unbound: Vendor import 1.17.1
Release notes at https://www.nlnetlabs.nl/news/2023/Jan/12/unbound-1.17.1-released/.
This commit is contained in:
parent
643f9a0581
commit
7699e1386a
@ -616,7 +616,7 @@ install-all: all $(PYTHONMOD_INSTALL) $(PYUNBOUND_INSTALL) $(UNBOUND_EVENT_INSTA
|
|||||||
$(INSTALL) -c -m 644 doc/unbound.conf.5 $(DESTDIR)$(mandir)/man5
|
$(INSTALL) -c -m 644 doc/unbound.conf.5 $(DESTDIR)$(mandir)/man5
|
||||||
$(INSTALL) -c -m 644 doc/unbound-host.1 $(DESTDIR)$(mandir)/man1
|
$(INSTALL) -c -m 644 doc/unbound-host.1 $(DESTDIR)$(mandir)/man1
|
||||||
$(INSTALL) -c -m 755 unbound-control-setup $(DESTDIR)$(sbindir)/unbound-control-setup
|
$(INSTALL) -c -m 755 unbound-control-setup $(DESTDIR)$(sbindir)/unbound-control-setup
|
||||||
if test ! -e $(DESTDIR)$(configfile); then $(INSTALL) -d `dirname $(DESTDIR)$(configfile)`; $(INSTALL) -c -m 644 doc/example.conf $(DESTDIR)$(configfile); fi
|
if test ! -e "$(DESTDIR)$(configfile)"; then $(INSTALL) -d `dirname "$(DESTDIR)$(configfile)"`; $(INSTALL) -c -m 644 doc/example.conf "$(DESTDIR)$(configfile)"; fi
|
||||||
|
|
||||||
pythonmod-uninstall:
|
pythonmod-uninstall:
|
||||||
rm -f -- $(DESTDIR)$(PYTHON_SITE_PKG)/unboundmodule.py
|
rm -f -- $(DESTDIR)$(PYTHON_SITE_PKG)/unboundmodule.py
|
||||||
@ -645,7 +645,7 @@ uninstall: $(PYTHONMOD_UNINSTALL) $(PYUNBOUND_UNINSTALL) $(UNBOUND_EVENT_UNINSTA
|
|||||||
rm -f -- $(DESTDIR)$(includedir)/unbound.h
|
rm -f -- $(DESTDIR)$(includedir)/unbound.h
|
||||||
$(LIBTOOL) --mode=uninstall rm -f $(DESTDIR)$(libdir)/libunbound.la
|
$(LIBTOOL) --mode=uninstall rm -f $(DESTDIR)$(libdir)/libunbound.la
|
||||||
@echo
|
@echo
|
||||||
@echo "You still need to remove "`dirname $(DESTDIR)$(configfile)`" , $(DESTDIR)$(configfile) by hand"
|
@echo "You still need to remove "`dirname "$(DESTDIR)$(configfile)"`" , $(DESTDIR)$(configfile) by hand"
|
||||||
|
|
||||||
iana_update:
|
iana_update:
|
||||||
curl -o port-numbers.tmp https://www.iana.org/assignments/service-names-port-numbers/service-names-port-numbers.xml --compressed
|
curl -o port-numbers.tmp https://www.iana.org/assignments/service-names-port-numbers/service-names-port-numbers.xml --compressed
|
||||||
|
@ -4,6 +4,7 @@
|
|||||||
[![Packaging status](https://repology.org/badge/tiny-repos/unbound.svg)](https://repology.org/project/unbound/versions)
|
[![Packaging status](https://repology.org/badge/tiny-repos/unbound.svg)](https://repology.org/project/unbound/versions)
|
||||||
[![Fuzzing Status](https://oss-fuzz-build-logs.storage.googleapis.com/badges/unbound.svg)](https://bugs.chromium.org/p/oss-fuzz/issues/list?sort=-opened&can=1&q=proj:unbound)
|
[![Fuzzing Status](https://oss-fuzz-build-logs.storage.googleapis.com/badges/unbound.svg)](https://bugs.chromium.org/p/oss-fuzz/issues/list?sort=-opened&can=1&q=proj:unbound)
|
||||||
[![Documentation Status](https://readthedocs.org/projects/unbound/badge/?version=latest)](https://unbound.readthedocs.io/en/latest/?badge=latest)
|
[![Documentation Status](https://readthedocs.org/projects/unbound/badge/?version=latest)](https://unbound.readthedocs.io/en/latest/?badge=latest)
|
||||||
|
[![Mastodon Follow](https://img.shields.io/mastodon/follow/109262826617293067?domain=https%3A%2F%2Ffosstodon.org&style=social)](https://fosstodon.org/@nlnetlabs)
|
||||||
|
|
||||||
Unbound is a validating, recursive, caching DNS resolver. It is designed to be
|
Unbound is a validating, recursive, caching DNS resolver. It is designed to be
|
||||||
fast and lean and incorporates modern features based on open standards. If you
|
fast and lean and incorporates modern features based on open standards. If you
|
||||||
|
@ -390,6 +390,15 @@ prep_data(struct module_qstate* qstate, struct sldns_buffer* buf)
|
|||||||
|
|
||||||
if(!qstate->return_msg || !qstate->return_msg->rep)
|
if(!qstate->return_msg || !qstate->return_msg->rep)
|
||||||
return 0;
|
return 0;
|
||||||
|
/* do not store failures like SERVFAIL in the cachedb, this avoids
|
||||||
|
* overwriting expired, valid, content with broken content. */
|
||||||
|
if(FLAGS_GET_RCODE(qstate->return_msg->rep->flags) !=
|
||||||
|
LDNS_RCODE_NOERROR &&
|
||||||
|
FLAGS_GET_RCODE(qstate->return_msg->rep->flags) !=
|
||||||
|
LDNS_RCODE_NXDOMAIN &&
|
||||||
|
FLAGS_GET_RCODE(qstate->return_msg->rep->flags) !=
|
||||||
|
LDNS_RCODE_YXDOMAIN)
|
||||||
|
return 0;
|
||||||
/* We don't store the reply if its TTL is 0 unless serve-expired is
|
/* We don't store the reply if its TTL is 0 unless serve-expired is
|
||||||
* enabled. Such a reply won't be reusable and simply be a waste for
|
* enabled. Such a reply won't be reusable and simply be a waste for
|
||||||
* the backend. It's also compatible with the default behavior of
|
* the backend. It's also compatible with the default behavior of
|
||||||
@ -542,10 +551,16 @@ parse_data(struct module_qstate* qstate, struct sldns_buffer* buf)
|
|||||||
verbose(VERB_ALGO, "cachedb msg expired");
|
verbose(VERB_ALGO, "cachedb msg expired");
|
||||||
/* If serve-expired is enabled, we still use an expired message
|
/* If serve-expired is enabled, we still use an expired message
|
||||||
* setting the TTL to 0. */
|
* setting the TTL to 0. */
|
||||||
if(qstate->env->cfg->serve_expired)
|
if(!qstate->env->cfg->serve_expired ||
|
||||||
adjust = -1;
|
(FLAGS_GET_RCODE(qstate->return_msg->rep->flags)
|
||||||
else
|
!= LDNS_RCODE_NOERROR &&
|
||||||
|
FLAGS_GET_RCODE(qstate->return_msg->rep->flags)
|
||||||
|
!= LDNS_RCODE_NXDOMAIN &&
|
||||||
|
FLAGS_GET_RCODE(qstate->return_msg->rep->flags)
|
||||||
|
!= LDNS_RCODE_YXDOMAIN))
|
||||||
return 0; /* message expired */
|
return 0; /* message expired */
|
||||||
|
else
|
||||||
|
adjust = -1;
|
||||||
}
|
}
|
||||||
verbose(VERB_ALGO, "cachedb msg adjusted down by %d", (int)adjust);
|
verbose(VERB_ALGO, "cachedb msg adjusted down by %d", (int)adjust);
|
||||||
adjust_msg_ttl(qstate->return_msg, adjust);
|
adjust_msg_ttl(qstate->return_msg, adjust);
|
||||||
|
25
configure
vendored
25
configure
vendored
@ -1,6 +1,6 @@
|
|||||||
#! /bin/sh
|
#! /bin/sh
|
||||||
# Guess values for system-dependent variables and create Makefiles.
|
# Guess values for system-dependent variables and create Makefiles.
|
||||||
# Generated by GNU Autoconf 2.69 for unbound 1.17.0.
|
# Generated by GNU Autoconf 2.69 for unbound 1.17.1.
|
||||||
#
|
#
|
||||||
# Report bugs to <unbound-bugs@nlnetlabs.nl or https://github.com/NLnetLabs/unbound/issues>.
|
# Report bugs to <unbound-bugs@nlnetlabs.nl or https://github.com/NLnetLabs/unbound/issues>.
|
||||||
#
|
#
|
||||||
@ -591,8 +591,8 @@ MAKEFLAGS=
|
|||||||
# Identity of this package.
|
# Identity of this package.
|
||||||
PACKAGE_NAME='unbound'
|
PACKAGE_NAME='unbound'
|
||||||
PACKAGE_TARNAME='unbound'
|
PACKAGE_TARNAME='unbound'
|
||||||
PACKAGE_VERSION='1.17.0'
|
PACKAGE_VERSION='1.17.1'
|
||||||
PACKAGE_STRING='unbound 1.17.0'
|
PACKAGE_STRING='unbound 1.17.1'
|
||||||
PACKAGE_BUGREPORT='unbound-bugs@nlnetlabs.nl or https://github.com/NLnetLabs/unbound/issues'
|
PACKAGE_BUGREPORT='unbound-bugs@nlnetlabs.nl or https://github.com/NLnetLabs/unbound/issues'
|
||||||
PACKAGE_URL=''
|
PACKAGE_URL=''
|
||||||
|
|
||||||
@ -1477,7 +1477,7 @@ if test "$ac_init_help" = "long"; then
|
|||||||
# Omit some internal or obsolete options to make the list less imposing.
|
# Omit some internal or obsolete options to make the list less imposing.
|
||||||
# This message is too long to be a string in the A/UX 3.1 sh.
|
# This message is too long to be a string in the A/UX 3.1 sh.
|
||||||
cat <<_ACEOF
|
cat <<_ACEOF
|
||||||
\`configure' configures unbound 1.17.0 to adapt to many kinds of systems.
|
\`configure' configures unbound 1.17.1 to adapt to many kinds of systems.
|
||||||
|
|
||||||
Usage: $0 [OPTION]... [VAR=VALUE]...
|
Usage: $0 [OPTION]... [VAR=VALUE]...
|
||||||
|
|
||||||
@ -1543,7 +1543,7 @@ fi
|
|||||||
|
|
||||||
if test -n "$ac_init_help"; then
|
if test -n "$ac_init_help"; then
|
||||||
case $ac_init_help in
|
case $ac_init_help in
|
||||||
short | recursive ) echo "Configuration of unbound 1.17.0:";;
|
short | recursive ) echo "Configuration of unbound 1.17.1:";;
|
||||||
esac
|
esac
|
||||||
cat <<\_ACEOF
|
cat <<\_ACEOF
|
||||||
|
|
||||||
@ -1785,7 +1785,7 @@ fi
|
|||||||
test -n "$ac_init_help" && exit $ac_status
|
test -n "$ac_init_help" && exit $ac_status
|
||||||
if $ac_init_version; then
|
if $ac_init_version; then
|
||||||
cat <<\_ACEOF
|
cat <<\_ACEOF
|
||||||
unbound configure 1.17.0
|
unbound configure 1.17.1
|
||||||
generated by GNU Autoconf 2.69
|
generated by GNU Autoconf 2.69
|
||||||
|
|
||||||
Copyright (C) 2012 Free Software Foundation, Inc.
|
Copyright (C) 2012 Free Software Foundation, Inc.
|
||||||
@ -2494,7 +2494,7 @@ cat >config.log <<_ACEOF
|
|||||||
This file contains any messages produced by compilers while
|
This file contains any messages produced by compilers while
|
||||||
running configure, to aid debugging if configure makes a mistake.
|
running configure, to aid debugging if configure makes a mistake.
|
||||||
|
|
||||||
It was created by unbound $as_me 1.17.0, which was
|
It was created by unbound $as_me 1.17.1, which was
|
||||||
generated by GNU Autoconf 2.69. Invocation command line was
|
generated by GNU Autoconf 2.69. Invocation command line was
|
||||||
|
|
||||||
$ $0 $@
|
$ $0 $@
|
||||||
@ -2846,11 +2846,11 @@ UNBOUND_VERSION_MAJOR=1
|
|||||||
|
|
||||||
UNBOUND_VERSION_MINOR=17
|
UNBOUND_VERSION_MINOR=17
|
||||||
|
|
||||||
UNBOUND_VERSION_MICRO=0
|
UNBOUND_VERSION_MICRO=1
|
||||||
|
|
||||||
|
|
||||||
LIBUNBOUND_CURRENT=9
|
LIBUNBOUND_CURRENT=9
|
||||||
LIBUNBOUND_REVISION=20
|
LIBUNBOUND_REVISION=21
|
||||||
LIBUNBOUND_AGE=1
|
LIBUNBOUND_AGE=1
|
||||||
# 1.0.0 had 0:12:0
|
# 1.0.0 had 0:12:0
|
||||||
# 1.0.1 had 0:13:0
|
# 1.0.1 had 0:13:0
|
||||||
@ -2938,6 +2938,7 @@ LIBUNBOUND_AGE=1
|
|||||||
# 1.16.2 had 9:18:1
|
# 1.16.2 had 9:18:1
|
||||||
# 1.16.3 had 9:19:1
|
# 1.16.3 had 9:19:1
|
||||||
# 1.17.0 had 9:20:1
|
# 1.17.0 had 9:20:1
|
||||||
|
# 1.17.1 had 9:21:1
|
||||||
|
|
||||||
# Current -- the number of the binary API that we're implementing
|
# Current -- the number of the binary API that we're implementing
|
||||||
# Revision -- which iteration of the implementation of the binary
|
# Revision -- which iteration of the implementation of the binary
|
||||||
@ -22085,7 +22086,7 @@ _ACEOF
|
|||||||
|
|
||||||
|
|
||||||
|
|
||||||
version=1.17.0
|
version=1.17.1
|
||||||
|
|
||||||
date=`date +'%b %e, %Y'`
|
date=`date +'%b %e, %Y'`
|
||||||
|
|
||||||
@ -22604,7 +22605,7 @@ cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
|
|||||||
# report actual input values of CONFIG_FILES etc. instead of their
|
# report actual input values of CONFIG_FILES etc. instead of their
|
||||||
# values after options handling.
|
# values after options handling.
|
||||||
ac_log="
|
ac_log="
|
||||||
This file was extended by unbound $as_me 1.17.0, which was
|
This file was extended by unbound $as_me 1.17.1, which was
|
||||||
generated by GNU Autoconf 2.69. Invocation command line was
|
generated by GNU Autoconf 2.69. Invocation command line was
|
||||||
|
|
||||||
CONFIG_FILES = $CONFIG_FILES
|
CONFIG_FILES = $CONFIG_FILES
|
||||||
@ -22670,7 +22671,7 @@ _ACEOF
|
|||||||
cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
|
cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
|
||||||
ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`"
|
ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`"
|
||||||
ac_cs_version="\\
|
ac_cs_version="\\
|
||||||
unbound config.status 1.17.0
|
unbound config.status 1.17.1
|
||||||
configured by $0, generated by GNU Autoconf 2.69,
|
configured by $0, generated by GNU Autoconf 2.69,
|
||||||
with options \\"\$ac_cs_config\\"
|
with options \\"\$ac_cs_config\\"
|
||||||
|
|
||||||
|
@ -11,14 +11,14 @@ sinclude(dnscrypt/dnscrypt.m4)
|
|||||||
# must be numbers. ac_defun because of later processing
|
# must be numbers. ac_defun because of later processing
|
||||||
m4_define([VERSION_MAJOR],[1])
|
m4_define([VERSION_MAJOR],[1])
|
||||||
m4_define([VERSION_MINOR],[17])
|
m4_define([VERSION_MINOR],[17])
|
||||||
m4_define([VERSION_MICRO],[0])
|
m4_define([VERSION_MICRO],[1])
|
||||||
AC_INIT([unbound],m4_defn([VERSION_MAJOR]).m4_defn([VERSION_MINOR]).m4_defn([VERSION_MICRO]),[unbound-bugs@nlnetlabs.nl or https://github.com/NLnetLabs/unbound/issues],[unbound])
|
AC_INIT([unbound],m4_defn([VERSION_MAJOR]).m4_defn([VERSION_MINOR]).m4_defn([VERSION_MICRO]),[unbound-bugs@nlnetlabs.nl or https://github.com/NLnetLabs/unbound/issues],[unbound])
|
||||||
AC_SUBST(UNBOUND_VERSION_MAJOR, [VERSION_MAJOR])
|
AC_SUBST(UNBOUND_VERSION_MAJOR, [VERSION_MAJOR])
|
||||||
AC_SUBST(UNBOUND_VERSION_MINOR, [VERSION_MINOR])
|
AC_SUBST(UNBOUND_VERSION_MINOR, [VERSION_MINOR])
|
||||||
AC_SUBST(UNBOUND_VERSION_MICRO, [VERSION_MICRO])
|
AC_SUBST(UNBOUND_VERSION_MICRO, [VERSION_MICRO])
|
||||||
|
|
||||||
LIBUNBOUND_CURRENT=9
|
LIBUNBOUND_CURRENT=9
|
||||||
LIBUNBOUND_REVISION=20
|
LIBUNBOUND_REVISION=21
|
||||||
LIBUNBOUND_AGE=1
|
LIBUNBOUND_AGE=1
|
||||||
# 1.0.0 had 0:12:0
|
# 1.0.0 had 0:12:0
|
||||||
# 1.0.1 had 0:13:0
|
# 1.0.1 had 0:13:0
|
||||||
@ -106,6 +106,7 @@ LIBUNBOUND_AGE=1
|
|||||||
# 1.16.2 had 9:18:1
|
# 1.16.2 had 9:18:1
|
||||||
# 1.16.3 had 9:19:1
|
# 1.16.3 had 9:19:1
|
||||||
# 1.17.0 had 9:20:1
|
# 1.17.0 had 9:20:1
|
||||||
|
# 1.17.1 had 9:21:1
|
||||||
|
|
||||||
# Current -- the number of the binary API that we're implementing
|
# Current -- the number of the binary API that we're implementing
|
||||||
# Revision -- which iteration of the implementation of the binary
|
# Revision -- which iteration of the implementation of the binary
|
||||||
|
@ -42,9 +42,8 @@
|
|||||||
[Unit]
|
[Unit]
|
||||||
Description=Validating, recursive, and caching DNS resolver
|
Description=Validating, recursive, and caching DNS resolver
|
||||||
Documentation=man:unbound(8)
|
Documentation=man:unbound(8)
|
||||||
After=network-online.target
|
After=network.target
|
||||||
Before=nss-lookup.target
|
Before=network-online.target nss-lookup.target
|
||||||
Wants=network-online.target nss-lookup.target
|
|
||||||
|
|
||||||
[Install]
|
[Install]
|
||||||
WantedBy=multi-user.target
|
WantedBy=multi-user.target
|
||||||
|
@ -387,7 +387,7 @@ move_into_cache(struct ub_packed_rrset_key* k,
|
|||||||
struct rrset_ref ref;
|
struct rrset_ref ref;
|
||||||
uint8_t* p;
|
uint8_t* p;
|
||||||
|
|
||||||
ak = alloc_special_obtain(&worker->alloc);
|
ak = alloc_special_obtain(worker->alloc);
|
||||||
if(!ak) {
|
if(!ak) {
|
||||||
log_warn("error out of memory");
|
log_warn("error out of memory");
|
||||||
return 0;
|
return 0;
|
||||||
@ -398,7 +398,7 @@ move_into_cache(struct ub_packed_rrset_key* k,
|
|||||||
ak->rk.dname = (uint8_t*)memdup(k->rk.dname, k->rk.dname_len);
|
ak->rk.dname = (uint8_t*)memdup(k->rk.dname, k->rk.dname_len);
|
||||||
if(!ak->rk.dname) {
|
if(!ak->rk.dname) {
|
||||||
log_warn("error out of memory");
|
log_warn("error out of memory");
|
||||||
ub_packed_rrset_parsedelete(ak, &worker->alloc);
|
ub_packed_rrset_parsedelete(ak, worker->alloc);
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
s = sizeof(*ad) + (sizeof(size_t) + sizeof(uint8_t*) +
|
s = sizeof(*ad) + (sizeof(size_t) + sizeof(uint8_t*) +
|
||||||
@ -408,7 +408,7 @@ move_into_cache(struct ub_packed_rrset_key* k,
|
|||||||
ad = (struct packed_rrset_data*)malloc(s);
|
ad = (struct packed_rrset_data*)malloc(s);
|
||||||
if(!ad) {
|
if(!ad) {
|
||||||
log_warn("error out of memory");
|
log_warn("error out of memory");
|
||||||
ub_packed_rrset_parsedelete(ak, &worker->alloc);
|
ub_packed_rrset_parsedelete(ak, worker->alloc);
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
p = (uint8_t*)ad;
|
p = (uint8_t*)ad;
|
||||||
@ -431,7 +431,8 @@ move_into_cache(struct ub_packed_rrset_key* k,
|
|||||||
ref.key = ak;
|
ref.key = ak;
|
||||||
ref.id = ak->id;
|
ref.id = ak->id;
|
||||||
(void)rrset_cache_update(worker->env.rrset_cache, &ref,
|
(void)rrset_cache_update(worker->env.rrset_cache, &ref,
|
||||||
&worker->alloc, *worker->env.now);
|
worker->alloc, *worker->env.now);
|
||||||
|
|
||||||
return 1;
|
return 1;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -488,6 +488,27 @@ static int daemon_get_shufport(struct daemon* daemon, int* shufport)
|
|||||||
return avail;
|
return avail;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Clear and delete per-worker alloc caches, and free memory maintained in
|
||||||
|
* superalloc.
|
||||||
|
* The rrset and message caches must be empty at the time of call.
|
||||||
|
* @param daemon: the daemon that maintains the alloc caches to be cleared.
|
||||||
|
*/
|
||||||
|
static void
|
||||||
|
daemon_clear_allocs(struct daemon* daemon)
|
||||||
|
{
|
||||||
|
int i;
|
||||||
|
|
||||||
|
for(i=0; i<daemon->num; i++) {
|
||||||
|
alloc_clear(daemon->worker_allocs[i]);
|
||||||
|
free(daemon->worker_allocs[i]);
|
||||||
|
}
|
||||||
|
free(daemon->worker_allocs);
|
||||||
|
daemon->worker_allocs = NULL;
|
||||||
|
|
||||||
|
alloc_clear_special(&daemon->superalloc);
|
||||||
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Allocate empty worker structures. With backptr and thread-number,
|
* Allocate empty worker structures. With backptr and thread-number,
|
||||||
* from 0..numthread initialised. Used as user arguments to new threads.
|
* from 0..numthread initialised. Used as user arguments to new threads.
|
||||||
@ -540,6 +561,21 @@ daemon_create_workers(struct daemon* daemon)
|
|||||||
/* the above is not ports/numthr, due to rounding */
|
/* the above is not ports/numthr, due to rounding */
|
||||||
fatal_exit("could not create worker");
|
fatal_exit("could not create worker");
|
||||||
}
|
}
|
||||||
|
/* create per-worker alloc caches if not reusing existing ones. */
|
||||||
|
if(!daemon->worker_allocs) {
|
||||||
|
daemon->worker_allocs = (struct alloc_cache**)calloc(
|
||||||
|
(size_t)daemon->num, sizeof(struct alloc_cache*));
|
||||||
|
if(!daemon->worker_allocs)
|
||||||
|
fatal_exit("could not allocate worker allocs");
|
||||||
|
for(i=0; i<daemon->num; i++) {
|
||||||
|
struct alloc_cache* alloc = calloc(1,
|
||||||
|
sizeof(struct alloc_cache));
|
||||||
|
if (!alloc)
|
||||||
|
fatal_exit("could not allocate worker alloc");
|
||||||
|
alloc_init(alloc, &daemon->superalloc, i);
|
||||||
|
daemon->worker_allocs[i] = alloc;
|
||||||
|
}
|
||||||
|
}
|
||||||
free(shufport);
|
free(shufport);
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -771,6 +807,7 @@ daemon_fork(struct daemon* daemon)
|
|||||||
/* Shutdown SHM */
|
/* Shutdown SHM */
|
||||||
shm_main_shutdown(daemon);
|
shm_main_shutdown(daemon);
|
||||||
|
|
||||||
|
daemon->reuse_cache = daemon->workers[0]->reuse_cache;
|
||||||
daemon->need_to_exit = daemon->workers[0]->need_to_exit;
|
daemon->need_to_exit = daemon->workers[0]->need_to_exit;
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -785,9 +822,16 @@ daemon_cleanup(struct daemon* daemon)
|
|||||||
log_thread_set(NULL);
|
log_thread_set(NULL);
|
||||||
/* clean up caches because
|
/* clean up caches because
|
||||||
* a) RRset IDs will be recycled after a reload, causing collisions
|
* a) RRset IDs will be recycled after a reload, causing collisions
|
||||||
* b) validation config can change, thus rrset, msg, keycache clear */
|
* b) validation config can change, thus rrset, msg, keycache clear
|
||||||
slabhash_clear(&daemon->env->rrset_cache->table);
|
*
|
||||||
slabhash_clear(daemon->env->msg_cache);
|
* If we are trying to keep the cache as long as possible, we should
|
||||||
|
* defer the cleanup until we know whether the new configuration allows
|
||||||
|
* the reuse. (If we're exiting, cleanup should be done here). */
|
||||||
|
if(!daemon->reuse_cache || daemon->need_to_exit) {
|
||||||
|
slabhash_clear(&daemon->env->rrset_cache->table);
|
||||||
|
slabhash_clear(daemon->env->msg_cache);
|
||||||
|
}
|
||||||
|
daemon->old_num = daemon->num; /* save the current num */
|
||||||
local_zones_delete(daemon->local_zones);
|
local_zones_delete(daemon->local_zones);
|
||||||
daemon->local_zones = NULL;
|
daemon->local_zones = NULL;
|
||||||
respip_set_delete(daemon->respip_set);
|
respip_set_delete(daemon->respip_set);
|
||||||
@ -802,8 +846,13 @@ daemon_cleanup(struct daemon* daemon)
|
|||||||
worker_delete(daemon->workers[i]);
|
worker_delete(daemon->workers[i]);
|
||||||
free(daemon->workers);
|
free(daemon->workers);
|
||||||
daemon->workers = NULL;
|
daemon->workers = NULL;
|
||||||
|
/* Unless we're trying to keep the cache, worker alloc_caches should be
|
||||||
|
* cleared and freed here. We do this after deleting workers to
|
||||||
|
* guarantee that the alloc caches are valid throughout the lifetime
|
||||||
|
* of workers. */
|
||||||
|
if(!daemon->reuse_cache || daemon->need_to_exit)
|
||||||
|
daemon_clear_allocs(daemon);
|
||||||
daemon->num = 0;
|
daemon->num = 0;
|
||||||
alloc_clear_special(&daemon->superalloc);
|
|
||||||
#ifdef USE_DNSTAP
|
#ifdef USE_DNSTAP
|
||||||
dt_delete(daemon->dtenv);
|
dt_delete(daemon->dtenv);
|
||||||
daemon->dtenv = NULL;
|
daemon->dtenv = NULL;
|
||||||
@ -900,8 +949,42 @@ daemon_delete(struct daemon* daemon)
|
|||||||
|
|
||||||
void daemon_apply_cfg(struct daemon* daemon, struct config_file* cfg)
|
void daemon_apply_cfg(struct daemon* daemon, struct config_file* cfg)
|
||||||
{
|
{
|
||||||
|
int new_num = cfg->num_threads?cfg->num_threads:1;
|
||||||
|
|
||||||
daemon->cfg = cfg;
|
daemon->cfg = cfg;
|
||||||
config_apply(cfg);
|
config_apply(cfg);
|
||||||
|
|
||||||
|
/* If this is a reload and we deferred the decision on whether to
|
||||||
|
* reuse the alloc, RRset, and message caches, then check to see if
|
||||||
|
* it's safe to keep the caches:
|
||||||
|
* - changing the number of threads is obviously incompatible with
|
||||||
|
* keeping the per-thread alloc caches. It also means we have to
|
||||||
|
* clear RRset and message caches. (note that 'new_num' may be
|
||||||
|
* adjusted in daemon_create_workers, but for our purpose we can
|
||||||
|
* simply compare it with 'old_num'; if they are equal here,
|
||||||
|
* 'new_num' won't be adjusted to a different value than 'old_num').
|
||||||
|
* - changing RRset cache size effectively clears any remaining cache
|
||||||
|
* entries. We could keep their keys in alloc caches, but it would
|
||||||
|
* be more consistent with the sense of the change to clear allocs
|
||||||
|
* and free memory. To do so we also have to clear message cache.
|
||||||
|
* - only changing message cache size does not necessarily affect
|
||||||
|
* RRset or alloc cache. But almost all new subsequent queries will
|
||||||
|
* require recursive resolution anyway, so it doesn't help much to
|
||||||
|
* just keep RRset and alloc caches. For simplicity we clear/free
|
||||||
|
* the other two, too. */
|
||||||
|
if(daemon->worker_allocs &&
|
||||||
|
(new_num != daemon->old_num ||
|
||||||
|
!slabhash_is_size(daemon->env->msg_cache, cfg->msg_cache_size,
|
||||||
|
cfg->msg_cache_slabs) ||
|
||||||
|
!slabhash_is_size(&daemon->env->rrset_cache->table,
|
||||||
|
cfg->rrset_cache_size, cfg->rrset_cache_slabs)))
|
||||||
|
{
|
||||||
|
log_warn("cannot reuse caches due to critical config change");
|
||||||
|
slabhash_clear(&daemon->env->rrset_cache->table);
|
||||||
|
slabhash_clear(daemon->env->msg_cache);
|
||||||
|
daemon_clear_allocs(daemon);
|
||||||
|
}
|
||||||
|
|
||||||
if(!slabhash_is_size(daemon->env->msg_cache, cfg->msg_cache_size,
|
if(!slabhash_is_size(daemon->env->msg_cache, cfg->msg_cache_size,
|
||||||
cfg->msg_cache_slabs)) {
|
cfg->msg_cache_slabs)) {
|
||||||
slabhash_delete(daemon->env->msg_cache);
|
slabhash_delete(daemon->env->msg_cache);
|
||||||
|
@ -99,8 +99,12 @@ struct daemon {
|
|||||||
void* listen_sslctx, *connect_sslctx;
|
void* listen_sslctx, *connect_sslctx;
|
||||||
/** num threads allocated */
|
/** num threads allocated */
|
||||||
int num;
|
int num;
|
||||||
|
/** num threads allocated in the previous config or 0 at first */
|
||||||
|
int old_num;
|
||||||
/** the worker entries */
|
/** the worker entries */
|
||||||
struct worker** workers;
|
struct worker** workers;
|
||||||
|
/** per-worker allocation cache */
|
||||||
|
struct alloc_cache **worker_allocs;
|
||||||
/** do we need to exit unbound (or is it only a reload?) */
|
/** do we need to exit unbound (or is it only a reload?) */
|
||||||
int need_to_exit;
|
int need_to_exit;
|
||||||
/** master random table ; used for port div between threads on reload*/
|
/** master random table ; used for port div between threads on reload*/
|
||||||
@ -140,6 +144,8 @@ struct daemon {
|
|||||||
/** the dnscrypt environment */
|
/** the dnscrypt environment */
|
||||||
struct dnsc_env* dnscenv;
|
struct dnsc_env* dnscenv;
|
||||||
#endif
|
#endif
|
||||||
|
/** reuse existing cache on reload if other conditions allow it. */
|
||||||
|
int reuse_cache;
|
||||||
};
|
};
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
@ -105,8 +105,6 @@
|
|||||||
|
|
||||||
/** what to put on statistics lines between var and value, ": " or "=" */
|
/** what to put on statistics lines between var and value, ": " or "=" */
|
||||||
#define SQ "="
|
#define SQ "="
|
||||||
/** if true, inhibits a lot of =0 lines from the stats output */
|
|
||||||
static const int inhibit_zero = 1;
|
|
||||||
|
|
||||||
/** subtract timers and the values do not overflow or become negative */
|
/** subtract timers and the values do not overflow or become negative */
|
||||||
static void
|
static void
|
||||||
@ -684,8 +682,9 @@ do_stop(RES* ssl, struct worker* worker)
|
|||||||
|
|
||||||
/** do the reload command */
|
/** do the reload command */
|
||||||
static void
|
static void
|
||||||
do_reload(RES* ssl, struct worker* worker)
|
do_reload(RES* ssl, struct worker* worker, int reuse_cache)
|
||||||
{
|
{
|
||||||
|
worker->reuse_cache = reuse_cache;
|
||||||
worker->need_to_exit = 0;
|
worker->need_to_exit = 0;
|
||||||
comm_base_exit(worker->base);
|
comm_base_exit(worker->base);
|
||||||
send_ok(ssl);
|
send_ok(ssl);
|
||||||
@ -920,7 +919,7 @@ print_hist(RES* ssl, struct ub_stats_info* s)
|
|||||||
|
|
||||||
/** print extended stats */
|
/** print extended stats */
|
||||||
static int
|
static int
|
||||||
print_ext(RES* ssl, struct ub_stats_info* s)
|
print_ext(RES* ssl, struct ub_stats_info* s, int inhibit_zero)
|
||||||
{
|
{
|
||||||
int i;
|
int i;
|
||||||
char nm[32];
|
char nm[32];
|
||||||
@ -1129,7 +1128,7 @@ do_stats(RES* ssl, struct worker* worker, int reset)
|
|||||||
return;
|
return;
|
||||||
if(!print_hist(ssl, &total))
|
if(!print_hist(ssl, &total))
|
||||||
return;
|
return;
|
||||||
if(!print_ext(ssl, &total))
|
if(!print_ext(ssl, &total, daemon->cfg->stat_inhibit_zero))
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
@ -1963,6 +1962,8 @@ do_flush_name(RES* ssl, struct worker* w, char* arg)
|
|||||||
do_cache_remove(w, nm, nmlen, LDNS_RR_TYPE_PTR, LDNS_RR_CLASS_IN);
|
do_cache_remove(w, nm, nmlen, LDNS_RR_TYPE_PTR, LDNS_RR_CLASS_IN);
|
||||||
do_cache_remove(w, nm, nmlen, LDNS_RR_TYPE_SRV, LDNS_RR_CLASS_IN);
|
do_cache_remove(w, nm, nmlen, LDNS_RR_TYPE_SRV, LDNS_RR_CLASS_IN);
|
||||||
do_cache_remove(w, nm, nmlen, LDNS_RR_TYPE_NAPTR, LDNS_RR_CLASS_IN);
|
do_cache_remove(w, nm, nmlen, LDNS_RR_TYPE_NAPTR, LDNS_RR_CLASS_IN);
|
||||||
|
do_cache_remove(w, nm, nmlen, LDNS_RR_TYPE_SVCB, LDNS_RR_CLASS_IN);
|
||||||
|
do_cache_remove(w, nm, nmlen, LDNS_RR_TYPE_HTTPS, LDNS_RR_CLASS_IN);
|
||||||
|
|
||||||
free(nm);
|
free(nm);
|
||||||
send_ok(ssl);
|
send_ok(ssl);
|
||||||
@ -3029,8 +3030,11 @@ execute_cmd(struct daemon_remote* rc, RES* ssl, char* cmd,
|
|||||||
if(cmdcmp(p, "stop", 4)) {
|
if(cmdcmp(p, "stop", 4)) {
|
||||||
do_stop(ssl, worker);
|
do_stop(ssl, worker);
|
||||||
return;
|
return;
|
||||||
|
} else if(cmdcmp(p, "reload_keep_cache", 17)) {
|
||||||
|
do_reload(ssl, worker, 1);
|
||||||
|
return;
|
||||||
} else if(cmdcmp(p, "reload", 6)) {
|
} else if(cmdcmp(p, "reload", 6)) {
|
||||||
do_reload(ssl, worker);
|
do_reload(ssl, worker, 0);
|
||||||
return;
|
return;
|
||||||
} else if(cmdcmp(p, "stats_noreset", 13)) {
|
} else if(cmdcmp(p, "stats_noreset", 13)) {
|
||||||
do_stats(ssl, worker, 0);
|
do_stats(ssl, worker, 0);
|
||||||
|
@ -133,7 +133,7 @@ worker_mem_report(struct worker* ATTR_UNUSED(worker),
|
|||||||
rrset = slabhash_get_mem(&worker->env.rrset_cache->table);
|
rrset = slabhash_get_mem(&worker->env.rrset_cache->table);
|
||||||
infra = infra_get_mem(worker->env.infra_cache);
|
infra = infra_get_mem(worker->env.infra_cache);
|
||||||
mesh = mesh_get_mem(worker->env.mesh);
|
mesh = mesh_get_mem(worker->env.mesh);
|
||||||
ac = alloc_get_mem(&worker->alloc);
|
ac = alloc_get_mem(worker->alloc);
|
||||||
superac = alloc_get_mem(&worker->daemon->superalloc);
|
superac = alloc_get_mem(&worker->daemon->superalloc);
|
||||||
anch = anchors_get_mem(worker->env.anchors);
|
anch = anchors_get_mem(worker->env.anchors);
|
||||||
iter = 0;
|
iter = 0;
|
||||||
@ -623,6 +623,14 @@ answer_from_cache(struct worker* worker, struct query_info* qinfo,
|
|||||||
if(worker->env.cfg->serve_expired_ttl &&
|
if(worker->env.cfg->serve_expired_ttl &&
|
||||||
rep->serve_expired_ttl < timenow)
|
rep->serve_expired_ttl < timenow)
|
||||||
return 0;
|
return 0;
|
||||||
|
/* Ignore expired failure answers */
|
||||||
|
if(FLAGS_GET_RCODE(rep->flags) !=
|
||||||
|
LDNS_RCODE_NOERROR &&
|
||||||
|
FLAGS_GET_RCODE(rep->flags) !=
|
||||||
|
LDNS_RCODE_NXDOMAIN &&
|
||||||
|
FLAGS_GET_RCODE(rep->flags) !=
|
||||||
|
LDNS_RCODE_YXDOMAIN)
|
||||||
|
return 0;
|
||||||
if(!rrset_array_lock(rep->ref, rep->rrset_count, 0))
|
if(!rrset_array_lock(rep->ref, rep->rrset_count, 0))
|
||||||
return 0;
|
return 0;
|
||||||
*is_expired_answer = 1;
|
*is_expired_answer = 1;
|
||||||
@ -730,8 +738,6 @@ answer_from_cache(struct worker* worker, struct query_info* qinfo,
|
|||||||
goto bail_out;
|
goto bail_out;
|
||||||
}
|
}
|
||||||
} else {
|
} else {
|
||||||
/* We don't check the global ede as this is a warning, not
|
|
||||||
* an error */
|
|
||||||
if (*is_expired_answer == 1 &&
|
if (*is_expired_answer == 1 &&
|
||||||
worker->env.cfg->ede_serve_expired && worker->env.cfg->ede) {
|
worker->env.cfg->ede_serve_expired && worker->env.cfg->ede) {
|
||||||
EDNS_OPT_LIST_APPEND_EDE(&edns->opt_list_out,
|
EDNS_OPT_LIST_APPEND_EDE(&edns->opt_list_out,
|
||||||
@ -2059,15 +2065,14 @@ worker_init(struct worker* worker, struct config_file *cfg,
|
|||||||
}
|
}
|
||||||
|
|
||||||
server_stats_init(&worker->stats, cfg);
|
server_stats_init(&worker->stats, cfg);
|
||||||
alloc_init(&worker->alloc, &worker->daemon->superalloc,
|
worker->alloc = worker->daemon->worker_allocs[worker->thread_num];
|
||||||
worker->thread_num);
|
alloc_set_id_cleanup(worker->alloc, &worker_alloc_cleanup, worker);
|
||||||
alloc_set_id_cleanup(&worker->alloc, &worker_alloc_cleanup, worker);
|
|
||||||
worker->env = *worker->daemon->env;
|
worker->env = *worker->daemon->env;
|
||||||
comm_base_timept(worker->base, &worker->env.now, &worker->env.now_tv);
|
comm_base_timept(worker->base, &worker->env.now, &worker->env.now_tv);
|
||||||
worker->env.worker = worker;
|
worker->env.worker = worker;
|
||||||
worker->env.worker_base = worker->base;
|
worker->env.worker_base = worker->base;
|
||||||
worker->env.send_query = &worker_send_query;
|
worker->env.send_query = &worker_send_query;
|
||||||
worker->env.alloc = &worker->alloc;
|
worker->env.alloc = worker->alloc;
|
||||||
worker->env.outnet = worker->back;
|
worker->env.outnet = worker->back;
|
||||||
worker->env.rnd = worker->rndstate;
|
worker->env.rnd = worker->rndstate;
|
||||||
/* If case prefetch is triggered, the corresponding mesh will clear
|
/* If case prefetch is triggered, the corresponding mesh will clear
|
||||||
@ -2211,7 +2216,7 @@ worker_delete(struct worker* worker)
|
|||||||
#endif /* USE_DNSTAP */
|
#endif /* USE_DNSTAP */
|
||||||
comm_base_delete(worker->base);
|
comm_base_delete(worker->base);
|
||||||
ub_randfree(worker->rndstate);
|
ub_randfree(worker->rndstate);
|
||||||
alloc_clear(&worker->alloc);
|
/* don't touch worker->alloc, as it's maintained in daemon */
|
||||||
regional_destroy(worker->env.scratch);
|
regional_destroy(worker->env.scratch);
|
||||||
regional_destroy(worker->scratchpad);
|
regional_destroy(worker->scratchpad);
|
||||||
free(worker);
|
free(worker);
|
||||||
|
@ -118,7 +118,7 @@ struct worker {
|
|||||||
/** do we need to restart or quit (on signal) */
|
/** do we need to restart or quit (on signal) */
|
||||||
int need_to_exit;
|
int need_to_exit;
|
||||||
/** allocation cache for this thread */
|
/** allocation cache for this thread */
|
||||||
struct alloc_cache alloc;
|
struct alloc_cache *alloc;
|
||||||
/** per thread statistics */
|
/** per thread statistics */
|
||||||
struct ub_server_stats stats;
|
struct ub_server_stats stats;
|
||||||
/** thread scratch regional */
|
/** thread scratch regional */
|
||||||
@ -131,6 +131,8 @@ struct worker {
|
|||||||
/** dnstap environment, changed for this thread */
|
/** dnstap environment, changed for this thread */
|
||||||
struct dt_env dtenv;
|
struct dt_env dtenv;
|
||||||
#endif
|
#endif
|
||||||
|
/** reuse existing cache on reload if other conditions allow it. */
|
||||||
|
int reuse_cache;
|
||||||
};
|
};
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
@ -1,7 +1,93 @@
|
|||||||
|
5 January 2023: Wouter
|
||||||
|
- Tag for 1.17.1 release.
|
||||||
|
|
||||||
|
2 January 2023: Wouter
|
||||||
|
- Fix windows compile for libunbound subprocess reap comm point closes.
|
||||||
|
- Update github workflows to use checkout v3.
|
||||||
|
|
||||||
|
14 December 2022: George
|
||||||
|
- Merge #569 from JINMEI Tatuya: add keep-cache option to
|
||||||
|
'unbound-control reload' to keep caches.
|
||||||
|
|
||||||
|
13 December 2022: George
|
||||||
|
- Expose 'statistics-inhibit-zero' as a configuration option; the
|
||||||
|
default value retains Unbound's behavior.
|
||||||
|
- Expose 'max-sent-count' as a configuration option; the
|
||||||
|
default value retains Unbound's behavior.
|
||||||
|
- Merge #461 from Christian Allred: Add max-query-restarts option.
|
||||||
|
Exposes an internal configuration but the default value retains
|
||||||
|
Unbound's behavior.
|
||||||
|
|
||||||
|
13 December 2022: Wouter
|
||||||
|
- Merge #808: Wrap Makefile script's directory variables in quotes.
|
||||||
|
- Fix to wrap Makefile scripts directory in quotes for uninstall.
|
||||||
|
|
||||||
|
1 December 2022: Wouter
|
||||||
|
- Fix #773: When used with systemd-networkd, unbound does not start
|
||||||
|
until systemd-networkd-wait-online.service times out.
|
||||||
|
|
||||||
|
30 November 2022: George
|
||||||
|
- Add SVCB and HTTPS to the types removed by 'unbound-control flush'.
|
||||||
|
- Clear documentation for interactivity between the subnet module and
|
||||||
|
the serve-expired and prefetch configuration options.
|
||||||
|
|
||||||
|
30 November 2022: Wouter
|
||||||
|
- Fix #782: Segmentation fault in stats.c:404.
|
||||||
|
|
||||||
|
28 November 2022: Wouter
|
||||||
|
- Fix for the ignore of tcp events for closed comm points, preserve
|
||||||
|
the use after free protection features.
|
||||||
|
|
||||||
|
23 November 2022: Philip
|
||||||
|
- Merge #720 from jonathangray: fix use after free when
|
||||||
|
WSACreateEvent() fails.
|
||||||
|
|
||||||
|
22 November 2022: George
|
||||||
|
- Ignore expired error responses.
|
||||||
|
|
||||||
|
11 November 2022: Wouter
|
||||||
|
- Fix #779: [doc] Missing documention in ub_resolve_event() for
|
||||||
|
callback parameter was_ratelimited.
|
||||||
|
|
||||||
|
9 November 2022: George
|
||||||
|
- Complementary fix for distutils.sysconfig deprecation in Python 3.10
|
||||||
|
to commit 62c5039ab9da42713e006e840b7578e01d66e7f2.
|
||||||
|
|
||||||
|
8 November 2022: Wouter
|
||||||
|
- Fix to ignore tcp events for closed comm points.
|
||||||
|
- Fix to make sure to not read again after a tcp comm point is closed.
|
||||||
|
- Fix #775: libunbound: subprocess reap causes parent process reap
|
||||||
|
to hang.
|
||||||
|
- iana portlist update.
|
||||||
|
|
||||||
|
21 October 2022: George
|
||||||
|
- Merge #767 from jonathangray: consistently use IPv4/IPv6 in
|
||||||
|
unbound.conf.5.
|
||||||
|
|
||||||
|
21 October 2022: Wouter
|
||||||
|
- Fix that cachedb does not store failures in the external cache.
|
||||||
|
|
||||||
|
18 October 2022: George
|
||||||
|
- Clarify the use of MAX_SENT_COUNT in the iterator code.
|
||||||
|
|
||||||
|
17 October 2022: Wouter
|
||||||
|
- testcode/dohclient sets log identity to its name.
|
||||||
|
|
||||||
|
14 October 2022: Wouter
|
||||||
|
- Merge #768 from fobser: Arithmetic on a pointer to void is a GNU
|
||||||
|
extension.
|
||||||
|
- In unit test, print python script name list correctly.
|
||||||
|
|
||||||
|
13 October 2022: Wouter
|
||||||
|
- Tag for 1.17.0 release. The code repository continues with 1.17.1.
|
||||||
|
|
||||||
11 October 2022: George
|
11 October 2022: George
|
||||||
- Fix PROXYv2 header read for TCP connections when no proxied addresses
|
- Fix PROXYv2 header read for TCP connections when no proxied addresses
|
||||||
are provided.
|
are provided.
|
||||||
|
|
||||||
|
7 October 2022: Wouter
|
||||||
|
- Tag for 1.17.0rc1 release.
|
||||||
|
|
||||||
7 October 2022: George
|
7 October 2022: George
|
||||||
- Fix to stop possible loops in the tcp reuse code (write_wait list
|
- Fix to stop possible loops in the tcp reuse code (write_wait list
|
||||||
and tcp_wait list). Based on analysis and patch from Prad Seniappan
|
and tcp_wait list). Based on analysis and patch from Prad Seniappan
|
||||||
|
@ -1,4 +1,4 @@
|
|||||||
README for Unbound 1.17.0
|
README for Unbound 1.17.1
|
||||||
Copyright 2007 NLnet Labs
|
Copyright 2007 NLnet Labs
|
||||||
http://unbound.net
|
http://unbound.net
|
||||||
|
|
||||||
|
@ -1,7 +1,7 @@
|
|||||||
#
|
#
|
||||||
# Example configuration file.
|
# Example configuration file.
|
||||||
#
|
#
|
||||||
# See unbound.conf(5) man page, version 1.17.0.
|
# See unbound.conf(5) man page, version 1.17.1.
|
||||||
#
|
#
|
||||||
# this is a comment.
|
# this is a comment.
|
||||||
|
|
||||||
@ -35,9 +35,14 @@ server:
|
|||||||
# statistics-cumulative: no
|
# statistics-cumulative: no
|
||||||
|
|
||||||
# enable extended statistics (query types, answer codes, status)
|
# enable extended statistics (query types, answer codes, status)
|
||||||
# printed from unbound-control. default off, because of speed.
|
# printed from unbound-control. Default off, because of speed.
|
||||||
# extended-statistics: no
|
# extended-statistics: no
|
||||||
|
|
||||||
|
# Inhibits selected extended statistics (qtype, qclass, qopcode, rcode,
|
||||||
|
# rpz-actions) from printing if their value is 0.
|
||||||
|
# Default on.
|
||||||
|
# statistics-inhibit-zero: yes
|
||||||
|
|
||||||
# number of threads to create. 1 disables threading.
|
# number of threads to create. 1 disables threading.
|
||||||
# num-threads: 1
|
# num-threads: 1
|
||||||
|
|
||||||
@ -173,6 +178,15 @@ server:
|
|||||||
# a throwaway response (also timeouts) is received.
|
# a throwaway response (also timeouts) is received.
|
||||||
# outbound-msg-retry: 5
|
# outbound-msg-retry: 5
|
||||||
|
|
||||||
|
# Hard limit on the number of outgoing queries Unbound will make while
|
||||||
|
# resolving a name, making sure large NS sets do not loop.
|
||||||
|
# It resets on query restarts (e.g., CNAME) and referrals.
|
||||||
|
# max-sent-count: 32
|
||||||
|
|
||||||
|
# Hard limit on the number of times Unbound is allowed to restart a
|
||||||
|
# query upon encountering a CNAME record.
|
||||||
|
# max-query-restarts: 11
|
||||||
|
|
||||||
# msec for waiting for an unknown server to reply. Increase if you
|
# msec for waiting for an unknown server to reply. Increase if you
|
||||||
# are behind a slow satellite link, to eg. 1128.
|
# are behind a slow satellite link, to eg. 1128.
|
||||||
# unknown-server-time-limit: 376
|
# unknown-server-time-limit: 376
|
||||||
|
@ -1,4 +1,4 @@
|
|||||||
.TH "libunbound" "3" "Oct 13, 2022" "NLnet Labs" "unbound 1.17.0"
|
.TH "libunbound" "3" "Jan 12, 2023" "NLnet Labs" "unbound 1.17.1"
|
||||||
.\"
|
.\"
|
||||||
.\" libunbound.3 -- unbound library functions manual
|
.\" libunbound.3 -- unbound library functions manual
|
||||||
.\"
|
.\"
|
||||||
@ -44,7 +44,7 @@
|
|||||||
.B ub_ctx_zone_remove,
|
.B ub_ctx_zone_remove,
|
||||||
.B ub_ctx_data_add,
|
.B ub_ctx_data_add,
|
||||||
.B ub_ctx_data_remove
|
.B ub_ctx_data_remove
|
||||||
\- Unbound DNS validating resolver 1.17.0 functions.
|
\- Unbound DNS validating resolver 1.17.1 functions.
|
||||||
.SH "SYNOPSIS"
|
.SH "SYNOPSIS"
|
||||||
.B #include <unbound.h>
|
.B #include <unbound.h>
|
||||||
.LP
|
.LP
|
||||||
|
@ -1,4 +1,4 @@
|
|||||||
.TH "unbound-anchor" "8" "Oct 13, 2022" "NLnet Labs" "unbound 1.17.0"
|
.TH "unbound-anchor" "8" "Jan 12, 2023" "NLnet Labs" "unbound 1.17.1"
|
||||||
.\"
|
.\"
|
||||||
.\" unbound-anchor.8 -- unbound anchor maintenance utility manual
|
.\" unbound-anchor.8 -- unbound anchor maintenance utility manual
|
||||||
.\"
|
.\"
|
||||||
|
@ -1,4 +1,4 @@
|
|||||||
.TH "unbound-checkconf" "8" "Oct 13, 2022" "NLnet Labs" "unbound 1.17.0"
|
.TH "unbound-checkconf" "8" "Jan 12, 2023" "NLnet Labs" "unbound 1.17.1"
|
||||||
.\"
|
.\"
|
||||||
.\" unbound-checkconf.8 -- unbound configuration checker manual
|
.\" unbound-checkconf.8 -- unbound configuration checker manual
|
||||||
.\"
|
.\"
|
||||||
|
@ -1,4 +1,4 @@
|
|||||||
.TH "unbound-control" "8" "Oct 13, 2022" "NLnet Labs" "unbound 1.17.0"
|
.TH "unbound-control" "8" "Jan 12, 2023" "NLnet Labs" "unbound 1.17.1"
|
||||||
.\"
|
.\"
|
||||||
.\" unbound-control.8 -- unbound remote control manual
|
.\" unbound-control.8 -- unbound remote control manual
|
||||||
.\"
|
.\"
|
||||||
@ -54,6 +54,12 @@ Stop the server. The server daemon exits.
|
|||||||
.B reload
|
.B reload
|
||||||
Reload the server. This flushes the cache and reads the config file fresh.
|
Reload the server. This flushes the cache and reads the config file fresh.
|
||||||
.TP
|
.TP
|
||||||
|
.B reload_keep_cache
|
||||||
|
Reload the server but try to keep the RRset and message cache if
|
||||||
|
(re)configuration allows for it.
|
||||||
|
That means the caches sizes and the number of threads must not change between
|
||||||
|
reloads.
|
||||||
|
.TP
|
||||||
.B verbosity \fInumber
|
.B verbosity \fInumber
|
||||||
Change verbosity value for logging. Same values as \fBverbosity\fR keyword in
|
Change verbosity value for logging. Same values as \fBverbosity\fR keyword in
|
||||||
\fIunbound.conf\fR(5). This new setting lasts until the server is issued
|
\fIunbound.conf\fR(5). This new setting lasts until the server is issued
|
||||||
@ -130,7 +136,7 @@ name specified.
|
|||||||
.TP
|
.TP
|
||||||
.B flush \fIname
|
.B flush \fIname
|
||||||
Remove the name from the cache. Removes the types
|
Remove the name from the cache. Removes the types
|
||||||
A, AAAA, NS, SOA, CNAME, DNAME, MX, PTR, SRV and NAPTR.
|
A, AAAA, NS, SOA, CNAME, DNAME, MX, PTR, SRV, NAPTR, SVCB and HTTPS.
|
||||||
Because that is fast to do. Other record types can be removed using
|
Because that is fast to do. Other record types can be removed using
|
||||||
.B flush_type
|
.B flush_type
|
||||||
or
|
or
|
||||||
|
@ -1,4 +1,4 @@
|
|||||||
.TH "unbound\-host" "1" "Oct 13, 2022" "NLnet Labs" "unbound 1.17.0"
|
.TH "unbound\-host" "1" "Jan 12, 2023" "NLnet Labs" "unbound 1.17.1"
|
||||||
.\"
|
.\"
|
||||||
.\" unbound-host.1 -- unbound DNS lookup utility
|
.\" unbound-host.1 -- unbound DNS lookup utility
|
||||||
.\"
|
.\"
|
||||||
|
@ -1,4 +1,4 @@
|
|||||||
.TH "unbound" "8" "Oct 13, 2022" "NLnet Labs" "unbound 1.17.0"
|
.TH "unbound" "8" "Jan 12, 2023" "NLnet Labs" "unbound 1.17.1"
|
||||||
.\"
|
.\"
|
||||||
.\" unbound.8 -- unbound manual
|
.\" unbound.8 -- unbound manual
|
||||||
.\"
|
.\"
|
||||||
@ -9,7 +9,7 @@
|
|||||||
.\"
|
.\"
|
||||||
.SH "NAME"
|
.SH "NAME"
|
||||||
.B unbound
|
.B unbound
|
||||||
\- Unbound DNS validating resolver 1.17.0.
|
\- Unbound DNS validating resolver 1.17.1.
|
||||||
.SH "SYNOPSIS"
|
.SH "SYNOPSIS"
|
||||||
.B unbound
|
.B unbound
|
||||||
.RB [ \-h ]
|
.RB [ \-h ]
|
||||||
|
@ -1,4 +1,4 @@
|
|||||||
.TH "unbound.conf" "5" "Oct 13, 2022" "NLnet Labs" "unbound 1.17.0"
|
.TH "unbound.conf" "5" "Jan 12, 2023" "NLnet Labs" "unbound 1.17.1"
|
||||||
.\"
|
.\"
|
||||||
.\" unbound.conf.5 -- unbound.conf manual
|
.\" unbound.conf.5 -- unbound.conf manual
|
||||||
.\"
|
.\"
|
||||||
@ -112,6 +112,14 @@ If enabled, extended statistics are printed from \fIunbound\-control\fR(8).
|
|||||||
Default is off, because keeping track of more statistics takes time. The
|
Default is off, because keeping track of more statistics takes time. The
|
||||||
counters are listed in \fIunbound\-control\fR(8).
|
counters are listed in \fIunbound\-control\fR(8).
|
||||||
.TP
|
.TP
|
||||||
|
.B statistics\-inhibit\-zero: \fI<yes or no>
|
||||||
|
If enabled, selected extended statistics with a value of 0 are inhibited from
|
||||||
|
printing with \fIunbound\-control\fR(8).
|
||||||
|
These are query types, query classes, query opcodes, answer rcodes
|
||||||
|
(except NOERROR, FORMERR, SERVFAIL, NXDOMAIN, NOTIMPL, REFUSED) and
|
||||||
|
RPZ actions.
|
||||||
|
Default is on.
|
||||||
|
.TP
|
||||||
.B num\-threads: \fI<number>
|
.B num\-threads: \fI<number>
|
||||||
The number of threads to create to serve clients. Use 1 for no threading.
|
The number of threads to create to serve clients. Use 1 for no threading.
|
||||||
.TP
|
.TP
|
||||||
@ -349,7 +357,7 @@ ip\-transparent option is also available.
|
|||||||
The value of the Differentiated Services Codepoint (DSCP) in the
|
The value of the Differentiated Services Codepoint (DSCP) in the
|
||||||
differentiated services field (DS) of the outgoing IP packet headers.
|
differentiated services field (DS) of the outgoing IP packet headers.
|
||||||
The field replaces the outdated IPv4 Type-Of-Service field and the
|
The field replaces the outdated IPv4 Type-Of-Service field and the
|
||||||
IPV6 traffic class field.
|
IPv6 traffic class field.
|
||||||
.TP
|
.TP
|
||||||
.B rrset\-cache\-size: \fI<number>
|
.B rrset\-cache\-size: \fI<number>
|
||||||
Number of bytes size of the RRset cache. Default is 4 megabytes.
|
Number of bytes size of the RRset cache. Default is 4 megabytes.
|
||||||
@ -416,7 +424,7 @@ Enable or disable whether ip4 queries are answered or issued. Default is yes.
|
|||||||
Enable or disable whether ip6 queries are answered or issued. Default is yes.
|
Enable or disable whether ip6 queries are answered or issued. Default is yes.
|
||||||
If disabled, queries are not answered on IPv6, and queries are not sent on
|
If disabled, queries are not answered on IPv6, and queries are not sent on
|
||||||
IPv6 to the internet nameservers. With this option you can disable the
|
IPv6 to the internet nameservers. With this option you can disable the
|
||||||
ipv6 transport for sending DNS traffic, it does not impact the contents of
|
IPv6 transport for sending DNS traffic, it does not impact the contents of
|
||||||
the DNS traffic, which may have ip4 and ip6 addresses in it.
|
the DNS traffic, which may have ip4 and ip6 addresses in it.
|
||||||
.TP
|
.TP
|
||||||
.B prefer\-ip4: \fI<yes or no>
|
.B prefer\-ip4: \fI<yes or no>
|
||||||
@ -1671,7 +1679,7 @@ This specifies the action data for \fIresponse-ip\fR with action being
|
|||||||
to redirect as specified by "\fIresource record string\fR". "Resource
|
to redirect as specified by "\fIresource record string\fR". "Resource
|
||||||
record string" is similar to that of \fIaccess-control-tag-action\fR,
|
record string" is similar to that of \fIaccess-control-tag-action\fR,
|
||||||
but it must be of either AAAA, A or CNAME types.
|
but it must be of either AAAA, A or CNAME types.
|
||||||
If the IP-netblock is an IPv6/IPV4 prefix, the record
|
If the IP-netblock is an IPv6/IPv4 prefix, the record
|
||||||
must be AAAA/A respectively, unless it is a CNAME (which can be used
|
must be AAAA/A respectively, unless it is a CNAME (which can be used
|
||||||
for both versions of IP netblocks). If it is CNAME there must not be
|
for both versions of IP netblocks). If it is CNAME there must not be
|
||||||
more than one \fIresponse-ip-data\fR for the same IP-netblock.
|
more than one \fIresponse-ip-data\fR for the same IP-netblock.
|
||||||
@ -1820,6 +1828,21 @@ If a forward/stub zone is used, this is the number of retries per nameserver in
|
|||||||
the zone.
|
the zone.
|
||||||
Default is 5.
|
Default is 5.
|
||||||
.TP 5
|
.TP 5
|
||||||
|
.B max\-sent\-count: \fI<number>
|
||||||
|
Hard limit on the number of outgoing queries Unbound will make while resolving
|
||||||
|
a name, making sure large NS sets do not loop.
|
||||||
|
Results in SERVFAIL when reached.
|
||||||
|
It resets on query restarts (e.g., CNAME) and referrals.
|
||||||
|
Default is 32.
|
||||||
|
.TP 5
|
||||||
|
.B max\-query\-restarts: \fI<number>
|
||||||
|
Hard limit on the number of times Unbound is allowed to restart a query upon
|
||||||
|
encountering a CNAME record.
|
||||||
|
Results in SERVFAIL when reached.
|
||||||
|
Changing this value needs caution as it can allow long CNAME chains to be
|
||||||
|
accepted, where Unbound needs to verify (resolve) each link individually.
|
||||||
|
Default is 11.
|
||||||
|
.TP 5
|
||||||
.B fast\-server\-permil: \fI<number>
|
.B fast\-server\-permil: \fI<number>
|
||||||
Specify how many times out of 1000 to pick from the set of fastest servers.
|
Specify how many times out of 1000 to pick from the set of fastest servers.
|
||||||
0 turns the feature off. A value of 900 would pick from the fastest
|
0 turns the feature off. A value of 900 would pick from the fastest
|
||||||
@ -1853,7 +1876,7 @@ errors. Default is "no".
|
|||||||
When the \fBval-log-level\fR option is also set to \fB2\fR, responses with
|
When the \fBval-log-level\fR option is also set to \fB2\fR, responses with
|
||||||
Extended DNS Errors concerning DNSSEC failures that are not served from cache,
|
Extended DNS Errors concerning DNSSEC failures that are not served from cache,
|
||||||
will also contain a descriptive text message about the reason for the failure.
|
will also contain a descriptive text message about the reason for the failure.
|
||||||
.TP
|
.TP 5
|
||||||
.B ede\-serve\-expired: \fI<yes or no>
|
.B ede\-serve\-expired: \fI<yes or no>
|
||||||
If enabled, Unbound will attach an Extended DNS Error (RFC8914) Code 3 - Stale
|
If enabled, Unbound will attach an Extended DNS Error (RFC8914) Code 3 - Stale
|
||||||
Answer as EDNS0 option to the expired response. Note that this will not attach
|
Answer as EDNS0 option to the expired response. Note that this will not attach
|
||||||
@ -2358,6 +2381,9 @@ The maximum size of the ECS cache is controlled by 'msg-cache-size' in the
|
|||||||
configuration file. On top of that, for each query only 100 different subnets
|
configuration file. On top of that, for each query only 100 different subnets
|
||||||
are allowed to be stored for each address family. Exceeding that number, older
|
are allowed to be stored for each address family. Exceeding that number, older
|
||||||
entries will be purged from cache.
|
entries will be purged from cache.
|
||||||
|
.LP
|
||||||
|
This module does not interact with the \fBserve\-expired*\fR and
|
||||||
|
\fBprefetch:\fR options.
|
||||||
.TP
|
.TP
|
||||||
.B send\-client\-subnet: \fI<IP address>\fR
|
.B send\-client\-subnet: \fI<IP address>\fR
|
||||||
Send client source address to this authority. Append /num to indicate a
|
Send client source address to this authority. Append /num to indicate a
|
||||||
|
@ -204,6 +204,17 @@ subnetmod_init(struct module_env *env, int id)
|
|||||||
}
|
}
|
||||||
alloc_init(&sn_env->alloc, NULL, 0);
|
alloc_init(&sn_env->alloc, NULL, 0);
|
||||||
env->modinfo[id] = (void*)sn_env;
|
env->modinfo[id] = (void*)sn_env;
|
||||||
|
|
||||||
|
/* Warn that serve-expired and prefetch do not work with the subnet
|
||||||
|
* module cache. */
|
||||||
|
if(env->cfg->serve_expired)
|
||||||
|
log_warn(
|
||||||
|
"subnetcache: serve-expired is set but not working "
|
||||||
|
"for data originating from the subnet module cache.");
|
||||||
|
if(env->cfg->prefetch)
|
||||||
|
log_warn(
|
||||||
|
"subnetcache: prefetch is set but not working "
|
||||||
|
"for data originating from the subnet module cache.");
|
||||||
/* Copy msg_cache settings */
|
/* Copy msg_cache settings */
|
||||||
sn_env->subnet_msg_cache = slabhash_create(env->cfg->msg_cache_slabs,
|
sn_env->subnet_msg_cache = slabhash_create(env->cfg->msg_cache_slabs,
|
||||||
HASH_DEFAULT_STARTARRAY, env->cfg->msg_cache_size,
|
HASH_DEFAULT_STARTARRAY, env->cfg->msg_cache_size,
|
||||||
|
@ -175,6 +175,8 @@ iter_apply_cfg(struct iter_env* iter_env, struct config_file* cfg)
|
|||||||
iter_env->supports_ipv6 = cfg->do_ip6;
|
iter_env->supports_ipv6 = cfg->do_ip6;
|
||||||
iter_env->supports_ipv4 = cfg->do_ip4;
|
iter_env->supports_ipv4 = cfg->do_ip4;
|
||||||
iter_env->outbound_msg_retry = cfg->outbound_msg_retry;
|
iter_env->outbound_msg_retry = cfg->outbound_msg_retry;
|
||||||
|
iter_env->max_sent_count = cfg->max_sent_count;
|
||||||
|
iter_env->max_query_restarts = cfg->max_query_restarts;
|
||||||
return 1;
|
return 1;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -1314,7 +1314,7 @@ processInitRequest(struct module_qstate* qstate, struct iter_qstate* iq,
|
|||||||
|
|
||||||
/* We enforce a maximum number of query restarts. This is primarily a
|
/* We enforce a maximum number of query restarts. This is primarily a
|
||||||
* cheap way to prevent CNAME loops. */
|
* cheap way to prevent CNAME loops. */
|
||||||
if(iq->query_restart_count > MAX_RESTART_COUNT) {
|
if(iq->query_restart_count > ie->max_query_restarts) {
|
||||||
verbose(VERB_QUERY, "request has exceeded the maximum number"
|
verbose(VERB_QUERY, "request has exceeded the maximum number"
|
||||||
" of query restarts with %d", iq->query_restart_count);
|
" of query restarts with %d", iq->query_restart_count);
|
||||||
errinf(qstate, "request has exceeded the maximum number "
|
errinf(qstate, "request has exceeded the maximum number "
|
||||||
@ -2276,14 +2276,13 @@ processQueryTargets(struct module_qstate* qstate, struct iter_qstate* iq,
|
|||||||
iq->num_current_queries, iq->sent_count);
|
iq->num_current_queries, iq->sent_count);
|
||||||
|
|
||||||
/* Make sure that we haven't run away */
|
/* Make sure that we haven't run away */
|
||||||
/* FIXME: is this check even necessary? */
|
|
||||||
if(iq->referral_count > MAX_REFERRAL_COUNT) {
|
if(iq->referral_count > MAX_REFERRAL_COUNT) {
|
||||||
verbose(VERB_QUERY, "request has exceeded the maximum "
|
verbose(VERB_QUERY, "request has exceeded the maximum "
|
||||||
"number of referrrals with %d", iq->referral_count);
|
"number of referrrals with %d", iq->referral_count);
|
||||||
errinf(qstate, "exceeded the maximum of referrals");
|
errinf(qstate, "exceeded the maximum of referrals");
|
||||||
return error_response(qstate, id, LDNS_RCODE_SERVFAIL);
|
return error_response(qstate, id, LDNS_RCODE_SERVFAIL);
|
||||||
}
|
}
|
||||||
if(iq->sent_count > MAX_SENT_COUNT) {
|
if(iq->sent_count > ie->max_sent_count) {
|
||||||
verbose(VERB_QUERY, "request has exceeded the maximum "
|
verbose(VERB_QUERY, "request has exceeded the maximum "
|
||||||
"number of sends with %d", iq->sent_count);
|
"number of sends with %d", iq->sent_count);
|
||||||
errinf(qstate, "exceeded the maximum number of sends");
|
errinf(qstate, "exceeded the maximum number of sends");
|
||||||
@ -2630,7 +2629,7 @@ processQueryTargets(struct module_qstate* qstate, struct iter_qstate* iq,
|
|||||||
* the original query is one that matched too, so we have
|
* the original query is one that matched too, so we have
|
||||||
* caps_server+1 number of matching queries now */
|
* caps_server+1 number of matching queries now */
|
||||||
if(iq->caps_server+1 >= naddr*3 ||
|
if(iq->caps_server+1 >= naddr*3 ||
|
||||||
iq->caps_server*2+2 >= MAX_SENT_COUNT) {
|
iq->caps_server*2+2 >= (size_t)ie->max_sent_count) {
|
||||||
/* *2 on sentcount check because ipv6 may fail */
|
/* *2 on sentcount check because ipv6 may fail */
|
||||||
/* we're done, process the response */
|
/* we're done, process the response */
|
||||||
verbose(VERB_ALGO, "0x20 fallback had %d responses "
|
verbose(VERB_ALGO, "0x20 fallback had %d responses "
|
||||||
|
@ -63,12 +63,8 @@ struct rbtree_type;
|
|||||||
/** max number of nxdomains allowed for target lookups for a query and
|
/** max number of nxdomains allowed for target lookups for a query and
|
||||||
* its subqueries when fallback has kicked in */
|
* its subqueries when fallback has kicked in */
|
||||||
#define MAX_TARGET_NX_FALLBACK (MAX_TARGET_NX*2)
|
#define MAX_TARGET_NX_FALLBACK (MAX_TARGET_NX*2)
|
||||||
/** max number of query restarts. Determines max number of CNAME chain. */
|
|
||||||
#define MAX_RESTART_COUNT 11
|
|
||||||
/** max number of referrals. Makes sure resolver does not run away */
|
/** max number of referrals. Makes sure resolver does not run away */
|
||||||
#define MAX_REFERRAL_COUNT 130
|
#define MAX_REFERRAL_COUNT 130
|
||||||
/** max number of queries-sent-out. Make sure large NS set does not loop */
|
|
||||||
#define MAX_SENT_COUNT 32
|
|
||||||
/** max number of queries for which to perform dnsseclameness detection,
|
/** max number of queries for which to perform dnsseclameness detection,
|
||||||
* (rrsigs missing detection) after that, just pick up that response */
|
* (rrsigs missing detection) after that, just pick up that response */
|
||||||
#define DNSSEC_LAME_DETECT_COUNT 4
|
#define DNSSEC_LAME_DETECT_COUNT 4
|
||||||
@ -145,6 +141,12 @@ struct iter_env {
|
|||||||
|
|
||||||
/** number of retries on outgoing queries */
|
/** number of retries on outgoing queries */
|
||||||
int outbound_msg_retry;
|
int outbound_msg_retry;
|
||||||
|
|
||||||
|
/** number of queries_sent */
|
||||||
|
int max_sent_count;
|
||||||
|
|
||||||
|
/** max number of query restarts to limit length of CNAME chain */
|
||||||
|
int max_query_restarts;
|
||||||
};
|
};
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
@ -70,6 +70,7 @@ context_finalize(struct ub_ctx* ctx)
|
|||||||
} else {
|
} else {
|
||||||
log_init(cfg->logfile, cfg->use_syslog, NULL);
|
log_init(cfg->logfile, cfg->use_syslog, NULL);
|
||||||
}
|
}
|
||||||
|
ctx->pipe_pid = getpid();
|
||||||
cfg_apply_local_port_policy(cfg, 65536);
|
cfg_apply_local_port_policy(cfg, 65536);
|
||||||
config_apply(cfg);
|
config_apply(cfg);
|
||||||
if(!modstack_setup(&ctx->mods, cfg->module_conf, ctx->env))
|
if(!modstack_setup(&ctx->mods, cfg->module_conf, ctx->env))
|
||||||
|
@ -89,6 +89,12 @@ struct ub_ctx {
|
|||||||
pid_t bg_pid;
|
pid_t bg_pid;
|
||||||
/** tid of bg worker thread */
|
/** tid of bg worker thread */
|
||||||
ub_thread_type bg_tid;
|
ub_thread_type bg_tid;
|
||||||
|
/** pid when pipes are created. This was the process when the
|
||||||
|
* setup was called. Helps with clean up, so we can tell after a fork
|
||||||
|
* which side of the fork the delete is on. */
|
||||||
|
pid_t pipe_pid;
|
||||||
|
/** when threaded, the worker that exists in the created thread. */
|
||||||
|
struct libworker* thread_worker;
|
||||||
|
|
||||||
/** do threading (instead of forking) for async resolution */
|
/** do threading (instead of forking) for async resolution */
|
||||||
int dothread;
|
int dothread;
|
||||||
|
@ -305,11 +305,31 @@ ub_ctx_delete(struct ub_ctx* ctx)
|
|||||||
int do_stop = 1;
|
int do_stop = 1;
|
||||||
if(!ctx) return;
|
if(!ctx) return;
|
||||||
|
|
||||||
|
/* if the delete is called but it has forked, and before the fork
|
||||||
|
* the context was finalized, then the bg worker is not stopped
|
||||||
|
* from here. There is one worker, but two contexts that refer to
|
||||||
|
* it and only one should clean up, the one with getpid == pipe_pid.*/
|
||||||
|
if(ctx->created_bg && ctx->pipe_pid != getpid()) {
|
||||||
|
do_stop = 0;
|
||||||
|
#ifndef USE_WINSOCK
|
||||||
|
/* Stop events from getting deregistered, if the backend is
|
||||||
|
* epoll, the epoll fd is the same as the other process.
|
||||||
|
* That process should deregister them. */
|
||||||
|
if(ctx->qq_pipe->listen_com)
|
||||||
|
ctx->qq_pipe->listen_com->event_added = 0;
|
||||||
|
if(ctx->qq_pipe->res_com)
|
||||||
|
ctx->qq_pipe->res_com->event_added = 0;
|
||||||
|
if(ctx->rr_pipe->listen_com)
|
||||||
|
ctx->rr_pipe->listen_com->event_added = 0;
|
||||||
|
if(ctx->rr_pipe->res_com)
|
||||||
|
ctx->rr_pipe->res_com->event_added = 0;
|
||||||
|
#endif
|
||||||
|
}
|
||||||
/* see if bg thread is created and if threads have been killed */
|
/* see if bg thread is created and if threads have been killed */
|
||||||
/* no locks, because those may be held by terminated threads */
|
/* no locks, because those may be held by terminated threads */
|
||||||
/* for processes the read pipe is closed and we see that on read */
|
/* for processes the read pipe is closed and we see that on read */
|
||||||
#ifdef HAVE_PTHREAD
|
#ifdef HAVE_PTHREAD
|
||||||
if(ctx->created_bg && ctx->dothread) {
|
if(ctx->created_bg && ctx->dothread && do_stop) {
|
||||||
if(pthread_kill(ctx->bg_tid, 0) == ESRCH) {
|
if(pthread_kill(ctx->bg_tid, 0) == ESRCH) {
|
||||||
/* thread has been killed */
|
/* thread has been killed */
|
||||||
do_stop = 0;
|
do_stop = 0;
|
||||||
@ -318,6 +338,23 @@ ub_ctx_delete(struct ub_ctx* ctx)
|
|||||||
#endif /* HAVE_PTHREAD */
|
#endif /* HAVE_PTHREAD */
|
||||||
if(do_stop)
|
if(do_stop)
|
||||||
ub_stop_bg(ctx);
|
ub_stop_bg(ctx);
|
||||||
|
if(ctx->created_bg && ctx->pipe_pid != getpid() && ctx->thread_worker) {
|
||||||
|
/* This delete is happening from a different process. Delete
|
||||||
|
* the thread worker from this process memory space. The
|
||||||
|
* thread is not there to do so, so it is freed here. */
|
||||||
|
struct ub_event_base* evbase = comm_base_internal(
|
||||||
|
ctx->thread_worker->base);
|
||||||
|
libworker_delete_event(ctx->thread_worker);
|
||||||
|
ctx->thread_worker = NULL;
|
||||||
|
#ifdef USE_MINI_EVENT
|
||||||
|
ub_event_base_free(evbase);
|
||||||
|
#else
|
||||||
|
/* cannot event_base_free, because the epoll_fd cleanup
|
||||||
|
* in libevent could stop the original event_base in the
|
||||||
|
* other process from working. */
|
||||||
|
free(evbase);
|
||||||
|
#endif
|
||||||
|
}
|
||||||
libworker_delete_event(ctx->event_worker);
|
libworker_delete_event(ctx->event_worker);
|
||||||
|
|
||||||
modstack_desetup(&ctx->mods, ctx->env);
|
modstack_desetup(&ctx->mods, ctx->env);
|
||||||
|
@ -395,6 +395,7 @@ int libworker_bg(struct ub_ctx* ctx)
|
|||||||
w = libworker_setup(ctx, 1, NULL);
|
w = libworker_setup(ctx, 1, NULL);
|
||||||
if(!w) return UB_NOMEM;
|
if(!w) return UB_NOMEM;
|
||||||
w->is_bg_thread = 1;
|
w->is_bg_thread = 1;
|
||||||
|
ctx->thread_worker = w;
|
||||||
#ifdef ENABLE_LOCK_CHECKS
|
#ifdef ENABLE_LOCK_CHECKS
|
||||||
w->thread_num = 1; /* for nicer DEBUG checklocks */
|
w->thread_num = 1; /* for nicer DEBUG checklocks */
|
||||||
#endif
|
#endif
|
||||||
|
@ -230,7 +230,7 @@ int ub_ctx_set_event(struct ub_ctx* ctx, struct event_base* base);
|
|||||||
* @param callback: this is called on completion of the resolution.
|
* @param callback: this is called on completion of the resolution.
|
||||||
* It is called as:
|
* It is called as:
|
||||||
* void callback(void* mydata, int rcode, void* packet, int packet_len,
|
* void callback(void* mydata, int rcode, void* packet, int packet_len,
|
||||||
* int sec, char* why_bogus)
|
* int sec, char* why_bogus, int was_ratelimited)
|
||||||
* with mydata: the same as passed here, you may pass NULL,
|
* with mydata: the same as passed here, you may pass NULL,
|
||||||
* with rcode: 0 on no error, nonzero for mostly SERVFAIL situations,
|
* with rcode: 0 on no error, nonzero for mostly SERVFAIL situations,
|
||||||
* this is a DNS rcode.
|
* this is a DNS rcode.
|
||||||
@ -241,6 +241,7 @@ int ub_ctx_set_event(struct ub_ctx* ctx, struct event_base* base);
|
|||||||
* with packet_len: length in bytes of the packet buffer.
|
* with packet_len: length in bytes of the packet buffer.
|
||||||
* with sec: 0 if insecure, 1 if bogus, 2 if DNSSEC secure.
|
* with sec: 0 if insecure, 1 if bogus, 2 if DNSSEC secure.
|
||||||
* with why_bogus: text string explaining why it is bogus (or NULL).
|
* with why_bogus: text string explaining why it is bogus (or NULL).
|
||||||
|
* with was_ratelimited: if the query was ratelimited.
|
||||||
* These point to buffers inside unbound; do not deallocate the packet or
|
* These point to buffers inside unbound; do not deallocate the packet or
|
||||||
* error string.
|
* error string.
|
||||||
*
|
*
|
||||||
|
@ -255,7 +255,7 @@ log_py_err(void)
|
|||||||
int pythonmod_init(struct module_env* env, int id)
|
int pythonmod_init(struct module_env* env, int id)
|
||||||
{
|
{
|
||||||
int py_mod_idx = py_mod_count++;
|
int py_mod_idx = py_mod_count++;
|
||||||
|
|
||||||
/* Initialize module */
|
/* Initialize module */
|
||||||
FILE* script_py = NULL;
|
FILE* script_py = NULL;
|
||||||
PyObject* py_init_arg, *res;
|
PyObject* py_init_arg, *res;
|
||||||
@ -316,23 +316,37 @@ int pythonmod_init(struct module_env* env, int id)
|
|||||||
|
|
||||||
if (py_mod_count==1) {
|
if (py_mod_count==1) {
|
||||||
/* Initialize Python */
|
/* Initialize Python */
|
||||||
PyRun_SimpleString("import sys \n");
|
if(PyRun_SimpleString("import sys \n") < 0 ) {
|
||||||
|
goto python_init_fail;
|
||||||
|
}
|
||||||
PyRun_SimpleString("sys.path.append('.') \n");
|
PyRun_SimpleString("sys.path.append('.') \n");
|
||||||
|
PyRun_SimpleString("sys.path.append('"RUN_DIR"') \n");
|
||||||
|
PyRun_SimpleString("sys.path.append('"SHARE_DIR"') \n");
|
||||||
if(env->cfg->directory && env->cfg->directory[0]) {
|
if(env->cfg->directory && env->cfg->directory[0]) {
|
||||||
char wdir[1524];
|
char wdir[1524];
|
||||||
snprintf(wdir, sizeof(wdir), "sys.path.append('%s') \n",
|
snprintf(wdir, sizeof(wdir), "sys.path.append('%s') \n",
|
||||||
env->cfg->directory);
|
env->cfg->directory);
|
||||||
PyRun_SimpleString(wdir);
|
PyRun_SimpleString(wdir);
|
||||||
}
|
}
|
||||||
PyRun_SimpleString("sys.path.append('"RUN_DIR"') \n");
|
/* Check if sysconfig is there and use that instead of distutils;
|
||||||
PyRun_SimpleString("sys.path.append('"SHARE_DIR"') \n");
|
* distutils.sysconfig is deprecated in Python 3.10. */
|
||||||
PyRun_SimpleString("import distutils.sysconfig \n");
|
if(PyRun_SimpleString("import sysconfig \n") < 0) {
|
||||||
PyRun_SimpleString("sys.path.append(distutils.sysconfig.get_python_lib(1,0)) \n");
|
log_info("pythonmod: module sysconfig not available; "
|
||||||
if (PyRun_SimpleString("from unboundmodule import *\n") < 0)
|
"falling back to distutils.sysconfig.");
|
||||||
|
if(PyRun_SimpleString("import distutils.sysconfig \n") < 0
|
||||||
|
|| PyRun_SimpleString("sys.path.append("
|
||||||
|
"distutils.sysconfig.get_python_lib(1,0)) \n") < 0) {
|
||||||
|
goto python_init_fail;
|
||||||
|
}
|
||||||
|
} else {
|
||||||
|
if(PyRun_SimpleString("sys.path.append("
|
||||||
|
"sysconfig.get_path('platlib')) \n") < 0) {
|
||||||
|
goto python_init_fail;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
if(PyRun_SimpleString("from unboundmodule import *\n") < 0)
|
||||||
{
|
{
|
||||||
log_err("pythonmod: cannot initialize core module: unboundmodule.py");
|
goto python_init_fail;
|
||||||
PyGILState_Release(gil);
|
|
||||||
return 0;
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -480,6 +494,11 @@ int pythonmod_init(struct module_env* env, int id)
|
|||||||
PyGILState_Release(gil);
|
PyGILState_Release(gil);
|
||||||
|
|
||||||
return 1;
|
return 1;
|
||||||
|
|
||||||
|
python_init_fail:
|
||||||
|
log_err("pythonmod: cannot initialize core module: unboundmodule.py");
|
||||||
|
PyGILState_Release(gil);
|
||||||
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
void pythonmod_deinit(struct module_env* env, int id)
|
void pythonmod_deinit(struct module_env* env, int id)
|
||||||
|
@ -2756,6 +2756,7 @@ az_change_dnames(struct dns_msg* msg, uint8_t* oldname, uint8_t* newname,
|
|||||||
== 0) {
|
== 0) {
|
||||||
msg->rep->rrsets[i]->rk.dname = newname;
|
msg->rep->rrsets[i]->rk.dname = newname;
|
||||||
msg->rep->rrsets[i]->rk.dname_len = newlen;
|
msg->rep->rrsets[i]->rk.dname_len = newlen;
|
||||||
|
msg->rep->rrsets[i]->entry.hash = rrset_key_hash(&msg->rep->rrsets[i]->rk);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
8
services/cache/dns.c
vendored
8
services/cache/dns.c
vendored
@ -636,6 +636,14 @@ tomsg(struct module_env* env, struct query_info* q, struct reply_info* r,
|
|||||||
r->serve_expired_ttl < now) {
|
r->serve_expired_ttl < now) {
|
||||||
return NULL;
|
return NULL;
|
||||||
}
|
}
|
||||||
|
/* Ignore expired failure answers */
|
||||||
|
if(FLAGS_GET_RCODE(r->flags) !=
|
||||||
|
LDNS_RCODE_NOERROR &&
|
||||||
|
FLAGS_GET_RCODE(r->flags) !=
|
||||||
|
LDNS_RCODE_NXDOMAIN &&
|
||||||
|
FLAGS_GET_RCODE(r->flags) !=
|
||||||
|
LDNS_RCODE_YXDOMAIN)
|
||||||
|
return 0;
|
||||||
} else {
|
} else {
|
||||||
return NULL;
|
return NULL;
|
||||||
}
|
}
|
||||||
|
@ -196,8 +196,8 @@ enum sldns_enum_rr_type
|
|||||||
LDNS_RR_TYPE_OPENPGPKEY = 61, /* RFC 7929 */
|
LDNS_RR_TYPE_OPENPGPKEY = 61, /* RFC 7929 */
|
||||||
LDNS_RR_TYPE_CSYNC = 62, /* RFC 7477 */
|
LDNS_RR_TYPE_CSYNC = 62, /* RFC 7477 */
|
||||||
LDNS_RR_TYPE_ZONEMD = 63, /* draft-ietf-dnsop-dns-zone-digest-12 */
|
LDNS_RR_TYPE_ZONEMD = 63, /* draft-ietf-dnsop-dns-zone-digest-12 */
|
||||||
LDNS_RR_TYPE_SVCB = 64, /* draft-ietf-dnsop-svcb-https-04 */
|
LDNS_RR_TYPE_SVCB = 64, /* draft-ietf-dnsop-svcb-https-04 */
|
||||||
LDNS_RR_TYPE_HTTPS = 65, /* draft-ietf-dnsop-svcb-https-04 */
|
LDNS_RR_TYPE_HTTPS = 65, /* draft-ietf-dnsop-svcb-https-04 */
|
||||||
|
|
||||||
LDNS_RR_TYPE_SPF = 99, /* RFC 4408 */
|
LDNS_RR_TYPE_SPF = 99, /* RFC 4408 */
|
||||||
|
|
||||||
|
@ -102,6 +102,12 @@ usage(void)
|
|||||||
printf(" stop stops the server\n");
|
printf(" stop stops the server\n");
|
||||||
printf(" reload reloads the server\n");
|
printf(" reload reloads the server\n");
|
||||||
printf(" (this flushes data, stats, requestlist)\n");
|
printf(" (this flushes data, stats, requestlist)\n");
|
||||||
|
printf(" reload_keep_cache reloads the server but tries to\n");
|
||||||
|
printf(" keep the RRset and message cache\n");
|
||||||
|
printf(" if (re)configuration allows for it.\n");
|
||||||
|
printf(" That means the caches sizes and\n");
|
||||||
|
printf(" the number of threads must not\n");
|
||||||
|
printf(" change between reloads.\n");
|
||||||
printf(" stats print statistics\n");
|
printf(" stats print statistics\n");
|
||||||
printf(" stats_noreset peek at statistics\n");
|
printf(" stats_noreset peek at statistics\n");
|
||||||
#ifdef HAVE_SHMGET
|
#ifdef HAVE_SHMGET
|
||||||
@ -180,8 +186,6 @@ usage(void)
|
|||||||
#ifdef HAVE_SHMGET
|
#ifdef HAVE_SHMGET
|
||||||
/** what to put on statistics lines between var and value, ": " or "=" */
|
/** what to put on statistics lines between var and value, ": " or "=" */
|
||||||
#define SQ "="
|
#define SQ "="
|
||||||
/** if true, inhibits a lot of =0 lines from the stats output */
|
|
||||||
static const int inhibit_zero = 1;
|
|
||||||
/** divide sum of timers to get average */
|
/** divide sum of timers to get average */
|
||||||
static void
|
static void
|
||||||
timeval_divide(struct timeval* avg, const struct timeval* sum, long long d)
|
timeval_divide(struct timeval* avg, const struct timeval* sum, long long d)
|
||||||
@ -316,7 +320,7 @@ static void print_hist(struct ub_stats_info* s)
|
|||||||
}
|
}
|
||||||
|
|
||||||
/** print extended */
|
/** print extended */
|
||||||
static void print_extended(struct ub_stats_info* s)
|
static void print_extended(struct ub_stats_info* s, int inhibit_zero)
|
||||||
{
|
{
|
||||||
int i;
|
int i;
|
||||||
char nm[16];
|
char nm[16];
|
||||||
@ -439,7 +443,7 @@ static void do_stats_shm(struct config_file* cfg, struct ub_stats_info* stats,
|
|||||||
if(cfg->stat_extended) {
|
if(cfg->stat_extended) {
|
||||||
print_mem(shm_stat, &stats[0]);
|
print_mem(shm_stat, &stats[0]);
|
||||||
print_hist(stats);
|
print_hist(stats);
|
||||||
print_extended(stats);
|
print_extended(stats, cfg->stat_inhibit_zero);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
#endif /* HAVE_SHMGET */
|
#endif /* HAVE_SHMGET */
|
||||||
|
@ -573,6 +573,7 @@ int main(int argc, char** argv)
|
|||||||
#endif
|
#endif
|
||||||
checklock_start();
|
checklock_start();
|
||||||
log_init(0, 0, 0);
|
log_init(0, 0, 0);
|
||||||
|
log_ident_set("dohclient");
|
||||||
|
|
||||||
h2_session = http2_session_create();
|
h2_session = http2_session_create();
|
||||||
if(!h2_session) fatal_exit("out of memory");
|
if(!h2_session) fatal_exit("out of memory");
|
||||||
|
9
testdata/03-testbound.tdir/03-testbound.test
vendored
9
testdata/03-testbound.tdir/03-testbound.test
vendored
@ -103,6 +103,15 @@ for input in $PRE/testdata/*.rpl $PRE/testdata/*.crpl; do
|
|||||||
fi
|
fi
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
# detect if cachedb is needed
|
||||||
|
if echo $cleaninput | grep cachedb >/dev/null 2>&1; then
|
||||||
|
if grep "define USE_CACHEDB 1" $PRE/config.h >/dev/null 2>&1; then
|
||||||
|
: # CACHEDB is supported
|
||||||
|
else
|
||||||
|
continue
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
|
||||||
if test $do_valgrind = "yes"; then
|
if test $do_valgrind = "yes"; then
|
||||||
echo
|
echo
|
||||||
if (valgrind $VALGRIND_FLAGS $PRE/testbound -p $input >tmpout 2>&1;); then
|
if (valgrind $VALGRIND_FLAGS $PRE/testbound -p $input >tmpout 2>&1;); then
|
||||||
|
@ -1,6 +1,6 @@
|
|||||||
server:
|
server:
|
||||||
verbosity: 2
|
verbosity: 2
|
||||||
# num-threads: 1
|
num-threads: 1
|
||||||
interface: 127.0.0.1
|
interface: 127.0.0.1
|
||||||
port: @PORT@
|
port: @PORT@
|
||||||
use-syslog: no
|
use-syslog: no
|
||||||
@ -9,6 +9,10 @@ server:
|
|||||||
chroot: ""
|
chroot: ""
|
||||||
username: ""
|
username: ""
|
||||||
do-not-query-localhost: no
|
do-not-query-localhost: no
|
||||||
|
access-control: 127.0.0.1 allow_snoop
|
||||||
|
msg-cache-size: 4m
|
||||||
|
rrset-cache-size: 4m
|
||||||
|
minimal-responses: yes
|
||||||
remote-control:
|
remote-control:
|
||||||
control-enable: yes
|
control-enable: yes
|
||||||
control-interface: 127.0.0.1
|
control-interface: 127.0.0.1
|
||||||
@ -21,4 +25,3 @@ remote-control:
|
|||||||
forward-zone:
|
forward-zone:
|
||||||
name: "."
|
name: "."
|
||||||
forward-addr: "127.0.0.1@@TOPORT@"
|
forward-addr: "127.0.0.1@@TOPORT@"
|
||||||
|
|
||||||
|
@ -5,364 +5,317 @@
|
|||||||
[ -f .tpkg.var.test ] && source .tpkg.var.test
|
[ -f .tpkg.var.test ] && source .tpkg.var.test
|
||||||
|
|
||||||
PRE="../.."
|
PRE="../.."
|
||||||
|
. ../common.sh
|
||||||
|
|
||||||
# exit value is 1 on usage
|
# End the test
|
||||||
$PRE/unbound-control -h
|
# $1: exit value
|
||||||
if test $? -ne 1; then
|
end () {
|
||||||
echo "wrong exit value for usage."
|
echo "> cat logfiles"
|
||||||
exit 1
|
cat fwd.log
|
||||||
else
|
cat unbound.log
|
||||||
echo "exit value for usage: OK"
|
exit $1
|
||||||
fi
|
}
|
||||||
|
|
||||||
|
# Expect a given exit value of the previous command
|
||||||
|
# $1: the expected exit value
|
||||||
|
# $2: optional text to print when failing
|
||||||
|
expect_exit_value () {
|
||||||
|
if test $? -ne $1; then
|
||||||
|
if test -z "$2"; then
|
||||||
|
if test $1 -eq 1; then
|
||||||
|
msg="on error"
|
||||||
|
else
|
||||||
|
msg="after success"
|
||||||
|
fi
|
||||||
|
else
|
||||||
|
msg="$2"
|
||||||
|
fi
|
||||||
|
echo "wrong exit value $msg"
|
||||||
|
end 1
|
||||||
|
fi
|
||||||
|
}
|
||||||
|
|
||||||
|
# Helper function for quering
|
||||||
|
# $@: at least the domain name to query and optional dig arguments
|
||||||
|
query () {
|
||||||
|
echo "> dig $@"
|
||||||
|
dig @127.0.0.1 -p $UNBOUND_PORT $@ | tee outfile
|
||||||
|
}
|
||||||
|
|
||||||
|
# Expect something in the answer
|
||||||
|
# $1: expected regular expression
|
||||||
|
expect_answer () {
|
||||||
|
echo "> check answer for \"$1\""
|
||||||
|
if grep "$1" outfile; then
|
||||||
|
echo "OK"
|
||||||
|
else
|
||||||
|
echo "Not OK"
|
||||||
|
end 1
|
||||||
|
fi
|
||||||
|
}
|
||||||
|
|
||||||
|
# Fail the test for unexpected answers
|
||||||
|
# $1: unexpected regular expression
|
||||||
|
fail_answer () {
|
||||||
|
echo "> \"$1\" should not be in answer"
|
||||||
|
if grep "$1" outfile; then
|
||||||
|
echo "Not OK"
|
||||||
|
end 1
|
||||||
|
else
|
||||||
|
echo "OK"
|
||||||
|
fi
|
||||||
|
}
|
||||||
|
|
||||||
|
# Issue an unbound-control command
|
||||||
|
# $@: command arguments
|
||||||
|
control_command () {
|
||||||
|
echo "$PRE/unbound-control $@"
|
||||||
|
$PRE/unbound-control $@ > outfile
|
||||||
|
}
|
||||||
|
|
||||||
|
# Dump the cache contents
|
||||||
|
# $@: optional options to unbound-control
|
||||||
|
cache_dump () {
|
||||||
|
echo "$PRE/unbound-control $@ dump_cache > cache.dump"
|
||||||
|
$PRE/unbound-control $@ dump_cache > cache.dump
|
||||||
|
}
|
||||||
|
|
||||||
|
# Load cache contents
|
||||||
|
# $@: optional options to unbound-control
|
||||||
|
cache_load () {
|
||||||
|
echo "$PRE/unbound-control $@ load_cache < cache.dump"
|
||||||
|
$PRE/unbound-control $@ load_cache < cache.dump
|
||||||
|
}
|
||||||
|
|
||||||
|
# Expect an entry in the cache dump
|
||||||
|
# $1: expected regular expression
|
||||||
|
expect_in_cache_dump () {
|
||||||
|
echo "> check cache dump for \"$1\""
|
||||||
|
if grep "$1" cache.dump; then
|
||||||
|
echo "OK cache dump"
|
||||||
|
else
|
||||||
|
echo "Not OK cache dump"
|
||||||
|
end 1
|
||||||
|
fi
|
||||||
|
}
|
||||||
|
|
||||||
|
# Fail the test for unexpected entry in the cache dump
|
||||||
|
# $1: unexpected regular expression
|
||||||
|
fail_in_cache_dump () {
|
||||||
|
echo "> \"$1\" should not be in cache dump"
|
||||||
|
if grep "$1" cache.dump; then
|
||||||
|
echo "Not OK cache dump"
|
||||||
|
end 1
|
||||||
|
else
|
||||||
|
echo "OK cache dump"
|
||||||
|
fi
|
||||||
|
}
|
||||||
|
|
||||||
|
# start the test
|
||||||
|
cp ub.conf main.conf
|
||||||
|
|
||||||
|
teststep "exit value is 1 on usage"
|
||||||
|
control_command -h
|
||||||
|
expect_exit_value 1 "for usage"
|
||||||
|
|
||||||
# use lock-verify if possible
|
# use lock-verify if possible
|
||||||
|
|
||||||
# test if the server is up.
|
teststep "test if the server is up"
|
||||||
echo "> dig www.example.com."
|
query www.example.com.
|
||||||
dig @127.0.0.1 -p $UNBOUND_PORT www.example.com. | tee outfile
|
expect_answer "10.20.30.40"
|
||||||
echo "> check answer"
|
|
||||||
if grep "10.20.30.40" outfile; then
|
|
||||||
echo "OK"
|
|
||||||
else
|
|
||||||
echo "> cat logfiles"
|
|
||||||
cat fwd.log
|
|
||||||
cat unbound.log
|
|
||||||
echo "Not OK"
|
|
||||||
exit 1
|
|
||||||
fi
|
|
||||||
|
|
||||||
# exit value is 1 when a bad command is given.
|
teststep "exit value is 1 when a bad command is given"
|
||||||
echo "$PRE/unbound-control -c ub.conf blablargh"
|
control_command -c ub.conf blablargh
|
||||||
$PRE/unbound-control -c ub.conf blablargh
|
expect_exit_value 1
|
||||||
if test $? -ne 1; then
|
|
||||||
echo "wrong exit value on error."
|
|
||||||
echo "> cat logfiles"
|
|
||||||
cat fwd.log
|
|
||||||
cat unbound.lo
|
|
||||||
exit 1
|
|
||||||
else
|
|
||||||
echo "correct exit value on error"
|
|
||||||
fi
|
|
||||||
|
|
||||||
# reload the server. test if the server came up by putting a new
|
# reload the server. test if the server came up by putting a new
|
||||||
# local-data element in the server.
|
# local-data element in the server.
|
||||||
|
teststep "reload the server"
|
||||||
echo "server: local-data: 'afterreload. IN A 5.6.7.8'" >> ub.conf
|
echo "server: local-data: 'afterreload. IN A 5.6.7.8'" >> ub.conf
|
||||||
echo "$PRE/unbound-control -c ub.conf reload"
|
control_command -c ub.conf reload
|
||||||
$PRE/unbound-control -c ub.conf reload
|
expect_exit_value 0
|
||||||
if test $? -ne 0; then
|
query afterreload.
|
||||||
echo "wrong exit value after success"
|
expect_answer "5.6.7.8"
|
||||||
exit 1
|
|
||||||
fi
|
|
||||||
|
|
||||||
echo "> dig afterreload."
|
teststep "must have had at least 1 query since reload"
|
||||||
dig @127.0.0.1 -p $UNBOUND_PORT afterreload. | tee outfile
|
control_command -c ub.conf stats
|
||||||
echo "> check answer"
|
expect_exit_value 0
|
||||||
if grep "5.6.7.8" outfile; then
|
expect_answer "^total.num.queries=[1-9][0-9]*$"
|
||||||
echo "OK"
|
|
||||||
else
|
|
||||||
echo "> cat logfiles"
|
|
||||||
cat fwd.log
|
|
||||||
cat unbound.log
|
|
||||||
echo "Not OK"
|
|
||||||
exit 1
|
|
||||||
fi
|
|
||||||
|
|
||||||
# must have had queries now. 1 since reload.
|
teststep "check verbosity"
|
||||||
echo "$PRE/unbound-control -c ub.conf stats"
|
control_command -c ub.conf verbosity 2
|
||||||
$PRE/unbound-control -c ub.conf stats > tmp.$$
|
expect_exit_value 0
|
||||||
if test $? -ne 0; then
|
|
||||||
echo "wrong exit value after success"
|
|
||||||
exit 1
|
|
||||||
fi
|
|
||||||
if grep "^total.num.queries=[1-9][0-9]*$" tmp.$$; then
|
|
||||||
echo "OK"
|
|
||||||
else
|
|
||||||
echo "bad stats"
|
|
||||||
cat tmp.$$
|
|
||||||
exit 1
|
|
||||||
fi
|
|
||||||
|
|
||||||
# verbosity
|
teststep "check syntax error in parse"
|
||||||
echo "$PRE/unbound-control -c ub.conf verbosity 2"
|
control_command -c ub.conf verbosity jkdf
|
||||||
$PRE/unbound-control -c ub.conf verbosity 2
|
expect_exit_value 1
|
||||||
if test $? -ne 0; then
|
|
||||||
echo "wrong exit value after success"
|
|
||||||
exit 1
|
|
||||||
fi
|
|
||||||
|
|
||||||
# check syntax error in parse
|
teststep "check bad credentials"
|
||||||
echo "$PRE/unbound-control -c ub.conf verbosity jkdf"
|
|
||||||
$PRE/unbound-control -c ub.conf verbosity jkdf
|
|
||||||
if test $? -ne 1; then
|
|
||||||
echo "wrong exit value after failure"
|
|
||||||
exit 1
|
|
||||||
fi
|
|
||||||
|
|
||||||
# check bad credentials
|
|
||||||
cp ub.conf bad.conf
|
cp ub.conf bad.conf
|
||||||
echo "remote-control:" >> bad.conf
|
cat conf.bad_credentials >> bad.conf
|
||||||
echo " server-key-file: bad_server.key" >> bad.conf
|
control_command -c bad.conf verbosity 2
|
||||||
echo " server-cert-file: bad_server.pem" >> bad.conf
|
expect_exit_value 1
|
||||||
echo " control-key-file: bad_control.key" >> bad.conf
|
|
||||||
echo " control-cert-file: bad_control.pem" >> bad.conf
|
|
||||||
echo "$PRE/unbound-control -c bad.conf verbosity 2"
|
|
||||||
$PRE/unbound-control -c bad.conf verbosity 2
|
|
||||||
if test $? -ne 1; then
|
|
||||||
echo "wrong exit value after failure"
|
|
||||||
exit 1
|
|
||||||
fi
|
|
||||||
|
|
||||||
# check spoofedclient credentials
|
teststep "check spoofed client credentials"
|
||||||
rm -f bad.conf
|
rm -f bad.conf
|
||||||
cp ub.conf bad.conf
|
cp ub.conf bad.conf
|
||||||
echo "remote-control:" >> bad.conf
|
cat conf.spoofed_credentials >> bad.conf
|
||||||
echo " server-key-file: unbound_server.key" >> bad.conf
|
control_command -c bad.conf verbosity 2
|
||||||
echo " server-cert-file: unbound_server.pem" >> bad.conf
|
expect_exit_value 1
|
||||||
echo " control-key-file: bad_control.key" >> bad.conf
|
|
||||||
echo " control-cert-file: bad_control.pem" >> bad.conf
|
|
||||||
echo "$PRE/unbound-control -c bad.conf verbosity 2"
|
|
||||||
$PRE/unbound-control -c bad.conf verbosity 2
|
|
||||||
if test $? -ne 1; then
|
|
||||||
echo "wrong exit value after failure"
|
|
||||||
exit 1
|
|
||||||
fi
|
|
||||||
|
|
||||||
# create a new local zone
|
teststep "create a new local zone"
|
||||||
echo "> test of local zone"
|
control_command -c ub.conf local_zone example.net static
|
||||||
echo "$PRE/unbound-control -c ub.conf local_zone example.net static"
|
expect_exit_value 0
|
||||||
$PRE/unbound-control -c ub.conf local_zone example.net static
|
control_command -c ub.conf local_data www.example.net A 192.0.2.1
|
||||||
if test $? -ne 0; then
|
expect_exit_value 0
|
||||||
echo "wrong exit value after success"
|
|
||||||
exit 1
|
|
||||||
fi
|
|
||||||
echo "$PRE/unbound-control -c ub.conf local_data www.example.net A 192.0.2.1"
|
|
||||||
$PRE/unbound-control -c ub.conf local_data www.example.net A 192.0.2.1
|
|
||||||
if test $? -ne 0; then
|
|
||||||
echo "wrong exit value after success"
|
|
||||||
exit 1
|
|
||||||
fi
|
|
||||||
|
|
||||||
# check that www.example.net exists
|
teststep "check that www.example.net exists"
|
||||||
echo "> dig www.example.net."
|
query www.example.net.
|
||||||
dig @127.0.0.1 -p $UNBOUND_PORT www.example.net. | tee outfile
|
expect_answer "192.0.2.1"
|
||||||
echo "> check answer"
|
|
||||||
if grep "192.0.2.1" outfile; then
|
|
||||||
echo "OK"
|
|
||||||
else
|
|
||||||
echo "> cat logfiles"
|
|
||||||
cat fwd.log
|
|
||||||
cat unbound.log
|
|
||||||
echo "Not OK"
|
|
||||||
exit 1
|
|
||||||
fi
|
|
||||||
|
|
||||||
# check that mail.example.net has nxdomain
|
teststep "check that mail.example.net has nxdomain"
|
||||||
echo "> dig mail.example.net."
|
query mail.example.net.
|
||||||
dig @127.0.0.1 -p $UNBOUND_PORT mail.example.net. | tee outfile
|
expect_answer "NXDOMAIN"
|
||||||
echo "> check answer"
|
|
||||||
if grep "NXDOMAIN" outfile; then
|
|
||||||
echo "OK"
|
|
||||||
else
|
|
||||||
echo "> cat logfiles"
|
|
||||||
cat fwd.log
|
|
||||||
cat unbound.log
|
|
||||||
echo "Not OK"
|
|
||||||
exit 1
|
|
||||||
fi
|
|
||||||
|
|
||||||
# remove www.example.net - check it gets nxdomain
|
teststep "remove www.example.net - check it gets nxdomain"
|
||||||
echo "$PRE/unbound-control -c ub.conf local_data_remove www.example.net"
|
control_command -c ub.conf local_data_remove www.example.net
|
||||||
$PRE/unbound-control -c ub.conf local_data_remove www.example.net
|
expect_exit_value 0
|
||||||
if test $? -ne 0; then
|
query www.example.net.
|
||||||
echo "wrong exit value after success"
|
expect_answer "NXDOMAIN"
|
||||||
exit 1
|
|
||||||
fi
|
|
||||||
echo "> dig www.example.net."
|
|
||||||
dig @127.0.0.1 -p $UNBOUND_PORT www.example.net. | tee outfile
|
|
||||||
echo "> check answer"
|
|
||||||
if grep "NXDOMAIN" outfile; then
|
|
||||||
echo "OK"
|
|
||||||
else
|
|
||||||
echo "> cat logfiles"
|
|
||||||
cat fwd.log
|
|
||||||
cat unbound.log
|
|
||||||
echo "Not OK"
|
|
||||||
exit 1
|
|
||||||
fi
|
|
||||||
|
|
||||||
# remove nonexistent name - check bug#287(segfault) does not happen.
|
teststep "remove nonexistent name - check bug#287(segfault) does not happen"
|
||||||
echo "$PRE/unbound-control -c ub.conf local_data_remove test.example.net"
|
control_command -c ub.conf local_data_remove test.example.net
|
||||||
$PRE/unbound-control -c ub.conf local_data_remove test.example.net
|
|
||||||
# if crash then then we get: error: could not SSL_read from unbound-control
|
# if crash then then we get: error: could not SSL_read from unbound-control
|
||||||
if test $? -ne 0; then
|
expect_exit_value 0
|
||||||
echo "wrong exit value after success"
|
|
||||||
cat unbound.log
|
|
||||||
echo "Not OK"
|
|
||||||
exit 1
|
|
||||||
fi
|
|
||||||
|
|
||||||
# remove example.net - check its gone.
|
teststep "remove example.net - check its gone"
|
||||||
echo "$PRE/unbound-control -c ub.conf local_zone_remove example.net"
|
control_command -c ub.conf local_zone_remove example.net
|
||||||
$PRE/unbound-control -c ub.conf local_zone_remove example.net
|
expect_exit_value 0
|
||||||
if test $? -ne 0; then
|
query www.example.net.
|
||||||
echo "wrong exit value after success"
|
expect_answer "SERVFAIL"
|
||||||
exit 1
|
|
||||||
fi
|
|
||||||
echo "> dig www.example.net."
|
|
||||||
dig @127.0.0.1 -p $UNBOUND_PORT www.example.net. | tee outfile
|
|
||||||
echo "> check answer"
|
|
||||||
if grep "SERVFAIL" outfile; then
|
|
||||||
echo "OK"
|
|
||||||
else
|
|
||||||
echo "> cat logfiles"
|
|
||||||
cat fwd.log
|
|
||||||
cat unbound.log
|
|
||||||
echo "Not OK"
|
|
||||||
exit 1
|
|
||||||
fi
|
|
||||||
|
|
||||||
# dump the cache
|
teststep "dump the cache"
|
||||||
echo "> test cache dump"
|
query www.example.com.
|
||||||
# fillup cache
|
cache_dump -c ub.conf
|
||||||
echo "dig www.example.com"
|
expect_exit_value 0
|
||||||
dig @127.0.0.1 -p $UNBOUND_PORT www.example.com.
|
cat cache.dump
|
||||||
echo "$PRE/unbound-control -c ub.conf dump_cache"
|
expect_in_cache "10.20.30.40"
|
||||||
$PRE/unbound-control -c ub.conf dump_cache > tmp.$$
|
|
||||||
if test $? -ne 0; then
|
|
||||||
echo "wrong exit value after success"
|
|
||||||
exit 1
|
|
||||||
fi
|
|
||||||
cat tmp.$$
|
|
||||||
if grep 10.20.30.40 tmp.$$; then
|
|
||||||
echo "OK example.com is in cache dump"
|
|
||||||
else
|
|
||||||
echo "Not OK cache dump"
|
|
||||||
exit 1
|
|
||||||
fi
|
|
||||||
|
|
||||||
# test lookup
|
control_command -c ub.conf lookup www.example.com
|
||||||
echo "$PRE/unbound-control -c ub.conf lookup www.example.com"
|
expect_exit_value 0
|
||||||
$PRE/unbound-control -c ub.conf lookup www.example.com
|
|
||||||
if test $? -ne 0; then
|
|
||||||
echo "wrong exit value after success"
|
|
||||||
exit 1
|
|
||||||
fi
|
|
||||||
# answer to lookup is meaningless because of use a forwarder, oh well.
|
# answer to lookup is meaningless because of use a forwarder, oh well.
|
||||||
|
|
||||||
# load the cache dump.
|
teststep "load the cache dump"
|
||||||
echo "$PRE/unbound-control -c ub.conf load_cache < tmp.$$"
|
cache_load -c ub.conf
|
||||||
$PRE/unbound-control -c ub.conf load_cache < tmp.$$
|
expect_exit_value 0
|
||||||
if test $? -ne 0; then
|
query www.example.com.
|
||||||
echo "wrong exit value after success"
|
expect_answer "10.20.30.40"
|
||||||
exit 1
|
|
||||||
fi
|
|
||||||
echo "> dig www.example.com."
|
|
||||||
dig @127.0.0.1 -p $UNBOUND_PORT www.example.com. | tee outfile
|
|
||||||
echo "> check answer"
|
|
||||||
if grep "10.20.30.40" outfile; then
|
|
||||||
echo "OK"
|
|
||||||
else
|
|
||||||
echo "> cat logfiles"
|
|
||||||
cat fwd.log
|
|
||||||
cat unbound.log
|
|
||||||
echo "Not OK"
|
|
||||||
exit 1
|
|
||||||
fi
|
|
||||||
|
|
||||||
# load local-zones from file
|
teststep "load local-zones from file"
|
||||||
echo "$PRE/unbound-control -c ub.conf local_zones < local_zones"
|
control_command -c ub.conf local_zones < local_zones
|
||||||
$PRE/unbound-control -c ub.conf local_zones < local_zones
|
expect_exit_value 0
|
||||||
if test $? -ne 0; then
|
query localzonefromfile
|
||||||
echo "wrong exit value after success"
|
expect_answer "REFUSED"
|
||||||
exit 1
|
|
||||||
fi
|
|
||||||
echo "> dig localzonefromfile."
|
|
||||||
dig @127.0.0.1 -p $UNBOUND_PORT localzonefromfile | tee outfile
|
|
||||||
echo "> check answer"
|
|
||||||
if grep "REFUSED" outfile; then
|
|
||||||
echo "OK"
|
|
||||||
else
|
|
||||||
echo "Not OK"
|
|
||||||
exit 1
|
|
||||||
fi
|
|
||||||
|
|
||||||
# load local-data from file
|
teststep "load local-data from file"
|
||||||
echo "$PRE/unbound-control -c ub.conf local_datas < local_data"
|
control_command -c ub.conf local_datas < local_data
|
||||||
$PRE/unbound-control -c ub.conf local_datas < local_data
|
expect_exit_value 0
|
||||||
if test $? -ne 0; then
|
query -t txt localdatafromfile
|
||||||
echo "wrong exit value after success"
|
expect_answer "local data from file OK"
|
||||||
exit 1
|
|
||||||
fi
|
|
||||||
echo "> dig localdatafromfile."
|
|
||||||
dig @127.0.0.1 -p $UNBOUND_PORT -t txt localdatafromfile | tee outfile
|
|
||||||
echo "> check answer"
|
|
||||||
if grep "local data from file OK" outfile; then
|
|
||||||
echo "OK"
|
|
||||||
else
|
|
||||||
echo "Not OK"
|
|
||||||
exit 1
|
|
||||||
fi
|
|
||||||
|
|
||||||
# remove local-zone and local-data from file
|
teststep "remove local-zone and local-data from file"
|
||||||
echo "$PRE/unbound-control -c ub.conf local_zones_remove < local_zones_remove"
|
control_command -c ub.conf local_zones_remove < local_zones_remove
|
||||||
$PRE/unbound-control -c ub.conf local_zones_remove < local_zones_remove
|
expect_exit_value 0
|
||||||
if test $? -ne 0; then
|
control_command -c ub.conf local_datas_remove < local_data_remove
|
||||||
echo "wrong exit value after success"
|
expect_exit_value 0
|
||||||
exit 1
|
control_command -c ub.conf list_local_zones
|
||||||
fi
|
fail_answer "localzonefromfile"
|
||||||
echo "$PRE/unbound-control -c ub.conf local_datas_remove < local_data_remove"
|
fail_answer "local data from file OK"
|
||||||
$PRE/unbound-control -c ub.conf local_datas_remove < local_data_remove
|
expect_answer "otherlocalzone"
|
||||||
if test $? -ne 0; then
|
|
||||||
echo "wrong exit value after success"
|
|
||||||
exit 1
|
|
||||||
fi
|
|
||||||
echo "> check zone and data removal list_local_zones"
|
|
||||||
$PRE/unbound-control -c ub.conf list_local_zones | tee outfile
|
|
||||||
if grep "localzonefromfile" outfile; then
|
|
||||||
echo "Not OK"
|
|
||||||
exit 1
|
|
||||||
fi
|
|
||||||
if grep "local data from file OK" outfile; then
|
|
||||||
echo "Not OK"
|
|
||||||
exit 1
|
|
||||||
fi
|
|
||||||
if grep "otherlocalzone" outfile; then
|
|
||||||
echo "OK"
|
|
||||||
else
|
|
||||||
echo "Not OK"
|
|
||||||
exit 1
|
|
||||||
fi
|
|
||||||
|
|
||||||
# flushing
|
teststep "flushing"
|
||||||
echo "$PRE/unbound-control -c ub.conf flush www.example.net"
|
control_command -c ub.conf flush www.example.net
|
||||||
$PRE/unbound-control -c ub.conf flush www.example.net
|
expect_exit_value 0
|
||||||
if test $? -ne 0; then
|
control_command -c ub.conf flush_type www.example.net TXT
|
||||||
echo "wrong exit value after success"
|
expect_exit_value 0
|
||||||
exit 1
|
control_command -c ub.conf flush_zone example.net
|
||||||
fi
|
expect_exit_value 0
|
||||||
|
|
||||||
echo "$PRE/unbound-control -c ub.conf flush_type www.example.net TXT"
|
teststep "reload the server for a clean state and populate the cache"
|
||||||
$PRE/unbound-control -c ub.conf flush_type www.example.net TXT
|
cp main.conf ub.conf
|
||||||
if test $? -ne 0; then
|
control_command -c ub.conf reload
|
||||||
echo "wrong exit value after success"
|
expect_exit_value 0
|
||||||
exit 1
|
query www.example.com
|
||||||
fi
|
expect_answer "10.20.30.40"
|
||||||
|
|
||||||
echo "$PRE/unbound-control -c ub.conf flush_zone example.net"
|
teststep "reload and check cache dump - should be empty"
|
||||||
$PRE/unbound-control -c ub.conf flush_zone example.net
|
control_command -c ub.conf reload
|
||||||
if test $? -ne 0; then
|
expect_exit_value 0
|
||||||
echo "wrong exit value after success"
|
cache_dump -c ub.conf
|
||||||
exit 1
|
expect_exit_value 0
|
||||||
fi
|
fail_in_cache_dump "www.example.com.*10.20.30.40"
|
||||||
|
fail_in_cache_dump "msg www.example.com. IN A"
|
||||||
|
|
||||||
# now stop the server
|
query www.example.com
|
||||||
echo "$PRE/unbound-control -c ub.conf stop"
|
expect_answer "10.20.30.40"
|
||||||
$PRE/unbound-control -c ub.conf stop
|
|
||||||
if test $? -ne 0; then
|
teststep "reload_keep_cache and check cache dump - should not be empty"
|
||||||
echo "wrong exit value after success"
|
control_command -c ub.conf reload_keep_cache
|
||||||
exit 1
|
expect_exit_value 0
|
||||||
fi
|
cache_dump -c ub.conf
|
||||||
# see if the server has really exited.
|
expect_exit_value 0
|
||||||
|
expect_in_cache_dump "www.example.com.*10.20.30.40"
|
||||||
|
expect_in_cache_dump "msg www.example.com. IN A"
|
||||||
|
query www.example.com +nordflag
|
||||||
|
expect_answer "10.20.30.40"
|
||||||
|
|
||||||
|
teststep "change msg-cache-size and reload_keep_cache - should be empty"
|
||||||
|
echo "server: msg-cache-size: 2m" >> ub.conf
|
||||||
|
control_command -c ub.conf reload_keep_cache
|
||||||
|
expect_exit_value 0
|
||||||
|
cache_dump -c ub.conf
|
||||||
|
expect_exit_value 0
|
||||||
|
fail_in_cache_dump "www.example.com.*10.20.30.40"
|
||||||
|
fail_in_cache_dump "msg www.example.com. IN A"
|
||||||
|
query www.example.com
|
||||||
|
expect_answer "10.20.30.40"
|
||||||
|
|
||||||
|
teststep "change rrset-cache-size and reload_keep_cache - should be empty"
|
||||||
|
echo "server: rrset-cache-size: 2m" >> ub.conf
|
||||||
|
control_command -c ub.conf reload_keep_cache
|
||||||
|
expect_exit_value 0
|
||||||
|
cache_dump -c ub.conf
|
||||||
|
expect_exit_value 0
|
||||||
|
fail_in_cache_dump "www.example.com.*10.20.30.40"
|
||||||
|
fail_in_cache_dump "msg www.example.com. IN A"
|
||||||
|
query www.example.com
|
||||||
|
expect_answer "10.20.30.40"
|
||||||
|
|
||||||
|
teststep "change num-threads and reload_keep_cache - should be empty"
|
||||||
|
echo "server: num-threads: 2" >> ub.conf
|
||||||
|
control_command -c ub.conf reload_keep_cache
|
||||||
|
expect_exit_value 0
|
||||||
|
cache_dump -c ub.conf
|
||||||
|
expect_exit_value 0
|
||||||
|
fail_in_cache_dump "www.example.com.*10.20.30.40"
|
||||||
|
fail_in_cache_dump "msg www.example.com. IN A"
|
||||||
|
query www.example.com
|
||||||
|
expect_answer "10.20.30.40"
|
||||||
|
|
||||||
|
teststep "change minimal-responses and reload_keep_cache - should not be empty"
|
||||||
|
echo "server: minimal-responses: no" >> ub.conf
|
||||||
|
control_command -c ub.conf reload_keep_cache
|
||||||
|
expect_exit_value 0
|
||||||
|
cache_dump -c ub.conf
|
||||||
|
expect_exit_value 0
|
||||||
|
expect_in_cache_dump "www.example.com.*10.20.30.40"
|
||||||
|
expect_in_cache_dump "msg www.example.com. IN A"
|
||||||
|
|
||||||
|
teststep "now stop the server"
|
||||||
|
control_command -c ub.conf stop
|
||||||
|
expect_exit_value 0
|
||||||
|
|
||||||
|
teststep "see if the server has really exited"
|
||||||
TRY_MAX=20
|
TRY_MAX=20
|
||||||
for (( try=0 ; try <= $TRY_MAX ; try++ )) ; do
|
for (( try=0 ; try <= $TRY_MAX ; try++ )) ; do
|
||||||
if kill -0 $UNBOUND_PID 2>&1 | tee tmp.$$; then
|
if kill -0 $UNBOUND_PID 2>&1 | tee tmp.$$; then
|
||||||
@ -379,11 +332,8 @@ for (( try=0 ; try <= $TRY_MAX ; try++ )) ; do
|
|||||||
done
|
done
|
||||||
if kill -0 $UNBOUND_PID; then
|
if kill -0 $UNBOUND_PID; then
|
||||||
echo "still up!"
|
echo "still up!"
|
||||||
echo "> cat logfiles"
|
|
||||||
cat fwd.log
|
|
||||||
cat unbound.log
|
|
||||||
echo "not stopped, failure"
|
echo "not stopped, failure"
|
||||||
exit 1
|
end 1
|
||||||
else
|
else
|
||||||
echo "stopped OK"
|
echo "stopped OK"
|
||||||
|
|
||||||
@ -392,15 +342,9 @@ else
|
|||||||
echo "lock-verify test worked."
|
echo "lock-verify test worked."
|
||||||
else
|
else
|
||||||
echo "lock-verify test failed."
|
echo "lock-verify test failed."
|
||||||
cat fwd.log
|
end 1
|
||||||
cat unbound.log
|
|
||||||
exit 1
|
|
||||||
fi
|
fi
|
||||||
fi
|
fi
|
||||||
fi
|
fi
|
||||||
|
|
||||||
echo "> cat logfiles"
|
end 0
|
||||||
cat fwd.log
|
|
||||||
cat unbound.log
|
|
||||||
echo "> OK"
|
|
||||||
exit 0
|
|
||||||
|
5
testdata/09-unbound-control.tdir/conf.bad_credentials
vendored
Normal file
5
testdata/09-unbound-control.tdir/conf.bad_credentials
vendored
Normal file
@ -0,0 +1,5 @@
|
|||||||
|
remote-control:
|
||||||
|
server-key-file: bad_server.key
|
||||||
|
server-cert-file: bad_server.pem
|
||||||
|
control-key-file: bad_control.key
|
||||||
|
control-cert-file: bad_control.pem
|
5
testdata/09-unbound-control.tdir/conf.spoofed_credentials
vendored
Normal file
5
testdata/09-unbound-control.tdir/conf.spoofed_credentials
vendored
Normal file
@ -0,0 +1,5 @@
|
|||||||
|
remote-control:
|
||||||
|
server-key-file: unbound_server.key
|
||||||
|
server-cert-file: unbound_server.pem
|
||||||
|
control-key-file: bad_control.key
|
||||||
|
control-cert-file: bad_control.pem
|
181
testdata/cachedb_servfail_cname.crpl
vendored
Normal file
181
testdata/cachedb_servfail_cname.crpl
vendored
Normal file
@ -0,0 +1,181 @@
|
|||||||
|
; config options
|
||||||
|
server:
|
||||||
|
target-fetch-policy: "0 0 0 0 0"
|
||||||
|
qname-minimisation: no
|
||||||
|
minimal-responses: no
|
||||||
|
;serve-expired: yes
|
||||||
|
module-config: "cachedb iterator"
|
||||||
|
|
||||||
|
cachedb:
|
||||||
|
backend: "testframe"
|
||||||
|
secret-seed: "testvalue"
|
||||||
|
|
||||||
|
stub-zone:
|
||||||
|
name: "."
|
||||||
|
stub-addr: 193.0.14.129
|
||||||
|
CONFIG_END
|
||||||
|
|
||||||
|
SCENARIO_BEGIN Test cachedb store and servfail reply from cname.
|
||||||
|
; the servfail reply should not overwrite the cache contents.
|
||||||
|
|
||||||
|
; K.ROOT-SERVERS.NET.
|
||||||
|
RANGE_BEGIN 0 100
|
||||||
|
ADDRESS 193.0.14.129
|
||||||
|
ENTRY_BEGIN
|
||||||
|
MATCH opcode qtype qname
|
||||||
|
ADJUST copy_id
|
||||||
|
REPLY QR NOERROR
|
||||||
|
SECTION QUESTION
|
||||||
|
. IN NS
|
||||||
|
SECTION ANSWER
|
||||||
|
. IN NS K.ROOT-SERVERS.NET.
|
||||||
|
SECTION ADDITIONAL
|
||||||
|
K.ROOT-SERVERS.NET. IN A 193.0.14.129
|
||||||
|
ENTRY_END
|
||||||
|
|
||||||
|
ENTRY_BEGIN
|
||||||
|
MATCH opcode subdomain
|
||||||
|
ADJUST copy_id copy_query
|
||||||
|
REPLY QR NOERROR
|
||||||
|
SECTION QUESTION
|
||||||
|
com. IN NS
|
||||||
|
SECTION AUTHORITY
|
||||||
|
com. IN NS a.gtld-servers.net.
|
||||||
|
SECTION ADDITIONAL
|
||||||
|
a.gtld-servers.net. IN A 192.5.6.30
|
||||||
|
ENTRY_END
|
||||||
|
RANGE_END
|
||||||
|
|
||||||
|
; a.gtld-servers.net.
|
||||||
|
RANGE_BEGIN 0 100
|
||||||
|
ADDRESS 192.5.6.30
|
||||||
|
ENTRY_BEGIN
|
||||||
|
MATCH opcode subdomain
|
||||||
|
ADJUST copy_id copy_query
|
||||||
|
REPLY QR NOERROR
|
||||||
|
SECTION QUESTION
|
||||||
|
example.com. IN NS
|
||||||
|
SECTION AUTHORITY
|
||||||
|
example.com. IN NS ns2.example.com.
|
||||||
|
SECTION ADDITIONAL
|
||||||
|
ns2.example.com. IN A 1.2.3.5
|
||||||
|
ENTRY_END
|
||||||
|
|
||||||
|
ENTRY_BEGIN
|
||||||
|
MATCH opcode subdomain
|
||||||
|
ADJUST copy_id copy_query
|
||||||
|
REPLY QR NOERROR
|
||||||
|
SECTION QUESTION
|
||||||
|
foo.com. IN NS
|
||||||
|
SECTION AUTHORITY
|
||||||
|
foo.com. IN NS ns.example.com.
|
||||||
|
ENTRY_END
|
||||||
|
RANGE_END
|
||||||
|
|
||||||
|
; ns2.example.com.
|
||||||
|
RANGE_BEGIN 0 20
|
||||||
|
ADDRESS 1.2.3.5
|
||||||
|
ENTRY_BEGIN
|
||||||
|
MATCH opcode qname qtype
|
||||||
|
REPLY QR AA NOERROR
|
||||||
|
SECTION QUESTION
|
||||||
|
www.example.com. IN A
|
||||||
|
SECTION ANSWER
|
||||||
|
www.example.com. 10 IN A 1.2.3.4
|
||||||
|
ENTRY_END
|
||||||
|
RANGE_END
|
||||||
|
|
||||||
|
; ns2.example.com., now failing
|
||||||
|
RANGE_BEGIN 20 100
|
||||||
|
ADDRESS 1.2.3.5
|
||||||
|
ENTRY_BEGIN
|
||||||
|
MATCH opcode qname qtype
|
||||||
|
REPLY QR AA NOERROR
|
||||||
|
SECTION QUESTION
|
||||||
|
www.example.com. IN A
|
||||||
|
SECTION ANSWER
|
||||||
|
www.example.com. 10 IN CNAME foo.example.com.
|
||||||
|
ENTRY_END
|
||||||
|
|
||||||
|
ENTRY_BEGIN
|
||||||
|
MATCH opcode qname qtype
|
||||||
|
REPLY QR AA SERVFAIL
|
||||||
|
SECTION QUESTION
|
||||||
|
foo.example.com. IN A
|
||||||
|
ENTRY_END
|
||||||
|
|
||||||
|
ENTRY_BEGIN
|
||||||
|
MATCH opcode qname qtype
|
||||||
|
REPLY QR AA SERVFAIL
|
||||||
|
SECTION QUESTION
|
||||||
|
ns2.example.com. IN A
|
||||||
|
SECTION ANSWER
|
||||||
|
ENTRY_END
|
||||||
|
|
||||||
|
ENTRY_BEGIN
|
||||||
|
MATCH opcode qname qtype
|
||||||
|
REPLY QR AA SERVFAIL
|
||||||
|
SECTION QUESTION
|
||||||
|
ns2.example.com. IN AAAA
|
||||||
|
SECTION ANSWER
|
||||||
|
ENTRY_END
|
||||||
|
RANGE_END
|
||||||
|
|
||||||
|
; get and entry in cache, to make it expired.
|
||||||
|
STEP 1 QUERY
|
||||||
|
ENTRY_BEGIN
|
||||||
|
REPLY RD
|
||||||
|
SECTION QUESTION
|
||||||
|
www.example.com. IN A
|
||||||
|
ENTRY_END
|
||||||
|
|
||||||
|
; get the answer for it
|
||||||
|
STEP 10 CHECK_ANSWER
|
||||||
|
ENTRY_BEGIN
|
||||||
|
MATCH all
|
||||||
|
REPLY QR RD RA NOERROR
|
||||||
|
SECTION QUESTION
|
||||||
|
www.example.com. IN A
|
||||||
|
SECTION ANSWER
|
||||||
|
www.example.com. 10 IN A 1.2.3.4
|
||||||
|
ENTRY_END
|
||||||
|
|
||||||
|
; it is now expired
|
||||||
|
STEP 20 TIME_PASSES ELAPSE 20
|
||||||
|
|
||||||
|
; get a servfail in cache for the destination
|
||||||
|
STEP 30 QUERY
|
||||||
|
ENTRY_BEGIN
|
||||||
|
REPLY RD
|
||||||
|
SECTION QUESTION
|
||||||
|
foo.example.com. IN A
|
||||||
|
ENTRY_END
|
||||||
|
|
||||||
|
STEP 40 CHECK_ANSWER
|
||||||
|
ENTRY_BEGIN
|
||||||
|
MATCH all
|
||||||
|
REPLY QR RD RA SERVFAIL
|
||||||
|
SECTION QUESTION
|
||||||
|
foo.example.com. IN A
|
||||||
|
ENTRY_END
|
||||||
|
|
||||||
|
; the query is now a CNAME to servfail.
|
||||||
|
; there is a valid, but expired, entry in cache.
|
||||||
|
STEP 50 QUERY
|
||||||
|
ENTRY_BEGIN
|
||||||
|
REPLY RD
|
||||||
|
SECTION QUESTION
|
||||||
|
www.example.com. IN A
|
||||||
|
ENTRY_END
|
||||||
|
|
||||||
|
STEP 60 CHECK_ANSWER
|
||||||
|
ENTRY_BEGIN
|
||||||
|
MATCH all
|
||||||
|
REPLY QR RD RA SERVFAIL
|
||||||
|
SECTION QUESTION
|
||||||
|
www.example.com. IN A
|
||||||
|
SECTION ANSWER
|
||||||
|
www.example.com. 10 IN CNAME foo.example.com.
|
||||||
|
ENTRY_END
|
||||||
|
|
||||||
|
SCENARIO_END
|
6
testdata/common.sh
vendored
6
testdata/common.sh
vendored
@ -29,6 +29,7 @@
|
|||||||
# wait_server_up_or_fail: wait for server to come up or print a failure string
|
# wait_server_up_or_fail: wait for server to come up or print a failure string
|
||||||
# skip_test x : print message and skip test (must be called in .pre)
|
# skip_test x : print message and skip test (must be called in .pre)
|
||||||
# kill_pid : kill a server, make sure and wait for it to go down.
|
# kill_pid : kill a server, make sure and wait for it to go down.
|
||||||
|
# teststep : print the current test step in the output
|
||||||
|
|
||||||
|
|
||||||
# print error and exit
|
# print error and exit
|
||||||
@ -272,3 +273,8 @@ set_doxygen_path () {
|
|||||||
fi
|
fi
|
||||||
}
|
}
|
||||||
|
|
||||||
|
# Print the current test step in the output
|
||||||
|
teststep () {
|
||||||
|
echo
|
||||||
|
echo "STEP [ $1 ]"
|
||||||
|
}
|
||||||
|
3
testdata/fwd_0ttlservfail.rpl
vendored
3
testdata/fwd_0ttlservfail.rpl
vendored
@ -2,6 +2,7 @@
|
|||||||
; config options go here.
|
; config options go here.
|
||||||
server:
|
server:
|
||||||
serve-expired: yes
|
serve-expired: yes
|
||||||
|
prefetch: yes
|
||||||
forward-zone: name: "." forward-addr: 216.0.0.1
|
forward-zone: name: "." forward-addr: 216.0.0.1
|
||||||
CONFIG_END
|
CONFIG_END
|
||||||
|
|
||||||
@ -45,7 +46,7 @@ SECTION ANSWER
|
|||||||
ENTRY_END
|
ENTRY_END
|
||||||
|
|
||||||
; enough to pass by the TTL of the servfail answer in cache
|
; enough to pass by the TTL of the servfail answer in cache
|
||||||
STEP 50 TIME_PASSES ELAPSE 40
|
STEP 50 TIME_PASSES ELAPSE 5
|
||||||
|
|
||||||
; this query triggers a prefetch
|
; this query triggers a prefetch
|
||||||
STEP 210 QUERY
|
STEP 210 QUERY
|
||||||
|
7
testdata/pymod.tdir/pymod.py
vendored
7
testdata/pymod.tdir/pymod.py
vendored
@ -37,7 +37,12 @@
|
|||||||
import os
|
import os
|
||||||
|
|
||||||
def init(id, cfg):
|
def init(id, cfg):
|
||||||
log_info("pythonmod: init called, module id is %d port: %d script: %s" % (id, cfg.port, cfg.python_script))
|
scripts=[]
|
||||||
|
s = cfg.python_script
|
||||||
|
while s != None:
|
||||||
|
scripts.append(s.str)
|
||||||
|
s = s.next
|
||||||
|
log_info("pythonmod: init called, module id is %d port: %d script: %s" % (id, cfg.port, scripts))
|
||||||
return True
|
return True
|
||||||
|
|
||||||
def deinit(id):
|
def deinit(id):
|
||||||
|
130
testdata/serve_expired_cached_servfail.rpl
vendored
Normal file
130
testdata/serve_expired_cached_servfail.rpl
vendored
Normal file
@ -0,0 +1,130 @@
|
|||||||
|
; config options
|
||||||
|
server:
|
||||||
|
module-config: "validator iterator"
|
||||||
|
qname-minimisation: "no"
|
||||||
|
minimal-responses: no
|
||||||
|
serve-expired: yes
|
||||||
|
serve-expired-reply-ttl: 123
|
||||||
|
log-servfail: yes
|
||||||
|
ede: yes
|
||||||
|
ede-serve-expired: yes
|
||||||
|
|
||||||
|
|
||||||
|
stub-zone:
|
||||||
|
name: "example.com"
|
||||||
|
stub-addr: 1.2.3.4
|
||||||
|
CONFIG_END
|
||||||
|
|
||||||
|
SCENARIO_BEGIN Test serve-expired with client-timeout and a SERVFAIL upstream reply
|
||||||
|
; Scenario overview:
|
||||||
|
; - query for example.com. IN A
|
||||||
|
; - answer from upstream is SERVFAIL; will be cached for NORR_TTL(5)
|
||||||
|
; - check that the client gets the SERVFAIL; also cached
|
||||||
|
; - query again right after the TTL expired
|
||||||
|
; - cached SERVFAIL should be ignored and upstream queried
|
||||||
|
; - check that we get the correct answer
|
||||||
|
|
||||||
|
; ns.example.com.
|
||||||
|
RANGE_BEGIN 0 20
|
||||||
|
ADDRESS 1.2.3.4
|
||||||
|
; response to A query
|
||||||
|
ENTRY_BEGIN
|
||||||
|
MATCH opcode qtype qname
|
||||||
|
ADJUST copy_id
|
||||||
|
REPLY QR AA SERVFAIL
|
||||||
|
SECTION QUESTION
|
||||||
|
example.com. IN A
|
||||||
|
ENTRY_END
|
||||||
|
RANGE_END
|
||||||
|
|
||||||
|
; ns.example.com.
|
||||||
|
RANGE_BEGIN 30 100
|
||||||
|
ADDRESS 1.2.3.4
|
||||||
|
ENTRY_BEGIN
|
||||||
|
MATCH opcode qtype qname
|
||||||
|
ADJUST copy_id
|
||||||
|
REPLY QR NOERROR
|
||||||
|
SECTION QUESTION
|
||||||
|
example.com. 10 IN NS
|
||||||
|
SECTION ANSWER
|
||||||
|
example.com. 10 IN NS ns.example.com.
|
||||||
|
SECTION ADDITIONAL
|
||||||
|
ns.example.com. 10 IN A 1.2.3.4
|
||||||
|
ENTRY_END
|
||||||
|
|
||||||
|
ENTRY_BEGIN
|
||||||
|
MATCH opcode qtype qname
|
||||||
|
ADJUST copy_id
|
||||||
|
REPLY QR NOERROR
|
||||||
|
SECTION QUESTION
|
||||||
|
example.com. IN A
|
||||||
|
SECTION ANSWER
|
||||||
|
example.com. 10 IN A 5.6.7.8
|
||||||
|
SECTION AUTHORITY
|
||||||
|
example.com. 10 IN NS ns.example.com.
|
||||||
|
SECTION ADDITIONAL
|
||||||
|
ns.example.com. 10 IN A 1.2.3.4
|
||||||
|
ENTRY_END
|
||||||
|
RANGE_END
|
||||||
|
|
||||||
|
; Query with RD flag
|
||||||
|
STEP 0 QUERY
|
||||||
|
ENTRY_BEGIN
|
||||||
|
REPLY RD
|
||||||
|
SECTION QUESTION
|
||||||
|
example.com. IN A
|
||||||
|
ENTRY_END
|
||||||
|
|
||||||
|
; Check that we get the SERVFAIL (will be cached)
|
||||||
|
STEP 10 CHECK_ANSWER
|
||||||
|
ENTRY_BEGIN
|
||||||
|
MATCH all
|
||||||
|
REPLY QR RD RA SERVFAIL
|
||||||
|
SECTION QUESTION
|
||||||
|
example.com. IN A
|
||||||
|
ENTRY_END
|
||||||
|
|
||||||
|
; Query again
|
||||||
|
STEP 20 QUERY
|
||||||
|
ENTRY_BEGIN
|
||||||
|
REPLY RD
|
||||||
|
SECTION QUESTION
|
||||||
|
example.com. IN A
|
||||||
|
ENTRY_END
|
||||||
|
|
||||||
|
; Check that we get the cached SERVFAIL
|
||||||
|
STEP 30 CHECK_ANSWER
|
||||||
|
ENTRY_BEGIN
|
||||||
|
MATCH all
|
||||||
|
REPLY QR RD RA SERVFAIL
|
||||||
|
SECTION QUESTION
|
||||||
|
example.com. IN A
|
||||||
|
ENTRY_END
|
||||||
|
|
||||||
|
; Wait for the SERVFAIL to expire
|
||||||
|
STEP 31 TIME_PASSES ELAPSE 6
|
||||||
|
|
||||||
|
; Query again
|
||||||
|
STEP 40 QUERY
|
||||||
|
ENTRY_BEGIN
|
||||||
|
REPLY RD
|
||||||
|
SECTION QUESTION
|
||||||
|
example.com. IN A
|
||||||
|
ENTRY_END
|
||||||
|
|
||||||
|
; Check that we got the correct answer
|
||||||
|
STEP 50 CHECK_ANSWER
|
||||||
|
ENTRY_BEGIN
|
||||||
|
MATCH all ttl
|
||||||
|
REPLY QR RD RA NOERROR
|
||||||
|
SECTION QUESTION
|
||||||
|
example.com. IN A
|
||||||
|
SECTION ANSWER
|
||||||
|
example.com. 10 IN A 5.6.7.8
|
||||||
|
SECTION AUTHORITY
|
||||||
|
example.com. 10 IN NS ns.example.com.
|
||||||
|
SECTION ADDITIONAL
|
||||||
|
ns.example.com. 10 IN A 1.2.3.4
|
||||||
|
ENTRY_END
|
||||||
|
|
||||||
|
SCENARIO_END
|
@ -4,7 +4,7 @@ server:
|
|||||||
qname-minimisation: "no"
|
qname-minimisation: "no"
|
||||||
minimal-responses: no
|
minimal-responses: no
|
||||||
serve-expired: yes
|
serve-expired: yes
|
||||||
serve-expired-client-timeout: 1800
|
serve-expired-client-timeout: 1
|
||||||
serve-expired-reply-ttl: 123
|
serve-expired-reply-ttl: 123
|
||||||
log-servfail: yes
|
log-servfail: yes
|
||||||
ede: yes
|
ede: yes
|
||||||
@ -32,11 +32,11 @@ RANGE_BEGIN 0 20
|
|||||||
ADJUST copy_id
|
ADJUST copy_id
|
||||||
REPLY QR NOERROR
|
REPLY QR NOERROR
|
||||||
SECTION QUESTION
|
SECTION QUESTION
|
||||||
example.com. IN NS
|
example.com. 10 IN NS
|
||||||
SECTION ANSWER
|
SECTION ANSWER
|
||||||
example.com. IN NS ns.example.com.
|
example.com. 10 IN NS ns.example.com.
|
||||||
SECTION ADDITIONAL
|
SECTION ADDITIONAL
|
||||||
ns.example.com. IN A 1.2.3.4
|
ns.example.com. 10 IN A 1.2.3.4
|
||||||
ENTRY_END
|
ENTRY_END
|
||||||
|
|
||||||
ENTRY_BEGIN
|
ENTRY_BEGIN
|
||||||
@ -48,14 +48,14 @@ RANGE_BEGIN 0 20
|
|||||||
SECTION ANSWER
|
SECTION ANSWER
|
||||||
example.com. 10 IN A 5.6.7.8
|
example.com. 10 IN A 5.6.7.8
|
||||||
SECTION AUTHORITY
|
SECTION AUTHORITY
|
||||||
example.com. IN NS ns.example.com.
|
example.com. 10 IN NS ns.example.com.
|
||||||
SECTION ADDITIONAL
|
SECTION ADDITIONAL
|
||||||
ns.example.com. IN A 1.2.3.4
|
ns.example.com. 10 IN A 1.2.3.4
|
||||||
ENTRY_END
|
ENTRY_END
|
||||||
RANGE_END
|
RANGE_END
|
||||||
|
|
||||||
; ns.example.com.
|
; ns.example.com.
|
||||||
RANGE_BEGIN 30 100
|
RANGE_BEGIN 30 70
|
||||||
ADDRESS 1.2.3.4
|
ADDRESS 1.2.3.4
|
||||||
; response to A query
|
; response to A query
|
||||||
ENTRY_BEGIN
|
ENTRY_BEGIN
|
||||||
@ -85,13 +85,13 @@ ENTRY_BEGIN
|
|||||||
SECTION ANSWER
|
SECTION ANSWER
|
||||||
example.com. 10 IN A 5.6.7.8
|
example.com. 10 IN A 5.6.7.8
|
||||||
SECTION AUTHORITY
|
SECTION AUTHORITY
|
||||||
example.com. IN NS ns.example.com.
|
example.com. 10 IN NS ns.example.com.
|
||||||
SECTION ADDITIONAL
|
SECTION ADDITIONAL
|
||||||
ns.example.com. IN A 1.2.3.4
|
ns.example.com. 10 IN A 1.2.3.4
|
||||||
ENTRY_END
|
ENTRY_END
|
||||||
|
|
||||||
; Wait for the TTL to expire
|
; Wait for the TTL to expire
|
||||||
STEP 11 TIME_PASSES ELAPSE 3601
|
STEP 11 TIME_PASSES ELAPSE 11
|
||||||
|
|
||||||
; Query again
|
; Query again
|
||||||
STEP 30 QUERY
|
STEP 30 QUERY
|
167
testdata/subnet_cached_servfail.crpl
vendored
Normal file
167
testdata/subnet_cached_servfail.crpl
vendored
Normal file
@ -0,0 +1,167 @@
|
|||||||
|
; Check if an expired SERVFAIL answer stored in the global cache does not block
|
||||||
|
; ECS queries to reach the ECS cache.
|
||||||
|
|
||||||
|
server:
|
||||||
|
trust-anchor-signaling: no
|
||||||
|
target-fetch-policy: "0 0 0 0 0"
|
||||||
|
send-client-subnet: 1.2.3.4
|
||||||
|
max-client-subnet-ipv4: 21
|
||||||
|
module-config: "subnetcache iterator"
|
||||||
|
verbosity: 3
|
||||||
|
access-control: 127.0.0.1 allow_snoop
|
||||||
|
qname-minimisation: no
|
||||||
|
minimal-responses: no
|
||||||
|
serve-expired: yes
|
||||||
|
prefetch: yes
|
||||||
|
|
||||||
|
stub-zone:
|
||||||
|
name: "example.com."
|
||||||
|
stub-addr: 1.2.3.4
|
||||||
|
CONFIG_END
|
||||||
|
|
||||||
|
SCENARIO_BEGIN Test that expired SERVFAIL in global cache does not block clients to reach the ECS cache
|
||||||
|
|
||||||
|
; ns.example.com.
|
||||||
|
RANGE_BEGIN 0 10
|
||||||
|
ADDRESS 1.2.3.4
|
||||||
|
ENTRY_BEGIN
|
||||||
|
MATCH opcode qtype qname
|
||||||
|
ADJUST copy_id
|
||||||
|
REPLY QR NOERROR
|
||||||
|
SECTION QUESTION
|
||||||
|
example.com. IN NS
|
||||||
|
SECTION ANSWER
|
||||||
|
example.com. IN NS ns.example.com.
|
||||||
|
SECTION ADDITIONAL
|
||||||
|
ns.example.com. IN A 1.2.3.4
|
||||||
|
ENTRY_END
|
||||||
|
|
||||||
|
; response to query of interest
|
||||||
|
ENTRY_BEGIN
|
||||||
|
MATCH opcode qtype qname
|
||||||
|
ADJUST copy_id
|
||||||
|
REPLY QR SERVFAIL
|
||||||
|
SECTION QUESTION
|
||||||
|
www.example.com. IN A
|
||||||
|
ENTRY_END
|
||||||
|
RANGE_END
|
||||||
|
|
||||||
|
; ns.example.com.
|
||||||
|
RANGE_BEGIN 11 100
|
||||||
|
ADDRESS 1.2.3.4
|
||||||
|
ENTRY_BEGIN
|
||||||
|
MATCH opcode qtype qname
|
||||||
|
ADJUST copy_id
|
||||||
|
REPLY QR NOERROR
|
||||||
|
SECTION QUESTION
|
||||||
|
example.com. IN NS
|
||||||
|
SECTION ANSWER
|
||||||
|
example.com. IN NS ns.example.com.
|
||||||
|
SECTION ADDITIONAL
|
||||||
|
ns.example.com. IN A 1.2.3.4
|
||||||
|
ENTRY_END
|
||||||
|
|
||||||
|
; response to query of interest
|
||||||
|
ENTRY_BEGIN
|
||||||
|
MATCH opcode qtype qname ednsdata
|
||||||
|
ADJUST copy_id copy_ednsdata_assume_clientsubnet
|
||||||
|
REPLY QR NOERROR
|
||||||
|
SECTION QUESTION
|
||||||
|
www.example.com. IN A
|
||||||
|
SECTION ANSWER
|
||||||
|
www.example.com. 10 IN A 10.20.30.40
|
||||||
|
SECTION AUTHORITY
|
||||||
|
example.com. IN NS ns.example.com.
|
||||||
|
SECTION ADDITIONAL
|
||||||
|
HEX_EDNSDATA_BEGIN
|
||||||
|
; client is 127.0.0.1
|
||||||
|
00 08 ; OPC
|
||||||
|
00 05 ; option length
|
||||||
|
00 01 ; Family
|
||||||
|
08 00 ; source mask, scopemask
|
||||||
|
7f ; address
|
||||||
|
HEX_EDNSDATA_END
|
||||||
|
ns.example.com. IN A 1.2.3.4
|
||||||
|
ENTRY_END
|
||||||
|
RANGE_END
|
||||||
|
|
||||||
|
STEP 1 QUERY
|
||||||
|
ENTRY_BEGIN
|
||||||
|
REPLY RD
|
||||||
|
SECTION QUESTION
|
||||||
|
www.example.com. IN A
|
||||||
|
ENTRY_END
|
||||||
|
|
||||||
|
; This answer should be in the global cache
|
||||||
|
STEP 2 CHECK_ANSWER
|
||||||
|
ENTRY_BEGIN
|
||||||
|
MATCH all
|
||||||
|
REPLY QR RD RA SERVFAIL
|
||||||
|
SECTION QUESTION
|
||||||
|
www.example.com. IN A
|
||||||
|
ENTRY_END
|
||||||
|
|
||||||
|
; Bring the cached SERVFAIL to prefetch time
|
||||||
|
STEP 10 TIME_PASSES ELAPSE 5
|
||||||
|
|
||||||
|
STEP 11 QUERY
|
||||||
|
ENTRY_BEGIN
|
||||||
|
REPLY RD DO
|
||||||
|
SECTION QUESTION
|
||||||
|
www.example.com. IN A
|
||||||
|
SECTION ADDITIONAL
|
||||||
|
HEX_EDNSDATA_BEGIN
|
||||||
|
00 08 00 05 ; OPC, optlen
|
||||||
|
00 01 08 00 ; ip4, source 8, scope 0
|
||||||
|
7f ; 127.0.0.0/8
|
||||||
|
HEX_EDNSDATA_END
|
||||||
|
ENTRY_END
|
||||||
|
|
||||||
|
; This answer was cached but a prefetch was triggerred
|
||||||
|
STEP 12 CHECK_ANSWER
|
||||||
|
ENTRY_BEGIN
|
||||||
|
MATCH opcode qtype qname
|
||||||
|
REPLY QR RD RA SERVFAIL
|
||||||
|
SECTION QUESTION
|
||||||
|
www.example.com. IN A
|
||||||
|
ENTRY_END
|
||||||
|
|
||||||
|
; Wait for the SERVFAIL to expire
|
||||||
|
STEP 13 TIME_PASSES ELAPSE 2
|
||||||
|
|
||||||
|
; Query again to verify that the record was prefetched and stored in the ECS
|
||||||
|
; cache (because the server replied with ECS this time)
|
||||||
|
STEP 14 QUERY
|
||||||
|
ENTRY_BEGIN
|
||||||
|
REPLY RD DO
|
||||||
|
SECTION QUESTION
|
||||||
|
www.example.com. IN A
|
||||||
|
SECTION ADDITIONAL
|
||||||
|
HEX_EDNSDATA_BEGIN
|
||||||
|
00 08 00 05 ; OPC, optlen
|
||||||
|
00 01 08 00 ; ip4, source 8, scope 0
|
||||||
|
7f ; 127.0.0.0/8
|
||||||
|
HEX_EDNSDATA_END
|
||||||
|
ENTRY_END
|
||||||
|
|
||||||
|
; This record came from the ECS cache
|
||||||
|
STEP 15 CHECK_ANSWER
|
||||||
|
ENTRY_BEGIN
|
||||||
|
MATCH all ttl
|
||||||
|
REPLY QR RD RA DO NOERROR
|
||||||
|
SECTION QUESTION
|
||||||
|
www.example.com. IN A
|
||||||
|
SECTION ANSWER
|
||||||
|
www.example.com. 8 IN A 10.20.30.40
|
||||||
|
SECTION AUTHORITY
|
||||||
|
example.com. 3598 IN NS ns.example.com.
|
||||||
|
SECTION ADDITIONAL
|
||||||
|
HEX_EDNSDATA_BEGIN
|
||||||
|
00 08 00 05 ; OPC, optlen
|
||||||
|
00 01 08 08 ; ip4, source 8, scope 0
|
||||||
|
7f ; 127.0.0.0/8
|
||||||
|
HEX_EDNSDATA_END
|
||||||
|
ns.example.com. 3598 IN A 1.2.3.4
|
||||||
|
ENTRY_END
|
||||||
|
|
||||||
|
SCENARIO_END
|
@ -99,6 +99,7 @@ config_create(void)
|
|||||||
cfg->stat_interval = 0;
|
cfg->stat_interval = 0;
|
||||||
cfg->stat_cumulative = 0;
|
cfg->stat_cumulative = 0;
|
||||||
cfg->stat_extended = 0;
|
cfg->stat_extended = 0;
|
||||||
|
cfg->stat_inhibit_zero = 1;
|
||||||
cfg->num_threads = 1;
|
cfg->num_threads = 1;
|
||||||
cfg->port = UNBOUND_DNS_PORT;
|
cfg->port = UNBOUND_DNS_PORT;
|
||||||
cfg->do_ip4 = 1;
|
cfg->do_ip4 = 1;
|
||||||
@ -336,6 +337,8 @@ config_create(void)
|
|||||||
cfg->ip_ratelimit_backoff = 0;
|
cfg->ip_ratelimit_backoff = 0;
|
||||||
cfg->ratelimit_backoff = 0;
|
cfg->ratelimit_backoff = 0;
|
||||||
cfg->outbound_msg_retry = 5;
|
cfg->outbound_msg_retry = 5;
|
||||||
|
cfg->max_sent_count = 32;
|
||||||
|
cfg->max_query_restarts = 11;
|
||||||
cfg->qname_minimisation = 1;
|
cfg->qname_minimisation = 1;
|
||||||
cfg->qname_minimisation_strict = 0;
|
cfg->qname_minimisation_strict = 0;
|
||||||
cfg->shm_enable = 0;
|
cfg->shm_enable = 0;
|
||||||
@ -516,6 +519,7 @@ int config_set_option(struct config_file* cfg, const char* opt,
|
|||||||
else S_YNO("use-syslog:", use_syslog)
|
else S_YNO("use-syslog:", use_syslog)
|
||||||
else S_STR("log-identity:", log_identity)
|
else S_STR("log-identity:", log_identity)
|
||||||
else S_YNO("extended-statistics:", stat_extended)
|
else S_YNO("extended-statistics:", stat_extended)
|
||||||
|
else S_YNO("statistics-inhibit-zero:", stat_inhibit_zero)
|
||||||
else S_YNO("statistics-cumulative:", stat_cumulative)
|
else S_YNO("statistics-cumulative:", stat_cumulative)
|
||||||
else S_YNO("shm-enable:", shm_enable)
|
else S_YNO("shm-enable:", shm_enable)
|
||||||
else S_NUMBER_OR_ZERO("shm-key:", shm_key)
|
else S_NUMBER_OR_ZERO("shm-key:", shm_key)
|
||||||
@ -778,6 +782,8 @@ int config_set_option(struct config_file* cfg, const char* opt,
|
|||||||
else S_YNO("ip-ratelimit-backoff:", ip_ratelimit_backoff)
|
else S_YNO("ip-ratelimit-backoff:", ip_ratelimit_backoff)
|
||||||
else S_YNO("ratelimit-backoff:", ratelimit_backoff)
|
else S_YNO("ratelimit-backoff:", ratelimit_backoff)
|
||||||
else S_NUMBER_NONZERO("outbound-msg-retry:", outbound_msg_retry)
|
else S_NUMBER_NONZERO("outbound-msg-retry:", outbound_msg_retry)
|
||||||
|
else S_NUMBER_NONZERO("max-sent-count:", max_sent_count)
|
||||||
|
else S_NUMBER_NONZERO("max-query-restarts:", max_query_restarts)
|
||||||
else S_SIZET_NONZERO("fast-server-num:", fast_server_num)
|
else S_SIZET_NONZERO("fast-server-num:", fast_server_num)
|
||||||
else S_NUMBER_OR_ZERO("fast-server-permil:", fast_server_permil)
|
else S_NUMBER_OR_ZERO("fast-server-permil:", fast_server_permil)
|
||||||
else S_YNO("qname-minimisation:", qname_minimisation)
|
else S_YNO("qname-minimisation:", qname_minimisation)
|
||||||
@ -996,6 +1002,7 @@ config_get_option(struct config_file* cfg, const char* opt,
|
|||||||
else O_DEC(opt, "statistics-interval", stat_interval)
|
else O_DEC(opt, "statistics-interval", stat_interval)
|
||||||
else O_YNO(opt, "statistics-cumulative", stat_cumulative)
|
else O_YNO(opt, "statistics-cumulative", stat_cumulative)
|
||||||
else O_YNO(opt, "extended-statistics", stat_extended)
|
else O_YNO(opt, "extended-statistics", stat_extended)
|
||||||
|
else O_YNO(opt, "statistics-inhibit-zero", stat_inhibit_zero)
|
||||||
else O_YNO(opt, "shm-enable", shm_enable)
|
else O_YNO(opt, "shm-enable", shm_enable)
|
||||||
else O_DEC(opt, "shm-key", shm_key)
|
else O_DEC(opt, "shm-key", shm_key)
|
||||||
else O_YNO(opt, "use-syslog", use_syslog)
|
else O_YNO(opt, "use-syslog", use_syslog)
|
||||||
@ -1238,6 +1245,8 @@ config_get_option(struct config_file* cfg, const char* opt,
|
|||||||
else O_YNO(opt, "ip-ratelimit-backoff", ip_ratelimit_backoff)
|
else O_YNO(opt, "ip-ratelimit-backoff", ip_ratelimit_backoff)
|
||||||
else O_YNO(opt, "ratelimit-backoff", ratelimit_backoff)
|
else O_YNO(opt, "ratelimit-backoff", ratelimit_backoff)
|
||||||
else O_UNS(opt, "outbound-msg-retry", outbound_msg_retry)
|
else O_UNS(opt, "outbound-msg-retry", outbound_msg_retry)
|
||||||
|
else O_UNS(opt, "max-sent-count", max_sent_count)
|
||||||
|
else O_UNS(opt, "max-query-restarts", max_query_restarts)
|
||||||
else O_DEC(opt, "fast-server-num", fast_server_num)
|
else O_DEC(opt, "fast-server-num", fast_server_num)
|
||||||
else O_DEC(opt, "fast-server-permil", fast_server_permil)
|
else O_DEC(opt, "fast-server-permil", fast_server_permil)
|
||||||
else O_DEC(opt, "val-sig-skew-min", val_sig_skew_min)
|
else O_DEC(opt, "val-sig-skew-min", val_sig_skew_min)
|
||||||
|
@ -76,6 +76,8 @@ struct config_file {
|
|||||||
int stat_cumulative;
|
int stat_cumulative;
|
||||||
/** if true, the statistics are kept in greater detail */
|
/** if true, the statistics are kept in greater detail */
|
||||||
int stat_extended;
|
int stat_extended;
|
||||||
|
/** if true, inhibits a lot of =0 lines from the extended stats output */
|
||||||
|
int stat_inhibit_zero;
|
||||||
|
|
||||||
/** number of threads to create */
|
/** number of threads to create */
|
||||||
int num_threads;
|
int num_threads;
|
||||||
@ -608,6 +610,11 @@ struct config_file {
|
|||||||
|
|
||||||
/** number of retries on outgoing queries */
|
/** number of retries on outgoing queries */
|
||||||
int outbound_msg_retry;
|
int outbound_msg_retry;
|
||||||
|
/** max sent queries per qstate; resets on query restarts (e.g.,
|
||||||
|
* CNAMES) and referrals */
|
||||||
|
int max_sent_count;
|
||||||
|
/** max number of query restarts; determines max length of CNAME chain */
|
||||||
|
int max_query_restarts;
|
||||||
/** minimise outgoing QNAME and hide original QTYPE if possible */
|
/** minimise outgoing QNAME and hide original QTYPE if possible */
|
||||||
int qname_minimisation;
|
int qname_minimisation;
|
||||||
/** minimise QNAME in strict mode, minimise according to RFC.
|
/** minimise QNAME in strict mode, minimise according to RFC.
|
||||||
|
6837
util/configlexer.c
6837
util/configlexer.c
File diff suppressed because it is too large
Load Diff
@ -438,6 +438,7 @@ insecure-lan-zones{COLON} { YDVAR(1, VAR_INSECURE_LAN_ZONES) }
|
|||||||
statistics-interval{COLON} { YDVAR(1, VAR_STATISTICS_INTERVAL) }
|
statistics-interval{COLON} { YDVAR(1, VAR_STATISTICS_INTERVAL) }
|
||||||
statistics-cumulative{COLON} { YDVAR(1, VAR_STATISTICS_CUMULATIVE) }
|
statistics-cumulative{COLON} { YDVAR(1, VAR_STATISTICS_CUMULATIVE) }
|
||||||
extended-statistics{COLON} { YDVAR(1, VAR_EXTENDED_STATISTICS) }
|
extended-statistics{COLON} { YDVAR(1, VAR_EXTENDED_STATISTICS) }
|
||||||
|
statistics-inhibit-zero{COLON} { YDVAR(1, VAR_STATISTICS_INHIBIT_ZERO) }
|
||||||
shm-enable{COLON} { YDVAR(1, VAR_SHM_ENABLE) }
|
shm-enable{COLON} { YDVAR(1, VAR_SHM_ENABLE) }
|
||||||
shm-key{COLON} { YDVAR(1, VAR_SHM_KEY) }
|
shm-key{COLON} { YDVAR(1, VAR_SHM_KEY) }
|
||||||
remote-control{COLON} { YDVAR(0, VAR_REMOTE_CONTROL) }
|
remote-control{COLON} { YDVAR(0, VAR_REMOTE_CONTROL) }
|
||||||
@ -514,6 +515,8 @@ ratelimit-factor{COLON} { YDVAR(1, VAR_RATELIMIT_FACTOR) }
|
|||||||
ip-ratelimit-backoff{COLON} { YDVAR(1, VAR_IP_RATELIMIT_BACKOFF) }
|
ip-ratelimit-backoff{COLON} { YDVAR(1, VAR_IP_RATELIMIT_BACKOFF) }
|
||||||
ratelimit-backoff{COLON} { YDVAR(1, VAR_RATELIMIT_BACKOFF) }
|
ratelimit-backoff{COLON} { YDVAR(1, VAR_RATELIMIT_BACKOFF) }
|
||||||
outbound-msg-retry{COLON} { YDVAR(1, VAR_OUTBOUND_MSG_RETRY) }
|
outbound-msg-retry{COLON} { YDVAR(1, VAR_OUTBOUND_MSG_RETRY) }
|
||||||
|
max-sent-count{COLON} { YDVAR(1, VAR_MAX_SENT_COUNT) }
|
||||||
|
max-query-restarts{COLON} { YDVAR(1, VAR_MAX_QUERY_RESTARTS) }
|
||||||
low-rtt{COLON} { YDVAR(1, VAR_LOW_RTT) }
|
low-rtt{COLON} { YDVAR(1, VAR_LOW_RTT) }
|
||||||
fast-server-num{COLON} { YDVAR(1, VAR_FAST_SERVER_NUM) }
|
fast-server-num{COLON} { YDVAR(1, VAR_FAST_SERVER_NUM) }
|
||||||
low-rtt-pct{COLON} { YDVAR(1, VAR_FAST_SERVER_PERMIL) }
|
low-rtt-pct{COLON} { YDVAR(1, VAR_FAST_SERVER_PERMIL) }
|
||||||
|
4118
util/configparser.c
4118
util/configparser.c
File diff suppressed because it is too large
Load Diff
@ -254,137 +254,140 @@ extern int yydebug;
|
|||||||
VAR_RATELIMIT_SLABS = 455, /* VAR_RATELIMIT_SLABS */
|
VAR_RATELIMIT_SLABS = 455, /* VAR_RATELIMIT_SLABS */
|
||||||
VAR_RATELIMIT_SIZE = 456, /* VAR_RATELIMIT_SIZE */
|
VAR_RATELIMIT_SIZE = 456, /* VAR_RATELIMIT_SIZE */
|
||||||
VAR_OUTBOUND_MSG_RETRY = 457, /* VAR_OUTBOUND_MSG_RETRY */
|
VAR_OUTBOUND_MSG_RETRY = 457, /* VAR_OUTBOUND_MSG_RETRY */
|
||||||
VAR_RATELIMIT_FOR_DOMAIN = 458, /* VAR_RATELIMIT_FOR_DOMAIN */
|
VAR_MAX_SENT_COUNT = 458, /* VAR_MAX_SENT_COUNT */
|
||||||
VAR_RATELIMIT_BELOW_DOMAIN = 459, /* VAR_RATELIMIT_BELOW_DOMAIN */
|
VAR_MAX_QUERY_RESTARTS = 459, /* VAR_MAX_QUERY_RESTARTS */
|
||||||
VAR_IP_RATELIMIT_FACTOR = 460, /* VAR_IP_RATELIMIT_FACTOR */
|
VAR_RATELIMIT_FOR_DOMAIN = 460, /* VAR_RATELIMIT_FOR_DOMAIN */
|
||||||
VAR_RATELIMIT_FACTOR = 461, /* VAR_RATELIMIT_FACTOR */
|
VAR_RATELIMIT_BELOW_DOMAIN = 461, /* VAR_RATELIMIT_BELOW_DOMAIN */
|
||||||
VAR_IP_RATELIMIT_BACKOFF = 462, /* VAR_IP_RATELIMIT_BACKOFF */
|
VAR_IP_RATELIMIT_FACTOR = 462, /* VAR_IP_RATELIMIT_FACTOR */
|
||||||
VAR_RATELIMIT_BACKOFF = 463, /* VAR_RATELIMIT_BACKOFF */
|
VAR_RATELIMIT_FACTOR = 463, /* VAR_RATELIMIT_FACTOR */
|
||||||
VAR_SEND_CLIENT_SUBNET = 464, /* VAR_SEND_CLIENT_SUBNET */
|
VAR_IP_RATELIMIT_BACKOFF = 464, /* VAR_IP_RATELIMIT_BACKOFF */
|
||||||
VAR_CLIENT_SUBNET_ZONE = 465, /* VAR_CLIENT_SUBNET_ZONE */
|
VAR_RATELIMIT_BACKOFF = 465, /* VAR_RATELIMIT_BACKOFF */
|
||||||
VAR_CLIENT_SUBNET_ALWAYS_FORWARD = 466, /* VAR_CLIENT_SUBNET_ALWAYS_FORWARD */
|
VAR_SEND_CLIENT_SUBNET = 466, /* VAR_SEND_CLIENT_SUBNET */
|
||||||
VAR_CLIENT_SUBNET_OPCODE = 467, /* VAR_CLIENT_SUBNET_OPCODE */
|
VAR_CLIENT_SUBNET_ZONE = 467, /* VAR_CLIENT_SUBNET_ZONE */
|
||||||
VAR_MAX_CLIENT_SUBNET_IPV4 = 468, /* VAR_MAX_CLIENT_SUBNET_IPV4 */
|
VAR_CLIENT_SUBNET_ALWAYS_FORWARD = 468, /* VAR_CLIENT_SUBNET_ALWAYS_FORWARD */
|
||||||
VAR_MAX_CLIENT_SUBNET_IPV6 = 469, /* VAR_MAX_CLIENT_SUBNET_IPV6 */
|
VAR_CLIENT_SUBNET_OPCODE = 469, /* VAR_CLIENT_SUBNET_OPCODE */
|
||||||
VAR_MIN_CLIENT_SUBNET_IPV4 = 470, /* VAR_MIN_CLIENT_SUBNET_IPV4 */
|
VAR_MAX_CLIENT_SUBNET_IPV4 = 470, /* VAR_MAX_CLIENT_SUBNET_IPV4 */
|
||||||
VAR_MIN_CLIENT_SUBNET_IPV6 = 471, /* VAR_MIN_CLIENT_SUBNET_IPV6 */
|
VAR_MAX_CLIENT_SUBNET_IPV6 = 471, /* VAR_MAX_CLIENT_SUBNET_IPV6 */
|
||||||
VAR_MAX_ECS_TREE_SIZE_IPV4 = 472, /* VAR_MAX_ECS_TREE_SIZE_IPV4 */
|
VAR_MIN_CLIENT_SUBNET_IPV4 = 472, /* VAR_MIN_CLIENT_SUBNET_IPV4 */
|
||||||
VAR_MAX_ECS_TREE_SIZE_IPV6 = 473, /* VAR_MAX_ECS_TREE_SIZE_IPV6 */
|
VAR_MIN_CLIENT_SUBNET_IPV6 = 473, /* VAR_MIN_CLIENT_SUBNET_IPV6 */
|
||||||
VAR_CAPS_WHITELIST = 474, /* VAR_CAPS_WHITELIST */
|
VAR_MAX_ECS_TREE_SIZE_IPV4 = 474, /* VAR_MAX_ECS_TREE_SIZE_IPV4 */
|
||||||
VAR_CACHE_MAX_NEGATIVE_TTL = 475, /* VAR_CACHE_MAX_NEGATIVE_TTL */
|
VAR_MAX_ECS_TREE_SIZE_IPV6 = 475, /* VAR_MAX_ECS_TREE_SIZE_IPV6 */
|
||||||
VAR_PERMIT_SMALL_HOLDDOWN = 476, /* VAR_PERMIT_SMALL_HOLDDOWN */
|
VAR_CAPS_WHITELIST = 476, /* VAR_CAPS_WHITELIST */
|
||||||
VAR_QNAME_MINIMISATION = 477, /* VAR_QNAME_MINIMISATION */
|
VAR_CACHE_MAX_NEGATIVE_TTL = 477, /* VAR_CACHE_MAX_NEGATIVE_TTL */
|
||||||
VAR_QNAME_MINIMISATION_STRICT = 478, /* VAR_QNAME_MINIMISATION_STRICT */
|
VAR_PERMIT_SMALL_HOLDDOWN = 478, /* VAR_PERMIT_SMALL_HOLDDOWN */
|
||||||
VAR_IP_FREEBIND = 479, /* VAR_IP_FREEBIND */
|
VAR_QNAME_MINIMISATION = 479, /* VAR_QNAME_MINIMISATION */
|
||||||
VAR_DEFINE_TAG = 480, /* VAR_DEFINE_TAG */
|
VAR_QNAME_MINIMISATION_STRICT = 480, /* VAR_QNAME_MINIMISATION_STRICT */
|
||||||
VAR_LOCAL_ZONE_TAG = 481, /* VAR_LOCAL_ZONE_TAG */
|
VAR_IP_FREEBIND = 481, /* VAR_IP_FREEBIND */
|
||||||
VAR_ACCESS_CONTROL_TAG = 482, /* VAR_ACCESS_CONTROL_TAG */
|
VAR_DEFINE_TAG = 482, /* VAR_DEFINE_TAG */
|
||||||
VAR_LOCAL_ZONE_OVERRIDE = 483, /* VAR_LOCAL_ZONE_OVERRIDE */
|
VAR_LOCAL_ZONE_TAG = 483, /* VAR_LOCAL_ZONE_TAG */
|
||||||
VAR_ACCESS_CONTROL_TAG_ACTION = 484, /* VAR_ACCESS_CONTROL_TAG_ACTION */
|
VAR_ACCESS_CONTROL_TAG = 484, /* VAR_ACCESS_CONTROL_TAG */
|
||||||
VAR_ACCESS_CONTROL_TAG_DATA = 485, /* VAR_ACCESS_CONTROL_TAG_DATA */
|
VAR_LOCAL_ZONE_OVERRIDE = 485, /* VAR_LOCAL_ZONE_OVERRIDE */
|
||||||
VAR_VIEW = 486, /* VAR_VIEW */
|
VAR_ACCESS_CONTROL_TAG_ACTION = 486, /* VAR_ACCESS_CONTROL_TAG_ACTION */
|
||||||
VAR_ACCESS_CONTROL_VIEW = 487, /* VAR_ACCESS_CONTROL_VIEW */
|
VAR_ACCESS_CONTROL_TAG_DATA = 487, /* VAR_ACCESS_CONTROL_TAG_DATA */
|
||||||
VAR_VIEW_FIRST = 488, /* VAR_VIEW_FIRST */
|
VAR_VIEW = 488, /* VAR_VIEW */
|
||||||
VAR_SERVE_EXPIRED = 489, /* VAR_SERVE_EXPIRED */
|
VAR_ACCESS_CONTROL_VIEW = 489, /* VAR_ACCESS_CONTROL_VIEW */
|
||||||
VAR_SERVE_EXPIRED_TTL = 490, /* VAR_SERVE_EXPIRED_TTL */
|
VAR_VIEW_FIRST = 490, /* VAR_VIEW_FIRST */
|
||||||
VAR_SERVE_EXPIRED_TTL_RESET = 491, /* VAR_SERVE_EXPIRED_TTL_RESET */
|
VAR_SERVE_EXPIRED = 491, /* VAR_SERVE_EXPIRED */
|
||||||
VAR_SERVE_EXPIRED_REPLY_TTL = 492, /* VAR_SERVE_EXPIRED_REPLY_TTL */
|
VAR_SERVE_EXPIRED_TTL = 492, /* VAR_SERVE_EXPIRED_TTL */
|
||||||
VAR_SERVE_EXPIRED_CLIENT_TIMEOUT = 493, /* VAR_SERVE_EXPIRED_CLIENT_TIMEOUT */
|
VAR_SERVE_EXPIRED_TTL_RESET = 493, /* VAR_SERVE_EXPIRED_TTL_RESET */
|
||||||
VAR_EDE_SERVE_EXPIRED = 494, /* VAR_EDE_SERVE_EXPIRED */
|
VAR_SERVE_EXPIRED_REPLY_TTL = 494, /* VAR_SERVE_EXPIRED_REPLY_TTL */
|
||||||
VAR_SERVE_ORIGINAL_TTL = 495, /* VAR_SERVE_ORIGINAL_TTL */
|
VAR_SERVE_EXPIRED_CLIENT_TIMEOUT = 495, /* VAR_SERVE_EXPIRED_CLIENT_TIMEOUT */
|
||||||
VAR_FAKE_DSA = 496, /* VAR_FAKE_DSA */
|
VAR_EDE_SERVE_EXPIRED = 496, /* VAR_EDE_SERVE_EXPIRED */
|
||||||
VAR_FAKE_SHA1 = 497, /* VAR_FAKE_SHA1 */
|
VAR_SERVE_ORIGINAL_TTL = 497, /* VAR_SERVE_ORIGINAL_TTL */
|
||||||
VAR_LOG_IDENTITY = 498, /* VAR_LOG_IDENTITY */
|
VAR_FAKE_DSA = 498, /* VAR_FAKE_DSA */
|
||||||
VAR_HIDE_TRUSTANCHOR = 499, /* VAR_HIDE_TRUSTANCHOR */
|
VAR_FAKE_SHA1 = 499, /* VAR_FAKE_SHA1 */
|
||||||
VAR_HIDE_HTTP_USER_AGENT = 500, /* VAR_HIDE_HTTP_USER_AGENT */
|
VAR_LOG_IDENTITY = 500, /* VAR_LOG_IDENTITY */
|
||||||
VAR_HTTP_USER_AGENT = 501, /* VAR_HTTP_USER_AGENT */
|
VAR_HIDE_TRUSTANCHOR = 501, /* VAR_HIDE_TRUSTANCHOR */
|
||||||
VAR_TRUST_ANCHOR_SIGNALING = 502, /* VAR_TRUST_ANCHOR_SIGNALING */
|
VAR_HIDE_HTTP_USER_AGENT = 502, /* VAR_HIDE_HTTP_USER_AGENT */
|
||||||
VAR_AGGRESSIVE_NSEC = 503, /* VAR_AGGRESSIVE_NSEC */
|
VAR_HTTP_USER_AGENT = 503, /* VAR_HTTP_USER_AGENT */
|
||||||
VAR_USE_SYSTEMD = 504, /* VAR_USE_SYSTEMD */
|
VAR_TRUST_ANCHOR_SIGNALING = 504, /* VAR_TRUST_ANCHOR_SIGNALING */
|
||||||
VAR_SHM_ENABLE = 505, /* VAR_SHM_ENABLE */
|
VAR_AGGRESSIVE_NSEC = 505, /* VAR_AGGRESSIVE_NSEC */
|
||||||
VAR_SHM_KEY = 506, /* VAR_SHM_KEY */
|
VAR_USE_SYSTEMD = 506, /* VAR_USE_SYSTEMD */
|
||||||
VAR_ROOT_KEY_SENTINEL = 507, /* VAR_ROOT_KEY_SENTINEL */
|
VAR_SHM_ENABLE = 507, /* VAR_SHM_ENABLE */
|
||||||
VAR_DNSCRYPT = 508, /* VAR_DNSCRYPT */
|
VAR_SHM_KEY = 508, /* VAR_SHM_KEY */
|
||||||
VAR_DNSCRYPT_ENABLE = 509, /* VAR_DNSCRYPT_ENABLE */
|
VAR_ROOT_KEY_SENTINEL = 509, /* VAR_ROOT_KEY_SENTINEL */
|
||||||
VAR_DNSCRYPT_PORT = 510, /* VAR_DNSCRYPT_PORT */
|
VAR_DNSCRYPT = 510, /* VAR_DNSCRYPT */
|
||||||
VAR_DNSCRYPT_PROVIDER = 511, /* VAR_DNSCRYPT_PROVIDER */
|
VAR_DNSCRYPT_ENABLE = 511, /* VAR_DNSCRYPT_ENABLE */
|
||||||
VAR_DNSCRYPT_SECRET_KEY = 512, /* VAR_DNSCRYPT_SECRET_KEY */
|
VAR_DNSCRYPT_PORT = 512, /* VAR_DNSCRYPT_PORT */
|
||||||
VAR_DNSCRYPT_PROVIDER_CERT = 513, /* VAR_DNSCRYPT_PROVIDER_CERT */
|
VAR_DNSCRYPT_PROVIDER = 513, /* VAR_DNSCRYPT_PROVIDER */
|
||||||
VAR_DNSCRYPT_PROVIDER_CERT_ROTATED = 514, /* VAR_DNSCRYPT_PROVIDER_CERT_ROTATED */
|
VAR_DNSCRYPT_SECRET_KEY = 514, /* VAR_DNSCRYPT_SECRET_KEY */
|
||||||
VAR_DNSCRYPT_SHARED_SECRET_CACHE_SIZE = 515, /* VAR_DNSCRYPT_SHARED_SECRET_CACHE_SIZE */
|
VAR_DNSCRYPT_PROVIDER_CERT = 515, /* VAR_DNSCRYPT_PROVIDER_CERT */
|
||||||
VAR_DNSCRYPT_SHARED_SECRET_CACHE_SLABS = 516, /* VAR_DNSCRYPT_SHARED_SECRET_CACHE_SLABS */
|
VAR_DNSCRYPT_PROVIDER_CERT_ROTATED = 516, /* VAR_DNSCRYPT_PROVIDER_CERT_ROTATED */
|
||||||
VAR_DNSCRYPT_NONCE_CACHE_SIZE = 517, /* VAR_DNSCRYPT_NONCE_CACHE_SIZE */
|
VAR_DNSCRYPT_SHARED_SECRET_CACHE_SIZE = 517, /* VAR_DNSCRYPT_SHARED_SECRET_CACHE_SIZE */
|
||||||
VAR_DNSCRYPT_NONCE_CACHE_SLABS = 518, /* VAR_DNSCRYPT_NONCE_CACHE_SLABS */
|
VAR_DNSCRYPT_SHARED_SECRET_CACHE_SLABS = 518, /* VAR_DNSCRYPT_SHARED_SECRET_CACHE_SLABS */
|
||||||
VAR_PAD_RESPONSES = 519, /* VAR_PAD_RESPONSES */
|
VAR_DNSCRYPT_NONCE_CACHE_SIZE = 519, /* VAR_DNSCRYPT_NONCE_CACHE_SIZE */
|
||||||
VAR_PAD_RESPONSES_BLOCK_SIZE = 520, /* VAR_PAD_RESPONSES_BLOCK_SIZE */
|
VAR_DNSCRYPT_NONCE_CACHE_SLABS = 520, /* VAR_DNSCRYPT_NONCE_CACHE_SLABS */
|
||||||
VAR_PAD_QUERIES = 521, /* VAR_PAD_QUERIES */
|
VAR_PAD_RESPONSES = 521, /* VAR_PAD_RESPONSES */
|
||||||
VAR_PAD_QUERIES_BLOCK_SIZE = 522, /* VAR_PAD_QUERIES_BLOCK_SIZE */
|
VAR_PAD_RESPONSES_BLOCK_SIZE = 522, /* VAR_PAD_RESPONSES_BLOCK_SIZE */
|
||||||
VAR_IPSECMOD_ENABLED = 523, /* VAR_IPSECMOD_ENABLED */
|
VAR_PAD_QUERIES = 523, /* VAR_PAD_QUERIES */
|
||||||
VAR_IPSECMOD_HOOK = 524, /* VAR_IPSECMOD_HOOK */
|
VAR_PAD_QUERIES_BLOCK_SIZE = 524, /* VAR_PAD_QUERIES_BLOCK_SIZE */
|
||||||
VAR_IPSECMOD_IGNORE_BOGUS = 525, /* VAR_IPSECMOD_IGNORE_BOGUS */
|
VAR_IPSECMOD_ENABLED = 525, /* VAR_IPSECMOD_ENABLED */
|
||||||
VAR_IPSECMOD_MAX_TTL = 526, /* VAR_IPSECMOD_MAX_TTL */
|
VAR_IPSECMOD_HOOK = 526, /* VAR_IPSECMOD_HOOK */
|
||||||
VAR_IPSECMOD_WHITELIST = 527, /* VAR_IPSECMOD_WHITELIST */
|
VAR_IPSECMOD_IGNORE_BOGUS = 527, /* VAR_IPSECMOD_IGNORE_BOGUS */
|
||||||
VAR_IPSECMOD_STRICT = 528, /* VAR_IPSECMOD_STRICT */
|
VAR_IPSECMOD_MAX_TTL = 528, /* VAR_IPSECMOD_MAX_TTL */
|
||||||
VAR_CACHEDB = 529, /* VAR_CACHEDB */
|
VAR_IPSECMOD_WHITELIST = 529, /* VAR_IPSECMOD_WHITELIST */
|
||||||
VAR_CACHEDB_BACKEND = 530, /* VAR_CACHEDB_BACKEND */
|
VAR_IPSECMOD_STRICT = 530, /* VAR_IPSECMOD_STRICT */
|
||||||
VAR_CACHEDB_SECRETSEED = 531, /* VAR_CACHEDB_SECRETSEED */
|
VAR_CACHEDB = 531, /* VAR_CACHEDB */
|
||||||
VAR_CACHEDB_REDISHOST = 532, /* VAR_CACHEDB_REDISHOST */
|
VAR_CACHEDB_BACKEND = 532, /* VAR_CACHEDB_BACKEND */
|
||||||
VAR_CACHEDB_REDISPORT = 533, /* VAR_CACHEDB_REDISPORT */
|
VAR_CACHEDB_SECRETSEED = 533, /* VAR_CACHEDB_SECRETSEED */
|
||||||
VAR_CACHEDB_REDISTIMEOUT = 534, /* VAR_CACHEDB_REDISTIMEOUT */
|
VAR_CACHEDB_REDISHOST = 534, /* VAR_CACHEDB_REDISHOST */
|
||||||
VAR_CACHEDB_REDISEXPIRERECORDS = 535, /* VAR_CACHEDB_REDISEXPIRERECORDS */
|
VAR_CACHEDB_REDISPORT = 535, /* VAR_CACHEDB_REDISPORT */
|
||||||
VAR_UDP_UPSTREAM_WITHOUT_DOWNSTREAM = 536, /* VAR_UDP_UPSTREAM_WITHOUT_DOWNSTREAM */
|
VAR_CACHEDB_REDISTIMEOUT = 536, /* VAR_CACHEDB_REDISTIMEOUT */
|
||||||
VAR_FOR_UPSTREAM = 537, /* VAR_FOR_UPSTREAM */
|
VAR_CACHEDB_REDISEXPIRERECORDS = 537, /* VAR_CACHEDB_REDISEXPIRERECORDS */
|
||||||
VAR_AUTH_ZONE = 538, /* VAR_AUTH_ZONE */
|
VAR_UDP_UPSTREAM_WITHOUT_DOWNSTREAM = 538, /* VAR_UDP_UPSTREAM_WITHOUT_DOWNSTREAM */
|
||||||
VAR_ZONEFILE = 539, /* VAR_ZONEFILE */
|
VAR_FOR_UPSTREAM = 539, /* VAR_FOR_UPSTREAM */
|
||||||
VAR_MASTER = 540, /* VAR_MASTER */
|
VAR_AUTH_ZONE = 540, /* VAR_AUTH_ZONE */
|
||||||
VAR_URL = 541, /* VAR_URL */
|
VAR_ZONEFILE = 541, /* VAR_ZONEFILE */
|
||||||
VAR_FOR_DOWNSTREAM = 542, /* VAR_FOR_DOWNSTREAM */
|
VAR_MASTER = 542, /* VAR_MASTER */
|
||||||
VAR_FALLBACK_ENABLED = 543, /* VAR_FALLBACK_ENABLED */
|
VAR_URL = 543, /* VAR_URL */
|
||||||
VAR_TLS_ADDITIONAL_PORT = 544, /* VAR_TLS_ADDITIONAL_PORT */
|
VAR_FOR_DOWNSTREAM = 544, /* VAR_FOR_DOWNSTREAM */
|
||||||
VAR_LOW_RTT = 545, /* VAR_LOW_RTT */
|
VAR_FALLBACK_ENABLED = 545, /* VAR_FALLBACK_ENABLED */
|
||||||
VAR_LOW_RTT_PERMIL = 546, /* VAR_LOW_RTT_PERMIL */
|
VAR_TLS_ADDITIONAL_PORT = 546, /* VAR_TLS_ADDITIONAL_PORT */
|
||||||
VAR_FAST_SERVER_PERMIL = 547, /* VAR_FAST_SERVER_PERMIL */
|
VAR_LOW_RTT = 547, /* VAR_LOW_RTT */
|
||||||
VAR_FAST_SERVER_NUM = 548, /* VAR_FAST_SERVER_NUM */
|
VAR_LOW_RTT_PERMIL = 548, /* VAR_LOW_RTT_PERMIL */
|
||||||
VAR_ALLOW_NOTIFY = 549, /* VAR_ALLOW_NOTIFY */
|
VAR_FAST_SERVER_PERMIL = 549, /* VAR_FAST_SERVER_PERMIL */
|
||||||
VAR_TLS_WIN_CERT = 550, /* VAR_TLS_WIN_CERT */
|
VAR_FAST_SERVER_NUM = 550, /* VAR_FAST_SERVER_NUM */
|
||||||
VAR_TCP_CONNECTION_LIMIT = 551, /* VAR_TCP_CONNECTION_LIMIT */
|
VAR_ALLOW_NOTIFY = 551, /* VAR_ALLOW_NOTIFY */
|
||||||
VAR_FORWARD_NO_CACHE = 552, /* VAR_FORWARD_NO_CACHE */
|
VAR_TLS_WIN_CERT = 552, /* VAR_TLS_WIN_CERT */
|
||||||
VAR_STUB_NO_CACHE = 553, /* VAR_STUB_NO_CACHE */
|
VAR_TCP_CONNECTION_LIMIT = 553, /* VAR_TCP_CONNECTION_LIMIT */
|
||||||
VAR_LOG_SERVFAIL = 554, /* VAR_LOG_SERVFAIL */
|
VAR_FORWARD_NO_CACHE = 554, /* VAR_FORWARD_NO_CACHE */
|
||||||
VAR_DENY_ANY = 555, /* VAR_DENY_ANY */
|
VAR_STUB_NO_CACHE = 555, /* VAR_STUB_NO_CACHE */
|
||||||
VAR_UNKNOWN_SERVER_TIME_LIMIT = 556, /* VAR_UNKNOWN_SERVER_TIME_LIMIT */
|
VAR_LOG_SERVFAIL = 556, /* VAR_LOG_SERVFAIL */
|
||||||
VAR_LOG_TAG_QUERYREPLY = 557, /* VAR_LOG_TAG_QUERYREPLY */
|
VAR_DENY_ANY = 557, /* VAR_DENY_ANY */
|
||||||
VAR_STREAM_WAIT_SIZE = 558, /* VAR_STREAM_WAIT_SIZE */
|
VAR_UNKNOWN_SERVER_TIME_LIMIT = 558, /* VAR_UNKNOWN_SERVER_TIME_LIMIT */
|
||||||
VAR_TLS_CIPHERS = 559, /* VAR_TLS_CIPHERS */
|
VAR_LOG_TAG_QUERYREPLY = 559, /* VAR_LOG_TAG_QUERYREPLY */
|
||||||
VAR_TLS_CIPHERSUITES = 560, /* VAR_TLS_CIPHERSUITES */
|
VAR_STREAM_WAIT_SIZE = 560, /* VAR_STREAM_WAIT_SIZE */
|
||||||
VAR_TLS_USE_SNI = 561, /* VAR_TLS_USE_SNI */
|
VAR_TLS_CIPHERS = 561, /* VAR_TLS_CIPHERS */
|
||||||
VAR_IPSET = 562, /* VAR_IPSET */
|
VAR_TLS_CIPHERSUITES = 562, /* VAR_TLS_CIPHERSUITES */
|
||||||
VAR_IPSET_NAME_V4 = 563, /* VAR_IPSET_NAME_V4 */
|
VAR_TLS_USE_SNI = 563, /* VAR_TLS_USE_SNI */
|
||||||
VAR_IPSET_NAME_V6 = 564, /* VAR_IPSET_NAME_V6 */
|
VAR_IPSET = 564, /* VAR_IPSET */
|
||||||
VAR_TLS_SESSION_TICKET_KEYS = 565, /* VAR_TLS_SESSION_TICKET_KEYS */
|
VAR_IPSET_NAME_V4 = 565, /* VAR_IPSET_NAME_V4 */
|
||||||
VAR_RPZ = 566, /* VAR_RPZ */
|
VAR_IPSET_NAME_V6 = 566, /* VAR_IPSET_NAME_V6 */
|
||||||
VAR_TAGS = 567, /* VAR_TAGS */
|
VAR_TLS_SESSION_TICKET_KEYS = 567, /* VAR_TLS_SESSION_TICKET_KEYS */
|
||||||
VAR_RPZ_ACTION_OVERRIDE = 568, /* VAR_RPZ_ACTION_OVERRIDE */
|
VAR_RPZ = 568, /* VAR_RPZ */
|
||||||
VAR_RPZ_CNAME_OVERRIDE = 569, /* VAR_RPZ_CNAME_OVERRIDE */
|
VAR_TAGS = 569, /* VAR_TAGS */
|
||||||
VAR_RPZ_LOG = 570, /* VAR_RPZ_LOG */
|
VAR_RPZ_ACTION_OVERRIDE = 570, /* VAR_RPZ_ACTION_OVERRIDE */
|
||||||
VAR_RPZ_LOG_NAME = 571, /* VAR_RPZ_LOG_NAME */
|
VAR_RPZ_CNAME_OVERRIDE = 571, /* VAR_RPZ_CNAME_OVERRIDE */
|
||||||
VAR_DYNLIB = 572, /* VAR_DYNLIB */
|
VAR_RPZ_LOG = 572, /* VAR_RPZ_LOG */
|
||||||
VAR_DYNLIB_FILE = 573, /* VAR_DYNLIB_FILE */
|
VAR_RPZ_LOG_NAME = 573, /* VAR_RPZ_LOG_NAME */
|
||||||
VAR_EDNS_CLIENT_STRING = 574, /* VAR_EDNS_CLIENT_STRING */
|
VAR_DYNLIB = 574, /* VAR_DYNLIB */
|
||||||
VAR_EDNS_CLIENT_STRING_OPCODE = 575, /* VAR_EDNS_CLIENT_STRING_OPCODE */
|
VAR_DYNLIB_FILE = 575, /* VAR_DYNLIB_FILE */
|
||||||
VAR_NSID = 576, /* VAR_NSID */
|
VAR_EDNS_CLIENT_STRING = 576, /* VAR_EDNS_CLIENT_STRING */
|
||||||
VAR_ZONEMD_PERMISSIVE_MODE = 577, /* VAR_ZONEMD_PERMISSIVE_MODE */
|
VAR_EDNS_CLIENT_STRING_OPCODE = 577, /* VAR_EDNS_CLIENT_STRING_OPCODE */
|
||||||
VAR_ZONEMD_CHECK = 578, /* VAR_ZONEMD_CHECK */
|
VAR_NSID = 578, /* VAR_NSID */
|
||||||
VAR_ZONEMD_REJECT_ABSENCE = 579, /* VAR_ZONEMD_REJECT_ABSENCE */
|
VAR_ZONEMD_PERMISSIVE_MODE = 579, /* VAR_ZONEMD_PERMISSIVE_MODE */
|
||||||
VAR_RPZ_SIGNAL_NXDOMAIN_RA = 580, /* VAR_RPZ_SIGNAL_NXDOMAIN_RA */
|
VAR_ZONEMD_CHECK = 580, /* VAR_ZONEMD_CHECK */
|
||||||
VAR_INTERFACE_AUTOMATIC_PORTS = 581, /* VAR_INTERFACE_AUTOMATIC_PORTS */
|
VAR_ZONEMD_REJECT_ABSENCE = 581, /* VAR_ZONEMD_REJECT_ABSENCE */
|
||||||
VAR_EDE = 582, /* VAR_EDE */
|
VAR_RPZ_SIGNAL_NXDOMAIN_RA = 582, /* VAR_RPZ_SIGNAL_NXDOMAIN_RA */
|
||||||
VAR_INTERFACE_ACTION = 583, /* VAR_INTERFACE_ACTION */
|
VAR_INTERFACE_AUTOMATIC_PORTS = 583, /* VAR_INTERFACE_AUTOMATIC_PORTS */
|
||||||
VAR_INTERFACE_VIEW = 584, /* VAR_INTERFACE_VIEW */
|
VAR_EDE = 584, /* VAR_EDE */
|
||||||
VAR_INTERFACE_TAG = 585, /* VAR_INTERFACE_TAG */
|
VAR_INTERFACE_ACTION = 585, /* VAR_INTERFACE_ACTION */
|
||||||
VAR_INTERFACE_TAG_ACTION = 586, /* VAR_INTERFACE_TAG_ACTION */
|
VAR_INTERFACE_VIEW = 586, /* VAR_INTERFACE_VIEW */
|
||||||
VAR_INTERFACE_TAG_DATA = 587, /* VAR_INTERFACE_TAG_DATA */
|
VAR_INTERFACE_TAG = 587, /* VAR_INTERFACE_TAG */
|
||||||
VAR_PROXY_PROTOCOL_PORT = 588 /* VAR_PROXY_PROTOCOL_PORT */
|
VAR_INTERFACE_TAG_ACTION = 588, /* VAR_INTERFACE_TAG_ACTION */
|
||||||
|
VAR_INTERFACE_TAG_DATA = 589, /* VAR_INTERFACE_TAG_DATA */
|
||||||
|
VAR_PROXY_PROTOCOL_PORT = 590, /* VAR_PROXY_PROTOCOL_PORT */
|
||||||
|
VAR_STATISTICS_INHIBIT_ZERO = 591 /* VAR_STATISTICS_INHIBIT_ZERO */
|
||||||
};
|
};
|
||||||
typedef enum yytokentype yytoken_kind_t;
|
typedef enum yytokentype yytoken_kind_t;
|
||||||
#endif
|
#endif
|
||||||
@ -593,137 +596,140 @@ extern int yydebug;
|
|||||||
#define VAR_RATELIMIT_SLABS 455
|
#define VAR_RATELIMIT_SLABS 455
|
||||||
#define VAR_RATELIMIT_SIZE 456
|
#define VAR_RATELIMIT_SIZE 456
|
||||||
#define VAR_OUTBOUND_MSG_RETRY 457
|
#define VAR_OUTBOUND_MSG_RETRY 457
|
||||||
#define VAR_RATELIMIT_FOR_DOMAIN 458
|
#define VAR_MAX_SENT_COUNT 458
|
||||||
#define VAR_RATELIMIT_BELOW_DOMAIN 459
|
#define VAR_MAX_QUERY_RESTARTS 459
|
||||||
#define VAR_IP_RATELIMIT_FACTOR 460
|
#define VAR_RATELIMIT_FOR_DOMAIN 460
|
||||||
#define VAR_RATELIMIT_FACTOR 461
|
#define VAR_RATELIMIT_BELOW_DOMAIN 461
|
||||||
#define VAR_IP_RATELIMIT_BACKOFF 462
|
#define VAR_IP_RATELIMIT_FACTOR 462
|
||||||
#define VAR_RATELIMIT_BACKOFF 463
|
#define VAR_RATELIMIT_FACTOR 463
|
||||||
#define VAR_SEND_CLIENT_SUBNET 464
|
#define VAR_IP_RATELIMIT_BACKOFF 464
|
||||||
#define VAR_CLIENT_SUBNET_ZONE 465
|
#define VAR_RATELIMIT_BACKOFF 465
|
||||||
#define VAR_CLIENT_SUBNET_ALWAYS_FORWARD 466
|
#define VAR_SEND_CLIENT_SUBNET 466
|
||||||
#define VAR_CLIENT_SUBNET_OPCODE 467
|
#define VAR_CLIENT_SUBNET_ZONE 467
|
||||||
#define VAR_MAX_CLIENT_SUBNET_IPV4 468
|
#define VAR_CLIENT_SUBNET_ALWAYS_FORWARD 468
|
||||||
#define VAR_MAX_CLIENT_SUBNET_IPV6 469
|
#define VAR_CLIENT_SUBNET_OPCODE 469
|
||||||
#define VAR_MIN_CLIENT_SUBNET_IPV4 470
|
#define VAR_MAX_CLIENT_SUBNET_IPV4 470
|
||||||
#define VAR_MIN_CLIENT_SUBNET_IPV6 471
|
#define VAR_MAX_CLIENT_SUBNET_IPV6 471
|
||||||
#define VAR_MAX_ECS_TREE_SIZE_IPV4 472
|
#define VAR_MIN_CLIENT_SUBNET_IPV4 472
|
||||||
#define VAR_MAX_ECS_TREE_SIZE_IPV6 473
|
#define VAR_MIN_CLIENT_SUBNET_IPV6 473
|
||||||
#define VAR_CAPS_WHITELIST 474
|
#define VAR_MAX_ECS_TREE_SIZE_IPV4 474
|
||||||
#define VAR_CACHE_MAX_NEGATIVE_TTL 475
|
#define VAR_MAX_ECS_TREE_SIZE_IPV6 475
|
||||||
#define VAR_PERMIT_SMALL_HOLDDOWN 476
|
#define VAR_CAPS_WHITELIST 476
|
||||||
#define VAR_QNAME_MINIMISATION 477
|
#define VAR_CACHE_MAX_NEGATIVE_TTL 477
|
||||||
#define VAR_QNAME_MINIMISATION_STRICT 478
|
#define VAR_PERMIT_SMALL_HOLDDOWN 478
|
||||||
#define VAR_IP_FREEBIND 479
|
#define VAR_QNAME_MINIMISATION 479
|
||||||
#define VAR_DEFINE_TAG 480
|
#define VAR_QNAME_MINIMISATION_STRICT 480
|
||||||
#define VAR_LOCAL_ZONE_TAG 481
|
#define VAR_IP_FREEBIND 481
|
||||||
#define VAR_ACCESS_CONTROL_TAG 482
|
#define VAR_DEFINE_TAG 482
|
||||||
#define VAR_LOCAL_ZONE_OVERRIDE 483
|
#define VAR_LOCAL_ZONE_TAG 483
|
||||||
#define VAR_ACCESS_CONTROL_TAG_ACTION 484
|
#define VAR_ACCESS_CONTROL_TAG 484
|
||||||
#define VAR_ACCESS_CONTROL_TAG_DATA 485
|
#define VAR_LOCAL_ZONE_OVERRIDE 485
|
||||||
#define VAR_VIEW 486
|
#define VAR_ACCESS_CONTROL_TAG_ACTION 486
|
||||||
#define VAR_ACCESS_CONTROL_VIEW 487
|
#define VAR_ACCESS_CONTROL_TAG_DATA 487
|
||||||
#define VAR_VIEW_FIRST 488
|
#define VAR_VIEW 488
|
||||||
#define VAR_SERVE_EXPIRED 489
|
#define VAR_ACCESS_CONTROL_VIEW 489
|
||||||
#define VAR_SERVE_EXPIRED_TTL 490
|
#define VAR_VIEW_FIRST 490
|
||||||
#define VAR_SERVE_EXPIRED_TTL_RESET 491
|
#define VAR_SERVE_EXPIRED 491
|
||||||
#define VAR_SERVE_EXPIRED_REPLY_TTL 492
|
#define VAR_SERVE_EXPIRED_TTL 492
|
||||||
#define VAR_SERVE_EXPIRED_CLIENT_TIMEOUT 493
|
#define VAR_SERVE_EXPIRED_TTL_RESET 493
|
||||||
#define VAR_EDE_SERVE_EXPIRED 494
|
#define VAR_SERVE_EXPIRED_REPLY_TTL 494
|
||||||
#define VAR_SERVE_ORIGINAL_TTL 495
|
#define VAR_SERVE_EXPIRED_CLIENT_TIMEOUT 495
|
||||||
#define VAR_FAKE_DSA 496
|
#define VAR_EDE_SERVE_EXPIRED 496
|
||||||
#define VAR_FAKE_SHA1 497
|
#define VAR_SERVE_ORIGINAL_TTL 497
|
||||||
#define VAR_LOG_IDENTITY 498
|
#define VAR_FAKE_DSA 498
|
||||||
#define VAR_HIDE_TRUSTANCHOR 499
|
#define VAR_FAKE_SHA1 499
|
||||||
#define VAR_HIDE_HTTP_USER_AGENT 500
|
#define VAR_LOG_IDENTITY 500
|
||||||
#define VAR_HTTP_USER_AGENT 501
|
#define VAR_HIDE_TRUSTANCHOR 501
|
||||||
#define VAR_TRUST_ANCHOR_SIGNALING 502
|
#define VAR_HIDE_HTTP_USER_AGENT 502
|
||||||
#define VAR_AGGRESSIVE_NSEC 503
|
#define VAR_HTTP_USER_AGENT 503
|
||||||
#define VAR_USE_SYSTEMD 504
|
#define VAR_TRUST_ANCHOR_SIGNALING 504
|
||||||
#define VAR_SHM_ENABLE 505
|
#define VAR_AGGRESSIVE_NSEC 505
|
||||||
#define VAR_SHM_KEY 506
|
#define VAR_USE_SYSTEMD 506
|
||||||
#define VAR_ROOT_KEY_SENTINEL 507
|
#define VAR_SHM_ENABLE 507
|
||||||
#define VAR_DNSCRYPT 508
|
#define VAR_SHM_KEY 508
|
||||||
#define VAR_DNSCRYPT_ENABLE 509
|
#define VAR_ROOT_KEY_SENTINEL 509
|
||||||
#define VAR_DNSCRYPT_PORT 510
|
#define VAR_DNSCRYPT 510
|
||||||
#define VAR_DNSCRYPT_PROVIDER 511
|
#define VAR_DNSCRYPT_ENABLE 511
|
||||||
#define VAR_DNSCRYPT_SECRET_KEY 512
|
#define VAR_DNSCRYPT_PORT 512
|
||||||
#define VAR_DNSCRYPT_PROVIDER_CERT 513
|
#define VAR_DNSCRYPT_PROVIDER 513
|
||||||
#define VAR_DNSCRYPT_PROVIDER_CERT_ROTATED 514
|
#define VAR_DNSCRYPT_SECRET_KEY 514
|
||||||
#define VAR_DNSCRYPT_SHARED_SECRET_CACHE_SIZE 515
|
#define VAR_DNSCRYPT_PROVIDER_CERT 515
|
||||||
#define VAR_DNSCRYPT_SHARED_SECRET_CACHE_SLABS 516
|
#define VAR_DNSCRYPT_PROVIDER_CERT_ROTATED 516
|
||||||
#define VAR_DNSCRYPT_NONCE_CACHE_SIZE 517
|
#define VAR_DNSCRYPT_SHARED_SECRET_CACHE_SIZE 517
|
||||||
#define VAR_DNSCRYPT_NONCE_CACHE_SLABS 518
|
#define VAR_DNSCRYPT_SHARED_SECRET_CACHE_SLABS 518
|
||||||
#define VAR_PAD_RESPONSES 519
|
#define VAR_DNSCRYPT_NONCE_CACHE_SIZE 519
|
||||||
#define VAR_PAD_RESPONSES_BLOCK_SIZE 520
|
#define VAR_DNSCRYPT_NONCE_CACHE_SLABS 520
|
||||||
#define VAR_PAD_QUERIES 521
|
#define VAR_PAD_RESPONSES 521
|
||||||
#define VAR_PAD_QUERIES_BLOCK_SIZE 522
|
#define VAR_PAD_RESPONSES_BLOCK_SIZE 522
|
||||||
#define VAR_IPSECMOD_ENABLED 523
|
#define VAR_PAD_QUERIES 523
|
||||||
#define VAR_IPSECMOD_HOOK 524
|
#define VAR_PAD_QUERIES_BLOCK_SIZE 524
|
||||||
#define VAR_IPSECMOD_IGNORE_BOGUS 525
|
#define VAR_IPSECMOD_ENABLED 525
|
||||||
#define VAR_IPSECMOD_MAX_TTL 526
|
#define VAR_IPSECMOD_HOOK 526
|
||||||
#define VAR_IPSECMOD_WHITELIST 527
|
#define VAR_IPSECMOD_IGNORE_BOGUS 527
|
||||||
#define VAR_IPSECMOD_STRICT 528
|
#define VAR_IPSECMOD_MAX_TTL 528
|
||||||
#define VAR_CACHEDB 529
|
#define VAR_IPSECMOD_WHITELIST 529
|
||||||
#define VAR_CACHEDB_BACKEND 530
|
#define VAR_IPSECMOD_STRICT 530
|
||||||
#define VAR_CACHEDB_SECRETSEED 531
|
#define VAR_CACHEDB 531
|
||||||
#define VAR_CACHEDB_REDISHOST 532
|
#define VAR_CACHEDB_BACKEND 532
|
||||||
#define VAR_CACHEDB_REDISPORT 533
|
#define VAR_CACHEDB_SECRETSEED 533
|
||||||
#define VAR_CACHEDB_REDISTIMEOUT 534
|
#define VAR_CACHEDB_REDISHOST 534
|
||||||
#define VAR_CACHEDB_REDISEXPIRERECORDS 535
|
#define VAR_CACHEDB_REDISPORT 535
|
||||||
#define VAR_UDP_UPSTREAM_WITHOUT_DOWNSTREAM 536
|
#define VAR_CACHEDB_REDISTIMEOUT 536
|
||||||
#define VAR_FOR_UPSTREAM 537
|
#define VAR_CACHEDB_REDISEXPIRERECORDS 537
|
||||||
#define VAR_AUTH_ZONE 538
|
#define VAR_UDP_UPSTREAM_WITHOUT_DOWNSTREAM 538
|
||||||
#define VAR_ZONEFILE 539
|
#define VAR_FOR_UPSTREAM 539
|
||||||
#define VAR_MASTER 540
|
#define VAR_AUTH_ZONE 540
|
||||||
#define VAR_URL 541
|
#define VAR_ZONEFILE 541
|
||||||
#define VAR_FOR_DOWNSTREAM 542
|
#define VAR_MASTER 542
|
||||||
#define VAR_FALLBACK_ENABLED 543
|
#define VAR_URL 543
|
||||||
#define VAR_TLS_ADDITIONAL_PORT 544
|
#define VAR_FOR_DOWNSTREAM 544
|
||||||
#define VAR_LOW_RTT 545
|
#define VAR_FALLBACK_ENABLED 545
|
||||||
#define VAR_LOW_RTT_PERMIL 546
|
#define VAR_TLS_ADDITIONAL_PORT 546
|
||||||
#define VAR_FAST_SERVER_PERMIL 547
|
#define VAR_LOW_RTT 547
|
||||||
#define VAR_FAST_SERVER_NUM 548
|
#define VAR_LOW_RTT_PERMIL 548
|
||||||
#define VAR_ALLOW_NOTIFY 549
|
#define VAR_FAST_SERVER_PERMIL 549
|
||||||
#define VAR_TLS_WIN_CERT 550
|
#define VAR_FAST_SERVER_NUM 550
|
||||||
#define VAR_TCP_CONNECTION_LIMIT 551
|
#define VAR_ALLOW_NOTIFY 551
|
||||||
#define VAR_FORWARD_NO_CACHE 552
|
#define VAR_TLS_WIN_CERT 552
|
||||||
#define VAR_STUB_NO_CACHE 553
|
#define VAR_TCP_CONNECTION_LIMIT 553
|
||||||
#define VAR_LOG_SERVFAIL 554
|
#define VAR_FORWARD_NO_CACHE 554
|
||||||
#define VAR_DENY_ANY 555
|
#define VAR_STUB_NO_CACHE 555
|
||||||
#define VAR_UNKNOWN_SERVER_TIME_LIMIT 556
|
#define VAR_LOG_SERVFAIL 556
|
||||||
#define VAR_LOG_TAG_QUERYREPLY 557
|
#define VAR_DENY_ANY 557
|
||||||
#define VAR_STREAM_WAIT_SIZE 558
|
#define VAR_UNKNOWN_SERVER_TIME_LIMIT 558
|
||||||
#define VAR_TLS_CIPHERS 559
|
#define VAR_LOG_TAG_QUERYREPLY 559
|
||||||
#define VAR_TLS_CIPHERSUITES 560
|
#define VAR_STREAM_WAIT_SIZE 560
|
||||||
#define VAR_TLS_USE_SNI 561
|
#define VAR_TLS_CIPHERS 561
|
||||||
#define VAR_IPSET 562
|
#define VAR_TLS_CIPHERSUITES 562
|
||||||
#define VAR_IPSET_NAME_V4 563
|
#define VAR_TLS_USE_SNI 563
|
||||||
#define VAR_IPSET_NAME_V6 564
|
#define VAR_IPSET 564
|
||||||
#define VAR_TLS_SESSION_TICKET_KEYS 565
|
#define VAR_IPSET_NAME_V4 565
|
||||||
#define VAR_RPZ 566
|
#define VAR_IPSET_NAME_V6 566
|
||||||
#define VAR_TAGS 567
|
#define VAR_TLS_SESSION_TICKET_KEYS 567
|
||||||
#define VAR_RPZ_ACTION_OVERRIDE 568
|
#define VAR_RPZ 568
|
||||||
#define VAR_RPZ_CNAME_OVERRIDE 569
|
#define VAR_TAGS 569
|
||||||
#define VAR_RPZ_LOG 570
|
#define VAR_RPZ_ACTION_OVERRIDE 570
|
||||||
#define VAR_RPZ_LOG_NAME 571
|
#define VAR_RPZ_CNAME_OVERRIDE 571
|
||||||
#define VAR_DYNLIB 572
|
#define VAR_RPZ_LOG 572
|
||||||
#define VAR_DYNLIB_FILE 573
|
#define VAR_RPZ_LOG_NAME 573
|
||||||
#define VAR_EDNS_CLIENT_STRING 574
|
#define VAR_DYNLIB 574
|
||||||
#define VAR_EDNS_CLIENT_STRING_OPCODE 575
|
#define VAR_DYNLIB_FILE 575
|
||||||
#define VAR_NSID 576
|
#define VAR_EDNS_CLIENT_STRING 576
|
||||||
#define VAR_ZONEMD_PERMISSIVE_MODE 577
|
#define VAR_EDNS_CLIENT_STRING_OPCODE 577
|
||||||
#define VAR_ZONEMD_CHECK 578
|
#define VAR_NSID 578
|
||||||
#define VAR_ZONEMD_REJECT_ABSENCE 579
|
#define VAR_ZONEMD_PERMISSIVE_MODE 579
|
||||||
#define VAR_RPZ_SIGNAL_NXDOMAIN_RA 580
|
#define VAR_ZONEMD_CHECK 580
|
||||||
#define VAR_INTERFACE_AUTOMATIC_PORTS 581
|
#define VAR_ZONEMD_REJECT_ABSENCE 581
|
||||||
#define VAR_EDE 582
|
#define VAR_RPZ_SIGNAL_NXDOMAIN_RA 582
|
||||||
#define VAR_INTERFACE_ACTION 583
|
#define VAR_INTERFACE_AUTOMATIC_PORTS 583
|
||||||
#define VAR_INTERFACE_VIEW 584
|
#define VAR_EDE 584
|
||||||
#define VAR_INTERFACE_TAG 585
|
#define VAR_INTERFACE_ACTION 585
|
||||||
#define VAR_INTERFACE_TAG_ACTION 586
|
#define VAR_INTERFACE_VIEW 586
|
||||||
#define VAR_INTERFACE_TAG_DATA 587
|
#define VAR_INTERFACE_TAG 587
|
||||||
#define VAR_PROXY_PROTOCOL_PORT 588
|
#define VAR_INTERFACE_TAG_ACTION 588
|
||||||
|
#define VAR_INTERFACE_TAG_DATA 589
|
||||||
|
#define VAR_PROXY_PROTOCOL_PORT 590
|
||||||
|
#define VAR_STATISTICS_INHIBIT_ZERO 591
|
||||||
|
|
||||||
/* Value type. */
|
/* Value type. */
|
||||||
#if ! defined YYSTYPE && ! defined YYSTYPE_IS_DECLARED
|
#if ! defined YYSTYPE && ! defined YYSTYPE_IS_DECLARED
|
||||||
@ -733,7 +739,7 @@ union YYSTYPE
|
|||||||
|
|
||||||
char* str;
|
char* str;
|
||||||
|
|
||||||
#line 737 "util/configparser.h"
|
#line 743 "util/configparser.h"
|
||||||
|
|
||||||
};
|
};
|
||||||
typedef union YYSTYPE YYSTYPE;
|
typedef union YYSTYPE YYSTYPE;
|
||||||
|
@ -140,7 +140,7 @@ extern struct config_parser_state* cfg_parser;
|
|||||||
%token VAR_DISABLE_DNSSEC_LAME_CHECK
|
%token VAR_DISABLE_DNSSEC_LAME_CHECK
|
||||||
%token VAR_IP_RATELIMIT VAR_IP_RATELIMIT_SLABS VAR_IP_RATELIMIT_SIZE
|
%token VAR_IP_RATELIMIT VAR_IP_RATELIMIT_SLABS VAR_IP_RATELIMIT_SIZE
|
||||||
%token VAR_RATELIMIT VAR_RATELIMIT_SLABS VAR_RATELIMIT_SIZE
|
%token VAR_RATELIMIT VAR_RATELIMIT_SLABS VAR_RATELIMIT_SIZE
|
||||||
%token VAR_OUTBOUND_MSG_RETRY
|
%token VAR_OUTBOUND_MSG_RETRY VAR_MAX_SENT_COUNT VAR_MAX_QUERY_RESTARTS
|
||||||
%token VAR_RATELIMIT_FOR_DOMAIN VAR_RATELIMIT_BELOW_DOMAIN
|
%token VAR_RATELIMIT_FOR_DOMAIN VAR_RATELIMIT_BELOW_DOMAIN
|
||||||
%token VAR_IP_RATELIMIT_FACTOR VAR_RATELIMIT_FACTOR
|
%token VAR_IP_RATELIMIT_FACTOR VAR_RATELIMIT_FACTOR
|
||||||
%token VAR_IP_RATELIMIT_BACKOFF VAR_RATELIMIT_BACKOFF
|
%token VAR_IP_RATELIMIT_BACKOFF VAR_RATELIMIT_BACKOFF
|
||||||
@ -193,7 +193,7 @@ extern struct config_parser_state* cfg_parser;
|
|||||||
%token VAR_RPZ_SIGNAL_NXDOMAIN_RA VAR_INTERFACE_AUTOMATIC_PORTS VAR_EDE
|
%token VAR_RPZ_SIGNAL_NXDOMAIN_RA VAR_INTERFACE_AUTOMATIC_PORTS VAR_EDE
|
||||||
%token VAR_INTERFACE_ACTION VAR_INTERFACE_VIEW VAR_INTERFACE_TAG
|
%token VAR_INTERFACE_ACTION VAR_INTERFACE_VIEW VAR_INTERFACE_TAG
|
||||||
%token VAR_INTERFACE_TAG_ACTION VAR_INTERFACE_TAG_DATA
|
%token VAR_INTERFACE_TAG_ACTION VAR_INTERFACE_TAG_DATA
|
||||||
%token VAR_PROXY_PROTOCOL_PORT
|
%token VAR_PROXY_PROTOCOL_PORT VAR_STATISTICS_INHIBIT_ZERO
|
||||||
|
|
||||||
%%
|
%%
|
||||||
toplevelvars: /* empty */ | toplevelvars toplevelvar ;
|
toplevelvars: /* empty */ | toplevelvars toplevelvar ;
|
||||||
@ -282,6 +282,7 @@ content_server: server_num_threads | server_verbosity | server_port |
|
|||||||
server_ratelimit_below_domain | server_ratelimit_factor |
|
server_ratelimit_below_domain | server_ratelimit_factor |
|
||||||
server_ip_ratelimit_factor | server_ratelimit_backoff |
|
server_ip_ratelimit_factor | server_ratelimit_backoff |
|
||||||
server_ip_ratelimit_backoff | server_outbound_msg_retry |
|
server_ip_ratelimit_backoff | server_outbound_msg_retry |
|
||||||
|
server_max_sent_count | server_max_query_restarts |
|
||||||
server_send_client_subnet | server_client_subnet_zone |
|
server_send_client_subnet | server_client_subnet_zone |
|
||||||
server_client_subnet_always_forward | server_client_subnet_opcode |
|
server_client_subnet_always_forward | server_client_subnet_opcode |
|
||||||
server_max_client_subnet_ipv4 | server_max_client_subnet_ipv6 |
|
server_max_client_subnet_ipv4 | server_max_client_subnet_ipv6 |
|
||||||
@ -322,7 +323,7 @@ content_server: server_num_threads | server_verbosity | server_port |
|
|||||||
server_zonemd_permissive_mode | server_max_reuse_tcp_queries |
|
server_zonemd_permissive_mode | server_max_reuse_tcp_queries |
|
||||||
server_tcp_reuse_timeout | server_tcp_auth_query_timeout |
|
server_tcp_reuse_timeout | server_tcp_auth_query_timeout |
|
||||||
server_interface_automatic_ports | server_ede |
|
server_interface_automatic_ports | server_ede |
|
||||||
server_proxy_protocol_port
|
server_proxy_protocol_port | server_statistics_inhibit_zero
|
||||||
;
|
;
|
||||||
stubstart: VAR_STUB_ZONE
|
stubstart: VAR_STUB_ZONE
|
||||||
{
|
{
|
||||||
@ -554,6 +555,15 @@ server_extended_statistics: VAR_EXTENDED_STATISTICS STRING_ARG
|
|||||||
free($2);
|
free($2);
|
||||||
}
|
}
|
||||||
;
|
;
|
||||||
|
server_statistics_inhibit_zero: VAR_STATISTICS_INHIBIT_ZERO STRING_ARG
|
||||||
|
{
|
||||||
|
OUTYY(("P(server_statistics_inhibit_zero:%s)\n", $2));
|
||||||
|
if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
|
||||||
|
yyerror("expected yes or no.");
|
||||||
|
else cfg_parser->cfg->stat_inhibit_zero = (strcmp($2, "yes")==0);
|
||||||
|
free($2);
|
||||||
|
}
|
||||||
|
;
|
||||||
server_shm_enable: VAR_SHM_ENABLE STRING_ARG
|
server_shm_enable: VAR_SHM_ENABLE STRING_ARG
|
||||||
{
|
{
|
||||||
OUTYY(("P(server_shm_enable:%s)\n", $2));
|
OUTYY(("P(server_shm_enable:%s)\n", $2));
|
||||||
@ -2636,6 +2646,24 @@ server_outbound_msg_retry: VAR_OUTBOUND_MSG_RETRY STRING_ARG
|
|||||||
free($2);
|
free($2);
|
||||||
}
|
}
|
||||||
;
|
;
|
||||||
|
server_max_sent_count: VAR_MAX_SENT_COUNT STRING_ARG
|
||||||
|
{
|
||||||
|
OUTYY(("P(server_max_sent_count:%s)\n", $2));
|
||||||
|
if(atoi($2) == 0 && strcmp($2, "0") != 0)
|
||||||
|
yyerror("number expected");
|
||||||
|
else cfg_parser->cfg->max_sent_count = atoi($2);
|
||||||
|
free($2);
|
||||||
|
}
|
||||||
|
;
|
||||||
|
server_max_query_restarts: VAR_MAX_QUERY_RESTARTS STRING_ARG
|
||||||
|
{
|
||||||
|
OUTYY(("P(server_max_query_restarts:%s)\n", $2));
|
||||||
|
if(atoi($2) == 0 && strcmp($2, "0") != 0)
|
||||||
|
yyerror("number expected");
|
||||||
|
else cfg_parser->cfg->max_query_restarts = atoi($2);
|
||||||
|
free($2);
|
||||||
|
}
|
||||||
|
;
|
||||||
server_low_rtt: VAR_LOW_RTT STRING_ARG
|
server_low_rtt: VAR_LOW_RTT STRING_ARG
|
||||||
{
|
{
|
||||||
OUTYY(("P(low-rtt option is deprecated, use fast-server-num instead)\n"));
|
OUTYY(("P(low-rtt option is deprecated, use fast-server-num instead)\n"));
|
||||||
|
@ -4840,6 +4840,7 @@
|
|||||||
8403,
|
8403,
|
||||||
8416,
|
8416,
|
||||||
8417,
|
8417,
|
||||||
|
8433,
|
||||||
8442,
|
8442,
|
||||||
8443,
|
8443,
|
||||||
8444,
|
8444,
|
||||||
|
@ -810,7 +810,7 @@ static int consume_pp2_header(struct sldns_buffer* buf, struct comm_reply* rep,
|
|||||||
/* We are reading a whole packet;
|
/* We are reading a whole packet;
|
||||||
* Move the rest of the data to overwrite the PROXYv2 header */
|
* Move the rest of the data to overwrite the PROXYv2 header */
|
||||||
/* XXX can we do better to avoid memmove? */
|
/* XXX can we do better to avoid memmove? */
|
||||||
memmove(header, ((void*)header)+size,
|
memmove(header, ((char*)header)+size,
|
||||||
sldns_buffer_limit(buf)-size);
|
sldns_buffer_limit(buf)-size);
|
||||||
sldns_buffer_set_limit(buf, sldns_buffer_limit(buf)-size);
|
sldns_buffer_set_limit(buf, sldns_buffer_limit(buf)-size);
|
||||||
}
|
}
|
||||||
@ -2545,8 +2545,9 @@ comm_point_tcp_handle_write(int fd, struct comm_point* c)
|
|||||||
return 1;
|
return 1;
|
||||||
}
|
}
|
||||||
|
|
||||||
/** read again to drain buffers when there could be more to read */
|
/** read again to drain buffers when there could be more to read, returns 0
|
||||||
static void
|
* on failure which means the comm point is closed. */
|
||||||
|
static int
|
||||||
tcp_req_info_read_again(int fd, struct comm_point* c)
|
tcp_req_info_read_again(int fd, struct comm_point* c)
|
||||||
{
|
{
|
||||||
while(c->tcp_req_info->read_again) {
|
while(c->tcp_req_info->read_again) {
|
||||||
@ -2563,9 +2564,10 @@ tcp_req_info_read_again(int fd, struct comm_point* c)
|
|||||||
(void)(*c->callback)(c, c->cb_arg,
|
(void)(*c->callback)(c, c->cb_arg,
|
||||||
NETEVENT_CLOSED, NULL);
|
NETEVENT_CLOSED, NULL);
|
||||||
}
|
}
|
||||||
return;
|
return 0;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
return 1;
|
||||||
}
|
}
|
||||||
|
|
||||||
/** read again to drain buffers when there could be more to read */
|
/** read again to drain buffers when there could be more to read */
|
||||||
@ -2623,6 +2625,9 @@ comm_point_tcp_handle_callback(int fd, short event, void* arg)
|
|||||||
log_assert(c->type == comm_tcp);
|
log_assert(c->type == comm_tcp);
|
||||||
ub_comm_base_now(c->ev->base);
|
ub_comm_base_now(c->ev->base);
|
||||||
|
|
||||||
|
if(c->fd == -1 || c->fd != fd)
|
||||||
|
return; /* duplicate event, but commpoint closed. */
|
||||||
|
|
||||||
#ifdef USE_DNSCRYPT
|
#ifdef USE_DNSCRYPT
|
||||||
/* Initialize if this is a dnscrypt socket */
|
/* Initialize if this is a dnscrypt socket */
|
||||||
if(c->tcp_parent) {
|
if(c->tcp_parent) {
|
||||||
@ -2671,8 +2676,10 @@ comm_point_tcp_handle_callback(int fd, short event, void* arg)
|
|||||||
}
|
}
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
if(has_tcpq && c->tcp_req_info && c->tcp_req_info->read_again)
|
if(has_tcpq && c->tcp_req_info && c->tcp_req_info->read_again) {
|
||||||
tcp_req_info_read_again(fd, c);
|
if(!tcp_req_info_read_again(fd, c))
|
||||||
|
return;
|
||||||
|
}
|
||||||
if(moreread && *moreread)
|
if(moreread && *moreread)
|
||||||
tcp_more_read_again(fd, c);
|
tcp_more_read_again(fd, c);
|
||||||
return;
|
return;
|
||||||
@ -2690,8 +2697,10 @@ comm_point_tcp_handle_callback(int fd, short event, void* arg)
|
|||||||
}
|
}
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
if(has_tcpq && c->tcp_req_info && c->tcp_req_info->read_again)
|
if(has_tcpq && c->tcp_req_info && c->tcp_req_info->read_again) {
|
||||||
tcp_req_info_read_again(fd, c);
|
if(!tcp_req_info_read_again(fd, c))
|
||||||
|
return;
|
||||||
|
}
|
||||||
if(morewrite && *morewrite)
|
if(morewrite && *morewrite)
|
||||||
tcp_more_write_again(fd, c);
|
tcp_more_write_again(fd, c);
|
||||||
return;
|
return;
|
||||||
@ -4488,6 +4497,11 @@ comm_point_close(struct comm_point* c)
|
|||||||
tcp_req_info_clear(c->tcp_req_info);
|
tcp_req_info_clear(c->tcp_req_info);
|
||||||
if(c->h2_session)
|
if(c->h2_session)
|
||||||
http2_session_server_delete(c->h2_session);
|
http2_session_server_delete(c->h2_session);
|
||||||
|
/* stop the comm point from reading or writing after it is closed. */
|
||||||
|
if(c->tcp_more_read_again && *c->tcp_more_read_again)
|
||||||
|
*c->tcp_more_read_again = 0;
|
||||||
|
if(c->tcp_more_write_again && *c->tcp_more_write_again)
|
||||||
|
*c->tcp_more_write_again = 0;
|
||||||
|
|
||||||
/* close fd after removing from event lists, or epoll.. is messed up */
|
/* close fd after removing from event lists, or epoll.. is messed up */
|
||||||
if(c->fd != -1 && !c->do_not_close) {
|
if(c->fd != -1 && !c->do_not_close) {
|
||||||
|
53
util/tube.c
53
util/tube.c
@ -45,6 +45,9 @@
|
|||||||
#include "util/netevent.h"
|
#include "util/netevent.h"
|
||||||
#include "util/fptr_wlist.h"
|
#include "util/fptr_wlist.h"
|
||||||
#include "util/ub_event.h"
|
#include "util/ub_event.h"
|
||||||
|
#ifdef HAVE_POLL_H
|
||||||
|
#include <poll.h>
|
||||||
|
#endif
|
||||||
|
|
||||||
#ifndef USE_WINSOCK
|
#ifndef USE_WINSOCK
|
||||||
/* on unix */
|
/* on unix */
|
||||||
@ -396,20 +399,28 @@ int tube_read_msg(struct tube* tube, uint8_t** buf, uint32_t* len,
|
|||||||
return 1;
|
return 1;
|
||||||
}
|
}
|
||||||
|
|
||||||
/** perform a select() on the fd */
|
/** perform poll() on the fd */
|
||||||
static int
|
static int
|
||||||
pollit(int fd, struct timeval* t)
|
pollit(int fd, struct timeval* t)
|
||||||
{
|
{
|
||||||
fd_set r;
|
struct pollfd fds;
|
||||||
|
int pret;
|
||||||
|
int msec = -1;
|
||||||
|
memset(&fds, 0, sizeof(fds));
|
||||||
|
fds.fd = fd;
|
||||||
|
fds.events = POLLIN | POLLERR | POLLHUP;
|
||||||
#ifndef S_SPLINT_S
|
#ifndef S_SPLINT_S
|
||||||
FD_ZERO(&r);
|
if(t)
|
||||||
FD_SET(FD_SET_T fd, &r);
|
msec = t->tv_sec*1000 + t->tv_usec/1000;
|
||||||
#endif
|
#endif
|
||||||
if(select(fd+1, &r, NULL, NULL, t) == -1) {
|
|
||||||
|
pret = poll(&fds, 1, msec);
|
||||||
|
|
||||||
|
if(pret == -1)
|
||||||
return 0;
|
return 0;
|
||||||
}
|
if(pret != 0)
|
||||||
errno = 0;
|
return 1;
|
||||||
return (int)(FD_ISSET(fd, &r));
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
int tube_poll(struct tube* tube)
|
int tube_poll(struct tube* tube)
|
||||||
@ -426,24 +437,27 @@ int tube_wait(struct tube* tube)
|
|||||||
|
|
||||||
int tube_wait_timeout(struct tube* tube, int msec)
|
int tube_wait_timeout(struct tube* tube, int msec)
|
||||||
{
|
{
|
||||||
struct timeval t;
|
int ret = 0;
|
||||||
int fd = tube->sr;
|
|
||||||
fd_set r;
|
|
||||||
t.tv_sec = msec/1000;
|
|
||||||
t.tv_usec = (msec%1000)*1000;
|
|
||||||
#ifndef S_SPLINT_S
|
|
||||||
FD_ZERO(&r);
|
|
||||||
FD_SET(FD_SET_T fd, &r);
|
|
||||||
#endif
|
|
||||||
while(1) {
|
while(1) {
|
||||||
if(select(fd+1, &r, NULL, NULL, &t) == -1) {
|
struct pollfd fds;
|
||||||
|
memset(&fds, 0, sizeof(fds));
|
||||||
|
|
||||||
|
fds.fd = tube->sr;
|
||||||
|
fds.events = POLLIN | POLLERR | POLLHUP;
|
||||||
|
ret = poll(&fds, 1, msec);
|
||||||
|
|
||||||
|
if(ret == -1) {
|
||||||
if(errno == EAGAIN || errno == EINTR)
|
if(errno == EAGAIN || errno == EINTR)
|
||||||
continue;
|
continue;
|
||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
return (int)(FD_ISSET(fd, &r));
|
|
||||||
|
if(ret != 0)
|
||||||
|
return 1;
|
||||||
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
int tube_read_fd(struct tube* tube)
|
int tube_read_fd(struct tube* tube)
|
||||||
@ -529,6 +543,7 @@ struct tube* tube_create(void)
|
|||||||
if(tube->event == WSA_INVALID_EVENT) {
|
if(tube->event == WSA_INVALID_EVENT) {
|
||||||
free(tube);
|
free(tube);
|
||||||
log_err("WSACreateEvent: %s", wsa_strerror(WSAGetLastError()));
|
log_err("WSACreateEvent: %s", wsa_strerror(WSAGetLastError()));
|
||||||
|
return NULL;
|
||||||
}
|
}
|
||||||
if(!WSAResetEvent(tube->event)) {
|
if(!WSAResetEvent(tube->event)) {
|
||||||
log_err("WSAResetEvent: %s", wsa_strerror(WSAGetLastError()));
|
log_err("WSAResetEvent: %s", wsa_strerror(WSAGetLastError()));
|
||||||
|
Loading…
Reference in New Issue
Block a user