]> git.ipfire.org Git - thirdparty/bind9.git/commitdiff
Replace query and client attribute bitfield with named bools
authorOndřej Surý <ondrej@isc.org>
Sat, 21 Mar 2026 16:13:56 +0000 (17:13 +0100)
committerOndřej Surý <ondrej@isc.org>
Thu, 2 Jul 2026 11:27:11 +0000 (13:27 +0200)
Replace the unsigned int attributes field in struct ns_query with
individual bool bitfields.  This removes the NS_QUERYATTR_* constants
and the 12 accessor macros (USECACHE, RECURSIONOK, RECURSING, etc.)
from query.c, replacing all bit manipulation with direct bool access.

And replace the unsigned int attributes field in struct ns_client_inner
with individual bool bitfields.  This removes the NS_CLIENTATTR_*
constants and the accessor macros (TCP, WANTDNSSEC, etc.), replacing
all bit manipulation with direct bool access.

bin/plugins/filter-a.c
bin/plugins/filter-aaaa.c
lib/ns/client.c
lib/ns/include/ns/client.h
lib/ns/include/ns/query.h
lib/ns/query.c
lib/ns/update.c
lib/ns/xfrout.c
tests/libtest/ns.c

index d7230cf65ed077e077c270b41127dd56e898875b..706ef25a999c86fbfa8b429ac26a23aefa47888c 100644 (file)
@@ -87,12 +87,6 @@ typedef struct filter_instance {
 #define FILTER_A_RECURSING 0x0001 /* Recursing for AAAA */
 #define FILTER_A_FILTERED  0x0002 /* A was removed from answer */
 
-/*
- * Client attribute tests.
- */
-#define WANTDNSSEC(c)  (((c)->inner.attributes & NS_CLIENTATTR_WANTDNSSEC) != 0)
-#define RECURSIONOK(c) (((c)->query.attributes & NS_QUERYATTR_RECURSIONOK) != 0)
-
 /*
  * Forward declarations of functions referenced in install_hooks().
  */
@@ -533,7 +527,7 @@ process_name(query_ctx_t *qctx, filter_a_t mode, const dns_name_t *name,
        (void)dns_message_findtype(n, dns_rdatatype_rrsig, type, &sigrdataset);
 
        if (rdataset != NULL &&
-           (sigrdataset == NULL || !WANTDNSSEC(qctx->client) ||
+           (sigrdataset == NULL || !qctx->client->inner.wantdnssec ||
             mode == BREAK_DNSSEC))
        {
                /*
@@ -683,7 +677,7 @@ filter_respond_begin(void *arg, void *cbdata, isc_result_t *resp) {
 
        if (client_state->mode != BREAK_DNSSEC &&
            (client_state->mode != FILTER ||
-            (WANTDNSSEC(qctx->client) && qctx->sigrdataset != NULL &&
+            (qctx->client->inner.wantdnssec && qctx->sigrdataset != NULL &&
              dns_rdataset_isassociated(qctx->sigrdataset))))
        {
                return NS_HOOK_CONTINUE;
@@ -717,7 +711,8 @@ filter_respond_begin(void *arg, void *cbdata, isc_result_t *resp) {
                        mark_as_rendered(qctx->rdataset, qctx->sigrdataset);
                        qctx->client->message->flags &= ~DNS_MESSAGEFLAG_AD;
                        client_state->flags |= FILTER_A_FILTERED;
-               } else if (!qctx->authoritative && RECURSIONOK(qctx->client) &&
+               } else if (!qctx->authoritative &&
+                          qctx->client->query.recursionok &&
                           (result == DNS_R_DELEGATION ||
                            result == ISC_R_NOTFOUND))
                {
@@ -735,8 +730,7 @@ filter_respond_begin(void *arg, void *cbdata, isc_result_t *resp) {
                                                  NULL, NULL, qctx->resuming);
                        if (result == ISC_R_SUCCESS) {
                                client_state->flags |= FILTER_A_RECURSING;
-                               qctx->client->query.attributes |=
-                                       NS_QUERYATTR_RECURSING;
+                               qctx->client->query.recursing = true;
                        }
                }
        } else if (qctx->qtype == dns_rdatatype_aaaa &&
index b698ede7a154e5499e229080fbeea6b5bf0c21ae..a6e3684a34103f9a60b9572f27c15e5af9c80a5c 100644 (file)
@@ -87,12 +87,6 @@ typedef struct filter_instance {
 #define FILTER_AAAA_RECURSING 0x0001 /* Recursing for A */
 #define FILTER_AAAA_FILTERED  0x0002 /* AAAA was removed from answer */
 
-/*
- * Client attribute tests.
- */
-#define WANTDNSSEC(c)  (((c)->inner.attributes & NS_CLIENTATTR_WANTDNSSEC) != 0)
-#define RECURSIONOK(c) (((c)->query.attributes & NS_QUERYATTR_RECURSIONOK) != 0)
-
 /*
  * Forward declarations of functions referenced in install_hooks().
  */
@@ -537,7 +531,7 @@ process_name(query_ctx_t *qctx, filter_aaaa_t mode, const dns_name_t *name,
        (void)dns_message_findtype(n, dns_rdatatype_rrsig, type, &sigrdataset);
 
        if (rdataset != NULL &&
-           (sigrdataset == NULL || !WANTDNSSEC(qctx->client) ||
+           (sigrdataset == NULL || !qctx->client->inner.wantdnssec ||
             mode == BREAK_DNSSEC))
        {
                /*
@@ -687,7 +681,7 @@ filter_respond_begin(void *arg, void *cbdata, isc_result_t *resp) {
 
        if (client_state->mode != BREAK_DNSSEC &&
            (client_state->mode != FILTER ||
-            (WANTDNSSEC(qctx->client) && qctx->sigrdataset != NULL &&
+            (qctx->client->inner.wantdnssec && qctx->sigrdataset != NULL &&
              dns_rdataset_isassociated(qctx->sigrdataset))))
        {
                return NS_HOOK_CONTINUE;
@@ -721,7 +715,8 @@ filter_respond_begin(void *arg, void *cbdata, isc_result_t *resp) {
                        mark_as_rendered(qctx->rdataset, qctx->sigrdataset);
                        qctx->client->message->flags &= ~DNS_MESSAGEFLAG_AD;
                        client_state->flags |= FILTER_AAAA_FILTERED;
-               } else if (!qctx->authoritative && RECURSIONOK(qctx->client) &&
+               } else if (!qctx->authoritative &&
+                          qctx->client->query.recursionok &&
                           (result == DNS_R_DELEGATION ||
                            result == ISC_R_NOTFOUND))
                {
@@ -738,8 +733,7 @@ filter_respond_begin(void *arg, void *cbdata, isc_result_t *resp) {
                                                  NULL, NULL, qctx->resuming);
                        if (result == ISC_R_SUCCESS) {
                                client_state->flags |= FILTER_AAAA_RECURSING;
-                               qctx->client->query.attributes |=
-                                       NS_QUERYATTR_RECURSING;
+                               qctx->client->query.recursing = true;
                        }
                }
        } else if (qctx->qtype == dns_rdatatype_a &&
index 7c38b2a4b0e494c2c6c287fd6143695223c18d34..a767c3515250355348c288732340c3ade3399d56 100644 (file)
 #define CTRACE(m)                                                         \
        ns_client_log(client, NS_LOGCATEGORY_CLIENT, NS_LOGMODULE_CLIENT, \
                      ISC_LOG_DEBUG(3), "%s", (m))
-#define MTRACE(m)                                                          \
-       isc_log_write(ns_lctx, NS_LOGCATEGORY_CLIENT, NS_LOGMODULE_CLIENT, \
+#define MTRACE(m)                                                 \
+       isc_log_write(NS_LOGCATEGORY_CLIENT, NS_LOGMODULE_CLIENT, \
                      ISC_LOG_DEBUG(3), "clientmgr @%p: %s", manager, (m))
 #else /* ifdef NS_CLIENT_TRACE */
 #define CTRACE(m) ((void)(m))
 #define MTRACE(m) ((void)(m))
 #endif /* ifdef NS_CLIENT_TRACE */
 
-#define TCP_CLIENT(c) (((c)->inner.attributes & NS_CLIENTATTR_TCP) != 0)
-
 #define COOKIE_SIZE 24U /* 8 + 4 + 4 + 8 */
 #define ECS_SIZE    20U /* 2 + 1 + 1 + [0..16] */
 
-#define USEKEEPALIVE(x) \
-       (((x)->inner.attributes & NS_CLIENTATTR_USEKEEPALIVE) != 0)
-#define WANTEXPIRE(x) (((x)->inner.attributes & NS_CLIENTATTR_WANTEXPIRE) != 0)
-#define WANTNSID(x)   (((x)->inner.attributes & NS_CLIENTATTR_WANTNSID) != 0)
-#define WANTPAD(x)    (((x)->inner.attributes & NS_CLIENTATTR_WANTPAD) != 0)
-#define WANTRC(x)     (((x)->inner.attributes & NS_CLIENTATTR_WANTRC) != 0)
-#define WANTZONEVERSION(x) \
-       (((x)->inner.attributes & NS_CLIENTATTR_WANTZONEVERSION) != 0)
-
 #define MANAGER_MAGIC   ISC_MAGIC('N', 'S', 'C', 'm')
 #define VALID_MANAGER(m) ISC_MAGIC_VALID(m, MANAGER_MAGIC)
 
@@ -151,7 +140,7 @@ ns_client_transport_type(const ns_client_t *client) {
         *
         * When DoQ support this had to be removed to get correct DoQ entries.
         */
-       if (!TCP_CLIENT(client)) {
+       if (!client->inner.tcp) {
                return DNS_TRANSPORT_UDP;
        }
 
@@ -282,9 +271,13 @@ ns_client_endrequest(ns_client_t *client) {
        dns_message_reset(client->message, DNS_MESSAGE_INTENTPARSE);
 
        /*
-        * Clear all client attributes that are specific to the request
+        * Clear all client attributes that are specific to the request,
+        * but keep the async attribute needed for reseting the async
+        * state later.
         */
-       client->inner.attributes = 0;
+       bool async = client->inner.async;
+       memset(&client->inner.attrs, 0, sizeof(client->inner.attrs));
+       client->inner.async = async;
 #ifdef ENABLE_AFL
        if (client->manager->sctx->fuzznotify != NULL &&
            (client->manager->sctx->fuzztype == isc_fuzz_client ||
@@ -345,11 +338,11 @@ client_senddone(isc_nmhandle_t *handle, isc_result_t result, void *cbarg) {
                        isc_histomulti_detach(&hmpin);
                }
        } else {
-               if (!TCP_CLIENT(client) && result == ISC_R_MAXSIZE) {
+               if (!client->inner.tcp && result == ISC_R_MAXSIZE) {
                        ns_client_log(client, DNS_LOGCATEGORY_SECURITY,
                                      NS_LOGMODULE_CLIENT, ISC_LOG_DEBUG(3),
                                      "send exceeded maximum size: truncating");
-                       client->query.attributes &= ~NS_QUERYATTR_ANSWERED;
+                       client->query.answered = false;
                        client->inner.rcode_override = dns_rcode_noerror;
                        ns_client_error(client, ISC_R_MAXSIZE);
                } else {
@@ -395,14 +388,13 @@ client_allocsendbuf(ns_client_t *client, isc_buffer_t *buffer,
 
        REQUIRE(datap != NULL);
 
-       if (TCP_CLIENT(client)) {
+       if (client->inner.tcp) {
                client_setup_tcp_buffer(client);
                data = client->inner.tcpbuf;
                isc_buffer_init(buffer, data, client->inner.tcpbuf_size);
        } else {
                data = client->sendbuf;
-               if ((client->inner.attributes & NS_CLIENTATTR_HAVECOOKIE) == 0)
-               {
+               if (!client->inner.havecookie) {
                        if (client->inner.view != NULL) {
                                bufsize = client->inner.view->nocookieudp;
                        } else {
@@ -582,7 +574,7 @@ ns_client_send(ns_client_t *client) {
 
        REQUIRE(NS_CLIENT_VALID(client));
 
-       if ((client->query.attributes & NS_QUERYATTR_ANSWERED) != 0) {
+       if (client->query.answered) {
                return;
        }
 
@@ -595,13 +587,11 @@ ns_client_send(ns_client_t *client) {
 
        CTRACE("send");
 
-       if (client->message->opcode == dns_opcode_query &&
-           (client->inner.attributes & NS_CLIENTATTR_RA) != 0)
-       {
+       if (client->message->opcode == dns_opcode_query && client->inner.ra) {
                client->message->flags |= DNS_MESSAGEFLAG_RA;
        }
 
-       if ((client->inner.attributes & NS_CLIENTATTR_WANTDNSSEC) != 0) {
+       if (client->inner.wantdnssec) {
                render_opts = 0;
        } else {
                render_opts = DNS_MESSAGERENDER_OMITDNSSEC;
@@ -628,7 +618,7 @@ ns_client_send(ns_client_t *client) {
        /*
         * Create an OPT for our reply.
         */
-       if ((client->inner.attributes & NS_CLIENTATTR_WANTOPT) != 0) {
+       if (client->inner.wantopt) {
                CHECK(ns_client_addopt(client, client->message));
                opt_included = true;
        }
@@ -738,7 +728,7 @@ renderend:
 
        if (client->inner.sendcb != NULL) {
                client->inner.sendcb(&buffer);
-       } else if (TCP_CLIENT(client)) {
+       } else if (client->inner.tcp) {
                isc_buffer_usedregion(&buffer, &r);
 #ifdef HAVE_DNSTAP
                if (client->inner.view != NULL) {
@@ -822,7 +812,7 @@ renderend:
                                   ns_statscounter_truncatedresp);
        }
 
-       client->query.attributes |= NS_QUERYATTR_ANSWERED;
+       client->query.answered = true;
 
        return;
 
@@ -927,11 +917,11 @@ ns_client_error(ns_client_t *client, isc_result_t result) {
                        loglevel = ISC_LOG_DEBUG(1);
                }
                wouldlog = isc_log_wouldlog(loglevel);
-               rrl_result = dns_rrl(
-                       client->inner.view, NULL, &client->inner.peeraddr,
-                       TCP_CLIENT(client), dns_rdataclass_in,
-                       dns_rdatatype_none, NULL, result, client->inner.now,
-                       wouldlog, log_buf, sizeof(log_buf));
+               rrl_result = dns_rrl(client->inner.view, NULL,
+                                    &client->inner.peeraddr, client->inner.tcp,
+                                    dns_rdataclass_in, dns_rdatatype_none,
+                                    NULL, result, client->inner.now, wouldlog,
+                                    log_buf, sizeof(log_buf));
                if (rrl_result != DNS_RRL_RESULT_OK) {
                        /*
                         * Log dropped errors in the query-errors category
@@ -1021,8 +1011,7 @@ ns_client_error(ns_client_t *client, isc_result_t result) {
                client->inner.formerrcache.id = message->id;
        } else if (rcode == dns_rcode_servfail && client->query.qname != NULL &&
                   client->inner.view != NULL &&
-                  client->inner.view->fail_ttl != 0 &&
-                  ((client->inner.attributes & NS_CLIENTATTR_NOSETFC) == 0))
+                  client->inner.view->fail_ttl != 0 && !client->inner.nosetfc)
        {
                /*
                 * SERVFAIL caching: store qname/qtype of failed queries
@@ -1078,7 +1067,7 @@ ns_client_addopt(ns_client_t *client, dns_message_t *message) {
        dns_message_ednsinit(message, 0, udpsize, flags, 0);
 
        /* Set EDNS options if applicable */
-       if (WANTNSID(client)) {
+       if (client->inner.wantnsid) {
                char nsid[_POSIX_HOST_NAME_MAX + 1];
                char *nsidp = NULL;
 
@@ -1099,7 +1088,7 @@ ns_client_addopt(ns_client_t *client, dns_message_t *message) {
                }
        }
 
-       if ((client->inner.attributes & NS_CLIENTATTR_WANTCOOKIE) != 0) {
+       if (client->inner.wantcookie) {
                isc_buffer_t buf;
                isc_stdtime_t now = isc_stdtime_now();
 
@@ -1114,7 +1103,7 @@ ns_client_addopt(ns_client_t *client, dns_message_t *message) {
                RETERR(dns_message_ednsaddopt(message, &option));
        }
 
-       if ((client->inner.attributes & NS_CLIENTATTR_HAVEEXPIRE) != 0) {
+       if (client->inner.haveexpire) {
                isc_buffer_t buf;
 
                isc_buffer_init(&buf, expire, sizeof(expire));
@@ -1126,7 +1115,7 @@ ns_client_addopt(ns_client_t *client, dns_message_t *message) {
                RETERR(dns_message_ednsaddopt(message, &option));
        }
 
-       if (((client->inner.attributes & NS_CLIENTATTR_HAVEECS) != 0) &&
+       if (client->inner.haveecs &&
            (client->inner.ecs.addr.family == AF_INET ||
             client->inner.ecs.addr.family == AF_INET6))
        {
@@ -1180,7 +1169,7 @@ ns_client_addopt(ns_client_t *client, dns_message_t *message) {
                RETERR(dns_message_ednsaddopt(message, &option));
        }
 
-       if (TCP_CLIENT(client) && USEKEEPALIVE(client)) {
+       if (client->inner.tcp && client->inner.usekeepalive) {
                uint32_t advertised_timeout = isc_nm_getadvertisedtimeout();
                isc_buffer_t buf;
 
@@ -1206,7 +1195,7 @@ ns_client_addopt(ns_client_t *client, dns_message_t *message) {
                                         .value = ede->value };
                RETERR(dns_message_ednsaddopt(message, &option));
        }
-       if ((client->inner.attributes & NS_CLIENTATTR_HAVEZONEVERSION) != 0) {
+       if (client->inner.havezoneversion) {
                dns_ednsopt_t option = {
                        .code = DNS_OPT_ZONEVERSION,
                        .length = client->inner.zoneversionlength,
@@ -1215,7 +1204,7 @@ ns_client_addopt(ns_client_t *client, dns_message_t *message) {
                RETERR(dns_message_ednsaddopt(message, &option));
        }
 
-       if (WANTRC(client)) {
+       if (client->inner.wantrc) {
                dns_name_t *rad = NULL;
                if (dns_name_dynamic(&client->inner.rad)) {
                        rad = &client->inner.rad;
@@ -1231,9 +1220,8 @@ ns_client_addopt(ns_client_t *client, dns_message_t *message) {
        }
 
        /* Padding must be added last */
-       if ((view != NULL) && (view->padding > 0) && WANTPAD(client) &&
-           (TCP_CLIENT(client) ||
-            ((client->inner.attributes & NS_CLIENTATTR_HAVECOOKIE) != 0)))
+       if ((view != NULL) && (view->padding > 0) && client->inner.wantpad &&
+           (client->inner.tcp || client->inner.havecookie))
        {
                isc_netaddr_t netaddr;
                int match;
@@ -1312,14 +1300,13 @@ process_cookie(ns_client_t *client, isc_buffer_t *buf, size_t optlen) {
        /*
         * If we have already seen a cookie option skip this cookie option.
         */
-       if ((!client->manager->sctx->answercookie) ||
-           (client->inner.attributes & NS_CLIENTATTR_WANTCOOKIE) != 0)
+       if ((!client->manager->sctx->answercookie) || client->inner.wantcookie)
        {
                isc_buffer_forward(buf, (unsigned int)optlen);
                return;
        }
 
-       client->inner.attributes |= NS_CLIENTATTR_WANTCOOKIE;
+       client->inner.wantcookie = true;
 
        ns_stats_increment(client->manager->sctx->nsstats,
                           ns_statscounter_cookiein);
@@ -1338,7 +1325,7 @@ process_cookie(ns_client_t *client, isc_buffer_t *buf, size_t optlen) {
                } else {
                        ns_stats_increment(client->manager->sctx->nsstats,
                                           ns_statscounter_cookiebadsize);
-                       client->inner.attributes |= NS_CLIENTATTR_BADCOOKIE;
+                       client->inner.badcookie = true;
                }
                return;
        }
@@ -1372,7 +1359,7 @@ process_cookie(ns_client_t *client, isc_buffer_t *buf, size_t optlen) {
        if (isc_serial_gt(when, now + 300) /* In the future. */ ||
            isc_serial_lt(when, now - 3600) /* In the past. */)
        {
-               client->inner.attributes |= NS_CLIENTATTR_BADCOOKIE;
+               client->inner.badcookie = true;
                ns_stats_increment(client->manager->sctx->nsstats,
                                   ns_statscounter_cookiebadtime);
                return;
@@ -1384,7 +1371,7 @@ process_cookie(ns_client_t *client, isc_buffer_t *buf, size_t optlen) {
        if (isc_safe_memequal(old, dbuf, COOKIE_SIZE) || alwaysvalid) {
                ns_stats_increment(client->manager->sctx->nsstats,
                                   ns_statscounter_cookiematch);
-               client->inner.attributes |= NS_CLIENTATTR_HAVECOOKIE;
+               client->inner.havecookie = true;
                return;
        }
 
@@ -1394,12 +1381,12 @@ process_cookie(ns_client_t *client, isc_buffer_t *buf, size_t optlen) {
                if (isc_safe_memequal(old, dbuf, COOKIE_SIZE)) {
                        ns_stats_increment(client->manager->sctx->nsstats,
                                           ns_statscounter_cookiematch);
-                       client->inner.attributes |= NS_CLIENTATTR_HAVECOOKIE;
+                       client->inner.havecookie = true;
                        return;
                }
        }
 
-       client->inner.attributes |= NS_CLIENTATTR_BADCOOKIE;
+       client->inner.badcookie = true;
        ns_stats_increment(client->manager->sctx->nsstats,
                           ns_statscounter_cookienomatch);
 }
@@ -1413,7 +1400,7 @@ process_ecs(ns_client_t *client, isc_buffer_t *buf, size_t optlen) {
        /*
         * If we have already seen a ECS option skip this ECS option.
         */
-       if ((client->inner.attributes & NS_CLIENTATTR_HAVEECS) != 0) {
+       if (client->inner.haveecs) {
                isc_buffer_forward(buf, (unsigned int)optlen);
                return ISC_R_SUCCESS;
        }
@@ -1500,7 +1487,7 @@ process_ecs(ns_client_t *client, isc_buffer_t *buf, size_t optlen) {
        memmove(&client->inner.ecs.addr, &caddr, sizeof(caddr));
        client->inner.ecs.source = addrlen;
        client->inner.ecs.scope = 0;
-       client->inner.attributes |= NS_CLIENTATTR_HAVEECS;
+       client->inner.haveecs = true;
 
        isc_buffer_forward(buf, (unsigned int)optlen);
        return ISC_R_SUCCESS;
@@ -1587,26 +1574,24 @@ process_opt(ns_client_t *client, dns_rdataset_t *opt) {
                        }
                        switch (optcode) {
                        case DNS_OPT_NSID:
-                               if (!WANTNSID(client)) {
+                               if (!client->inner.wantnsid) {
                                        ns_stats_increment(
                                                client->manager->sctx->nsstats,
                                                ns_statscounter_nsidopt);
                                }
-                               client->inner.attributes |=
-                                       NS_CLIENTATTR_WANTNSID;
+                               client->inner.wantnsid = true;
                                isc_buffer_forward(&optbuf, optlen);
                                break;
                        case DNS_OPT_COOKIE:
                                process_cookie(client, &optbuf, optlen);
                                break;
                        case DNS_OPT_EXPIRE:
-                               if (!WANTEXPIRE(client)) {
+                               if (!client->inner.wantexpire) {
                                        ns_stats_increment(
                                                client->manager->sctx->nsstats,
                                                ns_statscounter_expireopt);
                                }
-                               client->inner.attributes |=
-                                       NS_CLIENTATTR_WANTEXPIRE;
+                               client->inner.wantexpire = true;
                                isc_buffer_forward(&optbuf, optlen);
                                break;
                        case DNS_OPT_CLIENT_SUBNET:
@@ -1619,20 +1604,18 @@ process_opt(ns_client_t *client, dns_rdataset_t *opt) {
                                        ns_statscounter_ecsopt);
                                break;
                        case DNS_OPT_TCP_KEEPALIVE:
-                               if (!USEKEEPALIVE(client)) {
+                               if (!client->inner.usekeepalive) {
                                        ns_stats_increment(
                                                client->manager->sctx->nsstats,
                                                ns_statscounter_keepaliveopt);
                                }
-                               client->inner.attributes |=
-                                       NS_CLIENTATTR_USEKEEPALIVE;
+                               client->inner.usekeepalive = true;
                                isc_nmhandle_keepalive(client->inner.handle,
                                                       true);
                                isc_buffer_forward(&optbuf, optlen);
                                break;
                        case DNS_OPT_PAD:
-                               client->inner.attributes |=
-                                       NS_CLIENTATTR_WANTPAD;
+                               client->inner.wantpad = true;
                                ns_stats_increment(
                                        client->manager->sctx->nsstats,
                                        ns_statscounter_padopt);
@@ -1649,15 +1632,16 @@ process_opt(ns_client_t *client, dns_rdataset_t *opt) {
                                        ns_statscounter_keytagopt);
                                break;
                        case DNS_OPT_ZONEVERSION:
-                               if (optlen != 0 || WANTZONEVERSION(client)) {
+                               if (optlen != 0 ||
+                                   client->inner.wantzoneversion)
+                               {
                                        result = DNS_R_FORMERR;
                                        goto formerr;
                                }
                                ns_stats_increment(
                                        client->manager->sctx->nsstats,
                                        ns_statscounter_zoneversionopt);
-                               client->inner.attributes |=
-                                       NS_CLIENTATTR_WANTZONEVERSION;
+                               client->inner.wantzoneversion = true;
                                isc_buffer_forward(&optbuf, optlen);
                                break;
                        default:
@@ -1674,14 +1658,14 @@ process_opt(ns_client_t *client, dns_rdataset_t *opt) {
                ns_stats_increment(client->manager->sctx->nsstats,
                                   ns_statscounter_badednsver);
                result = DNS_R_BADVERS;
-               client->inner.attributes |= NS_CLIENTATTR_WANTOPT;
+               client->inner.wantopt = true;
                ns_client_error(client, result);
                return result;
        }
 
        ns_stats_increment(client->manager->sctx->nsstats,
                           ns_statscounter_edns0in);
-       client->inner.attributes |= NS_CLIENTATTR_WANTOPT;
+       client->inner.wantopt = true;
 
        return result;
 
@@ -1689,7 +1673,7 @@ formerr:
        if (result == DNS_R_OPTERR) {
                result = DNS_R_FORMERR;
        }
-       client->inner.attributes |= NS_CLIENTATTR_WANTOPT;
+       client->inner.wantopt = true;
        ns_client_error(client, result);
        return result;
 }
@@ -1872,7 +1856,7 @@ ns_client_request(isc_nmhandle_t *handle, isc_result_t eresult,
        }
 
        if (isc_nmhandle_is_stream(handle)) {
-               client->inner.attributes |= NS_CLIENTATTR_TCP;
+               client->inner.tcp = true;
        }
 
        INSIST(client->inner.state == NS_CLIENTSTATE_READY);
@@ -1923,7 +1907,7 @@ ns_client_request(isc_nmhandle_t *handle, isc_result_t eresult,
 
        ns_client_log(client, NS_LOGCATEGORY_CLIENT, NS_LOGMODULE_CLIENT,
                      ISC_LOG_DEBUG(3), "%s request",
-                     TCP_CLIENT(client) ? "TCP" : "UDP");
+                     client->inner.tcp ? "TCP" : "UDP");
 
        result = dns_message_peekheader(client->inner.buffer, &id, &flags);
        if (result != ISC_R_SUCCESS) {
@@ -1967,7 +1951,7 @@ ns_client_request(isc_nmhandle_t *handle, isc_result_t eresult,
                ns_stats_increment(client->manager->sctx->nsstats,
                                   ns_statscounter_requestv6);
        }
-       if (TCP_CLIENT(client)) {
+       if (client->inner.tcp) {
                ns_stats_increment(client->manager->sctx->nsstats,
                                   ns_statscounter_requesttcp);
                switch (isc_sockaddr_pf(&client->inner.peeraddr)) {
@@ -2007,7 +1991,7 @@ ns_client_request(isc_nmhandle_t *handle, isc_result_t eresult,
                 * (typically FORMERR or SERVFAIL).
                 */
                if (result == DNS_R_OPTERR) {
-                       client->inner.attributes |= NS_CLIENTATTR_WANTOPT;
+                       client->inner.wantopt = true;
                }
                ns_client_log(client, NS_LOGCATEGORY_CLIENT,
                              NS_LOGMODULE_CLIENT, ISC_LOG_DEBUG(1),
@@ -2098,8 +2082,7 @@ ns_client_request(isc_nmhandle_t *handle, isc_result_t eresult,
        char classbuf[DNS_RDATACLASS_FORMATSIZE];
        switch (client->message->rdclass) {
        case dns_rdataclass_reserved0:
-               if ((client->inner.attributes & NS_CLIENTATTR_WANTCOOKIE) !=
-                           0 &&
+               if (client->inner.wantcookie &&
                    client->message->opcode == dns_opcode_query &&
                    client->message->counts[DNS_SECTION_QUESTION] == 0U)
                {
@@ -2470,7 +2453,7 @@ ns_client_request_continue(void *arg) {
                ra_refusal_reason = ALLOW_QUERY_CACHE_ON;
        } else {
                ra = true;
-               client->inner.attributes |= NS_CLIENTATTR_RA;
+               client->inner.ra = true;
        }
 
        ns_client_log(client, DNS_LOGCATEGORY_SECURITY, NS_LOGMODULE_CLIENT,
@@ -2637,7 +2620,7 @@ ns__client_setup(ns_client_t *client, ns_clientmgr_t *mgr, bool new) {
                dns_ede_reset(&client->edectx);
        }
 
-       client->query.attributes &= ~NS_QUERYATTR_ANSWERED;
+       client->query.answered = false;
        client->inner.state = NS_CLIENTSTATE_INACTIVE;
        client->inner.udpsize = 512;
        client->inner.ednsversion = -1;
@@ -3018,7 +3001,7 @@ ns_client_qnamereplace(ns_client_t *client, dns_name_t *name) {
                dns_message_puttempname(client->message, &client->query.qname);
        }
        client->query.qname = name;
-       client->query.attributes &= ~NS_QUERYATTR_REDIRECT;
+       client->query.is_redirect = false;
        UNLOCK(&client->query.fetchlock);
 }
 
@@ -3078,7 +3061,7 @@ ns_client_newname(ns_client_t *client, isc_buffer_t *dbuf, isc_buffer_t *nbuf) {
        dns_name_t *name = NULL;
        isc_region_t r;
 
-       REQUIRE((client->query.attributes & NS_QUERYATTR_NAMEBUFUSED) == 0);
+       REQUIRE(!client->query.namebufused);
 
        CTRACE("ns_client_newname");
 
@@ -3087,7 +3070,7 @@ ns_client_newname(ns_client_t *client, isc_buffer_t *dbuf, isc_buffer_t *nbuf) {
        isc_buffer_init(nbuf, r.base, r.length);
        dns_name_setbuffer(name, NULL);
        dns_name_setbuffer(name, nbuf);
-       client->query.attributes |= NS_QUERYATTR_NAMEBUFUSED;
+       client->query.namebufused = true;
 
        CTRACE("ns_client_newname: done");
        return name;
@@ -3131,12 +3114,12 @@ ns_client_keepname(ns_client_t *client, dns_name_t *name, isc_buffer_t *dbuf) {
         * 'name' is using space in 'dbuf', but 'dbuf' has not yet been
         * adjusted to take account of that.  We do the adjustment.
         */
-       REQUIRE((client->query.attributes & NS_QUERYATTR_NAMEBUFUSED) != 0);
+       REQUIRE(client->query.namebufused);
 
        dns_name_toregion(name, &r);
        isc_buffer_add(dbuf, r.length);
        dns_name_setbuffer(name, NULL);
-       client->query.attributes &= ~NS_QUERYATTR_NAMEBUFUSED;
+       client->query.namebufused = false;
 }
 
 void
@@ -3148,7 +3131,7 @@ ns_client_releasename(ns_client_t *client, dns_name_t **namep) {
         */
 
        CTRACE("ns_client_releasename");
-       client->query.attributes &= ~NS_QUERYATTR_NAMEBUFUSED;
+       client->query.namebufused = false;
        dns_message_puttempname(client->message, namep);
        CTRACE("ns_client_releasename: done");
 }
index a6b7c64c66d022d083dea38ffa25f154d6569253..3cf87e90b0531371a7974ca49aae2816fd89edc1 100644 (file)
@@ -166,13 +166,47 @@ struct ns_client {
        unsigned int magic;
        struct ns_client_inner {
                ns_clientstate_t state;
-               bool             async;
-               unsigned int     attributes;
-               dns_view_t      *view;
-               dns_dispatch_t  *dispatch;
-               isc_nmhandle_t  *handle;       /* Permanent pointer to handle */
-               isc_nmhandle_t  *sendhandle;   /* Waiting for send callback */
-               isc_nmhandle_t  *reqhandle;    /* Waiting for request callback
+               union {
+                       uint8_t attrs[4];
+                       struct {
+                               bool async : 1;
+                               bool tcp   : 1;
+                               bool ra : 1; /*%< Client gets recursive service
+                                             */
+                               bool pktinfo   : 1;  /*%< pktinfo is valid */
+                               bool multicast : 1;  /*%< recv'd from multicast
+                                                     */
+                               bool wantdnssec : 1; /*%< include dnssec records
+                                                     */
+                               bool wantnsid : 1; /*%< include nameserver ID */
+                               bool badcookie : 1; /*%< bad/out-of-date cookie
+                                                    */
+                               bool wantrc : 1; /*%< include Report-Channel */
+                               bool wantad : 1; /*%< want AD in response */
+                               bool wantcookie : 1; /*%< return a COOKIE */
+                               bool havecookie : 1; /*%< has a valid COOKIE */
+                               bool wantexpire : 1; /*%< return seconds to
+                                                       expire */
+                               bool haveexpire : 1; /*%< return seconds to
+                                                       expire */
+                               bool wantopt : 1;    /*%< add opt to reply */
+                               bool haveecs : 1; /*%< received an ECS option */
+                               bool wantpad : 1; /*%< pad reply */
+                               bool usekeepalive : 1; /*%< use TCP keepalive */
+                               bool nosetfc : 1; /*%< don't set servfail cache
+                                                  */
+                               bool needtcp         : 1; /*%< send TC=1 */
+                               bool wantzoneversion : 1; /*%< return
+                                                            zoneversion */
+                               bool havezoneversion : 1; /*%< return
+                                                            zoneversion */
+                       };
+               };
+               dns_view_t     *view;
+               dns_dispatch_t *dispatch;
+               isc_nmhandle_t *handle;        /* Permanent pointer to handle */
+               isc_nmhandle_t *sendhandle;    /* Waiting for send callback */
+               isc_nmhandle_t *reqhandle;     /* Waiting for request callback
                                                  (query, update, notify) */
                isc_nmhandle_t *updatehandle;  /* Waiting for update callback */
                isc_nmhandle_t *restarthandle; /* Waiting for restart callback
@@ -247,32 +281,14 @@ struct ns_client {
        uint8_t         sendbuf[NS_CLIENT_SEND_BUFFER_SIZE];
 };
 
+STATIC_ASSERT(offsetof(ns_client_t, inner.attrs) +
+                             sizeof(((ns_client_t *)0)->inner.attrs) ==
+                     offsetof(ns_client_t, inner.view),
+             "ns_query.attrs[] must cover the flags bitfield");
+
 #define NS_CLIENT_MAGIC           ISC_MAGIC('N', 'S', 'C', 'c')
 #define NS_CLIENT_VALID(c) ISC_MAGIC_VALID(c, NS_CLIENT_MAGIC)
 
-#define NS_CLIENTATTR_TCP       0x000001
-#define NS_CLIENTATTR_RA        0x000002 /*%< Client gets recursive service */
-#define NS_CLIENTATTR_PKTINFO   0x000004 /*%< pktinfo is valid */
-#define NS_CLIENTATTR_MULTICAST         0x000008 /*%< recv'd from multicast */
-#define NS_CLIENTATTR_WANTDNSSEC 0x000010 /*%< include dnssec records */
-#define NS_CLIENTATTR_WANTNSID  0x000020 /*%< include nameserver ID */
-#define NS_CLIENTATTR_BADCOOKIE \
-       0x000040 /*%< Presented cookie is bad/out-of-date */
-#define NS_CLIENTATTR_WANTRC 0x000080 /*%< include Report-Channel */
-#define NS_CLIENTATTR_WANTAD 0x000100 /*%< want AD in response if possible */
-#define NS_CLIENTATTR_WANTCOOKIE      0x000200 /*%< return a COOKIE */
-#define NS_CLIENTATTR_HAVECOOKIE      0x000400 /*%< has a valid COOKIE */
-#define NS_CLIENTATTR_WANTEXPIRE      0x000800 /*%< return seconds to expire */
-#define NS_CLIENTATTR_HAVEEXPIRE      0x001000 /*%< return seconds to expire */
-#define NS_CLIENTATTR_WANTOPT        0x002000 /*%< add opt to reply */
-#define NS_CLIENTATTR_HAVEECS        0x004000 /*%< received an ECS option */
-#define NS_CLIENTATTR_WANTPAD        0x008000 /*%< pad reply */
-#define NS_CLIENTATTR_USEKEEPALIVE    0x010000 /*%< use TCP keepalive */
-#define NS_CLIENTATTR_NOSETFC        0x020000 /*%< don't set servfail cache */
-#define NS_CLIENTATTR_NEEDTCP        0x040000 /*%< send TC=1 */
-#define NS_CLIENTATTR_WANTZONEVERSION 0x100000 /*%< return zoneversion */
-#define NS_CLIENTATTR_HAVEZONEVERSION 0x200000 /*%< return zoneversion */
-
 /*
  * Flag to use with the SERVFAIL cache to indicate
  * that a query had the CD bit set.
index 053ed69ee3b9bd818ae42c8319def0721a74075a..44d0566fbc3608f3a2519bcbc79aa45b415102e9 100644 (file)
@@ -103,7 +103,30 @@ typedef struct ns_query_recparam {
 
 /*% nameserver query structure */
 struct ns_query {
-       unsigned int     attributes;
+       union {
+               uint8_t attrs[4];
+               struct {
+                       bool recursionok     : 1;
+                       bool cacheok         : 1;
+                       bool partialanswer   : 1;
+                       bool namebufused     : 1;
+                       bool recursing       : 1;
+                       bool queryokvalid    : 1;
+                       bool queryok         : 1;
+                       bool wantrecursion   : 1;
+                       bool secure          : 1;
+                       bool noauthority     : 1;
+                       bool noadditional    : 1;
+                       bool cacheaclokvalid : 1;
+                       bool cacheaclok      : 1;
+                       bool dns64           : 1;
+                       bool dns64exclude    : 1;
+                       bool rrl_checked     : 1;
+                       bool is_redirect     : 1;
+                       bool answered        : 1;
+               };
+       };
+
        unsigned int     restarts;
        isc_counter_t   *qc;
        bool             timerset;
@@ -156,24 +179,10 @@ struct ns_query {
        bool         root_key_sentinel_not_ta;
 };
 
-#define NS_QUERYATTR_RECURSIONOK     0x000001
-#define NS_QUERYATTR_CACHEOK        0x000002
-#define NS_QUERYATTR_PARTIALANSWER   0x000004
-#define NS_QUERYATTR_NAMEBUFUSED     0x000008
-#define NS_QUERYATTR_RECURSING      0x000010
-#define NS_QUERYATTR_QUERYOKVALID    0x000040
-#define NS_QUERYATTR_QUERYOK        0x000080
-#define NS_QUERYATTR_WANTRECURSION   0x000100
-#define NS_QUERYATTR_SECURE         0x000200
-#define NS_QUERYATTR_NOAUTHORITY     0x000400
-#define NS_QUERYATTR_NOADDITIONAL    0x000800
-#define NS_QUERYATTR_CACHEACLOKVALID 0x001000
-#define NS_QUERYATTR_CACHEACLOK             0x002000
-#define NS_QUERYATTR_DNS64          0x004000
-#define NS_QUERYATTR_DNS64EXCLUDE    0x008000
-#define NS_QUERYATTR_RRL_CHECKED     0x010000
-#define NS_QUERYATTR_REDIRECT       0x020000
-#define NS_QUERYATTR_ANSWERED       0x040000
+STATIC_ASSERT(offsetof(ns_query_t, attrs) +
+                             sizeof(((struct ns_query *)0)->attrs) ==
+                     offsetof(struct ns_query, restarts),
+             "ns_query.attrs[] must cover the flags bitfield");
 
 typedef struct query_ctx query_ctx_t;
 
index ec8b3df8683267fd0a17c12359321a1053d6c482..913b14282a2fcf6b50b5613e77582d5018e1d4fa 100644 (file)
                (qctx)->line = __LINE__;      \
        } while (0)
 
-/*% Partial answer? */
-#define PARTIALANSWER(c) \
-       (((c)->query.attributes & NS_QUERYATTR_PARTIALANSWER) != 0)
-/*% Use Cache? */
-#define USECACHE(c) (((c)->query.attributes & NS_QUERYATTR_CACHEOK) != 0)
-/*% Recursion OK? */
-#define RECURSIONOK(c) (((c)->query.attributes & NS_QUERYATTR_RECURSIONOK) != 0)
-/*% Recursing? */
-#define RECURSING(c) (((c)->query.attributes & NS_QUERYATTR_RECURSING) != 0)
-/*% Want Recursion? */
-#define WANTRECURSION(c) \
-       (((c)->query.attributes & NS_QUERYATTR_WANTRECURSION) != 0)
-/*% Is TCP? */
-#define TCP(c) (((c)->inner.attributes & NS_CLIENTATTR_TCP) != 0)
-/*% This query needs to have been sent over TCP.  Return TC=1. */
-#define NEEDTCP(c) (((c)->inner.attributes & NS_CLIENTATTR_NEEDTCP) != 0)
-
-/*% Want DNSSEC? */
-#define WANTDNSSEC(c) (((c)->inner.attributes & NS_CLIENTATTR_WANTDNSSEC) != 0)
-/*% Want WANTAD? */
-#define WANTAD(c) (((c)->inner.attributes & NS_CLIENTATTR_WANTAD) != 0)
-/*% Client presented a bad COOKIE. */
-#define BADCOOKIE(c) (((c)->inner.attributes & NS_CLIENTATTR_BADCOOKIE) != 0)
-/*% Client presented a valid COOKIE. */
-#define HAVECOOKIE(c) (((c)->inner.attributes & NS_CLIENTATTR_HAVECOOKIE) != 0)
-/*% Client presented a COOKIE. */
-#define WANTCOOKIE(c) (((c)->inner.attributes & NS_CLIENTATTR_WANTCOOKIE) != 0)
-/*% Client presented a CLIENT-SUBNET option. */
-#define HAVEECS(c) (((c)->inner.attributes & NS_CLIENTATTR_HAVEECS) != 0)
-/*% No authority? */
-#define NOAUTHORITY(c) (((c)->query.attributes & NS_QUERYATTR_NOAUTHORITY) != 0)
-/*% No additional? */
-#define NOADDITIONAL(c) \
-       (((c)->query.attributes & NS_QUERYATTR_NOADDITIONAL) != 0)
-/*% Secure? */
-#define SECURE(c) (((c)->query.attributes & NS_QUERYATTR_SECURE) != 0)
-/*% DNS64 A lookup? */
-#define DNS64(c) (((c)->query.attributes & NS_QUERYATTR_DNS64) != 0)
-
-#define DNS64EXCLUDE(c) \
-       (((c)->query.attributes & NS_QUERYATTR_DNS64EXCLUDE) != 0)
-
-#define REDIRECT(c) (((c)->query.attributes & NS_QUERYATTR_REDIRECT) != 0)
-
-/*% Was the client already sent a response? */
-#define QUERY_ANSWERED(q) (((q)->attributes & NS_QUERYATTR_ANSWERED) != 0)
-
 /*% Does the query wants to check for stale RRset due to a timeout? */
 #define QUERY_STALETIMEOUT(q) (((q)->dboptions & DNS_DBFIND_STALETIMEOUT) != 0)
 
-/*% Does the rdataset 'r' have an attached 'No QNAME Proof'? */
-#define NOQNAME(r) ((r)->attributes.noqname)
-
-/*% Does the rdataset 'r' contain a stale answer? */
-#define STALE(r) ((r)->attributes.stale)
-
-/*% Does the rdataset 'r' is stale and within stale-refresh-time? */
-#define STALE_WINDOW(r) ((r)->attributes.stale_window)
-
 #ifdef WANT_QUERYTRACE
 static void
 client_trace(ns_client_t *client, int level, const char *message) {
@@ -584,7 +528,7 @@ ns_client_log_flags(ns_client_t *client, unsigned int flags,
        isc_buffer_t b;
 
        isc_buffer_init(&b, buf, len);
-       isc_buffer_putuint8(&b, WANTRECURSION(client) ? '+' : '-');
+       isc_buffer_putuint8(&b, client->query.wantrecursion ? '+' : '-');
        if (client->inner.ednsversion >= 0) {
                char ednsbuf[sizeof("E(255)")] = { 0 };
 
@@ -595,7 +539,7 @@ ns_client_log_flags(ns_client_t *client, unsigned int flags,
        if (client->inner.signer != NULL) {
                isc_buffer_putuint8(&b, 'S');
        }
-       if (TCP(client)) {
+       if (client->inner.tcp) {
                isc_buffer_putuint8(&b, 'T');
        }
        if ((extflags & DNS_MESSAGEEXTFLAG_DO) != 0) {
@@ -604,9 +548,9 @@ ns_client_log_flags(ns_client_t *client, unsigned int flags,
        if ((flags & DNS_MESSAGEFLAG_CD) != 0) {
                isc_buffer_putuint8(&b, 'C');
        }
-       if (HAVECOOKIE(client)) {
+       if (client->inner.havecookie) {
                isc_buffer_putuint8(&b, 'V');
-       } else if (WANTCOOKIE(client)) {
+       } else if (client->inner.wantcookie) {
                isc_buffer_putuint8(&b, 'K');
        }
        isc_buffer_putuint8(&b, 0);
@@ -646,7 +590,7 @@ log_response(ns_client_t *client, dns_rcode_t rcode) {
        isc_buffer_putuint8(&b, 0);
        isc_netaddr_format(&client->inner.destaddr, onbuf, sizeof(onbuf));
 
-       if (HAVEECS(client)) {
+       if (client->inner.haveecs) {
                ns_client_log_ecs(client, ecsbuf, sizeof(ecsbuf));
        }
 
@@ -857,8 +801,13 @@ query_reset(ns_client_t *client, bool everything) {
                dns_message_puttempname(client->message, &client->query.qname);
        }
        client->query.qname = NULL;
-       client->query.attributes = (NS_QUERYATTR_RECURSIONOK |
-                                   NS_QUERYATTR_CACHEOK | NS_QUERYATTR_SECURE);
+
+       memset(&client->query.attrs, 0, sizeof(client->query.attrs));
+
+       client->query.recursionok = true;
+       client->query.cacheok = true;
+       client->query.secure = true;
+
        client->query.restarts = 0;
        client->query.timerset = false;
        if (client->query.rpz_st != NULL) {
@@ -949,10 +898,9 @@ ns_query_init(ns_client_t *client) {
  * evaluation using the appropriate level, along with 'name' and 'qtype'.
  *
  * The cache ACL is only evaluated once for each client and then the result is
- * cached: if NS_QUERYATTR_CACHEACLOKVALID is set in client->query.attributes,
- * cache ACL evaluation has already been performed.  The evaluation result is
- * also stored in client->query.attributes: if NS_QUERYATTR_CACHEACLOK is set,
- * the client is allowed cache access.
+ * cached: if client->query.cacheaclokvalid is set, cache ACL evaluation has
+ * already been performed.  The evaluation result is also stored in
+ * client->query.cacheaclok: if set, the client is allowed cache access.
  *
  * Returns:
  *
@@ -964,7 +912,7 @@ query_checkcacheaccess(ns_client_t *client, const dns_name_t *name,
                       dns_rdatatype_t qtype, dns_getdb_options_t options) {
        isc_result_t result;
 
-       if ((client->query.attributes & NS_QUERYATTR_CACHEACLOKVALID) == 0) {
+       if (!client->query.cacheaclokvalid) {
                enum refusal_reasons {
                        ALLOW_QUERY_CACHE,
                        ALLOW_QUERY_CACHE_ON
@@ -994,7 +942,7 @@ query_checkcacheaccess(ns_client_t *client, const dns_name_t *name,
                        /*
                         * We were allowed by the "allow-query-cache" ACL.
                         */
-                       client->query.attributes |= NS_QUERYATTR_CACHEACLOK;
+                       client->query.cacheaclok = true;
                        if (!options.nolog &&
                            isc_log_wouldlog(ISC_LOG_DEBUG(3)))
                        {
@@ -1009,7 +957,7 @@ query_checkcacheaccess(ns_client_t *client, const dns_name_t *name,
                } else {
                        /*
                         * We were denied by the "allow-query-cache" ACL.
-                        * There is no need to clear NS_QUERYATTR_CACHEACLOK
+                        * There is no need to clear cacheaclok
                         * since it is cleared by query_reset(), before query
                         * processing starts.
                         */
@@ -1028,14 +976,12 @@ query_checkcacheaccess(ns_client_t *client, const dns_name_t *name,
 
                /*
                 * Evaluation has been finished; make sure we will just consult
-                * NS_QUERYATTR_CACHEACLOK for this client from now on.
+                * cacheaclok for this client from now on.
                 */
-               client->query.attributes |= NS_QUERYATTR_CACHEACLOKVALID;
+               client->query.cacheaclokvalid = true;
        }
 
-       return (client->query.attributes & NS_QUERYATTR_CACHEACLOK) != 0
-                      ? ISC_R_SUCCESS
-                      : DNS_R_REFUSED;
+       return client->query.cacheaclok ? ISC_R_SUCCESS : DNS_R_REFUSED;
 }
 
 static isc_result_t
@@ -1065,7 +1011,7 @@ query_validatezonedb(ns_client_t *client, const dns_name_t *name,
         * answering a query where recursion is requested and allowed.
         */
        if (client->query.rpz_st == NULL &&
-           !(WANTRECURSION(client) && RECURSIONOK(client)) &&
+           !(client->query.wantrecursion && client->query.recursionok) &&
            client->query.authdbset && db != client->query.authdb)
        {
                return DNS_R_REFUSED;
@@ -1077,7 +1023,7 @@ query_validatezonedb(ns_client_t *client, const dns_name_t *name,
         * and should not be disclosed.
         */
        if (dns_zone_gettype(zone) == dns_zone_staticstub &&
-           !RECURSIONOK(client))
+           !client->query.recursionok)
        {
                return DNS_R_REFUSED;
        }
@@ -1112,18 +1058,15 @@ query_validatezonedb(ns_client_t *client, const dns_name_t *name,
        queryacl = dns_zone_getqueryacl(zone);
        if (queryacl == NULL) {
                queryacl = client->inner.view->queryacl;
-               if ((client->query.attributes & NS_QUERYATTR_QUERYOKVALID) != 0)
-               {
+               if (client->query.queryokvalid) {
                        /*
                         * We've evaluated the view's queryacl already.  If
-                        * NS_QUERYATTR_QUERYOK is set, then the client is
+                        * queryok is set, then the client is
                         * allowed to make queries, otherwise the query should
                         * be refused.
                         */
                        dbversion->acl_checked = true;
-                       if ((client->query.attributes & NS_QUERYATTR_QUERYOK) ==
-                           0)
-                       {
+                       if (!client->query.queryok) {
                                dbversion->queryok = false;
                                return DNS_R_REFUSED;
                        }
@@ -1163,13 +1106,13 @@ query_validatezonedb(ns_client_t *client, const dns_name_t *name,
                         * "allow-query" ACL.  Remember this so we
                         * don't have to check again.
                         */
-                       client->query.attributes |= NS_QUERYATTR_QUERYOK;
+                       client->query.queryok = true;
                }
                /*
                 * We've now evaluated the view's query ACL, and
-                * the NS_QUERYATTR_QUERYOK attribute is now valid.
+                * the queryok attribute is now valid.
                 */
-               client->query.attributes |= NS_QUERYATTR_QUERYOKVALID;
+               client->query.queryokvalid = true;
        }
 
        /* If and only if we've gotten this far, check allow-query-on too */
@@ -1452,7 +1395,7 @@ query_getcachedb(ns_client_t *client, const dns_name_t *name,
 
        REQUIRE(dbp != NULL && *dbp == NULL);
 
-       if (!USECACHE(client)) {
+       if (!client->query.cacheok) {
                return DNS_R_REFUSED;
        }
 
@@ -1736,7 +1679,7 @@ query_additionalauth(query_ctx_t *qctx, const dns_name_t *name,
                                          &node, fname, rdataset, sigrdataset);
        if (result != ISC_R_SUCCESS &&
            qctx->view->minimalresponses == dns_minimal_no &&
-           RECURSIONOK(client))
+           client->query.recursionok)
        {
                /*
                 * If we aren't doing response minimization and recursion is
@@ -1792,7 +1735,7 @@ query_additional_cb(void *arg, const dns_name_t *name, dns_rdatatype_t qtype,
        REQUIRE(NS_CLIENT_VALID(client));
        REQUIRE(qtype != dns_rdatatype_any);
 
-       if (!WANTDNSSEC(client) && dns_rdatatype_isdnssec(qtype)) {
+       if (!client->inner.wantdnssec && dns_rdatatype_isdnssec(qtype)) {
                return ISC_R_SUCCESS;
        }
 
@@ -1819,7 +1762,7 @@ query_additional_cb(void *arg, const dns_name_t *name, dns_rdatatype_t qtype,
        dbuf = ns_client_getnamebuf(client);
        fname = ns_client_newname(client, dbuf, &b);
        rdataset = ns_client_newrdataset(client);
-       if (WANTDNSSEC(client)) {
+       if (client->inner.wantdnssec) {
                sigrdataset = ns_client_newrdataset(client);
        }
 
@@ -1872,7 +1815,7 @@ query_additional_cb(void *arg, const dns_name_t *name, dns_rdatatype_t qtype,
                                rdataset, sigrdataset);
 
        dns_cache_updatestats(qctx->view->cache, result);
-       if (!WANTDNSSEC(client)) {
+       if (!client->inner.wantdnssec) {
                ns_client_putrdataset(client, &sigrdataset);
        }
        if (result == ISC_R_SUCCESS) {
@@ -1990,7 +1933,7 @@ found:
                }
                if (sigrdataset != NULL) {
                        dns_rdataset_cleanup(sigrdataset);
-               } else if (WANTDNSSEC(client)) {
+               } else if (client->inner.wantdnssec) {
                        sigrdataset = ns_client_newrdataset(client);
                }
                if (query_isduplicate(client, fname, dns_rdatatype_a, NULL)) {
@@ -2188,7 +2131,7 @@ query_additional(query_ctx_t *qctx, dns_name_t *name,
 
        CTRACE(ISC_LOG_DEBUG(3), "query_additional");
 
-       if (NOADDITIONAL(client)) {
+       if (client->query.noadditional) {
                return;
        }
 
@@ -2286,7 +2229,7 @@ query_addrrset(query_ctx_t *qctx, dns_name_t **namep,
        if (rdataset->trust != dns_trust_secure &&
            (section == DNS_SECTION_ANSWER || section == DNS_SECTION_AUTHORITY))
        {
-               client->query.attributes &= ~NS_QUERYATTR_SECURE;
+               client->query.secure = false;
        }
 
        /*
@@ -2457,12 +2400,12 @@ stale_refresh_aftermath(ns_client_t *client, isc_result_t result) {
                 */
                client->inner.tnow = isc_time_now();
                client->inner.now = isc_time_seconds(&client->inner.tnow);
-               client->query.attributes &= ~NS_QUERYATTR_RECURSIONOK;
+               client->query.recursionok = false;
                qctx_init(client, NULL, 0, &qctx);
 
                dns_clientinfomethods_init(&cm, ns_client_sourceip);
                dns_clientinfo_init(&ci, qctx.client, NULL);
-               if (HAVEECS(qctx.client)) {
+               if (qctx.client->inner.haveecs) {
                        dns_clientinfo_setecs(&ci, &qctx.client->inner.ecs);
                }
 
@@ -2563,7 +2506,7 @@ fetch_and_forget(ns_client_t *client, dns_name_t *qname, dns_rdatatype_t qtype,
 
        tmprdataset = ns_client_newrdataset(client);
 
-       if (!TCP(client)) {
+       if (!client->inner.tcp) {
                peeraddr = &client->inner.peeraddr;
        } else {
                peeraddr = NULL;
@@ -2612,10 +2555,10 @@ query_stale_refresh(ns_client_t *client, dns_name_t *qname,
        bool stale_rrset = true;
 
        if (rdataset != NULL) {
-               stale_refresh_window = (STALE_WINDOW(rdataset) &&
+               stale_refresh_window = (rdataset->attributes.stale_window &&
                                        (client->query.dboptions &
                                         DNS_DBFIND_STALEENABLED) != 0);
-               stale_rrset = STALE(rdataset);
+               stale_rrset = rdataset->attributes.stale;
        }
 
        if (FETCH_RECTYPE_STALE_REFRESH(client) != NULL ||
@@ -2811,7 +2754,7 @@ rpz_get_zbits(ns_client_t *client, dns_rdatatype_t ip_type,
        /*
         * If the client wants recursion, allow only compatible policies.
         */
-       if (!RECURSIONOK(client)) {
+       if (!client->query.recursionok) {
                zbits &= st->popt.no_rd_ok;
        }
 
@@ -2902,7 +2845,7 @@ rpz_rrset_find(ns_client_t *client, dns_name_t *name, dns_rdatatype_t type,
        result = dns_db_findext(*dbp, name, version, type, options,
                                client->inner.now, &node, found, &cm, &ci,
                                *rdatasetp, NULL);
-       if (result == DNS_R_DELEGATION && is_zone && USECACHE(client)) {
+       if (result == DNS_R_DELEGATION && is_zone && client->query.cacheok) {
                /*
                 * Try the cache if we're authoritative for an
                 * ancestor but not the domain itself. DELEGATION or
@@ -3733,13 +3676,13 @@ rpz_rewrite(ns_client_t *client, dns_rdatatype_t qtype, isc_result_t qresult,
        if (st != NULL && (st->state & DNS_RPZ_REWRITTEN) != 0) {
                return DNS_R_DISALLOWED;
        }
-       if (RECURSING(client)) {
+       if (client->query.recursing) {
                return DNS_R_DISALLOWED;
        }
 
        RWLOCK(&rpzs->search_lock, isc_rwlocktype_read);
        if ((rpzs->p.num_zones == 0) ||
-           (!RECURSIONOK(client) && rpzs->p.no_rd_ok == 0) ||
+           (!client->query.recursionok && rpzs->p.no_rd_ok == 0) ||
            !rpz_ck_dnssec(client, qresult, ordataset, osigset))
        {
                RWUNLOCK(&rpzs->search_lock, isc_rwlocktype_read);
@@ -3779,7 +3722,7 @@ rpz_rewrite(ns_client_t *client, dns_rdatatype_t qtype, isc_result_t qresult,
            zones_processed < zones_registered)
        {
                /* Do not pollute SERVFAIL cache  */
-               client->inner.attributes |= NS_CLIENTATTR_NOSETFC;
+               client->inner.nosetfc = true;
 
                if (can_log_rpznotready()) {
                        rpz_log_fail(client, DNS_RPZ_INFO_LEVEL, NULL,
@@ -3818,7 +3761,7 @@ rpz_rewrite(ns_client_t *client, dns_rdatatype_t qtype, isc_result_t qresult,
                 * If recursion is off, this the normal and only time we
                 * can rewrite.
                 */
-               if (RECURSIONOK(client)) {
+               if (client->query.recursionok) {
                        qresult_type = qresult_type_recurse;
                } else {
                        qresult_type = qresult_type_restart;
@@ -4145,7 +4088,9 @@ rpz_ck_dnssec(ns_client_t *client, isc_result_t qresult,
 
        CTRACE(ISC_LOG_DEBUG(3), "rpz_ck_dnssec");
 
-       if (client->inner.view->rpzs->p.break_dnssec || !WANTDNSSEC(client)) {
+       if (client->inner.view->rpzs->p.break_dnssec ||
+           !client->inner.wantdnssec)
+       {
                return true;
        }
 
@@ -4431,11 +4376,11 @@ dns64_aaaaok(ns_client_t *client, dns_rdataset_t *rdataset,
                return true;
        }
 
-       if (RECURSIONOK(client)) {
+       if (client->query.recursionok) {
                flags |= DNS_DNS64_RECURSIVE;
        }
 
-       if (WANTDNSSEC(client) && sigrdataset != NULL &&
+       if (client->inner.wantdnssec && sigrdataset != NULL &&
            dns_rdataset_isassociated(sigrdataset))
        {
                flags |= DNS_DNS64_DNSSEC;
@@ -4504,12 +4449,13 @@ redirect(ns_client_t *client, dns_name_t *name, dns_rdataset_t *rdataset,
        dns_clientinfo_init(&ci, client, NULL);
        dns_clientinfo_setecs(&ci, &client->inner.ecs);
 
-       if (WANTDNSSEC(client) && dns_db_iszone(*dbp) && dns_db_issecure(*dbp))
+       if (client->inner.wantdnssec && dns_db_iszone(*dbp) &&
+           dns_db_issecure(*dbp))
        {
                return ISC_R_NOTFOUND;
        }
 
-       if (WANTDNSSEC(client) && dns_rdataset_isassociated(rdataset)) {
+       if (client->inner.wantdnssec && dns_rdataset_isassociated(rdataset)) {
                if (rdataset->trust == dns_trust_secure) {
                        return ISC_R_NOTFOUND;
                }
@@ -4587,8 +4533,8 @@ nxrrset:
        dns_db_detach(&db);
        *versionp = dbversion->version;
 
-       client->query.attributes |= (NS_QUERYATTR_NOAUTHORITY |
-                                    NS_QUERYATTR_NOADDITIONAL);
+       client->query.noauthority = true;
+       client->query.noadditional = true;
 
        return result;
 }
@@ -4611,11 +4557,11 @@ redirect2(ns_client_t *client, dns_name_t *name, dns_rdataset_t *rdataset,
        dns_zone_t *zone = NULL;
        bool is_zone;
        unsigned int labels;
-       bool redirected = REDIRECT(client);
+       bool redirected = client->query.is_redirect;
 
        CTRACE(ISC_LOG_DEBUG(3), "redirect2");
 
-       client->query.attributes &= ~NS_QUERYATTR_REDIRECT;
+       client->query.is_redirect = false;
 
        if (client->inner.view->redirectzone == NULL) {
                return ISC_R_NOTFOUND;
@@ -4631,12 +4577,13 @@ redirect2(ns_client_t *client, dns_name_t *name, dns_rdataset_t *rdataset,
        dns_clientinfo_init(&ci, client, NULL);
        dns_clientinfo_setecs(&ci, &client->inner.ecs);
 
-       if (WANTDNSSEC(client) && dns_db_iszone(*dbp) && dns_db_issecure(*dbp))
+       if (client->inner.wantdnssec && dns_db_iszone(*dbp) &&
+           dns_db_issecure(*dbp))
        {
                return ISC_R_NOTFOUND;
        }
 
-       if (WANTDNSSEC(client) && dns_rdataset_isassociated(rdataset)) {
+       if (client->inner.wantdnssec && dns_rdataset_isassociated(rdataset)) {
                if (rdataset->trust == dns_trust_secure) {
                        return ISC_R_NOTFOUND;
                }
@@ -4714,9 +4661,8 @@ redirect2(ns_client_t *client, dns_name_t *name, dns_rdataset_t *rdataset,
                        result = ns_query_recurse(client, qtype, redirectname,
                                                  NULL, NULL, true);
                        if (result == ISC_R_SUCCESS) {
-                               client->query.attributes |=
-                                       (NS_QUERYATTR_RECURSING |
-                                        NS_QUERYATTR_REDIRECT);
+                               client->query.recursing = true;
+                               client->query.is_redirect = true;
                                return DNS_R_CONTINUE;
                        }
                }
@@ -4761,8 +4707,8 @@ nxrrset:
        *is_zonep = is_zone;
        *versionp = version;
 
-       client->query.attributes |= (NS_QUERYATTR_NOAUTHORITY |
-                                    NS_QUERYATTR_NOADDITIONAL);
+       client->query.noauthority = true;
+       client->query.noadditional = true;
 
        return result;
 }
@@ -4927,11 +4873,20 @@ qctx_save(query_ctx_t *src, query_ctx_t **targetp) {
  * Log detailed information about the query immediately after
  * the client request or a return from recursion.
  */
+#ifdef WANT_QUERYTRACE
+static void
+attrs_tohex(char *dst, size_t dstsize, const uint8_t *src, size_t srclen) {
+       for (size_t i = 0; i < srclen; i++) {
+               snprintf(&dst[i * 2], dstsize - i * 2, "%02x", src[i]);
+       }
+}
+
 static void
 query_trace(query_ctx_t *qctx) {
-#ifdef WANT_QUERYTRACE
        char mbuf[2 * DNS_NAME_FORMATSIZE];
        char qbuf[DNS_NAME_FORMATSIZE];
+       char iabuf[sizeof(qctx->client->inner.attrs) * 2 + 1] = { 0 };
+       char qabuf[sizeof(qctx->client->query.attrs) * 2 + 1] = { 0 };
 
        if (qctx->client->query.origqname != NULL) {
                dns_name_format(qctx->client->query.origqname, qbuf,
@@ -4940,20 +4895,27 @@ query_trace(query_ctx_t *qctx) {
                snprintf(qbuf, sizeof(qbuf), "<unset>");
        }
 
+       attrs_tohex(iabuf, sizeof(iabuf), (uint8_t *)&qctx->client->inner.attrs,
+                   sizeof(qctx->client->inner.attrs));
+       attrs_tohex(qabuf, sizeof(qabuf), (uint8_t *)&qctx->client->query.attrs,
+                   sizeof(qctx->client->query.attrs));
+
        snprintf(mbuf, sizeof(mbuf) - 1,
-                "client attr:0x%x, query attr:0x%X, restarts:%u, "
+                "client attr:0x%s, query attr:0x%s, restarts:%u, "
                 "origqname:%s, timer:%d, authdb:%d, referral:%d, id:%hu",
-                qctx->client->inner.attributes, qctx->client->query.attributes,
-                qctx->client->query.restarts, qbuf,
+                iabuf, qabuf, qctx->client->query.restarts, qbuf,
                 (int)qctx->client->query.timerset,
                 (int)qctx->client->query.authdbset,
                 (int)qctx->client->query.isreferral,
                 qctx->client->message->id);
        CCTRACE(ISC_LOG_DEBUG(3), mbuf);
+}
 #else  /* ifdef WANT_QUERYTRACE */
-       UNUSED(qctx);
-#endif /* ifdef WANT_QUERYTRACE */
+static void
+query_trace(query_ctx_t *qctx ISC_ATTR_UNUSED) {
+       /* noop */
 }
+#endif /* ifdef WANT_QUERYTRACE */
 
 /*
  * Set up query processing for the current query of 'client'.
@@ -5056,7 +5018,7 @@ static void
 qctx_reportquery(query_ctx_t *qctx) {
        ns_client_t *client = qctx->client;
 
-       client->inner.attributes |= NS_CLIENTATTR_WANTRC;
+       client->inner.wantrc = true;
 
        /* If this isn't a report-logging zone, there's no more to do */
        dns_zoneopt_t opts = dns_zone_getoptions(qctx->zone);
@@ -5068,7 +5030,7 @@ qctx_reportquery(query_ctx_t *qctx) {
         * Suppress EDNS Report-Channel in responses from report-
         * logging zones; this prevents infinite loops.
         */
-       client->inner.attributes &= ~NS_CLIENTATTR_WANTRC;
+       client->inner.wantrc = false;
 
        /* If this isn't an error-report query, there's nothing more to do */
        if (client->query.qtype != dns_rdatatype_txt ||
@@ -5082,11 +5044,11 @@ qctx_reportquery(query_ctx_t *qctx) {
         * Check for TCP or a good server cookie.  If neither, send
         * back BADCOOKIE or TC=1.
         */
-       if (!TCP(client) && !HAVECOOKIE(client)) {
-               if (WANTCOOKIE(client)) {
-                       client->inner.attributes |= NS_CLIENTATTR_BADCOOKIE;
+       if (!client->inner.tcp && !client->inner.havecookie) {
+               if (client->inner.wantcookie) {
+                       client->inner.badcookie = true;
                } else {
-                       client->inner.attributes |= NS_CLIENTATTR_NEEDTCP;
+                       client->inner.needtcp = true;
                }
        }
 
@@ -5109,7 +5071,7 @@ qctx_setrad(query_ctx_t *qctx) {
        ns_client_t *client = qctx->client;
 
        /* Set the client to send a Report-Channel option when replying */
-       if ((client->inner.attributes & NS_CLIENTATTR_WANTRC) != 0) {
+       if (client->inner.wantrc) {
                dns_fixedname_t fixed;
                dns_name_t *rad = dns_fixedname_initname(&fixed);
 
@@ -5156,22 +5118,22 @@ ns__query_start(query_ctx_t *qctx) {
         * cookie was bad then send back BADCOOKIE before we have
         * done too much work.
         */
-       if (!TCP(qctx->client) &&
-           (BADCOOKIE(qctx->client) ||
-            (qctx->view->requireservercookie && WANTCOOKIE(qctx->client) &&
-             !HAVECOOKIE(qctx->client))))
+       if (!qctx->client->inner.tcp && (qctx->client->inner.badcookie ||
+                                        (qctx->view->requireservercookie &&
+                                         qctx->client->inner.wantcookie &&
+                                         !qctx->client->inner.havecookie)))
        {
                qctx->client->message->flags &= ~DNS_MESSAGEFLAG_AA;
                qctx->client->message->flags &= ~DNS_MESSAGEFLAG_AD;
                qctx->client->message->rcode = dns_rcode_badcookie;
-               qctx->client->inner.attributes &= ~NS_CLIENTATTR_WANTRC;
+               qctx->client->inner.wantrc = false;
                return ns_query_done(qctx);
        }
 
        /*
         * Respond with TC=1 if we need TCP for this request.
         */
-       if (!TCP(qctx->client) && NEEDTCP(qctx->client)) {
+       if (!qctx->client->inner.tcp && qctx->client->inner.needtcp) {
                qctx->client->message->flags &= ~DNS_MESSAGEFLAG_AA;
                qctx->client->message->flags &= ~DNS_MESSAGEFLAG_AD;
                qctx->client->message->flags |= DNS_MESSAGEFLAG_TC;
@@ -5232,8 +5194,8 @@ ns__query_start(query_ctx_t *qctx) {
                             qctx->qtype, qctx->options, &qctx->zone, &qctx->db,
                             &qctx->version, &qctx->is_zone);
        if ((result != ISC_R_SUCCESS || !qctx->is_zone) &&
-           qctx->qtype == dns_rdatatype_ds && !RECURSIONOK(qctx->client) &&
-           qctx->options.noexact)
+           qctx->qtype == dns_rdatatype_ds &&
+           !qctx->client->query.recursionok && qctx->options.noexact)
        {
                /*
                 * This is a non-recursive QTYPE=DS query with QNAME whose
@@ -5289,7 +5251,7 @@ ns__query_start(query_ctx_t *qctx) {
         */
        if (result != ISC_R_SUCCESS) {
                if (result == DNS_R_REFUSED) {
-                       if (WANTRECURSION(qctx->client)) {
+                       if (qctx->client->query.wantrecursion) {
                                dns_ede_add(&qctx->client->edectx,
                                            DNS_EDE_NOTAUTH,
                                            "recursion disabled");
@@ -5299,7 +5261,7 @@ ns__query_start(query_ctx_t *qctx) {
                                inc_stats(qctx->client,
                                          ns_statscounter_authrej);
                        }
-                       if (!PARTIALANSWER(qctx->client)) {
+                       if (!qctx->client->query.partialanswer) {
                                QUERY_ERROR(qctx, DNS_R_REFUSED);
                        }
                } else {
@@ -5505,7 +5467,7 @@ qctx_prepare_buffers(query_ctx_t *qctx, isc_buffer_t *buffer) {
        qctx->fname = ns_client_newname(qctx->client, qctx->dbuf, buffer);
        qctx->rdataset = ns_client_newrdataset(qctx->client);
 
-       if (WANTDNSSEC(qctx->client) || qctx->findcoveringnsec) {
+       if (qctx->client->inner.wantdnssec || qctx->findcoveringnsec) {
                qctx->sigrdataset = ns_client_newrdataset(qctx->client);
        }
 
@@ -5562,7 +5524,7 @@ query_lookup(query_ctx_t *qctx) {
 
        dns_clientinfomethods_init(&cm, ns_client_sourceip);
        dns_clientinfo_init(&ci, qctx->client, NULL);
-       if (HAVEECS(qctx->client)) {
+       if (qctx->client->inner.haveecs) {
                dns_clientinfo_setecs(&ci, &qctx->client->inner.ecs);
        }
 
@@ -5641,7 +5603,7 @@ query_lookup(query_ctx_t *qctx) {
         * we are allowed to immediately respond with a stale answer if the
         * request is within the 'stale-refresh-time' window.
         */
-       stale_refresh_window = (STALE_WINDOW(qctx->rdataset) &&
+       stale_refresh_window = (qctx->rdataset->attributes.stale_window &&
                                (dboptions & DNS_DBFIND_STALEENABLED) != 0);
 
        /*
@@ -5654,7 +5616,8 @@ query_lookup(query_ctx_t *qctx) {
        stale_timeout = ((dboptions & DNS_DBFIND_STALETIMEOUT) != 0);
 
        if (dns_rdataset_isassociated(qctx->rdataset) &&
-           dns_rdataset_count(qctx->rdataset) > 0 && !STALE(qctx->rdataset))
+           dns_rdataset_count(qctx->rdataset) > 0 &&
+           !qctx->rdataset->attributes.stale)
        {
                /* Found non-stale usable rdataset. */
                answer_found = true;
@@ -5669,7 +5632,7 @@ query_lookup(query_ctx_t *qctx) {
 
                if (dns_rdataset_isassociated(qctx->rdataset) &&
                    dns_rdataset_count(qctx->rdataset) > 0 &&
-                   STALE(qctx->rdataset))
+                   qctx->rdataset->attributes.stale)
                {
                        stale_found = true;
                        if (result == DNS_R_NCACHENXDOMAIN ||
@@ -5796,7 +5759,7 @@ fetch_callback(void *arg) {
        query_ctx_t qctx;
 
        REQUIRE(NS_CLIENT_VALID(client));
-       REQUIRE(RECURSING(client));
+       REQUIRE(client->query.recursing);
 
        CTRACE(ISC_LOG_DEBUG(3), "fetch_callback");
 
@@ -5807,7 +5770,7 @@ fetch_callback(void *arg) {
        if (client->inner.view->cachedb != NULL &&
            client->inner.view->recursion)
        {
-               client->query.attributes |= NS_QUERYATTR_RECURSIONOK;
+               client->query.recursionok = true;
        }
        client->query.dboptions &= ~DNS_DBFIND_STALETIMEOUT;
        client->query.dboptions &= ~DNS_DBFIND_STALEENABLED;
@@ -5846,7 +5809,7 @@ fetch_callback(void *arg) {
 
        isc_nmhandle_detach(&HANDLE_RECTYPE_NORMAL(client));
 
-       client->query.attributes &= ~NS_QUERYATTR_RECURSING;
+       client->query.recursing = false;
        client->inner.state = NS_CLIENTSTATE_WORKING;
 
        /*
@@ -6035,7 +5998,7 @@ ns_query_recurse(ns_client_t *client, dns_rdatatype_t qtype, dns_name_t *qname,
 
        rdataset = ns_client_newrdataset(client);
 
-       if (WANTDNSSEC(client)) {
+       if (client->inner.wantdnssec) {
                sigrdataset = ns_client_newrdataset(client);
        } else {
                sigrdataset = NULL;
@@ -6045,7 +6008,7 @@ ns_query_recurse(ns_client_t *client, dns_rdatatype_t qtype, dns_name_t *qname,
                ns_client_settimeout(client, 60);
        }
 
-       if (!TCP(client)) {
+       if (!client->inner.tcp) {
                peeraddr = &client->inner.peeraddr;
        }
 
@@ -6092,7 +6055,7 @@ query_resume(query_ctx_t *qctx) {
        char qbuf[DNS_NAME_FORMATSIZE];
        char tbuf[DNS_RDATATYPE_FORMATSIZE];
 #endif /* ifdef WANT_QUERYTRACE */
-       bool redirect = REDIRECT(qctx->client);
+       bool redirect = qctx->client->query.is_redirect;
 
        CCTRACE(ISC_LOG_DEBUG(3), "query_resume");
 
@@ -6207,13 +6170,13 @@ query_resume(query_ctx_t *qctx) {
 
        CALL_HOOK(NS_QUERY_RESUME_RESTORED, qctx);
 
-       if (DNS64(qctx->client)) {
-               qctx->client->query.attributes &= ~NS_QUERYATTR_DNS64;
+       if (qctx->client->query.dns64) {
+               qctx->client->query.dns64 = false;
                qctx->dns64 = true;
        }
 
-       if (DNS64EXCLUDE(qctx->client)) {
-               qctx->client->query.attributes &= ~NS_QUERYATTR_DNS64EXCLUDE;
+       if (qctx->client->query.dns64exclude) {
+               qctx->client->query.dns64exclude = false;
                qctx->dns64_exclude = true;
        }
 
@@ -6265,8 +6228,7 @@ query_resume(query_ctx_t *qctx) {
                if (result != DNS_R_COVERINGNSEC && result != DNS_R_NXDOMAIN &&
                    result != DNS_R_NCACHENXDOMAIN)
                {
-                       qctx->client->query.attributes &=
-                               ~NS_QUERYATTR_REDIRECT;
+                       qctx->client->query.is_redirect = false;
                }
        } else {
                result = qctx->fresp->result;
@@ -6438,7 +6400,7 @@ ns_query_hookasync(query_ctx_t *qctx, ns_query_starthookasync_t runasync,
 
        /*
         * Typically the runasync() function will trigger recursion, but
-        * there is no need to set NS_QUERYATTR_RECURSING. The calling hook
+        * there is no need to set the recursing attribute. The calling hook
         * is expected to return NS_HOOK_RETURN, and the RECURSING
         * attribute won't be checked anywhere.
         *
@@ -6490,7 +6452,7 @@ ns__query_sfcache(query_ctx_t *qctx) {
        /*
         * The SERVFAIL cache doesn't apply to authoritative queries.
         */
-       if (!RECURSIONOK(qctx->client)) {
+       if (!qctx->client->query.recursionok) {
                return ISC_R_COMPLETE;
        }
 
@@ -6532,7 +6494,7 @@ ns__query_sfcache(query_ctx_t *qctx) {
                }
 
                dns_ede_add(&qctx->client->edectx, DNS_EDE_CACHEDERROR, NULL);
-               qctx->client->inner.attributes |= NS_CLIENTATTR_NOSETFC;
+               qctx->client->inner.nosetfc = true;
                QUERY_ERROR(qctx, DNS_R_SERVFAIL);
                return ns_query_done(qctx);
        }
@@ -6586,26 +6548,25 @@ query_checkrrl(query_ctx_t *qctx, isc_result_t result) {
                "rrl=%p, HAVECOOKIE=%u, result=%s, "
                "fname=%p(%u), is_zone=%u, RECURSIONOK=%u, "
                "query.rpz_st=%p(%u), RRL_CHECKED=%u",
-               qctx->client->inner.view->rrl, HAVECOOKIE(qctx->client),
+               qctx->client->inner.view->rrl, qctx->client->inner.havecookie,
                isc_result_toid(result), qctx->fname,
                qctx->fname != NULL ? dns_name_isabsolute(qctx->fname) : 0,
-               qctx->is_zone, RECURSIONOK(qctx->client),
+               qctx->is_zone, qctx->client->query.recursionok,
                qctx->client->query.rpz_st,
                qctx->client->query.rpz_st != NULL
                        ? ((qctx->client->query.rpz_st->state &
                            DNS_RPZ_REWRITTEN) != 0)
                        : 0,
-               (qctx->client->query.attributes & NS_QUERYATTR_RRL_CHECKED) !=
-                       0);
+               qctx->client->query.rrl_checked);
 
-       if (qctx->view->rrl != NULL && !HAVECOOKIE(qctx->client) &&
+       if (qctx->view->rrl != NULL && !qctx->client->inner.havecookie &&
            ((qctx->fname != NULL && dns_name_isabsolute(qctx->fname)) ||
-            (result == ISC_R_NOTFOUND && !RECURSIONOK(qctx->client))) &&
+            (result == ISC_R_NOTFOUND && !qctx->client->query.recursionok)) &&
            !(result == ISC_R_NOTFOUND && !qctx->is_zone &&
-             RECURSIONOK(qctx->client)) &&
+             qctx->client->query.recursionok) &&
            (qctx->client->query.rpz_st == NULL ||
             (qctx->client->query.rpz_st->state & DNS_RPZ_REWRITTEN) == 0) &&
-           (qctx->client->query.attributes & NS_QUERYATTR_RRL_CHECKED) == 0)
+           !qctx->client->query.rrl_checked)
        {
                bool wouldlog;
                const dns_name_t *constname;
@@ -6614,7 +6575,7 @@ query_checkrrl(query_ctx_t *qctx, isc_result_t result) {
                isc_result_t resp_result;
                dns_rrl_result_t rrl_result;
 
-               qctx->client->query.attributes |= NS_QUERYATTR_RRL_CHECKED;
+               qctx->client->query.rrl_checked = true;
 
                wouldlog = isc_log_wouldlog(DNS_RRL_LOG_DROP);
                constname = qctx->fname;
@@ -6667,7 +6628,7 @@ query_checkrrl(query_ctx_t *qctx, isc_result_t result) {
 
                rrl_result = dns_rrl(
                        qctx->view, qctx->zone, &qctx->client->inner.peeraddr,
-                       TCP(qctx->client), qctx->client->message->rdclass,
+                       qctx->client->inner.tcp, qctx->client->message->rdclass,
                        qctx->qtype, constname, resp_result,
                        qctx->client->inner.now, wouldlog, log_buf,
                        sizeof(log_buf));
@@ -6711,15 +6672,15 @@ query_checkrrl(query_ctx_t *qctx, isc_result_t result) {
                                         */
                                        inc_stats(qctx->client,
                                                  ns_statscounter_rateslipped);
-                                       if (WANTCOOKIE(qctx->client)) {
+                                       if (qctx->client->inner.wantcookie) {
                                                qctx->client->message->flags &=
                                                        ~DNS_MESSAGEFLAG_AA;
                                                qctx->client->message->flags &=
                                                        ~DNS_MESSAGEFLAG_AD;
                                                qctx->client->message->rcode =
                                                        dns_rcode_badcookie;
-                                               qctx->client->inner.attributes &=
-                                                       ~NS_CLIENTATTR_WANTRC;
+                                               qctx->client->inner.wantrc =
+                                                       false;
                                        } else {
                                                qctx->client->message->flags |=
                                                        DNS_MESSAGEFLAG_TC;
@@ -6773,7 +6734,7 @@ query_checkrpz(query_ctx_t *qctx, isc_result_t result) {
                 * recursing for NS names or addresses,
                 * so save the main query state
                 */
-               INSIST(!RECURSING(qctx->client));
+               INSIST(!qctx->client->query.recursing);
                qctx->rpz_st->q.qtype = qctx->qtype;
                qctx->rpz_st->q.is_zone = qctx->is_zone;
                qctx->rpz_st->q.authoritative = qctx->authoritative;
@@ -6784,7 +6745,7 @@ query_checkrpz(query_ctx_t *qctx, isc_result_t result) {
                qctx->rpz_st->q.sigrdataset = MOVE_OWNERSHIP(qctx->sigrdataset);
                dns_name_copy(qctx->fname, qctx->rpz_st->fname);
                qctx->rpz_st->q.result = result;
-               qctx->client->query.attributes |= NS_QUERYATTR_RECURSING;
+               qctx->client->query.recursing = true;
                return ISC_R_COMPLETE;
        default:
                QUERY_ERROR(qctx, rresult);
@@ -6798,7 +6759,7 @@ query_checkrpz(query_ctx_t *qctx, isc_result_t result) {
        if (qctx->rpz_st->m.policy != DNS_RPZ_POLICY_MISS &&
            qctx->rpz_st->m.policy != DNS_RPZ_POLICY_PASSTHRU &&
            (qctx->rpz_st->m.policy != DNS_RPZ_POLICY_TCP_ONLY ||
-            !TCP(qctx->client)) &&
+            !qctx->client->inner.tcp) &&
            qctx->rpz_st->m.policy != DNS_RPZ_POLICY_ERROR)
        {
                /*
@@ -6934,8 +6895,8 @@ query_checkrpz(query_ctx_t *qctx, isc_result_t result) {
                 * Turn off DNSSEC because the results of a
                 * response policy zone cannot verify.
                 */
-               qctx->client->inner.attributes &= ~(NS_CLIENTATTR_WANTDNSSEC |
-                                                   NS_CLIENTATTR_WANTAD);
+               qctx->client->inner.wantdnssec = false;
+               qctx->client->inner.wantad = false;
                qctx->client->message->flags &= ~DNS_MESSAGEFLAG_AD;
                ns_client_putrdataset(qctx->client, &qctx->sigrdataset);
                qctx->rpz_st->q.is_zone = qctx->is_zone;
@@ -7002,8 +6963,8 @@ query_rpzcname(query_ctx_t *qctx, dns_name_t *cname) {
         * Turn off DNSSEC because the results of a
         * response policy zone cannot verify.
         */
-       client->inner.attributes &= ~(NS_CLIENTATTR_WANTDNSSEC |
-                                     NS_CLIENTATTR_WANTAD);
+       client->inner.wantdnssec = false;
+       client->inner.wantad = false;
 
        return ISC_R_SUCCESS;
 }
@@ -7196,7 +7157,8 @@ query_gotanswer(query_ctx_t *qctx, isc_result_t result) {
                         */
                        goto root_key_sentinel;
                }
-               if (RECURSING(qctx->client) && result == DNS_R_DISALLOWED) {
+               if (qctx->client->query.recursing && result == DNS_R_DISALLOWED)
+               {
                        /*
                         * We are recursing, and thus RPZ processing is not
                         * allowed at the moment. This could happen on a
@@ -7220,7 +7182,7 @@ root_key_sentinel:
                /*
                 * Don't record this response in the SERVFAIL cache.
                 */
-               qctx->client->inner.attributes |= NS_CLIENTATTR_NOSETFC;
+               qctx->client->inner.nosetfc = true;
                QUERY_ERROR(qctx, DNS_R_SERVFAIL);
                return ns_query_done(qctx);
        }
@@ -7429,15 +7391,17 @@ query_respond_any(query_ctx_t *qctx) {
                         */
                        dns_rdataset_disassociate(qctx->rdataset);
                        hidden = true;
-               } else if (qctx->view->minimal_any && !TCP(qctx->client) &&
-                          !WANTDNSSEC(qctx->client) &&
+               } else if (qctx->view->minimal_any &&
+                          !qctx->client->inner.tcp &&
+                          !qctx->client->inner.wantdnssec &&
                           qctx->qtype == dns_rdatatype_any &&
                           (dns_rdatatype_issig(qctx->rdataset->type)))
                {
                        CCTRACE(ISC_LOG_DEBUG(5), "query_respond_any: "
                                                  "minimal-any skip signature");
                        dns_rdataset_disassociate(qctx->rdataset);
-               } else if (qctx->view->minimal_any && !TCP(qctx->client) &&
+               } else if (qctx->view->minimal_any &&
+                          !qctx->client->inner.tcp &&
                           onetype != dns_rdatatype_none &&
                           qctx->rdataset->type != onetype &&
                           qctx->rdataset->covers != onetype)
@@ -7449,7 +7413,8 @@ query_respond_any(query_ctx_t *qctx) {
                            qctx->rdataset->type == qctx->qtype) &&
                           qctx->rdataset->type != 0)
                {
-                       if (NOQNAME(qctx->rdataset) && WANTDNSSEC(qctx->client))
+                       if (qctx->rdataset->attributes.noqname &&
+                           qctx->client->inner.wantdnssec)
                        {
                                qctx->noqname = qctx->rdataset;
                        } else {
@@ -7466,7 +7431,7 @@ query_respond_any(query_ctx_t *qctx) {
                                                qctx->rpz_st->m.ttl);
                        }
 
-                       if (!qctx->is_zone && RECURSIONOK(qctx->client)) {
+                       if (!qctx->is_zone && qctx->client->query.recursionok) {
                                dns_name_t *name;
                                name = (qctx->fname != NULL) ? qctx->fname
                                                             : qctx->tname;
@@ -7540,7 +7505,7 @@ query_respond_any(query_ctx_t *qctx) {
                 */
                if (!qctx->is_zone) {
                        qctx->authoritative = false;
-                       qctx->client->inner.attributes &= ~NS_CLIENTATTR_RA;
+                       qctx->client->inner.ra = false;
                        query_addauth(qctx);
                        return ns_query_done(qctx);
                }
@@ -7585,7 +7550,7 @@ query_getexpire(query_ctx_t *qctx) {
        if (qctx->zone == NULL || !qctx->is_zone ||
            qctx->qtype != dns_rdatatype_soa ||
            qctx->client->query.restarts != 0 ||
-           (qctx->client->inner.attributes & NS_CLIENTATTR_WANTEXPIRE) == 0)
+           !qctx->client->inner.wantexpire)
        {
                return;
        }
@@ -7603,8 +7568,7 @@ query_getexpire(query_ctx_t *qctx) {
                if (secs >= qctx->client->inner.now &&
                    qctx->result == ISC_R_SUCCESS)
                {
-                       qctx->client->inner.attributes |=
-                               NS_CLIENTATTR_HAVEEXPIRE;
+                       qctx->client->inner.haveexpire = true;
                        qctx->client->inner.expire = secs -
                                                     qctx->client->inner.now;
                }
@@ -7621,7 +7585,7 @@ query_getexpire(query_ctx_t *qctx) {
                RUNTIME_CHECK(result == ISC_R_SUCCESS);
 
                qctx->client->inner.expire = soa.expire;
-               qctx->client->inner.attributes |= NS_CLIENTATTR_HAVEEXPIRE;
+               qctx->client->inner.haveexpire = true;
        }
 
        if (raw != NULL) {
@@ -7639,10 +7603,8 @@ query_getzoneversion(query_ctx_t *qctx) {
 
        if (qctx->zone == NULL || !qctx->is_zone ||
            qctx->client->query.restarts != 0 ||
-           (qctx->client->inner.attributes & NS_CLIENTATTR_WANTZONEVERSION) ==
-                   0 ||
-           (qctx->client->inner.attributes & NS_CLIENTATTR_HAVEZONEVERSION) !=
-                   0)
+           !qctx->client->inner.wantzoneversion ||
+           qctx->client->inner.havezoneversion)
        {
                return;
        }
@@ -7665,8 +7627,7 @@ query_getzoneversion(query_ctx_t *qctx) {
                        if (len < 2 || (buf[1] == 0 && len != 6)) {
                                return;
                        }
-                       qctx->client->inner.attributes |=
-                               NS_CLIENTATTR_HAVEZONEVERSION;
+                       qctx->client->inner.havezoneversion = true;
                        INSIST(qctx->client->inner.zoneversion == NULL);
                        qctx->client->inner.zoneversion =
                                isc_mem_get(qctx->client->manager->mctx, len);
@@ -7729,11 +7690,12 @@ query_addanswer(query_ctx_t *qctx) {
                             qctx->client->query.dns64_aaaaoklen, sizeof(bool));
                qctx->client->query.dns64_aaaaoklen = 0;
        } else {
-               if (!qctx->is_zone && RECURSIONOK(qctx->client)) {
+               if (!qctx->is_zone && qctx->client->query.recursionok) {
                        query_prefetch(qctx->client, qctx->fname,
                                       qctx->rdataset);
                }
-               if (WANTDNSSEC(qctx->client) && qctx->sigrdataset != NULL) {
+               if (qctx->client->inner.wantdnssec && qctx->sigrdataset != NULL)
+               {
                        sigrdatasetp = &qctx->sigrdataset;
                }
                query_addrrset(qctx, &qctx->fname, &qctx->rdataset,
@@ -7792,7 +7754,9 @@ query_respond(query_ctx_t *qctx) {
         */
        CALL_HOOK(NS_QUERY_RESPOND_BEGIN, qctx);
 
-       if (NOQNAME(qctx->rdataset) && WANTDNSSEC(qctx->client)) {
+       if (qctx->rdataset->attributes.noqname &&
+           qctx->client->inner.wantdnssec)
+       {
                qctx->noqname = qctx->rdataset;
        } else {
                qctx->noqname = NULL;
@@ -7817,8 +7781,7 @@ query_respond(query_ctx_t *qctx) {
                 * of "minimal-responses" setting.
                 */
                if (dns_name_equal(qctx->client->query.qname, dns_rootname)) {
-                       qctx->client->query.attributes &=
-                               ~NS_QUERYATTR_NOADDITIONAL;
+                       qctx->client->query.noadditional = false;
                        dns_db_attach(qctx->db, &qctx->client->query.gluedb);
                }
        }
@@ -7919,20 +7882,20 @@ query_dns64(query_ctx_t *qctx) {
        }
 
        if (qctx->rdataset->trust != dns_trust_secure) {
-               client->query.attributes &= ~NS_QUERYATTR_SECURE;
+               client->query.secure = false;
        }
 
        /*
         * We use the signatures from the A lookup to set DNS_DNS64_DNSSEC
         * as this provides a easy way to see if the answer was signed.
         */
-       if (WANTDNSSEC(qctx->client) && qctx->sigrdataset != NULL &&
+       if (qctx->client->inner.wantdnssec && qctx->sigrdataset != NULL &&
            dns_rdataset_isassociated(qctx->sigrdataset))
        {
                flags |= DNS_DNS64_DNSSEC;
        }
 
-       if (RECURSIONOK(client)) {
+       if (client->query.recursionok) {
                flags |= DNS_DNS64_RECURSIVE;
        }
 
@@ -7943,7 +7906,7 @@ query_dns64(query_ctx_t *qctx) {
                              &dns64_rdataset));
 
        dns_rdataset_setownercase(dns64_rdataset, mname);
-       client->query.attributes |= NS_QUERYATTR_NOADDITIONAL;
+       client->query.noadditional = true;
 
        if (client->query.dns64_ttl != UINT32_MAX) {
                dns64_rdataset->ttl = ISC_MIN(qctx->rdataset->ttl,
@@ -8008,7 +7971,7 @@ query_filter64(query_ctx_t *qctx) {
        }
 
        if (qctx->rdataset->trust != dns_trust_secure) {
-               client->query.attributes &= ~NS_QUERYATTR_SECURE;
+               client->query.secure = false;
        }
 
        isc_buffer_allocate(client->manager->mctx, &buffer,
@@ -8042,7 +8005,7 @@ query_filter64(query_ctx_t *qctx) {
 
        dns_rdatalist_tordataset(myrdatalist, myrdataset);
        dns_rdataset_setownercase(myrdataset, mname);
-       client->query.attributes |= NS_QUERYATTR_NOADDITIONAL;
+       client->query.noadditional = true;
        if (mname == name) {
                if (qctx->dbuf != NULL) {
                        ns_client_keepname(client, name, qctx->dbuf);
@@ -8114,23 +8077,20 @@ query_notfound(query_ctx_t *qctx) {
                 * we may have working forwarders, so try to
                 * recurse anyway.
                 */
-               if (RECURSIONOK(qctx->client)) {
-                       INSIST(!REDIRECT(qctx->client));
+               if (qctx->client->query.recursionok) {
+                       INSIST(!qctx->client->query.is_redirect);
                        result = ns_query_recurse(qctx->client, qctx->qtype,
                                                  qctx->client->query.qname,
                                                  NULL, NULL, qctx->resuming);
                        if (result == ISC_R_SUCCESS) {
                                CALL_HOOK(NS_QUERY_NOTFOUND_RECURSE, qctx);
-                               qctx->client->query.attributes |=
-                                       NS_QUERYATTR_RECURSING;
+                               qctx->client->query.recursing = true;
 
                                if (qctx->dns64) {
-                                       qctx->client->query.attributes |=
-                                               NS_QUERYATTR_DNS64;
+                                       qctx->client->query.dns64 = true;
                                }
                                if (qctx->dns64_exclude) {
-                                       qctx->client->query.attributes |=
-                                               NS_QUERYATTR_DNS64EXCLUDE;
+                                       qctx->client->query.dns64exclude = true;
                                }
                        } else if (query_usestale(qctx, result)) {
                                /*
@@ -8191,8 +8151,8 @@ query_prepare_delegation_response(query_ctx_t *qctx) {
         * We must ensure NOADDITIONAL is off, because the generation of
         * additional data is required in delegations.
         */
-       qctx->client->query.attributes &= ~NS_QUERYATTR_NOADDITIONAL;
-       if (WANTDNSSEC(qctx->client) && qctx->sigrdataset != NULL) {
+       qctx->client->query.noadditional = false;
+       if (qctx->client->inner.wantdnssec && qctx->sigrdataset != NULL) {
                sigrdatasetp = &qctx->sigrdataset;
        }
        query_addrrset(qctx, &qctx->fname, &qctx->rdataset, sigrdatasetp,
@@ -8228,7 +8188,7 @@ query_zone_delegation(query_ctx_t *qctx) {
         * If the query type is DS, look to see if we are
         * authoritative for the child zone
         */
-       if (!RECURSIONOK(qctx->client) &&
+       if (!qctx->client->query.recursionok &&
            (qctx->options.noexact && qctx->qtype == dns_rdatatype_ds))
        {
                dns_db_t *tdb = NULL;
@@ -8275,8 +8235,8 @@ query_zone_delegation(query_ctx_t *qctx) {
                }
        }
 
-       if (USECACHE(qctx->client) &&
-           (RECURSIONOK(qctx->client) ||
+       if (qctx->client->query.cacheok &&
+           (qctx->client->query.recursionok ||
             (qctx->zone != NULL &&
              dns_zone_gettype(qctx->zone) == dns_zone_mirror)))
        {
@@ -8413,7 +8373,7 @@ query_delegation_recurse(query_ctx_t *qctx) {
 
        CCTRACE(ISC_LOG_DEBUG(3), "query_delegation_recurse");
 
-       if (!RECURSIONOK(qctx->client)) {
+       if (!qctx->client->query.recursionok) {
                return ISC_R_COMPLETE;
        }
 
@@ -8427,7 +8387,7 @@ query_delegation_recurse(query_ctx_t *qctx) {
         * query_resume() when the recursion is complete.
         */
 
-       INSIST(!REDIRECT(qctx->client));
+       INSIST(!qctx->client->query.is_redirect);
 
        if (dns_rdatatype_atparent(qctx->type)) {
                /*
@@ -8473,13 +8433,12 @@ query_delegation_recurse(query_ctx_t *qctx) {
        }
 
        if (result == ISC_R_SUCCESS) {
-               qctx->client->query.attributes |= NS_QUERYATTR_RECURSING;
+               qctx->client->query.recursing = true;
                if (qctx->dns64) {
-                       qctx->client->query.attributes |= NS_QUERYATTR_DNS64;
+                       qctx->client->query.dns64 = true;
                }
                if (qctx->dns64_exclude) {
-                       qctx->client->query.attributes |=
-                               NS_QUERYATTR_DNS64EXCLUDE;
+                       qctx->client->query.dns64exclude = true;
                }
        } else if (query_usestale(qctx, result)) {
                /*
@@ -8516,7 +8475,7 @@ query_addds(query_ctx_t *qctx) {
        /*
         * DS not needed.
         */
-       if (!WANTDNSSEC(client)) {
+       if (!client->inner.wantdnssec) {
                return;
        }
 
@@ -8758,7 +8717,7 @@ query_sign_nodata(query_ctx_t *qctx) {
                return ns_query_done(qctx);
        }
        if (!dns_rdataset_isassociated(qctx->rdataset) &&
-           WANTDNSSEC(qctx->client))
+           qctx->client->inner.wantdnssec)
        {
                if (!qctx->fname->attributes.wildcard) {
                        dns_name_t *found;
@@ -8855,7 +8814,7 @@ query_sign_nodata(query_ctx_t *qctx) {
        /*
         * Add NSEC record if we found one.
         */
-       if (WANTDNSSEC(qctx->client) &&
+       if (qctx->client->inner.wantdnssec &&
            dns_rdataset_isassociated(qctx->rdataset))
        {
                query_addnxrrsetnsec(qctx);
@@ -8981,7 +8940,7 @@ query_nxdomain(query_ctx_t *qctx, isc_result_t result) {
                }
        }
 
-       if (WANTDNSSEC(qctx->client)) {
+       if (qctx->client->inner.wantdnssec) {
                /*
                 * Add NSEC record if we found one.
                 */
@@ -9157,7 +9116,7 @@ query_synthnodata(query_ctx_t *qctx, const dns_name_t *signer,
         * We want the SOA record to be first, so save the
         * NODATA proof's name now or else discard it.
         */
-       if (WANTDNSSEC(qctx->client)) {
+       if (qctx->client->inner.wantdnssec) {
                ns_client_keepname(qctx->client, qctx->fname, qctx->dbuf);
        } else {
                ns_client_releasename(qctx->client, &qctx->fname);
@@ -9170,13 +9129,13 @@ query_synthnodata(query_ctx_t *qctx, const dns_name_t *signer,
        /*
         * Add SOA record. Omit the RRSIG if DNSSEC was not requested.
         */
-       if (!WANTDNSSEC(qctx->client)) {
+       if (!qctx->client->inner.wantdnssec) {
                sigsoardatasetp = NULL;
        }
        query_addrrset(qctx, &name, soardatasetp, sigsoardatasetp, dbuf,
                       DNS_SECTION_AUTHORITY);
 
-       if (WANTDNSSEC(qctx->client)) {
+       if (qctx->client->inner.wantdnssec) {
                /*
                 * Add NODATA proof.
                 */
@@ -9210,7 +9169,7 @@ query_synthwildcard(query_ctx_t *qctx, dns_rdataset_t *rdataset,
         * We want the answer to be first, so save the
         * NOQNAME proof's name now or else discard it.
         */
-       if (WANTDNSSEC(qctx->client)) {
+       if (qctx->client->inner.wantdnssec) {
                ns_client_keepname(qctx->client, qctx->fname, qctx->dbuf);
        } else {
                ns_client_releasename(qctx->client, &qctx->fname);
@@ -9226,7 +9185,7 @@ query_synthwildcard(query_ctx_t *qctx, dns_rdataset_t *rdataset,
        /*
         * Add answer RRset. Omit the RRSIG if DNSSEC was not requested.
         */
-       if (WANTDNSSEC(qctx->client)) {
+       if (qctx->client->inner.wantdnssec) {
                clonesigset = ns_client_newrdataset(qctx->client);
                dns_rdataset_clone(sigrdataset, clonesigset);
                sigrdatasetp = &clonesigset;
@@ -9237,7 +9196,7 @@ query_synthwildcard(query_ctx_t *qctx, dns_rdataset_t *rdataset,
        query_addrrset(qctx, &name, &cloneset, sigrdatasetp, dbuf,
                       DNS_SECTION_ANSWER);
 
-       if (WANTDNSSEC(qctx->client)) {
+       if (qctx->client->inner.wantdnssec) {
                /*
                 * Add NOQNAME proof.
                 */
@@ -9274,7 +9233,7 @@ query_synthcnamewildcard(query_ctx_t *qctx, dns_rdataset_t *rdataset,
 
        RETERR(query_synthwildcard(qctx, rdataset, sigrdataset));
 
-       qctx->client->query.attributes |= NS_QUERYATTR_PARTIALANSWER;
+       qctx->client->query.partialanswer = true;
 
        /*
         * Reset qname to be the target name of the CNAME and restart
@@ -9304,7 +9263,7 @@ query_synthcnamewildcard(query_ctx_t *qctx, dns_rdataset_t *rdataset,
        dns_rdata_freestruct(&cname);
        ns_client_qnamereplace(qctx->client, tname);
        qctx->want_restart = true;
-       if (!WANTRECURSION(qctx->client)) {
+       if (!qctx->client->query.wantrecursion) {
                qctx->options.nolog = true;
        }
 
@@ -9343,7 +9302,7 @@ query_synthnxdomainnodata(query_ctx_t *qctx, bool nodata, dns_name_t *nowild,
         * We want the SOA record to be first, so save the
         * NOQNAME proof's name now or else discard it.
         */
-       if (WANTDNSSEC(qctx->client)) {
+       if (qctx->client->inner.wantdnssec) {
                ns_client_keepname(qctx->client, qctx->fname, qctx->dbuf);
        } else {
                ns_client_releasename(qctx->client, &qctx->fname);
@@ -9356,13 +9315,13 @@ query_synthnxdomainnodata(query_ctx_t *qctx, bool nodata, dns_name_t *nowild,
        /*
         * Add SOA record. Omit the RRSIG if DNSSEC was not requested.
         */
-       if (!WANTDNSSEC(qctx->client)) {
+       if (!qctx->client->inner.wantdnssec) {
                sigsoardatasetp = NULL;
        }
        query_addrrset(qctx, &name, soardatasetp, sigsoardatasetp, dbuf,
                       DNS_SECTION_AUTHORITY);
 
-       if (WANTDNSSEC(qctx->client)) {
+       if (qctx->client->inner.wantdnssec) {
                /*
                 * Add NOQNAME proof.
                 */
@@ -9557,8 +9516,8 @@ query_coveringnsec(query_ctx_t *qctx) {
                {
                        goto cleanup;
                }
-               if (!qctx->resuming && !STALE(qctx->rdataset) &&
-                   qctx->rdataset->ttl == 0 && RECURSIONOK(qctx->client))
+               if (!qctx->resuming && !qctx->rdataset->attributes.stale &&
+                   qctx->rdataset->ttl == 0 && qctx->client->query.recursionok)
                {
                        goto cleanup;
                }
@@ -9615,8 +9574,8 @@ query_coveringnsec(query_ctx_t *qctx) {
                }
                FALLTHROUGH;
        case DNS_R_CNAME:
-               if (!qctx->resuming && !STALE(&rdataset) && rdataset.ttl == 0 &&
-                   RECURSIONOK(qctx->client))
+               if (!qctx->resuming && !rdataset.attributes.stale &&
+                   rdataset.ttl == 0 && qctx->client->query.recursionok)
                {
                        goto cleanup;
                }
@@ -9775,7 +9734,7 @@ query_ncache(query_ctx_t *qctx, isc_result_t result) {
                }
        }
 
-       if (!qctx->is_zone && RECURSIONOK(qctx->client)) {
+       if (!qctx->is_zone && qctx->client->query.recursionok) {
                query_stale_refresh_ncache(qctx->client);
        }
 
@@ -9794,29 +9753,29 @@ query_zerottl_refetch(query_ctx_t *qctx) {
 
        CCTRACE(ISC_LOG_DEBUG(3), "query_zerottl_refetch");
 
-       if (qctx->is_zone || qctx->resuming || STALE(qctx->rdataset) ||
-           qctx->rdataset->ttl != 0 || !RECURSIONOK(qctx->client))
+       if (qctx->is_zone || qctx->resuming ||
+           qctx->rdataset->attributes.stale || qctx->rdataset->ttl != 0 ||
+           !qctx->client->query.recursionok)
        {
                return ISC_R_COMPLETE;
        }
 
        qctx_clean(qctx);
 
-       INSIST(!REDIRECT(qctx->client));
+       INSIST(!qctx->client->query.is_redirect);
 
        result = ns_query_recurse(qctx->client, qctx->qtype,
                                  qctx->client->query.qname, NULL, NULL,
                                  qctx->resuming);
        if (result == ISC_R_SUCCESS) {
                CALL_HOOK(NS_QUERY_ZEROTTL_RECURSE, qctx);
-               qctx->client->query.attributes |= NS_QUERYATTR_RECURSING;
+               qctx->client->query.recursing = true;
 
                if (qctx->dns64) {
-                       qctx->client->query.attributes |= NS_QUERYATTR_DNS64;
+                       qctx->client->query.dns64 = true;
                }
                if (qctx->dns64_exclude) {
-                       qctx->client->query.attributes |=
-                               NS_QUERYATTR_DNS64EXCLUDE;
+                       qctx->client->query.dns64exclude = true;
                }
        } else {
                /*
@@ -9863,24 +9822,27 @@ query_cname(query_ctx_t *qctx) {
        /*
         * Add the CNAME to the answer section.
         */
-       if (WANTDNSSEC(qctx->client) && qctx->sigrdataset != NULL) {
+       if (qctx->client->inner.wantdnssec && qctx->sigrdataset != NULL) {
                sigrdatasetp = &qctx->sigrdataset;
        }
 
-       if (WANTDNSSEC(qctx->client) && qctx->fname->attributes.wildcard) {
+       if (qctx->client->inner.wantdnssec && qctx->fname->attributes.wildcard)
+       {
                dns_fixedname_init(&qctx->wildcardname);
                dns_name_copy(qctx->fname,
                              dns_fixedname_name(&qctx->wildcardname));
                qctx->need_wildcardproof = true;
        }
 
-       if (NOQNAME(qctx->rdataset) && WANTDNSSEC(qctx->client)) {
+       if (qctx->rdataset->attributes.noqname &&
+           qctx->client->inner.wantdnssec)
+       {
                qctx->noqname = qctx->rdataset;
        } else {
                qctx->noqname = NULL;
        }
 
-       if (!qctx->is_zone && RECURSIONOK(qctx->client)) {
+       if (!qctx->is_zone && qctx->client->query.recursionok) {
                query_prefetch(qctx->client, qctx->fname, qctx->rdataset);
        }
 
@@ -9893,7 +9855,7 @@ query_cname(query_ctx_t *qctx) {
         * We set the PARTIALANSWER attribute so that if anything goes
         * wrong later on, we'll return what we've got so far.
         */
-       qctx->client->query.attributes |= NS_QUERYATTR_PARTIALANSWER;
+       qctx->client->query.partialanswer = true;
 
        /*
         * Reset qname to be the target name of the CNAME and restart
@@ -9919,7 +9881,7 @@ query_cname(query_ctx_t *qctx) {
 
        ns_client_qnamereplace(qctx->client, tname);
        qctx->want_restart = true;
-       if (!WANTRECURSION(qctx->client)) {
+       if (!qctx->client->query.wantrecursion) {
                qctx->options.nolog = true;
        }
 
@@ -9971,18 +9933,19 @@ query_dname(query_ctx_t *qctx) {
        /*
         * Add the DNAME to the answer section.
         */
-       if (WANTDNSSEC(qctx->client) && qctx->sigrdataset != NULL) {
+       if (qctx->client->inner.wantdnssec && qctx->sigrdataset != NULL) {
                sigrdatasetp = &qctx->sigrdataset;
        }
 
-       if (WANTDNSSEC(qctx->client) && qctx->fname->attributes.wildcard) {
+       if (qctx->client->inner.wantdnssec && qctx->fname->attributes.wildcard)
+       {
                dns_fixedname_init(&qctx->wildcardname);
                dns_name_copy(qctx->fname,
                              dns_fixedname_name(&qctx->wildcardname));
                qctx->need_wildcardproof = true;
        }
 
-       if (!qctx->is_zone && RECURSIONOK(qctx->client)) {
+       if (!qctx->is_zone && qctx->client->query.recursionok) {
                query_prefetch(qctx->client, qctx->fname, qctx->rdataset);
        }
        query_addrrset(qctx, &qctx->fname, &qctx->rdataset, sigrdatasetp,
@@ -9992,7 +9955,7 @@ query_dname(query_ctx_t *qctx) {
         * We set the PARTIALANSWER attribute so that if anything goes
         * wrong later on, we'll return what we've got so far.
         */
-       qctx->client->query.attributes |= NS_QUERYATTR_PARTIALANSWER;
+       qctx->client->query.partialanswer = true;
 
        /*
         * Get the target name of the DNAME.
@@ -10102,7 +10065,7 @@ query_dname(query_ctx_t *qctx) {
                ns_client_qnamereplace(qctx->client, qctx->fname);
                qctx->fname = NULL;
                qctx->want_restart = true;
-               if (!WANTRECURSION(qctx->client)) {
+               if (!qctx->client->query.wantrecursion) {
                        qctx->options.nolog = true;
                }
        }
@@ -10175,7 +10138,8 @@ query_prepresponse(query_ctx_t *qctx) {
 
        CALL_HOOK(NS_QUERY_PREP_RESPONSE_BEGIN, qctx);
 
-       if (WANTDNSSEC(qctx->client) && qctx->fname->attributes.wildcard) {
+       if (qctx->client->inner.wantdnssec && qctx->fname->attributes.wildcard)
+       {
                dns_fixedname_init(&qctx->wildcardname);
                dns_name_copy(qctx->fname,
                              dns_fixedname_name(&qctx->wildcardname));
@@ -10223,7 +10187,8 @@ query_addsoa(query_ctx_t *qctx, unsigned int override_ttl,
         * Don't add the SOA record for test which set "-T nosoa".
         */
        if (((client->manager->sctx->options & NS_SERVER_NOSOA) != 0) &&
-           (!WANTDNSSEC(client) || !dns_rdataset_isassociated(qctx->rdataset)))
+           (!client->inner.wantdnssec ||
+            !dns_rdataset_isassociated(qctx->rdataset)))
        {
                return ISC_R_SUCCESS;
        }
@@ -10240,7 +10205,7 @@ query_addsoa(query_ctx_t *qctx, unsigned int override_ttl,
        dns_name_clone(dns_db_origin(qctx->db), name);
 
        rdataset = ns_client_newrdataset(client);
-       if (WANTDNSSEC(client) && dns_db_issecure(qctx->db)) {
+       if (client->inner.wantdnssec && dns_db_issecure(qctx->db)) {
                sigrdataset = ns_client_newrdataset(client);
        }
 
@@ -10361,7 +10326,7 @@ query_addns(query_ctx_t *qctx) {
        dns_name_clone(dns_db_origin(qctx->db), name);
        rdataset = ns_client_newrdataset(client);
 
-       if (WANTDNSSEC(client) && dns_db_issecure(qctx->db)) {
+       if (client->inner.wantdnssec && dns_db_issecure(qctx->db)) {
                sigrdataset = ns_client_newrdataset(client);
        }
 
@@ -10467,7 +10432,7 @@ query_addbestns(query_ctx_t *qctx) {
                                               &qname);
                                continue;
                        }
-                       if (!USECACHE(client)) {
+                       if (!client->query.cacheok) {
                                goto cleanup;
                        }
                        dns_db_attach(client->inner.view->cachedb, &db);
@@ -10488,7 +10453,7 @@ db_find:
         * Get the RRSIGs if the client requested them or if we may
         * need to validate answers from the cache.
         */
-       if (WANTDNSSEC(client) || !is_zone) {
+       if (client->inner.wantdnssec || !is_zone) {
                sigrdataset = ns_client_newrdataset(client);
        }
 
@@ -10503,7 +10468,7 @@ db_find:
                if (result != DNS_R_DELEGATION) {
                        goto cleanup;
                }
-               if (USECACHE(client)) {
+               if (client->query.cacheok) {
                        ns_client_keepname(client, fname, dbuf);
                        dns_db_detachnode(&node);
                        zdb = MOVE_OWNERSHIP(db);
@@ -10557,7 +10522,8 @@ db_find:
         * If the answer is secure only add NS records if they are secure
         * when the client may be looking for AD in the response.
         */
-       if (SECURE(client) && (WANTDNSSEC(client) || WANTAD(client)) &&
+       if (client->query.secure &&
+           (client->inner.wantdnssec || client->inner.wantad) &&
            ((rdataset->trust != dns_trust_secure) ||
             (sigrdataset != NULL && sigrdataset->trust != dns_trust_secure)))
        {
@@ -10568,7 +10534,7 @@ db_find:
         * If the client doesn't want DNSSEC we can discard the sigrdataset
         * now.
         */
-       if (!WANTDNSSEC(client)) {
+       if (!client->inner.wantdnssec) {
                ns_client_putrdataset(client, &sigrdataset);
        }
 
@@ -10910,7 +10876,7 @@ query_addauth(query_ctx_t *qctx) {
         * Add NS records to the authority section (if we haven't already
         * added them to the answer section).
         */
-       if (!qctx->want_restart && !NOAUTHORITY(qctx->client)) {
+       if (!qctx->want_restart && !qctx->client->query.noauthority) {
                if (qctx->is_zone) {
                        if (!qctx->answer_has_ns) {
                                (void)query_addns(qctx);
@@ -11003,7 +10969,7 @@ ns_query_done(query_ctx_t *qctx) {
         */
        if (qctx->client->query.restarts == 0 && !qctx->authoritative) {
                qctx->client->message->flags &= ~DNS_MESSAGEFLAG_AA;
-               qctx->client->inner.attributes &= ~NS_CLIENTATTR_WANTRC;
+               qctx->client->inner.wantrc = false;
        }
 
        /*
@@ -11025,8 +10991,7 @@ ns_query_done(query_ctx_t *qctx) {
                        /*
                         * This is e.g. a long CNAME chain which we cut short.
                         */
-                       qctx->client->query.attributes |=
-                               NS_QUERYATTR_PARTIALANSWER;
+                       qctx->client->query.partialanswer = true;
                        qctx->client->message->rcode = dns_rcode_servfail;
                        qctx->result = DNS_R_SERVFAIL;
 
@@ -11045,8 +11010,9 @@ ns_query_done(query_ctx_t *qctx) {
        }
 
        if (qctx->result != ISC_R_SUCCESS &&
-           (!PARTIALANSWER(qctx->client) ||
-            (WANTRECURSION(qctx->client) && !partial_result_with_servfail) ||
+           (!qctx->client->query.partialanswer ||
+            (qctx->client->query.wantrecursion &&
+             !partial_result_with_servfail) ||
             qctx->result == DNS_R_DROP))
        {
                if (qctx->result == DNS_R_DUPLICATE ||
@@ -11076,7 +11042,7 @@ ns_query_done(query_ctx_t *qctx) {
         * If we're recursing then just return; the query will
         * resume when recursion ends.
         */
-       if (RECURSING(qctx->client) &&
+       if (qctx->client->query.recursing &&
            (!QUERY_STALETIMEOUT(&qctx->client->query) ||
             qctx->options.stalefirst))
        {
@@ -11211,7 +11177,7 @@ log_query(ns_client_t *client, unsigned int flags, unsigned int extflags) {
        dns_rdatatype_format(rdataset->type, typebuf, sizeof(typebuf));
        isc_sockaddr_format(&client->inner.destsockaddr, sabuf, sizeof(sabuf));
 
-       if (HAVEECS(client)) {
+       if (client->inner.haveecs) {
                ns_client_log_ecs(client, ecsbuf, sizeof(ecsbuf));
        }
        ns_client_log_flags(client, flags, extflags, flagsbuf,
@@ -11293,26 +11259,26 @@ ns_query_start(ns_client_t *client, isc_nmhandle_t *handle) {
        client->inner.cleanup = query_cleanup;
 
        if ((message->flags & DNS_MESSAGEFLAG_RD) != 0) {
-               client->query.attributes |= NS_QUERYATTR_WANTRECURSION;
+               client->query.wantrecursion = true;
        }
 
        if ((client->inner.extflags & DNS_MESSAGEEXTFLAG_DO) != 0) {
-               client->inner.attributes |= NS_CLIENTATTR_WANTDNSSEC;
+               client->inner.wantdnssec = true;
        }
 
        switch (client->inner.view->minimalresponses) {
        case dns_minimal_no:
                break;
        case dns_minimal_yes:
-               client->query.attributes |= (NS_QUERYATTR_NOAUTHORITY |
-                                            NS_QUERYATTR_NOADDITIONAL);
+               client->query.noauthority = true;
+               client->query.noadditional = true;
                break;
        case dns_minimal_noauth:
-               client->query.attributes |= NS_QUERYATTR_NOAUTHORITY;
+               client->query.noauthority = true;
                break;
        case dns_minimal_noauthrec:
                if ((message->flags & DNS_MESSAGEFLAG_RD) != 0) {
-                       client->query.attributes |= NS_QUERYATTR_NOAUTHORITY;
+                       client->query.noauthority = true;
                }
                break;
        }
@@ -11324,10 +11290,10 @@ ns_query_start(ns_client_t *client, isc_nmhandle_t *handle) {
                 * We don't have a cache.  Turn off cache support and
                 * recursion.
                 */
-               client->query.attributes &= ~(NS_QUERYATTR_RECURSIONOK |
-                                             NS_QUERYATTR_CACHEOK);
-               client->inner.attributes |= NS_CLIENTATTR_NOSETFC;
-       } else if ((client->inner.attributes & NS_CLIENTATTR_RA) == 0 ||
+               client->query.recursionok = false;
+               client->query.cacheok = false;
+               client->inner.nosetfc = true;
+       } else if (!client->inner.ra ||
                   (message->flags & DNS_MESSAGEFLAG_RD) == 0)
        {
                /*
@@ -11336,8 +11302,8 @@ ns_query_start(ns_client_t *client, isc_nmhandle_t *handle) {
                 * lack of a resolver in this view), or if it
                 * doesn't want recursion, turn recursion off.
                 */
-               client->query.attributes &= ~NS_QUERYATTR_RECURSIONOK;
-               client->inner.attributes |= NS_CLIENTATTR_NOSETFC;
+               client->query.recursionok = false;
+               client->inner.nosetfc = true;
        }
 
        /*
@@ -11457,34 +11423,34 @@ ns_query_start(ns_client_t *client, isc_nmhandle_t *handle) {
         * Turn on minimal response for (C)DNSKEY and (C)DS queries.
         */
        if (dns_rdatatype_iskeymaterial(qtype) || qtype == dns_rdatatype_ds) {
-               client->query.attributes |= (NS_QUERYATTR_NOAUTHORITY |
-                                            NS_QUERYATTR_NOADDITIONAL);
+               client->query.noauthority = true;
+               client->query.noadditional = true;
        } else if (qtype == dns_rdatatype_ns) {
                /*
                 * Always turn on additional records for NS queries.
                 */
-               client->query.attributes &= ~(NS_QUERYATTR_NOAUTHORITY |
-                                             NS_QUERYATTR_NOADDITIONAL);
+               client->query.noauthority = false;
+               client->query.noadditional = false;
        }
 
        /*
         * Maybe turn on minimal responses for ANY queries.
         */
        if (qtype == dns_rdatatype_any && client->inner.view->minimal_any &&
-           !TCP(client))
+           !client->inner.tcp)
        {
-               client->query.attributes |= (NS_QUERYATTR_NOAUTHORITY |
-                                            NS_QUERYATTR_NOADDITIONAL);
+               client->query.noauthority = true;
+               client->query.noadditional = true;
        }
 
        /*
         * Turn on minimal responses for EDNS/UDP bufsize 512 queries.
         */
        if (client->inner.ednsversion >= 0 && client->inner.udpsize <= 512U &&
-           !TCP(client))
+           !client->inner.tcp)
        {
-               client->query.attributes |= (NS_QUERYATTR_NOAUTHORITY |
-                                            NS_QUERYATTR_NOADDITIONAL);
+               client->query.noauthority = true;
+               client->query.noadditional = true;
        }
 
        /*
@@ -11517,15 +11483,15 @@ ns_query_start(ns_client_t *client, isc_nmhandle_t *handle) {
         * if the answer is secure.
         */
        if ((message->flags & DNS_MESSAGEFLAG_CD) != 0) {
-               client->query.attributes &= ~NS_QUERYATTR_SECURE;
+               client->query.secure = false;
        }
 
        /*
-        * Set NS_CLIENTATTR_WANTAD if the client has set AD in the query.
+        * Set wantad if the client has set AD in the query.
         * This allows AD to be returned on queries without DO set.
         */
        if ((message->flags & DNS_MESSAGEFLAG_AD) != 0) {
-               client->inner.attributes |= NS_CLIENTATTR_WANTAD;
+               client->inner.wantad = true;
        }
 
        /*
@@ -11552,7 +11518,7 @@ ns_query_start(ns_client_t *client, isc_nmhandle_t *handle) {
         * Set AD.  We must clear it if we add non-validated data to a
         * response.
         */
-       if (WANTDNSSEC(client) || WANTAD(client)) {
+       if (client->inner.wantdnssec || client->inner.wantad) {
                message->flags |= DNS_MESSAGEFLAG_AD;
        }
 
index 7cfc75dbe1ce30beb68ea1b57c7c66002c9246a1..d65178992044b90d05f7119d143577bcb10e03aa 100644 (file)
                        goto cleanup;                                        \
        } while (0)
 
-/*
- * Return TRUE if NS_CLIENTATTR_TCP is set in the attributes other FALSE.
- */
-#define TCPCLIENT(client) \
-       (((client)->inner.attributes & NS_CLIENTATTR_TCP) != 0)
-
 /**************************************************************************/
 
 typedef struct rr rr_t;
@@ -1649,7 +1643,7 @@ send_update(ns_client_t *client, dns_zone_t *zone) {
                CHECK(checkupdateacl(client, dns_zone_getupdateacl(zone),
                                     "update", dns_zone_getorigin(zone), false,
                                     false));
-       } else if (client->inner.signer == NULL && !TCPCLIENT(client)) {
+       } else if (client->inner.signer == NULL && !client->inner.tcp) {
                CHECK(checkupdateacl(client, NULL, "update",
                                     dns_zone_getorigin(zone), false, true));
        }
@@ -1789,7 +1783,7 @@ send_update(ns_client_t *client, dns_zone_t *zone) {
                                ssuinfo.signer = client->inner.signer;
                                ssuinfo.addr = &netaddr;
                                ssuinfo.aclenv = env;
-                               ssuinfo.tcp = TCPCLIENT(client);
+                               ssuinfo.tcp = client->inner.tcp;
                                ssuinfo.key = tsigkey;
 
                                result = foreach_rr(db, ver, name, rdata.type,
@@ -1807,7 +1801,7 @@ send_update(ns_client_t *client, dns_zone_t *zone) {
                                if (flag &&
                                    !dns_ssutable_checkrules(
                                            ssutable, client->inner.signer,
-                                           name, &netaddr, TCPCLIENT(client),
+                                           name, &netaddr, client->inner.tcp,
                                            env, rdata.type, target, tsigkey,
                                            NULL))
                                {
@@ -1818,7 +1812,7 @@ send_update(ns_client_t *client, dns_zone_t *zone) {
                                const dns_ssurule_t *ssurule = NULL;
                                if (!dns_ssutable_checkrules(
                                            ssutable, client->inner.signer,
-                                           name, &netaddr, TCPCLIENT(client),
+                                           name, &netaddr, client->inner.tcp,
                                            env, rdata.type, target, tsigkey,
                                            &ssurule))
                                {
@@ -1831,7 +1825,7 @@ send_update(ns_client_t *client, dns_zone_t *zone) {
                                if (!ssu_checkall(db, ver, name, ssutable,
                                                  client->inner.signer,
                                                  &netaddr, env,
-                                                 TCPCLIENT(client), tsigkey))
+                                                 client->inner.tcp, tsigkey))
                                {
                                        FAILC(DNS_R_REFUSED,
                                              "rejected by secure update");
index 1865f6b1f450a647d637dde55975b7d8e1b81e02..bed279b3ec3875a5a6604ce624abcdffb97e25f6 100644 (file)
@@ -907,9 +907,7 @@ got_soa:
        /*
         * AXFR over UDP is not possible.
         */
-       if (reqtype == dns_rdatatype_axfr &&
-           (client->inner.attributes & NS_CLIENTATTR_TCP) == 0)
-       {
+       if (reqtype == dns_rdatatype_axfr && !client->inner.tcp) {
                FAILC(DNS_R_FORMERR, "attempted AXFR over UDP");
        }
 
@@ -972,7 +970,7 @@ got_soa:
                 * IXFR over UDP (currently, we always do).
                 */
                if (DNS_SERIAL_GE(begin_serial, current_serial) ||
-                   (client->inner.attributes & NS_CLIENTATTR_TCP) == 0)
+                   !client->inner.tcp)
                {
                        CHECK(soa_rrstream_create(mctx, db, ver, &stream));
                        is_poll = true;
@@ -983,7 +981,7 @@ got_soa:
                 * Outgoing IXFR may have been disabled for this peer
                 * or globally.
                 */
-               if ((client->inner.attributes & NS_CLIENTATTR_TCP) != 0) {
+               if (client->inner.tcp) {
                        bool provide_ixfr;
 
                        provide_ixfr = client->inner.view->provideixfr;
@@ -1116,8 +1114,7 @@ have_stream:
        if (zone != NULL) {
                dns_zone_getraw(zone, &raw);
                mayberaw = (raw != NULL) ? raw : zone;
-               if ((client->inner.attributes & NS_CLIENTATTR_WANTEXPIRE) !=
-                           0 &&
+               if (client->inner.wantexpire &&
                    (dns_zone_gettype(mayberaw) == dns_zone_secondary ||
                     dns_zone_gettype(mayberaw) == dns_zone_mirror))
                {
@@ -1128,8 +1125,7 @@ have_stream:
                        if (secs >= client->inner.now &&
                            result == ISC_R_SUCCESS)
                        {
-                               client->inner.attributes |=
-                                       NS_CLIENTATTR_HAVEEXPIRE;
+                               client->inner.haveexpire = true;
                                client->inner.expire = secs - client->inner.now;
                        }
                }
@@ -1279,8 +1275,7 @@ xfrout_ctx_create(isc_mem_t *mctx, ns_client_t *client, unsigned int id,
 
 static void
 xfrout_send(xfrout_ctx_t *xfr) {
-       const bool is_tcp =
-               ((xfr->client->inner.attributes & NS_CLIENTATTR_TCP) != 0);
+       const bool is_tcp = xfr->client->inner.tcp;
 
        if (is_tcp) {
                isc_region_t used;
@@ -1371,7 +1366,7 @@ sendstream(xfrout_ctx_t *xfr) {
        isc_buffer_clear(&xfr->buf);
        isc_buffer_clear(&xfr->txbuf);
 
-       is_tcp = ((xfr->client->inner.attributes & NS_CLIENTATTR_TCP) != 0);
+       is_tcp = xfr->client->inner.tcp;
        if (!is_tcp) {
                /*
                 * In the UDP case, we put the response data directly into
@@ -1395,7 +1390,7 @@ sendstream(xfrout_ctx_t *xfr) {
                msg->id = xfr->id;
                msg->rcode = dns_rcode_noerror;
                msg->flags = DNS_MESSAGEFLAG_QR | DNS_MESSAGEFLAG_AA;
-               if ((xfr->client->inner.attributes & NS_CLIENTATTR_RA) != 0) {
+               if (xfr->client->inner.ra) {
                        msg->flags |= DNS_MESSAGEFLAG_RA;
                }
                CHECK(dns_message_settsigkey(msg, xfr->tsigkey));
@@ -1408,17 +1403,13 @@ sendstream(xfrout_ctx_t *xfr) {
                /*
                 * Add a EDNS option to the message?
                 */
-               if ((xfr->client->inner.attributes & NS_CLIENTATTR_WANTOPT) !=
-                   0)
-               {
+               if (xfr->client->inner.wantopt) {
                        CHECK(ns_client_addopt(xfr->client, msg));
                        /*
                         * Add to first message only.
                         */
-                       xfr->client->inner.attributes &=
-                               ~NS_CLIENTATTR_WANTNSID;
-                       xfr->client->inner.attributes &=
-                               ~NS_CLIENTATTR_HAVEEXPIRE;
+                       xfr->client->inner.wantnsid = false;
+                       xfr->client->inner.haveexpire = false;
                }
 
                /*
@@ -1671,7 +1662,7 @@ static void
 xfrout_senddone(isc_nmhandle_t *handle, isc_result_t result, void *arg) {
        xfrout_ctx_t *xfr = (xfrout_ctx_t *)arg;
 
-       REQUIRE((xfr->client->inner.attributes & NS_CLIENTATTR_TCP) != 0);
+       REQUIRE(xfr->client->inner.tcp);
 
        INSIST(handle == xfr->client->inner.handle);
 
index 7c5c9babbb0683f1deb66076a70c70b4f5dbe51b..4d67974d31ffc3db9566a3f597cde0daa2ce2b69 100644 (file)
@@ -438,11 +438,11 @@ ns_test_qctx_create(const ns_test_qctx_create_params_t *params,
        }
 
        /*
-        * Allow recursion for the client.  As NS_CLIENTATTR_RA normally gets
-        * set in ns_client_request(), i.e. earlier than the unit tests hook
+        * Allow recursion for the client.  As inner.ra normally gets set
+        * in ns_client_request(), i.e. earlier than the unit tests hook
         * into the call chain, just set it manually.
         */
-       client->inner.attributes |= NS_CLIENTATTR_RA;
+       client->inner.ra = true;
 
        /*
         * Create a query context for a client sending the previously