mirror of
https://github.com/NLnetLabs/unbound.git
synced 2024-09-21 06:37:08 +00:00
- dns64-ignore-aaaa: config option to list domain names for which the
existing AAAA is ignored and dns64 processing is used on the A record. git-svn-id: file:///svn/unbound/trunk@4762 be551aaa-1e26-0410-a405-d3ace91eadb9
This commit is contained in:
parent
d3ff7a9333
commit
2beae211ee
@ -1030,7 +1030,8 @@ dns64.lo dns64.o: $(srcdir)/dns64/dns64.c config.h $(srcdir)/dns64/dns64.h $(src
|
||||
$(srcdir)/util/storage/slabhash.h $(srcdir)/util/config_file.h $(srcdir)/util/fptr_wlist.h \
|
||||
$(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \
|
||||
$(srcdir)/dnscrypt/cert.h $(srcdir)/util/tube.h $(srcdir)/services/mesh.h $(srcdir)/util/rbtree.h \
|
||||
$(srcdir)/services/modstack.h $(srcdir)/util/net_help.h $(srcdir)/util/regional.h
|
||||
$(srcdir)/services/modstack.h $(srcdir)/util/net_help.h $(srcdir)/util/regional.h \
|
||||
$(srcdir)/util/storage/dnstree.h $(srcdir)/util/data/dname.h $(srcdir)/sldns/str2wire.h
|
||||
edns-subnet.lo edns-subnet.o: $(srcdir)/edns-subnet/edns-subnet.c config.h \
|
||||
$(srcdir)/edns-subnet/edns-subnet.h $(srcdir)/util/net_help.h $(srcdir)/util/log.h
|
||||
subnetmod.lo subnetmod.o: $(srcdir)/edns-subnet/subnetmod.c config.h $(srcdir)/edns-subnet/subnetmod.h \
|
||||
|
120
dns64/dns64.c
120
dns64/dns64.c
@ -48,6 +48,9 @@
|
||||
#include "util/fptr_wlist.h"
|
||||
#include "util/net_help.h"
|
||||
#include "util/regional.h"
|
||||
#include "util/storage/dnstree.h"
|
||||
#include "util/data/dname.h"
|
||||
#include "sldns/str2wire.h"
|
||||
|
||||
/******************************************************************************
|
||||
* *
|
||||
@ -111,6 +114,11 @@ struct dns64_env {
|
||||
* This is the CIDR length of the prefix. It needs to be between 0 and 96.
|
||||
*/
|
||||
int prefix_net;
|
||||
|
||||
/**
|
||||
* Tree of names for which AAAA is ignored. always synthesize from A.
|
||||
*/
|
||||
rbtree_type ignore_aaaa;
|
||||
};
|
||||
|
||||
|
||||
@ -284,6 +292,40 @@ synthesize_aaaa(const uint8_t prefix_addr[16], int prefix_net,
|
||||
* *
|
||||
******************************************************************************/
|
||||
|
||||
/**
|
||||
* insert ignore_aaaa element into the tree
|
||||
* @param dns64_env: module env.
|
||||
* @param str: string with domain name.
|
||||
* @return false on failure.
|
||||
*/
|
||||
static int
|
||||
dns64_insert_ignore_aaaa(struct dns64_env* dns64_env, char* str)
|
||||
{
|
||||
/* parse and insert element */
|
||||
struct name_tree_node* node;
|
||||
node = (struct name_tree_node*)calloc(1, sizeof(*node));
|
||||
if(!node) {
|
||||
log_err("out of memory");
|
||||
return 0;
|
||||
}
|
||||
node->name = sldns_str2wire_dname(str, &node->len);
|
||||
if(!node->name) {
|
||||
free(node);
|
||||
log_err("cannot parse dns64-ignore-aaaa: %s", str);
|
||||
return 0;
|
||||
}
|
||||
node->labs = dname_count_labels(node->name);
|
||||
node->dclass = LDNS_RR_CLASS_IN;
|
||||
if(!name_tree_insert(&dns64_env->ignore_aaaa, node,
|
||||
node->name, node->len, node->labs, node->dclass)) {
|
||||
/* ignore duplicate element */
|
||||
free(node->name);
|
||||
free(node);
|
||||
return 1;
|
||||
}
|
||||
return 1;
|
||||
}
|
||||
|
||||
/**
|
||||
* This function applies the configuration found in the parsed configuration
|
||||
* file \a cfg to this instance of the dns64 module. Currently only the DNS64
|
||||
@ -295,6 +337,7 @@ synthesize_aaaa(const uint8_t prefix_addr[16], int prefix_net,
|
||||
static int
|
||||
dns64_apply_cfg(struct dns64_env* dns64_env, struct config_file* cfg)
|
||||
{
|
||||
struct config_strlist* s;
|
||||
verbose(VERB_ALGO, "dns64-prefix: %s", cfg->dns64_prefix);
|
||||
if (!netblockstrtoaddr(cfg->dns64_prefix ? cfg->dns64_prefix :
|
||||
DEFAULT_DNS64_PREFIX, 0, &dns64_env->prefix_addr,
|
||||
@ -311,6 +354,11 @@ dns64_apply_cfg(struct dns64_env* dns64_env, struct config_file* cfg)
|
||||
cfg->dns64_prefix);
|
||||
return 0;
|
||||
}
|
||||
for(s = cfg->dns64_ignore_aaaa; s; s = s->next) {
|
||||
if(!dns64_insert_ignore_aaaa(dns64_env, s->str))
|
||||
return 0;
|
||||
}
|
||||
name_tree_init_parents(&dns64_env->ignore_aaaa);
|
||||
return 1;
|
||||
}
|
||||
|
||||
@ -329,7 +377,8 @@ dns64_init(struct module_env* env, int id)
|
||||
log_err("malloc failure");
|
||||
return 0;
|
||||
}
|
||||
env->modinfo[id] = (void*)dns64_env;
|
||||
env->modinfo[id] = (void*)dns64_env;
|
||||
name_tree_init(&dns64_env->ignore_aaaa);
|
||||
if (!dns64_apply_cfg(dns64_env, env->cfg)) {
|
||||
log_err("dns64: could not apply configuration settings.");
|
||||
return 0;
|
||||
@ -337,6 +386,16 @@ dns64_init(struct module_env* env, int id)
|
||||
return 1;
|
||||
}
|
||||
|
||||
/** free ignore AAAA elements */
|
||||
static void
|
||||
free_ignore_aaaa_node(rbnode_type* node, void* ATTR_UNUSED(arg))
|
||||
{
|
||||
struct name_tree_node* n = (struct name_tree_node*)node;
|
||||
if(!n) return;
|
||||
free(n->name);
|
||||
free(n);
|
||||
}
|
||||
|
||||
/**
|
||||
* Deinitializes this instance of the dns64 module.
|
||||
*
|
||||
@ -346,8 +405,14 @@ dns64_init(struct module_env* env, int id)
|
||||
void
|
||||
dns64_deinit(struct module_env* env, int id)
|
||||
{
|
||||
struct dns64_env* dns64_env;
|
||||
if (!env)
|
||||
return;
|
||||
dns64_env = (struct dns64_env*)env->modinfo[id];
|
||||
if(dns64_env) {
|
||||
traverse_postorder(&dns64_env->ignore_aaaa, free_ignore_aaaa_node,
|
||||
NULL);
|
||||
}
|
||||
free(env->modinfo[id]);
|
||||
env->modinfo[id] = NULL;
|
||||
}
|
||||
@ -440,6 +505,25 @@ generate_type_A_query(struct module_qstate* qstate, int id)
|
||||
return module_wait_subquery;
|
||||
}
|
||||
|
||||
/**
|
||||
* See if query name is in the always synth config.
|
||||
* The ignore-aaaa list has names for which the AAAA for the domain is
|
||||
* ignored and the A is always used to create the answer.
|
||||
* @param qstate: query state.
|
||||
* @param id: module id.
|
||||
* @return true if the name is covered by ignore-aaaa.
|
||||
*/
|
||||
static int
|
||||
dns64_always_synth_for_qname(struct module_qstate* qstate, int id)
|
||||
{
|
||||
struct dns64_env* dns64_env = (struct dns64_env*)qstate->env->modinfo[id];
|
||||
int labs = dname_count_labels(qstate->qinfo.qname);
|
||||
struct name_tree_node* node = name_tree_lookup(&dns64_env->ignore_aaaa,
|
||||
qstate->qinfo.qname, qstate->qinfo.qname_len, labs,
|
||||
qstate->qinfo.qclass);
|
||||
return (node != NULL);
|
||||
}
|
||||
|
||||
/**
|
||||
* Handles the "pass" event for a query. This event is received when a new query
|
||||
* is received by this module. The query may have been generated internally by
|
||||
@ -468,6 +552,14 @@ handle_event_pass(struct module_qstate* qstate, int id)
|
||||
&& qstate->qinfo.qtype == LDNS_RR_TYPE_AAAA)
|
||||
return generate_type_A_query(qstate, id);
|
||||
|
||||
if(dns64_always_synth_for_qname(qstate, id) &&
|
||||
(uintptr_t)qstate->minfo[id] == DNS64_NEW_QUERY
|
||||
&& !(qstate->query_flags & BIT_CD)
|
||||
&& qstate->qinfo.qtype == LDNS_RR_TYPE_AAAA) {
|
||||
verbose(VERB_ALGO, "dns64: ignore-aaaa and synthesize anyway");
|
||||
return generate_type_A_query(qstate, id);
|
||||
}
|
||||
|
||||
/* We are finished when our sub-query is finished. */
|
||||
if ((uintptr_t)qstate->minfo[id] == DNS64_SUBQUERY_FINISHED)
|
||||
return module_finished;
|
||||
@ -501,17 +593,29 @@ handle_event_moddone(struct module_qstate* qstate, int id)
|
||||
* synthesize in (sec 5.1.2 of RFC6147).
|
||||
* - A successful AAAA query with an answer.
|
||||
*/
|
||||
if ( (enum dns64_qstate)qstate->minfo[id] == DNS64_INTERNAL_QUERY
|
||||
|| qstate->qinfo.qtype != LDNS_RR_TYPE_AAAA
|
||||
|| (qstate->query_flags & BIT_CD)
|
||||
|| (qstate->return_msg &&
|
||||
if((enum dns64_qstate)qstate->minfo[id] != DNS64_INTERNAL_QUERY
|
||||
&& qstate->qinfo.qtype == LDNS_RR_TYPE_AAAA
|
||||
&& !(qstate->query_flags & BIT_CD)
|
||||
&& !(qstate->return_msg &&
|
||||
qstate->return_msg->rep &&
|
||||
reply_find_answer_rrset(&qstate->qinfo,
|
||||
qstate->return_msg->rep)))
|
||||
return module_finished;
|
||||
/* not internal, type AAAA, not CD, and no answer RRset,
|
||||
* So, this is a AAAA noerror/nodata answer */
|
||||
return generate_type_A_query(qstate, id);
|
||||
|
||||
/* So, this is a AAAA noerror/nodata answer */
|
||||
return generate_type_A_query(qstate, id);
|
||||
if((enum dns64_qstate)qstate->minfo[id] != DNS64_INTERNAL_QUERY
|
||||
&& qstate->qinfo.qtype == LDNS_RR_TYPE_AAAA
|
||||
&& !(qstate->query_flags & BIT_CD)
|
||||
&& dns64_always_synth_for_qname(qstate, id)) {
|
||||
/* if it is not internal, AAAA, not CD and listed domain,
|
||||
* generate from A record and ignore AAAA */
|
||||
verbose(VERB_ALGO, "dns64: ignore-aaaa and synthesize anyway");
|
||||
return generate_type_A_query(qstate, id);
|
||||
}
|
||||
|
||||
/* do nothing */
|
||||
return module_finished;
|
||||
}
|
||||
|
||||
/**
|
||||
|
@ -1,3 +1,8 @@
|
||||
29 June 2018: Wouter
|
||||
- dns64-ignore-aaaa: config option to list domain names for which the
|
||||
existing AAAA is ignored and dns64 processing is used on the A
|
||||
record.
|
||||
|
||||
28 June 2018: Wouter
|
||||
- num.queries.tls counter for queries over TLS.
|
||||
- log port number with err_addr logs.
|
||||
|
@ -1355,6 +1355,7 @@ config_delete(struct config_file* cfg)
|
||||
free(cfg->control_key_file);
|
||||
free(cfg->control_cert_file);
|
||||
free(cfg->dns64_prefix);
|
||||
config_delstrlist(cfg->dns64_ignore_aaaa);
|
||||
free(cfg->dnstap_socket_path);
|
||||
free(cfg->dnstap_identity);
|
||||
free(cfg->dnstap_version);
|
||||
|
@ -419,6 +419,8 @@ struct config_file {
|
||||
|
||||
/* Synthetize all AAAA record despite the presence of an authoritative one */
|
||||
int dns64_synthall;
|
||||
/** ignore AAAAs for these domain names and use A record anyway */
|
||||
struct config_strlist* dns64_ignore_aaaa;
|
||||
|
||||
/** true to enable dnstap support */
|
||||
int dnstap;
|
||||
|
3430
util/configlexer.c
3430
util/configlexer.c
File diff suppressed because it is too large
Load Diff
@ -393,6 +393,7 @@ rrset-roundrobin{COLON} { YDVAR(1, VAR_RRSET_ROUNDROBIN) }
|
||||
max-udp-size{COLON} { YDVAR(1, VAR_MAX_UDP_SIZE) }
|
||||
dns64-prefix{COLON} { YDVAR(1, VAR_DNS64_PREFIX) }
|
||||
dns64-synthall{COLON} { YDVAR(1, VAR_DNS64_SYNTHALL) }
|
||||
dns64-ignore-aaaa{COLON} { YDVAR(1, VAR_DNS64_IGNORE_AAAA) }
|
||||
define-tag{COLON} { YDVAR(1, VAR_DEFINE_TAG) }
|
||||
local-zone-tag{COLON} { YDVAR(2, VAR_LOCAL_ZONE_TAG) }
|
||||
access-control-tag{COLON} { YDVAR(2, VAR_ACCESS_CONTROL_TAG) }
|
||||
|
2414
util/configparser.c
2414
util/configparser.c
File diff suppressed because it is too large
Load Diff
@ -188,103 +188,104 @@ extern int yydebug;
|
||||
VAR_INFRA_CACHE_MIN_RTT = 398,
|
||||
VAR_DNS64_PREFIX = 399,
|
||||
VAR_DNS64_SYNTHALL = 400,
|
||||
VAR_DNSTAP = 401,
|
||||
VAR_DNSTAP_ENABLE = 402,
|
||||
VAR_DNSTAP_SOCKET_PATH = 403,
|
||||
VAR_DNSTAP_SEND_IDENTITY = 404,
|
||||
VAR_DNSTAP_SEND_VERSION = 405,
|
||||
VAR_DNSTAP_IDENTITY = 406,
|
||||
VAR_DNSTAP_VERSION = 407,
|
||||
VAR_DNSTAP_LOG_RESOLVER_QUERY_MESSAGES = 408,
|
||||
VAR_DNSTAP_LOG_RESOLVER_RESPONSE_MESSAGES = 409,
|
||||
VAR_DNSTAP_LOG_CLIENT_QUERY_MESSAGES = 410,
|
||||
VAR_DNSTAP_LOG_CLIENT_RESPONSE_MESSAGES = 411,
|
||||
VAR_DNSTAP_LOG_FORWARDER_QUERY_MESSAGES = 412,
|
||||
VAR_DNSTAP_LOG_FORWARDER_RESPONSE_MESSAGES = 413,
|
||||
VAR_RESPONSE_IP_TAG = 414,
|
||||
VAR_RESPONSE_IP = 415,
|
||||
VAR_RESPONSE_IP_DATA = 416,
|
||||
VAR_HARDEN_ALGO_DOWNGRADE = 417,
|
||||
VAR_IP_TRANSPARENT = 418,
|
||||
VAR_DISABLE_DNSSEC_LAME_CHECK = 419,
|
||||
VAR_IP_RATELIMIT = 420,
|
||||
VAR_IP_RATELIMIT_SLABS = 421,
|
||||
VAR_IP_RATELIMIT_SIZE = 422,
|
||||
VAR_RATELIMIT = 423,
|
||||
VAR_RATELIMIT_SLABS = 424,
|
||||
VAR_RATELIMIT_SIZE = 425,
|
||||
VAR_RATELIMIT_FOR_DOMAIN = 426,
|
||||
VAR_RATELIMIT_BELOW_DOMAIN = 427,
|
||||
VAR_IP_RATELIMIT_FACTOR = 428,
|
||||
VAR_RATELIMIT_FACTOR = 429,
|
||||
VAR_SEND_CLIENT_SUBNET = 430,
|
||||
VAR_CLIENT_SUBNET_ZONE = 431,
|
||||
VAR_CLIENT_SUBNET_ALWAYS_FORWARD = 432,
|
||||
VAR_CLIENT_SUBNET_OPCODE = 433,
|
||||
VAR_MAX_CLIENT_SUBNET_IPV4 = 434,
|
||||
VAR_MAX_CLIENT_SUBNET_IPV6 = 435,
|
||||
VAR_CAPS_WHITELIST = 436,
|
||||
VAR_CACHE_MAX_NEGATIVE_TTL = 437,
|
||||
VAR_PERMIT_SMALL_HOLDDOWN = 438,
|
||||
VAR_QNAME_MINIMISATION = 439,
|
||||
VAR_QNAME_MINIMISATION_STRICT = 440,
|
||||
VAR_IP_FREEBIND = 441,
|
||||
VAR_DEFINE_TAG = 442,
|
||||
VAR_LOCAL_ZONE_TAG = 443,
|
||||
VAR_ACCESS_CONTROL_TAG = 444,
|
||||
VAR_LOCAL_ZONE_OVERRIDE = 445,
|
||||
VAR_ACCESS_CONTROL_TAG_ACTION = 446,
|
||||
VAR_ACCESS_CONTROL_TAG_DATA = 447,
|
||||
VAR_VIEW = 448,
|
||||
VAR_ACCESS_CONTROL_VIEW = 449,
|
||||
VAR_VIEW_FIRST = 450,
|
||||
VAR_SERVE_EXPIRED = 451,
|
||||
VAR_FAKE_DSA = 452,
|
||||
VAR_FAKE_SHA1 = 453,
|
||||
VAR_LOG_IDENTITY = 454,
|
||||
VAR_HIDE_TRUSTANCHOR = 455,
|
||||
VAR_TRUST_ANCHOR_SIGNALING = 456,
|
||||
VAR_AGGRESSIVE_NSEC = 457,
|
||||
VAR_USE_SYSTEMD = 458,
|
||||
VAR_SHM_ENABLE = 459,
|
||||
VAR_SHM_KEY = 460,
|
||||
VAR_ROOT_KEY_SENTINEL = 461,
|
||||
VAR_DNSCRYPT = 462,
|
||||
VAR_DNSCRYPT_ENABLE = 463,
|
||||
VAR_DNSCRYPT_PORT = 464,
|
||||
VAR_DNSCRYPT_PROVIDER = 465,
|
||||
VAR_DNSCRYPT_SECRET_KEY = 466,
|
||||
VAR_DNSCRYPT_PROVIDER_CERT = 467,
|
||||
VAR_DNSCRYPT_PROVIDER_CERT_ROTATED = 468,
|
||||
VAR_DNSCRYPT_SHARED_SECRET_CACHE_SIZE = 469,
|
||||
VAR_DNSCRYPT_SHARED_SECRET_CACHE_SLABS = 470,
|
||||
VAR_DNSCRYPT_NONCE_CACHE_SIZE = 471,
|
||||
VAR_DNSCRYPT_NONCE_CACHE_SLABS = 472,
|
||||
VAR_IPSECMOD_ENABLED = 473,
|
||||
VAR_IPSECMOD_HOOK = 474,
|
||||
VAR_IPSECMOD_IGNORE_BOGUS = 475,
|
||||
VAR_IPSECMOD_MAX_TTL = 476,
|
||||
VAR_IPSECMOD_WHITELIST = 477,
|
||||
VAR_IPSECMOD_STRICT = 478,
|
||||
VAR_CACHEDB = 479,
|
||||
VAR_CACHEDB_BACKEND = 480,
|
||||
VAR_CACHEDB_SECRETSEED = 481,
|
||||
VAR_CACHEDB_REDISHOST = 482,
|
||||
VAR_CACHEDB_REDISPORT = 483,
|
||||
VAR_CACHEDB_REDISTIMEOUT = 484,
|
||||
VAR_UDP_UPSTREAM_WITHOUT_DOWNSTREAM = 485,
|
||||
VAR_FOR_UPSTREAM = 486,
|
||||
VAR_AUTH_ZONE = 487,
|
||||
VAR_ZONEFILE = 488,
|
||||
VAR_MASTER = 489,
|
||||
VAR_URL = 490,
|
||||
VAR_FOR_DOWNSTREAM = 491,
|
||||
VAR_FALLBACK_ENABLED = 492,
|
||||
VAR_TLS_ADDITIONAL_PORT = 493,
|
||||
VAR_LOW_RTT = 494,
|
||||
VAR_LOW_RTT_PERMIL = 495,
|
||||
VAR_ALLOW_NOTIFY = 496,
|
||||
VAR_TLS_WIN_CERT = 497
|
||||
VAR_DNS64_IGNORE_AAAA = 401,
|
||||
VAR_DNSTAP = 402,
|
||||
VAR_DNSTAP_ENABLE = 403,
|
||||
VAR_DNSTAP_SOCKET_PATH = 404,
|
||||
VAR_DNSTAP_SEND_IDENTITY = 405,
|
||||
VAR_DNSTAP_SEND_VERSION = 406,
|
||||
VAR_DNSTAP_IDENTITY = 407,
|
||||
VAR_DNSTAP_VERSION = 408,
|
||||
VAR_DNSTAP_LOG_RESOLVER_QUERY_MESSAGES = 409,
|
||||
VAR_DNSTAP_LOG_RESOLVER_RESPONSE_MESSAGES = 410,
|
||||
VAR_DNSTAP_LOG_CLIENT_QUERY_MESSAGES = 411,
|
||||
VAR_DNSTAP_LOG_CLIENT_RESPONSE_MESSAGES = 412,
|
||||
VAR_DNSTAP_LOG_FORWARDER_QUERY_MESSAGES = 413,
|
||||
VAR_DNSTAP_LOG_FORWARDER_RESPONSE_MESSAGES = 414,
|
||||
VAR_RESPONSE_IP_TAG = 415,
|
||||
VAR_RESPONSE_IP = 416,
|
||||
VAR_RESPONSE_IP_DATA = 417,
|
||||
VAR_HARDEN_ALGO_DOWNGRADE = 418,
|
||||
VAR_IP_TRANSPARENT = 419,
|
||||
VAR_DISABLE_DNSSEC_LAME_CHECK = 420,
|
||||
VAR_IP_RATELIMIT = 421,
|
||||
VAR_IP_RATELIMIT_SLABS = 422,
|
||||
VAR_IP_RATELIMIT_SIZE = 423,
|
||||
VAR_RATELIMIT = 424,
|
||||
VAR_RATELIMIT_SLABS = 425,
|
||||
VAR_RATELIMIT_SIZE = 426,
|
||||
VAR_RATELIMIT_FOR_DOMAIN = 427,
|
||||
VAR_RATELIMIT_BELOW_DOMAIN = 428,
|
||||
VAR_IP_RATELIMIT_FACTOR = 429,
|
||||
VAR_RATELIMIT_FACTOR = 430,
|
||||
VAR_SEND_CLIENT_SUBNET = 431,
|
||||
VAR_CLIENT_SUBNET_ZONE = 432,
|
||||
VAR_CLIENT_SUBNET_ALWAYS_FORWARD = 433,
|
||||
VAR_CLIENT_SUBNET_OPCODE = 434,
|
||||
VAR_MAX_CLIENT_SUBNET_IPV4 = 435,
|
||||
VAR_MAX_CLIENT_SUBNET_IPV6 = 436,
|
||||
VAR_CAPS_WHITELIST = 437,
|
||||
VAR_CACHE_MAX_NEGATIVE_TTL = 438,
|
||||
VAR_PERMIT_SMALL_HOLDDOWN = 439,
|
||||
VAR_QNAME_MINIMISATION = 440,
|
||||
VAR_QNAME_MINIMISATION_STRICT = 441,
|
||||
VAR_IP_FREEBIND = 442,
|
||||
VAR_DEFINE_TAG = 443,
|
||||
VAR_LOCAL_ZONE_TAG = 444,
|
||||
VAR_ACCESS_CONTROL_TAG = 445,
|
||||
VAR_LOCAL_ZONE_OVERRIDE = 446,
|
||||
VAR_ACCESS_CONTROL_TAG_ACTION = 447,
|
||||
VAR_ACCESS_CONTROL_TAG_DATA = 448,
|
||||
VAR_VIEW = 449,
|
||||
VAR_ACCESS_CONTROL_VIEW = 450,
|
||||
VAR_VIEW_FIRST = 451,
|
||||
VAR_SERVE_EXPIRED = 452,
|
||||
VAR_FAKE_DSA = 453,
|
||||
VAR_FAKE_SHA1 = 454,
|
||||
VAR_LOG_IDENTITY = 455,
|
||||
VAR_HIDE_TRUSTANCHOR = 456,
|
||||
VAR_TRUST_ANCHOR_SIGNALING = 457,
|
||||
VAR_AGGRESSIVE_NSEC = 458,
|
||||
VAR_USE_SYSTEMD = 459,
|
||||
VAR_SHM_ENABLE = 460,
|
||||
VAR_SHM_KEY = 461,
|
||||
VAR_ROOT_KEY_SENTINEL = 462,
|
||||
VAR_DNSCRYPT = 463,
|
||||
VAR_DNSCRYPT_ENABLE = 464,
|
||||
VAR_DNSCRYPT_PORT = 465,
|
||||
VAR_DNSCRYPT_PROVIDER = 466,
|
||||
VAR_DNSCRYPT_SECRET_KEY = 467,
|
||||
VAR_DNSCRYPT_PROVIDER_CERT = 468,
|
||||
VAR_DNSCRYPT_PROVIDER_CERT_ROTATED = 469,
|
||||
VAR_DNSCRYPT_SHARED_SECRET_CACHE_SIZE = 470,
|
||||
VAR_DNSCRYPT_SHARED_SECRET_CACHE_SLABS = 471,
|
||||
VAR_DNSCRYPT_NONCE_CACHE_SIZE = 472,
|
||||
VAR_DNSCRYPT_NONCE_CACHE_SLABS = 473,
|
||||
VAR_IPSECMOD_ENABLED = 474,
|
||||
VAR_IPSECMOD_HOOK = 475,
|
||||
VAR_IPSECMOD_IGNORE_BOGUS = 476,
|
||||
VAR_IPSECMOD_MAX_TTL = 477,
|
||||
VAR_IPSECMOD_WHITELIST = 478,
|
||||
VAR_IPSECMOD_STRICT = 479,
|
||||
VAR_CACHEDB = 480,
|
||||
VAR_CACHEDB_BACKEND = 481,
|
||||
VAR_CACHEDB_SECRETSEED = 482,
|
||||
VAR_CACHEDB_REDISHOST = 483,
|
||||
VAR_CACHEDB_REDISPORT = 484,
|
||||
VAR_CACHEDB_REDISTIMEOUT = 485,
|
||||
VAR_UDP_UPSTREAM_WITHOUT_DOWNSTREAM = 486,
|
||||
VAR_FOR_UPSTREAM = 487,
|
||||
VAR_AUTH_ZONE = 488,
|
||||
VAR_ZONEFILE = 489,
|
||||
VAR_MASTER = 490,
|
||||
VAR_URL = 491,
|
||||
VAR_FOR_DOWNSTREAM = 492,
|
||||
VAR_FALLBACK_ENABLED = 493,
|
||||
VAR_TLS_ADDITIONAL_PORT = 494,
|
||||
VAR_LOW_RTT = 495,
|
||||
VAR_LOW_RTT_PERMIL = 496,
|
||||
VAR_ALLOW_NOTIFY = 497,
|
||||
VAR_TLS_WIN_CERT = 498
|
||||
};
|
||||
#endif
|
||||
/* Tokens. */
|
||||
@ -431,103 +432,104 @@ extern int yydebug;
|
||||
#define VAR_INFRA_CACHE_MIN_RTT 398
|
||||
#define VAR_DNS64_PREFIX 399
|
||||
#define VAR_DNS64_SYNTHALL 400
|
||||
#define VAR_DNSTAP 401
|
||||
#define VAR_DNSTAP_ENABLE 402
|
||||
#define VAR_DNSTAP_SOCKET_PATH 403
|
||||
#define VAR_DNSTAP_SEND_IDENTITY 404
|
||||
#define VAR_DNSTAP_SEND_VERSION 405
|
||||
#define VAR_DNSTAP_IDENTITY 406
|
||||
#define VAR_DNSTAP_VERSION 407
|
||||
#define VAR_DNSTAP_LOG_RESOLVER_QUERY_MESSAGES 408
|
||||
#define VAR_DNSTAP_LOG_RESOLVER_RESPONSE_MESSAGES 409
|
||||
#define VAR_DNSTAP_LOG_CLIENT_QUERY_MESSAGES 410
|
||||
#define VAR_DNSTAP_LOG_CLIENT_RESPONSE_MESSAGES 411
|
||||
#define VAR_DNSTAP_LOG_FORWARDER_QUERY_MESSAGES 412
|
||||
#define VAR_DNSTAP_LOG_FORWARDER_RESPONSE_MESSAGES 413
|
||||
#define VAR_RESPONSE_IP_TAG 414
|
||||
#define VAR_RESPONSE_IP 415
|
||||
#define VAR_RESPONSE_IP_DATA 416
|
||||
#define VAR_HARDEN_ALGO_DOWNGRADE 417
|
||||
#define VAR_IP_TRANSPARENT 418
|
||||
#define VAR_DISABLE_DNSSEC_LAME_CHECK 419
|
||||
#define VAR_IP_RATELIMIT 420
|
||||
#define VAR_IP_RATELIMIT_SLABS 421
|
||||
#define VAR_IP_RATELIMIT_SIZE 422
|
||||
#define VAR_RATELIMIT 423
|
||||
#define VAR_RATELIMIT_SLABS 424
|
||||
#define VAR_RATELIMIT_SIZE 425
|
||||
#define VAR_RATELIMIT_FOR_DOMAIN 426
|
||||
#define VAR_RATELIMIT_BELOW_DOMAIN 427
|
||||
#define VAR_IP_RATELIMIT_FACTOR 428
|
||||
#define VAR_RATELIMIT_FACTOR 429
|
||||
#define VAR_SEND_CLIENT_SUBNET 430
|
||||
#define VAR_CLIENT_SUBNET_ZONE 431
|
||||
#define VAR_CLIENT_SUBNET_ALWAYS_FORWARD 432
|
||||
#define VAR_CLIENT_SUBNET_OPCODE 433
|
||||
#define VAR_MAX_CLIENT_SUBNET_IPV4 434
|
||||
#define VAR_MAX_CLIENT_SUBNET_IPV6 435
|
||||
#define VAR_CAPS_WHITELIST 436
|
||||
#define VAR_CACHE_MAX_NEGATIVE_TTL 437
|
||||
#define VAR_PERMIT_SMALL_HOLDDOWN 438
|
||||
#define VAR_QNAME_MINIMISATION 439
|
||||
#define VAR_QNAME_MINIMISATION_STRICT 440
|
||||
#define VAR_IP_FREEBIND 441
|
||||
#define VAR_DEFINE_TAG 442
|
||||
#define VAR_LOCAL_ZONE_TAG 443
|
||||
#define VAR_ACCESS_CONTROL_TAG 444
|
||||
#define VAR_LOCAL_ZONE_OVERRIDE 445
|
||||
#define VAR_ACCESS_CONTROL_TAG_ACTION 446
|
||||
#define VAR_ACCESS_CONTROL_TAG_DATA 447
|
||||
#define VAR_VIEW 448
|
||||
#define VAR_ACCESS_CONTROL_VIEW 449
|
||||
#define VAR_VIEW_FIRST 450
|
||||
#define VAR_SERVE_EXPIRED 451
|
||||
#define VAR_FAKE_DSA 452
|
||||
#define VAR_FAKE_SHA1 453
|
||||
#define VAR_LOG_IDENTITY 454
|
||||
#define VAR_HIDE_TRUSTANCHOR 455
|
||||
#define VAR_TRUST_ANCHOR_SIGNALING 456
|
||||
#define VAR_AGGRESSIVE_NSEC 457
|
||||
#define VAR_USE_SYSTEMD 458
|
||||
#define VAR_SHM_ENABLE 459
|
||||
#define VAR_SHM_KEY 460
|
||||
#define VAR_ROOT_KEY_SENTINEL 461
|
||||
#define VAR_DNSCRYPT 462
|
||||
#define VAR_DNSCRYPT_ENABLE 463
|
||||
#define VAR_DNSCRYPT_PORT 464
|
||||
#define VAR_DNSCRYPT_PROVIDER 465
|
||||
#define VAR_DNSCRYPT_SECRET_KEY 466
|
||||
#define VAR_DNSCRYPT_PROVIDER_CERT 467
|
||||
#define VAR_DNSCRYPT_PROVIDER_CERT_ROTATED 468
|
||||
#define VAR_DNSCRYPT_SHARED_SECRET_CACHE_SIZE 469
|
||||
#define VAR_DNSCRYPT_SHARED_SECRET_CACHE_SLABS 470
|
||||
#define VAR_DNSCRYPT_NONCE_CACHE_SIZE 471
|
||||
#define VAR_DNSCRYPT_NONCE_CACHE_SLABS 472
|
||||
#define VAR_IPSECMOD_ENABLED 473
|
||||
#define VAR_IPSECMOD_HOOK 474
|
||||
#define VAR_IPSECMOD_IGNORE_BOGUS 475
|
||||
#define VAR_IPSECMOD_MAX_TTL 476
|
||||
#define VAR_IPSECMOD_WHITELIST 477
|
||||
#define VAR_IPSECMOD_STRICT 478
|
||||
#define VAR_CACHEDB 479
|
||||
#define VAR_CACHEDB_BACKEND 480
|
||||
#define VAR_CACHEDB_SECRETSEED 481
|
||||
#define VAR_CACHEDB_REDISHOST 482
|
||||
#define VAR_CACHEDB_REDISPORT 483
|
||||
#define VAR_CACHEDB_REDISTIMEOUT 484
|
||||
#define VAR_UDP_UPSTREAM_WITHOUT_DOWNSTREAM 485
|
||||
#define VAR_FOR_UPSTREAM 486
|
||||
#define VAR_AUTH_ZONE 487
|
||||
#define VAR_ZONEFILE 488
|
||||
#define VAR_MASTER 489
|
||||
#define VAR_URL 490
|
||||
#define VAR_FOR_DOWNSTREAM 491
|
||||
#define VAR_FALLBACK_ENABLED 492
|
||||
#define VAR_TLS_ADDITIONAL_PORT 493
|
||||
#define VAR_LOW_RTT 494
|
||||
#define VAR_LOW_RTT_PERMIL 495
|
||||
#define VAR_ALLOW_NOTIFY 496
|
||||
#define VAR_TLS_WIN_CERT 497
|
||||
#define VAR_DNS64_IGNORE_AAAA 401
|
||||
#define VAR_DNSTAP 402
|
||||
#define VAR_DNSTAP_ENABLE 403
|
||||
#define VAR_DNSTAP_SOCKET_PATH 404
|
||||
#define VAR_DNSTAP_SEND_IDENTITY 405
|
||||
#define VAR_DNSTAP_SEND_VERSION 406
|
||||
#define VAR_DNSTAP_IDENTITY 407
|
||||
#define VAR_DNSTAP_VERSION 408
|
||||
#define VAR_DNSTAP_LOG_RESOLVER_QUERY_MESSAGES 409
|
||||
#define VAR_DNSTAP_LOG_RESOLVER_RESPONSE_MESSAGES 410
|
||||
#define VAR_DNSTAP_LOG_CLIENT_QUERY_MESSAGES 411
|
||||
#define VAR_DNSTAP_LOG_CLIENT_RESPONSE_MESSAGES 412
|
||||
#define VAR_DNSTAP_LOG_FORWARDER_QUERY_MESSAGES 413
|
||||
#define VAR_DNSTAP_LOG_FORWARDER_RESPONSE_MESSAGES 414
|
||||
#define VAR_RESPONSE_IP_TAG 415
|
||||
#define VAR_RESPONSE_IP 416
|
||||
#define VAR_RESPONSE_IP_DATA 417
|
||||
#define VAR_HARDEN_ALGO_DOWNGRADE 418
|
||||
#define VAR_IP_TRANSPARENT 419
|
||||
#define VAR_DISABLE_DNSSEC_LAME_CHECK 420
|
||||
#define VAR_IP_RATELIMIT 421
|
||||
#define VAR_IP_RATELIMIT_SLABS 422
|
||||
#define VAR_IP_RATELIMIT_SIZE 423
|
||||
#define VAR_RATELIMIT 424
|
||||
#define VAR_RATELIMIT_SLABS 425
|
||||
#define VAR_RATELIMIT_SIZE 426
|
||||
#define VAR_RATELIMIT_FOR_DOMAIN 427
|
||||
#define VAR_RATELIMIT_BELOW_DOMAIN 428
|
||||
#define VAR_IP_RATELIMIT_FACTOR 429
|
||||
#define VAR_RATELIMIT_FACTOR 430
|
||||
#define VAR_SEND_CLIENT_SUBNET 431
|
||||
#define VAR_CLIENT_SUBNET_ZONE 432
|
||||
#define VAR_CLIENT_SUBNET_ALWAYS_FORWARD 433
|
||||
#define VAR_CLIENT_SUBNET_OPCODE 434
|
||||
#define VAR_MAX_CLIENT_SUBNET_IPV4 435
|
||||
#define VAR_MAX_CLIENT_SUBNET_IPV6 436
|
||||
#define VAR_CAPS_WHITELIST 437
|
||||
#define VAR_CACHE_MAX_NEGATIVE_TTL 438
|
||||
#define VAR_PERMIT_SMALL_HOLDDOWN 439
|
||||
#define VAR_QNAME_MINIMISATION 440
|
||||
#define VAR_QNAME_MINIMISATION_STRICT 441
|
||||
#define VAR_IP_FREEBIND 442
|
||||
#define VAR_DEFINE_TAG 443
|
||||
#define VAR_LOCAL_ZONE_TAG 444
|
||||
#define VAR_ACCESS_CONTROL_TAG 445
|
||||
#define VAR_LOCAL_ZONE_OVERRIDE 446
|
||||
#define VAR_ACCESS_CONTROL_TAG_ACTION 447
|
||||
#define VAR_ACCESS_CONTROL_TAG_DATA 448
|
||||
#define VAR_VIEW 449
|
||||
#define VAR_ACCESS_CONTROL_VIEW 450
|
||||
#define VAR_VIEW_FIRST 451
|
||||
#define VAR_SERVE_EXPIRED 452
|
||||
#define VAR_FAKE_DSA 453
|
||||
#define VAR_FAKE_SHA1 454
|
||||
#define VAR_LOG_IDENTITY 455
|
||||
#define VAR_HIDE_TRUSTANCHOR 456
|
||||
#define VAR_TRUST_ANCHOR_SIGNALING 457
|
||||
#define VAR_AGGRESSIVE_NSEC 458
|
||||
#define VAR_USE_SYSTEMD 459
|
||||
#define VAR_SHM_ENABLE 460
|
||||
#define VAR_SHM_KEY 461
|
||||
#define VAR_ROOT_KEY_SENTINEL 462
|
||||
#define VAR_DNSCRYPT 463
|
||||
#define VAR_DNSCRYPT_ENABLE 464
|
||||
#define VAR_DNSCRYPT_PORT 465
|
||||
#define VAR_DNSCRYPT_PROVIDER 466
|
||||
#define VAR_DNSCRYPT_SECRET_KEY 467
|
||||
#define VAR_DNSCRYPT_PROVIDER_CERT 468
|
||||
#define VAR_DNSCRYPT_PROVIDER_CERT_ROTATED 469
|
||||
#define VAR_DNSCRYPT_SHARED_SECRET_CACHE_SIZE 470
|
||||
#define VAR_DNSCRYPT_SHARED_SECRET_CACHE_SLABS 471
|
||||
#define VAR_DNSCRYPT_NONCE_CACHE_SIZE 472
|
||||
#define VAR_DNSCRYPT_NONCE_CACHE_SLABS 473
|
||||
#define VAR_IPSECMOD_ENABLED 474
|
||||
#define VAR_IPSECMOD_HOOK 475
|
||||
#define VAR_IPSECMOD_IGNORE_BOGUS 476
|
||||
#define VAR_IPSECMOD_MAX_TTL 477
|
||||
#define VAR_IPSECMOD_WHITELIST 478
|
||||
#define VAR_IPSECMOD_STRICT 479
|
||||
#define VAR_CACHEDB 480
|
||||
#define VAR_CACHEDB_BACKEND 481
|
||||
#define VAR_CACHEDB_SECRETSEED 482
|
||||
#define VAR_CACHEDB_REDISHOST 483
|
||||
#define VAR_CACHEDB_REDISPORT 484
|
||||
#define VAR_CACHEDB_REDISTIMEOUT 485
|
||||
#define VAR_UDP_UPSTREAM_WITHOUT_DOWNSTREAM 486
|
||||
#define VAR_FOR_UPSTREAM 487
|
||||
#define VAR_AUTH_ZONE 488
|
||||
#define VAR_ZONEFILE 489
|
||||
#define VAR_MASTER 490
|
||||
#define VAR_URL 491
|
||||
#define VAR_FOR_DOWNSTREAM 492
|
||||
#define VAR_FALLBACK_ENABLED 493
|
||||
#define VAR_TLS_ADDITIONAL_PORT 494
|
||||
#define VAR_LOW_RTT 495
|
||||
#define VAR_LOW_RTT_PERMIL 496
|
||||
#define VAR_ALLOW_NOTIFY 497
|
||||
#define VAR_TLS_WIN_CERT 498
|
||||
|
||||
/* Value type. */
|
||||
#if ! defined YYSTYPE && ! defined YYSTYPE_IS_DECLARED
|
||||
@ -538,7 +540,7 @@ union YYSTYPE
|
||||
|
||||
char* str;
|
||||
|
||||
#line 542 "util/configparser.h" /* yacc.c:1909 */
|
||||
#line 544 "util/configparser.h" /* yacc.c:1909 */
|
||||
};
|
||||
|
||||
typedef union YYSTYPE YYSTYPE;
|
||||
|
@ -114,7 +114,7 @@ extern struct config_parser_state* cfg_parser;
|
||||
%token VAR_MAX_UDP_SIZE VAR_DELAY_CLOSE
|
||||
%token VAR_UNBLOCK_LAN_ZONES VAR_INSECURE_LAN_ZONES
|
||||
%token VAR_INFRA_CACHE_MIN_RTT
|
||||
%token VAR_DNS64_PREFIX VAR_DNS64_SYNTHALL
|
||||
%token VAR_DNS64_PREFIX VAR_DNS64_SYNTHALL VAR_DNS64_IGNORE_AAAA
|
||||
%token VAR_DNSTAP VAR_DNSTAP_ENABLE VAR_DNSTAP_SOCKET_PATH
|
||||
%token VAR_DNSTAP_SEND_IDENTITY VAR_DNSTAP_SEND_VERSION
|
||||
%token VAR_DNSTAP_IDENTITY VAR_DNSTAP_VERSION
|
||||
@ -221,7 +221,7 @@ content_server: server_num_threads | server_verbosity | server_port |
|
||||
server_minimal_responses | server_rrset_roundrobin | server_max_udp_size |
|
||||
server_so_reuseport | server_delay_close |
|
||||
server_unblock_lan_zones | server_insecure_lan_zones |
|
||||
server_dns64_prefix | server_dns64_synthall |
|
||||
server_dns64_prefix | server_dns64_synthall | server_dns64_ignore_aaaa |
|
||||
server_infra_cache_min_rtt | server_harden_algo_downgrade |
|
||||
server_ip_transparent | server_ip_ratelimit | server_ratelimit |
|
||||
server_ip_ratelimit_slabs | server_ratelimit_slabs |
|
||||
@ -1663,6 +1663,14 @@ server_dns64_synthall: VAR_DNS64_SYNTHALL STRING_ARG
|
||||
free($2);
|
||||
}
|
||||
;
|
||||
server_dns64_ignore_aaaa: VAR_DNS64_IGNORE_AAAA STRING_ARG
|
||||
{
|
||||
OUTYY(("P(dns64_ignore_aaaa:%s)\n", $2));
|
||||
if(!cfg_strlist_insert(&cfg_parser->cfg->dns64_ignore_aaaa,
|
||||
$2))
|
||||
fatal_exit("out of memory adding dns64-ignore-aaaa");
|
||||
}
|
||||
;
|
||||
server_define_tag: VAR_DEFINE_TAG STRING_ARG
|
||||
{
|
||||
char* p, *s = $2;
|
||||
|
Loading…
Reference in New Issue
Block a user