| Age | Commit message (Collapse) | Author |
|---|
|
Allow specifying the local IP addresses that
the UDP dns server will listen on when the
-s flag is given.
|
|
rfc883 suggests to use decimal digits to escape txt rr strings,
and unix dig appears to use the same.
so change from octal to decimal.
|
|
txt and caa rr strings might contain binary control characters
such as newlines and double quotes which mess up the output
in ndb(6) format.
so handle them as binary blobs internally and escape special
characters as \DDD where D is a octal digit when printing.
txtrr() will unescape them when reading into internal
binary representation.
remove the undocumented nullrr ndb attribute parsing code.
|
|
|
|
have todo multiple fmtprint() calls for idnname()
as the buffer is shared.
do not idnname() rp->os and rp->cpu, these are symbols.
always quote txt= records.
|
|
|
|
On 12/18/20, Jacob Moody wrote:
> Hello,
>
> I recently ran in to some issues with pointing an unbound server towards a
> 9front dns server as its upstream.
> The parsing seemed to fail when ndb/dns received a DNSKEY RR from it's own
> upstream source on behalf of unbound.
> This patch catches and stores the DNSKEY from the upstream server to prevent
> this.
|
|
I have the problem that i need to delegate a subdomain
to another name server that is confused about its own zone
(and its own name) returning unusable ns records.
With this, one can make up a nameserver entry in ndb that
is authoritative and owned by us for that nameserver,
and then put it in the soa=delegated ns entry.
This promotes the ns record in the soa=delegated to
Authoritative, which avoids overriding the ns rr's from
the confused server for the delegated zone.
|
|
The de-duplication of txt, nullrr, cert, key and sig records
reduced all records to a single one.
Also, dblookup1() missed the txt record case and did not return
a unique list of rr's.
Now we consider these records unique if their value is different.
The new txtequiv() function does that for TXT records, which is
a bit tricky as it needs to take different segmentation into account.
|
|
|
|
|
|
remove myaddr() function and replace with myip() function
that receives binary ip address. and don't use string
comparsion for ip addresses... parse and then ipcmp().
for sanity reasons, normalize ip address strings and
reject unparsable ones. done by calling ipalookup()
with a binary ip address.
|
|
|
|
testing code
when ndb/dns runs as a resolver only (cfg.cachedb == 0),
we still want to purge the "local#" db records to reread
dns server configuration or react to changed ip addresses.
removing old poolcheck and dncheck code, these bugs have
been fixed a long time ago.
|
|
the special sencodefmt() in ndb/dn.c is only used with %H format for
hexadecimal printing for binary strings. removing the unused
calls to enc32() and enc64() reduces the code size by arround 4K.
(this is usefull for ndb/getip which gets linked into the kernel).
|
|
|
|
only cache what we asked for or need to resolve the
query. filter out everything else.
|
|
never try to resolve a nameserver address when that nameserver
is in the set of nameservers already being queried.
this situation can happen when the Ta and Taaaa RR's expire, but
the Tns records are still in the cache so there is no usable
nameserver but they still refer to each another.
|
|
stop absolute/relative dual use of RR.ttl. now RR.ttl is
*always* the *relative* ttl value. we derive absolute
timeout in RR.expire.
remove unused lookuptime field in DN. replace refs and
keep with mark field in DN. we do not care about the
number of references. only *iff* it is referenced, so
use a single bit for that (bit 0). for keep, we use
bit 1.
remove dolock parameter in dnagenever(), it is not
needed. we always need to lock.
mark local dns servers and domains as never to be aged.
the keeper bit is *just* a cache optimization, preventing
the domain and the domains it points to from being flushed.
it should not be used as a write protect bit in rrattach()
for preventing spoofing as it will prevent updates of say,
cname domains.
remove "removing spam ..." message. these are usualy just
hints, so normal. still, remove the hint as we currently
do no check if the nameserver has authority over the
cname domain.
remove "mydnsquery: trying to send to myself (%s); bzzzt"
message. this can happen when myaddr() fails for other
reasons. myaddr() will print error for us anyway.
|
|
dnauthdb() would relabel expired rr's as rr->db == 0 to make
them get garbage collected by dnage(). but this doesnt work
due to dn->keep and also causes the deduplication to fail on
rrattach() as rrattach1() handles rr->dn/rr->auth as separate
name spaces.
this causes duplicate entries in the rr's when ndb gets
gets changed. to fix, we just delete the expired (removed from
ndb) rr's immidiately in dnauthdb() instead of trying trick
dnage() to garbage collect it.
|
|
|
|
removing the querylck from the DN as it was never used or being
effective which saves like a ton on space per domain name.
remove the Query.tcplock and put query on the stack. it is
unneccesary to lock the query as its only used by one process
at a time. put Query's on the stack.
change outsidens() to outsidensip() which now takes the ip
buffer that it fills instead of returning static buffer (which
would race with multiple processes involved).
eleminate mostly all of the lock(&dnlock)/unlock(&dnlock) calls.
we'r not working on shared cache RR's in the resolver procs.
we work on *copies* done by rrlookup() made under the dnlock.
the cache garbage collection only runs when all processes are
locked out and is also taking the dnlock while doing so.
cleanup xmitquery(). for the tcp case, we dont need to get
more nameserver addresses, just take the ip from the udp header
that tcpquery() placed there for us.
fixed baddelegation() to actually check for delegation loop even
if theres no dom info for our host.
remove lots of debug code. remove the dnforceage() as it doenst
make sure other processes are locked out. this could destroy
dn's currenctly refered by running queries.
remove dnageallnever() as its not used. dont attach rr's to
keepers to prevent outside spoofing.
make myaddr() retrive the ip address if not set.
|
|
|
|
|
|
|
|
|
|
|
