From: Otto Moerbeek Date: Tue, 12 Apr 2022 10:26:09 +0000 (+0200) Subject: doResolveAtThisIP() can throw and do not throttle when DoT probing X-Git-Tag: rec-4.7.0-beta1^2~1 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=ecc27c1722edb705116f1d89cbe258d249461b18;p=thirdparty%2Fpdns.git doResolveAtThisIP() can throw and do not throttle when DoT probing --- diff --git a/pdns/syncres.cc b/pdns/syncres.cc index 1cfe5aadf3..b7439ee4c0 100644 --- a/pdns/syncres.cc +++ b/pdns/syncres.cc @@ -4800,20 +4800,40 @@ static void updateDoTStatus(ComboAddress address, DoTStatus::Status status, time bool SyncRes::tryDoT(const DNSName& qname, const QType qtype, const DNSName& nsName, ComboAddress address, time_t now) { + auto logHelper = [](const string& msg) { + g_log< nm; address.setPort(853); // We use the fact that qname equals auth - bool ok = doResolveAtThisIP("", qname, qtype, lwr, nm, qname, false, false, nsName, address, true, true, truncated, spoofed); - ok = ok && lwr.d_rcode == RCode::NoError && lwr.d_records.size() > 0; - + bool ok = false; + try { + ok = doResolveAtThisIP("", qname, qtype, lwr, nm, qname, false, false, nsName, address, true, true, truncated, spoofed, true); + ok = ok && lwr.d_rcode == RCode::NoError && lwr.d_records.size() > 0; + } + catch(const PDNSException& e) { + logHelper(e.reason); + } + catch(const ImmediateServFailException& e) { + logHelper(e.reason); + } + catch(const PolicyHitException& e) { + logHelper("PolicyHitException"); + } + catch(const std::exception& e) { + logHelper(e.what()); + } + catch(...) { + logHelper("other"); + } updateDoTStatus(address, ok ? DoTStatus::Good : DoTStatus::Bad, now + (ok ? dotSuccessWait : dotFailWait), true); return ok; } -bool SyncRes::doResolveAtThisIP(const std::string& prefix, const DNSName& qname, const QType qtype, LWResult& lwr, boost::optional& ednsmask, const DNSName& auth, bool const sendRDQuery, const bool wasForwarded, const DNSName& nsName, const ComboAddress& remoteIP, bool doTCP, bool doDoT, bool& truncated, bool& spoofed) +bool SyncRes::doResolveAtThisIP(const std::string& prefix, const DNSName& qname, const QType qtype, LWResult& lwr, boost::optional& ednsmask, const DNSName& auth, bool const sendRDQuery, const bool wasForwarded, const DNSName& nsName, const ComboAddress& remoteIP, bool doTCP, bool doDoT, bool& truncated, bool& spoofed, bool dontThrottle) { bool chained = false; LWResult::Result resolveret = LWResult::Result::Success; @@ -4874,8 +4894,7 @@ bool SyncRes::doResolveAtThisIP(const std::string& prefix, const DNSName& qname, d_totUsec += lwr.d_usec; accountAuthLatency(lwr.d_usec, remoteIP.sin4.sin_family); - bool dontThrottle = false; - { + if (!dontThrottle) { auto dontThrottleNames = g_dontThrottleNames.getLocal(); auto dontThrottleNetmasks = g_dontThrottleNetmasks.getLocal(); dontThrottle = dontThrottleNames->check(nsName) || dontThrottleNetmasks->match(remoteIP); diff --git a/pdns/syncres.hh b/pdns/syncres.hh index ef62a591f1..11afeb1ef8 100644 --- a/pdns/syncres.hh +++ b/pdns/syncres.hh @@ -658,7 +658,7 @@ private: int doResolveAt(NsSet &nameservers, DNSName auth, bool flawedNSSet, const DNSName &qname, QType qtype, vector&ret, unsigned int depth, set&beenthere, vState& state, StopAtDelegation* stopAtDelegation, std::map>* fallback); - bool doResolveAtThisIP(const std::string& prefix, const DNSName& qname, const QType qtype, LWResult& lwr, boost::optional& ednsmask, const DNSName& auth, bool const sendRDQuery, const bool wasForwarded, const DNSName& nsName, const ComboAddress& remoteIP, bool doTCP, bool doDoT, bool& truncated, bool& spoofed); + bool doResolveAtThisIP(const std::string& prefix, const DNSName& qname, const QType qtype, LWResult& lwr, boost::optional& ednsmask, const DNSName& auth, bool const sendRDQuery, const bool wasForwarded, const DNSName& nsName, const ComboAddress& remoteIP, bool doTCP, bool doDoT, bool& truncated, bool& spoofed, bool dontThrottle = false); bool processAnswer(unsigned int depth, LWResult& lwr, const DNSName& qname, const QType qtype, DNSName& auth, bool wasForwarded, const boost::optional ednsmask, bool sendRDQuery, NsSet &nameservers, std::vector& ret, const DNSFilterEngine& dfe, bool* gotNewServers, int* rcode, vState& state, const ComboAddress& remoteIP); int doResolve(const DNSName &qname, QType qtype, vector&ret, unsigned int depth, set& beenthere, vState& state);