Lines Matching refs:question
42 // the answer delivered to the application needs DNSSEC validation. If a question needs DNSSEC
44 // original question, we create another question as part of the verification process (question is part of
45 // DNSSECVerifier). This question sets "ValidatingResponse" to distinguish itself from the original
46 // question. Without this, it will be a duplicate and never sent out. The "core" almost treats both the
48 // are added to the cache, "ValidatingResponse" question gets called back as long as the typeCovered matches
49 // the question's qtype. See the comment in DNSSECRecordAnswersQuestion for the details. The other big
50 // difference is that "ValidationRequired" question kicks off the verification process by calling into
53 // VerifySignature does not retain the original question that started the verification process. It just
64 // If the original question resulted in NODATA/NXDOMAIN error, there should have been NSECs as part of the response.
74 // validation results to the original question that started the validation.
84 mDNSlocal void VerifySigCallback(mDNS *const m, DNSQuestion *question, const ResourceRecord *const answer, QC_result AddRecord);
228 // Initialize the question enough so that it can be answered from the cache using SameNameRecordAnswersQuestion or
230 mDNSexport void InitializeQuestion(mDNS *const m, DNSQuestion *question, mDNSInterfaceID InterfaceID, const domainname *qname,
235 if (question->ThisQInterval != -1) mDNS_StopQuery(m, question);
237 mDNS_SetupQuestion(question, InterfaceID, qname, qtype, callback, context);
238 question->qnamehash = DomainNameHashValue(qname);
239 question->ValidatingResponse = mDNStrue;
243 // We need to set the DNS server appropriately to match the question against the cache record.
245 SetValidDNSServers(m, question);
246 question->qDNSServer = GetServerForQuestion(m, question);
250 question->TargetQID = onesID;
251 question->TimeoutQuestion = 1;
252 question->ReturnIntermed = 1;
254 question->LongLived = 0;
268 // Remember the question's name and type so that when we are done processing all
269 // the verifications, we can trace the original question back
285 // The verifier's question has to be initialized as some of the callers assume it
737 // We would expect RRSIGs, if we had previously issued the question with the
919 // looking for. We would expect RRSIGs, if we had previously issued the question
1097 // Need to initialize the question as if we end up in ValidateWithNSECS below, the nsec proofs
1099 // a CNAME and dv->rrset->rrtype would be set to CNAME and not the original question type that
1115 // DO bit set again to get the RRSIG. Normally this would happen if there was question which did not require
1116 // DNSSEC validation (ValidationRequied = 0) populated the cache and later when the ValidationRequired question
1117 // comes along, we need to get the RRSIGs. If we started off with ValidationRequired question we would have
1139 // Need to initialize the question as if we end up in ValidateWithNSECS below, the nsec proofs
1167 // Need to initialize the question as if we end up in ValidateWithNSECS below, the nsec proofs
1199 // Need to initialize the question as if we end up in ValidateWithNSECS below, the nsec proofs
2327 DNSQuestion question;
2350 mDNSPlatformMemZero(&question, sizeof(DNSQuestion));
2355 // we do it whenever we validate which happens whenever a ValidationRequired question
2360 question.ThisQInterval = -1;
2361 InitializeQuestion(m, &question, dv->InterfaceID, qname, qtype, mDNSNULL, mDNSNULL);
2362 cg = CacheGroupForName(m, question.qnamehash, &question.qname);
2371 if (SameNameRecordAnswersQuestion(&rr->resrec, &question))
2499 if (SameNameRecordAnswersQuestion(&rr->resrec, &question))
2501 LogDNSSEC("SetTTLRRSet: Setting the TTL %d for %s, question %##s (%s)", rrTTL, CRDisplayString(m, rr),
2502 question.qname.c, DNSTypeName(rr->resrec.rrtype));
2709 // RRSIGs that can match the original question
2795 // 2. Walk the question list to find the matching question. The original question that started
2796 // the DNSSEC verification may or may not be there. As long as there is a matching question
2914 // 2. Walk the question list to find the matching question. The original question that started
2915 // the DNSSEC verification may or may not be there. As long as there is a matching question
3056 // the original question
3092 // We assume that the verifier's question has been initialized here so that ValidateWithNSECS below
3102 // If we find a CNAME response to the question, remember what qtype
3328 mDNSlocal void VerifySigCallback(mDNS *const m, DNSQuestion *question, const ResourceRecord *const answer, QC_result AddRecord)
3330 DNSSECVerifier *dv = (DNSSECVerifier *)question->QuestionContext;
3339 // After the first ADD event, we should ideally stop the question. If we don't stop
3340 // the question, we might get more callbacks and that can cause problems. For example,
3348 // yet e.g., no RRSIGs. In that case if the question is stopped, we will never get any
3350 // the result or wait for more results. Note that the question eventually times out
3355 LogDNSSEC("VerifySigCallback: Question %##s (%s) no dnssec response", question->qname.c, DNSTypeName(question->qtype));
3356 mDNS_StopQuery(m, question);
3361 LogDNSSEC("VerifySigCallback(%p): Called with record %s for question %##s (%s)", dv, RRDisplayString(m, answer), question->qname.c,
3362 DNSTypeName(question->qtype));
3364 if ((m->timenow - question->StopTime) >= 0)
3367 LogDNSSEC("VerifySigCallback: Question %##s (%s) timed out", question->qname.c, DNSTypeName(question->qtype));
3368 mDNS_StopQuery(m, question);
3379 mDNS_StopQuery(m, question);
3397 mDNS_StopQuery(m, question);
3403 // Check whether we got any answers for the question. If there are no answers, we
3426 // 2) DNSSECRecordAnswersQuestion does not answer a question with RRSIGs matching the
3449 mDNS_StopQuery(m, question);
3452 LogDNSSEC("VerifySigCallback: Unable to find RRSIG for %##s (%s), question %##s", dv->rrset->name.c,
3453 DNSTypeName(dv->rrset->rrtype), question->qname.c);
3462 LogDNSSEC("VerifySigCallback: ERROR!! RRVS_key dv->key non-NULL for %##s", question->qname.c);
3465 LogDNSSEC("VerifySigCallback: RRVS_key rrset type %s, %##s received before DNSKEY", DNSTypeName(rrtype), question->qname.c);
3468 if (rrtype != question->qtype)
3470 LogDNSSEC("VerifySigCallback: ERROR!! RRVS_key rrset type %s, %##s not matching qtype %d", DNSTypeName(rrtype), question->qname.c,
3471 question->qtype);
3474 mDNS_StopQuery(m, question);
3477 LogDNSSEC("VerifySigCallback: Unable to find DNSKEY for %##s (%s), question %##s", dv->rrset->name.c,
3478 DNSTypeName(dv->rrset->rrtype), question->qname.c);
3488 LogDNSSEC("VerifySigCallback: ERROR!! RRVS_rrsig_key dv->key NULL for %##s", question->qname.c);
3489 if (rrtype == question->qtype)
3491 LogDNSSEC("VerifySigCallback: RRVS_rrsig_key rrset type %s, %##s", DNSTypeName(rrtype), question->qname.c);
3497 LogDNSSEC("VerifySigCallback: RRVS_rrsig_key rrset type %s, %##s not matching qtype %d", DNSTypeName(rrtype), question->qname.c,
3498 question->qtype);
3501 mDNS_StopQuery(m, question);
3504 LogDNSSEC("VerifySigCallback: Unable to find RRSIG for %##s (%s), question %##s", dv->rrset->name.c,
3505 DNSTypeName(dv->rrset->rrtype), question->qname.c);
3511 if (rrtype == question->qtype)
3513 LogDNSSEC("VerifySigCallback: RRVS_ds rrset type %s, %##s", DNSTypeName(rrtype), question->qname.c);
3517 LogDNSSEC("VerifySigCallback: RRVS_ds rrset type %s, %##s received before DS", DNSTypeName(rrtype), question->qname.c);
3519 mDNS_StopQuery(m, question);
3525 LogDNSSEC("VerifySigCallback: Unable find DS for %##s (%s), question %##s", dv->rrset->name.c,
3526 DNSTypeName(dv->rrset->rrtype), question->qname.c);
3545 LogDNSSEC("VerifySigCallback: ERROR!! default case rrset %##s question %##s", dv->rrset->name.c, question->qname.c);
3546 mDNS_StopQuery(m, question);
3662 // Stop the question before we schedule the block so that we don't receive additional
3701 mDNSlocal void ProveInsecureCallback(mDNS *const m, DNSQuestion *question, const ResourceRecord *const answer, QC_result AddRecord)
3703 InsecureContext *ic = (InsecureContext *)question->QuestionContext;
3713 if ((m->timenow - question->StopTime) >= 0)
3716 LogDNSSEC("ProveInsecureCallback: Question %##s (%s) timed out", question->qname.c, DNSTypeName(question->qtype));
3726 LogDNSSEC("ProveInsecureCallback: Question %##s (%s), AddRecord %d, answer %s", question->qname.c,
3727 DNSTypeName(question->qtype), AddRecord, RRDisplayString(m, answer));
3731 LogDNSSEC("ProveInsecureCallback: ic %p Question %##s (%s), DNSSEC status %s", ic, question->qname.c, DNSTypeName(question->qtype),
3732 DNSSECStatusName(question->ValidationStatus));
3735 if (question->ValidationStatus != DNSSEC_Secure && question->ValidationStatus != DNSSEC_Insecure)
3737 LogDNSSEC("ProveInsecureCallback: Question %##s (%s) returned DNSSEC status %s", question->qname.c,
3738 DNSTypeName(question->qtype), DNSSECStatusName(question->ValidationStatus));
3741 ac = (AuthChain *)question->DNSSECAuthInfo;
3744 LogDNSSEC("ProveInsecureCallback: ac NULL for question %##s, %s", question->qname.c, DNSTypeName(question->qtype));
3749 LogDNSSEC("ProveInsecureCallback: ac->rrset NULL for question %##s, %s", question->qname.c, DNSTypeName(question->qtype));
3759 question->DNSSECAuthInfo = mDNSNULL;
3778 if (SameDomainName(&question->qname, &pdv->origName))
3780 LogDNSSEC("ProveInsecureCallback: Insecure proof reached original name %##s, error", question->qname.c);
3793 cr = NSECRecordIsDelegation(m, &question->qname, question->qtype);
3795 cr = NSEC3RecordIsDelegation(m, &question->qname, question->qtype);
3799 question->qname.c, DNSTypeName(question->qtype));
3804 if (!SameDomainName(&question->qname, &pdv->origName))
3806 LogDNSSEC("ProveInsecureCallback: Not a delegation %##s (%s), go one more level down", question->qname.c, DNSTypeName(question->qtype));
3816 LogDNSSEC("ProveInsecureCallback: Not a delegation %##s (%s), but reached original name", question->qname.c,
3817 DNSTypeName(question->qtype));
4072 mDNSexport void InitializeQuestion(mDNS *const m, DNSQuestion *question, mDNSInterfaceID InterfaceID, const domainname *qname, mDNSu16 qtype, mDNSQuestionCallback *callback, void *context)
4075 (void) question;