2 * Copyright (C) 2004-2006 Internet Systems Consortium, Inc. ("ISC")
3 * Copyright (C) 1999-2003 Internet Software Consortium.
5 * Permission to use, copy, modify, and distribute this software for any
6 * purpose with or without fee is hereby granted, provided that the above
7 * copyright notice and this permission notice appear in all copies.
9 * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
10 * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
11 * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
12 * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
13 * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
14 * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
15 * PERFORMANCE OF THIS SOFTWARE.
18 /* $Id: resolver.c,v 1.218.2.18.4.64.4.2 2007/01/11 05:05:10 marka Exp $ */
22 #include <isc/print.h>
23 #include <isc/string.h>
25 #include <isc/timer.h>
30 #include <dns/cache.h>
32 #include <dns/dispatch.h>
34 #include <dns/events.h>
35 #include <dns/forward.h>
36 #include <dns/keytable.h>
38 #include <dns/message.h>
39 #include <dns/ncache.h>
40 #include <dns/opcode.h>
43 #include <dns/rcode.h>
44 #include <dns/rdata.h>
45 #include <dns/rdataclass.h>
46 #include <dns/rdatalist.h>
47 #include <dns/rdataset.h>
48 #include <dns/rdatastruct.h>
49 #include <dns/rdatatype.h>
50 #include <dns/resolver.h>
51 #include <dns/result.h>
52 #include <dns/rootns.h>
54 #include <dns/validator.h>
56 #define DNS_RESOLVER_TRACE
57 #ifdef DNS_RESOLVER_TRACE
58 #define RTRACE(m) isc_log_write(dns_lctx, \
59 DNS_LOGCATEGORY_RESOLVER, \
60 DNS_LOGMODULE_RESOLVER, \
62 "res %p: %s", res, (m))
63 #define RRTRACE(r, m) isc_log_write(dns_lctx, \
64 DNS_LOGCATEGORY_RESOLVER, \
65 DNS_LOGMODULE_RESOLVER, \
67 "res %p: %s", (r), (m))
68 #define FCTXTRACE(m) isc_log_write(dns_lctx, \
69 DNS_LOGCATEGORY_RESOLVER, \
70 DNS_LOGMODULE_RESOLVER, \
72 "fctx %p(%s'): %s", fctx, fctx->info, (m))
73 #define FCTXTRACE2(m1, m2) \
74 isc_log_write(dns_lctx, \
75 DNS_LOGCATEGORY_RESOLVER, \
76 DNS_LOGMODULE_RESOLVER, \
78 "fctx %p(%s): %s %s", \
79 fctx, fctx->info, (m1), (m2))
80 #define FTRACE(m) isc_log_write(dns_lctx, \
81 DNS_LOGCATEGORY_RESOLVER, \
82 DNS_LOGMODULE_RESOLVER, \
84 "fetch %p (fctx %p(%s)): %s", \
85 fetch, fetch->private, \
86 fetch->private->info, (m))
87 #define QTRACE(m) isc_log_write(dns_lctx, \
88 DNS_LOGCATEGORY_RESOLVER, \
89 DNS_LOGMODULE_RESOLVER, \
91 "resquery %p (fctx %p(%s)): %s", \
93 query->fctx->info, (m))
103 * Maximum EDNS0 input packet size.
105 #define RECV_BUFFER_SIZE 4096 /* XXXRTH Constant. */
108 * This defines the maximum number of timeouts we will permit before we
109 * disable EDNS0 on the query.
111 #define MAX_EDNS0_TIMEOUTS 3
113 typedef struct fetchctx fetchctx_t;
115 typedef struct query {
116 /* Locked by task event serialization. */
120 dns_dispatchmgr_t * dispatchmgr;
121 dns_dispatch_t * dispatch;
122 dns_adbaddrinfo_t * addrinfo;
123 isc_socket_t * tcpsocket;
126 dns_dispentry_t * dispentry;
127 ISC_LINK(struct query) link;
130 dns_tsigkey_t *tsigkey;
131 unsigned int options;
132 unsigned int attributes;
134 unsigned int connects;
135 unsigned char data[512];
138 #define QUERY_MAGIC ISC_MAGIC('Q', '!', '!', '!')
139 #define VALID_QUERY(query) ISC_MAGIC_VALID(query, QUERY_MAGIC)
141 #define RESQUERY_ATTR_CANCELED 0x02
143 #define RESQUERY_CONNECTING(q) ((q)->connects > 0)
144 #define RESQUERY_CANCELED(q) (((q)->attributes & \
145 RESQUERY_ATTR_CANCELED) != 0)
146 #define RESQUERY_SENDING(q) ((q)->sends > 0)
149 fetchstate_init = 0, /* Start event has not run yet. */
151 fetchstate_done /* FETCHDONE events posted. */
157 dns_resolver_t * res;
159 dns_rdatatype_t type;
160 unsigned int options;
161 unsigned int bucketnum;
163 /* Locked by appropriate bucket lock. */
165 isc_boolean_t want_shutdown;
166 isc_boolean_t cloned;
167 unsigned int references;
168 isc_event_t control_event;
169 ISC_LINK(struct fetchctx) link;
170 ISC_LIST(dns_fetchevent_t) events;
171 /* Locked by task event serialization. */
173 dns_rdataset_t nameservers;
174 unsigned int attributes;
177 isc_interval_t interval;
178 dns_message_t * qmessage;
179 dns_message_t * rmessage;
180 ISC_LIST(resquery_t) queries;
181 dns_adbfindlist_t finds;
182 dns_adbfind_t * find;
183 dns_adbfindlist_t altfinds;
184 dns_adbfind_t * altfind;
185 dns_adbaddrinfolist_t forwaddrs;
186 dns_adbaddrinfolist_t altaddrs;
187 isc_sockaddrlist_t forwarders;
188 dns_fwdpolicy_t fwdpolicy;
189 isc_sockaddrlist_t bad;
190 ISC_LIST(dns_validator_t) validators;
195 * The number of events we're waiting for.
197 unsigned int pending;
200 * The number of times we've "restarted" the current
201 * nameserver set. This acts as a failsafe to prevent
202 * us from pounding constantly on a particular set of
203 * servers that, for whatever reason, are not giving
204 * us useful responses, but are responding in such a
205 * way that they are not marked "bad".
207 unsigned int restarts;
210 * The number of timeouts that have occurred since we
211 * last successfully received a response packet. This
212 * is used for EDNS0 black hole detection.
214 unsigned int timeouts;
216 * Look aside state for DS lookups.
219 dns_fetch_t * nsfetch;
220 dns_rdataset_t nsrrset;
223 * Number of queries that reference this context.
225 unsigned int nqueries;
228 #define FCTX_MAGIC ISC_MAGIC('F', '!', '!', '!')
229 #define VALID_FCTX(fctx) ISC_MAGIC_VALID(fctx, FCTX_MAGIC)
231 #define FCTX_ATTR_HAVEANSWER 0x0001
232 #define FCTX_ATTR_GLUING 0x0002
233 #define FCTX_ATTR_ADDRWAIT 0x0004
234 #define FCTX_ATTR_SHUTTINGDOWN 0x0008
235 #define FCTX_ATTR_WANTCACHE 0x0010
236 #define FCTX_ATTR_WANTNCACHE 0x0020
237 #define FCTX_ATTR_NEEDEDNS0 0x0040
238 #define FCTX_ATTR_TRIEDFIND 0x0080
239 #define FCTX_ATTR_TRIEDALT 0x0100
241 #define HAVE_ANSWER(f) (((f)->attributes & FCTX_ATTR_HAVEANSWER) != \
243 #define GLUING(f) (((f)->attributes & FCTX_ATTR_GLUING) != \
245 #define ADDRWAIT(f) (((f)->attributes & FCTX_ATTR_ADDRWAIT) != \
247 #define SHUTTINGDOWN(f) (((f)->attributes & FCTX_ATTR_SHUTTINGDOWN) \
249 #define WANTCACHE(f) (((f)->attributes & FCTX_ATTR_WANTCACHE) != 0)
250 #define WANTNCACHE(f) (((f)->attributes & FCTX_ATTR_WANTNCACHE) != 0)
251 #define NEEDEDNS0(f) (((f)->attributes & FCTX_ATTR_NEEDEDNS0) != 0)
252 #define TRIEDFIND(f) (((f)->attributes & FCTX_ATTR_TRIEDFIND) != 0)
253 #define TRIEDALT(f) (((f)->attributes & FCTX_ATTR_TRIEDALT) != 0)
256 dns_adbaddrinfo_t * addrinfo;
262 fetchctx_t * private;
265 #define DNS_FETCH_MAGIC ISC_MAGIC('F', 't', 'c', 'h')
266 #define DNS_FETCH_VALID(fetch) ISC_MAGIC_VALID(fetch, DNS_FETCH_MAGIC)
268 typedef struct fctxbucket {
271 ISC_LIST(fetchctx_t) fctxs;
272 isc_boolean_t exiting;
275 typedef struct alternate {
276 isc_boolean_t isaddress;
284 ISC_LINK(struct alternate) link;
287 struct dns_resolver {
293 isc_mutex_t primelock;
294 dns_rdataclass_t rdclass;
295 isc_socketmgr_t * socketmgr;
296 isc_timermgr_t * timermgr;
297 isc_taskmgr_t * taskmgr;
299 isc_boolean_t frozen;
300 unsigned int options;
301 dns_dispatchmgr_t * dispatchmgr;
302 dns_dispatch_t * dispatchv4;
303 dns_dispatch_t * dispatchv6;
304 unsigned int nbuckets;
305 fctxbucket_t * buckets;
306 isc_uint32_t lame_ttl;
307 ISC_LIST(alternate_t) alternates;
308 isc_uint16_t udpsize;
310 isc_rwlock_t alglock;
312 dns_rbt_t * algorithms;
314 isc_rwlock_t mbslock;
316 dns_rbt_t * mustbesecure;
317 /* Locked by lock. */
318 unsigned int references;
319 isc_boolean_t exiting;
320 isc_eventlist_t whenshutdown;
321 unsigned int activebuckets;
322 isc_boolean_t priming;
323 /* Locked by primelock. */
324 dns_fetch_t * primefetch;
325 /* Locked by nlock. */
329 #define RES_MAGIC ISC_MAGIC('R', 'e', 's', '!')
330 #define VALID_RESOLVER(res) ISC_MAGIC_VALID(res, RES_MAGIC)
333 * Private addrinfo flags. These must not conflict with DNS_FETCHOPT_NOEDNS0,
334 * which we also use as an addrinfo flag.
336 #define FCTX_ADDRINFO_MARK 0x0001
337 #define FCTX_ADDRINFO_FORWARDER 0x1000
338 #define UNMARKED(a) (((a)->flags & FCTX_ADDRINFO_MARK) \
340 #define ISFORWARDER(a) (((a)->flags & \
341 FCTX_ADDRINFO_FORWARDER) != 0)
343 #define NXDOMAIN(r) (((r)->attributes & DNS_RDATASETATTR_NXDOMAIN) != 0)
345 static void destroy(dns_resolver_t *res);
346 static void empty_bucket(dns_resolver_t *res);
347 static isc_result_t resquery_send(resquery_t *query);
348 static void resquery_response(isc_task_t *task, isc_event_t *event);
349 static void resquery_connected(isc_task_t *task, isc_event_t *event);
350 static void fctx_try(fetchctx_t *fctx);
351 static isc_boolean_t fctx_destroy(fetchctx_t *fctx);
352 static isc_result_t ncache_adderesult(dns_message_t *message,
353 dns_db_t *cache, dns_dbnode_t *node,
354 dns_rdatatype_t covers,
355 isc_stdtime_t now, dns_ttl_t maxttl,
356 dns_rdataset_t *ardataset,
357 isc_result_t *eresultp);
358 static void validated(isc_task_t *task, isc_event_t *event);
359 static void maybe_destroy(fetchctx_t *fctx);
362 valcreate(fetchctx_t *fctx, dns_adbaddrinfo_t *addrinfo, dns_name_t *name,
363 dns_rdatatype_t type, dns_rdataset_t *rdataset,
364 dns_rdataset_t *sigrdataset, unsigned int valoptions,
367 dns_validator_t *validator = NULL;
368 dns_valarg_t *valarg;
371 valarg = isc_mem_get(fctx->res->mctx, sizeof(*valarg));
373 return (ISC_R_NOMEMORY);
376 valarg->addrinfo = addrinfo;
378 if (!ISC_LIST_EMPTY(fctx->validators))
379 INSIST((valoptions & DNS_VALIDATOR_DEFER) != 0);
381 result = dns_validator_create(fctx->res->view, name, type, rdataset,
382 sigrdataset, fctx->rmessage,
383 valoptions, task, validated, valarg,
385 if (result == ISC_R_SUCCESS)
386 ISC_LIST_APPEND(fctx->validators, validator, link);
388 isc_mem_put(fctx->res->mctx, valarg, sizeof(*valarg));
393 fix_mustbedelegationornxdomain(dns_message_t *message, fetchctx_t *fctx) {
395 dns_name_t *domain = &fctx->domain;
396 dns_rdataset_t *rdataset;
397 dns_rdatatype_t type;
399 isc_boolean_t keep_auth = ISC_FALSE;
401 if (message->rcode == dns_rcode_nxdomain)
405 * Look for BIND 8 style delegations.
406 * Also look for answers to ANY queries where the duplicate NS RRset
407 * may have been stripped from the authority section.
409 if (message->counts[DNS_SECTION_ANSWER] != 0 &&
410 (fctx->type == dns_rdatatype_ns ||
411 fctx->type == dns_rdatatype_any)) {
412 result = dns_message_firstname(message, DNS_SECTION_ANSWER);
413 while (result == ISC_R_SUCCESS) {
415 dns_message_currentname(message, DNS_SECTION_ANSWER,
417 for (rdataset = ISC_LIST_HEAD(name->list);
419 rdataset = ISC_LIST_NEXT(rdataset, link)) {
420 type = rdataset->type;
421 if (type != dns_rdatatype_ns)
423 if (dns_name_issubdomain(name, domain))
426 result = dns_message_nextname(message,
431 /* Look for referral. */
432 if (message->counts[DNS_SECTION_AUTHORITY] == 0)
435 result = dns_message_firstname(message, DNS_SECTION_AUTHORITY);
436 while (result == ISC_R_SUCCESS) {
438 dns_message_currentname(message, DNS_SECTION_AUTHORITY, &name);
439 for (rdataset = ISC_LIST_HEAD(name->list);
441 rdataset = ISC_LIST_NEXT(rdataset, link)) {
442 type = rdataset->type;
443 if (type == dns_rdatatype_soa &&
444 dns_name_equal(name, domain))
445 keep_auth = ISC_TRUE;
446 if (type != dns_rdatatype_ns &&
447 type != dns_rdatatype_soa)
449 if (dns_name_equal(name, domain))
451 if (dns_name_issubdomain(name, domain))
454 result = dns_message_nextname(message, DNS_SECTION_AUTHORITY);
458 message->rcode = dns_rcode_nxdomain;
459 message->counts[DNS_SECTION_ANSWER] = 0;
461 message->counts[DNS_SECTION_AUTHORITY] = 0;
462 message->counts[DNS_SECTION_ADDITIONAL] = 0;
466 static inline isc_result_t
467 fctx_starttimer(fetchctx_t *fctx) {
469 * Start the lifetime timer for fctx.
471 * This is also used for stopping the idle timer; in that
472 * case we must purge events already posted to ensure that
473 * no further idle events are delivered.
475 return (isc_timer_reset(fctx->timer, isc_timertype_once,
476 &fctx->expires, NULL, ISC_TRUE));
480 fctx_stoptimer(fetchctx_t *fctx) {
484 * We don't return a result if resetting the timer to inactive fails
485 * since there's nothing to be done about it. Resetting to inactive
486 * should never fail anyway, since the code as currently written
487 * cannot fail in that case.
489 result = isc_timer_reset(fctx->timer, isc_timertype_inactive,
490 NULL, NULL, ISC_TRUE);
491 if (result != ISC_R_SUCCESS) {
492 UNEXPECTED_ERROR(__FILE__, __LINE__,
493 "isc_timer_reset(): %s",
494 isc_result_totext(result));
499 static inline isc_result_t
500 fctx_startidletimer(fetchctx_t *fctx) {
502 * Start the idle timer for fctx. The lifetime timer continues
505 return (isc_timer_reset(fctx->timer, isc_timertype_once,
506 &fctx->expires, &fctx->interval,
511 * Stopping the idle timer is equivalent to calling fctx_starttimer(), but
512 * we use fctx_stopidletimer for readability in the code below.
514 #define fctx_stopidletimer fctx_starttimer
518 resquery_destroy(resquery_t **queryp) {
521 REQUIRE(queryp != NULL);
523 REQUIRE(!ISC_LINK_LINKED(query, link));
525 INSIST(query->tcpsocket == NULL);
527 query->fctx->nqueries--;
528 if (SHUTTINGDOWN(query->fctx))
529 maybe_destroy(query->fctx); /* Locks bucket. */
531 isc_mem_put(query->mctx, query, sizeof(*query));
536 fctx_cancelquery(resquery_t **queryp, dns_dispatchevent_t **deventp,
537 isc_time_t *finish, isc_boolean_t no_response)
544 dns_adbaddrinfo_t *addrinfo;
549 FCTXTRACE("cancelquery");
551 REQUIRE(!RESQUERY_CANCELED(query));
553 query->attributes |= RESQUERY_ATTR_CANCELED;
556 * Should we update the RTT?
558 if (finish != NULL || no_response) {
559 if (finish != NULL) {
561 * We have both the start and finish times for this
562 * packet, so we can compute a real RTT.
564 rtt = (unsigned int)isc_time_microdiff(finish,
566 factor = DNS_ADB_RTTADJDEFAULT;
569 * We don't have an RTT for this query. Maybe the
570 * packet was lost, or maybe this server is very
571 * slow. We don't know. Increase the RTT.
574 rtt = query->addrinfo->srtt +
575 (200000 * fctx->restarts);
579 * Replace the current RTT with our value.
581 factor = DNS_ADB_RTTADJREPLACE;
583 dns_adb_adjustsrtt(fctx->adb, query->addrinfo, rtt, factor);
587 * Age RTTs of servers not tried.
589 factor = DNS_ADB_RTTADJAGE;
591 for (addrinfo = ISC_LIST_HEAD(fctx->forwaddrs);
593 addrinfo = ISC_LIST_NEXT(addrinfo, publink))
594 if (UNMARKED(addrinfo))
595 dns_adb_adjustsrtt(fctx->adb, addrinfo,
598 if (finish != NULL && TRIEDFIND(fctx))
599 for (find = ISC_LIST_HEAD(fctx->finds);
601 find = ISC_LIST_NEXT(find, publink))
602 for (addrinfo = ISC_LIST_HEAD(find->list);
604 addrinfo = ISC_LIST_NEXT(addrinfo, publink))
605 if (UNMARKED(addrinfo))
606 dns_adb_adjustsrtt(fctx->adb, addrinfo,
609 if (finish != NULL && TRIEDALT(fctx)) {
610 for (addrinfo = ISC_LIST_HEAD(fctx->altaddrs);
612 addrinfo = ISC_LIST_NEXT(addrinfo, publink))
613 if (UNMARKED(addrinfo))
614 dns_adb_adjustsrtt(fctx->adb, addrinfo,
616 for (find = ISC_LIST_HEAD(fctx->altfinds);
618 find = ISC_LIST_NEXT(find, publink))
619 for (addrinfo = ISC_LIST_HEAD(find->list);
621 addrinfo = ISC_LIST_NEXT(addrinfo, publink))
622 if (UNMARKED(addrinfo))
623 dns_adb_adjustsrtt(fctx->adb, addrinfo,
627 if (query->dispentry != NULL)
628 dns_dispatch_removeresponse(&query->dispentry, deventp);
630 ISC_LIST_UNLINK(fctx->queries, query, link);
632 if (query->tsig != NULL)
633 isc_buffer_free(&query->tsig);
635 if (query->tsigkey != NULL)
636 dns_tsigkey_detach(&query->tsigkey);
639 * Check for any outstanding socket events. If they exist, cancel
640 * them and let the event handlers finish the cleanup. The resolver
641 * only needs to worry about managing the connect and send events;
642 * the dispatcher manages the recv events.
644 if (RESQUERY_CONNECTING(query))
646 * Cancel the connect.
648 isc_socket_cancel(query->tcpsocket, NULL,
649 ISC_SOCKCANCEL_CONNECT);
650 else if (RESQUERY_SENDING(query))
652 * Cancel the pending send.
654 isc_socket_cancel(dns_dispatch_getsocket(query->dispatch),
655 NULL, ISC_SOCKCANCEL_SEND);
657 if (query->dispatch != NULL)
658 dns_dispatch_detach(&query->dispatch);
660 if (! (RESQUERY_CONNECTING(query) || RESQUERY_SENDING(query)))
662 * It's safe to destroy the query now.
664 resquery_destroy(&query);
668 fctx_cancelqueries(fetchctx_t *fctx, isc_boolean_t no_response) {
669 resquery_t *query, *next_query;
671 FCTXTRACE("cancelqueries");
673 for (query = ISC_LIST_HEAD(fctx->queries);
675 query = next_query) {
676 next_query = ISC_LIST_NEXT(query, link);
677 fctx_cancelquery(&query, NULL, NULL, no_response);
682 fctx_cleanupfinds(fetchctx_t *fctx) {
683 dns_adbfind_t *find, *next_find;
685 REQUIRE(ISC_LIST_EMPTY(fctx->queries));
687 for (find = ISC_LIST_HEAD(fctx->finds);
690 next_find = ISC_LIST_NEXT(find, publink);
691 ISC_LIST_UNLINK(fctx->finds, find, publink);
692 dns_adb_destroyfind(&find);
698 fctx_cleanupaltfinds(fetchctx_t *fctx) {
699 dns_adbfind_t *find, *next_find;
701 REQUIRE(ISC_LIST_EMPTY(fctx->queries));
703 for (find = ISC_LIST_HEAD(fctx->altfinds);
706 next_find = ISC_LIST_NEXT(find, publink);
707 ISC_LIST_UNLINK(fctx->altfinds, find, publink);
708 dns_adb_destroyfind(&find);
710 fctx->altfind = NULL;
714 fctx_cleanupforwaddrs(fetchctx_t *fctx) {
715 dns_adbaddrinfo_t *addr, *next_addr;
717 REQUIRE(ISC_LIST_EMPTY(fctx->queries));
719 for (addr = ISC_LIST_HEAD(fctx->forwaddrs);
722 next_addr = ISC_LIST_NEXT(addr, publink);
723 ISC_LIST_UNLINK(fctx->forwaddrs, addr, publink);
724 dns_adb_freeaddrinfo(fctx->adb, &addr);
729 fctx_cleanupaltaddrs(fetchctx_t *fctx) {
730 dns_adbaddrinfo_t *addr, *next_addr;
732 REQUIRE(ISC_LIST_EMPTY(fctx->queries));
734 for (addr = ISC_LIST_HEAD(fctx->altaddrs);
737 next_addr = ISC_LIST_NEXT(addr, publink);
738 ISC_LIST_UNLINK(fctx->altaddrs, addr, publink);
739 dns_adb_freeaddrinfo(fctx->adb, &addr);
744 fctx_stopeverything(fetchctx_t *fctx, isc_boolean_t no_response) {
745 FCTXTRACE("stopeverything");
746 fctx_cancelqueries(fctx, no_response);
747 fctx_cleanupfinds(fctx);
748 fctx_cleanupaltfinds(fctx);
749 fctx_cleanupforwaddrs(fctx);
750 fctx_cleanupaltaddrs(fctx);
751 fctx_stoptimer(fctx);
755 fctx_sendevents(fetchctx_t *fctx, isc_result_t result) {
756 dns_fetchevent_t *event, *next_event;
760 * Caller must be holding the appropriate bucket lock.
762 REQUIRE(fctx->state == fetchstate_done);
764 FCTXTRACE("sendevents");
766 for (event = ISC_LIST_HEAD(fctx->events);
768 event = next_event) {
769 next_event = ISC_LIST_NEXT(event, ev_link);
770 ISC_LIST_UNLINK(fctx->events, event, ev_link);
771 task = event->ev_sender;
772 event->ev_sender = fctx;
773 if (!HAVE_ANSWER(fctx))
774 event->result = result;
776 INSIST(result != ISC_R_SUCCESS ||
777 dns_rdataset_isassociated(event->rdataset) ||
778 fctx->type == dns_rdatatype_any ||
779 fctx->type == dns_rdatatype_rrsig ||
780 fctx->type == dns_rdatatype_sig);
782 isc_task_sendanddetach(&task, ISC_EVENT_PTR(&event));
787 fctx_done(fetchctx_t *fctx, isc_result_t result) {
789 isc_boolean_t no_response;
795 if (result == ISC_R_SUCCESS)
796 no_response = ISC_TRUE;
798 no_response = ISC_FALSE;
799 fctx_stopeverything(fctx, no_response);
801 LOCK(&res->buckets[fctx->bucketnum].lock);
803 fctx->state = fetchstate_done;
804 fctx->attributes &= ~FCTX_ATTR_ADDRWAIT;
805 fctx_sendevents(fctx, result);
807 UNLOCK(&res->buckets[fctx->bucketnum].lock);
811 resquery_senddone(isc_task_t *task, isc_event_t *event) {
812 isc_socketevent_t *sevent = (isc_socketevent_t *)event;
813 resquery_t *query = event->ev_arg;
814 isc_boolean_t retry = ISC_FALSE;
818 REQUIRE(event->ev_type == ISC_SOCKEVENT_SENDDONE);
825 * Currently we don't wait for the senddone event before retrying
826 * a query. This means that if we get really behind, we may end
827 * up doing extra work!
832 INSIST(RESQUERY_SENDING(query));
837 if (RESQUERY_CANCELED(query)) {
838 if (query->sends == 0) {
840 * This query was canceled while the
841 * isc_socket_sendto() was in progress.
843 if (query->tcpsocket != NULL)
844 isc_socket_detach(&query->tcpsocket);
845 resquery_destroy(&query);
848 switch (sevent->result) {
852 case ISC_R_HOSTUNREACH:
853 case ISC_R_NETUNREACH:
855 case ISC_R_ADDRNOTAVAIL:
856 case ISC_R_CONNREFUSED:
859 * No route to remote.
861 fctx_cancelquery(&query, NULL, NULL, ISC_TRUE);
866 fctx_cancelquery(&query, NULL, NULL, ISC_FALSE);
870 isc_event_free(&event);
874 * Behave as if the idle timer has expired. For TCP
875 * this may not actually reflect the latest timer.
877 fctx->attributes &= ~FCTX_ATTR_ADDRWAIT;
878 result = fctx_stopidletimer(fctx);
879 if (result != ISC_R_SUCCESS)
880 fctx_done(fctx, result);
886 static inline isc_result_t
887 fctx_addopt(dns_message_t *message, dns_resolver_t *res) {
888 dns_rdataset_t *rdataset;
889 dns_rdatalist_t *rdatalist;
894 result = dns_message_gettemprdatalist(message, &rdatalist);
895 if (result != ISC_R_SUCCESS)
898 result = dns_message_gettemprdata(message, &rdata);
899 if (result != ISC_R_SUCCESS)
902 result = dns_message_gettemprdataset(message, &rdataset);
903 if (result != ISC_R_SUCCESS)
905 dns_rdataset_init(rdataset);
907 rdatalist->type = dns_rdatatype_opt;
908 rdatalist->covers = 0;
911 * Set Maximum UDP buffer size.
913 rdatalist->rdclass = res->udpsize;
916 * Set EXTENDED-RCODE, VERSION, and Z to 0, and the DO bit to 1.
918 rdatalist->ttl = DNS_MESSAGEEXTFLAG_DO;
925 rdata->rdclass = rdatalist->rdclass;
926 rdata->type = rdatalist->type;
929 ISC_LIST_INIT(rdatalist->rdata);
930 ISC_LIST_APPEND(rdatalist->rdata, rdata, link);
931 RUNTIME_CHECK(dns_rdatalist_tordataset(rdatalist, rdataset) == ISC_R_SUCCESS);
933 return (dns_message_setopt(message, rdataset));
937 fctx_setretryinterval(fetchctx_t *fctx, unsigned int rtt) {
938 unsigned int seconds;
941 * We retry every 2 seconds the first two times through the address
942 * list, and then we do exponential back-off.
944 if (fctx->restarts < 3)
947 seconds = (2 << (fctx->restarts - 1));
950 * Double the round-trip time and convert to seconds.
955 * Always wait for at least the doubled round-trip time.
961 * But don't ever wait for more than 30 seconds.
966 isc_interval_set(&fctx->interval, seconds, 0);
970 fctx_query(fetchctx_t *fctx, dns_adbaddrinfo_t *addrinfo,
971 unsigned int options)
981 task = res->buckets[fctx->bucketnum].task;
983 fctx_setretryinterval(fctx, addrinfo->srtt);
984 result = fctx_startidletimer(fctx);
985 if (result != ISC_R_SUCCESS)
988 INSIST(ISC_LIST_EMPTY(fctx->validators));
990 dns_message_reset(fctx->rmessage, DNS_MESSAGE_INTENTPARSE);
992 query = isc_mem_get(res->mctx, sizeof(*query));
994 result = ISC_R_NOMEMORY;
995 goto stop_idle_timer;
997 query->mctx = res->mctx;
998 query->options = options;
999 query->attributes = 0;
1001 query->connects = 0;
1003 * Note that the caller MUST guarantee that 'addrinfo' will remain
1004 * valid until this query is canceled.
1006 query->addrinfo = addrinfo;
1007 TIME_NOW(&query->start);
1010 * If this is a TCP query, then we need to make a socket and
1011 * a dispatch for it here. Otherwise we use the resolver's
1014 query->dispatchmgr = res->dispatchmgr;
1015 query->dispatch = NULL;
1016 query->tcpsocket = NULL;
1017 if ((query->options & DNS_FETCHOPT_TCP) != 0) {
1018 isc_sockaddr_t addr;
1021 pf = isc_sockaddr_pf(&addrinfo->sockaddr);
1025 result = dns_dispatch_getlocaladdress(res->dispatchv4,
1029 result = dns_dispatch_getlocaladdress(res->dispatchv6,
1033 result = ISC_R_NOTIMPLEMENTED;
1036 if (result != ISC_R_SUCCESS)
1039 isc_sockaddr_setport(&addr, 0);
1041 result = isc_socket_create(res->socketmgr, pf,
1044 if (result != ISC_R_SUCCESS)
1047 #ifndef BROKEN_TCP_BIND_BEFORE_CONNECT
1048 result = isc_socket_bind(query->tcpsocket, &addr);
1049 if (result != ISC_R_SUCCESS)
1050 goto cleanup_socket;
1054 * A dispatch will be created once the connect succeeds.
1057 isc_sockaddr_t localaddr;
1058 unsigned int attrs, attrmask;
1059 dns_dispatch_t *disp_base;
1062 attrs |= DNS_DISPATCHATTR_UDP;
1063 attrs |= DNS_DISPATCHATTR_RANDOMPORT;
1066 attrmask |= DNS_DISPATCHATTR_UDP;
1067 attrmask |= DNS_DISPATCHATTR_TCP;
1068 attrmask |= DNS_DISPATCHATTR_IPV4;
1069 attrmask |= DNS_DISPATCHATTR_IPV6;
1071 switch (isc_sockaddr_pf(&addrinfo->sockaddr)) {
1073 disp_base = res->dispatchv4;
1074 attrs |= DNS_DISPATCHATTR_IPV4;
1077 disp_base = res->dispatchv6;
1078 attrs |= DNS_DISPATCHATTR_IPV6;
1081 result = ISC_R_NOTIMPLEMENTED;
1085 result = dns_dispatch_getlocaladdress(disp_base, &localaddr);
1086 if (result != ISC_R_SUCCESS)
1088 if (isc_sockaddr_getport(&localaddr) == 0) {
1089 result = dns_dispatch_getudp(res->dispatchmgr,
1097 if (result != ISC_R_SUCCESS)
1100 dns_dispatch_attach(disp_base, &query->dispatch);
1102 * We should always have a valid dispatcher here. If we
1103 * don't support a protocol family, then its dispatcher
1104 * will be NULL, but we shouldn't be finding addresses for
1105 * protocol types we don't support, so the dispatcher
1106 * we found should never be NULL.
1108 INSIST(query->dispatch != NULL);
1111 query->dispentry = NULL;
1114 query->tsigkey = NULL;
1115 ISC_LINK_INIT(query, link);
1116 query->magic = QUERY_MAGIC;
1118 if ((query->options & DNS_FETCHOPT_TCP) != 0) {
1120 * Connect to the remote server.
1122 * XXXRTH Should we attach to the socket?
1124 result = isc_socket_connect(query->tcpsocket,
1125 &addrinfo->sockaddr, task,
1126 resquery_connected, query);
1127 if (result != ISC_R_SUCCESS)
1128 goto cleanup_socket;
1130 QTRACE("connecting via TCP");
1132 result = resquery_send(query);
1133 if (result != ISC_R_SUCCESS)
1134 goto cleanup_dispatch;
1137 ISC_LIST_APPEND(fctx->queries, query, link);
1138 query->fctx->nqueries++;
1140 return (ISC_R_SUCCESS);
1143 isc_socket_detach(&query->tcpsocket);
1146 if (query->dispatch != NULL)
1147 dns_dispatch_detach(&query->dispatch);
1151 isc_mem_put(res->mctx, query, sizeof(*query));
1154 RUNTIME_CHECK(fctx_stopidletimer(fctx) == ISC_R_SUCCESS);
1160 resquery_send(resquery_t *query) {
1162 isc_result_t result;
1163 dns_name_t *qname = NULL;
1164 dns_rdataset_t *qrdataset = NULL;
1166 dns_resolver_t *res;
1168 isc_socket_t *socket;
1169 isc_buffer_t tcpbuffer;
1170 isc_sockaddr_t *address;
1171 isc_buffer_t *buffer;
1172 isc_netaddr_t ipaddr;
1173 dns_tsigkey_t *tsigkey = NULL;
1174 dns_peer_t *peer = NULL;
1175 isc_boolean_t useedns;
1176 dns_compress_t cctx;
1177 isc_boolean_t cleanup_cctx = ISC_FALSE;
1178 isc_boolean_t secure_domain;
1184 task = res->buckets[fctx->bucketnum].task;
1187 if ((query->options & DNS_FETCHOPT_TCP) != 0) {
1189 * Reserve space for the TCP message length.
1191 isc_buffer_init(&tcpbuffer, query->data, sizeof(query->data));
1192 isc_buffer_init(&query->buffer, query->data + 2,
1193 sizeof(query->data) - 2);
1194 buffer = &tcpbuffer;
1196 isc_buffer_init(&query->buffer, query->data,
1197 sizeof(query->data));
1198 buffer = &query->buffer;
1201 result = dns_message_gettempname(fctx->qmessage, &qname);
1202 if (result != ISC_R_SUCCESS)
1204 result = dns_message_gettemprdataset(fctx->qmessage, &qrdataset);
1205 if (result != ISC_R_SUCCESS)
1209 * Get a query id from the dispatch.
1211 result = dns_dispatch_addresponse(query->dispatch,
1212 &query->addrinfo->sockaddr,
1218 if (result != ISC_R_SUCCESS)
1221 fctx->qmessage->opcode = dns_opcode_query;
1226 dns_name_init(qname, NULL);
1227 dns_name_clone(&fctx->name, qname);
1228 dns_rdataset_init(qrdataset);
1229 dns_rdataset_makequestion(qrdataset, res->rdclass, fctx->type);
1230 ISC_LIST_APPEND(qname->list, qrdataset, link);
1231 dns_message_addname(fctx->qmessage, qname, DNS_SECTION_QUESTION);
1236 * Set RD if the client has requested that we do a recursive query,
1237 * or if we're sending to a forwarder.
1239 if ((query->options & DNS_FETCHOPT_RECURSIVE) != 0 ||
1240 ISFORWARDER(query->addrinfo))
1241 fctx->qmessage->flags |= DNS_MESSAGEFLAG_RD;
1244 * Set CD if the client says don't validate or the question is
1245 * under a secure entry point.
1247 if ((query->options & DNS_FETCHOPT_NOVALIDATE) == 0) {
1248 result = dns_keytable_issecuredomain(res->view->secroots,
1251 if (result != ISC_R_SUCCESS)
1252 secure_domain = ISC_FALSE;
1253 if (res->view->dlv != NULL)
1254 secure_domain = ISC_TRUE;
1256 fctx->qmessage->flags |= DNS_MESSAGEFLAG_CD;
1258 fctx->qmessage->flags |= DNS_MESSAGEFLAG_CD;
1261 * We don't have to set opcode because it defaults to query.
1263 fctx->qmessage->id = query->id;
1266 * Convert the question to wire format.
1268 result = dns_compress_init(&cctx, -1, fctx->res->mctx);
1269 if (result != ISC_R_SUCCESS)
1270 goto cleanup_message;
1271 cleanup_cctx = ISC_TRUE;
1273 result = dns_message_renderbegin(fctx->qmessage, &cctx,
1275 if (result != ISC_R_SUCCESS)
1276 goto cleanup_message;
1278 result = dns_message_rendersection(fctx->qmessage,
1279 DNS_SECTION_QUESTION, 0);
1280 if (result != ISC_R_SUCCESS)
1281 goto cleanup_message;
1284 isc_netaddr_fromsockaddr(&ipaddr, &query->addrinfo->sockaddr);
1285 (void) dns_peerlist_peerbyaddr(fctx->res->view->peers, &ipaddr, &peer);
1288 * The ADB does not know about servers with "edns no". Check this,
1289 * and then inform the ADB for future use.
1291 if ((query->addrinfo->flags & DNS_FETCHOPT_NOEDNS0) == 0 &&
1293 dns_peer_getsupportedns(peer, &useedns) == ISC_R_SUCCESS &&
1296 query->options |= DNS_FETCHOPT_NOEDNS0;
1297 dns_adb_changeflags(fctx->adb,
1299 DNS_FETCHOPT_NOEDNS0,
1300 DNS_FETCHOPT_NOEDNS0);
1304 * Use EDNS0, unless the caller doesn't want it, or we know that
1305 * the remote server doesn't like it.
1307 if (fctx->timeouts >= MAX_EDNS0_TIMEOUTS &&
1308 (query->options & DNS_FETCHOPT_NOEDNS0) == 0) {
1309 query->options |= DNS_FETCHOPT_NOEDNS0;
1310 FCTXTRACE("too many timeouts, disabling EDNS0");
1313 if ((query->options & DNS_FETCHOPT_NOEDNS0) == 0) {
1314 if ((query->addrinfo->flags & DNS_FETCHOPT_NOEDNS0) == 0) {
1315 result = fctx_addopt(fctx->qmessage, res);
1316 if (result != ISC_R_SUCCESS) {
1318 * We couldn't add the OPT, but we'll press on.
1319 * We're not using EDNS0, so set the NOEDNS0
1322 query->options |= DNS_FETCHOPT_NOEDNS0;
1326 * We know this server doesn't like EDNS0, so we
1327 * won't use it. Set the NOEDNS0 bit since we're
1330 query->options |= DNS_FETCHOPT_NOEDNS0;
1335 * If we need EDNS0 to do this query and aren't using it, we lose.
1337 if (NEEDEDNS0(fctx) && (query->options & DNS_FETCHOPT_NOEDNS0) != 0) {
1338 result = DNS_R_SERVFAIL;
1339 goto cleanup_message;
1343 * Clear CD if EDNS is not in use.
1345 if ((query->options & DNS_FETCHOPT_NOEDNS0) != 0)
1346 fctx->qmessage->flags &= ~DNS_MESSAGEFLAG_CD;
1349 * Add TSIG record tailored to the current recipient.
1351 result = dns_view_getpeertsig(fctx->res->view, &ipaddr, &tsigkey);
1352 if (result != ISC_R_SUCCESS && result != ISC_R_NOTFOUND)
1353 goto cleanup_message;
1355 if (tsigkey != NULL) {
1356 result = dns_message_settsigkey(fctx->qmessage, tsigkey);
1357 dns_tsigkey_detach(&tsigkey);
1358 if (result != ISC_R_SUCCESS)
1359 goto cleanup_message;
1362 result = dns_message_rendersection(fctx->qmessage,
1363 DNS_SECTION_ADDITIONAL, 0);
1364 if (result != ISC_R_SUCCESS)
1365 goto cleanup_message;
1367 result = dns_message_renderend(fctx->qmessage);
1368 if (result != ISC_R_SUCCESS)
1369 goto cleanup_message;
1371 dns_compress_invalidate(&cctx);
1372 cleanup_cctx = ISC_FALSE;
1374 if (dns_message_gettsigkey(fctx->qmessage) != NULL) {
1375 dns_tsigkey_attach(dns_message_gettsigkey(fctx->qmessage),
1377 result = dns_message_getquerytsig(fctx->qmessage,
1380 if (result != ISC_R_SUCCESS)
1381 goto cleanup_message;
1385 * If using TCP, write the length of the message at the beginning
1388 if ((query->options & DNS_FETCHOPT_TCP) != 0) {
1389 isc_buffer_usedregion(&query->buffer, &r);
1390 isc_buffer_putuint16(&tcpbuffer, (isc_uint16_t)r.length);
1391 isc_buffer_add(&tcpbuffer, r.length);
1395 * We're now done with the query message.
1397 dns_message_reset(fctx->qmessage, DNS_MESSAGE_INTENTRENDER);
1399 socket = dns_dispatch_getsocket(query->dispatch);
1403 if ((query->options & DNS_FETCHOPT_TCP) == 0)
1404 address = &query->addrinfo->sockaddr;
1405 isc_buffer_usedregion(buffer, &r);
1408 * XXXRTH Make sure we don't send to ourselves! We should probably
1409 * prune out these addresses when we get them from the ADB.
1411 result = isc_socket_sendto(socket, &r, task, resquery_senddone,
1412 query, address, NULL);
1413 if (result != ISC_R_SUCCESS)
1414 goto cleanup_message;
1418 return (ISC_R_SUCCESS);
1422 dns_compress_invalidate(&cctx);
1424 dns_message_reset(fctx->qmessage, DNS_MESSAGE_INTENTRENDER);
1427 * Stop the dispatcher from listening.
1429 dns_dispatch_removeresponse(&query->dispentry, NULL);
1433 dns_message_puttempname(fctx->qmessage, &qname);
1434 if (qrdataset != NULL)
1435 dns_message_puttemprdataset(fctx->qmessage, &qrdataset);
1441 resquery_connected(isc_task_t *task, isc_event_t *event) {
1442 isc_socketevent_t *sevent = (isc_socketevent_t *)event;
1443 resquery_t *query = event->ev_arg;
1444 isc_boolean_t retry = ISC_FALSE;
1445 isc_result_t result;
1449 REQUIRE(event->ev_type == ISC_SOCKEVENT_CONNECT);
1450 REQUIRE(VALID_QUERY(query));
1452 QTRACE("connected");
1459 * Currently we don't wait for the connect event before retrying
1460 * a query. This means that if we get really behind, we may end
1461 * up doing extra work!
1467 if (RESQUERY_CANCELED(query)) {
1469 * This query was canceled while the connect() was in
1472 isc_socket_detach(&query->tcpsocket);
1473 resquery_destroy(&query);
1475 switch (sevent->result) {
1478 * We are connected. Create a dispatcher and
1482 attrs |= DNS_DISPATCHATTR_TCP;
1483 attrs |= DNS_DISPATCHATTR_PRIVATE;
1484 attrs |= DNS_DISPATCHATTR_CONNECTED;
1485 if (isc_sockaddr_pf(&query->addrinfo->sockaddr) ==
1487 attrs |= DNS_DISPATCHATTR_IPV4;
1489 attrs |= DNS_DISPATCHATTR_IPV6;
1490 attrs |= DNS_DISPATCHATTR_MAKEQUERY;
1492 result = dns_dispatch_createtcp(query->dispatchmgr,
1494 query->fctx->res->taskmgr,
1495 4096, 2, 1, 1, 3, attrs,
1499 * Regardless of whether dns_dispatch_create()
1500 * succeeded or not, we don't need our reference
1501 * to the socket anymore.
1503 isc_socket_detach(&query->tcpsocket);
1505 if (result == ISC_R_SUCCESS)
1506 result = resquery_send(query);
1508 if (result != ISC_R_SUCCESS) {
1509 fctx_cancelquery(&query, NULL, NULL,
1511 fctx_done(fctx, result);
1515 case ISC_R_NETUNREACH:
1516 case ISC_R_HOSTUNREACH:
1517 case ISC_R_CONNREFUSED:
1519 case ISC_R_ADDRNOTAVAIL:
1520 case ISC_R_CONNECTIONRESET:
1522 * No route to remote.
1524 isc_socket_detach(&query->tcpsocket);
1525 fctx_cancelquery(&query, NULL, NULL, ISC_TRUE);
1530 isc_socket_detach(&query->tcpsocket);
1531 fctx_cancelquery(&query, NULL, NULL, ISC_FALSE);
1536 isc_event_free(&event);
1540 * Behave as if the idle timer has expired. For TCP
1541 * connections this may not actually reflect the latest timer.
1543 fctx->attributes &= ~FCTX_ATTR_ADDRWAIT;
1544 result = fctx_stopidletimer(fctx);
1545 if (result != ISC_R_SUCCESS)
1546 fctx_done(fctx, result);
1553 fctx_finddone(isc_task_t *task, isc_event_t *event) {
1555 dns_adbfind_t *find;
1556 dns_resolver_t *res;
1557 isc_boolean_t want_try = ISC_FALSE;
1558 isc_boolean_t want_done = ISC_FALSE;
1559 isc_boolean_t bucket_empty = ISC_FALSE;
1560 unsigned int bucketnum;
1562 find = event->ev_sender;
1563 fctx = event->ev_arg;
1564 REQUIRE(VALID_FCTX(fctx));
1569 FCTXTRACE("finddone");
1571 INSIST(fctx->pending > 0);
1574 if (ADDRWAIT(fctx)) {
1576 * The fetch is waiting for a name to be found.
1578 INSIST(!SHUTTINGDOWN(fctx));
1579 fctx->attributes &= ~FCTX_ATTR_ADDRWAIT;
1580 if (event->ev_type == DNS_EVENT_ADBMOREADDRESSES)
1581 want_try = ISC_TRUE;
1582 else if (fctx->pending == 0) {
1584 * We've got nothing else to wait for and don't
1585 * know the answer. There's nothing to do but
1588 want_done = ISC_TRUE;
1590 } else if (SHUTTINGDOWN(fctx) && fctx->pending == 0 &&
1591 fctx->nqueries == 0 && ISC_LIST_EMPTY(fctx->validators)) {
1592 bucketnum = fctx->bucketnum;
1593 LOCK(&res->buckets[bucketnum].lock);
1595 * Note that we had to wait until we had the lock before
1596 * looking at fctx->references.
1598 if (fctx->references == 0)
1599 bucket_empty = fctx_destroy(fctx);
1600 UNLOCK(&res->buckets[bucketnum].lock);
1603 isc_event_free(&event);
1604 dns_adb_destroyfind(&find);
1609 fctx_done(fctx, ISC_R_FAILURE);
1610 else if (bucket_empty)
1615 static inline isc_boolean_t
1616 bad_server(fetchctx_t *fctx, isc_sockaddr_t *address) {
1619 for (sa = ISC_LIST_HEAD(fctx->bad);
1621 sa = ISC_LIST_NEXT(sa, link)) {
1622 if (isc_sockaddr_equal(sa, address))
1629 static inline isc_boolean_t
1630 mark_bad(fetchctx_t *fctx) {
1631 dns_adbfind_t *curr;
1632 dns_adbaddrinfo_t *addrinfo;
1633 isc_boolean_t all_bad = ISC_TRUE;
1636 * Mark all known bad servers, so we don't try to talk to them
1641 * Mark any bad nameservers.
1643 for (curr = ISC_LIST_HEAD(fctx->finds);
1645 curr = ISC_LIST_NEXT(curr, publink)) {
1646 for (addrinfo = ISC_LIST_HEAD(curr->list);
1648 addrinfo = ISC_LIST_NEXT(addrinfo, publink)) {
1649 if (bad_server(fctx, &addrinfo->sockaddr))
1650 addrinfo->flags |= FCTX_ADDRINFO_MARK;
1652 all_bad = ISC_FALSE;
1657 * Mark any bad forwarders.
1659 for (addrinfo = ISC_LIST_HEAD(fctx->forwaddrs);
1661 addrinfo = ISC_LIST_NEXT(addrinfo, publink)) {
1662 if (bad_server(fctx, &addrinfo->sockaddr))
1663 addrinfo->flags |= FCTX_ADDRINFO_MARK;
1665 all_bad = ISC_FALSE;
1669 * Mark any bad alternates.
1671 for (curr = ISC_LIST_HEAD(fctx->altfinds);
1673 curr = ISC_LIST_NEXT(curr, publink)) {
1674 for (addrinfo = ISC_LIST_HEAD(curr->list);
1676 addrinfo = ISC_LIST_NEXT(addrinfo, publink)) {
1677 if (bad_server(fctx, &addrinfo->sockaddr))
1678 addrinfo->flags |= FCTX_ADDRINFO_MARK;
1680 all_bad = ISC_FALSE;
1684 for (addrinfo = ISC_LIST_HEAD(fctx->altaddrs);
1686 addrinfo = ISC_LIST_NEXT(addrinfo, publink)) {
1687 if (bad_server(fctx, &addrinfo->sockaddr))
1688 addrinfo->flags |= FCTX_ADDRINFO_MARK;
1690 all_bad = ISC_FALSE;
1697 add_bad(fetchctx_t *fctx, isc_sockaddr_t *address, isc_result_t reason) {
1698 char namebuf[DNS_NAME_FORMATSIZE];
1699 char addrbuf[ISC_SOCKADDR_FORMATSIZE];
1705 const char *sep1, *sep2;
1707 if (bad_server(fctx, address)) {
1709 * We already know this server is bad.
1714 FCTXTRACE("add_bad");
1716 sa = isc_mem_get(fctx->res->mctx, sizeof(*sa));
1720 ISC_LIST_INITANDAPPEND(fctx->bad, sa, link);
1722 if (reason == DNS_R_LAME) /* already logged */
1725 if (reason == DNS_R_UNEXPECTEDRCODE) {
1726 isc_buffer_init(&b, code, sizeof(code) - 1);
1727 dns_rcode_totext(fctx->rmessage->rcode, &b);
1728 code[isc_buffer_usedlength(&b)] = '\0';
1731 } else if (reason == DNS_R_UNEXPECTEDOPCODE) {
1732 isc_buffer_init(&b, code, sizeof(code) - 1);
1733 dns_opcode_totext((dns_opcode_t)fctx->rmessage->opcode, &b);
1734 code[isc_buffer_usedlength(&b)] = '\0';
1742 dns_name_format(&fctx->name, namebuf, sizeof(namebuf));
1743 dns_rdatatype_format(fctx->type, typebuf, sizeof(typebuf));
1744 dns_rdataclass_format(fctx->res->rdclass, classbuf, sizeof(classbuf));
1745 isc_sockaddr_format(address, addrbuf, sizeof(addrbuf));
1746 isc_log_write(dns_lctx, DNS_LOGCATEGORY_LAME_SERVERS,
1747 DNS_LOGMODULE_RESOLVER, ISC_LOG_INFO,
1748 "%s %s%s%sresolving '%s/%s/%s': %s",
1749 dns_result_totext(reason), sep1, code, sep2,
1750 namebuf, typebuf, classbuf, addrbuf);
1754 sort_adbfind(dns_adbfind_t *find) {
1755 dns_adbaddrinfo_t *best, *curr;
1756 dns_adbaddrinfolist_t sorted;
1759 * Lame N^2 bubble sort.
1762 ISC_LIST_INIT(sorted);
1763 while (!ISC_LIST_EMPTY(find->list)) {
1764 best = ISC_LIST_HEAD(find->list);
1765 curr = ISC_LIST_NEXT(best, publink);
1766 while (curr != NULL) {
1767 if (curr->srtt < best->srtt)
1769 curr = ISC_LIST_NEXT(curr, publink);
1771 ISC_LIST_UNLINK(find->list, best, publink);
1772 ISC_LIST_APPEND(sorted, best, publink);
1774 find->list = sorted;
1778 sort_finds(fetchctx_t *fctx) {
1779 dns_adbfind_t *best, *curr;
1780 dns_adbfindlist_t sorted;
1781 dns_adbaddrinfo_t *addrinfo, *bestaddrinfo;
1784 * Lame N^2 bubble sort.
1787 ISC_LIST_INIT(sorted);
1788 while (!ISC_LIST_EMPTY(fctx->finds)) {
1789 best = ISC_LIST_HEAD(fctx->finds);
1790 bestaddrinfo = ISC_LIST_HEAD(best->list);
1791 INSIST(bestaddrinfo != NULL);
1792 curr = ISC_LIST_NEXT(best, publink);
1793 while (curr != NULL) {
1794 addrinfo = ISC_LIST_HEAD(curr->list);
1795 INSIST(addrinfo != NULL);
1796 if (addrinfo->srtt < bestaddrinfo->srtt) {
1798 bestaddrinfo = addrinfo;
1800 curr = ISC_LIST_NEXT(curr, publink);
1802 ISC_LIST_UNLINK(fctx->finds, best, publink);
1803 ISC_LIST_APPEND(sorted, best, publink);
1805 fctx->finds = sorted;
1807 ISC_LIST_INIT(sorted);
1808 while (!ISC_LIST_EMPTY(fctx->altfinds)) {
1809 best = ISC_LIST_HEAD(fctx->altfinds);
1810 bestaddrinfo = ISC_LIST_HEAD(best->list);
1811 INSIST(bestaddrinfo != NULL);
1812 curr = ISC_LIST_NEXT(best, publink);
1813 while (curr != NULL) {
1814 addrinfo = ISC_LIST_HEAD(curr->list);
1815 INSIST(addrinfo != NULL);
1816 if (addrinfo->srtt < bestaddrinfo->srtt) {
1818 bestaddrinfo = addrinfo;
1820 curr = ISC_LIST_NEXT(curr, publink);
1822 ISC_LIST_UNLINK(fctx->altfinds, best, publink);
1823 ISC_LIST_APPEND(sorted, best, publink);
1825 fctx->altfinds = sorted;
1829 findname(fetchctx_t *fctx, dns_name_t *name, in_port_t port,
1830 unsigned int options, unsigned int flags, isc_stdtime_t now,
1831 isc_boolean_t *pruned, isc_boolean_t *need_alternate)
1833 dns_adbaddrinfo_t *ai;
1834 dns_adbfind_t *find;
1835 dns_resolver_t *res;
1836 isc_boolean_t unshared;
1837 isc_result_t result;
1840 unshared = ISC_TF((fctx->options | DNS_FETCHOPT_UNSHARED) != 0);
1842 * If this name is a subdomain of the query domain, tell
1843 * the ADB to start looking using zone/hint data. This keeps us
1844 * from getting stuck if the nameserver is beneath the zone cut
1845 * and we don't know its address (e.g. because the A record has
1848 if (dns_name_issubdomain(name, &fctx->domain))
1849 options |= DNS_ADBFIND_STARTATZONE;
1850 options |= DNS_ADBFIND_GLUEOK;
1851 options |= DNS_ADBFIND_HINTOK;
1854 * See what we know about this address.
1857 result = dns_adb_createfind(fctx->adb,
1858 res->buckets[fctx->bucketnum].task,
1859 fctx_finddone, fctx, name,
1860 &fctx->domain, options, now, NULL,
1861 res->view->dstport, &find);
1862 if (result != ISC_R_SUCCESS) {
1863 if (result == DNS_R_ALIAS) {
1865 * XXXRTH Follow the CNAME/DNAME chain?
1867 dns_adb_destroyfind(&find);
1869 } else if (!ISC_LIST_EMPTY(find->list)) {
1871 * We have at least some of the addresses for the
1874 INSIST((find->options & DNS_ADBFIND_WANTEVENT) == 0);
1876 if (flags != 0 || port != 0) {
1877 for (ai = ISC_LIST_HEAD(find->list);
1879 ai = ISC_LIST_NEXT(ai, publink)) {
1882 isc_sockaddr_setport(&ai->sockaddr,
1886 if ((flags & FCTX_ADDRINFO_FORWARDER) != 0)
1887 ISC_LIST_APPEND(fctx->altfinds, find, publink);
1889 ISC_LIST_APPEND(fctx->finds, find, publink);
1892 * We don't know any of the addresses for this
1895 if ((find->options & DNS_ADBFIND_WANTEVENT) != 0) {
1897 * We're looking for them and will get an
1898 * event about it later.
1904 if (need_alternate != NULL &&
1905 !*need_alternate && unshared &&
1906 ((res->dispatchv4 == NULL &&
1907 find->result_v6 != DNS_R_NXDOMAIN) ||
1908 (res->dispatchv6 == NULL &&
1909 find->result_v4 != DNS_R_NXDOMAIN)))
1910 *need_alternate = ISC_TRUE;
1913 * If we know there are no addresses for
1914 * the family we are using then try to add
1915 * an alternative server.
1917 if (need_alternate != NULL && !*need_alternate &&
1918 ((res->dispatchv4 == NULL &&
1919 find->result_v6 == DNS_R_NXRRSET) ||
1920 (res->dispatchv6 == NULL &&
1921 find->result_v4 == DNS_R_NXRRSET)))
1922 *need_alternate = ISC_TRUE;
1924 * And ADB isn't going to send us any events
1925 * either. This find loses.
1927 if ((find->options & DNS_ADBFIND_LAMEPRUNED) != 0) {
1929 * The ADB pruned lame servers for
1930 * this name. Remember that in case
1931 * we get desperate later on.
1935 dns_adb_destroyfind(&find);
1941 fctx_getaddresses(fetchctx_t *fctx) {
1942 dns_rdata_t rdata = DNS_RDATA_INIT;
1943 isc_result_t result;
1944 dns_resolver_t *res;
1946 unsigned int stdoptions;
1948 dns_adbaddrinfo_t *ai;
1949 isc_boolean_t pruned, all_bad;
1951 isc_boolean_t need_alternate = ISC_FALSE;
1953 FCTXTRACE("getaddresses");
1956 * Don't pound on remote servers. (Failsafe!)
1959 if (fctx->restarts > 10) {
1960 FCTXTRACE("too many restarts");
1961 return (DNS_R_SERVFAIL);
1966 stdoptions = 0; /* Keep compiler happy. */
1972 INSIST(ISC_LIST_EMPTY(fctx->forwaddrs));
1973 INSIST(ISC_LIST_EMPTY(fctx->altaddrs));
1976 * If this fctx has forwarders, use them; otherwise use any
1977 * selective forwarders specified in the view; otherwise use the
1978 * resolver's forwarders (if any).
1980 sa = ISC_LIST_HEAD(fctx->forwarders);
1982 dns_forwarders_t *forwarders = NULL;
1983 dns_name_t *name = &fctx->name;
1985 unsigned int labels;
1988 * DS records are found in the parent server.
1989 * Strip label to get the correct forwarder (if any).
1991 if (fctx->type == dns_rdatatype_ds &&
1992 dns_name_countlabels(name) > 1) {
1993 dns_name_init(&suffix, NULL);
1994 labels = dns_name_countlabels(name);
1995 dns_name_getlabelsequence(name, 1, labels - 1, &suffix);
1998 result = dns_fwdtable_find(fctx->res->view->fwdtable, name,
2000 if (result == ISC_R_SUCCESS) {
2001 sa = ISC_LIST_HEAD(forwarders->addrs);
2002 fctx->fwdpolicy = forwarders->fwdpolicy;
2006 while (sa != NULL) {
2008 result = dns_adb_findaddrinfo(fctx->adb,
2009 sa, &ai, 0); /* XXXMLG */
2010 if (result == ISC_R_SUCCESS) {
2011 dns_adbaddrinfo_t *cur;
2012 ai->flags |= FCTX_ADDRINFO_FORWARDER;
2013 cur = ISC_LIST_HEAD(fctx->forwaddrs);
2014 while (cur != NULL && cur->srtt < ai->srtt)
2015 cur = ISC_LIST_NEXT(cur, publink);
2017 ISC_LIST_INSERTBEFORE(fctx->forwaddrs, cur,
2020 ISC_LIST_APPEND(fctx->forwaddrs, ai, publink);
2022 sa = ISC_LIST_NEXT(sa, link);
2026 * If the forwarding policy is "only", we don't need the addresses
2027 * of the nameservers.
2029 if (fctx->fwdpolicy == dns_fwdpolicy_only)
2033 * Normal nameservers.
2036 stdoptions = DNS_ADBFIND_WANTEVENT | DNS_ADBFIND_EMPTYEVENT;
2037 if (fctx->restarts == 1) {
2039 * To avoid sending out a flood of queries likely to
2040 * result in NXRRSET, we suppress fetches for address
2041 * families we don't have the first time through,
2042 * provided that we have addresses in some family we
2045 * We don't want to set this option all the time, since
2046 * if fctx->restarts > 1, we've clearly been having trouble
2047 * with the addresses we had, so getting more could help.
2049 stdoptions |= DNS_ADBFIND_AVOIDFETCHES;
2051 if (res->dispatchv4 != NULL)
2052 stdoptions |= DNS_ADBFIND_INET;
2053 if (res->dispatchv6 != NULL)
2054 stdoptions |= DNS_ADBFIND_INET6;
2055 isc_stdtime_get(&now);
2058 INSIST(ISC_LIST_EMPTY(fctx->finds));
2059 INSIST(ISC_LIST_EMPTY(fctx->altfinds));
2061 for (result = dns_rdataset_first(&fctx->nameservers);
2062 result == ISC_R_SUCCESS;
2063 result = dns_rdataset_next(&fctx->nameservers))
2065 dns_rdataset_current(&fctx->nameservers, &rdata);
2067 * Extract the name from the NS record.
2069 result = dns_rdata_tostruct(&rdata, &ns, NULL);
2070 if (result != ISC_R_SUCCESS)
2073 findname(fctx, &ns.name, 0, stdoptions, 0, now,
2074 &pruned, &need_alternate);
2075 dns_rdata_reset(&rdata);
2076 dns_rdata_freestruct(&ns);
2078 if (result != ISC_R_NOMORE)
2082 * Do we need to use 6 to 4?
2084 if (need_alternate) {
2087 family = (res->dispatchv6 != NULL) ? AF_INET6 : AF_INET;
2088 for (a = ISC_LIST_HEAD(fctx->res->alternates);
2090 a = ISC_LIST_NEXT(a, link)) {
2091 if (!a->isaddress) {
2092 findname(fctx, &a->_u._n.name, a->_u._n.port,
2093 stdoptions, FCTX_ADDRINFO_FORWARDER,
2094 now, &pruned, NULL);
2097 if (isc_sockaddr_pf(&a->_u.addr) != family)
2100 result = dns_adb_findaddrinfo(fctx->adb, &a->_u.addr,
2102 if (result == ISC_R_SUCCESS) {
2103 dns_adbaddrinfo_t *cur;
2104 ai->flags |= FCTX_ADDRINFO_FORWARDER;
2105 cur = ISC_LIST_HEAD(fctx->altaddrs);
2106 while (cur != NULL && cur->srtt < ai->srtt)
2107 cur = ISC_LIST_NEXT(cur, publink);
2109 ISC_LIST_INSERTBEFORE(fctx->altaddrs,
2112 ISC_LIST_APPEND(fctx->altaddrs, ai,
2120 * Mark all known bad servers.
2122 all_bad = mark_bad(fctx);
2129 * We've got no addresses.
2131 if (fctx->pending > 0) {
2133 * We're fetching the addresses, but don't have any
2134 * yet. Tell the caller to wait for an answer.
2136 result = DNS_R_WAIT;
2137 } else if (pruned) {
2139 * Some addresses were removed by lame pruning.
2140 * Turn pruning off and try again.
2142 FCTXTRACE("restarting with returnlame");
2143 INSIST((stdoptions & DNS_ADBFIND_RETURNLAME) == 0);
2144 stdoptions |= DNS_ADBFIND_RETURNLAME;
2146 fctx_cleanupaltfinds(fctx);
2147 fctx_cleanupfinds(fctx);
2151 * We've lost completely. We don't know any
2152 * addresses, and the ADB has told us it can't get
2155 FCTXTRACE("no addresses");
2156 result = ISC_R_FAILURE;
2160 * We've found some addresses. We might still be looking
2161 * for more addresses.
2164 result = ISC_R_SUCCESS;
2171 possibly_mark(fetchctx_t *fctx, dns_adbaddrinfo_t *addr)
2174 char buf[ISC_NETADDR_FORMATSIZE];
2176 isc_boolean_t aborted = ISC_FALSE;
2177 isc_boolean_t bogus;
2178 dns_acl_t *blackhole;
2179 isc_netaddr_t ipaddr;
2180 dns_peer_t *peer = NULL;
2181 dns_resolver_t *res;
2182 const char *msg = NULL;
2184 sa = &addr->sockaddr;
2187 isc_netaddr_fromsockaddr(&ipaddr, sa);
2188 blackhole = dns_dispatchmgr_getblackhole(res->dispatchmgr);
2189 (void) dns_peerlist_peerbyaddr(res->view->peers, &ipaddr, &peer);
2191 if (blackhole != NULL) {
2194 if (dns_acl_match(&ipaddr, NULL, blackhole,
2196 &match, NULL) == ISC_R_SUCCESS &&
2202 dns_peer_getbogus(peer, &bogus) == ISC_R_SUCCESS &&
2207 addr->flags |= FCTX_ADDRINFO_MARK;
2208 msg = "ignoring blackholed / bogus server: ";
2209 } else if (isc_sockaddr_ismulticast(sa)) {
2210 addr->flags |= FCTX_ADDRINFO_MARK;
2211 msg = "ignoring multicast address: ";
2212 } else if (isc_sockaddr_isexperimental(sa)) {
2213 addr->flags |= FCTX_ADDRINFO_MARK;
2214 msg = "ignoring experimental address: ";
2215 } else if (sa->type.sa.sa_family != AF_INET6) {
2217 } else if (IN6_IS_ADDR_V4MAPPED(&sa->type.sin6.sin6_addr)) {
2218 addr->flags |= FCTX_ADDRINFO_MARK;
2219 msg = "ignoring IPv6 mapped IPV4 address: ";
2220 } else if (IN6_IS_ADDR_V4COMPAT(&sa->type.sin6.sin6_addr)) {
2221 addr->flags |= FCTX_ADDRINFO_MARK;
2222 msg = "ignoring IPv6 compatibility IPV4 address: ";
2226 if (!isc_log_wouldlog(dns_lctx, ISC_LOG_DEBUG(3)))
2229 isc_netaddr_fromsockaddr(&na, sa);
2230 isc_netaddr_format(&na, buf, sizeof(buf));
2231 FCTXTRACE2(msg, buf);
2234 static inline dns_adbaddrinfo_t *
2235 fctx_nextaddress(fetchctx_t *fctx) {
2236 dns_adbfind_t *find, *start;
2237 dns_adbaddrinfo_t *addrinfo;
2238 dns_adbaddrinfo_t *faddrinfo;
2241 * Return the next untried address, if any.
2245 * Find the first unmarked forwarder (if any).
2247 for (addrinfo = ISC_LIST_HEAD(fctx->forwaddrs);
2249 addrinfo = ISC_LIST_NEXT(addrinfo, publink)) {
2250 if (!UNMARKED(addrinfo))
2252 possibly_mark(fctx, addrinfo);
2253 if (UNMARKED(addrinfo)) {
2254 addrinfo->flags |= FCTX_ADDRINFO_MARK;
2261 * No forwarders. Move to the next find.
2264 fctx->attributes |= FCTX_ATTR_TRIEDFIND;
2268 find = ISC_LIST_HEAD(fctx->finds);
2270 find = ISC_LIST_NEXT(find, publink);
2272 find = ISC_LIST_HEAD(fctx->finds);
2276 * Find the first unmarked addrinfo.
2282 for (addrinfo = ISC_LIST_HEAD(find->list);
2284 addrinfo = ISC_LIST_NEXT(addrinfo, publink)) {
2285 if (!UNMARKED(addrinfo))
2287 possibly_mark(fctx, addrinfo);
2288 if (UNMARKED(addrinfo)) {
2289 addrinfo->flags |= FCTX_ADDRINFO_MARK;
2293 if (addrinfo != NULL)
2295 find = ISC_LIST_NEXT(find, publink);
2297 find = ISC_LIST_HEAD(fctx->finds);
2298 } while (find != start);
2302 if (addrinfo != NULL)
2306 * No nameservers left. Try alternates.
2309 fctx->attributes |= FCTX_ATTR_TRIEDALT;
2311 find = fctx->altfind;
2313 find = ISC_LIST_HEAD(fctx->altfinds);
2315 find = ISC_LIST_NEXT(find, publink);
2317 find = ISC_LIST_HEAD(fctx->altfinds);
2321 * Find the first unmarked addrinfo.
2327 for (addrinfo = ISC_LIST_HEAD(find->list);
2329 addrinfo = ISC_LIST_NEXT(addrinfo, publink)) {
2330 if (!UNMARKED(addrinfo))
2332 possibly_mark(fctx, addrinfo);
2333 if (UNMARKED(addrinfo)) {
2334 addrinfo->flags |= FCTX_ADDRINFO_MARK;
2338 if (addrinfo != NULL)
2340 find = ISC_LIST_NEXT(find, publink);
2342 find = ISC_LIST_HEAD(fctx->altfinds);
2343 } while (find != start);
2346 faddrinfo = addrinfo;
2349 * See if we have a better alternate server by address.
2352 for (addrinfo = ISC_LIST_HEAD(fctx->altaddrs);
2354 addrinfo = ISC_LIST_NEXT(addrinfo, publink)) {
2355 if (!UNMARKED(addrinfo))
2357 possibly_mark(fctx, addrinfo);
2358 if (UNMARKED(addrinfo) &&
2359 (faddrinfo == NULL ||
2360 addrinfo->srtt < faddrinfo->srtt)) {
2361 if (faddrinfo != NULL)
2362 faddrinfo->flags &= ~FCTX_ADDRINFO_MARK;
2363 addrinfo->flags |= FCTX_ADDRINFO_MARK;
2368 if (addrinfo == NULL) {
2369 addrinfo = faddrinfo;
2370 fctx->altfind = find;
2377 fctx_try(fetchctx_t *fctx) {
2378 isc_result_t result;
2379 dns_adbaddrinfo_t *addrinfo;
2383 REQUIRE(!ADDRWAIT(fctx));
2385 addrinfo = fctx_nextaddress(fctx);
2386 if (addrinfo == NULL) {
2388 * We have no more addresses. Start over.
2390 fctx_cancelqueries(fctx, ISC_TRUE);
2391 fctx_cleanupfinds(fctx);
2392 fctx_cleanupaltfinds(fctx);
2393 fctx_cleanupforwaddrs(fctx);
2394 fctx_cleanupaltaddrs(fctx);
2395 result = fctx_getaddresses(fctx);
2396 if (result == DNS_R_WAIT) {
2398 * Sleep waiting for addresses.
2400 FCTXTRACE("addrwait");
2401 fctx->attributes |= FCTX_ATTR_ADDRWAIT;
2403 } else if (result != ISC_R_SUCCESS) {
2405 * Something bad happened.
2407 fctx_done(fctx, result);
2411 addrinfo = fctx_nextaddress(fctx);
2413 * While we may have addresses from the ADB, they
2414 * might be bad ones. In this case, return SERVFAIL.
2416 if (addrinfo == NULL) {
2417 fctx_done(fctx, DNS_R_SERVFAIL);
2422 result = fctx_query(fctx, addrinfo, fctx->options);
2423 if (result != ISC_R_SUCCESS)
2424 fctx_done(fctx, result);
2427 static isc_boolean_t
2428 fctx_destroy(fetchctx_t *fctx) {
2429 dns_resolver_t *res;
2430 unsigned int bucketnum;
2431 isc_sockaddr_t *sa, *next_sa;
2434 * Caller must be holding the bucket lock.
2437 REQUIRE(VALID_FCTX(fctx));
2438 REQUIRE(fctx->state == fetchstate_done ||
2439 fctx->state == fetchstate_init);
2440 REQUIRE(ISC_LIST_EMPTY(fctx->events));
2441 REQUIRE(ISC_LIST_EMPTY(fctx->queries));
2442 REQUIRE(ISC_LIST_EMPTY(fctx->finds));
2443 REQUIRE(ISC_LIST_EMPTY(fctx->altfinds));
2444 REQUIRE(fctx->pending == 0);
2445 REQUIRE(fctx->references == 0);
2446 REQUIRE(ISC_LIST_EMPTY(fctx->validators));
2448 FCTXTRACE("destroy");
2451 bucketnum = fctx->bucketnum;
2453 ISC_LIST_UNLINK(res->buckets[bucketnum].fctxs, fctx, link);
2458 for (sa = ISC_LIST_HEAD(fctx->bad);
2461 next_sa = ISC_LIST_NEXT(sa, link);
2462 ISC_LIST_UNLINK(fctx->bad, sa, link);
2463 isc_mem_put(res->mctx, sa, sizeof(*sa));
2466 isc_timer_detach(&fctx->timer);
2467 dns_message_destroy(&fctx->rmessage);
2468 dns_message_destroy(&fctx->qmessage);
2469 if (dns_name_countlabels(&fctx->domain) > 0)
2470 dns_name_free(&fctx->domain, res->mctx);
2471 if (dns_rdataset_isassociated(&fctx->nameservers))
2472 dns_rdataset_disassociate(&fctx->nameservers);
2473 dns_name_free(&fctx->name, res->mctx);
2474 dns_db_detach(&fctx->cache);
2475 dns_adb_detach(&fctx->adb);
2476 isc_mem_free(res->mctx, fctx->info);
2477 isc_mem_put(res->mctx, fctx, sizeof(*fctx));
2481 UNLOCK(&res->nlock);
2483 if (res->buckets[bucketnum].exiting &&
2484 ISC_LIST_EMPTY(res->buckets[bucketnum].fctxs))
2491 * Fetch event handlers.
2495 fctx_timeout(isc_task_t *task, isc_event_t *event) {
2496 fetchctx_t *fctx = event->ev_arg;
2498 REQUIRE(VALID_FCTX(fctx));
2502 FCTXTRACE("timeout");
2504 if (event->ev_type == ISC_TIMEREVENT_LIFE) {
2505 fctx_done(fctx, ISC_R_TIMEDOUT);
2507 isc_result_t result;
2511 * We could cancel the running queries here, or we could let
2512 * them keep going. Right now we choose the latter...
2514 fctx->attributes &= ~FCTX_ATTR_ADDRWAIT;
2516 * Our timer has triggered. Reestablish the fctx lifetime
2519 result = fctx_starttimer(fctx);
2520 if (result != ISC_R_SUCCESS)
2521 fctx_done(fctx, result);
2529 isc_event_free(&event);
2533 fctx_shutdown(fetchctx_t *fctx) {
2534 isc_event_t *cevent;
2537 * Start the shutdown process for fctx, if it isn't already underway.
2540 FCTXTRACE("shutdown");
2543 * The caller must be holding the appropriate bucket lock.
2546 if (fctx->want_shutdown)
2549 fctx->want_shutdown = ISC_TRUE;
2552 * Unless we're still initializing (in which case the
2553 * control event is still outstanding), we need to post
2554 * the control event to tell the fetch we want it to
2557 if (fctx->state != fetchstate_init) {
2558 cevent = &fctx->control_event;
2559 isc_task_send(fctx->res->buckets[fctx->bucketnum].task,
2565 fctx_doshutdown(isc_task_t *task, isc_event_t *event) {
2566 fetchctx_t *fctx = event->ev_arg;
2567 isc_boolean_t bucket_empty = ISC_FALSE;
2568 dns_resolver_t *res;
2569 unsigned int bucketnum;
2570 dns_validator_t *validator;
2572 REQUIRE(VALID_FCTX(fctx));
2577 bucketnum = fctx->bucketnum;
2579 FCTXTRACE("doshutdown");
2582 * An fctx that is shutting down is no longer in ADDRWAIT mode.
2584 fctx->attributes &= ~FCTX_ATTR_ADDRWAIT;
2587 * Cancel all pending validators. Note that this must be done
2588 * without the bucket lock held, since that could cause deadlock.
2590 validator = ISC_LIST_HEAD(fctx->validators);
2591 while (validator != NULL) {
2592 dns_validator_cancel(validator);
2593 validator = ISC_LIST_NEXT(validator, link);
2596 if (fctx->nsfetch != NULL)
2597 dns_resolver_cancelfetch(fctx->nsfetch);
2600 * Shut down anything that is still running on behalf of this
2601 * fetch. To avoid deadlock with the ADB, we must do this
2602 * before we lock the bucket lock.
2604 fctx_stopeverything(fctx, ISC_FALSE);
2606 LOCK(&res->buckets[bucketnum].lock);
2608 fctx->attributes |= FCTX_ATTR_SHUTTINGDOWN;
2610 INSIST(fctx->state == fetchstate_active ||
2611 fctx->state == fetchstate_done);
2612 INSIST(fctx->want_shutdown);
2614 if (fctx->state != fetchstate_done) {
2615 fctx->state = fetchstate_done;
2616 fctx_sendevents(fctx, ISC_R_CANCELED);
2619 if (fctx->references == 0 && fctx->pending == 0 &&
2620 fctx->nqueries == 0 && ISC_LIST_EMPTY(fctx->validators))
2621 bucket_empty = fctx_destroy(fctx);
2623 UNLOCK(&res->buckets[bucketnum].lock);
2630 fctx_start(isc_task_t *task, isc_event_t *event) {
2631 fetchctx_t *fctx = event->ev_arg;
2632 isc_boolean_t done = ISC_FALSE, bucket_empty = ISC_FALSE;
2633 dns_resolver_t *res;
2634 unsigned int bucketnum;
2636 REQUIRE(VALID_FCTX(fctx));
2641 bucketnum = fctx->bucketnum;
2645 LOCK(&res->buckets[bucketnum].lock);
2647 INSIST(fctx->state == fetchstate_init);
2648 if (fctx->want_shutdown) {
2650 * We haven't started this fctx yet, and we've been requested
2653 fctx->attributes |= FCTX_ATTR_SHUTTINGDOWN;
2654 fctx->state = fetchstate_done;
2655 fctx_sendevents(fctx, ISC_R_CANCELED);
2657 * Since we haven't started, we INSIST that we have no
2658 * pending ADB finds and no pending validations.
2660 INSIST(fctx->pending == 0);
2661 INSIST(fctx->nqueries == 0);
2662 INSIST(ISC_LIST_EMPTY(fctx->validators));
2663 if (fctx->references == 0) {
2665 * It's now safe to destroy this fctx.
2667 bucket_empty = fctx_destroy(fctx);
2672 * Normal fctx startup.
2674 fctx->state = fetchstate_active;
2676 * Reset the control event for later use in shutting down
2679 ISC_EVENT_INIT(event, sizeof(*event), 0, NULL,
2680 DNS_EVENT_FETCHCONTROL, fctx_doshutdown, fctx,
2684 UNLOCK(&res->buckets[bucketnum].lock);
2687 isc_result_t result;
2690 * All is well. Start working on the fetch.
2692 result = fctx_starttimer(fctx);
2693 if (result != ISC_R_SUCCESS)
2694 fctx_done(fctx, result);
2697 } else if (bucket_empty)
2702 * Fetch Creation, Joining, and Cancelation.
2705 static inline isc_result_t
2706 fctx_join(fetchctx_t *fctx, isc_task_t *task, isc_taskaction_t action,
2707 void *arg, dns_rdataset_t *rdataset, dns_rdataset_t *sigrdataset,
2711 dns_fetchevent_t *event;
2716 * We store the task we're going to send this event to in the
2717 * sender field. We'll make the fetch the sender when we actually
2721 isc_task_attach(task, &clone);
2722 event = (dns_fetchevent_t *)
2723 isc_event_allocate(fctx->res->mctx, clone,
2724 DNS_EVENT_FETCHDONE,
2725 action, arg, sizeof(*event));
2726 if (event == NULL) {
2727 isc_task_detach(&clone);
2728 return (ISC_R_NOMEMORY);
2730 event->result = DNS_R_SERVFAIL;
2731 event->qtype = fctx->type;
2734 event->rdataset = rdataset;
2735 event->sigrdataset = sigrdataset;
2736 event->fetch = fetch;
2737 dns_fixedname_init(&event->foundname);
2740 * Make sure that we can store the sigrdataset in the
2741 * first event if it is needed by any of the events.
2743 if (event->sigrdataset != NULL)
2744 ISC_LIST_PREPEND(fctx->events, event, ev_link);
2746 ISC_LIST_APPEND(fctx->events, event, ev_link);
2749 fetch->magic = DNS_FETCH_MAGIC;
2750 fetch->private = fctx;
2752 return (ISC_R_SUCCESS);
2756 fctx_create(dns_resolver_t *res, dns_name_t *name, dns_rdatatype_t type,
2757 dns_name_t *domain, dns_rdataset_t *nameservers,
2758 unsigned int options, unsigned int bucketnum, fetchctx_t **fctxp)
2761 isc_result_t result;
2762 isc_result_t iresult;
2763 isc_interval_t interval;
2764 dns_fixedname_t fixed;
2765 unsigned int findoptions = 0;
2766 char buf[DNS_NAME_FORMATSIZE + DNS_RDATATYPE_FORMATSIZE];
2767 char typebuf[DNS_RDATATYPE_FORMATSIZE];
2771 * Caller must be holding the lock for bucket number 'bucketnum'.
2773 REQUIRE(fctxp != NULL && *fctxp == NULL);
2775 fctx = isc_mem_get(res->mctx, sizeof(*fctx));
2777 return (ISC_R_NOMEMORY);
2778 dns_name_format(name, buf, sizeof(buf));
2779 dns_rdatatype_format(type, typebuf, sizeof(typebuf));
2780 strcat(buf, "/"); /* checked */
2781 strcat(buf, typebuf); /* checked */
2782 fctx->info = isc_mem_strdup(res->mctx, buf);
2783 if (fctx->info == NULL) {
2784 result = ISC_R_NOMEMORY;
2787 FCTXTRACE("create");
2788 dns_name_init(&fctx->name, NULL);
2789 result = dns_name_dup(name, res->mctx, &fctx->name);
2790 if (result != ISC_R_SUCCESS)
2792 dns_name_init(&fctx->domain, NULL);
2793 dns_rdataset_init(&fctx->nameservers);
2796 fctx->options = options;
2798 * Note! We do not attach to the task. We are relying on the
2799 * resolver to ensure that this task doesn't go away while we are
2803 fctx->references = 0;
2804 fctx->bucketnum = bucketnum;
2805 fctx->state = fetchstate_init;
2806 fctx->want_shutdown = ISC_FALSE;
2807 fctx->cloned = ISC_FALSE;
2808 ISC_LIST_INIT(fctx->queries);
2809 ISC_LIST_INIT(fctx->finds);
2810 ISC_LIST_INIT(fctx->altfinds);
2811 ISC_LIST_INIT(fctx->forwaddrs);
2812 ISC_LIST_INIT(fctx->altaddrs);
2813 ISC_LIST_INIT(fctx->forwarders);
2814 fctx->fwdpolicy = dns_fwdpolicy_none;
2815 ISC_LIST_INIT(fctx->bad);
2816 ISC_LIST_INIT(fctx->validators);
2818 fctx->altfind = NULL;
2822 fctx->attributes = 0;
2825 dns_name_init(&fctx->nsname, NULL);
2826 fctx->nsfetch = NULL;
2827 dns_rdataset_init(&fctx->nsrrset);
2829 if (domain == NULL) {
2830 dns_forwarders_t *forwarders = NULL;
2831 unsigned int labels;
2834 * DS records are found in the parent server.
2835 * Strip label to get the correct forwarder (if any).
2837 if (fctx->type == dns_rdatatype_ds &&
2838 dns_name_countlabels(name) > 1) {
2839 dns_name_init(&suffix, NULL);
2840 labels = dns_name_countlabels(name);
2841 dns_name_getlabelsequence(name, 1, labels - 1, &suffix);
2844 dns_fixedname_init(&fixed);
2845 domain = dns_fixedname_name(&fixed);
2846 result = dns_fwdtable_find2(fctx->res->view->fwdtable, name,
2847 domain, &forwarders);
2848 if (result == ISC_R_SUCCESS)
2849 fctx->fwdpolicy = forwarders->fwdpolicy;
2851 if (fctx->fwdpolicy != dns_fwdpolicy_only) {
2853 * The caller didn't supply a query domain and
2854 * nameservers, and we're not in forward-only mode,
2855 * so find the best nameservers to use.
2857 if (dns_rdatatype_atparent(type))
2858 findoptions |= DNS_DBFIND_NOEXACT;
2859 result = dns_view_findzonecut(res->view, name, domain,
2860 0, findoptions, ISC_TRUE,
2863 if (result != ISC_R_SUCCESS)
2865 result = dns_name_dup(domain, res->mctx, &fctx->domain);
2866 if (result != ISC_R_SUCCESS) {
2867 dns_rdataset_disassociate(&fctx->nameservers);
2872 * We're in forward-only mode. Set the query domain.
2874 result = dns_name_dup(domain, res->mctx, &fctx->domain);
2875 if (result != ISC_R_SUCCESS)
2879 result = dns_name_dup(domain, res->mctx, &fctx->domain);
2880 if (result != ISC_R_SUCCESS)
2882 dns_rdataset_clone(nameservers, &fctx->nameservers);
2885 INSIST(dns_name_issubdomain(&fctx->name, &fctx->domain));
2887 fctx->qmessage = NULL;
2888 result = dns_message_create(res->mctx, DNS_MESSAGE_INTENTRENDER,
2891 if (result != ISC_R_SUCCESS)
2892 goto cleanup_domain;
2894 fctx->rmessage = NULL;
2895 result = dns_message_create(res->mctx, DNS_MESSAGE_INTENTPARSE,
2898 if (result != ISC_R_SUCCESS)
2899 goto cleanup_qmessage;
2902 * Compute an expiration time for the entire fetch.
2904 isc_interval_set(&interval, 30, 0); /* XXXRTH constant */
2905 iresult = isc_time_nowplusinterval(&fctx->expires, &interval);
2906 if (iresult != ISC_R_SUCCESS) {
2907 UNEXPECTED_ERROR(__FILE__, __LINE__,
2908 "isc_time_nowplusinterval: %s",
2909 isc_result_totext(iresult));
2910 result = ISC_R_UNEXPECTED;
2911 goto cleanup_rmessage;
2915 * Default retry interval initialization. We set the interval now
2916 * mostly so it won't be uninitialized. It will be set to the
2917 * correct value before a query is issued.
2919 isc_interval_set(&fctx->interval, 2, 0);
2922 * Create an inactive timer. It will be made active when the fetch
2923 * is actually started.
2926 iresult = isc_timer_create(res->timermgr, isc_timertype_inactive,
2928 res->buckets[bucketnum].task, fctx_timeout,
2929 fctx, &fctx->timer);
2930 if (iresult != ISC_R_SUCCESS) {
2931 UNEXPECTED_ERROR(__FILE__, __LINE__,
2932 "isc_timer_create: %s",
2933 isc_result_totext(iresult));
2934 result = ISC_R_UNEXPECTED;
2935 goto cleanup_rmessage;
2939 * Attach to the view's cache and adb.
2942 dns_db_attach(res->view->cachedb, &fctx->cache);
2944 dns_adb_attach(res->view->adb, &fctx->adb);
2946 ISC_LIST_INIT(fctx->events);
2947 ISC_LINK_INIT(fctx, link);
2948 fctx->magic = FCTX_MAGIC;
2950 ISC_LIST_APPEND(res->buckets[bucketnum].fctxs, fctx, link);
2954 UNLOCK(&res->nlock);
2958 return (ISC_R_SUCCESS);
2961 dns_message_destroy(&fctx->rmessage);
2964 dns_message_destroy(&fctx->qmessage);
2967 if (dns_name_countlabels(&fctx->domain) > 0)
2968 dns_name_free(&fctx->domain, res->mctx);
2969 if (dns_rdataset_isassociated(&fctx->nameservers))
2970 dns_rdataset_disassociate(&fctx->nameservers);
2973 dns_name_free(&fctx->name, res->mctx);
2976 isc_mem_free(res->mctx, fctx->info);
2979 isc_mem_put(res->mctx, fctx, sizeof(*fctx));
2987 static inline isc_boolean_t
2988 is_lame(fetchctx_t *fctx) {
2989 dns_message_t *message = fctx->rmessage;
2991 dns_rdataset_t *rdataset;
2992 isc_result_t result;
2994 if (message->rcode != dns_rcode_noerror &&
2995 message->rcode != dns_rcode_nxdomain)
2998 if (message->counts[DNS_SECTION_ANSWER] != 0)
3001 if (message->counts[DNS_SECTION_AUTHORITY] == 0)
3004 result = dns_message_firstname(message, DNS_SECTION_AUTHORITY);
3005 while (result == ISC_R_SUCCESS) {
3007 dns_message_currentname(message, DNS_SECTION_AUTHORITY, &name);
3008 for (rdataset = ISC_LIST_HEAD(name->list);
3010 rdataset = ISC_LIST_NEXT(rdataset, link)) {
3011 dns_namereln_t namereln;
3013 unsigned int labels;
3014 if (rdataset->type != dns_rdatatype_ns)
3016 namereln = dns_name_fullcompare(name, &fctx->domain,
3018 if (namereln == dns_namereln_equal &&
3019 (message->flags & DNS_MESSAGEFLAG_AA) != 0)
3021 if (namereln == dns_namereln_subdomain)
3025 result = dns_message_nextname(message, DNS_SECTION_AUTHORITY);
3032 log_lame(fetchctx_t *fctx, dns_adbaddrinfo_t *addrinfo) {
3033 char namebuf[DNS_NAME_FORMATSIZE];
3034 char domainbuf[DNS_NAME_FORMATSIZE];
3035 char addrbuf[ISC_SOCKADDR_FORMATSIZE];
3037 dns_name_format(&fctx->name, namebuf, sizeof(namebuf));
3038 dns_name_format(&fctx->domain, domainbuf, sizeof(domainbuf));
3039 isc_sockaddr_format(&addrinfo->sockaddr, addrbuf, sizeof(addrbuf));
3040 isc_log_write(dns_lctx, DNS_LOGCATEGORY_LAME_SERVERS,
3041 DNS_LOGMODULE_RESOLVER, ISC_LOG_INFO,
3042 "lame server resolving '%s' (in '%s'?): %s",
3043 namebuf, domainbuf, addrbuf);
3046 static inline isc_result_t
3047 same_question(fetchctx_t *fctx) {
3048 isc_result_t result;
3049 dns_message_t *message = fctx->rmessage;
3051 dns_rdataset_t *rdataset;
3054 * Caller must be holding the fctx lock.
3058 * XXXRTH Currently we support only one question.
3060 if (message->counts[DNS_SECTION_QUESTION] != 1)
3061 return (DNS_R_FORMERR);
3063 result = dns_message_firstname(message, DNS_SECTION_QUESTION);
3064 if (result != ISC_R_SUCCESS)
3067 dns_message_currentname(message, DNS_SECTION_QUESTION, &name);
3068 rdataset = ISC_LIST_HEAD(name->list);
3069 INSIST(rdataset != NULL);
3070 INSIST(ISC_LIST_NEXT(rdataset, link) == NULL);
3071 if (fctx->type != rdataset->type ||
3072 fctx->res->rdclass != rdataset->rdclass ||
3073 !dns_name_equal(&fctx->name, name))
3074 return (DNS_R_FORMERR);
3076 return (ISC_R_SUCCESS);
3080 clone_results(fetchctx_t *fctx) {
3081 dns_fetchevent_t *event, *hevent;
3082 isc_result_t result;
3083 dns_name_t *name, *hname;
3085 FCTXTRACE("clone_results");
3088 * Set up any other events to have the same data as the first
3091 * Caller must be holding the appropriate lock.
3094 fctx->cloned = ISC_TRUE;
3095 hevent = ISC_LIST_HEAD(fctx->events);
3098 hname = dns_fixedname_name(&hevent->foundname);
3099 for (event = ISC_LIST_NEXT(hevent, ev_link);
3101 event = ISC_LIST_NEXT(event, ev_link)) {
3102 name = dns_fixedname_name(&event->foundname);
3103 result = dns_name_copy(hname, name, NULL);
3104 if (result != ISC_R_SUCCESS)
3105 event->result = result;
3107 event->result = hevent->result;
3108 dns_db_attach(hevent->db, &event->db);
3109 dns_db_attachnode(hevent->db, hevent->node, &event->node);
3110 INSIST(hevent->rdataset != NULL);
3111 INSIST(event->rdataset != NULL);
3112 if (dns_rdataset_isassociated(hevent->rdataset))
3113 dns_rdataset_clone(hevent->rdataset, event->rdataset);
3114 INSIST(! (hevent->sigrdataset == NULL &&
3115 event->sigrdataset != NULL));
3116 if (hevent->sigrdataset != NULL &&
3117 dns_rdataset_isassociated(hevent->sigrdataset) &&
3118 event->sigrdataset != NULL)
3119 dns_rdataset_clone(hevent->sigrdataset,
3120 event->sigrdataset);
3124 #define CACHE(r) (((r)->attributes & DNS_RDATASETATTR_CACHE) != 0)
3125 #define ANSWER(r) (((r)->attributes & DNS_RDATASETATTR_ANSWER) != 0)
3126 #define ANSWERSIG(r) (((r)->attributes & DNS_RDATASETATTR_ANSWERSIG) != 0)
3127 #define EXTERNAL(r) (((r)->attributes & DNS_RDATASETATTR_EXTERNAL) != 0)
3128 #define CHAINING(r) (((r)->attributes & DNS_RDATASETATTR_CHAINING) != 0)
3129 #define CHASE(r) (((r)->attributes & DNS_RDATASETATTR_CHASE) != 0)
3130 #define CHECKNAMES(r) (((r)->attributes & DNS_RDATASETATTR_CHECKNAMES) != 0)
3134 * Destroy '*fctx' if it is ready to be destroyed (i.e., if it has
3135 * no references and is no longer waiting for any events). If this
3136 * was the last fctx in the resolver, destroy the resolver.
3139 * '*fctx' is shutting down.
3142 maybe_destroy(fetchctx_t *fctx) {
3143 unsigned int bucketnum;
3144 isc_boolean_t bucket_empty = ISC_FALSE;
3145 dns_resolver_t *res = fctx->res;
3146 dns_validator_t *validator;
3148 REQUIRE(SHUTTINGDOWN(fctx));
3150 if (fctx->pending != 0 || fctx->nqueries != 0)
3153 for (validator = ISC_LIST_HEAD(fctx->validators);
3155 validator = ISC_LIST_HEAD(fctx->validators)) {
3156 ISC_LIST_UNLINK(fctx->validators, validator, link);
3157 dns_validator_cancel(validator);
3158 dns_validator_destroy(&validator);
3161 bucketnum = fctx->bucketnum;
3162 LOCK(&res->buckets[bucketnum].lock);
3163 if (fctx->references == 0)
3164 bucket_empty = fctx_destroy(fctx);
3165 UNLOCK(&res->buckets[bucketnum].lock);
3172 * The validator has finished.
3175 validated(isc_task_t *task, isc_event_t *event) {
3176 isc_result_t result = ISC_R_SUCCESS;
3177 isc_result_t eresult = ISC_R_SUCCESS;
3180 dns_validatorevent_t *vevent;
3181 dns_fetchevent_t *hevent;
3182 dns_rdataset_t *ardataset = NULL;
3183 dns_rdataset_t *asigrdataset = NULL;
3184 dns_dbnode_t *node = NULL;
3185 isc_boolean_t negative;
3186 isc_boolean_t chaining;
3187 isc_boolean_t sentresponse;
3189 dns_dbnode_t *nsnode = NULL;
3191 dns_rdataset_t *rdataset;
3192 dns_rdataset_t *sigrdataset;
3193 dns_valarg_t *valarg;
3194 dns_adbaddrinfo_t *addrinfo;
3196 UNUSED(task); /* for now */
3198 REQUIRE(event->ev_type == DNS_EVENT_VALIDATORDONE);
3199 valarg = event->ev_arg;
3200 fctx = valarg->fctx;
3201 addrinfo = valarg->addrinfo;
3202 REQUIRE(VALID_FCTX(fctx));
3203 REQUIRE(!ISC_LIST_EMPTY(fctx->validators));
3205 vevent = (dns_validatorevent_t *)event;
3207 FCTXTRACE("received validation completion event");
3209 ISC_LIST_UNLINK(fctx->validators, vevent->validator, link);
3212 * Destroy the validator early so that we can
3213 * destroy the fctx if necessary.
3215 dns_validator_destroy(&vevent->validator);
3216 isc_mem_put(fctx->res->mctx, valarg, sizeof(*valarg));
3218 negative = ISC_TF(vevent->rdataset == NULL);
3220 sentresponse = ISC_TF((fctx->options & DNS_FETCHOPT_NOVALIDATE) != 0);
3223 * If shutting down, ignore the results. Check to see if we're
3224 * done waiting for validator completions and ADB pending events; if
3225 * so, destroy the fctx.
3227 if (SHUTTINGDOWN(fctx) && !sentresponse) {
3228 maybe_destroy(fctx); /* Locks bucket. */
3232 LOCK(&fctx->res->buckets[fctx->bucketnum].lock);
3235 * If chaining, we need to make sure that the right result code is
3236 * returned, and that the rdatasets are bound.
3238 if (vevent->result == ISC_R_SUCCESS &&
3240 vevent->rdataset != NULL &&
3241 CHAINING(vevent->rdataset))
3243 if (vevent->rdataset->type == dns_rdatatype_cname)
3244 eresult = DNS_R_CNAME;
3246 INSIST(vevent->rdataset->type == dns_rdatatype_dname);
3247 eresult = DNS_R_DNAME;
3249 chaining = ISC_TRUE;
3251 chaining = ISC_FALSE;
3254 * Either we're not shutting down, or we are shutting down but want
3255 * to cache the result anyway (if this was a validation started by
3256 * a query with cd set)
3259 hevent = ISC_LIST_HEAD(fctx->events);
3260 if (hevent != NULL) {
3261 if (!negative && !chaining &&
3262 (fctx->type == dns_rdatatype_any ||
3263 fctx->type == dns_rdatatype_rrsig ||
3264 fctx->type == dns_rdatatype_sig)) {
3266 * Don't bind rdatasets; the caller
3267 * will iterate the node.
3270 ardataset = hevent->rdataset;
3271 asigrdataset = hevent->sigrdataset;
3275 if (vevent->result != ISC_R_SUCCESS) {
3276 FCTXTRACE("validation failed");
3277 result = ISC_R_NOTFOUND;
3278 if (vevent->rdataset != NULL)
3279 result = dns_db_findnode(fctx->cache, vevent->name,
3281 if (result == ISC_R_SUCCESS)
3282 (void)dns_db_deleterdataset(fctx->cache, node, NULL,
3284 if (result == ISC_R_SUCCESS && vevent->sigrdataset != NULL)
3285 (void)dns_db_deleterdataset(fctx->cache, node, NULL,
3286 dns_rdatatype_rrsig,
3288 if (result == ISC_R_SUCCESS)
3289 dns_db_detachnode(fctx->cache, &node);
3290 result = vevent->result;
3291 add_bad(fctx, &addrinfo->sockaddr, result);
3292 isc_event_free(&event);
3293 UNLOCK(&fctx->res->buckets[fctx->bucketnum].lock);
3294 if (!ISC_LIST_EMPTY(fctx->validators))
3295 dns_validator_send(ISC_LIST_HEAD(fctx->validators));
3296 else if (sentresponse)
3297 fctx_done(fctx, result); /* Locks bucket. */
3299 fctx_try(fctx); /* Locks bucket. */
3303 isc_stdtime_get(&now);
3306 dns_rdatatype_t covers;
3307 FCTXTRACE("nonexistence validation OK");
3309 if (fctx->rmessage->rcode == dns_rcode_nxdomain)
3310 covers = dns_rdatatype_any;
3312 covers = fctx->type;
3314 result = dns_db_findnode(fctx->cache, vevent->name, ISC_TRUE,
3316 if (result != ISC_R_SUCCESS)
3317 goto noanswer_response;
3320 * If we are asking for a SOA record set the cache time
3321 * to zero to facilitate locating the containing zone of
3324 ttl = fctx->res->view->maxncachettl;
3325 if (fctx->type == dns_rdatatype_soa &&
3326 covers == dns_rdatatype_any)
3329 result = ncache_adderesult(fctx->rmessage, fctx->cache, node,
3331 ardataset, &eresult);
3332 if (result != ISC_R_SUCCESS)
3333 goto noanswer_response;
3334 goto answer_response;
3337 FCTXTRACE("validation OK");
3339 if (vevent->proofs[DNS_VALIDATOR_NOQNAMEPROOF] != NULL) {
3341 result = dns_rdataset_addnoqname(vevent->rdataset,
3342 vevent->proofs[DNS_VALIDATOR_NOQNAMEPROOF]);
3343 RUNTIME_CHECK(result == ISC_R_SUCCESS);
3344 INSIST(vevent->sigrdataset != NULL);
3345 vevent->sigrdataset->ttl = vevent->rdataset->ttl;
3349 * The data was already cached as pending data.
3350 * Re-cache it as secure and bind the cached
3351 * rdatasets to the first event on the fetch
3354 result = dns_db_findnode(fctx->cache, vevent->name, ISC_TRUE, &node);
3355 if (result != ISC_R_SUCCESS)
3356 goto noanswer_response;
3358 result = dns_db_addrdataset(fctx->cache, node, NULL, now,
3359 vevent->rdataset, 0, ardataset);
3360 if (result != ISC_R_SUCCESS &&
3361 result != DNS_R_UNCHANGED)
3362 goto noanswer_response;
3363 if (vevent->sigrdataset != NULL) {
3364 result = dns_db_addrdataset(fctx->cache, node, NULL, now,
3365 vevent->sigrdataset, 0,
3367 if (result != ISC_R_SUCCESS &&
3368 result != DNS_R_UNCHANGED)
3369 goto noanswer_response;
3374 * If we only deferred the destroy because we wanted to cache
3375 * the data, destroy now.
3377 UNLOCK(&fctx->res->buckets[fctx->bucketnum].lock);
3378 if (SHUTTINGDOWN(fctx))
3379 maybe_destroy(fctx); /* Locks bucket. */
3383 if (!ISC_LIST_EMPTY(fctx->validators)) {
3385 INSIST(fctx->type == dns_rdatatype_any ||
3386 fctx->type == dns_rdatatype_rrsig ||
3387 fctx->type == dns_rdatatype_sig);
3389 * Don't send a response yet - we have
3390 * more rdatasets that still need to
3393 UNLOCK(&fctx->res->buckets[fctx->bucketnum].lock);
3394 dns_validator_send(ISC_LIST_HEAD(fctx->validators));
3400 * Cache any NS/NSEC records that happened to be validated.
3402 result = dns_message_firstname(fctx->rmessage, DNS_SECTION_AUTHORITY);
3403 while (result == ISC_R_SUCCESS) {
3405 dns_message_currentname(fctx->rmessage, DNS_SECTION_AUTHORITY,
3407 for (rdataset = ISC_LIST_HEAD(name->list);
3409 rdataset = ISC_LIST_NEXT(rdataset, link)) {
3410 if ((rdataset->type != dns_rdatatype_ns &&
3411 rdataset->type != dns_rdatatype_nsec) ||
3412 rdataset->trust != dns_trust_secure)
3414 for (sigrdataset = ISC_LIST_HEAD(name->list);
3415 sigrdataset != NULL;
3416 sigrdataset = ISC_LIST_NEXT(sigrdataset, link)) {
3417 if (sigrdataset->type != dns_rdatatype_rrsig ||
3418 sigrdataset->covers != rdataset->type)
3422 if (sigrdataset == NULL ||
3423 sigrdataset->trust != dns_trust_secure)
3425 result = dns_db_findnode(fctx->cache, name, ISC_TRUE,
3427 if (result != ISC_R_SUCCESS)
3430 result = dns_db_addrdataset(fctx->cache, nsnode, NULL,
3431 now, rdataset, 0, NULL);
3432 if (result == ISC_R_SUCCESS)
3433 result = dns_db_addrdataset(fctx->cache, nsnode,
3437 dns_db_detachnode(fctx->cache, &nsnode);
3439 result = dns_message_nextname(fctx->rmessage,
3440 DNS_SECTION_AUTHORITY);
3443 result = ISC_R_SUCCESS;
3446 * Respond with an answer, positive or negative,
3447 * as opposed to an error. 'node' must be non-NULL.
3450 fctx->attributes |= FCTX_ATTR_HAVEANSWER;
3452 if (hevent != NULL) {
3453 hevent->result = eresult;
3454 RUNTIME_CHECK(dns_name_copy(vevent->name,
3455 dns_fixedname_name(&hevent->foundname), NULL)
3457 dns_db_attach(fctx->cache, &hevent->db);
3458 hevent->node = node;
3460 clone_results(fctx);
3465 dns_db_detachnode(fctx->cache, &node);
3467 UNLOCK(&fctx->res->buckets[fctx->bucketnum].lock);
3469 fctx_done(fctx, result); /* Locks bucket. */
3472 isc_event_free(&event);
3475 static inline isc_result_t
3476 cache_name(fetchctx_t *fctx, dns_name_t *name, dns_adbaddrinfo_t *addrinfo,
3477 isc_stdtime_t now) {
3478 dns_rdataset_t *rdataset, *sigrdataset;
3479 dns_rdataset_t *addedrdataset, *ardataset, *asigrdataset;
3480 dns_rdataset_t *valrdataset = NULL, *valsigrdataset = NULL;
3481 dns_dbnode_t *node, **anodep;
3484 dns_resolver_t *res;
3485 isc_boolean_t need_validation, secure_domain, have_answer;
3486 isc_result_t result, eresult;
3487 dns_fetchevent_t *event;
3488 unsigned int options;
3491 unsigned int valoptions = 0;
3494 * The appropriate bucket lock must be held.
3498 need_validation = ISC_FALSE;
3499 secure_domain = ISC_FALSE;
3500 have_answer = ISC_FALSE;
3501 eresult = ISC_R_SUCCESS;
3502 task = res->buckets[fctx->bucketnum].task;
3505 * Is DNSSEC validation required for this name?
3507 result = dns_keytable_issecuredomain(res->view->secroots, name,
3509 if (result != ISC_R_SUCCESS)
3512 if (!secure_domain && res->view->dlv != NULL) {
3513 valoptions = DNS_VALIDATOR_DLV;
3514 secure_domain = ISC_TRUE;
3517 if ((fctx->options & DNS_FETCHOPT_NOVALIDATE) != 0)
3518 need_validation = ISC_FALSE;
3520 need_validation = secure_domain;
3526 asigrdataset = NULL;
3528 if ((name->attributes & DNS_NAMEATTR_ANSWER) != 0 &&
3530 have_answer = ISC_TRUE;
3531 event = ISC_LIST_HEAD(fctx->events);
3532 if (event != NULL) {
3534 aname = dns_fixedname_name(&event->foundname);
3535 result = dns_name_copy(name, aname, NULL);
3536 if (result != ISC_R_SUCCESS)
3538 anodep = &event->node;
3540 * If this is an ANY, SIG or RRSIG query, we're not
3541 * going to return any rdatasets, unless we encountered
3542 * a CNAME or DNAME as "the answer". In this case,
3543 * we're going to return DNS_R_CNAME or DNS_R_DNAME
3544 * and we must set up the rdatasets.
3546 if ((fctx->type != dns_rdatatype_any &&
3547 fctx->type != dns_rdatatype_rrsig &&
3548 fctx->type != dns_rdatatype_sig) ||
3549 (name->attributes & DNS_NAMEATTR_CHAINING) != 0) {
3550 ardataset = event->rdataset;
3551 asigrdataset = event->sigrdataset;
3557 * Find or create the cache node.
3560 result = dns_db_findnode(fctx->cache, name, ISC_TRUE, &node);
3561 if (result != ISC_R_SUCCESS)
3565 * Cache or validate each cacheable rdataset.
3567 fail = ISC_TF((fctx->res->options & DNS_RESOLVER_CHECKNAMESFAIL) != 0);
3568 for (rdataset = ISC_LIST_HEAD(name->list);
3570 rdataset = ISC_LIST_NEXT(rdataset, link)) {
3571 if (!CACHE(rdataset))
3573 if (CHECKNAMES(rdataset)) {
3574 char namebuf[DNS_NAME_FORMATSIZE];
3575 char typebuf[DNS_RDATATYPE_FORMATSIZE];
3576 char classbuf[DNS_RDATATYPE_FORMATSIZE];
3578 dns_name_format(name, namebuf, sizeof(namebuf));
3579 dns_rdatatype_format(rdataset->type, typebuf,
3581 dns_rdataclass_format(rdataset->rdclass, classbuf,
3583 isc_log_write(dns_lctx, DNS_LOGCATEGORY_RESOLVER,
3584 DNS_LOGMODULE_RESOLVER, ISC_LOG_NOTICE,
3585 "check-names %s %s/%s/%s",
3586 fail ? "failure" : "warning",
3587 namebuf, typebuf, classbuf);
3589 if (ANSWER(rdataset))
3590 return (DNS_R_BADNAME);
3596 * Enforce the configure maximum cache TTL.
3598 if (rdataset->ttl > res->view->maxcachettl)
3599 rdataset->ttl = res->view->maxcachettl;
3602 * If this rrset is in a secure domain, do DNSSEC validation
3603 * for it, unless it is glue.
3605 if (secure_domain && rdataset->trust != dns_trust_glue) {
3607 * RRSIGs are validated as part of validating the
3610 if (rdataset->type == dns_rdatatype_rrsig)
3613 * Find the SIG for this rdataset, if we have it.
3615 for (sigrdataset = ISC_LIST_HEAD(name->list);
3616 sigrdataset != NULL;
3617 sigrdataset = ISC_LIST_NEXT(sigrdataset, link)) {
3618 if (sigrdataset->type == dns_rdatatype_rrsig &&
3619 sigrdataset->covers == rdataset->type)
3622 if (sigrdataset == NULL) {
3623 if (!ANSWER(rdataset) && need_validation) {
3625 * Ignore non-answer rdatasets that
3626 * are missing signatures.
3633 * Normalize the rdataset and sigrdataset TTLs.
3635 if (sigrdataset != NULL) {
3636 rdataset->ttl = ISC_MIN(rdataset->ttl,
3638 sigrdataset->ttl = rdataset->ttl;
3642 * Cache this rdataset/sigrdataset pair as
3645 rdataset->trust = dns_trust_pending;
3646 if (sigrdataset != NULL)
3647 sigrdataset->trust = dns_trust_pending;
3648 if (!need_validation)
3649 addedrdataset = ardataset;
3651 addedrdataset = NULL;
3652 result = dns_db_addrdataset(fctx->cache, node, NULL,
3655 if (result == DNS_R_UNCHANGED)
3656 result = ISC_R_SUCCESS;
3657 if (result != ISC_R_SUCCESS)
3659 if (sigrdataset != NULL) {
3660 if (!need_validation)
3661 addedrdataset = asigrdataset;
3663 addedrdataset = NULL;
3664 result = dns_db_addrdataset(fctx->cache,
3668 if (result == DNS_R_UNCHANGED)
3669 result = ISC_R_SUCCESS;
3670 if (result != ISC_R_SUCCESS)
3672 } else if (!ANSWER(rdataset))
3675 if (ANSWER(rdataset) && need_validation) {
3676 if (fctx->type != dns_rdatatype_any &&
3677 fctx->type != dns_rdatatype_rrsig &&
3678 fctx->type != dns_rdatatype_sig) {
3680 * This is The Answer. We will
3681 * validate it, but first we cache
3682 * the rest of the response - it may
3683 * contain useful keys.
3685 INSIST(valrdataset == NULL &&
3686 valsigrdataset == NULL);
3687 valrdataset = rdataset;
3688 valsigrdataset = sigrdataset;
3691 * This is one of (potentially)
3692 * multiple answers to an ANY
3693 * or SIG query. To keep things
3694 * simple, we just start the
3695 * validator right away rather
3696 * than caching first and
3697 * having to remember which
3698 * rdatasets needed validation.
3700 result = valcreate(fctx, addrinfo,
3701 name, rdataset->type,
3706 * Defer any further validations.
3707 * This prevents multiple validators
3708 * from manipulating fctx->rmessage
3711 valoptions |= DNS_VALIDATOR_DEFER;
3713 } else if (CHAINING(rdataset)) {
3714 if (rdataset->type == dns_rdatatype_cname)
3715 eresult = DNS_R_CNAME;
3717 INSIST(rdataset->type ==
3718 dns_rdatatype_dname);
3719 eresult = DNS_R_DNAME;
3722 } else if (!EXTERNAL(rdataset)) {
3724 * It's OK to cache this rdataset now.
3726 if (ANSWER(rdataset))
3727 addedrdataset = ardataset;
3728 else if (ANSWERSIG(rdataset))
3729 addedrdataset = asigrdataset;
3731 addedrdataset = NULL;
3732 if (CHAINING(rdataset)) {
3733 if (rdataset->type == dns_rdatatype_cname)
3734 eresult = DNS_R_CNAME;
3736 INSIST(rdataset->type ==
3737 dns_rdatatype_dname);
3738 eresult = DNS_R_DNAME;
3741 if (rdataset->trust == dns_trust_glue &&
3742 (rdataset->type == dns_rdatatype_ns ||
3743 (rdataset->type == dns_rdatatype_rrsig &&
3744 rdataset->covers == dns_rdatatype_ns))) {
3746 * If the trust level is 'dns_trust_glue'
3747 * then we are adding data from a referral
3748 * we got while executing the search algorithm.
3749 * New referral data always takes precedence
3750 * over the existing cache contents.
3752 options = DNS_DBADD_FORCE;
3756 * Now we can add the rdataset.
3758 result = dns_db_addrdataset(fctx->cache,
3763 if (result == DNS_R_UNCHANGED) {
3764 if (ANSWER(rdataset) &&
3765 ardataset != NULL &&
3766 ardataset->type == 0) {
3768 * The answer in the cache is better
3769 * than the answer we found, and is
3770 * a negative cache entry, so we
3771 * must set eresult appropriately.
3773 if (NXDOMAIN(ardataset))
3775 DNS_R_NCACHENXDOMAIN;
3778 DNS_R_NCACHENXRRSET;
3780 result = ISC_R_SUCCESS;
3781 } else if (result != ISC_R_SUCCESS)
3786 if (valrdataset != NULL)
3787 result = valcreate(fctx, addrinfo, name, fctx->type,
3788 valrdataset, valsigrdataset, valoptions,
3791 if (result == ISC_R_SUCCESS && have_answer) {
3792 fctx->attributes |= FCTX_ATTR_HAVEANSWER;
3793 if (event != NULL) {
3794 event->result = eresult;
3795 dns_db_attach(fctx->cache, adbp);
3798 clone_results(fctx);
3803 dns_db_detachnode(fctx->cache, &node);
3808 static inline isc_result_t
3809 cache_message(fetchctx_t *fctx, dns_adbaddrinfo_t *addrinfo, isc_stdtime_t now)
3811 isc_result_t result;
3812 dns_section_t section;
3815 FCTXTRACE("cache_message");
3817 fctx->attributes &= ~FCTX_ATTR_WANTCACHE;
3819 LOCK(&fctx->res->buckets[fctx->bucketnum].lock);
3821 for (section = DNS_SECTION_ANSWER;
3822 section <= DNS_SECTION_ADDITIONAL;
3824 result = dns_message_firstname(fctx->rmessage, section);
3825 while (result == ISC_R_SUCCESS) {
3827 dns_message_currentname(fctx->rmessage, section,
3829 if ((name->attributes & DNS_NAMEATTR_CACHE) != 0) {
3830 result = cache_name(fctx, name, addrinfo, now);
3831 if (result != ISC_R_SUCCESS)
3834 result = dns_message_nextname(fctx->rmessage, section);
3836 if (result != ISC_R_NOMORE)
3839 if (result == ISC_R_NOMORE)
3840 result = ISC_R_SUCCESS;
3842 UNLOCK(&fctx->res->buckets[fctx->bucketnum].lock);
3848 * Do what dns_ncache_add() does, and then compute an appropriate eresult.
3851 ncache_adderesult(dns_message_t *message, dns_db_t *cache, dns_dbnode_t *node,
3852 dns_rdatatype_t covers, isc_stdtime_t now, dns_ttl_t maxttl,
3853 dns_rdataset_t *ardataset,
3854 isc_result_t *eresultp)
3856 isc_result_t result;
3857 dns_rdataset_t rdataset;
3859 if (ardataset == NULL) {
3860 dns_rdataset_init(&rdataset);
3861 ardataset = &rdataset;
3863 result = dns_ncache_add(message, cache, node, covers, now,
3865 if (result == DNS_R_UNCHANGED || result == ISC_R_SUCCESS) {
3867 * If the cache now contains a negative entry and we
3868 * care about whether it is DNS_R_NCACHENXDOMAIN or
3869 * DNS_R_NCACHENXRRSET then extract it.
3871 if (ardataset->type == 0) {
3873 * The cache data is a negative cache entry.
3875 if (NXDOMAIN(ardataset))
3876 *eresultp = DNS_R_NCACHENXDOMAIN;
3878 *eresultp = DNS_R_NCACHENXRRSET;
3881 * Either we don't care about the nature of the
3882 * cache rdataset (because no fetch is interested
3883 * in the outcome), or the cache rdataset is not
3884 * a negative cache entry. Whichever case it is,
3885 * we can return success.
3887 * XXXRTH There's a CNAME/DNAME problem here.
3889 *eresultp = ISC_R_SUCCESS;
3891 result = ISC_R_SUCCESS;
3893 if (ardataset == &rdataset && dns_rdataset_isassociated(ardataset))
3894 dns_rdataset_disassociate(ardataset);
3899 static inline isc_result_t
3900 ncache_message(fetchctx_t *fctx, dns_adbaddrinfo_t *addrinfo,
3901 dns_rdatatype_t covers, isc_stdtime_t now)
3903 isc_result_t result, eresult;
3905 dns_resolver_t *res;
3907 dns_dbnode_t *node, **anodep;
3908 dns_rdataset_t *ardataset;
3909 isc_boolean_t need_validation, secure_domain;
3911 dns_fetchevent_t *event;
3913 unsigned int valoptions = 0;
3915 FCTXTRACE("ncache_message");
3917 fctx->attributes &= ~FCTX_ATTR_WANTNCACHE;
3920 need_validation = ISC_FALSE;
3921 secure_domain = ISC_FALSE;
3922 eresult = ISC_R_SUCCESS;
3927 * XXXMPA remove when we follow cnames and adjust the setting
3928 * of FCTX_ATTR_WANTNCACHE in noanswer_response().
3930 INSIST(fctx->rmessage->counts[DNS_SECTION_ANSWER] == 0);
3933 * Is DNSSEC validation required for this name?
3935 result = dns_keytable_issecuredomain(res->view->secroots, name,
3937 if (result != ISC_R_SUCCESS)
3940 if (!secure_domain && res->view->dlv != NULL) {
3941 valoptions = DNS_VALIDATOR_DLV;
3942 secure_domain = ISC_TRUE;
3945 if ((fctx->options & DNS_FETCHOPT_NOVALIDATE) != 0)
3946 need_validation = ISC_FALSE;
3948 need_validation = secure_domain;
3950 if (secure_domain) {
3952 * Mark all rdatasets as pending.
3954 dns_rdataset_t *trdataset;
3957 result = dns_message_firstname(fctx->rmessage,
3958 DNS_SECTION_AUTHORITY);
3959 while (result == ISC_R_SUCCESS) {
3961 dns_message_currentname(fctx->rmessage,
3962 DNS_SECTION_AUTHORITY,
3964 for (trdataset = ISC_LIST_HEAD(tname->list);
3966 trdataset = ISC_LIST_NEXT(trdataset, link))
3967 trdataset->trust = dns_trust_pending;
3968 result = dns_message_nextname(fctx->rmessage,
3969 DNS_SECTION_AUTHORITY);
3971 if (result != ISC_R_NOMORE)
3976 if (need_validation) {
3978 * Do negative response validation.
3980 result = valcreate(fctx, addrinfo, name, fctx->type,
3981 NULL, NULL, valoptions,
3982 res->buckets[fctx->bucketnum].task);
3984 * If validation is necessary, return now. Otherwise continue
3985 * to process the message, letting the validation complete
3986 * in its own good time.
3991 LOCK(&res->buckets[fctx->bucketnum].lock);
3997 if (!HAVE_ANSWER(fctx)) {
3998 event = ISC_LIST_HEAD(fctx->events);
3999 if (event != NULL) {
4001 aname = dns_fixedname_name(&event->foundname);
4002 result = dns_name_copy(name, aname, NULL);
4003 if (result != ISC_R_SUCCESS)
4005 anodep = &event->node;
4006 ardataset = event->rdataset;
4011 result = dns_db_findnode(fctx->cache, name, ISC_TRUE, &node);
4012 if (result != ISC_R_SUCCESS)
4016 * If we are asking for a SOA record set the cache time
4017 * to zero to facilitate locating the containing zone of
4020 ttl = fctx->res->view->maxncachettl;
4021 if (fctx->type == dns_rdatatype_soa &&
4022 covers == dns_rdatatype_any)
4025 result = ncache_adderesult(fctx->rmessage, fctx->cache, node,
4026 covers, now, ttl, ardataset, &eresult);
4027 if (result != ISC_R_SUCCESS)
4030 if (!HAVE_ANSWER(fctx)) {
4031 fctx->attributes |= FCTX_ATTR_HAVEANSWER;
4032 if (event != NULL) {
4033 event->result = eresult;
4034 dns_db_attach(fctx->cache, adbp);
4037 clone_results(fctx);
4042 UNLOCK(&res->buckets[fctx->bucketnum].lock);
4045 dns_db_detachnode(fctx->cache, &node);
4051 mark_related(dns_name_t *name, dns_rdataset_t *rdataset,
4052 isc_boolean_t external, isc_boolean_t gluing)
4054 name->attributes |= DNS_NAMEATTR_CACHE;
4056 rdataset->trust = dns_trust_glue;
4058 * Glue with 0 TTL causes problems. We force the TTL to
4059 * 1 second to prevent this.
4061 if (rdataset->ttl == 0)
4064 rdataset->trust = dns_trust_additional;
4066 * Avoid infinite loops by only marking new rdatasets.
4068 if (!CACHE(rdataset)) {
4069 name->attributes |= DNS_NAMEATTR_CHASE;
4070 rdataset->attributes |= DNS_RDATASETATTR_CHASE;
4072 rdataset->attributes |= DNS_RDATASETATTR_CACHE;
4074 rdataset->attributes |= DNS_RDATASETATTR_EXTERNAL;
4078 check_related(void *arg, dns_name_t *addname, dns_rdatatype_t type) {
4079 fetchctx_t *fctx = arg;
4080 isc_result_t result;
4082 dns_rdataset_t *rdataset;
4083 isc_boolean_t external;
4084 dns_rdatatype_t rtype;
4085 isc_boolean_t gluing;
4087 REQUIRE(VALID_FCTX(fctx));
4095 result = dns_message_findname(fctx->rmessage, DNS_SECTION_ADDITIONAL,
4096 addname, dns_rdatatype_any, 0, &name,
4098 if (result == ISC_R_SUCCESS) {
4099 external = ISC_TF(!dns_name_issubdomain(name, &fctx->domain));
4100 if (type == dns_rdatatype_a) {
4101 for (rdataset = ISC_LIST_HEAD(name->list);
4103 rdataset = ISC_LIST_NEXT(rdataset, link)) {
4104 if (rdataset->type == dns_rdatatype_rrsig)
4105 rtype = rdataset->covers;
4107 rtype = rdataset->type;
4108 if (rtype == dns_rdatatype_a ||
4109 rtype == dns_rdatatype_aaaa)
4110 mark_related(name, rdataset, external,
4114 result = dns_message_findtype(name, type, 0,
4116 if (result == ISC_R_SUCCESS) {
4117 mark_related(name, rdataset, external, gluing);
4119 * Do we have its SIG too?
4122 result = dns_message_findtype(name,
4123 dns_rdatatype_rrsig,
4125 if (result == ISC_R_SUCCESS)
4126 mark_related(name, rdataset, external,
4132 return (ISC_R_SUCCESS);
4136 chase_additional(fetchctx_t *fctx) {
4137 isc_boolean_t rescan;
4138 dns_section_t section = DNS_SECTION_ADDITIONAL;
4139 isc_result_t result;
4144 for (result = dns_message_firstname(fctx->rmessage, section);
4145 result == ISC_R_SUCCESS;
4146 result = dns_message_nextname(fctx->rmessage, section)) {
4147 dns_name_t *name = NULL;
4148 dns_rdataset_t *rdataset;
4149 dns_message_currentname(fctx->rmessage, DNS_SECTION_ADDITIONAL,
4151 if ((name->attributes & DNS_NAMEATTR_CHASE) == 0)
4153 name->attributes &= ~DNS_NAMEATTR_CHASE;
4154 for (rdataset = ISC_LIST_HEAD(name->list);
4156 rdataset = ISC_LIST_NEXT(rdataset, link)) {
4157 if (CHASE(rdataset)) {
4158 rdataset->attributes &= ~DNS_RDATASETATTR_CHASE;
4159 (void)dns_rdataset_additionaldata(rdataset,
4170 static inline isc_result_t
4171 cname_target(dns_rdataset_t *rdataset, dns_name_t *tname) {
4172 isc_result_t result;
4173 dns_rdata_t rdata = DNS_RDATA_INIT;
4174 dns_rdata_cname_t cname;
4176 result = dns_rdataset_first(rdataset);
4177 if (result != ISC_R_SUCCESS)
4179 dns_rdataset_current(rdataset, &rdata);
4180 result = dns_rdata_tostruct(&rdata, &cname, NULL);
4181 if (result != ISC_R_SUCCESS)
4183 dns_name_init(tname, NULL);
4184 dns_name_clone(&cname.cname, tname);
4185 dns_rdata_freestruct(&cname);
4187 return (ISC_R_SUCCESS);
4190 static inline isc_result_t
4191 dname_target(dns_rdataset_t *rdataset, dns_name_t *qname, dns_name_t *oname,
4192 dns_fixedname_t *fixeddname)
4194 isc_result_t result;
4195 dns_rdata_t rdata = DNS_RDATA_INIT;
4196 unsigned int nlabels;
4198 dns_namereln_t namereln;
4199 dns_rdata_dname_t dname;
4200 dns_fixedname_t prefix;
4203 * Get the target name of the DNAME.
4206 result = dns_rdataset_first(rdataset);
4207 if (result != ISC_R_SUCCESS)
4209 dns_rdataset_current(rdataset, &rdata);
4210 result = dns_rdata_tostruct(&rdata, &dname, NULL);
4211 if (result != ISC_R_SUCCESS)
4215 * Get the prefix of qname.
4217 namereln = dns_name_fullcompare(qname, oname, &order, &nlabels);
4218 if (namereln != dns_namereln_subdomain) {
4219 dns_rdata_freestruct(&dname);
4220 return (DNS_R_FORMERR);
4222 dns_fixedname_init(&prefix);
4223 dns_name_split(qname, nlabels, dns_fixedname_name(&prefix), NULL);
4224 dns_fixedname_init(fixeddname);
4225 result = dns_name_concatenate(dns_fixedname_name(&prefix),
4227 dns_fixedname_name(fixeddname), NULL);
4228 dns_rdata_freestruct(&dname);
4233 * Handle a no-answer response (NXDOMAIN, NXRRSET, or referral).
4234 * If bind8_ns_resp is ISC_TRUE, this is a suspected BIND 8
4235 * response to an NS query that should be treated as a referral
4236 * even though the NS records occur in the answer section
4237 * rather than the authority section.
4240 noanswer_response(fetchctx_t *fctx, dns_name_t *oqname,
4241 isc_boolean_t bind8_ns_resp)
4243 isc_result_t result;
4244 dns_message_t *message;
4245 dns_name_t *name, *qname, *ns_name, *soa_name, *ds_name;
4246 dns_rdataset_t *rdataset, *ns_rdataset;
4247 isc_boolean_t done, aa, negative_response;
4248 dns_rdatatype_t type;
4249 dns_section_t section =
4250 bind8_ns_resp ? DNS_SECTION_ANSWER : DNS_SECTION_AUTHORITY;
4252 FCTXTRACE("noanswer_response");
4254 message = fctx->rmessage;
4259 if (oqname == NULL) {
4261 * We have a normal, non-chained negative response or
4264 if ((message->flags & DNS_MESSAGEFLAG_AA) != 0)
4268 qname = &fctx->name;
4271 * We're being invoked by answer_response() after it has
4272 * followed a CNAME/DNAME chain.
4277 * If the current qname is not a subdomain of the query
4278 * domain, there's no point in looking at the authority
4279 * section without doing DNSSEC validation.
4281 * Until we do that validation, we'll just return success
4284 if (!dns_name_issubdomain(qname, &fctx->domain))
4285 return (ISC_R_SUCCESS);
4289 * We have to figure out if this is a negative response, or a
4294 * Sometimes we can tell if its a negative response by looking at
4295 * the message header.
4297 negative_response = ISC_FALSE;
4298 if (message->rcode == dns_rcode_nxdomain ||
4299 (message->counts[DNS_SECTION_ANSWER] == 0 &&
4300 message->counts[DNS_SECTION_AUTHORITY] == 0))
4301 negative_response = ISC_TRUE;
4304 * Process the authority section.
4311 result = dns_message_firstname(message, section);
4312 while (!done && result == ISC_R_SUCCESS) {
4314 dns_message_currentname(message, section, &name);
4315 if (dns_name_issubdomain(name, &fctx->domain)) {
4317 * Look for NS/SOA RRsets first.
4319 for (rdataset = ISC_LIST_HEAD(name->list);
4321 rdataset = ISC_LIST_NEXT(rdataset, link)) {
4322 type = rdataset->type;
4323 if (type == dns_rdatatype_rrsig)
4324 type = rdataset->covers;
4325 if (((type == dns_rdatatype_ns ||
4326 type == dns_rdatatype_soa) &&
4327 !dns_name_issubdomain(qname, name)))
4328 return (DNS_R_FORMERR);
4329 if (type == dns_rdatatype_ns) {
4333 * Only one set of NS RRs is allowed.
4335 if (rdataset->type ==
4337 if (ns_name != NULL &&
4339 return (DNS_R_FORMERR);
4341 ns_rdataset = rdataset;
4345 rdataset->attributes |=
4346 DNS_RDATASETATTR_CACHE;
4347 rdataset->trust = dns_trust_glue;
4349 if (type == dns_rdatatype_soa) {
4351 * SOA, or RRSIG SOA.
4353 * Only one SOA is allowed.
4355 if (rdataset->type ==
4356 dns_rdatatype_soa) {
4357 if (soa_name != NULL &&
4359 return (DNS_R_FORMERR);
4363 DNS_NAMEATTR_NCACHE;
4364 rdataset->attributes |=
4365 DNS_RDATASETATTR_NCACHE;
4368 dns_trust_authauthority;
4371 dns_trust_additional;
4375 * A negative response has a SOA record (Type 2)
4376 * and a optional NS RRset (Type 1) or it has neither
4377 * a SOA or a NS RRset (Type 3, handled above) or
4378 * rcode is NXDOMAIN (handled above) in which case
4379 * the NS RRset is allowed (Type 4).
4381 if (soa_name != NULL)
4382 negative_response = ISC_TRUE;
4383 for (rdataset = ISC_LIST_HEAD(name->list);
4385 rdataset = ISC_LIST_NEXT(rdataset, link)) {
4386 type = rdataset->type;
4387 if (type == dns_rdatatype_rrsig)
4388 type = rdataset->covers;
4389 if (type == dns_rdatatype_nsec) {
4391 * NSEC or RRSIG NSEC.
4393 if (negative_response) {
4395 DNS_NAMEATTR_NCACHE;
4396 rdataset->attributes |=
4397 DNS_RDATASETATTR_NCACHE;
4401 rdataset->attributes |=
4402 DNS_RDATASETATTR_CACHE;
4406 dns_trust_authauthority;
4409 dns_trust_additional;
4411 * No additional data needs to be
4414 } else if (type == dns_rdatatype_ds) {
4418 * These should only be here if
4419 * this is a referral, and there
4420 * should only be one DS.
4422 if (ns_name == NULL)
4423 return (DNS_R_FORMERR);
4424 if (rdataset->type ==
4426 if (ds_name != NULL &&
4428 return (DNS_R_FORMERR);
4433 rdataset->attributes |=
4434 DNS_RDATASETATTR_CACHE;
4437 dns_trust_authauthority;
4440 dns_trust_additional;
4444 result = dns_message_nextname(message, section);
4445 if (result == ISC_R_NOMORE)
4447 else if (result != ISC_R_SUCCESS)
4452 * Trigger lookups for DNS nameservers.
4454 if (negative_response && message->rcode == dns_rcode_noerror &&
4455 fctx->type == dns_rdatatype_ds && soa_name != NULL &&
4456 dns_name_equal(soa_name, qname) &&
4457 !dns_name_equal(qname, dns_rootname))
4458 return (DNS_R_CHASEDSSERVERS);
4461 * Did we find anything?
4463 if (!negative_response && ns_name == NULL) {
4467 if (oqname != NULL) {
4469 * We've already got a partial CNAME/DNAME chain,
4470 * and haven't found else anything useful here, but
4471 * no error has occurred since we have an answer.
4473 return (ISC_R_SUCCESS);
4476 * The responder is insane.
4478 return (DNS_R_FORMERR);
4483 * If we found both NS and SOA, they should be the same name.
4485 if (ns_name != NULL && soa_name != NULL && ns_name != soa_name)
4486 return (DNS_R_FORMERR);
4489 * Do we have a referral? (We only want to follow a referral if
4490 * we're not following a chain.)
4492 if (!negative_response && ns_name != NULL && oqname == NULL) {
4494 * We already know ns_name is a subdomain of fctx->domain.
4495 * If ns_name is equal to fctx->domain, we're not making
4496 * progress. We return DNS_R_FORMERR so that we'll keep
4497 * trying other servers.
4499 if (dns_name_equal(ns_name, &fctx->domain))
4500 return (DNS_R_FORMERR);
4503 * If the referral name is not a parent of the query
4504 * name, consider the responder insane.
4506 if (! dns_name_issubdomain(&fctx->name, ns_name)) {
4507 FCTXTRACE("referral to non-parent");
4508 return (DNS_R_FORMERR);
4512 * Mark any additional data related to this rdataset.
4513 * It's important that we do this before we change the
4516 INSIST(ns_rdataset != NULL);
4517 fctx->attributes |= FCTX_ATTR_GLUING;
4518 (void)dns_rdataset_additionaldata(ns_rdataset, check_related,
4520 fctx->attributes &= ~FCTX_ATTR_GLUING;
4522 * NS rdatasets with 0 TTL cause problems.
4523 * dns_view_findzonecut() will not find them when we
4524 * try to follow the referral, and we'll SERVFAIL
4525 * because the best nameservers are now above QDOMAIN.
4526 * We force the TTL to 1 second to prevent this.
4528 if (ns_rdataset->ttl == 0)
4529 ns_rdataset->ttl = 1;
4531 * Set the current query domain to the referral name.
4533 * XXXRTH We should check if we're in forward-only mode, and
4534 * if so we should bail out.
4536 INSIST(dns_name_countlabels(&fctx->domain) > 0);
4537 dns_name_free(&fctx->domain, fctx->res->mctx);
4538 if (dns_rdataset_isassociated(&fctx->nameservers))
4539 dns_rdataset_disassociate(&fctx->nameservers);
4540 dns_name_init(&fctx->domain, NULL);
4541 result = dns_name_dup(ns_name, fctx->res->mctx, &fctx->domain);
4542 if (result != ISC_R_SUCCESS)
4544 fctx->attributes |= FCTX_ATTR_WANTCACHE;
4545 return (DNS_R_DELEGATION);
4549 * Since we're not doing a referral, we don't want to cache any
4550 * NS RRs we may have found.
4552 if (ns_name != NULL)
4553 ns_name->attributes &= ~DNS_NAMEATTR_CACHE;
4555 if (negative_response && oqname == NULL)
4556 fctx->attributes |= FCTX_ATTR_WANTNCACHE;
4558 return (ISC_R_SUCCESS);
4562 answer_response(fetchctx_t *fctx) {
4563 isc_result_t result;
4564 dns_message_t *message;
4565 dns_name_t *name, *qname, tname;
4566 dns_rdataset_t *rdataset;
4567 isc_boolean_t done, external, chaining, aa, found, want_chaining;
4568 isc_boolean_t have_answer, found_cname, found_type, wanted_chaining;
4570 dns_rdatatype_t type;
4571 dns_fixedname_t dname, fqname;
4573 FCTXTRACE("answer_response");
4575 message = fctx->rmessage;
4578 * Examine the answer section, marking those rdatasets which are
4579 * part of the answer and should be cached.
4583 found_cname = ISC_FALSE;
4584 found_type = ISC_FALSE;
4585 chaining = ISC_FALSE;
4586 have_answer = ISC_FALSE;
4587 want_chaining = ISC_FALSE;
4588 if ((message->flags & DNS_MESSAGEFLAG_AA) != 0)
4592 qname = &fctx->name;
4594 result = dns_message_firstname(message, DNS_SECTION_ANSWER);
4595 while (!done && result == ISC_R_SUCCESS) {
4597 dns_message_currentname(message, DNS_SECTION_ANSWER, &name);
4598 external = ISC_TF(!dns_name_issubdomain(name, &fctx->domain));
4599 if (dns_name_equal(name, qname)) {
4600 wanted_chaining = ISC_FALSE;
4601 for (rdataset = ISC_LIST_HEAD(name->list);
4603 rdataset = ISC_LIST_NEXT(rdataset, link)) {
4605 want_chaining = ISC_FALSE;
4607 if (rdataset->type == type && !found_cname) {
4609 * We've found an ordinary answer.
4612 found_type = ISC_TRUE;
4614 aflag = DNS_RDATASETATTR_ANSWER;
4615 } else if (type == dns_rdatatype_any) {
4617 * We've found an answer matching
4618 * an ANY query. There may be
4622 aflag = DNS_RDATASETATTR_ANSWER;
4623 } else if (rdataset->type == dns_rdatatype_rrsig
4624 && rdataset->covers == type
4627 * We've found a signature that
4628 * covers the type we're looking for.
4631 found_type = ISC_TRUE;
4632 aflag = DNS_RDATASETATTR_ANSWERSIG;
4633 } else if (rdataset->type ==
4637 * We're looking for something else,
4638 * but we found a CNAME.
4640 * Getting a CNAME response for some
4641 * query types is an error.
4643 if (type == dns_rdatatype_rrsig ||
4644 type == dns_rdatatype_dnskey ||
4645 type == dns_rdatatype_nsec)
4646 return (DNS_R_FORMERR);
4648 found_cname = ISC_TRUE;
4649 want_chaining = ISC_TRUE;
4650 aflag = DNS_RDATASETATTR_ANSWER;
4651 result = cname_target(rdataset,
4653 if (result != ISC_R_SUCCESS)
4655 } else if (rdataset->type == dns_rdatatype_rrsig
4656 && rdataset->covers ==
4660 * We're looking for something else,
4661 * but we found a SIG CNAME.
4664 found_cname = ISC_TRUE;
4665 aflag = DNS_RDATASETATTR_ANSWERSIG;
4670 * We've found an answer to our
4675 rdataset->attributes |=
4676 DNS_RDATASETATTR_CACHE;
4677 rdataset->trust = dns_trust_answer;
4680 * This data is "the" answer
4681 * to our question only if
4682 * we're not chaining (i.e.
4683 * if we haven't followed
4684 * a CNAME or DNAME).
4688 DNS_RDATASETATTR_ANSWER)
4689 have_answer = ISC_TRUE;
4691 DNS_NAMEATTR_ANSWER;
4692 rdataset->attributes |= aflag;
4695 dns_trust_authanswer;
4696 } else if (external) {
4698 * This data is outside of
4699 * our query domain, and
4700 * may only be cached if it
4701 * comes from a secure zone
4704 rdataset->attributes |=
4705 DNS_RDATASETATTR_EXTERNAL;
4709 * Mark any additional data related
4712 (void)dns_rdataset_additionaldata(
4720 if (want_chaining) {
4721 wanted_chaining = ISC_TRUE;
4723 DNS_NAMEATTR_CHAINING;
4724 rdataset->attributes |=
4725 DNS_RDATASETATTR_CHAINING;
4730 * We could add an "else" clause here and
4731 * log that we're ignoring this rdataset.
4735 * If wanted_chaining is true, we've done
4736 * some chaining as the result of processing
4737 * this node, and thus we need to set
4740 * We don't set chaining inside of the
4741 * rdataset loop because doing that would
4742 * cause us to ignore the signatures of
4745 if (wanted_chaining)
4746 chaining = ISC_TRUE;
4749 * Look for a DNAME (or its SIG). Anything else is
4752 wanted_chaining = ISC_FALSE;
4753 for (rdataset = ISC_LIST_HEAD(name->list);
4755 rdataset = ISC_LIST_NEXT(rdataset, link)) {
4756 isc_boolean_t found_dname = ISC_FALSE;
4759 if (rdataset->type == dns_rdatatype_dname) {
4761 * We're looking for something else,
4762 * but we found a DNAME.
4764 * If we're not chaining, then the
4765 * DNAME should not be external.
4767 if (!chaining && external)
4768 return (DNS_R_FORMERR);
4770 want_chaining = ISC_TRUE;
4771 aflag = DNS_RDATASETATTR_ANSWER;
4772 result = dname_target(rdataset,
4775 if (result == ISC_R_NOSPACE) {
4777 * We can't construct the
4778 * DNAME target. Do not
4781 want_chaining = ISC_FALSE;
4782 } else if (result != ISC_R_SUCCESS)
4785 found_dname = ISC_TRUE;
4786 } else if (rdataset->type == dns_rdatatype_rrsig
4787 && rdataset->covers ==
4788 dns_rdatatype_dname) {
4790 * We've found a signature that
4794 aflag = DNS_RDATASETATTR_ANSWERSIG;
4799 * We've found an answer to our
4804 rdataset->attributes |=
4805 DNS_RDATASETATTR_CACHE;
4806 rdataset->trust = dns_trust_answer;
4809 * This data is "the" answer
4810 * to our question only if
4811 * we're not chaining.
4815 DNS_RDATASETATTR_ANSWER)
4816 have_answer = ISC_TRUE;
4818 DNS_NAMEATTR_ANSWER;
4819 rdataset->attributes |= aflag;
4822 dns_trust_authanswer;
4823 } else if (external) {
4824 rdataset->attributes |=
4825 DNS_RDATASETATTR_EXTERNAL;
4833 * Copy the the dname into the
4836 * Although we check for
4837 * failure of the copy
4838 * operation, in practice it
4839 * should never fail since
4840 * we already know that the
4841 * result fits in a fixedname.
4843 dns_fixedname_init(&fqname);
4844 result = dns_name_copy(
4845 dns_fixedname_name(&dname),
4846 dns_fixedname_name(&fqname),
4848 if (result != ISC_R_SUCCESS)
4850 wanted_chaining = ISC_TRUE;
4852 DNS_NAMEATTR_CHAINING;
4853 rdataset->attributes |=
4854 DNS_RDATASETATTR_CHAINING;
4855 qname = dns_fixedname_name(
4860 if (wanted_chaining)
4861 chaining = ISC_TRUE;
4863 result = dns_message_nextname(message, DNS_SECTION_ANSWER);
4865 if (result == ISC_R_NOMORE)
4866 result = ISC_R_SUCCESS;
4867 if (result != ISC_R_SUCCESS)
4871 * We should have found an answer.
4874 return (DNS_R_FORMERR);
4877 * This response is now potentially cacheable.
4879 fctx->attributes |= FCTX_ATTR_WANTCACHE;
4882 * Did chaining end before we got the final answer?
4886 * Yes. This may be a negative reply, so hand off
4887 * authority section processing to the noanswer code.
4888 * If it isn't a noanswer response, no harm will be
4891 return (noanswer_response(fctx, qname, ISC_FALSE));
4895 * We didn't end with an incomplete chain, so the rcode should be
4898 if (message->rcode != dns_rcode_noerror)
4899 return (DNS_R_FORMERR);
4902 * Examine the authority section (if there is one).
4904 * We expect there to be only one owner name for all the rdatasets
4905 * in this section, and we expect that it is not external.
4908 result = dns_message_firstname(message, DNS_SECTION_AUTHORITY);
4909 while (!done && result == ISC_R_SUCCESS) {
4911 dns_message_currentname(message, DNS_SECTION_AUTHORITY, &name);
4912 external = ISC_TF(!dns_name_issubdomain(name, &fctx->domain));
4915 * We expect to find NS or SIG NS rdatasets, and
4918 for (rdataset = ISC_LIST_HEAD(name->list);
4920 rdataset = ISC_LIST_NEXT(rdataset, link)) {
4921 if (rdataset->type == dns_rdatatype_ns ||
4922 (rdataset->type == dns_rdatatype_rrsig &&
4923 rdataset->covers == dns_rdatatype_ns)) {
4926 rdataset->attributes |=
4927 DNS_RDATASETATTR_CACHE;
4928 if (aa && !chaining)
4930 dns_trust_authauthority;
4933 dns_trust_additional;
4936 * Mark any additional data related
4939 (void)dns_rdataset_additionaldata(
4947 result = dns_message_nextname(message, DNS_SECTION_AUTHORITY);
4949 if (result == ISC_R_NOMORE)
4950 result = ISC_R_SUCCESS;
4956 resume_dslookup(isc_task_t *task, isc_event_t *event) {
4957 dns_fetchevent_t *fevent;
4958 dns_resolver_t *res;
4960 isc_result_t result;
4961 isc_boolean_t bucket_empty = ISC_FALSE;
4962 isc_boolean_t locked = ISC_FALSE;
4963 unsigned int bucketnum;
4964 dns_rdataset_t nameservers;
4965 dns_fixedname_t fixed;
4968 REQUIRE(event->ev_type == DNS_EVENT_FETCHDONE);
4969 fevent = (dns_fetchevent_t *)event;
4970 fctx = event->ev_arg;
4971 REQUIRE(VALID_FCTX(fctx));
4975 FCTXTRACE("resume_dslookup");
4977 if (fevent->node != NULL)
4978 dns_db_detachnode(fevent->db, &fevent->node);
4979 if (fevent->db != NULL)
4980 dns_db_detach(&fevent->db);
4982 dns_rdataset_init(&nameservers);
4984 bucketnum = fctx->bucketnum;
4985 if (fevent->result == ISC_R_CANCELED) {
4986 dns_resolver_destroyfetch(&fctx->nsfetch);
4987 fctx_done(fctx, ISC_R_CANCELED);
4988 } else if (fevent->result == ISC_R_SUCCESS) {
4990 FCTXTRACE("resuming DS lookup");
4992 dns_resolver_destroyfetch(&fctx->nsfetch);
4993 if (dns_rdataset_isassociated(&fctx->nameservers))
4994 dns_rdataset_disassociate(&fctx->nameservers);
4995 dns_rdataset_clone(fevent->rdataset, &fctx->nameservers);
4996 dns_name_free(&fctx->domain, fctx->res->mctx);
4997 dns_name_init(&fctx->domain, NULL);
4998 result = dns_name_dup(&fctx->nsname, fctx->res->mctx,
5000 if (result != ISC_R_SUCCESS) {
5001 fctx_done(fctx, DNS_R_SERVFAIL);
5010 dns_rdataset_t *nsrdataset = NULL;
5013 * Retrieve state from fctx->nsfetch before we destroy it.
5015 dns_fixedname_init(&fixed);
5016 domain = dns_fixedname_name(&fixed);
5017 dns_name_copy(&fctx->nsfetch->private->domain, domain, NULL);
5018 if (dns_name_equal(&fctx->nsname, domain)) {
5019 fctx_done(fctx, DNS_R_SERVFAIL);
5020 dns_resolver_destroyfetch(&fctx->nsfetch);
5023 if (dns_rdataset_isassociated(
5024 &fctx->nsfetch->private->nameservers)) {
5026 &fctx->nsfetch->private->nameservers,
5028 nsrdataset = &nameservers;
5031 dns_resolver_destroyfetch(&fctx->nsfetch);
5032 n = dns_name_countlabels(&fctx->nsname);
5033 dns_name_getlabelsequence(&fctx->nsname, 1, n - 1,
5036 if (dns_rdataset_isassociated(fevent->rdataset))
5037 dns_rdataset_disassociate(fevent->rdataset);
5038 FCTXTRACE("continuing to look for parent's NS records");
5039 result = dns_resolver_createfetch(fctx->res, &fctx->nsname,
5040 dns_rdatatype_ns, domain,
5041 nsrdataset, NULL, 0, task,
5042 resume_dslookup, fctx,
5043 &fctx->nsrrset, NULL,
5045 if (result != ISC_R_SUCCESS)
5046 fctx_done(fctx, result);
5048 LOCK(&res->buckets[bucketnum].lock);
5055 if (dns_rdataset_isassociated(&nameservers))
5056 dns_rdataset_disassociate(&nameservers);
5057 if (dns_rdataset_isassociated(fevent->rdataset))
5058 dns_rdataset_disassociate(fevent->rdataset);
5059 INSIST(fevent->sigrdataset == NULL);
5060 isc_event_free(&event);
5062 LOCK(&res->buckets[bucketnum].lock);
5064 if (fctx->references == 0)
5065 bucket_empty = fctx_destroy(fctx);
5066 UNLOCK(&res->buckets[bucketnum].lock);
5072 checknamessection(dns_message_t *message, dns_section_t section) {
5073 isc_result_t result;
5075 dns_rdata_t rdata = DNS_RDATA_INIT;
5076 dns_rdataset_t *rdataset;
5078 for (result = dns_message_firstname(message, section);
5079 result == ISC_R_SUCCESS;
5080 result = dns_message_nextname(message, section))
5083 dns_message_currentname(message, section, &name);
5084 for (rdataset = ISC_LIST_HEAD(name->list);
5086 rdataset = ISC_LIST_NEXT(rdataset, link)) {
5087 for (result = dns_rdataset_first(rdataset);
5088 result == ISC_R_SUCCESS;
5089 result = dns_rdataset_next(rdataset)) {
5090 dns_rdataset_current(rdataset, &rdata);
5091 if (!dns_rdata_checkowner(name, rdata.rdclass,
5094 !dns_rdata_checknames(&rdata, name, NULL))
5096 rdataset->attributes |=
5097 DNS_RDATASETATTR_CHECKNAMES;
5099 dns_rdata_reset(&rdata);
5106 checknames(dns_message_t *message) {
5108 checknamessection(message, DNS_SECTION_ANSWER);
5109 checknamessection(message, DNS_SECTION_AUTHORITY);
5110 checknamessection(message, DNS_SECTION_ADDITIONAL);
5114 log_packet(dns_message_t *message, int level, isc_mem_t *mctx) {
5115 isc_buffer_t buffer;
5118 isc_result_t result;
5120 if (! isc_log_wouldlog(dns_lctx, level))
5124 * Note that these are multiline debug messages. We want a newline
5125 * to appear in the log after each message.
5129 buf = isc_mem_get(mctx, len);
5132 isc_buffer_init(&buffer, buf, len);
5133 result = dns_message_totext(message, &dns_master_style_debug,
5135 if (result == ISC_R_NOSPACE) {
5136 isc_mem_put(mctx, buf, len);
5138 } else if (result == ISC_R_SUCCESS)
5139 isc_log_write(dns_lctx, DNS_LOGCATEGORY_RESOLVER,
5140 DNS_LOGMODULE_RESOLVER, level,
5141 "received packet:\n%.*s",
5142 (int)isc_buffer_usedlength(&buffer),
5144 } while (result == ISC_R_NOSPACE);
5147 isc_mem_put(mctx, buf, len);
5151 resquery_response(isc_task_t *task, isc_event_t *event) {
5152 isc_result_t result = ISC_R_SUCCESS;
5153 resquery_t *query = event->ev_arg;
5154 dns_dispatchevent_t *devent = (dns_dispatchevent_t *)event;
5155 isc_boolean_t keep_trying, get_nameservers, resend;
5156 isc_boolean_t truncated;
5157 dns_message_t *message;
5160 dns_fixedname_t foundname;
5162 isc_time_t tnow, *finish;
5163 dns_adbaddrinfo_t *addrinfo;
5164 unsigned int options;
5165 unsigned int findoptions;
5166 isc_result_t broken_server;
5168 REQUIRE(VALID_QUERY(query));
5170 options = query->options;
5171 REQUIRE(VALID_FCTX(fctx));
5172 REQUIRE(event->ev_type == DNS_EVENT_DISPATCH);
5176 (void)isc_timer_touch(fctx->timer);
5178 keep_trying = ISC_FALSE;
5179 broken_server = ISC_R_SUCCESS;
5180 get_nameservers = ISC_FALSE;
5182 truncated = ISC_FALSE;
5185 if (fctx->res->exiting) {
5186 result = ISC_R_SHUTTINGDOWN;
5193 * XXXRTH We should really get the current time just once. We
5194 * need a routine to convert from an isc_time_t to an
5199 isc_stdtime_get(&now);
5202 * Did the dispatcher have a problem?
5204 if (devent->result != ISC_R_SUCCESS) {
5205 if (devent->result == ISC_R_EOF &&
5206 (query->options & DNS_FETCHOPT_NOEDNS0) == 0) {
5208 * The problem might be that they
5209 * don't understand EDNS0. Turn it
5210 * off and try again.
5212 options |= DNS_FETCHOPT_NOEDNS0;
5215 * Remember that they don't like EDNS0.
5217 dns_adb_changeflags(fctx->adb,
5219 DNS_FETCHOPT_NOEDNS0,
5220 DNS_FETCHOPT_NOEDNS0);
5223 * There's no hope for this query.
5225 keep_trying = ISC_TRUE;
5230 message = fctx->rmessage;
5232 if (query->tsig != NULL) {
5233 result = dns_message_setquerytsig(message, query->tsig);
5234 if (result != ISC_R_SUCCESS)
5238 if (query->tsigkey) {
5239 result = dns_message_settsigkey(message, query->tsigkey);
5240 if (result != ISC_R_SUCCESS)
5244 result = dns_message_parse(message, &devent->buffer, 0);
5245 if (result != ISC_R_SUCCESS) {
5247 case ISC_R_UNEXPECTEDEND:
5248 if (!message->question_ok ||
5249 (message->flags & DNS_MESSAGEFLAG_TC) == 0 ||
5250 (options & DNS_FETCHOPT_TCP) != 0) {
5252 * Either the message ended prematurely,
5253 * and/or wasn't marked as being truncated,
5254 * and/or this is a response to a query we
5255 * sent over TCP. In all of these cases,
5256 * something is wrong with the remote
5257 * server and we don't want to retry using
5260 if ((query->options & DNS_FETCHOPT_NOEDNS0)
5263 * The problem might be that they
5264 * don't understand EDNS0. Turn it
5265 * off and try again.
5267 options |= DNS_FETCHOPT_NOEDNS0;
5270 * Remember that they don't like EDNS0.
5272 dns_adb_changeflags(
5275 DNS_FETCHOPT_NOEDNS0,
5276 DNS_FETCHOPT_NOEDNS0);
5278 broken_server = result;
5279 keep_trying = ISC_TRUE;
5284 * We defer retrying via TCP for a bit so we can
5285 * check out this message further.
5287 truncated = ISC_TRUE;
5290 if ((query->options & DNS_FETCHOPT_NOEDNS0) == 0) {
5292 * The problem might be that they
5293 * don't understand EDNS0. Turn it
5294 * off and try again.
5296 options |= DNS_FETCHOPT_NOEDNS0;
5299 * Remember that they don't like EDNS0.
5301 dns_adb_changeflags(fctx->adb,
5303 DNS_FETCHOPT_NOEDNS0,
5304 DNS_FETCHOPT_NOEDNS0);
5306 broken_server = DNS_R_UNEXPECTEDRCODE;
5307 keep_trying = ISC_TRUE;
5312 * Something bad has happened.
5319 * Log the incoming packet.
5321 log_packet(message, ISC_LOG_DEBUG(10), fctx->res->mctx);
5324 * If the message is signed, check the signature. If not, this
5325 * returns success anyway.
5327 result = dns_message_checksig(message, fctx->res->view);
5328 if (result != ISC_R_SUCCESS)
5332 * The dispatcher should ensure we only get responses with QR set.
5334 INSIST((message->flags & DNS_MESSAGEFLAG_QR) != 0);
5336 * INSIST() that the message comes from the place we sent it to,
5337 * since the dispatch code should ensure this.
5339 * INSIST() that the message id is correct (this should also be
5340 * ensured by the dispatch code).
5345 * Deal with truncated responses by retrying using TCP.
5347 if ((message->flags & DNS_MESSAGEFLAG_TC) != 0)
5348 truncated = ISC_TRUE;
5351 if ((options & DNS_FETCHOPT_TCP) != 0) {
5352 broken_server = DNS_R_TRUNCATEDTCP;
5353 keep_trying = ISC_TRUE;
5355 options |= DNS_FETCHOPT_TCP;
5362 * Is it a query response?
5364 if (message->opcode != dns_opcode_query) {
5366 broken_server = DNS_R_UNEXPECTEDOPCODE;
5367 keep_trying = ISC_TRUE;
5372 * Is the remote server broken, or does it dislike us?
5374 if (message->rcode != dns_rcode_noerror &&
5375 message->rcode != dns_rcode_nxdomain) {
5376 if ((message->rcode == dns_rcode_formerr ||
5377 message->rcode == dns_rcode_notimp ||
5378 message->rcode == dns_rcode_servfail) &&
5379 (query->options & DNS_FETCHOPT_NOEDNS0) == 0) {
5381 * It's very likely they don't like EDNS0.
5383 * XXXRTH We should check if the question
5384 * we're asking requires EDNS0, and
5385 * if so, we should bail out.
5387 options |= DNS_FETCHOPT_NOEDNS0;
5390 * Remember that they don't like EDNS0.
5392 if (message->rcode != dns_rcode_servfail)
5393 dns_adb_changeflags(fctx->adb, query->addrinfo,
5394 DNS_FETCHOPT_NOEDNS0,
5395 DNS_FETCHOPT_NOEDNS0);
5396 } else if (message->rcode == dns_rcode_formerr) {
5397 if (ISFORWARDER(query->addrinfo)) {
5399 * This forwarder doesn't understand us,
5400 * but other forwarders might. Keep trying.
5402 broken_server = DNS_R_REMOTEFORMERR;
5403 keep_trying = ISC_TRUE;
5406 * The server doesn't understand us. Since
5407 * all servers for a zone need similar
5408 * capabilities, we assume that we will get
5409 * FORMERR from all servers, and thus we
5410 * cannot make any more progress with this
5413 result = DNS_R_FORMERR;
5415 } else if (message->rcode == dns_rcode_yxdomain) {
5417 * DNAME mapping failed because the new name
5418 * was too long. There's no chance of success
5421 result = DNS_R_YXDOMAIN;
5426 broken_server = DNS_R_UNEXPECTEDRCODE;
5427 INSIST(broken_server != ISC_R_SUCCESS);
5428 keep_trying = ISC_TRUE;
5434 * Is the question the same as the one we asked?
5436 result = same_question(fctx);
5437 if (result != ISC_R_SUCCESS) {
5439 if (result == DNS_R_FORMERR)
5440 keep_trying = ISC_TRUE;
5445 * Is the server lame?
5447 if (fctx->res->lame_ttl != 0 && !ISFORWARDER(query->addrinfo) &&
5449 log_lame(fctx, query->addrinfo);
5450 result = dns_adb_marklame(fctx->adb, query->addrinfo,
5452 now + fctx->res->lame_ttl);
5453 if (result != ISC_R_SUCCESS)
5454 isc_log_write(dns_lctx, DNS_LOGCATEGORY_RESOLVER,
5455 DNS_LOGMODULE_RESOLVER, ISC_LOG_ERROR,
5456 "could not mark server as lame: %s",
5457 isc_result_totext(result));
5458 broken_server = DNS_R_LAME;
5459 keep_trying = ISC_TRUE;
5464 * Enforce delegations only zones like NET and COM.
5466 if (!ISFORWARDER(query->addrinfo) &&
5467 dns_view_isdelegationonly(fctx->res->view, &fctx->domain) &&
5468 !dns_name_equal(&fctx->domain, &fctx->name) &&
5469 fix_mustbedelegationornxdomain(message, fctx)) {
5470 char namebuf[DNS_NAME_FORMATSIZE];
5471 char domainbuf[DNS_NAME_FORMATSIZE];
5472 char addrbuf[ISC_SOCKADDR_FORMATSIZE];
5476 dns_name_format(&fctx->name, namebuf, sizeof(namebuf));
5477 dns_name_format(&fctx->domain, domainbuf, sizeof(domainbuf));
5478 dns_rdatatype_format(fctx->type, typebuf, sizeof(typebuf));
5479 dns_rdataclass_format(fctx->res->rdclass, classbuf,
5481 isc_sockaddr_format(&query->addrinfo->sockaddr, addrbuf,
5484 isc_log_write(dns_lctx, DNS_LOGCATEGORY_DELEGATION_ONLY,
5485 DNS_LOGMODULE_RESOLVER, ISC_LOG_NOTICE,
5486 "enforced delegation-only for '%s' (%s/%s/%s) "
5488 domainbuf, namebuf, typebuf, classbuf, addrbuf);
5491 if ((fctx->res->options & DNS_RESOLVER_CHECKNAMES) != 0)
5492 checknames(message);
5497 fctx->attributes &= ~(FCTX_ATTR_WANTNCACHE | FCTX_ATTR_WANTCACHE);
5500 * Did we get any answers?
5502 if (message->counts[DNS_SECTION_ANSWER] > 0 &&
5503 (message->rcode == dns_rcode_noerror ||
5504 message->rcode == dns_rcode_nxdomain)) {
5506 * We've got answers. However, if we sent
5507 * a BIND 8 server an NS query, it may have
5508 * incorrectly responded with a non-authoritative
5509 * answer instead of a referral. Since this
5510 * answer lacks the SIGs necessary to do DNSSEC
5511 * validation, we must invoke the following special
5512 * kludge to treat it as a referral.
5514 if (fctx->type == dns_rdatatype_ns &&
5515 (message->flags & DNS_MESSAGEFLAG_AA) == 0 &&
5516 !ISFORWARDER(query->addrinfo))
5518 result = noanswer_response(fctx, NULL, ISC_TRUE);
5519 if (result != DNS_R_DELEGATION) {
5521 * The answer section must have contained
5522 * something other than the NS records
5523 * we asked for. Since AA is not set
5524 * and the server is not a forwarder,
5525 * it is technically lame and it's easier
5526 * to treat it as such than to figure out
5527 * some more elaborate course of action.
5529 broken_server = DNS_R_LAME;
5530 keep_trying = ISC_TRUE;
5533 goto force_referral;
5535 result = answer_response(fctx);
5536 if (result != ISC_R_SUCCESS) {
5537 if (result == DNS_R_FORMERR)
5538 keep_trying = ISC_TRUE;
5541 } else if (message->counts[DNS_SECTION_AUTHORITY] > 0 ||
5542 message->rcode == dns_rcode_noerror ||
5543 message->rcode == dns_rcode_nxdomain) {
5545 * NXDOMAIN, NXRDATASET, or referral.
5547 result = noanswer_response(fctx, NULL, ISC_FALSE);
5548 if (result == DNS_R_CHASEDSSERVERS) {
5549 } else if (result == DNS_R_DELEGATION) {
5552 * We don't have the answer, but we know a better
5555 get_nameservers = ISC_TRUE;
5556 keep_trying = ISC_TRUE;
5558 * We have a new set of name servers, and it
5559 * has not experienced any restarts yet.
5562 result = ISC_R_SUCCESS;
5563 } else if (result != ISC_R_SUCCESS) {
5565 * Something has gone wrong.
5567 if (result == DNS_R_FORMERR)
5568 keep_trying = ISC_TRUE;
5573 * The server is insane.
5576 broken_server = DNS_R_UNEXPECTEDRCODE;
5577 keep_trying = ISC_TRUE;
5582 * Follow additional section data chains.
5584 chase_additional(fctx);
5587 * Cache the cacheable parts of the message. This may also cause
5588 * work to be queued to the DNSSEC validator.
5590 if (WANTCACHE(fctx)) {
5591 result = cache_message(fctx, query->addrinfo, now);
5592 if (result != ISC_R_SUCCESS)
5597 * Ncache the negatively cacheable parts of the message. This may
5598 * also cause work to be queued to the DNSSEC validator.
5600 if (WANTNCACHE(fctx)) {
5601 dns_rdatatype_t covers;
5602 if (message->rcode == dns_rcode_nxdomain)
5603 covers = dns_rdatatype_any;
5605 covers = fctx->type;
5608 * Cache any negative cache entries in the message.
5610 result = ncache_message(fctx, query->addrinfo, covers, now);
5615 * Remember the query's addrinfo, in case we need to mark the
5618 addrinfo = query->addrinfo;
5623 * XXXRTH Don't cancel the query if waiting for validation?
5625 fctx_cancelquery(&query, &devent, finish, ISC_FALSE);
5628 if (result == DNS_R_FORMERR)
5629 broken_server = DNS_R_FORMERR;
5630 if (broken_server != ISC_R_SUCCESS) {
5632 * Add this server to the list of bad servers for
5635 add_bad(fctx, &addrinfo->sockaddr, broken_server);
5638 if (get_nameservers) {
5640 dns_fixedname_init(&foundname);
5641 fname = dns_fixedname_name(&foundname);
5642 if (result != ISC_R_SUCCESS) {
5643 fctx_done(fctx, DNS_R_SERVFAIL);
5647 if (dns_rdatatype_atparent(fctx->type))
5648 findoptions |= DNS_DBFIND_NOEXACT;
5649 if ((options & DNS_FETCHOPT_UNSHARED) == 0)
5652 name = &fctx->domain;
5653 result = dns_view_findzonecut(fctx->res->view,
5659 if (result != ISC_R_SUCCESS) {
5660 FCTXTRACE("couldn't find a zonecut");
5661 fctx_done(fctx, DNS_R_SERVFAIL);
5664 if (!dns_name_issubdomain(fname, &fctx->domain)) {
5666 * The best nameservers are now above our
5669 FCTXTRACE("nameservers now above QDOMAIN");
5670 fctx_done(fctx, DNS_R_SERVFAIL);
5673 dns_name_free(&fctx->domain, fctx->res->mctx);
5674 dns_name_init(&fctx->domain, NULL);
5675 result = dns_name_dup(fname, fctx->res->mctx,
5677 if (result != ISC_R_SUCCESS) {
5678 fctx_done(fctx, DNS_R_SERVFAIL);
5681 fctx_cancelqueries(fctx, ISC_TRUE);
5682 fctx_cleanupfinds(fctx);
5683 fctx_cleanupaltfinds(fctx);
5684 fctx_cleanupforwaddrs(fctx);
5685 fctx_cleanupaltaddrs(fctx);
5691 } else if (resend) {
5693 * Resend (probably with changed options).
5695 FCTXTRACE("resend");
5696 result = fctx_query(fctx, addrinfo, options);
5697 if (result != ISC_R_SUCCESS)
5698 fctx_done(fctx, result);
5699 } else if (result == ISC_R_SUCCESS && !HAVE_ANSWER(fctx)) {
5701 * All has gone well so far, but we are waiting for the
5702 * DNSSEC validator to validate the answer.
5704 FCTXTRACE("wait for validator");
5705 fctx_cancelqueries(fctx, ISC_TRUE);
5707 * We must not retransmit while the validator is working;
5708 * it has references to the current rmessage.
5710 result = fctx_stopidletimer(fctx);
5711 if (result != ISC_R_SUCCESS)
5712 fctx_done(fctx, result);
5713 } else if (result == DNS_R_CHASEDSSERVERS) {
5715 add_bad(fctx, &addrinfo->sockaddr, result);
5716 fctx_cancelqueries(fctx, ISC_TRUE);
5717 fctx_cleanupfinds(fctx);
5718 fctx_cleanupforwaddrs(fctx);
5720 n = dns_name_countlabels(&fctx->name);
5721 dns_name_getlabelsequence(&fctx->name, 1, n - 1, &fctx->nsname);
5723 FCTXTRACE("suspending DS lookup to find parent's NS records");
5725 result = dns_resolver_createfetch(fctx->res, &fctx->nsname,
5727 NULL, NULL, NULL, 0, task,
5728 resume_dslookup, fctx,
5729 &fctx->nsrrset, NULL,
5731 if (result != ISC_R_SUCCESS)
5732 fctx_done(fctx, result);
5733 LOCK(&fctx->res->buckets[fctx->bucketnum].lock);
5735 UNLOCK(&fctx->res->buckets[fctx->bucketnum].lock);
5736 result = fctx_stopidletimer(fctx);
5737 if (result != ISC_R_SUCCESS)
5738 fctx_done(fctx, result);
5743 fctx_done(fctx, result);
5749 *** Resolver Methods
5753 destroy(dns_resolver_t *res) {
5757 REQUIRE(res->references == 0);
5758 REQUIRE(!res->priming);
5759 REQUIRE(res->primefetch == NULL);
5763 INSIST(res->nfctx == 0);
5765 DESTROYLOCK(&res->primelock);
5766 DESTROYLOCK(&res->nlock);
5767 DESTROYLOCK(&res->lock);
5768 for (i = 0; i < res->nbuckets; i++) {
5769 INSIST(ISC_LIST_EMPTY(res->buckets[i].fctxs));
5770 isc_task_shutdown(res->buckets[i].task);
5771 isc_task_detach(&res->buckets[i].task);
5772 DESTROYLOCK(&res->buckets[i].lock);
5774 isc_mem_put(res->mctx, res->buckets,
5775 res->nbuckets * sizeof(fctxbucket_t));
5776 if (res->dispatchv4 != NULL)
5777 dns_dispatch_detach(&res->dispatchv4);
5778 if (res->dispatchv6 != NULL)
5779 dns_dispatch_detach(&res->dispatchv6);
5780 while ((a = ISC_LIST_HEAD(res->alternates)) != NULL) {
5781 ISC_LIST_UNLINK(res->alternates, a, link);
5783 dns_name_free(&a->_u._n.name, res->mctx);
5784 isc_mem_put(res->mctx, a, sizeof(*a));
5786 dns_resolver_reset_algorithms(res);
5787 dns_resolver_resetmustbesecure(res);
5789 isc_rwlock_destroy(&res->alglock);
5792 isc_rwlock_destroy(&res->mbslock);
5795 isc_mem_put(res->mctx, res, sizeof(*res));
5799 send_shutdown_events(dns_resolver_t *res) {
5800 isc_event_t *event, *next_event;
5804 * Caller must be holding the resolver lock.
5807 for (event = ISC_LIST_HEAD(res->whenshutdown);
5809 event = next_event) {
5810 next_event = ISC_LIST_NEXT(event, ev_link);
5811 ISC_LIST_UNLINK(res->whenshutdown, event, ev_link);
5812 etask = event->ev_sender;
5813 event->ev_sender = res;
5814 isc_task_sendanddetach(&etask, &event);
5819 empty_bucket(dns_resolver_t *res) {
5820 RTRACE("empty_bucket");
5824 INSIST(res->activebuckets > 0);
5825 res->activebuckets--;
5826 if (res->activebuckets == 0)
5827 send_shutdown_events(res);
5833 dns_resolver_create(dns_view_t *view,
5834 isc_taskmgr_t *taskmgr, unsigned int ntasks,
5835 isc_socketmgr_t *socketmgr,
5836 isc_timermgr_t *timermgr,
5837 unsigned int options,
5838 dns_dispatchmgr_t *dispatchmgr,
5839 dns_dispatch_t *dispatchv4,
5840 dns_dispatch_t *dispatchv6,
5841 dns_resolver_t **resp)
5843 dns_resolver_t *res;
5844 isc_result_t result = ISC_R_SUCCESS;
5845 unsigned int i, buckets_created = 0;
5849 * Create a resolver.
5852 REQUIRE(DNS_VIEW_VALID(view));
5853 REQUIRE(ntasks > 0);
5854 REQUIRE(resp != NULL && *resp == NULL);
5855 REQUIRE(dispatchmgr != NULL);
5856 REQUIRE(dispatchv4 != NULL || dispatchv6 != NULL);
5858 res = isc_mem_get(view->mctx, sizeof(*res));
5860 return (ISC_R_NOMEMORY);
5862 res->mctx = view->mctx;
5863 res->rdclass = view->rdclass;
5864 res->socketmgr = socketmgr;
5865 res->timermgr = timermgr;
5866 res->taskmgr = taskmgr;
5867 res->dispatchmgr = dispatchmgr;
5869 res->options = options;
5871 ISC_LIST_INIT(res->alternates);
5872 res->udpsize = RECV_BUFFER_SIZE;
5873 res->algorithms = NULL;
5874 res->mustbesecure = NULL;
5876 res->nbuckets = ntasks;
5877 res->activebuckets = ntasks;
5878 res->buckets = isc_mem_get(view->mctx,
5879 ntasks * sizeof(fctxbucket_t));
5880 if (res->buckets == NULL) {
5881 result = ISC_R_NOMEMORY;
5884 for (i = 0; i < ntasks; i++) {
5885 result = isc_mutex_init(&res->buckets[i].lock);
5886 if (result != ISC_R_SUCCESS)
5887 goto cleanup_buckets;
5888 res->buckets[i].task = NULL;
5889 result = isc_task_create(taskmgr, 0, &res->buckets[i].task);
5890 if (result != ISC_R_SUCCESS) {
5891 DESTROYLOCK(&res->buckets[i].lock);
5892 goto cleanup_buckets;
5894 snprintf(name, sizeof(name), "res%u", i);
5895 isc_task_setname(res->buckets[i].task, name, res);
5896 ISC_LIST_INIT(res->buckets[i].fctxs);
5897 res->buckets[i].exiting = ISC_FALSE;
5901 res->dispatchv4 = NULL;
5902 if (dispatchv4 != NULL)
5903 dns_dispatch_attach(dispatchv4, &res->dispatchv4);
5904 res->dispatchv6 = NULL;
5905 if (dispatchv6 != NULL)
5906 dns_dispatch_attach(dispatchv6, &res->dispatchv6);
5908 res->references = 1;
5909 res->exiting = ISC_FALSE;
5910 res->frozen = ISC_FALSE;
5911 ISC_LIST_INIT(res->whenshutdown);
5912 res->priming = ISC_FALSE;
5913 res->primefetch = NULL;
5916 result = isc_mutex_init(&res->lock);
5917 if (result != ISC_R_SUCCESS)
5918 goto cleanup_dispatches;
5920 result = isc_mutex_init(&res->nlock);
5921 if (result != ISC_R_SUCCESS)
5924 result = isc_mutex_init(&res->primelock);
5925 if (result != ISC_R_SUCCESS)
5929 result = isc_rwlock_init(&res->alglock, 0, 0);
5930 if (result != ISC_R_SUCCESS)
5931 goto cleanup_primelock;
5934 result = isc_rwlock_init(&res->mbslock, 0, 0);
5935 if (result != ISC_R_SUCCESS)
5936 goto cleanup_alglock;
5939 res->magic = RES_MAGIC;
5943 return (ISC_R_SUCCESS);
5948 isc_rwlock_destroy(&res->alglock);
5951 #if USE_ALGLOCK || USE_MBSLOCK
5953 DESTROYLOCK(&res->primelock);
5957 DESTROYLOCK(&res->nlock);
5960 DESTROYLOCK(&res->lock);
5963 if (res->dispatchv6 != NULL)
5964 dns_dispatch_detach(&res->dispatchv6);
5965 if (res->dispatchv4 != NULL)
5966 dns_dispatch_detach(&res->dispatchv4);
5969 for (i = 0; i < buckets_created; i++) {
5970 DESTROYLOCK(&res->buckets[i].lock);
5971 isc_task_shutdown(res->buckets[i].task);
5972 isc_task_detach(&res->buckets[i].task);
5974 isc_mem_put(view->mctx, res->buckets,
5975 res->nbuckets * sizeof(fctxbucket_t));
5978 isc_mem_put(view->mctx, res, sizeof(*res));
5984 prime_done(isc_task_t *task, isc_event_t *event) {
5985 dns_resolver_t *res;
5986 dns_fetchevent_t *fevent;
5989 REQUIRE(event->ev_type == DNS_EVENT_FETCHDONE);
5990 fevent = (dns_fetchevent_t *)event;
5991 res = event->ev_arg;
5992 REQUIRE(VALID_RESOLVER(res));
5998 INSIST(res->priming);
5999 res->priming = ISC_FALSE;
6000 LOCK(&res->primelock);
6001 fetch = res->primefetch;
6002 res->primefetch = NULL;
6003 UNLOCK(&res->primelock);
6007 if (fevent->node != NULL)
6008 dns_db_detachnode(fevent->db, &fevent->node);
6009 if (fevent->db != NULL)
6010 dns_db_detach(&fevent->db);
6011 if (dns_rdataset_isassociated(fevent->rdataset))
6012 dns_rdataset_disassociate(fevent->rdataset);
6013 INSIST(fevent->sigrdataset == NULL);
6015 isc_mem_put(res->mctx, fevent->rdataset, sizeof(*fevent->rdataset));
6017 isc_event_free(&event);
6018 dns_resolver_destroyfetch(&fetch);
6022 dns_resolver_prime(dns_resolver_t *res) {
6023 isc_boolean_t want_priming = ISC_FALSE;
6024 dns_rdataset_t *rdataset;
6025 isc_result_t result;
6027 REQUIRE(VALID_RESOLVER(res));
6028 REQUIRE(res->frozen);
6030 RTRACE("dns_resolver_prime");
6034 if (!res->exiting && !res->priming) {
6035 INSIST(res->primefetch == NULL);
6036 res->priming = ISC_TRUE;
6037 want_priming = ISC_TRUE;
6044 * To avoid any possible recursive locking problems, we
6045 * start the priming fetch like any other fetch, and holding
6046 * no resolver locks. No one else will try to start it
6047 * because we're the ones who set res->priming to true.
6048 * Any other callers of dns_resolver_prime() while we're
6049 * running will see that res->priming is already true and
6053 rdataset = isc_mem_get(res->mctx, sizeof(*rdataset));
6054 if (rdataset == NULL) {
6056 INSIST(res->priming);
6057 INSIST(res->primefetch == NULL);
6058 res->priming = ISC_FALSE;
6062 dns_rdataset_init(rdataset);
6063 LOCK(&res->primelock);
6064 result = dns_resolver_createfetch(res, dns_rootname,
6066 NULL, NULL, NULL, 0,
6067 res->buckets[0].task,
6069 res, rdataset, NULL,
6071 UNLOCK(&res->primelock);
6072 if (result != ISC_R_SUCCESS) {
6074 INSIST(res->priming);
6075 res->priming = ISC_FALSE;
6082 dns_resolver_freeze(dns_resolver_t *res) {
6088 REQUIRE(VALID_RESOLVER(res));
6089 REQUIRE(!res->frozen);
6091 res->frozen = ISC_TRUE;
6095 dns_resolver_attach(dns_resolver_t *source, dns_resolver_t **targetp) {
6096 REQUIRE(VALID_RESOLVER(source));
6097 REQUIRE(targetp != NULL && *targetp == NULL);
6099 RRTRACE(source, "attach");
6100 LOCK(&source->lock);
6101 REQUIRE(!source->exiting);
6103 INSIST(source->references > 0);
6104 source->references++;
6105 INSIST(source->references != 0);
6106 UNLOCK(&source->lock);
6112 dns_resolver_whenshutdown(dns_resolver_t *res, isc_task_t *task,
6113 isc_event_t **eventp)
6118 REQUIRE(VALID_RESOLVER(res));
6119 REQUIRE(eventp != NULL);
6126 if (res->exiting && res->activebuckets == 0) {
6128 * We're already shutdown. Send the event.
6130 event->ev_sender = res;
6131 isc_task_send(task, &event);
6134 isc_task_attach(task, &clone);
6135 event->ev_sender = clone;
6136 ISC_LIST_APPEND(res->whenshutdown, event, ev_link);
6143 dns_resolver_shutdown(dns_resolver_t *res) {
6148 REQUIRE(VALID_RESOLVER(res));
6154 if (!res->exiting) {
6156 res->exiting = ISC_TRUE;
6158 for (i = 0; i < res->nbuckets; i++) {
6159 LOCK(&res->buckets[i].lock);
6160 for (fctx = ISC_LIST_HEAD(res->buckets[i].fctxs);
6162 fctx = ISC_LIST_NEXT(fctx, link))
6163 fctx_shutdown(fctx);
6164 if (res->dispatchv4 != NULL) {
6165 sock = dns_dispatch_getsocket(res->dispatchv4);
6166 isc_socket_cancel(sock, res->buckets[i].task,
6167 ISC_SOCKCANCEL_ALL);
6169 if (res->dispatchv6 != NULL) {
6170 sock = dns_dispatch_getsocket(res->dispatchv6);
6171 isc_socket_cancel(sock, res->buckets[i].task,
6172 ISC_SOCKCANCEL_ALL);
6174 res->buckets[i].exiting = ISC_TRUE;
6175 if (ISC_LIST_EMPTY(res->buckets[i].fctxs)) {
6176 INSIST(res->activebuckets > 0);
6177 res->activebuckets--;
6179 UNLOCK(&res->buckets[i].lock);
6181 if (res->activebuckets == 0)
6182 send_shutdown_events(res);
6189 dns_resolver_detach(dns_resolver_t **resp) {
6190 dns_resolver_t *res;
6191 isc_boolean_t need_destroy = ISC_FALSE;
6193 REQUIRE(resp != NULL);
6195 REQUIRE(VALID_RESOLVER(res));
6201 INSIST(res->references > 0);
6203 if (res->references == 0) {
6204 INSIST(res->exiting && res->activebuckets == 0);
6205 need_destroy = ISC_TRUE;
6216 static inline isc_boolean_t
6217 fctx_match(fetchctx_t *fctx, dns_name_t *name, dns_rdatatype_t type,
6218 unsigned int options)
6220 if (fctx->type != type || fctx->options != options)
6222 return (dns_name_equal(&fctx->name, name));
6226 log_fetch(dns_name_t *name, dns_rdatatype_t type) {
6227 char namebuf[DNS_NAME_FORMATSIZE];
6228 char typebuf[DNS_RDATATYPE_FORMATSIZE];
6229 int level = ISC_LOG_DEBUG(1);
6231 if (! isc_log_wouldlog(dns_lctx, level))
6234 dns_name_format(name, namebuf, sizeof(namebuf));
6235 dns_rdatatype_format(type, typebuf, sizeof(typebuf));
6237 isc_log_write(dns_lctx, DNS_LOGCATEGORY_RESOLVER,
6238 DNS_LOGMODULE_RESOLVER, level,
6239 "createfetch: %s %s", namebuf, typebuf);
6243 dns_resolver_createfetch(dns_resolver_t *res, dns_name_t *name,
6244 dns_rdatatype_t type,
6245 dns_name_t *domain, dns_rdataset_t *nameservers,
6246 dns_forwarders_t *forwarders,
6247 unsigned int options, isc_task_t *task,
6248 isc_taskaction_t action, void *arg,
6249 dns_rdataset_t *rdataset,
6250 dns_rdataset_t *sigrdataset,
6251 dns_fetch_t **fetchp)
6254 fetchctx_t *fctx = NULL;
6255 isc_result_t result;
6256 unsigned int bucketnum;
6257 isc_boolean_t new_fctx = ISC_FALSE;
6262 REQUIRE(VALID_RESOLVER(res));
6263 REQUIRE(res->frozen);
6264 /* XXXRTH Check for meta type */
6265 if (domain != NULL) {
6266 REQUIRE(DNS_RDATASET_VALID(nameservers));
6267 REQUIRE(nameservers->type == dns_rdatatype_ns);
6269 REQUIRE(nameservers == NULL);
6270 REQUIRE(forwarders == NULL);
6271 REQUIRE(!dns_rdataset_isassociated(rdataset));
6272 REQUIRE(sigrdataset == NULL ||
6273 !dns_rdataset_isassociated(sigrdataset));
6274 REQUIRE(fetchp != NULL && *fetchp == NULL);
6276 log_fetch(name, type);
6279 * XXXRTH use a mempool?
6281 fetch = isc_mem_get(res->mctx, sizeof(*fetch));
6283 return (ISC_R_NOMEMORY);
6285 bucketnum = dns_name_hash(name, ISC_FALSE) % res->nbuckets;
6287 LOCK(&res->buckets[bucketnum].lock);
6289 if (res->buckets[bucketnum].exiting) {
6290 result = ISC_R_SHUTTINGDOWN;
6294 if ((options & DNS_FETCHOPT_UNSHARED) == 0) {
6295 for (fctx = ISC_LIST_HEAD(res->buckets[bucketnum].fctxs);
6297 fctx = ISC_LIST_NEXT(fctx, link)) {
6298 if (fctx_match(fctx, name, type, options))
6304 * If we didn't have a fetch, would attach to a done fetch, this
6305 * fetch has already cloned its results, or if the fetch has gone
6306 * "idle" (no one was interested in it), we need to start a new
6307 * fetch instead of joining with the existing one.
6310 fctx->state == fetchstate_done ||
6312 ISC_LIST_EMPTY(fctx->events)) {
6314 result = fctx_create(res, name, type, domain, nameservers,
6315 options, bucketnum, &fctx);
6316 if (result != ISC_R_SUCCESS)
6318 new_fctx = ISC_TRUE;
6321 result = fctx_join(fctx, task, action, arg,
6322 rdataset, sigrdataset, fetch);
6324 if (result == ISC_R_SUCCESS) {
6328 event = &fctx->control_event;
6329 ISC_EVENT_INIT(event, sizeof(*event), 0, NULL,
6330 DNS_EVENT_FETCHCONTROL,
6331 fctx_start, fctx, NULL,
6333 isc_task_send(res->buckets[bucketnum].task, &event);
6336 * We don't care about the result of fctx_destroy()
6337 * since we know we're not exiting.
6339 (void)fctx_destroy(fctx);
6344 UNLOCK(&res->buckets[bucketnum].lock);
6346 if (result == ISC_R_SUCCESS) {
6350 isc_mem_put(res->mctx, fetch, sizeof(*fetch));
6356 dns_resolver_cancelfetch(dns_fetch_t *fetch) {
6358 dns_resolver_t *res;
6359 dns_fetchevent_t *event, *next_event;
6362 REQUIRE(DNS_FETCH_VALID(fetch));
6363 fctx = fetch->private;
6364 REQUIRE(VALID_FCTX(fctx));
6367 FTRACE("cancelfetch");
6369 LOCK(&res->buckets[fctx->bucketnum].lock);
6372 * Find the completion event for this fetch (as opposed
6373 * to those for other fetches that have joined the same
6374 * fctx) and send it with result = ISC_R_CANCELED.
6377 if (fctx->state != fetchstate_done) {
6378 for (event = ISC_LIST_HEAD(fctx->events);
6380 event = next_event) {
6381 next_event = ISC_LIST_NEXT(event, ev_link);
6382 if (event->fetch == fetch) {
6383 ISC_LIST_UNLINK(fctx->events, event, ev_link);
6388 if (event != NULL) {
6389 etask = event->ev_sender;
6390 event->ev_sender = fctx;
6391 event->result = ISC_R_CANCELED;
6392 isc_task_sendanddetach(&etask, ISC_EVENT_PTR(&event));
6395 * The fctx continues running even if no fetches remain;
6396 * the answer is still cached.
6399 UNLOCK(&res->buckets[fctx->bucketnum].lock);
6403 dns_resolver_destroyfetch(dns_fetch_t **fetchp) {
6405 dns_resolver_t *res;
6406 dns_fetchevent_t *event, *next_event;
6408 unsigned int bucketnum;
6409 isc_boolean_t bucket_empty = ISC_FALSE;
6411 REQUIRE(fetchp != NULL);
6413 REQUIRE(DNS_FETCH_VALID(fetch));
6414 fctx = fetch->private;
6415 REQUIRE(VALID_FCTX(fctx));
6418 FTRACE("destroyfetch");
6420 bucketnum = fctx->bucketnum;
6421 LOCK(&res->buckets[bucketnum].lock);
6424 * Sanity check: the caller should have gotten its event before
6425 * trying to destroy the fetch.
6428 if (fctx->state != fetchstate_done) {
6429 for (event = ISC_LIST_HEAD(fctx->events);
6431 event = next_event) {
6432 next_event = ISC_LIST_NEXT(event, ev_link);
6433 RUNTIME_CHECK(event->fetch != fetch);
6437 INSIST(fctx->references > 0);
6439 if (fctx->references == 0) {
6441 * No one cares about the result of this fetch anymore.
6443 if (fctx->pending == 0 && fctx->nqueries == 0 &&
6444 ISC_LIST_EMPTY(fctx->validators) &&
6445 SHUTTINGDOWN(fctx)) {
6447 * This fctx is already shutdown; we were just
6448 * waiting for the last reference to go away.
6450 bucket_empty = fctx_destroy(fctx);
6453 * Initiate shutdown.
6455 fctx_shutdown(fctx);
6459 UNLOCK(&res->buckets[bucketnum].lock);
6461 isc_mem_put(res->mctx, fetch, sizeof(*fetch));
6469 dns_resolver_dispatchmgr(dns_resolver_t *resolver) {
6470 REQUIRE(VALID_RESOLVER(resolver));
6471 return (resolver->dispatchmgr);
6475 dns_resolver_dispatchv4(dns_resolver_t *resolver) {
6476 REQUIRE(VALID_RESOLVER(resolver));
6477 return (resolver->dispatchv4);
6481 dns_resolver_dispatchv6(dns_resolver_t *resolver) {
6482 REQUIRE(VALID_RESOLVER(resolver));
6483 return (resolver->dispatchv6);
6487 dns_resolver_socketmgr(dns_resolver_t *resolver) {
6488 REQUIRE(VALID_RESOLVER(resolver));
6489 return (resolver->socketmgr);
6493 dns_resolver_taskmgr(dns_resolver_t *resolver) {
6494 REQUIRE(VALID_RESOLVER(resolver));
6495 return (resolver->taskmgr);
6499 dns_resolver_getlamettl(dns_resolver_t *resolver) {
6500 REQUIRE(VALID_RESOLVER(resolver));
6501 return (resolver->lame_ttl);
6505 dns_resolver_setlamettl(dns_resolver_t *resolver, isc_uint32_t lame_ttl) {
6506 REQUIRE(VALID_RESOLVER(resolver));
6507 resolver->lame_ttl = lame_ttl;
6511 dns_resolver_nrunning(dns_resolver_t *resolver) {
6513 LOCK(&resolver->nlock);
6514 n = resolver->nfctx;
6515 UNLOCK(&resolver->nlock);
6520 dns_resolver_addalternate(dns_resolver_t *resolver, isc_sockaddr_t *alt,
6521 dns_name_t *name, in_port_t port) {
6523 isc_result_t result;
6525 REQUIRE(VALID_RESOLVER(resolver));
6526 REQUIRE(!resolver->frozen);
6527 REQUIRE((alt == NULL) ^ (name == NULL));
6529 a = isc_mem_get(resolver->mctx, sizeof(*a));
6531 return (ISC_R_NOMEMORY);
6533 a->isaddress = ISC_TRUE;
6536 a->isaddress = ISC_FALSE;
6537 a->_u._n.port = port;
6538 dns_name_init(&a->_u._n.name, NULL);
6539 result = dns_name_dup(name, resolver->mctx, &a->_u._n.name);
6540 if (result != ISC_R_SUCCESS) {
6541 isc_mem_put(resolver->mctx, a, sizeof(*a));
6545 ISC_LINK_INIT(a, link);
6546 ISC_LIST_APPEND(resolver->alternates, a, link);
6548 return (ISC_R_SUCCESS);
6552 dns_resolver_setudpsize(dns_resolver_t *resolver, isc_uint16_t udpsize) {
6553 REQUIRE(VALID_RESOLVER(resolver));
6554 resolver->udpsize = udpsize;
6558 dns_resolver_getudpsize(dns_resolver_t *resolver) {
6559 REQUIRE(VALID_RESOLVER(resolver));
6560 return (resolver->udpsize);
6564 free_algorithm(void *node, void *arg) {
6565 unsigned char *algorithms = node;
6566 isc_mem_t *mctx = arg;
6568 isc_mem_put(mctx, algorithms, *algorithms);
6572 dns_resolver_reset_algorithms(dns_resolver_t *resolver) {
6574 REQUIRE(VALID_RESOLVER(resolver));
6577 RWLOCK(&resolver->alglock, isc_rwlocktype_write);
6579 if (resolver->algorithms != NULL)
6580 dns_rbt_destroy(&resolver->algorithms);
6582 RWUNLOCK(&resolver->alglock, isc_rwlocktype_write);
6587 dns_resolver_disable_algorithm(dns_resolver_t *resolver, dns_name_t *name,
6590 unsigned int len, mask;
6592 unsigned char *algorithms;
6593 isc_result_t result;
6594 dns_rbtnode_t *node = NULL;
6596 REQUIRE(VALID_RESOLVER(resolver));
6598 return (ISC_R_RANGE);
6601 RWLOCK(&resolver->alglock, isc_rwlocktype_write);
6603 if (resolver->algorithms == NULL) {
6604 result = dns_rbt_create(resolver->mctx, free_algorithm,
6605 resolver->mctx, &resolver->algorithms);
6606 if (result != ISC_R_SUCCESS)
6611 mask = 1 << (alg%8);
6613 result = dns_rbt_addnode(resolver->algorithms, name, &node);
6615 if (result == ISC_R_SUCCESS || result == ISC_R_EXISTS) {
6616 algorithms = node->data;
6617 if (algorithms == NULL || len > *algorithms) {
6618 new = isc_mem_get(resolver->mctx, len);
6620 result = ISC_R_NOMEMORY;
6623 memset(new, 0, len);
6624 if (algorithms != NULL)
6625 memcpy(new, algorithms, *algorithms);
6629 if (algorithms != NULL)
6630 isc_mem_put(resolver->mctx, algorithms,
6633 algorithms[len-1] |= mask;
6635 result = ISC_R_SUCCESS;
6638 RWUNLOCK(&resolver->alglock, isc_rwlocktype_write);
6644 dns_resolver_algorithm_supported(dns_resolver_t *resolver, dns_name_t *name,
6647 unsigned int len, mask;
6648 unsigned char *algorithms;
6650 isc_result_t result;
6651 isc_boolean_t found = ISC_FALSE;
6653 REQUIRE(VALID_RESOLVER(resolver));
6656 RWLOCK(&resolver->alglock, isc_rwlocktype_read);
6658 if (resolver->algorithms == NULL)
6660 result = dns_rbt_findname(resolver->algorithms, name, 0, NULL, &data);
6661 if (result == ISC_R_SUCCESS || result == DNS_R_PARTIALMATCH) {
6663 mask = 1 << (alg%8);
6665 if (len <= *algorithms && (algorithms[len-1] & mask) != 0)
6670 RWUNLOCK(&resolver->alglock, isc_rwlocktype_read);
6674 return (dst_algorithm_supported(alg));
6678 dns_resolver_resetmustbesecure(dns_resolver_t *resolver) {
6680 REQUIRE(VALID_RESOLVER(resolver));
6683 RWLOCK(&resolver->mbslock, isc_rwlocktype_write);
6685 if (resolver->mustbesecure != NULL)
6686 dns_rbt_destroy(&resolver->mustbesecure);
6688 RWUNLOCK(&resolver->mbslock, isc_rwlocktype_write);
6692 static isc_boolean_t yes = ISC_TRUE, no = ISC_FALSE;
6695 dns_resolver_setmustbesecure(dns_resolver_t *resolver, dns_name_t *name,
6696 isc_boolean_t value)
6698 isc_result_t result;
6700 REQUIRE(VALID_RESOLVER(resolver));
6703 RWLOCK(&resolver->mbslock, isc_rwlocktype_write);
6705 if (resolver->mustbesecure == NULL) {
6706 result = dns_rbt_create(resolver->mctx, NULL, NULL,
6707 &resolver->mustbesecure);
6708 if (result != ISC_R_SUCCESS)
6711 result = dns_rbt_addname(resolver->mustbesecure, name,
6712 value ? &yes : &no);
6715 RWUNLOCK(&resolver->mbslock, isc_rwlocktype_write);
6721 dns_resolver_getmustbesecure(dns_resolver_t *resolver, dns_name_t *name) {
6723 isc_boolean_t value = ISC_FALSE;
6724 isc_result_t result;
6726 REQUIRE(VALID_RESOLVER(resolver));
6729 RWLOCK(&resolver->mbslock, isc_rwlocktype_read);
6731 if (resolver->mustbesecure == NULL)
6733 result = dns_rbt_findname(resolver->mustbesecure, name, 0, NULL, &data);
6734 if (result == ISC_R_SUCCESS || result == DNS_R_PARTIALMATCH)
6735 value = *(isc_boolean_t*)data;
6738 RWUNLOCK(&resolver->mbslock, isc_rwlocktype_read);
tuxillo's projects / dragonfly.git / blob