Vendor import of Unbound 1.6.4.
This commit is contained in:
parent
689b65913b
commit
15de2de844
Notes:
svn2git
2020-12-20 02:59:44 +00:00
svn path=/vendor/unbound/dist/; revision=333537 svn path=/vendor/unbound/1.6.4/; revision=333538; tag=vendor/unbound/1.6.4
601
Makefile.in
601
Makefile.in
@ -100,6 +100,9 @@ PYUNBOUND_OBJ=@PYUNBOUND_OBJ@
|
|||||||
SUBNET_SRC=edns-subnet/edns-subnet.c edns-subnet/subnetmod.c edns-subnet/addrtree.c edns-subnet/subnet-whitelist.c
|
SUBNET_SRC=edns-subnet/edns-subnet.c edns-subnet/subnetmod.c edns-subnet/addrtree.c edns-subnet/subnet-whitelist.c
|
||||||
SUBNET_OBJ=@SUBNET_OBJ@
|
SUBNET_OBJ=@SUBNET_OBJ@
|
||||||
SUBNET_HEADER=@SUBNET_HEADER@
|
SUBNET_HEADER=@SUBNET_HEADER@
|
||||||
|
IPSECMOD_SRC=ipsecmod/ipsecmod.c ipsecmod/ipsecmod-whitelist.c
|
||||||
|
IPSECMOD_OBJ=@IPSECMOD_OBJ@
|
||||||
|
IPSECMOD_HEADER=@IPSECMOD_HEADER@
|
||||||
COMMON_SRC=services/cache/dns.c services/cache/infra.c services/cache/rrset.c \
|
COMMON_SRC=services/cache/dns.c services/cache/infra.c services/cache/rrset.c \
|
||||||
util/as112.c util/data/dname.c util/data/msgencode.c util/data/msgparse.c \
|
util/as112.c util/data/dname.c util/data/msgencode.c util/data/msgparse.c \
|
||||||
util/data/msgreply.c util/data/packed_rrset.c iterator/iterator.c \
|
util/data/msgreply.c util/data/packed_rrset.c iterator/iterator.c \
|
||||||
@ -109,7 +112,7 @@ iterator/iter_scrub.c iterator/iter_utils.c services/listen_dnsport.c \
|
|||||||
services/localzone.c services/mesh.c services/modstack.c services/view.c \
|
services/localzone.c services/mesh.c services/modstack.c services/view.c \
|
||||||
services/outbound_list.c services/outside_network.c util/alloc.c \
|
services/outbound_list.c services/outside_network.c util/alloc.c \
|
||||||
util/config_file.c util/configlexer.c util/configparser.c \
|
util/config_file.c util/configlexer.c util/configparser.c \
|
||||||
util/shm_side/shm_main.c \
|
util/shm_side/shm_main.c services/authzone.c\
|
||||||
util/fptr_wlist.c util/locks.c util/log.c util/mini_event.c util/module.c \
|
util/fptr_wlist.c util/locks.c util/log.c util/mini_event.c util/module.c \
|
||||||
util/netevent.c util/net_help.c util/random.c util/rbtree.c util/regional.c \
|
util/netevent.c util/net_help.c util/random.c util/rbtree.c util/regional.c \
|
||||||
util/rtt.c util/storage/dnstree.c util/storage/lookup3.c \
|
util/rtt.c util/storage/dnstree.c util/storage/lookup3.c \
|
||||||
@ -122,7 +125,7 @@ validator/val_sigcrypt.c validator/val_utils.c dns64/dns64.c \
|
|||||||
edns-subnet/edns-subnet.c edns-subnet/subnetmod.c \
|
edns-subnet/edns-subnet.c edns-subnet/subnetmod.c \
|
||||||
edns-subnet/addrtree.c edns-subnet/subnet-whitelist.c \
|
edns-subnet/addrtree.c edns-subnet/subnet-whitelist.c \
|
||||||
cachedb/cachedb.c respip/respip.c $(CHECKLOCK_SRC) \
|
cachedb/cachedb.c respip/respip.c $(CHECKLOCK_SRC) \
|
||||||
$(DNSTAP_SRC) $(DNSCRYPT_SRC)
|
$(DNSTAP_SRC) $(DNSCRYPT_SRC) $(IPSECMOD_SRC)
|
||||||
COMMON_OBJ_WITHOUT_NETCALL=dns.lo infra.lo rrset.lo dname.lo msgencode.lo \
|
COMMON_OBJ_WITHOUT_NETCALL=dns.lo infra.lo rrset.lo dname.lo msgencode.lo \
|
||||||
as112.lo msgparse.lo msgreply.lo packed_rrset.lo iterator.lo iter_delegpt.lo \
|
as112.lo msgparse.lo msgreply.lo packed_rrset.lo iterator.lo iter_delegpt.lo \
|
||||||
iter_donotq.lo iter_fwd.lo iter_hints.lo iter_priv.lo iter_resptype.lo \
|
iter_donotq.lo iter_fwd.lo iter_hints.lo iter_priv.lo iter_resptype.lo \
|
||||||
@ -132,8 +135,9 @@ fptr_wlist.lo locks.lo log.lo mini_event.lo module.lo net_help.lo \
|
|||||||
random.lo rbtree.lo regional.lo rtt.lo dnstree.lo lookup3.lo lruhash.lo \
|
random.lo rbtree.lo regional.lo rtt.lo dnstree.lo lookup3.lo lruhash.lo \
|
||||||
slabhash.lo timehist.lo tube.lo winsock_event.lo autotrust.lo val_anchor.lo \
|
slabhash.lo timehist.lo tube.lo winsock_event.lo autotrust.lo val_anchor.lo \
|
||||||
validator.lo val_kcache.lo val_kentry.lo val_neg.lo val_nsec3.lo val_nsec.lo \
|
validator.lo val_kcache.lo val_kentry.lo val_neg.lo val_nsec3.lo val_nsec.lo \
|
||||||
val_secalgo.lo val_sigcrypt.lo val_utils.lo dns64.lo cachedb.lo \
|
val_secalgo.lo val_sigcrypt.lo val_utils.lo dns64.lo cachedb.lo authzone.lo\
|
||||||
$(SUBNET_OBJ) $(PYTHONMOD_OBJ) $(CHECKLOCK_OBJ) $(DNSTAP_OBJ) $(DNSCRYPT_OBJ)
|
$(SUBNET_OBJ) $(PYTHONMOD_OBJ) $(CHECKLOCK_OBJ) $(DNSTAP_OBJ) $(DNSCRYPT_OBJ) \
|
||||||
|
$(IPSECMOD_OBJ)
|
||||||
COMMON_OBJ_WITHOUT_NETCALL+=respip.lo
|
COMMON_OBJ_WITHOUT_NETCALL+=respip.lo
|
||||||
COMMON_OBJ_WITHOUT_UB_EVENT=$(COMMON_OBJ_WITHOUT_NETCALL) netevent.lo listen_dnsport.lo \
|
COMMON_OBJ_WITHOUT_UB_EVENT=$(COMMON_OBJ_WITHOUT_NETCALL) netevent.lo listen_dnsport.lo \
|
||||||
outside_network.lo
|
outside_network.lo
|
||||||
@ -159,10 +163,10 @@ UNITTEST_SRC=testcode/unitanchor.c testcode/unitdname.c \
|
|||||||
testcode/unitlruhash.c testcode/unitmain.c testcode/unitmsgparse.c \
|
testcode/unitlruhash.c testcode/unitmain.c testcode/unitmsgparse.c \
|
||||||
testcode/unitneg.c testcode/unitregional.c testcode/unitslabhash.c \
|
testcode/unitneg.c testcode/unitregional.c testcode/unitslabhash.c \
|
||||||
testcode/unitverify.c testcode/readhex.c testcode/testpkts.c testcode/unitldns.c \
|
testcode/unitverify.c testcode/readhex.c testcode/testpkts.c testcode/unitldns.c \
|
||||||
testcode/unitecs.c
|
testcode/unitecs.c testcode/unitauth.c
|
||||||
UNITTEST_OBJ=unitanchor.lo unitdname.lo unitlruhash.lo unitmain.lo \
|
UNITTEST_OBJ=unitanchor.lo unitdname.lo unitlruhash.lo unitmain.lo \
|
||||||
unitmsgparse.lo unitneg.lo unitregional.lo unitslabhash.lo unitverify.lo \
|
unitmsgparse.lo unitneg.lo unitregional.lo unitslabhash.lo unitverify.lo \
|
||||||
readhex.lo testpkts.lo unitldns.lo unitecs.lo
|
readhex.lo testpkts.lo unitldns.lo unitecs.lo unitauth.lo
|
||||||
UNITTEST_OBJ_LINK=$(UNITTEST_OBJ) worker_cb.lo $(COMMON_OBJ) $(SLDNS_OBJ) \
|
UNITTEST_OBJ_LINK=$(UNITTEST_OBJ) worker_cb.lo $(COMMON_OBJ) $(SLDNS_OBJ) \
|
||||||
$(COMPAT_OBJ)
|
$(COMPAT_OBJ)
|
||||||
DAEMON_SRC=daemon/acl_list.c daemon/cachedump.c daemon/daemon.c \
|
DAEMON_SRC=daemon/acl_list.c daemon/cachedump.c daemon/daemon.c \
|
||||||
@ -605,6 +609,7 @@ depend:
|
|||||||
-e 's?$$(srcdir)/dnscrypt/dnscrypt_config.h??g' \
|
-e 's?$$(srcdir)/dnscrypt/dnscrypt_config.h??g' \
|
||||||
-e 's?$$(srcdir)/pythonmod/pythonmod.h?$$(PYTHONMOD_HEADER)?g' \
|
-e 's?$$(srcdir)/pythonmod/pythonmod.h?$$(PYTHONMOD_HEADER)?g' \
|
||||||
-e 's?$$(srcdir)/edns-subnet/subnetmod.h $$(srcdir)/edns-subnet/subnet-whitelist.h $$(srcdir)/edns-subnet/edns-subnet.h $$(srcdir)/edns-subnet/addrtree.h?$$(SUBNET_HEADER)?g' \
|
-e 's?$$(srcdir)/edns-subnet/subnetmod.h $$(srcdir)/edns-subnet/subnet-whitelist.h $$(srcdir)/edns-subnet/edns-subnet.h $$(srcdir)/edns-subnet/addrtree.h?$$(SUBNET_HEADER)?g' \
|
||||||
|
-e 's?$$(srcdir)/ipsecmod/ipsecmod.h $$(srcdir)/ipsecmod/ipsecmod-whitelist.h?$$(IPSECMOD_HEADER)?g' \
|
||||||
-e 's!\(.*\)\.o[ :]*!\1.lo \1.o: !g' \
|
-e 's!\(.*\)\.o[ :]*!\1.lo \1.o: !g' \
|
||||||
> $(DEPEND_TMP)
|
> $(DEPEND_TMP)
|
||||||
cp $(DEPEND_TARGET) $(DEPEND_TMP2)
|
cp $(DEPEND_TARGET) $(DEPEND_TMP2)
|
||||||
@ -622,18 +627,19 @@ depend:
|
|||||||
# Dependencies
|
# Dependencies
|
||||||
dns.lo dns.o: $(srcdir)/services/cache/dns.c config.h $(srcdir)/iterator/iter_delegpt.h $(srcdir)/util/log.h \
|
dns.lo dns.o: $(srcdir)/services/cache/dns.c config.h $(srcdir)/iterator/iter_delegpt.h $(srcdir)/util/log.h \
|
||||||
$(srcdir)/validator/val_nsec.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/storage/lruhash.h \
|
$(srcdir)/validator/val_nsec.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/storage/lruhash.h \
|
||||||
$(srcdir)/util/locks.h $(srcdir)/services/cache/dns.h $(srcdir)/util/data/msgreply.h \
|
$(srcdir)/util/locks.h $(srcdir)/validator/val_utils.h $(srcdir)/services/cache/dns.h \
|
||||||
$(srcdir)/services/cache/rrset.h $(srcdir)/util/storage/slabhash.h $(srcdir)/util/data/dname.h \
|
$(srcdir)/util/data/msgreply.h $(srcdir)/services/cache/rrset.h $(srcdir)/util/storage/slabhash.h \
|
||||||
$(srcdir)/util/module.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h \
|
$(srcdir)/util/data/dname.h $(srcdir)/util/module.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h \
|
||||||
$(srcdir)/util/net_help.h $(srcdir)/util/regional.h $(srcdir)/util/config_file.h $(srcdir)/sldns/sbuffer.h
|
$(srcdir)/sldns/rrdef.h $(srcdir)/util/net_help.h $(srcdir)/util/regional.h $(srcdir)/util/config_file.h \
|
||||||
|
$(srcdir)/sldns/sbuffer.h
|
||||||
infra.lo infra.o: $(srcdir)/services/cache/infra.c config.h $(srcdir)/sldns/rrdef.h $(srcdir)/sldns/str2wire.h \
|
infra.lo infra.o: $(srcdir)/services/cache/infra.c config.h $(srcdir)/sldns/rrdef.h $(srcdir)/sldns/str2wire.h \
|
||||||
$(srcdir)/services/cache/infra.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h \
|
$(srcdir)/services/cache/infra.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h \
|
||||||
$(srcdir)/util/storage/dnstree.h $(srcdir)/util/rbtree.h $(srcdir)/util/rtt.h $(srcdir)/util/netevent.h \
|
$(srcdir)/util/storage/dnstree.h $(srcdir)/util/rbtree.h $(srcdir)/util/rtt.h $(srcdir)/util/netevent.h \
|
||||||
$(srcdir)/dnscrypt/dnscrypt.h $(srcdir)/util/data/msgreply.h \
|
$(srcdir)/dnscrypt/dnscrypt.h $(srcdir)/dnscrypt/cert.h \
|
||||||
$(srcdir)/util/data/packed_rrset.h $(srcdir)/util/storage/slabhash.h $(srcdir)/util/storage/lookup3.h \
|
$(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/storage/slabhash.h \
|
||||||
$(srcdir)/util/data/dname.h $(srcdir)/util/net_help.h $(srcdir)/util/config_file.h $(srcdir)/iterator/iterator.h \
|
$(srcdir)/util/storage/lookup3.h $(srcdir)/util/data/dname.h $(srcdir)/util/net_help.h \
|
||||||
$(srcdir)/services/outbound_list.h $(srcdir)/util/module.h $(srcdir)/util/data/msgparse.h \
|
$(srcdir)/util/config_file.h $(srcdir)/iterator/iterator.h $(srcdir)/services/outbound_list.h \
|
||||||
$(srcdir)/sldns/pkthdr.h
|
$(srcdir)/util/module.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h
|
||||||
rrset.lo rrset.o: $(srcdir)/services/cache/rrset.c config.h $(srcdir)/services/cache/rrset.h \
|
rrset.lo rrset.o: $(srcdir)/services/cache/rrset.c config.h $(srcdir)/services/cache/rrset.h \
|
||||||
$(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/util/storage/slabhash.h \
|
$(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/util/storage/slabhash.h \
|
||||||
$(srcdir)/util/data/packed_rrset.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/config_file.h \
|
$(srcdir)/util/data/packed_rrset.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/config_file.h \
|
||||||
@ -656,11 +662,11 @@ msgparse.lo msgparse.o: $(srcdir)/util/data/msgparse.c config.h $(srcdir)/util/d
|
|||||||
msgreply.lo msgreply.o: $(srcdir)/util/data/msgreply.c config.h $(srcdir)/util/data/msgreply.h \
|
msgreply.lo msgreply.o: $(srcdir)/util/data/msgreply.c config.h $(srcdir)/util/data/msgreply.h \
|
||||||
$(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/util/data/packed_rrset.h \
|
$(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/util/data/packed_rrset.h \
|
||||||
$(srcdir)/util/storage/lookup3.h $(srcdir)/util/alloc.h $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \
|
$(srcdir)/util/storage/lookup3.h $(srcdir)/util/alloc.h $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \
|
||||||
$(srcdir)/util/net_help.h $(srcdir)/util/data/dname.h \
|
$(srcdir)/dnscrypt/cert.h $(srcdir)/util/net_help.h \
|
||||||
$(srcdir)/util/regional.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h \
|
$(srcdir)/util/data/dname.h $(srcdir)/util/regional.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h \
|
||||||
$(srcdir)/util/data/msgencode.h $(srcdir)/sldns/sbuffer.h $(srcdir)/sldns/wire2str.h $(srcdir)/util/module.h \
|
$(srcdir)/sldns/rrdef.h $(srcdir)/util/data/msgencode.h $(srcdir)/sldns/sbuffer.h $(srcdir)/sldns/wire2str.h \
|
||||||
$(srcdir)/util/fptr_wlist.h $(srcdir)/util/tube.h $(srcdir)/services/mesh.h $(srcdir)/util/rbtree.h \
|
$(srcdir)/util/module.h $(srcdir)/util/fptr_wlist.h $(srcdir)/util/tube.h $(srcdir)/services/mesh.h \
|
||||||
$(srcdir)/services/modstack.h
|
$(srcdir)/util/rbtree.h $(srcdir)/services/modstack.h
|
||||||
packed_rrset.lo packed_rrset.o: $(srcdir)/util/data/packed_rrset.c config.h \
|
packed_rrset.lo packed_rrset.o: $(srcdir)/util/data/packed_rrset.c config.h \
|
||||||
$(srcdir)/util/data/packed_rrset.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h \
|
$(srcdir)/util/data/packed_rrset.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h \
|
||||||
$(srcdir)/util/data/dname.h $(srcdir)/util/storage/lookup3.h $(srcdir)/util/alloc.h $(srcdir)/util/regional.h \
|
$(srcdir)/util/data/dname.h $(srcdir)/util/storage/lookup3.h $(srcdir)/util/alloc.h $(srcdir)/util/regional.h \
|
||||||
@ -674,10 +680,11 @@ iterator.lo iterator.o: $(srcdir)/iterator/iterator.c config.h $(srcdir)/iterato
|
|||||||
$(srcdir)/iterator/iter_delegpt.h $(srcdir)/iterator/iter_scrub.h $(srcdir)/iterator/iter_priv.h \
|
$(srcdir)/iterator/iter_delegpt.h $(srcdir)/iterator/iter_scrub.h $(srcdir)/iterator/iter_priv.h \
|
||||||
$(srcdir)/validator/val_neg.h $(srcdir)/services/cache/dns.h $(srcdir)/services/cache/infra.h \
|
$(srcdir)/validator/val_neg.h $(srcdir)/services/cache/dns.h $(srcdir)/services/cache/infra.h \
|
||||||
$(srcdir)/util/rtt.h $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \
|
$(srcdir)/util/rtt.h $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \
|
||||||
$(srcdir)/util/net_help.h $(srcdir)/util/regional.h \
|
$(srcdir)/dnscrypt/cert.h $(srcdir)/util/net_help.h \
|
||||||
$(srcdir)/util/data/dname.h $(srcdir)/util/data/msgencode.h $(srcdir)/util/fptr_wlist.h $(srcdir)/util/tube.h \
|
$(srcdir)/util/regional.h $(srcdir)/util/data/dname.h $(srcdir)/util/data/msgencode.h \
|
||||||
$(srcdir)/services/mesh.h $(srcdir)/services/modstack.h $(srcdir)/util/config_file.h $(srcdir)/util/random.h \
|
$(srcdir)/util/fptr_wlist.h $(srcdir)/util/tube.h $(srcdir)/services/mesh.h $(srcdir)/services/modstack.h \
|
||||||
$(srcdir)/sldns/wire2str.h $(srcdir)/sldns/str2wire.h $(srcdir)/sldns/parseutil.h $(srcdir)/sldns/sbuffer.h
|
$(srcdir)/util/config_file.h $(srcdir)/util/random.h $(srcdir)/sldns/wire2str.h $(srcdir)/sldns/str2wire.h \
|
||||||
|
$(srcdir)/sldns/parseutil.h $(srcdir)/sldns/sbuffer.h
|
||||||
iter_delegpt.lo iter_delegpt.o: $(srcdir)/iterator/iter_delegpt.c config.h $(srcdir)/iterator/iter_delegpt.h \
|
iter_delegpt.lo iter_delegpt.o: $(srcdir)/iterator/iter_delegpt.c config.h $(srcdir)/iterator/iter_delegpt.h \
|
||||||
$(srcdir)/util/log.h $(srcdir)/services/cache/dns.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h \
|
$(srcdir)/util/log.h $(srcdir)/services/cache/dns.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h \
|
||||||
$(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/regional.h \
|
$(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/regional.h \
|
||||||
@ -719,17 +726,18 @@ iter_utils.lo iter_utils.o: $(srcdir)/iterator/iter_utils.c config.h $(srcdir)/i
|
|||||||
$(srcdir)/util/storage/dnstree.h $(srcdir)/util/rbtree.h $(srcdir)/iterator/iter_fwd.h \
|
$(srcdir)/util/storage/dnstree.h $(srcdir)/util/rbtree.h $(srcdir)/iterator/iter_fwd.h \
|
||||||
$(srcdir)/iterator/iter_donotq.h $(srcdir)/iterator/iter_delegpt.h $(srcdir)/iterator/iter_priv.h \
|
$(srcdir)/iterator/iter_donotq.h $(srcdir)/iterator/iter_delegpt.h $(srcdir)/iterator/iter_priv.h \
|
||||||
$(srcdir)/services/cache/infra.h $(srcdir)/util/rtt.h $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \
|
$(srcdir)/services/cache/infra.h $(srcdir)/util/rtt.h $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \
|
||||||
$(srcdir)/services/cache/dns.h $(srcdir)/services/cache/rrset.h \
|
$(srcdir)/dnscrypt/cert.h $(srcdir)/services/cache/dns.h \
|
||||||
$(srcdir)/util/storage/slabhash.h $(srcdir)/util/net_help.h $(srcdir)/util/config_file.h \
|
$(srcdir)/services/cache/rrset.h $(srcdir)/util/storage/slabhash.h $(srcdir)/util/net_help.h \
|
||||||
$(srcdir)/util/regional.h $(srcdir)/util/data/dname.h $(srcdir)/util/random.h $(srcdir)/util/fptr_wlist.h \
|
$(srcdir)/util/config_file.h $(srcdir)/util/regional.h $(srcdir)/util/data/dname.h $(srcdir)/util/random.h \
|
||||||
$(srcdir)/util/tube.h $(srcdir)/services/mesh.h $(srcdir)/services/modstack.h $(srcdir)/validator/val_anchor.h \
|
$(srcdir)/util/fptr_wlist.h $(srcdir)/util/tube.h $(srcdir)/services/mesh.h $(srcdir)/services/modstack.h \
|
||||||
$(srcdir)/validator/val_kcache.h $(srcdir)/validator/val_kentry.h $(srcdir)/validator/val_utils.h \
|
$(srcdir)/validator/val_anchor.h $(srcdir)/validator/val_kcache.h $(srcdir)/validator/val_kentry.h \
|
||||||
$(srcdir)/validator/val_sigcrypt.h $(srcdir)/sldns/sbuffer.h $(srcdir)/sldns/str2wire.h
|
$(srcdir)/validator/val_utils.h $(srcdir)/validator/val_sigcrypt.h $(srcdir)/sldns/sbuffer.h \
|
||||||
|
$(srcdir)/sldns/str2wire.h
|
||||||
listen_dnsport.lo listen_dnsport.o: $(srcdir)/services/listen_dnsport.c config.h \
|
listen_dnsport.lo listen_dnsport.o: $(srcdir)/services/listen_dnsport.c config.h \
|
||||||
$(srcdir)/services/listen_dnsport.h $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \
|
$(srcdir)/services/listen_dnsport.h $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \
|
||||||
$(srcdir)/services/outside_network.h $(srcdir)/util/rbtree.h \
|
$(srcdir)/dnscrypt/cert.h $(srcdir)/services/outside_network.h \
|
||||||
$(srcdir)/util/log.h $(srcdir)/util/config_file.h $(srcdir)/util/net_help.h \
|
$(srcdir)/util/rbtree.h $(srcdir)/util/log.h $(srcdir)/util/config_file.h \
|
||||||
$(srcdir)/sldns/sbuffer.h
|
$(srcdir)/util/net_help.h $(srcdir)/sldns/sbuffer.h
|
||||||
localzone.lo localzone.o: $(srcdir)/services/localzone.c config.h $(srcdir)/services/localzone.h \
|
localzone.lo localzone.o: $(srcdir)/services/localzone.c config.h $(srcdir)/services/localzone.h \
|
||||||
$(srcdir)/util/rbtree.h $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/util/storage/dnstree.h \
|
$(srcdir)/util/rbtree.h $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/util/storage/dnstree.h \
|
||||||
$(srcdir)/util/module.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/data/msgreply.h \
|
$(srcdir)/util/module.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/data/msgreply.h \
|
||||||
@ -737,27 +745,30 @@ localzone.lo localzone.o: $(srcdir)/services/localzone.c config.h $(srcdir)/serv
|
|||||||
$(srcdir)/sldns/rrdef.h $(srcdir)/services/view.h $(srcdir)/sldns/str2wire.h $(srcdir)/sldns/sbuffer.h \
|
$(srcdir)/sldns/rrdef.h $(srcdir)/services/view.h $(srcdir)/sldns/str2wire.h $(srcdir)/sldns/sbuffer.h \
|
||||||
$(srcdir)/util/regional.h $(srcdir)/util/config_file.h $(srcdir)/util/data/dname.h \
|
$(srcdir)/util/regional.h $(srcdir)/util/config_file.h $(srcdir)/util/data/dname.h \
|
||||||
$(srcdir)/util/data/msgencode.h $(srcdir)/util/net_help.h $(srcdir)/util/netevent.h \
|
$(srcdir)/util/data/msgencode.h $(srcdir)/util/net_help.h $(srcdir)/util/netevent.h \
|
||||||
$(srcdir)/dnscrypt/dnscrypt.h $(srcdir)/util/as112.h
|
$(srcdir)/dnscrypt/dnscrypt.h $(srcdir)/dnscrypt/cert.h \
|
||||||
|
$(srcdir)/util/as112.h
|
||||||
mesh.lo mesh.o: $(srcdir)/services/mesh.c config.h $(srcdir)/services/mesh.h $(srcdir)/util/rbtree.h \
|
mesh.lo mesh.o: $(srcdir)/services/mesh.c config.h $(srcdir)/services/mesh.h $(srcdir)/util/rbtree.h \
|
||||||
$(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \
|
$(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \
|
||||||
$(srcdir)/util/data/msgparse.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h \
|
$(srcdir)/dnscrypt/cert.h $(srcdir)/util/data/msgparse.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h \
|
||||||
$(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/module.h $(srcdir)/util/data/msgreply.h \
|
$(srcdir)/util/log.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/module.h \
|
||||||
$(srcdir)/util/data/packed_rrset.h $(srcdir)/services/modstack.h $(srcdir)/services/outbound_list.h \
|
$(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/services/modstack.h \
|
||||||
$(srcdir)/services/cache/dns.h $(srcdir)/util/net_help.h $(srcdir)/util/regional.h \
|
$(srcdir)/services/outbound_list.h $(srcdir)/services/cache/dns.h $(srcdir)/util/net_help.h \
|
||||||
$(srcdir)/util/data/msgencode.h $(srcdir)/util/timehist.h $(srcdir)/util/fptr_wlist.h $(srcdir)/util/tube.h \
|
$(srcdir)/util/regional.h $(srcdir)/util/data/msgencode.h $(srcdir)/util/timehist.h $(srcdir)/util/fptr_wlist.h \
|
||||||
$(srcdir)/util/alloc.h $(srcdir)/util/config_file.h $(srcdir)/sldns/sbuffer.h $(srcdir)/sldns/wire2str.h \
|
$(srcdir)/util/tube.h $(srcdir)/util/alloc.h $(srcdir)/util/config_file.h $(srcdir)/sldns/sbuffer.h \
|
||||||
$(srcdir)/services/localzone.h $(srcdir)/util/storage/dnstree.h $(srcdir)/services/view.h \
|
$(srcdir)/sldns/wire2str.h $(srcdir)/services/localzone.h $(srcdir)/util/storage/dnstree.h \
|
||||||
$(srcdir)/util/data/dname.h $(srcdir)/respip/respip.h
|
$(srcdir)/services/view.h $(srcdir)/util/data/dname.h $(srcdir)/respip/respip.h
|
||||||
modstack.lo modstack.o: $(srcdir)/services/modstack.c config.h $(srcdir)/services/modstack.h \
|
modstack.lo modstack.o: $(srcdir)/services/modstack.c config.h $(srcdir)/services/modstack.h \
|
||||||
$(srcdir)/util/module.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h \
|
$(srcdir)/util/module.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h \
|
||||||
$(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/data/msgparse.h \
|
$(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/data/msgparse.h \
|
||||||
$(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/fptr_wlist.h $(srcdir)/util/netevent.h \
|
$(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/fptr_wlist.h $(srcdir)/util/netevent.h \
|
||||||
$(srcdir)/dnscrypt/dnscrypt.h $(srcdir)/util/tube.h \
|
$(srcdir)/dnscrypt/dnscrypt.h $(srcdir)/dnscrypt/cert.h \
|
||||||
$(srcdir)/services/mesh.h $(srcdir)/util/rbtree.h $(srcdir)/dns64/dns64.h $(srcdir)/iterator/iterator.h \
|
$(srcdir)/util/tube.h $(srcdir)/services/mesh.h $(srcdir)/util/rbtree.h $(srcdir)/dns64/dns64.h \
|
||||||
$(srcdir)/services/outbound_list.h $(srcdir)/validator/validator.h $(srcdir)/validator/val_utils.h \
|
$(srcdir)/iterator/iterator.h $(srcdir)/services/outbound_list.h $(srcdir)/validator/validator.h \
|
||||||
$(srcdir)/respip/respip.h $(srcdir)/services/localzone.h $(srcdir)/util/storage/dnstree.h \
|
$(srcdir)/validator/val_utils.h $(srcdir)/respip/respip.h $(srcdir)/services/localzone.h \
|
||||||
$(srcdir)/services/view.h $(srcdir)/edns-subnet/subnetmod.h $(srcdir)/util/alloc.h $(srcdir)/util/net_help.h \
|
$(srcdir)/util/storage/dnstree.h $(srcdir)/services/view.h $(PYTHONMOD_HEADER) \
|
||||||
$(srcdir)/util/storage/slabhash.h $(srcdir)/edns-subnet/addrtree.h $(srcdir)/edns-subnet/edns-subnet.h
|
$(srcdir)/cachedb/cachedb.h $(srcdir)/ipsecmod/ipsecmod.h $(srcdir)/edns-subnet/subnetmod.h \
|
||||||
|
$(srcdir)/util/alloc.h $(srcdir)/util/net_help.h $(srcdir)/util/storage/slabhash.h \
|
||||||
|
$(srcdir)/edns-subnet/addrtree.h $(srcdir)/edns-subnet/edns-subnet.h
|
||||||
view.lo view.o: $(srcdir)/services/view.c config.h $(srcdir)/services/view.h $(srcdir)/util/rbtree.h \
|
view.lo view.o: $(srcdir)/services/view.c config.h $(srcdir)/services/view.h $(srcdir)/util/rbtree.h \
|
||||||
$(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/services/localzone.h $(srcdir)/util/storage/dnstree.h \
|
$(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/services/localzone.h $(srcdir)/util/storage/dnstree.h \
|
||||||
$(srcdir)/util/module.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/data/msgreply.h \
|
$(srcdir)/util/module.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/data/msgreply.h \
|
||||||
@ -766,31 +777,32 @@ view.lo view.o: $(srcdir)/services/view.c config.h $(srcdir)/services/view.h $(s
|
|||||||
outbound_list.lo outbound_list.o: $(srcdir)/services/outbound_list.c config.h \
|
outbound_list.lo outbound_list.o: $(srcdir)/services/outbound_list.c config.h \
|
||||||
$(srcdir)/services/outbound_list.h $(srcdir)/services/outside_network.h $(srcdir)/util/rbtree.h \
|
$(srcdir)/services/outbound_list.h $(srcdir)/services/outside_network.h $(srcdir)/util/rbtree.h \
|
||||||
$(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \
|
$(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \
|
||||||
|
$(srcdir)/dnscrypt/cert.h
|
||||||
outside_network.lo outside_network.o: $(srcdir)/services/outside_network.c config.h \
|
outside_network.lo outside_network.o: $(srcdir)/services/outside_network.c config.h \
|
||||||
$(srcdir)/services/outside_network.h $(srcdir)/util/rbtree.h $(srcdir)/util/netevent.h \
|
$(srcdir)/services/outside_network.h $(srcdir)/util/rbtree.h $(srcdir)/util/netevent.h \
|
||||||
$(srcdir)/dnscrypt/dnscrypt.h \
|
$(srcdir)/dnscrypt/dnscrypt.h $(srcdir)/dnscrypt/cert.h \
|
||||||
$(srcdir)/services/listen_dnsport.h $(srcdir)/services/cache/infra.h $(srcdir)/util/storage/lruhash.h \
|
$(srcdir)/services/listen_dnsport.h $(srcdir)/services/cache/infra.h \
|
||||||
$(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/util/storage/dnstree.h $(srcdir)/util/rtt.h \
|
$(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/util/storage/dnstree.h \
|
||||||
$(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/data/msgparse.h \
|
$(srcdir)/util/rtt.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h \
|
||||||
$(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/data/msgencode.h $(srcdir)/util/data/dname.h \
|
$(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/data/msgencode.h \
|
||||||
$(srcdir)/util/net_help.h $(srcdir)/util/random.h $(srcdir)/util/fptr_wlist.h $(srcdir)/util/module.h \
|
$(srcdir)/util/data/dname.h $(srcdir)/util/net_help.h $(srcdir)/util/random.h $(srcdir)/util/fptr_wlist.h \
|
||||||
$(srcdir)/util/tube.h $(srcdir)/services/mesh.h $(srcdir)/services/modstack.h $(srcdir)/sldns/sbuffer.h \
|
$(srcdir)/util/module.h $(srcdir)/util/tube.h $(srcdir)/services/mesh.h $(srcdir)/services/modstack.h \
|
||||||
$(srcdir)/dnstap/dnstap.h
|
$(srcdir)/sldns/sbuffer.h $(srcdir)/dnstap/dnstap.h \
|
||||||
|
|
||||||
alloc.lo alloc.o: $(srcdir)/util/alloc.c config.h $(srcdir)/util/alloc.h $(srcdir)/util/locks.h $(srcdir)/util/log.h \
|
alloc.lo alloc.o: $(srcdir)/util/alloc.c config.h $(srcdir)/util/alloc.h $(srcdir)/util/locks.h $(srcdir)/util/log.h \
|
||||||
$(srcdir)/util/regional.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/storage/lruhash.h \
|
$(srcdir)/util/regional.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/storage/lruhash.h \
|
||||||
$(srcdir)/util/fptr_wlist.h $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \
|
$(srcdir)/util/fptr_wlist.h $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \
|
||||||
$(srcdir)/util/module.h $(srcdir)/util/data/msgreply.h \
|
$(srcdir)/dnscrypt/cert.h $(srcdir)/util/module.h \
|
||||||
$(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/tube.h \
|
$(srcdir)/util/data/msgreply.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h \
|
||||||
$(srcdir)/services/mesh.h $(srcdir)/util/rbtree.h $(srcdir)/services/modstack.h
|
$(srcdir)/util/tube.h $(srcdir)/services/mesh.h $(srcdir)/util/rbtree.h $(srcdir)/services/modstack.h
|
||||||
config_file.lo config_file.o: $(srcdir)/util/config_file.c config.h $(srcdir)/util/log.h \
|
config_file.lo config_file.o: $(srcdir)/util/config_file.c config.h $(srcdir)/util/log.h \
|
||||||
$(srcdir)/util/configyyrename.h $(srcdir)/util/config_file.h util/configparser.h \
|
$(srcdir)/util/configyyrename.h $(srcdir)/util/config_file.h util/configparser.h \
|
||||||
$(srcdir)/util/net_help.h $(srcdir)/util/data/msgparse.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h \
|
$(srcdir)/util/net_help.h $(srcdir)/util/data/msgparse.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h \
|
||||||
$(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/module.h $(srcdir)/util/data/msgreply.h \
|
$(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/module.h $(srcdir)/util/data/msgreply.h \
|
||||||
$(srcdir)/util/data/packed_rrset.h $(srcdir)/util/regional.h $(srcdir)/util/fptr_wlist.h \
|
$(srcdir)/util/data/packed_rrset.h $(srcdir)/util/regional.h $(srcdir)/util/fptr_wlist.h \
|
||||||
$(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \
|
$(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \
|
||||||
$(srcdir)/util/tube.h $(srcdir)/services/mesh.h $(srcdir)/util/rbtree.h $(srcdir)/services/modstack.h \
|
$(srcdir)/dnscrypt/cert.h $(srcdir)/util/tube.h $(srcdir)/services/mesh.h $(srcdir)/util/rbtree.h \
|
||||||
$(srcdir)/util/data/dname.h $(srcdir)/util/rtt.h $(srcdir)/services/cache/infra.h \
|
$(srcdir)/services/modstack.h $(srcdir)/util/data/dname.h $(srcdir)/util/rtt.h $(srcdir)/services/cache/infra.h \
|
||||||
$(srcdir)/util/storage/dnstree.h $(srcdir)/sldns/wire2str.h $(srcdir)/sldns/parseutil.h \
|
$(srcdir)/util/storage/dnstree.h $(srcdir)/sldns/wire2str.h $(srcdir)/sldns/parseutil.h \
|
||||||
$(srcdir)/edns-subnet/edns-subnet.h $(srcdir)/util/iana_ports.inc
|
$(srcdir)/edns-subnet/edns-subnet.h $(srcdir)/util/iana_ports.inc
|
||||||
configlexer.lo configlexer.o: util/configlexer.c config.h $(srcdir)/util/configyyrename.h \
|
configlexer.lo configlexer.o: util/configlexer.c config.h $(srcdir)/util/configyyrename.h \
|
||||||
@ -798,24 +810,33 @@ configlexer.lo configlexer.o: util/configlexer.c config.h $(srcdir)/util/configy
|
|||||||
configparser.lo configparser.o: util/configparser.c config.h $(srcdir)/util/configyyrename.h \
|
configparser.lo configparser.o: util/configparser.c config.h $(srcdir)/util/configyyrename.h \
|
||||||
$(srcdir)/util/config_file.h $(srcdir)/util/net_help.h $(srcdir)/util/log.h
|
$(srcdir)/util/config_file.h $(srcdir)/util/net_help.h $(srcdir)/util/log.h
|
||||||
shm_main.lo shm_main.o: $(srcdir)/util/shm_side/shm_main.c config.h $(srcdir)/util/shm_side/shm_main.h \
|
shm_main.lo shm_main.o: $(srcdir)/util/shm_side/shm_main.c config.h $(srcdir)/util/shm_side/shm_main.h \
|
||||||
$(srcdir)/daemon/daemon.h $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/util/alloc.h $(srcdir)/services/modstack.h \
|
$(srcdir)/libunbound/unbound.h $(srcdir)/daemon/daemon.h $(srcdir)/util/locks.h $(srcdir)/util/log.h \
|
||||||
$(srcdir)/daemon/worker.h \
|
$(srcdir)/util/alloc.h $(srcdir)/services/modstack.h \
|
||||||
$(srcdir)/libunbound/worker.h $(srcdir)/sldns/sbuffer.h $(srcdir)/util/data/packed_rrset.h \
|
$(srcdir)/daemon/worker.h $(srcdir)/libunbound/worker.h \
|
||||||
$(srcdir)/util/storage/lruhash.h $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \
|
$(srcdir)/sldns/sbuffer.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/storage/lruhash.h \
|
||||||
$(srcdir)/util/data/msgreply.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h \
|
$(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h $(srcdir)/dnscrypt/cert.h $(srcdir)/util/data/msgreply.h \
|
||||||
$(srcdir)/daemon/stats.h $(srcdir)/util/timehist.h $(srcdir)/util/module.h $(srcdir)/dnstap/dnstap.h \
|
$(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/daemon/stats.h \
|
||||||
$(srcdir)/services/mesh.h $(srcdir)/util/rbtree.h $(srcdir)/services/cache/rrset.h \
|
$(srcdir)/util/timehist.h $(srcdir)/util/module.h $(srcdir)/dnstap/dnstap.h $(srcdir)/services/mesh.h \
|
||||||
$(srcdir)/util/storage/slabhash.h $(srcdir)/services/cache/infra.h $(srcdir)/util/storage/dnstree.h \
|
$(srcdir)/util/rbtree.h $(srcdir)/services/cache/rrset.h $(srcdir)/util/storage/slabhash.h \
|
||||||
$(srcdir)/util/rtt.h $(srcdir)/validator/validator.h $(srcdir)/validator/val_utils.h \
|
$(srcdir)/services/cache/infra.h $(srcdir)/util/storage/dnstree.h $(srcdir)/util/rtt.h \
|
||||||
$(srcdir)/util/config_file.h $(srcdir)/util/fptr_wlist.h $(srcdir)/util/tube.h
|
$(srcdir)/validator/validator.h $(srcdir)/validator/val_utils.h $(srcdir)/util/config_file.h \
|
||||||
|
$(srcdir)/util/fptr_wlist.h $(srcdir)/util/tube.h
|
||||||
|
authzone.lo authzone.o: $(srcdir)/services/authzone.c config.h $(srcdir)/services/authzone.h \
|
||||||
|
$(srcdir)/util/rbtree.h $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/util/data/dname.h \
|
||||||
|
$(srcdir)/util/storage/lruhash.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h \
|
||||||
|
$(srcdir)/util/regional.h $(srcdir)/util/net_help.h $(srcdir)/util/config_file.h $(srcdir)/services/cache/dns.h \
|
||||||
|
$(srcdir)/sldns/rrdef.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/sbuffer.h $(srcdir)/sldns/str2wire.h \
|
||||||
|
$(srcdir)/sldns/wire2str.h $(srcdir)/sldns/parseutil.h $(srcdir)/validator/val_nsec3.h \
|
||||||
|
$(srcdir)/validator/val_secalgo.h
|
||||||
fptr_wlist.lo fptr_wlist.o: $(srcdir)/util/fptr_wlist.c config.h $(srcdir)/util/fptr_wlist.h \
|
fptr_wlist.lo fptr_wlist.o: $(srcdir)/util/fptr_wlist.c config.h $(srcdir)/util/fptr_wlist.h \
|
||||||
$(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \
|
$(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \
|
||||||
$(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/util/module.h \
|
$(srcdir)/dnscrypt/cert.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h \
|
||||||
$(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/data/msgparse.h \
|
$(srcdir)/util/module.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h \
|
||||||
$(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/tube.h $(srcdir)/services/mesh.h $(srcdir)/util/rbtree.h \
|
$(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/tube.h \
|
||||||
$(srcdir)/services/modstack.h $(srcdir)/util/mini_event.h $(srcdir)/util/rbtree.h \
|
$(srcdir)/services/mesh.h $(srcdir)/util/rbtree.h $(srcdir)/services/modstack.h $(srcdir)/util/mini_event.h \
|
||||||
$(srcdir)/services/outside_network.h $(srcdir)/services/localzone.h \
|
$(srcdir)/util/rbtree.h $(srcdir)/services/outside_network.h \
|
||||||
$(srcdir)/util/storage/dnstree.h $(srcdir)/services/view.h $(srcdir)/services/cache/infra.h $(srcdir)/util/rtt.h \
|
$(srcdir)/services/localzone.h $(srcdir)/util/storage/dnstree.h $(srcdir)/services/view.h \
|
||||||
|
$(srcdir)/services/authzone.h $(srcdir)/services/cache/infra.h $(srcdir)/util/rtt.h \
|
||||||
$(srcdir)/services/cache/rrset.h $(srcdir)/util/storage/slabhash.h $(srcdir)/dns64/dns64.h \
|
$(srcdir)/services/cache/rrset.h $(srcdir)/util/storage/slabhash.h $(srcdir)/dns64/dns64.h \
|
||||||
$(srcdir)/iterator/iterator.h $(srcdir)/services/outbound_list.h $(srcdir)/iterator/iter_fwd.h \
|
$(srcdir)/iterator/iterator.h $(srcdir)/services/outbound_list.h $(srcdir)/iterator/iter_fwd.h \
|
||||||
$(srcdir)/validator/validator.h $(srcdir)/validator/val_utils.h $(srcdir)/validator/val_anchor.h \
|
$(srcdir)/validator/validator.h $(srcdir)/validator/val_utils.h $(srcdir)/validator/val_anchor.h \
|
||||||
@ -823,38 +844,42 @@ fptr_wlist.lo fptr_wlist.o: $(srcdir)/util/fptr_wlist.c config.h $(srcdir)/util/
|
|||||||
$(srcdir)/validator/val_neg.h $(srcdir)/validator/autotrust.h $(srcdir)/libunbound/libworker.h \
|
$(srcdir)/validator/val_neg.h $(srcdir)/validator/autotrust.h $(srcdir)/libunbound/libworker.h \
|
||||||
$(srcdir)/libunbound/context.h $(srcdir)/util/alloc.h $(srcdir)/libunbound/unbound.h \
|
$(srcdir)/libunbound/context.h $(srcdir)/util/alloc.h $(srcdir)/libunbound/unbound.h \
|
||||||
$(srcdir)/libunbound/worker.h $(srcdir)/sldns/sbuffer.h $(srcdir)/util/config_file.h $(srcdir)/respip/respip.h \
|
$(srcdir)/libunbound/worker.h $(srcdir)/sldns/sbuffer.h $(srcdir)/util/config_file.h $(srcdir)/respip/respip.h \
|
||||||
|
$(PYTHONMOD_HEADER) $(srcdir)/cachedb/cachedb.h $(srcdir)/ipsecmod/ipsecmod.h \
|
||||||
$(srcdir)/edns-subnet/subnetmod.h $(srcdir)/util/net_help.h $(srcdir)/edns-subnet/addrtree.h \
|
$(srcdir)/edns-subnet/subnetmod.h $(srcdir)/util/net_help.h $(srcdir)/edns-subnet/addrtree.h \
|
||||||
$(srcdir)/edns-subnet/edns-subnet.h
|
$(srcdir)/edns-subnet/edns-subnet.h
|
||||||
locks.lo locks.o: $(srcdir)/util/locks.c config.h $(srcdir)/util/locks.h $(srcdir)/util/log.h
|
locks.lo locks.o: $(srcdir)/util/locks.c config.h $(srcdir)/util/locks.h $(srcdir)/util/log.h
|
||||||
log.lo log.o: $(srcdir)/util/log.c config.h $(srcdir)/util/log.h $(srcdir)/util/locks.h $(srcdir)/sldns/sbuffer.h
|
log.lo log.o: $(srcdir)/util/log.c config.h $(srcdir)/util/log.h $(srcdir)/util/locks.h $(srcdir)/sldns/sbuffer.h
|
||||||
mini_event.lo mini_event.o: $(srcdir)/util/mini_event.c config.h $(srcdir)/util/mini_event.h $(srcdir)/util/rbtree.h \
|
mini_event.lo mini_event.o: $(srcdir)/util/mini_event.c config.h $(srcdir)/util/mini_event.h $(srcdir)/util/rbtree.h \
|
||||||
$(srcdir)/util/fptr_wlist.h $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \
|
$(srcdir)/util/fptr_wlist.h $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \
|
||||||
$(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h \
|
$(srcdir)/dnscrypt/cert.h $(srcdir)/util/storage/lruhash.h \
|
||||||
$(srcdir)/util/log.h $(srcdir)/util/module.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h \
|
$(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/util/module.h $(srcdir)/util/data/msgreply.h \
|
||||||
$(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/tube.h \
|
$(srcdir)/util/data/packed_rrset.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h \
|
||||||
$(srcdir)/services/mesh.h $(srcdir)/util/rbtree.h $(srcdir)/services/modstack.h
|
$(srcdir)/sldns/rrdef.h $(srcdir)/util/tube.h $(srcdir)/services/mesh.h $(srcdir)/util/rbtree.h \
|
||||||
|
$(srcdir)/services/modstack.h
|
||||||
module.lo module.o: $(srcdir)/util/module.c config.h $(srcdir)/util/module.h $(srcdir)/util/storage/lruhash.h \
|
module.lo module.o: $(srcdir)/util/module.c config.h $(srcdir)/util/module.h $(srcdir)/util/storage/lruhash.h \
|
||||||
$(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h \
|
$(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h \
|
||||||
$(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/sldns/wire2str.h
|
$(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/sldns/wire2str.h
|
||||||
netevent.lo netevent.o: $(srcdir)/util/netevent.c config.h $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \
|
netevent.lo netevent.o: $(srcdir)/util/netevent.c config.h $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \
|
||||||
$(srcdir)/util/ub_event.h $(srcdir)/util/log.h $(srcdir)/util/net_help.h \
|
$(srcdir)/dnscrypt/cert.h $(srcdir)/util/ub_event.h $(srcdir)/util/log.h \
|
||||||
$(srcdir)/util/fptr_wlist.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/module.h \
|
$(srcdir)/util/net_help.h $(srcdir)/util/fptr_wlist.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h \
|
||||||
$(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/data/msgparse.h \
|
$(srcdir)/util/module.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h \
|
||||||
$(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/tube.h $(srcdir)/services/mesh.h $(srcdir)/util/rbtree.h \
|
$(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/tube.h \
|
||||||
$(srcdir)/services/modstack.h $(srcdir)/sldns/sbuffer.h $(srcdir)/dnstap/dnstap.h \
|
$(srcdir)/services/mesh.h $(srcdir)/util/rbtree.h $(srcdir)/services/modstack.h $(srcdir)/sldns/sbuffer.h \
|
||||||
|
$(srcdir)/dnstap/dnstap.h \
|
||||||
|
|
||||||
net_help.lo net_help.o: $(srcdir)/util/net_help.c config.h $(srcdir)/util/net_help.h $(srcdir)/util/log.h \
|
net_help.lo net_help.o: $(srcdir)/util/net_help.c config.h $(srcdir)/util/net_help.h $(srcdir)/util/log.h \
|
||||||
$(srcdir)/util/data/dname.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/module.h \
|
$(srcdir)/util/data/dname.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/module.h \
|
||||||
$(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/data/msgparse.h \
|
$(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/data/msgparse.h \
|
||||||
$(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/regional.h $(srcdir)/sldns/parseutil.h \
|
$(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/regional.h $(srcdir)/sldns/parseutil.h \
|
||||||
$(srcdir)/sldns/wire2str.h
|
$(srcdir)/sldns/wire2str.h \
|
||||||
|
|
||||||
random.lo random.o: $(srcdir)/util/random.c config.h $(srcdir)/util/random.h $(srcdir)/util/log.h
|
random.lo random.o: $(srcdir)/util/random.c config.h $(srcdir)/util/random.h $(srcdir)/util/log.h
|
||||||
rbtree.lo rbtree.o: $(srcdir)/util/rbtree.c config.h $(srcdir)/util/log.h $(srcdir)/util/fptr_wlist.h \
|
rbtree.lo rbtree.o: $(srcdir)/util/rbtree.c config.h $(srcdir)/util/log.h $(srcdir)/util/fptr_wlist.h \
|
||||||
$(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \
|
$(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \
|
||||||
$(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/util/module.h \
|
$(srcdir)/dnscrypt/cert.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h \
|
||||||
$(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/data/msgparse.h \
|
$(srcdir)/util/module.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h \
|
||||||
$(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/tube.h $(srcdir)/services/mesh.h $(srcdir)/util/rbtree.h \
|
$(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/tube.h \
|
||||||
$(srcdir)/services/modstack.h
|
$(srcdir)/services/mesh.h $(srcdir)/util/rbtree.h $(srcdir)/services/modstack.h
|
||||||
regional.lo regional.o: $(srcdir)/util/regional.c config.h $(srcdir)/util/log.h $(srcdir)/util/regional.h
|
regional.lo regional.o: $(srcdir)/util/regional.c config.h $(srcdir)/util/log.h $(srcdir)/util/regional.h
|
||||||
rtt.lo rtt.o: $(srcdir)/util/rtt.c config.h $(srcdir)/util/rtt.h
|
rtt.lo rtt.o: $(srcdir)/util/rtt.c config.h $(srcdir)/util/rtt.h
|
||||||
dnstree.lo dnstree.o: $(srcdir)/util/storage/dnstree.c config.h $(srcdir)/util/storage/dnstree.h \
|
dnstree.lo dnstree.o: $(srcdir)/util/storage/dnstree.c config.h $(srcdir)/util/storage/dnstree.h \
|
||||||
@ -863,25 +888,25 @@ dnstree.lo dnstree.o: $(srcdir)/util/storage/dnstree.c config.h $(srcdir)/util/s
|
|||||||
lookup3.lo lookup3.o: $(srcdir)/util/storage/lookup3.c config.h $(srcdir)/util/storage/lookup3.h
|
lookup3.lo lookup3.o: $(srcdir)/util/storage/lookup3.c config.h $(srcdir)/util/storage/lookup3.h
|
||||||
lruhash.lo lruhash.o: $(srcdir)/util/storage/lruhash.c config.h $(srcdir)/util/storage/lruhash.h \
|
lruhash.lo lruhash.o: $(srcdir)/util/storage/lruhash.c config.h $(srcdir)/util/storage/lruhash.h \
|
||||||
$(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/util/fptr_wlist.h $(srcdir)/util/netevent.h \
|
$(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/util/fptr_wlist.h $(srcdir)/util/netevent.h \
|
||||||
$(srcdir)/dnscrypt/dnscrypt.h $(srcdir)/util/module.h \
|
$(srcdir)/dnscrypt/dnscrypt.h $(srcdir)/dnscrypt/cert.h \
|
||||||
$(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/data/msgparse.h \
|
$(srcdir)/util/module.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h \
|
||||||
$(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/tube.h $(srcdir)/services/mesh.h $(srcdir)/util/rbtree.h \
|
$(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/tube.h \
|
||||||
$(srcdir)/services/modstack.h
|
$(srcdir)/services/mesh.h $(srcdir)/util/rbtree.h $(srcdir)/services/modstack.h
|
||||||
slabhash.lo slabhash.o: $(srcdir)/util/storage/slabhash.c config.h $(srcdir)/util/storage/slabhash.h \
|
slabhash.lo slabhash.o: $(srcdir)/util/storage/slabhash.c config.h $(srcdir)/util/storage/slabhash.h \
|
||||||
$(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h
|
$(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h
|
||||||
timehist.lo timehist.o: $(srcdir)/util/timehist.c config.h $(srcdir)/util/timehist.h $(srcdir)/util/log.h
|
timehist.lo timehist.o: $(srcdir)/util/timehist.c config.h $(srcdir)/util/timehist.h $(srcdir)/util/log.h
|
||||||
tube.lo tube.o: $(srcdir)/util/tube.c config.h $(srcdir)/util/tube.h $(srcdir)/util/log.h $(srcdir)/util/net_help.h \
|
tube.lo tube.o: $(srcdir)/util/tube.c config.h $(srcdir)/util/tube.h $(srcdir)/util/log.h $(srcdir)/util/net_help.h \
|
||||||
$(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \
|
$(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \
|
||||||
$(srcdir)/util/fptr_wlist.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/module.h \
|
$(srcdir)/dnscrypt/cert.h $(srcdir)/util/fptr_wlist.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h \
|
||||||
$(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/data/msgparse.h \
|
$(srcdir)/util/module.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h \
|
||||||
$(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/services/mesh.h $(srcdir)/util/rbtree.h \
|
$(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/services/mesh.h \
|
||||||
$(srcdir)/services/modstack.h $(srcdir)/util/ub_event.h
|
$(srcdir)/util/rbtree.h $(srcdir)/services/modstack.h $(srcdir)/util/ub_event.h
|
||||||
ub_event.lo ub_event.o: $(srcdir)/util/ub_event.c config.h $(srcdir)/util/ub_event.h $(srcdir)/util/log.h \
|
ub_event.lo ub_event.o: $(srcdir)/util/ub_event.c config.h $(srcdir)/util/ub_event.h $(srcdir)/util/log.h \
|
||||||
$(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \
|
$(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \
|
||||||
$(srcdir)/util/tube.h $(srcdir)/util/mini_event.h $(srcdir)/util/rbtree.h
|
$(srcdir)/dnscrypt/cert.h $(srcdir)/util/tube.h $(srcdir)/util/mini_event.h $(srcdir)/util/rbtree.h
|
||||||
ub_event_pluggable.lo ub_event_pluggable.o: $(srcdir)/util/ub_event_pluggable.c config.h $(srcdir)/util/ub_event.h \
|
ub_event_pluggable.lo ub_event_pluggable.o: $(srcdir)/util/ub_event_pluggable.c config.h $(srcdir)/util/ub_event.h \
|
||||||
$(srcdir)/libunbound/unbound-event.h $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \
|
$(srcdir)/libunbound/unbound-event.h $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \
|
||||||
$(srcdir)/util/log.h $(srcdir)/util/fptr_wlist.h \
|
$(srcdir)/dnscrypt/cert.h $(srcdir)/util/log.h $(srcdir)/util/fptr_wlist.h \
|
||||||
$(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/module.h $(srcdir)/util/data/msgreply.h \
|
$(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/module.h $(srcdir)/util/data/msgreply.h \
|
||||||
$(srcdir)/util/data/packed_rrset.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h \
|
$(srcdir)/util/data/packed_rrset.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h \
|
||||||
$(srcdir)/sldns/rrdef.h $(srcdir)/util/tube.h $(srcdir)/services/mesh.h $(srcdir)/util/rbtree.h \
|
$(srcdir)/sldns/rrdef.h $(srcdir)/util/tube.h $(srcdir)/services/mesh.h $(srcdir)/util/rbtree.h \
|
||||||
@ -894,9 +919,10 @@ autotrust.lo autotrust.o: $(srcdir)/validator/autotrust.c config.h $(srcdir)/val
|
|||||||
$(srcdir)/util/data/msgreply.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h \
|
$(srcdir)/util/data/msgreply.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h \
|
||||||
$(srcdir)/util/net_help.h $(srcdir)/util/config_file.h $(srcdir)/util/regional.h $(srcdir)/util/random.h \
|
$(srcdir)/util/net_help.h $(srcdir)/util/config_file.h $(srcdir)/util/regional.h $(srcdir)/util/random.h \
|
||||||
$(srcdir)/services/mesh.h $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \
|
$(srcdir)/services/mesh.h $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \
|
||||||
$(srcdir)/services/modstack.h $(srcdir)/services/cache/rrset.h \
|
$(srcdir)/dnscrypt/cert.h $(srcdir)/services/modstack.h \
|
||||||
$(srcdir)/util/storage/slabhash.h $(srcdir)/validator/val_kcache.h $(srcdir)/sldns/sbuffer.h \
|
$(srcdir)/services/cache/rrset.h $(srcdir)/util/storage/slabhash.h $(srcdir)/validator/val_kcache.h \
|
||||||
$(srcdir)/sldns/wire2str.h $(srcdir)/sldns/str2wire.h $(srcdir)/sldns/keyraw.h
|
$(srcdir)/sldns/sbuffer.h $(srcdir)/sldns/wire2str.h $(srcdir)/sldns/str2wire.h $(srcdir)/sldns/keyraw.h \
|
||||||
|
|
||||||
val_anchor.lo val_anchor.o: $(srcdir)/validator/val_anchor.c config.h $(srcdir)/validator/val_anchor.h \
|
val_anchor.lo val_anchor.o: $(srcdir)/validator/val_anchor.c config.h $(srcdir)/validator/val_anchor.h \
|
||||||
$(srcdir)/util/rbtree.h $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/validator/val_sigcrypt.h \
|
$(srcdir)/util/rbtree.h $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/validator/val_sigcrypt.h \
|
||||||
$(srcdir)/util/data/packed_rrset.h $(srcdir)/util/storage/lruhash.h $(srcdir)/validator/autotrust.h \
|
$(srcdir)/util/data/packed_rrset.h $(srcdir)/util/storage/lruhash.h $(srcdir)/validator/autotrust.h \
|
||||||
@ -912,7 +938,8 @@ validator.lo validator.o: $(srcdir)/validator/validator.c config.h $(srcdir)/val
|
|||||||
$(srcdir)/validator/autotrust.h $(srcdir)/services/cache/dns.h $(srcdir)/util/data/dname.h \
|
$(srcdir)/validator/autotrust.h $(srcdir)/services/cache/dns.h $(srcdir)/util/data/dname.h \
|
||||||
$(srcdir)/util/net_help.h $(srcdir)/util/regional.h $(srcdir)/util/config_file.h $(srcdir)/util/fptr_wlist.h \
|
$(srcdir)/util/net_help.h $(srcdir)/util/regional.h $(srcdir)/util/config_file.h $(srcdir)/util/fptr_wlist.h \
|
||||||
$(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \
|
$(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \
|
||||||
$(srcdir)/util/tube.h $(srcdir)/services/mesh.h $(srcdir)/services/modstack.h $(srcdir)/sldns/wire2str.h
|
$(srcdir)/dnscrypt/cert.h $(srcdir)/util/tube.h $(srcdir)/services/mesh.h $(srcdir)/services/modstack.h \
|
||||||
|
$(srcdir)/sldns/wire2str.h $(srcdir)/sldns/str2wire.h
|
||||||
val_kcache.lo val_kcache.o: $(srcdir)/validator/val_kcache.c config.h $(srcdir)/validator/val_kcache.h \
|
val_kcache.lo val_kcache.o: $(srcdir)/validator/val_kcache.c config.h $(srcdir)/validator/val_kcache.h \
|
||||||
$(srcdir)/util/storage/slabhash.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h \
|
$(srcdir)/util/storage/slabhash.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h \
|
||||||
$(srcdir)/validator/val_kentry.h $(srcdir)/util/config_file.h $(srcdir)/util/data/dname.h \
|
$(srcdir)/validator/val_kentry.h $(srcdir)/util/config_file.h $(srcdir)/util/data/dname.h \
|
||||||
@ -921,13 +948,15 @@ val_kcache.lo val_kcache.o: $(srcdir)/validator/val_kcache.c config.h $(srcdir)/
|
|||||||
val_kentry.lo val_kentry.o: $(srcdir)/validator/val_kentry.c config.h $(srcdir)/validator/val_kentry.h \
|
val_kentry.lo val_kentry.o: $(srcdir)/validator/val_kentry.c config.h $(srcdir)/validator/val_kentry.h \
|
||||||
$(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/util/data/packed_rrset.h \
|
$(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/util/data/packed_rrset.h \
|
||||||
$(srcdir)/util/data/dname.h $(srcdir)/util/storage/lookup3.h $(srcdir)/util/regional.h $(srcdir)/util/net_help.h \
|
$(srcdir)/util/data/dname.h $(srcdir)/util/storage/lookup3.h $(srcdir)/util/regional.h $(srcdir)/util/net_help.h \
|
||||||
$(srcdir)/sldns/rrdef.h $(srcdir)/sldns/keyraw.h
|
$(srcdir)/sldns/rrdef.h $(srcdir)/sldns/keyraw.h \
|
||||||
val_neg.lo val_neg.o: $(srcdir)/validator/val_neg.c config.h $(srcdir)/validator/val_neg.h $(srcdir)/util/locks.h \
|
|
||||||
$(srcdir)/util/log.h $(srcdir)/util/rbtree.h $(srcdir)/validator/val_nsec.h $(srcdir)/util/data/packed_rrset.h \
|
val_neg.lo val_neg.o: $(srcdir)/validator/val_neg.c config.h \
|
||||||
$(srcdir)/util/storage/lruhash.h $(srcdir)/validator/val_nsec3.h $(srcdir)/validator/val_utils.h \
|
$(srcdir)/validator/val_neg.h $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/util/rbtree.h \
|
||||||
$(srcdir)/util/data/dname.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/net_help.h \
|
$(srcdir)/validator/val_nsec.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/storage/lruhash.h \
|
||||||
$(srcdir)/util/config_file.h $(srcdir)/services/cache/rrset.h $(srcdir)/util/storage/slabhash.h \
|
$(srcdir)/validator/val_nsec3.h $(srcdir)/validator/val_utils.h $(srcdir)/util/data/dname.h \
|
||||||
$(srcdir)/services/cache/dns.h $(srcdir)/sldns/rrdef.h $(srcdir)/sldns/sbuffer.h
|
$(srcdir)/util/data/msgreply.h $(srcdir)/util/net_help.h $(srcdir)/util/config_file.h \
|
||||||
|
$(srcdir)/services/cache/rrset.h $(srcdir)/util/storage/slabhash.h $(srcdir)/services/cache/dns.h \
|
||||||
|
$(srcdir)/sldns/rrdef.h $(srcdir)/sldns/sbuffer.h
|
||||||
val_nsec3.lo val_nsec3.o: $(srcdir)/validator/val_nsec3.c config.h $(srcdir)/validator/val_nsec3.h \
|
val_nsec3.lo val_nsec3.o: $(srcdir)/validator/val_nsec3.c config.h $(srcdir)/validator/val_nsec3.h \
|
||||||
$(srcdir)/util/rbtree.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/storage/lruhash.h \
|
$(srcdir)/util/rbtree.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/storage/lruhash.h \
|
||||||
$(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/validator/val_secalgo.h $(srcdir)/validator/validator.h \
|
$(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/validator/val_secalgo.h $(srcdir)/validator/validator.h \
|
||||||
@ -943,14 +972,16 @@ val_nsec.lo val_nsec.o: $(srcdir)/validator/val_nsec.c config.h $(srcdir)/valida
|
|||||||
val_secalgo.lo val_secalgo.o: $(srcdir)/validator/val_secalgo.c config.h $(srcdir)/util/data/packed_rrset.h \
|
val_secalgo.lo val_secalgo.o: $(srcdir)/validator/val_secalgo.c config.h $(srcdir)/util/data/packed_rrset.h \
|
||||||
$(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/validator/val_secalgo.h \
|
$(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/validator/val_secalgo.h \
|
||||||
$(srcdir)/validator/val_nsec3.h $(srcdir)/util/rbtree.h $(srcdir)/sldns/rrdef.h $(srcdir)/sldns/keyraw.h \
|
$(srcdir)/validator/val_nsec3.h $(srcdir)/util/rbtree.h $(srcdir)/sldns/rrdef.h $(srcdir)/sldns/keyraw.h \
|
||||||
$(srcdir)/sldns/sbuffer.h
|
$(srcdir)/sldns/sbuffer.h \
|
||||||
|
|
||||||
val_sigcrypt.lo val_sigcrypt.o: $(srcdir)/validator/val_sigcrypt.c config.h \
|
val_sigcrypt.lo val_sigcrypt.o: $(srcdir)/validator/val_sigcrypt.c config.h \
|
||||||
$(srcdir)/validator/val_sigcrypt.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/storage/lruhash.h \
|
$(srcdir)/validator/val_sigcrypt.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/storage/lruhash.h \
|
||||||
$(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/validator/val_secalgo.h $(srcdir)/validator/validator.h \
|
$(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/validator/val_secalgo.h $(srcdir)/validator/validator.h \
|
||||||
$(srcdir)/util/module.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h \
|
$(srcdir)/util/module.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h \
|
||||||
$(srcdir)/sldns/rrdef.h $(srcdir)/validator/val_utils.h $(srcdir)/util/data/dname.h $(srcdir)/util/rbtree.h \
|
$(srcdir)/sldns/rrdef.h $(srcdir)/validator/val_utils.h $(srcdir)/util/data/dname.h $(srcdir)/util/rbtree.h \
|
||||||
$(srcdir)/util/net_help.h $(srcdir)/util/regional.h $(srcdir)/util/config_file.h $(srcdir)/sldns/keyraw.h \
|
$(srcdir)/util/net_help.h $(srcdir)/util/regional.h $(srcdir)/util/config_file.h $(srcdir)/sldns/keyraw.h \
|
||||||
$(srcdir)/sldns/sbuffer.h $(srcdir)/sldns/parseutil.h $(srcdir)/sldns/wire2str.h
|
$(srcdir)/sldns/sbuffer.h $(srcdir)/sldns/parseutil.h $(srcdir)/sldns/wire2str.h \
|
||||||
|
|
||||||
val_utils.lo val_utils.o: $(srcdir)/validator/val_utils.c config.h $(srcdir)/validator/val_utils.h \
|
val_utils.lo val_utils.o: $(srcdir)/validator/val_utils.c config.h $(srcdir)/validator/val_utils.h \
|
||||||
$(srcdir)/util/data/packed_rrset.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h \
|
$(srcdir)/util/data/packed_rrset.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h \
|
||||||
$(srcdir)/validator/validator.h $(srcdir)/util/module.h $(srcdir)/util/data/msgreply.h \
|
$(srcdir)/validator/validator.h $(srcdir)/util/module.h $(srcdir)/util/data/msgreply.h \
|
||||||
@ -958,15 +989,16 @@ val_utils.lo val_utils.o: $(srcdir)/validator/val_utils.c config.h $(srcdir)/val
|
|||||||
$(srcdir)/validator/val_sigcrypt.h $(srcdir)/validator/val_anchor.h $(srcdir)/util/rbtree.h \
|
$(srcdir)/validator/val_sigcrypt.h $(srcdir)/validator/val_anchor.h $(srcdir)/util/rbtree.h \
|
||||||
$(srcdir)/validator/val_nsec.h $(srcdir)/validator/val_neg.h $(srcdir)/services/cache/rrset.h \
|
$(srcdir)/validator/val_nsec.h $(srcdir)/validator/val_neg.h $(srcdir)/services/cache/rrset.h \
|
||||||
$(srcdir)/util/storage/slabhash.h $(srcdir)/services/cache/dns.h $(srcdir)/util/data/dname.h \
|
$(srcdir)/util/storage/slabhash.h $(srcdir)/services/cache/dns.h $(srcdir)/util/data/dname.h \
|
||||||
$(srcdir)/util/net_help.h $(srcdir)/util/regional.h $(srcdir)/sldns/wire2str.h $(srcdir)/sldns/parseutil.h
|
$(srcdir)/util/net_help.h $(srcdir)/util/regional.h $(srcdir)/util/config_file.h $(srcdir)/sldns/wire2str.h \
|
||||||
|
$(srcdir)/sldns/parseutil.h
|
||||||
dns64.lo dns64.o: $(srcdir)/dns64/dns64.c config.h $(srcdir)/dns64/dns64.h $(srcdir)/util/module.h \
|
dns64.lo dns64.o: $(srcdir)/dns64/dns64.c config.h $(srcdir)/dns64/dns64.h $(srcdir)/util/module.h \
|
||||||
$(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/util/data/msgreply.h \
|
$(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/util/data/msgreply.h \
|
||||||
$(srcdir)/util/data/packed_rrset.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h \
|
$(srcdir)/util/data/packed_rrset.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h \
|
||||||
$(srcdir)/sldns/rrdef.h $(srcdir)/services/cache/dns.h $(srcdir)/services/cache/rrset.h \
|
$(srcdir)/sldns/rrdef.h $(srcdir)/services/cache/dns.h $(srcdir)/services/cache/rrset.h \
|
||||||
$(srcdir)/util/storage/slabhash.h $(srcdir)/util/config_file.h $(srcdir)/util/fptr_wlist.h \
|
$(srcdir)/util/storage/slabhash.h $(srcdir)/util/config_file.h $(srcdir)/util/fptr_wlist.h \
|
||||||
$(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \
|
$(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \
|
||||||
$(srcdir)/util/tube.h $(srcdir)/services/mesh.h $(srcdir)/util/rbtree.h $(srcdir)/services/modstack.h \
|
$(srcdir)/dnscrypt/cert.h $(srcdir)/util/tube.h $(srcdir)/services/mesh.h $(srcdir)/util/rbtree.h \
|
||||||
$(srcdir)/util/net_help.h $(srcdir)/util/regional.h
|
$(srcdir)/services/modstack.h $(srcdir)/util/net_help.h $(srcdir)/util/regional.h
|
||||||
edns-subnet.lo edns-subnet.o: $(srcdir)/edns-subnet/edns-subnet.c config.h \
|
edns-subnet.lo edns-subnet.o: $(srcdir)/edns-subnet/edns-subnet.c config.h \
|
||||||
$(srcdir)/edns-subnet/edns-subnet.h $(srcdir)/util/net_help.h $(srcdir)/util/log.h
|
$(srcdir)/edns-subnet/edns-subnet.h $(srcdir)/util/net_help.h $(srcdir)/util/log.h
|
||||||
subnetmod.lo subnetmod.o: $(srcdir)/edns-subnet/subnetmod.c config.h $(srcdir)/edns-subnet/subnetmod.h \
|
subnetmod.lo subnetmod.o: $(srcdir)/edns-subnet/subnetmod.c config.h $(srcdir)/edns-subnet/subnetmod.h \
|
||||||
@ -976,8 +1008,9 @@ subnetmod.lo subnetmod.o: $(srcdir)/edns-subnet/subnetmod.c config.h $(srcdir)/e
|
|||||||
$(srcdir)/util/net_help.h $(srcdir)/util/storage/slabhash.h $(srcdir)/edns-subnet/addrtree.h \
|
$(srcdir)/util/net_help.h $(srcdir)/util/storage/slabhash.h $(srcdir)/edns-subnet/addrtree.h \
|
||||||
$(srcdir)/edns-subnet/edns-subnet.h $(srcdir)/edns-subnet/subnet-whitelist.h \
|
$(srcdir)/edns-subnet/edns-subnet.h $(srcdir)/edns-subnet/subnet-whitelist.h \
|
||||||
$(srcdir)/util/storage/dnstree.h $(srcdir)/util/rbtree.h $(srcdir)/services/mesh.h $(srcdir)/util/netevent.h \
|
$(srcdir)/util/storage/dnstree.h $(srcdir)/util/rbtree.h $(srcdir)/services/mesh.h $(srcdir)/util/netevent.h \
|
||||||
$(srcdir)/dnscrypt/dnscrypt.h $(srcdir)/services/modstack.h \
|
$(srcdir)/dnscrypt/dnscrypt.h $(srcdir)/dnscrypt/cert.h \
|
||||||
$(srcdir)/services/cache/dns.h $(srcdir)/util/regional.h $(srcdir)/util/config_file.h $(srcdir)/sldns/sbuffer.h
|
$(srcdir)/services/modstack.h $(srcdir)/services/cache/dns.h $(srcdir)/util/regional.h \
|
||||||
|
$(srcdir)/util/config_file.h $(srcdir)/sldns/sbuffer.h
|
||||||
addrtree.lo addrtree.o: $(srcdir)/edns-subnet/addrtree.c config.h $(srcdir)/util/log.h \
|
addrtree.lo addrtree.o: $(srcdir)/edns-subnet/addrtree.c config.h $(srcdir)/util/log.h \
|
||||||
$(srcdir)/util/data/msgreply.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h \
|
$(srcdir)/util/data/msgreply.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h \
|
||||||
$(srcdir)/util/data/packed_rrset.h $(srcdir)/util/module.h $(srcdir)/util/data/msgparse.h \
|
$(srcdir)/util/data/packed_rrset.h $(srcdir)/util/module.h $(srcdir)/util/data/msgparse.h \
|
||||||
@ -985,18 +1018,43 @@ addrtree.lo addrtree.o: $(srcdir)/edns-subnet/addrtree.c config.h $(srcdir)/util
|
|||||||
subnet-whitelist.lo subnet-whitelist.o: $(srcdir)/edns-subnet/subnet-whitelist.c config.h \
|
subnet-whitelist.lo subnet-whitelist.o: $(srcdir)/edns-subnet/subnet-whitelist.c config.h \
|
||||||
$(srcdir)/edns-subnet/edns-subnet.h $(srcdir)/util/net_help.h $(srcdir)/util/log.h \
|
$(srcdir)/edns-subnet/edns-subnet.h $(srcdir)/util/net_help.h $(srcdir)/util/log.h \
|
||||||
$(srcdir)/edns-subnet/subnet-whitelist.h $(srcdir)/util/storage/dnstree.h $(srcdir)/util/rbtree.h \
|
$(srcdir)/edns-subnet/subnet-whitelist.h $(srcdir)/util/storage/dnstree.h $(srcdir)/util/rbtree.h \
|
||||||
$(srcdir)/util/regional.h $(srcdir)/util/config_file.h
|
$(srcdir)/util/regional.h $(srcdir)/util/config_file.h $(srcdir)/sldns/str2wire.h $(srcdir)/sldns/rrdef.h \
|
||||||
cachedb.lo cachedb.o: $(srcdir)/cachedb/cachedb.c config.h
|
$(srcdir)/util/data/dname.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h
|
||||||
|
cachedb.lo cachedb.o: $(srcdir)/cachedb/cachedb.c config.h $(srcdir)/cachedb/cachedb.h $(srcdir)/util/module.h \
|
||||||
|
$(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/util/data/msgreply.h \
|
||||||
|
$(srcdir)/util/data/packed_rrset.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h \
|
||||||
|
$(srcdir)/sldns/rrdef.h $(srcdir)/util/regional.h $(srcdir)/util/net_help.h $(srcdir)/util/config_file.h \
|
||||||
|
$(srcdir)/util/data/msgencode.h $(srcdir)/services/cache/dns.h $(srcdir)/validator/val_neg.h \
|
||||||
|
$(srcdir)/util/rbtree.h $(srcdir)/validator/val_secalgo.h $(srcdir)/iterator/iter_utils.h \
|
||||||
|
$(srcdir)/iterator/iter_resptype.h $(srcdir)/sldns/parseutil.h $(srcdir)/sldns/wire2str.h \
|
||||||
|
$(srcdir)/sldns/sbuffer.h
|
||||||
respip.lo respip.o: $(srcdir)/respip/respip.c config.h $(srcdir)/services/localzone.h $(srcdir)/util/rbtree.h \
|
respip.lo respip.o: $(srcdir)/respip/respip.c config.h $(srcdir)/services/localzone.h $(srcdir)/util/rbtree.h \
|
||||||
$(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/util/storage/dnstree.h $(srcdir)/util/module.h \
|
$(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/util/storage/dnstree.h $(srcdir)/util/module.h \
|
||||||
$(srcdir)/util/storage/lruhash.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h \
|
$(srcdir)/util/storage/lruhash.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h \
|
||||||
$(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/services/view.h \
|
$(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/services/view.h \
|
||||||
$(srcdir)/services/cache/dns.h $(srcdir)/sldns/str2wire.h $(srcdir)/util/config_file.h \
|
$(srcdir)/services/cache/dns.h $(srcdir)/sldns/str2wire.h $(srcdir)/util/config_file.h \
|
||||||
$(srcdir)/util/fptr_wlist.h $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \
|
$(srcdir)/util/fptr_wlist.h $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \
|
||||||
$(srcdir)/util/tube.h $(srcdir)/services/mesh.h \
|
$(srcdir)/dnscrypt/cert.h $(srcdir)/util/tube.h $(srcdir)/services/mesh.h \
|
||||||
$(srcdir)/services/modstack.h $(srcdir)/util/net_help.h $(srcdir)/util/regional.h $(srcdir)/respip/respip.h
|
$(srcdir)/services/modstack.h $(srcdir)/util/net_help.h $(srcdir)/util/regional.h $(srcdir)/respip/respip.h
|
||||||
checklocks.lo checklocks.o: $(srcdir)/testcode/checklocks.c config.h $(srcdir)/util/locks.h $(srcdir)/util/log.h \
|
checklocks.lo checklocks.o: $(srcdir)/testcode/checklocks.c config.h $(srcdir)/util/locks.h $(srcdir)/util/log.h \
|
||||||
$(srcdir)/testcode/checklocks.h
|
$(srcdir)/testcode/checklocks.h
|
||||||
|
dnscrypt.lo dnscrypt.o: $(srcdir)/dnscrypt/dnscrypt.c config.h $(srcdir)/sldns/sbuffer.h \
|
||||||
|
$(srcdir)/util/config_file.h $(srcdir)/util/net_help.h $(srcdir)/util/log.h $(srcdir)/util/netevent.h \
|
||||||
|
$(srcdir)/dnscrypt/dnscrypt.h $(srcdir)/dnscrypt/cert.h
|
||||||
|
ipsecmod.lo ipsecmod.o: $(srcdir)/ipsecmod/ipsecmod.c config.h $(srcdir)/ipsecmod/ipsecmod.h \
|
||||||
|
$(srcdir)/util/module.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h \
|
||||||
|
$(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/data/msgparse.h \
|
||||||
|
$(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/rbtree.h $(srcdir)/ipsecmod/ipsecmod-whitelist.h \
|
||||||
|
$(srcdir)/util/storage/dnstree.h $(srcdir)/util/fptr_wlist.h $(srcdir)/util/netevent.h \
|
||||||
|
$(srcdir)/dnscrypt/dnscrypt.h $(srcdir)/dnscrypt/cert.h \
|
||||||
|
$(srcdir)/util/tube.h $(srcdir)/services/mesh.h $(srcdir)/services/modstack.h $(srcdir)/util/regional.h \
|
||||||
|
$(srcdir)/util/net_help.h $(srcdir)/util/config_file.h $(srcdir)/services/cache/dns.h $(srcdir)/sldns/wire2str.h
|
||||||
|
ipsecmod-whitelist.lo ipsecmod-whitelist.o: $(srcdir)/ipsecmod/ipsecmod-whitelist.c config.h \
|
||||||
|
$(srcdir)/ipsecmod/ipsecmod.h $(srcdir)/util/module.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h \
|
||||||
|
$(srcdir)/util/log.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h \
|
||||||
|
$(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/rbtree.h \
|
||||||
|
$(srcdir)/ipsecmod/ipsecmod-whitelist.h $(srcdir)/util/storage/dnstree.h $(srcdir)/util/regional.h \
|
||||||
|
$(srcdir)/util/config_file.h $(srcdir)/util/data/dname.h $(srcdir)/sldns/str2wire.h
|
||||||
unitanchor.lo unitanchor.o: $(srcdir)/testcode/unitanchor.c config.h $(srcdir)/util/log.h $(srcdir)/util/data/dname.h \
|
unitanchor.lo unitanchor.o: $(srcdir)/testcode/unitanchor.c config.h $(srcdir)/util/log.h $(srcdir)/util/data/dname.h \
|
||||||
$(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/testcode/unitmain.h \
|
$(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/testcode/unitmain.h \
|
||||||
$(srcdir)/validator/val_anchor.h $(srcdir)/util/rbtree.h $(srcdir)/sldns/sbuffer.h $(srcdir)/sldns/rrdef.h
|
$(srcdir)/validator/val_anchor.h $(srcdir)/util/rbtree.h $(srcdir)/sldns/sbuffer.h $(srcdir)/sldns/rrdef.h
|
||||||
@ -1005,14 +1063,15 @@ unitdname.lo unitdname.o: $(srcdir)/testcode/unitdname.c config.h $(srcdir)/util
|
|||||||
$(srcdir)/sldns/str2wire.h $(srcdir)/sldns/rrdef.h
|
$(srcdir)/sldns/str2wire.h $(srcdir)/sldns/rrdef.h
|
||||||
unitlruhash.lo unitlruhash.o: $(srcdir)/testcode/unitlruhash.c config.h $(srcdir)/testcode/unitmain.h \
|
unitlruhash.lo unitlruhash.o: $(srcdir)/testcode/unitlruhash.c config.h $(srcdir)/testcode/unitmain.h \
|
||||||
$(srcdir)/util/log.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/storage/slabhash.h
|
$(srcdir)/util/log.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/storage/slabhash.h
|
||||||
unitmain.lo unitmain.o: $(srcdir)/testcode/unitmain.c config.h $(srcdir)/sldns/rrdef.h $(srcdir)/sldns/keyraw.h \
|
unitmain.lo unitmain.o: $(srcdir)/testcode/unitmain.c config.h \
|
||||||
|
$(srcdir)/sldns/rrdef.h $(srcdir)/sldns/keyraw.h \
|
||||||
$(srcdir)/util/log.h $(srcdir)/testcode/unitmain.h $(srcdir)/util/alloc.h $(srcdir)/util/locks.h $(srcdir)/util/net_help.h \
|
$(srcdir)/util/log.h $(srcdir)/testcode/unitmain.h $(srcdir)/util/alloc.h $(srcdir)/util/locks.h $(srcdir)/util/net_help.h \
|
||||||
$(srcdir)/util/config_file.h $(srcdir)/util/rtt.h $(srcdir)/services/cache/infra.h \
|
$(srcdir)/util/config_file.h $(srcdir)/util/rtt.h $(srcdir)/util/timehist.h $(srcdir)/libunbound/unbound.h \
|
||||||
$(srcdir)/util/storage/lruhash.h $(srcdir)/util/storage/dnstree.h $(srcdir)/util/rbtree.h \
|
$(srcdir)/services/cache/infra.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/storage/dnstree.h \
|
||||||
$(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \
|
$(srcdir)/util/rbtree.h $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \
|
||||||
$(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/random.h \
|
$(srcdir)/dnscrypt/cert.h $(srcdir)/util/data/msgreply.h \
|
||||||
$(srcdir)/respip/respip.h $(srcdir)/util/module.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h \
|
$(srcdir)/util/data/packed_rrset.h $(srcdir)/util/random.h $(srcdir)/respip/respip.h $(srcdir)/util/module.h \
|
||||||
$(srcdir)/services/localzone.h $(srcdir)/services/view.h
|
$(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/services/localzone.h $(srcdir)/services/view.h
|
||||||
unitmsgparse.lo unitmsgparse.o: $(srcdir)/testcode/unitmsgparse.c config.h $(srcdir)/util/log.h \
|
unitmsgparse.lo unitmsgparse.o: $(srcdir)/testcode/unitmsgparse.c config.h $(srcdir)/util/log.h \
|
||||||
$(srcdir)/testcode/unitmain.h $(srcdir)/util/data/msgparse.h $(srcdir)/util/storage/lruhash.h \
|
$(srcdir)/testcode/unitmain.h $(srcdir)/util/data/msgparse.h $(srcdir)/util/storage/lruhash.h \
|
||||||
$(srcdir)/util/locks.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/data/msgreply.h \
|
$(srcdir)/util/locks.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/data/msgreply.h \
|
||||||
@ -1049,18 +1108,24 @@ unitecs.lo unitecs.o: $(srcdir)/testcode/unitecs.c config.h $(srcdir)/util/log.h
|
|||||||
$(srcdir)/sldns/rrdef.h $(srcdir)/testcode/unitmain.h $(srcdir)/edns-subnet/addrtree.h \
|
$(srcdir)/sldns/rrdef.h $(srcdir)/testcode/unitmain.h $(srcdir)/edns-subnet/addrtree.h \
|
||||||
$(srcdir)/edns-subnet/subnetmod.h $(srcdir)/services/outbound_list.h $(srcdir)/util/alloc.h \
|
$(srcdir)/edns-subnet/subnetmod.h $(srcdir)/services/outbound_list.h $(srcdir)/util/alloc.h \
|
||||||
$(srcdir)/util/net_help.h $(srcdir)/util/storage/slabhash.h $(srcdir)/edns-subnet/edns-subnet.h
|
$(srcdir)/util/net_help.h $(srcdir)/util/storage/slabhash.h $(srcdir)/edns-subnet/edns-subnet.h
|
||||||
|
unitauth.lo unitauth.o: $(srcdir)/testcode/unitauth.c config.h $(srcdir)/services/authzone.h \
|
||||||
|
$(srcdir)/util/rbtree.h $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/testcode/unitmain.h \
|
||||||
|
$(srcdir)/util/regional.h $(srcdir)/util/net_help.h $(srcdir)/util/data/msgreply.h \
|
||||||
|
$(srcdir)/util/storage/lruhash.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/services/cache/dns.h \
|
||||||
|
$(srcdir)/sldns/str2wire.h $(srcdir)/sldns/rrdef.h $(srcdir)/sldns/wire2str.h $(srcdir)/sldns/sbuffer.h
|
||||||
acl_list.lo acl_list.o: $(srcdir)/daemon/acl_list.c config.h $(srcdir)/daemon/acl_list.h \
|
acl_list.lo acl_list.o: $(srcdir)/daemon/acl_list.c config.h $(srcdir)/daemon/acl_list.h \
|
||||||
$(srcdir)/util/storage/dnstree.h $(srcdir)/util/rbtree.h $(srcdir)/services/view.h $(srcdir)/util/locks.h \
|
$(srcdir)/util/storage/dnstree.h $(srcdir)/util/rbtree.h $(srcdir)/services/view.h $(srcdir)/util/locks.h \
|
||||||
$(srcdir)/util/log.h $(srcdir)/util/regional.h $(srcdir)/util/config_file.h $(srcdir)/util/net_help.h \
|
$(srcdir)/util/log.h $(srcdir)/util/regional.h $(srcdir)/util/config_file.h $(srcdir)/util/net_help.h \
|
||||||
$(srcdir)/services/localzone.h $(srcdir)/util/module.h $(srcdir)/util/storage/lruhash.h \
|
$(srcdir)/services/localzone.h $(srcdir)/util/module.h $(srcdir)/util/storage/lruhash.h \
|
||||||
$(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/data/msgparse.h \
|
$(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/data/msgparse.h \
|
||||||
$(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/sldns/str2wire.h
|
$(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/sldns/str2wire.h
|
||||||
cachedump.lo cachedump.o: $(srcdir)/daemon/cachedump.c config.h $(srcdir)/daemon/cachedump.h \
|
cachedump.lo cachedump.o: $(srcdir)/daemon/cachedump.c config.h \
|
||||||
$(srcdir)/daemon/remote.h $(srcdir)/daemon/worker.h $(srcdir)/libunbound/worker.h $(srcdir)/sldns/sbuffer.h \
|
$(srcdir)/daemon/cachedump.h $(srcdir)/daemon/remote.h $(srcdir)/daemon/worker.h $(srcdir)/libunbound/worker.h \
|
||||||
$(srcdir)/util/data/packed_rrset.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h \
|
$(srcdir)/sldns/sbuffer.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/storage/lruhash.h \
|
||||||
$(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \
|
$(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \
|
||||||
$(srcdir)/util/alloc.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h \
|
$(srcdir)/dnscrypt/cert.h $(srcdir)/util/alloc.h \
|
||||||
$(srcdir)/sldns/rrdef.h $(srcdir)/daemon/stats.h $(srcdir)/util/timehist.h $(srcdir)/util/module.h \
|
$(srcdir)/util/data/msgreply.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h \
|
||||||
|
$(srcdir)/daemon/stats.h $(srcdir)/util/timehist.h $(srcdir)/libunbound/unbound.h $(srcdir)/util/module.h \
|
||||||
$(srcdir)/dnstap/dnstap.h $(srcdir)/services/cache/rrset.h \
|
$(srcdir)/dnstap/dnstap.h $(srcdir)/services/cache/rrset.h \
|
||||||
$(srcdir)/util/storage/slabhash.h $(srcdir)/services/cache/dns.h $(srcdir)/services/cache/infra.h \
|
$(srcdir)/util/storage/slabhash.h $(srcdir)/services/cache/dns.h $(srcdir)/services/cache/infra.h \
|
||||||
$(srcdir)/util/storage/dnstree.h $(srcdir)/util/rbtree.h $(srcdir)/util/rtt.h $(srcdir)/util/regional.h \
|
$(srcdir)/util/storage/dnstree.h $(srcdir)/util/rbtree.h $(srcdir)/util/rtt.h $(srcdir)/util/regional.h \
|
||||||
@ -1068,24 +1133,27 @@ cachedump.lo cachedump.o: $(srcdir)/daemon/cachedump.c config.h $(srcdir)/daemon
|
|||||||
$(srcdir)/services/outbound_list.h $(srcdir)/iterator/iter_delegpt.h $(srcdir)/iterator/iter_utils.h \
|
$(srcdir)/services/outbound_list.h $(srcdir)/iterator/iter_delegpt.h $(srcdir)/iterator/iter_utils.h \
|
||||||
$(srcdir)/iterator/iter_resptype.h $(srcdir)/iterator/iter_fwd.h $(srcdir)/iterator/iter_hints.h \
|
$(srcdir)/iterator/iter_resptype.h $(srcdir)/iterator/iter_fwd.h $(srcdir)/iterator/iter_hints.h \
|
||||||
$(srcdir)/sldns/wire2str.h $(srcdir)/sldns/str2wire.h
|
$(srcdir)/sldns/wire2str.h $(srcdir)/sldns/str2wire.h
|
||||||
daemon.lo daemon.o: $(srcdir)/daemon/daemon.c config.h $(srcdir)/daemon/daemon.h $(srcdir)/util/locks.h \
|
daemon.lo daemon.o: $(srcdir)/daemon/daemon.c config.h \
|
||||||
$(srcdir)/util/log.h $(srcdir)/util/alloc.h $(srcdir)/services/modstack.h \
|
$(srcdir)/daemon/daemon.h $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/util/alloc.h $(srcdir)/services/modstack.h \
|
||||||
$(srcdir)/daemon/worker.h $(srcdir)/libunbound/worker.h \
|
$(srcdir)/daemon/worker.h \
|
||||||
$(srcdir)/sldns/sbuffer.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/storage/lruhash.h \
|
$(srcdir)/libunbound/worker.h $(srcdir)/sldns/sbuffer.h $(srcdir)/util/data/packed_rrset.h \
|
||||||
$(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h $(srcdir)/util/data/msgreply.h \
|
$(srcdir)/util/storage/lruhash.h $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \
|
||||||
$(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/daemon/stats.h \
|
$(srcdir)/dnscrypt/cert.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h \
|
||||||
$(srcdir)/util/timehist.h $(srcdir)/util/module.h $(srcdir)/dnstap/dnstap.h $(srcdir)/daemon/remote.h \
|
$(srcdir)/sldns/rrdef.h $(srcdir)/daemon/stats.h $(srcdir)/util/timehist.h $(srcdir)/libunbound/unbound.h \
|
||||||
|
$(srcdir)/util/module.h $(srcdir)/dnstap/dnstap.h $(srcdir)/daemon/remote.h \
|
||||||
$(srcdir)/daemon/acl_list.h $(srcdir)/util/storage/dnstree.h $(srcdir)/util/rbtree.h $(srcdir)/services/view.h \
|
$(srcdir)/daemon/acl_list.h $(srcdir)/util/storage/dnstree.h $(srcdir)/util/rbtree.h $(srcdir)/services/view.h \
|
||||||
$(srcdir)/util/config_file.h $(srcdir)/util/shm_side/shm_main.h $(srcdir)/util/storage/lookup3.h \
|
$(srcdir)/util/config_file.h $(srcdir)/util/shm_side/shm_main.h $(srcdir)/util/storage/lookup3.h \
|
||||||
$(srcdir)/util/storage/slabhash.h $(srcdir)/services/listen_dnsport.h $(srcdir)/services/cache/rrset.h \
|
$(srcdir)/util/storage/slabhash.h $(srcdir)/services/listen_dnsport.h $(srcdir)/services/cache/rrset.h \
|
||||||
$(srcdir)/services/cache/infra.h $(srcdir)/util/rtt.h $(srcdir)/services/localzone.h $(srcdir)/util/random.h \
|
$(srcdir)/services/cache/infra.h $(srcdir)/util/rtt.h $(srcdir)/services/localzone.h $(srcdir)/util/random.h \
|
||||||
$(srcdir)/util/tube.h $(srcdir)/util/net_help.h $(srcdir)/sldns/keyraw.h $(srcdir)/respip/respip.h
|
$(srcdir)/util/tube.h $(srcdir)/util/net_help.h $(srcdir)/sldns/keyraw.h $(srcdir)/respip/respip.h
|
||||||
remote.lo remote.o: $(srcdir)/daemon/remote.c config.h $(srcdir)/daemon/remote.h $(srcdir)/daemon/worker.h \
|
remote.lo remote.o: $(srcdir)/daemon/remote.c config.h \
|
||||||
$(srcdir)/libunbound/worker.h $(srcdir)/sldns/sbuffer.h $(srcdir)/util/data/packed_rrset.h \
|
$(srcdir)/daemon/remote.h \
|
||||||
$(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/util/netevent.h \
|
$(srcdir)/daemon/worker.h $(srcdir)/libunbound/worker.h $(srcdir)/sldns/sbuffer.h \
|
||||||
$(srcdir)/dnscrypt/dnscrypt.h $(srcdir)/util/alloc.h \
|
$(srcdir)/util/data/packed_rrset.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h \
|
||||||
$(srcdir)/util/data/msgreply.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h \
|
$(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \
|
||||||
$(srcdir)/daemon/stats.h $(srcdir)/util/timehist.h $(srcdir)/util/module.h $(srcdir)/dnstap/dnstap.h \
|
$(srcdir)/dnscrypt/cert.h $(srcdir)/util/alloc.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/msgparse.h \
|
||||||
|
$(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/daemon/stats.h $(srcdir)/util/timehist.h \
|
||||||
|
$(srcdir)/libunbound/unbound.h $(srcdir)/util/module.h $(srcdir)/dnstap/dnstap.h \
|
||||||
$(srcdir)/daemon/daemon.h $(srcdir)/services/modstack.h \
|
$(srcdir)/daemon/daemon.h $(srcdir)/services/modstack.h \
|
||||||
$(srcdir)/daemon/cachedump.h $(srcdir)/util/config_file.h $(srcdir)/util/net_help.h \
|
$(srcdir)/daemon/cachedump.h $(srcdir)/util/config_file.h $(srcdir)/util/net_help.h \
|
||||||
$(srcdir)/services/listen_dnsport.h $(srcdir)/services/cache/rrset.h $(srcdir)/util/storage/slabhash.h \
|
$(srcdir)/services/listen_dnsport.h $(srcdir)/services/cache/rrset.h $(srcdir)/util/storage/slabhash.h \
|
||||||
@ -1098,48 +1166,51 @@ remote.lo remote.o: $(srcdir)/daemon/remote.c config.h $(srcdir)/daemon/remote.h
|
|||||||
$(srcdir)/services/outside_network.h $(srcdir)/sldns/str2wire.h $(srcdir)/sldns/parseutil.h \
|
$(srcdir)/services/outside_network.h $(srcdir)/sldns/str2wire.h $(srcdir)/sldns/parseutil.h \
|
||||||
$(srcdir)/sldns/wire2str.h
|
$(srcdir)/sldns/wire2str.h
|
||||||
stats.lo stats.o: $(srcdir)/daemon/stats.c config.h $(srcdir)/daemon/stats.h $(srcdir)/util/timehist.h \
|
stats.lo stats.o: $(srcdir)/daemon/stats.c config.h $(srcdir)/daemon/stats.h $(srcdir)/util/timehist.h \
|
||||||
$(srcdir)/daemon/worker.h $(srcdir)/libunbound/worker.h $(srcdir)/sldns/sbuffer.h \
|
$(srcdir)/libunbound/unbound.h $(srcdir)/daemon/worker.h $(srcdir)/libunbound/worker.h $(srcdir)/sldns/sbuffer.h \
|
||||||
$(srcdir)/util/data/packed_rrset.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h \
|
$(srcdir)/util/data/packed_rrset.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h \
|
||||||
$(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \
|
$(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \
|
||||||
$(srcdir)/util/alloc.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h \
|
$(srcdir)/dnscrypt/cert.h $(srcdir)/util/alloc.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/msgparse.h \
|
||||||
$(srcdir)/sldns/rrdef.h $(srcdir)/util/module.h $(srcdir)/dnstap/dnstap.h \
|
$(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/module.h $(srcdir)/dnstap/dnstap.h \
|
||||||
$(srcdir)/daemon/daemon.h $(srcdir)/services/modstack.h $(srcdir)/services/mesh.h $(srcdir)/util/rbtree.h \
|
$(srcdir)/daemon/daemon.h $(srcdir)/services/modstack.h \
|
||||||
$(srcdir)/services/outside_network.h $(srcdir)/services/listen_dnsport.h $(srcdir)/util/config_file.h \
|
$(srcdir)/services/mesh.h $(srcdir)/util/rbtree.h $(srcdir)/services/outside_network.h \
|
||||||
$(srcdir)/util/tube.h $(srcdir)/util/net_help.h $(srcdir)/validator/validator.h $(srcdir)/validator/val_utils.h \
|
$(srcdir)/services/listen_dnsport.h $(srcdir)/util/config_file.h $(srcdir)/util/tube.h $(srcdir)/util/net_help.h \
|
||||||
$(srcdir)/services/cache/rrset.h $(srcdir)/util/storage/slabhash.h $(srcdir)/services/cache/infra.h \
|
$(srcdir)/validator/validator.h $(srcdir)/validator/val_utils.h $(srcdir)/services/cache/rrset.h \
|
||||||
$(srcdir)/util/storage/dnstree.h $(srcdir)/util/rtt.h $(srcdir)/validator/val_kcache.h
|
$(srcdir)/util/storage/slabhash.h $(srcdir)/services/cache/infra.h $(srcdir)/util/storage/dnstree.h \
|
||||||
|
$(srcdir)/util/rtt.h $(srcdir)/validator/val_kcache.h
|
||||||
unbound.lo unbound.o: $(srcdir)/daemon/unbound.c config.h $(srcdir)/util/log.h $(srcdir)/daemon/daemon.h \
|
unbound.lo unbound.o: $(srcdir)/daemon/unbound.c config.h $(srcdir)/util/log.h $(srcdir)/daemon/daemon.h \
|
||||||
$(srcdir)/util/locks.h $(srcdir)/util/alloc.h $(srcdir)/services/modstack.h \
|
$(srcdir)/util/locks.h $(srcdir)/util/alloc.h $(srcdir)/services/modstack.h \
|
||||||
$(srcdir)/daemon/remote.h $(srcdir)/util/config_file.h \
|
$(srcdir)/daemon/remote.h \
|
||||||
$(srcdir)/util/storage/slabhash.h $(srcdir)/util/storage/lruhash.h $(srcdir)/services/listen_dnsport.h \
|
$(srcdir)/util/config_file.h $(srcdir)/util/storage/slabhash.h $(srcdir)/util/storage/lruhash.h \
|
||||||
$(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h $(srcdir)/services/cache/rrset.h \
|
$(srcdir)/services/listen_dnsport.h $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \
|
||||||
$(srcdir)/util/data/packed_rrset.h $(srcdir)/services/cache/infra.h $(srcdir)/util/storage/dnstree.h \
|
$(srcdir)/dnscrypt/cert.h $(srcdir)/services/cache/rrset.h $(srcdir)/util/data/packed_rrset.h \
|
||||||
$(srcdir)/util/rbtree.h $(srcdir)/util/rtt.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/fptr_wlist.h \
|
$(srcdir)/services/cache/infra.h $(srcdir)/util/storage/dnstree.h $(srcdir)/util/rbtree.h $(srcdir)/util/rtt.h \
|
||||||
$(srcdir)/util/module.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h \
|
$(srcdir)/util/data/msgreply.h $(srcdir)/util/fptr_wlist.h $(srcdir)/util/module.h \
|
||||||
$(srcdir)/util/tube.h $(srcdir)/services/mesh.h $(srcdir)/util/net_help.h $(srcdir)/util/ub_event.h
|
$(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/tube.h \
|
||||||
|
$(srcdir)/services/mesh.h $(srcdir)/util/net_help.h $(srcdir)/util/ub_event.h
|
||||||
worker.lo worker.o: $(srcdir)/daemon/worker.c config.h $(srcdir)/util/log.h $(srcdir)/util/net_help.h \
|
worker.lo worker.o: $(srcdir)/daemon/worker.c config.h $(srcdir)/util/log.h $(srcdir)/util/net_help.h \
|
||||||
$(srcdir)/util/random.h $(srcdir)/daemon/worker.h $(srcdir)/libunbound/worker.h $(srcdir)/sldns/sbuffer.h \
|
$(srcdir)/util/random.h $(srcdir)/daemon/worker.h $(srcdir)/libunbound/worker.h $(srcdir)/sldns/sbuffer.h \
|
||||||
$(srcdir)/util/data/packed_rrset.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h \
|
$(srcdir)/util/data/packed_rrset.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h \
|
||||||
$(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \
|
$(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \
|
||||||
$(srcdir)/util/alloc.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h \
|
$(srcdir)/dnscrypt/cert.h $(srcdir)/util/alloc.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/msgparse.h \
|
||||||
$(srcdir)/sldns/rrdef.h $(srcdir)/daemon/stats.h $(srcdir)/util/timehist.h $(srcdir)/util/module.h \
|
$(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/daemon/stats.h $(srcdir)/util/timehist.h \
|
||||||
$(srcdir)/dnstap/dnstap.h $(srcdir)/daemon/daemon.h \
|
$(srcdir)/libunbound/unbound.h $(srcdir)/util/module.h $(srcdir)/dnstap/dnstap.h \
|
||||||
$(srcdir)/services/modstack.h $(srcdir)/daemon/remote.h $(srcdir)/daemon/acl_list.h \
|
$(srcdir)/daemon/daemon.h $(srcdir)/services/modstack.h \
|
||||||
$(srcdir)/util/storage/dnstree.h $(srcdir)/util/rbtree.h $(srcdir)/services/view.h $(srcdir)/util/config_file.h \
|
$(srcdir)/daemon/remote.h \
|
||||||
$(srcdir)/util/regional.h $(srcdir)/util/storage/slabhash.h $(srcdir)/services/listen_dnsport.h \
|
$(srcdir)/daemon/acl_list.h $(srcdir)/util/storage/dnstree.h $(srcdir)/util/rbtree.h $(srcdir)/services/view.h \
|
||||||
$(srcdir)/services/outside_network.h $(srcdir)/services/outbound_list.h \
|
$(srcdir)/util/config_file.h $(srcdir)/util/regional.h $(srcdir)/util/storage/slabhash.h \
|
||||||
$(srcdir)/services/cache/rrset.h $(srcdir)/services/cache/infra.h $(srcdir)/util/rtt.h \
|
$(srcdir)/services/listen_dnsport.h $(srcdir)/services/outside_network.h \
|
||||||
$(srcdir)/services/cache/dns.h $(srcdir)/services/mesh.h $(srcdir)/services/localzone.h \
|
$(srcdir)/services/outbound_list.h $(srcdir)/services/cache/rrset.h $(srcdir)/services/cache/infra.h \
|
||||||
|
$(srcdir)/util/rtt.h $(srcdir)/services/cache/dns.h $(srcdir)/services/mesh.h $(srcdir)/services/localzone.h \
|
||||||
$(srcdir)/util/data/msgencode.h $(srcdir)/util/data/dname.h $(srcdir)/util/fptr_wlist.h $(srcdir)/util/tube.h \
|
$(srcdir)/util/data/msgencode.h $(srcdir)/util/data/dname.h $(srcdir)/util/fptr_wlist.h $(srcdir)/util/tube.h \
|
||||||
$(srcdir)/iterator/iter_fwd.h $(srcdir)/iterator/iter_hints.h $(srcdir)/validator/autotrust.h \
|
$(srcdir)/iterator/iter_fwd.h $(srcdir)/iterator/iter_hints.h $(srcdir)/validator/autotrust.h \
|
||||||
$(srcdir)/validator/val_anchor.h $(srcdir)/respip/respip.h $(srcdir)/libunbound/context.h \
|
$(srcdir)/validator/val_anchor.h $(srcdir)/respip/respip.h $(srcdir)/libunbound/context.h \
|
||||||
$(srcdir)/libunbound/unbound.h $(srcdir)/libunbound/libworker.h $(srcdir)/sldns/wire2str.h \
|
$(srcdir)/libunbound/libworker.h $(srcdir)/sldns/wire2str.h $(srcdir)/util/shm_side/shm_main.h
|
||||||
$(srcdir)/util/shm_side/shm_main.h
|
|
||||||
testbound.lo testbound.o: $(srcdir)/testcode/testbound.c config.h $(srcdir)/testcode/testpkts.h \
|
testbound.lo testbound.o: $(srcdir)/testcode/testbound.c config.h $(srcdir)/testcode/testpkts.h \
|
||||||
$(srcdir)/testcode/replay.h $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \
|
$(srcdir)/testcode/replay.h $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \
|
||||||
$(srcdir)/util/rbtree.h $(srcdir)/testcode/fake_event.h \
|
$(srcdir)/dnscrypt/cert.h $(srcdir)/util/rbtree.h \
|
||||||
$(srcdir)/daemon/remote.h $(srcdir)/util/config_file.h $(srcdir)/sldns/keyraw.h $(srcdir)/daemon/unbound.c \
|
$(srcdir)/testcode/fake_event.h $(srcdir)/daemon/remote.h \
|
||||||
$(srcdir)/util/log.h $(srcdir)/daemon/daemon.h $(srcdir)/util/locks.h $(srcdir)/util/alloc.h $(srcdir)/services/modstack.h \
|
$(srcdir)/util/config_file.h $(srcdir)/sldns/keyraw.h $(srcdir)/daemon/unbound.c $(srcdir)/util/log.h \
|
||||||
|
$(srcdir)/daemon/daemon.h $(srcdir)/util/locks.h $(srcdir)/util/alloc.h $(srcdir)/services/modstack.h \
|
||||||
$(srcdir)/util/storage/slabhash.h $(srcdir)/util/storage/lruhash.h \
|
$(srcdir)/util/storage/slabhash.h $(srcdir)/util/storage/lruhash.h \
|
||||||
$(srcdir)/services/listen_dnsport.h $(srcdir)/services/cache/rrset.h \
|
$(srcdir)/services/listen_dnsport.h $(srcdir)/services/cache/rrset.h \
|
||||||
$(srcdir)/util/data/packed_rrset.h $(srcdir)/services/cache/infra.h $(srcdir)/util/storage/dnstree.h \
|
$(srcdir)/util/data/packed_rrset.h $(srcdir)/services/cache/infra.h $(srcdir)/util/storage/dnstree.h \
|
||||||
@ -1153,69 +1224,72 @@ worker.lo worker.o: $(srcdir)/daemon/worker.c config.h $(srcdir)/util/log.h $(sr
|
|||||||
$(srcdir)/util/random.h $(srcdir)/daemon/worker.h $(srcdir)/libunbound/worker.h $(srcdir)/sldns/sbuffer.h \
|
$(srcdir)/util/random.h $(srcdir)/daemon/worker.h $(srcdir)/libunbound/worker.h $(srcdir)/sldns/sbuffer.h \
|
||||||
$(srcdir)/util/data/packed_rrset.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h \
|
$(srcdir)/util/data/packed_rrset.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h \
|
||||||
$(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \
|
$(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \
|
||||||
$(srcdir)/util/alloc.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h \
|
$(srcdir)/dnscrypt/cert.h $(srcdir)/util/alloc.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/msgparse.h \
|
||||||
$(srcdir)/sldns/rrdef.h $(srcdir)/daemon/stats.h $(srcdir)/util/timehist.h $(srcdir)/util/module.h \
|
$(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/daemon/stats.h $(srcdir)/util/timehist.h \
|
||||||
$(srcdir)/dnstap/dnstap.h $(srcdir)/daemon/daemon.h \
|
$(srcdir)/libunbound/unbound.h $(srcdir)/util/module.h $(srcdir)/dnstap/dnstap.h \
|
||||||
$(srcdir)/services/modstack.h $(srcdir)/daemon/remote.h $(srcdir)/daemon/acl_list.h \
|
$(srcdir)/daemon/daemon.h $(srcdir)/services/modstack.h \
|
||||||
$(srcdir)/util/storage/dnstree.h $(srcdir)/util/rbtree.h $(srcdir)/services/view.h $(srcdir)/util/config_file.h \
|
$(srcdir)/daemon/remote.h \
|
||||||
$(srcdir)/util/regional.h $(srcdir)/util/storage/slabhash.h $(srcdir)/services/listen_dnsport.h \
|
$(srcdir)/daemon/acl_list.h $(srcdir)/util/storage/dnstree.h $(srcdir)/util/rbtree.h $(srcdir)/services/view.h \
|
||||||
$(srcdir)/services/outside_network.h $(srcdir)/services/outbound_list.h \
|
$(srcdir)/util/config_file.h $(srcdir)/util/regional.h $(srcdir)/util/storage/slabhash.h \
|
||||||
$(srcdir)/services/cache/rrset.h $(srcdir)/services/cache/infra.h $(srcdir)/util/rtt.h \
|
$(srcdir)/services/listen_dnsport.h $(srcdir)/services/outside_network.h \
|
||||||
$(srcdir)/services/cache/dns.h $(srcdir)/services/mesh.h $(srcdir)/services/localzone.h \
|
$(srcdir)/services/outbound_list.h $(srcdir)/services/cache/rrset.h $(srcdir)/services/cache/infra.h \
|
||||||
|
$(srcdir)/util/rtt.h $(srcdir)/services/cache/dns.h $(srcdir)/services/mesh.h $(srcdir)/services/localzone.h \
|
||||||
$(srcdir)/util/data/msgencode.h $(srcdir)/util/data/dname.h $(srcdir)/util/fptr_wlist.h $(srcdir)/util/tube.h \
|
$(srcdir)/util/data/msgencode.h $(srcdir)/util/data/dname.h $(srcdir)/util/fptr_wlist.h $(srcdir)/util/tube.h \
|
||||||
$(srcdir)/iterator/iter_fwd.h $(srcdir)/iterator/iter_hints.h $(srcdir)/validator/autotrust.h \
|
$(srcdir)/iterator/iter_fwd.h $(srcdir)/iterator/iter_hints.h $(srcdir)/validator/autotrust.h \
|
||||||
$(srcdir)/validator/val_anchor.h $(srcdir)/respip/respip.h $(srcdir)/libunbound/context.h \
|
$(srcdir)/validator/val_anchor.h $(srcdir)/respip/respip.h $(srcdir)/libunbound/context.h \
|
||||||
$(srcdir)/libunbound/unbound.h $(srcdir)/libunbound/libworker.h $(srcdir)/sldns/wire2str.h \
|
$(srcdir)/libunbound/libworker.h $(srcdir)/sldns/wire2str.h $(srcdir)/util/shm_side/shm_main.h
|
||||||
$(srcdir)/util/shm_side/shm_main.h
|
|
||||||
acl_list.lo acl_list.o: $(srcdir)/daemon/acl_list.c config.h $(srcdir)/daemon/acl_list.h \
|
acl_list.lo acl_list.o: $(srcdir)/daemon/acl_list.c config.h $(srcdir)/daemon/acl_list.h \
|
||||||
$(srcdir)/util/storage/dnstree.h $(srcdir)/util/rbtree.h $(srcdir)/services/view.h $(srcdir)/util/locks.h \
|
$(srcdir)/util/storage/dnstree.h $(srcdir)/util/rbtree.h $(srcdir)/services/view.h $(srcdir)/util/locks.h \
|
||||||
$(srcdir)/util/log.h $(srcdir)/util/regional.h $(srcdir)/util/config_file.h $(srcdir)/util/net_help.h \
|
$(srcdir)/util/log.h $(srcdir)/util/regional.h $(srcdir)/util/config_file.h $(srcdir)/util/net_help.h \
|
||||||
$(srcdir)/services/localzone.h $(srcdir)/util/module.h $(srcdir)/util/storage/lruhash.h \
|
$(srcdir)/services/localzone.h $(srcdir)/util/module.h $(srcdir)/util/storage/lruhash.h \
|
||||||
$(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/data/msgparse.h \
|
$(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/data/msgparse.h \
|
||||||
$(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/sldns/str2wire.h
|
$(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/sldns/str2wire.h
|
||||||
daemon.lo daemon.o: $(srcdir)/daemon/daemon.c config.h $(srcdir)/daemon/daemon.h $(srcdir)/util/locks.h \
|
daemon.lo daemon.o: $(srcdir)/daemon/daemon.c config.h \
|
||||||
$(srcdir)/util/log.h $(srcdir)/util/alloc.h $(srcdir)/services/modstack.h \
|
$(srcdir)/daemon/daemon.h $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/util/alloc.h $(srcdir)/services/modstack.h \
|
||||||
$(srcdir)/daemon/worker.h $(srcdir)/libunbound/worker.h \
|
$(srcdir)/daemon/worker.h \
|
||||||
$(srcdir)/sldns/sbuffer.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/storage/lruhash.h \
|
$(srcdir)/libunbound/worker.h $(srcdir)/sldns/sbuffer.h $(srcdir)/util/data/packed_rrset.h \
|
||||||
$(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h $(srcdir)/util/data/msgreply.h \
|
$(srcdir)/util/storage/lruhash.h $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \
|
||||||
$(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/daemon/stats.h \
|
$(srcdir)/dnscrypt/cert.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h \
|
||||||
$(srcdir)/util/timehist.h $(srcdir)/util/module.h $(srcdir)/dnstap/dnstap.h $(srcdir)/daemon/remote.h \
|
$(srcdir)/sldns/rrdef.h $(srcdir)/daemon/stats.h $(srcdir)/util/timehist.h $(srcdir)/libunbound/unbound.h \
|
||||||
|
$(srcdir)/util/module.h $(srcdir)/dnstap/dnstap.h $(srcdir)/daemon/remote.h \
|
||||||
$(srcdir)/daemon/acl_list.h $(srcdir)/util/storage/dnstree.h $(srcdir)/util/rbtree.h $(srcdir)/services/view.h \
|
$(srcdir)/daemon/acl_list.h $(srcdir)/util/storage/dnstree.h $(srcdir)/util/rbtree.h $(srcdir)/services/view.h \
|
||||||
$(srcdir)/util/config_file.h $(srcdir)/util/shm_side/shm_main.h $(srcdir)/util/storage/lookup3.h \
|
$(srcdir)/util/config_file.h $(srcdir)/util/shm_side/shm_main.h $(srcdir)/util/storage/lookup3.h \
|
||||||
$(srcdir)/util/storage/slabhash.h $(srcdir)/services/listen_dnsport.h $(srcdir)/services/cache/rrset.h \
|
$(srcdir)/util/storage/slabhash.h $(srcdir)/services/listen_dnsport.h $(srcdir)/services/cache/rrset.h \
|
||||||
$(srcdir)/services/cache/infra.h $(srcdir)/util/rtt.h $(srcdir)/services/localzone.h $(srcdir)/util/random.h \
|
$(srcdir)/services/cache/infra.h $(srcdir)/util/rtt.h $(srcdir)/services/localzone.h $(srcdir)/util/random.h \
|
||||||
$(srcdir)/util/tube.h $(srcdir)/util/net_help.h $(srcdir)/sldns/keyraw.h $(srcdir)/respip/respip.h
|
$(srcdir)/util/tube.h $(srcdir)/util/net_help.h $(srcdir)/sldns/keyraw.h $(srcdir)/respip/respip.h
|
||||||
stats.lo stats.o: $(srcdir)/daemon/stats.c config.h $(srcdir)/daemon/stats.h $(srcdir)/util/timehist.h \
|
stats.lo stats.o: $(srcdir)/daemon/stats.c config.h $(srcdir)/daemon/stats.h $(srcdir)/util/timehist.h \
|
||||||
$(srcdir)/daemon/worker.h $(srcdir)/libunbound/worker.h $(srcdir)/sldns/sbuffer.h \
|
$(srcdir)/libunbound/unbound.h $(srcdir)/daemon/worker.h $(srcdir)/libunbound/worker.h $(srcdir)/sldns/sbuffer.h \
|
||||||
$(srcdir)/util/data/packed_rrset.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h \
|
$(srcdir)/util/data/packed_rrset.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h \
|
||||||
$(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \
|
$(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \
|
||||||
$(srcdir)/util/alloc.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h \
|
$(srcdir)/dnscrypt/cert.h $(srcdir)/util/alloc.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/msgparse.h \
|
||||||
$(srcdir)/sldns/rrdef.h $(srcdir)/util/module.h $(srcdir)/dnstap/dnstap.h \
|
$(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/module.h $(srcdir)/dnstap/dnstap.h \
|
||||||
$(srcdir)/daemon/daemon.h $(srcdir)/services/modstack.h $(srcdir)/services/mesh.h $(srcdir)/util/rbtree.h \
|
$(srcdir)/daemon/daemon.h $(srcdir)/services/modstack.h \
|
||||||
$(srcdir)/services/outside_network.h $(srcdir)/services/listen_dnsport.h $(srcdir)/util/config_file.h \
|
$(srcdir)/services/mesh.h $(srcdir)/util/rbtree.h $(srcdir)/services/outside_network.h \
|
||||||
$(srcdir)/util/tube.h $(srcdir)/util/net_help.h $(srcdir)/validator/validator.h $(srcdir)/validator/val_utils.h \
|
$(srcdir)/services/listen_dnsport.h $(srcdir)/util/config_file.h $(srcdir)/util/tube.h $(srcdir)/util/net_help.h \
|
||||||
$(srcdir)/services/cache/rrset.h $(srcdir)/util/storage/slabhash.h $(srcdir)/services/cache/infra.h \
|
$(srcdir)/validator/validator.h $(srcdir)/validator/val_utils.h $(srcdir)/services/cache/rrset.h \
|
||||||
$(srcdir)/util/storage/dnstree.h $(srcdir)/util/rtt.h $(srcdir)/validator/val_kcache.h
|
$(srcdir)/util/storage/slabhash.h $(srcdir)/services/cache/infra.h $(srcdir)/util/storage/dnstree.h \
|
||||||
|
$(srcdir)/util/rtt.h $(srcdir)/validator/val_kcache.h
|
||||||
replay.lo replay.o: $(srcdir)/testcode/replay.c config.h $(srcdir)/util/log.h $(srcdir)/util/net_help.h \
|
replay.lo replay.o: $(srcdir)/testcode/replay.c config.h $(srcdir)/util/log.h $(srcdir)/util/net_help.h \
|
||||||
$(srcdir)/util/config_file.h $(srcdir)/testcode/replay.h $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \
|
$(srcdir)/util/config_file.h $(srcdir)/testcode/replay.h $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \
|
||||||
$(srcdir)/testcode/testpkts.h $(srcdir)/util/rbtree.h \
|
$(srcdir)/dnscrypt/cert.h $(srcdir)/testcode/testpkts.h \
|
||||||
$(srcdir)/testcode/fake_event.h $(srcdir)/sldns/str2wire.h $(srcdir)/sldns/rrdef.h
|
$(srcdir)/util/rbtree.h $(srcdir)/testcode/fake_event.h $(srcdir)/sldns/str2wire.h $(srcdir)/sldns/rrdef.h
|
||||||
fake_event.lo fake_event.o: $(srcdir)/testcode/fake_event.c config.h $(srcdir)/testcode/fake_event.h \
|
fake_event.lo fake_event.o: $(srcdir)/testcode/fake_event.c config.h $(srcdir)/testcode/fake_event.h \
|
||||||
$(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \
|
$(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \
|
||||||
$(srcdir)/util/net_help.h $(srcdir)/util/log.h $(srcdir)/util/data/msgparse.h $(srcdir)/util/storage/lruhash.h \
|
$(srcdir)/dnscrypt/cert.h $(srcdir)/util/net_help.h $(srcdir)/util/log.h $(srcdir)/util/data/msgparse.h \
|
||||||
$(srcdir)/util/locks.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/data/msgreply.h \
|
$(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h \
|
||||||
$(srcdir)/util/data/packed_rrset.h $(srcdir)/util/data/msgencode.h $(srcdir)/util/data/dname.h \
|
$(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/data/msgencode.h \
|
||||||
$(srcdir)/util/config_file.h $(srcdir)/services/listen_dnsport.h $(srcdir)/services/outside_network.h \
|
$(srcdir)/util/data/dname.h $(srcdir)/util/config_file.h $(srcdir)/services/listen_dnsport.h \
|
||||||
$(srcdir)/util/rbtree.h $(srcdir)/services/cache/infra.h \
|
$(srcdir)/services/outside_network.h $(srcdir)/util/rbtree.h \
|
||||||
$(srcdir)/util/storage/dnstree.h $(srcdir)/util/rtt.h $(srcdir)/testcode/replay.h $(srcdir)/testcode/testpkts.h \
|
$(srcdir)/services/cache/infra.h $(srcdir)/util/storage/dnstree.h $(srcdir)/util/rtt.h \
|
||||||
$(srcdir)/util/fptr_wlist.h $(srcdir)/util/module.h $(srcdir)/util/tube.h $(srcdir)/services/mesh.h \
|
$(srcdir)/testcode/replay.h $(srcdir)/testcode/testpkts.h $(srcdir)/util/fptr_wlist.h $(srcdir)/util/module.h \
|
||||||
$(srcdir)/services/modstack.h $(srcdir)/sldns/sbuffer.h $(srcdir)/sldns/wire2str.h $(srcdir)/sldns/str2wire.h
|
$(srcdir)/util/tube.h $(srcdir)/services/mesh.h $(srcdir)/services/modstack.h $(srcdir)/sldns/sbuffer.h \
|
||||||
|
$(srcdir)/sldns/wire2str.h $(srcdir)/sldns/str2wire.h
|
||||||
lock_verify.lo lock_verify.o: $(srcdir)/testcode/lock_verify.c config.h $(srcdir)/util/log.h $(srcdir)/util/rbtree.h \
|
lock_verify.lo lock_verify.o: $(srcdir)/testcode/lock_verify.c config.h $(srcdir)/util/log.h $(srcdir)/util/rbtree.h \
|
||||||
$(srcdir)/util/locks.h $(srcdir)/util/fptr_wlist.h $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \
|
$(srcdir)/util/locks.h $(srcdir)/util/fptr_wlist.h $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \
|
||||||
$(srcdir)/util/storage/lruhash.h $(srcdir)/util/module.h \
|
$(srcdir)/dnscrypt/cert.h $(srcdir)/util/storage/lruhash.h \
|
||||||
$(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/data/msgparse.h \
|
$(srcdir)/util/module.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h \
|
||||||
$(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/tube.h $(srcdir)/services/mesh.h \
|
$(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/tube.h \
|
||||||
$(srcdir)/services/modstack.h
|
$(srcdir)/services/mesh.h $(srcdir)/services/modstack.h
|
||||||
pktview.lo pktview.o: $(srcdir)/testcode/pktview.c config.h $(srcdir)/util/log.h $(srcdir)/util/data/dname.h \
|
pktview.lo pktview.o: $(srcdir)/testcode/pktview.c config.h $(srcdir)/util/log.h $(srcdir)/util/data/dname.h \
|
||||||
$(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h \
|
$(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h \
|
||||||
$(srcdir)/sldns/rrdef.h $(srcdir)/testcode/unitmain.h $(srcdir)/testcode/readhex.h $(srcdir)/sldns/sbuffer.h \
|
$(srcdir)/sldns/rrdef.h $(srcdir)/testcode/unitmain.h $(srcdir)/testcode/readhex.h $(srcdir)/sldns/sbuffer.h \
|
||||||
@ -1224,10 +1298,10 @@ readhex.lo readhex.o: $(srcdir)/testcode/readhex.c config.h $(srcdir)/testcode/r
|
|||||||
$(srcdir)/sldns/sbuffer.h $(srcdir)/sldns/parseutil.h
|
$(srcdir)/sldns/sbuffer.h $(srcdir)/sldns/parseutil.h
|
||||||
memstats.lo memstats.o: $(srcdir)/testcode/memstats.c config.h $(srcdir)/util/log.h $(srcdir)/util/rbtree.h \
|
memstats.lo memstats.o: $(srcdir)/testcode/memstats.c config.h $(srcdir)/util/log.h $(srcdir)/util/rbtree.h \
|
||||||
$(srcdir)/util/locks.h $(srcdir)/util/fptr_wlist.h $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \
|
$(srcdir)/util/locks.h $(srcdir)/util/fptr_wlist.h $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \
|
||||||
$(srcdir)/util/storage/lruhash.h $(srcdir)/util/module.h \
|
$(srcdir)/dnscrypt/cert.h $(srcdir)/util/storage/lruhash.h \
|
||||||
$(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/data/msgparse.h \
|
$(srcdir)/util/module.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h \
|
||||||
$(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/tube.h $(srcdir)/services/mesh.h \
|
$(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/tube.h \
|
||||||
$(srcdir)/services/modstack.h
|
$(srcdir)/services/mesh.h $(srcdir)/services/modstack.h
|
||||||
unbound-checkconf.lo unbound-checkconf.o: $(srcdir)/smallapp/unbound-checkconf.c config.h $(srcdir)/util/log.h \
|
unbound-checkconf.lo unbound-checkconf.o: $(srcdir)/smallapp/unbound-checkconf.c config.h $(srcdir)/util/log.h \
|
||||||
$(srcdir)/util/config_file.h $(srcdir)/util/module.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h \
|
$(srcdir)/util/config_file.h $(srcdir)/util/module.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h \
|
||||||
$(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/data/msgparse.h \
|
$(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/data/msgparse.h \
|
||||||
@ -1235,14 +1309,14 @@ unbound-checkconf.lo unbound-checkconf.o: $(srcdir)/smallapp/unbound-checkconf.c
|
|||||||
$(srcdir)/iterator/iterator.h $(srcdir)/services/outbound_list.h $(srcdir)/iterator/iter_fwd.h \
|
$(srcdir)/iterator/iterator.h $(srcdir)/services/outbound_list.h $(srcdir)/iterator/iter_fwd.h \
|
||||||
$(srcdir)/util/rbtree.h $(srcdir)/iterator/iter_hints.h $(srcdir)/util/storage/dnstree.h \
|
$(srcdir)/util/rbtree.h $(srcdir)/iterator/iter_hints.h $(srcdir)/util/storage/dnstree.h \
|
||||||
$(srcdir)/validator/validator.h $(srcdir)/validator/val_utils.h $(srcdir)/services/localzone.h \
|
$(srcdir)/validator/validator.h $(srcdir)/validator/val_utils.h $(srcdir)/services/localzone.h \
|
||||||
$(srcdir)/services/view.h $(srcdir)/respip/respip.h $(srcdir)/sldns/sbuffer.h
|
$(srcdir)/services/view.h $(srcdir)/respip/respip.h $(srcdir)/sldns/sbuffer.h $(PYTHONMOD_HEADER)
|
||||||
worker_cb.lo worker_cb.o: $(srcdir)/smallapp/worker_cb.c config.h $(srcdir)/libunbound/context.h \
|
worker_cb.lo worker_cb.o: $(srcdir)/smallapp/worker_cb.c config.h $(srcdir)/libunbound/context.h \
|
||||||
$(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/util/alloc.h $(srcdir)/util/rbtree.h $(srcdir)/services/modstack.h \
|
$(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/util/alloc.h $(srcdir)/util/rbtree.h $(srcdir)/services/modstack.h \
|
||||||
$(srcdir)/libunbound/unbound.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/storage/lruhash.h \
|
$(srcdir)/libunbound/unbound.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/storage/lruhash.h \
|
||||||
$(srcdir)/libunbound/worker.h $(srcdir)/sldns/sbuffer.h $(srcdir)/util/fptr_wlist.h $(srcdir)/util/netevent.h \
|
$(srcdir)/libunbound/worker.h $(srcdir)/sldns/sbuffer.h $(srcdir)/util/fptr_wlist.h $(srcdir)/util/netevent.h \
|
||||||
$(srcdir)/dnscrypt/dnscrypt.h $(srcdir)/util/module.h \
|
$(srcdir)/dnscrypt/dnscrypt.h $(srcdir)/dnscrypt/cert.h \
|
||||||
$(srcdir)/util/data/msgreply.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h \
|
$(srcdir)/util/module.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h \
|
||||||
$(srcdir)/util/tube.h $(srcdir)/services/mesh.h
|
$(srcdir)/sldns/rrdef.h $(srcdir)/util/tube.h $(srcdir)/services/mesh.h
|
||||||
context.lo context.o: $(srcdir)/libunbound/context.c config.h $(srcdir)/libunbound/context.h \
|
context.lo context.o: $(srcdir)/libunbound/context.c config.h $(srcdir)/libunbound/context.h \
|
||||||
$(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/util/alloc.h $(srcdir)/util/rbtree.h $(srcdir)/services/modstack.h \
|
$(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/util/alloc.h $(srcdir)/util/rbtree.h $(srcdir)/services/modstack.h \
|
||||||
$(srcdir)/libunbound/unbound.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/storage/lruhash.h \
|
$(srcdir)/libunbound/unbound.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/storage/lruhash.h \
|
||||||
@ -1251,7 +1325,7 @@ context.lo context.o: $(srcdir)/libunbound/context.c config.h $(srcdir)/libunbou
|
|||||||
$(srcdir)/util/storage/dnstree.h $(srcdir)/services/view.h $(srcdir)/services/cache/rrset.h \
|
$(srcdir)/util/storage/dnstree.h $(srcdir)/services/view.h $(srcdir)/services/cache/rrset.h \
|
||||||
$(srcdir)/util/storage/slabhash.h $(srcdir)/services/cache/infra.h $(srcdir)/util/rtt.h \
|
$(srcdir)/util/storage/slabhash.h $(srcdir)/services/cache/infra.h $(srcdir)/util/rtt.h \
|
||||||
$(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \
|
$(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \
|
||||||
$(srcdir)/sldns/sbuffer.h
|
$(srcdir)/dnscrypt/cert.h $(srcdir)/sldns/sbuffer.h
|
||||||
libunbound.lo libunbound.o: $(srcdir)/libunbound/libunbound.c $(srcdir)/libunbound/unbound.h \
|
libunbound.lo libunbound.o: $(srcdir)/libunbound/libunbound.c $(srcdir)/libunbound/unbound.h \
|
||||||
$(srcdir)/libunbound/unbound-event.h config.h $(srcdir)/libunbound/context.h $(srcdir)/util/locks.h \
|
$(srcdir)/libunbound/unbound-event.h config.h $(srcdir)/libunbound/context.h $(srcdir)/util/locks.h \
|
||||||
$(srcdir)/util/log.h $(srcdir)/util/alloc.h $(srcdir)/util/rbtree.h $(srcdir)/services/modstack.h \
|
$(srcdir)/util/log.h $(srcdir)/util/alloc.h $(srcdir)/util/rbtree.h $(srcdir)/services/modstack.h \
|
||||||
@ -1261,22 +1335,22 @@ libunbound.lo libunbound.o: $(srcdir)/libunbound/libunbound.c $(srcdir)/libunbou
|
|||||||
$(srcdir)/util/random.h $(srcdir)/util/net_help.h $(srcdir)/util/tube.h $(srcdir)/util/ub_event.h \
|
$(srcdir)/util/random.h $(srcdir)/util/net_help.h $(srcdir)/util/tube.h $(srcdir)/util/ub_event.h \
|
||||||
$(srcdir)/services/localzone.h $(srcdir)/util/storage/dnstree.h $(srcdir)/services/view.h \
|
$(srcdir)/services/localzone.h $(srcdir)/util/storage/dnstree.h $(srcdir)/services/view.h \
|
||||||
$(srcdir)/services/cache/infra.h $(srcdir)/util/rtt.h $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \
|
$(srcdir)/services/cache/infra.h $(srcdir)/util/rtt.h $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \
|
||||||
$(srcdir)/services/cache/rrset.h \
|
$(srcdir)/dnscrypt/cert.h $(srcdir)/services/cache/rrset.h \
|
||||||
$(srcdir)/util/storage/slabhash.h $(srcdir)/sldns/sbuffer.h
|
$(srcdir)/util/storage/slabhash.h $(srcdir)/sldns/sbuffer.h
|
||||||
libworker.lo libworker.o: $(srcdir)/libunbound/libworker.c config.h $(srcdir)/libunbound/libworker.h \
|
libworker.lo libworker.o: $(srcdir)/libunbound/libworker.c config.h \
|
||||||
$(srcdir)/util/data/packed_rrset.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h \
|
$(srcdir)/libunbound/libworker.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/storage/lruhash.h \
|
||||||
$(srcdir)/libunbound/context.h $(srcdir)/util/alloc.h $(srcdir)/util/rbtree.h $(srcdir)/services/modstack.h \
|
$(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/libunbound/context.h $(srcdir)/util/alloc.h $(srcdir)/util/rbtree.h \
|
||||||
$(srcdir)/libunbound/unbound.h $(srcdir)/libunbound/worker.h $(srcdir)/sldns/sbuffer.h \
|
$(srcdir)/services/modstack.h $(srcdir)/libunbound/unbound.h $(srcdir)/libunbound/worker.h \
|
||||||
$(srcdir)/libunbound/unbound-event.h $(srcdir)/services/outside_network.h $(srcdir)/util/netevent.h \
|
$(srcdir)/sldns/sbuffer.h $(srcdir)/libunbound/unbound-event.h $(srcdir)/services/outside_network.h \
|
||||||
$(srcdir)/dnscrypt/dnscrypt.h \
|
$(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \
|
||||||
$(srcdir)/services/mesh.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h \
|
$(srcdir)/dnscrypt/cert.h $(srcdir)/services/mesh.h \
|
||||||
$(srcdir)/util/module.h $(srcdir)/util/data/msgreply.h $(srcdir)/services/localzone.h \
|
$(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/module.h \
|
||||||
$(srcdir)/util/storage/dnstree.h $(srcdir)/services/view.h $(srcdir)/services/cache/rrset.h \
|
$(srcdir)/util/data/msgreply.h $(srcdir)/services/localzone.h $(srcdir)/util/storage/dnstree.h \
|
||||||
$(srcdir)/util/storage/slabhash.h $(srcdir)/services/outbound_list.h $(srcdir)/util/fptr_wlist.h \
|
$(srcdir)/services/view.h $(srcdir)/services/cache/rrset.h $(srcdir)/util/storage/slabhash.h \
|
||||||
$(srcdir)/util/tube.h $(srcdir)/util/regional.h $(srcdir)/util/random.h $(srcdir)/util/config_file.h \
|
$(srcdir)/services/outbound_list.h $(srcdir)/util/fptr_wlist.h $(srcdir)/util/tube.h $(srcdir)/util/regional.h \
|
||||||
$(srcdir)/util/storage/lookup3.h $(srcdir)/util/net_help.h $(srcdir)/util/data/dname.h \
|
$(srcdir)/util/random.h $(srcdir)/util/config_file.h $(srcdir)/util/storage/lookup3.h $(srcdir)/util/net_help.h \
|
||||||
$(srcdir)/util/data/msgencode.h $(srcdir)/iterator/iter_fwd.h $(srcdir)/iterator/iter_hints.h \
|
$(srcdir)/util/data/dname.h $(srcdir)/util/data/msgencode.h $(srcdir)/iterator/iter_fwd.h \
|
||||||
$(srcdir)/sldns/str2wire.h
|
$(srcdir)/iterator/iter_hints.h $(srcdir)/sldns/str2wire.h
|
||||||
unbound-host.lo unbound-host.o: $(srcdir)/smallapp/unbound-host.c config.h $(srcdir)/libunbound/unbound.h \
|
unbound-host.lo unbound-host.o: $(srcdir)/smallapp/unbound-host.c config.h $(srcdir)/libunbound/unbound.h \
|
||||||
$(srcdir)/sldns/rrdef.h $(srcdir)/sldns/wire2str.h
|
$(srcdir)/sldns/rrdef.h $(srcdir)/sldns/wire2str.h
|
||||||
asynclook.lo asynclook.o: $(srcdir)/testcode/asynclook.c config.h $(srcdir)/libunbound/unbound.h \
|
asynclook.lo asynclook.o: $(srcdir)/testcode/asynclook.c config.h $(srcdir)/libunbound/unbound.h \
|
||||||
@ -1287,34 +1361,40 @@ streamtcp.lo streamtcp.o: $(srcdir)/testcode/streamtcp.c config.h $(srcdir)/util
|
|||||||
$(srcdir)/util/net_help.h $(srcdir)/util/data/msgencode.h $(srcdir)/util/data/msgparse.h \
|
$(srcdir)/util/net_help.h $(srcdir)/util/data/msgencode.h $(srcdir)/util/data/msgparse.h \
|
||||||
$(srcdir)/util/storage/lruhash.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/data/msgreply.h \
|
$(srcdir)/util/storage/lruhash.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/data/msgreply.h \
|
||||||
$(srcdir)/util/data/packed_rrset.h $(srcdir)/util/data/dname.h $(srcdir)/sldns/sbuffer.h \
|
$(srcdir)/util/data/packed_rrset.h $(srcdir)/util/data/dname.h $(srcdir)/sldns/sbuffer.h \
|
||||||
$(srcdir)/sldns/str2wire.h $(srcdir)/sldns/wire2str.h
|
$(srcdir)/sldns/str2wire.h $(srcdir)/sldns/wire2str.h \
|
||||||
|
|
||||||
perf.lo perf.o: $(srcdir)/testcode/perf.c config.h $(srcdir)/util/log.h $(srcdir)/util/locks.h $(srcdir)/util/net_help.h \
|
perf.lo perf.o: $(srcdir)/testcode/perf.c config.h $(srcdir)/util/log.h $(srcdir)/util/locks.h $(srcdir)/util/net_help.h \
|
||||||
$(srcdir)/util/data/msgencode.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/storage/lruhash.h \
|
$(srcdir)/util/data/msgencode.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/storage/lruhash.h \
|
||||||
$(srcdir)/util/data/packed_rrset.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h \
|
$(srcdir)/util/data/packed_rrset.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h \
|
||||||
$(srcdir)/sldns/rrdef.h $(srcdir)/sldns/sbuffer.h $(srcdir)/sldns/wire2str.h $(srcdir)/sldns/str2wire.h
|
$(srcdir)/sldns/rrdef.h $(srcdir)/sldns/sbuffer.h $(srcdir)/sldns/wire2str.h $(srcdir)/sldns/str2wire.h
|
||||||
delayer.lo delayer.o: $(srcdir)/testcode/delayer.c config.h $(srcdir)/util/net_help.h $(srcdir)/util/log.h \
|
delayer.lo delayer.o: $(srcdir)/testcode/delayer.c config.h $(srcdir)/util/net_help.h $(srcdir)/util/log.h \
|
||||||
$(srcdir)/util/config_file.h $(srcdir)/sldns/sbuffer.h
|
$(srcdir)/util/config_file.h $(srcdir)/sldns/sbuffer.h
|
||||||
unbound-control.lo unbound-control.o: $(srcdir)/smallapp/unbound-control.c config.h $(srcdir)/util/log.h \
|
unbound-control.lo unbound-control.o: $(srcdir)/smallapp/unbound-control.c config.h \
|
||||||
$(srcdir)/util/config_file.h $(srcdir)/util/locks.h $(srcdir)/util/net_help.h $(srcdir)/util/shm_side/shm_main.h \
|
$(srcdir)/util/log.h $(srcdir)/util/config_file.h $(srcdir)/util/locks.h $(srcdir)/util/net_help.h \
|
||||||
$(srcdir)/daemon/stats.h $(srcdir)/util/timehist.h $(srcdir)/sldns/wire2str.h $(srcdir)/sldns/pkthdr.h
|
$(srcdir)/util/shm_side/shm_main.h $(srcdir)/libunbound/unbound.h $(srcdir)/daemon/stats.h \
|
||||||
|
$(srcdir)/util/timehist.h $(srcdir)/sldns/wire2str.h $(srcdir)/sldns/pkthdr.h
|
||||||
unbound-anchor.lo unbound-anchor.o: $(srcdir)/smallapp/unbound-anchor.c config.h $(srcdir)/libunbound/unbound.h \
|
unbound-anchor.lo unbound-anchor.o: $(srcdir)/smallapp/unbound-anchor.c config.h $(srcdir)/libunbound/unbound.h \
|
||||||
$(srcdir)/sldns/rrdef.h $(srcdir)/sldns/parseutil.h
|
$(srcdir)/sldns/rrdef.h $(srcdir)/sldns/parseutil.h \
|
||||||
petal.lo petal.o: $(srcdir)/testcode/petal.c config.h
|
|
||||||
|
petal.lo petal.o: $(srcdir)/testcode/petal.c config.h \
|
||||||
|
|
||||||
pythonmod_utils.lo pythonmod_utils.o: $(srcdir)/pythonmod/pythonmod_utils.c config.h $(srcdir)/util/module.h \
|
pythonmod_utils.lo pythonmod_utils.o: $(srcdir)/pythonmod/pythonmod_utils.c config.h $(srcdir)/util/module.h \
|
||||||
$(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/util/data/msgreply.h \
|
$(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/util/data/msgreply.h \
|
||||||
$(srcdir)/util/data/packed_rrset.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h \
|
$(srcdir)/util/data/packed_rrset.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h \
|
||||||
$(srcdir)/sldns/rrdef.h $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \
|
$(srcdir)/sldns/rrdef.h $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \
|
||||||
$(srcdir)/util/net_help.h $(srcdir)/services/cache/dns.h \
|
$(srcdir)/dnscrypt/cert.h $(srcdir)/util/net_help.h \
|
||||||
$(srcdir)/services/cache/rrset.h $(srcdir)/util/storage/slabhash.h $(srcdir)/util/regional.h \
|
$(srcdir)/services/cache/dns.h $(srcdir)/services/cache/rrset.h $(srcdir)/util/storage/slabhash.h \
|
||||||
$(srcdir)/iterator/iter_delegpt.h $(srcdir)/sldns/sbuffer.h
|
$(srcdir)/util/regional.h $(srcdir)/iterator/iter_delegpt.h $(srcdir)/sldns/sbuffer.h \
|
||||||
|
|
||||||
win_svc.lo win_svc.o: $(srcdir)/winrc/win_svc.c config.h $(srcdir)/winrc/win_svc.h $(srcdir)/winrc/w_inst.h \
|
win_svc.lo win_svc.o: $(srcdir)/winrc/win_svc.c config.h $(srcdir)/winrc/win_svc.h $(srcdir)/winrc/w_inst.h \
|
||||||
$(srcdir)/daemon/daemon.h $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/util/alloc.h $(srcdir)/services/modstack.h \
|
$(srcdir)/daemon/daemon.h $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/util/alloc.h $(srcdir)/services/modstack.h \
|
||||||
$(srcdir)/daemon/worker.h \
|
$(srcdir)/daemon/worker.h \
|
||||||
$(srcdir)/libunbound/worker.h $(srcdir)/sldns/sbuffer.h $(srcdir)/util/data/packed_rrset.h \
|
$(srcdir)/libunbound/worker.h $(srcdir)/sldns/sbuffer.h $(srcdir)/util/data/packed_rrset.h \
|
||||||
$(srcdir)/util/storage/lruhash.h $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \
|
$(srcdir)/util/storage/lruhash.h $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \
|
||||||
$(srcdir)/util/data/msgreply.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h \
|
$(srcdir)/dnscrypt/cert.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h \
|
||||||
$(srcdir)/daemon/stats.h $(srcdir)/util/timehist.h $(srcdir)/util/module.h $(srcdir)/dnstap/dnstap.h \
|
$(srcdir)/sldns/rrdef.h $(srcdir)/daemon/stats.h $(srcdir)/util/timehist.h $(srcdir)/libunbound/unbound.h \
|
||||||
$(srcdir)/daemon/remote.h $(srcdir)/util/config_file.h $(srcdir)/util/ub_event.h
|
$(srcdir)/util/module.h $(srcdir)/dnstap/dnstap.h $(srcdir)/daemon/remote.h \
|
||||||
|
$(srcdir)/util/config_file.h $(srcdir)/util/ub_event.h
|
||||||
w_inst.lo w_inst.o: $(srcdir)/winrc/w_inst.c config.h $(srcdir)/winrc/w_inst.h $(srcdir)/winrc/win_svc.h
|
w_inst.lo w_inst.o: $(srcdir)/winrc/w_inst.c config.h $(srcdir)/winrc/w_inst.h $(srcdir)/winrc/win_svc.h
|
||||||
unbound-service-install.lo unbound-service-install.o: $(srcdir)/winrc/unbound-service-install.c config.h \
|
unbound-service-install.lo unbound-service-install.o: $(srcdir)/winrc/unbound-service-install.c config.h \
|
||||||
$(srcdir)/winrc/w_inst.h
|
$(srcdir)/winrc/w_inst.h
|
||||||
@ -1322,11 +1402,14 @@ unbound-service-remove.lo unbound-service-remove.o: $(srcdir)/winrc/unbound-serv
|
|||||||
$(srcdir)/winrc/w_inst.h
|
$(srcdir)/winrc/w_inst.h
|
||||||
anchor-update.lo anchor-update.o: $(srcdir)/winrc/anchor-update.c config.h $(srcdir)/libunbound/unbound.h \
|
anchor-update.lo anchor-update.o: $(srcdir)/winrc/anchor-update.c config.h $(srcdir)/libunbound/unbound.h \
|
||||||
$(srcdir)/sldns/rrdef.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/wire2str.h
|
$(srcdir)/sldns/rrdef.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/wire2str.h
|
||||||
keyraw.lo keyraw.o: $(srcdir)/sldns/keyraw.c config.h $(srcdir)/sldns/keyraw.h $(srcdir)/sldns/rrdef.h
|
keyraw.lo keyraw.o: $(srcdir)/sldns/keyraw.c config.h $(srcdir)/sldns/keyraw.h \
|
||||||
|
$(srcdir)/sldns/rrdef.h \
|
||||||
|
|
||||||
sbuffer.lo sbuffer.o: $(srcdir)/sldns/sbuffer.c config.h $(srcdir)/sldns/sbuffer.h
|
sbuffer.lo sbuffer.o: $(srcdir)/sldns/sbuffer.c config.h $(srcdir)/sldns/sbuffer.h
|
||||||
wire2str.lo wire2str.o: $(srcdir)/sldns/wire2str.c config.h $(srcdir)/sldns/wire2str.h $(srcdir)/sldns/str2wire.h \
|
wire2str.lo wire2str.o: $(srcdir)/sldns/wire2str.c config.h $(srcdir)/sldns/wire2str.h $(srcdir)/sldns/str2wire.h \
|
||||||
$(srcdir)/sldns/rrdef.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/parseutil.h $(srcdir)/sldns/sbuffer.h \
|
$(srcdir)/sldns/rrdef.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/parseutil.h $(srcdir)/sldns/sbuffer.h \
|
||||||
$(srcdir)/sldns/keyraw.h
|
$(srcdir)/sldns/keyraw.h \
|
||||||
|
|
||||||
parse.lo parse.o: $(srcdir)/sldns/parse.c config.h $(srcdir)/sldns/parse.h $(srcdir)/sldns/parseutil.h \
|
parse.lo parse.o: $(srcdir)/sldns/parse.c config.h $(srcdir)/sldns/parse.h $(srcdir)/sldns/parseutil.h \
|
||||||
$(srcdir)/sldns/sbuffer.h
|
$(srcdir)/sldns/sbuffer.h
|
||||||
parseutil.lo parseutil.o: $(srcdir)/sldns/parseutil.c config.h $(srcdir)/sldns/parseutil.h
|
parseutil.lo parseutil.o: $(srcdir)/sldns/parseutil.c config.h $(srcdir)/sldns/parseutil.h
|
||||||
@ -1346,9 +1429,11 @@ snprintf.lo snprintf.o: $(srcdir)/compat/snprintf.c config.h
|
|||||||
strlcat.lo strlcat.o: $(srcdir)/compat/strlcat.c config.h
|
strlcat.lo strlcat.o: $(srcdir)/compat/strlcat.c config.h
|
||||||
strlcpy.lo strlcpy.o: $(srcdir)/compat/strlcpy.c config.h
|
strlcpy.lo strlcpy.o: $(srcdir)/compat/strlcpy.c config.h
|
||||||
strptime.lo strptime.o: $(srcdir)/compat/strptime.c config.h
|
strptime.lo strptime.o: $(srcdir)/compat/strptime.c config.h
|
||||||
getentropy_linux.lo getentropy_linux.o: $(srcdir)/compat/getentropy_linux.c config.h
|
getentropy_linux.lo getentropy_linux.o: $(srcdir)/compat/getentropy_linux.c config.h \
|
||||||
|
|
||||||
getentropy_osx.lo getentropy_osx.o: $(srcdir)/compat/getentropy_osx.c config.h
|
getentropy_osx.lo getentropy_osx.o: $(srcdir)/compat/getentropy_osx.c config.h
|
||||||
getentropy_solaris.lo getentropy_solaris.o: $(srcdir)/compat/getentropy_solaris.c config.h
|
getentropy_solaris.lo getentropy_solaris.o: $(srcdir)/compat/getentropy_solaris.c config.h \
|
||||||
|
|
||||||
getentropy_win.lo getentropy_win.o: $(srcdir)/compat/getentropy_win.c
|
getentropy_win.lo getentropy_win.o: $(srcdir)/compat/getentropy_win.c
|
||||||
explicit_bzero.lo explicit_bzero.o: $(srcdir)/compat/explicit_bzero.c config.h
|
explicit_bzero.lo explicit_bzero.o: $(srcdir)/compat/explicit_bzero.c config.h
|
||||||
arc4random.lo arc4random.o: $(srcdir)/compat/arc4random.c config.h $(srcdir)/compat/chacha_private.h
|
arc4random.lo arc4random.o: $(srcdir)/compat/arc4random.c config.h $(srcdir)/compat/chacha_private.h
|
||||||
|
@ -171,12 +171,13 @@ static int
|
|||||||
cachedb_apply_cfg(struct cachedb_env* cachedb_env, struct config_file* cfg)
|
cachedb_apply_cfg(struct cachedb_env* cachedb_env, struct config_file* cfg)
|
||||||
{
|
{
|
||||||
const char* backend_str = "testframe"; /* TODO get from cfg */
|
const char* backend_str = "testframe"; /* TODO get from cfg */
|
||||||
|
(void)cfg; /* need this until the TODO is implemented */
|
||||||
if(backend_str && backend_str[0]) {
|
if(backend_str && backend_str[0]) {
|
||||||
cachedb_env->backend = cachedb_find_backend(backend_str);
|
cachedb_env->backend = cachedb_find_backend(backend_str);
|
||||||
if(!cachedb_env->backend) {
|
if(!cachedb_env->backend) {
|
||||||
log_err("cachedb: cannot find backend name '%s",
|
log_err("cachedb: cannot find backend name '%s",
|
||||||
backend_str);
|
backend_str);
|
||||||
return NULL;
|
return 0;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
/* TODO see if more configuration needs to be applied or not */
|
/* TODO see if more configuration needs to be applied or not */
|
||||||
@ -374,6 +375,36 @@ good_expiry_and_qinfo(struct module_qstate* qstate, struct sldns_buffer* buf)
|
|||||||
return 1;
|
return 1;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
static void
|
||||||
|
packed_rrset_ttl_subtract(struct packed_rrset_data* data, time_t subtract)
|
||||||
|
{
|
||||||
|
size_t i;
|
||||||
|
size_t total = data->count + data->rrsig_count;
|
||||||
|
if(data->ttl > subtract)
|
||||||
|
data->ttl -= subtract;
|
||||||
|
else data->ttl = 0;
|
||||||
|
for(i=0; i<total; i++) {
|
||||||
|
if(data->rr_ttl[i] > subtract)
|
||||||
|
data->rr_ttl[i] -= subtract;
|
||||||
|
else data->rr_ttl[i] = 0;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
static void
|
||||||
|
adjust_msg_ttl(struct dns_msg* msg, time_t adjust)
|
||||||
|
{
|
||||||
|
size_t i;
|
||||||
|
if(msg->rep->ttl > adjust)
|
||||||
|
msg->rep->ttl -= adjust;
|
||||||
|
else msg->rep->ttl = 0;
|
||||||
|
msg->rep->prefetch_ttl = PREFETCH_TTL_CALC(msg->rep->ttl);
|
||||||
|
|
||||||
|
for(i=0; i<msg->rep->rrset_count; i++) {
|
||||||
|
packed_rrset_ttl_subtract((struct packed_rrset_data*)msg->
|
||||||
|
rep->rrsets[i]->entry.data, adjust);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
/** convert dns message in buffer to return_msg */
|
/** convert dns message in buffer to return_msg */
|
||||||
static int
|
static int
|
||||||
parse_data(struct module_qstate* qstate, struct sldns_buffer* buf)
|
parse_data(struct module_qstate* qstate, struct sldns_buffer* buf)
|
||||||
@ -420,24 +451,18 @@ parse_data(struct module_qstate* qstate, struct sldns_buffer* buf)
|
|||||||
qstate->return_rcode = LDNS_RCODE_NOERROR;
|
qstate->return_rcode = LDNS_RCODE_NOERROR;
|
||||||
|
|
||||||
/* see how much of the TTL expired, and remove it */
|
/* see how much of the TTL expired, and remove it */
|
||||||
|
if(*qstate->env->now <= (time_t)timestamp) {
|
||||||
|
verbose(VERB_ALGO, "cachedb msg adjust by zero");
|
||||||
|
return 1; /* message from the future (clock skew?) */
|
||||||
|
}
|
||||||
adjust = *qstate->env->now - (time_t)timestamp;
|
adjust = *qstate->env->now - (time_t)timestamp;
|
||||||
|
if(qstate->return_msg->rep->ttl < adjust) {
|
||||||
|
verbose(VERB_ALGO, "cachedb msg expired");
|
||||||
|
return 0; /* message expired */
|
||||||
|
}
|
||||||
verbose(VERB_ALGO, "cachedb msg adjusted down by %d", (int)adjust);
|
verbose(VERB_ALGO, "cachedb msg adjusted down by %d", (int)adjust);
|
||||||
/*adjust_msg(qstate->return_msg, adjust);*/
|
adjust_msg_ttl(qstate->return_msg, adjust);
|
||||||
/* TODO:
|
return 1;
|
||||||
msg->rep->ttl = r->ttl - adjust;
|
|
||||||
msg->rep->prefetch_ttl = PREFETCH_TTL_CALC(msg->rep->ttl);
|
|
||||||
for(i=0; i<d->count + d->rrsig_count; i++) {
|
|
||||||
if(d->rr_ttl[i] < adjust)
|
|
||||||
d->rr_ttl[i] = 0;
|
|
||||||
else d->rr_ttl[i] -= adjust;
|
|
||||||
}
|
|
||||||
if(d->ttl < adjust)
|
|
||||||
d->ttl = 0;
|
|
||||||
else d->ttl -= adjust;
|
|
||||||
*/
|
|
||||||
/* TODO */
|
|
||||||
|
|
||||||
return 0;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
16
config.h.in
16
config.h.in
@ -79,6 +79,10 @@
|
|||||||
don't. */
|
don't. */
|
||||||
#undef HAVE_DECL_INET_PTON
|
#undef HAVE_DECL_INET_PTON
|
||||||
|
|
||||||
|
/* Define to 1 if you have the declaration of `NID_ED25519', and to 0 if you
|
||||||
|
don't. */
|
||||||
|
#undef HAVE_DECL_NID_ED25519
|
||||||
|
|
||||||
/* Define to 1 if you have the declaration of `NID_secp384r1', and to 0 if you
|
/* Define to 1 if you have the declaration of `NID_secp384r1', and to 0 if you
|
||||||
don't. */
|
don't. */
|
||||||
#undef HAVE_DECL_NID_SECP384R1
|
#undef HAVE_DECL_NID_SECP384R1
|
||||||
@ -157,6 +161,9 @@
|
|||||||
/* Define to 1 if you have the `EVP_cleanup' function. */
|
/* Define to 1 if you have the `EVP_cleanup' function. */
|
||||||
#undef HAVE_EVP_CLEANUP
|
#undef HAVE_EVP_CLEANUP
|
||||||
|
|
||||||
|
/* Define to 1 if you have the `EVP_DigestVerify' function. */
|
||||||
|
#undef HAVE_EVP_DIGESTVERIFY
|
||||||
|
|
||||||
/* Define to 1 if you have the `EVP_dss1' function. */
|
/* Define to 1 if you have the `EVP_dss1' function. */
|
||||||
#undef HAVE_EVP_DSS1
|
#undef HAVE_EVP_DSS1
|
||||||
|
|
||||||
@ -666,6 +673,9 @@
|
|||||||
/* Define to 1 to enable dnscrypt support */
|
/* Define to 1 to enable dnscrypt support */
|
||||||
#undef USE_DNSCRYPT
|
#undef USE_DNSCRYPT
|
||||||
|
|
||||||
|
/* Define to 1 to enable dnscrypt with xchacha20 support */
|
||||||
|
#undef USE_DNSCRYPT_XCHACHA20
|
||||||
|
|
||||||
/* Define to 1 to enable dnstap support */
|
/* Define to 1 to enable dnstap support */
|
||||||
#undef USE_DNSTAP
|
#undef USE_DNSTAP
|
||||||
|
|
||||||
@ -678,9 +688,15 @@
|
|||||||
/* Define this to enable an EVP workaround for older openssl */
|
/* Define this to enable an EVP workaround for older openssl */
|
||||||
#undef USE_ECDSA_EVP_WORKAROUND
|
#undef USE_ECDSA_EVP_WORKAROUND
|
||||||
|
|
||||||
|
/* Define this to enable ED25519 support. */
|
||||||
|
#undef USE_ED25519
|
||||||
|
|
||||||
/* Define this to enable GOST support. */
|
/* Define this to enable GOST support. */
|
||||||
#undef USE_GOST
|
#undef USE_GOST
|
||||||
|
|
||||||
|
/* Define to 1 to use ipsecmod support. */
|
||||||
|
#undef USE_IPSECMOD
|
||||||
|
|
||||||
/* Define if you want to use internal select based events */
|
/* Define if you want to use internal select based events */
|
||||||
#undef USE_MINI_EVENT
|
#undef USE_MINI_EVENT
|
||||||
|
|
||||||
|
180
configure
vendored
180
configure
vendored
@ -1,6 +1,6 @@
|
|||||||
#! /bin/sh
|
#! /bin/sh
|
||||||
# Guess values for system-dependent variables and create Makefiles.
|
# Guess values for system-dependent variables and create Makefiles.
|
||||||
# Generated by GNU Autoconf 2.69 for unbound 1.6.3.
|
# Generated by GNU Autoconf 2.69 for unbound 1.6.4.
|
||||||
#
|
#
|
||||||
# Report bugs to <unbound-bugs@nlnetlabs.nl>.
|
# Report bugs to <unbound-bugs@nlnetlabs.nl>.
|
||||||
#
|
#
|
||||||
@ -590,8 +590,8 @@ MAKEFLAGS=
|
|||||||
# Identity of this package.
|
# Identity of this package.
|
||||||
PACKAGE_NAME='unbound'
|
PACKAGE_NAME='unbound'
|
||||||
PACKAGE_TARNAME='unbound'
|
PACKAGE_TARNAME='unbound'
|
||||||
PACKAGE_VERSION='1.6.3'
|
PACKAGE_VERSION='1.6.4'
|
||||||
PACKAGE_STRING='unbound 1.6.3'
|
PACKAGE_STRING='unbound 1.6.4'
|
||||||
PACKAGE_BUGREPORT='unbound-bugs@nlnetlabs.nl'
|
PACKAGE_BUGREPORT='unbound-bugs@nlnetlabs.nl'
|
||||||
PACKAGE_URL=''
|
PACKAGE_URL=''
|
||||||
|
|
||||||
@ -638,9 +638,12 @@ INSTALLTARGET
|
|||||||
ALLTARGET
|
ALLTARGET
|
||||||
SOURCEFILE
|
SOURCEFILE
|
||||||
SOURCEDETERMINE
|
SOURCEDETERMINE
|
||||||
|
IPSECMOD_HEADER
|
||||||
|
IPSECMOD_OBJ
|
||||||
DNSCRYPT_OBJ
|
DNSCRYPT_OBJ
|
||||||
DNSCRYPT_SRC
|
DNSCRYPT_SRC
|
||||||
ENABLE_DNSCRYPT
|
ENABLE_DNSCRYPT
|
||||||
|
ENABLE_DNSCRYPT_XCHACHA20
|
||||||
DNSTAP_OBJ
|
DNSTAP_OBJ
|
||||||
DNSTAP_SRC
|
DNSTAP_SRC
|
||||||
opt_dnstap_socket_path
|
opt_dnstap_socket_path
|
||||||
@ -755,6 +758,9 @@ UNBOUND_CHROOT_DIR
|
|||||||
UNBOUND_RUN_DIR
|
UNBOUND_RUN_DIR
|
||||||
ub_conf_dir
|
ub_conf_dir
|
||||||
ub_conf_file
|
ub_conf_file
|
||||||
|
UNBOUND_LOCALSTATE_DIR
|
||||||
|
UNBOUND_SYSCONF_DIR
|
||||||
|
UNBOUND_SBIN_DIR
|
||||||
EGREP
|
EGREP
|
||||||
GREP
|
GREP
|
||||||
CPP
|
CPP
|
||||||
@ -851,6 +857,7 @@ enable_subnet
|
|||||||
enable_gost
|
enable_gost
|
||||||
enable_ecdsa
|
enable_ecdsa
|
||||||
enable_dsa
|
enable_dsa
|
||||||
|
enable_ed25519
|
||||||
enable_event_api
|
enable_event_api
|
||||||
enable_tfo_client
|
enable_tfo_client
|
||||||
enable_tfo_server
|
enable_tfo_server
|
||||||
@ -867,6 +874,7 @@ with_libfstrm
|
|||||||
enable_dnscrypt
|
enable_dnscrypt
|
||||||
with_libsodium
|
with_libsodium
|
||||||
enable_cachedb
|
enable_cachedb
|
||||||
|
enable_ipsecmod
|
||||||
with_libunbound_only
|
with_libunbound_only
|
||||||
'
|
'
|
||||||
ac_precious_vars='build_alias
|
ac_precious_vars='build_alias
|
||||||
@ -1429,7 +1437,7 @@ if test "$ac_init_help" = "long"; then
|
|||||||
# Omit some internal or obsolete options to make the list less imposing.
|
# Omit some internal or obsolete options to make the list less imposing.
|
||||||
# This message is too long to be a string in the A/UX 3.1 sh.
|
# This message is too long to be a string in the A/UX 3.1 sh.
|
||||||
cat <<_ACEOF
|
cat <<_ACEOF
|
||||||
\`configure' configures unbound 1.6.3 to adapt to many kinds of systems.
|
\`configure' configures unbound 1.6.4 to adapt to many kinds of systems.
|
||||||
|
|
||||||
Usage: $0 [OPTION]... [VAR=VALUE]...
|
Usage: $0 [OPTION]... [VAR=VALUE]...
|
||||||
|
|
||||||
@ -1494,7 +1502,7 @@ fi
|
|||||||
|
|
||||||
if test -n "$ac_init_help"; then
|
if test -n "$ac_init_help"; then
|
||||||
case $ac_init_help in
|
case $ac_init_help in
|
||||||
short | recursive ) echo "Configuration of unbound 1.6.3:";;
|
short | recursive ) echo "Configuration of unbound 1.6.4:";;
|
||||||
esac
|
esac
|
||||||
cat <<\_ACEOF
|
cat <<\_ACEOF
|
||||||
|
|
||||||
@ -1531,6 +1539,7 @@ Optional Features:
|
|||||||
--disable-gost Disable GOST support
|
--disable-gost Disable GOST support
|
||||||
--disable-ecdsa Disable ECDSA support
|
--disable-ecdsa Disable ECDSA support
|
||||||
--disable-dsa Disable DSA support
|
--disable-dsa Disable DSA support
|
||||||
|
--disable-ed25519 Disable ED25519 support
|
||||||
--enable-event-api Enable (experimental) pluggable event base
|
--enable-event-api Enable (experimental) pluggable event base
|
||||||
libunbound API installed to unbound-event.h
|
libunbound API installed to unbound-event.h
|
||||||
--enable-tfo-client Enable TCP Fast Open for client mode
|
--enable-tfo-client Enable TCP Fast Open for client mode
|
||||||
@ -1547,6 +1556,8 @@ Optional Features:
|
|||||||
--enable-dnscrypt Enable dnscrypt support (requires libsodium)
|
--enable-dnscrypt Enable dnscrypt support (requires libsodium)
|
||||||
--enable-cachedb enable cachedb module that can use external cache
|
--enable-cachedb enable cachedb module that can use external cache
|
||||||
storage
|
storage
|
||||||
|
--enable-ipsecmod Enable ipsecmod module that facilitates
|
||||||
|
opportunistic IPsec
|
||||||
|
|
||||||
Optional Packages:
|
Optional Packages:
|
||||||
--with-PACKAGE[=ARG] use PACKAGE [ARG=yes]
|
--with-PACKAGE[=ARG] use PACKAGE [ARG=yes]
|
||||||
@ -1703,7 +1714,7 @@ fi
|
|||||||
test -n "$ac_init_help" && exit $ac_status
|
test -n "$ac_init_help" && exit $ac_status
|
||||||
if $ac_init_version; then
|
if $ac_init_version; then
|
||||||
cat <<\_ACEOF
|
cat <<\_ACEOF
|
||||||
unbound configure 1.6.3
|
unbound configure 1.6.4
|
||||||
generated by GNU Autoconf 2.69
|
generated by GNU Autoconf 2.69
|
||||||
|
|
||||||
Copyright (C) 2012 Free Software Foundation, Inc.
|
Copyright (C) 2012 Free Software Foundation, Inc.
|
||||||
@ -2412,7 +2423,7 @@ cat >config.log <<_ACEOF
|
|||||||
This file contains any messages produced by compilers while
|
This file contains any messages produced by compilers while
|
||||||
running configure, to aid debugging if configure makes a mistake.
|
running configure, to aid debugging if configure makes a mistake.
|
||||||
|
|
||||||
It was created by unbound $as_me 1.6.3, which was
|
It was created by unbound $as_me 1.6.4, which was
|
||||||
generated by GNU Autoconf 2.69. Invocation command line was
|
generated by GNU Autoconf 2.69. Invocation command line was
|
||||||
|
|
||||||
$ $0 $@
|
$ $0 $@
|
||||||
@ -2764,11 +2775,11 @@ UNBOUND_VERSION_MAJOR=1
|
|||||||
|
|
||||||
UNBOUND_VERSION_MINOR=6
|
UNBOUND_VERSION_MINOR=6
|
||||||
|
|
||||||
UNBOUND_VERSION_MICRO=3
|
UNBOUND_VERSION_MICRO=4
|
||||||
|
|
||||||
|
|
||||||
LIBUNBOUND_CURRENT=7
|
LIBUNBOUND_CURRENT=7
|
||||||
LIBUNBOUND_REVISION=2
|
LIBUNBOUND_REVISION=3
|
||||||
LIBUNBOUND_AGE=5
|
LIBUNBOUND_AGE=5
|
||||||
# 1.0.0 had 0:12:0
|
# 1.0.0 had 0:12:0
|
||||||
# 1.0.1 had 0:13:0
|
# 1.0.1 had 0:13:0
|
||||||
@ -2822,6 +2833,7 @@ LIBUNBOUND_AGE=5
|
|||||||
# 1.6.1 had 7:0:5 # ub_callback_t typedef renamed to ub_callback_type
|
# 1.6.1 had 7:0:5 # ub_callback_t typedef renamed to ub_callback_type
|
||||||
# 1.6.2 had 7:1:5
|
# 1.6.2 had 7:1:5
|
||||||
# 1.6.3 had 7:2:5
|
# 1.6.3 had 7:2:5
|
||||||
|
# 1.6.4 had 7:3:5
|
||||||
|
|
||||||
# Current -- the number of the binary API that we're implementing
|
# Current -- the number of the binary API that we're implementing
|
||||||
# Revision -- which iteration of the implementation of the binary
|
# Revision -- which iteration of the implementation of the binary
|
||||||
@ -4106,6 +4118,11 @@ case "$prefix" in
|
|||||||
prefix="/usr/local"
|
prefix="/usr/local"
|
||||||
;;
|
;;
|
||||||
esac
|
esac
|
||||||
|
case "$exec_prefix" in
|
||||||
|
NONE)
|
||||||
|
exec_prefix="$prefix"
|
||||||
|
;;
|
||||||
|
esac
|
||||||
|
|
||||||
# are we on MinGW?
|
# are we on MinGW?
|
||||||
if uname -s 2>&1 | grep MINGW32 >/dev/null; then on_mingw="yes"
|
if uname -s 2>&1 | grep MINGW32 >/dev/null; then on_mingw="yes"
|
||||||
@ -4117,6 +4134,12 @@ fi
|
|||||||
#
|
#
|
||||||
# Determine configuration file
|
# Determine configuration file
|
||||||
# the eval is to evaluate shell expansion twice
|
# the eval is to evaluate shell expansion twice
|
||||||
|
UNBOUND_SBIN_DIR=`eval echo "${sbindir}"`
|
||||||
|
|
||||||
|
UNBOUND_SYSCONF_DIR=`eval echo "${sysconfdir}"`
|
||||||
|
|
||||||
|
UNBOUND_LOCALSTATE_DIR=`eval echo "${localstatedir}"`
|
||||||
|
|
||||||
if test $on_mingw = "no"; then
|
if test $on_mingw = "no"; then
|
||||||
ub_conf_file=`eval echo "${sysconfdir}/unbound/unbound.conf"`
|
ub_conf_file=`eval echo "${sysconfdir}/unbound/unbound.conf"`
|
||||||
else
|
else
|
||||||
@ -17598,7 +17621,7 @@ fi
|
|||||||
|
|
||||||
done
|
done
|
||||||
|
|
||||||
for ac_func in OPENSSL_config EVP_sha1 EVP_sha256 EVP_sha512 FIPS_mode EVP_MD_CTX_new OpenSSL_add_all_digests OPENSSL_init_crypto EVP_cleanup ERR_load_crypto_strings CRYPTO_cleanup_all_ex_data ERR_free_strings RAND_cleanup DSA_SIG_set0 EVP_dss1
|
for ac_func in OPENSSL_config EVP_sha1 EVP_sha256 EVP_sha512 FIPS_mode EVP_MD_CTX_new OpenSSL_add_all_digests OPENSSL_init_crypto EVP_cleanup ERR_load_crypto_strings CRYPTO_cleanup_all_ex_data ERR_free_strings RAND_cleanup DSA_SIG_set0 EVP_dss1 EVP_DigestVerify
|
||||||
do :
|
do :
|
||||||
as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh`
|
as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh`
|
||||||
ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var"
|
ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var"
|
||||||
@ -18046,6 +18069,47 @@ fi
|
|||||||
;;
|
;;
|
||||||
esac
|
esac
|
||||||
|
|
||||||
|
# Check whether --enable-ed25519 was given.
|
||||||
|
if test "${enable_ed25519+set}" = set; then :
|
||||||
|
enableval=$enable_ed25519;
|
||||||
|
fi
|
||||||
|
|
||||||
|
use_ed25519="no"
|
||||||
|
case "$enable_ed25519" in
|
||||||
|
no)
|
||||||
|
;;
|
||||||
|
*)
|
||||||
|
if test $USE_NSS = "no" -a $USE_NETTLE = "no"; then
|
||||||
|
ac_fn_c_check_decl "$LINENO" "NID_ED25519" "ac_cv_have_decl_NID_ED25519" "$ac_includes_default
|
||||||
|
#include <openssl/evp.h>
|
||||||
|
|
||||||
|
"
|
||||||
|
if test "x$ac_cv_have_decl_NID_ED25519" = xyes; then :
|
||||||
|
ac_have_decl=1
|
||||||
|
else
|
||||||
|
ac_have_decl=0
|
||||||
|
fi
|
||||||
|
|
||||||
|
cat >>confdefs.h <<_ACEOF
|
||||||
|
#define HAVE_DECL_NID_ED25519 $ac_have_decl
|
||||||
|
_ACEOF
|
||||||
|
if test $ac_have_decl = 1; then :
|
||||||
|
|
||||||
|
|
||||||
|
cat >>confdefs.h <<_ACEOF
|
||||||
|
#define USE_ED25519 1
|
||||||
|
_ACEOF
|
||||||
|
|
||||||
|
use_ed25519="yes"
|
||||||
|
|
||||||
|
else
|
||||||
|
if test "x$enable_ed25519" = "xyes"; then as_fn_error $? "OpenSSL does not support ED25519 and you used --enable-ed25519." "$LINENO" 5
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
|
||||||
|
fi
|
||||||
|
;;
|
||||||
|
esac
|
||||||
|
|
||||||
# Check whether --enable-event-api was given.
|
# Check whether --enable-event-api was given.
|
||||||
if test "${enable_event_api+set}" = set; then :
|
if test "${enable_event_api+set}" = set; then :
|
||||||
@ -20309,6 +20373,73 @@ else
|
|||||||
as_fn_error $? "The sodium library was not found. Please install sodium!" "$LINENO" 5
|
as_fn_error $? "The sodium library was not found. Please install sodium!" "$LINENO" 5
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for library containing crypto_box_curve25519xchacha20poly1305_beforenm" >&5
|
||||||
|
$as_echo_n "checking for library containing crypto_box_curve25519xchacha20poly1305_beforenm... " >&6; }
|
||||||
|
if ${ac_cv_search_crypto_box_curve25519xchacha20poly1305_beforenm+:} false; then :
|
||||||
|
$as_echo_n "(cached) " >&6
|
||||||
|
else
|
||||||
|
ac_func_search_save_LIBS=$LIBS
|
||||||
|
cat confdefs.h - <<_ACEOF >conftest.$ac_ext
|
||||||
|
/* end confdefs.h. */
|
||||||
|
|
||||||
|
/* Override any GCC internal prototype to avoid an error.
|
||||||
|
Use char because int might match the return type of a GCC
|
||||||
|
builtin and then its argument prototype would still apply. */
|
||||||
|
#ifdef __cplusplus
|
||||||
|
extern "C"
|
||||||
|
#endif
|
||||||
|
char crypto_box_curve25519xchacha20poly1305_beforenm ();
|
||||||
|
int
|
||||||
|
main ()
|
||||||
|
{
|
||||||
|
return crypto_box_curve25519xchacha20poly1305_beforenm ();
|
||||||
|
;
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
_ACEOF
|
||||||
|
for ac_lib in '' sodium; do
|
||||||
|
if test -z "$ac_lib"; then
|
||||||
|
ac_res="none required"
|
||||||
|
else
|
||||||
|
ac_res=-l$ac_lib
|
||||||
|
LIBS="-l$ac_lib $ac_func_search_save_LIBS"
|
||||||
|
fi
|
||||||
|
if ac_fn_c_try_link "$LINENO"; then :
|
||||||
|
ac_cv_search_crypto_box_curve25519xchacha20poly1305_beforenm=$ac_res
|
||||||
|
fi
|
||||||
|
rm -f core conftest.err conftest.$ac_objext \
|
||||||
|
conftest$ac_exeext
|
||||||
|
if ${ac_cv_search_crypto_box_curve25519xchacha20poly1305_beforenm+:} false; then :
|
||||||
|
break
|
||||||
|
fi
|
||||||
|
done
|
||||||
|
if ${ac_cv_search_crypto_box_curve25519xchacha20poly1305_beforenm+:} false; then :
|
||||||
|
|
||||||
|
else
|
||||||
|
ac_cv_search_crypto_box_curve25519xchacha20poly1305_beforenm=no
|
||||||
|
fi
|
||||||
|
rm conftest.$ac_ext
|
||||||
|
LIBS=$ac_func_search_save_LIBS
|
||||||
|
fi
|
||||||
|
{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_crypto_box_curve25519xchacha20poly1305_beforenm" >&5
|
||||||
|
$as_echo "$ac_cv_search_crypto_box_curve25519xchacha20poly1305_beforenm" >&6; }
|
||||||
|
ac_res=$ac_cv_search_crypto_box_curve25519xchacha20poly1305_beforenm
|
||||||
|
if test "$ac_res" != no; then :
|
||||||
|
test "$ac_res" = "none required" || LIBS="$ac_res $LIBS"
|
||||||
|
|
||||||
|
ENABLE_DNSCRYPT_XCHACHA20=1
|
||||||
|
|
||||||
|
|
||||||
|
$as_echo "#define USE_DNSCRYPT_XCHACHA20 1" >>confdefs.h
|
||||||
|
|
||||||
|
|
||||||
|
else
|
||||||
|
|
||||||
|
ENABLE_DNSCRYPT_XCHACHA20=0
|
||||||
|
|
||||||
|
|
||||||
|
fi
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
$as_echo "#define USE_DNSCRYPT 1" >>confdefs.h
|
$as_echo "#define USE_DNSCRYPT 1" >>confdefs.h
|
||||||
@ -20322,6 +20453,8 @@ $as_echo "#define USE_DNSCRYPT 1" >>confdefs.h
|
|||||||
|
|
||||||
|
|
||||||
else
|
else
|
||||||
|
ENABLE_DNSCRYPT_XCHACHA20=0
|
||||||
|
|
||||||
|
|
||||||
ENABLE_DNSCRYPT=0
|
ENABLE_DNSCRYPT=0
|
||||||
|
|
||||||
@ -20347,6 +20480,27 @@ $as_echo "#define USE_CACHEDB 1" >>confdefs.h
|
|||||||
;;
|
;;
|
||||||
esac
|
esac
|
||||||
|
|
||||||
|
# check for ipsecmod if requested
|
||||||
|
# Check whether --enable-ipsecmod was given.
|
||||||
|
if test "${enable_ipsecmod+set}" = set; then :
|
||||||
|
enableval=$enable_ipsecmod;
|
||||||
|
fi
|
||||||
|
|
||||||
|
case "$enable_ipsecmod" in
|
||||||
|
yes)
|
||||||
|
|
||||||
|
$as_echo "#define USE_IPSECMOD 1" >>confdefs.h
|
||||||
|
|
||||||
|
IPSECMOD_OBJ="ipsecmod.lo ipsecmod-whitelist.lo"
|
||||||
|
|
||||||
|
IPSECMOD_HEADER='$(srcdir)/ipsecmod/ipsecmod.h $(srcdir)/ipsecmod/ipsecmod-whitelist.h'
|
||||||
|
|
||||||
|
;;
|
||||||
|
no|*)
|
||||||
|
# nothing
|
||||||
|
;;
|
||||||
|
esac
|
||||||
|
|
||||||
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking if ${MAKE:-make} supports $< with implicit rule in scope" >&5
|
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking if ${MAKE:-make} supports $< with implicit rule in scope" >&5
|
||||||
$as_echo_n "checking if ${MAKE:-make} supports $< with implicit rule in scope... " >&6; }
|
$as_echo_n "checking if ${MAKE:-make} supports $< with implicit rule in scope... " >&6; }
|
||||||
# on openBSD, the implicit rule make $< work.
|
# on openBSD, the implicit rule make $< work.
|
||||||
@ -20488,7 +20642,7 @@ _ACEOF
|
|||||||
|
|
||||||
|
|
||||||
|
|
||||||
version=1.6.3
|
version=1.6.4
|
||||||
|
|
||||||
date=`date +'%b %e, %Y'`
|
date=`date +'%b %e, %Y'`
|
||||||
|
|
||||||
@ -21007,7 +21161,7 @@ cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
|
|||||||
# report actual input values of CONFIG_FILES etc. instead of their
|
# report actual input values of CONFIG_FILES etc. instead of their
|
||||||
# values after options handling.
|
# values after options handling.
|
||||||
ac_log="
|
ac_log="
|
||||||
This file was extended by unbound $as_me 1.6.3, which was
|
This file was extended by unbound $as_me 1.6.4, which was
|
||||||
generated by GNU Autoconf 2.69. Invocation command line was
|
generated by GNU Autoconf 2.69. Invocation command line was
|
||||||
|
|
||||||
CONFIG_FILES = $CONFIG_FILES
|
CONFIG_FILES = $CONFIG_FILES
|
||||||
@ -21073,7 +21227,7 @@ _ACEOF
|
|||||||
cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
|
cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
|
||||||
ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`"
|
ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`"
|
||||||
ac_cs_version="\\
|
ac_cs_version="\\
|
||||||
unbound config.status 1.6.3
|
unbound config.status 1.6.4
|
||||||
configured by $0, generated by GNU Autoconf 2.69,
|
configured by $0, generated by GNU Autoconf 2.69,
|
||||||
with options \\"\$ac_cs_config\\"
|
with options \\"\$ac_cs_config\\"
|
||||||
|
|
||||||
|
50
configure.ac
50
configure.ac
@ -11,14 +11,14 @@ sinclude(dnscrypt/dnscrypt.m4)
|
|||||||
# must be numbers. ac_defun because of later processing
|
# must be numbers. ac_defun because of later processing
|
||||||
m4_define([VERSION_MAJOR],[1])
|
m4_define([VERSION_MAJOR],[1])
|
||||||
m4_define([VERSION_MINOR],[6])
|
m4_define([VERSION_MINOR],[6])
|
||||||
m4_define([VERSION_MICRO],[3])
|
m4_define([VERSION_MICRO],[4])
|
||||||
AC_INIT(unbound, m4_defn([VERSION_MAJOR]).m4_defn([VERSION_MINOR]).m4_defn([VERSION_MICRO]), unbound-bugs@nlnetlabs.nl, unbound)
|
AC_INIT(unbound, m4_defn([VERSION_MAJOR]).m4_defn([VERSION_MINOR]).m4_defn([VERSION_MICRO]), unbound-bugs@nlnetlabs.nl, unbound)
|
||||||
AC_SUBST(UNBOUND_VERSION_MAJOR, [VERSION_MAJOR])
|
AC_SUBST(UNBOUND_VERSION_MAJOR, [VERSION_MAJOR])
|
||||||
AC_SUBST(UNBOUND_VERSION_MINOR, [VERSION_MINOR])
|
AC_SUBST(UNBOUND_VERSION_MINOR, [VERSION_MINOR])
|
||||||
AC_SUBST(UNBOUND_VERSION_MICRO, [VERSION_MICRO])
|
AC_SUBST(UNBOUND_VERSION_MICRO, [VERSION_MICRO])
|
||||||
|
|
||||||
LIBUNBOUND_CURRENT=7
|
LIBUNBOUND_CURRENT=7
|
||||||
LIBUNBOUND_REVISION=2
|
LIBUNBOUND_REVISION=3
|
||||||
LIBUNBOUND_AGE=5
|
LIBUNBOUND_AGE=5
|
||||||
# 1.0.0 had 0:12:0
|
# 1.0.0 had 0:12:0
|
||||||
# 1.0.1 had 0:13:0
|
# 1.0.1 had 0:13:0
|
||||||
@ -72,6 +72,7 @@ LIBUNBOUND_AGE=5
|
|||||||
# 1.6.1 had 7:0:5 # ub_callback_t typedef renamed to ub_callback_type
|
# 1.6.1 had 7:0:5 # ub_callback_t typedef renamed to ub_callback_type
|
||||||
# 1.6.2 had 7:1:5
|
# 1.6.2 had 7:1:5
|
||||||
# 1.6.3 had 7:2:5
|
# 1.6.3 had 7:2:5
|
||||||
|
# 1.6.4 had 7:3:5
|
||||||
|
|
||||||
# Current -- the number of the binary API that we're implementing
|
# Current -- the number of the binary API that we're implementing
|
||||||
# Revision -- which iteration of the implementation of the binary
|
# Revision -- which iteration of the implementation of the binary
|
||||||
@ -109,6 +110,11 @@ case "$prefix" in
|
|||||||
prefix="/usr/local"
|
prefix="/usr/local"
|
||||||
;;
|
;;
|
||||||
esac
|
esac
|
||||||
|
case "$exec_prefix" in
|
||||||
|
NONE)
|
||||||
|
exec_prefix="$prefix"
|
||||||
|
;;
|
||||||
|
esac
|
||||||
|
|
||||||
# are we on MinGW?
|
# are we on MinGW?
|
||||||
if uname -s 2>&1 | grep MINGW32 >/dev/null; then on_mingw="yes"
|
if uname -s 2>&1 | grep MINGW32 >/dev/null; then on_mingw="yes"
|
||||||
@ -120,6 +126,12 @@ fi
|
|||||||
#
|
#
|
||||||
# Determine configuration file
|
# Determine configuration file
|
||||||
# the eval is to evaluate shell expansion twice
|
# the eval is to evaluate shell expansion twice
|
||||||
|
UNBOUND_SBIN_DIR=`eval echo "${sbindir}"`
|
||||||
|
AC_SUBST(UNBOUND_SBIN_DIR)
|
||||||
|
UNBOUND_SYSCONF_DIR=`eval echo "${sysconfdir}"`
|
||||||
|
AC_SUBST(UNBOUND_SYSCONF_DIR)
|
||||||
|
UNBOUND_LOCALSTATE_DIR=`eval echo "${localstatedir}"`
|
||||||
|
AC_SUBST(UNBOUND_LOCALSTATE_DIR)
|
||||||
if test $on_mingw = "no"; then
|
if test $on_mingw = "no"; then
|
||||||
ub_conf_file=`eval echo "${sysconfdir}/unbound/unbound.conf"`
|
ub_conf_file=`eval echo "${sysconfdir}/unbound/unbound.conf"`
|
||||||
else
|
else
|
||||||
@ -680,7 +692,7 @@ else
|
|||||||
AC_MSG_RESULT([no])
|
AC_MSG_RESULT([no])
|
||||||
fi
|
fi
|
||||||
AC_CHECK_HEADERS([openssl/conf.h openssl/engine.h openssl/bn.h openssl/dh.h openssl/dsa.h openssl/rsa.h],,, [AC_INCLUDES_DEFAULT])
|
AC_CHECK_HEADERS([openssl/conf.h openssl/engine.h openssl/bn.h openssl/dh.h openssl/dsa.h openssl/rsa.h],,, [AC_INCLUDES_DEFAULT])
|
||||||
AC_CHECK_FUNCS([OPENSSL_config EVP_sha1 EVP_sha256 EVP_sha512 FIPS_mode EVP_MD_CTX_new OpenSSL_add_all_digests OPENSSL_init_crypto EVP_cleanup ERR_load_crypto_strings CRYPTO_cleanup_all_ex_data ERR_free_strings RAND_cleanup DSA_SIG_set0 EVP_dss1])
|
AC_CHECK_FUNCS([OPENSSL_config EVP_sha1 EVP_sha256 EVP_sha512 FIPS_mode EVP_MD_CTX_new OpenSSL_add_all_digests OPENSSL_init_crypto EVP_cleanup ERR_load_crypto_strings CRYPTO_cleanup_all_ex_data ERR_free_strings RAND_cleanup DSA_SIG_set0 EVP_dss1 EVP_DigestVerify])
|
||||||
|
|
||||||
# these check_funcs need -lssl
|
# these check_funcs need -lssl
|
||||||
BAKLIBS="$LIBS"
|
BAKLIBS="$LIBS"
|
||||||
@ -906,6 +918,23 @@ case "$enable_dsa" in
|
|||||||
;;
|
;;
|
||||||
esac
|
esac
|
||||||
|
|
||||||
|
AC_ARG_ENABLE(ed25519, AC_HELP_STRING([--disable-ed25519], [Disable ED25519 support]))
|
||||||
|
use_ed25519="no"
|
||||||
|
case "$enable_ed25519" in
|
||||||
|
no)
|
||||||
|
;;
|
||||||
|
*)
|
||||||
|
if test $USE_NSS = "no" -a $USE_NETTLE = "no"; then
|
||||||
|
AC_CHECK_DECLS([NID_ED25519], [
|
||||||
|
AC_DEFINE_UNQUOTED([USE_ED25519], [1], [Define this to enable ED25519 support.])
|
||||||
|
use_ed25519="yes"
|
||||||
|
], [ if test "x$enable_ed25519" = "xyes"; then AC_MSG_ERROR([OpenSSL does not support ED25519 and you used --enable-ed25519.])
|
||||||
|
fi ], [AC_INCLUDES_DEFAULT
|
||||||
|
#include <openssl/evp.h>
|
||||||
|
])
|
||||||
|
fi
|
||||||
|
;;
|
||||||
|
esac
|
||||||
|
|
||||||
AC_ARG_ENABLE(event-api, AC_HELP_STRING([--enable-event-api], [Enable (experimental) pluggable event base libunbound API installed to unbound-event.h]))
|
AC_ARG_ENABLE(event-api, AC_HELP_STRING([--enable-event-api], [Enable (experimental) pluggable event base libunbound API installed to unbound-event.h]))
|
||||||
case "$enable_event_api" in
|
case "$enable_event_api" in
|
||||||
@ -1353,6 +1382,21 @@ case "$enable_cachedb" in
|
|||||||
;;
|
;;
|
||||||
esac
|
esac
|
||||||
|
|
||||||
|
# check for ipsecmod if requested
|
||||||
|
AC_ARG_ENABLE(ipsecmod, AC_HELP_STRING([--enable-ipsecmod], [Enable ipsecmod module that facilitates opportunistic IPsec]))
|
||||||
|
case "$enable_ipsecmod" in
|
||||||
|
yes)
|
||||||
|
AC_DEFINE([USE_IPSECMOD], [1], [Define to 1 to use ipsecmod support.])
|
||||||
|
IPSECMOD_OBJ="ipsecmod.lo ipsecmod-whitelist.lo"
|
||||||
|
AC_SUBST(IPSECMOD_OBJ)
|
||||||
|
IPSECMOD_HEADER='$(srcdir)/ipsecmod/ipsecmod.h $(srcdir)/ipsecmod/ipsecmod-whitelist.h'
|
||||||
|
AC_SUBST(IPSECMOD_HEADER)
|
||||||
|
;;
|
||||||
|
no|*)
|
||||||
|
# nothing
|
||||||
|
;;
|
||||||
|
esac
|
||||||
|
|
||||||
AC_MSG_CHECKING([if ${MAKE:-make} supports $< with implicit rule in scope])
|
AC_MSG_CHECKING([if ${MAKE:-make} supports $< with implicit rule in scope])
|
||||||
# on openBSD, the implicit rule make $< work.
|
# on openBSD, the implicit rule make $< work.
|
||||||
# on Solaris, it does not work ($? is changed sources, $^ lists dependencies).
|
# on Solaris, it does not work ($? is changed sources, $^ lists dependencies).
|
||||||
|
@ -31,3 +31,6 @@ distribution but may be helpful.
|
|||||||
Contributed by Yuri Voinov.
|
Contributed by Yuri Voinov.
|
||||||
* unbound.socket and unbound.service: systemd files for unbound, install them
|
* unbound.socket and unbound.service: systemd files for unbound, install them
|
||||||
in /usr/lib/systemd/system. Contributed by Sami Kerola and Pavel Odintsov.
|
in /usr/lib/systemd/system. Contributed by Sami Kerola and Pavel Odintsov.
|
||||||
|
* redirect-bogus.patch: Return configured address for bogus A and AAAA answers,
|
||||||
|
instead of SERVFAIL. Contributed by SIDN.
|
||||||
|
* fastrpz.patch: fastrpz support from Farsight Security.
|
||||||
|
3552
contrib/fastrpz.patch
Normal file
3552
contrib/fastrpz.patch
Normal file
File diff suppressed because it is too large
Load Diff
344
contrib/redirect-bogus.patch
Normal file
344
contrib/redirect-bogus.patch
Normal file
@ -0,0 +1,344 @@
|
|||||||
|
Index: daemon/worker.c
|
||||||
|
===================================================================
|
||||||
|
--- daemon/worker.c (revision 4191)
|
||||||
|
+++ daemon/worker.c (working copy)
|
||||||
|
@@ -663,8 +663,21 @@
|
||||||
|
if(!inplace_cb_reply_servfail_call(&worker->env, qinfo, NULL, rep,
|
||||||
|
LDNS_RCODE_SERVFAIL, edns, worker->scratchpad))
|
||||||
|
goto bail_out;
|
||||||
|
- error_encode(repinfo->c->buffer, LDNS_RCODE_SERVFAIL,
|
||||||
|
- qinfo, id, flags, edns);
|
||||||
|
+ if (qinfo->qtype == LDNS_RR_TYPE_A &&
|
||||||
|
+ worker->env.cfg->redirect_bogus_ipv4) {
|
||||||
|
+ /* BAD cached */
|
||||||
|
+ fixed_address_encode(repinfo->c->buffer,
|
||||||
|
+ LDNS_RCODE_NOERROR, qinfo, id, flags, edns,
|
||||||
|
+ worker->env.cfg->redirect_bogus_ipv4);
|
||||||
|
+ } else if (qinfo->qtype == LDNS_RR_TYPE_AAAA &&
|
||||||
|
+ worker->env.cfg->redirect_bogus_ipv6) {
|
||||||
|
+ fixed_address_encode(repinfo->c->buffer,
|
||||||
|
+ LDNS_RCODE_NOERROR, qinfo, id, flags, edns,
|
||||||
|
+ worker->env.cfg->redirect_bogus_ipv6);
|
||||||
|
+ } else {
|
||||||
|
+ error_encode(repinfo->c->buffer, LDNS_RCODE_SERVFAIL,
|
||||||
|
+ qinfo, id, flags, edns);
|
||||||
|
+ }
|
||||||
|
rrset_array_unlock_touch(worker->env.rrset_cache,
|
||||||
|
worker->scratchpad, rep->ref, rep->rrset_count);
|
||||||
|
if(worker->stats.extended) {
|
||||||
|
Index: doc/unbound.conf.5.in
|
||||||
|
===================================================================
|
||||||
|
--- doc/unbound.conf.5.in (revision 4191)
|
||||||
|
+++ doc/unbound.conf.5.in (working copy)
|
||||||
|
@@ -1244,6 +1244,18 @@
|
||||||
|
This can make ordinary queries complete (if repeatedly queried for),
|
||||||
|
and enter the cache, whilst also mitigating the traffic flow by the
|
||||||
|
factor given.
|
||||||
|
+.TP 5
|
||||||
|
+.B redirect-bogus-ipv4: \fI<IPv4 address>
|
||||||
|
+Set a fixed address for DNSSEC failures that are cached
|
||||||
|
+Instead of responding to A queries with SERVFAIL, respond
|
||||||
|
+with NOERROR and the address specified here
|
||||||
|
+The TTL of the response will be 5 seconds
|
||||||
|
+.TP 5
|
||||||
|
+.B redirect-bogus-ipv6: \fI<IPv4 address>
|
||||||
|
+Set a fixed address for DNSSEC failures that are cached
|
||||||
|
+Instead of responding to AAAA queries with SERVFAIL, respond
|
||||||
|
+with NOERROR and the address specified here
|
||||||
|
+The TTL of the response will be 5 seconds
|
||||||
|
.SS "Remote Control Options"
|
||||||
|
In the
|
||||||
|
.B remote\-control:
|
||||||
|
Index: services/mesh.c
|
||||||
|
===================================================================
|
||||||
|
--- services/mesh.c (revision 4191)
|
||||||
|
+++ services/mesh.c (working copy)
|
||||||
|
@@ -1006,6 +1006,7 @@
|
||||||
|
struct timeval end_time;
|
||||||
|
struct timeval duration;
|
||||||
|
int secure;
|
||||||
|
+ int bogus_override = 0;
|
||||||
|
/* Copy the client's EDNS for later restore, to make sure the edns
|
||||||
|
* compare is with the correct edns options. */
|
||||||
|
struct edns_data edns_bak = r->edns;
|
||||||
|
@@ -1016,6 +1017,7 @@
|
||||||
|
rcode = LDNS_RCODE_SERVFAIL;
|
||||||
|
if(m->s.env->cfg->stat_extended)
|
||||||
|
m->s.env->mesh->ans_bogus++;
|
||||||
|
+ bogus_override = 1;
|
||||||
|
}
|
||||||
|
if(rep && rep->security == sec_status_secure)
|
||||||
|
secure = 1;
|
||||||
|
@@ -1047,17 +1049,34 @@
|
||||||
|
} else if(rcode) {
|
||||||
|
m->s.qinfo.qname = r->qname;
|
||||||
|
m->s.qinfo.local_alias = r->local_alias;
|
||||||
|
- if(rcode == LDNS_RCODE_SERVFAIL) {
|
||||||
|
- if(!inplace_cb_reply_servfail_call(m->s.env, &m->s.qinfo, &m->s,
|
||||||
|
- rep, rcode, &r->edns, m->s.region))
|
||||||
|
- r->edns.opt_list = NULL;
|
||||||
|
- } else {
|
||||||
|
- if(!inplace_cb_reply_call(m->s.env, &m->s.qinfo, &m->s, rep, rcode,
|
||||||
|
- &r->edns, m->s.region))
|
||||||
|
- r->edns.opt_list = NULL;
|
||||||
|
+ if(bogus_override && m->s.qinfo.qtype == LDNS_RR_TYPE_A &&
|
||||||
|
+ m->s.env->cfg->redirect_bogus_ipv4) {
|
||||||
|
+ fixed_address_encode(r->query_reply.c->buffer,
|
||||||
|
+ LDNS_RCODE_NOERROR, &m->s.qinfo, r->qid,
|
||||||
|
+ r->qflags, &r->edns,
|
||||||
|
+ m->s.env->cfg->redirect_bogus_ipv4);
|
||||||
|
+ } else if(bogus_override &&
|
||||||
|
+ m->s.qinfo.qtype == LDNS_RR_TYPE_AAAA &&
|
||||||
|
+ m->s.env->cfg->redirect_bogus_ipv6) {
|
||||||
|
+ fixed_address_encode(r->query_reply.c->buffer,
|
||||||
|
+ LDNS_RCODE_NOERROR, &m->s.qinfo, r->qid,
|
||||||
|
+ r->qflags, &r->edns,
|
||||||
|
+ m->s.env->cfg->redirect_bogus_ipv6);
|
||||||
|
+ } else {
|
||||||
|
+ if(rcode == LDNS_RCODE_SERVFAIL) {
|
||||||
|
+ if(!inplace_cb_reply_servfail_call(m->s.env,
|
||||||
|
+ &m->s.qinfo, &m->s,
|
||||||
|
+ rep, rcode, &r->edns, m->s.region))
|
||||||
|
+ r->edns.opt_list = NULL;
|
||||||
|
+ } else {
|
||||||
|
+ if(!inplace_cb_reply_call(m->s.env, &m->s.qinfo,
|
||||||
|
+ &m->s, rep, rcode, &r->edns,
|
||||||
|
+ m->s.region))
|
||||||
|
+ r->edns.opt_list = NULL;
|
||||||
|
+ }
|
||||||
|
+ error_encode(r->query_reply.c->buffer, rcode,
|
||||||
|
+ &m->s.qinfo, r->qid, r->qflags, &r->edns);
|
||||||
|
}
|
||||||
|
- error_encode(r->query_reply.c->buffer, rcode, &m->s.qinfo,
|
||||||
|
- r->qid, r->qflags, &r->edns);
|
||||||
|
comm_point_send_reply(&r->query_reply);
|
||||||
|
} else {
|
||||||
|
size_t udp_size = r->edns.udp_size;
|
||||||
|
Index: util/config_file.c
|
||||||
|
===================================================================
|
||||||
|
--- util/config_file.c (revision 4191)
|
||||||
|
+++ util/config_file.c (working copy)
|
||||||
|
@@ -273,6 +273,8 @@
|
||||||
|
cfg->ratelimit_factor = 10;
|
||||||
|
cfg->qname_minimisation = 0;
|
||||||
|
cfg->qname_minimisation_strict = 0;
|
||||||
|
+ cfg->redirect_bogus_ipv4 = NULL;
|
||||||
|
+ cfg->redirect_bogus_ipv6 = NULL;
|
||||||
|
cfg->shm_enable = 0;
|
||||||
|
cfg->shm_key = 11777;
|
||||||
|
cfg->dnscrypt = 0;
|
||||||
|
@@ -602,6 +604,10 @@
|
||||||
|
}
|
||||||
|
oi[cfg->num_out_ifs++] = d;
|
||||||
|
cfg->out_ifs = oi;
|
||||||
|
+ } else if (strcmp(opt, "redirect-bogus-ipv4:") == 0) {
|
||||||
|
+ cfg->redirect_bogus_ipv4 = strdup(val);
|
||||||
|
+ } else if (strcmp(opt, "redirect-bogus-ipv6:") == 0) {
|
||||||
|
+ cfg->redirect_bogus_ipv6 = strdup(val);
|
||||||
|
} else {
|
||||||
|
/* unknown or unsupported (from the set_option interface):
|
||||||
|
* interface, outgoing-interface, access-control,
|
||||||
|
@@ -1250,6 +1256,12 @@
|
||||||
|
free(cfg->dnstap_version);
|
||||||
|
config_deldblstrlist(cfg->ratelimit_for_domain);
|
||||||
|
config_deldblstrlist(cfg->ratelimit_below_domain);
|
||||||
|
+ if (cfg->redirect_bogus_ipv4) {
|
||||||
|
+ free(cfg->redirect_bogus_ipv4);
|
||||||
|
+ }
|
||||||
|
+ if (cfg->redirect_bogus_ipv6) {
|
||||||
|
+ free(cfg->redirect_bogus_ipv6);
|
||||||
|
+ }
|
||||||
|
#ifdef USE_IPSECMOD
|
||||||
|
free(cfg->ipsecmod_hook);
|
||||||
|
config_delstrlist(cfg->ipsecmod_whitelist);
|
||||||
|
Index: util/config_file.h
|
||||||
|
===================================================================
|
||||||
|
--- util/config_file.h (revision 4191)
|
||||||
|
+++ util/config_file.h (working copy)
|
||||||
|
@@ -444,6 +444,9 @@
|
||||||
|
/** minimise QNAME in strict mode, minimise according to RFC.
|
||||||
|
* Do not apply fallback */
|
||||||
|
int qname_minimisation_strict;
|
||||||
|
+ /** construct fake responses for DNSSEC failures */
|
||||||
|
+ char *redirect_bogus_ipv4;
|
||||||
|
+ char *redirect_bogus_ipv6;
|
||||||
|
/** SHM data - true if shm is enabled */
|
||||||
|
int shm_enable;
|
||||||
|
/** SHM data - key for the shm */
|
||||||
|
Index: util/configlexer.lex
|
||||||
|
===================================================================
|
||||||
|
--- util/configlexer.lex (revision 4191)
|
||||||
|
+++ util/configlexer.lex (working copy)
|
||||||
|
@@ -410,6 +410,8 @@
|
||||||
|
response-ip-tag{COLON} { YDVAR(2, VAR_RESPONSE_IP_TAG) }
|
||||||
|
response-ip{COLON} { YDVAR(2, VAR_RESPONSE_IP) }
|
||||||
|
response-ip-data{COLON} { YDVAR(2, VAR_RESPONSE_IP_DATA) }
|
||||||
|
+redirect-bogus-ipv4{COLON} { YDVAR(1, VAR_REDIRECT_BOGUS_IPV4) }
|
||||||
|
+redirect-bogus-ipv6{COLON} { YDVAR(1, VAR_REDIRECT_BOGUS_IPV6) }
|
||||||
|
dnscrypt{COLON} { YDVAR(0, VAR_DNSCRYPT) }
|
||||||
|
dnscrypt-enable{COLON} { YDVAR(1, VAR_DNSCRYPT_ENABLE) }
|
||||||
|
dnscrypt-port{COLON} { YDVAR(1, VAR_DNSCRYPT_PORT) }
|
||||||
|
Index: util/configparser.y
|
||||||
|
===================================================================
|
||||||
|
--- util/configparser.y (revision 4191)
|
||||||
|
+++ util/configparser.y (working copy)
|
||||||
|
@@ -44,6 +44,7 @@
|
||||||
|
#include <stdlib.h>
|
||||||
|
#include <assert.h>
|
||||||
|
|
||||||
|
+#include "sldns/str2wire.h"
|
||||||
|
#include "util/configyyrename.h"
|
||||||
|
#include "util/config_file.h"
|
||||||
|
#include "util/net_help.h"
|
||||||
|
@@ -141,6 +142,7 @@
|
||||||
|
%token VAR_ACCESS_CONTROL_TAG_DATA VAR_VIEW VAR_ACCESS_CONTROL_VIEW
|
||||||
|
%token VAR_VIEW_FIRST VAR_SERVE_EXPIRED VAR_FAKE_DSA VAR_FAKE_SHA1
|
||||||
|
%token VAR_LOG_IDENTITY VAR_HIDE_TRUSTANCHOR VAR_TRUST_ANCHOR_SIGNALING
|
||||||
|
+%token VAR_REDIRECT_BOGUS_IPV4 VAR_REDIRECT_BOGUS_IPV6
|
||||||
|
%token VAR_USE_SYSTEMD VAR_SHM_ENABLE VAR_SHM_KEY
|
||||||
|
%token VAR_DNSCRYPT VAR_DNSCRYPT_ENABLE VAR_DNSCRYPT_PORT VAR_DNSCRYPT_PROVIDER
|
||||||
|
%token VAR_DNSCRYPT_SECRET_KEY VAR_DNSCRYPT_PROVIDER_CERT
|
||||||
|
@@ -228,6 +230,7 @@
|
||||||
|
server_access_control_tag_data | server_access_control_view |
|
||||||
|
server_qname_minimisation_strict | server_serve_expired |
|
||||||
|
server_fake_dsa | server_log_identity | server_use_systemd |
|
||||||
|
+ server_redirect_bogus_ipv4 | server_redirect_bogus_ipv6 |
|
||||||
|
server_response_ip_tag | server_response_ip | server_response_ip_data |
|
||||||
|
server_shm_enable | server_shm_key | server_fake_sha1 |
|
||||||
|
server_hide_trustanchor | server_trust_anchor_signaling |
|
||||||
|
@@ -1873,6 +1876,34 @@
|
||||||
|
#endif
|
||||||
|
}
|
||||||
|
;
|
||||||
|
+server_redirect_bogus_ipv4: VAR_REDIRECT_BOGUS_IPV4 STRING_ARG
|
||||||
|
+ {
|
||||||
|
+ uint8_t data[4];
|
||||||
|
+ size_t data_len = 4;
|
||||||
|
+ OUTYY(("P(name:%s)\n", $2));
|
||||||
|
+ if(cfg_parser->cfg->redirect_bogus_ipv4) {
|
||||||
|
+ yyerror("redirect-bogus-ipv4, can only use one address");
|
||||||
|
+ }
|
||||||
|
+ if(sldns_str2wire_a_buf($2, data, &data_len) != LDNS_WIREPARSE_ERR_OK) {
|
||||||
|
+ yyerror("redirect-bogus-ipv4, not a valid IPv4 address");
|
||||||
|
+ }
|
||||||
|
+ free(cfg_parser->cfg->redirect_bogus_ipv4);
|
||||||
|
+ cfg_parser->cfg->redirect_bogus_ipv4 = $2;
|
||||||
|
+ }
|
||||||
|
+server_redirect_bogus_ipv6: VAR_REDIRECT_BOGUS_IPV6 STRING_ARG
|
||||||
|
+ {
|
||||||
|
+ uint8_t data[16];
|
||||||
|
+ size_t data_len = 16;
|
||||||
|
+ OUTYY(("P(name:%s)\n", $2));
|
||||||
|
+ if(cfg_parser->cfg->redirect_bogus_ipv6) {
|
||||||
|
+ yyerror("redirect-bogus-ipv6, can only use one address");
|
||||||
|
+ }
|
||||||
|
+ if(sldns_str2wire_aaaa_buf($2, data, &data_len) != LDNS_WIREPARSE_ERR_OK) {
|
||||||
|
+ yyerror("redirect-bogus-ipv6, not a valid IPv6 address");
|
||||||
|
+ }
|
||||||
|
+ free(cfg_parser->cfg->redirect_bogus_ipv6);
|
||||||
|
+ cfg_parser->cfg->redirect_bogus_ipv6 = $2;
|
||||||
|
+ }
|
||||||
|
stub_name: VAR_NAME STRING_ARG
|
||||||
|
{
|
||||||
|
OUTYY(("P(name:%s)\n", $2));
|
||||||
|
Index: util/data/msgencode.c
|
||||||
|
===================================================================
|
||||||
|
--- util/data/msgencode.c (revision 4191)
|
||||||
|
+++ util/data/msgencode.c (working copy)
|
||||||
|
@@ -48,6 +48,7 @@
|
||||||
|
#include "util/regional.h"
|
||||||
|
#include "util/net_help.h"
|
||||||
|
#include "sldns/sbuffer.h"
|
||||||
|
+#include "sldns/str2wire.h"
|
||||||
|
#include "services/localzone.h"
|
||||||
|
|
||||||
|
/** return code that means the function ran out of memory. negative so it does
|
||||||
|
@@ -914,3 +915,63 @@
|
||||||
|
attach_edns_record(buf, &es);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
+
|
||||||
|
+void
|
||||||
|
+fixed_address_encode(sldns_buffer* buf, int r, struct query_info* qinfo,
|
||||||
|
+ uint16_t qid, uint16_t qflags, struct edns_data* edns, char* data)
|
||||||
|
+{
|
||||||
|
+ uint16_t flags;
|
||||||
|
+ uint8_t addr_data[16];
|
||||||
|
+ size_t addr_len = 16;
|
||||||
|
+ if (qinfo->qtype == LDNS_RR_TYPE_A) {
|
||||||
|
+ sldns_str2wire_a_buf(data, addr_data, &addr_len);
|
||||||
|
+ } else if (qinfo->qtype == LDNS_RR_TYPE_AAAA) {
|
||||||
|
+ sldns_str2wire_aaaa_buf(data, addr_data, &addr_len);
|
||||||
|
+ } else {
|
||||||
|
+ return error_encode(buf, LDNS_RCODE_NOERROR, qinfo, qid, qflags, edns);
|
||||||
|
+ }
|
||||||
|
+ sldns_buffer_clear(buf);
|
||||||
|
+ sldns_buffer_write(buf, &qid, sizeof(uint16_t));
|
||||||
|
+ flags = (uint16_t)(BIT_QR | BIT_RA | r); /* QR and retcode*/
|
||||||
|
+ flags |= (qflags & (BIT_RD|BIT_CD)); /* copy RD and CD bit */
|
||||||
|
+ sldns_buffer_write_u16(buf, flags);
|
||||||
|
+ if(qinfo) flags = 1;
|
||||||
|
+ else flags = 0;
|
||||||
|
+ sldns_buffer_write_u16(buf, flags);
|
||||||
|
+ sldns_buffer_write_u16(buf, 1);
|
||||||
|
+ flags = 0;
|
||||||
|
+ sldns_buffer_write(buf, &flags, sizeof(uint16_t));
|
||||||
|
+ sldns_buffer_write(buf, &flags, sizeof(uint16_t));
|
||||||
|
+ if(qinfo) {
|
||||||
|
+ // query
|
||||||
|
+ if(sldns_buffer_current(buf) == qinfo->qname)
|
||||||
|
+ sldns_buffer_skip(buf, (ssize_t)qinfo->qname_len);
|
||||||
|
+ else sldns_buffer_write(buf, qinfo->qname, qinfo->qname_len);
|
||||||
|
+ sldns_buffer_write_u16(buf, qinfo->qtype);
|
||||||
|
+ sldns_buffer_write_u16(buf, qinfo->qclass);
|
||||||
|
+ // faked answer
|
||||||
|
+ if(sldns_buffer_current(buf) == qinfo->qname)
|
||||||
|
+ sldns_buffer_skip(buf, (ssize_t)qinfo->qname_len);
|
||||||
|
+ else sldns_buffer_write(buf, qinfo->qname, qinfo->qname_len);
|
||||||
|
+ sldns_buffer_write_u16(buf, qinfo->qtype);
|
||||||
|
+ sldns_buffer_write_u16(buf, qinfo->qclass);
|
||||||
|
+ sldns_buffer_write_u16(buf, 0);
|
||||||
|
+ // TTL. Should we make this configurable too?
|
||||||
|
+ sldns_buffer_write_u16(buf, 5);
|
||||||
|
+ sldns_buffer_write_u16(buf, addr_len);
|
||||||
|
+ sldns_buffer_write(buf, addr_data, addr_len);
|
||||||
|
+ fflush(stderr);
|
||||||
|
+ }
|
||||||
|
+ sldns_buffer_flip(buf);
|
||||||
|
+ if(edns) {
|
||||||
|
+ struct edns_data es = *edns;
|
||||||
|
+ es.edns_version = EDNS_ADVERTISED_VERSION;
|
||||||
|
+ es.udp_size = EDNS_ADVERTISED_SIZE;
|
||||||
|
+ es.ext_rcode = 0;
|
||||||
|
+ es.bits &= EDNS_DO;
|
||||||
|
+ if(sldns_buffer_limit(buf) + calc_edns_field_size(&es) >
|
||||||
|
+ edns->udp_size)
|
||||||
|
+ return;
|
||||||
|
+ attach_edns_record(buf, &es);
|
||||||
|
+ }
|
||||||
|
+}
|
||||||
|
Index: util/data/msgencode.h
|
||||||
|
===================================================================
|
||||||
|
--- util/data/msgencode.h (revision 4191)
|
||||||
|
+++ util/data/msgencode.h (working copy)
|
||||||
|
@@ -128,4 +128,20 @@
|
||||||
|
void error_encode(struct sldns_buffer* pkt, int r, struct query_info* qinfo,
|
||||||
|
uint16_t qid, uint16_t qflags, struct edns_data* edns);
|
||||||
|
|
||||||
|
+/**
|
||||||
|
+ * Encode a fixed address response.
|
||||||
|
+ * This is a fake answer to either an A or AAA query
|
||||||
|
+ *
|
||||||
|
+ * It will answer with that address
|
||||||
|
+ *
|
||||||
|
+ * @param pkt: where to store the packet.
|
||||||
|
+ * @param r: RCODE value to encode.
|
||||||
|
+ * @param qinfo: if not NULL, the query is included.
|
||||||
|
+ * @param qid: query ID to set in packet. network order.
|
||||||
|
+ * @param qflags: original query flags (to copy RD and CD bits). host order.
|
||||||
|
+ * @param edns: if not NULL, this is the query edns info,
|
||||||
|
+ * and an edns reply is attached. Only attached if EDNS record fits reply.
|
||||||
|
+ */
|
||||||
|
+void fixed_address_encode(struct sldns_buffer* pkt, int r, struct query_info* qinfo,
|
||||||
|
+ uint16_t qid, uint16_t qflags, struct edns_data* edns, char* address);
|
||||||
|
#endif /* UTIL_DATA_MSGENCODE_H */
|
@ -7,7 +7,7 @@ WantedBy=multi-user.target
|
|||||||
|
|
||||||
[Service]
|
[Service]
|
||||||
ExecReload=/bin/kill -HUP $MAINPID
|
ExecReload=/bin/kill -HUP $MAINPID
|
||||||
ExecStart=/home/vagrant/unbound_systemd/unbound
|
ExecStart=@UNBOUND_SBIN_DIR@/unbound
|
||||||
NotifyAccess=main
|
NotifyAccess=main
|
||||||
Type=notify
|
Type=notify
|
||||||
CapabilityBoundingSet=CAP_IPC_LOCK CAP_NET_BIND_SERVICE CAP_SETGID CAP_SETUID CAP_SYS_CHROOT
|
CapabilityBoundingSet=CAP_IPC_LOCK CAP_NET_BIND_SERVICE CAP_SETGID CAP_SETUID CAP_SYS_CHROOT
|
||||||
@ -20,7 +20,7 @@ ProtectControlGroups=true
|
|||||||
ProtectKernelModules=true
|
ProtectKernelModules=true
|
||||||
ProtectKernelTunables=true
|
ProtectKernelTunables=true
|
||||||
ProtectSystem=strict
|
ProtectSystem=strict
|
||||||
ReadWritePaths=/etc/unbound /run
|
ReadWritePaths=@UNBOUND_SYSCONF_DIR@ @UNBOUND_LOCALSTATE_DIR@ /run @UNBOUND_RUN_DIR@
|
||||||
RestrictAddressFamilies=AF_INET AF_UNIX
|
RestrictAddressFamilies=AF_INET AF_UNIX
|
||||||
RestrictRealtime=true
|
RestrictRealtime=true
|
||||||
SystemCallArchitectures=native
|
SystemCallArchitectures=native
|
||||||
|
106
daemon/remote.c
106
daemon/remote.c
@ -124,7 +124,7 @@ timeval_subtract(struct timeval* d, const struct timeval* end,
|
|||||||
|
|
||||||
/** divide sum of timers to get average */
|
/** divide sum of timers to get average */
|
||||||
static void
|
static void
|
||||||
timeval_divide(struct timeval* avg, const struct timeval* sum, size_t d)
|
timeval_divide(struct timeval* avg, const struct timeval* sum, long long d)
|
||||||
{
|
{
|
||||||
#ifndef S_SPLINT_S
|
#ifndef S_SPLINT_S
|
||||||
size_t leftover;
|
size_t leftover;
|
||||||
@ -260,10 +260,10 @@ daemon_remote_create(struct config_file* cfg)
|
|||||||
return NULL;
|
return NULL;
|
||||||
}
|
}
|
||||||
#endif
|
#endif
|
||||||
#ifdef SHA256_DIGEST_LENGTH
|
#if defined(SHA256_DIGEST_LENGTH) && defined(USE_ECDSA)
|
||||||
/* if we have sha256, set the cipher list to have no known vulns */
|
/* if we have sha256, set the cipher list to have no known vulns */
|
||||||
if(!SSL_CTX_set_cipher_list(rc->ctx, "ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256"))
|
if(!SSL_CTX_set_cipher_list(rc->ctx, "ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256"))
|
||||||
log_crypto_err("coult not set cipher list with SSL_CTX_set_cipher_list");
|
log_crypto_err("could not set cipher list with SSL_CTX_set_cipher_list");
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
if (cfg->remote_control_use_cert == 0) {
|
if (cfg->remote_control_use_cert == 0) {
|
||||||
@ -780,9 +780,9 @@ do_verbosity(SSL* ssl, char* str)
|
|||||||
|
|
||||||
/** print stats from statinfo */
|
/** print stats from statinfo */
|
||||||
static int
|
static int
|
||||||
print_stats(SSL* ssl, const char* nm, struct stats_info* s)
|
print_stats(SSL* ssl, const char* nm, struct ub_stats_info* s)
|
||||||
{
|
{
|
||||||
struct timeval avg;
|
struct timeval sumwait, avg;
|
||||||
if(!ssl_printf(ssl, "%s.num.queries"SQ"%lu\n", nm,
|
if(!ssl_printf(ssl, "%s.num.queries"SQ"%lu\n", nm,
|
||||||
(unsigned long)s->svr.num_queries)) return 0;
|
(unsigned long)s->svr.num_queries)) return 0;
|
||||||
if(!ssl_printf(ssl, "%s.num.queries_ip_ratelimited"SQ"%lu\n", nm,
|
if(!ssl_printf(ssl, "%s.num.queries_ip_ratelimited"SQ"%lu\n", nm,
|
||||||
@ -799,19 +799,19 @@ print_stats(SSL* ssl, const char* nm, struct stats_info* s)
|
|||||||
if(!ssl_printf(ssl, "%s.num.recursivereplies"SQ"%lu\n", nm,
|
if(!ssl_printf(ssl, "%s.num.recursivereplies"SQ"%lu\n", nm,
|
||||||
(unsigned long)s->mesh_replies_sent)) return 0;
|
(unsigned long)s->mesh_replies_sent)) return 0;
|
||||||
#ifdef USE_DNSCRYPT
|
#ifdef USE_DNSCRYPT
|
||||||
if(!ssl_printf(ssl, "%s.num.dnscrypt.crypted"SQ"%lu\n", nm,
|
if(!ssl_printf(ssl, "%s.num.dnscrypt.crypted"SQ"%lu\n", nm,
|
||||||
(unsigned long)s->svr.num_query_dnscrypt_crypted)) return 0;
|
(unsigned long)s->svr.num_query_dnscrypt_crypted)) return 0;
|
||||||
if(!ssl_printf(ssl, "%s.num.dnscrypt.cert"SQ"%lu\n", nm,
|
if(!ssl_printf(ssl, "%s.num.dnscrypt.cert"SQ"%lu\n", nm,
|
||||||
(unsigned long)s->svr.num_query_dnscrypt_cert)) return 0;
|
(unsigned long)s->svr.num_query_dnscrypt_cert)) return 0;
|
||||||
if(!ssl_printf(ssl, "%s.num.dnscrypt.cleartext"SQ"%lu\n", nm,
|
if(!ssl_printf(ssl, "%s.num.dnscrypt.cleartext"SQ"%lu\n", nm,
|
||||||
(unsigned long)s->svr.num_query_dnscrypt_cleartext)) return 0;
|
(unsigned long)s->svr.num_query_dnscrypt_cleartext)) return 0;
|
||||||
if(!ssl_printf(ssl, "%s.num.dnscrypt.malformed"SQ"%lu\n", nm,
|
if(!ssl_printf(ssl, "%s.num.dnscrypt.malformed"SQ"%lu\n", nm,
|
||||||
(unsigned long)s->svr.num_query_dnscrypt_crypted_malformed)) return 0;
|
(unsigned long)s->svr.num_query_dnscrypt_crypted_malformed)) return 0;
|
||||||
#endif
|
#endif
|
||||||
if(!ssl_printf(ssl, "%s.requestlist.avg"SQ"%g\n", nm,
|
if(!ssl_printf(ssl, "%s.requestlist.avg"SQ"%g\n", nm,
|
||||||
(s->svr.num_queries_missed_cache+s->svr.num_queries_prefetch)?
|
(s->svr.num_queries_missed_cache+s->svr.num_queries_prefetch)?
|
||||||
(double)s->svr.sum_query_list_size/
|
(double)s->svr.sum_query_list_size/
|
||||||
(s->svr.num_queries_missed_cache+
|
(double)(s->svr.num_queries_missed_cache+
|
||||||
s->svr.num_queries_prefetch) : 0.0)) return 0;
|
s->svr.num_queries_prefetch) : 0.0)) return 0;
|
||||||
if(!ssl_printf(ssl, "%s.requestlist.max"SQ"%lu\n", nm,
|
if(!ssl_printf(ssl, "%s.requestlist.max"SQ"%lu\n", nm,
|
||||||
(unsigned long)s->svr.max_query_list_size)) return 0;
|
(unsigned long)s->svr.max_query_list_size)) return 0;
|
||||||
@ -823,7 +823,11 @@ print_stats(SSL* ssl, const char* nm, struct stats_info* s)
|
|||||||
(unsigned long)s->mesh_num_states)) return 0;
|
(unsigned long)s->mesh_num_states)) return 0;
|
||||||
if(!ssl_printf(ssl, "%s.requestlist.current.user"SQ"%lu\n", nm,
|
if(!ssl_printf(ssl, "%s.requestlist.current.user"SQ"%lu\n", nm,
|
||||||
(unsigned long)s->mesh_num_reply_states)) return 0;
|
(unsigned long)s->mesh_num_reply_states)) return 0;
|
||||||
timeval_divide(&avg, &s->mesh_replies_sum_wait, s->mesh_replies_sent);
|
#ifndef S_SPLINT_S
|
||||||
|
sumwait.tv_sec = s->mesh_replies_sum_wait_sec;
|
||||||
|
sumwait.tv_usec = s->mesh_replies_sum_wait_usec;
|
||||||
|
#endif
|
||||||
|
timeval_divide(&avg, &sumwait, s->mesh_replies_sent);
|
||||||
if(!ssl_printf(ssl, "%s.recursion.time.avg"SQ ARG_LL "d.%6.6d\n", nm,
|
if(!ssl_printf(ssl, "%s.recursion.time.avg"SQ ARG_LL "d.%6.6d\n", nm,
|
||||||
(long long)avg.tv_sec, (int)avg.tv_usec)) return 0;
|
(long long)avg.tv_sec, (int)avg.tv_usec)) return 0;
|
||||||
if(!ssl_printf(ssl, "%s.recursion.time.median"SQ"%g\n", nm,
|
if(!ssl_printf(ssl, "%s.recursion.time.median"SQ"%g\n", nm,
|
||||||
@ -835,7 +839,7 @@ print_stats(SSL* ssl, const char* nm, struct stats_info* s)
|
|||||||
|
|
||||||
/** print stats for one thread */
|
/** print stats for one thread */
|
||||||
static int
|
static int
|
||||||
print_thread_stats(SSL* ssl, int i, struct stats_info* s)
|
print_thread_stats(SSL* ssl, int i, struct ub_stats_info* s)
|
||||||
{
|
{
|
||||||
char nm[16];
|
char nm[16];
|
||||||
snprintf(nm, sizeof(nm), "thread%d", i);
|
snprintf(nm, sizeof(nm), "thread%d", i);
|
||||||
@ -862,46 +866,24 @@ print_longnum(SSL* ssl, const char* desc, size_t x)
|
|||||||
static int
|
static int
|
||||||
print_mem(SSL* ssl, struct worker* worker, struct daemon* daemon)
|
print_mem(SSL* ssl, struct worker* worker, struct daemon* daemon)
|
||||||
{
|
{
|
||||||
int m;
|
|
||||||
size_t msg, rrset, val, iter, respip;
|
size_t msg, rrset, val, iter, respip;
|
||||||
#ifdef CLIENT_SUBNET
|
#ifdef CLIENT_SUBNET
|
||||||
size_t subnet = 0;
|
size_t subnet = 0;
|
||||||
#endif /* CLIENT_SUBNET */
|
#endif /* CLIENT_SUBNET */
|
||||||
|
#ifdef USE_IPSECMOD
|
||||||
|
size_t ipsecmod = 0;
|
||||||
|
#endif /* USE_IPSECMOD */
|
||||||
msg = slabhash_get_mem(daemon->env->msg_cache);
|
msg = slabhash_get_mem(daemon->env->msg_cache);
|
||||||
rrset = slabhash_get_mem(&daemon->env->rrset_cache->table);
|
rrset = slabhash_get_mem(&daemon->env->rrset_cache->table);
|
||||||
val=0;
|
val = mod_get_mem(&worker->env, "validator");
|
||||||
iter=0;
|
iter = mod_get_mem(&worker->env, "iterator");
|
||||||
respip=0;
|
respip = mod_get_mem(&worker->env, "respip");
|
||||||
m = modstack_find(&worker->env.mesh->mods, "validator");
|
|
||||||
if(m != -1) {
|
|
||||||
fptr_ok(fptr_whitelist_mod_get_mem(worker->env.mesh->
|
|
||||||
mods.mod[m]->get_mem));
|
|
||||||
val = (*worker->env.mesh->mods.mod[m]->get_mem)
|
|
||||||
(&worker->env, m);
|
|
||||||
}
|
|
||||||
m = modstack_find(&worker->env.mesh->mods, "iterator");
|
|
||||||
if(m != -1) {
|
|
||||||
fptr_ok(fptr_whitelist_mod_get_mem(worker->env.mesh->
|
|
||||||
mods.mod[m]->get_mem));
|
|
||||||
iter = (*worker->env.mesh->mods.mod[m]->get_mem)
|
|
||||||
(&worker->env, m);
|
|
||||||
}
|
|
||||||
m = modstack_find(&worker->env.mesh->mods, "respip");
|
|
||||||
if(m != -1) {
|
|
||||||
fptr_ok(fptr_whitelist_mod_get_mem(worker->env.mesh->
|
|
||||||
mods.mod[m]->get_mem));
|
|
||||||
respip = (*worker->env.mesh->mods.mod[m]->get_mem)
|
|
||||||
(&worker->env, m);
|
|
||||||
}
|
|
||||||
#ifdef CLIENT_SUBNET
|
#ifdef CLIENT_SUBNET
|
||||||
m = modstack_find(&worker->env.mesh->mods, "subnet");
|
subnet = mod_get_mem(&worker->env, "subnet");
|
||||||
if(m != -1) {
|
|
||||||
fptr_ok(fptr_whitelist_mod_get_mem(worker->env.mesh->
|
|
||||||
mods.mod[m]->get_mem));
|
|
||||||
subnet = (*worker->env.mesh->mods.mod[m]->get_mem)
|
|
||||||
(&worker->env, m);
|
|
||||||
}
|
|
||||||
#endif /* CLIENT_SUBNET */
|
#endif /* CLIENT_SUBNET */
|
||||||
|
#ifdef USE_IPSECMOD
|
||||||
|
ipsecmod = mod_get_mem(&worker->env, "ipsecmod");
|
||||||
|
#endif /* USE_IPSECMOD */
|
||||||
|
|
||||||
if(!print_longnum(ssl, "mem.cache.rrset"SQ, rrset))
|
if(!print_longnum(ssl, "mem.cache.rrset"SQ, rrset))
|
||||||
return 0;
|
return 0;
|
||||||
@ -917,6 +899,10 @@ print_mem(SSL* ssl, struct worker* worker, struct daemon* daemon)
|
|||||||
if(!print_longnum(ssl, "mem.mod.subnet"SQ, subnet))
|
if(!print_longnum(ssl, "mem.mod.subnet"SQ, subnet))
|
||||||
return 0;
|
return 0;
|
||||||
#endif /* CLIENT_SUBNET */
|
#endif /* CLIENT_SUBNET */
|
||||||
|
#ifdef USE_IPSECMOD
|
||||||
|
if(!print_longnum(ssl, "mem.mod.ipsecmod"SQ, ipsecmod))
|
||||||
|
return 0;
|
||||||
|
#endif /* USE_IPSECMOD */
|
||||||
return 1;
|
return 1;
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -941,7 +927,7 @@ print_uptime(SSL* ssl, struct worker* worker, int reset)
|
|||||||
|
|
||||||
/** print extended histogram */
|
/** print extended histogram */
|
||||||
static int
|
static int
|
||||||
print_hist(SSL* ssl, struct stats_info* s)
|
print_hist(SSL* ssl, struct ub_stats_info* s)
|
||||||
{
|
{
|
||||||
struct timehist* hist;
|
struct timehist* hist;
|
||||||
size_t i;
|
size_t i;
|
||||||
@ -969,14 +955,14 @@ print_hist(SSL* ssl, struct stats_info* s)
|
|||||||
|
|
||||||
/** print extended stats */
|
/** print extended stats */
|
||||||
static int
|
static int
|
||||||
print_ext(SSL* ssl, struct stats_info* s)
|
print_ext(SSL* ssl, struct ub_stats_info* s)
|
||||||
{
|
{
|
||||||
int i;
|
int i;
|
||||||
char nm[16];
|
char nm[16];
|
||||||
const sldns_rr_descriptor* desc;
|
const sldns_rr_descriptor* desc;
|
||||||
const sldns_lookup_table* lt;
|
const sldns_lookup_table* lt;
|
||||||
/* TYPE */
|
/* TYPE */
|
||||||
for(i=0; i<STATS_QTYPE_NUM; i++) {
|
for(i=0; i<UB_STATS_QTYPE_NUM; i++) {
|
||||||
if(inhibit_zero && s->svr.qtype[i] == 0)
|
if(inhibit_zero && s->svr.qtype[i] == 0)
|
||||||
continue;
|
continue;
|
||||||
desc = sldns_rr_descript((uint16_t)i);
|
desc = sldns_rr_descript((uint16_t)i);
|
||||||
@ -1003,7 +989,7 @@ print_ext(SSL* ssl, struct stats_info* s)
|
|||||||
(unsigned long)s->svr.qtype_big)) return 0;
|
(unsigned long)s->svr.qtype_big)) return 0;
|
||||||
}
|
}
|
||||||
/* CLASS */
|
/* CLASS */
|
||||||
for(i=0; i<STATS_QCLASS_NUM; i++) {
|
for(i=0; i<UB_STATS_QCLASS_NUM; i++) {
|
||||||
if(inhibit_zero && s->svr.qclass[i] == 0)
|
if(inhibit_zero && s->svr.qclass[i] == 0)
|
||||||
continue;
|
continue;
|
||||||
lt = sldns_lookup_by_id(sldns_rr_classes, i);
|
lt = sldns_lookup_by_id(sldns_rr_classes, i);
|
||||||
@ -1020,7 +1006,7 @@ print_ext(SSL* ssl, struct stats_info* s)
|
|||||||
(unsigned long)s->svr.qclass_big)) return 0;
|
(unsigned long)s->svr.qclass_big)) return 0;
|
||||||
}
|
}
|
||||||
/* OPCODE */
|
/* OPCODE */
|
||||||
for(i=0; i<STATS_OPCODE_NUM; i++) {
|
for(i=0; i<UB_STATS_OPCODE_NUM; i++) {
|
||||||
if(inhibit_zero && s->svr.qopcode[i] == 0)
|
if(inhibit_zero && s->svr.qopcode[i] == 0)
|
||||||
continue;
|
continue;
|
||||||
lt = sldns_lookup_by_id(sldns_opcodes, i);
|
lt = sldns_lookup_by_id(sldns_opcodes, i);
|
||||||
@ -1062,7 +1048,7 @@ print_ext(SSL* ssl, struct stats_info* s)
|
|||||||
(unsigned long)s->svr.qEDNS_DO)) return 0;
|
(unsigned long)s->svr.qEDNS_DO)) return 0;
|
||||||
|
|
||||||
/* RCODE */
|
/* RCODE */
|
||||||
for(i=0; i<STATS_RCODE_NUM; i++) {
|
for(i=0; i<UB_STATS_RCODE_NUM; i++) {
|
||||||
/* Always include RCODEs 0-5 */
|
/* Always include RCODEs 0-5 */
|
||||||
if(inhibit_zero && i > LDNS_RCODE_REFUSED && s->svr.ans_rcode[i] == 0)
|
if(inhibit_zero && i > LDNS_RCODE_REFUSED && s->svr.ans_rcode[i] == 0)
|
||||||
continue;
|
continue;
|
||||||
@ -1108,8 +1094,8 @@ static void
|
|||||||
do_stats(SSL* ssl, struct daemon_remote* rc, int reset)
|
do_stats(SSL* ssl, struct daemon_remote* rc, int reset)
|
||||||
{
|
{
|
||||||
struct daemon* daemon = rc->worker->daemon;
|
struct daemon* daemon = rc->worker->daemon;
|
||||||
struct stats_info total;
|
struct ub_stats_info total;
|
||||||
struct stats_info s;
|
struct ub_stats_info s;
|
||||||
int i;
|
int i;
|
||||||
log_assert(daemon->num > 0);
|
log_assert(daemon->num > 0);
|
||||||
/* gather all thread statistics in one place */
|
/* gather all thread statistics in one place */
|
||||||
@ -1407,6 +1393,14 @@ do_view_zone_add(SSL* ssl, struct worker* worker, char* arg)
|
|||||||
ssl_printf(ssl,"error out of memory\n");
|
ssl_printf(ssl,"error out of memory\n");
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
if(!v->isfirst) {
|
||||||
|
/* Global local-zone is not used for this view,
|
||||||
|
* therefore add defaults to this view-specic
|
||||||
|
* local-zone. */
|
||||||
|
struct config_file lz_cfg;
|
||||||
|
memset(&lz_cfg, 0, sizeof(lz_cfg));
|
||||||
|
local_zone_enter_defaults(v->local_zones, &lz_cfg);
|
||||||
|
}
|
||||||
}
|
}
|
||||||
do_zone_add(ssl, v->local_zones, arg2);
|
do_zone_add(ssl, v->local_zones, arg2);
|
||||||
lock_rw_unlock(&v->lock);
|
lock_rw_unlock(&v->lock);
|
||||||
|
105
daemon/stats.c
105
daemon/stats.c
@ -63,42 +63,42 @@
|
|||||||
|
|
||||||
/** add timers and the values do not overflow or become negative */
|
/** add timers and the values do not overflow or become negative */
|
||||||
static void
|
static void
|
||||||
timeval_add(struct timeval* d, const struct timeval* add)
|
stats_timeval_add(long long* d_sec, long long* d_usec, long long add_sec, long long add_usec)
|
||||||
{
|
{
|
||||||
#ifndef S_SPLINT_S
|
#ifndef S_SPLINT_S
|
||||||
d->tv_sec += add->tv_sec;
|
(*d_sec) += add_sec;
|
||||||
d->tv_usec += add->tv_usec;
|
(*d_usec) += add_usec;
|
||||||
if(d->tv_usec > 1000000) {
|
if((*d_usec) > 1000000) {
|
||||||
d->tv_usec -= 1000000;
|
(*d_usec) -= 1000000;
|
||||||
d->tv_sec++;
|
(*d_sec)++;
|
||||||
}
|
}
|
||||||
#endif
|
#endif
|
||||||
}
|
}
|
||||||
|
|
||||||
void server_stats_init(struct server_stats* stats, struct config_file* cfg)
|
void server_stats_init(struct ub_server_stats* stats, struct config_file* cfg)
|
||||||
{
|
{
|
||||||
memset(stats, 0, sizeof(*stats));
|
memset(stats, 0, sizeof(*stats));
|
||||||
stats->extended = cfg->stat_extended;
|
stats->extended = cfg->stat_extended;
|
||||||
}
|
}
|
||||||
|
|
||||||
void server_stats_querymiss(struct server_stats* stats, struct worker* worker)
|
void server_stats_querymiss(struct ub_server_stats* stats, struct worker* worker)
|
||||||
{
|
{
|
||||||
stats->num_queries_missed_cache++;
|
stats->num_queries_missed_cache++;
|
||||||
stats->sum_query_list_size += worker->env.mesh->all.count;
|
stats->sum_query_list_size += worker->env.mesh->all.count;
|
||||||
if(worker->env.mesh->all.count > stats->max_query_list_size)
|
if((long long)worker->env.mesh->all.count > stats->max_query_list_size)
|
||||||
stats->max_query_list_size = worker->env.mesh->all.count;
|
stats->max_query_list_size = (long long)worker->env.mesh->all.count;
|
||||||
}
|
}
|
||||||
|
|
||||||
void server_stats_prefetch(struct server_stats* stats, struct worker* worker)
|
void server_stats_prefetch(struct ub_server_stats* stats, struct worker* worker)
|
||||||
{
|
{
|
||||||
stats->num_queries_prefetch++;
|
stats->num_queries_prefetch++;
|
||||||
/* changes the query list size so account that, like a querymiss */
|
/* changes the query list size so account that, like a querymiss */
|
||||||
stats->sum_query_list_size += worker->env.mesh->all.count;
|
stats->sum_query_list_size += worker->env.mesh->all.count;
|
||||||
if(worker->env.mesh->all.count > stats->max_query_list_size)
|
if((long long)worker->env.mesh->all.count > stats->max_query_list_size)
|
||||||
stats->max_query_list_size = worker->env.mesh->all.count;
|
stats->max_query_list_size = (long long)worker->env.mesh->all.count;
|
||||||
}
|
}
|
||||||
|
|
||||||
void server_stats_log(struct server_stats* stats, struct worker* worker,
|
void server_stats_log(struct ub_server_stats* stats, struct worker* worker,
|
||||||
int threadnum)
|
int threadnum)
|
||||||
{
|
{
|
||||||
log_info("server stats for thread %d: %u queries, "
|
log_info("server stats for thread %d: %u queries, "
|
||||||
@ -115,7 +115,7 @@ void server_stats_log(struct server_stats* stats, struct worker* worker,
|
|||||||
(unsigned)stats->max_query_list_size,
|
(unsigned)stats->max_query_list_size,
|
||||||
(stats->num_queries_missed_cache+stats->num_queries_prefetch)?
|
(stats->num_queries_missed_cache+stats->num_queries_prefetch)?
|
||||||
(double)stats->sum_query_list_size/
|
(double)stats->sum_query_list_size/
|
||||||
(stats->num_queries_missed_cache+
|
(double)(stats->num_queries_missed_cache+
|
||||||
stats->num_queries_prefetch) : 0.0,
|
stats->num_queries_prefetch) : 0.0,
|
||||||
(unsigned)worker->env.mesh->stats_dropped,
|
(unsigned)worker->env.mesh->stats_dropped,
|
||||||
(unsigned)worker->env.mesh->stats_jostled);
|
(unsigned)worker->env.mesh->stats_jostled);
|
||||||
@ -140,49 +140,50 @@ get_rrset_bogus(struct worker* worker)
|
|||||||
}
|
}
|
||||||
|
|
||||||
void
|
void
|
||||||
server_stats_compile(struct worker* worker, struct stats_info* s, int reset)
|
server_stats_compile(struct worker* worker, struct ub_stats_info* s, int reset)
|
||||||
{
|
{
|
||||||
int i;
|
int i;
|
||||||
struct listen_list* lp;
|
struct listen_list* lp;
|
||||||
|
|
||||||
s->svr = worker->stats;
|
s->svr = worker->stats;
|
||||||
s->mesh_num_states = worker->env.mesh->all.count;
|
s->mesh_num_states = (long long)worker->env.mesh->all.count;
|
||||||
s->mesh_num_reply_states = worker->env.mesh->num_reply_states;
|
s->mesh_num_reply_states = (long long)worker->env.mesh->num_reply_states;
|
||||||
s->mesh_jostled = worker->env.mesh->stats_jostled;
|
s->mesh_jostled = (long long)worker->env.mesh->stats_jostled;
|
||||||
s->mesh_dropped = worker->env.mesh->stats_dropped;
|
s->mesh_dropped = (long long)worker->env.mesh->stats_dropped;
|
||||||
s->mesh_replies_sent = worker->env.mesh->replies_sent;
|
s->mesh_replies_sent = (long long)worker->env.mesh->replies_sent;
|
||||||
s->mesh_replies_sum_wait = worker->env.mesh->replies_sum_wait;
|
s->mesh_replies_sum_wait_sec = (long long)worker->env.mesh->replies_sum_wait.tv_sec;
|
||||||
|
s->mesh_replies_sum_wait_usec = (long long)worker->env.mesh->replies_sum_wait.tv_usec;
|
||||||
s->mesh_time_median = timehist_quartile(worker->env.mesh->histogram,
|
s->mesh_time_median = timehist_quartile(worker->env.mesh->histogram,
|
||||||
0.50);
|
0.50);
|
||||||
|
|
||||||
/* add in the values from the mesh */
|
/* add in the values from the mesh */
|
||||||
s->svr.ans_secure += worker->env.mesh->ans_secure;
|
s->svr.ans_secure += (long long)worker->env.mesh->ans_secure;
|
||||||
s->svr.ans_bogus += worker->env.mesh->ans_bogus;
|
s->svr.ans_bogus += (long long)worker->env.mesh->ans_bogus;
|
||||||
s->svr.ans_rcode_nodata += worker->env.mesh->ans_nodata;
|
s->svr.ans_rcode_nodata += (long long)worker->env.mesh->ans_nodata;
|
||||||
for(i=0; i<16; i++)
|
for(i=0; i<16; i++)
|
||||||
s->svr.ans_rcode[i] += worker->env.mesh->ans_rcode[i];
|
s->svr.ans_rcode[i] += (long long)worker->env.mesh->ans_rcode[i];
|
||||||
timehist_export(worker->env.mesh->histogram, s->svr.hist,
|
timehist_export(worker->env.mesh->histogram, s->svr.hist,
|
||||||
NUM_BUCKETS_HIST);
|
NUM_BUCKETS_HIST);
|
||||||
/* values from outside network */
|
/* values from outside network */
|
||||||
s->svr.unwanted_replies = worker->back->unwanted_replies;
|
s->svr.unwanted_replies = (long long)worker->back->unwanted_replies;
|
||||||
s->svr.qtcp_outgoing = worker->back->num_tcp_outgoing;
|
s->svr.qtcp_outgoing = (long long)worker->back->num_tcp_outgoing;
|
||||||
|
|
||||||
/* get and reset validator rrset bogus number */
|
/* get and reset validator rrset bogus number */
|
||||||
s->svr.rrset_bogus = get_rrset_bogus(worker);
|
s->svr.rrset_bogus = (long long)get_rrset_bogus(worker);
|
||||||
|
|
||||||
/* get cache sizes */
|
/* get cache sizes */
|
||||||
s->svr.msg_cache_count = count_slabhash_entries(worker->env.msg_cache);
|
s->svr.msg_cache_count = (long long)count_slabhash_entries(worker->env.msg_cache);
|
||||||
s->svr.rrset_cache_count = count_slabhash_entries(&worker->env.rrset_cache->table);
|
s->svr.rrset_cache_count = (long long)count_slabhash_entries(&worker->env.rrset_cache->table);
|
||||||
s->svr.infra_cache_count = count_slabhash_entries(worker->env.infra_cache->hosts);
|
s->svr.infra_cache_count = (long long)count_slabhash_entries(worker->env.infra_cache->hosts);
|
||||||
if(worker->env.key_cache)
|
if(worker->env.key_cache)
|
||||||
s->svr.key_cache_count = count_slabhash_entries(worker->env.key_cache->slab);
|
s->svr.key_cache_count = (long long)count_slabhash_entries(worker->env.key_cache->slab);
|
||||||
else s->svr.key_cache_count = 0;
|
else s->svr.key_cache_count = 0;
|
||||||
|
|
||||||
/* get tcp accept usage */
|
/* get tcp accept usage */
|
||||||
s->svr.tcp_accept_usage = 0;
|
s->svr.tcp_accept_usage = 0;
|
||||||
for(lp = worker->front->cps; lp; lp = lp->next) {
|
for(lp = worker->front->cps; lp; lp = lp->next) {
|
||||||
if(lp->com->type == comm_tcp_accept)
|
if(lp->com->type == comm_tcp_accept)
|
||||||
s->svr.tcp_accept_usage += lp->com->cur_tcp_count;
|
s->svr.tcp_accept_usage += (long long)lp->com->cur_tcp_count;
|
||||||
}
|
}
|
||||||
|
|
||||||
if(reset && !worker->env.cfg->stat_cumulative) {
|
if(reset && !worker->env.cfg->stat_cumulative) {
|
||||||
@ -191,7 +192,7 @@ server_stats_compile(struct worker* worker, struct stats_info* s, int reset)
|
|||||||
}
|
}
|
||||||
|
|
||||||
void server_stats_obtain(struct worker* worker, struct worker* who,
|
void server_stats_obtain(struct worker* worker, struct worker* who,
|
||||||
struct stats_info* s, int reset)
|
struct ub_stats_info* s, int reset)
|
||||||
{
|
{
|
||||||
uint8_t *reply = NULL;
|
uint8_t *reply = NULL;
|
||||||
uint32_t len = 0;
|
uint32_t len = 0;
|
||||||
@ -217,7 +218,7 @@ void server_stats_obtain(struct worker* worker, struct worker* who,
|
|||||||
|
|
||||||
void server_stats_reply(struct worker* worker, int reset)
|
void server_stats_reply(struct worker* worker, int reset)
|
||||||
{
|
{
|
||||||
struct stats_info s;
|
struct ub_stats_info s;
|
||||||
server_stats_compile(worker, &s, reset);
|
server_stats_compile(worker, &s, reset);
|
||||||
verbose(VERB_ALGO, "write stats replymsg");
|
verbose(VERB_ALGO, "write stats replymsg");
|
||||||
if(!tube_write_msg(worker->daemon->workers[0]->cmd,
|
if(!tube_write_msg(worker->daemon->workers[0]->cmd,
|
||||||
@ -225,7 +226,7 @@ void server_stats_reply(struct worker* worker, int reset)
|
|||||||
fatal_exit("could not write stat values over cmd channel");
|
fatal_exit("could not write stat values over cmd channel");
|
||||||
}
|
}
|
||||||
|
|
||||||
void server_stats_add(struct stats_info* total, struct stats_info* a)
|
void server_stats_add(struct ub_stats_info* total, struct ub_stats_info* a)
|
||||||
{
|
{
|
||||||
total->svr.num_queries += a->svr.num_queries;
|
total->svr.num_queries += a->svr.num_queries;
|
||||||
total->svr.num_queries_ip_ratelimited += a->svr.num_queries_ip_ratelimited;
|
total->svr.num_queries_ip_ratelimited += a->svr.num_queries_ip_ratelimited;
|
||||||
@ -233,12 +234,12 @@ void server_stats_add(struct stats_info* total, struct stats_info* a)
|
|||||||
total->svr.num_queries_prefetch += a->svr.num_queries_prefetch;
|
total->svr.num_queries_prefetch += a->svr.num_queries_prefetch;
|
||||||
total->svr.sum_query_list_size += a->svr.sum_query_list_size;
|
total->svr.sum_query_list_size += a->svr.sum_query_list_size;
|
||||||
#ifdef USE_DNSCRYPT
|
#ifdef USE_DNSCRYPT
|
||||||
total->svr.num_query_dnscrypt_crypted += a->svr.num_query_dnscrypt_crypted;
|
total->svr.num_query_dnscrypt_crypted += a->svr.num_query_dnscrypt_crypted;
|
||||||
total->svr.num_query_dnscrypt_cert += a->svr.num_query_dnscrypt_cert;
|
total->svr.num_query_dnscrypt_cert += a->svr.num_query_dnscrypt_cert;
|
||||||
total->svr.num_query_dnscrypt_cleartext += \
|
total->svr.num_query_dnscrypt_cleartext += \
|
||||||
a->svr.num_query_dnscrypt_cleartext;
|
a->svr.num_query_dnscrypt_cleartext;
|
||||||
total->svr.num_query_dnscrypt_crypted_malformed += \
|
total->svr.num_query_dnscrypt_crypted_malformed += \
|
||||||
a->svr.num_query_dnscrypt_crypted_malformed;
|
a->svr.num_query_dnscrypt_crypted_malformed;
|
||||||
#endif
|
#endif
|
||||||
/* the max size reached is upped to higher of both */
|
/* the max size reached is upped to higher of both */
|
||||||
if(a->svr.max_query_list_size > total->svr.max_query_list_size)
|
if(a->svr.max_query_list_size > total->svr.max_query_list_size)
|
||||||
@ -269,13 +270,13 @@ void server_stats_add(struct stats_info* total, struct stats_info* a)
|
|||||||
total->svr.unwanted_replies += a->svr.unwanted_replies;
|
total->svr.unwanted_replies += a->svr.unwanted_replies;
|
||||||
total->svr.unwanted_queries += a->svr.unwanted_queries;
|
total->svr.unwanted_queries += a->svr.unwanted_queries;
|
||||||
total->svr.tcp_accept_usage += a->svr.tcp_accept_usage;
|
total->svr.tcp_accept_usage += a->svr.tcp_accept_usage;
|
||||||
for(i=0; i<STATS_QTYPE_NUM; i++)
|
for(i=0; i<UB_STATS_QTYPE_NUM; i++)
|
||||||
total->svr.qtype[i] += a->svr.qtype[i];
|
total->svr.qtype[i] += a->svr.qtype[i];
|
||||||
for(i=0; i<STATS_QCLASS_NUM; i++)
|
for(i=0; i<UB_STATS_QCLASS_NUM; i++)
|
||||||
total->svr.qclass[i] += a->svr.qclass[i];
|
total->svr.qclass[i] += a->svr.qclass[i];
|
||||||
for(i=0; i<STATS_OPCODE_NUM; i++)
|
for(i=0; i<UB_STATS_OPCODE_NUM; i++)
|
||||||
total->svr.qopcode[i] += a->svr.qopcode[i];
|
total->svr.qopcode[i] += a->svr.qopcode[i];
|
||||||
for(i=0; i<STATS_RCODE_NUM; i++)
|
for(i=0; i<UB_STATS_RCODE_NUM; i++)
|
||||||
total->svr.ans_rcode[i] += a->svr.ans_rcode[i];
|
total->svr.ans_rcode[i] += a->svr.ans_rcode[i];
|
||||||
for(i=0; i<NUM_BUCKETS_HIST; i++)
|
for(i=0; i<NUM_BUCKETS_HIST; i++)
|
||||||
total->svr.hist[i] += a->svr.hist[i];
|
total->svr.hist[i] += a->svr.hist[i];
|
||||||
@ -286,22 +287,22 @@ void server_stats_add(struct stats_info* total, struct stats_info* a)
|
|||||||
total->mesh_jostled += a->mesh_jostled;
|
total->mesh_jostled += a->mesh_jostled;
|
||||||
total->mesh_dropped += a->mesh_dropped;
|
total->mesh_dropped += a->mesh_dropped;
|
||||||
total->mesh_replies_sent += a->mesh_replies_sent;
|
total->mesh_replies_sent += a->mesh_replies_sent;
|
||||||
timeval_add(&total->mesh_replies_sum_wait, &a->mesh_replies_sum_wait);
|
stats_timeval_add(&total->mesh_replies_sum_wait_sec, &total->mesh_replies_sum_wait_usec, a->mesh_replies_sum_wait_sec, a->mesh_replies_sum_wait_usec);
|
||||||
/* the medians are averaged together, this is not as accurate as
|
/* the medians are averaged together, this is not as accurate as
|
||||||
* taking the median over all of the data, but is good and fast
|
* taking the median over all of the data, but is good and fast
|
||||||
* added up here, division later*/
|
* added up here, division later*/
|
||||||
total->mesh_time_median += a->mesh_time_median;
|
total->mesh_time_median += a->mesh_time_median;
|
||||||
}
|
}
|
||||||
|
|
||||||
void server_stats_insquery(struct server_stats* stats, struct comm_point* c,
|
void server_stats_insquery(struct ub_server_stats* stats, struct comm_point* c,
|
||||||
uint16_t qtype, uint16_t qclass, struct edns_data* edns,
|
uint16_t qtype, uint16_t qclass, struct edns_data* edns,
|
||||||
struct comm_reply* repinfo)
|
struct comm_reply* repinfo)
|
||||||
{
|
{
|
||||||
uint16_t flags = sldns_buffer_read_u16_at(c->buffer, 2);
|
uint16_t flags = sldns_buffer_read_u16_at(c->buffer, 2);
|
||||||
if(qtype < STATS_QTYPE_NUM)
|
if(qtype < UB_STATS_QTYPE_NUM)
|
||||||
stats->qtype[qtype]++;
|
stats->qtype[qtype]++;
|
||||||
else stats->qtype_big++;
|
else stats->qtype_big++;
|
||||||
if(qclass < STATS_QCLASS_NUM)
|
if(qclass < UB_STATS_QCLASS_NUM)
|
||||||
stats->qclass[qclass]++;
|
stats->qclass[qclass]++;
|
||||||
else stats->qclass_big++;
|
else stats->qclass_big++;
|
||||||
stats->qopcode[ LDNS_OPCODE_WIRE(sldns_buffer_begin(c->buffer)) ]++;
|
stats->qopcode[ LDNS_OPCODE_WIRE(sldns_buffer_begin(c->buffer)) ]++;
|
||||||
@ -332,7 +333,7 @@ void server_stats_insquery(struct server_stats* stats, struct comm_point* c,
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
void server_stats_insrcode(struct server_stats* stats, sldns_buffer* buf)
|
void server_stats_insrcode(struct ub_server_stats* stats, sldns_buffer* buf)
|
||||||
{
|
{
|
||||||
if(stats->extended && sldns_buffer_limit(buf) != 0) {
|
if(stats->extended && sldns_buffer_limit(buf) != 0) {
|
||||||
int r = (int)LDNS_RCODE_WIRE( sldns_buffer_begin(buf) );
|
int r = (int)LDNS_RCODE_WIRE( sldns_buffer_begin(buf) );
|
||||||
|
155
daemon/stats.h
155
daemon/stats.h
@ -43,7 +43,6 @@
|
|||||||
#ifndef DAEMON_STATS_H
|
#ifndef DAEMON_STATS_H
|
||||||
#define DAEMON_STATS_H
|
#define DAEMON_STATS_H
|
||||||
#include "util/timehist.h"
|
#include "util/timehist.h"
|
||||||
#include "dnscrypt/dnscrypt_config.h"
|
|
||||||
struct worker;
|
struct worker;
|
||||||
struct config_file;
|
struct config_file;
|
||||||
struct comm_point;
|
struct comm_point;
|
||||||
@ -51,156 +50,24 @@ struct comm_reply;
|
|||||||
struct edns_data;
|
struct edns_data;
|
||||||
struct sldns_buffer;
|
struct sldns_buffer;
|
||||||
|
|
||||||
/** number of qtype that is stored for in array */
|
/* stats struct */
|
||||||
#define STATS_QTYPE_NUM 256
|
#include "libunbound/unbound.h"
|
||||||
/** number of qclass that is stored for in array */
|
|
||||||
#define STATS_QCLASS_NUM 256
|
|
||||||
/** number of rcodes in stats */
|
|
||||||
#define STATS_RCODE_NUM 16
|
|
||||||
/** number of opcodes in stats */
|
|
||||||
#define STATS_OPCODE_NUM 16
|
|
||||||
|
|
||||||
/** per worker statistics */
|
|
||||||
struct server_stats {
|
|
||||||
/** number of queries from clients received. */
|
|
||||||
size_t num_queries;
|
|
||||||
/** number of queries that have been dropped/ratelimited by ip. */
|
|
||||||
size_t num_queries_ip_ratelimited;
|
|
||||||
/** number of queries that had a cache-miss. */
|
|
||||||
size_t num_queries_missed_cache;
|
|
||||||
/** number of prefetch queries - cachehits with prefetch */
|
|
||||||
size_t num_queries_prefetch;
|
|
||||||
|
|
||||||
/**
|
|
||||||
* Sum of the querylistsize of the worker for
|
|
||||||
* every query that missed cache. To calculate average.
|
|
||||||
*/
|
|
||||||
size_t sum_query_list_size;
|
|
||||||
/** max value of query list size reached. */
|
|
||||||
size_t max_query_list_size;
|
|
||||||
|
|
||||||
/** Extended stats below (bool) */
|
|
||||||
int extended;
|
|
||||||
|
|
||||||
/** qtype stats */
|
|
||||||
size_t qtype[STATS_QTYPE_NUM];
|
|
||||||
/** bigger qtype values not in array */
|
|
||||||
size_t qtype_big;
|
|
||||||
/** qclass stats */
|
|
||||||
size_t qclass[STATS_QCLASS_NUM];
|
|
||||||
/** bigger qclass values not in array */
|
|
||||||
size_t qclass_big;
|
|
||||||
/** query opcodes */
|
|
||||||
size_t qopcode[STATS_OPCODE_NUM];
|
|
||||||
/** number of queries over TCP */
|
|
||||||
size_t qtcp;
|
|
||||||
/** number of outgoing queries over TCP */
|
|
||||||
size_t qtcp_outgoing;
|
|
||||||
/** number of queries over IPv6 */
|
|
||||||
size_t qipv6;
|
|
||||||
/** number of queries with QR bit */
|
|
||||||
size_t qbit_QR;
|
|
||||||
/** number of queries with AA bit */
|
|
||||||
size_t qbit_AA;
|
|
||||||
/** number of queries with TC bit */
|
|
||||||
size_t qbit_TC;
|
|
||||||
/** number of queries with RD bit */
|
|
||||||
size_t qbit_RD;
|
|
||||||
/** number of queries with RA bit */
|
|
||||||
size_t qbit_RA;
|
|
||||||
/** number of queries with Z bit */
|
|
||||||
size_t qbit_Z;
|
|
||||||
/** number of queries with AD bit */
|
|
||||||
size_t qbit_AD;
|
|
||||||
/** number of queries with CD bit */
|
|
||||||
size_t qbit_CD;
|
|
||||||
/** number of queries with EDNS OPT record */
|
|
||||||
size_t qEDNS;
|
|
||||||
/** number of queries with EDNS with DO flag */
|
|
||||||
size_t qEDNS_DO;
|
|
||||||
/** answer rcodes */
|
|
||||||
size_t ans_rcode[STATS_RCODE_NUM];
|
|
||||||
/** answers with pseudo rcode 'nodata' */
|
|
||||||
size_t ans_rcode_nodata;
|
|
||||||
/** answers that were secure (AD) */
|
|
||||||
size_t ans_secure;
|
|
||||||
/** answers that were bogus (withheld as SERVFAIL) */
|
|
||||||
size_t ans_bogus;
|
|
||||||
/** rrsets marked bogus by validator */
|
|
||||||
size_t rrset_bogus;
|
|
||||||
/** unwanted traffic received on server-facing ports */
|
|
||||||
size_t unwanted_replies;
|
|
||||||
/** unwanted traffic received on client-facing ports */
|
|
||||||
size_t unwanted_queries;
|
|
||||||
/** usage of tcp accept list */
|
|
||||||
size_t tcp_accept_usage;
|
|
||||||
/** answers served from expired cache */
|
|
||||||
size_t zero_ttl_responses;
|
|
||||||
/** histogram data exported to array
|
|
||||||
* if the array is the same size, no data is lost, and
|
|
||||||
* if all histograms are same size (is so by default) then
|
|
||||||
* adding up works well. */
|
|
||||||
size_t hist[NUM_BUCKETS_HIST];
|
|
||||||
|
|
||||||
/** number of message cache entries */
|
|
||||||
size_t msg_cache_count;
|
|
||||||
/** number of rrset cache entries */
|
|
||||||
size_t rrset_cache_count;
|
|
||||||
/** number of infra cache entries */
|
|
||||||
size_t infra_cache_count;
|
|
||||||
/** number of key cache entries */
|
|
||||||
size_t key_cache_count;
|
|
||||||
#ifdef USE_DNSCRYPT
|
|
||||||
/** number of queries that used dnscrypt */
|
|
||||||
size_t num_query_dnscrypt_crypted;
|
|
||||||
/** number of queries that queried dnscrypt certificates */
|
|
||||||
size_t num_query_dnscrypt_cert;
|
|
||||||
/** number of queries in clear text and not asking for the certificates */
|
|
||||||
size_t num_query_dnscrypt_cleartext;
|
|
||||||
/** number of malformed encrypted queries */
|
|
||||||
size_t num_query_dnscrypt_crypted_malformed;
|
|
||||||
#endif
|
|
||||||
};
|
|
||||||
|
|
||||||
/**
|
|
||||||
* Statistics to send over the control pipe when asked
|
|
||||||
* This struct is made to be memcpied, sent in binary.
|
|
||||||
*/
|
|
||||||
struct stats_info {
|
|
||||||
/** the thread stats */
|
|
||||||
struct server_stats svr;
|
|
||||||
|
|
||||||
/** mesh stats: current number of states */
|
|
||||||
size_t mesh_num_states;
|
|
||||||
/** mesh stats: current number of reply (user) states */
|
|
||||||
size_t mesh_num_reply_states;
|
|
||||||
/** mesh stats: number of reply states overwritten with a new one */
|
|
||||||
size_t mesh_jostled;
|
|
||||||
/** mesh stats: number of incoming queries dropped */
|
|
||||||
size_t mesh_dropped;
|
|
||||||
/** mesh stats: replies sent */
|
|
||||||
size_t mesh_replies_sent;
|
|
||||||
/** mesh stats: sum of waiting times for the replies */
|
|
||||||
struct timeval mesh_replies_sum_wait;
|
|
||||||
/** mesh stats: median of waiting times for replies (in sec) */
|
|
||||||
double mesh_time_median;
|
|
||||||
};
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Initialize server stats to 0.
|
* Initialize server stats to 0.
|
||||||
* @param stats: what to init (this is alloced by the caller).
|
* @param stats: what to init (this is alloced by the caller).
|
||||||
* @param cfg: with extended statistics option.
|
* @param cfg: with extended statistics option.
|
||||||
*/
|
*/
|
||||||
void server_stats_init(struct server_stats* stats, struct config_file* cfg);
|
void server_stats_init(struct ub_server_stats* stats, struct config_file* cfg);
|
||||||
|
|
||||||
/** add query if it missed the cache */
|
/** add query if it missed the cache */
|
||||||
void server_stats_querymiss(struct server_stats* stats, struct worker* worker);
|
void server_stats_querymiss(struct ub_server_stats* stats, struct worker* worker);
|
||||||
|
|
||||||
/** add query if was cached and also resulted in a prefetch */
|
/** add query if was cached and also resulted in a prefetch */
|
||||||
void server_stats_prefetch(struct server_stats* stats, struct worker* worker);
|
void server_stats_prefetch(struct ub_server_stats* stats, struct worker* worker);
|
||||||
|
|
||||||
/** display the stats to the log */
|
/** display the stats to the log */
|
||||||
void server_stats_log(struct server_stats* stats, struct worker* worker,
|
void server_stats_log(struct ub_server_stats* stats, struct worker* worker,
|
||||||
int threadnum);
|
int threadnum);
|
||||||
|
|
||||||
/**
|
/**
|
||||||
@ -211,7 +78,7 @@ void server_stats_log(struct server_stats* stats, struct worker* worker,
|
|||||||
* @param reset: if stats can be reset.
|
* @param reset: if stats can be reset.
|
||||||
*/
|
*/
|
||||||
void server_stats_obtain(struct worker* worker, struct worker* who,
|
void server_stats_obtain(struct worker* worker, struct worker* who,
|
||||||
struct stats_info* s, int reset);
|
struct ub_stats_info* s, int reset);
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Compile stats into structure for this thread worker.
|
* Compile stats into structure for this thread worker.
|
||||||
@ -221,7 +88,7 @@ void server_stats_obtain(struct worker* worker, struct worker* who,
|
|||||||
* @param reset: if true, depending on config stats are reset.
|
* @param reset: if true, depending on config stats are reset.
|
||||||
* if false, statistics are not reset.
|
* if false, statistics are not reset.
|
||||||
*/
|
*/
|
||||||
void server_stats_compile(struct worker* worker, struct stats_info* s,
|
void server_stats_compile(struct worker* worker, struct ub_stats_info* s,
|
||||||
int reset);
|
int reset);
|
||||||
|
|
||||||
/**
|
/**
|
||||||
@ -237,7 +104,7 @@ void server_stats_reply(struct worker* worker, int reset);
|
|||||||
* @param total: sum of the two entries.
|
* @param total: sum of the two entries.
|
||||||
* @param a: to add to it.
|
* @param a: to add to it.
|
||||||
*/
|
*/
|
||||||
void server_stats_add(struct stats_info* total, struct stats_info* a);
|
void server_stats_add(struct ub_stats_info* total, struct ub_stats_info* a);
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Add stats for this query
|
* Add stats for this query
|
||||||
@ -248,7 +115,7 @@ void server_stats_add(struct stats_info* total, struct stats_info* a);
|
|||||||
* @param edns: edns record
|
* @param edns: edns record
|
||||||
* @param repinfo: reply info with remote address
|
* @param repinfo: reply info with remote address
|
||||||
*/
|
*/
|
||||||
void server_stats_insquery(struct server_stats* stats, struct comm_point* c,
|
void server_stats_insquery(struct ub_server_stats* stats, struct comm_point* c,
|
||||||
uint16_t qtype, uint16_t qclass, struct edns_data* edns,
|
uint16_t qtype, uint16_t qclass, struct edns_data* edns,
|
||||||
struct comm_reply* repinfo);
|
struct comm_reply* repinfo);
|
||||||
|
|
||||||
@ -257,6 +124,6 @@ void server_stats_insquery(struct server_stats* stats, struct comm_point* c,
|
|||||||
* @param stats: the stats
|
* @param stats: the stats
|
||||||
* @param buf: buffer with rcode. If buffer is length0: not counted.
|
* @param buf: buffer with rcode. If buffer is length0: not counted.
|
||||||
*/
|
*/
|
||||||
void server_stats_insrcode(struct server_stats* stats, struct sldns_buffer* buf);
|
void server_stats_insrcode(struct ub_server_stats* stats, struct sldns_buffer* buf);
|
||||||
|
|
||||||
#endif /* DAEMON_STATS_H */
|
#endif /* DAEMON_STATS_H */
|
||||||
|
@ -811,7 +811,9 @@ chaos_replystr(sldns_buffer* pkt, char** str, int num, struct edns_data* edns,
|
|||||||
if(!inplace_cb_reply_local_call(&worker->env, NULL, NULL, NULL,
|
if(!inplace_cb_reply_local_call(&worker->env, NULL, NULL, NULL,
|
||||||
LDNS_RCODE_NOERROR, edns, worker->scratchpad))
|
LDNS_RCODE_NOERROR, edns, worker->scratchpad))
|
||||||
edns->opt_list = NULL;
|
edns->opt_list = NULL;
|
||||||
attach_edns_record(pkt, edns);
|
if(sldns_buffer_capacity(pkt) >=
|
||||||
|
sldns_buffer_limit(pkt)+calc_edns_field_size(edns))
|
||||||
|
attach_edns_record(pkt, edns);
|
||||||
}
|
}
|
||||||
|
|
||||||
/** Reply with one string */
|
/** Reply with one string */
|
||||||
@ -1014,43 +1016,48 @@ worker_handle_request(struct comm_point* c, void* arg, int error,
|
|||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
#ifdef USE_DNSCRYPT
|
#ifdef USE_DNSCRYPT
|
||||||
repinfo->max_udp_size = worker->daemon->cfg->max_udp_size;
|
repinfo->max_udp_size = worker->daemon->cfg->max_udp_size;
|
||||||
if(!dnsc_handle_curved_request(worker->daemon->dnscenv, repinfo)) {
|
if(!dnsc_handle_curved_request(worker->daemon->dnscenv, repinfo)) {
|
||||||
worker->stats.num_query_dnscrypt_crypted_malformed++;
|
worker->stats.num_query_dnscrypt_crypted_malformed++;
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
if(c->dnscrypt && !repinfo->is_dnscrypted) {
|
if(c->dnscrypt && !repinfo->is_dnscrypted) {
|
||||||
char buf[LDNS_MAX_DOMAINLEN+1];
|
char buf[LDNS_MAX_DOMAINLEN+1];
|
||||||
// Check if this is unencrypted and asking for certs
|
/* Check if this is unencrypted and asking for certs */
|
||||||
if(worker_check_request(c->buffer, worker) != 0) {
|
if(worker_check_request(c->buffer, worker) != 0) {
|
||||||
verbose(VERB_ALGO, "dnscrypt: worker check request: bad query.");
|
verbose(VERB_ALGO,
|
||||||
log_addr(VERB_CLIENT,"from",&repinfo->addr, repinfo->addrlen);
|
"dnscrypt: worker check request: bad query.");
|
||||||
comm_point_drop_reply(repinfo);
|
log_addr(VERB_CLIENT,"from",&repinfo->addr,
|
||||||
return 0;
|
repinfo->addrlen);
|
||||||
}
|
comm_point_drop_reply(repinfo);
|
||||||
if(!query_info_parse(&qinfo, c->buffer)) {
|
return 0;
|
||||||
verbose(VERB_ALGO, "dnscrypt: worker parse request: formerror.");
|
}
|
||||||
log_addr(VERB_CLIENT,"from",&repinfo->addr, repinfo->addrlen);
|
if(!query_info_parse(&qinfo, c->buffer)) {
|
||||||
comm_point_drop_reply(repinfo);
|
verbose(VERB_ALGO,
|
||||||
return 0;
|
"dnscrypt: worker parse request: formerror.");
|
||||||
}
|
log_addr(VERB_CLIENT, "from", &repinfo->addr,
|
||||||
dname_str(qinfo.qname, buf);
|
repinfo->addrlen);
|
||||||
if(!(qinfo.qtype == LDNS_RR_TYPE_TXT &&
|
comm_point_drop_reply(repinfo);
|
||||||
strcasecmp(buf, worker->daemon->dnscenv->provider_name) == 0)) {
|
return 0;
|
||||||
verbose(VERB_ALGO,
|
}
|
||||||
"dnscrypt: not TXT %s. Receive: %s %s",
|
dname_str(qinfo.qname, buf);
|
||||||
worker->daemon->dnscenv->provider_name,
|
if(!(qinfo.qtype == LDNS_RR_TYPE_TXT &&
|
||||||
sldns_rr_descript(qinfo.qtype)->_name,
|
strcasecmp(buf,
|
||||||
buf);
|
worker->daemon->dnscenv->provider_name) == 0)) {
|
||||||
comm_point_drop_reply(repinfo);
|
verbose(VERB_ALGO,
|
||||||
worker->stats.num_query_dnscrypt_cleartext++;
|
"dnscrypt: not TXT %s. Receive: %s %s",
|
||||||
return 0;
|
worker->daemon->dnscenv->provider_name,
|
||||||
}
|
sldns_rr_descript(qinfo.qtype)->_name,
|
||||||
worker->stats.num_query_dnscrypt_cert++;
|
buf);
|
||||||
sldns_buffer_rewind(c->buffer);
|
comm_point_drop_reply(repinfo);
|
||||||
} else if(c->dnscrypt && repinfo->is_dnscrypted) {
|
worker->stats.num_query_dnscrypt_cleartext++;
|
||||||
worker->stats.num_query_dnscrypt_crypted++;
|
return 0;
|
||||||
}
|
}
|
||||||
|
worker->stats.num_query_dnscrypt_cert++;
|
||||||
|
sldns_buffer_rewind(c->buffer);
|
||||||
|
} else if(c->dnscrypt && repinfo->is_dnscrypted) {
|
||||||
|
worker->stats.num_query_dnscrypt_crypted++;
|
||||||
|
}
|
||||||
#endif
|
#endif
|
||||||
#ifdef USE_DNSTAP
|
#ifdef USE_DNSTAP
|
||||||
if(worker->dtenv.log_client_query_messages)
|
if(worker->dtenv.log_client_query_messages)
|
||||||
@ -1182,7 +1189,9 @@ worker_handle_request(struct comm_point* c, void* arg, int error,
|
|||||||
error_encode(c->buffer, EDNS_RCODE_BADVERS&0xf, &qinfo,
|
error_encode(c->buffer, EDNS_RCODE_BADVERS&0xf, &qinfo,
|
||||||
*(uint16_t*)(void *)sldns_buffer_begin(c->buffer),
|
*(uint16_t*)(void *)sldns_buffer_begin(c->buffer),
|
||||||
sldns_buffer_read_u16_at(c->buffer, 2), NULL);
|
sldns_buffer_read_u16_at(c->buffer, 2), NULL);
|
||||||
attach_edns_record(c->buffer, &edns);
|
if(sldns_buffer_capacity(c->buffer) >=
|
||||||
|
sldns_buffer_limit(c->buffer)+calc_edns_field_size(&edns))
|
||||||
|
attach_edns_record(c->buffer, &edns);
|
||||||
regional_free_all(worker->scratchpad);
|
regional_free_all(worker->scratchpad);
|
||||||
goto send_reply;
|
goto send_reply;
|
||||||
}
|
}
|
||||||
@ -1420,9 +1429,9 @@ worker_handle_request(struct comm_point* c, void* arg, int error,
|
|||||||
tv, 1, c->buffer);
|
tv, 1, c->buffer);
|
||||||
}
|
}
|
||||||
#ifdef USE_DNSCRYPT
|
#ifdef USE_DNSCRYPT
|
||||||
if(!dnsc_handle_uncurved_request(repinfo)) {
|
if(!dnsc_handle_uncurved_request(repinfo)) {
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
#endif
|
#endif
|
||||||
return rc;
|
return rc;
|
||||||
}
|
}
|
||||||
@ -1664,6 +1673,7 @@ worker_init(struct worker* worker, struct config_file *cfg,
|
|||||||
worker->env.mesh = mesh_create(&worker->daemon->mods, &worker->env);
|
worker->env.mesh = mesh_create(&worker->daemon->mods, &worker->env);
|
||||||
worker->env.detach_subs = &mesh_detach_subs;
|
worker->env.detach_subs = &mesh_detach_subs;
|
||||||
worker->env.attach_sub = &mesh_attach_sub;
|
worker->env.attach_sub = &mesh_attach_sub;
|
||||||
|
worker->env.add_sub = &mesh_add_sub;
|
||||||
worker->env.kill_sub = &mesh_state_delete;
|
worker->env.kill_sub = &mesh_state_delete;
|
||||||
worker->env.detect_cycle = &mesh_detect_cycle;
|
worker->env.detect_cycle = &mesh_detect_cycle;
|
||||||
worker->env.scratch_buffer = sldns_buffer_new(cfg->msg_buffer_size);
|
worker->env.scratch_buffer = sldns_buffer_new(cfg->msg_buffer_size);
|
||||||
|
@ -116,7 +116,7 @@ struct worker {
|
|||||||
/** allocation cache for this thread */
|
/** allocation cache for this thread */
|
||||||
struct alloc_cache alloc;
|
struct alloc_cache alloc;
|
||||||
/** per thread statistics */
|
/** per thread statistics */
|
||||||
struct server_stats stats;
|
struct ub_server_stats stats;
|
||||||
/** thread scratch regional */
|
/** thread scratch regional */
|
||||||
struct regional* scratchpad;
|
struct regional* scratchpad;
|
||||||
|
|
||||||
|
@ -20,12 +20,12 @@ struct SignedCert {
|
|||||||
uint8_t version_minor[2];
|
uint8_t version_minor[2];
|
||||||
|
|
||||||
// Signed Content
|
// Signed Content
|
||||||
|
uint8_t signed_content[64];
|
||||||
uint8_t server_publickey[crypto_box_PUBLICKEYBYTES];
|
uint8_t server_publickey[crypto_box_PUBLICKEYBYTES];
|
||||||
uint8_t magic_query[8];
|
uint8_t magic_query[8];
|
||||||
uint8_t serial[4];
|
uint8_t serial[4];
|
||||||
uint8_t ts_begin[4];
|
uint8_t ts_begin[4];
|
||||||
uint8_t ts_end[4];
|
uint8_t ts_end[4];
|
||||||
uint8_t end[64];
|
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|
||||||
|
@ -15,6 +15,7 @@
|
|||||||
|
|
||||||
#include "dnscrypt/cert.h"
|
#include "dnscrypt/cert.h"
|
||||||
#include "dnscrypt/dnscrypt.h"
|
#include "dnscrypt/dnscrypt.h"
|
||||||
|
#include "dnscrypt/dnscrypt_config.h"
|
||||||
|
|
||||||
#include <ctype.h>
|
#include <ctype.h>
|
||||||
|
|
||||||
@ -35,18 +36,18 @@
|
|||||||
(DNSCRYPT_MAGIC_HEADER_LEN + crypto_box_HALF_NONCEBYTES + crypto_box_HALF_NONCEBYTES)
|
(DNSCRYPT_MAGIC_HEADER_LEN + crypto_box_HALF_NONCEBYTES + crypto_box_HALF_NONCEBYTES)
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Decrypt a query using the keypair that was found using dnsc_find_keypair.
|
* Decrypt a query using the dnsccert that was found using dnsc_find_cert.
|
||||||
* The client nonce will be extracted from the encrypted query and stored in
|
* The client nonce will be extracted from the encrypted query and stored in
|
||||||
* client_nonce, a shared secret will be computed and stored in nmkey and the
|
* client_nonce, a shared secret will be computed and stored in nmkey and the
|
||||||
* buffer will be decrypted inplace.
|
* buffer will be decrypted inplace.
|
||||||
* \param[in] keypair the keypair that matches this encrypted query.
|
* \param[in] cert the cert that matches this encrypted query.
|
||||||
* \param[in] client_nonce where the client nonce will be stored.
|
* \param[in] client_nonce where the client nonce will be stored.
|
||||||
* \param[in] nmkey where the shared secret key will be written.
|
* \param[in] nmkey where the shared secret key will be written.
|
||||||
* \param[in] buffer the encrypted buffer.
|
* \param[in] buffer the encrypted buffer.
|
||||||
* \return 0 on success.
|
* \return 0 on success.
|
||||||
*/
|
*/
|
||||||
static int
|
static int
|
||||||
dnscrypt_server_uncurve(const KeyPair *keypair,
|
dnscrypt_server_uncurve(const dnsccert *cert,
|
||||||
uint8_t client_nonce[crypto_box_HALF_NONCEBYTES],
|
uint8_t client_nonce[crypto_box_HALF_NONCEBYTES],
|
||||||
uint8_t nmkey[crypto_box_BEFORENMBYTES],
|
uint8_t nmkey[crypto_box_BEFORENMBYTES],
|
||||||
struct sldns_buffer* buffer)
|
struct sldns_buffer* buffer)
|
||||||
@ -62,25 +63,48 @@ dnscrypt_server_uncurve(const KeyPair *keypair,
|
|||||||
|
|
||||||
query_header = (struct dnscrypt_query_header *)buf;
|
query_header = (struct dnscrypt_query_header *)buf;
|
||||||
memcpy(nmkey, query_header->publickey, crypto_box_PUBLICKEYBYTES);
|
memcpy(nmkey, query_header->publickey, crypto_box_PUBLICKEYBYTES);
|
||||||
if (crypto_box_beforenm(nmkey, nmkey, keypair->crypt_secretkey) != 0) {
|
if(cert->es_version[1] == 2) {
|
||||||
|
#ifdef USE_DNSCRYPT_XCHACHA20
|
||||||
|
if (crypto_box_curve25519xchacha20poly1305_beforenm(
|
||||||
|
nmkey, nmkey, cert->keypair->crypt_secretkey) != 0) {
|
||||||
|
return -1;
|
||||||
|
}
|
||||||
|
#else
|
||||||
return -1;
|
return -1;
|
||||||
|
#endif
|
||||||
|
} else {
|
||||||
|
if (crypto_box_beforenm(nmkey, nmkey, cert->keypair->crypt_secretkey) != 0) {
|
||||||
|
return -1;
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
memcpy(nonce, query_header->nonce, crypto_box_HALF_NONCEBYTES);
|
memcpy(nonce, query_header->nonce, crypto_box_HALF_NONCEBYTES);
|
||||||
memset(nonce + crypto_box_HALF_NONCEBYTES, 0, crypto_box_HALF_NONCEBYTES);
|
memset(nonce + crypto_box_HALF_NONCEBYTES, 0, crypto_box_HALF_NONCEBYTES);
|
||||||
|
|
||||||
sldns_buffer_set_at(buffer,
|
if(cert->es_version[1] == 2) {
|
||||||
DNSCRYPT_QUERY_BOX_OFFSET - crypto_box_BOXZEROBYTES,
|
#ifdef USE_DNSCRYPT_XCHACHA20
|
||||||
0, crypto_box_BOXZEROBYTES);
|
if (crypto_box_curve25519xchacha20poly1305_open_easy_afternm
|
||||||
|
(buf,
|
||||||
if (crypto_box_open_afternm
|
buf + DNSCRYPT_QUERY_BOX_OFFSET,
|
||||||
(buf + DNSCRYPT_QUERY_BOX_OFFSET - crypto_box_BOXZEROBYTES,
|
len - DNSCRYPT_QUERY_BOX_OFFSET, nonce,
|
||||||
buf + DNSCRYPT_QUERY_BOX_OFFSET - crypto_box_BOXZEROBYTES,
|
nmkey) != 0) {
|
||||||
len - DNSCRYPT_QUERY_BOX_OFFSET + crypto_box_BOXZEROBYTES, nonce,
|
return -1;
|
||||||
nmkey) != 0) {
|
}
|
||||||
|
#else
|
||||||
return -1;
|
return -1;
|
||||||
|
#endif
|
||||||
|
} else {
|
||||||
|
if (crypto_box_open_easy_afternm
|
||||||
|
(buf,
|
||||||
|
buf + DNSCRYPT_QUERY_BOX_OFFSET,
|
||||||
|
len - DNSCRYPT_QUERY_BOX_OFFSET, nonce,
|
||||||
|
nmkey) != 0) {
|
||||||
|
return -1;
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
len -= DNSCRYPT_QUERY_HEADER_SIZE;
|
||||||
|
|
||||||
while (*sldns_buffer_at(buffer, --len) == 0)
|
while (*sldns_buffer_at(buffer, --len) == 0)
|
||||||
;
|
;
|
||||||
|
|
||||||
@ -89,12 +113,9 @@ dnscrypt_server_uncurve(const KeyPair *keypair,
|
|||||||
}
|
}
|
||||||
|
|
||||||
memcpy(client_nonce, nonce, crypto_box_HALF_NONCEBYTES);
|
memcpy(client_nonce, nonce, crypto_box_HALF_NONCEBYTES);
|
||||||
memmove(sldns_buffer_begin(buffer),
|
|
||||||
sldns_buffer_at(buffer, DNSCRYPT_QUERY_HEADER_SIZE),
|
|
||||||
len - DNSCRYPT_QUERY_HEADER_SIZE);
|
|
||||||
|
|
||||||
sldns_buffer_set_position(buffer, 0);
|
sldns_buffer_set_position(buffer, 0);
|
||||||
sldns_buffer_set_limit(buffer, len - DNSCRYPT_QUERY_HEADER_SIZE);
|
sldns_buffer_set_limit(buffer, len);
|
||||||
|
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
@ -182,10 +203,10 @@ add_server_nonce(uint8_t *nonce)
|
|||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Encrypt a reply using the keypair that was used with the query.
|
* Encrypt a reply using the dnsccert that was used with the query.
|
||||||
* The client nonce will be extracted from the encrypted query and stored in
|
* The client nonce will be extracted from the encrypted query and stored in
|
||||||
* The buffer will be encrypted inplace.
|
* The buffer will be encrypted inplace.
|
||||||
* \param[in] keypair the keypair that matches this encrypted query.
|
* \param[in] cert the dnsccert that matches this encrypted query.
|
||||||
* \param[in] client_nonce client nonce used during the query
|
* \param[in] client_nonce client nonce used during the query
|
||||||
* \param[in] nmkey shared secret key used during the query.
|
* \param[in] nmkey shared secret key used during the query.
|
||||||
* \param[in] buffer the buffer where to encrypt the reply.
|
* \param[in] buffer the buffer where to encrypt the reply.
|
||||||
@ -194,7 +215,7 @@ add_server_nonce(uint8_t *nonce)
|
|||||||
* \return 0 on success.
|
* \return 0 on success.
|
||||||
*/
|
*/
|
||||||
static int
|
static int
|
||||||
dnscrypt_server_curve(const KeyPair *keypair,
|
dnscrypt_server_curve(const dnsccert *cert,
|
||||||
uint8_t client_nonce[crypto_box_HALF_NONCEBYTES],
|
uint8_t client_nonce[crypto_box_HALF_NONCEBYTES],
|
||||||
uint8_t nmkey[crypto_box_BEFORENMBYTES],
|
uint8_t nmkey[crypto_box_BEFORENMBYTES],
|
||||||
struct sldns_buffer* buffer,
|
struct sldns_buffer* buffer,
|
||||||
@ -223,7 +244,7 @@ dnscrypt_server_curve(const KeyPair *keypair,
|
|||||||
memmove(boxed + crypto_box_MACBYTES, buf, len);
|
memmove(boxed + crypto_box_MACBYTES, buf, len);
|
||||||
len = dnscrypt_pad(boxed + crypto_box_MACBYTES, len,
|
len = dnscrypt_pad(boxed + crypto_box_MACBYTES, len,
|
||||||
max_len - DNSCRYPT_REPLY_HEADER_SIZE, nonce,
|
max_len - DNSCRYPT_REPLY_HEADER_SIZE, nonce,
|
||||||
keypair->crypt_secretkey);
|
cert->keypair->crypt_secretkey);
|
||||||
sldns_buffer_set_at(buffer,
|
sldns_buffer_set_at(buffer,
|
||||||
DNSCRYPT_REPLY_BOX_OFFSET - crypto_box_BOXZEROBYTES,
|
DNSCRYPT_REPLY_BOX_OFFSET - crypto_box_BOXZEROBYTES,
|
||||||
0, crypto_box_ZEROBYTES);
|
0, crypto_box_ZEROBYTES);
|
||||||
@ -231,10 +252,20 @@ dnscrypt_server_curve(const KeyPair *keypair,
|
|||||||
// add server nonce extension
|
// add server nonce extension
|
||||||
add_server_nonce(nonce);
|
add_server_nonce(nonce);
|
||||||
|
|
||||||
if (crypto_box_afternm
|
if(cert->es_version[1] == 2) {
|
||||||
(boxed - crypto_box_BOXZEROBYTES, boxed - crypto_box_BOXZEROBYTES,
|
#ifdef USE_DNSCRYPT_XCHACHA20
|
||||||
len + crypto_box_ZEROBYTES, nonce, nmkey) != 0) {
|
if (crypto_box_curve25519xchacha20poly1305_easy_afternm
|
||||||
|
(boxed, boxed + crypto_box_MACBYTES, len, nonce, nmkey) != 0) {
|
||||||
|
return -1;
|
||||||
|
}
|
||||||
|
#else
|
||||||
return -1;
|
return -1;
|
||||||
|
#endif
|
||||||
|
} else {
|
||||||
|
if (crypto_box_easy_afternm
|
||||||
|
(boxed, boxed + crypto_box_MACBYTES, len, nonce, nmkey) != 0) {
|
||||||
|
return -1;
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
sldns_buffer_write_at(buffer, 0, DNSCRYPT_MAGIC_RESPONSE, DNSCRYPT_MAGIC_HEADER_LEN);
|
sldns_buffer_write_at(buffer, 0, DNSCRYPT_MAGIC_RESPONSE, DNSCRYPT_MAGIC_HEADER_LEN);
|
||||||
@ -266,6 +297,25 @@ dnsc_read_from_file(char *fname, char *buf, size_t count)
|
|||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Given an absolute path on the original root, returns the absolute path
|
||||||
|
* within the chroot. If chroot is disabled, the path is not modified.
|
||||||
|
* No char * is malloced so there is no need to free this.
|
||||||
|
* \param[in] cfg the configuration.
|
||||||
|
* \param[in] path the path from the original root.
|
||||||
|
* \return the path from inside the chroot.
|
||||||
|
*/
|
||||||
|
static char *
|
||||||
|
dnsc_chroot_path(struct config_file *cfg, char *path)
|
||||||
|
{
|
||||||
|
char *nm;
|
||||||
|
nm = path;
|
||||||
|
if(cfg->chrootdir && cfg->chrootdir[0] && strncmp(nm,
|
||||||
|
cfg->chrootdir, strlen(cfg->chrootdir)) == 0)
|
||||||
|
nm += strlen(cfg->chrootdir);
|
||||||
|
return nm;
|
||||||
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Parse certificates files provided by the configuration and load them into
|
* Parse certificates files provided by the configuration and load them into
|
||||||
* dnsc_env.
|
* dnsc_env.
|
||||||
@ -278,6 +328,7 @@ dnsc_parse_certs(struct dnsc_env *env, struct config_file *cfg)
|
|||||||
{
|
{
|
||||||
struct config_strlist *head;
|
struct config_strlist *head;
|
||||||
size_t signed_cert_id;
|
size_t signed_cert_id;
|
||||||
|
char *nm;
|
||||||
|
|
||||||
env->signed_certs_count = 0U;
|
env->signed_certs_count = 0U;
|
||||||
for (head = cfg->dnscrypt_provider_cert; head; head = head->next) {
|
for (head = cfg->dnscrypt_provider_cert; head; head = head->next) {
|
||||||
@ -288,8 +339,9 @@ dnsc_parse_certs(struct dnsc_env *env, struct config_file *cfg)
|
|||||||
|
|
||||||
signed_cert_id = 0U;
|
signed_cert_id = 0U;
|
||||||
for(head = cfg->dnscrypt_provider_cert; head; head = head->next, signed_cert_id++) {
|
for(head = cfg->dnscrypt_provider_cert; head; head = head->next, signed_cert_id++) {
|
||||||
|
nm = dnsc_chroot_path(cfg, head->str);
|
||||||
if(dnsc_read_from_file(
|
if(dnsc_read_from_file(
|
||||||
head->str,
|
nm,
|
||||||
(char *)(env->signed_certs + signed_cert_id),
|
(char *)(env->signed_certs + signed_cert_id),
|
||||||
sizeof(struct SignedCert)) != 0) {
|
sizeof(struct SignedCert)) != 0) {
|
||||||
fatal_exit("dnsc_parse_certs: failed to load %s: %s", head->str, strerror(errno));
|
fatal_exit("dnsc_parse_certs: failed to load %s: %s", head->str, strerror(errno));
|
||||||
@ -326,16 +378,17 @@ dnsc_key_to_fingerprint(char fingerprint[80U], const uint8_t * const key)
|
|||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Find the keypair matching a DNSCrypt query.
|
* Find the cert matching a DNSCrypt query.
|
||||||
* \param[in] dnscenv The DNSCrypt enviroment, which contains the list of keys
|
* \param[in] dnscenv The DNSCrypt enviroment, which contains the list of certs
|
||||||
* supported by the server.
|
* supported by the server.
|
||||||
* \param[in] buffer The encrypted DNS query.
|
* \param[in] buffer The encrypted DNS query.
|
||||||
* \return a KeyPair * if we found a key pair matching the query, NULL otherwise.
|
* \return a dnsccert * if we found a cert matching the magic_number of the
|
||||||
|
* query, NULL otherwise.
|
||||||
*/
|
*/
|
||||||
static const KeyPair *
|
static const dnsccert *
|
||||||
dnsc_find_keypair(struct dnsc_env* dnscenv, struct sldns_buffer* buffer)
|
dnsc_find_cert(struct dnsc_env* dnscenv, struct sldns_buffer* buffer)
|
||||||
{
|
{
|
||||||
const KeyPair *keypairs = dnscenv->keypairs;
|
const dnsccert *certs = dnscenv->certs;
|
||||||
struct dnscrypt_query_header *dnscrypt_header;
|
struct dnscrypt_query_header *dnscrypt_header;
|
||||||
size_t i;
|
size_t i;
|
||||||
|
|
||||||
@ -343,10 +396,10 @@ dnsc_find_keypair(struct dnsc_env* dnscenv, struct sldns_buffer* buffer)
|
|||||||
return NULL;
|
return NULL;
|
||||||
}
|
}
|
||||||
dnscrypt_header = (struct dnscrypt_query_header *)sldns_buffer_begin(buffer);
|
dnscrypt_header = (struct dnscrypt_query_header *)sldns_buffer_begin(buffer);
|
||||||
for (i = 0U; i < dnscenv->keypairs_count; i++) {
|
for (i = 0U; i < dnscenv->signed_certs_count; i++) {
|
||||||
if (memcmp(keypairs[i].crypt_publickey, dnscrypt_header->magic_query,
|
if (memcmp(certs[i].magic_query, dnscrypt_header->magic_query,
|
||||||
DNSCRYPT_MAGIC_HEADER_LEN) == 0) {
|
DNSCRYPT_MAGIC_HEADER_LEN) == 0) {
|
||||||
return &keypairs[i];
|
return &certs[i];
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
return NULL;
|
return NULL;
|
||||||
@ -404,9 +457,33 @@ dnsc_load_local_data(struct dnsc_env* dnscenv, struct config_file *cfg)
|
|||||||
return dnscenv->signed_certs_count;
|
return dnscenv->signed_certs_count;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
static const char *
|
||||||
|
key_get_es_version(uint8_t version[2])
|
||||||
|
{
|
||||||
|
struct es_version {
|
||||||
|
uint8_t es_version[2];
|
||||||
|
const char *name;
|
||||||
|
};
|
||||||
|
|
||||||
|
struct es_version es_versions[] = {
|
||||||
|
{{0x00, 0x01}, "X25519-XSalsa20Poly1305"},
|
||||||
|
{{0x00, 0x02}, "X25519-XChacha20Poly1305"},
|
||||||
|
};
|
||||||
|
int i;
|
||||||
|
for(i=0; i < (int)sizeof(es_versions); i++){
|
||||||
|
if(es_versions[i].es_version[0] == version[0] &&
|
||||||
|
es_versions[i].es_version[1] == version[1]){
|
||||||
|
return es_versions[i].name;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
return NULL;
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Parse the secret key files from `dnscrypt-secret-key` config and populates
|
* Parse the secret key files from `dnscrypt-secret-key` config and populates
|
||||||
* a list of secret/public keys supported by dnscrypt listener.
|
* a list of dnsccert with es_version, magic number and secret/public keys
|
||||||
|
* supported by dnscrypt listener.
|
||||||
* \param[in] env The dnsc_env structure which will hold the keypairs.
|
* \param[in] env The dnsc_env structure which will hold the keypairs.
|
||||||
* \param[in] cfg The config with the secret key file paths.
|
* \param[in] cfg The config with the secret key file paths.
|
||||||
*/
|
*/
|
||||||
@ -414,33 +491,76 @@ static int
|
|||||||
dnsc_parse_keys(struct dnsc_env *env, struct config_file *cfg)
|
dnsc_parse_keys(struct dnsc_env *env, struct config_file *cfg)
|
||||||
{
|
{
|
||||||
struct config_strlist *head;
|
struct config_strlist *head;
|
||||||
size_t keypair_id;
|
size_t cert_id, keypair_id;
|
||||||
|
size_t c;
|
||||||
|
char *nm;
|
||||||
|
|
||||||
env->keypairs_count = 0U;
|
env->keypairs_count = 0U;
|
||||||
for (head = cfg->dnscrypt_secret_key; head; head = head->next) {
|
for (head = cfg->dnscrypt_secret_key; head; head = head->next) {
|
||||||
env->keypairs_count++;
|
env->keypairs_count++;
|
||||||
}
|
}
|
||||||
env->keypairs = sodium_allocarray(env->keypairs_count,
|
|
||||||
sizeof *env->keypairs);
|
|
||||||
|
|
||||||
|
env->keypairs = sodium_allocarray(env->keypairs_count,
|
||||||
|
sizeof *env->keypairs);
|
||||||
|
env->certs = sodium_allocarray(env->signed_certs_count,
|
||||||
|
sizeof *env->certs);
|
||||||
|
|
||||||
|
cert_id = 0U;
|
||||||
keypair_id = 0U;
|
keypair_id = 0U;
|
||||||
for(head = cfg->dnscrypt_secret_key; head; head = head->next, keypair_id++) {
|
for(head = cfg->dnscrypt_secret_key; head; head = head->next, keypair_id++) {
|
||||||
char fingerprint[80];
|
char fingerprint[80];
|
||||||
|
int found_cert = 0;
|
||||||
|
KeyPair *current_keypair = &env->keypairs[keypair_id];
|
||||||
|
nm = dnsc_chroot_path(cfg, head->str);
|
||||||
if(dnsc_read_from_file(
|
if(dnsc_read_from_file(
|
||||||
head->str,
|
nm,
|
||||||
(char *)(env->keypairs[keypair_id].crypt_secretkey),
|
(char *)(current_keypair->crypt_secretkey),
|
||||||
crypto_box_SECRETKEYBYTES) != 0) {
|
crypto_box_SECRETKEYBYTES) != 0) {
|
||||||
fatal_exit("dnsc_parse_keys: failed to load %s: %s", head->str, strerror(errno));
|
fatal_exit("dnsc_parse_keys: failed to load %s: %s", head->str, strerror(errno));
|
||||||
}
|
}
|
||||||
verbose(VERB_OPS, "Loaded key %s", head->str);
|
verbose(VERB_OPS, "Loaded key %s", head->str);
|
||||||
if (crypto_scalarmult_base(env->keypairs[keypair_id].crypt_publickey,
|
if (crypto_scalarmult_base(current_keypair->crypt_publickey,
|
||||||
env->keypairs[keypair_id].crypt_secretkey) != 0) {
|
current_keypair->crypt_secretkey) != 0) {
|
||||||
fatal_exit("dnsc_parse_keys: could not generate public key from %s", head->str);
|
fatal_exit("dnsc_parse_keys: could not generate public key from %s", head->str);
|
||||||
}
|
}
|
||||||
dnsc_key_to_fingerprint(fingerprint, env->keypairs[keypair_id].crypt_publickey);
|
dnsc_key_to_fingerprint(fingerprint, current_keypair->crypt_publickey);
|
||||||
verbose(VERB_OPS, "Crypt public key fingerprint for %s: %s", head->str, fingerprint);
|
verbose(VERB_OPS, "Crypt public key fingerprint for %s: %s", head->str, fingerprint);
|
||||||
|
// find the cert matching this key
|
||||||
|
for(c = 0; c < env->signed_certs_count; c++) {
|
||||||
|
if(memcmp(current_keypair->crypt_publickey,
|
||||||
|
env->signed_certs[c].server_publickey,
|
||||||
|
crypto_box_PUBLICKEYBYTES) == 0) {
|
||||||
|
dnsccert *current_cert = &env->certs[cert_id++];
|
||||||
|
found_cert = 1;
|
||||||
|
current_cert->keypair = current_keypair;
|
||||||
|
memcpy(current_cert->magic_query,
|
||||||
|
env->signed_certs[c].magic_query,
|
||||||
|
sizeof env->signed_certs[c].magic_query);
|
||||||
|
memcpy(current_cert->es_version,
|
||||||
|
env->signed_certs[c].version_major,
|
||||||
|
sizeof env->signed_certs[c].version_major
|
||||||
|
);
|
||||||
|
dnsc_key_to_fingerprint(fingerprint,
|
||||||
|
current_cert->keypair->crypt_publickey);
|
||||||
|
verbose(VERB_OPS, "Crypt public key fingerprint for %s: %s",
|
||||||
|
head->str, fingerprint);
|
||||||
|
verbose(VERB_OPS, "Using %s",
|
||||||
|
key_get_es_version(current_cert->es_version));
|
||||||
|
#ifndef USE_DNSCRYPT_XCHACHA20
|
||||||
|
if (current_cert->es_version[1] == 0x02) {
|
||||||
|
fatal_exit("Certificate for XChacha20 but libsodium does not support it.");
|
||||||
|
}
|
||||||
|
#endif
|
||||||
|
|
||||||
|
}
|
||||||
|
}
|
||||||
|
if (!found_cert) {
|
||||||
|
fatal_exit("dnsc_parse_keys: could not match certificate for key "
|
||||||
|
"%s. Unable to determine ES version.",
|
||||||
|
head->str);
|
||||||
|
}
|
||||||
}
|
}
|
||||||
return keypair_id;
|
return cert_id;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
@ -463,8 +583,8 @@ dnsc_handle_curved_request(struct dnsc_env* dnscenv,
|
|||||||
// Attempt to decrypt the query. If it is not crypted, we may still need
|
// Attempt to decrypt the query. If it is not crypted, we may still need
|
||||||
// to serve the certificate.
|
// to serve the certificate.
|
||||||
verbose(VERB_ALGO, "handle request called on DNSCrypt socket");
|
verbose(VERB_ALGO, "handle request called on DNSCrypt socket");
|
||||||
if ((repinfo->keypair = dnsc_find_keypair(dnscenv, c->buffer)) != NULL) {
|
if ((repinfo->dnsc_cert = dnsc_find_cert(dnscenv, c->buffer)) != NULL) {
|
||||||
if(dnscrypt_server_uncurve(repinfo->keypair,
|
if(dnscrypt_server_uncurve(repinfo->dnsc_cert,
|
||||||
repinfo->client_nonce,
|
repinfo->client_nonce,
|
||||||
repinfo->nmkey,
|
repinfo->nmkey,
|
||||||
c->buffer) != 0){
|
c->buffer) != 0){
|
||||||
@ -488,7 +608,7 @@ dnsc_handle_uncurved_request(struct comm_reply *repinfo)
|
|||||||
if(!repinfo->is_dnscrypted) {
|
if(!repinfo->is_dnscrypted) {
|
||||||
return 1;
|
return 1;
|
||||||
}
|
}
|
||||||
if(dnscrypt_server_curve(repinfo->keypair,
|
if(dnscrypt_server_curve(repinfo->dnsc_cert,
|
||||||
repinfo->client_nonce,
|
repinfo->client_nonce,
|
||||||
repinfo->nmkey,
|
repinfo->nmkey,
|
||||||
repinfo->c->dnscrypt_buffer,
|
repinfo->c->dnscrypt_buffer,
|
||||||
|
@ -44,8 +44,15 @@ typedef struct KeyPair_ {
|
|||||||
uint8_t crypt_secretkey[crypto_box_SECRETKEYBYTES];
|
uint8_t crypt_secretkey[crypto_box_SECRETKEYBYTES];
|
||||||
} KeyPair;
|
} KeyPair;
|
||||||
|
|
||||||
|
typedef struct cert_ {
|
||||||
|
uint8_t magic_query[DNSCRYPT_MAGIC_HEADER_LEN];
|
||||||
|
uint8_t es_version[2];
|
||||||
|
KeyPair *keypair;
|
||||||
|
} dnsccert;
|
||||||
|
|
||||||
struct dnsc_env {
|
struct dnsc_env {
|
||||||
struct SignedCert *signed_certs;
|
struct SignedCert *signed_certs;
|
||||||
|
dnsccert *certs;
|
||||||
size_t signed_certs_count;
|
size_t signed_certs_count;
|
||||||
uint8_t provider_publickey[crypto_sign_ed25519_PUBLICKEYBYTES];
|
uint8_t provider_publickey[crypto_sign_ed25519_PUBLICKEYBYTES];
|
||||||
uint8_t provider_secretkey[crypto_sign_ed25519_SECRETKEYBYTES];
|
uint8_t provider_secretkey[crypto_sign_ed25519_SECRETKEYBYTES];
|
||||||
|
@ -18,8 +18,19 @@ AC_DEFUN([dnsc_DNSCRYPT],
|
|||||||
])
|
])
|
||||||
AC_SEARCH_LIBS([sodium_init], [sodium], [],
|
AC_SEARCH_LIBS([sodium_init], [sodium], [],
|
||||||
AC_MSG_ERROR([The sodium library was not found. Please install sodium!]))
|
AC_MSG_ERROR([The sodium library was not found. Please install sodium!]))
|
||||||
|
AC_SEARCH_LIBS([crypto_box_curve25519xchacha20poly1305_beforenm], [sodium],
|
||||||
|
[
|
||||||
|
AC_SUBST([ENABLE_DNSCRYPT_XCHACHA20], [1])
|
||||||
|
AC_DEFINE(
|
||||||
|
[USE_DNSCRYPT_XCHACHA20], [1],
|
||||||
|
[Define to 1 to enable dnscrypt with xchacha20 support])
|
||||||
|
],
|
||||||
|
[
|
||||||
|
AC_SUBST([ENABLE_DNSCRYPT_XCHACHA20], [0])
|
||||||
|
])
|
||||||
$1
|
$1
|
||||||
else
|
else
|
||||||
|
AC_SUBST([ENABLE_DNSCRYPT_XCHACHA20], [0])
|
||||||
$2
|
$2
|
||||||
fi
|
fi
|
||||||
])
|
])
|
||||||
|
190
doc/Changelog
190
doc/Changelog
@ -1,12 +1,198 @@
|
|||||||
|
22 June 2017: Wouter
|
||||||
|
- Tag 1.6.4rc2
|
||||||
|
|
||||||
|
22 June 2017: Ralph
|
||||||
|
- Added fastrpz patch to contrib
|
||||||
|
|
||||||
|
21 June 2017: Wouter
|
||||||
|
- Fix #1316: heap read buffer overflow in parse_edns_options.
|
||||||
|
|
||||||
|
20 June 2017: Wouter
|
||||||
|
- Fix warning in pythonmod under clang compiler.
|
||||||
|
- Tag 1.6.4rc1
|
||||||
|
- Fix lintian typo.
|
||||||
|
|
||||||
|
16 June 2017: Ralph
|
||||||
|
- Fix #1277: disable domain ratelimit by setting value to 0.
|
||||||
|
|
||||||
|
16 June 2017: Wouter
|
||||||
|
- Fix #1301: memory leak in respip and tests.
|
||||||
|
- Free callback in edns-subnetmod on exit and restart.
|
||||||
|
- Fix memory leak in sldns_buffer_new_frm_data.
|
||||||
|
- Fix memory leak in dnscrypt config read.
|
||||||
|
- Fix dnscrypt chacha cert support ifdefs.
|
||||||
|
- Fix dnscrypt chacha cert unit test escapes in grep.
|
||||||
|
- Remove asynclook tests that cause test and purifier problems.
|
||||||
|
- Fix to unlock view in view test.
|
||||||
|
|
||||||
|
15 June 2017: Wouter
|
||||||
|
- Fix stub zone queries leaking to the internet for
|
||||||
|
harden-referral-path ns checks.
|
||||||
|
- Fix query for refetch_glue of stub leaking to internet.
|
||||||
|
|
||||||
13 June 2017: Wouter
|
13 June 2017: Wouter
|
||||||
|
- Fix #1279: Memory leak on reload when python module is enabled.
|
||||||
- Fix #1280: Unbound fails assert when response from authoritative
|
- Fix #1280: Unbound fails assert when response from authoritative
|
||||||
contains malformed qname. When 0x20 caps-for-id is enabled, when
|
contains malformed qname. When 0x20 caps-for-id is enabled, when
|
||||||
assertions are not enabled the malformed qname is handled correctly.
|
assertions are not enabled the malformed qname is handled correctly.
|
||||||
- tag for 1.6.3
|
- 1.6.3 tag created, with only #1280 fix, trunk is 1.6.4 development.
|
||||||
|
- More fixes in depth for buffer checks in 0x20 qname checks.
|
||||||
|
|
||||||
|
12 June 2017: Wouter
|
||||||
|
- Fix #1278: Incomplete wildcard proof.
|
||||||
|
|
||||||
|
8 June 2017: Ralph
|
||||||
|
- Added domain name based ECS whitelist.
|
||||||
|
|
||||||
|
8 June 2017: Wouter
|
||||||
|
- Detect chacha for dnscrypt at configure time.
|
||||||
|
- dnscrypt unit tests with chacha.
|
||||||
|
|
||||||
|
7 June 2017: Wouter
|
||||||
|
- Fix that unbound-control can set val_clean_additional and val_permissive_mode.
|
||||||
|
- Add dnscrypt XChaCha20 tests.
|
||||||
|
|
||||||
|
6 June 2017: Wouter
|
||||||
|
- Add an explicit type cast for TCP FASTOPEN fix.
|
||||||
|
- renumbering B-Root's IPv6 address to 2001:500:200::b.
|
||||||
|
- Fix #1275: cached data in cachedb is never used.
|
||||||
|
- Fix #1276: [dnscrypt] add XChaCha20-Poly1305 cipher.
|
||||||
|
|
||||||
|
1 June 2017: Ralph
|
||||||
|
- Fix #1274: automatically trim chroot path from dnscrypt key/cert paths
|
||||||
|
(from Manu Bretelle).
|
||||||
|
|
||||||
|
1 June 2017: Wouter
|
||||||
|
- Fix fastopen EPIPE fallthrough to perform connect.
|
||||||
|
|
||||||
|
31 May 2017: Ralph
|
||||||
|
- Also use global local-zones when there is a matching view that does
|
||||||
|
not have any local-zone specified.
|
||||||
|
|
||||||
|
31 May 2017: Wouter
|
||||||
|
- Fix #1273: cachedb.c doesn't compile with -Wextra.
|
||||||
|
- If MSG_FASTOPEN gives EPIPE fallthrough to try normal tcp write.
|
||||||
|
|
||||||
|
30 May 2017: Ralph
|
||||||
|
- Fix #1269: inconsistent use of built-in local zones with views.
|
||||||
|
- Add defaults for new local-zone trees added to views using
|
||||||
|
unbound-control.
|
||||||
|
|
||||||
|
30 May 2017: Wouter
|
||||||
|
- Support for openssl EVP_DigestVerify.
|
||||||
|
- Support for the ED25519 algorithm with openssl (from openssl 1.1.1).
|
||||||
|
|
||||||
|
29 May 2017: Wouter
|
||||||
|
- Fix assertion for low buffer size and big edns payload when worker
|
||||||
|
overrides udpsize.
|
||||||
|
|
||||||
|
26 May 2017: Ralph
|
||||||
|
- Added redirect-bogus.patch to contrib directory.
|
||||||
|
|
||||||
|
26 May 2017: Wouter
|
||||||
|
- Fix #1270: unitauth.c doesn't compile with higher warning level
|
||||||
|
and optimization
|
||||||
|
- exec_prefix is by default equal to prefix.
|
||||||
|
- printout localzone for duplicate local-zone warnings.
|
||||||
|
|
||||||
|
24 May 2017: Wouter
|
||||||
|
- authzone cname chain, no rrset duplicates, wildcard doesn't change
|
||||||
|
rrsets added for cname chain.
|
||||||
|
|
||||||
|
23 May 2017: Wouter
|
||||||
|
- first services/authzone check in, it compiles and reads and writes
|
||||||
|
zonefiles.
|
||||||
|
- iana portlist update
|
||||||
|
|
||||||
|
22 May 2017: Wouter
|
||||||
|
- Fix #1268: SIGSEGV after log_reopen.
|
||||||
|
|
||||||
|
18 May 2017: Wouter
|
||||||
|
- Fix #1265 to use /bin/kill.
|
||||||
|
- Fix #1267: Libunbound validator/val_secalgo.c uses obsolete APIs,
|
||||||
|
and compatibility with BoringSSL.
|
||||||
|
|
||||||
|
17 May 2017: Wouter
|
||||||
|
- Fix #1265: contrib/unbound.service contains hardcoded path.
|
||||||
|
|
||||||
|
17 May 2017: George
|
||||||
|
- Use qstate's region for IPSECKEY rrset (ipsecmod).
|
||||||
|
|
||||||
|
16 May 2017: George
|
||||||
|
- Implemented opportunistic IPsec support module (ipsecmod).
|
||||||
|
- Some whitespace fixup.
|
||||||
|
|
||||||
|
16 May 2017: Wouter
|
||||||
|
- updated dependencies in the makefile.
|
||||||
|
- document trust-anchor-signaling in example config file.
|
||||||
|
- updated configure, dependencies and flex output.
|
||||||
|
- better module memory lookup, fix of unbound-control shm names for
|
||||||
|
module memory printout of statistics.
|
||||||
|
- Fix type AVC sldns rrdef.
|
||||||
|
|
||||||
|
12 May 2017: Wouter
|
||||||
|
- Adjust servfail by iterator to not store in cache when serve-expired
|
||||||
|
is enabled, to avoid overwriting useful information there.
|
||||||
|
- Fix queries for nameservers under a stub leaking to the internet.
|
||||||
|
|
||||||
|
9 May 2017: Ralph
|
||||||
|
- Add 'c' to getopt() in testbound.
|
||||||
|
- iana portlist update
|
||||||
|
|
||||||
|
8 May 2017: Wouter
|
||||||
|
- Fix tcp-mss failure printout text.
|
||||||
|
- Set SO_REUSEADDR on outgoing tcp connections to fix the bind before
|
||||||
|
connect limited tcp connections. With the option tcp connections
|
||||||
|
can share the same source port (for different destinations).
|
||||||
|
|
||||||
|
2 May 2017: Ralph
|
||||||
|
- Added mesh_add_sub to add detached mesh entries.
|
||||||
|
- Use mesh_add_sub for key tag signaling query.
|
||||||
|
|
||||||
|
2 May 2017: Wouter
|
||||||
|
- Added test for leak of stub information.
|
||||||
|
- Fix sldns wire2str printout of RR type CAA tags.
|
||||||
|
- Fix sldns int16_data parse.
|
||||||
|
- Fix sldns parse and printout of TSIG RRs.
|
||||||
|
- sldns SMIMEA and AVC definitions, same as getdns definitions.
|
||||||
|
|
||||||
|
1 May 2017: Wouter
|
||||||
|
- Fix #1259: "--disable-ecdsa" argument overwritten
|
||||||
|
by "#ifdef SHA256_DIGEST_LENGTH@daemon/remote.c".
|
||||||
|
- iana portlist update
|
||||||
|
- Fix #1258: Windows 10 X64 unbound 1.6.2 service will not start.
|
||||||
|
and fix that 64bit getting installed in C:\Program Files (x86).
|
||||||
|
|
||||||
|
26 April 2017: Ralph
|
||||||
|
- Implemented trust anchor signaling using key tag query.
|
||||||
|
|
||||||
|
26 April 2017: Wouter
|
||||||
|
- Based on #1257: check parse limit before t increment in sldns RR
|
||||||
|
string parse routine.
|
||||||
|
|
||||||
|
24 April 2017: Wouter
|
||||||
|
- unbound-checkconf -o allows query of dnstap config variables.
|
||||||
|
Also unbound-control get_option. Also for dnscrypt.
|
||||||
|
- trunk contains 1.6.3 version number (changes from 1.6.2 back from
|
||||||
|
when the 1.6.2rc1 tag has been created).
|
||||||
|
|
||||||
|
21 April 2017: Ralph
|
||||||
|
- Fix #1254: clarify ratelimit-{for,below}-domain (from Manu Bretelle).
|
||||||
|
- iana portlist update
|
||||||
|
|
||||||
|
18 April 2017: Ralph
|
||||||
|
- Fix #1252: more indentation inconsistencies.
|
||||||
|
- Fix #1253: unused variable in edns-subnet/addrtree.c:getbit().
|
||||||
|
|
||||||
|
13 April 2017: Ralph
|
||||||
|
- Added ECS unit test (from Manu Bretelle).
|
||||||
|
- ECS documentation fix (from Manu Bretelle).
|
||||||
|
|
||||||
13 April 2017: Wouter
|
13 April 2017: Wouter
|
||||||
- Fix #1250: inconsistent indentation in services/listen_dnsport.c.
|
- Fix #1250: inconsistent indentation in services/listen_dnsport.c.
|
||||||
- tag for 1.6.2rc1
|
- tag for 1.6.2rc1
|
||||||
|
- (for 1.6.3:) unbound.h exports the shm stats structures. They use
|
||||||
|
type long long and no ifdefs, and ub_ before the typenames.
|
||||||
|
|
||||||
12 April 2017: Wouter
|
12 April 2017: Wouter
|
||||||
- subnet mem value is available in shm, also when not enabled,
|
- subnet mem value is available in shm, also when not enabled,
|
||||||
@ -243,7 +429,7 @@
|
|||||||
- Fix #1184: Log DNS replies. This includes the same logging
|
- Fix #1184: Log DNS replies. This includes the same logging
|
||||||
information that DNS queries and response code and response size,
|
information that DNS queries and response code and response size,
|
||||||
patch from Larissa Feng.
|
patch from Larissa Feng.
|
||||||
- Fix #1185: Source IP rate limiting, patch from Larissa Feng.
|
- Fix #1187: Source IP rate limiting, patch from Larissa Feng.
|
||||||
|
|
||||||
3 January 2017: Wouter
|
3 January 2017: Wouter
|
||||||
- configure --enable-systemd and lets unbound use systemd sockets if
|
- configure --enable-systemd and lets unbound use systemd sockets if
|
||||||
|
@ -1,4 +1,4 @@
|
|||||||
README for Unbound 1.6.3
|
README for Unbound 1.6.4
|
||||||
Copyright 2007 NLnet Labs
|
Copyright 2007 NLnet Labs
|
||||||
http://unbound.net
|
http://unbound.net
|
||||||
|
|
||||||
|
@ -1,7 +1,7 @@
|
|||||||
#
|
#
|
||||||
# Example configuration file.
|
# Example configuration file.
|
||||||
#
|
#
|
||||||
# See unbound.conf(5) man page, version 1.6.3.
|
# See unbound.conf(5) man page, version 1.6.4.
|
||||||
#
|
#
|
||||||
# this is a comment.
|
# this is a comment.
|
||||||
|
|
||||||
@ -448,6 +448,9 @@ server:
|
|||||||
# and under the terms of our LICENSE (see that file in the source).
|
# and under the terms of our LICENSE (see that file in the source).
|
||||||
# auto-trust-anchor-file: "@UNBOUND_ROOTKEY_FILE@"
|
# auto-trust-anchor-file: "@UNBOUND_ROOTKEY_FILE@"
|
||||||
|
|
||||||
|
# trust anchor signaling sends a RFC8145 key tag query after priming.
|
||||||
|
# trust-anchor-signaling: no
|
||||||
|
|
||||||
# File with DLV trusted keys. Same format as trust-anchor-file.
|
# File with DLV trusted keys. Same format as trust-anchor-file.
|
||||||
# There can be only one DLV configured, it is trusted from root down.
|
# There can be only one DLV configured, it is trusted from root down.
|
||||||
# DLV is going to be decommissioned. Please do not use it any more.
|
# DLV is going to be decommissioned. Please do not use it any more.
|
||||||
@ -698,6 +701,34 @@ server:
|
|||||||
# 0 blocks when ip is ratelimited, otherwise let 1/xth traffic through
|
# 0 blocks when ip is ratelimited, otherwise let 1/xth traffic through
|
||||||
# ip-ratelimit-factor: 10
|
# ip-ratelimit-factor: 10
|
||||||
|
|
||||||
|
# Specific options for ipsecmod. unbound needs to be configured with
|
||||||
|
# --enable-ipsecmod for these to take effect.
|
||||||
|
#
|
||||||
|
# Enable or disable ipsecmod (it still needs to be defined in
|
||||||
|
# module-config above). Can be used when ipsecmod needs to be
|
||||||
|
# enabled/disabled via remote-control(below).
|
||||||
|
# ipsecmod-enabled: yes
|
||||||
|
#
|
||||||
|
# Path to executable external hook. It must be defined when ipsecmod is
|
||||||
|
# listed in module-config (above).
|
||||||
|
# ipsecmod-hook: "./my_executable"
|
||||||
|
#
|
||||||
|
# When enabled unbound will reply with SERVFAIL if the return value of
|
||||||
|
# the ipsecmod-hook is not 0.
|
||||||
|
# ipsecmod-strict: no
|
||||||
|
#
|
||||||
|
# Maximum time to live (TTL) for cached A/AAAA records with IPSECKEY.
|
||||||
|
# ipsecmod-max-ttl: 3600
|
||||||
|
#
|
||||||
|
# Reply with A/AAAA even if the relevant IPSECKEY is bogus. Mainly used for
|
||||||
|
# testing.
|
||||||
|
# ipsecmod-ignore-bogus: no
|
||||||
|
#
|
||||||
|
# Domains for which ipsecmod will be triggered. If not defined (default)
|
||||||
|
# all domains are treated as being whitelisted.
|
||||||
|
# ipsecmod-whitelist: "example.com"
|
||||||
|
# ipsecmod-whitelist: "nlnetlabs.nl"
|
||||||
|
|
||||||
|
|
||||||
# Python config section. To enable:
|
# Python config section. To enable:
|
||||||
# o use --with-pythonmodule to configure before compiling.
|
# o use --with-pythonmodule to configure before compiling.
|
||||||
|
@ -1,4 +1,4 @@
|
|||||||
.TH "libunbound" "3" "Jun 13, 2017" "NLnet Labs" "unbound 1.6.3"
|
.TH "libunbound" "3" "Jun 27, 2017" "NLnet Labs" "unbound 1.6.4"
|
||||||
.\"
|
.\"
|
||||||
.\" libunbound.3 -- unbound library functions manual
|
.\" libunbound.3 -- unbound library functions manual
|
||||||
.\"
|
.\"
|
||||||
@ -43,7 +43,7 @@
|
|||||||
.B ub_ctx_zone_remove,
|
.B ub_ctx_zone_remove,
|
||||||
.B ub_ctx_data_add,
|
.B ub_ctx_data_add,
|
||||||
.B ub_ctx_data_remove
|
.B ub_ctx_data_remove
|
||||||
\- Unbound DNS validating resolver 1.6.3 functions.
|
\- Unbound DNS validating resolver 1.6.4 functions.
|
||||||
.SH "SYNOPSIS"
|
.SH "SYNOPSIS"
|
||||||
.B #include <unbound.h>
|
.B #include <unbound.h>
|
||||||
.LP
|
.LP
|
||||||
|
@ -1,4 +1,4 @@
|
|||||||
.TH "unbound-anchor" "8" "Jun 13, 2017" "NLnet Labs" "unbound 1.6.3"
|
.TH "unbound-anchor" "8" "Jun 27, 2017" "NLnet Labs" "unbound 1.6.4"
|
||||||
.\"
|
.\"
|
||||||
.\" unbound-anchor.8 -- unbound anchor maintenance utility manual
|
.\" unbound-anchor.8 -- unbound anchor maintenance utility manual
|
||||||
.\"
|
.\"
|
||||||
|
@ -1,4 +1,4 @@
|
|||||||
.TH "unbound-checkconf" "8" "Jun 13, 2017" "NLnet Labs" "unbound 1.6.3"
|
.TH "unbound-checkconf" "8" "Jun 27, 2017" "NLnet Labs" "unbound 1.6.4"
|
||||||
.\"
|
.\"
|
||||||
.\" unbound-checkconf.8 -- unbound configuration checker manual
|
.\" unbound-checkconf.8 -- unbound configuration checker manual
|
||||||
.\"
|
.\"
|
||||||
|
@ -1,4 +1,4 @@
|
|||||||
.TH "unbound-control" "8" "Jun 13, 2017" "NLnet Labs" "unbound 1.6.3"
|
.TH "unbound-control" "8" "Jun 27, 2017" "NLnet Labs" "unbound 1.6.4"
|
||||||
.\"
|
.\"
|
||||||
.\" unbound-control.8 -- unbound remote control manual
|
.\" unbound-control.8 -- unbound remote control manual
|
||||||
.\"
|
.\"
|
||||||
|
@ -1,4 +1,4 @@
|
|||||||
.TH "unbound\-host" "1" "Jun 13, 2017" "NLnet Labs" "unbound 1.6.3"
|
.TH "unbound\-host" "1" "Jun 27, 2017" "NLnet Labs" "unbound 1.6.4"
|
||||||
.\"
|
.\"
|
||||||
.\" unbound-host.1 -- unbound DNS lookup utility
|
.\" unbound-host.1 -- unbound DNS lookup utility
|
||||||
.\"
|
.\"
|
||||||
|
@ -1,4 +1,4 @@
|
|||||||
.TH "unbound" "8" "Jun 13, 2017" "NLnet Labs" "unbound 1.6.3"
|
.TH "unbound" "8" "Jun 27, 2017" "NLnet Labs" "unbound 1.6.4"
|
||||||
.\"
|
.\"
|
||||||
.\" unbound.8 -- unbound manual
|
.\" unbound.8 -- unbound manual
|
||||||
.\"
|
.\"
|
||||||
@ -9,7 +9,7 @@
|
|||||||
.\"
|
.\"
|
||||||
.SH "NAME"
|
.SH "NAME"
|
||||||
.B unbound
|
.B unbound
|
||||||
\- Unbound DNS validating resolver 1.6.3.
|
\- Unbound DNS validating resolver 1.6.4.
|
||||||
.SH "SYNOPSIS"
|
.SH "SYNOPSIS"
|
||||||
.B unbound
|
.B unbound
|
||||||
.RB [ \-h ]
|
.RB [ \-h ]
|
||||||
|
@ -1,4 +1,4 @@
|
|||||||
.TH "unbound.conf" "5" "Jun 13, 2017" "NLnet Labs" "unbound 1.6.3"
|
.TH "unbound.conf" "5" "Jun 27, 2017" "NLnet Labs" "unbound 1.6.4"
|
||||||
.\"
|
.\"
|
||||||
.\" unbound.conf.5 -- unbound.conf manual
|
.\" unbound.conf.5 -- unbound.conf manual
|
||||||
.\"
|
.\"
|
||||||
@ -16,13 +16,14 @@
|
|||||||
.B unbound.conf
|
.B unbound.conf
|
||||||
is used to configure
|
is used to configure
|
||||||
\fIunbound\fR(8).
|
\fIunbound\fR(8).
|
||||||
The file format has attributes and values. Some attributes have attributes inside them.
|
The file format has attributes and values. Some attributes have attributes
|
||||||
|
inside them.
|
||||||
The notation is: attribute: value.
|
The notation is: attribute: value.
|
||||||
.P
|
.P
|
||||||
Comments start with # and last to the end of line. Empty lines are
|
Comments start with # and last to the end of line. Empty lines are
|
||||||
ignored as is whitespace at the beginning of a line.
|
ignored as is whitespace at the beginning of a line.
|
||||||
.P
|
.P
|
||||||
The utility
|
The utility
|
||||||
\fIunbound\-checkconf\fR(8)
|
\fIunbound\-checkconf\fR(8)
|
||||||
can be used to check unbound.conf prior to usage.
|
can be used to check unbound.conf prior to usage.
|
||||||
.SH "EXAMPLE"
|
.SH "EXAMPLE"
|
||||||
@ -30,7 +31,7 @@ An example config file is shown below. Copy this to /etc/unbound/unbound.conf
|
|||||||
and start the server with:
|
and start the server with:
|
||||||
.P
|
.P
|
||||||
.nf
|
.nf
|
||||||
$ unbound \-c /etc/unbound/unbound.conf
|
$ unbound \-c /etc/unbound/unbound.conf
|
||||||
.fi
|
.fi
|
||||||
.P
|
.P
|
||||||
Most settings are the defaults. Stop the server with:
|
Most settings are the defaults. Stop the server with:
|
||||||
@ -62,8 +63,8 @@ server:
|
|||||||
access\-control: 2001:DB8::/64 allow
|
access\-control: 2001:DB8::/64 allow
|
||||||
.fi
|
.fi
|
||||||
.SH "FILE FORMAT"
|
.SH "FILE FORMAT"
|
||||||
There must be whitespace between keywords. Attribute keywords end with a colon ':'. An attribute
|
There must be whitespace between keywords. Attribute keywords end with a colon ':'.
|
||||||
is followed by its containing attributes, or a value.
|
An attribute is followed by its containing attributes, or a value.
|
||||||
.P
|
.P
|
||||||
Files can be included using the
|
Files can be included using the
|
||||||
.B include:
|
.B include:
|
||||||
@ -71,7 +72,7 @@ directive. It can appear anywhere, it accepts a single file name as argument.
|
|||||||
Processing continues as if the text from the included file was copied into
|
Processing continues as if the text from the included file was copied into
|
||||||
the config file at that point. If also using chroot, using full path names
|
the config file at that point. If also using chroot, using full path names
|
||||||
for the included files works, relative pathnames for the included names work
|
for the included files works, relative pathnames for the included names work
|
||||||
if the directory where the daemon is started equals its chroot/working
|
if the directory where the daemon is started equals its chroot/working
|
||||||
directory or is specified before the include statement with directory: dir.
|
directory or is specified before the include statement with directory: dir.
|
||||||
Wildcards can be used to include multiple files, see \fIglob\fR(7).
|
Wildcards can be used to include multiple files, see \fIglob\fR(7).
|
||||||
.SS "Server Options"
|
.SS "Server Options"
|
||||||
@ -80,17 +81,17 @@ These options are part of the
|
|||||||
clause.
|
clause.
|
||||||
.TP
|
.TP
|
||||||
.B verbosity: \fI<number>
|
.B verbosity: \fI<number>
|
||||||
The verbosity number, level 0 means no verbosity, only errors. Level 1
|
The verbosity number, level 0 means no verbosity, only errors. Level 1
|
||||||
gives operational information. Level 2 gives detailed operational
|
gives operational information. Level 2 gives detailed operational
|
||||||
information. Level 3 gives query level information, output per query.
|
information. Level 3 gives query level information, output per query.
|
||||||
Level 4 gives algorithm level information. Level 5 logs client
|
Level 4 gives algorithm level information. Level 5 logs client
|
||||||
identification for cache misses. Default is level 1.
|
identification for cache misses. Default is level 1.
|
||||||
The verbosity can also be increased from the commandline, see \fIunbound\fR(8).
|
The verbosity can also be increased from the commandline, see \fIunbound\fR(8).
|
||||||
.TP
|
.TP
|
||||||
.B statistics\-interval: \fI<seconds>
|
.B statistics\-interval: \fI<seconds>
|
||||||
The number of seconds between printing statistics to the log for every thread.
|
The number of seconds between printing statistics to the log for every thread.
|
||||||
Disable with value 0 or "". Default is disabled. The histogram statistics
|
Disable with value 0 or "". Default is disabled. The histogram statistics
|
||||||
are only printed if replies were sent during the statistics interval,
|
are only printed if replies were sent during the statistics interval,
|
||||||
requestlist statistics are printed for every interval (but can be 0).
|
requestlist statistics are printed for every interval (but can be 0).
|
||||||
This is because the median calculation requires data to be present.
|
This is because the median calculation requires data to be present.
|
||||||
.TP
|
.TP
|
||||||
@ -99,7 +100,7 @@ If enabled, statistics are cumulative since starting unbound, without clearing
|
|||||||
the statistics counters after logging the statistics. Default is no.
|
the statistics counters after logging the statistics. Default is no.
|
||||||
.TP
|
.TP
|
||||||
.B extended\-statistics: \fI<yes or no>
|
.B extended\-statistics: \fI<yes or no>
|
||||||
If enabled, extended statistics are printed from \fIunbound\-control\fR(8).
|
If enabled, extended statistics are printed from \fIunbound\-control\fR(8).
|
||||||
Default is off, because keeping track of more statistics takes time. The
|
Default is off, because keeping track of more statistics takes time. The
|
||||||
counters are listed in \fIunbound\-control\fR(8).
|
counters are listed in \fIunbound\-control\fR(8).
|
||||||
.TP
|
.TP
|
||||||
@ -112,7 +113,7 @@ The port number, default 53, on which the server responds to queries.
|
|||||||
.B interface: \fI<ip address[@port]>
|
.B interface: \fI<ip address[@port]>
|
||||||
Interface to use to connect to the network. This interface is listened to
|
Interface to use to connect to the network. This interface is listened to
|
||||||
for queries from clients, and answers to clients are given from it.
|
for queries from clients, and answers to clients are given from it.
|
||||||
Can be given multiple times to work on several interfaces. If none are
|
Can be given multiple times to work on several interfaces. If none are
|
||||||
given the default is to listen to localhost.
|
given the default is to listen to localhost.
|
||||||
The interfaces are not changed on a reload (kill \-HUP) but only on restart.
|
The interfaces are not changed on a reload (kill \-HUP) but only on restart.
|
||||||
A port number can be specified with @port (without spaces between
|
A port number can be specified with @port (without spaces between
|
||||||
@ -123,19 +124,19 @@ interface and port number), if not specified the default port (from
|
|||||||
Same as interface: (for easy of compatibility with nsd.conf).
|
Same as interface: (for easy of compatibility with nsd.conf).
|
||||||
.TP
|
.TP
|
||||||
.B interface\-automatic: \fI<yes or no>
|
.B interface\-automatic: \fI<yes or no>
|
||||||
Detect source interface on UDP queries and copy them to replies. This
|
Detect source interface on UDP queries and copy them to replies. This
|
||||||
feature is experimental, and needs support in your OS for particular socket
|
feature is experimental, and needs support in your OS for particular socket
|
||||||
options. Default value is no.
|
options. Default value is no.
|
||||||
.TP
|
.TP
|
||||||
.B outgoing\-interface: \fI<ip address or ip6 netblock>
|
.B outgoing\-interface: \fI<ip address or ip6 netblock>
|
||||||
Interface to use to connect to the network. This interface is used to send
|
Interface to use to connect to the network. This interface is used to send
|
||||||
queries to authoritative servers and receive their replies. Can be given
|
queries to authoritative servers and receive their replies. Can be given
|
||||||
multiple times to work on several interfaces. If none are given the
|
multiple times to work on several interfaces. If none are given the
|
||||||
default (all) is used. You can specify the same interfaces in
|
default (all) is used. You can specify the same interfaces in
|
||||||
.B interface:
|
.B interface:
|
||||||
and
|
and
|
||||||
.B outgoing\-interface:
|
.B outgoing\-interface:
|
||||||
lines, the interfaces are then used for both purposes. Outgoing queries are
|
lines, the interfaces are then used for both purposes. Outgoing queries are
|
||||||
sent via a random outgoing interface to counter spoofing.
|
sent via a random outgoing interface to counter spoofing.
|
||||||
.IP
|
.IP
|
||||||
If an IPv6 netblock is specified instead of an individual IPv6 address,
|
If an IPv6 netblock is specified instead of an individual IPv6 address,
|
||||||
@ -155,26 +156,26 @@ ip \-6 addr add mynetblock/64 dev lo &&
|
|||||||
ip \-6 route add local mynetblock/64 dev lo
|
ip \-6 route add local mynetblock/64 dev lo
|
||||||
.TP
|
.TP
|
||||||
.B outgoing\-range: \fI<number>
|
.B outgoing\-range: \fI<number>
|
||||||
Number of ports to open. This number of file descriptors can be opened per
|
Number of ports to open. This number of file descriptors can be opened per
|
||||||
thread. Must be at least 1. Default depends on compile options. Larger
|
thread. Must be at least 1. Default depends on compile options. Larger
|
||||||
numbers need extra resources from the operating system. For performance a
|
numbers need extra resources from the operating system. For performance a
|
||||||
very large value is best, use libevent to make this possible.
|
very large value is best, use libevent to make this possible.
|
||||||
.TP
|
.TP
|
||||||
.B outgoing\-port\-permit: \fI<port number or range>
|
.B outgoing\-port\-permit: \fI<port number or range>
|
||||||
Permit unbound to open this port or range of ports for use to send queries.
|
Permit unbound to open this port or range of ports for use to send queries.
|
||||||
A larger number of permitted outgoing ports increases resilience against
|
A larger number of permitted outgoing ports increases resilience against
|
||||||
spoofing attempts. Make sure these ports are not needed by other daemons.
|
spoofing attempts. Make sure these ports are not needed by other daemons.
|
||||||
By default only ports above 1024 that have not been assigned by IANA are used.
|
By default only ports above 1024 that have not been assigned by IANA are used.
|
||||||
Give a port number or a range of the form "low\-high", without spaces.
|
Give a port number or a range of the form "low\-high", without spaces.
|
||||||
.IP
|
.IP
|
||||||
The \fBoutgoing\-port\-permit\fR and \fBoutgoing\-port\-avoid\fR statements
|
The \fBoutgoing\-port\-permit\fR and \fBoutgoing\-port\-avoid\fR statements
|
||||||
are processed in the line order of the config file, adding the permitted ports
|
are processed in the line order of the config file, adding the permitted ports
|
||||||
and subtracting the avoided ports from the set of allowed ports. The
|
and subtracting the avoided ports from the set of allowed ports. The
|
||||||
processing starts with the non IANA allocated ports above 1024 in the set
|
processing starts with the non IANA allocated ports above 1024 in the set
|
||||||
of allowed ports.
|
of allowed ports.
|
||||||
.TP
|
.TP
|
||||||
.B outgoing\-port\-avoid: \fI<port number or range>
|
.B outgoing\-port\-avoid: \fI<port number or range>
|
||||||
Do not permit unbound to open this port or range of ports for use to send
|
Do not permit unbound to open this port or range of ports for use to send
|
||||||
queries. Use this to make sure unbound does not grab a port that another
|
queries. Use this to make sure unbound does not grab a port that another
|
||||||
daemon needs. The port is avoided on all outgoing interfaces, both IP4 and IP6.
|
daemon needs. The port is avoided on all outgoing interfaces, both IP4 and IP6.
|
||||||
By default only ports above 1024 that have not been assigned by IANA are used.
|
By default only ports above 1024 that have not been assigned by IANA are used.
|
||||||
@ -204,13 +205,13 @@ consider tuning the outgoing tcp number).
|
|||||||
.B max\-udp\-size: \fI<number>
|
.B max\-udp\-size: \fI<number>
|
||||||
Maximum UDP response size (not applied to TCP response). 65536 disables the
|
Maximum UDP response size (not applied to TCP response). 65536 disables the
|
||||||
udp response size maximum, and uses the choice from the client, always.
|
udp response size maximum, and uses the choice from the client, always.
|
||||||
Suggested values are 512 to 4096. Default is 4096.
|
Suggested values are 512 to 4096. Default is 4096.
|
||||||
.TP
|
.TP
|
||||||
.B msg\-buffer\-size: \fI<number>
|
.B msg\-buffer\-size: \fI<number>
|
||||||
Number of bytes size of the message buffers. Default is 65552 bytes, enough
|
Number of bytes size of the message buffers. Default is 65552 bytes, enough
|
||||||
for 64 Kb packets, the maximum DNS message size. No message larger than this
|
for 64 Kb packets, the maximum DNS message size. No message larger than this
|
||||||
can be sent or received. Can be reduced to use less memory, but some requests
|
can be sent or received. Can be reduced to use less memory, but some requests
|
||||||
for DNS data, such as for huge resource records, will result in a SERVFAIL
|
for DNS data, such as for huge resource records, will result in a SERVFAIL
|
||||||
reply to the client.
|
reply to the client.
|
||||||
.TP
|
.TP
|
||||||
.B msg\-cache\-size: \fI<number>
|
.B msg\-cache\-size: \fI<number>
|
||||||
@ -220,7 +221,7 @@ or gigabytes (1024*1024 bytes in a megabyte).
|
|||||||
.TP
|
.TP
|
||||||
.B msg\-cache\-slabs: \fI<number>
|
.B msg\-cache\-slabs: \fI<number>
|
||||||
Number of slabs in the message cache. Slabs reduce lock contention by threads.
|
Number of slabs in the message cache. Slabs reduce lock contention by threads.
|
||||||
Must be set to a power of 2. Setting (close) to the number of cpus is a
|
Must be set to a power of 2. Setting (close) to the number of cpus is a
|
||||||
reasonable guess.
|
reasonable guess.
|
||||||
.TP
|
.TP
|
||||||
.B num\-queries\-per\-thread: \fI<number>
|
.B num\-queries\-per\-thread: \fI<number>
|
||||||
@ -232,12 +233,12 @@ the existing queries. Default depends on compile options, 512 or 1024.
|
|||||||
.TP
|
.TP
|
||||||
.B jostle\-timeout: \fI<msec>
|
.B jostle\-timeout: \fI<msec>
|
||||||
Timeout used when the server is very busy. Set to a value that usually
|
Timeout used when the server is very busy. Set to a value that usually
|
||||||
results in one roundtrip to the authority servers. If too many queries
|
results in one roundtrip to the authority servers. If too many queries
|
||||||
arrive, then 50% of the queries are allowed to run to completion, and
|
arrive, then 50% of the queries are allowed to run to completion, and
|
||||||
the other 50% are replaced with the new incoming query if they have already
|
the other 50% are replaced with the new incoming query if they have already
|
||||||
spent more than their allowed time. This protects against denial of
|
spent more than their allowed time. This protects against denial of
|
||||||
service by slow queries or high query rates. Default 200 milliseconds.
|
service by slow queries or high query rates. Default 200 milliseconds.
|
||||||
The effect is that the qps for long-lasting queries is about
|
The effect is that the qps for long-lasting queries is about
|
||||||
(numqueriesperthread / 2) / (average time for such long queries) qps.
|
(numqueriesperthread / 2) / (average time for such long queries) qps.
|
||||||
The qps for short queries can be about (numqueriesperthread / 2)
|
The qps for short queries can be about (numqueriesperthread / 2)
|
||||||
/ (jostletimeout in whole seconds) qps per thread, about (1024/2)*5 = 2560
|
/ (jostletimeout in whole seconds) qps per thread, about (1024/2)*5 = 2560
|
||||||
@ -308,12 +309,12 @@ or gigabytes (1024*1024 bytes in a megabyte).
|
|||||||
.TP
|
.TP
|
||||||
.B rrset\-cache\-slabs: \fI<number>
|
.B rrset\-cache\-slabs: \fI<number>
|
||||||
Number of slabs in the RRset cache. Slabs reduce lock contention by threads.
|
Number of slabs in the RRset cache. Slabs reduce lock contention by threads.
|
||||||
Must be set to a power of 2.
|
Must be set to a power of 2.
|
||||||
.TP
|
.TP
|
||||||
.B cache\-max\-ttl: \fI<seconds>
|
.B cache\-max\-ttl: \fI<seconds>
|
||||||
Time to live maximum for RRsets and messages in the cache. Default is
|
Time to live maximum for RRsets and messages in the cache. Default is
|
||||||
86400 seconds (1 day). If the maximum kicks in, responses to clients
|
86400 seconds (1 day). If the maximum kicks in, responses to clients
|
||||||
still get decrementing TTLs based on the original (larger) values.
|
still get decrementing TTLs based on the original (larger) values.
|
||||||
When the internal TTL expires, the cache item has expired.
|
When the internal TTL expires, the cache item has expired.
|
||||||
Can be set lower to force the resolver to query for data often, and not
|
Can be set lower to force the resolver to query for data often, and not
|
||||||
trust (very large) TTL values.
|
trust (very large) TTL values.
|
||||||
@ -323,7 +324,7 @@ Time to live minimum for RRsets and messages in the cache. Default is 0.
|
|||||||
If the minimum kicks in, the data is cached for longer than the domain
|
If the minimum kicks in, the data is cached for longer than the domain
|
||||||
owner intended, and thus less queries are made to look up the data.
|
owner intended, and thus less queries are made to look up the data.
|
||||||
Zero makes sure the data in the cache is as the domain owner intended,
|
Zero makes sure the data in the cache is as the domain owner intended,
|
||||||
higher values, especially more than an hour or so, can lead to trouble as
|
higher values, especially more than an hour or so, can lead to trouble as
|
||||||
the data in the cache does not match up with the actual data any more.
|
the data in the cache does not match up with the actual data any more.
|
||||||
.TP
|
.TP
|
||||||
.B cache\-max\-negative\-ttl: \fI<seconds>
|
.B cache\-max\-negative\-ttl: \fI<seconds>
|
||||||
@ -331,12 +332,12 @@ Time to live maximum for negative responses, these have a SOA in the
|
|||||||
authority section that is limited in time. Default is 3600.
|
authority section that is limited in time. Default is 3600.
|
||||||
.TP
|
.TP
|
||||||
.B infra\-host\-ttl: \fI<seconds>
|
.B infra\-host\-ttl: \fI<seconds>
|
||||||
Time to live for entries in the host cache. The host cache contains
|
Time to live for entries in the host cache. The host cache contains
|
||||||
roundtrip timing, lameness and EDNS support information. Default is 900.
|
roundtrip timing, lameness and EDNS support information. Default is 900.
|
||||||
.TP
|
.TP
|
||||||
.B infra\-cache\-slabs: \fI<number>
|
.B infra\-cache\-slabs: \fI<number>
|
||||||
Number of slabs in the infrastructure cache. Slabs reduce lock contention
|
Number of slabs in the infrastructure cache. Slabs reduce lock contention
|
||||||
by threads. Must be set to a power of 2.
|
by threads. Must be set to a power of 2.
|
||||||
.TP
|
.TP
|
||||||
.B infra\-cache\-numhosts: \fI<number>
|
.B infra\-cache\-numhosts: \fI<number>
|
||||||
Number of hosts for which information is cached. Default is 10000.
|
Number of hosts for which information is cached. Default is 10000.
|
||||||
@ -372,7 +373,7 @@ Enable or disable whether TCP queries are answered or issued. Default is yes.
|
|||||||
.TP
|
.TP
|
||||||
.B tcp\-mss: \fI<number>
|
.B tcp\-mss: \fI<number>
|
||||||
Maximum segment size (MSS) of TCP socket on which the server responds
|
Maximum segment size (MSS) of TCP socket on which the server responds
|
||||||
to queries. Value lower than common MSS on Ethernet
|
to queries. Value lower than common MSS on Ethernet
|
||||||
(1220 for example) will address path MTU problem.
|
(1220 for example) will address path MTU problem.
|
||||||
Note that not all platform supports socket option to set MSS (TCP_MAXSEG).
|
Note that not all platform supports socket option to set MSS (TCP_MAXSEG).
|
||||||
Default is system default MSS determined by interface MTU and
|
Default is system default MSS determined by interface MTU and
|
||||||
@ -393,7 +394,8 @@ Default is no. Useful in tunneling scenarios.
|
|||||||
.B ssl\-upstream: \fI<yes or no>
|
.B ssl\-upstream: \fI<yes or no>
|
||||||
Enabled or disable whether the upstream queries use SSL only for transport.
|
Enabled or disable whether the upstream queries use SSL only for transport.
|
||||||
Default is no. Useful in tunneling scenarios. The SSL contains plain DNS in
|
Default is no. Useful in tunneling scenarios. The SSL contains plain DNS in
|
||||||
TCP wireformat. The other server must support this (see \fBssl\-service\-key\fR).
|
TCP wireformat. The other server must support this (see
|
||||||
|
\fBssl\-service\-key\fR).
|
||||||
.TP
|
.TP
|
||||||
.B ssl\-service-key: \fI<file>
|
.B ssl\-service-key: \fI<file>
|
||||||
If enabled, the server provider SSL service on its TCP sockets. The clients
|
If enabled, the server provider SSL service on its TCP sockets. The clients
|
||||||
@ -423,37 +425,37 @@ a daemon. Set the value to \fIno\fR when unbound runs as systemd service.
|
|||||||
Default is yes.
|
Default is yes.
|
||||||
.TP
|
.TP
|
||||||
.B access\-control: \fI<IP netblock> <action>
|
.B access\-control: \fI<IP netblock> <action>
|
||||||
The netblock is given as an IP4 or IP6 address with /size appended for a
|
The netblock is given as an IP4 or IP6 address with /size appended for a
|
||||||
classless network block. The action can be \fIdeny\fR, \fIrefuse\fR,
|
classless network block. The action can be \fIdeny\fR, \fIrefuse\fR,
|
||||||
\fIallow\fR, \fIallow_snoop\fR, \fIdeny_non_local\fR or \fIrefuse_non_local\fR.
|
\fIallow\fR, \fIallow_snoop\fR, \fIdeny_non_local\fR or \fIrefuse_non_local\fR.
|
||||||
The most specific netblock match is used, if none match \fIdeny\fR is used.
|
The most specific netblock match is used, if none match \fIdeny\fR is used.
|
||||||
.IP
|
.IP
|
||||||
The action \fIdeny\fR stops queries from hosts from that netblock.
|
The action \fIdeny\fR stops queries from hosts from that netblock.
|
||||||
.IP
|
.IP
|
||||||
The action \fIrefuse\fR stops queries too, but sends a DNS rcode REFUSED
|
The action \fIrefuse\fR stops queries too, but sends a DNS rcode REFUSED
|
||||||
error message back.
|
error message back.
|
||||||
.IP
|
.IP
|
||||||
The action \fIallow\fR gives access to clients from that netblock.
|
The action \fIallow\fR gives access to clients from that netblock.
|
||||||
It gives only access for recursion clients (which is
|
It gives only access for recursion clients (which is
|
||||||
what almost all clients need). Nonrecursive queries are refused.
|
what almost all clients need). Nonrecursive queries are refused.
|
||||||
.IP
|
.IP
|
||||||
The \fIallow\fR action does allow nonrecursive queries to access the
|
The \fIallow\fR action does allow nonrecursive queries to access the
|
||||||
local\-data that is configured. The reason is that this does not involve
|
local\-data that is configured. The reason is that this does not involve
|
||||||
the unbound server recursive lookup algorithm, and static data is served
|
the unbound server recursive lookup algorithm, and static data is served
|
||||||
in the reply. This supports normal operations where nonrecursive queries
|
in the reply. This supports normal operations where nonrecursive queries
|
||||||
are made for the authoritative data. For nonrecursive queries any replies
|
are made for the authoritative data. For nonrecursive queries any replies
|
||||||
from the dynamic cache are refused.
|
from the dynamic cache are refused.
|
||||||
.IP
|
.IP
|
||||||
The action \fIallow_snoop\fR gives nonrecursive access too. This give
|
The action \fIallow_snoop\fR gives nonrecursive access too. This give
|
||||||
both recursive and non recursive access. The name \fIallow_snoop\fR refers
|
both recursive and non recursive access. The name \fIallow_snoop\fR refers
|
||||||
to cache snooping, a technique to use nonrecursive queries to examine
|
to cache snooping, a technique to use nonrecursive queries to examine
|
||||||
the cache contents (for malicious acts). However, nonrecursive queries can
|
the cache contents (for malicious acts). However, nonrecursive queries can
|
||||||
also be a valuable debugging tool (when you want to examine the cache
|
also be a valuable debugging tool (when you want to examine the cache
|
||||||
contents). In that case use \fIallow_snoop\fR for your administration host.
|
contents). In that case use \fIallow_snoop\fR for your administration host.
|
||||||
.IP
|
.IP
|
||||||
By default only localhost is \fIallow\fRed, the rest is \fIrefuse\fRd.
|
By default only localhost is \fIallow\fRed, the rest is \fIrefuse\fRd.
|
||||||
The default is \fIrefuse\fRd, because that is protocol\-friendly. The DNS
|
The default is \fIrefuse\fRd, because that is protocol\-friendly. The DNS
|
||||||
protocol is not designed to handle dropped packets due to policy, and
|
protocol is not designed to handle dropped packets due to policy, and
|
||||||
dropping may result in (possibly excessive) retried queries.
|
dropping may result in (possibly excessive) retried queries.
|
||||||
.IP
|
.IP
|
||||||
The deny_non_local and refuse_non_local settings are for hosts that are
|
The deny_non_local and refuse_non_local settings are for hosts that are
|
||||||
@ -485,8 +487,8 @@ Set view for given access control element.
|
|||||||
.B chroot: \fI<directory>
|
.B chroot: \fI<directory>
|
||||||
If chroot is enabled, you should pass the configfile (from the
|
If chroot is enabled, you should pass the configfile (from the
|
||||||
commandline) as a full path from the original root. After the
|
commandline) as a full path from the original root. After the
|
||||||
chroot has been performed the now defunct portion of the config
|
chroot has been performed the now defunct portion of the config
|
||||||
file path is removed to be able to reread the config after a reload.
|
file path is removed to be able to reread the config after a reload.
|
||||||
.IP
|
.IP
|
||||||
All other file paths (working dir, logfile, roothints, and
|
All other file paths (working dir, logfile, roothints, and
|
||||||
key files) can be specified in several ways:
|
key files) can be specified in several ways:
|
||||||
@ -497,22 +499,22 @@ In the last case the path is adjusted to remove the unused portion.
|
|||||||
.IP
|
.IP
|
||||||
The pidfile can be either a relative path to the working directory, or
|
The pidfile can be either a relative path to the working directory, or
|
||||||
an absolute path relative to the original root. It is written just prior
|
an absolute path relative to the original root. It is written just prior
|
||||||
to chroot and dropping permissions. This allows the pidfile to be
|
to chroot and dropping permissions. This allows the pidfile to be
|
||||||
/var/run/unbound.pid and the chroot to be /var/unbound, for example.
|
/var/run/unbound.pid and the chroot to be /var/unbound, for example.
|
||||||
.IP
|
.IP
|
||||||
Additionally, unbound may need to access /dev/random (for entropy)
|
Additionally, unbound may need to access /dev/random (for entropy)
|
||||||
from inside the chroot.
|
from inside the chroot.
|
||||||
.IP
|
.IP
|
||||||
If given a chroot is done to the given directory. The default is
|
If given a chroot is done to the given directory. The default is
|
||||||
"@UNBOUND_CHROOT_DIR@". If you give "" no chroot is performed.
|
"@UNBOUND_CHROOT_DIR@". If you give "" no chroot is performed.
|
||||||
.TP
|
.TP
|
||||||
.B username: \fI<name>
|
.B username: \fI<name>
|
||||||
If given, after binding the port the user privileges are dropped. Default is
|
If given, after binding the port the user privileges are dropped. Default is
|
||||||
"@UNBOUND_USERNAME@". If you give username: "" no user change is performed.
|
"@UNBOUND_USERNAME@". If you give username: "" no user change is performed.
|
||||||
.IP
|
.IP
|
||||||
If this user is not capable of binding the
|
If this user is not capable of binding the
|
||||||
port, reloads (by signal HUP) will still retain the opened ports.
|
port, reloads (by signal HUP) will still retain the opened ports.
|
||||||
If you change the port number in the config file, and that new port number
|
If you change the port number in the config file, and that new port number
|
||||||
requires privileges, then a reload will fail; a restart is needed.
|
requires privileges, then a reload will fail; a restart is needed.
|
||||||
.TP
|
.TP
|
||||||
.B directory: \fI<directory>
|
.B directory: \fI<directory>
|
||||||
@ -524,17 +526,17 @@ then those includes can be relative to the working directory.
|
|||||||
.TP
|
.TP
|
||||||
.B logfile: \fI<filename>
|
.B logfile: \fI<filename>
|
||||||
If "" is given, logging goes to stderr, or nowhere once daemonized.
|
If "" is given, logging goes to stderr, or nowhere once daemonized.
|
||||||
The logfile is appended to, in the following format:
|
The logfile is appended to, in the following format:
|
||||||
.nf
|
.nf
|
||||||
[seconds since 1970] unbound[pid:tid]: type: message.
|
[seconds since 1970] unbound[pid:tid]: type: message.
|
||||||
.fi
|
.fi
|
||||||
If this option is given, the use\-syslog is option is set to "no".
|
If this option is given, the use\-syslog is option is set to "no".
|
||||||
The logfile is reopened (for append) when the config file is reread, on
|
The logfile is reopened (for append) when the config file is reread, on
|
||||||
SIGHUP.
|
SIGHUP.
|
||||||
.TP
|
.TP
|
||||||
.B use\-syslog: \fI<yes or no>
|
.B use\-syslog: \fI<yes or no>
|
||||||
Sets unbound to send log messages to the syslogd, using
|
Sets unbound to send log messages to the syslogd, using
|
||||||
\fIsyslog\fR(3).
|
\fIsyslog\fR(3).
|
||||||
The log facility LOG_DAEMON is used, with identity "unbound".
|
The log facility LOG_DAEMON is used, with identity "unbound".
|
||||||
The logfile setting is overridden when use\-syslog is turned on.
|
The logfile setting is overridden when use\-syslog is turned on.
|
||||||
The default is to log to syslog.
|
The default is to log to syslog.
|
||||||
@ -565,20 +567,20 @@ lines which makes the server (significantly) slower. Odd (nonprintable)
|
|||||||
characters in names are printed as '?'.
|
characters in names are printed as '?'.
|
||||||
.TP
|
.TP
|
||||||
.B pidfile: \fI<filename>
|
.B pidfile: \fI<filename>
|
||||||
The process id is written to the file. Default is "@UNBOUND_PIDFILE@".
|
The process id is written to the file. Default is "@UNBOUND_PIDFILE@".
|
||||||
So,
|
So,
|
||||||
.nf
|
.nf
|
||||||
kill \-HUP `cat @UNBOUND_PIDFILE@`
|
kill \-HUP `cat @UNBOUND_PIDFILE@`
|
||||||
.fi
|
.fi
|
||||||
triggers a reload,
|
triggers a reload,
|
||||||
.nf
|
.nf
|
||||||
kill \-TERM `cat @UNBOUND_PIDFILE@`
|
kill \-TERM `cat @UNBOUND_PIDFILE@`
|
||||||
.fi
|
.fi
|
||||||
gracefully terminates.
|
gracefully terminates.
|
||||||
.TP
|
.TP
|
||||||
.B root\-hints: \fI<filename>
|
.B root\-hints: \fI<filename>
|
||||||
Read the root hints from this file. Default is nothing, using builtin hints
|
Read the root hints from this file. Default is nothing, using builtin hints
|
||||||
for the IN class. The file has the format of zone files, with root
|
for the IN class. The file has the format of zone files, with root
|
||||||
nameserver names and addresses only. The default may become outdated,
|
nameserver names and addresses only. The default may become outdated,
|
||||||
when servers change, therefore it is good practice to use a root\-hints file.
|
when servers change, therefore it is good practice to use a root\-hints file.
|
||||||
.TP
|
.TP
|
||||||
@ -602,22 +604,22 @@ If enabled trustanchor.unbound queries are refused.
|
|||||||
.B target\-fetch\-policy: \fI<"list of numbers">
|
.B target\-fetch\-policy: \fI<"list of numbers">
|
||||||
Set the target fetch policy used by unbound to determine if it should fetch
|
Set the target fetch policy used by unbound to determine if it should fetch
|
||||||
nameserver target addresses opportunistically. The policy is described per
|
nameserver target addresses opportunistically. The policy is described per
|
||||||
dependency depth.
|
dependency depth.
|
||||||
.IP
|
.IP
|
||||||
The number of values determines the maximum dependency depth
|
The number of values determines the maximum dependency depth
|
||||||
that unbound will pursue in answering a query.
|
that unbound will pursue in answering a query.
|
||||||
A value of \-1 means to fetch all targets opportunistically for that dependency
|
A value of \-1 means to fetch all targets opportunistically for that dependency
|
||||||
depth. A value of 0 means to fetch on demand only. A positive value fetches
|
depth. A value of 0 means to fetch on demand only. A positive value fetches
|
||||||
that many targets opportunistically.
|
that many targets opportunistically.
|
||||||
.IP
|
.IP
|
||||||
Enclose the list between quotes ("") and put spaces between numbers.
|
Enclose the list between quotes ("") and put spaces between numbers.
|
||||||
The default is "3 2 1 0 0". Setting all zeroes, "0 0 0 0 0" gives behaviour
|
The default is "3 2 1 0 0". Setting all zeroes, "0 0 0 0 0" gives behaviour
|
||||||
closer to that of BIND 9, while setting "\-1 \-1 \-1 \-1 \-1" gives behaviour
|
closer to that of BIND 9, while setting "\-1 \-1 \-1 \-1 \-1" gives behaviour
|
||||||
rumoured to be closer to that of BIND 8.
|
rumoured to be closer to that of BIND 8.
|
||||||
.TP
|
.TP
|
||||||
.B harden\-short\-bufsize: \fI<yes or no>
|
.B harden\-short\-bufsize: \fI<yes or no>
|
||||||
Very small EDNS buffer sizes from queries are ignored. Default is off, since
|
Very small EDNS buffer sizes from queries are ignored. Default is off, since
|
||||||
it is legal protocol wise to send these, and unbound tries to give very
|
it is legal protocol wise to send these, and unbound tries to give very
|
||||||
small answers to these queries, where possible.
|
small answers to these queries, where possible.
|
||||||
.TP
|
.TP
|
||||||
.B harden\-large\-queries: \fI<yes or no>
|
.B harden\-large\-queries: \fI<yes or no>
|
||||||
@ -631,11 +633,11 @@ Will trust glue only if it is within the servers authority. Default is on.
|
|||||||
.B harden\-dnssec\-stripped: \fI<yes or no>
|
.B harden\-dnssec\-stripped: \fI<yes or no>
|
||||||
Require DNSSEC data for trust\-anchored zones, if such data is absent,
|
Require DNSSEC data for trust\-anchored zones, if such data is absent,
|
||||||
the zone becomes bogus. If turned off, and no DNSSEC data is received
|
the zone becomes bogus. If turned off, and no DNSSEC data is received
|
||||||
(or the DNSKEY data fails to validate), then the zone is made insecure,
|
(or the DNSKEY data fails to validate), then the zone is made insecure,
|
||||||
this behaves like there is no trust anchor. You could turn this off if
|
this behaves like there is no trust anchor. You could turn this off if
|
||||||
you are sometimes behind an intrusive firewall (of some sort) that
|
you are sometimes behind an intrusive firewall (of some sort) that
|
||||||
removes DNSSEC data from packets, or a zone changes from signed to
|
removes DNSSEC data from packets, or a zone changes from signed to
|
||||||
unsigned to badly signed often. If turned off you run the risk of a
|
unsigned to badly signed often. If turned off you run the risk of a
|
||||||
downgrade attack that disables security for a zone. Default is on.
|
downgrade attack that disables security for a zone. Default is on.
|
||||||
.TP
|
.TP
|
||||||
.B harden\-below\-nxdomain: \fI<yes or no>
|
.B harden\-below\-nxdomain: \fI<yes or no>
|
||||||
@ -653,7 +655,7 @@ The nxdomain must be secure, this means nsec3 with optout is insufficient.
|
|||||||
Harden the referral path by performing additional queries for
|
Harden the referral path by performing additional queries for
|
||||||
infrastructure data. Validates the replies if trust anchors are configured
|
infrastructure data. Validates the replies if trust anchors are configured
|
||||||
and the zones are signed. This enforces DNSSEC validation on nameserver
|
and the zones are signed. This enforces DNSSEC validation on nameserver
|
||||||
NS sets and the nameserver addresses that are encountered on the referral
|
NS sets and the nameserver addresses that are encountered on the referral
|
||||||
path to the answer.
|
path to the answer.
|
||||||
Default off, because it burdens the authority servers, and it is
|
Default off, because it burdens the authority servers, and it is
|
||||||
not RFC standard, and could lead to performance problems because of the
|
not RFC standard, and could lead to performance problems because of the
|
||||||
@ -670,9 +672,9 @@ this option off avoids that validation failure.
|
|||||||
.TP
|
.TP
|
||||||
.B use\-caps\-for\-id: \fI<yes or no>
|
.B use\-caps\-for\-id: \fI<yes or no>
|
||||||
Use 0x20\-encoded random bits in the query to foil spoof attempts.
|
Use 0x20\-encoded random bits in the query to foil spoof attempts.
|
||||||
This perturbs the lowercase and uppercase of query names sent to
|
This perturbs the lowercase and uppercase of query names sent to
|
||||||
authority servers and checks if the reply still has the correct casing.
|
authority servers and checks if the reply still has the correct casing.
|
||||||
Disabled by default.
|
Disabled by default.
|
||||||
This feature is an experimental implementation of draft dns\-0x20.
|
This feature is an experimental implementation of draft dns\-0x20.
|
||||||
.TP
|
.TP
|
||||||
.B caps\-whitelist: \fI<domain>
|
.B caps\-whitelist: \fI<domain>
|
||||||
@ -683,7 +685,7 @@ Can be given multiple times, for different domains.
|
|||||||
.TP
|
.TP
|
||||||
.B qname\-minimisation: \fI<yes or no>
|
.B qname\-minimisation: \fI<yes or no>
|
||||||
Send minimum amount of information to upstream servers to enhance privacy.
|
Send minimum amount of information to upstream servers to enhance privacy.
|
||||||
Only sent minimum required labels of the QNAME and set QTYPE to NS when
|
Only sent minimum required labels of the QNAME and set QTYPE to NS when
|
||||||
possible. Best effort approach; full QNAME and original QTYPE will be sent when
|
possible. Best effort approach; full QNAME and original QTYPE will be sent when
|
||||||
upstream replies with a RCODE other than NOERROR, except when receiving
|
upstream replies with a RCODE other than NOERROR, except when receiving
|
||||||
NXDOMAIN from a DNSSEC signed zone. Default is off.
|
NXDOMAIN from a DNSSEC signed zone. Default is off.
|
||||||
@ -715,7 +717,7 @@ stops IPv4-mapped IPv6 addresses from bypassing the filter.
|
|||||||
.TP
|
.TP
|
||||||
.B private\-domain: \fI<domain name>
|
.B private\-domain: \fI<domain name>
|
||||||
Allow this domain, and all its subdomains to contain private addresses.
|
Allow this domain, and all its subdomains to contain private addresses.
|
||||||
Give multiple times to allow multiple domain names to contain private
|
Give multiple times to allow multiple domain names to contain private
|
||||||
addresses. Default is none.
|
addresses. Default is none.
|
||||||
.TP
|
.TP
|
||||||
.B unwanted\-reply\-threshold: \fI<number>
|
.B unwanted\-reply\-threshold: \fI<number>
|
||||||
@ -726,7 +728,7 @@ message caches, hopefully flushing away any poison. A value of 10 million
|
|||||||
is suggested. Default is 0 (turned off).
|
is suggested. Default is 0 (turned off).
|
||||||
.TP
|
.TP
|
||||||
.B do\-not\-query\-address: \fI<IP address>
|
.B do\-not\-query\-address: \fI<IP address>
|
||||||
Do not query the given IP address. Can be IP4 or IP6. Append /num to
|
Do not query the given IP address. Can be IP4 or IP6. Append /num to
|
||||||
indicate a classless delegation netblock, for example like
|
indicate a classless delegation netblock, for example like
|
||||||
10.2.3.4/24 or 2001::11/64.
|
10.2.3.4/24 or 2001::11/64.
|
||||||
.TP
|
.TP
|
||||||
@ -793,17 +795,20 @@ A DS or DNSKEY RR for a key to use for validation. Multiple entries can be
|
|||||||
given to specify multiple trusted keys, in addition to the trust\-anchor\-files.
|
given to specify multiple trusted keys, in addition to the trust\-anchor\-files.
|
||||||
The resource record is entered in the same format as 'dig' or 'drill' prints
|
The resource record is entered in the same format as 'dig' or 'drill' prints
|
||||||
them, the same format as in the zone file. Has to be on a single line, with
|
them, the same format as in the zone file. Has to be on a single line, with
|
||||||
"" around it. A TTL can be specified for ease of cut and paste, but is ignored.
|
"" around it. A TTL can be specified for ease of cut and paste, but is ignored.
|
||||||
A class can be specified, but class IN is default.
|
A class can be specified, but class IN is default.
|
||||||
.TP
|
.TP
|
||||||
.B trusted\-keys\-file: \fI<filename>
|
.B trusted\-keys\-file: \fI<filename>
|
||||||
File with trusted keys for validation. Specify more than one file
|
File with trusted keys for validation. Specify more than one file
|
||||||
with several entries, one file per entry. Like \fBtrust\-anchor\-file\fR
|
with several entries, one file per entry. Like \fBtrust\-anchor\-file\fR
|
||||||
but has a different file format. Format is BIND\-9 style format,
|
but has a different file format. Format is BIND\-9 style format,
|
||||||
the trusted\-keys { name flag proto algo "key"; }; clauses are read.
|
the trusted\-keys { name flag proto algo "key"; }; clauses are read.
|
||||||
It is possible to use wildcards with this statement, the wildcard is
|
It is possible to use wildcards with this statement, the wildcard is
|
||||||
expanded on start and on reload.
|
expanded on start and on reload.
|
||||||
.TP
|
.TP
|
||||||
|
.B trust\-anchor\-signaling: \fI<yes or no>
|
||||||
|
Send RFC8145 key tag query after trust anchor priming. Default is off.
|
||||||
|
.TP
|
||||||
.B dlv\-anchor\-file: \fI<filename>
|
.B dlv\-anchor\-file: \fI<filename>
|
||||||
This option was used during early days DNSSEC deployment when no parent-side
|
This option was used during early days DNSSEC deployment when no parent-side
|
||||||
DS record registrations were easily available. Nowadays, it is best to have
|
DS record registrations were easily available. Nowadays, it is best to have
|
||||||
@ -811,9 +816,9 @@ DS records registered with the parent zone (many top level zones are signed).
|
|||||||
File with trusted keys for DLV (DNSSEC Lookaside Validation). Both DS and
|
File with trusted keys for DLV (DNSSEC Lookaside Validation). Both DS and
|
||||||
DNSKEY entries can be used in the file, in the same format as for
|
DNSKEY entries can be used in the file, in the same format as for
|
||||||
\fItrust\-anchor\-file:\fR statements. Only one DLV can be configured, more
|
\fItrust\-anchor\-file:\fR statements. Only one DLV can be configured, more
|
||||||
would be slow. The DLV configured is used as a root trusted DLV, this
|
would be slow. The DLV configured is used as a root trusted DLV, this
|
||||||
means that it is a lookaside for the root. Default is "", or no dlv anchor file.
|
means that it is a lookaside for the root. Default is "", or no dlv anchor
|
||||||
DLV is going to be decommissioned. Please do not use it any more.
|
file. DLV is going to be decommissioned. Please do not use it any more.
|
||||||
.TP
|
.TP
|
||||||
.B dlv\-anchor: \fI<"Resource Record">
|
.B dlv\-anchor: \fI<"Resource Record">
|
||||||
Much like trust\-anchor, this is a DLV anchor with the DS or DNSKEY inline.
|
Much like trust\-anchor, this is a DLV anchor with the DS or DNSKEY inline.
|
||||||
@ -825,17 +830,17 @@ the domain name. So a trust anchor above the domain name can not make the
|
|||||||
domain secure with a DS record, such a DS record is then ignored.
|
domain secure with a DS record, such a DS record is then ignored.
|
||||||
Also keys from DLV are ignored for the domain. Can be given multiple times
|
Also keys from DLV are ignored for the domain. Can be given multiple times
|
||||||
to specify multiple domains that are treated as if unsigned. If you set
|
to specify multiple domains that are treated as if unsigned. If you set
|
||||||
trust anchors for the domain they override this setting (and the domain
|
trust anchors for the domain they override this setting (and the domain
|
||||||
is secured).
|
is secured).
|
||||||
.IP
|
.IP
|
||||||
This can be useful if you want to make sure a trust anchor for external
|
This can be useful if you want to make sure a trust anchor for external
|
||||||
lookups does not affect an (unsigned) internal domain. A DS record
|
lookups does not affect an (unsigned) internal domain. A DS record
|
||||||
externally can create validation failures for that internal domain.
|
externally can create validation failures for that internal domain.
|
||||||
.TP
|
.TP
|
||||||
.B val\-override\-date: \fI<rrsig\-style date spec>
|
.B val\-override\-date: \fI<rrsig\-style date spec>
|
||||||
Default is "" or "0", which disables this debugging feature. If enabled by
|
Default is "" or "0", which disables this debugging feature. If enabled by
|
||||||
giving a RRSIG style date, that date is used for verifying RRSIG inception
|
giving a RRSIG style date, that date is used for verifying RRSIG inception
|
||||||
and expiration dates, instead of the current date. Do not set this unless
|
and expiration dates, instead of the current date. Do not set this unless
|
||||||
you are debugging signature inception and expiration. The value \-1 ignores
|
you are debugging signature inception and expiration. The value \-1 ignores
|
||||||
the date altogether, useful for some special applications.
|
the date altogether, useful for some special applications.
|
||||||
.TP
|
.TP
|
||||||
@ -865,7 +870,7 @@ The time interval prevents repeated revalidation of bogus data.
|
|||||||
Instruct the validator to remove data from the additional section of secure
|
Instruct the validator to remove data from the additional section of secure
|
||||||
messages that are not signed properly. Messages that are insecure, bogus,
|
messages that are not signed properly. Messages that are insecure, bogus,
|
||||||
indeterminate or unchecked are not affected. Default is yes. Use this setting
|
indeterminate or unchecked are not affected. Default is yes. Use this setting
|
||||||
to protect the users that rely on this validator for authentication from
|
to protect the users that rely on this validator for authentication from
|
||||||
potentially bad data in the additional section.
|
potentially bad data in the additional section.
|
||||||
.TP
|
.TP
|
||||||
.B val\-log\-level: \fI<number>
|
.B val\-log\-level: \fI<number>
|
||||||
@ -880,10 +885,10 @@ it was wrong and which server sent the faulty data.
|
|||||||
.B val\-permissive\-mode: \fI<yes or no>
|
.B val\-permissive\-mode: \fI<yes or no>
|
||||||
Instruct the validator to mark bogus messages as indeterminate. The security
|
Instruct the validator to mark bogus messages as indeterminate. The security
|
||||||
checks are performed, but if the result is bogus (failed security), the
|
checks are performed, but if the result is bogus (failed security), the
|
||||||
reply is not withheld from the client with SERVFAIL as usual. The client
|
reply is not withheld from the client with SERVFAIL as usual. The client
|
||||||
receives the bogus data. For messages that are found to be secure the AD bit
|
receives the bogus data. For messages that are found to be secure the AD bit
|
||||||
is set in replies. Also logging is performed as for full validation.
|
is set in replies. Also logging is performed as for full validation.
|
||||||
The default value is "no".
|
The default value is "no".
|
||||||
.TP
|
.TP
|
||||||
.B ignore\-cd\-flag: \fI<yes or no>
|
.B ignore\-cd\-flag: \fI<yes or no>
|
||||||
Instruct unbound to ignore the CD flag from clients and refuse to
|
Instruct unbound to ignore the CD flag from clients and refuse to
|
||||||
@ -903,7 +908,7 @@ List of keysize and iteration count values, separated by spaces, surrounded
|
|||||||
by quotes. Default is "1024 150 2048 500 4096 2500". This determines the
|
by quotes. Default is "1024 150 2048 500 4096 2500". This determines the
|
||||||
maximum allowed NSEC3 iteration count before a message is simply marked
|
maximum allowed NSEC3 iteration count before a message is simply marked
|
||||||
insecure instead of performing the many hashing iterations. The list must
|
insecure instead of performing the many hashing iterations. The list must
|
||||||
be in ascending order and have at least one entry. If you set it to
|
be in ascending order and have at least one entry. If you set it to
|
||||||
"1024 65535" there is no restriction to NSEC3 iteration values.
|
"1024 65535" there is no restriction to NSEC3 iteration values.
|
||||||
This table must be kept short; a very long list could cause slower operation.
|
This table must be kept short; a very long list could cause slower operation.
|
||||||
.TP
|
.TP
|
||||||
@ -938,7 +943,7 @@ or gigabytes (1024*1024 bytes in a megabyte).
|
|||||||
.TP
|
.TP
|
||||||
.B key\-cache\-slabs: \fI<number>
|
.B key\-cache\-slabs: \fI<number>
|
||||||
Number of slabs in the key cache. Slabs reduce lock contention by threads.
|
Number of slabs in the key cache. Slabs reduce lock contention by threads.
|
||||||
Must be set to a power of 2. Setting (close) to the number of cpus is a
|
Must be set to a power of 2. Setting (close) to the number of cpus is a
|
||||||
reasonable guess.
|
reasonable guess.
|
||||||
.TP
|
.TP
|
||||||
.B neg\-cache\-size: \fI<number>
|
.B neg\-cache\-size: \fI<number>
|
||||||
@ -989,7 +994,7 @@ Otherwise, the query is answered with nodata or nxdomain.
|
|||||||
For a negative answer a SOA is included in the answer if present
|
For a negative answer a SOA is included in the answer if present
|
||||||
as local\-data for the zone apex domain.
|
as local\-data for the zone apex domain.
|
||||||
.TP 10
|
.TP 10
|
||||||
\h'5'\fItransparent\fR
|
\h'5'\fItransparent\fR
|
||||||
If there is a match from local data, the query is answered.
|
If there is a match from local data, the query is answered.
|
||||||
Otherwise if the query has a different name, the query is resolved normally.
|
Otherwise if the query has a different name, the query is resolved normally.
|
||||||
If the query is for a name given in localdata but no such type of data is
|
If the query is for a name given in localdata but no such type of data is
|
||||||
@ -997,49 +1002,49 @@ given in localdata, then a noerror nodata answer is returned.
|
|||||||
If no local\-zone is given local\-data causes a transparent zone
|
If no local\-zone is given local\-data causes a transparent zone
|
||||||
to be created by default.
|
to be created by default.
|
||||||
.TP 10
|
.TP 10
|
||||||
\h'5'\fItypetransparent\fR
|
\h'5'\fItypetransparent\fR
|
||||||
If there is a match from local data, the query is answered. If the query
|
If there is a match from local data, the query is answered. If the query
|
||||||
is for a different name, or for the same name but for a different type,
|
is for a different name, or for the same name but for a different type,
|
||||||
the query is resolved normally. So, similar to transparent but types
|
the query is resolved normally. So, similar to transparent but types
|
||||||
that are not listed in local data are resolved normally, so if an A record
|
that are not listed in local data are resolved normally, so if an A record
|
||||||
is in the local data that does not cause a nodata reply for AAAA queries.
|
is in the local data that does not cause a nodata reply for AAAA queries.
|
||||||
.TP 10
|
.TP 10
|
||||||
\h'5'\fIredirect\fR
|
\h'5'\fIredirect\fR
|
||||||
The query is answered from the local data for the zone name.
|
The query is answered from the local data for the zone name.
|
||||||
There may be no local data beneath the zone name.
|
There may be no local data beneath the zone name.
|
||||||
This answers queries for the zone, and all subdomains of the zone
|
This answers queries for the zone, and all subdomains of the zone
|
||||||
with the local data for the zone.
|
with the local data for the zone.
|
||||||
It can be used to redirect a domain to return a different address record
|
It can be used to redirect a domain to return a different address record
|
||||||
to the end user, with
|
to the end user, with
|
||||||
local\-zone: "example.com." redirect and
|
local\-zone: "example.com." redirect and
|
||||||
local\-data: "example.com. A 127.0.0.1"
|
local\-data: "example.com. A 127.0.0.1"
|
||||||
queries for www.example.com and www.foo.example.com are redirected, so
|
queries for www.example.com and www.foo.example.com are redirected, so
|
||||||
that users with web browsers cannot access sites with suffix example.com.
|
that users with web browsers cannot access sites with suffix example.com.
|
||||||
.TP 10
|
.TP 10
|
||||||
\h'5'\fIinform\fR
|
\h'5'\fIinform\fR
|
||||||
The query is answered normally, same as transparent. The client IP
|
The query is answered normally, same as transparent. The client IP
|
||||||
address (@portnumber) is printed to the logfile. The log message is:
|
address (@portnumber) is printed to the logfile. The log message is:
|
||||||
timestamp, unbound-pid, info: zonename inform IP@port queryname type
|
timestamp, unbound-pid, info: zonename inform IP@port queryname type
|
||||||
class. This option can be used for normal resolution, but machines
|
class. This option can be used for normal resolution, but machines
|
||||||
looking up infected names are logged, eg. to run antivirus on them.
|
looking up infected names are logged, eg. to run antivirus on them.
|
||||||
.TP 10
|
.TP 10
|
||||||
\h'5'\fIinform_deny\fR
|
\h'5'\fIinform_deny\fR
|
||||||
The query is dropped, like 'deny', and logged, like 'inform'. Ie. find
|
The query is dropped, like 'deny', and logged, like 'inform'. Ie. find
|
||||||
infected machines without answering the queries.
|
infected machines without answering the queries.
|
||||||
.TP 10
|
.TP 10
|
||||||
\h'5'\fIalways_transparent\fR
|
\h'5'\fIalways_transparent\fR
|
||||||
Like transparent, but ignores local data and resolves normally.
|
Like transparent, but ignores local data and resolves normally.
|
||||||
.TP 10
|
.TP 10
|
||||||
\h'5'\fIalways_refuse\fR
|
\h'5'\fIalways_refuse\fR
|
||||||
Like refuse, but ignores local data and refuses the query.
|
Like refuse, but ignores local data and refuses the query.
|
||||||
.TP 10
|
.TP 10
|
||||||
\h'5'\fIalways_nxdomain\fR
|
\h'5'\fIalways_nxdomain\fR
|
||||||
Like static, but ignores local data and returns nxdomain for the query.
|
Like static, but ignores local data and returns nxdomain for the query.
|
||||||
.TP 10
|
.TP 10
|
||||||
\h'5'\fInodefault\fR
|
\h'5'\fInodefault\fR
|
||||||
Used to turn off default contents for AS112 zones. The other types
|
Used to turn off default contents for AS112 zones. The other types
|
||||||
also turn off default contents for the zone. The 'nodefault' option
|
also turn off default contents for the zone. The 'nodefault' option
|
||||||
has no other effect than turning off default contents for the
|
has no other effect than turning off default contents for the
|
||||||
given zone. Use \fInodefault\fR if you use exactly that zone, if you want to
|
given zone. Use \fInodefault\fR if you use exactly that zone, if you want to
|
||||||
use a subzone, use \fItransparent\fR.
|
use a subzone, use \fItransparent\fR.
|
||||||
.P
|
.P
|
||||||
@ -1048,71 +1053,71 @@ the AS112 zones. The AS112 zones are reverse DNS zones for private use and
|
|||||||
reserved IP addresses for which the servers on the internet cannot provide
|
reserved IP addresses for which the servers on the internet cannot provide
|
||||||
correct answers. They are configured by default to give nxdomain (no reverse
|
correct answers. They are configured by default to give nxdomain (no reverse
|
||||||
information) answers. The defaults can be turned off by specifying your
|
information) answers. The defaults can be turned off by specifying your
|
||||||
own local\-zone of that name, or using the 'nodefault' type. Below is a
|
own local\-zone of that name, or using the 'nodefault' type. Below is a
|
||||||
list of the default zone contents.
|
list of the default zone contents.
|
||||||
.TP 10
|
.TP 10
|
||||||
\h'5'\fIlocalhost\fR
|
\h'5'\fIlocalhost\fR
|
||||||
The IP4 and IP6 localhost information is given. NS and SOA records are provided
|
The IP4 and IP6 localhost information is given. NS and SOA records are provided
|
||||||
for completeness and to satisfy some DNS update tools. Default content:
|
for completeness and to satisfy some DNS update tools. Default content:
|
||||||
.nf
|
.nf
|
||||||
local\-zone: "localhost." static
|
local\-zone: "localhost." static
|
||||||
local\-data: "localhost. 10800 IN NS localhost."
|
local\-data: "localhost. 10800 IN NS localhost."
|
||||||
local\-data: "localhost. 10800 IN
|
local\-data: "localhost. 10800 IN
|
||||||
SOA localhost. nobody.invalid. 1 3600 1200 604800 10800"
|
SOA localhost. nobody.invalid. 1 3600 1200 604800 10800"
|
||||||
local\-data: "localhost. 10800 IN A 127.0.0.1"
|
local\-data: "localhost. 10800 IN A 127.0.0.1"
|
||||||
local\-data: "localhost. 10800 IN AAAA ::1"
|
local\-data: "localhost. 10800 IN AAAA ::1"
|
||||||
.fi
|
.fi
|
||||||
.TP 10
|
.TP 10
|
||||||
\h'5'\fIreverse IPv4 loopback\fR
|
\h'5'\fIreverse IPv4 loopback\fR
|
||||||
Default content:
|
Default content:
|
||||||
.nf
|
.nf
|
||||||
local\-zone: "127.in\-addr.arpa." static
|
local\-zone: "127.in\-addr.arpa." static
|
||||||
local\-data: "127.in\-addr.arpa. 10800 IN NS localhost."
|
local\-data: "127.in\-addr.arpa. 10800 IN NS localhost."
|
||||||
local\-data: "127.in\-addr.arpa. 10800 IN
|
local\-data: "127.in\-addr.arpa. 10800 IN
|
||||||
SOA localhost. nobody.invalid. 1 3600 1200 604800 10800"
|
SOA localhost. nobody.invalid. 1 3600 1200 604800 10800"
|
||||||
local\-data: "1.0.0.127.in\-addr.arpa. 10800 IN
|
local\-data: "1.0.0.127.in\-addr.arpa. 10800 IN
|
||||||
PTR localhost."
|
PTR localhost."
|
||||||
.fi
|
.fi
|
||||||
.TP 10
|
.TP 10
|
||||||
\h'5'\fIreverse IPv6 loopback\fR
|
\h'5'\fIreverse IPv6 loopback\fR
|
||||||
Default content:
|
Default content:
|
||||||
.nf
|
.nf
|
||||||
local\-zone: "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.
|
local\-zone: "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.
|
||||||
0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa." static
|
0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa." static
|
||||||
local\-data: "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.
|
local\-data: "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.
|
||||||
0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa. 10800 IN
|
0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa. 10800 IN
|
||||||
NS localhost."
|
NS localhost."
|
||||||
local\-data: "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.
|
local\-data: "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.
|
||||||
0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa. 10800 IN
|
0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa. 10800 IN
|
||||||
SOA localhost. nobody.invalid. 1 3600 1200 604800 10800"
|
SOA localhost. nobody.invalid. 1 3600 1200 604800 10800"
|
||||||
local\-data: "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.
|
local\-data: "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.
|
||||||
0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa. 10800 IN
|
0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa. 10800 IN
|
||||||
PTR localhost."
|
PTR localhost."
|
||||||
.fi
|
.fi
|
||||||
.TP 10
|
.TP 10
|
||||||
\h'5'\fIonion (RFC 7686)\fR
|
\h'5'\fIonion (RFC 7686)\fR
|
||||||
Default content:
|
Default content:
|
||||||
.nf
|
.nf
|
||||||
local\-zone: "onion." static
|
local\-zone: "onion." static
|
||||||
local\-data: "onion. 10800 IN NS localhost."
|
local\-data: "onion. 10800 IN NS localhost."
|
||||||
local\-data: "onion. 10800 IN
|
local\-data: "onion. 10800 IN
|
||||||
SOA localhost. nobody.invalid. 1 3600 1200 604800 10800"
|
SOA localhost. nobody.invalid. 1 3600 1200 604800 10800"
|
||||||
.fi
|
.fi
|
||||||
.TP 10
|
.TP 10
|
||||||
\h'5'\fIreverse RFC1918 local use zones\fR
|
\h'5'\fIreverse RFC1918 local use zones\fR
|
||||||
Reverse data for zones 10.in\-addr.arpa, 16.172.in\-addr.arpa to
|
Reverse data for zones 10.in\-addr.arpa, 16.172.in\-addr.arpa to
|
||||||
31.172.in\-addr.arpa, 168.192.in\-addr.arpa.
|
31.172.in\-addr.arpa, 168.192.in\-addr.arpa.
|
||||||
The \fBlocal\-zone:\fR is set static and as \fBlocal\-data:\fR SOA and NS
|
The \fBlocal\-zone:\fR is set static and as \fBlocal\-data:\fR SOA and NS
|
||||||
records are provided.
|
records are provided.
|
||||||
.TP 10
|
.TP 10
|
||||||
\h'5'\fIreverse RFC3330 IP4 this, link\-local, testnet and broadcast\fR
|
\h'5'\fIreverse RFC3330 IP4 this, link\-local, testnet and broadcast\fR
|
||||||
Reverse data for zones 0.in\-addr.arpa, 254.169.in\-addr.arpa,
|
Reverse data for zones 0.in\-addr.arpa, 254.169.in\-addr.arpa,
|
||||||
2.0.192.in\-addr.arpa (TEST NET 1), 100.51.198.in\-addr.arpa (TEST NET 2),
|
2.0.192.in\-addr.arpa (TEST NET 1), 100.51.198.in\-addr.arpa (TEST NET 2),
|
||||||
113.0.203.in\-addr.arpa (TEST NET 3), 255.255.255.255.in\-addr.arpa.
|
113.0.203.in\-addr.arpa (TEST NET 3), 255.255.255.255.in\-addr.arpa.
|
||||||
And from 64.100.in\-addr.arpa to 127.100.in\-addr.arpa (Shared Address Space).
|
And from 64.100.in\-addr.arpa to 127.100.in\-addr.arpa (Shared Address Space).
|
||||||
.TP 10
|
.TP 10
|
||||||
\h'5'\fIreverse RFC4291 IP6 unspecified\fR
|
\h'5'\fIreverse RFC4291 IP6 unspecified\fR
|
||||||
Reverse data for zone
|
Reverse data for zone
|
||||||
.nf
|
.nf
|
||||||
0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.
|
0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.
|
||||||
0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa.
|
0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa.
|
||||||
@ -1137,11 +1142,11 @@ This also works with the other default zones.
|
|||||||
.TP 5
|
.TP 5
|
||||||
.B local\-data: \fI"<resource record string>"
|
.B local\-data: \fI"<resource record string>"
|
||||||
Configure local data, which is served in reply to queries for it.
|
Configure local data, which is served in reply to queries for it.
|
||||||
The query has to match exactly unless you configure the local\-zone as
|
The query has to match exactly unless you configure the local\-zone as
|
||||||
redirect. If not matched exactly, the local\-zone type determines
|
redirect. If not matched exactly, the local\-zone type determines
|
||||||
further processing. If local\-data is configured that is not a subdomain of
|
further processing. If local\-data is configured that is not a subdomain of
|
||||||
a local\-zone, a transparent local\-zone is configured.
|
a local\-zone, a transparent local\-zone is configured.
|
||||||
For record types such as TXT, use single quotes, as in
|
For record types such as TXT, use single quotes, as in
|
||||||
local\-data: 'example. TXT "text"'.
|
local\-data: 'example. TXT "text"'.
|
||||||
.IP
|
.IP
|
||||||
If you need more complicated authoritative data, with referrals, wildcards,
|
If you need more complicated authoritative data, with referrals, wildcards,
|
||||||
@ -1160,7 +1165,7 @@ used access-control element has a matching tag. Tags must be defined in
|
|||||||
tags.
|
tags.
|
||||||
.TP 5
|
.TP 5
|
||||||
.B local\-zone\-override: \fI<zone> <IP netblock> <type>
|
.B local\-zone\-override: \fI<zone> <IP netblock> <type>
|
||||||
Override the localzone type for queries from addresses matching netblock.
|
Override the localzone type for queries from addresses matching netblock.
|
||||||
Use this localzone type, regardless the type configured for the local-zone
|
Use this localzone type, regardless the type configured for the local-zone
|
||||||
(both tagged and untagged) and regardless the type configured using
|
(both tagged and untagged) and regardless the type configured using
|
||||||
access\-control\-tag\-action.
|
access\-control\-tag\-action.
|
||||||
@ -1197,18 +1202,20 @@ This can make ordinary queries complete (if repeatedly queried for),
|
|||||||
and enter the cache, whilst also mitigating the traffic flow by the
|
and enter the cache, whilst also mitigating the traffic flow by the
|
||||||
factor given.
|
factor given.
|
||||||
.TP 5
|
.TP 5
|
||||||
.B ratelimit\-for\-domain: \fI<domain> <number qps>
|
.B ratelimit\-for\-domain: \fI<domain> <number qps or 0>
|
||||||
Override the global ratelimit for an exact match domain name with the listed
|
Override the global ratelimit for an exact match domain name with the listed
|
||||||
number. You can give this for any number of names. For example, for
|
number. You can give this for any number of names. For example, for
|
||||||
a top\-level\-domain you may want to have a higher limit than other names.
|
a top\-level\-domain you may want to have a higher limit than other names.
|
||||||
|
A value of 0 will disable ratelimiting for that domain.
|
||||||
.TP 5
|
.TP 5
|
||||||
.B ratelimit\-below\-domain: \fI<domain> <number qps>
|
.B ratelimit\-below\-domain: \fI<domain> <number qps or 0>
|
||||||
Override the global ratelimit for a domain name that ends in this name.
|
Override the global ratelimit for a domain name that ends in this name.
|
||||||
You can give this multiple times, it then describes different settings
|
You can give this multiple times, it then describes different settings
|
||||||
in different parts of the namespace. The closest matching suffix is used
|
in different parts of the namespace. The closest matching suffix is used
|
||||||
to determine the qps limit. The rate for the exact matching domain name
|
to determine the qps limit. The rate for the exact matching domain name
|
||||||
is not changed, use ratelimit\-for\-domain to set that, you might want
|
is not changed, use ratelimit\-for\-domain to set that, you might want
|
||||||
to use different settings for a top\-level\-domain and subdomains.
|
to use different settings for a top\-level\-domain and subdomains.
|
||||||
|
A value of 0 will disable ratelimiting for domain names that end in this name.
|
||||||
.TP 5
|
.TP 5
|
||||||
.B ip\-ratelimit: \fI<number or 0>
|
.B ip\-ratelimit: \fI<number or 0>
|
||||||
Enable global ratelimiting of queries accepted per ip address.
|
Enable global ratelimiting of queries accepted per ip address.
|
||||||
@ -1304,21 +1311,21 @@ the recursive processing itself for stub zones.
|
|||||||
.P
|
.P
|
||||||
The stub zone can be used to configure authoritative data to be used
|
The stub zone can be used to configure authoritative data to be used
|
||||||
by the resolver that cannot be accessed using the public internet servers.
|
by the resolver that cannot be accessed using the public internet servers.
|
||||||
This is useful for company\-local data or private zones. Setup an
|
This is useful for company\-local data or private zones. Setup an
|
||||||
authoritative server on a different host (or different port). Enter a config
|
authoritative server on a different host (or different port). Enter a config
|
||||||
entry for unbound with
|
entry for unbound with
|
||||||
.B stub\-addr:
|
.B stub\-addr:
|
||||||
<ip address of host[@port]>.
|
<ip address of host[@port]>.
|
||||||
The unbound resolver can then access the data, without referring to the
|
The unbound resolver can then access the data, without referring to the
|
||||||
public internet for it.
|
public internet for it.
|
||||||
.P
|
.P
|
||||||
This setup allows DNSSEC signed zones to be served by that
|
This setup allows DNSSEC signed zones to be served by that
|
||||||
authoritative server, in which case a trusted key entry with the public key
|
authoritative server, in which case a trusted key entry with the public key
|
||||||
can be put in config, so that unbound can validate the data and set the AD
|
can be put in config, so that unbound can validate the data and set the AD
|
||||||
bit on replies for the private zone (authoritative servers do not set the
|
bit on replies for the private zone (authoritative servers do not set the
|
||||||
AD bit). This setup makes unbound capable of answering queries for the
|
AD bit). This setup makes unbound capable of answering queries for the
|
||||||
private zone, and can even set the AD bit ('authentic'), but the AA
|
private zone, and can even set the AD bit ('authentic'), but the AA
|
||||||
('authoritative') bit is not set on these replies.
|
('authoritative') bit is not set on these replies.
|
||||||
.P
|
.P
|
||||||
Consider adding \fBserver:\fR statements for \fBdomain\-insecure:\fR and
|
Consider adding \fBserver:\fR statements for \fBdomain\-insecure:\fR and
|
||||||
for \fBlocal\-zone:\fI name nodefault\fR for the zone if it is a locally
|
for \fBlocal\-zone:\fI name nodefault\fR for the zone if it is a locally
|
||||||
@ -1337,8 +1344,8 @@ IP address of stub zone nameserver. Can be IP 4 or IP 6.
|
|||||||
To use a nondefault port for DNS communication append '@' with the port number.
|
To use a nondefault port for DNS communication append '@' with the port number.
|
||||||
.TP
|
.TP
|
||||||
.B stub\-prime: \fI<yes or no>
|
.B stub\-prime: \fI<yes or no>
|
||||||
This option is by default off. If enabled it performs NS set priming,
|
This option is by default off. If enabled it performs NS set priming,
|
||||||
which is similar to root hints, where it starts using the list of nameservers
|
which is similar to root hints, where it starts using the list of nameservers
|
||||||
currently published by the zone. Thus, if the hint list is slightly outdated,
|
currently published by the zone. Thus, if the hint list is slightly outdated,
|
||||||
the resolver picks up a correct list online.
|
the resolver picks up a correct list online.
|
||||||
.TP
|
.TP
|
||||||
@ -1390,10 +1397,10 @@ Default is no.
|
|||||||
There may be multiple
|
There may be multiple
|
||||||
.B view:
|
.B view:
|
||||||
clauses. Each with a \fBname:\fR and zero or more \fBlocal\-zone\fR and
|
clauses. Each with a \fBname:\fR and zero or more \fBlocal\-zone\fR and
|
||||||
\fBlocal\-data\fR elements. View can be mapped to requests by specifying the view
|
\fBlocal\-data\fR elements. View can be mapped to requests by specifying the
|
||||||
name in an \fBaccess\-control\-view\fR element. Options from matching views will
|
view name in an \fBaccess\-control\-view\fR element. Options from matching
|
||||||
override global options. Global options will be used if no matching view
|
views will override global options. Global options will be used if no matching
|
||||||
is found.
|
view is found, or when the matching view does not have the option specified.
|
||||||
.TP
|
.TP
|
||||||
.B name: \fI<view name>
|
.B name: \fI<view name>
|
||||||
Name of the view. Must be unique. This name is used in access\-control\-view
|
Name of the view. Must be unique. This name is used in access\-control\-view
|
||||||
@ -1401,7 +1408,11 @@ elements.
|
|||||||
.TP
|
.TP
|
||||||
.B local\-zone: \fI<zone> <type>
|
.B local\-zone: \fI<zone> <type>
|
||||||
View specific local\-zone elements. Has the same types and behaviour as the
|
View specific local\-zone elements. Has the same types and behaviour as the
|
||||||
global local\-zone elements.
|
global local\-zone elements. When there is at least one local\-zone specified
|
||||||
|
and view\-first is no, the default local-zones will be added to this view.
|
||||||
|
Defaults can be disabled using the nodefault type. When view\-first is yes or
|
||||||
|
when a view does not have a local\-zone, the global local\-zone will be used
|
||||||
|
including it's default zones.
|
||||||
.TP
|
.TP
|
||||||
.B local\-data: \fI"<resource record string>"
|
.B local\-data: \fI"<resource record string>"
|
||||||
View specific local\-data elements. Has the same behaviour as the global
|
View specific local\-data elements. Has the same behaviour as the global
|
||||||
@ -1454,7 +1465,8 @@ clause give the settings of the dnscrypt channel. While those options are
|
|||||||
available, they are only meaningful if unbound was compiled with
|
available, they are only meaningful if unbound was compiled with
|
||||||
\fB\-\-enable\-dnscrypt\fR.
|
\fB\-\-enable\-dnscrypt\fR.
|
||||||
Currently certificate and secret/public keys cannot be generated by unbound.
|
Currently certificate and secret/public keys cannot be generated by unbound.
|
||||||
You can use dnscrypt-wrapper to generate those: https://github.com/cofyc/dnscrypt-wrapper/blob/master/README.md#usage
|
You can use dnscrypt-wrapper to generate those: https://github.com/cofyc/\
|
||||||
|
dnscrypt-wrapper/blob/master/README.md#usage
|
||||||
.TP
|
.TP
|
||||||
.B dnscrypt\-enable: \fI<yes or no>\fR
|
.B dnscrypt\-enable: \fI<yes or no>\fR
|
||||||
Whether or not the \fBdnscrypt\fR config should be enabled. You may define
|
Whether or not the \fBdnscrypt\fR config should be enabled. You may define
|
||||||
@ -1475,23 +1487,24 @@ Path to the time limited secret key file. This option may be specified multiple
|
|||||||
times.
|
times.
|
||||||
.TP
|
.TP
|
||||||
.B dnscrypt\-provider\-cert: \fI<path to cert file>\fR
|
.B dnscrypt\-provider\-cert: \fI<path to cert file>\fR
|
||||||
Path to the certificate related to the \fBdnscrypt\-secret\-key\fRs. This option
|
Path to the certificate related to the \fBdnscrypt\-secret\-key\fRs.
|
||||||
may be specified multiple times.
|
This option may be specified multiple times.
|
||||||
.SS "EDNS Client Subnet Module Options"
|
.SS "EDNS Client Subnet Module Options"
|
||||||
.LP
|
.LP
|
||||||
The ECS module must be configured in the \fBmodule\-config:\fR "subnetcache
|
The ECS module must be configured in the \fBmodule\-config:\fR "subnetcache
|
||||||
validator iterator" directive and be compiled into the daemon to be
|
validator iterator" directive and be compiled into the daemon to be
|
||||||
enabled. These settings go in the \fBserver:\fR section.
|
enabled. These settings go in the \fBserver:\fR section.
|
||||||
.LP
|
.LP
|
||||||
If the destination address is whitelisted with Unbound will add the EDNS0 option
|
If the destination address is whitelisted with Unbound will add the EDNS0
|
||||||
to the query containing the relevant part of the client's address. When an
|
option to the query containing the relevant part of the client's address. When
|
||||||
answer contains the ECS option the response and the option are placed in a
|
an answer contains the ECS option the response and the option are placed in a
|
||||||
specialized cache. If the authority indicated no support, the response is stored
|
specialized cache. If the authority indicated no support, the response is
|
||||||
in the regular cache.
|
stored in the regular cache.
|
||||||
.LP
|
.LP
|
||||||
Additionally, when a client includes the option in its queries, Unbound will
|
Additionally, when a client includes the option in its queries, Unbound will
|
||||||
forward the option to the authority regardless of the authorities presence in
|
forward the option to the authority if prensent in the whitelist, or
|
||||||
the whitelist. In this case the lookup in the regular cache is skipped.
|
\fBclient\-subnet\-always\-forward\fR is set to yes. In this case the lookup in
|
||||||
|
the regular cache is skipped.
|
||||||
.LP
|
.LP
|
||||||
The maximum size of the ECS cache is controlled by 'msg-cache-size' in the
|
The maximum size of the ECS cache is controlled by 'msg-cache-size' in the
|
||||||
configuration file. On top of that, for each query only 100 different subnets
|
configuration file. On top of that, for each query only 100 different subnets
|
||||||
@ -1502,7 +1515,12 @@ entries will be purged from cache.
|
|||||||
Send client source address to this authority. Append /num to indicate a
|
Send client source address to this authority. Append /num to indicate a
|
||||||
classless delegation netblock, for example like 10.2.3.4/24 or 2001::11/64. Can
|
classless delegation netblock, for example like 10.2.3.4/24 or 2001::11/64. Can
|
||||||
be given multiple times. Authorities not listed will not receive edns-subnet
|
be given multiple times. Authorities not listed will not receive edns-subnet
|
||||||
information.
|
information, unless domain in query is specified in \fBclient\-subnet\-zone\fR.
|
||||||
|
.TP
|
||||||
|
.B client\-subnet\-zone: \fI<domain>\fR
|
||||||
|
Send client source address in queries for this domain and its subdomains. Can be
|
||||||
|
given multiple times. Zones not listed will not receive edns-subnet information,
|
||||||
|
unless hosted by authority specified in \fBsend\-client\-subnet\fR.
|
||||||
.TP
|
.TP
|
||||||
.B client\-subnet\-always\-forward: \fI<yes or no>\fR
|
.B client\-subnet\-always\-forward: \fI<yes or no>\fR
|
||||||
Specify whether the ECS whitelist check (configured using
|
Specify whether the ECS whitelist check (configured using
|
||||||
@ -1519,6 +1537,72 @@ to expose to third parties for IPv6. Defaults to 56.
|
|||||||
.B max\-client\-subnet\-ipv4: \fI<number>\fR
|
.B max\-client\-subnet\-ipv4: \fI<number>\fR
|
||||||
Specifies the maximum prefix length of the client source address we are willing
|
Specifies the maximum prefix length of the client source address we are willing
|
||||||
to expose to third parties for IPv4. Defaults to 24.
|
to expose to third parties for IPv4. Defaults to 24.
|
||||||
|
.SS "Opportunistic IPsec Support Module Options"
|
||||||
|
.LP
|
||||||
|
The IPsec module must be configured in the \fBmodule\-config:\fR "ipsecmod
|
||||||
|
validator iterator" directive and be compiled into the daemon to be
|
||||||
|
enabled. These settings go in the \fBserver:\fR section.
|
||||||
|
.LP
|
||||||
|
When unbound receives an A/AAAA query that is not in the cache and finds a
|
||||||
|
valid answer, it will withhold returning the answer and instead will generate
|
||||||
|
an IPSECKEY subquery for the same domain name. If an answer was found, unbound
|
||||||
|
will call an external hook passing the following arguments:
|
||||||
|
.TP 10
|
||||||
|
\h'5'\fIQNAME\fR
|
||||||
|
Domain name of the A/AAAA and IPSECKEY query. In string format.
|
||||||
|
.TP 10
|
||||||
|
\h'5'\fIIPSECKEY TTL\fR
|
||||||
|
TTL of the IPSECKEY RRset.
|
||||||
|
.TP 10
|
||||||
|
\h'5'\fIA/AAAA\fR
|
||||||
|
String of space separated IP addresses present in the A/AAAA RRset. The IP
|
||||||
|
addresses are in string format.
|
||||||
|
.TP 10
|
||||||
|
\h'5'\fIIPSECKEY\fR
|
||||||
|
String of space separated IPSECKEY RDATA present in the IPSECKEY RRset. The
|
||||||
|
IPSECKEY RDATA are in DNS presentation format.
|
||||||
|
.LP
|
||||||
|
The A/AAAA answer is then cached and returned to the client. If the external
|
||||||
|
hook was called the TTL changes to ensure it doesn't surpass
|
||||||
|
\fBipsecmod-max-ttl\fR.
|
||||||
|
.LP
|
||||||
|
The same procedure is also followed when \fBprefetch:\fR is used, but the
|
||||||
|
A/AAAA answer is given to the client before the hook is called.
|
||||||
|
\fBipsecmod-max-ttl\fR ensures that the A/AAAA answer given from cache is still
|
||||||
|
relevant for opportunistic IPsec.
|
||||||
|
.TP
|
||||||
|
.B ipsecmod-enabled: \fI<yes or no>\fR
|
||||||
|
Specifies whether the IPsec module is enabled or not. The IPsec module still
|
||||||
|
needs to be defined in the \fBmodule\-config:\fR directive. This option
|
||||||
|
facilitates turning on/off the module without restarting/reloading unbound.
|
||||||
|
Defaults to yes.
|
||||||
|
.TP
|
||||||
|
.B ipsecmod\-hook: \fI<filename>\fR
|
||||||
|
Specifies the external hook that unbound will call with \fIsystem\fR(3). The
|
||||||
|
file can be specified as an absolute/relative path. The file needs the proper
|
||||||
|
permissions to be able to be executed by the same user that runs unbound. It
|
||||||
|
must be present when the IPsec module is defined in the \fBmodule\-config:\fR
|
||||||
|
directive.
|
||||||
|
.TP
|
||||||
|
.B ipsecmod-strict: \fI<yes or no>\fR
|
||||||
|
If enabled unbound requires the external hook to return a success value of 0.
|
||||||
|
Failing to do so unbound will reply with SERVFAIL. The A/AAAA answer will also
|
||||||
|
not be cached. Defaults to no.
|
||||||
|
.TP
|
||||||
|
.B ipsecmod\-max-ttl: \fI<seconds>\fR
|
||||||
|
Time to live maximum for A/AAAA cached records after calling the external hook.
|
||||||
|
Defaults to 3600.
|
||||||
|
.TP
|
||||||
|
.B ipsecmod-ignore-bogus: \fI<yes or no>\fR
|
||||||
|
Specifies the behaviour of unbound when the IPSECKEY answer is bogus. If set
|
||||||
|
to yes, the hook will be called and the A/AAAA answer will be returned to the
|
||||||
|
client. If set to no, the hook will not be called and the answer to the
|
||||||
|
A/AAAA query will be SERVFAIL. Mainly used for testing. Defaults to no.
|
||||||
|
.TP
|
||||||
|
.B ipsecmod\-whitelist: \fI<domain>\fR
|
||||||
|
Whitelist the domain so that the module logic will be executed. Can
|
||||||
|
be given multiple times, for different domains. If the option is not
|
||||||
|
specified, all domains are treated as being whitelisted (default).
|
||||||
.SH "MEMORY CONTROL EXAMPLE"
|
.SH "MEMORY CONTROL EXAMPLE"
|
||||||
In the example config settings below memory usage is reduced. Some service
|
In the example config settings below memory usage is reduced. Some service
|
||||||
levels are lower, notable very large data and a high TCP load are no longer
|
levels are lower, notable very large data and a high TCP load are no longer
|
||||||
@ -1526,7 +1610,7 @@ supported. Very large data and high TCP loads are exceptional for the DNS.
|
|||||||
DNSSEC validation is enabled, just add trust anchors.
|
DNSSEC validation is enabled, just add trust anchors.
|
||||||
If you do not have to worry about programs using more than 3 Mb of memory,
|
If you do not have to worry about programs using more than 3 Mb of memory,
|
||||||
the below example is not for you. Use the defaults to receive full service,
|
the below example is not for you. Use the defaults to receive full service,
|
||||||
which on BSD\-32bit tops out at 30\-40 Mb after heavy usage.
|
which on BSD\-32bit tops out at 30\-40 Mb after heavy usage.
|
||||||
.P
|
.P
|
||||||
.nf
|
.nf
|
||||||
# example settings that reduce memory usage
|
# example settings that reduce memory usage
|
||||||
@ -1567,12 +1651,12 @@ unbound configuration file.
|
|||||||
default unbound pidfile with process ID of the running daemon.
|
default unbound pidfile with process ID of the running daemon.
|
||||||
.TP
|
.TP
|
||||||
.I unbound.log
|
.I unbound.log
|
||||||
unbound log file. default is to log to
|
unbound log file. default is to log to
|
||||||
\fIsyslog\fR(3).
|
\fIsyslog\fR(3).
|
||||||
.SH "SEE ALSO"
|
.SH "SEE ALSO"
|
||||||
\fIunbound\fR(8),
|
\fIunbound\fR(8),
|
||||||
\fIunbound\-checkconf\fR(8).
|
\fIunbound\-checkconf\fR(8).
|
||||||
.SH "AUTHORS"
|
.SH "AUTHORS"
|
||||||
.B Unbound
|
.B Unbound
|
||||||
was written by NLnet Labs. Please see CREDITS file
|
was written by NLnet Labs. Please see CREDITS file
|
||||||
in the distribution for further details.
|
in the distribution for further details.
|
||||||
|
@ -302,6 +302,7 @@ static int
|
|||||||
getbit(const addrkey_t *addr, addrlen_t addrlen, addrlen_t n)
|
getbit(const addrkey_t *addr, addrlen_t addrlen, addrlen_t n)
|
||||||
{
|
{
|
||||||
log_assert(addrlen > n);
|
log_assert(addrlen > n);
|
||||||
|
(void)addrlen;
|
||||||
return (int)(addr[n/KEYWIDTH]>>((KEYWIDTH-1)-(n%KEYWIDTH))) & 1;
|
return (int)(addr[n/KEYWIDTH]>>((KEYWIDTH-1)-(n%KEYWIDTH))) & 1;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -50,42 +50,44 @@
|
|||||||
#include "util/config_file.h"
|
#include "util/config_file.h"
|
||||||
#include "util/net_help.h"
|
#include "util/net_help.h"
|
||||||
#include "util/storage/dnstree.h"
|
#include "util/storage/dnstree.h"
|
||||||
|
#include "sldns/str2wire.h"
|
||||||
|
#include "util/data/dname.h"
|
||||||
|
|
||||||
struct ednssubnet_upstream*
|
struct ecs_whitelist*
|
||||||
upstream_create(void)
|
ecs_whitelist_create(void)
|
||||||
{
|
{
|
||||||
struct ednssubnet_upstream* upstream =
|
struct ecs_whitelist* whitelist =
|
||||||
(struct ednssubnet_upstream*)calloc(1,
|
(struct ecs_whitelist*)calloc(1,
|
||||||
sizeof(struct ednssubnet_upstream));
|
sizeof(struct ecs_whitelist));
|
||||||
if(!upstream)
|
if(!whitelist)
|
||||||
return NULL;
|
return NULL;
|
||||||
upstream->region = regional_create();
|
whitelist->region = regional_create();
|
||||||
if(!upstream->region) {
|
if(!whitelist->region) {
|
||||||
upstream_delete(upstream);
|
ecs_whitelist_delete(whitelist);
|
||||||
return NULL;
|
return NULL;
|
||||||
}
|
}
|
||||||
return upstream;
|
return whitelist;
|
||||||
}
|
}
|
||||||
|
|
||||||
void
|
void
|
||||||
upstream_delete(struct ednssubnet_upstream* upstream)
|
ecs_whitelist_delete(struct ecs_whitelist* whitelist)
|
||||||
{
|
{
|
||||||
if(!upstream)
|
if(!whitelist)
|
||||||
return;
|
return;
|
||||||
regional_destroy(upstream->region);
|
regional_destroy(whitelist->region);
|
||||||
free(upstream);
|
free(whitelist);
|
||||||
}
|
}
|
||||||
|
|
||||||
/** insert new address into upstream structure */
|
/** insert new address into whitelist structure */
|
||||||
static int
|
static int
|
||||||
upstream_insert(struct ednssubnet_upstream* upstream,
|
upstream_insert(struct ecs_whitelist* whitelist,
|
||||||
struct sockaddr_storage* addr, socklen_t addrlen, int net)
|
struct sockaddr_storage* addr, socklen_t addrlen, int net)
|
||||||
{
|
{
|
||||||
struct addr_tree_node* node = (struct addr_tree_node*)regional_alloc(
|
struct addr_tree_node* node = (struct addr_tree_node*)regional_alloc(
|
||||||
upstream->region, sizeof(*node));
|
whitelist->region, sizeof(*node));
|
||||||
if(!node)
|
if(!node)
|
||||||
return 0;
|
return 0;
|
||||||
if(!addr_tree_insert(&upstream->tree, node, addr, addrlen, net)) {
|
if(!addr_tree_insert(&whitelist->upstream, node, addr, addrlen, net)) {
|
||||||
verbose(VERB_QUERY,
|
verbose(VERB_QUERY,
|
||||||
"duplicate send-client-subnet address ignored.");
|
"duplicate send-client-subnet address ignored.");
|
||||||
}
|
}
|
||||||
@ -94,7 +96,7 @@ upstream_insert(struct ednssubnet_upstream* upstream,
|
|||||||
|
|
||||||
/** apply edns-subnet string */
|
/** apply edns-subnet string */
|
||||||
static int
|
static int
|
||||||
upstream_str_cfg(struct ednssubnet_upstream* upstream, const char* str)
|
upstream_str_cfg(struct ecs_whitelist* whitelist, const char* str)
|
||||||
{
|
{
|
||||||
struct sockaddr_storage addr;
|
struct sockaddr_storage addr;
|
||||||
int net;
|
int net;
|
||||||
@ -104,7 +106,7 @@ upstream_str_cfg(struct ednssubnet_upstream* upstream, const char* str)
|
|||||||
log_err("cannot parse send-client-subnet netblock: %s", str);
|
log_err("cannot parse send-client-subnet netblock: %s", str);
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
if(!upstream_insert(upstream, &addr, addrlen, net)) {
|
if(!upstream_insert(whitelist, &addr, addrlen, net)) {
|
||||||
log_err("out of memory");
|
log_err("out of memory");
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
@ -113,41 +115,93 @@ upstream_str_cfg(struct ednssubnet_upstream* upstream, const char* str)
|
|||||||
|
|
||||||
/** read client_subnet config */
|
/** read client_subnet config */
|
||||||
static int
|
static int
|
||||||
read_upstream(struct ednssubnet_upstream* upstream, struct config_file* cfg)
|
read_upstream(struct ecs_whitelist* whitelist, struct config_file* cfg)
|
||||||
{
|
{
|
||||||
struct config_strlist* p;
|
struct config_strlist* p;
|
||||||
for(p = cfg->client_subnet; p; p = p->next) {
|
for(p = cfg->client_subnet; p; p = p->next) {
|
||||||
log_assert(p->str);
|
log_assert(p->str);
|
||||||
if(!upstream_str_cfg(upstream, p->str))
|
if(!upstream_str_cfg(whitelist, p->str))
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
return 1;
|
return 1;
|
||||||
}
|
}
|
||||||
|
|
||||||
int
|
/** read client_subnet_zone config */
|
||||||
upstream_apply_cfg(struct ednssubnet_upstream* upstream,
|
static int
|
||||||
struct config_file* cfg)
|
read_names(struct ecs_whitelist* whitelist, struct config_file* cfg)
|
||||||
{
|
{
|
||||||
regional_free_all(upstream->region);
|
/* parse names, report errors, insert into tree */
|
||||||
addr_tree_init(&upstream->tree);
|
struct config_strlist* p;
|
||||||
if(!read_upstream(upstream, cfg))
|
struct name_tree_node* n;
|
||||||
return 0;
|
uint8_t* nm, *nmr;
|
||||||
addr_tree_init_parents(&upstream->tree);
|
size_t nm_len;
|
||||||
|
int nm_labs;
|
||||||
|
|
||||||
|
for(p = cfg->client_subnet_zone; p; p = p->next) {
|
||||||
|
log_assert(p->str);
|
||||||
|
nm = sldns_str2wire_dname(p->str, &nm_len);
|
||||||
|
if(!nm) {
|
||||||
|
log_err("cannot parse client-subnet-zone: %s", p->str);
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
nm_labs = dname_count_size_labels(nm, &nm_len);
|
||||||
|
nmr = (uint8_t*)regional_alloc_init(whitelist->region, nm,
|
||||||
|
nm_len);
|
||||||
|
free(nm);
|
||||||
|
if(!nmr) {
|
||||||
|
log_err("out of memory");
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
n = (struct name_tree_node*)regional_alloc(whitelist->region,
|
||||||
|
sizeof(*n));
|
||||||
|
if(!n) {
|
||||||
|
log_err("out of memory");
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
if(!name_tree_insert(&whitelist->dname, n, nmr, nm_len, nm_labs,
|
||||||
|
LDNS_RR_CLASS_IN)) {
|
||||||
|
verbose(VERB_QUERY, "ignoring duplicate "
|
||||||
|
"client-subnet-zone: %s", p->str);
|
||||||
|
}
|
||||||
|
}
|
||||||
return 1;
|
return 1;
|
||||||
}
|
}
|
||||||
|
|
||||||
int
|
int
|
||||||
upstream_is_whitelisted(struct ednssubnet_upstream* upstream,
|
ecs_whitelist_apply_cfg(struct ecs_whitelist* whitelist,
|
||||||
struct sockaddr_storage* addr, socklen_t addrlen)
|
struct config_file* cfg)
|
||||||
{
|
{
|
||||||
return addr_tree_lookup(&upstream->tree, addr, addrlen) != NULL;
|
regional_free_all(whitelist->region);
|
||||||
|
addr_tree_init(&whitelist->upstream);
|
||||||
|
name_tree_init(&whitelist->dname);
|
||||||
|
if(!read_upstream(whitelist, cfg))
|
||||||
|
return 0;
|
||||||
|
if(!read_names(whitelist, cfg))
|
||||||
|
return 0;
|
||||||
|
addr_tree_init_parents(&whitelist->upstream);
|
||||||
|
name_tree_init_parents(&whitelist->dname);
|
||||||
|
return 1;
|
||||||
|
}
|
||||||
|
|
||||||
|
int
|
||||||
|
ecs_is_whitelisted(struct ecs_whitelist* whitelist,
|
||||||
|
struct sockaddr_storage* addr, socklen_t addrlen, uint8_t* qname,
|
||||||
|
size_t qname_len, uint16_t qclass)
|
||||||
|
{
|
||||||
|
int labs;
|
||||||
|
if(addr_tree_lookup(&whitelist->upstream, addr, addrlen))
|
||||||
|
return 1;
|
||||||
|
/* Not in upstream whitelist, check dname whitelist. */
|
||||||
|
labs = dname_count_labels(qname);
|
||||||
|
return name_tree_lookup(&whitelist->dname, qname, qname_len, labs,
|
||||||
|
qclass) != NULL;
|
||||||
}
|
}
|
||||||
|
|
||||||
size_t
|
size_t
|
||||||
upstream_get_mem(struct ednssubnet_upstream* upstream)
|
ecs_whitelist_get_mem(struct ecs_whitelist* whitelist)
|
||||||
{
|
{
|
||||||
if(!upstream) return 0;
|
if(!whitelist) return 0;
|
||||||
return sizeof(*upstream) + regional_get_mem(upstream->region);
|
return sizeof(*whitelist) + regional_get_mem(whitelist->region);
|
||||||
}
|
}
|
||||||
|
|
||||||
#endif /* CLIENT_SUBNET */
|
#endif /* CLIENT_SUBNET */
|
||||||
|
@ -36,8 +36,8 @@
|
|||||||
/**
|
/**
|
||||||
* \file
|
* \file
|
||||||
*
|
*
|
||||||
* Keep track of the white listed servers for subnet option. Based
|
* Keep track of the white listed servers and domain names for subnet option.
|
||||||
* on acl_list.c|h
|
* Based on acl_list.c|h
|
||||||
*/
|
*/
|
||||||
|
|
||||||
#ifndef EDNSSUBNET_WHITELIST_H
|
#ifndef EDNSSUBNET_WHITELIST_H
|
||||||
@ -48,9 +48,9 @@ struct config_file;
|
|||||||
struct regional;
|
struct regional;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* ednssubnet_upstream structure
|
* ecs_whitelist structure
|
||||||
*/
|
*/
|
||||||
struct ednssubnet_upstream {
|
struct ecs_whitelist {
|
||||||
/** regional for allocation */
|
/** regional for allocation */
|
||||||
struct regional* region;
|
struct regional* region;
|
||||||
/**
|
/**
|
||||||
@ -58,45 +58,54 @@ struct ednssubnet_upstream {
|
|||||||
* contents of type addr_tree_node. Each node is an address span
|
* contents of type addr_tree_node. Each node is an address span
|
||||||
* Unbound will append subnet option for.
|
* Unbound will append subnet option for.
|
||||||
*/
|
*/
|
||||||
rbtree_type tree;
|
rbtree_type upstream;
|
||||||
|
/**
|
||||||
|
* Tree of domain names for which Unbound will append an ECS option.
|
||||||
|
* rbtree of struct name_tree_node.
|
||||||
|
*/
|
||||||
|
rbtree_type dname;
|
||||||
};
|
};
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Create ednssubnet_upstream structure
|
* Create ecs_whitelist structure
|
||||||
* @return new structure or NULL on error.
|
* @return new structure or NULL on error.
|
||||||
*/
|
*/
|
||||||
struct ednssubnet_upstream* upstream_create(void);
|
struct ecs_whitelist* ecs_whitelist_create(void);
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Delete ednssubnet_upstream structure.
|
* Delete ecs_whitelist structure.
|
||||||
* @param upstream: to delete.
|
* @param whitelist: to delete.
|
||||||
*/
|
*/
|
||||||
void upstream_delete(struct ednssubnet_upstream* upstream);
|
void ecs_whitelist_delete(struct ecs_whitelist* whitelist);
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Process ednssubnet_upstream config.
|
* Process ecs_whitelist config.
|
||||||
* @param upstream: where to store.
|
* @param whitelist: where to store.
|
||||||
* @param cfg: config options.
|
* @param cfg: config options.
|
||||||
* @return 0 on error.
|
* @return 0 on error.
|
||||||
*/
|
*/
|
||||||
int upstream_apply_cfg(struct ednssubnet_upstream* upstream,
|
int ecs_whitelist_apply_cfg(struct ecs_whitelist* whitelist,
|
||||||
struct config_file* cfg);
|
struct config_file* cfg);
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* See if an address is whitelisted.
|
* See if an address or domain is whitelisted.
|
||||||
* @param upstream: structure for address storage.
|
* @param whitelist: structure for address storage.
|
||||||
* @param addr: address to check
|
* @param addr: address to check
|
||||||
* @param addrlen: length of addr.
|
* @param addrlen: length of addr.
|
||||||
|
* @param qname: dname in query
|
||||||
|
* @param qname_len: length of dname
|
||||||
|
* @param qclass: class in query
|
||||||
* @return: true if the address is whitelisted for subnet option.
|
* @return: true if the address is whitelisted for subnet option.
|
||||||
*/
|
*/
|
||||||
int upstream_is_whitelisted(struct ednssubnet_upstream* upstream,
|
int ecs_is_whitelisted(struct ecs_whitelist* whitelist,
|
||||||
struct sockaddr_storage* addr, socklen_t addrlen);
|
struct sockaddr_storage* addr, socklen_t addrlen, uint8_t* qname,
|
||||||
|
size_t qname_len, uint16_t qclass);
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Get memory used by ednssubnet_upstream structure.
|
* Get memory used by ecs_whitelist structure.
|
||||||
* @param upstream: structure for address storage.
|
* @param whitelist: structure for address storage.
|
||||||
* @return bytes in use.
|
* @return bytes in use.
|
||||||
*/
|
*/
|
||||||
size_t upstream_get_mem(struct ednssubnet_upstream* upstream);
|
size_t ecs_whitelist_get_mem(struct ecs_whitelist* whitelist);
|
||||||
|
|
||||||
#endif /* EDNSSUBNET_WHITELIST_H */
|
#endif /* EDNSSUBNET_WHITELIST_H */
|
||||||
|
@ -135,7 +135,7 @@ ecs_opt_list_append(struct ecs_data* ecs, struct edns_option** list,
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
int ecs_whitelist_check(struct query_info* ATTR_UNUSED(qinfo),
|
int ecs_whitelist_check(struct query_info* qinfo,
|
||||||
uint16_t ATTR_UNUSED(flags), struct module_qstate* qstate,
|
uint16_t ATTR_UNUSED(flags), struct module_qstate* qstate,
|
||||||
struct sockaddr_storage* addr, socklen_t addrlen,
|
struct sockaddr_storage* addr, socklen_t addrlen,
|
||||||
uint8_t* ATTR_UNUSED(zone), size_t ATTR_UNUSED(zonelen),
|
uint8_t* ATTR_UNUSED(zone), size_t ATTR_UNUSED(zonelen),
|
||||||
@ -154,8 +154,9 @@ int ecs_whitelist_check(struct query_info* ATTR_UNUSED(qinfo),
|
|||||||
|
|
||||||
if(sq->ecs_server_out.subnet_validdata && ((sq->subnet_downstream &&
|
if(sq->ecs_server_out.subnet_validdata && ((sq->subnet_downstream &&
|
||||||
qstate->env->cfg->client_subnet_always_forward) ||
|
qstate->env->cfg->client_subnet_always_forward) ||
|
||||||
upstream_is_whitelisted(sn_env->edns_subnet_upstreams,
|
ecs_is_whitelisted(sn_env->whitelist,
|
||||||
addr, addrlen))) {
|
addr, addrlen, qinfo->qname, qinfo->qname_len,
|
||||||
|
qinfo->qclass))) {
|
||||||
/* Address on whitelist or client query contains ECS option, we
|
/* Address on whitelist or client query contains ECS option, we
|
||||||
* want to sent out ECS. Only add option if it is not already
|
* want to sent out ECS. Only add option if it is not already
|
||||||
* set. */
|
* set. */
|
||||||
@ -199,9 +200,9 @@ subnetmod_init(struct module_env *env, int id)
|
|||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
/* whitelist for edns subnet capable servers */
|
/* whitelist for edns subnet capable servers */
|
||||||
sn_env->edns_subnet_upstreams = upstream_create();
|
sn_env->whitelist = ecs_whitelist_create();
|
||||||
if(!sn_env->edns_subnet_upstreams ||
|
if(!sn_env->whitelist ||
|
||||||
!upstream_apply_cfg(sn_env->edns_subnet_upstreams, env->cfg)) {
|
!ecs_whitelist_apply_cfg(sn_env->whitelist, env->cfg)) {
|
||||||
log_err("subnet: could not create ECS whitelist");
|
log_err("subnet: could not create ECS whitelist");
|
||||||
slabhash_delete(sn_env->subnet_msg_cache);
|
slabhash_delete(sn_env->subnet_msg_cache);
|
||||||
free(sn_env);
|
free(sn_env);
|
||||||
@ -217,7 +218,7 @@ subnetmod_init(struct module_env *env, int id)
|
|||||||
env->cfg->client_subnet_always_forward /* bypass cache */,
|
env->cfg->client_subnet_always_forward /* bypass cache */,
|
||||||
0 /* no aggregation */, env)) {
|
0 /* no aggregation */, env)) {
|
||||||
log_err("subnet: could not register opcode");
|
log_err("subnet: could not register opcode");
|
||||||
upstream_delete(sn_env->edns_subnet_upstreams);
|
ecs_whitelist_delete(sn_env->whitelist);
|
||||||
slabhash_delete(sn_env->subnet_msg_cache);
|
slabhash_delete(sn_env->subnet_msg_cache);
|
||||||
free(sn_env);
|
free(sn_env);
|
||||||
env->modinfo[id] = NULL;
|
env->modinfo[id] = NULL;
|
||||||
@ -243,7 +244,8 @@ subnetmod_deinit(struct module_env *env, int id)
|
|||||||
lock_rw_destroy(&sn_env->biglock);
|
lock_rw_destroy(&sn_env->biglock);
|
||||||
inplace_cb_delete(env, inplace_cb_edns_back_parsed, id);
|
inplace_cb_delete(env, inplace_cb_edns_back_parsed, id);
|
||||||
inplace_cb_delete(env, inplace_cb_query, id);
|
inplace_cb_delete(env, inplace_cb_query, id);
|
||||||
upstream_delete(sn_env->edns_subnet_upstreams);
|
inplace_cb_delete(env, inplace_cb_query_response, id);
|
||||||
|
ecs_whitelist_delete(sn_env->whitelist);
|
||||||
slabhash_delete(sn_env->subnet_msg_cache);
|
slabhash_delete(sn_env->subnet_msg_cache);
|
||||||
alloc_clear(&sn_env->alloc);
|
alloc_clear(&sn_env->alloc);
|
||||||
free(sn_env);
|
free(sn_env);
|
||||||
@ -781,7 +783,7 @@ subnetmod_get_mem(struct module_env *env, int id)
|
|||||||
if (!sn_env) return 0;
|
if (!sn_env) return 0;
|
||||||
return sizeof(*sn_env) +
|
return sizeof(*sn_env) +
|
||||||
slabhash_get_mem(sn_env->subnet_msg_cache) +
|
slabhash_get_mem(sn_env->subnet_msg_cache) +
|
||||||
upstream_get_mem(sn_env->edns_subnet_upstreams);
|
ecs_whitelist_get_mem(sn_env->whitelist);
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
@ -57,7 +57,7 @@ struct subnet_env {
|
|||||||
* data: struct subnet_msg_cache_data* */
|
* data: struct subnet_msg_cache_data* */
|
||||||
struct slabhash* subnet_msg_cache;
|
struct slabhash* subnet_msg_cache;
|
||||||
/** access control, which upstream servers we send client address */
|
/** access control, which upstream servers we send client address */
|
||||||
struct ednssubnet_upstream* edns_subnet_upstreams;
|
struct ecs_whitelist* whitelist;
|
||||||
/** allocation service */
|
/** allocation service */
|
||||||
struct alloc_cache alloc;
|
struct alloc_cache alloc;
|
||||||
lock_rw_type biglock;
|
lock_rw_type biglock;
|
||||||
|
158
ipsecmod/ipsecmod-whitelist.c
Normal file
158
ipsecmod/ipsecmod-whitelist.c
Normal file
@ -0,0 +1,158 @@
|
|||||||
|
/*
|
||||||
|
* ipsecmod/ipsecmod-whitelist.h - White listed domains for the ipsecmod to
|
||||||
|
* operate on.
|
||||||
|
*
|
||||||
|
* Copyright (c) 2017, NLnet Labs. All rights reserved.
|
||||||
|
*
|
||||||
|
* This software is open source.
|
||||||
|
*
|
||||||
|
* Redistribution and use in source and binary forms, with or without
|
||||||
|
* modification, are permitted provided that the following conditions
|
||||||
|
* are met:
|
||||||
|
*
|
||||||
|
* Redistributions of source code must retain the above copyright notice,
|
||||||
|
* this list of conditions and the following disclaimer.
|
||||||
|
*
|
||||||
|
* Redistributions in binary form must reproduce the above copyright notice,
|
||||||
|
* this list of conditions and the following disclaimer in the documentation
|
||||||
|
* and/or other materials provided with the distribution.
|
||||||
|
*
|
||||||
|
* Neither the name of the NLNET LABS nor the names of its contributors may
|
||||||
|
* be used to endorse or promote products derived from this software without
|
||||||
|
* specific prior written permission.
|
||||||
|
*
|
||||||
|
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
|
||||||
|
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
|
||||||
|
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
|
||||||
|
* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
|
||||||
|
* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
|
||||||
|
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
|
||||||
|
* TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
|
||||||
|
* PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
|
||||||
|
* LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
|
||||||
|
* NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
|
||||||
|
* SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||||
|
*/
|
||||||
|
/**
|
||||||
|
* \file
|
||||||
|
*
|
||||||
|
* Keep track of the white listed domains for ipsecmod.
|
||||||
|
*/
|
||||||
|
|
||||||
|
#include "config.h"
|
||||||
|
|
||||||
|
#ifdef USE_IPSECMOD
|
||||||
|
#include "ipsecmod/ipsecmod.h"
|
||||||
|
#include "ipsecmod/ipsecmod-whitelist.h"
|
||||||
|
#include "util/regional.h"
|
||||||
|
#include "util/log.h"
|
||||||
|
#include "util/config_file.h"
|
||||||
|
#include "util/rbtree.h"
|
||||||
|
#include "util/data/dname.h"
|
||||||
|
#include "util/storage/dnstree.h"
|
||||||
|
#include "sldns/str2wire.h"
|
||||||
|
|
||||||
|
/** Apply ipsecmod-whitelist string. */
|
||||||
|
static int
|
||||||
|
whitelist_str_cfg(rbtree_type* whitelist, const char* name)
|
||||||
|
{
|
||||||
|
struct name_tree_node* n;
|
||||||
|
size_t len;
|
||||||
|
uint8_t* nm = sldns_str2wire_dname(name, &len);
|
||||||
|
if(!nm) {
|
||||||
|
log_err("ipsecmod: could not parse %s for whitelist.", name);
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
n = (struct name_tree_node*)calloc(1, sizeof(*n));
|
||||||
|
if(!n) {
|
||||||
|
log_err("ipsecmod: out of memory while creating whitelist.");
|
||||||
|
free(nm);
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
n->node.key = n;
|
||||||
|
n->name = nm;
|
||||||
|
n->len = len;
|
||||||
|
n->labs = dname_count_labels(nm);
|
||||||
|
n->dclass = LDNS_RR_CLASS_IN;
|
||||||
|
if(!name_tree_insert(whitelist, n, nm, len, n->labs, n->dclass)) {
|
||||||
|
/* duplicate element ignored, idempotent */
|
||||||
|
free(n->name);
|
||||||
|
free(n);
|
||||||
|
}
|
||||||
|
return 1;
|
||||||
|
}
|
||||||
|
|
||||||
|
/** Read ipsecmod-whitelist config. */
|
||||||
|
static int
|
||||||
|
read_whitelist(rbtree_type* whitelist, struct config_file* cfg)
|
||||||
|
{
|
||||||
|
struct config_strlist* p;
|
||||||
|
for(p = cfg->ipsecmod_whitelist; p; p = p->next) {
|
||||||
|
log_assert(p->str);
|
||||||
|
if(!whitelist_str_cfg(whitelist, p->str))
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
return 1;
|
||||||
|
}
|
||||||
|
|
||||||
|
int
|
||||||
|
ipsecmod_whitelist_apply_cfg(struct ipsecmod_env* ie,
|
||||||
|
struct config_file* cfg)
|
||||||
|
{
|
||||||
|
ie->whitelist = rbtree_create(name_tree_compare);
|
||||||
|
if(!read_whitelist(ie->whitelist, cfg))
|
||||||
|
return 0;
|
||||||
|
name_tree_init_parents(ie->whitelist);
|
||||||
|
return 1;
|
||||||
|
}
|
||||||
|
|
||||||
|
/** Delete ipsecmod_env->whitelist element. */
|
||||||
|
static void
|
||||||
|
whitelist_free(struct rbnode_type* n, void* ATTR_UNUSED(d))
|
||||||
|
{
|
||||||
|
if(n) {
|
||||||
|
free(((struct name_tree_node*)n)->name);
|
||||||
|
free(n);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
/** Get memory usage of ipsecmod_env->whitelist element. */
|
||||||
|
static void
|
||||||
|
whitelist_get_mem(struct rbnode_type* n, void* arg)
|
||||||
|
{
|
||||||
|
struct name_tree_node* node = (struct name_tree_node*)n;
|
||||||
|
size_t* size = (size_t*) arg;
|
||||||
|
if(node) {
|
||||||
|
*size += sizeof(node) + node->len;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
void
|
||||||
|
ipsecmod_whitelist_delete(rbtree_type* whitelist)
|
||||||
|
{
|
||||||
|
if(whitelist) {
|
||||||
|
traverse_postorder(whitelist, whitelist_free, NULL);
|
||||||
|
free(whitelist);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
int
|
||||||
|
ipsecmod_domain_is_whitelisted(struct ipsecmod_env* ie, uint8_t* dname,
|
||||||
|
size_t dname_len, uint16_t qclass)
|
||||||
|
{
|
||||||
|
if(!ie->whitelist) return 1; /* No whitelist, treat as whitelisted. */
|
||||||
|
return name_tree_lookup(ie->whitelist, dname, dname_len,
|
||||||
|
dname_count_labels(dname), qclass) != NULL;
|
||||||
|
}
|
||||||
|
|
||||||
|
size_t
|
||||||
|
ipsecmod_whitelist_get_mem(rbtree_type* whitelist)
|
||||||
|
{
|
||||||
|
size_t size = 0;
|
||||||
|
if(whitelist) {
|
||||||
|
traverse_postorder(whitelist, whitelist_get_mem, &size);
|
||||||
|
}
|
||||||
|
return size;
|
||||||
|
}
|
||||||
|
|
||||||
|
#endif /* USE_IPSECMOD */
|
82
ipsecmod/ipsecmod-whitelist.h
Normal file
82
ipsecmod/ipsecmod-whitelist.h
Normal file
@ -0,0 +1,82 @@
|
|||||||
|
/*
|
||||||
|
* ipsecmod/ipsecmod-whitelist.h - White listed domains for the ipsecmod to
|
||||||
|
* operate on.
|
||||||
|
*
|
||||||
|
* Copyright (c) 2017, NLnet Labs. All rights reserved.
|
||||||
|
*
|
||||||
|
* This software is open source.
|
||||||
|
*
|
||||||
|
* Redistribution and use in source and binary forms, with or without
|
||||||
|
* modification, are permitted provided that the following conditions
|
||||||
|
* are met:
|
||||||
|
*
|
||||||
|
* Redistributions of source code must retain the above copyright notice,
|
||||||
|
* this list of conditions and the following disclaimer.
|
||||||
|
*
|
||||||
|
* Redistributions in binary form must reproduce the above copyright notice,
|
||||||
|
* this list of conditions and the following disclaimer in the documentation
|
||||||
|
* and/or other materials provided with the distribution.
|
||||||
|
*
|
||||||
|
* Neither the name of the NLNET LABS nor the names of its contributors may
|
||||||
|
* be used to endorse or promote products derived from this software without
|
||||||
|
* specific prior written permission.
|
||||||
|
*
|
||||||
|
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
|
||||||
|
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
|
||||||
|
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
|
||||||
|
* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
|
||||||
|
* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
|
||||||
|
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
|
||||||
|
* TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
|
||||||
|
* PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
|
||||||
|
* LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
|
||||||
|
* NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
|
||||||
|
* SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||||
|
*/
|
||||||
|
/**
|
||||||
|
* \file
|
||||||
|
*
|
||||||
|
* Keep track of the white listed domains for ipsecmod.
|
||||||
|
*/
|
||||||
|
|
||||||
|
#ifndef IPSECMOD_WHITELIST_H
|
||||||
|
#define IPSECMOD_WHITELIST_H
|
||||||
|
#include "util/storage/dnstree.h"
|
||||||
|
|
||||||
|
struct config_file;
|
||||||
|
struct regional;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Process ipsecmod_whitelist config.
|
||||||
|
* @param ie: ipsecmod environment.
|
||||||
|
* @param cfg: config options.
|
||||||
|
* @return 0 on error.
|
||||||
|
*/
|
||||||
|
int ipsecmod_whitelist_apply_cfg(struct ipsecmod_env* ie,
|
||||||
|
struct config_file* cfg);
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Delete the ipsecmod whitelist.
|
||||||
|
* @param whitelist: ipsecmod whitelist.
|
||||||
|
*/
|
||||||
|
void ipsecmod_whitelist_delete(rbtree_type* whitelist);
|
||||||
|
|
||||||
|
/**
|
||||||
|
* See if a domain is whitelisted.
|
||||||
|
* @param ie: ipsecmod environment.
|
||||||
|
* @param dname: domain name to check.
|
||||||
|
* @param dname_len: length of domain name.
|
||||||
|
* @param qclass: query CLASS.
|
||||||
|
* @return: true if the domain is whitelisted for the ipsecmod.
|
||||||
|
*/
|
||||||
|
int ipsecmod_domain_is_whitelisted(struct ipsecmod_env* ie, uint8_t* dname,
|
||||||
|
size_t dname_len, uint16_t qclass);
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Get memory used by ipsecmod whitelist.
|
||||||
|
* @param whitelist: structure for domain storage.
|
||||||
|
* @return bytes in use.
|
||||||
|
*/
|
||||||
|
size_t ipsecmod_whitelist_get_mem(rbtree_type* whitelist);
|
||||||
|
|
||||||
|
#endif /* IPSECMOD_WHITELIST_H */
|
515
ipsecmod/ipsecmod.c
Normal file
515
ipsecmod/ipsecmod.c
Normal file
@ -0,0 +1,515 @@
|
|||||||
|
/*
|
||||||
|
* ipsecmod/ipsecmod.c - facilitate opportunistic IPsec module
|
||||||
|
*
|
||||||
|
* Copyright (c) 2017, NLnet Labs. All rights reserved.
|
||||||
|
*
|
||||||
|
* This software is open source.
|
||||||
|
*
|
||||||
|
* Redistribution and use in source and binary forms, with or without
|
||||||
|
* modification, are permitted provided that the following conditions
|
||||||
|
* are met:
|
||||||
|
*
|
||||||
|
* Redistributions of source code must retain the above copyright notice,
|
||||||
|
* this list of conditions and the following disclaimer.
|
||||||
|
*
|
||||||
|
* Redistributions in binary form must reproduce the above copyright notice,
|
||||||
|
* this list of conditions and the following disclaimer in the documentation
|
||||||
|
* and/or other materials provided with the distribution.
|
||||||
|
*
|
||||||
|
* Neither the name of the NLNET LABS nor the names of its contributors may
|
||||||
|
* be used to endorse or promote products derived from this software without
|
||||||
|
* specific prior written permission.
|
||||||
|
*
|
||||||
|
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
|
||||||
|
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
|
||||||
|
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
|
||||||
|
* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
|
||||||
|
* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
|
||||||
|
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
|
||||||
|
* TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
|
||||||
|
* PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
|
||||||
|
* LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
|
||||||
|
* NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
|
||||||
|
* SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||||
|
*/
|
||||||
|
|
||||||
|
/**
|
||||||
|
* \file
|
||||||
|
*
|
||||||
|
* This file contains a module that facilitates opportunistic IPsec. It does so
|
||||||
|
* by also quering for the IPSECKEY for A/AAAA queries and calling a
|
||||||
|
* configurable hook (eg. signaling an IKE daemon) before replying.
|
||||||
|
*/
|
||||||
|
|
||||||
|
#include "config.h"
|
||||||
|
#ifdef USE_IPSECMOD
|
||||||
|
#include "ipsecmod/ipsecmod.h"
|
||||||
|
#include "ipsecmod/ipsecmod-whitelist.h"
|
||||||
|
#include "util/fptr_wlist.h"
|
||||||
|
#include "util/regional.h"
|
||||||
|
#include "util/net_help.h"
|
||||||
|
#include "util/config_file.h"
|
||||||
|
#include "services/cache/dns.h"
|
||||||
|
#include "sldns/wire2str.h"
|
||||||
|
|
||||||
|
/** Apply configuration to ipsecmod module 'global' state. */
|
||||||
|
static int
|
||||||
|
ipsecmod_apply_cfg(struct ipsecmod_env* ipsecmod_env, struct config_file* cfg)
|
||||||
|
{
|
||||||
|
if(!cfg->ipsecmod_hook || (cfg->ipsecmod_hook && !cfg->ipsecmod_hook[0])) {
|
||||||
|
log_err("ipsecmod: missing ipsecmod-hook.");
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
if(cfg->ipsecmod_whitelist &&
|
||||||
|
!ipsecmod_whitelist_apply_cfg(ipsecmod_env, cfg))
|
||||||
|
return 0;
|
||||||
|
return 1;
|
||||||
|
}
|
||||||
|
|
||||||
|
int
|
||||||
|
ipsecmod_init(struct module_env* env, int id)
|
||||||
|
{
|
||||||
|
struct ipsecmod_env* ipsecmod_env = (struct ipsecmod_env*)calloc(1,
|
||||||
|
sizeof(struct ipsecmod_env));
|
||||||
|
if(!ipsecmod_env) {
|
||||||
|
log_err("malloc failure");
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
env->modinfo[id] = (void*)ipsecmod_env;
|
||||||
|
ipsecmod_env->whitelist = NULL;
|
||||||
|
if(!ipsecmod_apply_cfg(ipsecmod_env, env->cfg)) {
|
||||||
|
log_err("ipsecmod: could not apply configuration settings.");
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
return 1;
|
||||||
|
}
|
||||||
|
|
||||||
|
void
|
||||||
|
ipsecmod_deinit(struct module_env* env, int id)
|
||||||
|
{
|
||||||
|
struct ipsecmod_env* ipsecmod_env;
|
||||||
|
if(!env || !env->modinfo[id])
|
||||||
|
return;
|
||||||
|
ipsecmod_env = (struct ipsecmod_env*)env->modinfo[id];
|
||||||
|
/* Free contents. */
|
||||||
|
ipsecmod_whitelist_delete(ipsecmod_env->whitelist);
|
||||||
|
free(ipsecmod_env);
|
||||||
|
env->modinfo[id] = NULL;
|
||||||
|
}
|
||||||
|
|
||||||
|
/** New query for ipsecmod. */
|
||||||
|
static int
|
||||||
|
ipsecmod_new(struct module_qstate* qstate, int id)
|
||||||
|
{
|
||||||
|
struct ipsecmod_qstate* iq = (struct ipsecmod_qstate*)regional_alloc(
|
||||||
|
qstate->region, sizeof(struct ipsecmod_qstate));
|
||||||
|
memset(iq, 0, sizeof(*iq));
|
||||||
|
qstate->minfo[id] = iq;
|
||||||
|
if(!iq)
|
||||||
|
return 0;
|
||||||
|
/* Initialise it. */
|
||||||
|
iq->enabled = qstate->env->cfg->ipsecmod_enabled;
|
||||||
|
iq->is_whitelisted = ipsecmod_domain_is_whitelisted(
|
||||||
|
(struct ipsecmod_env*)qstate->env->modinfo[id], qstate->qinfo.qname,
|
||||||
|
qstate->qinfo.qname_len, qstate->qinfo.qclass);
|
||||||
|
return 1;
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Exit module with an error status.
|
||||||
|
* @param qstate: query state
|
||||||
|
* @param id: module id.
|
||||||
|
*/
|
||||||
|
static void
|
||||||
|
ipsecmod_error(struct module_qstate* qstate, int id)
|
||||||
|
{
|
||||||
|
qstate->ext_state[id] = module_error;
|
||||||
|
qstate->return_rcode = LDNS_RCODE_SERVFAIL;
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Generate a request for the IPSECKEY.
|
||||||
|
*
|
||||||
|
* @param qstate: query state that is the parent.
|
||||||
|
* @param id: module id.
|
||||||
|
* @param name: what name to query for.
|
||||||
|
* @param namelen: length of name.
|
||||||
|
* @param qtype: query type.
|
||||||
|
* @param qclass: query class.
|
||||||
|
* @param flags: additional flags, such as the CD bit (BIT_CD), or 0.
|
||||||
|
* @return false on alloc failure.
|
||||||
|
*/
|
||||||
|
static int
|
||||||
|
generate_request(struct module_qstate* qstate, int id, uint8_t* name,
|
||||||
|
size_t namelen, uint16_t qtype, uint16_t qclass, uint16_t flags)
|
||||||
|
{
|
||||||
|
struct module_qstate* newq;
|
||||||
|
struct query_info ask;
|
||||||
|
ask.qname = name;
|
||||||
|
ask.qname_len = namelen;
|
||||||
|
ask.qtype = qtype;
|
||||||
|
ask.qclass = qclass;
|
||||||
|
ask.local_alias = NULL;
|
||||||
|
log_query_info(VERB_ALGO, "ipsecmod: generate request", &ask);
|
||||||
|
fptr_ok(fptr_whitelist_modenv_attach_sub(qstate->env->attach_sub));
|
||||||
|
if(!(*qstate->env->attach_sub)(qstate, &ask,
|
||||||
|
(uint16_t)(BIT_RD|flags), 0, 0, &newq)){
|
||||||
|
log_err("Could not generate request: out of memory");
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
qstate->ext_state[id] = module_wait_subquery;
|
||||||
|
return 1;
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Prepare the data and call the hook.
|
||||||
|
*
|
||||||
|
* @param qstate: query state.
|
||||||
|
* @param iq: ipsecmod qstate.
|
||||||
|
* @param ie: ipsecmod environment.
|
||||||
|
* @return true on success, false otherwise.
|
||||||
|
*/
|
||||||
|
static int
|
||||||
|
call_hook(struct module_qstate* qstate, struct ipsecmod_qstate* iq,
|
||||||
|
struct ipsecmod_env* ATTR_UNUSED(ie))
|
||||||
|
{
|
||||||
|
size_t slen, tempdata_len, tempstring_len, i;
|
||||||
|
char str[65535], *s, *tempstring;
|
||||||
|
int w;
|
||||||
|
struct ub_packed_rrset_key* rrset_key;
|
||||||
|
struct packed_rrset_data* rrset_data;
|
||||||
|
uint8_t *tempdata;
|
||||||
|
|
||||||
|
/* Check if a shell is available */
|
||||||
|
if(system(NULL) == 0) {
|
||||||
|
log_err("ipsecmod: no shell available for ipsecmod-hook");
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
|
||||||
|
/* Zero the buffer. */
|
||||||
|
s = str;
|
||||||
|
slen = sizeof(str);
|
||||||
|
memset(s, 0, slen);
|
||||||
|
|
||||||
|
/* Copy the hook into the buffer. */
|
||||||
|
sldns_str_print(&s, &slen, "%s", qstate->env->cfg->ipsecmod_hook);
|
||||||
|
/* Put space into the buffer. */
|
||||||
|
sldns_str_print(&s, &slen, " ");
|
||||||
|
/* Copy the qname into the buffer. */
|
||||||
|
tempstring = sldns_wire2str_dname(qstate->qinfo.qname,
|
||||||
|
qstate->qinfo.qname_len);
|
||||||
|
if(!tempstring) {
|
||||||
|
log_err("ipsecmod: out of memory when calling the hook");
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
sldns_str_print(&s, &slen, "\"%s\"", tempstring);
|
||||||
|
free(tempstring);
|
||||||
|
/* Put space into the buffer. */
|
||||||
|
sldns_str_print(&s, &slen, " ");
|
||||||
|
/* Copy the IPSECKEY TTL into the buffer. */
|
||||||
|
rrset_data = (struct packed_rrset_data*)iq->ipseckey_rrset->entry.data;
|
||||||
|
sldns_str_print(&s, &slen, "\"%ld\"", (long)rrset_data->ttl);
|
||||||
|
/* Put space into the buffer. */
|
||||||
|
sldns_str_print(&s, &slen, " ");
|
||||||
|
/* Copy the A/AAAA record(s) into the buffer. Start and end this section
|
||||||
|
* with a double quote. */
|
||||||
|
rrset_key = reply_find_answer_rrset(&qstate->return_msg->qinfo,
|
||||||
|
qstate->return_msg->rep);
|
||||||
|
rrset_data = (struct packed_rrset_data*)rrset_key->entry.data;
|
||||||
|
sldns_str_print(&s, &slen, "\"");
|
||||||
|
for(i=0; i<rrset_data->count; i++) {
|
||||||
|
if(i > 0) {
|
||||||
|
/* Put space into the buffer. */
|
||||||
|
sldns_str_print(&s, &slen, " ");
|
||||||
|
}
|
||||||
|
/* Ignore the first two bytes, they are the rr_data len. */
|
||||||
|
w = sldns_wire2str_rdata_buf(rrset_data->rr_data[i] + 2,
|
||||||
|
rrset_data->rr_len[i] - 2, s, slen, qstate->qinfo.qtype);
|
||||||
|
if(w < 0) {
|
||||||
|
/* Error in printout. */
|
||||||
|
return -1;
|
||||||
|
} else if((size_t)w >= slen) {
|
||||||
|
s = NULL; /* We do not want str to point outside of buffer. */
|
||||||
|
slen = 0;
|
||||||
|
return -1;
|
||||||
|
} else {
|
||||||
|
s += w;
|
||||||
|
slen -= w;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
sldns_str_print(&s, &slen, "\"");
|
||||||
|
/* Put space into the buffer. */
|
||||||
|
sldns_str_print(&s, &slen, " ");
|
||||||
|
/* Copy the IPSECKEY record(s) into the buffer. Start and end this section
|
||||||
|
* with a double quote. */
|
||||||
|
sldns_str_print(&s, &slen, "\"");
|
||||||
|
rrset_data = (struct packed_rrset_data*)iq->ipseckey_rrset->entry.data;
|
||||||
|
for(i=0; i<rrset_data->count; i++) {
|
||||||
|
if(i > 0) {
|
||||||
|
/* Put space into the buffer. */
|
||||||
|
sldns_str_print(&s, &slen, " ");
|
||||||
|
}
|
||||||
|
/* Ignore the first two bytes, they are the rr_data len. */
|
||||||
|
tempdata = rrset_data->rr_data[i] + 2;
|
||||||
|
tempdata_len = rrset_data->rr_len[i] - 2;
|
||||||
|
/* Save the buffer pointers. */
|
||||||
|
tempstring = s; tempstring_len = slen;
|
||||||
|
w = sldns_wire2str_ipseckey_scan(&tempdata, &tempdata_len, &s, &slen,
|
||||||
|
NULL, 0);
|
||||||
|
/* There was an error when parsing the IPSECKEY; reset the buffer
|
||||||
|
* pointers to their previous values. */
|
||||||
|
if(w == -1){
|
||||||
|
s = tempstring; slen = tempstring_len;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
sldns_str_print(&s, &slen, "\"");
|
||||||
|
verbose(VERB_ALGO, "ipsecmod: hook command: '%s'", str);
|
||||||
|
/* ipsecmod-hook should return 0 on success. */
|
||||||
|
if(system(str) != 0)
|
||||||
|
return 0;
|
||||||
|
return 1;
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Handle an ipsecmod module event with a query
|
||||||
|
* @param qstate: query state (from the mesh), passed between modules.
|
||||||
|
* contains qstate->env module environment with global caches and so on.
|
||||||
|
* @param iq: query state specific for this module. per-query.
|
||||||
|
* @param ie: environment specific for this module. global.
|
||||||
|
* @param id: module id.
|
||||||
|
*/
|
||||||
|
static void
|
||||||
|
ipsecmod_handle_query(struct module_qstate* qstate,
|
||||||
|
struct ipsecmod_qstate* iq, struct ipsecmod_env* ie, int id)
|
||||||
|
{
|
||||||
|
struct ub_packed_rrset_key* rrset_key;
|
||||||
|
struct packed_rrset_data* rrset_data;
|
||||||
|
size_t i;
|
||||||
|
/* Pass to next module if we are not enabled and whitelisted. */
|
||||||
|
if(!(iq->enabled && iq->is_whitelisted)) {
|
||||||
|
qstate->ext_state[id] = module_wait_module;
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
/* New query, check if the query is for an A/AAAA record and disable
|
||||||
|
* caching for other modules. */
|
||||||
|
if(!iq->ipseckey_done) {
|
||||||
|
if(qstate->qinfo.qtype == LDNS_RR_TYPE_A ||
|
||||||
|
qstate->qinfo.qtype == LDNS_RR_TYPE_AAAA) {
|
||||||
|
char type[16];
|
||||||
|
sldns_wire2str_type_buf(qstate->qinfo.qtype, type,
|
||||||
|
sizeof(type));
|
||||||
|
verbose(VERB_ALGO, "ipsecmod: query for %s; engaging",
|
||||||
|
type);
|
||||||
|
qstate->no_cache_store = 1;
|
||||||
|
}
|
||||||
|
/* Pass request to next module. */
|
||||||
|
qstate->ext_state[id] = module_wait_module;
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
/* IPSECKEY subquery is finished. */
|
||||||
|
/* We have an IPSECKEY answer. */
|
||||||
|
if(iq->ipseckey_rrset) {
|
||||||
|
rrset_data = (struct packed_rrset_data*)iq->ipseckey_rrset->entry.data;
|
||||||
|
if(rrset_data) {
|
||||||
|
/* If bogus return SERVFAIL. */
|
||||||
|
if(!qstate->env->cfg->ipsecmod_ignore_bogus &&
|
||||||
|
rrset_data->security == sec_status_bogus) {
|
||||||
|
log_err("ipsecmod: bogus IPSECKEY");
|
||||||
|
ipsecmod_error(qstate, id);
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
/* We have a valid IPSECKEY reply, call hook. */
|
||||||
|
if(!call_hook(qstate, iq, ie) &&
|
||||||
|
qstate->env->cfg->ipsecmod_strict) {
|
||||||
|
log_err("ipsecmod: ipsecmod-hook failed");
|
||||||
|
ipsecmod_error(qstate, id);
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
/* Make sure the A/AAAA's TTL is equal/less than the
|
||||||
|
* ipsecmod_max_ttl. */
|
||||||
|
rrset_key = reply_find_answer_rrset(&qstate->return_msg->qinfo,
|
||||||
|
qstate->return_msg->rep);
|
||||||
|
rrset_data = (struct packed_rrset_data*)rrset_key->entry.data;
|
||||||
|
if(rrset_data->ttl > (time_t)qstate->env->cfg->ipsecmod_max_ttl) {
|
||||||
|
/* Update TTL for rrset to fixed value. */
|
||||||
|
rrset_data->ttl = qstate->env->cfg->ipsecmod_max_ttl;
|
||||||
|
for(i=0; i<rrset_data->count+rrset_data->rrsig_count; i++)
|
||||||
|
rrset_data->rr_ttl[i] = qstate->env->cfg->ipsecmod_max_ttl;
|
||||||
|
/* Also update reply_info's TTL */
|
||||||
|
if(qstate->return_msg->rep->ttl > (time_t)qstate->env->cfg->ipsecmod_max_ttl) {
|
||||||
|
qstate->return_msg->rep->ttl =
|
||||||
|
qstate->env->cfg->ipsecmod_max_ttl;
|
||||||
|
qstate->return_msg->rep->prefetch_ttl = PREFETCH_TTL_CALC(
|
||||||
|
qstate->return_msg->rep->ttl);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
/* Store A/AAAA in cache. */
|
||||||
|
if(!dns_cache_store(qstate->env, &qstate->qinfo,
|
||||||
|
qstate->return_msg->rep, 0, qstate->prefetch_leeway,
|
||||||
|
0, qstate->region, qstate->query_flags)) {
|
||||||
|
log_err("ipsecmod: out of memory caching record");
|
||||||
|
}
|
||||||
|
qstate->ext_state[id] = module_finished;
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Handle an ipsecmod module event with a response from the iterator.
|
||||||
|
* @param qstate: query state (from the mesh), passed between modules.
|
||||||
|
* contains qstate->env module environment with global caches and so on.
|
||||||
|
* @param iq: query state specific for this module. per-query.
|
||||||
|
* @param ie: environment specific for this module. global.
|
||||||
|
* @param id: module id.
|
||||||
|
*/
|
||||||
|
static void
|
||||||
|
ipsecmod_handle_response(struct module_qstate* qstate,
|
||||||
|
struct ipsecmod_qstate* ATTR_UNUSED(iq),
|
||||||
|
struct ipsecmod_env* ATTR_UNUSED(ie), int id)
|
||||||
|
{
|
||||||
|
/* Pass to previous module if we are not enabled and whitelisted. */
|
||||||
|
if(!(iq->enabled && iq->is_whitelisted)) {
|
||||||
|
qstate->ext_state[id] = module_finished;
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
/* check if the response is for an A/AAAA query. */
|
||||||
|
if((qstate->qinfo.qtype == LDNS_RR_TYPE_A ||
|
||||||
|
qstate->qinfo.qtype == LDNS_RR_TYPE_AAAA) &&
|
||||||
|
/* check that we had an answer for the A/AAAA query. */
|
||||||
|
qstate->return_msg &&
|
||||||
|
reply_find_answer_rrset(&qstate->return_msg->qinfo,
|
||||||
|
qstate->return_msg->rep) &&
|
||||||
|
/* check that another module didn't SERVFAIL. */
|
||||||
|
qstate->return_rcode == LDNS_RCODE_NOERROR) {
|
||||||
|
char type[16];
|
||||||
|
sldns_wire2str_type_buf(qstate->qinfo.qtype, type,
|
||||||
|
sizeof(type));
|
||||||
|
verbose(VERB_ALGO, "ipsecmod: response for %s; generating IPSECKEY "
|
||||||
|
"subquery", type);
|
||||||
|
/* generate an IPSECKEY query. */
|
||||||
|
if(!generate_request(qstate, id, qstate->qinfo.qname,
|
||||||
|
qstate->qinfo.qname_len, LDNS_RR_TYPE_IPSECKEY,
|
||||||
|
qstate->qinfo.qclass, 0)) {
|
||||||
|
log_err("ipsecmod: could not generate subquery.");
|
||||||
|
ipsecmod_error(qstate, id);
|
||||||
|
}
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
/* we are done with the query. */
|
||||||
|
qstate->ext_state[id] = module_finished;
|
||||||
|
}
|
||||||
|
|
||||||
|
void
|
||||||
|
ipsecmod_operate(struct module_qstate* qstate, enum module_ev event, int id,
|
||||||
|
struct outbound_entry* outbound)
|
||||||
|
{
|
||||||
|
struct ipsecmod_env* ie = (struct ipsecmod_env*)qstate->env->modinfo[id];
|
||||||
|
struct ipsecmod_qstate* iq = (struct ipsecmod_qstate*)qstate->minfo[id];
|
||||||
|
verbose(VERB_QUERY, "ipsecmod[module %d] operate: extstate:%s event:%s",
|
||||||
|
id, strextstate(qstate->ext_state[id]), strmodulevent(event));
|
||||||
|
if(iq) log_query_info(VERB_QUERY, "ipsecmod operate: query",
|
||||||
|
&qstate->qinfo);
|
||||||
|
|
||||||
|
/* create ipsecmod_qstate. */
|
||||||
|
if((event == module_event_new || event == module_event_pass) &&
|
||||||
|
iq == NULL) {
|
||||||
|
if(!ipsecmod_new(qstate, id)) {
|
||||||
|
ipsecmod_error(qstate, id);
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
iq = (struct ipsecmod_qstate*)qstate->minfo[id];
|
||||||
|
}
|
||||||
|
if(iq && (event == module_event_pass || event == module_event_new)) {
|
||||||
|
ipsecmod_handle_query(qstate, iq, ie, id);
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
if(iq && (event == module_event_moddone)) {
|
||||||
|
ipsecmod_handle_response(qstate, iq, ie, id);
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
if(iq && outbound) {
|
||||||
|
/* cachedb does not need to process responses at this time
|
||||||
|
* ignore it.
|
||||||
|
cachedb_process_response(qstate, iq, ie, id, outbound, event);
|
||||||
|
*/
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
if(event == module_event_error) {
|
||||||
|
verbose(VERB_ALGO, "got called with event error, giving up");
|
||||||
|
ipsecmod_error(qstate, id);
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
if(!iq && (event == module_event_moddone)) {
|
||||||
|
/* during priming, module done but we never started. */
|
||||||
|
qstate->ext_state[id] = module_finished;
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
|
||||||
|
log_err("ipsecmod: bad event %s", strmodulevent(event));
|
||||||
|
ipsecmod_error(qstate, id);
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
|
||||||
|
void
|
||||||
|
ipsecmod_inform_super(struct module_qstate* qstate, int id,
|
||||||
|
struct module_qstate* super)
|
||||||
|
{
|
||||||
|
struct ipsecmod_qstate* siq;
|
||||||
|
log_query_info(VERB_ALGO, "ipsecmod: inform_super, sub is",
|
||||||
|
&qstate->qinfo);
|
||||||
|
log_query_info(VERB_ALGO, "super is", &super->qinfo);
|
||||||
|
siq = (struct ipsecmod_qstate*)super->minfo[id];
|
||||||
|
if(!siq) {
|
||||||
|
verbose(VERB_ALGO, "super has no ipsecmod state");
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
|
||||||
|
if(qstate->return_msg) {
|
||||||
|
struct ub_packed_rrset_key* rrset_key = reply_find_answer_rrset(
|
||||||
|
&qstate->return_msg->qinfo, qstate->return_msg->rep);
|
||||||
|
if(rrset_key) {
|
||||||
|
/* We have an answer. */
|
||||||
|
/* Copy to super's region. */
|
||||||
|
rrset_key = packed_rrset_copy_region(rrset_key, super->region, 0);
|
||||||
|
siq->ipseckey_rrset = rrset_key;
|
||||||
|
if(!rrset_key) {
|
||||||
|
log_err("ipsecmod: out of memory.");
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
/* Notify super to proceed. */
|
||||||
|
siq->ipseckey_done = 1;
|
||||||
|
}
|
||||||
|
|
||||||
|
void
|
||||||
|
ipsecmod_clear(struct module_qstate* qstate, int id)
|
||||||
|
{
|
||||||
|
if(!qstate)
|
||||||
|
return;
|
||||||
|
qstate->minfo[id] = NULL;
|
||||||
|
}
|
||||||
|
|
||||||
|
size_t
|
||||||
|
ipsecmod_get_mem(struct module_env* env, int id)
|
||||||
|
{
|
||||||
|
struct ipsecmod_env* ie = (struct ipsecmod_env*)env->modinfo[id];
|
||||||
|
if(!ie)
|
||||||
|
return 0;
|
||||||
|
return sizeof(*ie) + ipsecmod_whitelist_get_mem(ie->whitelist);
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* The ipsecmod function block
|
||||||
|
*/
|
||||||
|
static struct module_func_block ipsecmod_block = {
|
||||||
|
"ipsecmod",
|
||||||
|
&ipsecmod_init, &ipsecmod_deinit, &ipsecmod_operate,
|
||||||
|
&ipsecmod_inform_super, &ipsecmod_clear, &ipsecmod_get_mem
|
||||||
|
};
|
||||||
|
|
||||||
|
struct module_func_block*
|
||||||
|
ipsecmod_get_funcblock(void)
|
||||||
|
{
|
||||||
|
return &ipsecmod_block;
|
||||||
|
}
|
||||||
|
#endif /* USE_IPSECMOD */
|
97
ipsecmod/ipsecmod.h
Normal file
97
ipsecmod/ipsecmod.h
Normal file
@ -0,0 +1,97 @@
|
|||||||
|
/*
|
||||||
|
* ipsecmod/ipsecmod.h - facilitate opportunistic IPsec module
|
||||||
|
*
|
||||||
|
* Copyright (c) 2017, NLnet Labs. All rights reserved.
|
||||||
|
*
|
||||||
|
* This software is open source.
|
||||||
|
*
|
||||||
|
* Redistribution and use in source and binary forms, with or without
|
||||||
|
* modification, are permitted provided that the following conditions
|
||||||
|
* are met:
|
||||||
|
*
|
||||||
|
* Redistributions of source code must retain the above copyright notice,
|
||||||
|
* this list of conditions and the following disclaimer.
|
||||||
|
*
|
||||||
|
* Redistributions in binary form must reproduce the above copyright notice,
|
||||||
|
* this list of conditions and the following disclaimer in the documentation
|
||||||
|
* and/or other materials provided with the distribution.
|
||||||
|
*
|
||||||
|
* Neither the name of the NLNET LABS nor the names of its contributors may
|
||||||
|
* be used to endorse or promote products derived from this software without
|
||||||
|
* specific prior written permission.
|
||||||
|
*
|
||||||
|
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
|
||||||
|
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
|
||||||
|
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
|
||||||
|
* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
|
||||||
|
* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
|
||||||
|
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
|
||||||
|
* TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
|
||||||
|
* PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
|
||||||
|
* LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
|
||||||
|
* NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
|
||||||
|
* SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||||
|
*/
|
||||||
|
|
||||||
|
/**
|
||||||
|
* \file
|
||||||
|
*
|
||||||
|
* This file contains a module that facilitates opportunistic IPsec. It does so
|
||||||
|
* by also quering for the IPSECKEY for A/AAAA queries and calling a
|
||||||
|
* configurable hook (eg. signaling an IKE daemon) before replying.
|
||||||
|
*/
|
||||||
|
|
||||||
|
#ifndef IPSECMOD_H
|
||||||
|
#define IPSECMOD_H
|
||||||
|
#include "util/module.h"
|
||||||
|
#include "util/rbtree.h"
|
||||||
|
|
||||||
|
/**
|
||||||
|
* The global variable environment contents for the ipsecmod
|
||||||
|
* Shared between threads, this represents long term information.
|
||||||
|
*/
|
||||||
|
struct ipsecmod_env {
|
||||||
|
/** White listed domains for ipsecmod. */
|
||||||
|
rbtree_type* whitelist;
|
||||||
|
};
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Per query state for the ipsecmod module.
|
||||||
|
*/
|
||||||
|
struct ipsecmod_qstate {
|
||||||
|
/** State of the IPsec module. */
|
||||||
|
/** NOTE: This value is copied here from the configuration so that a change
|
||||||
|
* with unbound-control would not complicate an already running mesh. */
|
||||||
|
int enabled;
|
||||||
|
/** If the qname is whitelisted or not. */
|
||||||
|
/** NOTE: No whitelist means all qnames are whitelisted. */
|
||||||
|
int is_whitelisted;
|
||||||
|
/** Pointer to IPSECKEY rrset allocated in the qstate region. NULL if there
|
||||||
|
* was no IPSECKEY reply from the subquery. */
|
||||||
|
struct ub_packed_rrset_key* ipseckey_rrset;
|
||||||
|
/** If the IPSECKEY subquery has finished. */
|
||||||
|
int ipseckey_done;
|
||||||
|
};
|
||||||
|
|
||||||
|
/** Init the ipsecmod module */
|
||||||
|
int ipsecmod_init(struct module_env* env, int id);
|
||||||
|
/** Deinit the ipsecmod module */
|
||||||
|
void ipsecmod_deinit(struct module_env* env, int id);
|
||||||
|
/** Operate on an event on a query (in qstate). */
|
||||||
|
void ipsecmod_operate(struct module_qstate* qstate, enum module_ev event,
|
||||||
|
int id, struct outbound_entry* outbound);
|
||||||
|
/** Subordinate query done, inform this super request of its conclusion */
|
||||||
|
void ipsecmod_inform_super(struct module_qstate* qstate, int id,
|
||||||
|
struct module_qstate* super);
|
||||||
|
/** clear the ipsecmod query-specific contents out of qstate */
|
||||||
|
void ipsecmod_clear(struct module_qstate* qstate, int id);
|
||||||
|
/** return memory estimate for the ipsecmod module */
|
||||||
|
size_t ipsecmod_get_mem(struct module_env* env, int id);
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Get the function block with pointers to the ipsecmod functions
|
||||||
|
* @return the function block for "ipsecmod".
|
||||||
|
*/
|
||||||
|
struct module_func_block* ipsecmod_get_funcblock(void);
|
||||||
|
|
||||||
|
#endif /* IPSECMOD_H */
|
@ -144,7 +144,7 @@ compile_time_root_prime(int do_ip4, int do_ip6)
|
|||||||
}
|
}
|
||||||
if(do_ip6) {
|
if(do_ip6) {
|
||||||
if(!ah(dp, "A.ROOT-SERVERS.NET.", "2001:503:ba3e::2:30")) goto failed;
|
if(!ah(dp, "A.ROOT-SERVERS.NET.", "2001:503:ba3e::2:30")) goto failed;
|
||||||
if(!ah(dp, "B.ROOT-SERVERS.NET.", "2001:500:84::b")) goto failed;
|
if(!ah(dp, "B.ROOT-SERVERS.NET.", "2001:500:200::b")) goto failed;
|
||||||
if(!ah(dp, "C.ROOT-SERVERS.NET.", "2001:500:2::c")) goto failed;
|
if(!ah(dp, "C.ROOT-SERVERS.NET.", "2001:500:2::c")) goto failed;
|
||||||
if(!ah(dp, "D.ROOT-SERVERS.NET.", "2001:500:2d::d")) goto failed;
|
if(!ah(dp, "D.ROOT-SERVERS.NET.", "2001:500:2d::d")) goto failed;
|
||||||
if(!ah(dp, "E.ROOT-SERVERS.NET.", "2001:500:a8::e")) goto failed;
|
if(!ah(dp, "E.ROOT-SERVERS.NET.", "2001:500:a8::e")) goto failed;
|
||||||
|
@ -288,6 +288,22 @@ error_response_cache(struct module_qstate* qstate, int id, int rcode)
|
|||||||
return error_response(qstate, id, rcode);
|
return error_response(qstate, id, rcode);
|
||||||
/* if that fails (not in cache), fall through to store err */
|
/* if that fails (not in cache), fall through to store err */
|
||||||
}
|
}
|
||||||
|
if(qstate->env->cfg->serve_expired) {
|
||||||
|
/* if serving expired contents, and such content is
|
||||||
|
* already available, don't overwrite this servfail */
|
||||||
|
struct msgreply_entry* msg;
|
||||||
|
if((msg=msg_cache_lookup(qstate->env,
|
||||||
|
qstate->qinfo.qname, qstate->qinfo.qname_len,
|
||||||
|
qstate->qinfo.qtype, qstate->qinfo.qclass,
|
||||||
|
qstate->query_flags, 0, 0))
|
||||||
|
!= NULL) {
|
||||||
|
lock_rw_unlock(&msg->entry.lock);
|
||||||
|
return error_response(qstate, id, rcode);
|
||||||
|
}
|
||||||
|
/* serving expired contents, but nothing is cached
|
||||||
|
* at all, so the servfail cache entry is useful
|
||||||
|
* (stops waste of time on this servfail NORR_TTL) */
|
||||||
|
}
|
||||||
memset(&err, 0, sizeof(err));
|
memset(&err, 0, sizeof(err));
|
||||||
err.flags = (uint16_t)(BIT_QR | BIT_RA);
|
err.flags = (uint16_t)(BIT_QR | BIT_RA);
|
||||||
FLAGS_SET_RCODE(err.flags, rcode);
|
FLAGS_SET_RCODE(err.flags, rcode);
|
||||||
@ -509,6 +525,33 @@ handle_cname_response(struct module_qstate* qstate, struct iter_qstate* iq,
|
|||||||
return 1;
|
return 1;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/** see if last resort is possible - does config allow queries to parent */
|
||||||
|
static int
|
||||||
|
can_have_last_resort(struct module_env* env, uint8_t* nm, size_t nmlen,
|
||||||
|
uint16_t qclass)
|
||||||
|
{
|
||||||
|
struct delegpt* fwddp;
|
||||||
|
struct iter_hints_stub* stub;
|
||||||
|
int labs = dname_count_labels(nm);
|
||||||
|
/* do not process a last resort (the parent side) if a stub
|
||||||
|
* or forward is configured, because we do not want to go 'above'
|
||||||
|
* the configured servers */
|
||||||
|
if(!dname_is_root(nm) && (stub = (struct iter_hints_stub*)
|
||||||
|
name_tree_find(&env->hints->tree, nm, nmlen, labs, qclass)) &&
|
||||||
|
/* has_parent side is turned off for stub_first, where we
|
||||||
|
* are allowed to go to the parent */
|
||||||
|
stub->dp->has_parent_side_NS) {
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
if((fwddp = forwards_find(env->fwds, nm, qclass)) &&
|
||||||
|
/* has_parent_side is turned off for forward_first, where
|
||||||
|
* we are allowed to go to the parent */
|
||||||
|
fwddp->has_parent_side_NS) {
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
return 1;
|
||||||
|
}
|
||||||
|
|
||||||
/** see if target name is caps-for-id whitelisted */
|
/** see if target name is caps-for-id whitelisted */
|
||||||
static int
|
static int
|
||||||
is_caps_whitelisted(struct iter_env* ie, struct iter_qstate* iq)
|
is_caps_whitelisted(struct iter_env* ie, struct iter_qstate* iq)
|
||||||
@ -853,6 +896,9 @@ generate_ns_check(struct module_qstate* qstate, struct iter_qstate* iq, int id)
|
|||||||
|
|
||||||
if(iq->depth == ie->max_dependency_depth)
|
if(iq->depth == ie->max_dependency_depth)
|
||||||
return;
|
return;
|
||||||
|
if(!can_have_last_resort(qstate->env, iq->dp->name, iq->dp->namelen,
|
||||||
|
iq->qchase.qclass))
|
||||||
|
return;
|
||||||
/* is this query the same as the nscheck? */
|
/* is this query the same as the nscheck? */
|
||||||
if(qstate->qinfo.qtype == LDNS_RR_TYPE_NS &&
|
if(qstate->qinfo.qtype == LDNS_RR_TYPE_NS &&
|
||||||
query_dname_compare(iq->dp->name, qstate->qinfo.qname)==0 &&
|
query_dname_compare(iq->dp->name, qstate->qinfo.qname)==0 &&
|
||||||
@ -1025,6 +1071,20 @@ processInitRequest(struct module_qstate* qstate, struct iter_qstate* iq,
|
|||||||
return next_state(iq, COLLECT_CLASS_STATE);
|
return next_state(iq, COLLECT_CLASS_STATE);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/*
|
||||||
|
* If we are restricted by a forward-zone or a stub-zone, we
|
||||||
|
* can't re-fetch glue for this delegation point.
|
||||||
|
* we won’t try to re-fetch glue if the iq->dp is null.
|
||||||
|
*/
|
||||||
|
if (iq->refetch_glue &&
|
||||||
|
iq->dp &&
|
||||||
|
!can_have_last_resort(qstate->env,
|
||||||
|
iq->dp->name,
|
||||||
|
iq->dp->namelen,
|
||||||
|
iq->qchase.qclass)) {
|
||||||
|
iq->refetch_glue = 0;
|
||||||
|
}
|
||||||
|
|
||||||
/* Resolver Algorithm Step 1 -- Look for the answer in local data. */
|
/* Resolver Algorithm Step 1 -- Look for the answer in local data. */
|
||||||
|
|
||||||
/* This either results in a query restart (CNAME cache response), a
|
/* This either results in a query restart (CNAME cache response), a
|
||||||
@ -1558,35 +1618,6 @@ query_for_targets(struct module_qstate* qstate, struct iter_qstate* iq,
|
|||||||
return 1;
|
return 1;
|
||||||
}
|
}
|
||||||
|
|
||||||
/** see if last resort is possible - does config allow queries to parent */
|
|
||||||
static int
|
|
||||||
can_have_last_resort(struct module_env* env, struct delegpt* dp,
|
|
||||||
struct iter_qstate* iq)
|
|
||||||
{
|
|
||||||
struct delegpt* fwddp;
|
|
||||||
struct iter_hints_stub* stub;
|
|
||||||
/* do not process a last resort (the parent side) if a stub
|
|
||||||
* or forward is configured, because we do not want to go 'above'
|
|
||||||
* the configured servers */
|
|
||||||
if(!dname_is_root(dp->name) && (stub = (struct iter_hints_stub*)
|
|
||||||
name_tree_find(&env->hints->tree, dp->name, dp->namelen,
|
|
||||||
dp->namelabs, iq->qchase.qclass)) &&
|
|
||||||
/* has_parent side is turned off for stub_first, where we
|
|
||||||
* are allowed to go to the parent */
|
|
||||||
stub->dp->has_parent_side_NS) {
|
|
||||||
verbose(VERB_QUERY, "configured stub servers failed -- returning SERVFAIL");
|
|
||||||
return 0;
|
|
||||||
}
|
|
||||||
if((fwddp = forwards_find(env->fwds, dp->name, iq->qchase.qclass)) &&
|
|
||||||
/* has_parent_side is turned off for forward_first, where
|
|
||||||
* we are allowed to go to the parent */
|
|
||||||
fwddp->has_parent_side_NS) {
|
|
||||||
verbose(VERB_QUERY, "configured forward servers failed -- returning SERVFAIL");
|
|
||||||
return 0;
|
|
||||||
}
|
|
||||||
return 1;
|
|
||||||
}
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Called by processQueryTargets when it would like extra targets to query
|
* Called by processQueryTargets when it would like extra targets to query
|
||||||
* but it seems to be out of options. At last resort some less appealing
|
* but it seems to be out of options. At last resort some less appealing
|
||||||
@ -1608,9 +1639,11 @@ processLastResort(struct module_qstate* qstate, struct iter_qstate* iq,
|
|||||||
verbose(VERB_ALGO, "No more query targets, attempting last resort");
|
verbose(VERB_ALGO, "No more query targets, attempting last resort");
|
||||||
log_assert(iq->dp);
|
log_assert(iq->dp);
|
||||||
|
|
||||||
if(!can_have_last_resort(qstate->env, iq->dp, iq)) {
|
if(!can_have_last_resort(qstate->env, iq->dp->name, iq->dp->namelen,
|
||||||
|
iq->qchase.qclass)) {
|
||||||
/* fail -- no more targets, no more hope of targets, no hope
|
/* fail -- no more targets, no more hope of targets, no hope
|
||||||
* of a response. */
|
* of a response. */
|
||||||
|
verbose(VERB_QUERY, "configured stub or forward servers failed -- returning SERVFAIL");
|
||||||
return error_response_cache(qstate, id, LDNS_RCODE_SERVFAIL);
|
return error_response_cache(qstate, id, LDNS_RCODE_SERVFAIL);
|
||||||
}
|
}
|
||||||
if(!iq->dp->has_parent_side_NS && dname_is_root(iq->dp->name)) {
|
if(!iq->dp->has_parent_side_NS && dname_is_root(iq->dp->name)) {
|
||||||
@ -1695,6 +1728,19 @@ processLastResort(struct module_qstate* qstate, struct iter_qstate* iq,
|
|||||||
/* see if we can issue queries to get nameserver addresses */
|
/* see if we can issue queries to get nameserver addresses */
|
||||||
/* this lookup is not randomized, but sequential. */
|
/* this lookup is not randomized, but sequential. */
|
||||||
for(ns = iq->dp->nslist; ns; ns = ns->next) {
|
for(ns = iq->dp->nslist; ns; ns = ns->next) {
|
||||||
|
/* if this nameserver is at a delegation point, but that
|
||||||
|
* delegation point is a stub and we cannot go higher, skip*/
|
||||||
|
if( ((ie->supports_ipv6 && !ns->done_pside6) ||
|
||||||
|
(ie->supports_ipv4 && !ns->done_pside4)) &&
|
||||||
|
!can_have_last_resort(qstate->env, ns->name, ns->namelen,
|
||||||
|
iq->qchase.qclass)) {
|
||||||
|
log_nametypeclass(VERB_ALGO, "cannot pside lookup ns "
|
||||||
|
"because it is also a stub/forward,",
|
||||||
|
ns->name, LDNS_RR_TYPE_NS, iq->qchase.qclass);
|
||||||
|
if(ie->supports_ipv6) ns->done_pside6 = 1;
|
||||||
|
if(ie->supports_ipv4) ns->done_pside4 = 1;
|
||||||
|
continue;
|
||||||
|
}
|
||||||
/* query for parent-side A and AAAA for nameservers */
|
/* query for parent-side A and AAAA for nameservers */
|
||||||
if(ie->supports_ipv6 && !ns->done_pside6) {
|
if(ie->supports_ipv6 && !ns->done_pside6) {
|
||||||
/* Send the AAAA request. */
|
/* Send the AAAA request. */
|
||||||
|
@ -601,6 +601,167 @@ int ub_ctx_data_remove(struct ub_ctx* ctx, const char *data);
|
|||||||
*/
|
*/
|
||||||
const char* ub_version(void);
|
const char* ub_version(void);
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Some global statistics that are not in struct stats_info,
|
||||||
|
* this struct is shared on a shm segment (shm-key in unbound.conf)
|
||||||
|
*/
|
||||||
|
struct ub_shm_stat_info {
|
||||||
|
int num_threads;
|
||||||
|
|
||||||
|
struct {
|
||||||
|
long long now_sec, now_usec;
|
||||||
|
long long up_sec, up_usec;
|
||||||
|
long long elapsed_sec, elapsed_usec;
|
||||||
|
} time;
|
||||||
|
|
||||||
|
struct {
|
||||||
|
long long msg;
|
||||||
|
long long rrset;
|
||||||
|
long long val;
|
||||||
|
long long iter;
|
||||||
|
long long subnet;
|
||||||
|
long long ipsecmod;
|
||||||
|
long long respip;
|
||||||
|
} mem;
|
||||||
|
};
|
||||||
|
|
||||||
|
/** number of qtype that is stored for in array */
|
||||||
|
#define UB_STATS_QTYPE_NUM 256
|
||||||
|
/** number of qclass that is stored for in array */
|
||||||
|
#define UB_STATS_QCLASS_NUM 256
|
||||||
|
/** number of rcodes in stats */
|
||||||
|
#define UB_STATS_RCODE_NUM 16
|
||||||
|
/** number of opcodes in stats */
|
||||||
|
#define UB_STATS_OPCODE_NUM 16
|
||||||
|
/** number of histogram buckets */
|
||||||
|
#define UB_STATS_BUCKET_NUM 40
|
||||||
|
|
||||||
|
/** per worker statistics. */
|
||||||
|
struct ub_server_stats {
|
||||||
|
/** number of queries from clients received. */
|
||||||
|
long long num_queries;
|
||||||
|
/** number of queries that have been dropped/ratelimited by ip. */
|
||||||
|
long long num_queries_ip_ratelimited;
|
||||||
|
/** number of queries that had a cache-miss. */
|
||||||
|
long long num_queries_missed_cache;
|
||||||
|
/** number of prefetch queries - cachehits with prefetch */
|
||||||
|
long long num_queries_prefetch;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Sum of the querylistsize of the worker for
|
||||||
|
* every query that missed cache. To calculate average.
|
||||||
|
*/
|
||||||
|
long long sum_query_list_size;
|
||||||
|
/** max value of query list size reached. */
|
||||||
|
long long max_query_list_size;
|
||||||
|
|
||||||
|
/** Extended stats below (bool) */
|
||||||
|
int extended;
|
||||||
|
|
||||||
|
/** qtype stats */
|
||||||
|
long long qtype[UB_STATS_QTYPE_NUM];
|
||||||
|
/** bigger qtype values not in array */
|
||||||
|
long long qtype_big;
|
||||||
|
/** qclass stats */
|
||||||
|
long long qclass[UB_STATS_QCLASS_NUM];
|
||||||
|
/** bigger qclass values not in array */
|
||||||
|
long long qclass_big;
|
||||||
|
/** query opcodes */
|
||||||
|
long long qopcode[UB_STATS_OPCODE_NUM];
|
||||||
|
/** number of queries over TCP */
|
||||||
|
long long qtcp;
|
||||||
|
/** number of outgoing queries over TCP */
|
||||||
|
long long qtcp_outgoing;
|
||||||
|
/** number of queries over IPv6 */
|
||||||
|
long long qipv6;
|
||||||
|
/** number of queries with QR bit */
|
||||||
|
long long qbit_QR;
|
||||||
|
/** number of queries with AA bit */
|
||||||
|
long long qbit_AA;
|
||||||
|
/** number of queries with TC bit */
|
||||||
|
long long qbit_TC;
|
||||||
|
/** number of queries with RD bit */
|
||||||
|
long long qbit_RD;
|
||||||
|
/** number of queries with RA bit */
|
||||||
|
long long qbit_RA;
|
||||||
|
/** number of queries with Z bit */
|
||||||
|
long long qbit_Z;
|
||||||
|
/** number of queries with AD bit */
|
||||||
|
long long qbit_AD;
|
||||||
|
/** number of queries with CD bit */
|
||||||
|
long long qbit_CD;
|
||||||
|
/** number of queries with EDNS OPT record */
|
||||||
|
long long qEDNS;
|
||||||
|
/** number of queries with EDNS with DO flag */
|
||||||
|
long long qEDNS_DO;
|
||||||
|
/** answer rcodes */
|
||||||
|
long long ans_rcode[UB_STATS_RCODE_NUM];
|
||||||
|
/** answers with pseudo rcode 'nodata' */
|
||||||
|
long long ans_rcode_nodata;
|
||||||
|
/** answers that were secure (AD) */
|
||||||
|
long long ans_secure;
|
||||||
|
/** answers that were bogus (withheld as SERVFAIL) */
|
||||||
|
long long ans_bogus;
|
||||||
|
/** rrsets marked bogus by validator */
|
||||||
|
long long rrset_bogus;
|
||||||
|
/** unwanted traffic received on server-facing ports */
|
||||||
|
long long unwanted_replies;
|
||||||
|
/** unwanted traffic received on client-facing ports */
|
||||||
|
long long unwanted_queries;
|
||||||
|
/** usage of tcp accept list */
|
||||||
|
long long tcp_accept_usage;
|
||||||
|
/** answers served from expired cache */
|
||||||
|
long long zero_ttl_responses;
|
||||||
|
/** histogram data exported to array
|
||||||
|
* if the array is the same size, no data is lost, and
|
||||||
|
* if all histograms are same size (is so by default) then
|
||||||
|
* adding up works well. */
|
||||||
|
long long hist[UB_STATS_BUCKET_NUM];
|
||||||
|
|
||||||
|
/** number of message cache entries */
|
||||||
|
long long msg_cache_count;
|
||||||
|
/** number of rrset cache entries */
|
||||||
|
long long rrset_cache_count;
|
||||||
|
/** number of infra cache entries */
|
||||||
|
long long infra_cache_count;
|
||||||
|
/** number of key cache entries */
|
||||||
|
long long key_cache_count;
|
||||||
|
|
||||||
|
/** number of queries that used dnscrypt */
|
||||||
|
long long num_query_dnscrypt_crypted;
|
||||||
|
/** number of queries that queried dnscrypt certificates */
|
||||||
|
long long num_query_dnscrypt_cert;
|
||||||
|
/** number of queries in clear text and not asking for the certificates */
|
||||||
|
long long num_query_dnscrypt_cleartext;
|
||||||
|
/** number of malformed encrypted queries */
|
||||||
|
long long num_query_dnscrypt_crypted_malformed;
|
||||||
|
};
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Statistics to send over the control pipe when asked
|
||||||
|
* This struct is made to be memcpied, sent in binary.
|
||||||
|
* shm mapped with (number+1) at num_threads+1, with first as total
|
||||||
|
*/
|
||||||
|
struct ub_stats_info {
|
||||||
|
/** the thread stats */
|
||||||
|
struct ub_server_stats svr;
|
||||||
|
|
||||||
|
/** mesh stats: current number of states */
|
||||||
|
long long mesh_num_states;
|
||||||
|
/** mesh stats: current number of reply (user) states */
|
||||||
|
long long mesh_num_reply_states;
|
||||||
|
/** mesh stats: number of reply states overwritten with a new one */
|
||||||
|
long long mesh_jostled;
|
||||||
|
/** mesh stats: number of incoming queries dropped */
|
||||||
|
long long mesh_dropped;
|
||||||
|
/** mesh stats: replies sent */
|
||||||
|
long long mesh_replies_sent;
|
||||||
|
/** mesh stats: sum of waiting times for the replies */
|
||||||
|
long long mesh_replies_sum_wait_sec, mesh_replies_sum_wait_usec;
|
||||||
|
/** mesh stats: median of waiting times for replies (in sec) */
|
||||||
|
double mesh_time_median;
|
||||||
|
};
|
||||||
|
|
||||||
#ifdef __cplusplus
|
#ifdef __cplusplus
|
||||||
}
|
}
|
||||||
#endif
|
#endif
|
||||||
|
@ -41,8 +41,10 @@
|
|||||||
/* ignore the varargs unused warning from SWIGs internal vararg support */
|
/* ignore the varargs unused warning from SWIGs internal vararg support */
|
||||||
#ifdef __GNUC__
|
#ifdef __GNUC__
|
||||||
#pragma GCC diagnostic ignored "-Wunused-parameter"
|
#pragma GCC diagnostic ignored "-Wunused-parameter"
|
||||||
|
#ifndef __clang__
|
||||||
#pragma GCC diagnostic ignored "-Wunused-but-set-variable"
|
#pragma GCC diagnostic ignored "-Wunused-but-set-variable"
|
||||||
#endif
|
#endif
|
||||||
|
#endif
|
||||||
|
|
||||||
#include "config.h"
|
#include "config.h"
|
||||||
#include "sldns/sbuffer.h"
|
#include "sldns/sbuffer.h"
|
||||||
|
@ -261,6 +261,7 @@ respip_enter_rr(struct regional* region, struct resp_addr* raddr,
|
|||||||
log_err("bad response-ip-data: %s", rrstr);
|
log_err("bad response-ip-data: %s", rrstr);
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
free(nm);
|
||||||
sa = (struct sockaddr*)&raddr->node.addr;
|
sa = (struct sockaddr*)&raddr->node.addr;
|
||||||
if (rrtype == LDNS_RR_TYPE_CNAME && raddr->data) {
|
if (rrtype == LDNS_RR_TYPE_CNAME && raddr->data) {
|
||||||
log_err("CNAME response-ip data (%s) can not co-exist with other "
|
log_err("CNAME response-ip data (%s) can not co-exist with other "
|
||||||
|
2369
services/authzone.c
Normal file
2369
services/authzone.c
Normal file
File diff suppressed because it is too large
Load Diff
209
services/authzone.h
Normal file
209
services/authzone.h
Normal file
@ -0,0 +1,209 @@
|
|||||||
|
/*
|
||||||
|
* services/authzone.h - authoritative zone that is locally hosted.
|
||||||
|
*
|
||||||
|
* Copyright (c) 2017, NLnet Labs. All rights reserved.
|
||||||
|
*
|
||||||
|
* This software is open source.
|
||||||
|
*
|
||||||
|
* Redistribution and use in source and binary forms, with or without
|
||||||
|
* modification, are permitted provided that the following conditions
|
||||||
|
* are met:
|
||||||
|
*
|
||||||
|
* Redistributions of source code must retain the above copyright notice,
|
||||||
|
* this list of conditions and the following disclaimer.
|
||||||
|
*
|
||||||
|
* Redistributions in binary form must reproduce the above copyright notice,
|
||||||
|
* this list of conditions and the following disclaimer in the documentation
|
||||||
|
* and/or other materials provided with the distribution.
|
||||||
|
*
|
||||||
|
* Neither the name of the NLNET LABS nor the names of its contributors may
|
||||||
|
* be used to endorse or promote products derived from this software without
|
||||||
|
* specific prior written permission.
|
||||||
|
*
|
||||||
|
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
|
||||||
|
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
|
||||||
|
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
|
||||||
|
* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
|
||||||
|
* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
|
||||||
|
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
|
||||||
|
* TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
|
||||||
|
* PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
|
||||||
|
* LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
|
||||||
|
* NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
|
||||||
|
* SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||||
|
*/
|
||||||
|
|
||||||
|
/**
|
||||||
|
* \file
|
||||||
|
*
|
||||||
|
* This file contains the functions for an authority zone. This zone
|
||||||
|
* is queried by the iterator, just like a stub or forward zone, but then
|
||||||
|
* the data is locally held.
|
||||||
|
*/
|
||||||
|
|
||||||
|
#ifndef SERVICES_AUTHZONE_H
|
||||||
|
#define SERVICES_AUTHZONE_H
|
||||||
|
#include "util/rbtree.h"
|
||||||
|
#include "util/locks.h"
|
||||||
|
struct ub_packed_rrset_key;
|
||||||
|
struct regional;
|
||||||
|
struct config_file;
|
||||||
|
struct query_info;
|
||||||
|
struct dns_msg;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Authoritative zones, shared.
|
||||||
|
*/
|
||||||
|
struct auth_zones {
|
||||||
|
/** lock on the authzone tree */
|
||||||
|
lock_rw_type lock;
|
||||||
|
/** rbtree of struct auth_zone */
|
||||||
|
rbtree_type ztree;
|
||||||
|
};
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Auth zone. Authoritative data, that is fetched from instead of sending
|
||||||
|
* packets to the internet.
|
||||||
|
*/
|
||||||
|
struct auth_zone {
|
||||||
|
/** rbtree node, key is name and class */
|
||||||
|
rbnode_type node;
|
||||||
|
|
||||||
|
/** zone name, in uncompressed wireformat */
|
||||||
|
uint8_t* name;
|
||||||
|
/** length of zone name */
|
||||||
|
size_t namelen;
|
||||||
|
/** number of labels in zone name */
|
||||||
|
int namelabs;
|
||||||
|
/** the class of this zone, in host byteorder.
|
||||||
|
* uses 'dclass' to not conflict with c++ keyword class. */
|
||||||
|
uint16_t dclass;
|
||||||
|
|
||||||
|
/** lock on the data in the structure
|
||||||
|
* For the node, parent, name, namelen, namelabs, dclass, you
|
||||||
|
* need to also hold the zones_tree lock to change them (or to
|
||||||
|
* delete this zone) */
|
||||||
|
lock_rw_type lock;
|
||||||
|
|
||||||
|
/** auth data for this zone
|
||||||
|
* rbtree of struct auth_data */
|
||||||
|
rbtree_type data;
|
||||||
|
|
||||||
|
/* zonefile name (or NULL for no zonefile) */
|
||||||
|
char* zonefile;
|
||||||
|
/* fallback to the internet on failure or ttl-expiry of auth zone */
|
||||||
|
int fallback_enabled;
|
||||||
|
};
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Auth data. One domain name, and the RRs to go with it.
|
||||||
|
*/
|
||||||
|
struct auth_data {
|
||||||
|
/** rbtree node, key is name only */
|
||||||
|
rbnode_type node;
|
||||||
|
/** domain name */
|
||||||
|
uint8_t* name;
|
||||||
|
/** length of name */
|
||||||
|
size_t namelen;
|
||||||
|
/** number of labels in name */
|
||||||
|
int namelabs;
|
||||||
|
/** the data rrsets, with different types, linked list.
|
||||||
|
* if the list if NULL the node would be an empty non-terminal,
|
||||||
|
* but in this data structure such nodes that represent an empty
|
||||||
|
* non-terminal are not needed; they just don't exist.
|
||||||
|
*/
|
||||||
|
struct auth_rrset* rrsets;
|
||||||
|
};
|
||||||
|
|
||||||
|
/**
|
||||||
|
* A auth data RRset
|
||||||
|
*/
|
||||||
|
struct auth_rrset {
|
||||||
|
/** next in list */
|
||||||
|
struct auth_rrset* next;
|
||||||
|
/** RR type in host byteorder */
|
||||||
|
uint16_t type;
|
||||||
|
/** RRset data item */
|
||||||
|
struct packed_rrset_data* data;
|
||||||
|
};
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Create auth zones structure
|
||||||
|
*/
|
||||||
|
struct auth_zones* auth_zones_create(void);
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Apply configuration to auth zones. Reads zonefiles.
|
||||||
|
*/
|
||||||
|
int auth_zones_apply_config(struct auth_zones* az, struct config_file* cfg);
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Delete auth zones structure
|
||||||
|
*/
|
||||||
|
void auth_zones_delete(struct auth_zones* az);
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Write auth zone data to file, in zonefile format.
|
||||||
|
*/
|
||||||
|
int auth_zone_write_file(struct auth_zone* z, const char* fname);
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Use auth zones to lookup the answer to a query.
|
||||||
|
* The query is from the iterator. And the auth zones attempts to provide
|
||||||
|
* the answer instead of going to the internet.
|
||||||
|
*
|
||||||
|
* @param az: auth zones structure.
|
||||||
|
* @param qinfo: query info to lookup.
|
||||||
|
* @param region: region to use to allocate the reply in.
|
||||||
|
* @param msg: reply is stored here (if one).
|
||||||
|
* @param fallback: if true, fallback to making a query to the internet.
|
||||||
|
* @param dp_nm: name of delegation point to look for. This zone is used
|
||||||
|
* to answer the query.
|
||||||
|
* If the dp_nm is not found, fallback is set to true and false returned.
|
||||||
|
* @param dp_nmlen: length of dp_nm.
|
||||||
|
* @return 0: failure (an error of some sort, like servfail).
|
||||||
|
* if 0 and fallback is true, fallback to the internet.
|
||||||
|
* if 0 and fallback is false, like getting servfail.
|
||||||
|
* If true, an answer is available.
|
||||||
|
*/
|
||||||
|
int auth_zones_lookup(struct auth_zones* az, struct query_info* qinfo,
|
||||||
|
struct regional* region, struct dns_msg** msg, int* fallback,
|
||||||
|
uint8_t* dp_nm, size_t dp_nmlen);
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Find the auth zone that is above the given qname.
|
||||||
|
* Return NULL when there is no auth_zone above the give name, otherwise
|
||||||
|
* returns the closest auth_zone above the qname that pertains to it.
|
||||||
|
* @param az: auth zones structure.
|
||||||
|
* @param qinfo: query info to lookup.
|
||||||
|
* @return NULL or auth_zone that pertains to the query.
|
||||||
|
*/
|
||||||
|
struct auth_zone* auth_zones_find_zone(struct auth_zones* az,
|
||||||
|
struct query_info* qinfo);
|
||||||
|
|
||||||
|
/** find an auth zone by name (exact match by name or NULL returned) */
|
||||||
|
struct auth_zone* auth_zone_find(struct auth_zones* az, uint8_t* nm,
|
||||||
|
size_t nmlen, uint16_t dclass);
|
||||||
|
|
||||||
|
/** create an auth zone. returns wrlocked zone. caller must have wrlock
|
||||||
|
* on az. returns NULL on malloc failure */
|
||||||
|
struct auth_zone* auth_zone_create(struct auth_zones* az, uint8_t* nm,
|
||||||
|
size_t nmlen, uint16_t dclass);
|
||||||
|
|
||||||
|
/** set auth zone zonefile string. caller must have lock on zone */
|
||||||
|
int auth_zone_set_zonefile(struct auth_zone* z, char* zonefile);
|
||||||
|
|
||||||
|
/** set auth zone fallback. caller must have lock on zone.
|
||||||
|
* fallbackstr is "yes" or "no". false on parse failure. */
|
||||||
|
int auth_zone_set_fallback(struct auth_zone* z, char* fallbackstr);
|
||||||
|
|
||||||
|
/** read auth zone from zonefile. caller must lock zone. false on failure */
|
||||||
|
int auth_zone_read_zonefile(struct auth_zone* z);
|
||||||
|
|
||||||
|
/** compare auth_zones for sorted rbtree */
|
||||||
|
int auth_zone_cmp(const void* z1, const void* z2);
|
||||||
|
|
||||||
|
/** compare auth_data for sorted rbtree */
|
||||||
|
int auth_data_cmp(const void* z1, const void* z2);
|
||||||
|
|
||||||
|
#endif /* SERVICES_AUTHZONE_H */
|
17
services/cache/dns.c
vendored
17
services/cache/dns.c
vendored
@ -41,6 +41,7 @@
|
|||||||
#include "config.h"
|
#include "config.h"
|
||||||
#include "iterator/iter_delegpt.h"
|
#include "iterator/iter_delegpt.h"
|
||||||
#include "validator/val_nsec.h"
|
#include "validator/val_nsec.h"
|
||||||
|
#include "validator/val_utils.h"
|
||||||
#include "services/cache/dns.h"
|
#include "services/cache/dns.h"
|
||||||
#include "services/cache/rrset.h"
|
#include "services/cache/rrset.h"
|
||||||
#include "util/data/msgreply.h"
|
#include "util/data/msgreply.h"
|
||||||
@ -182,7 +183,7 @@ addr_to_additional(struct ub_packed_rrset_key* rrset, struct regional* region,
|
|||||||
}
|
}
|
||||||
|
|
||||||
/** lookup message in message cache */
|
/** lookup message in message cache */
|
||||||
static struct msgreply_entry*
|
struct msgreply_entry*
|
||||||
msg_cache_lookup(struct module_env* env, uint8_t* qname, size_t qnamelen,
|
msg_cache_lookup(struct module_env* env, uint8_t* qname, size_t qnamelen,
|
||||||
uint16_t qtype, uint16_t qclass, uint16_t flags, time_t now, int wr)
|
uint16_t qtype, uint16_t qclass, uint16_t flags, time_t now, int wr)
|
||||||
{
|
{
|
||||||
@ -755,10 +756,16 @@ dns_cache_lookup(struct module_env* env,
|
|||||||
if( qtype != LDNS_RR_TYPE_DS &&
|
if( qtype != LDNS_RR_TYPE_DS &&
|
||||||
(rrset=rrset_cache_lookup(env->rrset_cache, qname, qnamelen,
|
(rrset=rrset_cache_lookup(env->rrset_cache, qname, qnamelen,
|
||||||
LDNS_RR_TYPE_CNAME, qclass, 0, now, 0))) {
|
LDNS_RR_TYPE_CNAME, qclass, 0, now, 0))) {
|
||||||
struct dns_msg* msg = rrset_msg(rrset, region, now, &k);
|
uint8_t* wc = NULL;
|
||||||
if(msg) {
|
/* if the rrset is not a wildcard expansion, with wcname */
|
||||||
lock_rw_unlock(&rrset->entry.lock);
|
/* because, if we return that CNAME rrset on its own, it is
|
||||||
return msg;
|
* missing the NSEC or NSEC3 proof */
|
||||||
|
if(!(val_rrset_wildcard(rrset, &wc) && wc != NULL)) {
|
||||||
|
struct dns_msg* msg = rrset_msg(rrset, region, now, &k);
|
||||||
|
if(msg) {
|
||||||
|
lock_rw_unlock(&rrset->entry.lock);
|
||||||
|
return msg;
|
||||||
|
}
|
||||||
}
|
}
|
||||||
lock_rw_unlock(&rrset->entry.lock);
|
lock_rw_unlock(&rrset->entry.lock);
|
||||||
}
|
}
|
||||||
|
6
services/cache/dns.h
vendored
6
services/cache/dns.h
vendored
@ -208,4 +208,10 @@ int dns_msg_authadd(struct dns_msg* msg, struct regional* region,
|
|||||||
int dns_cache_prefetch_adjust(struct module_env* env, struct query_info* qinfo,
|
int dns_cache_prefetch_adjust(struct module_env* env, struct query_info* qinfo,
|
||||||
time_t adjust, uint16_t flags);
|
time_t adjust, uint16_t flags);
|
||||||
|
|
||||||
|
/** lookup message in message cache
|
||||||
|
* the returned nonNULL entry is locked and has to be unlocked by the caller */
|
||||||
|
struct msgreply_entry* msg_cache_lookup(struct module_env* env,
|
||||||
|
uint8_t* qname, size_t qnamelen, uint16_t qtype, uint16_t qclass,
|
||||||
|
uint16_t flags, time_t now, int wr);
|
||||||
|
|
||||||
#endif /* SERVICES_CACHE_DNS_H */
|
#endif /* SERVICES_CACHE_DNS_H */
|
||||||
|
4
services/cache/infra.c
vendored
4
services/cache/infra.c
vendored
@ -893,6 +893,8 @@ int infra_ratelimit_inc(struct infra_cache* infra, uint8_t* name,
|
|||||||
|
|
||||||
/* find ratelimit */
|
/* find ratelimit */
|
||||||
lim = infra_find_ratelimit(infra, name, namelen);
|
lim = infra_find_ratelimit(infra, name, namelen);
|
||||||
|
if(!lim)
|
||||||
|
return 1; /* disabled for this domain */
|
||||||
|
|
||||||
/* find or insert ratedata */
|
/* find or insert ratedata */
|
||||||
entry = infra_find_ratedata(infra, name, namelen, 1);
|
entry = infra_find_ratedata(infra, name, namelen, 1);
|
||||||
@ -941,6 +943,8 @@ int infra_ratelimit_exceeded(struct infra_cache* infra, uint8_t* name,
|
|||||||
|
|
||||||
/* find ratelimit */
|
/* find ratelimit */
|
||||||
lim = infra_find_ratelimit(infra, name, namelen);
|
lim = infra_find_ratelimit(infra, name, namelen);
|
||||||
|
if(!lim)
|
||||||
|
return 0; /* disabled for this domain */
|
||||||
|
|
||||||
/* find current rate */
|
/* find current rate */
|
||||||
entry = infra_find_ratedata(infra, name, namelen, 0);
|
entry = infra_find_ratedata(infra, name, namelen, 0);
|
||||||
|
2
services/cache/infra.h
vendored
2
services/cache/infra.h
vendored
@ -401,7 +401,7 @@ int infra_ratelimit_exceeded(struct infra_cache* infra, uint8_t* name,
|
|||||||
/** find the maximum rate stored, not too old. 0 if no information. */
|
/** find the maximum rate stored, not too old. 0 if no information. */
|
||||||
int infra_rate_max(void* data, time_t now);
|
int infra_rate_max(void* data, time_t now);
|
||||||
|
|
||||||
/** find the ratelimit in qps for a domain */
|
/** find the ratelimit in qps for a domain. 0 if no limit for domain. */
|
||||||
int infra_find_ratelimit(struct infra_cache* infra, uint8_t* name,
|
int infra_find_ratelimit(struct infra_cache* infra, uint8_t* name,
|
||||||
size_t namelen);
|
size_t namelen);
|
||||||
|
|
||||||
|
@ -1223,15 +1223,15 @@ listen_create(struct comm_base* base, struct listen_port* ports,
|
|||||||
ports->ftype == listen_type_tcp_dnscrypt ||
|
ports->ftype == listen_type_tcp_dnscrypt ||
|
||||||
ports->ftype == listen_type_udpancil_dnscrypt) {
|
ports->ftype == listen_type_udpancil_dnscrypt) {
|
||||||
cp->dnscrypt = 1;
|
cp->dnscrypt = 1;
|
||||||
cp->dnscrypt_buffer = sldns_buffer_new(bufsize);
|
cp->dnscrypt_buffer = sldns_buffer_new(bufsize);
|
||||||
if(!cp->dnscrypt_buffer) {
|
if(!cp->dnscrypt_buffer) {
|
||||||
log_err("can't alloc dnscrypt_buffer");
|
log_err("can't alloc dnscrypt_buffer");
|
||||||
comm_point_delete(cp);
|
comm_point_delete(cp);
|
||||||
listen_delete(front);
|
listen_delete(front);
|
||||||
return NULL;
|
return NULL;
|
||||||
}
|
}
|
||||||
front->dnscrypt_udp_buff = cp->dnscrypt_buffer;
|
front->dnscrypt_udp_buff = cp->dnscrypt_buffer;
|
||||||
}
|
}
|
||||||
#endif
|
#endif
|
||||||
if(!listen_cp_insert(cp, front)) {
|
if(!listen_cp_insert(cp, front)) {
|
||||||
log_err("malloc failed");
|
log_err("malloc failed");
|
||||||
@ -1269,10 +1269,10 @@ listen_delete(struct listen_dnsport* front)
|
|||||||
return;
|
return;
|
||||||
listen_list_delete(front->cps);
|
listen_list_delete(front->cps);
|
||||||
#ifdef USE_DNSCRYPT
|
#ifdef USE_DNSCRYPT
|
||||||
if(front->dnscrypt_udp_buff &&
|
if(front->dnscrypt_udp_buff &&
|
||||||
front->udp_buff != front->dnscrypt_udp_buff) {
|
front->udp_buff != front->dnscrypt_udp_buff) {
|
||||||
sldns_buffer_free(front->dnscrypt_udp_buff);
|
sldns_buffer_free(front->dnscrypt_udp_buff);
|
||||||
}
|
}
|
||||||
#endif
|
#endif
|
||||||
sldns_buffer_free(front->udp_buff);
|
sldns_buffer_free(front->udp_buff);
|
||||||
free(front);
|
free(front);
|
||||||
|
@ -187,7 +187,9 @@ lz_enter_zone_dname(struct local_zones* zones, uint8_t* nm, size_t len,
|
|||||||
lock_rw_wrlock(&z->lock);
|
lock_rw_wrlock(&z->lock);
|
||||||
if(!rbtree_insert(&zones->ztree, &z->node)) {
|
if(!rbtree_insert(&zones->ztree, &z->node)) {
|
||||||
struct local_zone* oldz;
|
struct local_zone* oldz;
|
||||||
log_warn("duplicate local-zone");
|
char str[256];
|
||||||
|
dname_str(nm, str);
|
||||||
|
log_warn("duplicate local-zone %s", str);
|
||||||
lock_rw_unlock(&z->lock);
|
lock_rw_unlock(&z->lock);
|
||||||
/* save zone name locally before deallocation,
|
/* save zone name locally before deallocation,
|
||||||
* otherwise, nm is gone if we zone_delete now. */
|
* otherwise, nm is gone if we zone_delete now. */
|
||||||
@ -744,12 +746,15 @@ add_as112_default(struct local_zones* zones, struct config_file* cfg,
|
|||||||
}
|
}
|
||||||
|
|
||||||
/** enter default zones */
|
/** enter default zones */
|
||||||
static int
|
int local_zone_enter_defaults(struct local_zones* zones, struct config_file* cfg)
|
||||||
lz_enter_defaults(struct local_zones* zones, struct config_file* cfg)
|
|
||||||
{
|
{
|
||||||
struct local_zone* z;
|
struct local_zone* z;
|
||||||
const char** zstr;
|
const char** zstr;
|
||||||
|
|
||||||
|
/* Do not add any default */
|
||||||
|
if(cfg->local_zones_disable_default)
|
||||||
|
return 1;
|
||||||
|
|
||||||
/* this list of zones is from RFC 6303 and RFC 7686 */
|
/* this list of zones is from RFC 6303 and RFC 7686 */
|
||||||
|
|
||||||
/* block localhost level zones first, then onion and later the LAN zones */
|
/* block localhost level zones first, then onion and later the LAN zones */
|
||||||
@ -1019,7 +1024,7 @@ local_zones_apply_cfg(struct local_zones* zones, struct config_file* cfg)
|
|||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
/* apply default zones+content (unless disabled, or overridden) */
|
/* apply default zones+content (unless disabled, or overridden) */
|
||||||
if(!lz_enter_defaults(zones, cfg)) {
|
if(!local_zone_enter_defaults(zones, cfg)) {
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
/* enter local zone overrides */
|
/* enter local zone overrides */
|
||||||
@ -1585,7 +1590,7 @@ local_zones_answer(struct local_zones* zones, struct module_env* env,
|
|||||||
lock_rw_rdlock(&z->lock);
|
lock_rw_rdlock(&z->lock);
|
||||||
lzt = z->type;
|
lzt = z->type;
|
||||||
}
|
}
|
||||||
if(!z && !view->isfirst){
|
if(view->local_zones && !z && !view->isfirst){
|
||||||
lock_rw_unlock(&view->lock);
|
lock_rw_unlock(&view->lock);
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
@ -1670,6 +1675,8 @@ int local_zone_str2type(const char* type, enum localzone_type* t)
|
|||||||
*t = local_zone_always_refuse;
|
*t = local_zone_always_refuse;
|
||||||
else if(strcmp(type, "always_nxdomain") == 0)
|
else if(strcmp(type, "always_nxdomain") == 0)
|
||||||
*t = local_zone_always_nxdomain;
|
*t = local_zone_always_nxdomain;
|
||||||
|
else if(strcmp(type, "nodefault") == 0)
|
||||||
|
*t = local_zone_nodefault;
|
||||||
else return 0;
|
else return 0;
|
||||||
return 1;
|
return 1;
|
||||||
}
|
}
|
||||||
|
@ -427,6 +427,15 @@ enum localzone_type local_data_find_tag_action(const uint8_t* taglist,
|
|||||||
const uint8_t* tagactions, size_t tagactionssize,
|
const uint8_t* tagactions, size_t tagactionssize,
|
||||||
enum localzone_type lzt, int* tag, char* const* tagname, int num_tags);
|
enum localzone_type lzt, int* tag, char* const* tagname, int num_tags);
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Enter defaults to local zone.
|
||||||
|
* @param zones: to add defaults to
|
||||||
|
* @param cfg: containing list of zones to exclude from default set.
|
||||||
|
* @return 1 on success; 0 otherwise.
|
||||||
|
*/
|
||||||
|
int local_zone_enter_defaults(struct local_zones* zones,
|
||||||
|
struct config_file* cfg);
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Parses resource record string into wire format, also returning its field values.
|
* Parses resource record string into wire format, also returning its field values.
|
||||||
* @param str: input resource record
|
* @param str: input resource record
|
||||||
|
@ -174,7 +174,7 @@ client_info_compare(const struct respip_client_info* ci_a,
|
|||||||
* but we check that just in case. */
|
* but we check that just in case. */
|
||||||
if(ci_a->respip_set != ci_b->respip_set)
|
if(ci_a->respip_set != ci_b->respip_set)
|
||||||
return ci_a->respip_set < ci_b->respip_set ? -1 : 1;
|
return ci_a->respip_set < ci_b->respip_set ? -1 : 1;
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
int
|
int
|
||||||
@ -821,26 +821,26 @@ void mesh_detach_subs(struct module_qstate* qstate)
|
|||||||
rbtree_init(&qstate->mesh_info->sub_set, &mesh_state_ref_compare);
|
rbtree_init(&qstate->mesh_info->sub_set, &mesh_state_ref_compare);
|
||||||
}
|
}
|
||||||
|
|
||||||
int mesh_attach_sub(struct module_qstate* qstate, struct query_info* qinfo,
|
int mesh_add_sub(struct module_qstate* qstate, struct query_info* qinfo,
|
||||||
uint16_t qflags, int prime, int valrec, struct module_qstate** newq)
|
uint16_t qflags, int prime, int valrec, struct module_qstate** newq,
|
||||||
|
struct mesh_state** sub)
|
||||||
{
|
{
|
||||||
/* find it, if not, create it */
|
/* find it, if not, create it */
|
||||||
struct mesh_area* mesh = qstate->env->mesh;
|
struct mesh_area* mesh = qstate->env->mesh;
|
||||||
struct mesh_state* sub = mesh_area_find(mesh, NULL, qinfo, qflags,
|
*sub = mesh_area_find(mesh, NULL, qinfo, qflags,
|
||||||
prime, valrec);
|
prime, valrec);
|
||||||
int was_detached;
|
if(mesh_detect_cycle_found(qstate, *sub)) {
|
||||||
if(mesh_detect_cycle_found(qstate, sub)) {
|
|
||||||
verbose(VERB_ALGO, "attach failed, cycle detected");
|
verbose(VERB_ALGO, "attach failed, cycle detected");
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
if(!sub) {
|
if(!*sub) {
|
||||||
#ifdef UNBOUND_DEBUG
|
#ifdef UNBOUND_DEBUG
|
||||||
struct rbnode_type* n;
|
struct rbnode_type* n;
|
||||||
#endif
|
#endif
|
||||||
/* create a new one */
|
/* create a new one */
|
||||||
sub = mesh_state_create(qstate->env, qinfo, NULL, qflags, prime,
|
*sub = mesh_state_create(qstate->env, qinfo, NULL, qflags, prime,
|
||||||
valrec);
|
valrec);
|
||||||
if(!sub) {
|
if(!*sub) {
|
||||||
log_err("mesh_attach_sub: out of memory");
|
log_err("mesh_attach_sub: out of memory");
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
@ -849,7 +849,7 @@ int mesh_attach_sub(struct module_qstate* qstate, struct query_info* qinfo,
|
|||||||
#else
|
#else
|
||||||
(void)
|
(void)
|
||||||
#endif
|
#endif
|
||||||
rbtree_insert(&mesh->all, &sub->node);
|
rbtree_insert(&mesh->all, &(*sub)->node);
|
||||||
log_assert(n != NULL);
|
log_assert(n != NULL);
|
||||||
/* set detached (it is now) */
|
/* set detached (it is now) */
|
||||||
mesh->num_detached_states++;
|
mesh->num_detached_states++;
|
||||||
@ -859,11 +859,22 @@ int mesh_attach_sub(struct module_qstate* qstate, struct query_info* qinfo,
|
|||||||
#else
|
#else
|
||||||
(void)
|
(void)
|
||||||
#endif
|
#endif
|
||||||
rbtree_insert(&mesh->run, &sub->run_node);
|
rbtree_insert(&mesh->run, &(*sub)->run_node);
|
||||||
log_assert(n != NULL);
|
log_assert(n != NULL);
|
||||||
*newq = &sub->s;
|
*newq = &(*sub)->s;
|
||||||
} else
|
} else
|
||||||
*newq = NULL;
|
*newq = NULL;
|
||||||
|
return 1;
|
||||||
|
}
|
||||||
|
|
||||||
|
int mesh_attach_sub(struct module_qstate* qstate, struct query_info* qinfo,
|
||||||
|
uint16_t qflags, int prime, int valrec, struct module_qstate** newq)
|
||||||
|
{
|
||||||
|
struct mesh_area* mesh = qstate->env->mesh;
|
||||||
|
struct mesh_state* sub = NULL;
|
||||||
|
int was_detached;
|
||||||
|
if(!mesh_add_sub(qstate, qinfo, qflags, prime, valrec, newq, &sub))
|
||||||
|
return 0;
|
||||||
was_detached = (sub->super_set.count == 0);
|
was_detached = (sub->super_set.count == 0);
|
||||||
if(!mesh_state_attachment(qstate->mesh_info, sub))
|
if(!mesh_state_attachment(qstate->mesh_info, sub))
|
||||||
return 0;
|
return 0;
|
||||||
|
@ -370,6 +370,35 @@ void mesh_detach_subs(struct module_qstate* qstate);
|
|||||||
int mesh_attach_sub(struct module_qstate* qstate, struct query_info* qinfo,
|
int mesh_attach_sub(struct module_qstate* qstate, struct query_info* qinfo,
|
||||||
uint16_t qflags, int prime, int valrec, struct module_qstate** newq);
|
uint16_t qflags, int prime, int valrec, struct module_qstate** newq);
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Add detached query.
|
||||||
|
* Creates it if it does not exist already.
|
||||||
|
* Does not make super/sub references.
|
||||||
|
* Performs a cycle detection - for double check - and fails if there is one.
|
||||||
|
* Updates stat items in mesh_area structure.
|
||||||
|
* Pass if it is priming query or not.
|
||||||
|
* return:
|
||||||
|
* o if error (malloc) happened.
|
||||||
|
* o need to initialise the new state (module init; it is a new state).
|
||||||
|
* so that the next run of the query with this module is successful.
|
||||||
|
* o no init needed, attachment successful.
|
||||||
|
* o added subquery, created if it did not exist already.
|
||||||
|
*
|
||||||
|
* @param qstate: the state to find mesh state, and that wants to receive
|
||||||
|
* the results from the new subquery.
|
||||||
|
* @param qinfo: what to query for (copied).
|
||||||
|
* @param qflags: what flags to use (RD / CD flag or not).
|
||||||
|
* @param prime: if it is a (stub) priming query.
|
||||||
|
* @param valrec: if it is a validation recursion query (lookup of key, DS).
|
||||||
|
* @param newq: If the new subquery needs initialisation, it is returned,
|
||||||
|
* otherwise NULL is returned.
|
||||||
|
* @param sub: The added mesh state, created if it did not exist already.
|
||||||
|
* @return: false on error, true if success (and init may be needed).
|
||||||
|
*/
|
||||||
|
int mesh_add_sub(struct module_qstate* qstate, struct query_info* qinfo,
|
||||||
|
uint16_t qflags, int prime, int valrec, struct module_qstate** newq,
|
||||||
|
struct mesh_state** sub);
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Query state is done, send messages to reply entries.
|
* Query state is done, send messages to reply entries.
|
||||||
* Encode messages using reply entry values and the querystate (with original
|
* Encode messages using reply entry values and the querystate (with original
|
||||||
|
@ -54,6 +54,9 @@
|
|||||||
#ifdef USE_CACHEDB
|
#ifdef USE_CACHEDB
|
||||||
#include "cachedb/cachedb.h"
|
#include "cachedb/cachedb.h"
|
||||||
#endif
|
#endif
|
||||||
|
#ifdef USE_IPSECMOD
|
||||||
|
#include "ipsecmod/ipsecmod.h"
|
||||||
|
#endif
|
||||||
#ifdef CLIENT_SUBNET
|
#ifdef CLIENT_SUBNET
|
||||||
#include "edns-subnet/subnetmod.h"
|
#include "edns-subnet/subnetmod.h"
|
||||||
#endif
|
#endif
|
||||||
@ -126,17 +129,20 @@ module_list_avail(void)
|
|||||||
static const char* names[] = {
|
static const char* names[] = {
|
||||||
"dns64",
|
"dns64",
|
||||||
#ifdef WITH_PYTHONMODULE
|
#ifdef WITH_PYTHONMODULE
|
||||||
"python",
|
"python",
|
||||||
#endif
|
#endif
|
||||||
#ifdef USE_CACHEDB
|
#ifdef USE_CACHEDB
|
||||||
"cachedb",
|
"cachedb",
|
||||||
#endif
|
#endif
|
||||||
|
#ifdef USE_IPSECMOD
|
||||||
|
"ipsecmod",
|
||||||
|
#endif
|
||||||
#ifdef CLIENT_SUBNET
|
#ifdef CLIENT_SUBNET
|
||||||
"subnetcache",
|
"subnetcache",
|
||||||
#endif
|
#endif
|
||||||
"respip",
|
"respip",
|
||||||
"validator",
|
"validator",
|
||||||
"iterator",
|
"iterator",
|
||||||
NULL};
|
NULL};
|
||||||
return names;
|
return names;
|
||||||
}
|
}
|
||||||
@ -151,22 +157,25 @@ module_funcs_avail(void)
|
|||||||
static struct module_func_block* (*fb[])(void) = {
|
static struct module_func_block* (*fb[])(void) = {
|
||||||
&dns64_get_funcblock,
|
&dns64_get_funcblock,
|
||||||
#ifdef WITH_PYTHONMODULE
|
#ifdef WITH_PYTHONMODULE
|
||||||
&pythonmod_get_funcblock,
|
&pythonmod_get_funcblock,
|
||||||
#endif
|
#endif
|
||||||
#ifdef USE_CACHEDB
|
#ifdef USE_CACHEDB
|
||||||
&cachedb_get_funcblock,
|
&cachedb_get_funcblock,
|
||||||
#endif
|
#endif
|
||||||
|
#ifdef USE_IPSECMOD
|
||||||
|
&ipsecmod_get_funcblock,
|
||||||
|
#endif
|
||||||
#ifdef CLIENT_SUBNET
|
#ifdef CLIENT_SUBNET
|
||||||
&subnetmod_get_funcblock,
|
&subnetmod_get_funcblock,
|
||||||
#endif
|
#endif
|
||||||
&respip_get_funcblock,
|
&respip_get_funcblock,
|
||||||
&val_get_funcblock,
|
&val_get_funcblock,
|
||||||
&iter_get_funcblock,
|
&iter_get_funcblock,
|
||||||
NULL};
|
NULL};
|
||||||
return fb;
|
return fb;
|
||||||
}
|
}
|
||||||
|
|
||||||
struct
|
struct
|
||||||
module_func_block* module_factory(const char** str)
|
module_func_block* module_factory(const char** str)
|
||||||
{
|
{
|
||||||
int i = 0;
|
int i = 0;
|
||||||
@ -234,3 +243,15 @@ modstack_find(struct module_stack* stack, const char* name)
|
|||||||
}
|
}
|
||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
size_t
|
||||||
|
mod_get_mem(struct module_env* env, const char* name)
|
||||||
|
{
|
||||||
|
int m = modstack_find(&env->mesh->mods, name);
|
||||||
|
if(m != -1) {
|
||||||
|
fptr_ok(fptr_whitelist_mod_get_mem(env->mesh->
|
||||||
|
mods.mod[m]->get_mem));
|
||||||
|
return (*env->mesh->mods.mod[m]->get_mem)(env, m);
|
||||||
|
}
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
@ -110,4 +110,7 @@ void modstack_desetup(struct module_stack* stack, struct module_env* env);
|
|||||||
*/
|
*/
|
||||||
int modstack_find(struct module_stack* stack, const char* name);
|
int modstack_find(struct module_stack* stack, const char* name);
|
||||||
|
|
||||||
|
/** fetch memory for a module by name, returns 0 if module not there */
|
||||||
|
size_t mod_get_mem(struct module_env* env, const char* name);
|
||||||
|
|
||||||
#endif /* SERVICES_MODSTACK_H */
|
#endif /* SERVICES_MODSTACK_H */
|
||||||
|
@ -204,6 +204,9 @@ outnet_tcp_take_into_use(struct waiting_tcp* w, uint8_t* pkt, size_t pkt_len)
|
|||||||
{
|
{
|
||||||
struct pending_tcp* pend = w->outnet->tcp_free;
|
struct pending_tcp* pend = w->outnet->tcp_free;
|
||||||
int s;
|
int s;
|
||||||
|
#ifdef SO_REUSEADDR
|
||||||
|
int on = 1;
|
||||||
|
#endif
|
||||||
log_assert(pend);
|
log_assert(pend);
|
||||||
log_assert(pkt);
|
log_assert(pkt);
|
||||||
log_assert(w->addrlen > 0);
|
log_assert(w->addrlen > 0);
|
||||||
@ -225,13 +228,20 @@ outnet_tcp_take_into_use(struct waiting_tcp* w, uint8_t* pkt, size_t pkt_len)
|
|||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
#ifdef SO_REUSEADDR
|
||||||
|
if(setsockopt(s, SOL_SOCKET, SO_REUSEADDR, (void*)&on,
|
||||||
|
(socklen_t)sizeof(on)) < 0) {
|
||||||
|
verbose(VERB_ALGO, "outgoing tcp:"
|
||||||
|
" setsockopt(.. SO_REUSEADDR ..) failed");
|
||||||
|
}
|
||||||
|
#endif
|
||||||
if (w->outnet->tcp_mss > 0) {
|
if (w->outnet->tcp_mss > 0) {
|
||||||
#if defined(IPPROTO_TCP) && defined(TCP_MAXSEG)
|
#if defined(IPPROTO_TCP) && defined(TCP_MAXSEG)
|
||||||
if(setsockopt(s, IPPROTO_TCP, TCP_MAXSEG,
|
if(setsockopt(s, IPPROTO_TCP, TCP_MAXSEG,
|
||||||
(void*)&w->outnet->tcp_mss,
|
(void*)&w->outnet->tcp_mss,
|
||||||
(socklen_t)sizeof(w->outnet->tcp_mss)) < 0) {
|
(socklen_t)sizeof(w->outnet->tcp_mss)) < 0) {
|
||||||
verbose(VERB_ALGO, "outgoing tcp:"
|
verbose(VERB_ALGO, "outgoing tcp:"
|
||||||
" setsockopt(.. SO_REUSEADDR ..) failed");
|
" setsockopt(.. TCP_MAXSEG ..) failed");
|
||||||
}
|
}
|
||||||
#else
|
#else
|
||||||
verbose(VERB_ALGO, "outgoing tcp:"
|
verbose(VERB_ALGO, "outgoing tcp:"
|
||||||
@ -1538,18 +1548,22 @@ serviced_udp_send(struct serviced_query* sq, sldns_buffer* buff)
|
|||||||
static int
|
static int
|
||||||
serviced_check_qname(sldns_buffer* pkt, uint8_t* qbuf, size_t qbuflen)
|
serviced_check_qname(sldns_buffer* pkt, uint8_t* qbuf, size_t qbuflen)
|
||||||
{
|
{
|
||||||
uint8_t* d1 = sldns_buffer_at(pkt, 12);
|
uint8_t* d1 = sldns_buffer_begin(pkt)+12;
|
||||||
uint8_t* d2 = qbuf+10;
|
uint8_t* d2 = qbuf+10;
|
||||||
uint8_t len1, len2;
|
uint8_t len1, len2;
|
||||||
int count = 0;
|
int count = 0;
|
||||||
|
if(sldns_buffer_limit(pkt) < 12+1+4) /* packet too small for qname */
|
||||||
|
return 0;
|
||||||
log_assert(qbuflen >= 15 /* 10 header, root, type, class */);
|
log_assert(qbuflen >= 15 /* 10 header, root, type, class */);
|
||||||
len1 = *d1++;
|
len1 = *d1++;
|
||||||
len2 = *d2++;
|
len2 = *d2++;
|
||||||
if(sldns_buffer_limit(pkt) < 12+1+4) /* packet too small for qname */
|
|
||||||
return 0;
|
|
||||||
while(len1 != 0 || len2 != 0) {
|
while(len1 != 0 || len2 != 0) {
|
||||||
if(LABEL_IS_PTR(len1)) {
|
if(LABEL_IS_PTR(len1)) {
|
||||||
|
/* check if we can read *d1 with compression ptr rest */
|
||||||
|
if(d1 >= sldns_buffer_at(pkt, sldns_buffer_limit(pkt)))
|
||||||
|
return 0;
|
||||||
d1 = sldns_buffer_begin(pkt)+PTR_OFFSET(len1, *d1);
|
d1 = sldns_buffer_begin(pkt)+PTR_OFFSET(len1, *d1);
|
||||||
|
/* check if we can read the destination *d1 */
|
||||||
if(d1 >= sldns_buffer_at(pkt, sldns_buffer_limit(pkt)))
|
if(d1 >= sldns_buffer_at(pkt, sldns_buffer_limit(pkt)))
|
||||||
return 0;
|
return 0;
|
||||||
len1 = *d1++;
|
len1 = *d1++;
|
||||||
@ -1563,6 +1577,9 @@ serviced_check_qname(sldns_buffer* pkt, uint8_t* qbuf, size_t qbuflen)
|
|||||||
return 0;
|
return 0;
|
||||||
if(len1 > LDNS_MAX_LABELLEN)
|
if(len1 > LDNS_MAX_LABELLEN)
|
||||||
return 0;
|
return 0;
|
||||||
|
/* check len1 + 1(next length) are okay to read */
|
||||||
|
if(d1+len1 >= sldns_buffer_at(pkt, sldns_buffer_limit(pkt)))
|
||||||
|
return 0;
|
||||||
log_assert(len1 <= LDNS_MAX_LABELLEN);
|
log_assert(len1 <= LDNS_MAX_LABELLEN);
|
||||||
log_assert(len2 <= LDNS_MAX_LABELLEN);
|
log_assert(len2 <= LDNS_MAX_LABELLEN);
|
||||||
log_assert(len1 == len2 && len1 != 0);
|
log_assert(len1 == len2 && len1 != 0);
|
||||||
|
@ -167,6 +167,44 @@ views_apply_cfg(struct views* vs, struct config_file* cfg)
|
|||||||
lz_cfg.local_data = cv->local_data;
|
lz_cfg.local_data = cv->local_data;
|
||||||
lz_cfg.local_zones_nodefault =
|
lz_cfg.local_zones_nodefault =
|
||||||
cv->local_zones_nodefault;
|
cv->local_zones_nodefault;
|
||||||
|
if(v->isfirst) {
|
||||||
|
/* Do not add defaults to view-specific
|
||||||
|
* local-zone when global local zone will be
|
||||||
|
* used. */
|
||||||
|
struct config_strlist* nd;
|
||||||
|
lz_cfg.local_zones_disable_default = 1;
|
||||||
|
/* Add nodefault zones to list of zones to add,
|
||||||
|
* so they will be used as if they are
|
||||||
|
* configured as type transparent */
|
||||||
|
for(nd = cv->local_zones_nodefault; nd;
|
||||||
|
nd = nd->next) {
|
||||||
|
char* nd_str, *nd_type;
|
||||||
|
nd_str = strdup(nd->str);
|
||||||
|
if(!nd_str) {
|
||||||
|
log_err("out of memory");
|
||||||
|
lock_rw_unlock(&v->lock);
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
nd_type = strdup("nodefault");
|
||||||
|
if(!nd_type) {
|
||||||
|
log_err("out of memory");
|
||||||
|
free(nd_str);
|
||||||
|
lock_rw_unlock(&v->lock);
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
if(!cfg_str2list_insert(
|
||||||
|
&lz_cfg.local_zones, nd_str,
|
||||||
|
nd_type)) {
|
||||||
|
log_err("failed to insert "
|
||||||
|
"default zones into "
|
||||||
|
"local-zone list");
|
||||||
|
free(nd_str);
|
||||||
|
free(nd_type);
|
||||||
|
lock_rw_unlock(&v->lock);
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
if(!local_zones_apply_cfg(v->local_zones, &lz_cfg)){
|
if(!local_zones_apply_cfg(v->local_zones, &lz_cfg)){
|
||||||
lock_rw_unlock(&v->lock);
|
lock_rw_unlock(&v->lock);
|
||||||
return 0;
|
return 0;
|
||||||
|
@ -388,6 +388,27 @@ sldns_ecdsa2pkey_raw(unsigned char* key, size_t keylen, uint8_t algo)
|
|||||||
}
|
}
|
||||||
#endif /* USE_ECDSA */
|
#endif /* USE_ECDSA */
|
||||||
|
|
||||||
|
#ifdef USE_ED25519
|
||||||
|
EVP_PKEY*
|
||||||
|
sldns_ed255192pkey_raw(const unsigned char* key, size_t keylen)
|
||||||
|
{
|
||||||
|
/* ASN1 for ED25519 is 302a300506032b6570032100 <32byteskey> */
|
||||||
|
uint8_t pre[] = {0x30, 0x2a, 0x30, 0x05, 0x06, 0x03, 0x2b, 0x65,
|
||||||
|
0x70, 0x03, 0x21, 0x00};
|
||||||
|
int pre_len = 12;
|
||||||
|
uint8_t buf[256];
|
||||||
|
EVP_PKEY *evp_key;
|
||||||
|
/* pp gets modified by d2i() */
|
||||||
|
const unsigned char* pp = (unsigned char*)buf;
|
||||||
|
if(keylen != 32 || keylen + pre_len > sizeof(buf))
|
||||||
|
return NULL; /* wrong length */
|
||||||
|
memmove(buf, pre, pre_len);
|
||||||
|
memmove(buf+pre_len, key, keylen);
|
||||||
|
evp_key = d2i_PUBKEY(NULL, &pp, (int)(pre_len+keylen));
|
||||||
|
return evp_key;
|
||||||
|
}
|
||||||
|
#endif /* USE_ED25519 */
|
||||||
|
|
||||||
int
|
int
|
||||||
sldns_digest_evp(unsigned char* data, unsigned int len, unsigned char* dest,
|
sldns_digest_evp(unsigned char* data, unsigned int len, unsigned char* dest,
|
||||||
const EVP_MD* md)
|
const EVP_MD* md)
|
||||||
|
@ -92,6 +92,15 @@ EVP_PKEY* sldns_ecdsa2pkey_raw(unsigned char* key, size_t keylen, uint8_t algo);
|
|||||||
*/
|
*/
|
||||||
RSA *sldns_key_buf2rsa_raw(unsigned char* key, size_t len);
|
RSA *sldns_key_buf2rsa_raw(unsigned char* key, size_t len);
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Converts a holding buffer with key material to EVP PKEY in openssl.
|
||||||
|
* Only available if ldns was compiled with ED25519.
|
||||||
|
* \param[in] key the uncompressed wireformat of the key.
|
||||||
|
* \param[in] len length of key data
|
||||||
|
* \return the key or NULL on error.
|
||||||
|
*/
|
||||||
|
EVP_PKEY* sldns_ed255192pkey_raw(const unsigned char* key, size_t len);
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Utility function to calculate hash using generic EVP_MD pointer.
|
* Utility function to calculate hash using generic EVP_MD pointer.
|
||||||
* \param[in] data the data to hash.
|
* \param[in] data the data to hash.
|
||||||
|
@ -120,6 +120,10 @@ sldns_fget_token_l(FILE *f, char *token, const char *delim, size_t limit, int *l
|
|||||||
if (line_nr) {
|
if (line_nr) {
|
||||||
*line_nr = *line_nr + 1;
|
*line_nr = *line_nr + 1;
|
||||||
}
|
}
|
||||||
|
if (limit > 0 && (i >= limit || (size_t)(t-token) >= limit)) {
|
||||||
|
*t = '\0';
|
||||||
|
return -1;
|
||||||
|
}
|
||||||
*t++ = ' ';
|
*t++ = ' ';
|
||||||
prev_c = c;
|
prev_c = c;
|
||||||
continue;
|
continue;
|
||||||
|
@ -175,7 +175,7 @@ static const sldns_rdf_type type_tkey_wireformat[] = {
|
|||||||
LDNS_RDF_TYPE_TIME,
|
LDNS_RDF_TYPE_TIME,
|
||||||
LDNS_RDF_TYPE_TIME,
|
LDNS_RDF_TYPE_TIME,
|
||||||
LDNS_RDF_TYPE_INT16,
|
LDNS_RDF_TYPE_INT16,
|
||||||
LDNS_RDF_TYPE_INT16,
|
LDNS_RDF_TYPE_TSIGERROR,
|
||||||
LDNS_RDF_TYPE_INT16_DATA,
|
LDNS_RDF_TYPE_INT16_DATA,
|
||||||
LDNS_RDF_TYPE_INT16_DATA,
|
LDNS_RDF_TYPE_INT16_DATA,
|
||||||
};
|
};
|
||||||
@ -185,7 +185,7 @@ static const sldns_rdf_type type_tsig_wireformat[] = {
|
|||||||
LDNS_RDF_TYPE_INT16,
|
LDNS_RDF_TYPE_INT16,
|
||||||
LDNS_RDF_TYPE_INT16_DATA,
|
LDNS_RDF_TYPE_INT16_DATA,
|
||||||
LDNS_RDF_TYPE_INT16,
|
LDNS_RDF_TYPE_INT16,
|
||||||
LDNS_RDF_TYPE_INT16,
|
LDNS_RDF_TYPE_TSIGERROR,
|
||||||
LDNS_RDF_TYPE_INT16_DATA
|
LDNS_RDF_TYPE_INT16_DATA
|
||||||
};
|
};
|
||||||
static const sldns_rdf_type type_tlsa_wireformat[] = {
|
static const sldns_rdf_type type_tlsa_wireformat[] = {
|
||||||
@ -341,8 +341,12 @@ static sldns_rr_descriptor rdata_field_descriptors[] = {
|
|||||||
{LDNS_RR_TYPE_NSEC3PARAM, "NSEC3PARAM", 4, 4, type_nsec3param_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
|
{LDNS_RR_TYPE_NSEC3PARAM, "NSEC3PARAM", 4, 4, type_nsec3param_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
|
||||||
/* 52 */
|
/* 52 */
|
||||||
{LDNS_RR_TYPE_TLSA, "TLSA", 4, 4, type_tlsa_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
|
{LDNS_RR_TYPE_TLSA, "TLSA", 4, 4, type_tlsa_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
|
||||||
|
/*53 */
|
||||||
|
#ifdef DRAFT_RRTYPES
|
||||||
|
{LDNS_RR_TYPE_SMIMEA, "SMIMEA", 4, 4, type_tlsa_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
|
||||||
|
#else
|
||||||
{LDNS_RR_TYPE_NULL, "TYPE53", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
|
{LDNS_RR_TYPE_NULL, "TYPE53", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
|
||||||
|
#endif
|
||||||
{LDNS_RR_TYPE_NULL, "TYPE54", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
|
{LDNS_RR_TYPE_NULL, "TYPE54", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
|
||||||
/* 55
|
/* 55
|
||||||
* Hip ends with 0 or more Rendezvous Servers represented as dname's.
|
* Hip ends with 0 or more Rendezvous Servers represented as dname's.
|
||||||
@ -600,6 +604,12 @@ static sldns_rr_descriptor rdata_field_descriptors[] = {
|
|||||||
{LDNS_RR_TYPE_URI, "URI", 3, 3, type_uri_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
|
{LDNS_RR_TYPE_URI, "URI", 3, 3, type_uri_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
|
||||||
/* 257 */
|
/* 257 */
|
||||||
{LDNS_RR_TYPE_CAA, "CAA", 3, 3, type_caa_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
|
{LDNS_RR_TYPE_CAA, "CAA", 3, 3, type_caa_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
|
||||||
|
#ifdef DRAFT_RRTYPES
|
||||||
|
/* 258 */
|
||||||
|
{LDNS_RR_TYPE_AVC, "AVC", 1, 0, NULL, LDNS_RDF_TYPE_STR, LDNS_RR_NO_COMPRESS, 0 },
|
||||||
|
#else
|
||||||
|
{LDNS_RR_TYPE_NULL, "TYPE258", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
|
||||||
|
#endif
|
||||||
|
|
||||||
/* split in array, no longer contiguous */
|
/* split in array, no longer contiguous */
|
||||||
|
|
||||||
|
@ -38,7 +38,7 @@ extern "C" {
|
|||||||
#define LDNS_KEY_REVOKE_KEY 0x0080 /* used to revoke KSK, rfc 5011 */
|
#define LDNS_KEY_REVOKE_KEY 0x0080 /* used to revoke KSK, rfc 5011 */
|
||||||
|
|
||||||
/* The first fields are contiguous and can be referenced instantly */
|
/* The first fields are contiguous and can be referenced instantly */
|
||||||
#define LDNS_RDATA_FIELD_DESCRIPTORS_COMMON 258
|
#define LDNS_RDATA_FIELD_DESCRIPTORS_COMMON 259
|
||||||
|
|
||||||
/** lookuptable for rr classes */
|
/** lookuptable for rr classes */
|
||||||
extern struct sldns_struct_lookup_table* sldns_rr_classes;
|
extern struct sldns_struct_lookup_table* sldns_rr_classes;
|
||||||
@ -226,6 +226,7 @@ enum sldns_enum_rr_type
|
|||||||
LDNS_RR_TYPE_ANY = 255,
|
LDNS_RR_TYPE_ANY = 255,
|
||||||
LDNS_RR_TYPE_URI = 256, /* RFC 7553 */
|
LDNS_RR_TYPE_URI = 256, /* RFC 7553 */
|
||||||
LDNS_RR_TYPE_CAA = 257, /* RFC 6844 */
|
LDNS_RR_TYPE_CAA = 257, /* RFC 6844 */
|
||||||
|
LDNS_RR_TYPE_AVC = 258,
|
||||||
|
|
||||||
/** DNSSEC Trust Authorities */
|
/** DNSSEC Trust Authorities */
|
||||||
LDNS_RR_TYPE_TA = 32768,
|
LDNS_RR_TYPE_TA = 32768,
|
||||||
@ -350,6 +351,9 @@ enum sldns_enum_rdf_type
|
|||||||
*/
|
*/
|
||||||
LDNS_RDF_TYPE_LONG_STR,
|
LDNS_RDF_TYPE_LONG_STR,
|
||||||
|
|
||||||
|
/** TSIG extended 16bit error value */
|
||||||
|
LDNS_RDF_TYPE_TSIGERROR,
|
||||||
|
|
||||||
/* Aliases */
|
/* Aliases */
|
||||||
LDNS_RDF_TYPE_BITMAP = LDNS_RDF_TYPE_NSEC
|
LDNS_RDF_TYPE_BITMAP = LDNS_RDF_TYPE_NSEC
|
||||||
};
|
};
|
||||||
@ -430,6 +434,15 @@ typedef enum sldns_enum_edns_option sldns_edns_option;
|
|||||||
|
|
||||||
#define LDNS_EDNS_MASK_DO_BIT 0x8000
|
#define LDNS_EDNS_MASK_DO_BIT 0x8000
|
||||||
|
|
||||||
|
/** TSIG and TKEY extended rcodes (16bit), 0-15 are the normal rcodes. */
|
||||||
|
#define LDNS_TSIG_ERROR_NOERROR 0
|
||||||
|
#define LDNS_TSIG_ERROR_BADSIG 16
|
||||||
|
#define LDNS_TSIG_ERROR_BADKEY 17
|
||||||
|
#define LDNS_TSIG_ERROR_BADTIME 18
|
||||||
|
#define LDNS_TSIG_ERROR_BADMODE 19
|
||||||
|
#define LDNS_TSIG_ERROR_BADNAME 20
|
||||||
|
#define LDNS_TSIG_ERROR_BADALG 21
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Contains all information about resource record types.
|
* Contains all information about resource record types.
|
||||||
*
|
*
|
||||||
|
@ -50,6 +50,8 @@ sldns_buffer_new_frm_data(sldns_buffer *buffer, void *data, size_t size)
|
|||||||
buffer->_limit = buffer->_capacity = size;
|
buffer->_limit = buffer->_capacity = size;
|
||||||
buffer->_fixed = 0;
|
buffer->_fixed = 0;
|
||||||
buffer->_vfixed = 0;
|
buffer->_vfixed = 0;
|
||||||
|
if (!buffer->_fixed && buffer->_data)
|
||||||
|
free(buffer->_data);
|
||||||
buffer->_data = malloc(size);
|
buffer->_data = malloc(size);
|
||||||
if(!buffer->_data) {
|
if(!buffer->_data) {
|
||||||
buffer->_status_err = 1;
|
buffer->_status_err = 1;
|
||||||
|
@ -664,6 +664,14 @@ rrinternal_parse_rdata(sldns_buffer* strbuf, char* token, size_t token_len,
|
|||||||
&pre_data_pos, delimiters,
|
&pre_data_pos, delimiters,
|
||||||
rdftype, &token_strlen))
|
rdftype, &token_strlen))
|
||||||
break;
|
break;
|
||||||
|
} else if(rdftype == LDNS_RDF_TYPE_INT16_DATA &&
|
||||||
|
strcmp(token, "0")!=0) {
|
||||||
|
/* affix len and b64 fields */
|
||||||
|
if(!sldns_affix_token(strbuf, token,
|
||||||
|
&token_len, "ed, &parens,
|
||||||
|
&pre_data_pos, delimiters,
|
||||||
|
rdftype, &token_strlen))
|
||||||
|
break;
|
||||||
}
|
}
|
||||||
|
|
||||||
/* normal RR */
|
/* normal RR */
|
||||||
@ -861,6 +869,8 @@ int sldns_fp2wire_rr_buf(FILE* in, uint8_t* rr, size_t* len, size_t* dname_len,
|
|||||||
/* we can have the situation, where we've read ok, but still got
|
/* we can have the situation, where we've read ok, but still got
|
||||||
* no bytes to play with, in this case size is 0 */
|
* no bytes to play with, in this case size is 0 */
|
||||||
if(size == 0) {
|
if(size == 0) {
|
||||||
|
if(*len > 0)
|
||||||
|
rr[0] = 0;
|
||||||
*len = 0;
|
*len = 0;
|
||||||
*dname_len = 0;
|
*dname_len = 0;
|
||||||
return LDNS_WIREPARSE_ERR_OK;
|
return LDNS_WIREPARSE_ERR_OK;
|
||||||
@ -868,6 +878,7 @@ int sldns_fp2wire_rr_buf(FILE* in, uint8_t* rr, size_t* len, size_t* dname_len,
|
|||||||
|
|
||||||
if(strncmp(line, "$ORIGIN", 7) == 0 && isspace((unsigned char)line[7])) {
|
if(strncmp(line, "$ORIGIN", 7) == 0 && isspace((unsigned char)line[7])) {
|
||||||
int s;
|
int s;
|
||||||
|
strlcpy((char*)rr, line, *len);
|
||||||
*len = 0;
|
*len = 0;
|
||||||
*dname_len = 0;
|
*dname_len = 0;
|
||||||
if(!parse_state) return LDNS_WIREPARSE_ERR_OK;
|
if(!parse_state) return LDNS_WIREPARSE_ERR_OK;
|
||||||
@ -878,12 +889,19 @@ int sldns_fp2wire_rr_buf(FILE* in, uint8_t* rr, size_t* len, size_t* dname_len,
|
|||||||
return s;
|
return s;
|
||||||
} else if(strncmp(line, "$TTL", 4) == 0 && isspace((unsigned char)line[4])) {
|
} else if(strncmp(line, "$TTL", 4) == 0 && isspace((unsigned char)line[4])) {
|
||||||
const char* end = NULL;
|
const char* end = NULL;
|
||||||
|
strlcpy((char*)rr, line, *len);
|
||||||
*len = 0;
|
*len = 0;
|
||||||
*dname_len = 0;
|
*dname_len = 0;
|
||||||
if(!parse_state) return LDNS_WIREPARSE_ERR_OK;
|
if(!parse_state) return LDNS_WIREPARSE_ERR_OK;
|
||||||
parse_state->default_ttl = sldns_str2period(
|
parse_state->default_ttl = sldns_str2period(
|
||||||
sldns_strip_ws(line+5), &end);
|
sldns_strip_ws(line+5), &end);
|
||||||
} else if (strncmp(line, "$INCLUDE", 8) == 0) {
|
} else if (strncmp(line, "$INCLUDE", 8) == 0) {
|
||||||
|
strlcpy((char*)rr, line, *len);
|
||||||
|
*len = 0;
|
||||||
|
*dname_len = 0;
|
||||||
|
return LDNS_WIREPARSE_ERR_INCLUDE;
|
||||||
|
} else if (strncmp(line, "$", 1) == 0) {
|
||||||
|
strlcpy((char*)rr, line, *len);
|
||||||
*len = 0;
|
*len = 0;
|
||||||
*dname_len = 0;
|
*dname_len = 0;
|
||||||
return LDNS_WIREPARSE_ERR_INCLUDE;
|
return LDNS_WIREPARSE_ERR_INCLUDE;
|
||||||
@ -940,6 +958,8 @@ int sldns_str2wire_rdf_buf(const char* str, uint8_t* rd, size_t* len,
|
|||||||
return sldns_str2wire_time_buf(str, rd, len);
|
return sldns_str2wire_time_buf(str, rd, len);
|
||||||
case LDNS_RDF_TYPE_PERIOD:
|
case LDNS_RDF_TYPE_PERIOD:
|
||||||
return sldns_str2wire_period_buf(str, rd, len);
|
return sldns_str2wire_period_buf(str, rd, len);
|
||||||
|
case LDNS_RDF_TYPE_TSIGTIME:
|
||||||
|
return sldns_str2wire_tsigtime_buf(str, rd, len);
|
||||||
case LDNS_RDF_TYPE_LOC:
|
case LDNS_RDF_TYPE_LOC:
|
||||||
return sldns_str2wire_loc_buf(str, rd, len);
|
return sldns_str2wire_loc_buf(str, rd, len);
|
||||||
case LDNS_RDF_TYPE_WKS:
|
case LDNS_RDF_TYPE_WKS:
|
||||||
@ -964,6 +984,8 @@ int sldns_str2wire_rdf_buf(const char* str, uint8_t* rd, size_t* len,
|
|||||||
return sldns_str2wire_tag_buf(str, rd, len);
|
return sldns_str2wire_tag_buf(str, rd, len);
|
||||||
case LDNS_RDF_TYPE_LONG_STR:
|
case LDNS_RDF_TYPE_LONG_STR:
|
||||||
return sldns_str2wire_long_str_buf(str, rd, len);
|
return sldns_str2wire_long_str_buf(str, rd, len);
|
||||||
|
case LDNS_RDF_TYPE_TSIGERROR:
|
||||||
|
return sldns_str2wire_tsigerror_buf(str, rd, len);
|
||||||
case LDNS_RDF_TYPE_HIP:
|
case LDNS_RDF_TYPE_HIP:
|
||||||
return sldns_str2wire_hip_buf(str, rd, len);
|
return sldns_str2wire_hip_buf(str, rd, len);
|
||||||
case LDNS_RDF_TYPE_INT16_DATA:
|
case LDNS_RDF_TYPE_INT16_DATA:
|
||||||
@ -1341,6 +1363,21 @@ int sldns_str2wire_alg_buf(const char* str, uint8_t* rd, size_t* len)
|
|||||||
return LDNS_WIREPARSE_ERR_OK;
|
return LDNS_WIREPARSE_ERR_OK;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
int sldns_str2wire_tsigerror_buf(const char* str, uint8_t* rd, size_t* len)
|
||||||
|
{
|
||||||
|
sldns_lookup_table *lt = sldns_lookup_by_name(sldns_tsig_errors, str);
|
||||||
|
if(*len < 2)
|
||||||
|
return LDNS_WIREPARSE_ERR_BUFFER_TOO_SMALL;
|
||||||
|
if(lt) {
|
||||||
|
sldns_write_uint16(rd, (uint16_t)lt->id);
|
||||||
|
*len = 2;
|
||||||
|
} else {
|
||||||
|
/* try as-is (a number) */
|
||||||
|
return sldns_str2wire_int16_buf(str, rd, len);
|
||||||
|
}
|
||||||
|
return LDNS_WIREPARSE_ERR_OK;
|
||||||
|
}
|
||||||
|
|
||||||
int sldns_str2wire_time_buf(const char* str, uint8_t* rd, size_t* len)
|
int sldns_str2wire_time_buf(const char* str, uint8_t* rd, size_t* len)
|
||||||
{
|
{
|
||||||
/* convert a time YYYYDDMMHHMMSS to wireformat */
|
/* convert a time YYYYDDMMHHMMSS to wireformat */
|
||||||
@ -1383,6 +1420,24 @@ int sldns_str2wire_time_buf(const char* str, uint8_t* rd, size_t* len)
|
|||||||
return LDNS_WIREPARSE_ERR_OK;
|
return LDNS_WIREPARSE_ERR_OK;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
int sldns_str2wire_tsigtime_buf(const char* str, uint8_t* rd, size_t* len)
|
||||||
|
{
|
||||||
|
char* end;
|
||||||
|
uint64_t t = (uint64_t)strtol((char*)str, &end, 10);
|
||||||
|
uint16_t high;
|
||||||
|
uint32_t low;
|
||||||
|
if(*end != 0)
|
||||||
|
return RET_ERR(LDNS_WIREPARSE_ERR_SYNTAX_TIME, end-str);
|
||||||
|
if(*len < 6)
|
||||||
|
return LDNS_WIREPARSE_ERR_BUFFER_TOO_SMALL;
|
||||||
|
high = (uint16_t)(t>>32);
|
||||||
|
low = (uint32_t)(t);
|
||||||
|
sldns_write_uint16(rd, high);
|
||||||
|
sldns_write_uint32(rd+2, low);
|
||||||
|
*len = 6;
|
||||||
|
return LDNS_WIREPARSE_ERR_OK;
|
||||||
|
}
|
||||||
|
|
||||||
int sldns_str2wire_period_buf(const char* str, uint8_t* rd, size_t* len)
|
int sldns_str2wire_period_buf(const char* str, uint8_t* rd, size_t* len)
|
||||||
{
|
{
|
||||||
const char* end;
|
const char* end;
|
||||||
@ -2008,16 +2063,29 @@ int sldns_str2wire_hip_buf(const char* str, uint8_t* rd, size_t* len)
|
|||||||
|
|
||||||
int sldns_str2wire_int16_data_buf(const char* str, uint8_t* rd, size_t* len)
|
int sldns_str2wire_int16_data_buf(const char* str, uint8_t* rd, size_t* len)
|
||||||
{
|
{
|
||||||
size_t sz = sldns_b64_pton_calculate_size(strlen(str));
|
char* s;
|
||||||
int n;
|
int n;
|
||||||
if(*len < sz+2)
|
n = strtol(str, &s, 10);
|
||||||
|
if(*len < ((size_t)n)+2)
|
||||||
return LDNS_WIREPARSE_ERR_BUFFER_TOO_SMALL;
|
return LDNS_WIREPARSE_ERR_BUFFER_TOO_SMALL;
|
||||||
if(sz > 65535)
|
if(n > 65535)
|
||||||
return LDNS_WIREPARSE_ERR_LABEL_OVERFLOW;
|
return LDNS_WIREPARSE_ERR_LABEL_OVERFLOW;
|
||||||
n = sldns_b64_pton(str, rd+2, (*len)-2);
|
|
||||||
|
if(n == 0) {
|
||||||
|
sldns_write_uint16(rd, 0);
|
||||||
|
*len = 2;
|
||||||
|
return LDNS_WIREPARSE_ERR_OK;
|
||||||
|
}
|
||||||
|
if(*s != ' ')
|
||||||
|
return RET_ERR(LDNS_WIREPARSE_ERR_SYNTAX_INT, s-(char*)str);
|
||||||
|
s++;
|
||||||
|
while(*s == ' ')
|
||||||
|
s++;
|
||||||
|
|
||||||
|
n = sldns_b64_pton(s, rd+2, (*len)-2);
|
||||||
if(n < 0)
|
if(n < 0)
|
||||||
return LDNS_WIREPARSE_ERR_SYNTAX_B64;
|
return LDNS_WIREPARSE_ERR_SYNTAX_B64;
|
||||||
sldns_write_uint16(rd, (uint16_t)n);
|
sldns_write_uint16(rd, (uint16_t)n);
|
||||||
*len = (size_t)n;
|
*len = ((size_t)n)+2;
|
||||||
return LDNS_WIREPARSE_ERR_OK;
|
return LDNS_WIREPARSE_ERR_OK;
|
||||||
}
|
}
|
||||||
|
@ -237,6 +237,8 @@ struct sldns_file_parse_state {
|
|||||||
* @param rr: this is malloced by the user and the result is stored here,
|
* @param rr: this is malloced by the user and the result is stored here,
|
||||||
* if an RR is read. If no RR is read this is signalled with the
|
* if an RR is read. If no RR is read this is signalled with the
|
||||||
* return len set to 0 (for ORIGIN, TTL directives).
|
* return len set to 0 (for ORIGIN, TTL directives).
|
||||||
|
* The read line is available in the rr_buf (zero terminated), for
|
||||||
|
* $DIRECTIVE style elements.
|
||||||
* @param len: on input, the length of the rr buffer. on output the rr len.
|
* @param len: on input, the length of the rr buffer. on output the rr len.
|
||||||
* Buffer size of 64k should be enough.
|
* Buffer size of 64k should be enough.
|
||||||
* @param dname_len: returns the length of the dname initial part of the rr.
|
* @param dname_len: returns the length of the dname initial part of the rr.
|
||||||
@ -417,6 +419,24 @@ int sldns_str2wire_time_buf(const char* str, uint8_t* rd, size_t* len);
|
|||||||
*/
|
*/
|
||||||
int sldns_str2wire_period_buf(const char* str, uint8_t* rd, size_t* len);
|
int sldns_str2wire_period_buf(const char* str, uint8_t* rd, size_t* len);
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Convert rdf of type LDNS_RDF_TYPE_TSIGTIME from string to wireformat.
|
||||||
|
* @param str: the text to convert for this rdata element.
|
||||||
|
* @param rd: rdata buffer for the wireformat.
|
||||||
|
* @param len: length of rd buffer on input, used length on output.
|
||||||
|
* @return 0 on success, error on failure.
|
||||||
|
*/
|
||||||
|
int sldns_str2wire_tsigtime_buf(const char* str, uint8_t* rd, size_t* len);
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Convert rdf of type LDNS_RDF_TYPE_TSIGERROR from string to wireformat.
|
||||||
|
* @param str: the text to convert for this rdata element.
|
||||||
|
* @param rd: rdata buffer for the wireformat.
|
||||||
|
* @param len: length of rd buffer on input, used length on output.
|
||||||
|
* @return 0 on success, error on failure.
|
||||||
|
*/
|
||||||
|
int sldns_str2wire_tsigerror_buf(const char* str, uint8_t* rd, size_t* len);
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Convert rdf of type LDNS_RDF_TYPE_LOC from string to wireformat.
|
* Convert rdf of type LDNS_RDF_TYPE_LOC from string to wireformat.
|
||||||
* @param str: the text to convert for this rdata element.
|
* @param str: the text to convert for this rdata element.
|
||||||
|
@ -173,6 +173,28 @@ static sldns_lookup_table sldns_edns_options_data[] = {
|
|||||||
};
|
};
|
||||||
sldns_lookup_table* sldns_edns_options = sldns_edns_options_data;
|
sldns_lookup_table* sldns_edns_options = sldns_edns_options_data;
|
||||||
|
|
||||||
|
static sldns_lookup_table sldns_tsig_errors_data[] = {
|
||||||
|
{ LDNS_TSIG_ERROR_NOERROR, "NOERROR" },
|
||||||
|
{ LDNS_RCODE_FORMERR, "FORMERR" },
|
||||||
|
{ LDNS_RCODE_SERVFAIL, "SERVFAIL" },
|
||||||
|
{ LDNS_RCODE_NXDOMAIN, "NXDOMAIN" },
|
||||||
|
{ LDNS_RCODE_NOTIMPL, "NOTIMPL" },
|
||||||
|
{ LDNS_RCODE_REFUSED, "REFUSED" },
|
||||||
|
{ LDNS_RCODE_YXDOMAIN, "YXDOMAIN" },
|
||||||
|
{ LDNS_RCODE_YXRRSET, "YXRRSET" },
|
||||||
|
{ LDNS_RCODE_NXRRSET, "NXRRSET" },
|
||||||
|
{ LDNS_RCODE_NOTAUTH, "NOTAUTH" },
|
||||||
|
{ LDNS_RCODE_NOTZONE, "NOTZONE" },
|
||||||
|
{ LDNS_TSIG_ERROR_BADSIG, "BADSIG" },
|
||||||
|
{ LDNS_TSIG_ERROR_BADKEY, "BADKEY" },
|
||||||
|
{ LDNS_TSIG_ERROR_BADTIME, "BADTIME" },
|
||||||
|
{ LDNS_TSIG_ERROR_BADMODE, "BADMODE" },
|
||||||
|
{ LDNS_TSIG_ERROR_BADNAME, "BADNAME" },
|
||||||
|
{ LDNS_TSIG_ERROR_BADALG, "BADALG" },
|
||||||
|
{ 0, NULL }
|
||||||
|
};
|
||||||
|
sldns_lookup_table* sldns_tsig_errors = sldns_tsig_errors_data;
|
||||||
|
|
||||||
char* sldns_wire2str_pkt(uint8_t* data, size_t len)
|
char* sldns_wire2str_pkt(uint8_t* data, size_t len)
|
||||||
{
|
{
|
||||||
size_t slen = (size_t)sldns_wire2str_pkt_buf(data, len, NULL, 0);
|
size_t slen = (size_t)sldns_wire2str_pkt_buf(data, len, NULL, 0);
|
||||||
@ -976,6 +998,8 @@ int sldns_wire2str_rdf_scan(uint8_t** d, size_t* dlen, char** s, size_t* slen,
|
|||||||
return sldns_wire2str_tag_scan(d, dlen, s, slen);
|
return sldns_wire2str_tag_scan(d, dlen, s, slen);
|
||||||
case LDNS_RDF_TYPE_LONG_STR:
|
case LDNS_RDF_TYPE_LONG_STR:
|
||||||
return sldns_wire2str_long_str_scan(d, dlen, s, slen);
|
return sldns_wire2str_long_str_scan(d, dlen, s, slen);
|
||||||
|
case LDNS_RDF_TYPE_TSIGERROR:
|
||||||
|
return sldns_wire2str_tsigerror_scan(d, dlen, s, slen);
|
||||||
}
|
}
|
||||||
/* unknown rdf type */
|
/* unknown rdf type */
|
||||||
return -1;
|
return -1;
|
||||||
@ -1574,6 +1598,7 @@ int sldns_wire2str_hip_scan(uint8_t** d, size_t* dl, char** s, size_t* sl)
|
|||||||
|
|
||||||
int sldns_wire2str_int16_data_scan(uint8_t** d, size_t* dl, char** s, size_t* sl)
|
int sldns_wire2str_int16_data_scan(uint8_t** d, size_t* dl, char** s, size_t* sl)
|
||||||
{
|
{
|
||||||
|
int w;
|
||||||
uint16_t n;
|
uint16_t n;
|
||||||
if(*dl < 2)
|
if(*dl < 2)
|
||||||
return -1;
|
return -1;
|
||||||
@ -1582,7 +1607,12 @@ int sldns_wire2str_int16_data_scan(uint8_t** d, size_t* dl, char** s, size_t* sl
|
|||||||
return -1;
|
return -1;
|
||||||
(*d)+=2;
|
(*d)+=2;
|
||||||
(*dl)-=2;
|
(*dl)-=2;
|
||||||
return sldns_wire2str_b64_scan_num(d, dl, s, sl, n);
|
if(n == 0) {
|
||||||
|
return sldns_str_print(s, sl, "0");
|
||||||
|
}
|
||||||
|
w = sldns_str_print(s, sl, "%u ", (unsigned)n);
|
||||||
|
w += sldns_wire2str_b64_scan_num(d, dl, s, sl, n);
|
||||||
|
return w;
|
||||||
}
|
}
|
||||||
|
|
||||||
int sldns_wire2str_nsec3_next_owner_scan(uint8_t** d, size_t* dl, char** s,
|
int sldns_wire2str_nsec3_next_owner_scan(uint8_t** d, size_t* dl, char** s,
|
||||||
@ -1639,10 +1669,10 @@ int sldns_wire2str_tag_scan(uint8_t** d, size_t* dl, char** s, size_t* sl)
|
|||||||
if(*dl < 1+n)
|
if(*dl < 1+n)
|
||||||
return -1;
|
return -1;
|
||||||
for(i=0; i<n; i++)
|
for(i=0; i<n; i++)
|
||||||
if(!isalnum((unsigned char)(*d)[i]))
|
if(!isalnum((unsigned char)(*d)[i+1]))
|
||||||
return -1;
|
return -1;
|
||||||
for(i=0; i<n; i++)
|
for(i=0; i<n; i++)
|
||||||
w += sldns_str_print(s, sl, "%c", (char)(*d)[i]);
|
w += sldns_str_print(s, sl, "%c", (char)(*d)[i+1]);
|
||||||
(*d)+=n+1;
|
(*d)+=n+1;
|
||||||
(*dl)-=(n+1);
|
(*dl)-=(n+1);
|
||||||
return w;
|
return w;
|
||||||
@ -1661,6 +1691,21 @@ int sldns_wire2str_long_str_scan(uint8_t** d, size_t* dl, char** s, size_t* sl)
|
|||||||
return w;
|
return w;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
int sldns_wire2str_tsigerror_scan(uint8_t** d, size_t* dl, char** s, size_t* sl)
|
||||||
|
{
|
||||||
|
sldns_lookup_table *lt;
|
||||||
|
int data, w;
|
||||||
|
if(*dl < 2) return -1;
|
||||||
|
data = (int)sldns_read_uint16(*d);
|
||||||
|
lt = sldns_lookup_by_id(sldns_tsig_errors, data);
|
||||||
|
if(lt && lt->name)
|
||||||
|
w = sldns_str_print(s, sl, "%s", lt->name);
|
||||||
|
else w = sldns_str_print(s, sl, "%d", data);
|
||||||
|
(*dl)-=2;
|
||||||
|
(*d)+=2;
|
||||||
|
return w;
|
||||||
|
}
|
||||||
|
|
||||||
int sldns_wire2str_edns_llq_print(char** s, size_t* sl, uint8_t* data,
|
int sldns_wire2str_edns_llq_print(char** s, size_t* sl, uint8_t* data,
|
||||||
size_t len)
|
size_t len)
|
||||||
{
|
{
|
||||||
|
@ -38,6 +38,8 @@ extern struct sldns_struct_lookup_table* sldns_edns_flags;
|
|||||||
extern struct sldns_struct_lookup_table* sldns_edns_options;
|
extern struct sldns_struct_lookup_table* sldns_edns_options;
|
||||||
/** error string from wireparse */
|
/** error string from wireparse */
|
||||||
extern struct sldns_struct_lookup_table* sldns_wireparse_errors;
|
extern struct sldns_struct_lookup_table* sldns_wireparse_errors;
|
||||||
|
/** tsig errors are the rcodes with extra (higher) values */
|
||||||
|
extern struct sldns_struct_lookup_table* sldns_tsig_errors;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Convert wireformat packet to a string representation
|
* Convert wireformat packet to a string representation
|
||||||
@ -807,6 +809,19 @@ int sldns_wire2str_hip_scan(uint8_t** data, size_t* data_len, char** str,
|
|||||||
int sldns_wire2str_int16_data_scan(uint8_t** data, size_t* data_len, char** str,
|
int sldns_wire2str_int16_data_scan(uint8_t** data, size_t* data_len, char** str,
|
||||||
size_t* str_len);
|
size_t* str_len);
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Scan wireformat tsigerror field to string, with user buffers.
|
||||||
|
* It shifts the arguments to move along (see sldns_wire2str_pkt_scan).
|
||||||
|
* @param data: wireformat data.
|
||||||
|
* @param data_len: length of data buffer.
|
||||||
|
* @param str: string buffer.
|
||||||
|
* @param str_len: length of string buffer.
|
||||||
|
* @return number of characters (except null) needed to print.
|
||||||
|
* Can return -1 on failure.
|
||||||
|
*/
|
||||||
|
int sldns_wire2str_tsigerror_scan(uint8_t** data, size_t* data_len, char** str,
|
||||||
|
size_t* str_len);
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Scan wireformat nsec3_next_owner field to string, with user buffers.
|
* Scan wireformat nsec3_next_owner field to string, with user buffers.
|
||||||
* It shifts the arguments to move along (see sldns_wire2str_pkt_scan).
|
* It shifts the arguments to move along (see sldns_wire2str_pkt_scan).
|
||||||
|
@ -241,6 +241,8 @@ static const char*
|
|||||||
get_builtin_ds(void)
|
get_builtin_ds(void)
|
||||||
{
|
{
|
||||||
return
|
return
|
||||||
|
/* The anchors must start on a new line with ". IN DS and end with \n"[;]
|
||||||
|
* because the makedist script greps on the source here */
|
||||||
/* anchor 19036 is from 2010 */
|
/* anchor 19036 is from 2010 */
|
||||||
/* anchor 20326 is from 2017 */
|
/* anchor 20326 is from 2017 */
|
||||||
". IN DS 19036 8 2 49AAC11D7B6F6446702E54A1607371607A1A41855200FD2CE1CDDE32F24E8FB5\n"
|
". IN DS 19036 8 2 49AAC11D7B6F6446702E54A1607371607A1A41855200FD2CE1CDDE32F24E8FB5\n"
|
||||||
|
@ -4,22 +4,22 @@
|
|||||||
* Copyright (c) 2007, NLnet Labs. All rights reserved.
|
* Copyright (c) 2007, NLnet Labs. All rights reserved.
|
||||||
*
|
*
|
||||||
* This software is open source.
|
* This software is open source.
|
||||||
*
|
*
|
||||||
* Redistribution and use in source and binary forms, with or without
|
* Redistribution and use in source and binary forms, with or without
|
||||||
* modification, are permitted provided that the following conditions
|
* modification, are permitted provided that the following conditions
|
||||||
* are met:
|
* are met:
|
||||||
*
|
*
|
||||||
* Redistributions of source code must retain the above copyright notice,
|
* Redistributions of source code must retain the above copyright notice,
|
||||||
* this list of conditions and the following disclaimer.
|
* this list of conditions and the following disclaimer.
|
||||||
*
|
*
|
||||||
* Redistributions in binary form must reproduce the above copyright notice,
|
* Redistributions in binary form must reproduce the above copyright notice,
|
||||||
* this list of conditions and the following disclaimer in the documentation
|
* this list of conditions and the following disclaimer in the documentation
|
||||||
* and/or other materials provided with the distribution.
|
* and/or other materials provided with the distribution.
|
||||||
*
|
*
|
||||||
* Neither the name of the NLNET LABS nor the names of its contributors may
|
* Neither the name of the NLNET LABS nor the names of its contributors may
|
||||||
* be used to endorse or promote products derived from this software without
|
* be used to endorse or promote products derived from this software without
|
||||||
* specific prior written permission.
|
* specific prior written permission.
|
||||||
*
|
*
|
||||||
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
|
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
|
||||||
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
|
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
|
||||||
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
|
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
|
||||||
@ -88,10 +88,10 @@ usage(void)
|
|||||||
exit(1);
|
exit(1);
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Print given option to stdout
|
* Print given option to stdout
|
||||||
* @param cfg: config
|
* @param cfg: config
|
||||||
* @param opt: option name without trailing :.
|
* @param opt: option name without trailing :.
|
||||||
* This is different from config_set_option.
|
* This is different from config_set_option.
|
||||||
* @param final: if final pathname with chroot applied has to be printed.
|
* @param final: if final pathname with chroot applied has to be printed.
|
||||||
*/
|
*/
|
||||||
@ -156,9 +156,9 @@ view_and_respipchecks(struct config_file* cfg)
|
|||||||
fatal_exit("Could not create respip set: out of memory");
|
fatal_exit("Could not create respip set: out of memory");
|
||||||
if(!views_apply_cfg(views, cfg))
|
if(!views_apply_cfg(views, cfg))
|
||||||
fatal_exit("Could not set up views");
|
fatal_exit("Could not set up views");
|
||||||
if(!respip_global_apply_cfg(respip, cfg))
|
if(!respip_global_apply_cfg(respip, cfg))
|
||||||
fatal_exit("Could not setup respip set");
|
fatal_exit("Could not setup respip set");
|
||||||
if(!respip_views_apply_cfg(views, cfg, &ignored))
|
if(!respip_views_apply_cfg(views, cfg, &ignored))
|
||||||
fatal_exit("Could not setup per-view respip sets");
|
fatal_exit("Could not setup per-view respip sets");
|
||||||
views_delete(views);
|
views_delete(views);
|
||||||
respip_set_delete(respip);
|
respip_set_delete(respip);
|
||||||
@ -178,7 +178,7 @@ warn_hosts(const char* typ, struct config_stub* list)
|
|||||||
fprintf(stderr, "unbound-checkconf: warning:"
|
fprintf(stderr, "unbound-checkconf: warning:"
|
||||||
" %s %s: \"%s\" is an IP%s address, "
|
" %s %s: \"%s\" is an IP%s address, "
|
||||||
"and when looked up as a host name "
|
"and when looked up as a host name "
|
||||||
"during use may not resolve.\n",
|
"during use may not resolve.\n",
|
||||||
s->name, typ, h->str,
|
s->name, typ, h->str,
|
||||||
addr_is_ip6(&a, alen)?"6":"4");
|
addr_is_ip6(&a, alen)?"6":"4");
|
||||||
}
|
}
|
||||||
@ -230,7 +230,7 @@ aclchecks(struct config_file* cfg)
|
|||||||
socklen_t alen;
|
socklen_t alen;
|
||||||
struct config_str2list* acl;
|
struct config_str2list* acl;
|
||||||
for(acl=cfg->acls; acl; acl = acl->next) {
|
for(acl=cfg->acls; acl; acl = acl->next) {
|
||||||
if(!netblockstrtoaddr(acl->str, UNBOUND_DNS_PORT, &a, &alen,
|
if(!netblockstrtoaddr(acl->str, UNBOUND_DNS_PORT, &a, &alen,
|
||||||
&d)) {
|
&d)) {
|
||||||
fatal_exit("cannot parse access control address %s %s",
|
fatal_exit("cannot parse access control address %s %s",
|
||||||
acl->str, acl->str2);
|
acl->str, acl->str2);
|
||||||
@ -240,7 +240,7 @@ aclchecks(struct config_file* cfg)
|
|||||||
|
|
||||||
/** true if fname is a file */
|
/** true if fname is a file */
|
||||||
static int
|
static int
|
||||||
is_file(const char* fname)
|
is_file(const char* fname)
|
||||||
{
|
{
|
||||||
struct stat buf;
|
struct stat buf;
|
||||||
if(stat(fname, &buf) < 0) {
|
if(stat(fname, &buf) < 0) {
|
||||||
@ -260,7 +260,7 @@ is_file(const char* fname)
|
|||||||
|
|
||||||
/** true if fname is a directory */
|
/** true if fname is a directory */
|
||||||
static int
|
static int
|
||||||
is_dir(const char* fname)
|
is_dir(const char* fname)
|
||||||
{
|
{
|
||||||
struct stat buf;
|
struct stat buf;
|
||||||
if(stat(fname, &buf) < 0) {
|
if(stat(fname, &buf) < 0) {
|
||||||
@ -305,7 +305,7 @@ check_chroot_string(const char* desc, char** ss,
|
|||||||
fatal_exit("%s: \"%s\" does not exist in "
|
fatal_exit("%s: \"%s\" does not exist in "
|
||||||
"chrootdir %s", desc, str, chrootdir);
|
"chrootdir %s", desc, str, chrootdir);
|
||||||
else
|
else
|
||||||
fatal_exit("%s: \"%s\" does not exist",
|
fatal_exit("%s: \"%s\" does not exist",
|
||||||
desc, str);
|
desc, str);
|
||||||
}
|
}
|
||||||
/* put in a new full path for continued checking */
|
/* put in a new full path for continued checking */
|
||||||
@ -332,8 +332,8 @@ check_chroot_filelist_wild(const char* desc, struct config_strlist* list,
|
|||||||
struct config_strlist* p;
|
struct config_strlist* p;
|
||||||
for(p=list; p; p=p->next) {
|
for(p=list; p; p=p->next) {
|
||||||
#ifdef HAVE_GLOB
|
#ifdef HAVE_GLOB
|
||||||
if(strchr(p->str, '*') || strchr(p->str, '[') ||
|
if(strchr(p->str, '*') || strchr(p->str, '[') ||
|
||||||
strchr(p->str, '?') || strchr(p->str, '{') ||
|
strchr(p->str, '?') || strchr(p->str, '{') ||
|
||||||
strchr(p->str, '~')) {
|
strchr(p->str, '~')) {
|
||||||
char* s = p->str;
|
char* s = p->str;
|
||||||
/* adjust whole pattern for chroot and check later */
|
/* adjust whole pattern for chroot and check later */
|
||||||
@ -370,11 +370,11 @@ morechecks(struct config_file* cfg, const char* fname)
|
|||||||
#ifdef UB_ON_WINDOWS
|
#ifdef UB_ON_WINDOWS
|
||||||
w_config_adjust_directory(cfg);
|
w_config_adjust_directory(cfg);
|
||||||
#endif
|
#endif
|
||||||
if(cfg->chrootdir && cfg->chrootdir[0] &&
|
if(cfg->chrootdir && cfg->chrootdir[0] &&
|
||||||
cfg->chrootdir[strlen(cfg->chrootdir)-1] == '/')
|
cfg->chrootdir[strlen(cfg->chrootdir)-1] == '/')
|
||||||
fatal_exit("chootdir %s has trailing slash '/' please remove.",
|
fatal_exit("chootdir %s has trailing slash '/' please remove.",
|
||||||
cfg->chrootdir);
|
cfg->chrootdir);
|
||||||
if(cfg->chrootdir && cfg->chrootdir[0] &&
|
if(cfg->chrootdir && cfg->chrootdir[0] &&
|
||||||
!is_dir(cfg->chrootdir)) {
|
!is_dir(cfg->chrootdir)) {
|
||||||
fatal_exit("bad chroot directory");
|
fatal_exit("bad chroot directory");
|
||||||
}
|
}
|
||||||
@ -416,16 +416,20 @@ morechecks(struct config_file* cfg, const char* fname)
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
check_chroot_filelist("file with root-hints",
|
check_chroot_filelist("file with root-hints",
|
||||||
cfg->root_hints, cfg->chrootdir, cfg);
|
cfg->root_hints, cfg->chrootdir, cfg);
|
||||||
check_chroot_filelist("trust-anchor-file",
|
check_chroot_filelist("trust-anchor-file",
|
||||||
cfg->trust_anchor_file_list, cfg->chrootdir, cfg);
|
cfg->trust_anchor_file_list, cfg->chrootdir, cfg);
|
||||||
check_chroot_filelist("auto-trust-anchor-file",
|
check_chroot_filelist("auto-trust-anchor-file",
|
||||||
cfg->auto_trust_anchor_file_list, cfg->chrootdir, cfg);
|
cfg->auto_trust_anchor_file_list, cfg->chrootdir, cfg);
|
||||||
check_chroot_filelist_wild("trusted-keys-file",
|
check_chroot_filelist_wild("trusted-keys-file",
|
||||||
cfg->trusted_keys_file_list, cfg->chrootdir, cfg);
|
cfg->trusted_keys_file_list, cfg->chrootdir, cfg);
|
||||||
check_chroot_string("dlv-anchor-file", &cfg->dlv_anchor_file,
|
check_chroot_string("dlv-anchor-file", &cfg->dlv_anchor_file,
|
||||||
cfg->chrootdir, cfg);
|
cfg->chrootdir, cfg);
|
||||||
|
#ifdef USE_IPSECMOD
|
||||||
|
check_chroot_string("ipsecmod-hook", &cfg->ipsecmod_hook, cfg->chrootdir,
|
||||||
|
cfg);
|
||||||
|
#endif
|
||||||
/* remove chroot setting so that modules are not stripping pathnames*/
|
/* remove chroot setting so that modules are not stripping pathnames*/
|
||||||
free(cfg->chrootdir);
|
free(cfg->chrootdir);
|
||||||
cfg->chrootdir = NULL;
|
cfg->chrootdir = NULL;
|
||||||
@ -434,21 +438,21 @@ morechecks(struct config_file* cfg, const char* fname)
|
|||||||
* dns64, but it's not explicitly confirmed, so the combination is
|
* dns64, but it's not explicitly confirmed, so the combination is
|
||||||
* excluded below. It's simply unknown yet for the combination of
|
* excluded below. It's simply unknown yet for the combination of
|
||||||
* respip and other modules. */
|
* respip and other modules. */
|
||||||
if(strcmp(cfg->module_conf, "iterator") != 0
|
if(strcmp(cfg->module_conf, "iterator") != 0
|
||||||
&& strcmp(cfg->module_conf, "validator iterator") != 0
|
&& strcmp(cfg->module_conf, "validator iterator") != 0
|
||||||
&& strcmp(cfg->module_conf, "dns64 validator iterator") != 0
|
&& strcmp(cfg->module_conf, "dns64 validator iterator") != 0
|
||||||
&& strcmp(cfg->module_conf, "dns64 iterator") != 0
|
&& strcmp(cfg->module_conf, "dns64 iterator") != 0
|
||||||
&& strcmp(cfg->module_conf, "respip iterator") != 0
|
&& strcmp(cfg->module_conf, "respip iterator") != 0
|
||||||
&& strcmp(cfg->module_conf, "respip validator iterator") != 0
|
&& strcmp(cfg->module_conf, "respip validator iterator") != 0
|
||||||
#ifdef WITH_PYTHONMODULE
|
#ifdef WITH_PYTHONMODULE
|
||||||
&& strcmp(cfg->module_conf, "python iterator") != 0
|
&& strcmp(cfg->module_conf, "python iterator") != 0
|
||||||
&& strcmp(cfg->module_conf, "python validator iterator") != 0
|
&& strcmp(cfg->module_conf, "python validator iterator") != 0
|
||||||
&& strcmp(cfg->module_conf, "validator python iterator") != 0
|
&& strcmp(cfg->module_conf, "validator python iterator") != 0
|
||||||
&& strcmp(cfg->module_conf, "dns64 python iterator") != 0
|
&& strcmp(cfg->module_conf, "dns64 python iterator") != 0
|
||||||
&& strcmp(cfg->module_conf, "dns64 python validator iterator") != 0
|
&& strcmp(cfg->module_conf, "dns64 python validator iterator") != 0
|
||||||
&& strcmp(cfg->module_conf, "dns64 validator python iterator") != 0
|
&& strcmp(cfg->module_conf, "dns64 validator python iterator") != 0
|
||||||
&& strcmp(cfg->module_conf, "python dns64 iterator") != 0
|
&& strcmp(cfg->module_conf, "python dns64 iterator") != 0
|
||||||
&& strcmp(cfg->module_conf, "python dns64 validator iterator") != 0
|
&& strcmp(cfg->module_conf, "python dns64 validator iterator") != 0
|
||||||
#endif
|
#endif
|
||||||
#ifdef USE_CACHEDB
|
#ifdef USE_CACHEDB
|
||||||
&& strcmp(cfg->module_conf, "validator cachedb iterator") != 0
|
&& strcmp(cfg->module_conf, "validator cachedb iterator") != 0
|
||||||
@ -468,16 +472,28 @@ morechecks(struct config_file* cfg, const char* fname)
|
|||||||
&& strcmp(cfg->module_conf, "validator python cachedb iterator") != 0
|
&& strcmp(cfg->module_conf, "validator python cachedb iterator") != 0
|
||||||
#endif
|
#endif
|
||||||
#ifdef CLIENT_SUBNET
|
#ifdef CLIENT_SUBNET
|
||||||
&& strcmp(cfg->module_conf, "subnetcache iterator") != 0
|
&& strcmp(cfg->module_conf, "subnetcache iterator") != 0
|
||||||
&& strcmp(cfg->module_conf, "subnetcache validator iterator") != 0
|
&& strcmp(cfg->module_conf, "subnetcache validator iterator") != 0
|
||||||
#endif
|
#endif
|
||||||
#if defined(WITH_PYTHONMODULE) && defined(CLIENT_SUBNET)
|
#if defined(WITH_PYTHONMODULE) && defined(CLIENT_SUBNET)
|
||||||
&& strcmp(cfg->module_conf, "python subnetcache iterator") != 0
|
&& strcmp(cfg->module_conf, "python subnetcache iterator") != 0
|
||||||
&& strcmp(cfg->module_conf, "subnetcache python iterator") != 0
|
&& strcmp(cfg->module_conf, "subnetcache python iterator") != 0
|
||||||
&& strcmp(cfg->module_conf, "subnetcache validator iterator") != 0
|
&& strcmp(cfg->module_conf, "subnetcache validator iterator") != 0
|
||||||
&& strcmp(cfg->module_conf, "python subnetcache validator iterator") != 0
|
&& strcmp(cfg->module_conf, "python subnetcache validator iterator") != 0
|
||||||
&& strcmp(cfg->module_conf, "subnetcache python validator iterator") != 0
|
&& strcmp(cfg->module_conf, "subnetcache python validator iterator") != 0
|
||||||
&& strcmp(cfg->module_conf, "subnetcache validator python iterator") != 0
|
&& strcmp(cfg->module_conf, "subnetcache validator python iterator") != 0
|
||||||
|
#endif
|
||||||
|
#ifdef USE_IPSECMOD
|
||||||
|
&& strcmp(cfg->module_conf, "ipsecmod iterator") != 0
|
||||||
|
&& strcmp(cfg->module_conf, "ipsecmod validator iterator") != 0
|
||||||
|
#endif
|
||||||
|
#if defined(WITH_PYTHONMODULE) && defined(USE_IPSECMOD)
|
||||||
|
&& strcmp(cfg->module_conf, "python ipsecmod iterator") != 0
|
||||||
|
&& strcmp(cfg->module_conf, "ipsecmod python iterator") != 0
|
||||||
|
&& strcmp(cfg->module_conf, "ipsecmod validator iterator") != 0
|
||||||
|
&& strcmp(cfg->module_conf, "python ipsecmod validator iterator") != 0
|
||||||
|
&& strcmp(cfg->module_conf, "ipsecmod python validator iterator") != 0
|
||||||
|
&& strcmp(cfg->module_conf, "ipsecmod validator python iterator") != 0
|
||||||
#endif
|
#endif
|
||||||
) {
|
) {
|
||||||
fatal_exit("module conf '%s' is not known to work",
|
fatal_exit("module conf '%s' is not known to work",
|
||||||
|
@ -161,7 +161,7 @@ usage(void)
|
|||||||
static const int inhibit_zero = 1;
|
static const int inhibit_zero = 1;
|
||||||
/** divide sum of timers to get average */
|
/** divide sum of timers to get average */
|
||||||
static void
|
static void
|
||||||
timeval_divide(struct timeval* avg, const struct timeval* sum, size_t d)
|
timeval_divide(struct timeval* avg, const struct timeval* sum, long long d)
|
||||||
{
|
{
|
||||||
#ifndef S_SPLINT_S
|
#ifndef S_SPLINT_S
|
||||||
size_t leftover;
|
size_t leftover;
|
||||||
@ -184,12 +184,14 @@ timeval_divide(struct timeval* avg, const struct timeval* sum, size_t d)
|
|||||||
#define PR_UL_SUB(str, nm, var) printf(str".%s"SQ"%lu\n", nm, (unsigned long)(var));
|
#define PR_UL_SUB(str, nm, var) printf(str".%s"SQ"%lu\n", nm, (unsigned long)(var));
|
||||||
#define PR_TIMEVAL(str, var) printf(str SQ ARG_LL "d.%6.6d\n", \
|
#define PR_TIMEVAL(str, var) printf(str SQ ARG_LL "d.%6.6d\n", \
|
||||||
(long long)var.tv_sec, (int)var.tv_usec);
|
(long long)var.tv_sec, (int)var.tv_usec);
|
||||||
|
#define PR_STATSTIME(str, var) printf(str SQ ARG_LL "d.%6.6d\n", \
|
||||||
|
(long long)var ## _sec, (int)var ## _usec);
|
||||||
#define PR_LL(str, var) printf(str SQ ARG_LL"d\n", (long long)(var));
|
#define PR_LL(str, var) printf(str SQ ARG_LL"d\n", (long long)(var));
|
||||||
|
|
||||||
/** print stat block */
|
/** print stat block */
|
||||||
static void pr_stats(const char* nm, struct stats_info* s)
|
static void pr_stats(const char* nm, struct ub_stats_info* s)
|
||||||
{
|
{
|
||||||
struct timeval avg;
|
struct timeval sumwait, avg;
|
||||||
PR_UL_NM("num.queries", s->svr.num_queries);
|
PR_UL_NM("num.queries", s->svr.num_queries);
|
||||||
PR_UL_NM("num.queries_ip_ratelimited",
|
PR_UL_NM("num.queries_ip_ratelimited",
|
||||||
s->svr.num_queries_ip_ratelimited);
|
s->svr.num_queries_ip_ratelimited);
|
||||||
@ -209,14 +211,18 @@ static void pr_stats(const char* nm, struct stats_info* s)
|
|||||||
printf("%s.requestlist.avg"SQ"%g\n", nm,
|
printf("%s.requestlist.avg"SQ"%g\n", nm,
|
||||||
(s->svr.num_queries_missed_cache+s->svr.num_queries_prefetch)?
|
(s->svr.num_queries_missed_cache+s->svr.num_queries_prefetch)?
|
||||||
(double)s->svr.sum_query_list_size/
|
(double)s->svr.sum_query_list_size/
|
||||||
(s->svr.num_queries_missed_cache+
|
(double)(s->svr.num_queries_missed_cache+
|
||||||
s->svr.num_queries_prefetch) : 0.0);
|
s->svr.num_queries_prefetch) : 0.0);
|
||||||
PR_UL_NM("requestlist.max", s->svr.max_query_list_size);
|
PR_UL_NM("requestlist.max", s->svr.max_query_list_size);
|
||||||
PR_UL_NM("requestlist.overwritten", s->mesh_jostled);
|
PR_UL_NM("requestlist.overwritten", s->mesh_jostled);
|
||||||
PR_UL_NM("requestlist.exceeded", s->mesh_dropped);
|
PR_UL_NM("requestlist.exceeded", s->mesh_dropped);
|
||||||
PR_UL_NM("requestlist.current.all", s->mesh_num_states);
|
PR_UL_NM("requestlist.current.all", s->mesh_num_states);
|
||||||
PR_UL_NM("requestlist.current.user", s->mesh_num_reply_states);
|
PR_UL_NM("requestlist.current.user", s->mesh_num_reply_states);
|
||||||
timeval_divide(&avg, &s->mesh_replies_sum_wait, s->mesh_replies_sent);
|
#ifndef S_SPLINT_S
|
||||||
|
sumwait.tv_sec = s->mesh_replies_sum_wait_sec;
|
||||||
|
sumwait.tv_usec = s->mesh_replies_sum_wait_usec;
|
||||||
|
#endif
|
||||||
|
timeval_divide(&avg, &sumwait, s->mesh_replies_sent);
|
||||||
printf("%s.", nm);
|
printf("%s.", nm);
|
||||||
PR_TIMEVAL("recursion.time.avg", avg);
|
PR_TIMEVAL("recursion.time.avg", avg);
|
||||||
printf("%s.recursion.time.median"SQ"%g\n", nm, s->mesh_time_median);
|
printf("%s.recursion.time.median"SQ"%g\n", nm, s->mesh_time_median);
|
||||||
@ -224,27 +230,31 @@ static void pr_stats(const char* nm, struct stats_info* s)
|
|||||||
}
|
}
|
||||||
|
|
||||||
/** print uptime */
|
/** print uptime */
|
||||||
static void print_uptime(struct shm_stat_info* shm_stat)
|
static void print_uptime(struct ub_shm_stat_info* shm_stat)
|
||||||
{
|
{
|
||||||
PR_TIMEVAL("time.now", shm_stat->time.now);
|
PR_STATSTIME("time.now", shm_stat->time.now);
|
||||||
PR_TIMEVAL("time.up", shm_stat->time.up);
|
PR_STATSTIME("time.up", shm_stat->time.up);
|
||||||
PR_TIMEVAL("time.elapsed", shm_stat->time.elapsed);
|
PR_STATSTIME("time.elapsed", shm_stat->time.elapsed);
|
||||||
}
|
}
|
||||||
|
|
||||||
/** print memory usage */
|
/** print memory usage */
|
||||||
static void print_mem(struct shm_stat_info* shm_stat)
|
static void print_mem(struct ub_shm_stat_info* shm_stat)
|
||||||
{
|
{
|
||||||
PR_LL("mem.cache.rrset", shm_stat->mem.rrset);
|
PR_LL("mem.cache.rrset", shm_stat->mem.rrset);
|
||||||
PR_LL("mem.cache.message", shm_stat->mem.msg);
|
PR_LL("mem.cache.message", shm_stat->mem.msg);
|
||||||
PR_LL("mem.cache.iterator", shm_stat->mem.iter);
|
PR_LL("mem.mod.iterator", shm_stat->mem.iter);
|
||||||
PR_LL("mem.cache.validator", shm_stat->mem.val);
|
PR_LL("mem.mod.validator", shm_stat->mem.val);
|
||||||
|
PR_LL("mem.mod.respip", shm_stat->mem.respip);
|
||||||
#ifdef CLIENT_SUBNET
|
#ifdef CLIENT_SUBNET
|
||||||
PR_LL("mem.cache.subnet", shm_stat->mem.subnet);
|
PR_LL("mem.mod.subnet", shm_stat->mem.subnet);
|
||||||
|
#endif
|
||||||
|
#ifdef USE_IPSECMOD
|
||||||
|
PR_LL("mem.mod.ipsecmod", shm_stat->mem.ipsecmod);
|
||||||
#endif
|
#endif
|
||||||
}
|
}
|
||||||
|
|
||||||
/** print histogram */
|
/** print histogram */
|
||||||
static void print_hist(struct stats_info* s)
|
static void print_hist(struct ub_stats_info* s)
|
||||||
{
|
{
|
||||||
struct timehist* hist;
|
struct timehist* hist;
|
||||||
size_t i;
|
size_t i;
|
||||||
@ -264,13 +274,13 @@ static void print_hist(struct stats_info* s)
|
|||||||
}
|
}
|
||||||
|
|
||||||
/** print extended */
|
/** print extended */
|
||||||
static void print_extended(struct stats_info* s)
|
static void print_extended(struct ub_stats_info* s)
|
||||||
{
|
{
|
||||||
int i;
|
int i;
|
||||||
char nm[16];
|
char nm[16];
|
||||||
|
|
||||||
/* TYPE */
|
/* TYPE */
|
||||||
for(i=0; i<STATS_QTYPE_NUM; i++) {
|
for(i=0; i<UB_STATS_QTYPE_NUM; i++) {
|
||||||
if(inhibit_zero && s->svr.qtype[i] == 0)
|
if(inhibit_zero && s->svr.qtype[i] == 0)
|
||||||
continue;
|
continue;
|
||||||
sldns_wire2str_type_buf((uint16_t)i, nm, sizeof(nm));
|
sldns_wire2str_type_buf((uint16_t)i, nm, sizeof(nm));
|
||||||
@ -281,7 +291,7 @@ static void print_extended(struct stats_info* s)
|
|||||||
}
|
}
|
||||||
|
|
||||||
/* CLASS */
|
/* CLASS */
|
||||||
for(i=0; i<STATS_QCLASS_NUM; i++) {
|
for(i=0; i<UB_STATS_QCLASS_NUM; i++) {
|
||||||
if(inhibit_zero && s->svr.qclass[i] == 0)
|
if(inhibit_zero && s->svr.qclass[i] == 0)
|
||||||
continue;
|
continue;
|
||||||
sldns_wire2str_class_buf((uint16_t)i, nm, sizeof(nm));
|
sldns_wire2str_class_buf((uint16_t)i, nm, sizeof(nm));
|
||||||
@ -292,7 +302,7 @@ static void print_extended(struct stats_info* s)
|
|||||||
}
|
}
|
||||||
|
|
||||||
/* OPCODE */
|
/* OPCODE */
|
||||||
for(i=0; i<STATS_OPCODE_NUM; i++) {
|
for(i=0; i<UB_STATS_OPCODE_NUM; i++) {
|
||||||
if(inhibit_zero && s->svr.qopcode[i] == 0)
|
if(inhibit_zero && s->svr.qopcode[i] == 0)
|
||||||
continue;
|
continue;
|
||||||
sldns_wire2str_opcode_buf(i, nm, sizeof(nm));
|
sldns_wire2str_opcode_buf(i, nm, sizeof(nm));
|
||||||
@ -317,7 +327,7 @@ static void print_extended(struct stats_info* s)
|
|||||||
PR_UL("num.query.edns.DO", s->svr.qEDNS_DO);
|
PR_UL("num.query.edns.DO", s->svr.qEDNS_DO);
|
||||||
|
|
||||||
/* RCODE */
|
/* RCODE */
|
||||||
for(i=0; i<STATS_RCODE_NUM; i++) {
|
for(i=0; i<UB_STATS_RCODE_NUM; i++) {
|
||||||
/* Always include RCODEs 0-5 */
|
/* Always include RCODEs 0-5 */
|
||||||
if(inhibit_zero && i > LDNS_RCODE_REFUSED && s->svr.ans_rcode[i] == 0)
|
if(inhibit_zero && i > LDNS_RCODE_REFUSED && s->svr.ans_rcode[i] == 0)
|
||||||
continue;
|
continue;
|
||||||
@ -342,8 +352,8 @@ static void print_extended(struct stats_info* s)
|
|||||||
}
|
}
|
||||||
|
|
||||||
/** print statistics out of memory structures */
|
/** print statistics out of memory structures */
|
||||||
static void do_stats_shm(struct config_file* cfg, struct stats_info* stats,
|
static void do_stats_shm(struct config_file* cfg, struct ub_stats_info* stats,
|
||||||
struct shm_stat_info* shm_stat)
|
struct ub_shm_stat_info* shm_stat)
|
||||||
{
|
{
|
||||||
int i;
|
int i;
|
||||||
char nm[16];
|
char nm[16];
|
||||||
@ -366,8 +376,8 @@ static void print_stats_shm(const char* cfgfile)
|
|||||||
{
|
{
|
||||||
#ifdef HAVE_SHMGET
|
#ifdef HAVE_SHMGET
|
||||||
struct config_file* cfg;
|
struct config_file* cfg;
|
||||||
struct stats_info* stats;
|
struct ub_stats_info* stats;
|
||||||
struct shm_stat_info* shm_stat;
|
struct ub_shm_stat_info* shm_stat;
|
||||||
int id_ctl, id_arr;
|
int id_ctl, id_arr;
|
||||||
/* read config */
|
/* read config */
|
||||||
if(!(cfg = config_create()))
|
if(!(cfg = config_create()))
|
||||||
@ -383,11 +393,11 @@ static void print_stats_shm(const char* cfgfile)
|
|||||||
if(id_arr == -1) {
|
if(id_arr == -1) {
|
||||||
fatal_exit("shmget(%d): %s", cfg->shm_key+1, strerror(errno));
|
fatal_exit("shmget(%d): %s", cfg->shm_key+1, strerror(errno));
|
||||||
}
|
}
|
||||||
shm_stat = (struct shm_stat_info*)shmat(id_ctl, NULL, 0);
|
shm_stat = (struct ub_shm_stat_info*)shmat(id_ctl, NULL, 0);
|
||||||
if(shm_stat == (void*)-1) {
|
if(shm_stat == (void*)-1) {
|
||||||
fatal_exit("shmat(%d): %s", id_ctl, strerror(errno));
|
fatal_exit("shmat(%d): %s", id_ctl, strerror(errno));
|
||||||
}
|
}
|
||||||
stats = (struct stats_info*)shmat(id_arr, NULL, 0);
|
stats = (struct ub_stats_info*)shmat(id_arr, NULL, 0);
|
||||||
if(stats == (void*)-1) {
|
if(stats == (void*)-1) {
|
||||||
fatal_exit("shmat(%d): %s", id_arr, strerror(errno));
|
fatal_exit("shmat(%d): %s", id_arr, strerror(errno));
|
||||||
}
|
}
|
||||||
|
@ -9,7 +9,7 @@ NEED_CURL='06-ianaports.tpkg root_anchor.tpkg'
|
|||||||
NEED_WHOAMI='07-confroot.tpkg'
|
NEED_WHOAMI='07-confroot.tpkg'
|
||||||
NEED_IPV6='fwd_ancil.tpkg fwd_tcp_tc6.tpkg stub_udp6.tpkg edns_cache.tpkg'
|
NEED_IPV6='fwd_ancil.tpkg fwd_tcp_tc6.tpkg stub_udp6.tpkg edns_cache.tpkg'
|
||||||
NEED_NOMINGW='tcp_sigpipe.tpkg 07-confroot.tpkg 08-host-lib.tpkg fwd_ancil.tpkg'
|
NEED_NOMINGW='tcp_sigpipe.tpkg 07-confroot.tpkg 08-host-lib.tpkg fwd_ancil.tpkg'
|
||||||
NEED_DNSCRYPT_PROXY='dnscrypt_queries.tpkg'
|
NEED_DNSCRYPT_PROXY='dnscrypt_queries.tpkg dnscrypt_queries_chacha.tpkg'
|
||||||
|
|
||||||
# test if dig and ldns-testns are available.
|
# test if dig and ldns-testns are available.
|
||||||
test_tool_avail "dig"
|
test_tool_avail "dig"
|
||||||
|
@ -488,6 +488,7 @@ replay_scenario_read(FILE* in, const char* name, int* lineno)
|
|||||||
return scen;
|
return scen;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
log_err("scenario read failed at line %d (no SCENARIO_END?)", *lineno);
|
||||||
replay_scenario_delete(scen);
|
replay_scenario_delete(scen);
|
||||||
return NULL;
|
return NULL;
|
||||||
}
|
}
|
||||||
|
@ -143,7 +143,9 @@ write_q(int fd, int udp, SSL* ssl, sldns_buffer* buf, uint16_t id,
|
|||||||
edns.edns_present = 1;
|
edns.edns_present = 1;
|
||||||
edns.bits = EDNS_DO;
|
edns.bits = EDNS_DO;
|
||||||
edns.udp_size = 4096;
|
edns.udp_size = 4096;
|
||||||
attach_edns_record(buf, &edns);
|
if(sldns_buffer_capacity(buf) >=
|
||||||
|
sldns_buffer_limit(buf)+calc_edns_field_size(&edns))
|
||||||
|
attach_edns_record(buf, &edns);
|
||||||
}
|
}
|
||||||
|
|
||||||
/* send it */
|
/* send it */
|
||||||
|
@ -78,6 +78,7 @@ testbound_usage(void)
|
|||||||
printf("-g detect GOST support (exit code 0 or 1)\n");
|
printf("-g detect GOST support (exit code 0 or 1)\n");
|
||||||
printf("-e detect ECDSA support (exit code 0 or 1)\n");
|
printf("-e detect ECDSA support (exit code 0 or 1)\n");
|
||||||
printf("-c detect CLIENT_SUBNET support (exit code 0 or 1)\n");
|
printf("-c detect CLIENT_SUBNET support (exit code 0 or 1)\n");
|
||||||
|
printf("-i detect IPSECMOD support (exit code 0 or 1)\n");
|
||||||
printf("-s testbound self-test - unit test of testbound parts.\n");
|
printf("-s testbound self-test - unit test of testbound parts.\n");
|
||||||
printf("-o str unbound commandline options separated by spaces.\n");
|
printf("-o str unbound commandline options separated by spaces.\n");
|
||||||
printf("Version %s\n", PACKAGE_VERSION);
|
printf("Version %s\n", PACKAGE_VERSION);
|
||||||
@ -281,7 +282,7 @@ main(int argc, char* argv[])
|
|||||||
pass_argc = 1;
|
pass_argc = 1;
|
||||||
pass_argv[0] = "unbound";
|
pass_argv[0] = "unbound";
|
||||||
add_opts("-d", &pass_argc, pass_argv);
|
add_opts("-d", &pass_argc, pass_argv);
|
||||||
while( (c=getopt(argc, argv, "12egho:p:s")) != -1) {
|
while( (c=getopt(argc, argv, "12egciho:p:s")) != -1) {
|
||||||
switch(c) {
|
switch(c) {
|
||||||
case 's':
|
case 's':
|
||||||
free(pass_argv[1]);
|
free(pass_argv[1]);
|
||||||
@ -335,6 +336,15 @@ main(int argc, char* argv[])
|
|||||||
#else
|
#else
|
||||||
printf("CLIENT_SUBNET not supported\n");
|
printf("CLIENT_SUBNET not supported\n");
|
||||||
exit(1);
|
exit(1);
|
||||||
|
#endif
|
||||||
|
break;
|
||||||
|
case 'i':
|
||||||
|
#ifdef USE_IPSECMOD
|
||||||
|
printf("IPSECMOD supported\n");
|
||||||
|
exit(0);
|
||||||
|
#else
|
||||||
|
printf("IPSECMOD not supported\n");
|
||||||
|
exit(1);
|
||||||
#endif
|
#endif
|
||||||
break;
|
break;
|
||||||
case 'p':
|
case 'p':
|
||||||
|
858
testcode/unitauth.c
Normal file
858
testcode/unitauth.c
Normal file
@ -0,0 +1,858 @@
|
|||||||
|
/*
|
||||||
|
* testcode/unitauth.c - unit test for authzone authoritative zone code.
|
||||||
|
*
|
||||||
|
* Copyright (c) 2017, NLnet Labs. All rights reserved.
|
||||||
|
*
|
||||||
|
* This software is open source.
|
||||||
|
*
|
||||||
|
* Redistribution and use in source and binary forms, with or without
|
||||||
|
* modification, are permitted provided that the following conditions
|
||||||
|
* are met:
|
||||||
|
*
|
||||||
|
* Redistributions of source code must retain the above copyright notice,
|
||||||
|
* this list of conditions and the following disclaimer.
|
||||||
|
*
|
||||||
|
* Redistributions in binary form must reproduce the above copyright notice,
|
||||||
|
* this list of conditions and the following disclaimer in the documentation
|
||||||
|
* and/or other materials provided with the distribution.
|
||||||
|
*
|
||||||
|
* Neither the name of the NLNET LABS nor the names of its contributors may
|
||||||
|
* be used to endorse or promote products derived from this software without
|
||||||
|
* specific prior written permission.
|
||||||
|
*
|
||||||
|
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
|
||||||
|
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
|
||||||
|
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
|
||||||
|
* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
|
||||||
|
* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
|
||||||
|
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
|
||||||
|
* TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
|
||||||
|
* PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
|
||||||
|
* LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
|
||||||
|
* NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
|
||||||
|
* SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||||
|
*
|
||||||
|
*/
|
||||||
|
/**
|
||||||
|
* \file
|
||||||
|
* Unit test for auth zone code.
|
||||||
|
*/
|
||||||
|
#include "config.h"
|
||||||
|
#include "services/authzone.h"
|
||||||
|
#include "testcode/unitmain.h"
|
||||||
|
#include "util/regional.h"
|
||||||
|
#include "util/net_help.h"
|
||||||
|
#include "util/data/msgreply.h"
|
||||||
|
#include "services/cache/dns.h"
|
||||||
|
#include "sldns/str2wire.h"
|
||||||
|
#include "sldns/wire2str.h"
|
||||||
|
#include "sldns/sbuffer.h"
|
||||||
|
|
||||||
|
/** verbosity for this test */
|
||||||
|
static int vbmp = 0;
|
||||||
|
|
||||||
|
/** struct for query and answer checks */
|
||||||
|
struct q_ans {
|
||||||
|
/** zone to query (delegpt) */
|
||||||
|
const char* zone;
|
||||||
|
/** query name, class, type */
|
||||||
|
const char* query;
|
||||||
|
/** additional flags or "" */
|
||||||
|
const char* flags;
|
||||||
|
/** expected answer to check against, multi-line string */
|
||||||
|
const char* answer;
|
||||||
|
};
|
||||||
|
|
||||||
|
/** auth zone for test */
|
||||||
|
static const char* zone_example_com =
|
||||||
|
"example.com. 3600 IN SOA ns.example.org. noc.example.org. 2017042710 7200 3600 1209600 3600\n"
|
||||||
|
"example.com. 3600 IN A 10.0.0.1\n"
|
||||||
|
"example.com. 3600 IN NS ns.example.com.\n"
|
||||||
|
"example.com. 3600 IN MX 50 mail.example.com.\n"
|
||||||
|
"deep.ent.example.com. 3600 IN A 10.0.0.9\n"
|
||||||
|
"mail.example.com. 3600 IN A 10.0.0.4\n"
|
||||||
|
"ns.example.com. 3600 IN A 10.0.0.5\n"
|
||||||
|
"out.example.com. 3600 IN CNAME www.example.com.\n"
|
||||||
|
"plan.example.com. 3600 IN CNAME nonexist.example.com.\n"
|
||||||
|
"redir.example.com. 3600 IN DNAME redir.example.org.\n"
|
||||||
|
"sub.example.com. 3600 IN NS ns1.sub.example.com.\n"
|
||||||
|
"sub.example.com. 3600 IN NS ns2.sub.example.com.\n"
|
||||||
|
"ns1.sub.example.com. 3600 IN A 10.0.0.6\n"
|
||||||
|
"ns2.sub.example.com. 3600 IN AAAA 2001::7\n"
|
||||||
|
"*.wild.example.com. 3600 IN A 10.0.0.8\n"
|
||||||
|
"*.wild2.example.com. 3600 IN CNAME www.example.com.\n"
|
||||||
|
"*.wild3.example.com. 3600 IN A 10.0.0.8\n"
|
||||||
|
"*.wild3.example.com. 3600 IN MX 50 mail.example.com.\n"
|
||||||
|
"www.example.com. 3600 IN A 10.0.0.2\n"
|
||||||
|
"www.example.com. 3600 IN A 10.0.0.3\n"
|
||||||
|
"yy.example.com. 3600 IN TXT \"a\"\n"
|
||||||
|
"yy.example.com. 3600 IN TXT \"b\"\n"
|
||||||
|
"yy.example.com. 3600 IN TXT \"c\"\n"
|
||||||
|
"yy.example.com. 3600 IN TXT \"d\"\n"
|
||||||
|
"yy.example.com. 3600 IN TXT \"e\"\n"
|
||||||
|
"yy.example.com. 3600 IN TXT \"f\"\n"
|
||||||
|
|
||||||
|
/* and some tests for RRSIGs (rrsig is www.nlnetlabs.nl copy) */
|
||||||
|
/* normal: domain and 1 rrsig */
|
||||||
|
"z1.example.com. 3600 IN A 10.0.0.10\n"
|
||||||
|
"z1.example.com. 3600 IN RRSIG A 8 3 10200 20170612005010 20170515005010 42393 nlnetlabs.nl. NhEDrHkuIgHkjWhDRVsGOIJWZpSs+QdduilWFe5d+/ZhOheLJbaTYD5w6+ZZ3yPh1tNud+jlg+GyiOSVapLEO31swDCIarL1UfRjRSpxxDCHGag5Zu+S4hF+KURxO3cJk8jLBELMQyRuMRHoKrw/wsiLGVu1YpAyAPPMcjFBNbk= ;{id = 42393}\n"
|
||||||
|
/* normal: domain and 2 rrsigs */
|
||||||
|
"z2.example.com. 3600 IN A 10.0.0.10\n"
|
||||||
|
"z2.example.com. 3600 IN RRSIG A 8 3 10200 20170612005010 20170515005010 42393 nlnetlabs.nl. NhEDrHkuIgHkjWhDRVsGOIJWZpSs+QdduilWFe5d+/ZhOheLJbaTYD5w6+ZZ3yPh1tNud+jlg+GyiOSVapLEO31swDCIarL1UfRjRSpxxDCHGag5Zu+S4hF+KURxO3cJk8jLBELMQyRuMRHoKrw/wsiLGVu1YpAyAPPMcjFBNbk= ;{id = 42393}\n"
|
||||||
|
"z2.example.com. 3600 IN RRSIG A 8 3 10200 20170612005010 20170515005010 12345 nlnetlabs.nl. NhEDrHkuIgHkjWhDRVsGOIJWZpSs+QdduilWFe5d+/ZhOheLJbaTYD5w6+ZZ3yPh1tNud+jlg+GyiOSVapLEO31swDCIarL1UfRjRSpxxDCHGag5Zu+S4hF+KURxO3cJk8jLBELMQyRuMRHoKrw/wsiLGVu1YpAyAPPMcjFBNbk= ;{id = 12345}\n"
|
||||||
|
/* normal: domain and 3 rrsigs */
|
||||||
|
"z3.example.com. 3600 IN A 10.0.0.10\n"
|
||||||
|
"z3.example.com. 3600 IN A 10.0.0.11\n"
|
||||||
|
"z3.example.com. 3600 IN RRSIG A 8 3 10200 20170612005010 20170515005010 42393 nlnetlabs.nl. NhEDrHkuIgHkjWhDRVsGOIJWZpSs+QdduilWFe5d+/ZhOheLJbaTYD5w6+ZZ3yPh1tNud+jlg+GyiOSVapLEO31swDCIarL1UfRjRSpxxDCHGag5Zu+S4hF+KURxO3cJk8jLBELMQyRuMRHoKrw/wsiLGVu1YpAyAPPMcjFBNbk= ;{id = 42393}\n"
|
||||||
|
"z3.example.com. 3600 IN RRSIG A 8 3 10200 20170612005010 20170515005010 12345 nlnetlabs.nl. NhEDrHkuIgHkjWhDRVsGOIJWZpSs+QdduilWFe5d+/ZhOheLJbaTYD5w6+ZZ3yPh1tNud+jlg+GyiOSVapLEO31swDCIarL1UfRjRSpxxDCHGag5Zu+S4hF+KURxO3cJk8jLBELMQyRuMRHoKrw/wsiLGVu1YpAyAPPMcjFBNbk= ;{id = 12345}\n"
|
||||||
|
"z3.example.com. 3600 IN RRSIG A 8 3 10200 20170612005010 20170515005010 12356 nlnetlabs.nl. NhEDrHkuIgHkjWhDRVsGOIJWZpSs+QdduilWFe5d+/ZhOheLJbaTYD5w6+ZZ3yPh1tNud+jlg+GyiOSVapLEO31swDCIarL1UfRjRSpxxDCHGag5Zu+S4hF+KURxO3cJk8jLBELMQyRuMRHoKrw/wsiLGVu1YpAyAPPMcjFBNbk= ;{id = 12356}\n"
|
||||||
|
/* just an RRSIG rrset with nothing else */
|
||||||
|
"z4.example.com. 3600 IN RRSIG A 8 3 10200 20170612005010 20170515005010 42393 nlnetlabs.nl. NhEDrHkuIgHkjWhDRVsGOIJWZpSs+QdduilWFe5d+/ZhOheLJbaTYD5w6+ZZ3yPh1tNud+jlg+GyiOSVapLEO31swDCIarL1UfRjRSpxxDCHGag5Zu+S4hF+KURxO3cJk8jLBELMQyRuMRHoKrw/wsiLGVu1YpAyAPPMcjFBNbk= ;{id = 42393}\n"
|
||||||
|
/* just an RRSIG rrset with nothing else, 2 rrsigs */
|
||||||
|
"z5.example.com. 3600 IN RRSIG A 8 3 10200 20170612005010 20170515005010 42393 nlnetlabs.nl. NhEDrHkuIgHkjWhDRVsGOIJWZpSs+QdduilWFe5d+/ZhOheLJbaTYD5w6+ZZ3yPh1tNud+jlg+GyiOSVapLEO31swDCIarL1UfRjRSpxxDCHGag5Zu+S4hF+KURxO3cJk8jLBELMQyRuMRHoKrw/wsiLGVu1YpAyAPPMcjFBNbk= ;{id = 42393}\n"
|
||||||
|
"z5.example.com. 3600 IN RRSIG A 8 3 10200 20170612005010 20170515005010 12345 nlnetlabs.nl. NhEDrHkuIgHkjWhDRVsGOIJWZpSs+QdduilWFe5d+/ZhOheLJbaTYD5w6+ZZ3yPh1tNud+jlg+GyiOSVapLEO31swDCIarL1UfRjRSpxxDCHGag5Zu+S4hF+KURxO3cJk8jLBELMQyRuMRHoKrw/wsiLGVu1YpAyAPPMcjFBNbk= ;{id = 12345}\n"
|
||||||
|
#if 0 /* comparison of file does not work on this part because duplicates */
|
||||||
|
/* are removed and the rrsets are reordered */
|
||||||
|
/* first rrsig, then A record */
|
||||||
|
"z6.example.com. 3600 IN RRSIG A 8 3 10200 20170612005010 20170515005010 42393 nlnetlabs.nl. NhEDrHkuIgHkjWhDRVsGOIJWZpSs+QdduilWFe5d+/ZhOheLJbaTYD5w6+ZZ3yPh1tNud+jlg+GyiOSVapLEO31swDCIarL1UfRjRSpxxDCHGag5Zu+S4hF+KURxO3cJk8jLBELMQyRuMRHoKrw/wsiLGVu1YpAyAPPMcjFBNbk= ;{id = 42393}\n"
|
||||||
|
"z6.example.com. 3600 IN A 10.0.0.10\n"
|
||||||
|
/* first two rrsigs, then A record */
|
||||||
|
"z7.example.com. 3600 IN RRSIG A 8 3 10200 20170612005010 20170515005010 42393 nlnetlabs.nl. NhEDrHkuIgHkjWhDRVsGOIJWZpSs+QdduilWFe5d+/ZhOheLJbaTYD5w6+ZZ3yPh1tNud+jlg+GyiOSVapLEO31swDCIarL1UfRjRSpxxDCHGag5Zu+S4hF+KURxO3cJk8jLBELMQyRuMRHoKrw/wsiLGVu1YpAyAPPMcjFBNbk= ;{id = 42393}\n"
|
||||||
|
"z7.example.com. 3600 IN RRSIG A 8 3 10200 20170612005010 20170515005010 12345 nlnetlabs.nl. NhEDrHkuIgHkjWhDRVsGOIJWZpSs+QdduilWFe5d+/ZhOheLJbaTYD5w6+ZZ3yPh1tNud+jlg+GyiOSVapLEO31swDCIarL1UfRjRSpxxDCHGag5Zu+S4hF+KURxO3cJk8jLBELMQyRuMRHoKrw/wsiLGVu1YpAyAPPMcjFBNbk= ;{id = 12345}\n"
|
||||||
|
"z7.example.com. 3600 IN A 10.0.0.10\n"
|
||||||
|
/* first two rrsigs, then two A records */
|
||||||
|
"z8.example.com. 3600 IN RRSIG A 8 3 10200 20170612005010 20170515005010 42393 nlnetlabs.nl. NhEDrHkuIgHkjWhDRVsGOIJWZpSs+QdduilWFe5d+/ZhOheLJbaTYD5w6+ZZ3yPh1tNud+jlg+GyiOSVapLEO31swDCIarL1UfRjRSpxxDCHGag5Zu+S4hF+KURxO3cJk8jLBELMQyRuMRHoKrw/wsiLGVu1YpAyAPPMcjFBNbk= ;{id = 42393}\n"
|
||||||
|
"z8.example.com. 3600 IN RRSIG A 8 3 10200 20170612005010 20170515005010 12345 nlnetlabs.nl. NhEDrHkuIgHkjWhDRVsGOIJWZpSs+QdduilWFe5d+/ZhOheLJbaTYD5w6+ZZ3yPh1tNud+jlg+GyiOSVapLEO31swDCIarL1UfRjRSpxxDCHGag5Zu+S4hF+KURxO3cJk8jLBELMQyRuMRHoKrw/wsiLGVu1YpAyAPPMcjFBNbk= ;{id = 12345}\n"
|
||||||
|
"z8.example.com. 3600 IN A 10.0.0.10\n"
|
||||||
|
"z8.example.com. 3600 IN A 10.0.0.11\n"
|
||||||
|
/* duplicate RR, duplicate RRsig */
|
||||||
|
"z9.example.com. 3600 IN A 10.0.0.10\n"
|
||||||
|
"z9.example.com. 3600 IN A 10.0.0.11\n"
|
||||||
|
"z9.example.com. 3600 IN A 10.0.0.10\n"
|
||||||
|
"z9.example.com. 3600 IN RRSIG A 8 3 10200 20170612005010 20170515005010 42393 nlnetlabs.nl. NhEDrHkuIgHkjWhDRVsGOIJWZpSs+QdduilWFe5d+/ZhOheLJbaTYD5w6+ZZ3yPh1tNud+jlg+GyiOSVapLEO31swDCIarL1UfRjRSpxxDCHGag5Zu+S4hF+KURxO3cJk8jLBELMQyRuMRHoKrw/wsiLGVu1YpAyAPPMcjFBNbk= ;{id = 42393}\n"
|
||||||
|
"z9.example.com. 3600 IN RRSIG A 8 3 10200 20170612005010 20170515005010 42393 nlnetlabs.nl. NhEDrHkuIgHkjWhDRVsGOIJWZpSs+QdduilWFe5d+/ZhOheLJbaTYD5w6+ZZ3yPh1tNud+jlg+GyiOSVapLEO31swDCIarL1UfRjRSpxxDCHGag5Zu+S4hF+KURxO3cJk8jLBELMQyRuMRHoKrw/wsiLGVu1YpAyAPPMcjFBNbk= ;{id = 42393}\n"
|
||||||
|
#endif /* if0 for duplicates and reordering */
|
||||||
|
;
|
||||||
|
|
||||||
|
/** queries for example.com: zone, query, flags, answer. end with NULL */
|
||||||
|
static struct q_ans example_com_queries[] = {
|
||||||
|
{ "example.com", "www.example.com. A", "",
|
||||||
|
";flags QR AA rcode NOERROR\n"
|
||||||
|
";answer section\n"
|
||||||
|
"www.example.com. 3600 IN A 10.0.0.2\n"
|
||||||
|
"www.example.com. 3600 IN A 10.0.0.3\n"
|
||||||
|
},
|
||||||
|
|
||||||
|
{ "example.com", "example.com. SOA", "",
|
||||||
|
";flags QR AA rcode NOERROR\n"
|
||||||
|
";answer section\n"
|
||||||
|
"example.com. 3600 IN SOA ns.example.org. noc.example.org. 2017042710 7200 3600 1209600 3600\n"
|
||||||
|
},
|
||||||
|
|
||||||
|
{ "example.com", "example.com. A", "",
|
||||||
|
";flags QR AA rcode NOERROR\n"
|
||||||
|
";answer section\n"
|
||||||
|
"example.com. 3600 IN A 10.0.0.1\n"
|
||||||
|
},
|
||||||
|
|
||||||
|
{ "example.com", "example.com. AAAA", "",
|
||||||
|
";flags QR AA rcode NOERROR\n"
|
||||||
|
";authority section\n"
|
||||||
|
"example.com. 3600 IN SOA ns.example.org. noc.example.org. 2017042710 7200 3600 1209600 3600\n"
|
||||||
|
},
|
||||||
|
|
||||||
|
{ "example.com", "example.com. NS", "",
|
||||||
|
";flags QR AA rcode NOERROR\n"
|
||||||
|
";answer section\n"
|
||||||
|
"example.com. 3600 IN NS ns.example.com.\n"
|
||||||
|
";additional section\n"
|
||||||
|
"ns.example.com. 3600 IN A 10.0.0.5\n"
|
||||||
|
},
|
||||||
|
|
||||||
|
{ "example.com", "example.com. MX", "",
|
||||||
|
";flags QR AA rcode NOERROR\n"
|
||||||
|
";answer section\n"
|
||||||
|
"example.com. 3600 IN MX 50 mail.example.com.\n"
|
||||||
|
";additional section\n"
|
||||||
|
"mail.example.com. 3600 IN A 10.0.0.4\n"
|
||||||
|
},
|
||||||
|
|
||||||
|
{ "example.com", "example.com. IN ANY", "",
|
||||||
|
";flags QR AA rcode NOERROR\n"
|
||||||
|
";answer section\n"
|
||||||
|
"example.com. 3600 IN SOA ns.example.org. noc.example.org. 2017042710 7200 3600 1209600 3600\n"
|
||||||
|
"example.com. 3600 IN MX 50 mail.example.com.\n"
|
||||||
|
"example.com. 3600 IN A 10.0.0.1\n"
|
||||||
|
},
|
||||||
|
|
||||||
|
{ "example.com", "nonexist.example.com. A", "",
|
||||||
|
";flags QR AA rcode NXDOMAIN\n"
|
||||||
|
";authority section\n"
|
||||||
|
"example.com. 3600 IN SOA ns.example.org. noc.example.org. 2017042710 7200 3600 1209600 3600\n"
|
||||||
|
},
|
||||||
|
|
||||||
|
{ "example.com", "deep.ent.example.com. A", "",
|
||||||
|
";flags QR AA rcode NOERROR\n"
|
||||||
|
";answer section\n"
|
||||||
|
"deep.ent.example.com. 3600 IN A 10.0.0.9\n"
|
||||||
|
},
|
||||||
|
|
||||||
|
{ "example.com", "ent.example.com. A", "",
|
||||||
|
";flags QR AA rcode NOERROR\n"
|
||||||
|
";authority section\n"
|
||||||
|
"example.com. 3600 IN SOA ns.example.org. noc.example.org. 2017042710 7200 3600 1209600 3600\n"
|
||||||
|
},
|
||||||
|
|
||||||
|
{ "example.com", "below.deep.ent.example.com. A", "",
|
||||||
|
";flags QR AA rcode NXDOMAIN\n"
|
||||||
|
";authority section\n"
|
||||||
|
"example.com. 3600 IN SOA ns.example.org. noc.example.org. 2017042710 7200 3600 1209600 3600\n"
|
||||||
|
},
|
||||||
|
|
||||||
|
{ "example.com", "mail.example.com. A", "",
|
||||||
|
";flags QR AA rcode NOERROR\n"
|
||||||
|
";answer section\n"
|
||||||
|
"mail.example.com. 3600 IN A 10.0.0.4\n"
|
||||||
|
},
|
||||||
|
|
||||||
|
{ "example.com", "ns.example.com. A", "",
|
||||||
|
";flags QR AA rcode NOERROR\n"
|
||||||
|
";answer section\n"
|
||||||
|
"ns.example.com. 3600 IN A 10.0.0.5\n"
|
||||||
|
},
|
||||||
|
|
||||||
|
{ "example.com", "out.example.com. A", "",
|
||||||
|
";flags QR AA rcode NOERROR\n"
|
||||||
|
";answer section\n"
|
||||||
|
"out.example.com. 3600 IN CNAME www.example.com.\n"
|
||||||
|
"www.example.com. 3600 IN A 10.0.0.2\n"
|
||||||
|
"www.example.com. 3600 IN A 10.0.0.3\n"
|
||||||
|
},
|
||||||
|
|
||||||
|
{ "example.com", "out.example.com. CNAME", "",
|
||||||
|
";flags QR AA rcode NOERROR\n"
|
||||||
|
";answer section\n"
|
||||||
|
"out.example.com. 3600 IN CNAME www.example.com.\n"
|
||||||
|
},
|
||||||
|
|
||||||
|
{ "example.com", "plan.example.com. A", "",
|
||||||
|
";flags QR AA rcode NOERROR\n"
|
||||||
|
";answer section\n"
|
||||||
|
"plan.example.com. 3600 IN CNAME nonexist.example.com.\n"
|
||||||
|
},
|
||||||
|
|
||||||
|
{ "example.com", "plan.example.com. CNAME", "",
|
||||||
|
";flags QR AA rcode NOERROR\n"
|
||||||
|
";answer section\n"
|
||||||
|
"plan.example.com. 3600 IN CNAME nonexist.example.com.\n"
|
||||||
|
},
|
||||||
|
|
||||||
|
{ "example.com", "redir.example.com. A", "",
|
||||||
|
";flags QR AA rcode NOERROR\n"
|
||||||
|
";authority section\n"
|
||||||
|
"example.com. 3600 IN SOA ns.example.org. noc.example.org. 2017042710 7200 3600 1209600 3600\n"
|
||||||
|
},
|
||||||
|
|
||||||
|
{ "example.com", "redir.example.com. DNAME", "",
|
||||||
|
";flags QR AA rcode NOERROR\n"
|
||||||
|
";answer section\n"
|
||||||
|
"redir.example.com. 3600 IN DNAME redir.example.org.\n"
|
||||||
|
},
|
||||||
|
|
||||||
|
{ "example.com", "abc.redir.example.com. A", "",
|
||||||
|
";flags QR AA rcode NOERROR\n"
|
||||||
|
";answer section\n"
|
||||||
|
"redir.example.com. 3600 IN DNAME redir.example.org.\n"
|
||||||
|
"abc.redir.example.com. 0 IN CNAME abc.redir.example.org.\n"
|
||||||
|
},
|
||||||
|
|
||||||
|
{ "example.com", "foo.abc.redir.example.com. A", "",
|
||||||
|
";flags QR AA rcode NOERROR\n"
|
||||||
|
";answer section\n"
|
||||||
|
"redir.example.com. 3600 IN DNAME redir.example.org.\n"
|
||||||
|
"foo.abc.redir.example.com. 0 IN CNAME foo.abc.redir.example.org.\n"
|
||||||
|
},
|
||||||
|
|
||||||
|
{ "example.com", "sub.example.com. NS", "",
|
||||||
|
";flags QR rcode NOERROR\n"
|
||||||
|
";authority section\n"
|
||||||
|
"sub.example.com. 3600 IN NS ns1.sub.example.com.\n"
|
||||||
|
"sub.example.com. 3600 IN NS ns2.sub.example.com.\n"
|
||||||
|
";additional section\n"
|
||||||
|
"ns1.sub.example.com. 3600 IN A 10.0.0.6\n"
|
||||||
|
"ns2.sub.example.com. 3600 IN AAAA 2001::7\n"
|
||||||
|
},
|
||||||
|
|
||||||
|
{ "example.com", "sub.example.com. DS", "",
|
||||||
|
";flags QR AA rcode NOERROR\n"
|
||||||
|
";authority section\n"
|
||||||
|
"example.com. 3600 IN SOA ns.example.org. noc.example.org. 2017042710 7200 3600 1209600 3600\n"
|
||||||
|
},
|
||||||
|
|
||||||
|
{ "example.com", "www.sub.example.com. NS", "",
|
||||||
|
";flags QR rcode NOERROR\n"
|
||||||
|
";authority section\n"
|
||||||
|
"sub.example.com. 3600 IN NS ns1.sub.example.com.\n"
|
||||||
|
"sub.example.com. 3600 IN NS ns2.sub.example.com.\n"
|
||||||
|
";additional section\n"
|
||||||
|
"ns1.sub.example.com. 3600 IN A 10.0.0.6\n"
|
||||||
|
"ns2.sub.example.com. 3600 IN AAAA 2001::7\n"
|
||||||
|
},
|
||||||
|
|
||||||
|
{ "example.com", "foo.abc.sub.example.com. NS", "",
|
||||||
|
";flags QR rcode NOERROR\n"
|
||||||
|
";authority section\n"
|
||||||
|
"sub.example.com. 3600 IN NS ns1.sub.example.com.\n"
|
||||||
|
"sub.example.com. 3600 IN NS ns2.sub.example.com.\n"
|
||||||
|
";additional section\n"
|
||||||
|
"ns1.sub.example.com. 3600 IN A 10.0.0.6\n"
|
||||||
|
"ns2.sub.example.com. 3600 IN AAAA 2001::7\n"
|
||||||
|
},
|
||||||
|
|
||||||
|
{ "example.com", "ns1.sub.example.com. A", "",
|
||||||
|
";flags QR rcode NOERROR\n"
|
||||||
|
";authority section\n"
|
||||||
|
"sub.example.com. 3600 IN NS ns1.sub.example.com.\n"
|
||||||
|
"sub.example.com. 3600 IN NS ns2.sub.example.com.\n"
|
||||||
|
";additional section\n"
|
||||||
|
"ns1.sub.example.com. 3600 IN A 10.0.0.6\n"
|
||||||
|
"ns2.sub.example.com. 3600 IN AAAA 2001::7\n"
|
||||||
|
},
|
||||||
|
|
||||||
|
{ "example.com", "ns1.sub.example.com. AAAA", "",
|
||||||
|
";flags QR rcode NOERROR\n"
|
||||||
|
";authority section\n"
|
||||||
|
"sub.example.com. 3600 IN NS ns1.sub.example.com.\n"
|
||||||
|
"sub.example.com. 3600 IN NS ns2.sub.example.com.\n"
|
||||||
|
";additional section\n"
|
||||||
|
"ns1.sub.example.com. 3600 IN A 10.0.0.6\n"
|
||||||
|
"ns2.sub.example.com. 3600 IN AAAA 2001::7\n"
|
||||||
|
},
|
||||||
|
|
||||||
|
{ "example.com", "ns2.sub.example.com. A", "",
|
||||||
|
";flags QR rcode NOERROR\n"
|
||||||
|
";authority section\n"
|
||||||
|
"sub.example.com. 3600 IN NS ns1.sub.example.com.\n"
|
||||||
|
"sub.example.com. 3600 IN NS ns2.sub.example.com.\n"
|
||||||
|
";additional section\n"
|
||||||
|
"ns1.sub.example.com. 3600 IN A 10.0.0.6\n"
|
||||||
|
"ns2.sub.example.com. 3600 IN AAAA 2001::7\n"
|
||||||
|
},
|
||||||
|
|
||||||
|
{ "example.com", "ns2.sub.example.com. AAAA", "",
|
||||||
|
";flags QR rcode NOERROR\n"
|
||||||
|
";authority section\n"
|
||||||
|
"sub.example.com. 3600 IN NS ns1.sub.example.com.\n"
|
||||||
|
"sub.example.com. 3600 IN NS ns2.sub.example.com.\n"
|
||||||
|
";additional section\n"
|
||||||
|
"ns1.sub.example.com. 3600 IN A 10.0.0.6\n"
|
||||||
|
"ns2.sub.example.com. 3600 IN AAAA 2001::7\n"
|
||||||
|
},
|
||||||
|
|
||||||
|
{ "example.com", "wild.example.com. A", "",
|
||||||
|
";flags QR AA rcode NOERROR\n"
|
||||||
|
";authority section\n"
|
||||||
|
"example.com. 3600 IN SOA ns.example.org. noc.example.org. 2017042710 7200 3600 1209600 3600\n"
|
||||||
|
},
|
||||||
|
|
||||||
|
{ "example.com", "*.wild.example.com. A", "",
|
||||||
|
";flags QR AA rcode NOERROR\n"
|
||||||
|
";answer section\n"
|
||||||
|
"*.wild.example.com. 3600 IN A 10.0.0.8\n"
|
||||||
|
},
|
||||||
|
|
||||||
|
{ "example.com", "*.wild.example.com. AAAA", "",
|
||||||
|
";flags QR AA rcode NOERROR\n"
|
||||||
|
";authority section\n"
|
||||||
|
"example.com. 3600 IN SOA ns.example.org. noc.example.org. 2017042710 7200 3600 1209600 3600\n"
|
||||||
|
},
|
||||||
|
|
||||||
|
{ "example.com", "abc.wild.example.com. A", "",
|
||||||
|
";flags QR AA rcode NOERROR\n"
|
||||||
|
";answer section\n"
|
||||||
|
"abc.wild.example.com. 3600 IN A 10.0.0.8\n"
|
||||||
|
},
|
||||||
|
|
||||||
|
{ "example.com", "abc.wild.example.com. AAAA", "",
|
||||||
|
";flags QR AA rcode NOERROR\n"
|
||||||
|
";authority section\n"
|
||||||
|
"example.com. 3600 IN SOA ns.example.org. noc.example.org. 2017042710 7200 3600 1209600 3600\n"
|
||||||
|
},
|
||||||
|
|
||||||
|
{ "example.com", "foo.abc.wild.example.com. A", "",
|
||||||
|
";flags QR AA rcode NOERROR\n"
|
||||||
|
";answer section\n"
|
||||||
|
"foo.abc.wild.example.com. 3600 IN A 10.0.0.8\n"
|
||||||
|
},
|
||||||
|
|
||||||
|
{ "example.com", "foo.abc.wild.example.com. AAAA", "",
|
||||||
|
";flags QR AA rcode NOERROR\n"
|
||||||
|
";authority section\n"
|
||||||
|
"example.com. 3600 IN SOA ns.example.org. noc.example.org. 2017042710 7200 3600 1209600 3600\n"
|
||||||
|
},
|
||||||
|
|
||||||
|
{ "example.com", "wild2.example.com. A", "",
|
||||||
|
";flags QR AA rcode NOERROR\n"
|
||||||
|
";authority section\n"
|
||||||
|
"example.com. 3600 IN SOA ns.example.org. noc.example.org. 2017042710 7200 3600 1209600 3600\n"
|
||||||
|
},
|
||||||
|
|
||||||
|
{ "example.com", "*.wild2.example.com. A", "",
|
||||||
|
";flags QR AA rcode NOERROR\n"
|
||||||
|
";answer section\n"
|
||||||
|
"*.wild2.example.com. 3600 IN CNAME www.example.com.\n"
|
||||||
|
"www.example.com. 3600 IN A 10.0.0.2\n"
|
||||||
|
"www.example.com. 3600 IN A 10.0.0.3\n"
|
||||||
|
},
|
||||||
|
|
||||||
|
{ "example.com", "abc.wild2.example.com. A", "",
|
||||||
|
";flags QR AA rcode NOERROR\n"
|
||||||
|
";answer section\n"
|
||||||
|
"abc.wild2.example.com. 3600 IN CNAME www.example.com.\n"
|
||||||
|
"www.example.com. 3600 IN A 10.0.0.2\n"
|
||||||
|
"www.example.com. 3600 IN A 10.0.0.3\n"
|
||||||
|
},
|
||||||
|
|
||||||
|
{ "example.com", "foo.abc.wild2.example.com. A", "",
|
||||||
|
";flags QR AA rcode NOERROR\n"
|
||||||
|
";answer section\n"
|
||||||
|
"foo.abc.wild2.example.com. 3600 IN CNAME www.example.com.\n"
|
||||||
|
"www.example.com. 3600 IN A 10.0.0.2\n"
|
||||||
|
"www.example.com. 3600 IN A 10.0.0.3\n"
|
||||||
|
},
|
||||||
|
|
||||||
|
{ "example.com", "abc.wild2.example.com. CNAME", "",
|
||||||
|
";flags QR AA rcode NOERROR\n"
|
||||||
|
";answer section\n"
|
||||||
|
"abc.wild2.example.com. 3600 IN CNAME www.example.com.\n"
|
||||||
|
},
|
||||||
|
|
||||||
|
{ "example.com", "abc.wild3.example.com. IN ANY", "",
|
||||||
|
";flags QR AA rcode NOERROR\n"
|
||||||
|
";answer section\n"
|
||||||
|
"abc.wild3.example.com. 3600 IN MX 50 mail.example.com.\n"
|
||||||
|
"abc.wild3.example.com. 3600 IN A 10.0.0.8\n"
|
||||||
|
},
|
||||||
|
|
||||||
|
{ "example.com", "yy.example.com. TXT", "",
|
||||||
|
";flags QR AA rcode NOERROR\n"
|
||||||
|
";answer section\n"
|
||||||
|
"yy.example.com. 3600 IN TXT \"a\"\n"
|
||||||
|
"yy.example.com. 3600 IN TXT \"b\"\n"
|
||||||
|
"yy.example.com. 3600 IN TXT \"c\"\n"
|
||||||
|
"yy.example.com. 3600 IN TXT \"d\"\n"
|
||||||
|
"yy.example.com. 3600 IN TXT \"e\"\n"
|
||||||
|
"yy.example.com. 3600 IN TXT \"f\"\n"
|
||||||
|
},
|
||||||
|
|
||||||
|
{NULL, NULL, NULL, NULL}
|
||||||
|
};
|
||||||
|
|
||||||
|
/** number of tmpfiles */
|
||||||
|
static int tempno = 0;
|
||||||
|
/** number of deleted files */
|
||||||
|
static int delno = 0;
|
||||||
|
|
||||||
|
/** cleanup tmp files at exit */
|
||||||
|
static void
|
||||||
|
tmpfilecleanup(void)
|
||||||
|
{
|
||||||
|
int i;
|
||||||
|
char buf[256];
|
||||||
|
for(i=0; i<tempno; i++) {
|
||||||
|
snprintf(buf, sizeof(buf), "/tmp/unbound.unittest.%u.%d",
|
||||||
|
(unsigned)getpid(), i);
|
||||||
|
if(vbmp) printf("cleanup: unlink %s\n", buf);
|
||||||
|
unlink(buf);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
/** create temp file, return (malloced) name string, write contents to it */
|
||||||
|
static char*
|
||||||
|
create_tmp_file(const char* s)
|
||||||
|
{
|
||||||
|
char buf[256];
|
||||||
|
char *fname;
|
||||||
|
FILE *out;
|
||||||
|
size_t r;
|
||||||
|
snprintf(buf, sizeof(buf), "/tmp/unbound.unittest.%u.%d",
|
||||||
|
(unsigned)getpid(), tempno++);
|
||||||
|
fname = strdup(buf);
|
||||||
|
if(!fname) fatal_exit("out of memory");
|
||||||
|
/* if no string, just make the name */
|
||||||
|
if(!s) return fname;
|
||||||
|
/* if string, write to file */
|
||||||
|
out = fopen(fname, "w");
|
||||||
|
if(!out) fatal_exit("cannot open %s: %s", fname, strerror(errno));
|
||||||
|
r = fwrite(s, 1, strlen(s), out);
|
||||||
|
if(r == 0) {
|
||||||
|
fatal_exit("write failed: %s", strerror(errno));
|
||||||
|
} else if(r < strlen(s)) {
|
||||||
|
fatal_exit("write failed: too short (disk full?)");
|
||||||
|
}
|
||||||
|
fclose(out);
|
||||||
|
return fname;
|
||||||
|
}
|
||||||
|
|
||||||
|
/** delete temp file and free name string */
|
||||||
|
static void
|
||||||
|
del_tmp_file(char* fname)
|
||||||
|
{
|
||||||
|
unlink(fname);
|
||||||
|
free(fname);
|
||||||
|
delno++;
|
||||||
|
if(delno == tempno) {
|
||||||
|
/* deleted all outstanding files, back to start condition */
|
||||||
|
tempno = 0;
|
||||||
|
delno = 0;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
/** Add zone from file for testing */
|
||||||
|
static struct auth_zone*
|
||||||
|
addzone(struct auth_zones* az, const char* name, char* fname)
|
||||||
|
{
|
||||||
|
struct auth_zone* z;
|
||||||
|
size_t nmlen;
|
||||||
|
uint8_t* nm = sldns_str2wire_dname(name, &nmlen);
|
||||||
|
if(!nm) fatal_exit("out of memory");
|
||||||
|
lock_rw_wrlock(&az->lock);
|
||||||
|
z = auth_zone_create(az, nm, nmlen, LDNS_RR_CLASS_IN);
|
||||||
|
lock_rw_unlock(&az->lock);
|
||||||
|
if(!z) fatal_exit("cannot find zone");
|
||||||
|
auth_zone_set_zonefile(z, fname);
|
||||||
|
|
||||||
|
if(!auth_zone_read_zonefile(z)) {
|
||||||
|
fatal_exit("parse failure for auth zone %s", name);
|
||||||
|
}
|
||||||
|
lock_rw_unlock(&z->lock);
|
||||||
|
free(nm);
|
||||||
|
return z;
|
||||||
|
}
|
||||||
|
|
||||||
|
/** check that file is the same as other file */
|
||||||
|
static void
|
||||||
|
checkfile(char* f1, char *f2)
|
||||||
|
{
|
||||||
|
char buf1[10240], buf2[10240];
|
||||||
|
int line = 0;
|
||||||
|
FILE* i1, *i2;
|
||||||
|
i1 = fopen(f1, "r");
|
||||||
|
if(!i1) fatal_exit("cannot open %s: %s", f1, strerror(errno));
|
||||||
|
i2 = fopen(f2, "r");
|
||||||
|
if(!i2) fatal_exit("cannot open %s: %s", f2, strerror(errno));
|
||||||
|
|
||||||
|
while(!feof(i1) && !feof(i2)) {
|
||||||
|
char* cp1, *cp2;
|
||||||
|
line++;
|
||||||
|
cp1 = fgets(buf1, (int)sizeof(buf1), i1);
|
||||||
|
cp2 = fgets(buf2, (int)sizeof(buf2), i2);
|
||||||
|
if((!cp1 && !feof(i1)) || (!cp2 && !feof(i2)))
|
||||||
|
fatal_exit("fgets failed: %s", strerror(errno));
|
||||||
|
if(strcmp(buf1, buf2) != 0) {
|
||||||
|
log_info("in files %s and %s:%d", f1, f2, line);
|
||||||
|
log_info("'%s'", buf1);
|
||||||
|
log_info("'%s'", buf2);
|
||||||
|
fatal_exit("files are not eqaul");
|
||||||
|
}
|
||||||
|
}
|
||||||
|
unit_assert(feof(i1) && feof(i2));
|
||||||
|
|
||||||
|
fclose(i1);
|
||||||
|
fclose(i2);
|
||||||
|
}
|
||||||
|
|
||||||
|
/** check that a zone (in string) can be read and reproduced */
|
||||||
|
static void
|
||||||
|
check_read_exact(const char* name, const char* zone)
|
||||||
|
{
|
||||||
|
struct auth_zones* az;
|
||||||
|
struct auth_zone* z;
|
||||||
|
char* fname, *outf;
|
||||||
|
if(vbmp) printf("check read zone %s\n", name);
|
||||||
|
fname = create_tmp_file(zone);
|
||||||
|
|
||||||
|
az = auth_zones_create();
|
||||||
|
unit_assert(az);
|
||||||
|
z = addzone(az, name, fname);
|
||||||
|
unit_assert(z);
|
||||||
|
outf = create_tmp_file(NULL);
|
||||||
|
if(!auth_zone_write_file(z, outf)) {
|
||||||
|
fatal_exit("write file failed for %s", fname);
|
||||||
|
}
|
||||||
|
checkfile(fname, outf);
|
||||||
|
|
||||||
|
del_tmp_file(fname);
|
||||||
|
del_tmp_file(outf);
|
||||||
|
auth_zones_delete(az);
|
||||||
|
}
|
||||||
|
|
||||||
|
/** parse q_ans structure for making query */
|
||||||
|
static void
|
||||||
|
q_ans_parse(struct q_ans* q, struct regional* region,
|
||||||
|
struct query_info** qinfo, int* fallback, uint8_t** dp_nm,
|
||||||
|
size_t* dp_nmlen)
|
||||||
|
{
|
||||||
|
int ret;
|
||||||
|
uint8_t buf[65535];
|
||||||
|
size_t len, dname_len;
|
||||||
|
|
||||||
|
/* parse flags */
|
||||||
|
*fallback = 0; /* default fallback value */
|
||||||
|
if(strstr(q->flags, "fallback"))
|
||||||
|
*fallback = 1;
|
||||||
|
|
||||||
|
/* parse zone */
|
||||||
|
*dp_nmlen = sizeof(buf);
|
||||||
|
if((ret=sldns_str2wire_dname_buf(q->zone, buf, dp_nmlen))!=0)
|
||||||
|
fatal_exit("cannot parse query dp zone %s : %s", q->zone,
|
||||||
|
sldns_get_errorstr_parse(ret));
|
||||||
|
*dp_nm = regional_alloc_init(region, buf, *dp_nmlen);
|
||||||
|
if(!dp_nm) fatal_exit("out of memory");
|
||||||
|
|
||||||
|
/* parse query */
|
||||||
|
len = sizeof(buf);
|
||||||
|
dname_len = 0;
|
||||||
|
if((ret=sldns_str2wire_rr_question_buf(q->query, buf, &len, &dname_len,
|
||||||
|
*dp_nm, *dp_nmlen, NULL, 0))!=0)
|
||||||
|
fatal_exit("cannot parse query %s : %s", q->query,
|
||||||
|
sldns_get_errorstr_parse(ret));
|
||||||
|
*qinfo = (struct query_info*)regional_alloc_zero(region,
|
||||||
|
sizeof(**qinfo));
|
||||||
|
if(!*qinfo) fatal_exit("out of memory");
|
||||||
|
(*qinfo)->qname = regional_alloc_init(region, buf, dname_len);
|
||||||
|
if(!(*qinfo)->qname) fatal_exit("out of memory");
|
||||||
|
(*qinfo)->qname_len = dname_len;
|
||||||
|
(*qinfo)->qtype = sldns_wirerr_get_type(buf, len, dname_len);
|
||||||
|
(*qinfo)->qclass = sldns_wirerr_get_class(buf, len, dname_len);
|
||||||
|
}
|
||||||
|
|
||||||
|
/** print flags to string */
|
||||||
|
static void
|
||||||
|
pr_flags(sldns_buffer* buf, uint16_t flags)
|
||||||
|
{
|
||||||
|
char rcode[32];
|
||||||
|
sldns_buffer_printf(buf, ";flags");
|
||||||
|
if((flags&BIT_QR)!=0) sldns_buffer_printf(buf, " QR");
|
||||||
|
if((flags&BIT_AA)!=0) sldns_buffer_printf(buf, " AA");
|
||||||
|
if((flags&BIT_TC)!=0) sldns_buffer_printf(buf, " TC");
|
||||||
|
if((flags&BIT_RD)!=0) sldns_buffer_printf(buf, " RD");
|
||||||
|
if((flags&BIT_CD)!=0) sldns_buffer_printf(buf, " CD");
|
||||||
|
if((flags&BIT_RA)!=0) sldns_buffer_printf(buf, " RA");
|
||||||
|
if((flags&BIT_AD)!=0) sldns_buffer_printf(buf, " AD");
|
||||||
|
if((flags&BIT_Z)!=0) sldns_buffer_printf(buf, " Z");
|
||||||
|
sldns_wire2str_rcode_buf((int)(FLAGS_GET_RCODE(flags)),
|
||||||
|
rcode, sizeof(rcode));
|
||||||
|
sldns_buffer_printf(buf, " rcode %s", rcode);
|
||||||
|
sldns_buffer_printf(buf, "\n");
|
||||||
|
}
|
||||||
|
|
||||||
|
/** print RRs to string */
|
||||||
|
static void
|
||||||
|
pr_rrs(sldns_buffer* buf, struct reply_info* rep)
|
||||||
|
{
|
||||||
|
char s[65536];
|
||||||
|
size_t i, j;
|
||||||
|
struct packed_rrset_data* d;
|
||||||
|
log_assert(rep->rrset_count == rep->an_numrrsets + rep->ns_numrrsets
|
||||||
|
+ rep->ar_numrrsets);
|
||||||
|
for(i=0; i<rep->rrset_count; i++) {
|
||||||
|
/* section heading */
|
||||||
|
if(i == 0 && rep->an_numrrsets != 0)
|
||||||
|
sldns_buffer_printf(buf, ";answer section\n");
|
||||||
|
else if(i == rep->an_numrrsets && rep->ns_numrrsets != 0)
|
||||||
|
sldns_buffer_printf(buf, ";authority section\n");
|
||||||
|
else if(i == rep->an_numrrsets+rep->ns_numrrsets &&
|
||||||
|
rep->ar_numrrsets != 0)
|
||||||
|
sldns_buffer_printf(buf, ";additional section\n");
|
||||||
|
/* spool RRset */
|
||||||
|
d = (struct packed_rrset_data*)rep->rrsets[i]->entry.data;
|
||||||
|
for(j=0; j<d->count+d->rrsig_count; j++) {
|
||||||
|
if(!packed_rr_to_string(rep->rrsets[i], j, 0,
|
||||||
|
s, sizeof(s))) {
|
||||||
|
fatal_exit("could not rr_to_string %d",
|
||||||
|
(int)i);
|
||||||
|
}
|
||||||
|
sldns_buffer_printf(buf, "%s", s);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
/** create string for message */
|
||||||
|
static char*
|
||||||
|
msgtostr(struct dns_msg* msg)
|
||||||
|
{
|
||||||
|
char* str;
|
||||||
|
sldns_buffer* buf = sldns_buffer_new(65535);
|
||||||
|
if(!buf) fatal_exit("out of memory");
|
||||||
|
pr_flags(buf, msg->rep->flags);
|
||||||
|
pr_rrs(buf, msg->rep);
|
||||||
|
|
||||||
|
str = strdup((char*)sldns_buffer_begin(buf));
|
||||||
|
if(!str) fatal_exit("out of memory");
|
||||||
|
sldns_buffer_free(buf);
|
||||||
|
return str;
|
||||||
|
}
|
||||||
|
|
||||||
|
/** find line diff between strings */
|
||||||
|
static void
|
||||||
|
line_diff(const char* p, const char* q, const char* pdesc, const char* qdesc)
|
||||||
|
{
|
||||||
|
char* pdup, *qdup, *pl, *ql;
|
||||||
|
int line = 1;
|
||||||
|
pdup = strdup(p);
|
||||||
|
qdup = strdup(q);
|
||||||
|
if(!pdup || !qdup) fatal_exit("out of memory");
|
||||||
|
pl=pdup;
|
||||||
|
ql=qdup;
|
||||||
|
printf("linediff (<%s, >%s)\n", pdesc, qdesc);
|
||||||
|
while(pl && ql && *pl && *ql) {
|
||||||
|
char* ep = strchr(pl, '\n');
|
||||||
|
char* eq = strchr(ql, '\n');
|
||||||
|
/* terminate lines */
|
||||||
|
if(ep) *ep = 0;
|
||||||
|
if(eq) *eq = 0;
|
||||||
|
/* printout */
|
||||||
|
if(strcmp(pl, ql) == 0) {
|
||||||
|
printf("%3d %s\n", line, pl);
|
||||||
|
} else {
|
||||||
|
printf("%3d < %s\n", line, pl);
|
||||||
|
printf("%3d > %s\n", line, ql);
|
||||||
|
}
|
||||||
|
if(ep) *ep = '\n';
|
||||||
|
if(eq) *eq = '\n';
|
||||||
|
if(ep) pl = ep+1;
|
||||||
|
else pl = NULL;
|
||||||
|
if(eq) ql = eq+1;
|
||||||
|
else ql = NULL;
|
||||||
|
line++;
|
||||||
|
}
|
||||||
|
if(pl && *pl) {
|
||||||
|
printf("%3d < %s\n", line, pl);
|
||||||
|
}
|
||||||
|
if(ql && *ql) {
|
||||||
|
printf("%3d > %s\n", line, ql);
|
||||||
|
}
|
||||||
|
free(pdup);
|
||||||
|
free(qdup);
|
||||||
|
}
|
||||||
|
|
||||||
|
/** make q_ans query */
|
||||||
|
static void
|
||||||
|
q_ans_query(struct q_ans* q, struct auth_zones* az, struct query_info* qinfo,
|
||||||
|
struct regional* region, int expected_fallback, uint8_t* dp_nm,
|
||||||
|
size_t dp_nmlen)
|
||||||
|
{
|
||||||
|
int ret, fallback = 0;
|
||||||
|
struct dns_msg* msg = NULL;
|
||||||
|
char* ans_str;
|
||||||
|
int oldv = verbosity;
|
||||||
|
/* increase verbosity to printout logic in authzone */
|
||||||
|
if(vbmp) verbosity = 4;
|
||||||
|
ret = auth_zones_lookup(az, qinfo, region, &msg, &fallback, dp_nm,
|
||||||
|
dp_nmlen);
|
||||||
|
if(vbmp) verbosity = oldv;
|
||||||
|
|
||||||
|
/* check the answer */
|
||||||
|
ans_str = msgtostr(msg);
|
||||||
|
/* printout if vbmp */
|
||||||
|
if(vbmp) printf("got (ret=%s%s):\n%s",
|
||||||
|
(ret?"ok":"fail"), (fallback?" fallback":""), ans_str);
|
||||||
|
/* check expected value for ret */
|
||||||
|
if(expected_fallback && ret != 0) {
|
||||||
|
/* ret is zero on fallback */
|
||||||
|
if(vbmp) printf("fallback expected, but "
|
||||||
|
"return value is not false\n");
|
||||||
|
unit_assert(expected_fallback && ret == 0);
|
||||||
|
}
|
||||||
|
if(ret == 0) {
|
||||||
|
if(!expected_fallback) {
|
||||||
|
if(vbmp) printf("return value is false, "
|
||||||
|
"(unexpected)\n");
|
||||||
|
}
|
||||||
|
unit_assert(expected_fallback);
|
||||||
|
}
|
||||||
|
/* check expected value for fallback */
|
||||||
|
if(expected_fallback && !fallback) {
|
||||||
|
if(vbmp) printf("expected fallback, but fallback is no\n");
|
||||||
|
} else if(!expected_fallback && fallback) {
|
||||||
|
if(vbmp) printf("expected no fallback, but fallback is yes\n");
|
||||||
|
}
|
||||||
|
unit_assert( (expected_fallback&&fallback) ||
|
||||||
|
(!expected_fallback&&!fallback));
|
||||||
|
/* check answer string */
|
||||||
|
if(strcmp(q->answer, ans_str) != 0) {
|
||||||
|
if(vbmp) printf("wanted:\n%s", q->answer);
|
||||||
|
line_diff(q->answer, ans_str, "wanted", "got");
|
||||||
|
}
|
||||||
|
unit_assert(strcmp(q->answer, ans_str) == 0);
|
||||||
|
if(vbmp) printf("query ok\n\n");
|
||||||
|
free(ans_str);
|
||||||
|
}
|
||||||
|
|
||||||
|
/** check queries on a loaded zone */
|
||||||
|
static void
|
||||||
|
check_az_q_ans(struct auth_zones* az, struct q_ans* queries)
|
||||||
|
{
|
||||||
|
struct q_ans* q;
|
||||||
|
struct regional* region = regional_create();
|
||||||
|
struct query_info* qinfo;
|
||||||
|
int fallback;
|
||||||
|
uint8_t* dp_nm;
|
||||||
|
size_t dp_nmlen;
|
||||||
|
for(q=queries; q->zone; q++) {
|
||||||
|
if(vbmp) printf("query %s: %s %s\n", q->zone, q->query,
|
||||||
|
q->flags);
|
||||||
|
q_ans_parse(q, region, &qinfo, &fallback, &dp_nm, &dp_nmlen);
|
||||||
|
q_ans_query(q, az, qinfo, region, fallback, dp_nm, dp_nmlen);
|
||||||
|
regional_free_all(region);
|
||||||
|
}
|
||||||
|
regional_destroy(region);
|
||||||
|
}
|
||||||
|
|
||||||
|
/** check queries for a zone are returned as specified */
|
||||||
|
static void
|
||||||
|
check_queries(const char* name, const char* zone, struct q_ans* queries)
|
||||||
|
{
|
||||||
|
struct auth_zones* az;
|
||||||
|
struct auth_zone* z;
|
||||||
|
char* fname;
|
||||||
|
if(vbmp) printf("check queries %s\n", name);
|
||||||
|
fname = create_tmp_file(zone);
|
||||||
|
az = auth_zones_create();
|
||||||
|
if(!az) fatal_exit("out of memory");
|
||||||
|
z = addzone(az, name, fname);
|
||||||
|
if(!z) fatal_exit("could not read zone for queries test");
|
||||||
|
del_tmp_file(fname);
|
||||||
|
|
||||||
|
/* run queries and test them */
|
||||||
|
check_az_q_ans(az, queries);
|
||||||
|
|
||||||
|
auth_zones_delete(az);
|
||||||
|
}
|
||||||
|
|
||||||
|
/** Test authzone read from file */
|
||||||
|
static void
|
||||||
|
authzone_read_test(void)
|
||||||
|
{
|
||||||
|
if(vbmp) printf("Testing read auth zone\n");
|
||||||
|
check_read_exact("example.com", zone_example_com);
|
||||||
|
}
|
||||||
|
|
||||||
|
/** Test authzone query from zone */
|
||||||
|
static void
|
||||||
|
authzone_query_test(void)
|
||||||
|
{
|
||||||
|
if(vbmp) printf("Testing query auth zone\n");
|
||||||
|
check_queries("example.com", zone_example_com, example_com_queries);
|
||||||
|
}
|
||||||
|
|
||||||
|
/** test authzone code */
|
||||||
|
void
|
||||||
|
authzone_test(void)
|
||||||
|
{
|
||||||
|
unit_show_feature("authzone");
|
||||||
|
atexit(tmpfilecleanup);
|
||||||
|
authzone_read_test();
|
||||||
|
authzone_query_test();
|
||||||
|
}
|
@ -403,6 +403,8 @@ config_tag_test(void)
|
|||||||
}
|
}
|
||||||
|
|
||||||
#include "util/rtt.h"
|
#include "util/rtt.h"
|
||||||
|
#include "util/timehist.h"
|
||||||
|
#include "libunbound/unbound.h"
|
||||||
/** test RTT code */
|
/** test RTT code */
|
||||||
static void
|
static void
|
||||||
rtt_test(void)
|
rtt_test(void)
|
||||||
@ -426,6 +428,8 @@ rtt_test(void)
|
|||||||
unit_assert( rtt_timeout(&r) > RTT_MIN_TIMEOUT-1);
|
unit_assert( rtt_timeout(&r) > RTT_MIN_TIMEOUT-1);
|
||||||
unit_assert( rtt_timeout(&r) < RTT_MAX_TIMEOUT+1);
|
unit_assert( rtt_timeout(&r) < RTT_MAX_TIMEOUT+1);
|
||||||
}
|
}
|
||||||
|
/* must be the same, timehist bucket is used in stats */
|
||||||
|
unit_assert(UB_STATS_BUCKET_NUM == NUM_BUCKETS_HIST);
|
||||||
}
|
}
|
||||||
|
|
||||||
#include "services/cache/infra.h"
|
#include "services/cache/infra.h"
|
||||||
@ -623,6 +627,9 @@ respip_conf_actions_test(void)
|
|||||||
}
|
}
|
||||||
unit_assert(respip_global_apply_cfg(set, &cfg));
|
unit_assert(respip_global_apply_cfg(set, &cfg));
|
||||||
verify_respip_set_actions(set, config_response_ip, clen);
|
verify_respip_set_actions(set, config_response_ip, clen);
|
||||||
|
|
||||||
|
respip_set_delete(set);
|
||||||
|
config_deldblstrlist(cfg.respip_actions);
|
||||||
}
|
}
|
||||||
|
|
||||||
/** Per-view respip actions test; apply raw configuration with two views
|
/** Per-view respip actions test; apply raw configuration with two views
|
||||||
@ -690,6 +697,12 @@ respip_view_conf_actions_test(void)
|
|||||||
unit_assert(v);
|
unit_assert(v);
|
||||||
verify_respip_set_actions(v->respip_set, config_response_ip_view2, clen2);
|
verify_respip_set_actions(v->respip_set, config_response_ip_view2, clen2);
|
||||||
lock_rw_unlock(&v->lock);
|
lock_rw_unlock(&v->lock);
|
||||||
|
|
||||||
|
views_delete(views);
|
||||||
|
free(cv1->name);
|
||||||
|
free(cv1);
|
||||||
|
free(cv2->name);
|
||||||
|
free(cv2);
|
||||||
}
|
}
|
||||||
|
|
||||||
typedef struct addr_data {char* ip; char* data;} addr_data_t;
|
typedef struct addr_data {char* ip; char* data;} addr_data_t;
|
||||||
@ -774,6 +787,8 @@ respip_conf_data_test(void)
|
|||||||
verify_rrset(set, "192.0.1.0/24", "11.12.13.14", 1, LDNS_RR_TYPE_A);
|
verify_rrset(set, "192.0.1.0/24", "11.12.13.14", 1, LDNS_RR_TYPE_A);
|
||||||
verify_rrset(set, "192.0.2.0/24", "www.example.com", 0, LDNS_RR_TYPE_CNAME);
|
verify_rrset(set, "192.0.2.0/24", "www.example.com", 0, LDNS_RR_TYPE_CNAME);
|
||||||
verify_rrset(set, "2001:db8:1::/48", "2001:db8:1::2:1", 0, LDNS_RR_TYPE_AAAA);
|
verify_rrset(set, "2001:db8:1::/48", "2001:db8:1::2:1", 0, LDNS_RR_TYPE_AAAA);
|
||||||
|
|
||||||
|
respip_set_delete(set);
|
||||||
}
|
}
|
||||||
|
|
||||||
/** Test per-view respip redirect w/ data directives */
|
/** Test per-view respip redirect w/ data directives */
|
||||||
@ -810,6 +825,11 @@ respip_view_conf_data_test(void)
|
|||||||
0, LDNS_RR_TYPE_CNAME);
|
0, LDNS_RR_TYPE_CNAME);
|
||||||
verify_rrset(v->respip_set, "2001:db8:1::/48", "2001:db8:1::2:1",
|
verify_rrset(v->respip_set, "2001:db8:1::/48", "2001:db8:1::2:1",
|
||||||
0, LDNS_RR_TYPE_AAAA);
|
0, LDNS_RR_TYPE_AAAA);
|
||||||
|
lock_rw_unlock(&v->lock);
|
||||||
|
|
||||||
|
views_delete(views);
|
||||||
|
free(cv->name);
|
||||||
|
free(cv);
|
||||||
}
|
}
|
||||||
|
|
||||||
/** respip unit tests */
|
/** respip unit tests */
|
||||||
@ -865,6 +885,7 @@ main(int argc, char* argv[])
|
|||||||
fatal_exit("could not init NSS");
|
fatal_exit("could not init NSS");
|
||||||
#endif /* HAVE_SSL or HAVE_NSS*/
|
#endif /* HAVE_SSL or HAVE_NSS*/
|
||||||
checklock_start();
|
checklock_start();
|
||||||
|
authzone_test();
|
||||||
neg_test();
|
neg_test();
|
||||||
rnd_test();
|
rnd_test();
|
||||||
respip_test();
|
respip_test();
|
||||||
|
@ -78,5 +78,7 @@ void ecs_test(void);
|
|||||||
#endif /* CLIENT_SUBNET */
|
#endif /* CLIENT_SUBNET */
|
||||||
/** unit test for ldns functions */
|
/** unit test for ldns functions */
|
||||||
void ldns_test(void);
|
void ldns_test(void);
|
||||||
|
/** unit test for auth zone functions */
|
||||||
|
void authzone_test(void);
|
||||||
|
|
||||||
#endif /* TESTCODE_UNITMAIN_H */
|
#endif /* TESTCODE_UNITMAIN_H */
|
||||||
|
@ -537,6 +537,11 @@ verify_test(void)
|
|||||||
}
|
}
|
||||||
dstest_file("testdata/test_ds.sha384");
|
dstest_file("testdata/test_ds.sha384");
|
||||||
#endif
|
#endif
|
||||||
|
#ifdef USE_ED25519
|
||||||
|
if(dnskey_algo_id_is_supported(LDNS_ED25519)) {
|
||||||
|
verifytest_file("testdata/test_sigs.ed25519", "20170530140439");
|
||||||
|
}
|
||||||
|
#endif
|
||||||
#ifdef USE_SHA1
|
#ifdef USE_SHA1
|
||||||
dstest_file("testdata/test_ds.sha1");
|
dstest_file("testdata/test_ds.sha1");
|
||||||
#endif
|
#endif
|
||||||
|
BIN
testdata/03-testbound.tpkg
vendored
BIN
testdata/03-testbound.tpkg
vendored
Binary file not shown.
BIN
testdata/05-asynclook.tpkg
vendored
BIN
testdata/05-asynclook.tpkg
vendored
Binary file not shown.
BIN
testdata/08-host-lib.tpkg
vendored
BIN
testdata/08-host-lib.tpkg
vendored
Binary file not shown.
BIN
testdata/dnscrypt_cert.tpkg
vendored
BIN
testdata/dnscrypt_cert.tpkg
vendored
Binary file not shown.
BIN
testdata/dnscrypt_cert_chacha.tpkg
vendored
Normal file
BIN
testdata/dnscrypt_cert_chacha.tpkg
vendored
Normal file
Binary file not shown.
BIN
testdata/dnscrypt_queries.tpkg
vendored
BIN
testdata/dnscrypt_queries.tpkg
vendored
Binary file not shown.
BIN
testdata/dnscrypt_queries_chacha.tpkg
vendored
Normal file
BIN
testdata/dnscrypt_queries_chacha.tpkg
vendored
Normal file
Binary file not shown.
236
testdata/ipsecmod_bogus_ipseckey.crpl
vendored
Normal file
236
testdata/ipsecmod_bogus_ipseckey.crpl
vendored
Normal file
@ -0,0 +1,236 @@
|
|||||||
|
; Test ipsecmod with bogus IPSECKEY
|
||||||
|
|
||||||
|
; config options
|
||||||
|
; The island of trust is at example.com
|
||||||
|
server:
|
||||||
|
trust-anchor: "example.com. IN DS 48069 8 2 fce2bcb0d88b828064faad58e935ca2e32ff0bbd8bd8407a8f344d8f8e8c438a"
|
||||||
|
val-override-date: "-1"
|
||||||
|
target-fetch-policy: "0 0 0 0 0"
|
||||||
|
# test that default value of harden-dnssec-stripped is still yes.
|
||||||
|
fake-sha1: yes
|
||||||
|
access-control: 127.0.0.1 allow_snoop
|
||||||
|
module-config: "ipsecmod validator iterator"
|
||||||
|
; ../../ is there because the test runs from testdata/03-testbound.dir
|
||||||
|
ipsecmod-hook: "../../testdata/ipsecmod_hook.sh"
|
||||||
|
ipsecmod-strict: no
|
||||||
|
ipsecmod-max-ttl: 200
|
||||||
|
|
||||||
|
stub-zone:
|
||||||
|
name: "."
|
||||||
|
stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET.
|
||||||
|
CONFIG_END
|
||||||
|
|
||||||
|
SCENARIO_BEGIN Test ipsecmod with bogus IPSECKEY
|
||||||
|
; Scenario overview:
|
||||||
|
; - query for example.com. IN A
|
||||||
|
; - check that query for example.com. IN IPSECKEY is generated
|
||||||
|
; - check that we get an answer for example.com. IN A with the correct TTL
|
||||||
|
; - check that the get the same answer from cache
|
||||||
|
; - check that we don't get the IPSECKEY answer from cache (bogus)
|
||||||
|
|
||||||
|
; K.ROOT-SERVERS.NET.
|
||||||
|
RANGE_BEGIN 0 100
|
||||||
|
ADDRESS 193.0.14.129
|
||||||
|
ENTRY_BEGIN
|
||||||
|
MATCH opcode qtype qname
|
||||||
|
ADJUST copy_id
|
||||||
|
REPLY QR NOERROR
|
||||||
|
SECTION QUESTION
|
||||||
|
. IN NS
|
||||||
|
SECTION ANSWER
|
||||||
|
. IN NS K.ROOT-SERVERS.NET.
|
||||||
|
SECTION ADDITIONAL
|
||||||
|
K.ROOT-SERVERS.NET. IN A 193.0.14.129
|
||||||
|
ENTRY_END
|
||||||
|
|
||||||
|
ENTRY_BEGIN
|
||||||
|
MATCH opcode qtype qname
|
||||||
|
ADJUST copy_id
|
||||||
|
REPLY QR AA NOERROR
|
||||||
|
SECTION QUESTION
|
||||||
|
a.gtld-servers.net. IN AAAA
|
||||||
|
SECTION AUTHORITY
|
||||||
|
. 86400 IN SOA . . 20070304 28800 7200 604800 86400
|
||||||
|
ENTRY_END
|
||||||
|
|
||||||
|
ENTRY_BEGIN
|
||||||
|
MATCH opcode qtype qname
|
||||||
|
ADJUST copy_id
|
||||||
|
REPLY QR AA NOERROR
|
||||||
|
SECTION QUESTION
|
||||||
|
K.ROOT-SERVERS.NET. IN AAAA
|
||||||
|
SECTION AUTHORITY
|
||||||
|
. 86400 IN SOA . . 20070304 28800 7200 604800 86400
|
||||||
|
ENTRY_END
|
||||||
|
|
||||||
|
ENTRY_BEGIN
|
||||||
|
MATCH opcode subdomain
|
||||||
|
ADJUST copy_id copy_query
|
||||||
|
REPLY QR NOERROR
|
||||||
|
SECTION QUESTION
|
||||||
|
com. IN A
|
||||||
|
SECTION AUTHORITY
|
||||||
|
com. IN NS a.gtld-servers.net.
|
||||||
|
SECTION ADDITIONAL
|
||||||
|
a.gtld-servers.net. IN A 192.5.6.30
|
||||||
|
ENTRY_END
|
||||||
|
RANGE_END
|
||||||
|
|
||||||
|
; a.gtld-servers.net.
|
||||||
|
RANGE_BEGIN 0 100
|
||||||
|
ADDRESS 192.5.6.30
|
||||||
|
ENTRY_BEGIN
|
||||||
|
MATCH opcode qtype qname
|
||||||
|
ADJUST copy_id
|
||||||
|
REPLY QR NOERROR
|
||||||
|
SECTION QUESTION
|
||||||
|
com. IN NS
|
||||||
|
SECTION ANSWER
|
||||||
|
com. IN NS a.gtld-servers.net.
|
||||||
|
SECTION ADDITIONAL
|
||||||
|
a.gtld-servers.net. IN A 192.5.6.30
|
||||||
|
ENTRY_END
|
||||||
|
|
||||||
|
ENTRY_BEGIN
|
||||||
|
MATCH opcode subdomain
|
||||||
|
ADJUST copy_id copy_query
|
||||||
|
REPLY QR NOERROR
|
||||||
|
SECTION QUESTION
|
||||||
|
example.com. IN A
|
||||||
|
SECTION AUTHORITY
|
||||||
|
example.com. IN NS ns.example.com.
|
||||||
|
SECTION ADDITIONAL
|
||||||
|
ns.example.com. IN A 1.2.3.4
|
||||||
|
ENTRY_END
|
||||||
|
RANGE_END
|
||||||
|
|
||||||
|
; ns.example.com.
|
||||||
|
RANGE_BEGIN 0 100
|
||||||
|
ADDRESS 1.2.3.4
|
||||||
|
ENTRY_BEGIN
|
||||||
|
MATCH opcode qtype qname
|
||||||
|
ADJUST copy_id
|
||||||
|
REPLY QR NOERROR
|
||||||
|
SECTION QUESTION
|
||||||
|
example.com. IN NS
|
||||||
|
SECTION ANSWER
|
||||||
|
example.com. IN NS ns.example.com.
|
||||||
|
example.com. 3600 IN RRSIG NS 8 2 3600 20170609142855 20170512142855 48069 example.com. SYFM1dsPEly0PjdShX8EsRnpq6XTysrvUBWB+LjGaC0wn3RFd0A2TG3WhVkUxhjTzRjt9jn3rz+JUJyybrhBkYXjBeBBjLep6Le7PQSct+FFDTIuX8duixfOzEN5LSYRMUnSuAq/z0LJHUB6nqTw8XWRm6EIImdEBc6D0u1KSes=
|
||||||
|
SECTION ADDITIONAL
|
||||||
|
ns.example.com. IN A 1.2.3.4
|
||||||
|
ns.example.com. 3600 IN RRSIG A 8 3 3600 20170609142855 20170512142855 48069 example.com. kK5LZnGi2VmVmKUXkVenYCQMHGqwhGaEOwjwVG9ScOVzvqNA+n7KWwxdLDsIVLgr/BjR9Cj9+HYB9hYMhk+LnsbHqf5ovY3+n7CV4v3MDWJBLYt7NHvXwoywbaD71w7koo0SUiBXMB/FyuxRj6BXEk4dlGh7mgHZXE+X/gCYxsM=
|
||||||
|
ENTRY_END
|
||||||
|
|
||||||
|
ENTRY_BEGIN
|
||||||
|
MATCH opcode qtype qname
|
||||||
|
ADJUST copy_id
|
||||||
|
REPLY QR AA NOERROR
|
||||||
|
SECTION QUESTION
|
||||||
|
ns.example.com. IN AAAA
|
||||||
|
SECTION AUTHORITY
|
||||||
|
example.com. 86400 IN SOA ns.example.com. example.com. 2002022401 10800 15 604800 10800
|
||||||
|
example.com. 86400 IN RRSIG SOA 8 2 86400 20170609142855 20170512142855 48069 example.com. fr6oVOsRMnm3D8N01LxzPvT9lWdNDhTlmwR1co42c3H2ra1EjbbKqkLcrXQAsq7E/ddzqgL3RnYS+3USojXycI1xhjXC8YT2xsW3uH8uTY1Qvk1K75lu1OXmDiU6wvHplFowl0OX7sx76lB1itbvsau4bMPMt03sf4u8po7V35s=
|
||||||
|
ENTRY_END
|
||||||
|
|
||||||
|
; response to A query
|
||||||
|
ENTRY_BEGIN
|
||||||
|
MATCH opcode qtype qname
|
||||||
|
ADJUST copy_id
|
||||||
|
REPLY QR NOERROR
|
||||||
|
SECTION QUESTION
|
||||||
|
example.com. IN A
|
||||||
|
SECTION ANSWER
|
||||||
|
example.com. 3600 IN A 5.6.7.8
|
||||||
|
example.com. 3600 IN RRSIG A 8 2 3600 20170609142855 20170512142855 48069 example.com. Qviw6w8ReMG2WZxenvzj/YwoeM3Ln59Fnw6s1MRWGsD2yA3+y0loFdUEHZdRhrEiV0kvtQGC+kBhMuSMq/cyjprbKLw5pkS9+MMDDnVPP1PQb17LY4NIxPtq710AN1sjhBK6PVa6XN+3ciUmCcLs1ESviQkVKpgAY/QlV0TaarQ=
|
||||||
|
SECTION AUTHORITY
|
||||||
|
example.com. IN NS ns.example.com.
|
||||||
|
example.com. 3600 IN RRSIG NS 8 2 3600 20170609142855 20170512142855 48069 example.com. SYFM1dsPEly0PjdShX8EsRnpq6XTysrvUBWB+LjGaC0wn3RFd0A2TG3WhVkUxhjTzRjt9jn3rz+JUJyybrhBkYXjBeBBjLep6Le7PQSct+FFDTIuX8duixfOzEN5LSYRMUnSuAq/z0LJHUB6nqTw8XWRm6EIImdEBc6D0u1KSes=
|
||||||
|
SECTION ADDITIONAL
|
||||||
|
ns.example.com. IN A 1.2.3.4
|
||||||
|
ns.example.com. 3600 IN RRSIG A 8 3 3600 20170609142855 20170512142855 48069 example.com. kK5LZnGi2VmVmKUXkVenYCQMHGqwhGaEOwjwVG9ScOVzvqNA+n7KWwxdLDsIVLgr/BjR9Cj9+HYB9hYMhk+LnsbHqf5ovY3+n7CV4v3MDWJBLYt7NHvXwoywbaD71w7koo0SUiBXMB/FyuxRj6BXEk4dlGh7mgHZXE+X/gCYxsM=
|
||||||
|
ENTRY_END
|
||||||
|
|
||||||
|
; response to IPSECKEY query
|
||||||
|
ENTRY_BEGIN
|
||||||
|
MATCH opcode qtype qname
|
||||||
|
ADJUST copy_id
|
||||||
|
REPLY QR NOERROR
|
||||||
|
SECTION QUESTION
|
||||||
|
example.com. IN IPSECKEY
|
||||||
|
SECTION ANSWER
|
||||||
|
example.com. 3600 IN IPSECKEY 10 0 2 . AQNRU3mG7TVTO2BkR47usntb102uFJtugbo6BSGvgqt4AQ==
|
||||||
|
;(correct answer) example.com. 3600 IN RRSIG IPSECKEY 8 2 3600 20170609144114 20170512144114 48069 example.com. UqRbG6P8mWQEVt16j86cS6fqEN8c+5t8qtePr9ghRqIxeuPOCkLiSqmXQYcQbOeOK4YoWQ3gD2az2JMWQMxEKeBLpxXZbgZN+2uIZ9LLEkyYjGRulr9kameKTM1feSe31A9mR9IgMNrY/ZeUkfxC+8Q7s8avOqYH2jVMFUg9raE=
|
||||||
|
; (bogus answer)
|
||||||
|
example.com. 3600 IN RRSIG IPSECKEY 8 2 3600 20170609144114 20170512144114 48069 example.com. Bogus6P8mWQEVt16j86cS6fqEN8c+5t8qtePr9ghRqIxeuPOCkLiSqmXQYcQbOeOK4YoWQ3gD2az2JMWQMxEKeBLpxXZbgZN+2uIZ9LLEkyYjGRulr9kameKTM1feSe31A9mR9IgMNrY/ZeUkfxC+8Q7s8avOqYH2jVMFUg9raE=
|
||||||
|
SECTION AUTHORITY
|
||||||
|
example.com. IN NS ns.example.com.
|
||||||
|
example.com. 3600 IN RRSIG NS 8 2 3600 20170609142855 20170512142855 48069 example.com. SYFM1dsPEly0PjdShX8EsRnpq6XTysrvUBWB+LjGaC0wn3RFd0A2TG3WhVkUxhjTzRjt9jn3rz+JUJyybrhBkYXjBeBBjLep6Le7PQSct+FFDTIuX8duixfOzEN5LSYRMUnSuAq/z0LJHUB6nqTw8XWRm6EIImdEBc6D0u1KSes=
|
||||||
|
SECTION ADDITIONAL
|
||||||
|
ns.example.com. IN A 1.2.3.4
|
||||||
|
ns.example.com. 3600 IN RRSIG A 8 3 3600 20170609142855 20170512142855 48069 example.com. kK5LZnGi2VmVmKUXkVenYCQMHGqwhGaEOwjwVG9ScOVzvqNA+n7KWwxdLDsIVLgr/BjR9Cj9+HYB9hYMhk+LnsbHqf5ovY3+n7CV4v3MDWJBLYt7NHvXwoywbaD71w7koo0SUiBXMB/FyuxRj6BXEk4dlGh7mgHZXE+X/gCYxsM=
|
||||||
|
ENTRY_END
|
||||||
|
|
||||||
|
; response to DNSKEY priming query
|
||||||
|
ENTRY_BEGIN
|
||||||
|
MATCH opcode qtype qname
|
||||||
|
ADJUST copy_id
|
||||||
|
REPLY QR AA NOERROR
|
||||||
|
SECTION QUESTION
|
||||||
|
example.com. IN DNSKEY
|
||||||
|
SECTION ANSWER
|
||||||
|
example.com. 86400 IN DNSKEY 256 3 8 AwEAAddE7q1HL4Id+gpQ7imk+RyNEhCWgtew5tstsqIR/fXq0RBn0rF4SI1H6ysbb3nfqAV1xRDJ01ddpgfGyz9zXXHQ/H/9qEpeWapqfNTQ5GHHdxBL2iST7XusThfXEyX/pouKIpvtknvtLs8tmH64dajxoJkaejU2EKXKaBaRKcYx ;{id = 48069 (zsk), size = 1024b}
|
||||||
|
example.com. 86400 IN RRSIG DNSKEY 8 2 86400 20170609144114 20170512144114 48069 example.com. mJU3LnubfYW7vhksiC1STWbrSjCe6TG1kEpnk4jRrYovues6bzOTIFSXEMjPW1mikulapnx3nMtTWdrW2InjfP9wLV/u2Wx1Vu3s9uzli/27y//3DOkZSeBa5RZdKpC1h8UB5GAxq4MRiSidgEBB1qaDIaE29sWmn9kPHEgNcgI=
|
||||||
|
SECTION AUTHORITY
|
||||||
|
example.com. IN NS ns.example.com.
|
||||||
|
example.com. 3600 IN RRSIG NS 8 2 3600 20170609142855 20170512142855 48069 example.com. SYFM1dsPEly0PjdShX8EsRnpq6XTysrvUBWB+LjGaC0wn3RFd0A2TG3WhVkUxhjTzRjt9jn3rz+JUJyybrhBkYXjBeBBjLep6Le7PQSct+FFDTIuX8duixfOzEN5LSYRMUnSuAq/z0LJHUB6nqTw8XWRm6EIImdEBc6D0u1KSes=
|
||||||
|
SECTION ADDITIONAL
|
||||||
|
ns.example.com. IN A 1.2.3.4
|
||||||
|
ns.example.com. 3600 IN RRSIG A 8 3 3600 20170609142855 20170512142855 48069 example.com. kK5LZnGi2VmVmKUXkVenYCQMHGqwhGaEOwjwVG9ScOVzvqNA+n7KWwxdLDsIVLgr/BjR9Cj9+HYB9hYMhk+LnsbHqf5ovY3+n7CV4v3MDWJBLYt7NHvXwoywbaD71w7koo0SUiBXMB/FyuxRj6BXEk4dlGh7mgHZXE+X/gCYxsM=
|
||||||
|
ENTRY_END
|
||||||
|
RANGE_END
|
||||||
|
|
||||||
|
STEP 1 QUERY
|
||||||
|
ENTRY_BEGIN
|
||||||
|
REPLY RD
|
||||||
|
SECTION QUESTION
|
||||||
|
example.com. IN A
|
||||||
|
ENTRY_END
|
||||||
|
|
||||||
|
STEP 2 CHECK_OUT_QUERY
|
||||||
|
ENTRY_BEGIN
|
||||||
|
MATCH qname qtype opcode
|
||||||
|
SECTION QUESTION
|
||||||
|
example.com. IN IPSECKEY
|
||||||
|
ENTRY_END
|
||||||
|
|
||||||
|
; recursion happens here.
|
||||||
|
STEP 10 CHECK_ANSWER
|
||||||
|
ENTRY_BEGIN
|
||||||
|
MATCH all
|
||||||
|
REPLY QR RD RA SERVFAIL
|
||||||
|
SECTION QUESTION
|
||||||
|
example.com. IN A
|
||||||
|
SECTION ANSWER
|
||||||
|
ENTRY_END
|
||||||
|
|
||||||
|
; Query without RD, check if not cached
|
||||||
|
STEP 11 QUERY
|
||||||
|
ENTRY_BEGIN
|
||||||
|
SECTION QUESTION
|
||||||
|
example.com. IN A
|
||||||
|
ENTRY_END
|
||||||
|
|
||||||
|
STEP 20 CHECK_ANSWER
|
||||||
|
ENTRY_BEGIN
|
||||||
|
MATCH all
|
||||||
|
REPLY QR RA NOERROR
|
||||||
|
SECTION QUESTION
|
||||||
|
example.com. IN A
|
||||||
|
SECTION ANSWER
|
||||||
|
SECTION AUTHORITY
|
||||||
|
example.com. IN NS ns.example.com.
|
||||||
|
SECTION ADDITIONAL
|
||||||
|
ns.example.com. IN A 1.2.3.4
|
||||||
|
ENTRY_END
|
||||||
|
|
||||||
|
SCENARIO_END
|
219
testdata/ipsecmod_enabled.crpl
vendored
Normal file
219
testdata/ipsecmod_enabled.crpl
vendored
Normal file
@ -0,0 +1,219 @@
|
|||||||
|
; Test ipsecmod-enabled option.
|
||||||
|
|
||||||
|
; config options
|
||||||
|
server:
|
||||||
|
access-control: 127.0.0.1 allow_snoop
|
||||||
|
module-config: "ipsecmod validator iterator"
|
||||||
|
; ../../ is there because the test runs from testdata/03-testbound.dir
|
||||||
|
ipsecmod-hook: "../../testdata/ipsecmod_hook.sh"
|
||||||
|
ipsecmod-strict: no
|
||||||
|
ipsecmod-max-ttl: 200
|
||||||
|
ipsecmod-enabled: no
|
||||||
|
|
||||||
|
stub-zone:
|
||||||
|
name: "."
|
||||||
|
stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET.
|
||||||
|
CONFIG_END
|
||||||
|
|
||||||
|
SCENARIO_BEGIN Test ipsecmod-enabled option
|
||||||
|
; Scenario overview:
|
||||||
|
; - query for example.com. IN A
|
||||||
|
; - check that we get an answer for example.com. IN A with the correct TTL
|
||||||
|
; - check that the get the same answer from cache
|
||||||
|
; - check that we don't get the IPSECKEY answer from cache
|
||||||
|
|
||||||
|
; K.ROOT-SERVERS.NET.
|
||||||
|
RANGE_BEGIN 0 100
|
||||||
|
ADDRESS 193.0.14.129
|
||||||
|
ENTRY_BEGIN
|
||||||
|
MATCH opcode qtype qname
|
||||||
|
ADJUST copy_id
|
||||||
|
REPLY QR NOERROR
|
||||||
|
SECTION QUESTION
|
||||||
|
. IN NS
|
||||||
|
SECTION ANSWER
|
||||||
|
. IN NS K.ROOT-SERVERS.NET.
|
||||||
|
SECTION ADDITIONAL
|
||||||
|
K.ROOT-SERVERS.NET. IN A 193.0.14.129
|
||||||
|
ENTRY_END
|
||||||
|
|
||||||
|
ENTRY_BEGIN
|
||||||
|
MATCH opcode qtype qname
|
||||||
|
ADJUST copy_id
|
||||||
|
REPLY QR AA NOERROR
|
||||||
|
SECTION QUESTION
|
||||||
|
a.gtld-servers.net. IN AAAA
|
||||||
|
SECTION AUTHORITY
|
||||||
|
. 86400 IN SOA . . 20070304 28800 7200 604800 86400
|
||||||
|
ENTRY_END
|
||||||
|
|
||||||
|
ENTRY_BEGIN
|
||||||
|
MATCH opcode qtype qname
|
||||||
|
ADJUST copy_id
|
||||||
|
REPLY QR AA NOERROR
|
||||||
|
SECTION QUESTION
|
||||||
|
K.ROOT-SERVERS.NET. IN AAAA
|
||||||
|
SECTION AUTHORITY
|
||||||
|
. 86400 IN SOA . . 20070304 28800 7200 604800 86400
|
||||||
|
ENTRY_END
|
||||||
|
|
||||||
|
ENTRY_BEGIN
|
||||||
|
MATCH opcode subdomain
|
||||||
|
ADJUST copy_id copy_query
|
||||||
|
REPLY QR NOERROR
|
||||||
|
SECTION QUESTION
|
||||||
|
com. IN A
|
||||||
|
SECTION AUTHORITY
|
||||||
|
com. IN NS a.gtld-servers.net.
|
||||||
|
SECTION ADDITIONAL
|
||||||
|
a.gtld-servers.net. IN A 192.5.6.30
|
||||||
|
ENTRY_END
|
||||||
|
RANGE_END
|
||||||
|
|
||||||
|
; a.gtld-servers.net.
|
||||||
|
RANGE_BEGIN 0 100
|
||||||
|
ADDRESS 192.5.6.30
|
||||||
|
ENTRY_BEGIN
|
||||||
|
MATCH opcode qtype qname
|
||||||
|
ADJUST copy_id
|
||||||
|
REPLY QR NOERROR
|
||||||
|
SECTION QUESTION
|
||||||
|
com. IN NS
|
||||||
|
SECTION ANSWER
|
||||||
|
com. IN NS a.gtld-servers.net.
|
||||||
|
SECTION ADDITIONAL
|
||||||
|
a.gtld-servers.net. IN A 192.5.6.30
|
||||||
|
ENTRY_END
|
||||||
|
|
||||||
|
ENTRY_BEGIN
|
||||||
|
MATCH opcode subdomain
|
||||||
|
ADJUST copy_id copy_query
|
||||||
|
REPLY QR NOERROR
|
||||||
|
SECTION QUESTION
|
||||||
|
example.com. IN A
|
||||||
|
SECTION AUTHORITY
|
||||||
|
example.com. IN NS ns.example.com.
|
||||||
|
SECTION ADDITIONAL
|
||||||
|
ns.example.com. IN A 1.2.3.4
|
||||||
|
ENTRY_END
|
||||||
|
RANGE_END
|
||||||
|
|
||||||
|
; ns.example.com.
|
||||||
|
RANGE_BEGIN 0 100
|
||||||
|
ADDRESS 1.2.3.4
|
||||||
|
ENTRY_BEGIN
|
||||||
|
MATCH opcode qtype qname
|
||||||
|
ADJUST copy_id
|
||||||
|
REPLY QR NOERROR
|
||||||
|
SECTION QUESTION
|
||||||
|
example.com. IN NS
|
||||||
|
SECTION ANSWER
|
||||||
|
example.com. IN NS ns.example.com.
|
||||||
|
SECTION ADDITIONAL
|
||||||
|
ns.example.com. IN A 1.2.3.4
|
||||||
|
ENTRY_END
|
||||||
|
|
||||||
|
ENTRY_BEGIN
|
||||||
|
MATCH opcode qtype qname
|
||||||
|
ADJUST copy_id
|
||||||
|
REPLY QR AA NOERROR
|
||||||
|
SECTION QUESTION
|
||||||
|
ns.example.com. IN AAAA
|
||||||
|
SECTION AUTHORITY
|
||||||
|
example.com. 10 IN SOA . . 15 28800 7200 604800 10
|
||||||
|
ENTRY_END
|
||||||
|
|
||||||
|
; response to A query
|
||||||
|
ENTRY_BEGIN
|
||||||
|
MATCH opcode qtype qname
|
||||||
|
ADJUST copy_id
|
||||||
|
REPLY QR NOERROR
|
||||||
|
SECTION QUESTION
|
||||||
|
example.com. IN A
|
||||||
|
SECTION ANSWER
|
||||||
|
example.com. 3600 IN A 5.6.7.8
|
||||||
|
SECTION AUTHORITY
|
||||||
|
example.com. IN NS ns.example.com.
|
||||||
|
SECTION ADDITIONAL
|
||||||
|
ns.example.com. IN A 1.2.3.4
|
||||||
|
ENTRY_END
|
||||||
|
|
||||||
|
; response to IPSECKEY query
|
||||||
|
ENTRY_BEGIN
|
||||||
|
MATCH opcode qtype qname
|
||||||
|
ADJUST copy_id
|
||||||
|
REPLY QR NOERROR
|
||||||
|
SECTION QUESTION
|
||||||
|
example.com. IN IPSECKEY
|
||||||
|
SECTION ANSWER
|
||||||
|
example.com. 3600 IN IPSECKEY 10 0 2 . AQNRU3mG7TVTO2BkR47usntb102uFJtugbo6BSGvgqt4AQ==
|
||||||
|
SECTION AUTHORITY
|
||||||
|
example.com. IN NS ns.example.com.
|
||||||
|
SECTION ADDITIONAL
|
||||||
|
ns.example.com. IN A 1.2.3.4
|
||||||
|
ENTRY_END
|
||||||
|
RANGE_END
|
||||||
|
|
||||||
|
; Query with RD flag
|
||||||
|
STEP 1 QUERY
|
||||||
|
ENTRY_BEGIN
|
||||||
|
REPLY RD
|
||||||
|
SECTION QUESTION
|
||||||
|
example.com. IN A
|
||||||
|
ENTRY_END
|
||||||
|
|
||||||
|
STEP 10 CHECK_ANSWER
|
||||||
|
ENTRY_BEGIN
|
||||||
|
MATCH all ttl
|
||||||
|
REPLY QR RD RA NOERROR
|
||||||
|
SECTION QUESTION
|
||||||
|
example.com. IN A
|
||||||
|
SECTION ANSWER
|
||||||
|
example.com. 3600 IN A 5.6.7.8
|
||||||
|
SECTION AUTHORITY
|
||||||
|
example.com. IN NS ns.example.com.
|
||||||
|
SECTION ADDITIONAL
|
||||||
|
ns.example.com. IN A 1.2.3.4
|
||||||
|
ENTRY_END
|
||||||
|
|
||||||
|
; Query without RD, check if cached and with correct TTL
|
||||||
|
STEP 11 QUERY
|
||||||
|
ENTRY_BEGIN
|
||||||
|
SECTION QUESTION
|
||||||
|
example.com. IN A
|
||||||
|
ENTRY_END
|
||||||
|
|
||||||
|
STEP 20 CHECK_ANSWER
|
||||||
|
ENTRY_BEGIN
|
||||||
|
MATCH all ttl
|
||||||
|
REPLY QR RA NOERROR
|
||||||
|
SECTION QUESTION
|
||||||
|
example.com. IN A
|
||||||
|
SECTION ANSWER
|
||||||
|
example.com. 3600 IN A 5.6.7.8
|
||||||
|
SECTION AUTHORITY
|
||||||
|
example.com. IN NS ns.example.com.
|
||||||
|
SECTION ADDITIONAL
|
||||||
|
ns.example.com. IN A 1.2.3.4
|
||||||
|
ENTRY_END
|
||||||
|
|
||||||
|
; Query without RD, check if IPSECKEY cached
|
||||||
|
STEP 21 QUERY
|
||||||
|
ENTRY_BEGIN
|
||||||
|
SECTION QUESTION
|
||||||
|
example.com. IN IPSECKEY
|
||||||
|
ENTRY_END
|
||||||
|
|
||||||
|
STEP 30 CHECK_ANSWER
|
||||||
|
ENTRY_BEGIN
|
||||||
|
MATCH all
|
||||||
|
REPLY QR RA NOERROR
|
||||||
|
SECTION QUESTION
|
||||||
|
example.com. IN IPSECKEY
|
||||||
|
SECTION AUTHORITY
|
||||||
|
example.com. IN NS ns.example.com.
|
||||||
|
SECTION ADDITIONAL
|
||||||
|
ns.example.com. IN A 1.2.3.4
|
||||||
|
ENTRY_END
|
||||||
|
|
||||||
|
SCENARIO_END
|
2
testdata/ipsecmod_hook.sh
vendored
Executable file
2
testdata/ipsecmod_hook.sh
vendored
Executable file
@ -0,0 +1,2 @@
|
|||||||
|
echo " ---[ IPsec external hook FAIL; only care if ipsecmod-strict: yes ]---"
|
||||||
|
exit 1
|
257
testdata/ipsecmod_ignore_bogus_ipseckey.crpl
vendored
Normal file
257
testdata/ipsecmod_ignore_bogus_ipseckey.crpl
vendored
Normal file
@ -0,0 +1,257 @@
|
|||||||
|
; Test ipsecmod-ignore-bogus option
|
||||||
|
|
||||||
|
; config options
|
||||||
|
; The island of trust is at example.com
|
||||||
|
server:
|
||||||
|
trust-anchor: "example.com. IN DS 48069 8 2 fce2bcb0d88b828064faad58e935ca2e32ff0bbd8bd8407a8f344d8f8e8c438a"
|
||||||
|
val-override-date: "-1"
|
||||||
|
target-fetch-policy: "0 0 0 0 0"
|
||||||
|
# test that default value of harden-dnssec-stripped is still yes.
|
||||||
|
fake-sha1: yes
|
||||||
|
access-control: 127.0.0.1 allow_snoop
|
||||||
|
module-config: "ipsecmod validator iterator"
|
||||||
|
; ../../ is there because the test runs from testdata/03-testbound.dir
|
||||||
|
ipsecmod-hook: "../../testdata/ipsecmod_hook.sh"
|
||||||
|
ipsecmod-strict: no
|
||||||
|
ipsecmod-max-ttl: 200
|
||||||
|
ipsecmod-ignore-bogus: yes
|
||||||
|
|
||||||
|
stub-zone:
|
||||||
|
name: "."
|
||||||
|
stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET.
|
||||||
|
CONFIG_END
|
||||||
|
|
||||||
|
SCENARIO_BEGIN Test ipsecmod-ignore-bogus option
|
||||||
|
; Scenario overview:
|
||||||
|
; - query for example.com. IN A
|
||||||
|
; - check that query for example.com. IN IPSECKEY is generated
|
||||||
|
; - check that we get an answer for example.com. IN A with the correct TTL
|
||||||
|
; - check that the get the same answer from cache
|
||||||
|
; - check that we don't get the IPSECKEY answer from cache (bogus)
|
||||||
|
|
||||||
|
; K.ROOT-SERVERS.NET.
|
||||||
|
RANGE_BEGIN 0 100
|
||||||
|
ADDRESS 193.0.14.129
|
||||||
|
ENTRY_BEGIN
|
||||||
|
MATCH opcode qtype qname
|
||||||
|
ADJUST copy_id
|
||||||
|
REPLY QR NOERROR
|
||||||
|
SECTION QUESTION
|
||||||
|
. IN NS
|
||||||
|
SECTION ANSWER
|
||||||
|
. IN NS K.ROOT-SERVERS.NET.
|
||||||
|
SECTION ADDITIONAL
|
||||||
|
K.ROOT-SERVERS.NET. IN A 193.0.14.129
|
||||||
|
ENTRY_END
|
||||||
|
|
||||||
|
ENTRY_BEGIN
|
||||||
|
MATCH opcode qtype qname
|
||||||
|
ADJUST copy_id
|
||||||
|
REPLY QR AA NOERROR
|
||||||
|
SECTION QUESTION
|
||||||
|
a.gtld-servers.net. IN AAAA
|
||||||
|
SECTION AUTHORITY
|
||||||
|
. 86400 IN SOA . . 20070304 28800 7200 604800 86400
|
||||||
|
ENTRY_END
|
||||||
|
|
||||||
|
ENTRY_BEGIN
|
||||||
|
MATCH opcode qtype qname
|
||||||
|
ADJUST copy_id
|
||||||
|
REPLY QR AA NOERROR
|
||||||
|
SECTION QUESTION
|
||||||
|
K.ROOT-SERVERS.NET. IN AAAA
|
||||||
|
SECTION AUTHORITY
|
||||||
|
. 86400 IN SOA . . 20070304 28800 7200 604800 86400
|
||||||
|
ENTRY_END
|
||||||
|
|
||||||
|
ENTRY_BEGIN
|
||||||
|
MATCH opcode subdomain
|
||||||
|
ADJUST copy_id copy_query
|
||||||
|
REPLY QR NOERROR
|
||||||
|
SECTION QUESTION
|
||||||
|
com. IN A
|
||||||
|
SECTION AUTHORITY
|
||||||
|
com. IN NS a.gtld-servers.net.
|
||||||
|
SECTION ADDITIONAL
|
||||||
|
a.gtld-servers.net. IN A 192.5.6.30
|
||||||
|
ENTRY_END
|
||||||
|
RANGE_END
|
||||||
|
|
||||||
|
; a.gtld-servers.net.
|
||||||
|
RANGE_BEGIN 0 100
|
||||||
|
ADDRESS 192.5.6.30
|
||||||
|
ENTRY_BEGIN
|
||||||
|
MATCH opcode qtype qname
|
||||||
|
ADJUST copy_id
|
||||||
|
REPLY QR NOERROR
|
||||||
|
SECTION QUESTION
|
||||||
|
com. IN NS
|
||||||
|
SECTION ANSWER
|
||||||
|
com. IN NS a.gtld-servers.net.
|
||||||
|
SECTION ADDITIONAL
|
||||||
|
a.gtld-servers.net. IN A 192.5.6.30
|
||||||
|
ENTRY_END
|
||||||
|
|
||||||
|
ENTRY_BEGIN
|
||||||
|
MATCH opcode subdomain
|
||||||
|
ADJUST copy_id copy_query
|
||||||
|
REPLY QR NOERROR
|
||||||
|
SECTION QUESTION
|
||||||
|
example.com. IN A
|
||||||
|
SECTION AUTHORITY
|
||||||
|
example.com. IN NS ns.example.com.
|
||||||
|
SECTION ADDITIONAL
|
||||||
|
ns.example.com. IN A 1.2.3.4
|
||||||
|
ENTRY_END
|
||||||
|
RANGE_END
|
||||||
|
|
||||||
|
; ns.example.com.
|
||||||
|
RANGE_BEGIN 0 100
|
||||||
|
ADDRESS 1.2.3.4
|
||||||
|
ENTRY_BEGIN
|
||||||
|
MATCH opcode qtype qname
|
||||||
|
ADJUST copy_id
|
||||||
|
REPLY QR NOERROR
|
||||||
|
SECTION QUESTION
|
||||||
|
example.com. IN NS
|
||||||
|
SECTION ANSWER
|
||||||
|
example.com. IN NS ns.example.com.
|
||||||
|
example.com. 3600 IN RRSIG NS 8 2 3600 20170609142855 20170512142855 48069 example.com. SYFM1dsPEly0PjdShX8EsRnpq6XTysrvUBWB+LjGaC0wn3RFd0A2TG3WhVkUxhjTzRjt9jn3rz+JUJyybrhBkYXjBeBBjLep6Le7PQSct+FFDTIuX8duixfOzEN5LSYRMUnSuAq/z0LJHUB6nqTw8XWRm6EIImdEBc6D0u1KSes=
|
||||||
|
SECTION ADDITIONAL
|
||||||
|
ns.example.com. IN A 1.2.3.4
|
||||||
|
ns.example.com. 3600 IN RRSIG A 8 3 3600 20170609142855 20170512142855 48069 example.com. kK5LZnGi2VmVmKUXkVenYCQMHGqwhGaEOwjwVG9ScOVzvqNA+n7KWwxdLDsIVLgr/BjR9Cj9+HYB9hYMhk+LnsbHqf5ovY3+n7CV4v3MDWJBLYt7NHvXwoywbaD71w7koo0SUiBXMB/FyuxRj6BXEk4dlGh7mgHZXE+X/gCYxsM=
|
||||||
|
ENTRY_END
|
||||||
|
|
||||||
|
ENTRY_BEGIN
|
||||||
|
MATCH opcode qtype qname
|
||||||
|
ADJUST copy_id
|
||||||
|
REPLY QR AA NOERROR
|
||||||
|
SECTION QUESTION
|
||||||
|
ns.example.com. IN AAAA
|
||||||
|
SECTION AUTHORITY
|
||||||
|
example.com. 86400 IN SOA ns.example.com. example.com. 2002022401 10800 15 604800 10800
|
||||||
|
example.com. 86400 IN RRSIG SOA 8 2 86400 20170609142855 20170512142855 48069 example.com. fr6oVOsRMnm3D8N01LxzPvT9lWdNDhTlmwR1co42c3H2ra1EjbbKqkLcrXQAsq7E/ddzqgL3RnYS+3USojXycI1xhjXC8YT2xsW3uH8uTY1Qvk1K75lu1OXmDiU6wvHplFowl0OX7sx76lB1itbvsau4bMPMt03sf4u8po7V35s=
|
||||||
|
ENTRY_END
|
||||||
|
|
||||||
|
; response to A query
|
||||||
|
ENTRY_BEGIN
|
||||||
|
MATCH opcode qtype qname
|
||||||
|
ADJUST copy_id
|
||||||
|
REPLY QR NOERROR
|
||||||
|
SECTION QUESTION
|
||||||
|
example.com. IN A
|
||||||
|
SECTION ANSWER
|
||||||
|
example.com. 3600 IN A 5.6.7.8
|
||||||
|
example.com. 3600 IN RRSIG A 8 2 3600 20170609142855 20170512142855 48069 example.com. Qviw6w8ReMG2WZxenvzj/YwoeM3Ln59Fnw6s1MRWGsD2yA3+y0loFdUEHZdRhrEiV0kvtQGC+kBhMuSMq/cyjprbKLw5pkS9+MMDDnVPP1PQb17LY4NIxPtq710AN1sjhBK6PVa6XN+3ciUmCcLs1ESviQkVKpgAY/QlV0TaarQ=
|
||||||
|
SECTION AUTHORITY
|
||||||
|
example.com. IN NS ns.example.com.
|
||||||
|
example.com. 3600 IN RRSIG NS 8 2 3600 20170609142855 20170512142855 48069 example.com. SYFM1dsPEly0PjdShX8EsRnpq6XTysrvUBWB+LjGaC0wn3RFd0A2TG3WhVkUxhjTzRjt9jn3rz+JUJyybrhBkYXjBeBBjLep6Le7PQSct+FFDTIuX8duixfOzEN5LSYRMUnSuAq/z0LJHUB6nqTw8XWRm6EIImdEBc6D0u1KSes=
|
||||||
|
SECTION ADDITIONAL
|
||||||
|
ns.example.com. IN A 1.2.3.4
|
||||||
|
ns.example.com. 3600 IN RRSIG A 8 3 3600 20170609142855 20170512142855 48069 example.com. kK5LZnGi2VmVmKUXkVenYCQMHGqwhGaEOwjwVG9ScOVzvqNA+n7KWwxdLDsIVLgr/BjR9Cj9+HYB9hYMhk+LnsbHqf5ovY3+n7CV4v3MDWJBLYt7NHvXwoywbaD71w7koo0SUiBXMB/FyuxRj6BXEk4dlGh7mgHZXE+X/gCYxsM=
|
||||||
|
ENTRY_END
|
||||||
|
|
||||||
|
; response to IPSECKEY query
|
||||||
|
ENTRY_BEGIN
|
||||||
|
MATCH opcode qtype qname
|
||||||
|
ADJUST copy_id
|
||||||
|
REPLY QR NOERROR
|
||||||
|
SECTION QUESTION
|
||||||
|
example.com. IN IPSECKEY
|
||||||
|
SECTION ANSWER
|
||||||
|
example.com. 3600 IN IPSECKEY 10 0 2 . AQNRU3mG7TVTO2BkR47usntb102uFJtugbo6BSGvgqt4AQ==
|
||||||
|
;(correct answer) example.com. 3600 IN RRSIG IPSECKEY 8 2 3600 20170609144114 20170512144114 48069 example.com. UqRbG6P8mWQEVt16j86cS6fqEN8c+5t8qtePr9ghRqIxeuPOCkLiSqmXQYcQbOeOK4YoWQ3gD2az2JMWQMxEKeBLpxXZbgZN+2uIZ9LLEkyYjGRulr9kameKTM1feSe31A9mR9IgMNrY/ZeUkfxC+8Q7s8avOqYH2jVMFUg9raE=
|
||||||
|
; (bogus answer)
|
||||||
|
example.com. 3600 IN RRSIG IPSECKEY 8 2 3600 20170609144114 20170512144114 48069 example.com. Bogus6P8mWQEVt16j86cS6fqEN8c+5t8qtePr9ghRqIxeuPOCkLiSqmXQYcQbOeOK4YoWQ3gD2az2JMWQMxEKeBLpxXZbgZN+2uIZ9LLEkyYjGRulr9kameKTM1feSe31A9mR9IgMNrY/ZeUkfxC+8Q7s8avOqYH2jVMFUg9raE=
|
||||||
|
SECTION AUTHORITY
|
||||||
|
example.com. IN NS ns.example.com.
|
||||||
|
example.com. 3600 IN RRSIG NS 8 2 3600 20170609142855 20170512142855 48069 example.com. SYFM1dsPEly0PjdShX8EsRnpq6XTysrvUBWB+LjGaC0wn3RFd0A2TG3WhVkUxhjTzRjt9jn3rz+JUJyybrhBkYXjBeBBjLep6Le7PQSct+FFDTIuX8duixfOzEN5LSYRMUnSuAq/z0LJHUB6nqTw8XWRm6EIImdEBc6D0u1KSes=
|
||||||
|
SECTION ADDITIONAL
|
||||||
|
ns.example.com. IN A 1.2.3.4
|
||||||
|
ns.example.com. 3600 IN RRSIG A 8 3 3600 20170609142855 20170512142855 48069 example.com. kK5LZnGi2VmVmKUXkVenYCQMHGqwhGaEOwjwVG9ScOVzvqNA+n7KWwxdLDsIVLgr/BjR9Cj9+HYB9hYMhk+LnsbHqf5ovY3+n7CV4v3MDWJBLYt7NHvXwoywbaD71w7koo0SUiBXMB/FyuxRj6BXEk4dlGh7mgHZXE+X/gCYxsM=
|
||||||
|
ENTRY_END
|
||||||
|
|
||||||
|
; response to DNSKEY priming query
|
||||||
|
ENTRY_BEGIN
|
||||||
|
MATCH opcode qtype qname
|
||||||
|
ADJUST copy_id
|
||||||
|
REPLY QR AA NOERROR
|
||||||
|
SECTION QUESTION
|
||||||
|
example.com. IN DNSKEY
|
||||||
|
SECTION ANSWER
|
||||||
|
example.com. 86400 IN DNSKEY 256 3 8 AwEAAddE7q1HL4Id+gpQ7imk+RyNEhCWgtew5tstsqIR/fXq0RBn0rF4SI1H6ysbb3nfqAV1xRDJ01ddpgfGyz9zXXHQ/H/9qEpeWapqfNTQ5GHHdxBL2iST7XusThfXEyX/pouKIpvtknvtLs8tmH64dajxoJkaejU2EKXKaBaRKcYx ;{id = 48069 (zsk), size = 1024b}
|
||||||
|
example.com. 86400 IN RRSIG DNSKEY 8 2 86400 20170609144114 20170512144114 48069 example.com. mJU3LnubfYW7vhksiC1STWbrSjCe6TG1kEpnk4jRrYovues6bzOTIFSXEMjPW1mikulapnx3nMtTWdrW2InjfP9wLV/u2Wx1Vu3s9uzli/27y//3DOkZSeBa5RZdKpC1h8UB5GAxq4MRiSidgEBB1qaDIaE29sWmn9kPHEgNcgI=
|
||||||
|
SECTION AUTHORITY
|
||||||
|
example.com. IN NS ns.example.com.
|
||||||
|
example.com. 3600 IN RRSIG NS 8 2 3600 20170609142855 20170512142855 48069 example.com. SYFM1dsPEly0PjdShX8EsRnpq6XTysrvUBWB+LjGaC0wn3RFd0A2TG3WhVkUxhjTzRjt9jn3rz+JUJyybrhBkYXjBeBBjLep6Le7PQSct+FFDTIuX8duixfOzEN5LSYRMUnSuAq/z0LJHUB6nqTw8XWRm6EIImdEBc6D0u1KSes=
|
||||||
|
SECTION ADDITIONAL
|
||||||
|
ns.example.com. IN A 1.2.3.4
|
||||||
|
ns.example.com. 3600 IN RRSIG A 8 3 3600 20170609142855 20170512142855 48069 example.com. kK5LZnGi2VmVmKUXkVenYCQMHGqwhGaEOwjwVG9ScOVzvqNA+n7KWwxdLDsIVLgr/BjR9Cj9+HYB9hYMhk+LnsbHqf5ovY3+n7CV4v3MDWJBLYt7NHvXwoywbaD71w7koo0SUiBXMB/FyuxRj6BXEk4dlGh7mgHZXE+X/gCYxsM=
|
||||||
|
ENTRY_END
|
||||||
|
RANGE_END
|
||||||
|
|
||||||
|
STEP 1 QUERY
|
||||||
|
ENTRY_BEGIN
|
||||||
|
REPLY RD
|
||||||
|
SECTION QUESTION
|
||||||
|
example.com. IN A
|
||||||
|
ENTRY_END
|
||||||
|
|
||||||
|
STEP 2 CHECK_OUT_QUERY
|
||||||
|
ENTRY_BEGIN
|
||||||
|
MATCH qname qtype opcode
|
||||||
|
SECTION QUESTION
|
||||||
|
example.com. IN IPSECKEY
|
||||||
|
ENTRY_END
|
||||||
|
|
||||||
|
STEP 10 CHECK_ANSWER
|
||||||
|
ENTRY_BEGIN
|
||||||
|
MATCH all ttl
|
||||||
|
REPLY QR RD RA NOERROR
|
||||||
|
SECTION QUESTION
|
||||||
|
example.com. IN A
|
||||||
|
SECTION ANSWER
|
||||||
|
example.com. 200 IN A 5.6.7.8
|
||||||
|
SECTION AUTHORITY
|
||||||
|
example.com. IN NS ns.example.com.
|
||||||
|
SECTION ADDITIONAL
|
||||||
|
ns.example.com. IN A 1.2.3.4
|
||||||
|
ENTRY_END
|
||||||
|
|
||||||
|
; Query without RD, check if cached and with correct TTL
|
||||||
|
STEP 11 QUERY
|
||||||
|
ENTRY_BEGIN
|
||||||
|
SECTION QUESTION
|
||||||
|
example.com. IN A
|
||||||
|
ENTRY_END
|
||||||
|
|
||||||
|
STEP 20 CHECK_ANSWER
|
||||||
|
ENTRY_BEGIN
|
||||||
|
MATCH all ttl
|
||||||
|
REPLY QR RA NOERROR
|
||||||
|
SECTION QUESTION
|
||||||
|
example.com. IN A
|
||||||
|
SECTION ANSWER
|
||||||
|
example.com. 200 IN A 5.6.7.8
|
||||||
|
SECTION AUTHORITY
|
||||||
|
example.com. IN NS ns.example.com.
|
||||||
|
SECTION ADDITIONAL
|
||||||
|
ns.example.com. IN A 1.2.3.4
|
||||||
|
ENTRY_END
|
||||||
|
|
||||||
|
; Query without RD, check if IPSECKEY is not cached
|
||||||
|
STEP 21 QUERY
|
||||||
|
ENTRY_BEGIN
|
||||||
|
SECTION QUESTION
|
||||||
|
example.com. IN IPSECKEY
|
||||||
|
ENTRY_END
|
||||||
|
|
||||||
|
STEP 30 CHECK_ANSWER
|
||||||
|
ENTRY_BEGIN
|
||||||
|
MATCH all
|
||||||
|
REPLY QR RA SERVFAIL
|
||||||
|
SECTION QUESTION
|
||||||
|
example.com. IN IPSECKEY
|
||||||
|
ENTRY_END
|
||||||
|
|
||||||
|
SCENARIO_END
|
228
testdata/ipsecmod_max_ttl.crpl
vendored
Normal file
228
testdata/ipsecmod_max_ttl.crpl
vendored
Normal file
@ -0,0 +1,228 @@
|
|||||||
|
; Test ipsecmod-max-ttl option.
|
||||||
|
|
||||||
|
; config options
|
||||||
|
server:
|
||||||
|
access-control: 127.0.0.1 allow_snoop
|
||||||
|
module-config: "ipsecmod validator iterator"
|
||||||
|
; ../../ is there because the test runs from testdata/03-testbound.dir
|
||||||
|
ipsecmod-hook: "../../testdata/ipsecmod_hook.sh"
|
||||||
|
ipsecmod-strict: no
|
||||||
|
ipsecmod-max-ttl: 200
|
||||||
|
|
||||||
|
stub-zone:
|
||||||
|
name: "."
|
||||||
|
stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET.
|
||||||
|
CONFIG_END
|
||||||
|
|
||||||
|
SCENARIO_BEGIN Test ipsecmod-max-ttl option
|
||||||
|
; Scenario overview:
|
||||||
|
; - query for example.com. IN A
|
||||||
|
; - check that query for example.com. IN IPSECKEY is generated
|
||||||
|
; - check that we get an answer for example.com. IN A with the correct TTL
|
||||||
|
; - check that the get the same answer from cache
|
||||||
|
; - check that we get the IPSECKEY answer from cache
|
||||||
|
|
||||||
|
; K.ROOT-SERVERS.NET.
|
||||||
|
RANGE_BEGIN 0 100
|
||||||
|
ADDRESS 193.0.14.129
|
||||||
|
ENTRY_BEGIN
|
||||||
|
MATCH opcode qtype qname
|
||||||
|
ADJUST copy_id
|
||||||
|
REPLY QR NOERROR
|
||||||
|
SECTION QUESTION
|
||||||
|
. IN NS
|
||||||
|
SECTION ANSWER
|
||||||
|
. IN NS K.ROOT-SERVERS.NET.
|
||||||
|
SECTION ADDITIONAL
|
||||||
|
K.ROOT-SERVERS.NET. IN A 193.0.14.129
|
||||||
|
ENTRY_END
|
||||||
|
|
||||||
|
ENTRY_BEGIN
|
||||||
|
MATCH opcode qtype qname
|
||||||
|
ADJUST copy_id
|
||||||
|
REPLY QR AA NOERROR
|
||||||
|
SECTION QUESTION
|
||||||
|
a.gtld-servers.net. IN AAAA
|
||||||
|
SECTION AUTHORITY
|
||||||
|
. 86400 IN SOA . . 20070304 28800 7200 604800 86400
|
||||||
|
ENTRY_END
|
||||||
|
|
||||||
|
ENTRY_BEGIN
|
||||||
|
MATCH opcode qtype qname
|
||||||
|
ADJUST copy_id
|
||||||
|
REPLY QR AA NOERROR
|
||||||
|
SECTION QUESTION
|
||||||
|
K.ROOT-SERVERS.NET. IN AAAA
|
||||||
|
SECTION AUTHORITY
|
||||||
|
. 86400 IN SOA . . 20070304 28800 7200 604800 86400
|
||||||
|
ENTRY_END
|
||||||
|
|
||||||
|
ENTRY_BEGIN
|
||||||
|
MATCH opcode subdomain
|
||||||
|
ADJUST copy_id copy_query
|
||||||
|
REPLY QR NOERROR
|
||||||
|
SECTION QUESTION
|
||||||
|
com. IN A
|
||||||
|
SECTION AUTHORITY
|
||||||
|
com. IN NS a.gtld-servers.net.
|
||||||
|
SECTION ADDITIONAL
|
||||||
|
a.gtld-servers.net. IN A 192.5.6.30
|
||||||
|
ENTRY_END
|
||||||
|
RANGE_END
|
||||||
|
|
||||||
|
; a.gtld-servers.net.
|
||||||
|
RANGE_BEGIN 0 100
|
||||||
|
ADDRESS 192.5.6.30
|
||||||
|
ENTRY_BEGIN
|
||||||
|
MATCH opcode qtype qname
|
||||||
|
ADJUST copy_id
|
||||||
|
REPLY QR NOERROR
|
||||||
|
SECTION QUESTION
|
||||||
|
com. IN NS
|
||||||
|
SECTION ANSWER
|
||||||
|
com. IN NS a.gtld-servers.net.
|
||||||
|
SECTION ADDITIONAL
|
||||||
|
a.gtld-servers.net. IN A 192.5.6.30
|
||||||
|
ENTRY_END
|
||||||
|
|
||||||
|
ENTRY_BEGIN
|
||||||
|
MATCH opcode subdomain
|
||||||
|
ADJUST copy_id copy_query
|
||||||
|
REPLY QR NOERROR
|
||||||
|
SECTION QUESTION
|
||||||
|
example.com. IN A
|
||||||
|
SECTION AUTHORITY
|
||||||
|
example.com. IN NS ns.example.com.
|
||||||
|
SECTION ADDITIONAL
|
||||||
|
ns.example.com. IN A 1.2.3.4
|
||||||
|
ENTRY_END
|
||||||
|
RANGE_END
|
||||||
|
|
||||||
|
; ns.example.com.
|
||||||
|
RANGE_BEGIN 0 100
|
||||||
|
ADDRESS 1.2.3.4
|
||||||
|
ENTRY_BEGIN
|
||||||
|
MATCH opcode qtype qname
|
||||||
|
ADJUST copy_id
|
||||||
|
REPLY QR NOERROR
|
||||||
|
SECTION QUESTION
|
||||||
|
example.com. IN NS
|
||||||
|
SECTION ANSWER
|
||||||
|
example.com. IN NS ns.example.com.
|
||||||
|
SECTION ADDITIONAL
|
||||||
|
ns.example.com. IN A 1.2.3.4
|
||||||
|
ENTRY_END
|
||||||
|
|
||||||
|
ENTRY_BEGIN
|
||||||
|
MATCH opcode qtype qname
|
||||||
|
ADJUST copy_id
|
||||||
|
REPLY QR AA NOERROR
|
||||||
|
SECTION QUESTION
|
||||||
|
ns.example.com. IN AAAA
|
||||||
|
SECTION AUTHORITY
|
||||||
|
example.com. 10 IN SOA . . 15 28800 7200 604800 10
|
||||||
|
ENTRY_END
|
||||||
|
|
||||||
|
; response to A query
|
||||||
|
ENTRY_BEGIN
|
||||||
|
MATCH opcode qtype qname
|
||||||
|
ADJUST copy_id
|
||||||
|
REPLY QR NOERROR
|
||||||
|
SECTION QUESTION
|
||||||
|
example.com. IN A
|
||||||
|
SECTION ANSWER
|
||||||
|
example.com. 3600 IN A 5.6.7.8
|
||||||
|
SECTION AUTHORITY
|
||||||
|
example.com. IN NS ns.example.com.
|
||||||
|
SECTION ADDITIONAL
|
||||||
|
ns.example.com. IN A 1.2.3.4
|
||||||
|
ENTRY_END
|
||||||
|
|
||||||
|
; response to IPSECKEY query
|
||||||
|
ENTRY_BEGIN
|
||||||
|
MATCH opcode qtype qname
|
||||||
|
ADJUST copy_id
|
||||||
|
REPLY QR NOERROR
|
||||||
|
SECTION QUESTION
|
||||||
|
example.com. IN IPSECKEY
|
||||||
|
SECTION ANSWER
|
||||||
|
example.com. 3600 IN IPSECKEY 10 0 2 . AQNRU3mG7TVTO2BkR47usntb102uFJtugbo6BSGvgqt4AQ==
|
||||||
|
SECTION AUTHORITY
|
||||||
|
example.com. IN NS ns.example.com.
|
||||||
|
SECTION ADDITIONAL
|
||||||
|
ns.example.com. IN A 1.2.3.4
|
||||||
|
ENTRY_END
|
||||||
|
RANGE_END
|
||||||
|
|
||||||
|
; Query with RD flag
|
||||||
|
STEP 1 QUERY
|
||||||
|
ENTRY_BEGIN
|
||||||
|
REPLY RD
|
||||||
|
SECTION QUESTION
|
||||||
|
example.com. IN A
|
||||||
|
ENTRY_END
|
||||||
|
|
||||||
|
STEP 2 CHECK_OUT_QUERY
|
||||||
|
ENTRY_BEGIN
|
||||||
|
MATCH qname qtype opcode
|
||||||
|
SECTION QUESTION
|
||||||
|
example.com. IN IPSECKEY
|
||||||
|
ENTRY_END
|
||||||
|
|
||||||
|
STEP 10 CHECK_ANSWER
|
||||||
|
ENTRY_BEGIN
|
||||||
|
MATCH all ttl
|
||||||
|
REPLY QR RD RA NOERROR
|
||||||
|
SECTION QUESTION
|
||||||
|
example.com. IN A
|
||||||
|
SECTION ANSWER
|
||||||
|
example.com. 200 IN A 5.6.7.8
|
||||||
|
SECTION AUTHORITY
|
||||||
|
example.com. IN NS ns.example.com.
|
||||||
|
SECTION ADDITIONAL
|
||||||
|
ns.example.com. IN A 1.2.3.4
|
||||||
|
ENTRY_END
|
||||||
|
|
||||||
|
; Query without RD, check if cached and with correct TTL
|
||||||
|
STEP 11 QUERY
|
||||||
|
ENTRY_BEGIN
|
||||||
|
SECTION QUESTION
|
||||||
|
example.com. IN A
|
||||||
|
ENTRY_END
|
||||||
|
|
||||||
|
STEP 20 CHECK_ANSWER
|
||||||
|
ENTRY_BEGIN
|
||||||
|
MATCH all ttl
|
||||||
|
REPLY QR RA NOERROR
|
||||||
|
SECTION QUESTION
|
||||||
|
example.com. IN A
|
||||||
|
SECTION ANSWER
|
||||||
|
example.com. 200 IN A 5.6.7.8
|
||||||
|
SECTION AUTHORITY
|
||||||
|
example.com. IN NS ns.example.com.
|
||||||
|
SECTION ADDITIONAL
|
||||||
|
ns.example.com. IN A 1.2.3.4
|
||||||
|
ENTRY_END
|
||||||
|
|
||||||
|
; Query without RD, check if IPSECKEY cached
|
||||||
|
STEP 21 QUERY
|
||||||
|
ENTRY_BEGIN
|
||||||
|
SECTION QUESTION
|
||||||
|
example.com. IN IPSECKEY
|
||||||
|
ENTRY_END
|
||||||
|
|
||||||
|
STEP 30 CHECK_ANSWER
|
||||||
|
ENTRY_BEGIN
|
||||||
|
MATCH all
|
||||||
|
REPLY QR RA NOERROR
|
||||||
|
SECTION QUESTION
|
||||||
|
example.com. IN IPSECKEY
|
||||||
|
SECTION ANSWER
|
||||||
|
example.com. 3600 IN IPSECKEY 10 0 2 . AQNRU3mG7TVTO2BkR47usntb102uFJtugbo6BSGvgqt4AQ==
|
||||||
|
SECTION AUTHORITY
|
||||||
|
example.com. IN NS ns.example.com.
|
||||||
|
SECTION ADDITIONAL
|
||||||
|
ns.example.com. IN A 1.2.3.4
|
||||||
|
ENTRY_END
|
||||||
|
|
||||||
|
SCENARIO_END
|
217
testdata/ipsecmod_strict.crpl
vendored
Normal file
217
testdata/ipsecmod_strict.crpl
vendored
Normal file
@ -0,0 +1,217 @@
|
|||||||
|
; Test ipsecmod-strict option
|
||||||
|
|
||||||
|
; config options
|
||||||
|
server:
|
||||||
|
access-control: 127.0.0.1 allow_snoop
|
||||||
|
module-config: "ipsecmod validator iterator"
|
||||||
|
; ../../ is there because the test runs from testdata/03-testbound.dir
|
||||||
|
ipsecmod-hook: "../../testdata/ipsecmod_hook.sh"
|
||||||
|
ipsecmod-strict: yes
|
||||||
|
ipsecmod-max-ttl: 200
|
||||||
|
|
||||||
|
stub-zone:
|
||||||
|
name: "."
|
||||||
|
stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET.
|
||||||
|
CONFIG_END
|
||||||
|
|
||||||
|
SCENARIO_BEGIN Test ipsecmod-strict option
|
||||||
|
; Scenario overview:
|
||||||
|
; - query for example.com. IN A
|
||||||
|
; - check that query for example.com. IN IPSECKEY is generated
|
||||||
|
; - check that we get SERVFAIL as answer (the hook failed)
|
||||||
|
; - check that the example.com. IN A answer is not cached
|
||||||
|
; - check that the example.com. IN IPSECKEY answer is cached
|
||||||
|
|
||||||
|
; K.ROOT-SERVERS.NET.
|
||||||
|
RANGE_BEGIN 0 100
|
||||||
|
ADDRESS 193.0.14.129
|
||||||
|
ENTRY_BEGIN
|
||||||
|
MATCH opcode qtype qname
|
||||||
|
ADJUST copy_id
|
||||||
|
REPLY QR NOERROR
|
||||||
|
SECTION QUESTION
|
||||||
|
. IN NS
|
||||||
|
SECTION ANSWER
|
||||||
|
. IN NS K.ROOT-SERVERS.NET.
|
||||||
|
SECTION ADDITIONAL
|
||||||
|
K.ROOT-SERVERS.NET. IN A 193.0.14.129
|
||||||
|
ENTRY_END
|
||||||
|
|
||||||
|
ENTRY_BEGIN
|
||||||
|
MATCH opcode qtype qname
|
||||||
|
ADJUST copy_id
|
||||||
|
REPLY QR AA NOERROR
|
||||||
|
SECTION QUESTION
|
||||||
|
a.gtld-servers.net. IN AAAA
|
||||||
|
SECTION AUTHORITY
|
||||||
|
. 86400 IN SOA . . 20070304 28800 7200 604800 86400
|
||||||
|
ENTRY_END
|
||||||
|
|
||||||
|
ENTRY_BEGIN
|
||||||
|
MATCH opcode qtype qname
|
||||||
|
ADJUST copy_id
|
||||||
|
REPLY QR AA NOERROR
|
||||||
|
SECTION QUESTION
|
||||||
|
K.ROOT-SERVERS.NET. IN AAAA
|
||||||
|
SECTION AUTHORITY
|
||||||
|
. 86400 IN SOA . . 20070304 28800 7200 604800 86400
|
||||||
|
ENTRY_END
|
||||||
|
|
||||||
|
ENTRY_BEGIN
|
||||||
|
MATCH opcode subdomain
|
||||||
|
ADJUST copy_id copy_query
|
||||||
|
REPLY QR NOERROR
|
||||||
|
SECTION QUESTION
|
||||||
|
com. IN A
|
||||||
|
SECTION AUTHORITY
|
||||||
|
com. IN NS a.gtld-servers.net.
|
||||||
|
SECTION ADDITIONAL
|
||||||
|
a.gtld-servers.net. IN A 192.5.6.30
|
||||||
|
ENTRY_END
|
||||||
|
RANGE_END
|
||||||
|
|
||||||
|
; a.gtld-servers.net.
|
||||||
|
RANGE_BEGIN 0 100
|
||||||
|
ADDRESS 192.5.6.30
|
||||||
|
ENTRY_BEGIN
|
||||||
|
MATCH opcode qtype qname
|
||||||
|
ADJUST copy_id
|
||||||
|
REPLY QR NOERROR
|
||||||
|
SECTION QUESTION
|
||||||
|
com. IN NS
|
||||||
|
SECTION ANSWER
|
||||||
|
com. IN NS a.gtld-servers.net.
|
||||||
|
SECTION ADDITIONAL
|
||||||
|
a.gtld-servers.net. IN A 192.5.6.30
|
||||||
|
ENTRY_END
|
||||||
|
|
||||||
|
ENTRY_BEGIN
|
||||||
|
MATCH opcode subdomain
|
||||||
|
ADJUST copy_id copy_query
|
||||||
|
REPLY QR NOERROR
|
||||||
|
SECTION QUESTION
|
||||||
|
example.com. IN A
|
||||||
|
SECTION AUTHORITY
|
||||||
|
example.com. IN NS ns.example.com.
|
||||||
|
SECTION ADDITIONAL
|
||||||
|
ns.example.com. IN A 1.2.3.4
|
||||||
|
ENTRY_END
|
||||||
|
RANGE_END
|
||||||
|
|
||||||
|
; ns.example.com.
|
||||||
|
RANGE_BEGIN 0 100
|
||||||
|
ADDRESS 1.2.3.4
|
||||||
|
ENTRY_BEGIN
|
||||||
|
MATCH opcode qtype qname
|
||||||
|
ADJUST copy_id
|
||||||
|
REPLY QR NOERROR
|
||||||
|
SECTION QUESTION
|
||||||
|
example.com. IN NS
|
||||||
|
SECTION ANSWER
|
||||||
|
example.com. IN NS ns.example.com.
|
||||||
|
SECTION ADDITIONAL
|
||||||
|
ns.example.com. IN A 1.2.3.4
|
||||||
|
ENTRY_END
|
||||||
|
|
||||||
|
ENTRY_BEGIN
|
||||||
|
MATCH opcode qtype qname
|
||||||
|
ADJUST copy_id
|
||||||
|
REPLY QR AA NOERROR
|
||||||
|
SECTION QUESTION
|
||||||
|
ns.example.com. IN AAAA
|
||||||
|
SECTION AUTHORITY
|
||||||
|
example.com. 10 IN SOA . . 15 28800 7200 604800 10
|
||||||
|
ENTRY_END
|
||||||
|
|
||||||
|
; response to A query
|
||||||
|
ENTRY_BEGIN
|
||||||
|
MATCH opcode qtype qname
|
||||||
|
ADJUST copy_id
|
||||||
|
REPLY QR NOERROR
|
||||||
|
SECTION QUESTION
|
||||||
|
example.com. IN A
|
||||||
|
SECTION ANSWER
|
||||||
|
example.com. 3600 IN A 5.6.7.8
|
||||||
|
SECTION AUTHORITY
|
||||||
|
example.com. IN NS ns.example.com.
|
||||||
|
SECTION ADDITIONAL
|
||||||
|
ns.example.com. IN A 1.2.3.4
|
||||||
|
ENTRY_END
|
||||||
|
|
||||||
|
; response to IPSECKEY query
|
||||||
|
ENTRY_BEGIN
|
||||||
|
MATCH opcode qtype qname
|
||||||
|
ADJUST copy_id
|
||||||
|
REPLY QR NOERROR
|
||||||
|
SECTION QUESTION
|
||||||
|
example.com. IN IPSECKEY
|
||||||
|
SECTION ANSWER
|
||||||
|
example.com. 3600 IN IPSECKEY 10 0 2 . AQNRU3mG7TVTO2BkR47usntb102uFJtugbo6BSGvgqt4AQ==
|
||||||
|
SECTION AUTHORITY
|
||||||
|
example.com. IN NS ns.example.com.
|
||||||
|
SECTION ADDITIONAL
|
||||||
|
ns.example.com. IN A 1.2.3.4
|
||||||
|
ENTRY_END
|
||||||
|
RANGE_END
|
||||||
|
|
||||||
|
STEP 1 QUERY
|
||||||
|
ENTRY_BEGIN
|
||||||
|
REPLY RD
|
||||||
|
SECTION QUESTION
|
||||||
|
example.com. IN A
|
||||||
|
ENTRY_END
|
||||||
|
|
||||||
|
STEP 2 CHECK_OUT_QUERY
|
||||||
|
ENTRY_BEGIN
|
||||||
|
MATCH qname qtype opcode
|
||||||
|
SECTION QUESTION
|
||||||
|
example.com. IN IPSECKEY
|
||||||
|
ENTRY_END
|
||||||
|
|
||||||
|
STEP 10 CHECK_ANSWER
|
||||||
|
ENTRY_BEGIN
|
||||||
|
MATCH all
|
||||||
|
REPLY QR RD RA SERVFAIL
|
||||||
|
SECTION QUESTION
|
||||||
|
example.com. IN A
|
||||||
|
ENTRY_END
|
||||||
|
|
||||||
|
STEP 11 QUERY
|
||||||
|
ENTRY_BEGIN
|
||||||
|
SECTION QUESTION
|
||||||
|
example.com. IN A
|
||||||
|
ENTRY_END
|
||||||
|
|
||||||
|
STEP 20 CHECK_ANSWER
|
||||||
|
ENTRY_BEGIN
|
||||||
|
MATCH all
|
||||||
|
REPLY QR RA NOERROR
|
||||||
|
SECTION QUESTION
|
||||||
|
example.com. IN A
|
||||||
|
SECTION AUTHORITY
|
||||||
|
example.com. IN NS ns.example.com.
|
||||||
|
SECTION ADDITIONAL
|
||||||
|
ns.example.com. IN A 1.2.3.4
|
||||||
|
ENTRY_END
|
||||||
|
|
||||||
|
STEP 21 QUERY
|
||||||
|
ENTRY_BEGIN
|
||||||
|
SECTION QUESTION
|
||||||
|
example.com. IN IPSECKEY
|
||||||
|
ENTRY_END
|
||||||
|
|
||||||
|
STEP 30 CHECK_ANSWER
|
||||||
|
ENTRY_BEGIN
|
||||||
|
MATCH all
|
||||||
|
REPLY QR RA NOERROR
|
||||||
|
SECTION QUESTION
|
||||||
|
example.com. IN IPSECKEY
|
||||||
|
SECTION ANSWER
|
||||||
|
example.com. 3600 IN IPSECKEY 10 0 2 . AQNRU3mG7TVTO2BkR47usntb102uFJtugbo6BSGvgqt4AQ==
|
||||||
|
SECTION AUTHORITY
|
||||||
|
example.com. IN NS ns.example.com.
|
||||||
|
SECTION ADDITIONAL
|
||||||
|
ns.example.com. IN A 1.2.3.4
|
||||||
|
ENTRY_END
|
||||||
|
|
||||||
|
SCENARIO_END
|
294
testdata/ipsecmod_whitelist.crpl
vendored
Normal file
294
testdata/ipsecmod_whitelist.crpl
vendored
Normal file
@ -0,0 +1,294 @@
|
|||||||
|
; Test ipsecmod-whitelist option.
|
||||||
|
|
||||||
|
; config options
|
||||||
|
server:
|
||||||
|
access-control: 127.0.0.1 allow_snoop
|
||||||
|
module-config: "ipsecmod validator iterator"
|
||||||
|
; ../../ is there because the test runs from testdata/03-testbound.dir
|
||||||
|
ipsecmod-hook: "../../testdata/ipsecmod_hook.sh"
|
||||||
|
ipsecmod-strict: no
|
||||||
|
ipsecmod-max-ttl: 200
|
||||||
|
ipsecmod-whitelist: white.example.com
|
||||||
|
|
||||||
|
stub-zone:
|
||||||
|
name: "."
|
||||||
|
stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET.
|
||||||
|
CONFIG_END
|
||||||
|
|
||||||
|
SCENARIO_BEGIN Test ipsecmod-whitelist option
|
||||||
|
; Scenario overview:
|
||||||
|
; - query for black.example.com. IN A
|
||||||
|
; - check that we get an answer for black.example.com. IN A with the correct TTL
|
||||||
|
; - check that an answer for black.example.com. IN IPSECKEY is not cached (not given)
|
||||||
|
; - query for white.example.com. IN A
|
||||||
|
; - check that query for white.example.com. IN IPSECKEY is generated
|
||||||
|
; - check that we get an answer for white.example.com. IN A with the correct TTL
|
||||||
|
; - check that the get the same answer from cache
|
||||||
|
; - check that we get the IPSECKEY answer from cache
|
||||||
|
|
||||||
|
; K.ROOT-SERVERS.NET.
|
||||||
|
RANGE_BEGIN 0 100
|
||||||
|
ADDRESS 193.0.14.129
|
||||||
|
ENTRY_BEGIN
|
||||||
|
MATCH opcode qtype qname
|
||||||
|
ADJUST copy_id
|
||||||
|
REPLY QR NOERROR
|
||||||
|
SECTION QUESTION
|
||||||
|
. IN NS
|
||||||
|
SECTION ANSWER
|
||||||
|
. IN NS K.ROOT-SERVERS.NET.
|
||||||
|
SECTION ADDITIONAL
|
||||||
|
K.ROOT-SERVERS.NET. IN A 193.0.14.129
|
||||||
|
ENTRY_END
|
||||||
|
|
||||||
|
ENTRY_BEGIN
|
||||||
|
MATCH opcode qtype qname
|
||||||
|
ADJUST copy_id
|
||||||
|
REPLY QR AA NOERROR
|
||||||
|
SECTION QUESTION
|
||||||
|
a.gtld-servers.net. IN AAAA
|
||||||
|
SECTION AUTHORITY
|
||||||
|
. 86400 IN SOA . . 20070304 28800 7200 604800 86400
|
||||||
|
ENTRY_END
|
||||||
|
|
||||||
|
ENTRY_BEGIN
|
||||||
|
MATCH opcode qtype qname
|
||||||
|
ADJUST copy_id
|
||||||
|
REPLY QR AA NOERROR
|
||||||
|
SECTION QUESTION
|
||||||
|
K.ROOT-SERVERS.NET. IN AAAA
|
||||||
|
SECTION AUTHORITY
|
||||||
|
. 86400 IN SOA . . 20070304 28800 7200 604800 86400
|
||||||
|
ENTRY_END
|
||||||
|
|
||||||
|
ENTRY_BEGIN
|
||||||
|
MATCH opcode subdomain
|
||||||
|
ADJUST copy_id copy_query
|
||||||
|
REPLY QR NOERROR
|
||||||
|
SECTION QUESTION
|
||||||
|
com. IN A
|
||||||
|
SECTION AUTHORITY
|
||||||
|
com. IN NS a.gtld-servers.net.
|
||||||
|
SECTION ADDITIONAL
|
||||||
|
a.gtld-servers.net. IN A 192.5.6.30
|
||||||
|
ENTRY_END
|
||||||
|
RANGE_END
|
||||||
|
|
||||||
|
; a.gtld-servers.net.
|
||||||
|
RANGE_BEGIN 0 100
|
||||||
|
ADDRESS 192.5.6.30
|
||||||
|
ENTRY_BEGIN
|
||||||
|
MATCH opcode qtype qname
|
||||||
|
ADJUST copy_id
|
||||||
|
REPLY QR NOERROR
|
||||||
|
SECTION QUESTION
|
||||||
|
com. IN NS
|
||||||
|
SECTION ANSWER
|
||||||
|
com. IN NS a.gtld-servers.net.
|
||||||
|
SECTION ADDITIONAL
|
||||||
|
a.gtld-servers.net. IN A 192.5.6.30
|
||||||
|
ENTRY_END
|
||||||
|
|
||||||
|
ENTRY_BEGIN
|
||||||
|
MATCH opcode subdomain
|
||||||
|
ADJUST copy_id copy_query
|
||||||
|
REPLY QR NOERROR
|
||||||
|
SECTION QUESTION
|
||||||
|
example.com. IN A
|
||||||
|
SECTION AUTHORITY
|
||||||
|
example.com. IN NS ns.example.com.
|
||||||
|
SECTION ADDITIONAL
|
||||||
|
ns.example.com. IN A 1.2.3.4
|
||||||
|
ENTRY_END
|
||||||
|
RANGE_END
|
||||||
|
|
||||||
|
; ns.example.com.
|
||||||
|
RANGE_BEGIN 0 100
|
||||||
|
ADDRESS 1.2.3.4
|
||||||
|
ENTRY_BEGIN
|
||||||
|
MATCH opcode qtype qname
|
||||||
|
ADJUST copy_id
|
||||||
|
REPLY QR NOERROR
|
||||||
|
SECTION QUESTION
|
||||||
|
example.com. IN NS
|
||||||
|
SECTION ANSWER
|
||||||
|
example.com. IN NS ns.example.com.
|
||||||
|
SECTION ADDITIONAL
|
||||||
|
ns.example.com. IN A 1.2.3.4
|
||||||
|
ENTRY_END
|
||||||
|
|
||||||
|
ENTRY_BEGIN
|
||||||
|
MATCH opcode qtype qname
|
||||||
|
ADJUST copy_id
|
||||||
|
REPLY QR AA NOERROR
|
||||||
|
SECTION QUESTION
|
||||||
|
ns.example.com. IN AAAA
|
||||||
|
SECTION AUTHORITY
|
||||||
|
example.com. 10 IN SOA . . 15 28800 7200 604800 10
|
||||||
|
ENTRY_END
|
||||||
|
|
||||||
|
ENTRY_BEGIN
|
||||||
|
MATCH opcode qtype qname
|
||||||
|
ADJUST copy_id
|
||||||
|
REPLY QR NOERROR
|
||||||
|
SECTION QUESTION
|
||||||
|
white.example.com. IN A
|
||||||
|
SECTION ANSWER
|
||||||
|
white.example.com. 3600 IN A 5.6.7.8
|
||||||
|
SECTION AUTHORITY
|
||||||
|
example.com. IN NS ns.example.com.
|
||||||
|
SECTION ADDITIONAL
|
||||||
|
ns.example.com. IN A 1.2.3.4
|
||||||
|
ENTRY_END
|
||||||
|
|
||||||
|
ENTRY_BEGIN
|
||||||
|
MATCH opcode qtype qname
|
||||||
|
ADJUST copy_id
|
||||||
|
REPLY QR NOERROR
|
||||||
|
SECTION QUESTION
|
||||||
|
white.example.com. IN IPSECKEY
|
||||||
|
SECTION ANSWER
|
||||||
|
white.example.com. 3600 IN IPSECKEY 10 0 2 . AQNRU3mG7TVTO2BkR47usntb102uFJtugbo6BSGvgqt4AQ==
|
||||||
|
SECTION AUTHORITY
|
||||||
|
example.com. IN NS ns.example.com.
|
||||||
|
SECTION ADDITIONAL
|
||||||
|
ns.example.com. IN A 1.2.3.4
|
||||||
|
ENTRY_END
|
||||||
|
|
||||||
|
ENTRY_BEGIN
|
||||||
|
MATCH opcode qtype qname
|
||||||
|
ADJUST copy_id
|
||||||
|
REPLY QR NOERROR
|
||||||
|
SECTION QUESTION
|
||||||
|
black.example.com. IN A
|
||||||
|
SECTION ANSWER
|
||||||
|
black.example.com. 3600 IN A 5.6.7.8
|
||||||
|
SECTION AUTHORITY
|
||||||
|
example.com. IN NS ns.example.com.
|
||||||
|
SECTION ADDITIONAL
|
||||||
|
ns.example.com. IN A 1.2.3.4
|
||||||
|
ENTRY_END
|
||||||
|
|
||||||
|
ENTRY_BEGIN
|
||||||
|
MATCH opcode qtype qname
|
||||||
|
ADJUST copy_id
|
||||||
|
REPLY QR NOERROR
|
||||||
|
SECTION QUESTION
|
||||||
|
black.example.com. IN IPSECKEY
|
||||||
|
SECTION ANSWER
|
||||||
|
black.example.com. 3600 IN IPSECKEY 10 0 2 . AQNRU3mG7TVTO2BkR47usntb102uFJtugbo6BSGvgqt4AQ==
|
||||||
|
SECTION AUTHORITY
|
||||||
|
example.com. IN NS ns.example.com.
|
||||||
|
SECTION ADDITIONAL
|
||||||
|
ns.example.com. IN A 1.2.3.4
|
||||||
|
ENTRY_END
|
||||||
|
RANGE_END
|
||||||
|
|
||||||
|
STEP 1 QUERY
|
||||||
|
ENTRY_BEGIN
|
||||||
|
REPLY RD
|
||||||
|
SECTION QUESTION
|
||||||
|
black.example.com. IN A
|
||||||
|
ENTRY_END
|
||||||
|
|
||||||
|
STEP 10 CHECK_ANSWER
|
||||||
|
ENTRY_BEGIN
|
||||||
|
MATCH all ttl
|
||||||
|
REPLY QR RD RA NOERROR
|
||||||
|
SECTION QUESTION
|
||||||
|
black.example.com. IN A
|
||||||
|
SECTION ANSWER
|
||||||
|
black.example.com. 3600 IN A 5.6.7.8
|
||||||
|
SECTION AUTHORITY
|
||||||
|
example.com. IN NS ns.example.com.
|
||||||
|
SECTION ADDITIONAL
|
||||||
|
ns.example.com. IN A 1.2.3.4
|
||||||
|
ENTRY_END
|
||||||
|
|
||||||
|
STEP 11 QUERY
|
||||||
|
ENTRY_BEGIN
|
||||||
|
SECTION QUESTION
|
||||||
|
black.example.com. IN IPSECKEY
|
||||||
|
ENTRY_END
|
||||||
|
|
||||||
|
STEP 12 CHECK_ANSWER
|
||||||
|
ENTRY_BEGIN
|
||||||
|
MATCH all
|
||||||
|
REPLY QR RA NOERROR
|
||||||
|
SECTION QUESTION
|
||||||
|
black.example.com. IN IPSECKEY
|
||||||
|
SECTION AUTHORITY
|
||||||
|
example.com. IN NS ns.example.com.
|
||||||
|
SECTION ADDITIONAL
|
||||||
|
ns.example.com. IN A 1.2.3.4
|
||||||
|
ENTRY_END
|
||||||
|
|
||||||
|
STEP 20 QUERY
|
||||||
|
ENTRY_BEGIN
|
||||||
|
REPLY RD
|
||||||
|
SECTION QUESTION
|
||||||
|
white.example.com. IN A
|
||||||
|
ENTRY_END
|
||||||
|
|
||||||
|
STEP 21 CHECK_OUT_QUERY
|
||||||
|
ENTRY_BEGIN
|
||||||
|
MATCH qname qtype opcode
|
||||||
|
SECTION QUESTION
|
||||||
|
white.example.com. IN IPSECKEY
|
||||||
|
ENTRY_END
|
||||||
|
|
||||||
|
STEP 30 CHECK_ANSWER
|
||||||
|
ENTRY_BEGIN
|
||||||
|
MATCH all ttl
|
||||||
|
REPLY QR RD RA NOERROR
|
||||||
|
SECTION QUESTION
|
||||||
|
white.example.com. IN A
|
||||||
|
SECTION ANSWER
|
||||||
|
white.example.com. 200 IN A 5.6.7.8
|
||||||
|
SECTION AUTHORITY
|
||||||
|
example.com. IN NS ns.example.com.
|
||||||
|
SECTION ADDITIONAL
|
||||||
|
ns.example.com. IN A 1.2.3.4
|
||||||
|
ENTRY_END
|
||||||
|
|
||||||
|
STEP 31 QUERY
|
||||||
|
ENTRY_BEGIN
|
||||||
|
SECTION QUESTION
|
||||||
|
white.example.com. IN A
|
||||||
|
ENTRY_END
|
||||||
|
|
||||||
|
STEP 40 CHECK_ANSWER
|
||||||
|
ENTRY_BEGIN
|
||||||
|
MATCH all ttl
|
||||||
|
REPLY QR RA NOERROR
|
||||||
|
SECTION QUESTION
|
||||||
|
white.example.com. IN A
|
||||||
|
SECTION ANSWER
|
||||||
|
white.example.com. 200 IN A 5.6.7.8
|
||||||
|
SECTION AUTHORITY
|
||||||
|
example.com. IN NS ns.example.com.
|
||||||
|
SECTION ADDITIONAL
|
||||||
|
ns.example.com. IN A 1.2.3.4
|
||||||
|
ENTRY_END
|
||||||
|
|
||||||
|
STEP 41 QUERY
|
||||||
|
ENTRY_BEGIN
|
||||||
|
SECTION QUESTION
|
||||||
|
white.example.com. IN IPSECKEY
|
||||||
|
ENTRY_END
|
||||||
|
|
||||||
|
STEP 50 CHECK_ANSWER
|
||||||
|
ENTRY_BEGIN
|
||||||
|
MATCH all
|
||||||
|
REPLY QR RA NOERROR
|
||||||
|
SECTION QUESTION
|
||||||
|
white.example.com. IN IPSECKEY
|
||||||
|
SECTION ANSWER
|
||||||
|
white.example.com. 3600 IN IPSECKEY 10 0 2 . AQNRU3mG7TVTO2BkR47usntb102uFJtugbo6BSGvgqt4AQ==
|
||||||
|
SECTION AUTHORITY
|
||||||
|
example.com. IN NS ns.example.com.
|
||||||
|
SECTION ADDITIONAL
|
||||||
|
ns.example.com. IN A 1.2.3.4
|
||||||
|
ENTRY_END
|
||||||
|
|
||||||
|
SCENARIO_END
|
220
testdata/iter_stub_leak.rpl
vendored
Normal file
220
testdata/iter_stub_leak.rpl
vendored
Normal file
@ -0,0 +1,220 @@
|
|||||||
|
; config options
|
||||||
|
server:
|
||||||
|
target-fetch-policy: "0 0 0 0 0"
|
||||||
|
|
||||||
|
stub-zone:
|
||||||
|
name: "."
|
||||||
|
stub-addr: 193.0.14.129
|
||||||
|
stub-zone:
|
||||||
|
name: "example.com"
|
||||||
|
stub-addr: 10.0.1.1
|
||||||
|
stub-zone:
|
||||||
|
name: "example.net"
|
||||||
|
stub-addr: 10.0.5.1
|
||||||
|
CONFIG_END
|
||||||
|
|
||||||
|
SCENARIO_BEGIN Test stub zone leaking to the internet on last resort fallback
|
||||||
|
|
||||||
|
; root server
|
||||||
|
RANGE_BEGIN 0 100
|
||||||
|
ADDRESS 193.0.14.129
|
||||||
|
|
||||||
|
; root prime
|
||||||
|
ENTRY_BEGIN
|
||||||
|
MATCH qname qtype
|
||||||
|
ADJUST copy_id copy_query
|
||||||
|
REPLY QR NOERROR
|
||||||
|
SECTION QUESTION
|
||||||
|
. IN NS
|
||||||
|
SECTION ANSWER
|
||||||
|
. IN NS k.root-servers.net.
|
||||||
|
SECTION ADDITIONAL
|
||||||
|
k.root-servers.net. IN A 193.0.14.129
|
||||||
|
ENTRY_END
|
||||||
|
|
||||||
|
RANGE_END
|
||||||
|
|
||||||
|
; stub server for example.com
|
||||||
|
RANGE_BEGIN 0 100
|
||||||
|
ADDRESS 10.0.1.1
|
||||||
|
|
||||||
|
; subzone is delegated
|
||||||
|
ENTRY_BEGIN
|
||||||
|
MATCH opcode subdomain
|
||||||
|
ADJUST copy_id copy_query
|
||||||
|
REPLY QR NOERROR
|
||||||
|
SECTION QUESTION
|
||||||
|
subzone.example.com. IN A
|
||||||
|
SECTION AUTHORITY
|
||||||
|
subzone.example.com. IN NS sub-ns1.example.com.
|
||||||
|
subzone.example.com. IN NS sub-ns2.example.com.
|
||||||
|
subzone.example.com. IN NS example.net.
|
||||||
|
SECTION ADDITIONAL
|
||||||
|
sub-ns1.example.com. IN A 10.0.2.3
|
||||||
|
sub-ns2.example.com. IN A 10.0.2.4
|
||||||
|
ENTRY_END
|
||||||
|
|
||||||
|
ENTRY_BEGIN
|
||||||
|
MATCH opcode question
|
||||||
|
ADJUST copy_id copy_query
|
||||||
|
REPLY QR AA NOERROR
|
||||||
|
SECTION QUESTION
|
||||||
|
sub-ns1.example.com. IN A
|
||||||
|
SECTION ANSWER
|
||||||
|
sub-ns1.example.com. IN A 10.0.2.3
|
||||||
|
ENTRY_END
|
||||||
|
|
||||||
|
ENTRY_BEGIN
|
||||||
|
MATCH opcode question
|
||||||
|
ADJUST copy_id copy_query
|
||||||
|
REPLY QR AA NOERROR
|
||||||
|
SECTION QUESTION
|
||||||
|
sub-ns2.example.com. IN A
|
||||||
|
SECTION ANSWER
|
||||||
|
sub-ns2.example.com. IN A 10.0.2.4
|
||||||
|
ENTRY_END
|
||||||
|
|
||||||
|
ENTRY_BEGIN
|
||||||
|
MATCH opcode question
|
||||||
|
ADJUST copy_id copy_query
|
||||||
|
REPLY QR AA NOERROR
|
||||||
|
SECTION QUESTION
|
||||||
|
sub-ns1.example.com. IN AAAA
|
||||||
|
SECTION AUTHORITY
|
||||||
|
example.com. 300 SOA master.example.com etc 1 2 3 4 300
|
||||||
|
ENTRY_END
|
||||||
|
|
||||||
|
ENTRY_BEGIN
|
||||||
|
MATCH opcode question
|
||||||
|
ADJUST copy_id copy_query
|
||||||
|
REPLY QR AA NOERROR
|
||||||
|
SECTION QUESTION
|
||||||
|
sub-ns2.example.com. IN AAAA
|
||||||
|
SECTION AUTHORITY
|
||||||
|
example.com. 300 SOA master.example.com etc 1 2 3 4 300
|
||||||
|
ENTRY_END
|
||||||
|
|
||||||
|
RANGE_END
|
||||||
|
|
||||||
|
; stub server for example.net
|
||||||
|
RANGE_BEGIN 0 100
|
||||||
|
ADDRESS 10.0.5.1
|
||||||
|
|
||||||
|
ENTRY_BEGIN
|
||||||
|
MATCH opcode question
|
||||||
|
ADJUST copy_id copy_query
|
||||||
|
REPLY QR AA NOERROR
|
||||||
|
SECTION QUESTION
|
||||||
|
example.net. IN NS
|
||||||
|
SECTION ANSWER
|
||||||
|
example.net. IN NS ns.example.net.
|
||||||
|
SECTION ADDITIONAL
|
||||||
|
ns.example.net. IN A 10.0.5.1
|
||||||
|
ENTRY_END
|
||||||
|
|
||||||
|
ENTRY_BEGIN
|
||||||
|
MATCH opcode question
|
||||||
|
ADJUST copy_id copy_query
|
||||||
|
REPLY QR AA NOERROR
|
||||||
|
SECTION QUESTION
|
||||||
|
example.net. IN A
|
||||||
|
SECTION ANSWER
|
||||||
|
example.net. IN A 10.0.5.4
|
||||||
|
ENTRY_END
|
||||||
|
|
||||||
|
ENTRY_BEGIN
|
||||||
|
MATCH opcode question
|
||||||
|
ADJUST copy_id copy_query
|
||||||
|
REPLY QR AA NOERROR
|
||||||
|
SECTION QUESTION
|
||||||
|
example.net. IN AAAA
|
||||||
|
SECTION AUTHORITY
|
||||||
|
example.net. 300 SOA master.example.net etc 1 2 3 4 300
|
||||||
|
ENTRY_END
|
||||||
|
|
||||||
|
RANGE_END
|
||||||
|
|
||||||
|
; stub server for subzone.example.com
|
||||||
|
RANGE_BEGIN 0 100
|
||||||
|
ADDRESS 10.0.2.3
|
||||||
|
; match anything, servfail
|
||||||
|
ENTRY_BEGIN
|
||||||
|
MATCH opcode
|
||||||
|
ADJUST copy_id copy_query
|
||||||
|
REPLY QR SERVFAIL
|
||||||
|
SECTION QUESTION
|
||||||
|
subzone.example.com. IN A
|
||||||
|
SECTION ANSWER
|
||||||
|
ENTRY_END
|
||||||
|
RANGE_END
|
||||||
|
|
||||||
|
; stub server for subzone.example.com
|
||||||
|
RANGE_BEGIN 0 100
|
||||||
|
ADDRESS 10.0.2.4
|
||||||
|
; match anything, servfail
|
||||||
|
ENTRY_BEGIN
|
||||||
|
MATCH opcode
|
||||||
|
ADJUST copy_id copy_query
|
||||||
|
REPLY QR SERVFAIL
|
||||||
|
SECTION QUESTION
|
||||||
|
subzone.example.com. IN A
|
||||||
|
SECTION ANSWER
|
||||||
|
ENTRY_END
|
||||||
|
RANGE_END
|
||||||
|
|
||||||
|
; stub server for subzone.example.com
|
||||||
|
RANGE_BEGIN 0 100
|
||||||
|
ADDRESS 10.0.5.4
|
||||||
|
; match anything, servfail
|
||||||
|
ENTRY_BEGIN
|
||||||
|
MATCH opcode
|
||||||
|
ADJUST copy_id copy_query
|
||||||
|
REPLY QR SERVFAIL
|
||||||
|
SECTION QUESTION
|
||||||
|
subzone.example.com. IN A
|
||||||
|
SECTION ANSWER
|
||||||
|
ENTRY_END
|
||||||
|
RANGE_END
|
||||||
|
|
||||||
|
|
||||||
|
; fetch the delegation point for example.net in cache.
|
||||||
|
STEP 1 QUERY
|
||||||
|
ENTRY_BEGIN
|
||||||
|
REPLY RD
|
||||||
|
SECTION QUESTION
|
||||||
|
example.net. IN NS
|
||||||
|
ENTRY_END
|
||||||
|
|
||||||
|
; recursion happens here.
|
||||||
|
STEP 10 CHECK_ANSWER
|
||||||
|
ENTRY_BEGIN
|
||||||
|
MATCH all
|
||||||
|
REPLY QR RD RA NOERROR
|
||||||
|
SECTION QUESTION
|
||||||
|
example.net. IN NS
|
||||||
|
SECTION ANSWER
|
||||||
|
example.net. IN NS ns.example.net.
|
||||||
|
SECTION ADDITIONAL
|
||||||
|
ns.example.net. IN A 10.0.5.1
|
||||||
|
ENTRY_END
|
||||||
|
|
||||||
|
STEP 20 QUERY
|
||||||
|
ENTRY_BEGIN
|
||||||
|
REPLY RD
|
||||||
|
SECTION QUESTION
|
||||||
|
whatever.subzone.example.com. IN A
|
||||||
|
ENTRY_END
|
||||||
|
|
||||||
|
; recursion happens here.
|
||||||
|
; the query should not leak subzone ns queries to the internet
|
||||||
|
STEP 30 CHECK_ANSWER
|
||||||
|
ENTRY_BEGIN
|
||||||
|
MATCH all
|
||||||
|
REPLY QR RD RA SERVFAIL
|
||||||
|
SECTION QUESTION
|
||||||
|
whatever.subzone.example.com. IN A
|
||||||
|
SECTION ANSWER
|
||||||
|
SECTION AUTHORITY
|
||||||
|
ENTRY_END
|
||||||
|
|
||||||
|
SCENARIO_END
|
231
testdata/subnet_max_source.crpl
vendored
Normal file
231
testdata/subnet_max_source.crpl
vendored
Normal file
@ -0,0 +1,231 @@
|
|||||||
|
; When the triggering query includes ECS option, source prefix-length should
|
||||||
|
; be set to the shorter of the incoming query or server maximum cacheable prefix
|
||||||
|
; length
|
||||||
|
|
||||||
|
server:
|
||||||
|
val-override-date: "20070916134226"
|
||||||
|
target-fetch-policy: "0 0 0 0 0"
|
||||||
|
send-client-subnet: 1.2.3.4
|
||||||
|
max-client-subnet-ipv4: 17
|
||||||
|
module-config: "subnetcache validator iterator"
|
||||||
|
verbosity: 3
|
||||||
|
|
||||||
|
stub-zone:
|
||||||
|
name: "."
|
||||||
|
stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET.
|
||||||
|
CONFIG_END
|
||||||
|
|
||||||
|
SCENARIO_BEGIN Test shortest source prefix-length
|
||||||
|
|
||||||
|
; K.ROOT-SERVERS.NET.
|
||||||
|
RANGE_BEGIN 0 100
|
||||||
|
ADDRESS 193.0.14.129
|
||||||
|
ENTRY_BEGIN
|
||||||
|
MATCH opcode qtype qname ednsdata
|
||||||
|
ADJUST copy_id
|
||||||
|
REPLY QR NOERROR
|
||||||
|
SECTION QUESTION
|
||||||
|
. IN NS
|
||||||
|
SECTION ANSWER
|
||||||
|
. IN NS K.ROOT-SERVERS.NET.
|
||||||
|
SECTION ADDITIONAL
|
||||||
|
HEX_EDNSDATA_BEGIN
|
||||||
|
;; we expect to receive empty
|
||||||
|
HEX_EDNSDATA_END
|
||||||
|
K.ROOT-SERVERS.NET. IN A 193.0.14.129
|
||||||
|
ENTRY_END
|
||||||
|
|
||||||
|
ENTRY_BEGIN
|
||||||
|
MATCH opcode qtype qname
|
||||||
|
ADJUST copy_id
|
||||||
|
REPLY QR NOERROR
|
||||||
|
SECTION QUESTION
|
||||||
|
www.example.com. IN A
|
||||||
|
SECTION AUTHORITY
|
||||||
|
com. IN NS a.gtld-servers.net.
|
||||||
|
SECTION ADDITIONAL
|
||||||
|
a.gtld-servers.net. IN A 192.5.6.30
|
||||||
|
ENTRY_END
|
||||||
|
RANGE_END
|
||||||
|
|
||||||
|
; a.gtld-servers.net.
|
||||||
|
RANGE_BEGIN 0 100
|
||||||
|
ADDRESS 192.5.6.30
|
||||||
|
ENTRY_BEGIN
|
||||||
|
MATCH opcode qtype qname ednsdata
|
||||||
|
ADJUST copy_id
|
||||||
|
REPLY QR NOERROR
|
||||||
|
SECTION QUESTION
|
||||||
|
com. IN NS
|
||||||
|
SECTION ANSWER
|
||||||
|
com. IN NS a.gtld-servers.net.
|
||||||
|
SECTION ADDITIONAL
|
||||||
|
HEX_EDNSDATA_BEGIN
|
||||||
|
;; we expect to receive empty
|
||||||
|
HEX_EDNSDATA_END
|
||||||
|
a.gtld-servers.net. IN A 192.5.6.30
|
||||||
|
ENTRY_END
|
||||||
|
|
||||||
|
ENTRY_BEGIN
|
||||||
|
MATCH opcode qtype qname
|
||||||
|
ADJUST copy_id
|
||||||
|
REPLY QR NOERROR
|
||||||
|
SECTION QUESTION
|
||||||
|
www.example.com. IN A
|
||||||
|
SECTION AUTHORITY
|
||||||
|
example.com. IN NS ns.example.com.
|
||||||
|
SECTION ADDITIONAL
|
||||||
|
ns.example.com. IN A 1.2.3.4
|
||||||
|
ENTRY_END
|
||||||
|
RANGE_END
|
||||||
|
|
||||||
|
; ns.example.com.
|
||||||
|
RANGE_BEGIN 0 100
|
||||||
|
ADDRESS 1.2.3.4
|
||||||
|
ENTRY_BEGIN
|
||||||
|
MATCH opcode qtype qname ednsdata
|
||||||
|
ADJUST copy_id copy_ednsdata_assume_clientsubnet
|
||||||
|
REPLY QR NOERROR
|
||||||
|
SECTION QUESTION
|
||||||
|
example.com. IN NS
|
||||||
|
SECTION ANSWER
|
||||||
|
example.com. IN NS ns.example.com.
|
||||||
|
SECTION ADDITIONAL
|
||||||
|
HEX_EDNSDATA_BEGIN
|
||||||
|
;; we expect to receive empty
|
||||||
|
HEX_EDNSDATA_END
|
||||||
|
ns.example.com. IN A 1.2.3.4
|
||||||
|
ENTRY_END
|
||||||
|
|
||||||
|
; response to query of interest
|
||||||
|
ENTRY_BEGIN
|
||||||
|
MATCH opcode qtype qname ednsdata
|
||||||
|
ADJUST copy_id copy_ednsdata_assume_clientsubnet
|
||||||
|
REPLY QR NOERROR
|
||||||
|
SECTION QUESTION
|
||||||
|
www.example.com. IN A
|
||||||
|
SECTION ANSWER
|
||||||
|
www.example.com. IN A 10.20.30.40
|
||||||
|
SECTION AUTHORITY
|
||||||
|
example.com. IN NS ns.example.com.
|
||||||
|
SECTION ADDITIONAL
|
||||||
|
HEX_EDNSDATA_BEGIN
|
||||||
|
; client is 127.0.0.1
|
||||||
|
00 08 ; OPC
|
||||||
|
00 06 ; option length
|
||||||
|
00 01 ; Family
|
||||||
|
10 00 ; source mask, scopemask
|
||||||
|
7f 00 ; address
|
||||||
|
HEX_EDNSDATA_END
|
||||||
|
ns.example.com. IN A 1.2.3.4
|
||||||
|
ENTRY_END
|
||||||
|
|
||||||
|
; client send /18, we expect /17
|
||||||
|
ENTRY_BEGIN
|
||||||
|
MATCH opcode qtype qname ednsdata
|
||||||
|
ADJUST copy_id copy_ednsdata_assume_clientsubnet
|
||||||
|
REPLY QR NOERROR
|
||||||
|
SECTION QUESTION
|
||||||
|
www.example.com. IN A
|
||||||
|
SECTION ANSWER
|
||||||
|
www.example.com. IN A 10.20.30.50
|
||||||
|
SECTION AUTHORITY
|
||||||
|
example.com. IN NS ns.example.com.
|
||||||
|
SECTION ADDITIONAL
|
||||||
|
HEX_EDNSDATA_BEGIN
|
||||||
|
; client is 127.1.0.1
|
||||||
|
00 08 ; OPC
|
||||||
|
00 07 ; option length
|
||||||
|
00 01 ; Family
|
||||||
|
11 00 ; source mask, scopemask
|
||||||
|
7f 01 00 ; address
|
||||||
|
HEX_EDNSDATA_END
|
||||||
|
ns.example.com. IN A 1.2.3.4
|
||||||
|
ENTRY_END
|
||||||
|
|
||||||
|
RANGE_END
|
||||||
|
|
||||||
|
STEP 1 QUERY
|
||||||
|
ENTRY_BEGIN
|
||||||
|
HEX_ANSWER_BEGIN;
|
||||||
|
00 00 01 00 00 01 00 00 ;ID 0
|
||||||
|
00 00 00 01 03 77 77 77 ; www.example.com A? (DO)
|
||||||
|
07 65 78 61 6d 70 6c 65
|
||||||
|
03 63 6f 6d 00 00 01 00
|
||||||
|
01 00 00 29 10 00 00 00
|
||||||
|
80 00 00 0a
|
||||||
|
|
||||||
|
00 08 00 06 ; OPC, optlen
|
||||||
|
00 01 10 00 ; ip4, scope 16, source 0
|
||||||
|
7f 00 ;127.0.0.0/16
|
||||||
|
HEX_ANSWER_END
|
||||||
|
ENTRY_END
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
; recursion happens here.
|
||||||
|
STEP 10 CHECK_ANSWER
|
||||||
|
ENTRY_BEGIN
|
||||||
|
MATCH all ednsdata
|
||||||
|
REPLY QR RD RA NOERROR
|
||||||
|
SECTION QUESTION
|
||||||
|
www.example.com. IN A
|
||||||
|
SECTION ANSWER
|
||||||
|
www.example.com. IN A 10.20.30.40
|
||||||
|
SECTION AUTHORITY
|
||||||
|
example.com. IN NS ns.example.com.
|
||||||
|
SECTION ADDITIONAL
|
||||||
|
HEX_EDNSDATA_BEGIN
|
||||||
|
; client is 127.0.0.1
|
||||||
|
00 08 ; OPC
|
||||||
|
00 06 ; option length
|
||||||
|
00 01 ; Family
|
||||||
|
10 10 ; source mask, scopemask
|
||||||
|
7f 00 ; address
|
||||||
|
HEX_EDNSDATA_END
|
||||||
|
ns.example.com. IN A 1.2.3.4
|
||||||
|
ENTRY_END
|
||||||
|
|
||||||
|
STEP 11 QUERY
|
||||||
|
ENTRY_BEGIN
|
||||||
|
HEX_ANSWER_BEGIN;
|
||||||
|
00 00 01 00 00 01 00 00 ;ID 0
|
||||||
|
00 00 00 01 03 77 77 77 ; www.example.com A? (DO)
|
||||||
|
07 65 78 61 6d 70 6c 65
|
||||||
|
03 63 6f 6d 00 00 01 00
|
||||||
|
01 00 00 29 10 00 00 00
|
||||||
|
80 00 00 0b
|
||||||
|
|
||||||
|
00 08 00 07 ; OPC, optlen
|
||||||
|
00 01 12 00 ; ip4, scope 18, source 0
|
||||||
|
7f 01 00 ;127.1.0.0/18
|
||||||
|
HEX_ANSWER_END
|
||||||
|
ENTRY_END
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
; recursion happens here.
|
||||||
|
STEP 20 CHECK_ANSWER
|
||||||
|
ENTRY_BEGIN
|
||||||
|
MATCH all ednsdata
|
||||||
|
REPLY QR RD RA NOERROR
|
||||||
|
SECTION QUESTION
|
||||||
|
www.example.com. IN A
|
||||||
|
SECTION ANSWER
|
||||||
|
www.example.com. IN A 10.20.30.50
|
||||||
|
SECTION AUTHORITY
|
||||||
|
example.com. IN NS ns.example.com.
|
||||||
|
SECTION ADDITIONAL
|
||||||
|
HEX_EDNSDATA_BEGIN
|
||||||
|
; client is 127.1.0.1
|
||||||
|
00 08 ; OPC
|
||||||
|
00 07 ; option length
|
||||||
|
00 01 ; Family
|
||||||
|
12 11 ; source mask, scopemask
|
||||||
|
7f 01 00 ; address
|
||||||
|
HEX_EDNSDATA_END
|
||||||
|
ns.example.com. IN A 1.2.3.4
|
||||||
|
ENTRY_END
|
||||||
|
|
||||||
|
|
||||||
|
SCENARIO_END
|
6
testdata/test_ldnsrr.5
vendored
6
testdata/test_ldnsrr.5
vendored
@ -145,3 +145,9 @@ txt6 IN TXT ("v=DKIM1; k=rsa; g=*; s=email; h=sha1; t=s; p=MIGfMA
|
|||||||
|
|
||||||
example.com. 3600 IN CSYNC 66 3 A NS AAAA
|
example.com. 3600 IN CSYNC 66 3 A NS AAAA
|
||||||
9fe6cbb9e933ad0b8b4fa94066474e091ee8be696c224b1c1678fcec._openpgpkey 3600 IN OPENPGPKEY \# 2221 ( 99020d044d6cf351011000ae2731a071cae66040331dcfffbc1abaea01fba2b3 341ad29f4191e1e2e47514cc595e5d3b59ebd460db81cb04e98a753dae963543 74b8c3a420364960a6c6875e66cea7216327c16996557c4d13e25e236b3714e9 32795be889e8b33a295faf6d9015474cfe9c2643603f1e91e01334011a841909 8e2fc9807285b2195cdbb1a9ae1916a26b9e33b3f91cde2f728aa133464a1099 fc2beecaf8f67ee03a999aa97be89ce4a252f804ce27a9efb7a631ca956bfa99 c51d6beca52af39a93353aac43097671074a4bb5b039eb86e99209989d5b6a4a e22b32c1605e712072926095b4640db4b4d16b54a8139048e25ef0098781e524 4222df9b6a6bf2335942527356a29e1063c5bc1297c051ab969a3e0c01fb15e2 0ea63a06b416d6c96f9794c5d80e97afb249d2b907dc46605f1001019dd62774 4bc2ad73f239cd623f945bf9922ec6ceb607ce8818455173199de1ef555bf3e8 5e9702dcab7a30e5e6c0f6827ce6d550df2ba4fa6ef2ed47bceb916aded25a72 7039a09942a0684897cdf2efc13f5169693c19da94d861be40e8b07fe853d297 8389eba876332be7db146f1ec6a957bfe39ac90514b1f870a5d899bb4e1d97af 49294ad09dede6d5a04abdc29332bbe74cf70393b626c0f4fdfef6ee2b01d8a6 a40750c446e159b44d0a783611585385ba912b771364b6eda8a69680026a6bf2 105692fd6f9a6cf19e09550011010001b42357696c6c656d20546f6f726f7020 3c77696c6c656d406e6c6e65746c6162732e6e6c3e89023e0413010200280502 4d6cf351021b23050909660180060b090807030206150802090a0b0416020301 021e01021780000a0910e5f8f8212f77a4985d5b0ffe289b97f7d8e4e5abc537 8b7d6db7c395f98c3d787e3fb598638c41e889aea40cbe5b3001d947c7184c92 9efe6ad1e32ae9acb0802823870bb149c3a7bdfbb591601d8c099b3bdd3b3ddc cb03b4d611dc741d9c49c3b5b87654a21dfb618cfe6087f172b3dc663a9f4c0d ad81476ebe5b6fd966164383bc39303a66272a3fe6a0b9a813d4e249c6b9dacf 748a49a979b3fa24036e47099e1d24ed3310cc04341e0bf3afd4e365a04cd075 b7d1dff607a3b8738abf885a7dc959251785ca626b8c9b476f44439653615437 c715b1a586236132e1f89b0e4a9d2d84e403e6733c90a96ec041d14994b19ec0 d23153bb94d9059851901353ddb60b9c42edf715af6ee4ef111e5afd56092a1f 7662a72af80f8768425324a8a7335c805a49b1c4d3dc279b69114a5c592638ff 22a963bd34d2d4bcc319972b99c197fa31c21b89e627f36ce811297ff707f53e 6c258dab407b7d618ec296317a565c2c8b740a39244d8f82095842f6f84448dc e29bb292c7e15072b00c04f2a0f4cd700f2e7348b703f74bcb8d5f4235fbd282 4f515852ea9be06255f88d81a5046d1f730e9bf103b3335f5f03d74ac2ec6581 4dd920e985b57a3b4e0c699f3103ab033ccf36a5b037b3668365484b58a4462d 79414d27170c9db4285bec72d24a9654354b996d13c14b2994f6725e36fb766d 57a79ed721c3ca248221390d7d6fa65f867fa6fa1369b9020d044d6cf3510110 00a4ece215b3f782bae8fb6c1e3fdc06d1e6242271f41b073fc7a85237788814 7b7168134e0b753c608d07308f188b9489af34f1dab1bb52fc3968d0a705c30a 35ea0226e7d2608931138d56ccf124a9236276462863a8f1c83b3a640167211d eaaadfc557ff7701cbb1d413259cf3f5b18ec6e615000bb4ab73c75b980615cf a9a7778de3bab318cc448eca044e3fdc95ac63aa2b28846d77fe190fe8fbc3a0 3ece39d38675040ff1be064410faad9fc5a8c2efe02f34cc39f3087d6b2e9346 42995fd5a9f2d3a59302c0cbe1fea01002c7eb64c8c4e5f853b5b17aebc7c722 97380b8df9ec7f32f1766b3d76e186dc582eedd5da955b7cacdb4cca69e99e9b 25d22b157a68c9f828170917709d335a000590f2be22fd7a5ed0ff2432969642 e84978428c1a3c8380bb339d21ce9cb8ce8f4d6bc102b70a56042159f26c85f7 8599f931a73fe159cf4ae34c828e66fe84f648af745b5d2b1022d514901a8e48 c1cdae82205fe21a58cab77bbc8c1dd32a94aaf4954e7695f05b7c40a395e07f 34ee0add218904fcd380bb737be2ec5b148942840c58abfa212c10ad6debb265 23aa040dad2191397deb472f0dbeeceb6afb386b7166754a47216c3629f63633 a02c5fd1c116e46c8a682a163426e556ea5c0ecdb472429c0d51bea5e583f889 e70f831251e8b31c231d2f946de8c31a6550f884ea961dfdf75a2c3e366ad48c b5001101000189022404180102000f05024d6cf351021b0c050909660180000a 0910e5f8f8212f77a498ed740ff8e1cd5baa631d75dff18a2aa27def9c416118 d178092a1c327c3cc641fd74bc976f3a1b5da52b95cfea68618b31f2aaee6f82 f30ed934eb98de0105878a4814fc811139ed4b3aa356e3c962c422f0be4d3d59 f8e9e64913964287282a6519cd0b1f3f03615aea223b276efcbc5cd4921787c1 7f70b0967aefdcc5462344399b4180efd75c1185a83d6b691e660f8210e76624 f1a87d988baf9367d26b84dcb5df8c7303c2947c4c238734addccb7970f6c192 f3f5dd5f75127e289f26b2fda0562b44a032ed45ae1fc855dca67d54125ccd36 c16f207e4389b0f4e5ff45fe60328a53b322534868ff0d3d8aca0bb0781ee1fe 62f2c0e6fc468f57ccf795ced9f2b27e3cb6d16fc417bd4ca969a364dc649ea5 c57f0325205eaa77fd9df84431c3be5329773828d0e32c0011cbb885e7131b44 b1fc5267b0b3ff125e7255c233239fc6e8c8844d613dab76833e49a7d947fae6 b3ceb35b2ddce2a0f71f384f74fecda521ae07ce3332e5eb2c79d100ad8f9ace 2a0067c1b590f61dd18ab021d66605aa745b5944d830de4c9f61dcc889354b1a 6203d918a5c2317b6d5f188d8d0cf6dab11c9578f6f41d3089871bbb2963b114 59ab0b4c4220ddafb14c20ecbacab1cec60a522ecc883bd1d539ca61cdd4933c 412fafd631d03eff23b23a4164729e32236947f622fe79a17493154e9a30b257 e3fdf97f0b2e1b8c65fc85bd98)
|
9fe6cbb9e933ad0b8b4fa94066474e091ee8be696c224b1c1678fcec._openpgpkey 3600 IN OPENPGPKEY \# 2221 ( 99020d044d6cf351011000ae2731a071cae66040331dcfffbc1abaea01fba2b3 341ad29f4191e1e2e47514cc595e5d3b59ebd460db81cb04e98a753dae963543 74b8c3a420364960a6c6875e66cea7216327c16996557c4d13e25e236b3714e9 32795be889e8b33a295faf6d9015474cfe9c2643603f1e91e01334011a841909 8e2fc9807285b2195cdbb1a9ae1916a26b9e33b3f91cde2f728aa133464a1099 fc2beecaf8f67ee03a999aa97be89ce4a252f804ce27a9efb7a631ca956bfa99 c51d6beca52af39a93353aac43097671074a4bb5b039eb86e99209989d5b6a4a e22b32c1605e712072926095b4640db4b4d16b54a8139048e25ef0098781e524 4222df9b6a6bf2335942527356a29e1063c5bc1297c051ab969a3e0c01fb15e2 0ea63a06b416d6c96f9794c5d80e97afb249d2b907dc46605f1001019dd62774 4bc2ad73f239cd623f945bf9922ec6ceb607ce8818455173199de1ef555bf3e8 5e9702dcab7a30e5e6c0f6827ce6d550df2ba4fa6ef2ed47bceb916aded25a72 7039a09942a0684897cdf2efc13f5169693c19da94d861be40e8b07fe853d297 8389eba876332be7db146f1ec6a957bfe39ac90514b1f870a5d899bb4e1d97af 49294ad09dede6d5a04abdc29332bbe74cf70393b626c0f4fdfef6ee2b01d8a6 a40750c446e159b44d0a783611585385ba912b771364b6eda8a69680026a6bf2 105692fd6f9a6cf19e09550011010001b42357696c6c656d20546f6f726f7020 3c77696c6c656d406e6c6e65746c6162732e6e6c3e89023e0413010200280502 4d6cf351021b23050909660180060b090807030206150802090a0b0416020301 021e01021780000a0910e5f8f8212f77a4985d5b0ffe289b97f7d8e4e5abc537 8b7d6db7c395f98c3d787e3fb598638c41e889aea40cbe5b3001d947c7184c92 9efe6ad1e32ae9acb0802823870bb149c3a7bdfbb591601d8c099b3bdd3b3ddc cb03b4d611dc741d9c49c3b5b87654a21dfb618cfe6087f172b3dc663a9f4c0d ad81476ebe5b6fd966164383bc39303a66272a3fe6a0b9a813d4e249c6b9dacf 748a49a979b3fa24036e47099e1d24ed3310cc04341e0bf3afd4e365a04cd075 b7d1dff607a3b8738abf885a7dc959251785ca626b8c9b476f44439653615437 c715b1a586236132e1f89b0e4a9d2d84e403e6733c90a96ec041d14994b19ec0 d23153bb94d9059851901353ddb60b9c42edf715af6ee4ef111e5afd56092a1f 7662a72af80f8768425324a8a7335c805a49b1c4d3dc279b69114a5c592638ff 22a963bd34d2d4bcc319972b99c197fa31c21b89e627f36ce811297ff707f53e 6c258dab407b7d618ec296317a565c2c8b740a39244d8f82095842f6f84448dc e29bb292c7e15072b00c04f2a0f4cd700f2e7348b703f74bcb8d5f4235fbd282 4f515852ea9be06255f88d81a5046d1f730e9bf103b3335f5f03d74ac2ec6581 4dd920e985b57a3b4e0c699f3103ab033ccf36a5b037b3668365484b58a4462d 79414d27170c9db4285bec72d24a9654354b996d13c14b2994f6725e36fb766d 57a79ed721c3ca248221390d7d6fa65f867fa6fa1369b9020d044d6cf3510110 00a4ece215b3f782bae8fb6c1e3fdc06d1e6242271f41b073fc7a85237788814 7b7168134e0b753c608d07308f188b9489af34f1dab1bb52fc3968d0a705c30a 35ea0226e7d2608931138d56ccf124a9236276462863a8f1c83b3a640167211d eaaadfc557ff7701cbb1d413259cf3f5b18ec6e615000bb4ab73c75b980615cf a9a7778de3bab318cc448eca044e3fdc95ac63aa2b28846d77fe190fe8fbc3a0 3ece39d38675040ff1be064410faad9fc5a8c2efe02f34cc39f3087d6b2e9346 42995fd5a9f2d3a59302c0cbe1fea01002c7eb64c8c4e5f853b5b17aebc7c722 97380b8df9ec7f32f1766b3d76e186dc582eedd5da955b7cacdb4cca69e99e9b 25d22b157a68c9f828170917709d335a000590f2be22fd7a5ed0ff2432969642 e84978428c1a3c8380bb339d21ce9cb8ce8f4d6bc102b70a56042159f26c85f7 8599f931a73fe159cf4ae34c828e66fe84f648af745b5d2b1022d514901a8e48 c1cdae82205fe21a58cab77bbc8c1dd32a94aaf4954e7695f05b7c40a395e07f 34ee0add218904fcd380bb737be2ec5b148942840c58abfa212c10ad6debb265 23aa040dad2191397deb472f0dbeeceb6afb386b7166754a47216c3629f63633 a02c5fd1c116e46c8a682a163426e556ea5c0ecdb472429c0d51bea5e583f889 e70f831251e8b31c231d2f946de8c31a6550f884ea961dfdf75a2c3e366ad48c b5001101000189022404180102000f05024d6cf351021b0c050909660180000a 0910e5f8f8212f77a498ed740ff8e1cd5baa631d75dff18a2aa27def9c416118 d178092a1c327c3cc641fd74bc976f3a1b5da52b95cfea68618b31f2aaee6f82 f30ed934eb98de0105878a4814fc811139ed4b3aa356e3c962c422f0be4d3d59 f8e9e64913964287282a6519cd0b1f3f03615aea223b276efcbc5cd4921787c1 7f70b0967aefdcc5462344399b4180efd75c1185a83d6b691e660f8210e76624 f1a87d988baf9367d26b84dcb5df8c7303c2947c4c238734addccb7970f6c192 f3f5dd5f75127e289f26b2fda0562b44a032ed45ae1fc855dca67d54125ccd36 c16f207e4389b0f4e5ff45fe60328a53b322534868ff0d3d8aca0bb0781ee1fe 62f2c0e6fc468f57ccf795ced9f2b27e3cb6d16fc417bd4ca969a364dc649ea5 c57f0325205eaa77fd9df84431c3be5329773828d0e32c0011cbb885e7131b44 b1fc5267b0b3ff125e7255c233239fc6e8c8844d613dab76833e49a7d947fae6 b3ceb35b2ddce2a0f71f384f74fecda521ae07ce3332e5eb2c79d100ad8f9ace 2a0067c1b590f61dd18ab021d66605aa745b5944d830de4c9f61dcc889354b1a 6203d918a5c2317b6d5f188d8d0cf6dab11c9578f6f41d3089871bbb2963b114 59ab0b4c4220ddafb14c20ecbacab1cec60a522ecc883bd1d539ca61cdd4933c 412fafd631d03eff23b23a4164729e32236947f622fe79a17493154e9a30b257 e3fdf97f0b2e1b8c65fc85bd98)
|
||||||
|
|
||||||
|
test.add.1. 0 ANY TSIG hmac-md5.sig-alg.reg.int. 1480584899 300 16 lkEJsjwBeAdfv9RGs6zZrg== 15355 NOERROR 0
|
||||||
|
blabla. 0 ANY TSIG hmac-md5.sig-alg.reg.int. 1480585012 300 16 k9mSMs2t5vq5FV2DvQvR6g== 59231 NOERROR 0
|
||||||
|
blabla. 0 ANY TSIG hmac-md5.sig-alg.reg.int. 1480523776 300 16 sBfx00GRs+tfRTm4uRCjyQ== 25791 0 0
|
||||||
|
blabla. 0 ANY TSIG hmac-md5.sig-alg.reg.int. 1480585449 300 0 59692 BADSIG 0
|
||||||
|
blabla. 0 ANY TSIG hmac-md5.sig-alg.reg.int. 1480585462 300 16 6wvlG82sEVHyqsTtBLvRQw== 26044 NOERROR 0
|
||||||
|
24
testdata/test_ldnsrr.c5
vendored
24
testdata/test_ldnsrr.c5
vendored
@ -111,19 +111,19 @@ host1.blaat.nl. 3600 IN L64 10 2001:0db8:1140:1000
|
|||||||
05686F73743105626C616174026E6C00006B000100000E100018000A0B6C36342D7375626E65743105626C616174026E6C00
|
05686F73743105626C616174026E6C00006B000100000E100018000A0B6C36342D7375626E65743105626C616174026E6C00
|
||||||
host1.blaat.nl. 3600 IN LP 10 l64-subnet1.blaat.nl.
|
host1.blaat.nl. 3600 IN LP 10 l64-subnet1.blaat.nl.
|
||||||
03636161000101000100000E1000150005697373756563612E6578616D706C652E6E6574
|
03636161000101000100000E1000150005697373756563612E6578616D706C652E6E6574
|
||||||
caa. 3600 IN CAA \# 21 0005697373756563612E6578616D706C652E6E6574
|
caa. 3600 IN CAA 0 issue "ca.example.net"
|
||||||
03636161000101000100000E1000220005696F6465666D61696C746F3A7365637572697479406578616D706C652E636F6D
|
03636161000101000100000E1000220005696F6465666D61696C746F3A7365637572697479406578616D706C652E636F6D
|
||||||
caa. 3600 IN CAA \# 34 0005696F6465666D61696C746F3A7365637572697479406578616D706C652E636F6D
|
caa. 3600 IN CAA 0 iodef "mailto:security@example.com"
|
||||||
03636161000101000100000E1000200005696F646566687474703A2F2F696F6465662E6578616D706C652E636F6D2F
|
03636161000101000100000E1000200005696F646566687474703A2F2F696F6465662E6578616D706C652E636F6D2F
|
||||||
caa. 3600 IN CAA \# 32 0005696F646566687474703A2F2F696F6465662E6578616D706C652E636F6D2F
|
caa. 3600 IN CAA 0 iodef "http://iodef.example.com/"
|
||||||
03636161000101000100000E1000250005697373756563612E6578616D706C652E6E65743B206163636F756E743D323330313233
|
03636161000101000100000E1000250005697373756563612E6578616D706C652E6E65743B206163636F756E743D323330313233
|
||||||
caa. 3600 IN CAA \# 37 0005697373756563612E6578616D706C652E6E65743B206163636F756E743D323330313233
|
caa. 3600 IN CAA 0 issue "ca.example.net; account=230123"
|
||||||
03636161000101000100000E1000200005697373756563612E6578616D706C652E6E65743B20706F6C6963793D6576
|
03636161000101000100000E1000200005697373756563612E6578616D706C652E6E65743B20706F6C6963793D6576
|
||||||
caa. 3600 IN CAA \# 32 0005697373756563612E6578616D706C652E6E65743B20706F6C6963793D6576
|
caa. 3600 IN CAA 0 issue "ca.example.net; policy=ev"
|
||||||
03636161000101000100000E10000C8003746273556E6B6E6F776E
|
03636161000101000100000E10000C8003746273556E6B6E6F776E
|
||||||
caa. 3600 IN CAA \# 12 8003746273556E6B6E6F776E
|
caa. 3600 IN CAA 128 tbs "Unknown"
|
||||||
03636161000101000100000E100046020461757468303E3039060A2B06010401D67902030106096086480165030402010420614829C81B958911F81164D40DCDBFD49D66CEB3B3442FF6C9C3A912F9497566020100
|
03636161000101000100000E100046020461757468303E3039060A2B06010401D67902030106096086480165030402010420614829C81B958911F81164D40DCDBFD49D66CEB3B3442FF6C9C3A912F9497566020100
|
||||||
caa. 3600 IN CAA \# 70 020461757468303E3039060A2B06010401D67902030106096086480165030402010420614829C81B958911F81164D40DCDBFD49D66CEB3B3442FF6C9C3A912F9497566020100
|
caa. 3600 IN CAA 2 auth "0>09\006\010+\006\001\004\001\214y\002\003\001\006 `\134H\001e\003\004\002\001\004 aH)\200\027\149\137\017\248\017d\212\013\205\191\212\157f\206\179\179D/\246\201\195\169\018\249Iuf\002\001\000"
|
||||||
05657569343800006C000100000E10000600005E90012A
|
05657569343800006C000100000E10000600005E90012A
|
||||||
eui48. 3600 IN EUI48 00-00-5e-90-01-2a
|
eui48. 3600 IN EUI48 00-00-5e-90-01-2a
|
||||||
05657569363400006D000100000E10000800005EEF0000002A
|
05657569363400006D000100000E10000800005EEF0000002A
|
||||||
@ -178,3 +178,13 @@ txt6. 3600 IN TXT "v=DKIM1; k=rsa; g=*; s=email; h=sha1; t=s; p=MIGfMA0GCSqGSIb3
|
|||||||
example.com. 3600 IN CSYNC 66 3 A NS AAAA
|
example.com. 3600 IN CSYNC 66 3 A NS AAAA
|
||||||
3839666536636262396539333361643062386234666139343036363437346530393165653862653639366332323462316331363738666365630B5F6F70656E7067706B657900003D000100000E1008AD99020D044D6CF351011000AE2731A071CAE66040331DCFFFBC1ABAEA01FBA2B3341AD29F4191E1E2E47514CC595E5D3B59EBD460DB81CB04E98A753DAE96354374B8C3A420364960A6C6875E66CEA7216327C16996557C4D13E25E236B3714E932795BE889E8B33A295FAF6D9015474CFE9C2643603F1E91E01334011A8419098E2FC9807285B2195CDBB1A9AE1916A26B9E33B3F91CDE2F728AA133464A1099FC2BEECAF8F67EE03A999AA97BE89CE4A252F804CE27A9EFB7A631CA956BFA99C51D6BECA52AF39A93353AAC43097671074A4BB5B039EB86E99209989D5B6A4AE22B32C1605E712072926095B4640DB4B4D16B54A8139048E25EF0098781E5244222DF9B6A6BF2335942527356A29E1063C5BC1297C051AB969A3E0C01FB15E20EA63A06B416D6C96F9794C5D80E97AFB249D2B907DC46605F1001019DD627744BC2AD73F239CD623F945BF9922EC6CEB607CE8818455173199DE1EF555BF3E85E9702DCAB7A30E5E6C0F6827CE6D550DF2BA4FA6EF2ED47BCEB916ADED25A727039A09942A0684897CDF2EFC13F5169693C19DA94D861BE40E8B07FE853D2978389EBA876332BE7DB146F1EC6A957BFE39AC90514B1F870A5D899BB4E1D97AF49294AD09DEDE6D5A04ABDC29332BBE74CF70393B626C0F4FDFEF6EE2B01D8A6A40750C446E159B44D0A783611585385BA912B771364B6EDA8A69680026A6BF2105692FD6F9A6CF19E09550011010001B42357696C6C656D20546F6F726F70203C77696C6C656D406E6C6E65746C6162732E6E6C3E89023E04130102002805024D6CF351021B23050909660180060B090807030206150802090A0B0416020301021E01021780000A0910E5F8F8212F77A4985D5B0FFE289B97F7D8E4E5ABC5378B7D6DB7C395F98C3D787E3FB598638C41E889AEA40CBE5B3001D947C7184C929EFE6AD1E32AE9ACB0802823870BB149C3A7BDFBB591601D8C099B3BDD3B3DDCCB03B4D611DC741D9C49C3B5B87654A21DFB618CFE6087F172B3DC663A9F4C0DAD81476EBE5B6FD966164383BC39303A66272A3FE6A0B9A813D4E249C6B9DACF748A49A979B3FA24036E47099E1D24ED3310CC04341E0BF3AFD4E365A04CD075B7D1DFF607A3B8738ABF885A7DC959251785CA626B8C9B476F44439653615437C715B1A586236132E1F89B0E4A9D2D84E403E6733C90A96EC041D14994B19EC0D23153BB94D9059851901353DDB60B9C42EDF715AF6EE4EF111E5AFD56092A1F7662A72AF80F8768425324A8A7335C805A49B1C4D3DC279B69114A5C592638FF22A963BD34D2D4BCC319972B99C197FA31C21B89E627F36CE811297FF707F53E6C258DAB407B7D618EC296317A565C2C8B740A39244D8F82095842F6F84448DCE29BB292C7E15072B00C04F2A0F4CD700F2E7348B703F74BCB8D5F4235FBD2824F515852EA9BE06255F88D81A5046D1F730E9BF103B3335F5F03D74AC2EC65814DD920E985B57A3B4E0C699F3103AB033CCF36A5B037B3668365484B58A4462D79414D27170C9DB4285BEC72D24A9654354B996D13C14B2994F6725E36FB766D57A79ED721C3CA248221390D7D6FA65F867FA6FA1369B9020D044D6CF351011000A4ECE215B3F782BAE8FB6C1E3FDC06D1E6242271F41B073FC7A852377888147B7168134E0B753C608D07308F188B9489AF34F1DAB1BB52FC3968D0A705C30A35EA0226E7D2608931138D56CCF124A9236276462863A8F1C83B3A640167211DEAAADFC557FF7701CBB1D413259CF3F5B18EC6E615000BB4AB73C75B980615CFA9A7778DE3BAB318CC448ECA044E3FDC95AC63AA2B28846D77FE190FE8FBC3A03ECE39D38675040FF1BE064410FAAD9FC5A8C2EFE02F34CC39F3087D6B2E934642995FD5A9F2D3A59302C0CBE1FEA01002C7EB64C8C4E5F853B5B17AEBC7C72297380B8DF9EC7F32F1766B3D76E186DC582EEDD5DA955B7CACDB4CCA69E99E9B25D22B157A68C9F828170917709D335A000590F2BE22FD7A5ED0FF2432969642E84978428C1A3C8380BB339D21CE9CB8CE8F4D6BC102B70A56042159F26C85F78599F931A73FE159CF4AE34C828E66FE84F648AF745B5D2B1022D514901A8E48C1CDAE82205FE21A58CAB77BBC8C1DD32A94AAF4954E7695F05B7C40A395E07F34EE0ADD218904FCD380BB737BE2EC5B148942840C58ABFA212C10AD6DEBB26523AA040DAD2191397DEB472F0DBEECEB6AFB386B7166754A47216C3629F63633A02C5FD1C116E46C8A682A163426E556EA5C0ECDB472429C0D51BEA5E583F889E70F831251E8B31C231D2F946DE8C31A6550F884EA961DFDF75A2C3E366AD48CB5001101000189022404180102000F05024D6CF351021B0C050909660180000A0910E5F8F8212F77A498ED740FF8E1CD5BAA631D75DFF18A2AA27DEF9C416118D178092A1C327C3CC641FD74BC976F3A1B5DA52B95CFEA68618B31F2AAEE6F82F30ED934EB98DE0105878A4814FC811139ED4B3AA356E3C962C422F0BE4D3D59F8E9E64913964287282A6519CD0B1F3F03615AEA223B276EFCBC5CD4921787C17F70B0967AEFDCC5462344399B4180EFD75C1185A83D6B691E660F8210E76624F1A87D988BAF9367D26B84DCB5DF8C7303C2947C4C238734ADDCCB7970F6C192F3F5DD5F75127E289F26B2FDA0562B44A032ED45AE1FC855DCA67D54125CCD36C16F207E4389B0F4E5FF45FE60328A53B322534868FF0D3D8ACA0BB0781EE1FE62F2C0E6FC468F57CCF795CED9F2B27E3CB6D16FC417BD4CA969A364DC649EA5C57F0325205EAA77FD9DF84431C3BE5329773828D0E32C0011CBB885E7131B44B1FC5267B0B3FF125E7255C233239FC6E8C8844D613DAB76833E49A7D947FAE6B3CEB35B2DDCE2A0F71F384F74FECDA521AE07CE3332E5EB2C79D100AD8F9ACE2A0067C1B590F61DD18AB021D66605AA745B5944D830DE4C9F61DCC889354B1A6203D918A5C2317B6D5F188D8D0CF6DAB11C9578F6F41D3089871BBB2963B11459AB0B4C4220DDAFB14C20ECBACAB1CEC60A522ECC883BD1D539CA61CDD4933C412FAFD631D03EFF23B23A4164729E32236947F622FE79A17493154E9A30B257E3FDF97F0B2E1B8C65FC85BD98
|
3839666536636262396539333361643062386234666139343036363437346530393165653862653639366332323462316331363738666365630B5F6F70656E7067706B657900003D000100000E1008AD99020D044D6CF351011000AE2731A071CAE66040331DCFFFBC1ABAEA01FBA2B3341AD29F4191E1E2E47514CC595E5D3B59EBD460DB81CB04E98A753DAE96354374B8C3A420364960A6C6875E66CEA7216327C16996557C4D13E25E236B3714E932795BE889E8B33A295FAF6D9015474CFE9C2643603F1E91E01334011A8419098E2FC9807285B2195CDBB1A9AE1916A26B9E33B3F91CDE2F728AA133464A1099FC2BEECAF8F67EE03A999AA97BE89CE4A252F804CE27A9EFB7A631CA956BFA99C51D6BECA52AF39A93353AAC43097671074A4BB5B039EB86E99209989D5B6A4AE22B32C1605E712072926095B4640DB4B4D16B54A8139048E25EF0098781E5244222DF9B6A6BF2335942527356A29E1063C5BC1297C051AB969A3E0C01FB15E20EA63A06B416D6C96F9794C5D80E97AFB249D2B907DC46605F1001019DD627744BC2AD73F239CD623F945BF9922EC6CEB607CE8818455173199DE1EF555BF3E85E9702DCAB7A30E5E6C0F6827CE6D550DF2BA4FA6EF2ED47BCEB916ADED25A727039A09942A0684897CDF2EFC13F5169693C19DA94D861BE40E8B07FE853D2978389EBA876332BE7DB146F1EC6A957BFE39AC90514B1F870A5D899BB4E1D97AF49294AD09DEDE6D5A04ABDC29332BBE74CF70393B626C0F4FDFEF6EE2B01D8A6A40750C446E159B44D0A783611585385BA912B771364B6EDA8A69680026A6BF2105692FD6F9A6CF19E09550011010001B42357696C6C656D20546F6F726F70203C77696C6C656D406E6C6E65746C6162732E6E6C3E89023E04130102002805024D6CF351021B23050909660180060B090807030206150802090A0B0416020301021E01021780000A0910E5F8F8212F77A4985D5B0FFE289B97F7D8E4E5ABC5378B7D6DB7C395F98C3D787E3FB598638C41E889AEA40CBE5B3001D947C7184C929EFE6AD1E32AE9ACB0802823870BB149C3A7BDFBB591601D8C099B3BDD3B3DDCCB03B4D611DC741D9C49C3B5B87654A21DFB618CFE6087F172B3DC663A9F4C0DAD81476EBE5B6FD966164383BC39303A66272A3FE6A0B9A813D4E249C6B9DACF748A49A979B3FA24036E47099E1D24ED3310CC04341E0BF3AFD4E365A04CD075B7D1DFF607A3B8738ABF885A7DC959251785CA626B8C9B476F44439653615437C715B1A586236132E1F89B0E4A9D2D84E403E6733C90A96EC041D14994B19EC0D23153BB94D9059851901353DDB60B9C42EDF715AF6EE4EF111E5AFD56092A1F7662A72AF80F8768425324A8A7335C805A49B1C4D3DC279B69114A5C592638FF22A963BD34D2D4BCC319972B99C197FA31C21B89E627F36CE811297FF707F53E6C258DAB407B7D618EC296317A565C2C8B740A39244D8F82095842F6F84448DCE29BB292C7E15072B00C04F2A0F4CD700F2E7348B703F74BCB8D5F4235FBD2824F515852EA9BE06255F88D81A5046D1F730E9BF103B3335F5F03D74AC2EC65814DD920E985B57A3B4E0C699F3103AB033CCF36A5B037B3668365484B58A4462D79414D27170C9DB4285BEC72D24A9654354B996D13C14B2994F6725E36FB766D57A79ED721C3CA248221390D7D6FA65F867FA6FA1369B9020D044D6CF351011000A4ECE215B3F782BAE8FB6C1E3FDC06D1E6242271F41B073FC7A852377888147B7168134E0B753C608D07308F188B9489AF34F1DAB1BB52FC3968D0A705C30A35EA0226E7D2608931138D56CCF124A9236276462863A8F1C83B3A640167211DEAAADFC557FF7701CBB1D413259CF3F5B18EC6E615000BB4AB73C75B980615CFA9A7778DE3BAB318CC448ECA044E3FDC95AC63AA2B28846D77FE190FE8FBC3A03ECE39D38675040FF1BE064410FAAD9FC5A8C2EFE02F34CC39F3087D6B2E934642995FD5A9F2D3A59302C0CBE1FEA01002C7EB64C8C4E5F853B5B17AEBC7C72297380B8DF9EC7F32F1766B3D76E186DC582EEDD5DA955B7CACDB4CCA69E99E9B25D22B157A68C9F828170917709D335A000590F2BE22FD7A5ED0FF2432969642E84978428C1A3C8380BB339D21CE9CB8CE8F4D6BC102B70A56042159F26C85F78599F931A73FE159CF4AE34C828E66FE84F648AF745B5D2B1022D514901A8E48C1CDAE82205FE21A58CAB77BBC8C1DD32A94AAF4954E7695F05B7C40A395E07F34EE0ADD218904FCD380BB737BE2EC5B148942840C58ABFA212C10AD6DEBB26523AA040DAD2191397DEB472F0DBEECEB6AFB386B7166754A47216C3629F63633A02C5FD1C116E46C8A682A163426E556EA5C0ECDB472429C0D51BEA5E583F889E70F831251E8B31C231D2F946DE8C31A6550F884EA961DFDF75A2C3E366AD48CB5001101000189022404180102000F05024D6CF351021B0C050909660180000A0910E5F8F8212F77A498ED740FF8E1CD5BAA631D75DFF18A2AA27DEF9C416118D178092A1C327C3CC641FD74BC976F3A1B5DA52B95CFEA68618B31F2AAEE6F82F30ED934EB98DE0105878A4814FC811139ED4B3AA356E3C962C422F0BE4D3D59F8E9E64913964287282A6519CD0B1F3F03615AEA223B276EFCBC5CD4921787C17F70B0967AEFDCC5462344399B4180EFD75C1185A83D6B691E660F8210E76624F1A87D988BAF9367D26B84DCB5DF8C7303C2947C4C238734ADDCCB7970F6C192F3F5DD5F75127E289F26B2FDA0562B44A032ED45AE1FC855DCA67D54125CCD36C16F207E4389B0F4E5FF45FE60328A53B322534868FF0D3D8ACA0BB0781EE1FE62F2C0E6FC468F57CCF795CED9F2B27E3CB6D16FC417BD4CA969A364DC649EA5C57F0325205EAA77FD9DF84431C3BE5329773828D0E32C0011CBB885E7131B44B1FC5267B0B3FF125E7255C233239FC6E8C8844D613DAB76833E49A7D947FAE6B3CEB35B2DDCE2A0F71F384F74FECDA521AE07CE3332E5EB2C79D100AD8F9ACE2A0067C1B590F61DD18AB021D66605AA745B5944D830DE4C9F61DCC889354B1A6203D918A5C2317B6D5F188D8D0CF6DAB11C9578F6F41D3089871BBB2963B11459AB0B4C4220DDAFB14C20ECBACAB1CEC60A522ECC883BD1D539CA61CDD4933C412FAFD631D03EFF23B23A4164729E32236947F622FE79A17493154E9A30B257E3FDF97F0B2E1B8C65FC85BD98
|
||||||
9fe6cbb9e933ad0b8b4fa94066474e091ee8be696c224b1c1678fcec._openpgpkey. 3600 IN OPENPGPKEY mQINBE1s81EBEACuJzGgccrmYEAzHc//vBq66gH7orM0GtKfQZHh4uR1FMxZXl07WevUYNuBywTpinU9rpY1Q3S4w6QgNklgpsaHXmbOpyFjJ8FpllV8TRPiXiNrNxTpMnlb6InoszopX69tkBVHTP6cJkNgPx6R4BM0ARqEGQmOL8mAcoWyGVzbsamuGRaia54zs/kc3i9yiqEzRkoQmfwr7sr49n7gOpmaqXvonOSiUvgEziep77emMcqVa/qZxR1r7KUq85qTNTqsQwl2cQdKS7WwOeuG6ZIJmJ1bakriKzLBYF5xIHKSYJW0ZA20tNFrVKgTkEjiXvAJh4HlJEIi35tqa/IzWUJSc1ainhBjxbwSl8BRq5aaPgwB+xXiDqY6BrQW1slvl5TF2A6Xr7JJ0rkH3EZgXxABAZ3WJ3RLwq1z8jnNYj+UW/mSLsbOtgfOiBhFUXMZneHvVVvz6F6XAtyrejDl5sD2gnzm1VDfK6T6bvLtR7zrkWre0lpycDmgmUKgaEiXzfLvwT9RaWk8GdqU2GG+QOiwf+hT0peDieuodjMr59sUbx7GqVe/45rJBRSx+HCl2Jm7Th2Xr0kpStCd7ebVoEq9wpMyu+dM9wOTtibA9P3+9u4rAdimpAdQxEbhWbRNCng2EVhThbqRK3cTZLbtqKaWgAJqa/IQVpL9b5ps8Z4JVQARAQABtCNXaWxsZW0gVG9vcm9wIDx3aWxsZW1AbmxuZXRsYWJzLm5sPokCPgQTAQIAKAUCTWzzUQIbIwUJCWYBgAYLCQgHAwIGFQgCCQoLBBYCAwECHgECF4AACgkQ5fj4IS93pJhdWw/+KJuX99jk5avFN4t9bbfDlfmMPXh+P7WYY4xB6ImupAy+WzAB2UfHGEySnv5q0eMq6aywgCgjhwuxScOnvfu1kWAdjAmbO907PdzLA7TWEdx0HZxJw7W4dlSiHfthjP5gh/Fys9xmOp9MDa2BR26+W2/ZZhZDg7w5MDpmJyo/5qC5qBPU4knGudrPdIpJqXmz+iQDbkcJnh0k7TMQzAQ0Hgvzr9TjZaBM0HW30d/2B6O4c4q/iFp9yVklF4XKYmuMm0dvREOWU2FUN8cVsaWGI2Ey4fibDkqdLYTkA+ZzPJCpbsBB0UmUsZ7A0jFTu5TZBZhRkBNT3bYLnELt9xWvbuTvER5a/VYJKh92Yqcq+A+HaEJTJKinM1yAWkmxxNPcJ5tpEUpcWSY4/yKpY7000tS8wxmXK5nBl/oxwhuJ5ifzbOgRKX/3B/U+bCWNq0B7fWGOwpYxelZcLIt0CjkkTY+CCVhC9vhESNzim7KSx+FQcrAMBPKg9M1wDy5zSLcD90vLjV9CNfvSgk9RWFLqm+BiVfiNgaUEbR9zDpvxA7MzX18D10rC7GWBTdkg6YW1ejtODGmfMQOrAzzPNqWwN7Nmg2VIS1ikRi15QU0nFwydtChb7HLSSpZUNUuZbRPBSymU9nJeNvt2bVenntchw8okgiE5DX1vpl+Gf6b6E2m5Ag0ETWzzUQEQAKTs4hWz94K66PtsHj/cBtHmJCJx9BsHP8eoUjd4iBR7cWgTTgt1PGCNBzCPGIuUia808dqxu1L8OWjQpwXDCjXqAibn0mCJMRONVszxJKkjYnZGKGOo8cg7OmQBZyEd6qrfxVf/dwHLsdQTJZzz9bGOxuYVAAu0q3PHW5gGFc+pp3eN47qzGMxEjsoETj/claxjqisohG13/hkP6PvDoD7OOdOGdQQP8b4GRBD6rZ/FqMLv4C80zDnzCH1rLpNGQplf1any06WTAsDL4f6gEALH62TIxOX4U7WxeuvHxyKXOAuN+ex/MvF2az124YbcWC7t1dqVW3ys20zKaememyXSKxV6aMn4KBcJF3CdM1oABZDyviL9el7Q/yQylpZC6El4QowaPIOAuzOdIc6cuM6PTWvBArcKVgQhWfJshfeFmfkxpz/hWc9K40yCjmb+hPZIr3RbXSsQItUUkBqOSMHNroIgX+IaWMq3e7yMHdMqlKr0lU52lfBbfECjleB/NO4K3SGJBPzTgLtze+LsWxSJQoQMWKv6ISwQrW3rsmUjqgQNrSGROX3rRy8Nvuzravs4a3FmdUpHIWw2KfY2M6AsX9HBFuRsimgqFjQm5VbqXA7NtHJCnA1RvqXlg/iJ5w+DElHosxwjHS+UbejDGmVQ+ITqlh3991osPjZq1Iy1ABEBAAGJAiQEGAECAA8FAk1s81ECGwwFCQlmAYAACgkQ5fj4IS93pJjtdA/44c1bqmMddd/xiiqife+cQWEY0XgJKhwyfDzGQf10vJdvOhtdpSuVz+poYYsx8qrub4LzDtk065jeAQWHikgU/IEROe1LOqNW48lixCLwvk09Wfjp5kkTlkKHKCplGc0LHz8DYVrqIjsnbvy8XNSSF4fBf3Cwlnrv3MVGI0Q5m0GA79dcEYWoPWtpHmYPghDnZiTxqH2Yi6+TZ9JrhNy134xzA8KUfEwjhzSt3Mt5cPbBkvP13V91En4onyay/aBWK0SgMu1Frh/IVdymfVQSXM02wW8gfkOJsPTl/0X+YDKKU7MiU0ho/w09isoLsHge4f5i8sDm/EaPV8z3lc7Z8rJ+PLbRb8QXvUypaaNk3GSepcV/AyUgXqp3/Z34RDHDvlMpdzgo0OMsABHLuIXnExtEsfxSZ7Cz/xJeclXCMyOfxujIhE1hPat2gz5Jp9lH+uazzrNbLdzioPcfOE90/s2lIa4HzjMy5essedEArY+azioAZ8G1kPYd0YqwIdZmBap0W1lE2DDeTJ9h3MiJNUsaYgPZGKXCMXttXxiNjQz22rEclXj29B0wiYcbuyljsRRZqwtMQiDdr7FMIOy6yrHOxgpSLsyIO9HVOcphzdSTPEEvr9Yx0D7/I7I6QWRynjIjaUf2Iv55oXSTFU6aMLJX4/35fwsuG4xl/IW9mA==
|
9fe6cbb9e933ad0b8b4fa94066474e091ee8be696c224b1c1678fcec._openpgpkey. 3600 IN OPENPGPKEY mQINBE1s81EBEACuJzGgccrmYEAzHc//vBq66gH7orM0GtKfQZHh4uR1FMxZXl07WevUYNuBywTpinU9rpY1Q3S4w6QgNklgpsaHXmbOpyFjJ8FpllV8TRPiXiNrNxTpMnlb6InoszopX69tkBVHTP6cJkNgPx6R4BM0ARqEGQmOL8mAcoWyGVzbsamuGRaia54zs/kc3i9yiqEzRkoQmfwr7sr49n7gOpmaqXvonOSiUvgEziep77emMcqVa/qZxR1r7KUq85qTNTqsQwl2cQdKS7WwOeuG6ZIJmJ1bakriKzLBYF5xIHKSYJW0ZA20tNFrVKgTkEjiXvAJh4HlJEIi35tqa/IzWUJSc1ainhBjxbwSl8BRq5aaPgwB+xXiDqY6BrQW1slvl5TF2A6Xr7JJ0rkH3EZgXxABAZ3WJ3RLwq1z8jnNYj+UW/mSLsbOtgfOiBhFUXMZneHvVVvz6F6XAtyrejDl5sD2gnzm1VDfK6T6bvLtR7zrkWre0lpycDmgmUKgaEiXzfLvwT9RaWk8GdqU2GG+QOiwf+hT0peDieuodjMr59sUbx7GqVe/45rJBRSx+HCl2Jm7Th2Xr0kpStCd7ebVoEq9wpMyu+dM9wOTtibA9P3+9u4rAdimpAdQxEbhWbRNCng2EVhThbqRK3cTZLbtqKaWgAJqa/IQVpL9b5ps8Z4JVQARAQABtCNXaWxsZW0gVG9vcm9wIDx3aWxsZW1AbmxuZXRsYWJzLm5sPokCPgQTAQIAKAUCTWzzUQIbIwUJCWYBgAYLCQgHAwIGFQgCCQoLBBYCAwECHgECF4AACgkQ5fj4IS93pJhdWw/+KJuX99jk5avFN4t9bbfDlfmMPXh+P7WYY4xB6ImupAy+WzAB2UfHGEySnv5q0eMq6aywgCgjhwuxScOnvfu1kWAdjAmbO907PdzLA7TWEdx0HZxJw7W4dlSiHfthjP5gh/Fys9xmOp9MDa2BR26+W2/ZZhZDg7w5MDpmJyo/5qC5qBPU4knGudrPdIpJqXmz+iQDbkcJnh0k7TMQzAQ0Hgvzr9TjZaBM0HW30d/2B6O4c4q/iFp9yVklF4XKYmuMm0dvREOWU2FUN8cVsaWGI2Ey4fibDkqdLYTkA+ZzPJCpbsBB0UmUsZ7A0jFTu5TZBZhRkBNT3bYLnELt9xWvbuTvER5a/VYJKh92Yqcq+A+HaEJTJKinM1yAWkmxxNPcJ5tpEUpcWSY4/yKpY7000tS8wxmXK5nBl/oxwhuJ5ifzbOgRKX/3B/U+bCWNq0B7fWGOwpYxelZcLIt0CjkkTY+CCVhC9vhESNzim7KSx+FQcrAMBPKg9M1wDy5zSLcD90vLjV9CNfvSgk9RWFLqm+BiVfiNgaUEbR9zDpvxA7MzX18D10rC7GWBTdkg6YW1ejtODGmfMQOrAzzPNqWwN7Nmg2VIS1ikRi15QU0nFwydtChb7HLSSpZUNUuZbRPBSymU9nJeNvt2bVenntchw8okgiE5DX1vpl+Gf6b6E2m5Ag0ETWzzUQEQAKTs4hWz94K66PtsHj/cBtHmJCJx9BsHP8eoUjd4iBR7cWgTTgt1PGCNBzCPGIuUia808dqxu1L8OWjQpwXDCjXqAibn0mCJMRONVszxJKkjYnZGKGOo8cg7OmQBZyEd6qrfxVf/dwHLsdQTJZzz9bGOxuYVAAu0q3PHW5gGFc+pp3eN47qzGMxEjsoETj/claxjqisohG13/hkP6PvDoD7OOdOGdQQP8b4GRBD6rZ/FqMLv4C80zDnzCH1rLpNGQplf1any06WTAsDL4f6gEALH62TIxOX4U7WxeuvHxyKXOAuN+ex/MvF2az124YbcWC7t1dqVW3ys20zKaememyXSKxV6aMn4KBcJF3CdM1oABZDyviL9el7Q/yQylpZC6El4QowaPIOAuzOdIc6cuM6PTWvBArcKVgQhWfJshfeFmfkxpz/hWc9K40yCjmb+hPZIr3RbXSsQItUUkBqOSMHNroIgX+IaWMq3e7yMHdMqlKr0lU52lfBbfECjleB/NO4K3SGJBPzTgLtze+LsWxSJQoQMWKv6ISwQrW3rsmUjqgQNrSGROX3rRy8Nvuzravs4a3FmdUpHIWw2KfY2M6AsX9HBFuRsimgqFjQm5VbqXA7NtHJCnA1RvqXlg/iJ5w+DElHosxwjHS+UbejDGmVQ+ITqlh3991osPjZq1Iy1ABEBAAGJAiQEGAECAA8FAk1s81ECGwwFCQlmAYAACgkQ5fj4IS93pJjtdA/44c1bqmMddd/xiiqife+cQWEY0XgJKhwyfDzGQf10vJdvOhtdpSuVz+poYYsx8qrub4LzDtk065jeAQWHikgU/IEROe1LOqNW48lixCLwvk09Wfjp5kkTlkKHKCplGc0LHz8DYVrqIjsnbvy8XNSSF4fBf3Cwlnrv3MVGI0Q5m0GA79dcEYWoPWtpHmYPghDnZiTxqH2Yi6+TZ9JrhNy134xzA8KUfEwjhzSt3Mt5cPbBkvP13V91En4onyay/aBWK0SgMu1Frh/IVdymfVQSXM02wW8gfkOJsPTl/0X+YDKKU7MiU0ho/w09isoLsHge4f5i8sDm/EaPV8z3lc7Z8rJ+PLbRb8QXvUypaaNk3GSepcV/AyUgXqp3/Z34RDHDvlMpdzgo0OMsABHLuIXnExtEsfxSZ7Cz/xJeclXCMyOfxujIhE1hPat2gz5Jp9lH+uazzrNbLdzioPcfOE90/s2lIa4HzjMy5essedEArY+azioAZ8G1kPYd0YqwIdZmBap0W1lE2DDeTJ9h3MiJNUsaYgPZGKXCMXttXxiNjQz22rEclXj29B0wiYcbuyljsRRZqwtMQiDdr7FMIOy6yrHOxgpSLsyIO9HVOcphzdSTPEEvr9Yx0D7/I7I6QWRynjIjaUf2Iv55oXSTFU6aMLJX4/35fwsuG4xl/IW9mA==
|
||||||
|
04746573740361646401310000FA00FF00000000003A08686D61632D6D6435077369672D616C670372656703696E74000000583FEEC3012C0010964109B23C0178075FBFD446B3ACD9AE3BFB00000000
|
||||||
|
test.add.1. 0 ANY TSIG hmac-md5.sig-alg.reg.int. 1480584899 300 16 lkEJsjwBeAdfv9RGs6zZrg== 15355 NOERROR 0
|
||||||
|
06626C61626C610000FA00FF00000000003A08686D61632D6D6435077369672D616C670372656703696E74000000583FEF34012C001093D99232CDADE6FAB9155D83BD0BD1EAE75F00000000
|
||||||
|
blabla. 0 ANY TSIG hmac-md5.sig-alg.reg.int. 1480585012 300 16 k9mSMs2t5vq5FV2DvQvR6g== 59231 NOERROR 0
|
||||||
|
06626C61626C610000FA00FF00000000003A08686D61632D6D6435077369672D616C670372656703696E74000000583F0000012C0010B017F1D34191B3EB5F4539B8B910A3C964BF00000000
|
||||||
|
blabla. 0 ANY TSIG hmac-md5.sig-alg.reg.int. 1480523776 300 16 sBfx00GRs+tfRTm4uRCjyQ== 25791 NOERROR 0
|
||||||
|
06626C61626C610000FA00FF00000000002A08686D61632D6D6435077369672D616C670372656703696E74000000583FF0E9012C0000E92C00100000
|
||||||
|
blabla. 0 ANY TSIG hmac-md5.sig-alg.reg.int. 1480585449 300 0 59692 BADSIG 0
|
||||||
|
06626C61626C610000FA00FF00000000003A08686D61632D6D6435077369672D616C670372656703696E74000000583FF0F6012C0010EB0BE51BCDAC1151F2AAC4ED04BBD14365BC00000000
|
||||||
|
blabla. 0 ANY TSIG hmac-md5.sig-alg.reg.int. 1480585462 300 16 6wvlG82sEVHyqsTtBLvRQw== 26044 NOERROR 0
|
||||||
|
21
testdata/test_sigs.ed25519
vendored
Normal file
21
testdata/test_sigs.ed25519
vendored
Normal file
@ -0,0 +1,21 @@
|
|||||||
|
; Signature test file
|
||||||
|
|
||||||
|
; first entry is a DNSKEY answer, with the DNSKEY rrset used for verification.
|
||||||
|
; later entries are verified with it.
|
||||||
|
|
||||||
|
ENTRY_BEGIN
|
||||||
|
SECTION QUESTION
|
||||||
|
example.com. IN DNSKEY
|
||||||
|
SECTION ANSWER
|
||||||
|
example.com. 3600 IN DNSKEY 256 3 15 +sZnc8HII6xxA9Ili5bboiKH0Ipv/Ap1aucIt/CVF2M= ;{id = 57147 (zsk), size = 256b}
|
||||||
|
ENTRY_END
|
||||||
|
|
||||||
|
; entry to test
|
||||||
|
ENTRY_BEGIN
|
||||||
|
SECTION QUESTION
|
||||||
|
www.example.com. IN A
|
||||||
|
SECTION ANSWER
|
||||||
|
www.example.com. 3600 IN A 10.0.0.1
|
||||||
|
www.example.com. 3600 IN RRSIG A 15 3 3600 20170627103620 20170530103620 57147 example.com. daYG6zZJ3BJwGOS4PC0tDnxssVNYoenOHocoIfx0GeXNkKHSyXF+XHgD5LKbG3ZN0dZJ/4To5eni9QXOXiR4CA==
|
||||||
|
ENTRY_END
|
||||||
|
|
@ -178,6 +178,7 @@ config_create(void)
|
|||||||
cfg->forwards = NULL;
|
cfg->forwards = NULL;
|
||||||
#ifdef CLIENT_SUBNET
|
#ifdef CLIENT_SUBNET
|
||||||
cfg->client_subnet = NULL;
|
cfg->client_subnet = NULL;
|
||||||
|
cfg->client_subnet_zone = NULL;
|
||||||
cfg->client_subnet_opcode = LDNS_EDNS_CLIENT_SUBNET;
|
cfg->client_subnet_opcode = LDNS_EDNS_CLIENT_SUBNET;
|
||||||
cfg->client_subnet_always_forward = 0;
|
cfg->client_subnet_always_forward = 0;
|
||||||
cfg->max_client_subnet_ipv4 = 24;
|
cfg->max_client_subnet_ipv4 = 24;
|
||||||
@ -206,6 +207,7 @@ config_create(void)
|
|||||||
cfg->trust_anchor_file_list = NULL;
|
cfg->trust_anchor_file_list = NULL;
|
||||||
cfg->trust_anchor_list = NULL;
|
cfg->trust_anchor_list = NULL;
|
||||||
cfg->trusted_keys_file_list = NULL;
|
cfg->trusted_keys_file_list = NULL;
|
||||||
|
cfg->trust_anchor_signaling = 0;
|
||||||
cfg->dlv_anchor_file = NULL;
|
cfg->dlv_anchor_file = NULL;
|
||||||
cfg->dlv_anchor_list = NULL;
|
cfg->dlv_anchor_list = NULL;
|
||||||
cfg->domain_insecure = NULL;
|
cfg->domain_insecure = NULL;
|
||||||
@ -227,6 +229,7 @@ config_create(void)
|
|||||||
cfg->neg_cache_size = 1 * 1024 * 1024;
|
cfg->neg_cache_size = 1 * 1024 * 1024;
|
||||||
cfg->local_zones = NULL;
|
cfg->local_zones = NULL;
|
||||||
cfg->local_zones_nodefault = NULL;
|
cfg->local_zones_nodefault = NULL;
|
||||||
|
cfg->local_zones_disable_default = 0;
|
||||||
cfg->local_data = NULL;
|
cfg->local_data = NULL;
|
||||||
cfg->local_zone_overrides = NULL;
|
cfg->local_zone_overrides = NULL;
|
||||||
cfg->unblock_lan_zones = 0;
|
cfg->unblock_lan_zones = 0;
|
||||||
@ -279,6 +282,14 @@ config_create(void)
|
|||||||
cfg->dnscrypt_provider = NULL;
|
cfg->dnscrypt_provider = NULL;
|
||||||
cfg->dnscrypt_provider_cert = NULL;
|
cfg->dnscrypt_provider_cert = NULL;
|
||||||
cfg->dnscrypt_secret_key = NULL;
|
cfg->dnscrypt_secret_key = NULL;
|
||||||
|
#ifdef USE_IPSECMOD
|
||||||
|
cfg->ipsecmod_enabled = 1;
|
||||||
|
cfg->ipsecmod_ignore_bogus = 0;
|
||||||
|
cfg->ipsecmod_hook = NULL;
|
||||||
|
cfg->ipsecmod_max_ttl = 3600;
|
||||||
|
cfg->ipsecmod_whitelist = NULL;
|
||||||
|
cfg->ipsecmod_strict = 0;
|
||||||
|
#endif
|
||||||
return cfg;
|
return cfg;
|
||||||
error_exit:
|
error_exit:
|
||||||
config_delete(cfg);
|
config_delete(cfg);
|
||||||
@ -480,6 +491,7 @@ int config_set_option(struct config_file* cfg, const char* opt,
|
|||||||
else S_STRLIST("trust-anchor-file:", trust_anchor_file_list)
|
else S_STRLIST("trust-anchor-file:", trust_anchor_file_list)
|
||||||
else S_STRLIST("trust-anchor:", trust_anchor_list)
|
else S_STRLIST("trust-anchor:", trust_anchor_list)
|
||||||
else S_STRLIST("trusted-keys-file:", trusted_keys_file_list)
|
else S_STRLIST("trusted-keys-file:", trusted_keys_file_list)
|
||||||
|
else S_YNO("trust-anchor-signaling:", trust_anchor_signaling)
|
||||||
else S_STR("dlv-anchor-file:", dlv_anchor_file)
|
else S_STR("dlv-anchor-file:", dlv_anchor_file)
|
||||||
else S_STRLIST("dlv-anchor:", dlv_anchor_list)
|
else S_STRLIST("dlv-anchor:", dlv_anchor_list)
|
||||||
else S_STRLIST("domain-insecure:", domain_insecure)
|
else S_STRLIST("domain-insecure:", domain_insecure)
|
||||||
@ -522,6 +534,33 @@ int config_set_option(struct config_file* cfg, const char* opt,
|
|||||||
* generating the address tree. */
|
* generating the address tree. */
|
||||||
/* No client-subnet-always-forward here, module registration depends on
|
/* No client-subnet-always-forward here, module registration depends on
|
||||||
* this option. */
|
* this option. */
|
||||||
|
#endif
|
||||||
|
#ifdef USE_DNSTAP
|
||||||
|
else S_YNO("dnstap-enable:", dnstap)
|
||||||
|
else S_STR("dnstap-socket-path:", dnstap_socket_path)
|
||||||
|
else S_YNO("dnstap-send-identity:", dnstap_send_identity)
|
||||||
|
else S_YNO("dnstap-send-version:", dnstap_send_version)
|
||||||
|
else S_STR("dnstap-identity:", dnstap_identity)
|
||||||
|
else S_STR("dnstap-version:", dnstap_version)
|
||||||
|
else S_YNO("dnstap-log-resolver-query-messages:",
|
||||||
|
dnstap_log_resolver_query_messages)
|
||||||
|
else S_YNO("dnstap-log-resolver-response-messages:",
|
||||||
|
dnstap_log_resolver_response_messages)
|
||||||
|
else S_YNO("dnstap-log-client-query-messages:",
|
||||||
|
dnstap_log_client_query_messages)
|
||||||
|
else S_YNO("dnstap-log-client-response-messages:",
|
||||||
|
dnstap_log_client_response_messages)
|
||||||
|
else S_YNO("dnstap-log-forwarder-query-messages:",
|
||||||
|
dnstap_log_forwarder_query_messages)
|
||||||
|
else S_YNO("dnstap-log-forwarder-response-messages:",
|
||||||
|
dnstap_log_forwarder_response_messages)
|
||||||
|
#endif
|
||||||
|
#ifdef USE_DNSCRYPT
|
||||||
|
else S_YNO("dnscrypt-enable:", dnscrypt)
|
||||||
|
else S_NUMBER_NONZERO("dnscrypt-port:", dnscrypt_port)
|
||||||
|
else S_STR("dnscrypt-provider:", dnscrypt_provider)
|
||||||
|
else S_STRLIST("dnscrypt-provider-cert:", dnscrypt_provider_cert)
|
||||||
|
else S_STRLIST("dnscrypt-secret-key:", dnscrypt_secret_key)
|
||||||
#endif
|
#endif
|
||||||
else if(strcmp(opt, "ip-ratelimit:") == 0) {
|
else if(strcmp(opt, "ip-ratelimit:") == 0) {
|
||||||
IS_NUMBER_OR_ZERO; cfg->ip_ratelimit = atoi(val);
|
IS_NUMBER_OR_ZERO; cfg->ip_ratelimit = atoi(val);
|
||||||
@ -539,6 +578,13 @@ int config_set_option(struct config_file* cfg, const char* opt,
|
|||||||
else S_NUMBER_OR_ZERO("ratelimit-factor:", ratelimit_factor)
|
else S_NUMBER_OR_ZERO("ratelimit-factor:", ratelimit_factor)
|
||||||
else S_YNO("qname-minimisation:", qname_minimisation)
|
else S_YNO("qname-minimisation:", qname_minimisation)
|
||||||
else S_YNO("qname-minimisation-strict:", qname_minimisation_strict)
|
else S_YNO("qname-minimisation-strict:", qname_minimisation_strict)
|
||||||
|
#ifdef USE_IPSECMOD
|
||||||
|
else S_YNO("ipsecmod-enabled:", ipsecmod_enabled)
|
||||||
|
else S_YNO("ipsecmod-ignore-bogus:", ipsecmod_ignore_bogus)
|
||||||
|
else if(strcmp(opt, "ipsecmod-max-ttl:") == 0)
|
||||||
|
{ IS_NUMBER_OR_ZERO; cfg->ipsecmod_max_ttl = atoi(val); }
|
||||||
|
else S_YNO("ipsecmod-strict:", ipsecmod_strict)
|
||||||
|
#endif
|
||||||
else if(strcmp(opt, "define-tag:") ==0) {
|
else if(strcmp(opt, "define-tag:") ==0) {
|
||||||
return config_add_tag(cfg, val);
|
return config_add_tag(cfg, val);
|
||||||
/* val_sig_skew_min and max are copied into val_env during init,
|
/* val_sig_skew_min and max are copied into val_env during init,
|
||||||
@ -560,15 +606,16 @@ int config_set_option(struct config_file* cfg, const char* opt,
|
|||||||
cfg->out_ifs = oi;
|
cfg->out_ifs = oi;
|
||||||
} else {
|
} else {
|
||||||
/* unknown or unsupported (from the set_option interface):
|
/* unknown or unsupported (from the set_option interface):
|
||||||
* interface, outgoing-interface, access-control,
|
* interface, outgoing-interface, access-control,
|
||||||
* stub-zone, name, stub-addr, stub-host, stub-prime
|
* stub-zone, name, stub-addr, stub-host, stub-prime
|
||||||
* forward-first, stub-first, forward-ssl-upstream,
|
* forward-first, stub-first, forward-ssl-upstream,
|
||||||
* stub-ssl-upstream, forward-zone,
|
* stub-ssl-upstream, forward-zone,
|
||||||
* name, forward-addr, forward-host,
|
* name, forward-addr, forward-host,
|
||||||
* ratelimit-for-domain, ratelimit-below-domain,
|
* ratelimit-for-domain, ratelimit-below-domain,
|
||||||
* local-zone-tag, access-control-view
|
* local-zone-tag, access-control-view,
|
||||||
* send-client-subnet client-subnet-always-forward
|
* send-client-subnet, client-subnet-always-forward,
|
||||||
* max-client-subnet-ipv4 max-client-subnet-ipv6 */
|
* max-client-subnet-ipv4, max-client-subnet-ipv6, ipsecmod_hook,
|
||||||
|
* ipsecmod_whitelist. */
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
return 1;
|
return 1;
|
||||||
@ -834,6 +881,7 @@ config_get_option(struct config_file* cfg, const char* opt,
|
|||||||
else O_LST(opt, "trust-anchor-file", trust_anchor_file_list)
|
else O_LST(opt, "trust-anchor-file", trust_anchor_file_list)
|
||||||
else O_LST(opt, "trust-anchor", trust_anchor_list)
|
else O_LST(opt, "trust-anchor", trust_anchor_list)
|
||||||
else O_LST(opt, "trusted-keys-file", trusted_keys_file_list)
|
else O_LST(opt, "trusted-keys-file", trusted_keys_file_list)
|
||||||
|
else O_YNO(opt, "trust-anchor-signaling", trust_anchor_signaling)
|
||||||
else O_LST(opt, "dlv-anchor", dlv_anchor_list)
|
else O_LST(opt, "dlv-anchor", dlv_anchor_list)
|
||||||
else O_LST(opt, "control-interface", control_ifs)
|
else O_LST(opt, "control-interface", control_ifs)
|
||||||
else O_LST(opt, "domain-insecure", domain_insecure)
|
else O_LST(opt, "domain-insecure", domain_insecure)
|
||||||
@ -842,10 +890,38 @@ config_get_option(struct config_file* cfg, const char* opt,
|
|||||||
else O_YNO(opt, "rrset-roundrobin", rrset_roundrobin)
|
else O_YNO(opt, "rrset-roundrobin", rrset_roundrobin)
|
||||||
#ifdef CLIENT_SUBNET
|
#ifdef CLIENT_SUBNET
|
||||||
else O_LST(opt, "send-client-subnet", client_subnet)
|
else O_LST(opt, "send-client-subnet", client_subnet)
|
||||||
|
else O_LST(opt, "client-subnet-zone", client_subnet_zone)
|
||||||
else O_DEC(opt, "max-client-subnet-ipv4", max_client_subnet_ipv4)
|
else O_DEC(opt, "max-client-subnet-ipv4", max_client_subnet_ipv4)
|
||||||
else O_DEC(opt, "max-client-subnet-ipv6", max_client_subnet_ipv6)
|
else O_DEC(opt, "max-client-subnet-ipv6", max_client_subnet_ipv6)
|
||||||
else O_YNO(opt, "client-subnet-always-forward:",
|
else O_YNO(opt, "client-subnet-always-forward:",
|
||||||
client_subnet_always_forward)
|
client_subnet_always_forward)
|
||||||
|
#endif
|
||||||
|
#ifdef USE_DNSTAP
|
||||||
|
else O_YNO(opt, "dnstap-enable", dnstap)
|
||||||
|
else O_STR(opt, "dnstap-socket-path", dnstap_socket_path)
|
||||||
|
else O_YNO(opt, "dnstap-send-identity", dnstap_send_identity)
|
||||||
|
else O_YNO(opt, "dnstap-send-version", dnstap_send_version)
|
||||||
|
else O_STR(opt, "dnstap-identity", dnstap_identity)
|
||||||
|
else O_STR(opt, "dnstap-version", dnstap_version)
|
||||||
|
else O_YNO(opt, "dnstap-log-resolver-query-messages",
|
||||||
|
dnstap_log_resolver_query_messages)
|
||||||
|
else O_YNO(opt, "dnstap-log-resolver-response-messages",
|
||||||
|
dnstap_log_resolver_response_messages)
|
||||||
|
else O_YNO(opt, "dnstap-log-client-query-messages",
|
||||||
|
dnstap_log_client_query_messages)
|
||||||
|
else O_YNO(opt, "dnstap-log-client-response-messages",
|
||||||
|
dnstap_log_client_response_messages)
|
||||||
|
else O_YNO(opt, "dnstap-log-forwarder-query-messages",
|
||||||
|
dnstap_log_forwarder_query_messages)
|
||||||
|
else O_YNO(opt, "dnstap-log-forwarder-response-messages",
|
||||||
|
dnstap_log_forwarder_response_messages)
|
||||||
|
#endif
|
||||||
|
#ifdef USE_DNSCRYPT
|
||||||
|
else O_YNO(opt, "dnscrypt-enable", dnscrypt)
|
||||||
|
else O_DEC(opt, "dnscrypt-port", dnscrypt_port)
|
||||||
|
else O_STR(opt, "dnscrypt-provider", dnscrypt_provider)
|
||||||
|
else O_LST(opt, "dnscrypt-provider-cert", dnscrypt_provider_cert)
|
||||||
|
else O_LST(opt, "dnscrypt-secret-key", dnscrypt_secret_key)
|
||||||
#endif
|
#endif
|
||||||
else O_YNO(opt, "unblock-lan-zones", unblock_lan_zones)
|
else O_YNO(opt, "unblock-lan-zones", unblock_lan_zones)
|
||||||
else O_YNO(opt, "insecure-lan-zones", insecure_lan_zones)
|
else O_YNO(opt, "insecure-lan-zones", insecure_lan_zones)
|
||||||
@ -874,6 +950,14 @@ config_get_option(struct config_file* cfg, const char* opt,
|
|||||||
else O_LS3(opt, "access-control-tag-action", acl_tag_actions)
|
else O_LS3(opt, "access-control-tag-action", acl_tag_actions)
|
||||||
else O_LS3(opt, "access-control-tag-data", acl_tag_datas)
|
else O_LS3(opt, "access-control-tag-data", acl_tag_datas)
|
||||||
else O_LS2(opt, "access-control-view", acl_view)
|
else O_LS2(opt, "access-control-view", acl_view)
|
||||||
|
#ifdef USE_IPSECMOD
|
||||||
|
else O_YNO(opt, "ipsecmod-enabled", ipsecmod_enabled)
|
||||||
|
else O_YNO(opt, "ipsecmod-ignore-bogus", ipsecmod_ignore_bogus)
|
||||||
|
else O_STR(opt, "ipsecmod-hook", ipsecmod_hook)
|
||||||
|
else O_DEC(opt, "ipsecmod-max-ttl", ipsecmod_max_ttl)
|
||||||
|
else O_LST(opt, "ipsecmod-whitelist", ipsecmod_whitelist)
|
||||||
|
else O_YNO(opt, "ipsecmod-strict", ipsecmod_strict)
|
||||||
|
#endif
|
||||||
/* not here:
|
/* not here:
|
||||||
* outgoing-permit, outgoing-avoid - have list of ports
|
* outgoing-permit, outgoing-avoid - have list of ports
|
||||||
* local-zone - zones and nodefault variables
|
* local-zone - zones and nodefault variables
|
||||||
@ -1131,11 +1215,13 @@ config_delete(struct config_file* cfg)
|
|||||||
config_delstrlist(cfg->root_hints);
|
config_delstrlist(cfg->root_hints);
|
||||||
#ifdef CLIENT_SUBNET
|
#ifdef CLIENT_SUBNET
|
||||||
config_delstrlist(cfg->client_subnet);
|
config_delstrlist(cfg->client_subnet);
|
||||||
|
config_delstrlist(cfg->client_subnet_zone);
|
||||||
#endif
|
#endif
|
||||||
free(cfg->identity);
|
free(cfg->identity);
|
||||||
free(cfg->version);
|
free(cfg->version);
|
||||||
free(cfg->module_conf);
|
free(cfg->module_conf);
|
||||||
free(cfg->outgoing_avail_ports);
|
free(cfg->outgoing_avail_ports);
|
||||||
|
free(cfg->python_script);
|
||||||
config_delstrlist(cfg->caps_whitelist);
|
config_delstrlist(cfg->caps_whitelist);
|
||||||
config_delstrlist(cfg->private_address);
|
config_delstrlist(cfg->private_address);
|
||||||
config_delstrlist(cfg->private_domain);
|
config_delstrlist(cfg->private_domain);
|
||||||
@ -1169,6 +1255,10 @@ config_delete(struct config_file* cfg)
|
|||||||
free(cfg->dnstap_version);
|
free(cfg->dnstap_version);
|
||||||
config_deldblstrlist(cfg->ratelimit_for_domain);
|
config_deldblstrlist(cfg->ratelimit_for_domain);
|
||||||
config_deldblstrlist(cfg->ratelimit_below_domain);
|
config_deldblstrlist(cfg->ratelimit_below_domain);
|
||||||
|
#ifdef USE_IPSECMOD
|
||||||
|
free(cfg->ipsecmod_hook);
|
||||||
|
config_delstrlist(cfg->ipsecmod_whitelist);
|
||||||
|
#endif
|
||||||
free(cfg);
|
free(cfg);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -176,6 +176,8 @@ struct config_file {
|
|||||||
/** list of servers we send edns-client-subnet option to and
|
/** list of servers we send edns-client-subnet option to and
|
||||||
* accept option from, linked list */
|
* accept option from, linked list */
|
||||||
struct config_strlist* client_subnet;
|
struct config_strlist* client_subnet;
|
||||||
|
/** list of zones we send edns-client-subnet option for */
|
||||||
|
struct config_strlist* client_subnet_zone;
|
||||||
/** opcode assigned by IANA for edns0-client-subnet option */
|
/** opcode assigned by IANA for edns0-client-subnet option */
|
||||||
uint16_t client_subnet_opcode;
|
uint16_t client_subnet_opcode;
|
||||||
/** Do not check whitelist if incoming query contains an ECS record */
|
/** Do not check whitelist if incoming query contains an ECS record */
|
||||||
@ -274,6 +276,8 @@ struct config_file {
|
|||||||
struct config_strlist* dlv_anchor_list;
|
struct config_strlist* dlv_anchor_list;
|
||||||
/** insecure domain list */
|
/** insecure domain list */
|
||||||
struct config_strlist* domain_insecure;
|
struct config_strlist* domain_insecure;
|
||||||
|
/** send key tag query */
|
||||||
|
int trust_anchor_signaling;
|
||||||
|
|
||||||
/** if not 0, this value is the validation date for RRSIGs */
|
/** if not 0, this value is the validation date for RRSIGs */
|
||||||
int32_t val_date_override;
|
int32_t val_date_override;
|
||||||
@ -317,6 +321,8 @@ struct config_file {
|
|||||||
struct config_str2list* local_zones;
|
struct config_str2list* local_zones;
|
||||||
/** local zones nodefault list */
|
/** local zones nodefault list */
|
||||||
struct config_strlist* local_zones_nodefault;
|
struct config_strlist* local_zones_nodefault;
|
||||||
|
/** do not add any default local zone */
|
||||||
|
int local_zones_disable_default;
|
||||||
/** local data RRs configured */
|
/** local data RRs configured */
|
||||||
struct config_strlist* local_data;
|
struct config_strlist* local_data;
|
||||||
/** local zone override types per netblock */
|
/** local zone override types per netblock */
|
||||||
@ -458,6 +464,22 @@ struct config_file {
|
|||||||
struct config_strlist* dnscrypt_secret_key;
|
struct config_strlist* dnscrypt_secret_key;
|
||||||
/** dnscrypt provider certs 1.cert */
|
/** dnscrypt provider certs 1.cert */
|
||||||
struct config_strlist* dnscrypt_provider_cert;
|
struct config_strlist* dnscrypt_provider_cert;
|
||||||
|
|
||||||
|
/** IPsec module */
|
||||||
|
#ifdef USE_IPSECMOD
|
||||||
|
/** false to bypass the IPsec module */
|
||||||
|
int ipsecmod_enabled;
|
||||||
|
/** whitelisted domains for ipsecmod */
|
||||||
|
struct config_strlist* ipsecmod_whitelist;
|
||||||
|
/** path to external hook */
|
||||||
|
char* ipsecmod_hook;
|
||||||
|
/** true to proceed even with a bogus IPSECKEY */
|
||||||
|
int ipsecmod_ignore_bogus;
|
||||||
|
/** max TTL for the A/AAAA records that call the hook */
|
||||||
|
int ipsecmod_max_ttl;
|
||||||
|
/** false to proceed even when ipsecmod_hook fails */
|
||||||
|
int ipsecmod_strict;
|
||||||
|
#endif
|
||||||
};
|
};
|
||||||
|
|
||||||
/** from cfg username, after daemonise setup performed */
|
/** from cfg username, after daemonise setup performed */
|
||||||
|
4196
util/configlexer.c
4196
util/configlexer.c
File diff suppressed because it is too large
Load Diff
Some files were not shown because too many files have changed in this diff Show More
Loading…
Reference in New Issue
Block a user