... *if* we only want to ask the NSs, i.e. not to be put into answer.
This fixes iter_cname_cache test.
struct kr_zonecut root_hints;
char _stub[];
};
-struct query_flag {static const int NO_MINIMIZE = 1; static const int NO_THROTTLE = 2; static const int NO_IPV6 = 4; static const int NO_IPV4 = 8; static const int TCP = 16; static const int RESOLVED = 32; static const int AWAIT_IPV4 = 64; static const int AWAIT_IPV6 = 128; static const int AWAIT_CUT = 256; static const int SAFEMODE = 512; static const int CACHED = 1024; static const int NO_CACHE = 2048; static const int EXPIRING = 4096; static const int ALLOW_LOCAL = 8192; static const int DNSSEC_WANT = 16384; static const int DNSSEC_BOGUS = 32768; static const int DNSSEC_INSECURE = 65536; static const int STUB = 131072; static const int ALWAYS_CUT = 262144; static const int DNSSEC_WEXPAND = 524288; static const int PERMISSIVE = 1048576; static const int STRICT = 2097152; static const int BADCOOKIE_AGAIN = 4194304; static const int CNAME = 8388608; static const int REORDER_RR = 16777216; static const int TRACE = 33554432; static const int NO_0X20 = 67108864; static const int DNSSEC_NODS = 134217728; static const int DNSSEC_OPTOUT = 268435456;};
+struct query_flag {static const int NO_MINIMIZE = 1; static const int NO_THROTTLE = 2; static const int NO_IPV6 = 4; static const int NO_IPV4 = 8; static const int TCP = 16; static const int RESOLVED = 32; static const int AWAIT_IPV4 = 64; static const int AWAIT_IPV6 = 128; static const int AWAIT_CUT = 256; static const int SAFEMODE = 512; static const int CACHED = 1024; static const int NO_CACHE = 2048; static const int EXPIRING = 4096; static const int ALLOW_LOCAL = 8192; static const int DNSSEC_WANT = 16384; static const int DNSSEC_BOGUS = 32768; static const int DNSSEC_INSECURE = 65536; static const int STUB = 131072; static const int ALWAYS_CUT = 262144; static const int DNSSEC_WEXPAND = 524288; static const int PERMISSIVE = 1048576; static const int STRICT = 2097152; static const int BADCOOKIE_AGAIN = 4194304; static const int CNAME = 8388608; static const int REORDER_RR = 16777216; static const int TRACE = 33554432; static const int NO_0X20 = 67108864; static const int DNSSEC_NODS = 134217728; static const int DNSSEC_OPTOUT = 268435456; static const int NOAUTH = 536870912;};
int knot_dname_size(const knot_dname_t *);
knot_dname_t *knot_dname_from_str(uint8_t *, const char *, size_t);
char *knot_dname_to_str(char *, const knot_dname_t *, size_t);
return ret;
}
- if (!knot_wire_get_cd(req->answer->wire)
- && entry->rank < (KR_RANK_INSECURE|KR_RANK_AUTH)) {
+ uint8_t lowest_rank = KR_RANK_INITIAL;
+ if (!(qry->flags & QUERY_NOAUTH)) {
+ lowest_rank |= KR_RANK_AUTH;
+ }
+ if (!knot_wire_get_cd(req->answer->wire)) {
+ lowest_rank |= KR_RANK_INSECURE;
+ }
+ if (entry->rank < lowest_rank) {
return kr_error(ENOENT);
}
* TODO: move rank handling into the iterator (QUERY_DNSSEC_* flags)? */
uint8_t rank = 0;
uint8_t flags = 0;
- uint8_t lowest_rank = KR_RANK_AUTH;
+ uint8_t lowest_rank = KR_RANK_INITIAL;
+ if (!(qry->flags & QUERY_NOAUTH)) {
+ lowest_rank |= KR_RANK_AUTH;
+ }
if (!cdbit) {
lowest_rank |= KR_RANK_INSECURE;
}
if (!next) {
return kr_error(ENOMEM);
}
+ next->flags |= QUERY_NOAUTH;
}
/* At the root level with no NS addresses, add SBELT subrequest. */
int ret = 0;
X(NO_0X20, 1 << 26) /**< Disable query case randomization . */ \
X(DNSSEC_NODS, 1 << 27) /**< DS non-existance is proven */ \
X(DNSSEC_OPTOUT, 1 << 28) /**< Closest encloser proof has optout */ \
+ X(NOAUTH, 1 << 29) /**< Non-authoritative in-bailiwick records are enough.
+ * TODO: utilize this also outside cache. */ \
/* 1 << 31 Used by ../modules/dns64/dns64.lua */
/** Query flags */
projects / thirdparty / knot-resolver.git / commitdiff
