache had only stale entries"<<endl); |
afbe2787 | 738 | } |
f4df5e89 | 739 | |
75b49099 BH |
740 | return false; |
741 | } | |
afbe2787 | 742 | |
7b35aa49 | 743 | bool SyncRes::moreSpecificThan(const string& a, const string &b) |
75b49099 | 744 | { |
7738a23f BH |
745 | static string dot("."); |
746 | int counta=(a!=dot), countb=(b!=dot); | |
afbe2787 | 747 | |
728485ca BH |
748 | for(string::size_type n=0;n<a.size();++n) |
749 | if(a[n]=='.') | |
750 | counta++; | |
751 | for(string::size_type n=0;n<b.size();++n) | |
752 | if(b[n]=='.') | |
753 | countb++; | |
754 | return counta>countb; | |
afbe2787 BH |
755 | } |
756 | ||
d8d0bb8f | 757 | struct speedOrder |
eefd15f9 | 758 | { |
5ea6f7de PD |
759 | speedOrder(map<string,double> &speeds) : d_speeds(speeds) {} |
760 | bool operator()(const string &a, const string &b) const | |
c3d9d009 BH |
761 | { |
762 | return d_speeds[a] < d_speeds[b]; | |
c3d9d009 | 763 | } |
5ea6f7de | 764 | map<string, double>& d_speeds; |
c3d9d009 BH |
765 | }; |
766 | ||
5ea6f7de | 767 | inline vector<string> SyncRes::shuffleInSpeedOrder(set<string, CIStringCompare> &tnameservers, const string &prefix) |
afbe2787 | 768 | { |
5ea6f7de PD |
769 | vector<string> rnameservers; |
770 | rnameservers.reserve(tnameservers.size()); | |
21f0f88b | 771 | BOOST_FOREACH(const string& str, tnameservers) { |
5ea6f7de | 772 | rnameservers.push_back(str); |
21f0f88b | 773 | } |
5ea6f7de PD |
774 | map<string, double> speeds; |
775 | BOOST_FOREACH(const string& val, rnameservers) { | |
79b8cdcc | 776 | double speed; |
21f0f88b BH |
777 | speed=t_sstorage->nsSpeeds[val].get(&d_now); |
778 | speeds[val]=speed; | |
eefd15f9 | 779 | } |
51e2144e | 780 | random_shuffle(rnameservers.begin(),rnameservers.end(), dns_random); |
996c89cc BH |
781 | speedOrder so(speeds); |
782 | stable_sort(rnameservers.begin(),rnameservers.end(), so); | |
eefd15f9 | 783 | |
77499b05 BH |
784 | if(doLog()) { |
785 | LOG(prefix<<"Nameservers: "); | |
5ea6f7de | 786 | for(vector<string>::const_iterator i=rnameservers.begin();i!=rnameservers.end();++i) { |
d8d0bb8f | 787 | if(i!=rnameservers.begin()) { |
77499b05 BH |
788 | LOG(", "); |
789 | if(!((i-rnameservers.begin())%3)) { | |
790 | LOG(endl<<prefix<<" "); | |
791 | } | |
d8d0bb8f | 792 | } |
5ea6f7de | 793 | LOG(*i<<"(" << (boost::format("%0.2f") % (speeds[*i]/1000.0)).str() <<"ms)"); |
d8d0bb8f | 794 | } |
77499b05 | 795 | LOG(endl); |
d8d0bb8f | 796 | } |
728485ca | 797 | return rnameservers; |
afbe2787 BH |
798 | } |
799 | ||
7738a23f BH |
800 | struct TCacheComp |
801 | { | |
802 | bool operator()(const pair<string, QType>& a, const pair<string, QType>& b) const | |
803 | { | |
ec6480f3 | 804 | if(pdns_ilexicographical_compare(a.first, b.first)) |
7738a23f | 805 | return true; |
ec6480f3 | 806 | if(pdns_ilexicographical_compare(b.first, a.first)) |
7738a23f | 807 | return false; |
edb1c9ee | 808 | |
7738a23f BH |
809 | return a.second < b.second; |
810 | } | |
811 | }; | |
812 | ||
bf7e4a70 BH |
813 | static bool magicAddrMatch(const QType& query, const QType& answer) |
814 | { | |
815 | if(query.getCode() != QType::ADDR) | |
816 | return false; | |
817 | return answer.getCode() == QType::A || answer.getCode() == QType::AAAA; | |
818 | } | |
7738a23f | 819 | |
ac539791 | 820 | /** returns -1 in case of no results, rcode otherwise */ |
7305df82 | 821 | int SyncRes::doResolveAt(set<string, CIStringCompare> nameservers, string auth, bool flawedNSSet, const string &qname, const QType &qtype, |
232f0877 CH |
822 | vector<DNSResourceRecord>&ret, |
823 | int depth, set<GetBestNSAnswer>&beenthere) | |
86c152f2 | 824 | { |
ded77b10 | 825 | string prefix; |
77499b05 | 826 | if(doLog()) { |
ded77b10 BH |
827 | prefix=d_prefix; |
828 | prefix.append(depth, ' '); | |
829 | } | |
86c152f2 | 830 | |
77499b05 | 831 | LOG(prefix<<qname<<": Cache consultations done, have "<<(unsigned int)nameservers.size()<<" NS to contact"<<endl); |
afbe2787 BH |
832 | |
833 | for(;;) { // we may get more specific nameservers | |
5ea6f7de | 834 | vector<string > rnameservers = shuffleInSpeedOrder(nameservers, doLog() ? (prefix+qname+": ") : string() ); |
21f0f88b | 835 | |
5ea6f7de | 836 | for(vector<string >::const_iterator tns=rnameservers.begin();;++tns) { |
728485ca | 837 | if(tns==rnameservers.end()) { |
77499b05 | 838 | LOG(prefix<<qname<<": Failed to resolve via any of the "<<(unsigned int)rnameservers.size()<<" offered NS at level '"<<auth<<"'"<<endl); |
4957a608 | 839 | if(auth!="." && flawedNSSet) { |
77499b05 | 840 | LOG(prefix<<qname<<": Ageing nameservers for level '"<<auth<<"', next query might succeed"<<endl); |
49a699c4 | 841 | if(t_RC->doAgeCache(d_now.tv_sec, auth, QType::NS, 10)) |
4957a608 BH |
842 | g_stats.nsSetInvalidations++; |
843 | } | |
844 | return -1; | |
afbe2787 | 845 | } |
21f0f88b | 846 | // this line needs to identify the 'self-resolving' behaviour, but we get it wrong now |
5ea6f7de | 847 | if(pdns_iequals(qname, *tns) && qtype.getCode()==QType::A && rnameservers.size() > (unsigned)(1+1*s_doIPv6)) { |
77499b05 | 848 | LOG(prefix<<qname<<": Not using NS to resolve itself!"<<endl); |
4957a608 | 849 | continue; |
20177d1d | 850 | } |
5605c067 | 851 | |
996c89cc | 852 | typedef vector<ComboAddress> remoteIPs_t; |
5605c067 | 853 | remoteIPs_t remoteIPs; |
bfea0d0b | 854 | remoteIPs_t::const_iterator remoteIP; |
5c633640 | 855 | bool doTCP=false; |
5605c067 | 856 | int resolveret; |
1c21f389 | 857 | bool pierceDontQuery=false; |
c1d73d94 | 858 | bool sendRDQuery=false; |
263f6a5a | 859 | LWResult lwr; |
5ea6f7de | 860 | if(tns->empty()) { |
77499b05 | 861 | LOG(prefix<<qname<<": Domain is out-of-band"<<endl); |
4957a608 BH |
862 | doOOBResolve(qname, qtype, lwr.d_result, depth, lwr.d_rcode); |
863 | lwr.d_tcbit=false; | |
864 | lwr.d_aabit=true; | |
5605c067 BH |
865 | } |
866 | else { | |
5ea6f7de | 867 | LOG(prefix<<qname<<": Trying to resolve NS '"<<*tns<< "' ("<<1+tns-rnameservers.begin()<<"/"<<(unsigned int)rnameservers.size()<<")"<<endl); |
4957a608 | 868 | |
5ea6f7de | 869 | if(!isCanonical(*tns)) { |
77499b05 | 870 | LOG(prefix<<qname<<": Domain has hardcoded nameserver(s)"<<endl); |
4957a608 | 871 | |
5ea6f7de PD |
872 | string txtAddr = *tns; |
873 | if(!tns->empty()) { | |
4957a608 BH |
874 | sendRDQuery = txtAddr[0] == '+'; |
875 | txtAddr=txtAddr.c_str()+1; | |
876 | } | |
877 | ComboAddress addr=parseIPAndPort(txtAddr, 53); | |
878 | ||
879 | remoteIPs.push_back(addr); | |
880 | pierceDontQuery=true; | |
881 | } | |
882 | else { | |
54e58e44 | 883 | remoteIPs=getAddrs(*tns, depth+2, beenthere); |
4957a608 BH |
884 | pierceDontQuery=false; |
885 | } | |
886 | ||
887 | if(remoteIPs.empty()) { | |
5ea6f7de | 888 | LOG(prefix<<qname<<": Failed to get IP for NS "<<*tns<<", trying next if available"<<endl); |
4957a608 BH |
889 | flawedNSSet=true; |
890 | continue; | |
891 | } | |
892 | else { | |
21f0f88b | 893 | |
5ea6f7de | 894 | LOG(prefix<<qname<<": Resolved '"+auth+"' NS "<<*tns<<" to: "); |
4957a608 | 895 | for(remoteIP = remoteIPs.begin(); remoteIP != remoteIPs.end(); ++remoteIP) { |
77499b05 BH |
896 | if(remoteIP != remoteIPs.begin()) { |
897 | LOG(", "); | |
898 | } | |
899 | LOG(remoteIP->toString()); | |
4957a608 | 900 | } |
77499b05 | 901 | LOG(endl); |
4957a608 BH |
902 | |
903 | } | |
904 | ||
905 | for(remoteIP = remoteIPs.begin(); remoteIP != remoteIPs.end(); ++remoteIP) { | |
77499b05 | 906 | LOG(prefix<<qname<<": Trying IP "<< remoteIP->toStringWithPort() <<", asking '"<<qname<<"|"<<qtype.getName()<<"'"<<endl); |
4957a608 BH |
907 | extern NetmaskGroup* g_dontQuery; |
908 | ||
41ea0e50 | 909 | if(t_sstorage->throttle.shouldThrottle(d_now.tv_sec, boost::make_tuple(*remoteIP, "", 0))) { |
628e2c7b PA |
910 | LOG(prefix<<qname<<": server throttled "<<endl); |
911 | s_throttledqueries++; d_throttledqueries++; | |
912 | continue; | |
913 | } | |
41ea0e50 | 914 | else if(t_sstorage->throttle.shouldThrottle(d_now.tv_sec, boost::make_tuple(*remoteIP, qname, qtype.getCode()))) { |
77499b05 | 915 | LOG(prefix<<qname<<": query throttled "<<endl); |
4957a608 BH |
916 | s_throttledqueries++; d_throttledqueries++; |
917 | continue; | |
918 | } | |
919 | else if(!pierceDontQuery && g_dontQuery && g_dontQuery->match(&*remoteIP)) { | |
77499b05 | 920 | LOG(prefix<<qname<<": not sending query to " << remoteIP->toString() << ", blocked by 'dont-query' setting" << endl); |
66e0b6ea | 921 | s_dontqueries++; |
4957a608 BH |
922 | continue; |
923 | } | |
924 | else { | |
925 | s_outqueries++; d_outqueries++; | |
173d790e | 926 | if(d_outqueries > s_maxqperq) throw ImmediateServFailException("more than "+lexical_cast<string>(s_maxqperq)+" (max-qperq) queries sent while resolving "+qname); |
4957a608 BH |
927 | TryTCP: |
928 | if(doTCP) { | |
77499b05 | 929 | LOG(prefix<<qname<<": using TCP with "<< remoteIP->toStringWithPort() <<endl); |
4957a608 BH |
930 | s_tcpoutqueries++; d_tcpoutqueries++; |
931 | } | |
932 | ||
21f0f88b | 933 | resolveret=asyncresolveWrapper(*remoteIP, qname, qtype.getCode(), |
232f0877 | 934 | doTCP, sendRDQuery, &d_now, &lwr); // <- we go out on the wire! |
30b13ef7 | 935 | |
936 | if(resolveret != 1) { | |
4957a608 | 937 | if(resolveret==0) { |
863ca18d | 938 | LOG(prefix<<qname<<": timeout resolving after "<<lwr.d_usec/1000.0<<"msec "<< (doTCP ? "over TCP" : "")<<endl); |
232f0877 CH |
939 | d_timeouts++; |
940 | s_outgoingtimeouts++; | |
4957a608 BH |
941 | } |
942 | else if(resolveret==-2) { | |
232f0877 CH |
943 | LOG(prefix<<qname<<": hit a local resource limit resolving"<< (doTCP ? " over TCP" : "")<<", probable error: "<<stringerror()<<endl); |
944 | g_stats.resourceLimits++; | |
4957a608 BH |
945 | } |
946 | else { | |
232f0877 CH |
947 | s_unreachables++; d_unreachables++; |
948 | LOG(prefix<<qname<<": error resolving"<< (doTCP ? " over TCP" : "") <<", possible error: "<<strerror(errno)<< endl); | |
4957a608 | 949 | } |
30b13ef7 | 950 | |
4957a608 | 951 | if(resolveret!=-2) { // don't account for resource limits, they are our own fault |
30b13ef7 | 952 | t_sstorage->nsSpeeds[*tns].submit(*remoteIP, 1000000, &d_now); // 1 sec |
953 | ||
954 | // code below makes sure we don't filter COM or the root | |
955 | if (s_serverdownmaxfails > 0 && (auth.find('.')+1 != auth.size()) && t_sstorage->fails.incr(*remoteIP) >= s_serverdownmaxfails) { | |
628e2c7b | 956 | LOG(prefix<<qname<<": Max fails reached resolving on "<< remoteIP->toString() <<". Going full throttle for 1 minute" <<endl); |
41ea0e50 | 957 | t_sstorage->throttle.throttle(d_now.tv_sec, boost::make_tuple(*remoteIP, "", 0), s_serverdownthrottletime, 10000); // mark server as down |
628e2c7b | 958 | } else if(resolveret==-1) |
41ea0e50 | 959 | t_sstorage->throttle.throttle(d_now.tv_sec, boost::make_tuple(*remoteIP, qname, qtype.getCode()), 60, 100); // unreachable, 1 minute or 100 queries |
232f0877 | 960 | else |
41ea0e50 | 961 | t_sstorage->throttle.throttle(d_now.tv_sec, boost::make_tuple(*remoteIP, qname, qtype.getCode()), 10, 5); // timeout |
4957a608 BH |
962 | } |
963 | continue; | |
964 | } | |
352b4183 PD |
965 | |
966 | if(lwr.d_rcode==RCode::ServFail || lwr.d_rcode==RCode::Refused) { | |
5ea6f7de | 967 | LOG(prefix<<qname<<": "<<*tns<<" returned a "<< (lwr.d_rcode==RCode::ServFail ? "ServFail" : "Refused") << ", trying sibling IP or NS"<<endl); |
41ea0e50 | 968 | t_sstorage->throttle.throttle(d_now.tv_sec,boost::make_tuple(*remoteIP, qname, qtype.getCode()),60,3); // servfail or refused |
352b4183 PD |
969 | continue; |
970 | } | |
4957a608 | 971 | |
628e2c7b PA |
972 | if(s_serverdownmaxfails > 0) |
973 | t_sstorage->fails.clear(*remoteIP); | |
974 | ||
4957a608 BH |
975 | break; // this IP address worked! |
976 | wasLame:; // well, it didn't | |
5ea6f7de | 977 | LOG(prefix<<qname<<": status=NS "<<*tns<<" ("<< remoteIP->toString() <<") is lame for '"<<auth<<"', trying sibling IP or NS"<<endl); |
41ea0e50 | 978 | t_sstorage->throttle.throttle(d_now.tv_sec, boost::make_tuple(*remoteIP, qname, qtype.getCode()), 60, 100); // lame |
4957a608 BH |
979 | } |
980 | } | |
981 | ||
982 | if(remoteIP == remoteIPs.end()) // we tried all IP addresses, none worked | |
983 | continue; | |
984 | ||
985 | if(lwr.d_tcbit) { | |
986 | if(!doTCP) { | |
987 | doTCP=true; | |
77499b05 | 988 | LOG(prefix<<qname<<": truncated bit set, retrying via TCP"<<endl); |
4957a608 BH |
989 | goto TryTCP; |
990 | } | |
77499b05 | 991 | LOG(prefix<<qname<<": truncated bit set, over TCP?"<<endl); |
4957a608 BH |
992 | return RCode::ServFail; |
993 | } | |
994 | ||
1ef28707 | 995 | LOG(prefix<<qname<<": Got "<<(unsigned int)lwr.d_result.size()<<" answers from "<<*tns<<" ("<< remoteIP->toString() <<"), rcode="<<lwr.d_rcode<<" ("<<RCode::to_s(lwr.d_rcode)<<"), aa="<<lwr.d_aabit<<", in "<<lwr.d_usec/1000<<"ms"<<endl); |
4957a608 BH |
996 | |
997 | /* // for you IPv6 fanatics :-) | |
998 | if(remoteIP->sin4.sin_family==AF_INET6) | |
999 | lwr.d_usec/=3; | |
1000 | */ | |
232f0877 | 1001 | // cout<<"msec: "<<lwr.d_usec/1000.0<<", "<<g_avgLatency/1000.0<<'\n'; |
4957a608 | 1002 | |
49a699c4 | 1003 | t_sstorage->nsSpeeds[*tns].submit(*remoteIP, lwr.d_usec, &d_now); |
20177d1d | 1004 | } |
20177d1d | 1005 | |
aadceba8 | 1006 | if(s_minimumTTL) { |
1007 | for(LWResult::res_t::iterator i=lwr.d_result.begin();i != lwr.d_result.end();++i) { | |
1008 | i->ttl = max(i->ttl, s_minimumTTL); | |
1009 | } | |
1010 | } | |
1011 | ||
7738a23f | 1012 | typedef map<pair<string, QType>, set<DNSResourceRecord>, TCacheComp > tcache_t; |
1ac4e536 BH |
1013 | tcache_t tcache; |
1014 | ||
728485ca | 1015 | // reap all answers from this packet that are acceptable |
c3e753c7 | 1016 | for(LWResult::res_t::iterator i=lwr.d_result.begin();i != lwr.d_result.end();++i) { |
4957a608 | 1017 | if(i->qtype.getCode() == QType::OPT) { |
77499b05 | 1018 | LOG(prefix<<qname<<": skipping OPT answer '"<<i->qname<<"' from '"<<auth<<"' nameservers" <<endl); |
4957a608 BH |
1019 | continue; |
1020 | } | |
77499b05 | 1021 | LOG(prefix<<qname<<": accept answer '"<<i->qname<<"|"<<i->qtype.getName()<<"|"<<i->content<<"' from '"<<auth<<"' nameservers? "); |
4957a608 | 1022 | if(i->qtype.getCode()==QType::ANY) { |
77499b05 | 1023 | LOG("NO! - we don't accept 'ANY' data"<<endl); |
4957a608 BH |
1024 | continue; |
1025 | } | |
1026 | ||
1027 | if(dottedEndsOn(i->qname, auth)) { | |
1028 | if(lwr.d_aabit && lwr.d_rcode==RCode::NoError && i->d_place==DNSResourceRecord::ANSWER && ::arg().contains("delegation-only",auth)) { | |
77499b05 | 1029 | LOG("NO! Is from delegation-only zone"<<endl); |
4957a608 BH |
1030 | s_nodelegated++; |
1031 | return RCode::NXDomain; | |
1032 | } | |
1033 | else { | |
77499b05 | 1034 | LOG("YES!"<<endl); |
4957a608 BH |
1035 | |
1036 | i->ttl=min(s_maxcachettl, i->ttl); | |
1037 | ||
1038 | DNSResourceRecord rr=*i; | |
1039 | rr.d_place=DNSResourceRecord::ANSWER; | |
1040 | ||
1041 | rr.ttl += d_now.tv_sec; | |
1042 | ||
1043 | if(rr.qtype.getCode() == QType::NS) // people fiddle with the case | |
1044 | rr.content=toLower(rr.content); // this must stay! (the cache can't be case-insensitive on the RHS of records) | |
10d31f4e | 1045 | |
4957a608 BH |
1046 | tcache[make_pair(i->qname,i->qtype)].insert(rr); |
1047 | } | |
232f0877 | 1048 | } |
4957a608 | 1049 | else |
77499b05 | 1050 | LOG("NO!"<<endl); |
86c152f2 | 1051 | } |
728485ca BH |
1052 | |
1053 | // supplant | |
60b859b9 | 1054 | for(tcache_t::iterator i=tcache.begin();i!=tcache.end();++i) { |
4957a608 | 1055 | if(i->second.size() > 1) { // need to group the ttl to be the minimum of the RRSET (RFC 2181, 5.2) |
331c187c | 1056 | uint32_t lowestTTL=std::numeric_limits<uint32_t>::max(); |
4957a608 BH |
1057 | for(tcache_t::value_type::second_type::iterator j=i->second.begin(); j != i->second.end(); ++j) |
1058 | lowestTTL=min(lowestTTL, j->ttl); | |
1059 | ||
1060 | for(tcache_t::value_type::second_type::iterator j=i->second.begin(); j != i->second.end(); ++j) | |
1061 | ((tcache_t::value_type::second_type::value_type*)&(*j))->ttl=lowestTTL; | |
1062 | } | |
1063 | ||
49a699c4 | 1064 | t_RC->replace(d_now.tv_sec, i->first.first, i->first.second, i->second, lwr.d_aabit); |
288f4aa9 | 1065 | } |
7738a23f | 1066 | set<string, CIStringCompare> nsset; |
77499b05 | 1067 | LOG(prefix<<qname<<": determining status after receiving this packet"<<endl); |
728485ca | 1068 | |
20177d1d | 1069 | bool done=false, realreferral=false, negindic=false; |
c6644fc5 | 1070 | string newauth, soaname, newtarget; |
728485ca | 1071 | |
596aa4a1 | 1072 | for(LWResult::res_t::iterator i=lwr.d_result.begin();i!=lwr.d_result.end();++i) { |
501ef49c BH |
1073 | if(i->d_place==DNSResourceRecord::AUTHORITY && i->qtype.getCode()==QType::SOA && |
1074 | lwr.d_rcode==RCode::NXDomain && dottedEndsOn(qname,i->qname) && dottedEndsOn(i->qname, auth)) { | |
77499b05 | 1075 | LOG(prefix<<qname<<": got negative caching indication for RECORD '"<<qname+"' (accept="<<dottedEndsOn(i->qname, auth)<<"), newtarget='"<<newtarget<<"'"<<endl); |
501ef49c | 1076 | |
596aa4a1 | 1077 | i->ttl = min(i->ttl, s_maxnegttl); |
fa363535 PD |
1078 | if(!newtarget.length()) // only add a SOA if we're not going anywhere after this |
1079 | ret.push_back(*i); | |
4957a608 BH |
1080 | |
1081 | NegCacheEntry ne; | |
1082 | ||
1083 | ne.d_qname=i->qname; | |
596aa4a1 | 1084 | |
478348a0 | 1085 | ne.d_ttd=d_now.tv_sec + i->ttl; |
232f0877 | 1086 | |
4957a608 BH |
1087 | ne.d_name=qname; |
1088 | ne.d_qtype=QType(0); // this encodes 'whole record' | |
1089 | ||
49a699c4 BH |
1090 | replacing_insert(t_sstorage->negcache, ne); |
1091 | ||
4957a608 BH |
1092 | negindic=true; |
1093 | } | |
1094 | else if(i->d_place==DNSResourceRecord::ANSWER && pdns_iequals(i->qname, qname) && i->qtype.getCode()==QType::CNAME && (!(qtype==QType(QType::CNAME)))) { | |
1095 | ret.push_back(*i); | |
1096 | newtarget=i->content; | |
1097 | } | |
7c696097 | 1098 | // for ANY answers we *must* have an authoritative answer, unless we are forwarding recursively |
4957a608 | 1099 | else if(i->d_place==DNSResourceRecord::ANSWER && pdns_iequals(i->qname, qname) && |
232f0877 CH |
1100 | ( |
1101 | i->qtype==qtype || (lwr.d_aabit && (qtype==QType(QType::ANY) || magicAddrMatch(qtype, i->qtype) ) ) || sendRDQuery | |
1102 | ) | |
4957a608 BH |
1103 | ) |
1104 | { | |
1105 | ||
77499b05 | 1106 | LOG(prefix<<qname<<": answer is in: resolved to '"<< i->content<<"|"<<i->qtype.getName()<<"'"<<endl); |
4957a608 BH |
1107 | |
1108 | done=true; | |
1109 | ret.push_back(*i); | |
1110 | } | |
1111 | else if(i->d_place==DNSResourceRecord::AUTHORITY && dottedEndsOn(qname,i->qname) && i->qtype.getCode()==QType::NS) { | |
1112 | if(moreSpecificThan(i->qname,auth)) { | |
1113 | newauth=i->qname; | |
77499b05 | 1114 | LOG(prefix<<qname<<": got NS record '"<<i->qname<<"' -> '"<<i->content<<"'"<<endl); |
4957a608 BH |
1115 | realreferral=true; |
1116 | } | |
1117 | else | |
77499b05 | 1118 | LOG(prefix<<qname<<": got upwards/level NS record '"<<i->qname<<"' -> '"<<i->content<<"', had '"<<auth<<"'"<<endl); |
4957a608 BH |
1119 | nsset.insert(i->content); |
1120 | } | |
1121 | else if(!done && i->d_place==DNSResourceRecord::AUTHORITY && dottedEndsOn(qname,i->qname) && i->qtype.getCode()==QType::SOA && | |
1122 | lwr.d_rcode==RCode::NoError) { | |
b4fbe592 | 1123 | LOG(prefix<<qname<<": got negative caching indication for '"<< (qname+"|"+qtype.getName()+"'") <<endl); |
4957a608 | 1124 | |
bac969f0 | 1125 | if(!newtarget.empty()) { |
77499b05 | 1126 | LOG(prefix<<qname<<": Hang on! Got a redirect to '"<<newtarget<<"' already"<<endl); |
bac969f0 BH |
1127 | } |
1128 | else { | |
478348a0 | 1129 | i-> ttl = min(s_maxnegttl, i->ttl); |
bac969f0 BH |
1130 | ret.push_back(*i); |
1131 | NegCacheEntry ne; | |
1132 | ne.d_qname=i->qname; | |
596aa4a1 | 1133 | ne.d_ttd=d_now.tv_sec + i->ttl; |
bac969f0 BH |
1134 | ne.d_name=qname; |
1135 | ne.d_qtype=qtype; | |
1136 | if(qtype.getCode()) { // prevents us from blacking out a whole domain | |
1137 | replacing_insert(t_sstorage->negcache, ne); | |
1138 | } | |
1139 | negindic=true; | |
4957a608 | 1140 | } |
4957a608 | 1141 | } |
86c152f2 | 1142 | } |
86c152f2 | 1143 | |
728485ca | 1144 | if(done){ |
77499b05 | 1145 | LOG(prefix<<qname<<": status=got results, this level of recursion done"<<endl); |
4957a608 | 1146 | return 0; |
ac539791 | 1147 | } |
c6644fc5 | 1148 | if(!newtarget.empty()) { |
4957a608 | 1149 | if(pdns_iequals(newtarget,qname)) { |
77499b05 | 1150 | LOG(prefix<<qname<<": status=got a CNAME referral to self, returning SERVFAIL"<<endl); |
4957a608 BH |
1151 | return RCode::ServFail; |
1152 | } | |
1153 | if(depth > 10) { | |
77499b05 | 1154 | LOG(prefix<<qname<<": status=got a CNAME referral, but recursing too deep, returning SERVFAIL"<<endl); |
4957a608 BH |
1155 | return RCode::ServFail; |
1156 | } | |
77499b05 | 1157 | LOG(prefix<<qname<<": status=got a CNAME referral, starting over with "<<newtarget<<endl); |
4957a608 BH |
1158 | |
1159 | set<GetBestNSAnswer> beenthere2; | |
1160 | return doResolve(newtarget, qtype, ret, depth + 1, beenthere2); | |
c6644fc5 | 1161 | } |
331c187c | 1162 | if(lwr.d_rcode==RCode::NXDomain) { |
77499b05 | 1163 | LOG(prefix<<qname<<": status=NXDOMAIN, we are done "<<(negindic ? "(have negative SOA)" : "")<<endl); |
331c187c BH |
1164 | return RCode::NXDomain; |
1165 | } | |
6ffd6bad | 1166 | if(nsset.empty() && !lwr.d_rcode && (negindic || lwr.d_aabit)) { |
f5cbaeca | 1167 | LOG(prefix<<qname<<": status=noerror, other types may exist, but we are done "<<(negindic ? "(have negative SOA) " : "")<<(lwr.d_aabit ? "(have aa bit) " : "")<<endl); |
4957a608 | 1168 | return 0; |
caa6eefa | 1169 | } |
728485ca | 1170 | else if(realreferral) { |
77499b05 | 1171 | LOG(prefix<<qname<<": status=did not resolve, got "<<(unsigned int)nsset.size()<<" NS, looping to them"<<endl); |
4957a608 BH |
1172 | auth=newauth; |
1173 | nameservers=nsset; | |
1174 | break; | |
728485ca | 1175 | } |
5ea6f7de | 1176 | else if(isCanonical(*tns)) { // means: not OOB (I think) |
4957a608 | 1177 | goto wasLame; |
86c152f2 BH |
1178 | } |
1179 | } | |
86c152f2 | 1180 | } |
ac539791 | 1181 | return -1; |
86c152f2 BH |
1182 | } |
1183 | ||
7b35aa49 | 1184 | void SyncRes::addAuthorityRecords(const string& qname, vector<DNSResourceRecord>& ret, int depth) |
86c152f2 | 1185 | { |
288f4aa9 | 1186 | set<DNSResourceRecord> bestns; |
7305df82 BH |
1187 | set<GetBestNSAnswer> beenthere; |
1188 | bool dontcare; | |
1189 | getBestNSFromCache(qname, bestns, &dontcare, depth, beenthere); | |
36c5ee42 | 1190 | |
288f4aa9 BH |
1191 | for(set<DNSResourceRecord>::const_iterator k=bestns.begin();k!=bestns.end();++k) { |
1192 | DNSResourceRecord ns=*k; | |
1193 | ns.d_place=DNSResourceRecord::AUTHORITY; | |
d6d5dea7 | 1194 | ns.ttl-=d_now.tv_sec; |
288f4aa9 | 1195 | ret.push_back(ns); |
86c152f2 BH |
1196 | } |
1197 | } | |
bd53ea9d | 1198 | |
8ce79a22 | 1199 | // used by PowerDNSLua - note that this neglects to add the packet count & statistics back to pdns_ercursor.cc |
bd53ea9d PD |
1200 | int directResolve(const std::string& qname, const QType& qtype, int qclass, vector<DNSResourceRecord>& ret) |
1201 | { | |
1202 | struct timeval now; | |
1203 | gettimeofday(&now, 0); | |
1204 | ||
1205 | SyncRes sr(now); | |
1206 | ||
1207 | int res = sr.beginResolve(qname, QType(qtype), qclass, ret); | |
bd53ea9d PD |
1208 | return res; |
1209 | } |