From: Wouter Wijngaards Date: Mon, 15 Jun 2009 13:27:53 +0000 (+0000) Subject: Fixup DLV lookups and pickup responses from cache. X-Git-Tag: release-1.3.1~50 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=3898abde029f768f1d68b65ed680811620fdb5b5;p=thirdparty%2Funbound.git Fixup DLV lookups and pickup responses from cache. git-svn-id: file:///svn/unbound/trunk@1657 be551aaa-1e26-0410-a405-d3ace91eadb9 --- diff --git a/doc/Changelog b/doc/Changelog index da7b96236..c1a7d11a2 100644 --- a/doc/Changelog +++ b/doc/Changelog @@ -1,3 +1,8 @@ +14 June 2009: Wouter + - Fixed bug where cached responses would lose their security + status on second validation, which especially impacted dlv + lookups. Reported by Hauke Lampe. + 13 June 2009: Wouter - bug #254. removed random whitespace from example.conf. diff --git a/validator/validator.c b/validator/validator.c index 5ae36442b..f613f7775 100644 --- a/validator/validator.c +++ b/validator/validator.c @@ -251,9 +251,8 @@ val_error(struct module_qstate* qstate, int id) /** * Check to see if a given response needs to go through the validation * process. Typical reasons for this routine to return false are: CD bit was - * on in the original request, the response was already validated, or the - * response is a kind of message that is unvalidatable (i.e., SERVFAIL, - * REFUSED, etc.) + * on in the original request, or the response is a kind of message that + * is unvalidatable (i.e., SERVFAIL, REFUSED, etc.) * * @param qstate: query state. * @param ret_rc: rcode for this message (if noerror - examine ret_msg). @@ -292,14 +291,25 @@ needs_validation(struct module_qstate* qstate, int ret_rc, verbose(VERB_ALGO, "cannot validate RRSIG, no sigs on sigs."); return 0; } + return 1; +} +/** + * Check to see if the response has already been validated. + * @param ret_msg: return msg, can be NULL + * @return true if the response has already been validated + */ +static int +already_validated(struct dns_msg* ret_msg) +{ /* validate unchecked, and re-validate bogus messages */ if (ret_msg && ret_msg->rep->security > sec_status_bogus) { - verbose(VERB_ALGO, "response has already been validated"); - return 0; + verbose(VERB_ALGO, "response has already been validated: %s", + sec_status_to_string(ret_msg->rep->security)); + return 1; } - return 1; + return 0; } /** @@ -1937,6 +1947,10 @@ val_operate(struct module_qstate* qstate, enum module_ev event, int id, qstate->ext_state[id] = module_finished; return; } + if(already_validated(qstate->return_msg)) { + qstate->ext_state[id] = module_finished; + return; + } /* create state to start validation */ qstate->ext_state[id] = module_error; /* override this */ if(!vq) { @@ -2397,7 +2411,8 @@ process_dlv_response(struct module_qstate* qstate, struct val_qstate* vq, } if(msg->rep->security != sec_status_secure) { vq->dlv_status = dlv_error; - verbose(VERB_ALGO, "response is not secure"); + verbose(VERB_ALGO, "response is not secure, %s", + sec_status_to_string(msg->rep->security)); return; } /* was the lookup a success? validated DLV? */