allow filter-aaaa and dns64 modules to be configured in either order

- this is done by having dns64 abort before ns_query_lookup() if the
  client is already recursing.
- I'm not entirely satisfied with this solution: I would prefer the
  modules to be totally independent, not to be written to make
  allowances for each other. but, it's an effective workaround.

diff --git a/bin/plugins/dns64.c b/bin/plugins/dns64.c
index 45df0bb2db2a7e93aacef0a8c0874c5c282dd319..c9011b12253881b1d6e8d2e7d3f989e0f29476f5 100644 (file)
--- a/bin/plugins/dns64.c
+++ b/bin/plugins/dns64.c
@@ -1840,6 +1840,17 @@ dns64_respond_begin(void *arg, void *cbdata, isc_result_t *resp) {
            !dns64_aaaaok(qctx->client, inst, client_state,
                          qctx->rdataset, qctx->sigrdataset))
        {
+               /*
+                * If any previously-configured module has set up recursion
+                * before we call ns_query_lookup(), we might assert. Just
+                * return without doing anything in that case.
+                */
+               if ((qctx->client->query.attributes &
+                    NS_QUERYATTR_RECURSING) != 0)
+               {
+                       return (false);
+               }
+
                /*
                 * Look to see if there are A records for this name.
                 */
@@ -1851,14 +1862,6 @@ dns64_respond_begin(void *arg, void *cbdata, isc_result_t *resp) {
                qctx->type = qctx->qtype = dns_rdatatype_a;
                client_state->dns64_exclude = client_state->dns64 = true;
 
-               /*
-                * XXX: we are depending here on DNS64
-                * being reached before any other modules that
-                * might set up recursion. In particular if
-                * the filter-aaaa module runs first, there'll
-                * be an assertion failure. We need to make this
-                * order-indeendent.
-                */
                *resp = ns_query_lookup(qctx);
                return (NS_HOOK_RETURN);
        }

diff --git a/bin/plugins/filter-aaaa.c b/bin/plugins/filter-aaaa.c
index 0a3f6d8a7918181103a00cbd8bbc4510862e8ed3..6d90d2ceb8846e58433b208e00124a97e0a27380 100644 (file)
--- a/bin/plugins/filter-aaaa.c
+++ b/bin/plugins/filter-aaaa.c
@@ -837,7 +837,6 @@ filter_respond_begin(void *arg, void *cbdata, isc_result_t *resp) {
                result = ns_query_done(qctx);
 
                *resp = result;
-
                return (NS_HOOK_RETURN);
        }
 

diff --git a/bin/tests/system/filter-aaaa/ns5/named.conf.in b/bin/tests/system/filter-aaaa/ns5/named.conf.in
index fb9112f6e1bccaa9ba756817581aeea0e2b93447..79811efaceb7f7b9eb0502cc81677921ec5f01b9 100644 (file)
--- a/bin/tests/system/filter-aaaa/ns5/named.conf.in
+++ b/bin/tests/system/filter-aaaa/ns5/named.conf.in
@@ -23,6 +23,11 @@ options {
        minimal-responses no;
 };
 
+plugin query "../../../../plugins/lib/filter-aaaa.so" {
+       filter-aaaa-on-v4 break-dnssec;
+       filter-aaaa { any; };
+};
+
 plugin query "../../../../plugins/lib/dns64.so" {
        dns64 64:ff9b::/96 {
                clients { any; };
@@ -31,11 +36,6 @@ plugin query "../../../../plugins/lib/dns64.so" {
        };
 };
 
-plugin query "../../../../plugins/lib/filter-aaaa.so" {
-       filter-aaaa-on-v4 break-dnssec;
-       filter-aaaa { any; };
-};
-
 key rndc_key {
        secret "1234abcd8765";
        algorithm hmac-sha256;