mirror of
https://github.com/NLnetLabs/unbound.git
synced 2024-09-21 14:47:09 +00:00
revert earlier commit.
git-svn-id: file:///svn/unbound/trunk@2488 be551aaa-1e26-0410-a405-d3ace91eadb9
This commit is contained in:
parent
46eeced066
commit
af93d6033c
@ -1,3 +1,7 @@
|
||||
12 September 2011: Wouter
|
||||
- Reverted dns EDNS backoff fix, it did not help and needs
|
||||
fragmentation fixes instead.
|
||||
|
||||
7 September 2011: Wouter
|
||||
- Fix operation in ipv6 only (do-ip4: no) mode.
|
||||
|
||||
|
@ -539,7 +539,7 @@ iter_dp_is_useless(struct query_info* qinfo, uint16_t qflags,
|
||||
|
||||
int
|
||||
iter_indicates_dnssec(struct module_env* env, struct delegpt* dp,
|
||||
struct dns_msg* msg, uint16_t dclass, struct module_qstate* qstate)
|
||||
struct dns_msg* msg, uint16_t dclass)
|
||||
{
|
||||
struct trust_anchor* a;
|
||||
/* information not available, !env->anchors can be common */
|
||||
@ -573,15 +573,6 @@ iter_indicates_dnssec(struct module_env* env, struct delegpt* dp,
|
||||
regional_free_all(env->scratch);
|
||||
}
|
||||
}
|
||||
/* on retries, we have to expect DNSSEC.
|
||||
* just a blacklist of the cache is done for parentside lookups too,
|
||||
* but blacklist of IPs is done for validation failures. */
|
||||
if(qstate && qstate->blacklist) {
|
||||
struct sock_list* p;
|
||||
for(p=qstate->blacklist; p; p=p->next)
|
||||
if(p->len != 0)
|
||||
return 1;
|
||||
}
|
||||
return 0;
|
||||
}
|
||||
|
||||
|
@ -172,12 +172,10 @@ int iter_dp_is_useless(struct query_info* qinfo, uint16_t qflags,
|
||||
* @param dp: delegation point.
|
||||
* @param msg: delegation message, with DS if a secure referral.
|
||||
* @param dclass: class of query.
|
||||
* @param qstate: module query state for the query in question, for validation
|
||||
* retry state.
|
||||
* @return 1 if dnssec is expected, 0 if not.
|
||||
*/
|
||||
int iter_indicates_dnssec(struct module_env* env, struct delegpt* dp,
|
||||
struct dns_msg* msg, uint16_t dclass, struct module_qstate* qstate);
|
||||
struct dns_msg* msg, uint16_t dclass);
|
||||
|
||||
/**
|
||||
* See if a message contains DNSSEC.
|
||||
|
@ -574,8 +574,8 @@ prime_root(struct module_qstate* qstate, struct iter_qstate* iq,
|
||||
}
|
||||
/* there should not be any target queries. */
|
||||
subiq->num_target_queries = 0;
|
||||
subiq->dnssec_expected = iter_indicates_dnssec(qstate->env,
|
||||
subiq->dp, NULL, subq->qinfo.qclass, subq);
|
||||
subiq->dnssec_expected = iter_indicates_dnssec(
|
||||
qstate->env, subiq->dp, NULL, subq->qinfo.qclass);
|
||||
}
|
||||
|
||||
/* this module stops, our submodule starts, and does the query. */
|
||||
@ -669,8 +669,8 @@ prime_stub(struct module_qstate* qstate, struct iter_qstate* iq,
|
||||
* missing targets. */
|
||||
subiq->num_target_queries = 0;
|
||||
subiq->wait_priming_stub = 1;
|
||||
subiq->dnssec_expected = iter_indicates_dnssec(qstate->env,
|
||||
subiq->dp, NULL, subq->qinfo.qclass, subq);
|
||||
subiq->dnssec_expected = iter_indicates_dnssec(
|
||||
qstate->env, subiq->dp, NULL, subq->qinfo.qclass);
|
||||
}
|
||||
|
||||
/* this module stops, our submodule starts, and does the query. */
|
||||
@ -1191,7 +1191,7 @@ processInitRequest3(struct module_qstate* qstate, struct iter_qstate* iq,
|
||||
/* if the cache reply dp equals a validation anchor or msg has DS,
|
||||
* then DNSSEC RRSIGs are expected in the reply */
|
||||
iq->dnssec_expected = iter_indicates_dnssec(qstate->env, iq->dp,
|
||||
iq->deleg_msg, iq->qchase.qclass, qstate);
|
||||
iq->deleg_msg, iq->qchase.qclass);
|
||||
|
||||
/* If the RD flag wasn't set, then we just finish with the
|
||||
* cached referral as the response. */
|
||||
@ -1254,7 +1254,7 @@ generate_parentside_target_query(struct module_qstate* qstate,
|
||||
subiq->dp = delegpt_copy(iq->dp, subq->region);
|
||||
subiq->dnssec_expected = iter_indicates_dnssec(
|
||||
qstate->env, subiq->dp, NULL,
|
||||
subq->qinfo.qclass, subq);
|
||||
subq->qinfo.qclass);
|
||||
subiq->refetch_glue = 1;
|
||||
} else {
|
||||
subiq->dp = dns_cache_find_delegation(qstate->env,
|
||||
@ -1264,7 +1264,7 @@ generate_parentside_target_query(struct module_qstate* qstate,
|
||||
if(subiq->dp) {
|
||||
subiq->dnssec_expected = iter_indicates_dnssec(
|
||||
qstate->env, subiq->dp, NULL,
|
||||
subq->qinfo.qclass, subq);
|
||||
subq->qinfo.qclass);
|
||||
subiq->refetch_glue = 1;
|
||||
}
|
||||
}
|
||||
@ -1899,7 +1899,7 @@ processQueryResponse(struct module_qstate* qstate, struct iter_qstate* iq,
|
||||
/* see if the next dp is a trust anchor, or a DS was sent
|
||||
* along, indicating dnssec is expected for next zone */
|
||||
iq->dnssec_expected = iter_indicates_dnssec(qstate->env,
|
||||
iq->dp, iq->response, iq->qchase.qclass, qstate);
|
||||
iq->dp, iq->response, iq->qchase.qclass);
|
||||
/* if dnssec, validating then also fetch the key for the DS */
|
||||
if(iq->dnssec_expected && qstate->env->cfg->prefetch_key &&
|
||||
!(qstate->query_flags&BIT_CD))
|
||||
|
@ -1318,7 +1318,7 @@ serviced_udp_send(struct serviced_query* sq, ldns_buffer* buff)
|
||||
/* even 700 msec may be too small */
|
||||
rtt = 1000;
|
||||
sq->status = serviced_query_PROBE_EDNS;
|
||||
} else if(vs != -1 || sq->want_dnssec) {
|
||||
} else if(vs != -1) {
|
||||
sq->status = serviced_query_UDP_EDNS;
|
||||
} else {
|
||||
sq->status = serviced_query_UDP;
|
||||
@ -1536,7 +1536,7 @@ serviced_tcp_send(struct serviced_query* sq, ldns_buffer* buff)
|
||||
if(!infra_host(sq->outnet->infra, &sq->addr, sq->addrlen,
|
||||
*sq->outnet->now_secs, &vs, &edns_lame_known, &rtt))
|
||||
return 0;
|
||||
if(vs != -1 || sq->want_dnssec)
|
||||
if(vs != -1)
|
||||
sq->status = serviced_query_TCP_EDNS;
|
||||
else sq->status = serviced_query_TCP;
|
||||
serviced_encode(sq, buff, sq->status == serviced_query_TCP_EDNS);
|
||||
|
Loading…
Reference in New Issue
Block a user