From: Vladimír Čunát <vladimir.cunat@nic.cz>
Date: Thu, 3 Aug 2023 15:31:11 +0000 (+0200)
Subject: lib/rules: when forwarding, avoid resolving NS's name
X-Git-Tag: v6.0.2~19
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=c2c9a01a5bb482dc4afdd023adcf064287f66515;p=thirdparty%2Fknot-resolver.git

lib/rules: when forwarding, avoid resolving NS's name

With "authoritative forwarding" it could happen that NS selection
decided to resolve the virtual ns.invalid name of the NS to get
either A or AAAA (if either was missing in the forwarding rule).
---

diff --git a/daemon/lua/kres-gen-30.lua b/daemon/lua/kres-gen-30.lua
index babf4b478..763183899 100644
--- a/daemon/lua/kres-gen-30.lua
+++ b/daemon/lua/kres-gen-30.lua
@@ -178,6 +178,7 @@ struct kr_zonecut {
 	struct kr_zonecut *parent;
 	trie_t *nsset;
 	knot_mm_t *pool;
+	_Bool avoid_resolving;
 };
 typedef struct {
 	struct kr_query **at;
diff --git a/daemon/lua/kres-gen-31.lua b/daemon/lua/kres-gen-31.lua
index 0385c2e80..1e9e1e3d3 100644
--- a/daemon/lua/kres-gen-31.lua
+++ b/daemon/lua/kres-gen-31.lua
@@ -178,6 +178,7 @@ struct kr_zonecut {
 	struct kr_zonecut *parent;
 	trie_t *nsset;
 	knot_mm_t *pool;
+	_Bool avoid_resolving;
 };
 typedef struct {
 	struct kr_query **at;
diff --git a/daemon/lua/kres-gen-32.lua b/daemon/lua/kres-gen-32.lua
index b9dfea86d..cc37af74d 100644
--- a/daemon/lua/kres-gen-32.lua
+++ b/daemon/lua/kres-gen-32.lua
@@ -179,6 +179,7 @@ struct kr_zonecut {
 	struct kr_zonecut *parent;
 	trie_t *nsset;
 	knot_mm_t *pool;
+	_Bool avoid_resolving;
 };
 typedef struct {
 	struct kr_query **at;
diff --git a/lib/rules/forward.c b/lib/rules/forward.c
index d0d261d9f..234a04ecd 100644
--- a/lib/rules/forward.c
+++ b/lib/rules/forward.c
@@ -97,6 +97,7 @@ int kr_rule_data_src_check(struct kr_query *qry, struct knot_pkt *pkt)
 			labels > qry->data_src.rule_depth;
 			--labels, apex = knot_wire_next_label(apex, NULL));
 		kr_zonecut_set(&qry->zone_cut, apex);
+		qry->zone_cut.avoid_resolving = true;
 		knot_db_val_t targets = qry->data_src.targets_ptr;
 		kr_assert(targets.len > 0);
 		while (targets.len > 0) {
diff --git a/lib/selection_iter.c b/lib/selection_iter.c
index 597827880..e0f0f07b0 100644
--- a/lib/selection_iter.c
+++ b/lib/selection_iter.c
@@ -162,6 +162,9 @@ static int get_resolvable_names(struct iter_local_state *local_state,
 	if (qry->sname[0] == '\0' && qry->stype == KNOT_RRTYPE_DNSKEY) {
 		return 0;
 	}
+	if (qry->zone_cut.avoid_resolving) {
+		return 0;
+	}
 
 	unsigned count = 0;
 	trie_it_t *it;
diff --git a/lib/zonecut.h b/lib/zonecut.h
index 9c960ec3c..13b1f8bf5 100644
--- a/lib/zonecut.h
+++ b/lib/zonecut.h
@@ -23,6 +23,7 @@ struct kr_zonecut {
 	struct kr_zonecut *parent; /**< Parent zone cut. */
 	trie_t *nsset;        /**< Map of nameserver => address_set (pack_t). */
 	knot_mm_t *pool;     /**< Memory pool. */
+	bool avoid_resolving; /**< Avoid resolving the NS names. */
 };
 
 /**