interesting
/
getdns
mirror of https://github.com/getdnsapi/getdns.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

A dnssec_return_all_statuses extension 

that returns all all dnssec replies regardless their status.
When used on its own or in combination with just dnssec_return_status,
     it will return BOGUS replies, but those replies will have "dnssec_status": GETDNS_DNSSEC_BOGUS
     The response dict "status" will be GETDNS_RESPSTATUS_GOOD then.
When used on in combination with dnssec_return_only_secure,
     it will return BOGUS and INSECURE replies (reflected in their "dnssec_status")
     The response dict "status" can be any of the status that the dnssec_return_only_secure extenstion returns,
     so either GETDNS_RESPSTATUS_GOOD when at least one reply was secure,
     GETDNS_RESPSTATUS_NO_SECURE_ANSWERS when all replies were insecure,
     or GETDNS_RESPSTATUS_ALL_BOGUS_ANSWERS when all replies were bogus.
This commit is contained in:
Willem Toorop 2016-03-14 12:23:12 +01:00
parent 8f66d69286
commit 4fca5fe08c
5 changed files with 15 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
src/general.c
View File

@ -245,7 +245,8 @@ _getdns_check_dns_req_complete(getdns_dns_req *dns_req)
#ifdef STUB_NATIVE_DNSSEC #ifdef STUB_NATIVE_DNSSEC
|| (dns_req->context->resolution_type == GETDNS_RESOLUTION_STUB || (dns_req->context->resolution_type == GETDNS_RESOLUTION_STUB
&& (dns_req->dnssec_return_status || && (dns_req->dnssec_return_status ||
dns_req->dnssec_return_only_secure dns_req->dnssec_return_only_secure ||
dns_req->dnssec_return_all_statuses
)) ))
#endif #endif
) )
@ -302,6 +303,7 @@ _getdns_submit_netreq(getdns_network_req *netreq)
if ( dns_req->context->resolution_type == GETDNS_RESOLUTION_RECURSING if ( dns_req->context->resolution_type == GETDNS_RESOLUTION_RECURSING
|| dns_req->dnssec_return_status || dns_req->dnssec_return_status
|| dns_req->dnssec_return_only_secure || dns_req->dnssec_return_only_secure
|| dns_req->dnssec_return_all_statuses
|| dns_req->dnssec_return_validation_chain) { || dns_req->dnssec_return_validation_chain) {
#endif #endif
/* schedule the timeout */ /* schedule the timeout */
@ -362,6 +364,7 @@ validate_extensions(struct getdns_dict * extensions)
static getdns_extension_format extformats[] = { static getdns_extension_format extformats[] = {
{"add_opt_parameters" , t_dict, 1}, {"add_opt_parameters" , t_dict, 1},
{"add_warning_for_bad_dns" , t_int , 1}, {"add_warning_for_bad_dns" , t_int , 1},
{"dnssec_return_all_statuses" , t_int , 1},
{"dnssec_return_only_secure" , t_int , 1}, {"dnssec_return_only_secure" , t_int , 1},
{"dnssec_return_status" , t_int , 1}, {"dnssec_return_status" , t_int , 1},
{"dnssec_return_validation_chain", t_int , 1}, {"dnssec_return_validation_chain", t_int , 1},

6
src/request-internal.c
View File

@ -639,6 +639,8 @@ _getdns_dns_req_new(getdns_context *context, getdns_eventloop *loop,
|| is_extension_set(extensions, "dnssec_return_status"); || is_extension_set(extensions, "dnssec_return_status");
int dnssec_return_only_secure int dnssec_return_only_secure
= is_extension_set(extensions, "dnssec_return_only_secure"); = is_extension_set(extensions, "dnssec_return_only_secure");
int dnssec_return_all_statuses
= is_extension_set(extensions, "dnssec_return_all_statuses");
int dnssec_return_validation_chain int dnssec_return_validation_chain
= is_extension_set(extensions, "dnssec_return_validation_chain"); = is_extension_set(extensions, "dnssec_return_validation_chain");
int edns_cookies int edns_cookies
@ -653,7 +655,8 @@ _getdns_dns_req_new(getdns_context *context, getdns_eventloop *loop,
#endif #endif
int dnssec_extension_set = dnssec_return_status int dnssec_extension_set = dnssec_return_status
|| dnssec_return_only_secure || dnssec_return_validation_chain || dnssec_return_only_secure || dnssec_return_all_statuses
|| dnssec_return_validation_chain
|| (extensions == dnssec_ok_checking_disabled) || (extensions == dnssec_ok_checking_disabled)
|| (extensions == dnssec_ok_checking_disabled_roadblock_avoidance) || (extensions == dnssec_ok_checking_disabled_roadblock_avoidance)
|| (extensions == dnssec_ok_checking_disabled_avoid_roadblocks) || (extensions == dnssec_ok_checking_disabled_avoid_roadblocks)
@ -850,6 +853,7 @@ _getdns_dns_req_new(getdns_context *context, getdns_eventloop *loop,
((uint64_t)arc4random()); ((uint64_t)arc4random());
result->dnssec_return_status = dnssec_return_status; result->dnssec_return_status = dnssec_return_status;
result->dnssec_return_only_secure = dnssec_return_only_secure; result->dnssec_return_only_secure = dnssec_return_only_secure;
result->dnssec_return_all_statuses = dnssec_return_all_statuses;
result->dnssec_return_validation_chain = dnssec_return_validation_chain; result->dnssec_return_validation_chain = dnssec_return_validation_chain;
result->edns_cookies = edns_cookies; result->edns_cookies = edns_cookies;
#ifdef DNSSEC_ROADBLOCK_AVOIDANCE #ifdef DNSSEC_ROADBLOCK_AVOIDANCE

1
src/test/getdns_query.c
View File

@ -471,6 +471,7 @@ print_usage(FILE *out, const char *progname)
fprintf(out, "\t+add_warning_for_bad_dns\n"); fprintf(out, "\t+add_warning_for_bad_dns\n");
fprintf(out, "\t+dnssec_return_status\n"); fprintf(out, "\t+dnssec_return_status\n");
fprintf(out, "\t+dnssec_return_only_secure\n"); fprintf(out, "\t+dnssec_return_only_secure\n");
fprintf(out, "\t+dnssec_return_all_statuses\n");
fprintf(out, "\t+dnssec_return_validation_chain\n"); fprintf(out, "\t+dnssec_return_validation_chain\n");
#ifdef DNSSEC_ROADBLOCK_AVOIDANCE #ifdef DNSSEC_ROADBLOCK_AVOIDANCE
fprintf(out, "\t+dnssec_roadblock_avoidance\n"); fprintf(out, "\t+dnssec_roadblock_avoidance\n");

1
src/types-internal.h
View File

@ -286,6 +286,7 @@ typedef struct getdns_dns_req {
/* request extensions */ /* request extensions */
int dnssec_return_status; int dnssec_return_status;
int dnssec_return_only_secure; int dnssec_return_only_secure;
int dnssec_return_all_statuses;
int dnssec_return_validation_chain; int dnssec_return_validation_chain;
#ifdef DNSSEC_ROADBLOCK_AVOIDANCE #ifdef DNSSEC_ROADBLOCK_AVOIDANCE
int dnssec_roadblock_avoidance; int dnssec_roadblock_avoidance;

6
src/util-internal.c
View File

@ -862,7 +862,8 @@ _getdns_create_getdns_response(getdns_dns_req *completed_request)
return NULL; return NULL;
dnssec_return_status = completed_request->dnssec_return_status || dnssec_return_status = completed_request->dnssec_return_status ||
completed_request->dnssec_return_only_secure completed_request->dnssec_return_only_secure ||
completed_request->dnssec_return_all_statuses
#ifdef DNSSEC_ROADBLOCK_AVOIDANCE #ifdef DNSSEC_ROADBLOCK_AVOIDANCE
|| completed_request->dnssec_roadblock_avoidance || completed_request->dnssec_roadblock_avoidance
#endif #endif
@ -907,7 +908,8 @@ _getdns_create_getdns_response(getdns_dns_req *completed_request)
nbogus++; nbogus++;
if (! completed_request->dnssec_return_validation_chain) { if (! completed_request->dnssec_return_all_statuses &&
! completed_request->dnssec_return_validation_chain) {
if (dnssec_return_status && if (dnssec_return_status &&
netreq->dnssec_status == GETDNS_DNSSEC_BOGUS) netreq->dnssec_status == GETDNS_DNSSEC_BOGUS)
continue; continue;