construct DS and DNSKEY from cache.

git-svn-id: file:///svn/unbound/trunk@538 be551aaa-1e26-0410-a405-d3ace91eadb9

diff --git a/doc/Changelog b/doc/Changelog
index b4fcfd5351d70ecff31b8a55257ce36c77e06246..d45f01004fee2766c331035f23d1ebadbd8b2c76 100644 (file)
--- a/doc/Changelog
+++ b/doc/Changelog
@@ -5,6 +5,7 @@
          validated, return the query to client, or send servfail to client.
          Sets AD bit on validated replies.
        - do not examine security status on an error reply in mesh_done.
+       - construct DS, DNSKEY messages from rrset cache.
 
 20 August 2007: Wouter
        - validate and positive validation, positive wildcard NSEC validation.

diff --git a/services/cache/dns.c b/services/cache/dns.c
index cacc33ddde29418c9b894ad52532c0be7992d775..6705a5a5a7a40a65e4506bb6c883b44cda69b4e5 100644 (file)
--- a/services/cache/dns.c
+++ b/services/cache/dns.c
@@ -418,9 +418,9 @@ tomsg(struct module_env* env, struct msgreply_entry* e, struct reply_info* r,
        return msg;
 }
 
-/** synthesize CNAME response from cached CNAME item */
+/** synthesize RRset-only response from cached RRset item */
 static struct dns_msg*
-cname_msg(struct ub_packed_rrset_key* rrset, struct region* region, 
+rrset_msg(struct ub_packed_rrset_key* rrset, struct region* region, 
        uint32_t now, struct query_info* q)
 {
        struct dns_msg* msg;
@@ -428,12 +428,13 @@ cname_msg(struct ub_packed_rrset_key* rrset, struct region* region,
                rrset->entry.data;
        if(now > d->ttl)
                return NULL;
-       msg = gen_dns_msg(region, q, 1); /* only the CNAME RRset */
+       msg = gen_dns_msg(region, q, 1); /* only the CNAME (or other) RRset */
        if(!msg)
                return NULL;
        msg->rep->flags = BIT_QR; /* reply, no AA, no error */
        msg->rep->qdcount = 1;
        msg->rep->ttl = d->ttl - now;
+       msg->rep->security = sec_status_unchecked;
        msg->rep->an_numrrsets = 1;
        msg->rep->ns_numrrsets = 0;
        msg->rep->ar_numrrsets = 0;
@@ -463,6 +464,7 @@ synth_dname_msg(struct ub_packed_rrset_key* rrset, struct region* region,
        msg->rep->flags = BIT_QR; /* reply, no AA, no error */
        msg->rep->qdcount = 1;
        msg->rep->ttl = d->ttl - now;
+       msg->rep->security = sec_status_unchecked;
        msg->rep->an_numrrsets = 1;
        msg->rep->ns_numrrsets = 0;
        msg->rep->ar_numrrsets = 0;
@@ -574,7 +576,7 @@ dns_cache_lookup(struct module_env* env,
        /* see if we have CNAME for this domain */
        if( (rrset=rrset_cache_lookup(env->rrset_cache, qname, qnamelen, 
                LDNS_RR_TYPE_CNAME, qclass, 0, now, 0))) {
-               struct dns_msg* msg = cname_msg(rrset, region, now, &k);
+               struct dns_msg* msg = rrset_msg(rrset, region, now, &k);
                if(msg) {
                        lock_rw_unlock(&rrset->entry.lock);
                        return msg;
@@ -582,8 +584,17 @@ dns_cache_lookup(struct module_env* env,
                lock_rw_unlock(&rrset->entry.lock);
        }
 
-       /* construct DS, DNSKEY messages from rrset cache. TODO */
-
+       /* construct DS, DNSKEY messages from rrset cache. */
+       if((qtype == LDNS_RR_TYPE_DS || qtype == LDNS_RR_TYPE_DNSKEY) &&
+               (rrset=rrset_cache_lookup(env->rrset_cache, qname, qnamelen, 
+               qtype, qclass, 0, now, 0))) {
+               struct dns_msg* msg = rrset_msg(rrset, region, now, &k);
+               if(msg) {
+                       lock_rw_unlock(&rrset->entry.lock);
+                       return msg;
+               }
+               lock_rw_unlock(&rrset->entry.lock);
+       }
        return NULL;
 }