From: Pieter Lexis Date: Tue, 23 Mar 2021 15:29:05 +0000 (+0100) Subject: Add a setting for autohints X-Git-Tag: dnsdist-1.6.0-rc1~33^2~3 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=0a21c8ea6f5395891240011bee68153c6259d92d;p=thirdparty%2Fpdns.git Add a setting for autohints --- diff --git a/docs/guides/svcb.rst b/docs/guides/svcb.rst index 1daa1cf552..64749e39dc 100644 --- a/docs/guides/svcb.rst +++ b/docs/guides/svcb.rst @@ -4,9 +4,13 @@ The PowerDNS Authoritative Server has support for the SVCB record and derived re This support includes doing the standards recommended following of alias-form records in-zone and adding those to the additional section. Apart from that, there's the PowerDNS special for "autohints". +.. _svc-autohints: + Automatic hints --------------- PowerDNS can automatically fill in ``ipv4hint`` and ``ipv6hint`` parameters in SVCB records based on A and AAAA records already present in the zone. +This can be enabled by setting :ref:`setting-svc-autohint` to 'yes'. + Consider the following zone content:: example.com IN HTTPS 0 www.example.com @@ -75,3 +79,7 @@ In this case, the ipv6hint parameter is dropped when answering the query (and on It will emit a warning when there are no hints to be found:: [warning] HTTPS record for no-ipv6.example.org has automatic IPv6 hints, but no AAAA-record for the target at no-ipv6.example.org exists. + +When autohints exist but are disabled +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ +When :ref:`setting-svc-autohint` is not enabled, the parameter is dropped when its value is ``auto``. diff --git a/docs/settings.rst b/docs/settings.rst index f45208dae9..deef616270 100644 --- a/docs/settings.rst +++ b/docs/settings.rst @@ -1517,6 +1517,16 @@ and :doc:`Virtual Hosting ` how this can differ. Turn on supermaster support. See :ref:`supermaster-operation`. +.. _setting-svc-autohints: + +``svc-autohints`` +----------------- + +- Boolean +- Default: no + +Whether or not to enable IPv4 and IPv6 :ref:`autohints `. + .. _setting-tcp-control-address: ``tcp-control-address`` diff --git a/pdns/common_startup.cc b/pdns/common_startup.cc index db4b4aa5dc..b5aab6b4d6 100644 --- a/pdns/common_startup.cc +++ b/pdns/common_startup.cc @@ -33,6 +33,7 @@ #include "misc.hh" #include "query-local-address.hh" #include "trusted-notification-proxy.hh" +#include "packethandler.hh" #include @@ -240,6 +241,7 @@ void declareArguments() ::arg().set("max-generate-steps", "Maximum number of $GENERATE steps when loading a zone from a file")="0"; ::arg().setSwitch("upgrade-unknown-types","Transparently upgrade known TYPExxx records. Recommended to keep off, except for PowerDNS upgrades until data sources are cleaned up")="no"; + ::arg().setSwitch("svc-autohints", "Transparently fill ipv6hint=auto ipv4hint=auto SVC params with AAAA/A records for the target name of the record (if within the same zone)")="no"; ::arg().setSwitch("consistent-backends", "Assume individual domains are not divided over backends. Send only ANY lookup operations to the backend to reduce the number of lookups")="no"; @@ -551,6 +553,7 @@ void mainthread() DNSPacket::s_udpTruncationThreshold = std::max(512, ::arg().asNum("udp-truncation-threshold")); DNSPacket::s_doEDNSSubnetProcessing = ::arg().mustDo("edns-subnet-processing"); + PacketHandler::s_SVCAutohints = ::arg().mustDo("svc-autohints"); PC.setTTL(::arg().asNum("cache-ttl")); PC.setMaxEntries(::arg().asNum("max-packet-cache-entries")); diff --git a/pdns/packethandler.cc b/pdns/packethandler.cc index 4ab8b8c0f2..2b897fb082 100644 --- a/pdns/packethandler.cc +++ b/pdns/packethandler.cc @@ -55,6 +55,7 @@ AtomicCounter PacketHandler::s_count; NetmaskGroup PacketHandler::s_allowNotifyFrom; set PacketHandler::s_forwardNotify; +bool PacketHandler::s_SVCAutohints{false}; extern string s_programname; @@ -527,22 +528,26 @@ void PacketHandler::doAdditionalProcessing(DNSPacket& p, std::unique_ptr(rec->dr); DNSName target = rrc->getTarget().isRoot() ? rec->dr.d_name : rrc->getTarget(); - if (rrc->autoHint(SvcParam::ipv4hint)) { + if (rrc->autoHint(SvcParam::ipv4hint) && s_SVCAutohints) { auto hints = getIPAddressFor(target, QType::A); if (hints.size() == 0) { rrc->removeParam(SvcParam::ipv4hint); } else { rrc->setHints(SvcParam::ipv4hint, hints); } + } else { + rrc->removeParam(SvcParam::ipv4hint); } - if (rrc->autoHint(SvcParam::ipv6hint)) { + if (rrc->autoHint(SvcParam::ipv6hint) && s_SVCAutohints) { auto hints = getIPAddressFor(target, QType::AAAA); if (hints.size() == 0) { rrc->removeParam(SvcParam::ipv6hint); } else { rrc->setHints(SvcParam::ipv6hint, hints); } + } else { + rrc->removeParam(SvcParam::ipv6hint); } } diff --git a/pdns/packethandler.hh b/pdns/packethandler.hh index 1df16962e0..ef18f7d602 100644 --- a/pdns/packethandler.hh +++ b/pdns/packethandler.hh @@ -63,6 +63,7 @@ public: int trySuperMasterSynchronous(const DNSPacket& p, const DNSName& tsigkeyname); static NetmaskGroup s_allowNotifyFrom; static set s_forwardNotify; + static bool s_SVCAutohints; static const std::shared_ptr s_deleteCDNSKEYContent; static const std::shared_ptr s_deleteCDSContent;