clones/unbound
1
0
Fork 0
mirror of https://github.com/NLnetLabs/unbound.git synced 2024-09-21 14:47:09 +00:00
Code Issues Packages Projects Releases Wiki Activity

revert earlier commit.

Browse Source 
git-svn-id: file:///svn/unbound/trunk@2488 be551aaa-1e26-0410-a405-d3ace91eadb9
This commit is contained in:
Wouter Wijngaards 2011-09-12 11:28:14 +00:00
parent 46eeced066
commit af93d6033c
5 changed files with 16 additions and 23 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
doc/Changelog
View File

@ -1,3 +1,7 @@
12 September 2011: Wouter
- Reverted dns EDNS backoff fix, it did not help and needs
fragmentation fixes instead.
7 September 2011: Wouter
- Fix operation in ipv6 only (do-ip4: no) mode.

11
iterator/iter_utils.c
View File

@ -539,7 +539,7 @@ iter_dp_is_useless(struct query_info* qinfo, uint16_t qflags,
int
iter_indicates_dnssec(struct module_env* env, struct delegpt* dp,
struct dns_msg* msg, uint16_t dclass, struct module_qstate* qstate)
struct dns_msg* msg, uint16_t dclass)
{
struct trust_anchor* a;
/* information not available, !env->anchors can be common */
@ -573,15 +573,6 @@ iter_indicates_dnssec(struct module_env* env, struct delegpt* dp,
regional_free_all(env->scratch);
}
}
/* on retries, we have to expect DNSSEC.
* just a blacklist of the cache is done for parentside lookups too,
* but blacklist of IPs is done for validation failures. */
if(qstate && qstate->blacklist) {
struct sock_list* p;
for(p=qstate->blacklist; p; p=p->next)
if(p->len != 0)
return 1;
}
return 0;
}

4
iterator/iter_utils.h
View File

@ -172,12 +172,10 @@ int iter_dp_is_useless(struct query_info* qinfo, uint16_t qflags,
* @param dp: delegation point.
* @param msg: delegation message, with DS if a secure referral.
* @param dclass: class of query.
* @param qstate: module query state for the query in question, for validation
* retry state.
* @return 1 if dnssec is expected, 0 if not.
*/
int iter_indicates_dnssec(struct module_env* env, struct delegpt* dp,
struct dns_msg* msg, uint16_t dclass, struct module_qstate* qstate);
struct dns_msg* msg, uint16_t dclass);
/**
* See if a message contains DNSSEC.

16
iterator/iterator.c
View File

@ -574,8 +574,8 @@ prime_root(struct module_qstate* qstate, struct iter_qstate* iq,
}
/* there should not be any target queries. */
subiq->num_target_queries = 0;
subiq->dnssec_expected = iter_indicates_dnssec(qstate->env,
subiq->dp, NULL, subq->qinfo.qclass, subq);
subiq->dnssec_expected = iter_indicates_dnssec(
qstate->env, subiq->dp, NULL, subq->qinfo.qclass);
}
/* this module stops, our submodule starts, and does the query. */
@ -669,8 +669,8 @@ prime_stub(struct module_qstate* qstate, struct iter_qstate* iq,
* missing targets. */
subiq->num_target_queries = 0;
subiq->wait_priming_stub = 1;
subiq->dnssec_expected = iter_indicates_dnssec(qstate->env,
subiq->dp, NULL, subq->qinfo.qclass, subq);
subiq->dnssec_expected = iter_indicates_dnssec(
qstate->env, subiq->dp, NULL, subq->qinfo.qclass);
}
/* this module stops, our submodule starts, and does the query. */
@ -1191,7 +1191,7 @@ processInitRequest3(struct module_qstate* qstate, struct iter_qstate* iq,
/* if the cache reply dp equals a validation anchor or msg has DS,
* then DNSSEC RRSIGs are expected in the reply */
iq->dnssec_expected = iter_indicates_dnssec(qstate->env, iq->dp,
iq->deleg_msg, iq->qchase.qclass, qstate);
iq->deleg_msg, iq->qchase.qclass);
/* If the RD flag wasn't set, then we just finish with the
* cached referral as the response. */
@ -1254,7 +1254,7 @@ generate_parentside_target_query(struct module_qstate* qstate,
subiq->dp = delegpt_copy(iq->dp, subq->region);
subiq->dnssec_expected = iter_indicates_dnssec(
qstate->env, subiq->dp, NULL,
subq->qinfo.qclass, subq);
subq->qinfo.qclass);
subiq->refetch_glue = 1;
} else {
subiq->dp = dns_cache_find_delegation(qstate->env,
@ -1264,7 +1264,7 @@ generate_parentside_target_query(struct module_qstate* qstate,
if(subiq->dp) {
subiq->dnssec_expected = iter_indicates_dnssec(
qstate->env, subiq->dp, NULL,
subq->qinfo.qclass, subq);
subq->qinfo.qclass);
subiq->refetch_glue = 1;
}
}
@ -1899,7 +1899,7 @@ processQueryResponse(struct module_qstate* qstate, struct iter_qstate* iq,
/* see if the next dp is a trust anchor, or a DS was sent
* along, indicating dnssec is expected for next zone */
iq->dnssec_expected = iter_indicates_dnssec(qstate->env,
iq->dp, iq->response, iq->qchase.qclass, qstate);
iq->dp, iq->response, iq->qchase.qclass);
/* if dnssec, validating then also fetch the key for the DS */
if(iq->dnssec_expected && qstate->env->cfg->prefetch_key &&
!(qstate->query_flags&BIT_CD))

4
services/outside_network.c
View File

@ -1318,7 +1318,7 @@ serviced_udp_send(struct serviced_query* sq, ldns_buffer* buff)
/* even 700 msec may be too small */
rtt = 1000;
sq->status = serviced_query_PROBE_EDNS;
} else if(vs != -1 || sq->want_dnssec) {
} else if(vs != -1) {
sq->status = serviced_query_UDP_EDNS;
} else {
sq->status = serviced_query_UDP;
@ -1536,7 +1536,7 @@ serviced_tcp_send(struct serviced_query* sq, ldns_buffer* buff)
if(!infra_host(sq->outnet->infra, &sq->addr, sq->addrlen,
*sq->outnet->now_secs, &vs, &edns_lame_known, &rtt))
return 0;
if(vs != -1 || sq->want_dnssec)
if(vs != -1)
sq->status = serviced_query_TCP_EDNS;
else sq->status = serviced_query_TCP;
serviced_encode(sq, buff, sq->status == serviced_query_TCP_EDNS);