From: Kees Monshouwer Date: Mon, 9 Jan 2017 12:26:30 +0000 (+0100) Subject: remove recursion in auth X-Git-Tag: rec-4.1.0-alpha1~231^2~3 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=e89efca5d7808394941fe918a099847c69861f0b;p=thirdparty%2Fpdns.git remove recursion in auth --- diff --git a/pdns/common_startup.cc b/pdns/common_startup.cc index 4e4839e8af..997fbec20b 100644 --- a/pdns/common_startup.cc +++ b/pdns/common_startup.cc @@ -362,7 +362,6 @@ void *qthread(void *number) int diff; bool logDNSQueries = ::arg().mustDo("log-dns-queries"); - bool doRecursion = ::arg().mustDo("recursor"); UDPNameserver *NS = N; // If we have SO_REUSEPORT then create a new port for all receiver threads @@ -408,9 +407,7 @@ void *qthread(void *number) } if((P->d.opcode != Opcode::Notify && P->d.opcode != Opcode::Update) && P->couldBeCached()) { - bool haveSomething = false; - if (!P->d.rd || !DP->recurseFor(P)) - haveSomething=PC.get(P, &cached); // does the PacketCache recognize this question? + bool haveSomething=PC.get(P, &cached); // does the PacketCache recognize this question? if (haveSomething) { if(logDNSQueries) L<<"packetcache HIT"<sendPacket(p); - } + ret=doQuestion(p); + if(LPE) { policyres = LPE->police(p, ret); if(policyres == PolicyDecision::DROP) { @@ -1106,9 +1102,8 @@ bool PacketHandler::tryWildcard(DNSPacket *p, DNSPacket*r, SOAData& sd, DNSName } //! Called by the Distributor to ask a question. Returns 0 in case of an error -DNSPacket *PacketHandler::questionOrRecurse(DNSPacket *p, bool *shouldRecurse) +DNSPacket *PacketHandler::doQuestion(DNSPacket *p) { - *shouldRecurse=false; DNSZoneRecord rr; SOAData sd; @@ -1226,8 +1221,6 @@ DNSPacket *PacketHandler::questionOrRecurse(DNSPacket *p, bool *shouldRecurse) // L<qdomain<<"' "<qtype.getName()<<" from "<getRemote()<< " (tcp="<d_tcp<<")"<d.ra = (p->d.rd && d_doRecursion && DP->recurseFor(p)); // make sure we set ra if rd was set, and we'll do it - if(p->qtype.getCode()==QType::IXFR) { r->setRcode(RCode::NotImp); return r; @@ -1272,13 +1265,6 @@ DNSPacket *PacketHandler::questionOrRecurse(DNSPacket *p, bool *shouldRecurse) if(!B.getAuth(p, &sd, target)) { DLOG(L<d.ra) { - DLOG(L<setA(false); // drop AA if we never had a SOA in the first place r->setRcode(RCode::Refused); // send REFUSED - but only on empty 'no idea' diff --git a/pdns/packethandler.hh b/pdns/packethandler.hh index e422e41349..357c909b8d 100644 --- a/pdns/packethandler.hh +++ b/pdns/packethandler.hh @@ -56,7 +56,7 @@ class NSEC3PARAMRecordContent; class PacketHandler { public: - DNSPacket *questionOrRecurse(DNSPacket *, bool* shouldRecurse); //!< hand us a DNS packet with a question, we'll tell you answer, or that you should recurse + DNSPacket *doQuestion(DNSPacket *); //!< hand us a DNS packet with a question, we give you an answer DNSPacket *question(DNSPacket *); //!< hand us a DNS packet with a question, we give you an answer PacketHandler(); ~PacketHandler(); // defined in packethandler.cc, and does --count diff --git a/pdns/tcpreceiver.cc b/pdns/tcpreceiver.cc index 7eb16f4336..3273b22869 100644 --- a/pdns/tcpreceiver.cc +++ b/pdns/tcpreceiver.cc @@ -217,49 +217,6 @@ catch(NetworkError& ae) { throw NetworkError("Error reading DNS data from TCP client "+remote.toString()+": "+ae.what()); } -static void proxyQuestion(shared_ptr packet, unsigned int idleTimeout) -{ - int sock=socket(AF_INET, SOCK_STREAM, 0); - - setCloseOnExec(sock); - if(sock < 0) - throw NetworkError("Error making TCP connection socket to recursor: "+stringerror()); - - setNonBlocking(sock); - ServiceTuple st; - st.port=53; - parseService(::arg()["recursor"],st); - - try { - ComboAddress recursor(st.host, st.port); - connectWithTimeout(sock, (struct sockaddr*)&recursor, recursor.getSocklen()); - const string &buffer=packet->getString(); - - uint16_t len=htons(buffer.length()), slen; - - writenWithTimeout(sock, &len, 2, idleTimeout); - writenWithTimeout(sock, buffer.c_str(), buffer.length(), idleTimeout); - - readnWithTimeout(sock, &len, 2, idleTimeout); - len=ntohs(len); - - char answer[len]; - readnWithTimeout(sock, answer, len, idleTimeout); - - slen=htons(len); - writenWithTimeout(packet->getSocket(), &slen, 2, idleTimeout); - - writenWithTimeout(packet->getSocket(), answer, len, idleTimeout); - } - catch(NetworkError& ae) { - close(sock); - throw NetworkError("While proxying a question to recursor "+st.host+": " +ae.what()); - } - close(sock); - return; -} - - static void incTCPAnswerCount(const ComboAddress& remote) { S.inc("tcp-answers"); @@ -399,7 +356,7 @@ void *TCPNameserver::doConnection(void *data) } - if(!packet->d.rd && packet->couldBeCached() && PC.get(packet.get(), cached.get())) { // short circuit - does the PacketCache recognize this question? + if(packet->couldBeCached() && PC.get(packet.get(), cached.get())) { // short circuit - does the PacketCache recognize this question? if(logDNSQueries) L<<"packetcache HIT"<setRemote(&packet->d_remote); @@ -420,16 +377,10 @@ void *TCPNameserver::doConnection(void *data) L<(s_P->questionOrRecurse(packet.get(), &shouldRecurse)); // we really need to ask the backend :-) + reply=shared_ptr(s_P->doQuestion(packet.get())); // we really need to ask the backend :-) if(LPE) LPE->police(&(*packet), &(*reply), true); - - if(shouldRecurse) { - proxyQuestion(packet, d_idleTimeout); - continue; - } } if(!reply) // unable to write an answer?