+30 November 2010: Wouter
+ - Fix storage of EDNS failures in the infra cache.
+ - iana portlist updated.
+
18 November 2010: Wouter
- harden-below-nxdomain option, default off (because very old
software may be incompatible). We could enable it by default in
/* have an entry, update the rtt, and the ttl */
data = (struct infra_host_data*)e->data;
/* do not update if noEDNS and stored is yesEDNS */
- if(!(edns_version == -1 && data->edns_version != -1)) {
+ if(!(edns_version == -1 && (data->edns_version != -1 &&
+ data->edns_lame_known))) {
data->edns_version = edns_version;
data->edns_lame_known = 1;
}
&edns_lame_known, &rtt))
return 0;
sq->last_rtt = rtt;
+ verbose(VERB_ALGO, "EDNS lookup known=%d vs=%d", edns_lame_known, vs);
if(sq->status == serviced_initial) {
if(edns_lame_known == 0 && rtt > 5000 && rtt < 10001) {
/* perform EDNS lame probe - check if server is
== LDNS_RCODE_FORMERR || LDNS_RCODE_WIRE(
ldns_buffer_begin(c->buffer)) == LDNS_RCODE_NOTIMPL)) {
/* try to get an answer by falling back without EDNS */
+ verbose(VERB_ALGO, "serviced query: attempt without EDNS");
sq->status = serviced_query_UDP_EDNS_fallback;
sq->retry = 0;
if(!serviced_udp_send(sq, c->buffer)) {
} else if(sq->status == serviced_query_UDP_EDNS &&
!sq->edns_lame_known) {
/* now we know that edns queries received answers store that */
+ log_addr(VERB_ALGO, "serviced query: EDNS works for",
+ &sq->addr, sq->addrlen);
if(!infra_edns_update(outnet->infra, &sq->addr, sq->addrlen,
0, (uint32_t)now.tv_sec)) {
log_err("Out of memory caching edns works");
/* the fallback produced a result that looks promising, note
* that this server should be approached without EDNS */
/* only store noEDNS in cache if domain is noDNSSEC */
- if(!sq->want_dnssec)
+ if(!sq->want_dnssec) {
+ log_addr(VERB_ALGO, "serviced query: EDNS fails for",
+ &sq->addr, sq->addrlen);
if(!infra_edns_update(outnet->infra, &sq->addr, sq->addrlen,
-1, (uint32_t)now.tv_sec)) {
log_err("Out of memory caching no edns for host");
}
+ } else {
+ log_addr(VERB_ALGO, "serviced query: EDNS fails, but "
+ "not stored because need DNSSEC for", &sq->addr,
+ sq->addrlen);
+ }
sq->status = serviced_query_UDP;
}
if(now.tv_sec > sq->last_sent_time.tv_sec ||
NEED_NC='fwd_compress_c00c.tpkg fwd_zero.tpkg'
NEED_CURL='06-ianaports.tpkg root_anchor.tpkg'
NEED_WHOAMI='07-confroot.tpkg'
-NEED_IPV6='fwd_ancil.tpkg fwd_tcp_tc6.tpkg stub_udp6.tpkg'
+NEED_IPV6='fwd_ancil.tpkg fwd_tcp_tc6.tpkg stub_udp6.tpkg edns_cache.tpkg'
NEED_NOMINGW='tcp_sigpipe.tpkg 07-confroot.tpkg 08-host-lib.tpkg fwd_ancil.tpkg'
# test if dig and ldns-testns are available.
unit_assert( infra_edns_update(slab, &one, onelen, -1, now) );
unit_assert( infra_host(slab, &one, onelen,
now, &vs, &edns_lame, &to) );
- unit_assert( vs == 0 && to == init*2 && edns_lame == 0);
+ unit_assert( vs == -1 && to == init*2 && edns_lame == 1);
now += cfg->host_ttl + 10;
unit_assert( infra_host(slab, &one, onelen,
unit_assert(!dlame && !rlame && alame && olame);
lock_rw_unlock(&k->entry.lock);
+ /* test that noEDNS cannot overwrite known-yesEDNS */
+ now += cfg->host_ttl + 10;
+ unit_assert( infra_host(slab, &one, onelen,
+ now, &vs, &edns_lame, &to) );
+ unit_assert( vs == 0 && to == init && edns_lame == 0 );
+
+ unit_assert( infra_edns_update(slab, &one, onelen, 0, now) );
+ unit_assert( infra_host(slab, &one, onelen,
+ now, &vs, &edns_lame, &to) );
+ unit_assert( vs == 0 && to == init && edns_lame == 1 );
+
+ unit_assert( infra_edns_update(slab, &one, onelen, -1, now) );
+ unit_assert( infra_host(slab, &one, onelen,
+ now, &vs, &edns_lame, &to) );
+ unit_assert( vs == 0 && to == init && edns_lame == 1 );
+
infra_delete(slab);
config_delete(cfg);
}
40841,
40842,
40843,
+40853,
41111,
41794,
41795,
projects / thirdparty / unbound.git / commitdiff
