Select the appropriate namespace when using a dual stack server

When using dual-stack-servers the covering namespace to check whether
answers are in scope or not should be fctx->domain.  To do this we need
to be able to distingish forwarding due to forwarders clauses and
dual-stack-servers.  A new flag FCTX_ADDRINFO_DUALSTACK has been added
to signal this.

diff --git a/lib/dns/resolver.c b/lib/dns/resolver.c
index 840351f6d46205b2a427513b4bb452d16245ae8b..5a264de86e2f551448d4183d68cc7030210c5f58 100644 (file)
--- a/lib/dns/resolver.c
+++ b/lib/dns/resolver.c
@@ -375,6 +375,11 @@ struct fetchctx {
        ISC_LIST(resquery_t) queries;
        dns_adbfindlist_t finds;
        dns_adbfind_t *find;
+       /*
+        * altfinds are names and/or addresses of dual stack servers that
+        * should be used when iterative resolution to a server is not
+        * possible because the address family of that server is not usable.
+        */
        dns_adbfindlist_t altfinds;
        dns_adbfind_t *altfind;
        dns_adbaddrinfolist_t forwaddrs;
@@ -609,12 +614,14 @@ struct dns_resolver {
 #define FCTX_ADDRINFO_EDNSOK   0x04000
 #define FCTX_ADDRINFO_NOCOOKIE 0x08000
 #define FCTX_ADDRINFO_BADCOOKIE 0x10000
+#define FCTX_ADDRINFO_DUALSTACK 0x20000
 
 #define UNMARKED(a)    (((a)->flags & FCTX_ADDRINFO_MARK) == 0)
 #define ISFORWARDER(a) (((a)->flags & FCTX_ADDRINFO_FORWARDER) != 0)
 #define NOCOOKIE(a)    (((a)->flags & FCTX_ADDRINFO_NOCOOKIE) != 0)
 #define EDNSOK(a)      (((a)->flags & FCTX_ADDRINFO_EDNSOK) != 0)
 #define BADCOOKIE(a)   (((a)->flags & FCTX_ADDRINFO_BADCOOKIE) != 0)
+#define ISDUALSTACK(a) (((a)->flags & FCTX_ADDRINFO_DUALSTACK) != 0)
 
 #define NXDOMAIN(r) (((r)->attributes & DNS_RDATASETATTR_NXDOMAIN) != 0)
 #define NEGATIVE(r) (((r)->attributes & DNS_RDATASETATTR_NEGATIVE) != 0)
@@ -3477,7 +3484,7 @@ findname(fetchctx_t *fctx, const dns_name_t *name, in_port_t port,
                                }
                        }
                }
-               if ((flags & FCTX_ADDRINFO_FORWARDER) != 0) {
+               if ((flags & FCTX_ADDRINFO_DUALSTACK) != 0) {
                        ISC_LIST_APPEND(fctx->altfinds, find, publink);
                } else {
                        ISC_LIST_APPEND(fctx->finds, find, publink);
@@ -3797,7 +3804,7 @@ normal_nses:
                     a = ISC_LIST_NEXT(a, link)) {
                        if (!a->isaddress) {
                                findname(fctx, &a->_u._n.name, a->_u._n.port,
-                                        stdoptions, FCTX_ADDRINFO_FORWARDER,
+                                        stdoptions, FCTX_ADDRINFO_DUALSTACK,
                                         now, NULL, NULL, NULL);
                                continue;
                        }
@@ -3810,6 +3817,7 @@ normal_nses:
                        if (result == ISC_R_SUCCESS) {
                                dns_adbaddrinfo_t *cur;
                                ai->flags |= FCTX_ADDRINFO_FORWARDER;
+                               ai->flags |= FCTX_ADDRINFO_DUALSTACK;
                                cur = ISC_LIST_HEAD(fctx->altaddrs);
                                while (cur != NULL && cur->srtt < ai->srtt) {
                                        cur = ISC_LIST_NEXT(cur, publink);
@@ -6832,7 +6840,9 @@ name_external(const dns_name_t *name, dns_rdatatype_t type, fetchctx_t *fctx) {
        unsigned int labels;
        dns_namereln_t rel;
 
-       apex = ISFORWARDER(fctx->addrinfo) ? fctx->fwdname : fctx->domain;
+       apex = (ISDUALSTACK(fctx->addrinfo) || !ISFORWARDER(fctx->addrinfo))
+                      ? fctx->domain
+                      : fctx->fwdname;
 
        /*
         * The name is outside the queried namespace.