Qname minimisation review fixes

git-svn-id: file:///svn/unbound/trunk@3561 be551aaa-1e26-0410-a405-d3ace91eadb9

diff --git a/doc/Changelog b/doc/Changelog
index d4788a1bbf5c94c362a8808fbf758d4423aa779f..d289df1472e245b8e30e9c01bc505c2549a1fde4 100644 (file)
--- a/doc/Changelog
+++ b/doc/Changelog
@@ -1,3 +1,6 @@
+1 December 2015: Ralph
+       - Qname minimisation review fixes
+
 1 December 2015: Wouter
        - Fixup 724 fix for fname_after_chroot() calls.
        - Remove stdout printout for unbound-service-install.exe

diff --git a/doc/example.conf.in b/doc/example.conf.in
index ccd675e9b8c4ac03b64d451ce57d781e17de29cd..1c26c25f46c184d7e13552a791ff604377ed6a64 100644 (file)
--- a/doc/example.conf.in
+++ b/doc/example.conf.in
@@ -296,6 +296,11 @@ server:
        # to validate the zone.
        # harden-algo-downgrade: no
 
+       # Sent minimum amount of information to upstream servers to enhance 
+       # privacy. Only sent minimum required labels of the QNAME and set QTYPE
+       # to NS when possible.
+       # qname-minimisation: no
+
        # Use 0x20-encoded random bits in the query to foil spoof attempts.
        # This feature is an experimental implementation of draft dns-0x20.
        # use-caps-for-id: no

diff --git a/iterator/iterator.c b/iterator/iterator.c
index 5be91cbf36d8ed500d41dbee5fa12806201a5bb9..d29dfa14321afcb6675f6bddaf68b225701adac9 100644 (file)
--- a/iterator/iterator.c
+++ b/iterator/iterator.c
@@ -117,8 +117,7 @@ iter_deinit(struct module_env* env, int id)
        if(!env || !env->modinfo[id])
                return;
        iter_env = (struct iter_env*)env->modinfo[id];
-       if(env->cfg->qname_minimisation)
-               free(iter_env->ip6arpa_dname);
+       free(iter_env->ip6arpa_dname);
        free(iter_env->target_fetch_policy);
        priv_delete(iter_env->priv);
        donotq_delete(iter_env->donotq);
@@ -2010,7 +2009,7 @@ processQueryTargets(struct module_qstate* qstate, struct iter_qstate* iq,
 
        if(iq->minimisation_state == INIT_MINIMISE_STATE) {
                /* (Re)set qinfo_out to (new) delegation point, except
-                * when qinfo_out is already a subdomain op dp. This happens
+                * when qinfo_out is already a subdomain of dp. This happens
                 * when resolving ip6.arpa dnames. */
                if(!(iq->qinfo_out.qname_len 
                        && dname_subdomain_c(iq->qchase.qname, 
@@ -2061,7 +2060,9 @@ processQueryTargets(struct module_qstate* qstate, struct iter_qstate* iq,
                                iq->qinfo_out.qtype, iq->qinfo_out.qclass, 
                                qstate->query_flags, qstate->region, 
                                qstate->env->scratch);
-                       if(msg && msg->rep->an_numrrsets == 0)
+                       if(msg && msg->rep->an_numrrsets == 0
+                               && FLAGS_GET_RCODE(msg->rep->flags) == 
+                               LDNS_RCODE_NOERROR)
                                /* no need to send query if it is already 
                                 * cached as NOERROR/NODATA */
                                return 1;

diff --git a/util/config_file.h b/util/config_file.h
index d746791ea7a7a4ba0352e8d540e62f6a5e885437..8fa163ed7cc9c6cd68e61e6c610b06c4bcc21d50 100644 (file)
--- a/util/config_file.h
+++ b/util/config_file.h
@@ -364,7 +364,7 @@ struct config_file {
        struct config_str2list* ratelimit_below_domain;
        /** ratelimit factor, 0 blocks all, 10 allows 1/10 of traffic */
        int ratelimit_factor;
-
+       /** minimise outgoing QNAME and hide original QTYPE if possible */
        int qname_minimisation;
 };