mirror of https://github.com/getdnsapi/getdns.git
dnssec_roadblock_avoidance extension
This commit is contained in:
Willem Toorop
parent
35c803208b
commit
58885e04d7
|
|
@ -392,7 +392,14 @@ case "$enable_ecdsa" in
|
||||||
;;
|
;;
|
||||||
esac
|
esac
|
||||||
|
|
||||||
|
AC_ARG_ENABLE(draft-dnssec-roadblock-avoidance, AC_HELP_STRING([--enable-draft-dnssec-roadblock-avoidance], [Enable experimental dnssec roadblock avoidance]))
|
||||||
|
case "$enable_draft_dnssec_roadblock_avoidance" in
|
||||||
|
yes)
|
||||||
|
AC_DEFINE_UNQUOTED([DNSSEC_ROADBLOCK_AVOIDANCE], [1], [Define this to enable the experimental draft dnssec roadblock avoidance.])
|
||||||
|
;;
|
||||||
|
no|*)
|
||||||
|
;;
|
||||||
|
esac
|
||||||
|
|
||||||
AC_ARG_ENABLE(draft-edns-cookies, AC_HELP_STRING([--enable-draft-edns-cookies], [Enable experimental edns cookies]))
|
AC_ARG_ENABLE(draft-edns-cookies, AC_HELP_STRING([--enable-draft-edns-cookies], [Enable experimental edns cookies]))
|
||||||
case "$enable_draft_edns_cookies" in
|
case "$enable_draft_edns_cookies" in
|
||||||
|
|
|
||||||
19
src/dnssec.c
19
src/dnssec.c
|
|
@ -3088,6 +3088,25 @@ static void check_chain_complete(chain_head *chain)
|
||||||
chain, rrset_iter_init( &tas_iter
|
chain, rrset_iter_init( &tas_iter
|
||||||
, context->trust_anchors
|
, context->trust_anchors
|
||||||
, context->trust_anchors_len));
|
, context->trust_anchors_len));
|
||||||
|
#endif
|
||||||
|
#ifdef DNSSEC_ROADBLOCK_AVOIDANCE
|
||||||
|
if ( dnsreq->dnssec_roadblock_avoidance
|
||||||
|
&& dnsreq->netreqs[0]->dnssec_status == GETDNS_DNSSEC_BOGUS) {
|
||||||
|
|
||||||
|
getdns_return_t r = GETDNS_RETURN_GOOD;
|
||||||
|
getdns_network_req **netreq_p, *netreq;
|
||||||
|
|
||||||
|
dnsreq->avoid_dnssec_roadblocks = 1;
|
||||||
|
|
||||||
|
for ( netreq_p = dnsreq->netreqs
|
||||||
|
; !r && (netreq = *netreq_p)
|
||||||
|
; netreq_p++) {
|
||||||
|
|
||||||
|
netreq->state = NET_REQ_NOT_SENT;
|
||||||
|
(void) _getdns_submit_netreq(netreq);
|
||||||
|
}
|
||||||
|
return;
|
||||||
|
}
|
||||||
#endif
|
#endif
|
||||||
val_chain_list = dnsreq->dnssec_return_validation_chain
|
val_chain_list = dnsreq->dnssec_return_validation_chain
|
||||||
? getdns_list_create_with_context(context) : NULL;
|
? getdns_list_create_with_context(context) : NULL;
|
||||||
|
|
|
||||||
|
|
@ -128,14 +128,20 @@ ub_resolve_callback(void* arg, int err, struct ub_result* ub_res)
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
|
|
||||||
static getdns_return_t
|
getdns_return_t
|
||||||
submit_network_request(getdns_network_req *netreq)
|
_getdns_submit_netreq(getdns_network_req *netreq)
|
||||||
{
|
{
|
||||||
getdns_return_t r;
|
getdns_return_t r;
|
||||||
getdns_dns_req *dns_req = netreq->owner;
|
getdns_dns_req *dns_req = netreq->owner;
|
||||||
char name[1024];
|
char name[1024];
|
||||||
|
|
||||||
if (dns_req->context->resolution_type == GETDNS_RESOLUTION_RECURSING
|
if (
|
||||||
|
#ifdef STUB_NATIVE_DNSSEC
|
||||||
|
#ifdef DNSSEC_ROADBLOCK_AVOIDANCE
|
||||||
|
(
|
||||||
|
#endif
|
||||||
|
#endif
|
||||||
|
dns_req->context->resolution_type == GETDNS_RESOLUTION_RECURSING
|
||||||
/* TODO: Until DNSSEC with the new async stub resolver is finished,
|
/* TODO: Until DNSSEC with the new async stub resolver is finished,
|
||||||
* use unbound when we need DNSSEC.
|
* use unbound when we need DNSSEC.
|
||||||
*/
|
*/
|
||||||
|
|
@ -143,6 +149,11 @@ submit_network_request(getdns_network_req *netreq)
|
||||||
|| dns_req->dnssec_return_status
|
|| dns_req->dnssec_return_status
|
||||||
|| dns_req->dnssec_return_only_secure
|
|| dns_req->dnssec_return_only_secure
|
||||||
|| dns_req->dnssec_return_validation_chain
|
|| dns_req->dnssec_return_validation_chain
|
||||||
|
#else
|
||||||
|
#ifdef DNSSEC_ROADBLOCK_AVOIDANCE
|
||||||
|
&& !dns_req->dnssec_roadblock_avoidance
|
||||||
|
) || dns_req->avoid_dnssec_roadblocks
|
||||||
|
#endif
|
||||||
#endif
|
#endif
|
||||||
) {
|
) {
|
||||||
|
|
||||||
|
|
@ -217,7 +228,7 @@ getdns_general_ns(getdns_context *context, getdns_eventloop *loop,
|
||||||
for ( netreq_p = req->netreqs
|
for ( netreq_p = req->netreqs
|
||||||
; !r && (netreq = *netreq_p)
|
; !r && (netreq = *netreq_p)
|
||||||
; netreq_p++)
|
; netreq_p++)
|
||||||
r = submit_network_request(netreq);
|
r = _getdns_submit_netreq(netreq);
|
||||||
|
|
||||||
else for (i = 0; i < context->namespace_count; i++) {
|
else for (i = 0; i < context->namespace_count; i++) {
|
||||||
if (context->namespaces[i] == GETDNS_NAMESPACE_LOCALNAMES) {
|
if (context->namespaces[i] == GETDNS_NAMESPACE_LOCALNAMES) {
|
||||||
|
|
@ -239,7 +250,7 @@ getdns_general_ns(getdns_context *context, getdns_eventloop *loop,
|
||||||
for ( netreq_p = req->netreqs
|
for ( netreq_p = req->netreqs
|
||||||
; !r && (netreq = *netreq_p)
|
; !r && (netreq = *netreq_p)
|
||||||
; netreq_p++)
|
; netreq_p++)
|
||||||
r = submit_network_request(netreq);
|
r = _getdns_submit_netreq(netreq);
|
||||||
break;
|
break;
|
||||||
} else
|
} else
|
||||||
r = GETDNS_RETURN_BAD_CONTEXT;
|
r = GETDNS_RETURN_BAD_CONTEXT;
|
||||||
|
|
|
||||||
|
|
@ -44,6 +44,8 @@
|
||||||
|
|
||||||
void _getdns_call_user_callback(getdns_dns_req *, getdns_dict *);
|
void _getdns_call_user_callback(getdns_dns_req *, getdns_dict *);
|
||||||
void _getdns_check_dns_req_complete(getdns_dns_req *dns_req);
|
void _getdns_check_dns_req_complete(getdns_dns_req *dns_req);
|
||||||
|
getdns_return_t _getdns_submit_netreq(getdns_network_req *netreq);
|
||||||
|
|
||||||
|
|
||||||
getdns_return_t
|
getdns_return_t
|
||||||
_getdns_general_loop(getdns_context *context, getdns_eventloop *loop,
|
_getdns_general_loop(getdns_context *context, getdns_eventloop *loop,
|
||||||
|
|
|
||||||
|
|
@ -372,6 +372,11 @@ _getdns_dns_req_new(getdns_context *context, getdns_eventloop *loop,
|
||||||
result->dnssec_return_only_secure = dnssec_return_only_secure;
|
result->dnssec_return_only_secure = dnssec_return_only_secure;
|
||||||
result->dnssec_return_validation_chain = dnssec_return_validation_chain;
|
result->dnssec_return_validation_chain = dnssec_return_validation_chain;
|
||||||
result->edns_cookies = edns_cookies;
|
result->edns_cookies = edns_cookies;
|
||||||
|
#ifdef DNSSEC_ROADBLOCK_AVOIDANCE
|
||||||
|
result->dnssec_roadblock_avoidance = is_extension_set(
|
||||||
|
extensions, "dnssec_roadblock_avoidance");
|
||||||
|
result->avoid_dnssec_roadblocks = 0;
|
||||||
|
#endif
|
||||||
|
|
||||||
/* will be set by caller */
|
/* will be set by caller */
|
||||||
result->user_pointer = NULL;
|
result->user_pointer = NULL;
|
||||||
|
|
|
||||||
|
|
@ -261,6 +261,10 @@ typedef struct getdns_dns_req {
|
||||||
int dnssec_return_status;
|
int dnssec_return_status;
|
||||||
int dnssec_return_only_secure;
|
int dnssec_return_only_secure;
|
||||||
int dnssec_return_validation_chain;
|
int dnssec_return_validation_chain;
|
||||||
|
#ifdef DNSSEC_ROADBLOCK_AVOIDANCE
|
||||||
|
int dnssec_roadblock_avoidance;
|
||||||
|
int avoid_dnssec_roadblocks;
|
||||||
|
#endif
|
||||||
int edns_cookies;
|
int edns_cookies;
|
||||||
|
|
||||||
/* Internally used by return_validation_chain */
|
/* Internally used by return_validation_chain */
|
||||||
|
|
|
||||||
|
|
@ -63,6 +63,9 @@ static getdns_extension_format extformats[] = {
|
||||||
{"dnssec_return_only_secure", t_int},
|
{"dnssec_return_only_secure", t_int},
|
||||||
{"dnssec_return_status", t_int},
|
{"dnssec_return_status", t_int},
|
||||||
{"dnssec_return_validation_chain", t_int},
|
{"dnssec_return_validation_chain", t_int},
|
||||||
|
#ifdef DNSSEC_ROADBLOCK_AVOIDANCE
|
||||||
|
{"dnssec_roadblock_avoidance", t_int},
|
||||||
|
#endif
|
||||||
#ifdef EDNS_COOKIES
|
#ifdef EDNS_COOKIES
|
||||||
{"edns_cookies", t_int},
|
{"edns_cookies", t_int},
|
||||||
#endif
|
#endif
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue