lib/rules: when forwarding, avoid resolving NS's name

With "authoritative forwarding" it could happen that NS selection
decided to resolve the virtual ns.invalid name of the NS to get
either A or AAAA (if either was missing in the forwarding rule).

diff --git a/daemon/lua/kres-gen-30.lua b/daemon/lua/kres-gen-30.lua
index babf4b47813a5b28d71529f134a0e640449831a5..763183899503562844cb0b68db84910330c03a37 100644 (file)
--- a/daemon/lua/kres-gen-30.lua
+++ b/daemon/lua/kres-gen-30.lua
@@ -178,6 +178,7 @@ struct kr_zonecut {
        struct kr_zonecut *parent;
        trie_t *nsset;
        knot_mm_t *pool;
+       _Bool avoid_resolving;
 };
 typedef struct {
        struct kr_query **at;

diff --git a/daemon/lua/kres-gen-31.lua b/daemon/lua/kres-gen-31.lua
index 0385c2e809b02b80553cc2ee96853e812d0d3af0..1e9e1e3d35b61406c989e945bf44a5ee26d3dcd5 100644 (file)
--- a/daemon/lua/kres-gen-31.lua
+++ b/daemon/lua/kres-gen-31.lua
@@ -178,6 +178,7 @@ struct kr_zonecut {
        struct kr_zonecut *parent;
        trie_t *nsset;
        knot_mm_t *pool;
+       _Bool avoid_resolving;
 };
 typedef struct {
        struct kr_query **at;

diff --git a/daemon/lua/kres-gen-32.lua b/daemon/lua/kres-gen-32.lua
index b9dfea86de9636d34e66945a7dc45050f32f87ee..cc37af74d5ea7204431ce3ac15a2636107814d92 100644 (file)
--- a/daemon/lua/kres-gen-32.lua
+++ b/daemon/lua/kres-gen-32.lua
@@ -179,6 +179,7 @@ struct kr_zonecut {
        struct kr_zonecut *parent;
        trie_t *nsset;
        knot_mm_t *pool;
+       _Bool avoid_resolving;
 };
 typedef struct {
        struct kr_query **at;

diff --git a/lib/rules/forward.c b/lib/rules/forward.c
index d0d261d9fe8ed81ef376d6994891394b36382823..234a04ecd05d469b2d8b763b30e38d2392b647ac 100644 (file)
--- a/lib/rules/forward.c
+++ b/lib/rules/forward.c
@@ -97,6 +97,7 @@ int kr_rule_data_src_check(struct kr_query *qry, struct knot_pkt *pkt)
                        labels > qry->data_src.rule_depth;
                        --labels, apex = knot_wire_next_label(apex, NULL));
                kr_zonecut_set(&qry->zone_cut, apex);
+               qry->zone_cut.avoid_resolving = true;
                knot_db_val_t targets = qry->data_src.targets_ptr;
                kr_assert(targets.len > 0);
                while (targets.len > 0) {

diff --git a/lib/selection_iter.c b/lib/selection_iter.c
index 59782788099ab7a8454f5d256a3e1422be11e48e..e0f0f07b0fc104fdde7d33326ca8871253bc2cf4 100644 (file)
--- a/lib/selection_iter.c
+++ b/lib/selection_iter.c
@@ -162,6 +162,9 @@ static int get_resolvable_names(struct iter_local_state *local_state,
        if (qry->sname[0] == '\0' && qry->stype == KNOT_RRTYPE_DNSKEY) {
                return 0;
        }
+       if (qry->zone_cut.avoid_resolving) {
+               return 0;
+       }
 
        unsigned count = 0;
        trie_it_t *it;

diff --git a/lib/zonecut.h b/lib/zonecut.h
index 9c960ec3c2c360e3a5575a0cc40d770bf53e79fa..13b1f8bf51e7af88f07f8dd0a8861afe20d25faf 100644 (file)
--- a/lib/zonecut.h
+++ b/lib/zonecut.h
@@ -23,6 +23,7 @@ struct kr_zonecut {
        struct kr_zonecut *parent; /**< Parent zone cut. */
        trie_t *nsset;        /**< Map of nameserver => address_set (pack_t). */
        knot_mm_t *pool;     /**< Memory pool. */
+       bool avoid_resolving; /**< Avoid resolving the NS names. */
 };
 
 /**