| Age | Commit message (Collapse) | Author |
|---|
|
|
|
|
|
|
|
nameservers are provided
continue recursing when we get empty but non-negative answer
from a (claimed) authoritative nameserer that provides more
nameservers.
this fixes wordpress dns:
63766.3: sending to 192.0.80.93/ns1.wordpress.com bossypally.files.wordpress.com ip
63766: rcvd OK from 192.0.80.93 (authoritative)
Q: bossypally.files.wordpress.com ip
Auth: files.wordpress.com 5 min ns mdns1.wordpress.com
files.wordpress.com 5 min ns mdns2.wordpress.com
files.wordpress.com 5 min ns mdns3.wordpress.com
files.wordpress.com 5 min ns mdns4.wordpress.com
files.wordpress.com 5 min ns mdns5.wordpress.com
Hint: mdns1.wordpress.com 4 hr ip 192.0.75.7
mdns2.wordpress.com 4 hr ip 198.181.117.7
mdns3.wordpress.com 4 hr ip 198.181.116.7
mdns4.wordpress.com 4 hr ip 198.181.118.7
mdns5.wordpress.com 4 hr ip 192.0.74.7
63766.4: sending to 192.0.75.7/mdns1.wordpress.com bossypally.files.wordpress.com ip
63766: rcvd OK from 192.0.75.7 (authoritative)
Q: bossypally.files.wordpress.com ip
Ans: bossypally.files.wordpress.com 5 min ip 192.0.72.2
bossypally.files.wordpress.com 5 min ip 192.0.72.3
----------------------------
answer bossypally.files.wordpress.com 5 min ip 192.0.72.2
answer bossypally.files.wordpress.com 5 min ip 192.0.72.3
----------------------------
note the authoritative flag in the first response from ns1.wordpress.com that
would otherwise terminate the search.
|
|
|
|
dont write dns logfile
|
|
we used to set RD flag in requests unconditionally, which
is fine by the standard but some dns server administrators
seem to use it as a denial of service indicator (for ther
non recursive authoritative nameservers) and ignore the
request.
so only set the RD flag when talking to local dns servers.
|
|
|
|
|
|
we might get a unreachable nameserver ip from a parent
nameserver. if the remaining set of nameservers does not
loop, we should try to resolve them.
so skip the loopcheck for nameservers already tried.
|
|
|
|
|
|
only cache what we asked for or need to resolve the
query. filter out everything else.
|
|
we have to fail the whole query that got no cached
nameservers and nameservers are looping, not just omit
the looping nameserver. issuequery() will refresh
nameserver info for the domain when recursing up.
|
|
never try to resolve a nameserver address when that nameserver
is in the set of nameservers already being queried.
this situation can happen when the Ta and Taaaa RR's expire, but
the Tns records are still in the cache so there is no usable
nameserver but they still refer to each another.
|
|
stop absolute/relative dual use of RR.ttl. now RR.ttl is
*always* the *relative* ttl value. we derive absolute
timeout in RR.expire.
remove unused lookuptime field in DN. replace refs and
keep with mark field in DN. we do not care about the
number of references. only *iff* it is referenced, so
use a single bit for that (bit 0). for keep, we use
bit 1.
remove dolock parameter in dnagenever(), it is not
needed. we always need to lock.
mark local dns servers and domains as never to be aged.
the keeper bit is *just* a cache optimization, preventing
the domain and the domains it points to from being flushed.
it should not be used as a write protect bit in rrattach()
for preventing spoofing as it will prevent updates of say,
cname domains.
remove "removing spam ..." message. these are usualy just
hints, so normal. still, remove the hint as we currently
do no check if the nameserver has authority over the
cname domain.
remove "mydnsquery: trying to send to myself (%s); bzzzt"
message. this can happen when myaddr() fails for other
reasons. myaddr() will print error for us anyway.
|
|
inplace lower case conversion, cleanups
ndb keys are strictly case sensitive, so consitently
use strcmp() when comparing attribute keys.
dblookup() used to lower case convert its name argument
inplace to match domain/sys name in ndb. better to do
the convesion in its own buffer and only read from the
name argument.
always use cistrcmp() when comparing DN.name.
the Domlen constant denotes the size of the buffer including
the null terminator. consistently use it as such.
have to hold dnlock in freearea() before reading list
head pointer.
|
|
|
|
dnauthdb() would relabel expired rr's as rr->db == 0 to make
them get garbage collected by dnage(). but this doesnt work
due to dn->keep and also causes the deduplication to fail on
rrattach() as rrattach1() handles rr->dn/rr->auth as separate
name spaces.
this causes duplicate entries in the rr's when ndb gets
gets changed. to fix, we just delete the expired (removed from
ndb) rr's immidiately in dnauthdb() instead of trying trick
dnage() to garbage collect it.
|
|
|
|
we run the service owner
this prevents users like "none" from toggling special options in ndb/dns
and ndb/cs.
|
|
overriding aborttime in udpquery() makes no sense. it causes
recursive queries to extend the timeout infinitely. nobody
but the issuer of the request should modify aborttime.
|
|
|
|
|
|
removing the querylck from the DN as it was never used or being
effective which saves like a ton on space per domain name.
remove the Query.tcplock and put query on the stack. it is
unneccesary to lock the query as its only used by one process
at a time. put Query's on the stack.
change outsidens() to outsidensip() which now takes the ip
buffer that it fills instead of returning static buffer (which
would race with multiple processes involved).
eleminate mostly all of the lock(&dnlock)/unlock(&dnlock) calls.
we'r not working on shared cache RR's in the resolver procs.
we work on *copies* done by rrlookup() made under the dnlock.
the cache garbage collection only runs when all processes are
locked out and is also taking the dnlock while doing so.
cleanup xmitquery(). for the tcp case, we dont need to get
more nameserver addresses, just take the ip from the udp header
that tcpquery() placed there for us.
fixed baddelegation() to actually check for delegation loop even
if theres no dom info for our host.
remove lots of debug code. remove the dnforceage() as it doenst
make sure other processes are locked out. this could destroy
dn's currenctly refered by running queries.
remove dnageallnever() as its not used. dont attach rr's to
keepers to prevent outside spoofing.
make myaddr() retrive the ip address if not set.
|
|
|
|
|
|
|
|
|
|
|
|
processes, fail the request instead
|
|
|
|
|
|
|
|
finishes
|
|
|
|
|
|
|
|
|
|
|
