Lines Matching refs:client
60 #include <named/client.h>
124 "client %p: %s", client, (m))
143 ns_client_t *client;
148 query_find(ns_client_t *client, dns_fetchevent_t *event, dns_rdatatype_t qtype);
151 validate(ns_client_t *client, dns_db_t *db, dns_name_t *name,
156 dns_dbversion_t *version, ns_client_t *client,
162 log_queryerror(ns_client_t *client, isc_result_t result, int line, int level);
165 rpz_st_clear(ns_client_t *client);
171 inc_stats(ns_client_t *client, isc_statscounter_t counter) {
172 dns_zone_t *zone = client->query.authzone;
184 query_send(ns_client_t *client) {
186 if ((client->message->flags & DNS_MESSAGEFLAG_AA) == 0)
187 inc_stats(client, dns_nsstatscounter_nonauthans);
189 inc_stats(client, dns_nsstatscounter_authans);
190 if (client->message->rcode == dns_rcode_noerror) {
191 if (ISC_LIST_EMPTY(client->message->sections[DNS_SECTION_ANSWER])) {
192 if (client->query.isreferral) {
200 } else if (client->message->rcode == dns_rcode_nxdomain) {
206 inc_stats(client, counter);
207 ns_client_send(client);
211 query_error(ns_client_t *client, isc_result_t result, int line) {
217 inc_stats(client, dns_nsstatscounter_servfail);
220 inc_stats(client, dns_nsstatscounter_formerr);
223 inc_stats(client, dns_nsstatscounter_failure);
227 log_queryerror(client, result, line, loglevel);
229 ns_client_error(client, result);
233 query_next(ns_client_t *client, isc_result_t result) {
235 inc_stats(client, dns_nsstatscounter_duplicate);
237 inc_stats(client, dns_nsstatscounter_dropped);
239 inc_stats(client, dns_nsstatscounter_failure);
240 ns_client_next(client, result);
244 query_freefreeversions(ns_client_t *client, isc_boolean_t everything) {
248 for (dbversion = ISC_LIST_HEAD(client->query.freeversions), i = 0;
258 ISC_LIST_UNLINK(client->query.freeversions, dbversion,
260 isc_mem_put(client->mctx, dbversion,
267 ns_query_cancel(ns_client_t *client) {
268 LOCK(&client->query.fetchlock);
269 if (client->query.fetch != NULL) {
270 dns_resolver_cancelfetch(client->query.fetch);
272 client->query.fetch = NULL;
274 UNLOCK(&client->query.fetchlock);
278 query_putrdataset(ns_client_t *client, dns_rdataset_t **rdatasetp) {
285 dns_message_puttemprdataset(client->message, rdatasetp);
291 query_reset(ns_client_t *client, isc_boolean_t everything) {
296 * Reset the query state of a client to its default state.
302 ns_query_cancel(client);
307 for (dbversion = ISC_LIST_HEAD(client->query.activeversions);
314 ISC_LIST_INITANDAPPEND(client->query.freeversions,
317 ISC_LIST_INIT(client->query.activeversions);
319 if (client->query.authdb != NULL)
320 dns_db_detach(&client->query.authdb);
321 if (client->query.authzone != NULL)
322 dns_zone_detach(&client->query.authzone);
324 if (client->query.dns64_aaaa != NULL)
325 query_putrdataset(client, &client->query.dns64_aaaa);
326 if (client->query.dns64_sigaaaa != NULL)
327 query_putrdataset(client, &client->query.dns64_sigaaaa);
328 if (client->query.dns64_aaaaok != NULL) {
329 isc_mem_put(client->mctx, client->query.dns64_aaaaok,
330 client->query.dns64_aaaaoklen *
332 client->query.dns64_aaaaok = NULL;
333 client->query.dns64_aaaaoklen = 0;
336 query_freefreeversions(client, everything);
338 for (dbuf = ISC_LIST_HEAD(client->query.namebufs);
343 ISC_LIST_UNLINK(client->query.namebufs, dbuf, link);
348 if (client->query.restarts > 0) {
350 * client->query.qname was dynamically allocated.
352 dns_message_puttempname(client->message,
353 &client->query.qname);
355 client->query.qname = NULL;
356 client->query.attributes = (NS_QUERYATTR_RECURSIONOK |
359 client->query.restarts = 0;
360 client->query.timerset = ISC_FALSE;
361 if (client->query.rpz_st != NULL) {
362 rpz_st_clear(client);
364 isc_mem_put(client->mctx, client->query.rpz_st,
365 sizeof(*client->query.rpz_st));
366 client->query.rpz_st = NULL;
369 client->query.origqname = NULL;
370 client->query.dboptions = 0;
371 client->query.fetchoptions = 0;
372 client->query.gluedb = NULL;
373 client->query.authdbset = ISC_FALSE;
374 client->query.isreferral = ISC_FALSE;
375 client->query.dns64_options = 0;
376 client->query.dns64_ttl = ISC_UINT32_MAX;
380 query_next_callback(ns_client_t *client) {
381 query_reset(client, ISC_FALSE);
385 ns_query_free(ns_client_t *client) {
386 query_reset(client, ISC_TRUE);
390 query_newnamebuf(ns_client_t *client) {
400 result = isc_buffer_allocate(client->mctx, &dbuf, 1024);
405 ISC_LIST_APPEND(client->query.namebufs, dbuf, link);
412 query_getnamebuf(ns_client_t *client) {
423 if (ISC_LIST_EMPTY(client->query.namebufs)) {
424 result = query_newnamebuf(client);
431 dbuf = ISC_LIST_TAIL(client->query.namebufs);
435 result = query_newnamebuf(client);
441 dbuf = ISC_LIST_TAIL(client->query.namebufs);
450 query_keepname(ns_client_t *client, dns_name_t *name, isc_buffer_t *dbuf) {
459 REQUIRE((client->query.attributes & NS_QUERYATTR_NAMEBUFUSED) != 0);
464 client->query.attributes &= ~NS_QUERYATTR_NAMEBUFUSED;
468 query_releasename(ns_client_t *client, dns_name_t **namep) {
479 INSIST((client->query.attributes & NS_QUERYATTR_NAMEBUFUSED)
481 client->query.attributes &= ~NS_QUERYATTR_NAMEBUFUSED;
483 dns_message_puttempname(client->message, namep);
488 query_newname(ns_client_t *client, isc_buffer_t *dbuf,
495 REQUIRE((client->query.attributes & NS_QUERYATTR_NAMEBUFUSED) == 0);
499 result = dns_message_gettempname(client->message, &name);
508 client->query.attributes |= NS_QUERYATTR_NAMEBUFUSED;
515 query_newrdataset(ns_client_t *client) {
521 result = dns_message_gettemprdataset(client->message, &rdataset);
534 query_newdbversion(ns_client_t *client, unsigned int n) {
539 dbversion = isc_mem_get(client->mctx, sizeof(*dbversion));
543 ISC_LIST_INITANDAPPEND(client->query.freeversions,
561 query_getdbversion(ns_client_t *client) {
565 if (ISC_LIST_EMPTY(client->query.freeversions)) {
566 result = query_newdbversion(client, 1);
570 dbversion = ISC_LIST_HEAD(client->query.freeversions);
572 ISC_LIST_UNLINK(client->query.freeversions, dbversion, link);
578 ns_query_init(ns_client_t *client) {
581 ISC_LIST_INIT(client->query.namebufs);
582 ISC_LIST_INIT(client->query.activeversions);
583 ISC_LIST_INIT(client->query.freeversions);
584 client->query.restarts = 0;
585 client->query.timerset = ISC_FALSE;
586 client->query.rpz_st = NULL;
587 client->query.qname = NULL;
588 result = isc_mutex_init(&client->query.fetchlock);
591 client->query.fetch = NULL;
592 client->query.authdb = NULL;
593 client->query.authzone = NULL;
594 client->query.authdbset = ISC_FALSE;
595 client->query.isreferral = ISC_FALSE;
596 client->query.dns64_aaaa = NULL;
597 client->query.dns64_sigaaaa = NULL;
598 client->query.dns64_aaaaok = NULL;
599 client->query.dns64_aaaaoklen = 0;
600 query_reset(client, ISC_FALSE);
601 result = query_newdbversion(client, 3);
603 DESTROYLOCK(&client->query.fetchlock);
606 result = query_newnamebuf(client);
608 query_freefreeversions(client, ISC_TRUE);
614 query_findversion(ns_client_t *client, dns_db_t *db)
623 for (dbversion = ISC_LIST_HEAD(client->query.activeversions);
635 dbversion = query_getdbversion(client);
642 ISC_LIST_APPEND(client->query.activeversions,
650 query_validatezonedb(ns_client_t *client, dns_name_t *name,
668 if (!client->view->additionalfromauth &&
669 client->query.authdbset &&
670 db != client->query.authdb)
679 !RECURSIONOK(client)) {
694 dbversion = query_findversion(client, db);
708 queryacl = client->view->queryacl;
709 if ((client->query.attributes &
713 * NS_QUERYATTR_QUERYOK is set, then the client is
718 if ((client->query.attributes &
728 result = ns_client_checkaclsilent(client, NULL, queryacl, ISC_TRUE);
734 client->view->rdclass,
736 ns_client_log(client,
744 client->view->rdclass,
746 ns_client_log(client, DNS_LOGCATEGORY_SECURITY,
752 if (queryacl == client->view->queryacl) {
759 client->query.attributes |= NS_QUERYATTR_QUERYOK;
765 client->query.attributes |= NS_QUERYATTR_QUERYOKVALID;
783 query_getzonedb(ns_client_t *client, dns_name_t *name, dns_rdatatype_t qtype,
802 result = dns_zt_find(client->view->zonetable, name, ztoptions, NULL,
812 result = query_validatezonedb(client, name, qtype, options, zone, db,
836 rpz_log_rewrite(ns_client_t *client, const char *disabled,
845 dns_name_format(client->query.qname, qname_buf, sizeof(qname_buf));
848 ns_client_log(client, DNS_LOGCATEGORY_RPZ, NS_LOGMODULE_QUERY,
856 rpz_log_fail(ns_client_t *client, int level,
866 dns_name_format(client->query.qname, namebuf1, sizeof(namebuf1));
868 ns_client_log(client, NS_LOGCATEGORY_QUERY_EERRORS,
879 rpz_getdb(ns_client_t *client, dns_rpz_type_t rpz_type, dns_name_t *rpz_qname,
887 result = query_getzonedb(client, rpz_qname, dns_rdatatype_any,
891 dns_name_format(client->query.qname, namebuf1,
894 ns_client_log(client, DNS_LOGCATEGORY_RPZ,
903 rpz_log_fail(client, DNS_RPZ_ERROR_LEVEL, rpz_type, rpz_qname,
909 query_getcachedb(ns_client_t *client, dns_name_t *name, dns_rdatatype_t qtype,
920 * This may fail with DNS_R_REFUSED if the client
924 if (!USECACHE(client))
926 dns_db_attach(client->view->cachedb, &db);
928 if ((client->query.attributes & NS_QUERYATTR_CACHEACLOKVALID) != 0) {
931 * NS_QUERYATTR_CACHEACLOK is set, then the client is
936 if ((client->query.attributes & NS_QUERYATTR_CACHEACLOK) == 0)
949 result = ns_client_checkaclsilent(client, NULL,
950 client->view->cacheacl,
957 client->query.attributes |=
963 client->view->rdclass,
965 ns_client_log(client,
973 client->view->rdclass, msg,
975 ns_client_log(client, DNS_LOGCATEGORY_SECURITY,
983 client->query.attributes |= NS_QUERYATTR_CACHEACLOKVALID;
1007 query_getdb(ns_client_t *client, dns_name_t *name, dns_rdatatype_t qtype,
1028 result = query_getzonedb(client, name, qtype, options, &zone,
1038 if (zonelabels < namelabels && client->view->dlzdatabase != NULL) {
1039 tresult = dns_dlzfindzone(client->view, name,
1087 result = query_getcachedb(client, name, qtype, dbp, options);
1094 query_isduplicate(ns_client_t *client, dns_name_t *name,
1106 result = dns_message_findname(client->message, section,
1134 ns_client_t *client = arg;
1149 REQUIRE(NS_CLIENT_VALID(client));
1152 if (!WANTDNSSEC(client) && dns_rdatatype_isdnssec(qtype))
1173 dns_clientinfo_init(&ci, client);
1189 dbuf = query_getnamebuf(client);
1192 fname = query_newname(client, dbuf, &b);
1193 rdataset = query_newrdataset(client);
1196 if (WANTDNSSEC(client)) {
1197 sigrdataset = query_newrdataset(client);
1206 result = query_getzonedb(client, name, qtype, DNS_GETDB_NOLOG,
1220 client->query.dboptions,
1221 client->now, &node, fname, &cm, &ci,
1244 result = query_getcachedb(client, name, qtype, &db, DNS_GETDB_NOLOG);
1247 * Most likely the client isn't allowed to query the cache.
1254 sigrdataset = query_newrdataset(client);
1259 client->query.dboptions |
1261 client->now, &node, fname, &cm, &ci,
1264 validate(client, db, fname, rdataset, sigrdataset))
1266 if (!WANTDNSSEC(client))
1267 query_putrdataset(client, &sigrdataset);
1292 * case (identified by client->query.gluedb being set).
1295 if (client->query.gluedb == NULL)
1301 if (!dns_name_issubdomain(name, dns_db_origin(client->query.gluedb)))
1304 dns_db_attach(client->query.gluedb, &db);
1306 client->query.dboptions | DNS_DBFIND_GLUEOK,
1307 client->now, &node, fname, &cm, &ci,
1319 query_keepname(client, fname, dbuf);
1327 !query_isduplicate(client, fname, type, &mname)) {
1330 query_releasename(client, &fname);
1366 rdataset = query_newrdataset(client);
1373 } else if (WANTDNSSEC(client)) {
1374 sigrdataset = query_newrdataset(client);
1378 if (query_isduplicate(client, fname, dns_rdatatype_a, NULL))
1382 client->now,
1397 if (!query_isduplicate(client, fname,
1401 query_releasename(client, &fname);
1414 query_newrdataset(client);
1416 rdataset = query_newrdataset(client);
1419 if (WANTDNSSEC(client) && sigrdataset == NULL)
1429 if (query_isduplicate(client, fname, dns_rdatatype_aaaa, NULL))
1433 client->now,
1450 (client->filter_aaaa == dns_v4_aaaa_break_dnssec ||
1451 (client->filter_aaaa == dns_v4_aaaa_filter &&
1452 (!WANTDNSSEC(client) || sigrdataset == NULL ||
1456 if (!query_isduplicate(client, fname,
1460 query_releasename(client, &fname);
1493 dns_message_addname(client->message, fname,
1516 client);
1521 query_putrdataset(client, &rdataset);
1523 query_putrdataset(client, &sigrdataset);
1525 query_releasename(client, &fname);
1538 query_discardcache(ns_client_t *client, dns_rdataset_t *rdataset_base,
1548 query_putrdataset(client, &rdataset);
1558 (void)dns_rdataset_putadditional(client->view->acache, rdataset_base,
1593 ns_client_t *client;
1614 client = additionalctx->client;
1615 REQUIRE(NS_CLIENT_VALID(client));
1617 if (qtype != dns_rdatatype_a || client->view->acache == NULL) {
1623 return (query_addadditional(additionalctx->client,
1649 dns_clientinfo_init(&ci, client);
1667 dbuf = query_getnamebuf(client);
1670 fname = query_newname(client, dbuf, &b);
1677 type, client->view->acache, &zone,
1679 client->message, client->now);
1691 query_discardcache(client, rdataset_base, additionaltype,
1710 result = query_validatezonedb(client, name, qtype, DNS_GETDB_NOLOG,
1713 query_discardcache(client, rdataset_base, additionaltype,
1725 query_keepname(client, fname, dbuf);
1733 result = query_getzonedb(client, name, qtype, DNS_GETDB_NOLOG,
1738 type, client->view->acache,
1753 client->query.dboptions,
1754 client->now, &node, fname, &cm, &ci,
1761 type, client->view->acache, zone, db,
1775 result = query_getcachedb(client, name, qtype, &db, DNS_GETDB_NOLOG);
1778 * Most likely the client isn't allowed to query the cache.
1783 client->query.dboptions |
1785 client->now, &node, fname, &cm, &ci,
1807 * case (identified by client->query.gluedb being set).
1809 if (client->query.gluedb == NULL)
1815 if (!dns_name_issubdomain(name, dns_db_origin(client->query.gluedb)))
1821 type, client->view->acache, NULL,
1823 client->message, client->now);
1827 result = query_iscachevalid(zone, cdb, client->query.gluedb, cversion);
1830 query_discardcache(client, rdataset_base, additionaltype,
1850 query_keepname(client, fname, dbuf);
1854 dns_db_attach(client->query.gluedb, &db);
1856 client->query.dboptions | DNS_DBFIND_GLUEOK,
1857 client->now, &node, fname, &cm, &ci,
1864 type, client->view->acache,
1878 query_keepname(client, fname, dbuf);
1881 rdataset = query_newrdataset(client);
1885 sigrdataset = query_newrdataset(client);
1890 query_isduplicate(client, fname, dns_rdatatype_a, NULL))
1894 * for a client using DNSSEC, we'll continue the process to make a
1900 client->now, rdataset, sigrdataset);
1909 !validate(client, db, fname, rdataset, sigrdataset)) {
1927 sigrdataset = query_newrdataset(client);
1929 rdataset = query_newrdataset(client);
1938 query_isduplicate(client, fname, dns_rdatatype_aaaa, NULL))
1942 0, client->now, rdataset, sigrdataset);
1951 !validate(client, db, fname, rdataset, sigrdataset)) {
1975 type, client->view->acache,
1993 if (!query_isduplicate(client, fname, crdataset->type,
2007 query_releasename(client, &fname);
2020 need_sigrrset && WANTDNSSEC(client)) {
2042 dns_message_addname(client->message, fname,
2050 query_putrdataset(client, &rdataset);
2052 query_putrdataset(client, &sigrdataset);
2055 query_putrdataset(client, &crdataset);
2058 query_releasename(client, &fname);
2071 query_addrdataset(ns_client_t *client, dns_name_t *fname,
2078 * 'fname', a name in the response message for 'client'.
2085 if (client->view->order != NULL)
2086 rdataset->attributes |= dns_order_find(client->view->order,
2091 if (NOADDITIONAL(client))
2099 additionalctx.client = client;
2107 query_dns64(ns_client_t *client, dns_name_t **namep, dns_rdataset_t *rdataset,
2120 dns_view_t *view = client->view;
2126 * To the current response for 'client', add the answer RRset
2143 result = dns_message_findname(client->message, section,
2154 query_releasename(client, namep);
2161 query_keepname(client, name, dbuf);
2162 dns_message_addname(client->message, name, section);
2168 query_releasename(client, namep);
2174 client->query.attributes &= ~NS_QUERYATTR_SECURE;
2176 isc_netaddr_fromsockaddr(&netaddr, &client->peeraddr);
2178 result = isc_buffer_allocate(client->mctx, &buffer, view->dns64cnt *
2182 result = dns_message_gettemprdataset(client->message, &dns64_rdataset);
2185 result = dns_message_gettemprdatalist(client->message,
2194 if (client->query.dns64_ttl != ISC_UINT32_MAX)
2196 client->query.dns64_ttl);
2200 if (RECURSIONOK(client))
2213 for (dns64 = ISC_LIST_HEAD(client->view->dns64);
2220 client->signer,
2230 result = dns_message_gettemprdata(client->message,
2252 client->query.attributes |= NS_QUERYATTR_NOADDITIONAL;
2254 query_addrdataset(client, mname, dns64_rdataset);
2257 dns_message_takebuffer(client->message, &buffer);
2265 dns_message_puttemprdata(client->message, &dns64_rdata);
2268 dns_message_puttemprdataset(client->message, &dns64_rdataset);
2277 dns_message_puttemprdata(client->message, &dns64_rdata);
2279 dns_message_puttemprdatalist(client->message, &dns64_rdatalist);
2287 query_filter64(ns_client_t *client, dns_name_t **namep,
2303 INSIST(client->query.dns64_aaaaok != NULL);
2304 INSIST(client->query.dns64_aaaaoklen == dns_rdataset_count(rdataset));
2312 result = dns_message_findname(client->message, section,
2323 query_releasename(client, namep);
2331 query_releasename(client, namep);
2338 client->query.attributes &= ~NS_QUERYATTR_SECURE;
2340 result = isc_buffer_allocate(client->mctx, &buffer,
2344 result = dns_message_gettemprdataset(client->message, &myrdataset);
2347 result = dns_message_gettemprdatalist(client->message, &myrdatalist);
2361 if (!client->query.dns64_aaaaok[i++])
2368 result = dns_message_gettemprdata(client->message, &myrdata);
2384 client->query.attributes |= NS_QUERYATTR_NOADDITIONAL;
2387 query_keepname(client, name, dbuf);
2388 dns_message_addname(client->message, name, section);
2392 query_addrdataset(client, mname, myrdataset);
2395 dns_message_takebuffer(client->message, &buffer);
2402 dns_message_puttemprdata(client->message, &myrdata);
2405 dns_message_puttemprdataset(client->message, &myrdataset);
2413 dns_message_puttemprdata(client->message, &myrdata);
2415 dns_message_puttemprdatalist(client->message, &myrdatalist);
2418 query_releasename(client, &name);
2424 query_addrrset(ns_client_t *client, dns_name_t **namep,
2433 * To the current response for 'client', add the answer RRset
2451 result = dns_message_findname(client->message, section,
2461 query_releasename(client, namep);
2468 query_keepname(client, name, dbuf);
2469 dns_message_addname(client->message, name, section);
2475 query_releasename(client, namep);
2481 client->query.attributes &= ~NS_QUERYATTR_SECURE;
2487 query_addrdataset(client, mname, rdataset);
2500 query_addsoa(ns_client_t *client, dns_db_t *db, dns_dbversion_t *version,
2521 dns_clientinfo_init(&ci, client);
2526 if (ns_g_nosoa && (!WANTDNSSEC(client) || !isassociated))
2532 result = dns_message_gettempname(client->message, &name);
2537 rdataset = query_newrdataset(client);
2542 if (WANTDNSSEC(client) && dns_db_issecure(db)) {
2543 sigrdataset = query_newrdataset(client);
2556 dns_rdatatype_soa, 0, client->now,
2566 client->query.dboptions, 0, &node,
2608 query_addrrset(client, &name, &rdataset, sigrdatasetp, NULL,
2613 query_putrdataset(client, &rdataset);
2615 query_putrdataset(client, &sigrdataset);
2617 query_releasename(client, &name);
2625 query_addns(ns_client_t *client, dns_db_t *db, dns_dbversion_t *version) {
2646 dns_clientinfo_init(&ci, client);
2651 result = dns_message_gettempname(client->message, &name);
2658 rdataset = query_newrdataset(client);
2664 if (WANTDNSSEC(client) && dns_db_issecure(db)) {
2665 sigrdataset = query_newrdataset(client);
2679 dns_rdatatype_ns, 0, client->now,
2684 client->query.dboptions, 0, &node,
2701 query_addrrset(client, &name, &rdataset, sigrdatasetp, NULL,
2707 query_putrdataset(client, &rdataset);
2709 query_putrdataset(client, &sigrdataset);
2711 query_releasename(client, &name);
2720 query_add_cname(ns_client_t *client, dns_name_t *qname, dns_name_t *tname,
2735 result = dns_message_gettempname(client->message, &aname);
2738 result = dns_name_dup(qname, client->mctx, aname);
2740 dns_message_puttempname(client->message, &aname);
2745 result = dns_message_gettemprdatalist(client->message, &rdatalist);
2747 dns_message_puttempname(client->message, &aname);
2751 result = dns_message_gettemprdata(client->message, &rdata);
2753 dns_message_puttempname(client->message, &aname);
2754 dns_message_puttemprdatalist(client->message, &rdatalist);
2758 result = dns_message_gettemprdataset(client->message, &rdataset);
2760 dns_message_puttempname(client->message, &aname);
2761 dns_message_puttemprdatalist(client->message, &rdatalist);
2762 dns_message_puttemprdata(client->message, &rdata);
2768 rdatalist->rdclass = client->message->rdclass;
2774 rdata->rdclass = client->message->rdclass;
2783 query_addrrset(client, &aname, &rdataset, NULL, NULL,
2788 dns_message_puttemprdataset(client->message, &rdataset);
2791 dns_message_puttempname(client->message, &aname);
2801 mark_secure(ns_client_t *client, dns_db_t *db, dns_name_t *name,
2814 dns_clientinfo_init(&ci, client);
2825 client->view->acceptexpired);
2827 (void)dns_db_addrdataset(db, node, NULL, client->now, rdataset,
2829 (void)dns_db_addrdataset(db, node, NULL, client->now, sigrdataset,
2841 get_key(ns_client_t *client, dns_db_t *db, dns_rdata_rrsig_t *rrsig,
2851 dns_clientinfo_init(&ci, client);
2861 client->now, keyrdataset, NULL);
2882 client->mctx, keyp);
2898 dns_rdata_t *rdata, ns_client_t *client)
2908 client->view->maxbits, client->mctx,
2910 if (result == DNS_R_SIGEXPIRED && client->view->acceptexpired) {
2923 validate(ns_client_t *client, dns_db_t *db, dns_name_t *name,
2944 if (!dns_resolver_algorithm_supported(client->view->resolver,
2951 if (!get_key(client, db, &rrsig, &keyrdataset, &key))
2953 if (verify(key, name, rdataset, &rdata, client)) {
2956 mark_secure(client, db, name, &rrsig,
2969 query_addbestns(ns_client_t *client) {
2999 dns_clientinfo_init(&ci, client);
3004 result = query_getdb(client, client->query.qname, dns_rdatatype_ns, 0,
3013 dbuf = query_getnamebuf(client);
3016 fname = query_newname(client, dbuf, &b);
3017 rdataset = query_newrdataset(client);
3021 * Get the RRSIGs if the client requested them or if we may
3024 if (WANTDNSSEC(client) || !is_zone) {
3025 sigrdataset = query_newrdataset(client);
3034 result = dns_db_findext(db, client->query.qname, version,
3036 client->query.dboptions,
3037 client->now, &node, fname,
3041 if (USECACHE(client)) {
3042 query_keepname(client, fname, dbuf);
3053 dns_db_attach(client->view->cachedb, &db);
3058 result = dns_db_findzonecut(db, client->query.qname,
3059 client->query.dboptions,
3060 client->now, &node, fname,
3082 query_releasename(client, &fname);
3092 query_putrdataset(client, &rdataset);
3094 query_putrdataset(client, &sigrdataset);
3106 && !validate(client, db, fname, rdataset, sigrdataset) &&
3107 !PENDINGOK(client->query.dboptions))
3112 !validate(client, db, fname, rdataset, sigrdataset) &&
3113 SECURE(client) && WANTDNSSEC(client))
3117 * If the client doesn't want DNSSEC we can discard the sigrdataset
3120 if (!WANTDNSSEC(client))
3121 query_putrdataset(client, &sigrdataset);
3122 query_addrrset(client, &fname, &rdataset, &sigrdataset, dbuf,
3127 query_putrdataset(client, &rdataset);
3129 query_putrdataset(client, &sigrdataset);
3131 query_releasename(client, &fname);
3139 query_putrdataset(client, &zrdataset);
3141 query_putrdataset(client, &zsigrdataset);
3143 query_releasename(client, &zfname);
3149 fixrdataset(ns_client_t *client, dns_rdataset_t **rdataset) {
3151 *rdataset = query_newrdataset(client);
3157 fixfname(ns_client_t *client, dns_name_t **fname, isc_buffer_t **dbuf,
3161 *dbuf = query_getnamebuf(client);
3164 *fname = query_newname(client, *dbuf, nbuf);
3169 query_addds(ns_client_t *client, dns_db_t *db, dns_dbnode_t *node,
3188 rdataset = query_newrdataset(client);
3189 sigrdataset = query_newrdataset(client);
3197 client->now, rdataset, sigrdataset);
3203 dns_rdatatype_nsec, 0, client->now,
3216 result = dns_message_firstname(client->message, DNS_SECTION_AUTHORITY);
3221 dns_message_currentname(client->message, DNS_SECTION_AUTHORITY,
3239 dbuf = query_getnamebuf(client);
3242 fname = query_newname(client, dbuf, &b);
3248 query_findclosestnsec3(name, db, version, client, rdataset,
3253 query_addrrset(client, &fname, &rdataset, &sigrdataset, dbuf,
3264 fixfname(client, &fname, &dbuf, &b);
3265 fixrdataset(client, &rdataset);
3266 fixrdataset(client, &sigrdataset);
3270 client, rdataset, sigrdataset, fname,
3274 query_addrrset(client, &fname, &rdataset, &sigrdataset, dbuf,
3280 query_putrdataset(client, &rdataset);
3282 query_putrdataset(client, &sigrdataset);
3284 query_releasename(client, &fname);
3288 query_addwildcardproof(ns_client_t *client, dns_db_t *db,
3317 dns_clientinfo_init(&ci, client);
3361 options = client->query.dboptions | DNS_DBFIND_NOWILD;
3369 dbuf = query_getnamebuf(client);
3372 fname = query_newname(client, dbuf, &b);
3373 rdataset = query_newrdataset(client);
3374 sigrdataset = query_newrdataset(client);
3410 query_findclosestnsec3(cname, db, NULL, client, rdataset,
3415 query_addrrset(client, &fname, &rdataset, &sigrdataset,
3422 dbuf = query_getnamebuf(client);
3425 fname = query_newname(client, dbuf, &b);
3429 rdataset = query_newrdataset(client);
3434 sigrdataset = query_newrdataset(client);
3449 query_findclosestnsec3(wname, db, NULL, client, rdataset,
3453 query_addrrset(client, &fname, &rdataset, &sigrdataset,
3463 dbuf = query_getnamebuf(client);
3466 fname = query_newname(client, dbuf, &b);
3470 rdataset = query_newrdataset(client);
3475 sigrdataset = query_newrdataset(client);
3489 query_findclosestnsec3(wname, db, NULL, client, rdataset,
3493 query_addrrset(client, &fname, &rdataset, &sigrdataset,
3526 query_addrrset(client, &fname, &rdataset, &sigrdataset,
3530 query_putrdataset(client, &rdataset);
3532 query_putrdataset(client, &sigrdataset);
3534 query_releasename(client, &fname);
3544 query_putrdataset(client, &rdataset);
3546 query_putrdataset(client, &sigrdataset);
3548 query_releasename(client, &fname);
3552 query_addnxrrsetnsec(ns_client_t *client, dns_db_t *db,
3567 query_addrrset(client, namep, rdatasetp, sigrdatasetp,
3592 query_addwildcardproof(client, db, version, client->query.qname,
3598 dbuf = query_getnamebuf(client);
3601 fname = query_newname(client, dbuf, &b);
3608 query_addrrset(client, &fname, rdatasetp, sigrdatasetp,
3616 ns_client_t *client;
3629 client = devent->ev_arg;
3630 REQUIRE(NS_CLIENT_VALID(client));
3631 REQUIRE(task == client->task);
3632 REQUIRE(RECURSING(client));
3634 LOCK(&client->query.fetchlock);
3635 if (client->query.fetch != NULL) {
3639 INSIST(devent->fetch == client->query.fetch);
3640 client->query.fetch = NULL;
3643 * Update client->now.
3645 isc_stdtime_get(&client->now);
3653 UNLOCK(&client->query.fetchlock);
3654 INSIST(client->query.fetch == NULL);
3656 client->query.attributes &= ~NS_QUERYATTR_RECURSING;
3661 * If this client is shutting down, or this transaction
3664 client_shuttingdown = ns_client_shuttingdown(client);
3670 query_putrdataset(client, &devent->rdataset);
3672 query_putrdataset(client, &devent->sigrdataset);
3675 query_error(client, DNS_R_SERVFAIL, __LINE__);
3677 query_next(client, ISC_R_CANCELED);
3679 * This may destroy the client.
3681 ns_client_detach(&client);
3683 result = query_find(client, devent, 0);
3702 query_recurse(ns_client_t *client, dns_rdatatype_t qtype, dns_name_t *qname,
3711 inc_stats(client, dns_nsstatscounter_recursion);
3714 * We are about to recurse, which means that this client will
3716 * amount of time. If this client is currently responsible
3717 * for handling incoming queries, set up a new client
3723 if (client->recursionquota == NULL) {
3725 &client->recursionquota);
3732 ns_client_log(client, NS_LOGCATEGORY_CLIENT,
3738 client->recursionquota->used,
3739 client->recursionquota->soft,
3740 client->recursionquota->max);
3742 ns_client_killoldestquery(client);
3750 ns_client_log(client, NS_LOGCATEGORY_CLIENT,
3760 ns_client_killoldestquery(client);
3762 if (result == ISC_R_SUCCESS && !client->mortal &&
3763 (client->attributes & NS_CLIENTATTR_TCP) == 0) {
3764 result = ns_client_replace(client);
3766 ns_client_log(client, NS_LOGCATEGORY_CLIENT,
3771 isc_quota_detach(&client->recursionquota);
3776 ns_client_recursing(client);
3783 REQUIRE(client->query.fetch == NULL);
3785 rdataset = query_newrdataset(client);
3788 if (WANTDNSSEC(client)) {
3789 sigrdataset = query_newrdataset(client);
3791 query_putrdataset(client, &rdataset);
3797 if (client->query.timerset == ISC_FALSE)
3798 ns_client_settimeout(client, 60);
3799 if ((client->attributes & NS_CLIENTATTR_TCP) == 0)
3800 peeraddr = &client->peeraddr;
3803 result = dns_resolver_createfetch2(client->view->resolver,
3805 NULL, peeraddr, client->message->id,
3806 client->query.fetchoptions,
3807 client->task,
3808 query_resume, client,
3810 &client->query.fetch);
3814 * Record that we're waiting for an event. A client which
3819 query_putrdataset(client, &rdataset);
3821 query_putrdataset(client, &sigrdataset);
3852 rpz_ready(ns_client_t *client, dns_zone_t **zonep, dns_db_t **dbp,
3859 *rdatasetp = query_newrdataset(client);
3867 rpz_st_clear(ns_client_t *client) {
3868 dns_rpz_st_t *st = client->query.rpz_st;
3871 query_putrdataset(client, &st->m.rdataset);
3876 query_putrdataset(client, &st->r.ns_rdataset);
3878 query_putrdataset(client, &st->r.r_rdataset);
3882 query_putrdataset(client, &st->q.rdataset);
3884 query_putrdataset(client, &st->q.sigrdataset);
3894 rpz_rrset_find(ns_client_t *client, dns_rpz_type_t rpz_type,
3909 dns_clientinfo_init(&ci, client);
3911 st = client->query.rpz_st;
3921 query_putrdataset(client, rdatasetp);
3926 rpz_log_fail(client, DNS_RPZ_ERROR_LEVEL,
3935 result = rpz_ready(client, NULL, NULL, NULL, rdatasetp);
3947 result = query_getdb(client, name, type, 0, &zone, dbp,
3950 rpz_log_fail(client, DNS_RPZ_ERROR_LEVEL,
3966 client->now, &node, found,
3968 if (result == DNS_R_DELEGATION && is_zone && USECACHE(client)) {
3975 dns_db_attach(client->view->cachedb, dbp);
3977 0, client->now, &node, found,
3991 result = query_recurse(client, type, st->r_name,
4007 rpz_rewrite_ip(ns_client_t *client, dns_rdataset_t *rdataset,
4017 st = client->query.rpz_st;
4019 st->m.rdataset = query_newrdataset(client);
4025 for (rpz = ISC_LIST_HEAD(client->view->rpz_zones);
4028 if (!RECURSIONOK(client) && rpz->recursive_only)
4047 result = rpz_getdb(client, rpz_type, &rpz->origin,
4060 rdataset, st, client->query.rpz_st->qname);
4071 rpz_rewrite_rrset(ns_client_t *client, dns_rpz_type_t rpz_type,
4078 result = rpz_rrset_find(client, rpz_type, name, type, dbp, version,
4082 result = rpz_rewrite_ip(client, *rdatasetp, rpz_type);
4099 rpz_log_fail(client, DNS_RPZ_DEBUG_LEVEL1, rpz_type,
4104 if (client->query.rpz_st->m.policy != DNS_RPZ_POLICY_ERROR) {
4105 client->query.rpz_st->m.policy = DNS_RPZ_POLICY_ERROR;
4106 rpz_log_fail(client, DNS_RPZ_ERROR_LEVEL, rpz_type,
4121 rpz_rewrite_rrsets(ns_client_t *client, dns_rpz_type_t rpz_type,
4130 st = client->query.rpz_st;
4138 result = rpz_rewrite_rrset(client, rpz_type, dns_rdatatype_a,
4151 result = rpz_rewrite_rrset(client, rpz_type, dns_rdatatype_aaaa,
4164 rpz_find(ns_client_t *client, dns_rdatatype_t qtype, dns_name_t *qnamef,
4178 dns_clientinfo_init(&ci, client);
4180 result = rpz_ready(client, zonep, dbp, nodep, rdatasetp);
4191 result = rpz_getdb(client, rpz_type, qnamef, zonep, dbp, versionp);
4200 client->now, nodep, found, &cm, &ci,
4210 rpz_log_fail(client, DNS_RPZ_ERROR_LEVEL, rpz_type,
4227 rpz_log_fail(client, DNS_RPZ_ERROR_LEVEL,
4246 qtype, 0, client->now,
4281 dns_db_rpz_enabled(*dbp, client->query.rpz_st);
4289 rpz_log_fail(client, DNS_RPZ_ERROR_LEVEL, rpz_type, qnamef,
4304 rpz_rewrite_name(ns_client_t *client, dns_rdatatype_t qtype, dns_name_t *qname,
4319 st = client->query.rpz_st;
4324 for (rpz = ISC_LIST_HEAD(client->view->rpz_zones);
4327 if (!RECURSIONOK(client) && rpz->recursive_only)
4361 rpz_log_fail(client, DNS_RPZ_ERROR_LEVEL,
4367 rpz_log_fail(client, DNS_RPZ_DEBUG_LEVEL1,
4377 result = rpz_find(client, qtype, rpz_qname, qname, rpz,
4410 rpz_log_rewrite(client, "disabled ",
4450 rpz_rewrite_ns_skip(ns_client_t *client, dns_name_t *nsname,
4455 st = client->query.rpz_st;
4458 rpz_log_fail(client, level, DNS_RPZ_TYPE_NSIP, nsname,
4471 rpz_rewrite(ns_client_t *client, dns_rdatatype_t qtype, isc_result_t qresult,
4481 st = client->query.rpz_st;
4483 st = isc_mem_get(client->mctx, sizeof(*st));
4498 client->query.rpz_st = st;
4526 rpz_log_fail(client, DNS_RPZ_DEBUG_LEVEL3, DNS_RPZ_TYPE_QNAME,
4527 client->query.qname,
4532 rpz_log_fail(client, DNS_RPZ_DEBUG_LEVEL1, DNS_RPZ_TYPE_QNAME,
4533 client->query.qname,
4546 result = rpz_rewrite_name(client, qtype, client->query.qname,
4551 st->r.label = dns_name_countlabels(client->query.qname);
4564 result = rpz_rewrite_rrsets(client, DNS_RPZ_TYPE_IP,
4565 client->query.qname, qtype,
4583 dns_name_clone(client->query.qname, dns_fixedname_name(&nsnamef));
4588 if (st->r.label == dns_name_countlabels(client->query.qname)) {
4589 nsname = client->query.qname;
4592 dns_name_split(client->query.qname, st->r.label,
4598 result = rpz_rrset_find(client, DNS_RPZ_TYPE_NSDNAME,
4625 rpz_rewrite_ns_skip(client, nsname, result,
4631 rpz_rewrite_ns_skip(client, nsname, result,
4636 rpz_rewrite_ns_skip(client, nsname, result,
4653 rpz_log_fail(client, DNS_RPZ_ERROR_LEVEL,
4673 result = rpz_rewrite_name(client, qtype,
4686 result = rpz_rewrite_rrsets(client, DNS_RPZ_TYPE_NSIP,
4715 rpz_log_rewrite(client, "", st->m.policy, st->m.type,
4723 query_putrdataset(client, &rdataset);
4732 * by the client in DNSSEC or a lack of signatures.
4735 rpz_ck_dnssec(ns_client_t *client, isc_result_t result,
4743 if (client->view->rpz_break_dnssec)
4746 * sigrdataset == NULL if and only !WANTDNSSEC(client)
4795 rpz_add_cname(ns_client_t *client, dns_rpz_st_t *st,
4805 dns_name_split(client->query.qname, 1,
4814 client->message->rcode = dns_rcode_yxdomain;
4821 query_keepname(client, fname, dbuf);
4822 result = query_add_cname(client, client->query.qname,
4826 rpz_log_rewrite(client, "", st->m.policy, st->m.type, st->qname);
4827 ns_client_qnamereplace(client, fname);
4832 client->attributes &= ~(NS_CLIENTATTR_WANTDNSSEC |
4911 * Find the sortlist statement that applies to 'client' and set up
4912 * the sortlist info in in client->message appropriately.
4915 setup_query_sortlist(ns_client_t *client) {
4920 isc_netaddr_fromsockaddr(&netaddr, &client->peeraddr);
4921 switch (ns_sortlist_setup(client->view->sortlist,
4936 dns_message_setsortorder(client->message, order, order_arg);
4940 query_addnoqnameproof(ns_client_t *client, dns_rdataset_t *rdataset) {
4952 dbuf = query_getnamebuf(client);
4955 fname = query_newname(client, dbuf, &b);
4956 neg = query_newrdataset(client);
4957 negsig = query_newrdataset(client);
4964 query_addrrset(client, &fname, &neg, &negsig, dbuf,
4971 dbuf = query_getnamebuf(client);
4974 fname = query_newname(client, dbuf, &b);
4977 neg = query_newrdataset(client);
4981 negsig = query_newrdataset(client);
4989 query_addrrset(client, &fname, &neg, &negsig, dbuf,
4994 query_putrdataset(client, &neg);
4996 query_putrdataset(client, &negsig);
4998 query_releasename(client, &fname);
5002 answer_in_glue(ns_client_t *client, dns_rdatatype_t qtype) {
5008 msg = client->message;
5012 if (dns_name_equal(name, client->query.qname)) {
5095 warn_rfc1918(ns_client_t *client, dns_name_t *fname, dns_rdataset_t *rdataset) {
5121 ns_client_log(client, DNS_LOGCATEGORY_SECURITY,
5135 dns_dbversion_t *version, ns_client_t *client,
5165 dns_clientinfo_init(&ci, client);
5181 dboptions = client->query.dboptions | DNS_DBFIND_FORCENSEC3;
5183 dns_rdatatype_nsec3, dboptions, client->now,
5205 ns_client_log(client, DNS_LOGCATEGORY_DNSSEC,
5211 ns_client_log(client, DNS_LOGCATEGORY_DNSSEC,
5219 ns_client_log(client, DNS_LOGCATEGORY_DNSSEC,
5233 is_v4_client(ns_client_t *client) {
5234 if (isc_sockaddr_pf(&client->peeraddr) == AF_INET)
5236 if (isc_sockaddr_pf(&client->peeraddr) == AF_INET6 &&
5237 IN6_IS_ADDR_V4MAPPED(&client->peeraddr.type.sin6.sin6_addr))
5280 dns64_aaaaok(ns_client_t *client, dns_rdataset_t *rdataset,
5284 dns_dns64_t *dns64 = ISC_LIST_HEAD(client->view->dns64);
5289 INSIST(client->query.dns64_aaaaok == NULL);
5290 INSIST(client->query.dns64_aaaaoklen == 0);
5291 INSIST(client->query.dns64_aaaa == NULL);
5292 INSIST(client->query.dns64_sigaaaa == NULL);
5297 if (RECURSIONOK(client))
5304 aaaaok = isc_mem_get(client->mctx, sizeof(isc_boolean_t) * count);
5306 isc_netaddr_fromsockaddr(&netaddr, &client->peeraddr);
5307 if (dns_dns64_aaaaok(dns64, &netaddr, client->signer,
5312 client->query.dns64_aaaaok = aaaaok;
5313 client->query.dns64_aaaaoklen = count;
5318 isc_mem_put(client->mctx, aaaaok,
5323 isc_mem_put(client->mctx, aaaaok,
5333 * Only perform the update if the client is in the allow query acl and
5337 redirect(ns_client_t *client, dns_name_t *name, dns_rdataset_t *rdataset,
5354 if (client->view->redirect == NULL)
5362 dns_clientinfo_init(&ci, client);
5364 if (WANTDNSSEC(client) && dns_db_iszone(*dbp) && dns_db_issecure(*dbp))
5367 if (WANTDNSSEC(client) && dns_rdataset_isassociated(rdataset)) {
5389 result = ns_client_checkaclsilent(client, NULL,
5390 dns_zone_getqueryacl(client->view->redirect),
5395 result = dns_zone_getdb(client->view->redirect, &db);
5399 dbversion = query_findversion(client, db);
5408 result = dns_db_findext(db, client->query.qname, dbversion->version,
5409 qtype, 0, client->now, &node, found, &cm, &ci,
5437 client->query.attributes |= (NS_QUERYATTR_NOAUTHORITY |
5444 * Do the bulk of query processing for the current query of 'client'.
5449 query_find(ns_client_t *client, dns_fetchevent_t *event, dns_rdatatype_t qtype)
5515 dns_clientinfo_init(&ci, client);
5524 rpz_st = client->query.rpz_st;
5546 query_putrdataset(client, &event->sigrdataset);
5562 if (DNS64(client)) {
5563 client->query.attributes &= ~NS_QUERYATTR_DNS64;
5566 if (DNS64EXCLUDE(client)) {
5567 client->query.attributes &= ~NS_QUERYATTR_DNS64EXCLUDE;
5574 dbuf = query_getnamebuf(client);
5579 fname = query_newname(client, dbuf, &b);
5626 if (client->view->checknames &&
5627 !dns_rdata_checkowner(client->query.qname,
5628 client->message->rdclass,
5634 dns_name_format(client->query.qname, namebuf, sizeof(namebuf));
5636 dns_rdataclass_format(client->message->rdclass, classname,
5638 ns_client_log(client, DNS_LOGCATEGORY_SECURITY,
5651 !dns_name_equal(client->query.qname, dns_rootname))
5653 result = query_getdb(client, client->query.qname, qtype, options,
5655 if ((result != ISC_R_SUCCESS || !is_zone) && !RECURSIONOK(client) &&
5666 tresult = query_getzonedb(client, client->query.qname, qtype,
5671 query_putrdataset(client, &rdataset);
5690 if (WANTRECURSION(client)) {
5691 inc_stats(client,
5694 inc_stats(client, dns_nsstatscounter_authrej);
5695 if (!PARTIALANSWER(client))
5710 if (event == NULL && client->query.restarts == 0) {
5717 dns_zone_attach(zone, &client->query.authzone);
5719 dns_db_attach(db, &client->query.authdb);
5721 client->query.authdbset = ISC_TRUE;
5729 dbuf = query_getnamebuf(client);
5734 fname = query_newname(client, dbuf, &b);
5735 rdataset = query_newrdataset(client);
5740 if (WANTDNSSEC(client) && (!is_zone || dns_db_issecure(db))) {
5741 sigrdataset = query_newrdataset(client);
5751 result = dns_db_findext(db, client->query.qname, version, type,
5752 client->query.dboptions, client->now,
5758 if (!ISC_LIST_EMPTY(client->view->rpz_zones) &&
5759 (RECURSIONOK(client) || !client->view->rpz_recursive_only) &&
5760 rpz_ck_dnssec(client, result, rdataset, sigrdataset) &&
5761 !RECURSING(client) &&
5762 (client->query.rpz_st == NULL ||
5763 (client->query.rpz_st->state & DNS_RPZ_REWRITTEN) == 0) &&
5764 !dns_name_equal(client->query.qname, dns_rootname)) {
5767 rresult = rpz_rewrite(client, qtype, result, resuming);
5768 rpz_st = client->query.rpz_st;
5792 client->query.attributes |= NS_QUERYATTR_RECURSING;
5804 result = dns_name_copy(client->query.qname,
5810 query_putrdataset(client, &rdataset);
5860 result = rpz_add_cname(client, rpz_st,
5873 result = rpz_add_cname(client, rpz_st,
5889 client->attributes &= ~(NS_CLIENTATTR_WANTDNSSEC |
5891 query_putrdataset(client, &sigrdataset);
5893 rpz_log_rewrite(client, "", rpz_st->m.policy,
5921 if (client->view->hints == NULL) {
5925 dns_db_attach(client->view->hints, &db);
5928 0, client->now, &node,
5949 if (RECURSIONOK(client)) {
5950 result = query_recurse(client, qtype,
5951 client->query.qname,
5954 client->query.attributes |=
5957 client->query.attributes |=
5960 client->query.attributes |=
5982 if (!RECURSIONOK(client) &&
5988 result = query_getzonedb(client,
5989 client->query.qname,
5996 query_putrdataset(client, &rdataset);
5998 query_putrdataset(client,
6001 query_releasename(client,
6023 if (!USECACHE(client) || !RECURSIONOK(client)) {
6034 * If the client is making a nonrecursive
6043 * database by setting client->query.gluedb.
6045 client->query.gluedb = db;
6046 client->query.isreferral = ISC_TRUE;
6053 client->query.attributes &=
6059 query_addrrset(client, &fname,
6062 client->query.gluedb = NULL;
6063 if (WANTDNSSEC(client))
6064 query_addds(client, db, node, version,
6075 query_keepname(client, fname, dbuf);
6087 dns_db_attach(client->view->cachedb, &db);
6110 query_releasename(client, &fname);
6120 query_putrdataset(client, &rdataset);
6122 query_putrdataset(client,
6137 if (RECURSIONOK(client)) {
6142 result = query_recurse(client, qtype,
6143 client->query.qname,
6146 result = query_recurse(client,
6148 client->query.qname,
6151 result = query_recurse(client, qtype,
6152 client->query.qname,
6157 client->query.attributes |=
6160 client->query.attributes |=
6163 client->query.attributes |=
6179 client->query.attributes |=
6181 client->query.gluedb = zdb;
6182 client->query.isreferral = ISC_TRUE;
6189 client->query.attributes &=
6195 query_addrrset(client, &fname,
6198 client->query.gluedb = NULL;
6199 client->query.attributes &=
6201 if (WANTDNSSEC(client))
6202 query_addds(client, db, node, version,
6223 query_putrdataset(client, &rdataset);
6225 query_putrdataset(client, &sigrdataset);
6226 rdataset = client->query.dns64_aaaa;
6227 sigrdataset = client->query.dns64_sigaaaa;
6228 client->query.dns64_aaaa = NULL;
6229 client->query.dns64_sigaaaa = NULL;
6231 dbuf = query_getnamebuf(client);
6236 fname = query_newname(client, dbuf, &b);
6242 dns_name_copy(client->query.qname, fname, NULL);
6252 !ISC_LIST_EMPTY(client->view->dns64) &&
6253 client->message->rdclass == dns_rdataclass_in &&
6260 INSIST(client->query.dns64_aaaa == NULL);
6261 INSIST(client->query.dns64_sigaaaa == NULL);
6262 client->query.dns64_aaaa = rdataset;
6263 client->query.dns64_sigaaaa = sigrdataset;
6264 client->query.dns64_ttl = dns64_ttl(db, version);
6265 query_releasename(client, &fname);
6279 WANTDNSSEC(client)) {
6286 qname = client->query.qname;
6289 client, rdataset,
6305 query_addrrset(client, &fname,
6318 fixfname(client, &fname, &dbuf, &b);
6319 fixrdataset(client, &rdataset);
6320 fixrdataset(client, &sigrdataset);
6333 client,
6341 query_releasename(client, &fname);
6342 query_addwildcardproof(client, db, version,
6343 client->query.qname,
6353 query_keepname(client, fname, dbuf);
6360 query_releasename(client, &fname);
6365 result = query_addsoa(client, db, version, ISC_UINT32_MAX,
6374 if (WANTDNSSEC(client)) {
6376 query_addnxrrsetnsec(client, db, version,
6389 redirect(client, fname, rdataset, &node, &db, &version,
6398 query_keepname(client, fname, dbuf);
6405 query_releasename(client, &fname);
6417 result = query_addsoa(client, db, version, 0,
6420 result = query_addsoa(client, db, version,
6428 if (WANTDNSSEC(client)) {
6433 query_addrrset(client, &fname, &rdataset,
6436 query_addwildcardproof(client, db, version,
6437 client->query.qname, ISC_FALSE,
6445 client->message->rcode = dns_rcode_noerror;
6447 client->message->rcode = dns_rcode_nxdomain;
6451 if (redirect(client, fname, rdataset, &node, &db, &version,
6462 client->message->rcode = dns_rcode_nxdomain;
6468 client->message->rdclass == dns_rdataclass_in &&
6470 warn_rfc1918(client, fname, rdataset);
6482 query_putrdataset(client, &rdataset);
6484 query_putrdataset(client, &sigrdataset);
6485 rdataset = client->query.dns64_aaaa;
6486 sigrdataset = client->query.dns64_sigaaaa;
6487 client->query.dns64_aaaa = NULL;
6488 client->query.dns64_sigaaaa = NULL;
6490 dbuf = query_getnamebuf(client);
6495 fname = query_newname(client, dbuf, &b);
6501 dns_name_copy(client->query.qname, fname, NULL);
6508 !ISC_LIST_EMPTY(client->view->dns64) &&
6509 client->message->rdclass == dns_rdataclass_in &&
6516 INSIST(client->query.dns64_aaaa == NULL);
6517 INSIST(client->query.dns64_sigaaaa == NULL);
6518 client->query.dns64_aaaa = rdataset;
6519 client->query.dns64_sigaaaa = sigrdataset;
6526 client->query.dns64_ttl = rdataset->ttl;
6528 client->query.dns64_ttl = 0;
6529 query_releasename(client, &fname);
6543 query_keepname(client, fname, dbuf);
6544 dns_message_addname(client->message, fname,
6565 if (WANTDNSSEC(client) &&
6573 if (NOQNAME(rdataset) && WANTDNSSEC(client))
6577 query_addrrset(client, &fname, &rdataset, sigrdatasetp, dbuf,
6580 query_addnoqnameproof(client, noqname);
6585 client->query.attributes |= NS_QUERYATTR_PARTIALANSWER;
6591 result = dns_message_gettempname(client->message, &tname);
6596 dns_message_puttempname(client->message, &tname);
6603 dns_message_puttempname(client->message, &tname);
6607 result = dns_name_dup(&cname.cname, client->mctx, tname);
6609 dns_message_puttempname(client->message, &tname);
6614 ns_client_qnamereplace(client, tname);
6616 if (!WANTRECURSION(client))
6625 namereln = dns_name_fullcompare(client->query.qname, fname,
6641 if (WANTDNSSEC(client) &&
6649 query_addrrset(client, &fname, &rdataset, sigrdatasetp, dbuf,
6655 client->query.attributes |= NS_QUERYATTR_PARTIALANSWER;
6660 result = dns_message_gettempname(client->message, &tname);
6665 dns_message_puttempname(client->message, &tname);
6672 dns_message_puttempname(client->message, &tname);
6683 dns_name_split(client->query.qname, nlabels, prefix, NULL);
6685 dbuf = query_getnamebuf(client);
6687 dns_message_puttempname(client->message, &tname);
6690 fname = query_newname(client, dbuf, &b);
6692 dns_message_puttempname(client->message, &tname);
6696 dns_message_puttempname(client->message, &tname);
6704 client->message->rcode = dns_rcode_yxdomain;
6708 query_keepname(client, fname, dbuf);
6723 result = query_add_cname(client, client->query.qname, fname,
6730 ns_client_qnamereplace(client, fname);
6733 if (!WANTRECURSION(client))
6744 if (WANTDNSSEC(client) &&
6753 if (client->view->v4_aaaa != dns_v4_aaaa_ok &&
6754 is_v4_client(client) &&
6755 ns_client_checkaclsilent(client, NULL,
6756 client->view->v4_aaaa_acl,
6758 client->filter_aaaa = client->view->v4_aaaa;
6760 client->filter_aaaa = dns_v4_aaaa_ok;
6802 query_keepname(client, fname, dbuf);
6812 if (client->filter_aaaa != dns_v4_aaaa_ok) {
6834 if (NOQNAME(rdataset) && WANTDNSSEC(client))
6838 rpz_st = client->query.rpz_st;
6842 query_addrrset(client,
6847 query_addnoqnameproof(client, noqname);
6855 query_putrdataset(client, &rdataset);
6856 rdataset = query_newrdataset(client);
6873 if (client->filter_aaaa == dns_v4_aaaa_break_dnssec)
6874 client->attributes |= NS_CLIENTATTR_FILTER_AAAA;
6875 else if (client->filter_aaaa != dns_v4_aaaa_ok &&
6877 (!have_sig || !WANTDNSSEC(client)))
6878 client->attributes |= NS_CLIENTATTR_FILTER_AAAA;
6881 dns_message_puttempname(client->message, &fname);
6895 client->attributes &= ~NS_CLIENTATTR_RA;
6901 dns_name_format(client->query.qname,
6904 ns_client_log(client,
6913 fname = query_newname(client, dbuf, &b);
6939 if (client->filter_aaaa == dns_v4_aaaa_break_dnssec ||
6940 (client->filter_aaaa == dns_v4_aaaa_filter &&
6941 (!WANTDNSSEC(client) || sigrdataset == NULL ||
6945 trdataset = query_newrdataset(client);
6948 client->now,
6952 query_putrdataset(client, &trdataset);
6960 * for this client, although that could be
6968 client->attributes |=
6972 !RECURSIONOK(client) ||
6975 client->attributes &=
6986 result = query_recurse(client,
6988 client->query.qname,
6991 client->attributes |=
6993 client->query.attributes |=
6999 (client->attributes &
7001 client->attributes &=
7003 client->attributes |=
7017 INSIST(client->query.dns64_aaaaok == NULL);
7020 !ISC_LIST_EMPTY(client->view->dns64) &&
7021 client->message->rdclass == dns_rdataclass_in &&
7022 !dns64_aaaaok(client, rdataset, sigrdataset)) {
7027 client->query.dns64_aaaa = rdataset;
7028 client->query.dns64_sigaaaa = sigrdataset;
7029 client->query.dns64_ttl = rdataset->ttl;
7030 query_releasename(client, &fname);
7043 if (NOQNAME(rdataset) && WANTDNSSEC(client))
7051 dns_name_equal(client->query.qname, dns_rootname))
7052 client->query.attributes &= ~NS_QUERYATTR_NOADDITIONAL;
7056 result = query_dns64(client, &fname, rdataset,
7060 dns_message_puttemprdataset(client->message, &rdataset);
7069 (void)query_addsoa(client, db, version,
7082 } else if (client->query.dns64_aaaaok != NULL) {
7083 query_filter64(client, &fname, rdataset, dbuf,
7085 query_putrdataset(client, &rdataset);
7087 query_addrrset(client, &fname, &rdataset,
7091 query_addnoqnameproof(client, noqname);
7105 if (!want_restart && !NOAUTHORITY(client)) {
7109 dns_name_equal(client->query.qname,
7111 (void)query_addns(client, db, version);
7114 query_releasename(client, &fname);
7115 query_addbestns(client);
7124 query_addwildcardproof(client, db, version,
7132 rpz_st = client->query.rpz_st;
7138 query_putrdataset(client, &rdataset);
7140 query_putrdataset(client, &sigrdataset);
7142 query_releasename(client, &fname);
7150 query_putrdataset(client, &zrdataset);
7152 query_putrdataset(client, &zsigrdataset);
7154 query_releasename(client, &zfname);
7163 if (client->query.restarts == 0 && !authoritative) {
7168 client->message->flags &= ~DNS_MESSAGEFLAG_AA;
7174 if (want_restart && client->query.restarts < MAX_RESTARTS) {
7175 client->query.restarts++;
7180 (!PARTIALANSWER(client) || WANTRECURSION(client))) {
7187 query_next(client, eresult);
7190 * If we don't have any answer to give the client,
7191 * or if the client requested recursion and thus wanted
7195 query_error(client, eresult, line);
7197 ns_client_detach(&client);
7198 } else if (!RECURSING(client)) {
7205 setup_query_sortlist(client);
7212 if (ISC_LIST_EMPTY(client->message->sections[DNS_SECTION_ANSWER]) &&
7213 client->message->rcode == dns_rcode_noerror &&
7215 answer_in_glue(client, qtype);
7217 if (client->message->rcode == dns_rcode_nxdomain &&
7218 client->view->auth_nxdomain == ISC_TRUE)
7219 client->message->flags |= DNS_MESSAGEFLAG_AA;
7222 * If the response is somehow unexpected for the client and this
7227 (ISC_LIST_EMPTY(client->message->sections[DNS_SECTION_ANSWER]) ||
7228 client->message->rcode != dns_rcode_noerror))
7231 query_send(client);
7232 ns_client_detach(&client);
7240 log_query(ns_client_t *client, unsigned int flags, unsigned int extflags) {
7251 rdataset = ISC_LIST_HEAD(client->query.qname->list);
7253 dns_name_format(client->query.qname, namebuf, sizeof(namebuf));
7256 isc_netaddr_format(&client->destaddr, onbuf, sizeof(onbuf));
7258 ns_client_log(client, NS_LOGCATEGORY_QUERIES, NS_LOGMODULE_QUERY,
7260 classname, typename, WANTRECURSION(client) ? "+" : "-",
7261 (client->signer != NULL) ? "S": "",
7262 (client->opt != NULL) ? "E" : "",
7263 ((client->attributes & NS_CLIENTATTR_TCP) != 0) ?
7271 log_queryerror(ns_client_t *client, isc_result_t result, int line, int level) {
7288 if (client->query.origqname != NULL) {
7289 dns_name_format(client->query.origqname, namebuf,
7294 rdataset = ISC_LIST_HEAD(client->query.origqname->list);
7306 ns_client_log(client, NS_LOGCATEGORY_QUERY_EERRORS, NS_LOGMODULE_QUERY,
7313 ns_query_start(ns_client_t *client) {
7315 dns_message_t *message = client->message;
7319 unsigned int saved_extflags = client->extflags;
7320 unsigned int saved_flags = client->message->flags;
7328 if (ns_g_clienttest && (client->attributes & NS_CLIENTATTR_TCP) == 0)
7329 RUNTIME_CHECK(ns_client_replace(client) == ISC_R_SUCCESS);
7334 client->next = query_next_callback;
7339 if (!client->view->enablednssec) {
7341 client->extflags &= ~DNS_MESSAGEEXTFLAG_DO;
7342 if (client->opt != NULL)
7343 client->opt->ttl &= ~DNS_MESSAGEEXTFLAG_DO;
7347 client->query.attributes |= NS_QUERYATTR_WANTRECURSION;
7349 if ((client->extflags & DNS_MESSAGEEXTFLAG_DO) != 0)
7350 client->attributes |= NS_CLIENTATTR_WANTDNSSEC;
7352 if (client->view->minimalresponses)
7353 client->query.attributes |= (NS_QUERYATTR_NOAUTHORITY |
7356 if ((client->view->cachedb == NULL)
7357 || (!client->view->additionalfromcache)) {
7362 client->query.attributes &=
7364 } else if ((client->attributes & NS_CLIENTATTR_RA) == 0 ||
7367 * If the client isn't allowed to recurse (due to
7372 client->query.attributes &= ~NS_QUERYATTR_RECURSIONOK;
7380 query_error(client, result, __LINE__);
7384 &client->query.qname);
7385 client->query.origqname = client->query.qname;
7393 query_error(client, DNS_R_FORMERR, __LINE__);
7395 query_error(client, result, __LINE__);
7400 log_query(client, saved_flags, saved_extflags);
7406 query_error(client, DNS_R_FORMERR, __LINE__);
7413 rdataset = ISC_LIST_HEAD(client->query.qname->list);
7423 ns_xfr_start(client, rdataset->type);
7427 query_error(client, DNS_R_NOTIMP, __LINE__);
7430 result = dns_tkey_processquery(client->message,
7432 client->view->dynamickeys);
7434 query_send(client);
7436 query_error(client, result, __LINE__);
7439 query_error(client, DNS_R_FORMERR, __LINE__);
7448 client->query.attributes |= (NS_QUERYATTR_NOAUTHORITY |
7454 if (client->opt != NULL && client->udpsize <= 512U &&
7455 (client->attributes & NS_CLIENTATTR_TCP) == 0)
7456 client->query.attributes |= (NS_QUERYATTR_NOAUTHORITY |
7460 * If the client has requested that DNSSEC checking be disabled,
7470 client->query.dboptions |= DNS_DBFIND_PENDINGOK;
7471 client->query.fetchoptions |= DNS_FETCHOPT_NOVALIDATE;
7472 } else if (!client->view->enablevalidation)
7473 client->query.fetchoptions |= DNS_FETCHOPT_NOVALIDATE;
7480 client->query.attributes &= ~NS_QUERYATTR_SECURE;
7483 * Set 'want_ad' if the client has set AD in the query.
7496 query_next(client, result);
7514 if (WANTDNSSEC(client) || want_ad)
7518 ns_client_attach(client, &qclient);