Full roadblock avoidance functionality

src/context.c

@@ -2143,13 +2143,37 @@ ub_setup_stub(struct ub_ctx *ctx, getdns_context *context)
 }
 #endif
 
+
+#ifdef DNSSEC_ROADBLOCK_AVOIDANCE
 static getdns_return_t
-_getdns_ns_dns_setup(struct getdns_context *context)
+ub_setup_recursing(struct ub_ctx *ctx, getdns_context *context)
 {
 #ifdef HAVE_LIBUNBOUND
 	_getdns_rr_iter rr_spc, *rr;
 	char ta_str[8192];
 #endif
+
+	/* TODO: use the root servers via root hints file */
+	(void) ub_ctx_set_fwd(ctx, NULL);
+	if (!context->unbound_ta_set && context->trust_anchors) {
+		for ( rr = _getdns_rr_iter_init( &rr_spc
+		                               , context->trust_anchors
+		                               , context->trust_anchors_len)
+		    ; rr ; rr = _getdns_rr_iter_next(rr) ) {
+
+			(void) gldns_wire2str_rr_buf(rr->pos,
+			    rr->nxt - rr->pos, ta_str, sizeof(ta_str));
+			(void) ub_ctx_add_ta(ctx, ta_str);
+		}
+		context->unbound_ta_set = 1;
+	}
+	return GETDNS_RETURN_GOOD;
+}
+#endif
+
+static getdns_return_t
+_getdns_ns_dns_setup(struct getdns_context *context)
+{
 	assert(context);
 
 	switch (context->resolution_type) {
@@ -2157,31 +2181,20 @@ _getdns_ns_dns_setup(struct getdns_context *context)
 		if (!context->upstreams || !context->upstreams->count)
 			return GETDNS_RETURN_GENERIC_ERROR;
 #ifdef STUB_NATIVE_DNSSEC
+#ifdef DNSSEC_ROADBLOCK_AVOIDANCE
+		return ub_setup_recursing(context->unbound_ctx, context);
+#else
 		return GETDNS_RETURN_GOOD;
+#endif
 #else
 		return ub_setup_stub(context->unbound_ctx, context);
 #endif
 
 	case GETDNS_RESOLUTION_RECURSING:
 #ifdef HAVE_LIBUNBOUND
-		/* TODO: use the root servers via root hints file */
+		return ub_setup_recursing(context->unbound_ctx, context);
-		(void) ub_ctx_set_fwd(context->unbound_ctx, NULL);
-		if (!context->unbound_ta_set && context->trust_anchors) {
-			for ( rr = _getdns_rr_iter_init( &rr_spc
-						, context->trust_anchors
-						, context->trust_anchors_len)
-			    ; rr ; rr = _getdns_rr_iter_next(rr) ) {
-
-				(void) gldns_wire2str_rr_buf(rr->pos,
-				    rr->nxt - rr->pos, ta_str, sizeof(ta_str));
-				(void) ub_ctx_add_ta(
-				    context->unbound_ctx, ta_str);
-			}
-			context->unbound_ta_set = 1;
-		}
-		return GETDNS_RETURN_GOOD;
 #else
-		return GETDNS_RETURN_GENERIC_ERROR;
+		return GETDNS_RETURN_NOT_IMPLEMENTED;
 #endif
 	}
 	return GETDNS_RETURN_BAD_CONTEXT;
@@ -2201,7 +2214,7 @@ _getdns_context_prepare_for_resolution(struct getdns_context *context,
 
 	/* Transport can in theory be set per query in stub mode */
 	if (context->resolution_type == GETDNS_RESOLUTION_STUB && 
-		tls_is_in_transports_list(context) == 1) {
+	    tls_is_in_transports_list(context) == 1) {
 		if (context->tls_ctx == NULL) {
 #ifdef HAVE_TLS_v1_2
 			/* Create client context, use TLS v1.2 only for now */

src/general.c

@@ -90,10 +90,16 @@ _getdns_check_dns_req_complete(getdns_dns_req *dns_req)
 	else if (! results_found)
 		_getdns_call_user_callback(dns_req, NULL);
 	else if (dns_req->dnssec_return_validation_chain
+#ifdef DNSSEC_ROADBLOCK_AVOIDANCE
+	    || (   dns_req->dnssec_roadblock_avoidance 
+	       && !dns_req->avoid_dnssec_roadblocks)
+#endif
+
 #ifdef STUB_NATIVE_DNSSEC
 	    || (dns_req->context->resolution_type == GETDNS_RESOLUTION_STUB
 	        && (dns_req->dnssec_return_status ||
-	            dns_req->dnssec_return_only_secure))
+	            dns_req->dnssec_return_only_secure
+	           ))
 #endif
 	    )
 		_getdns_get_validation_chain(dns_req);
@@ -135,28 +141,22 @@ _getdns_submit_netreq(getdns_network_req *netreq)
 	getdns_dns_req *dns_req = netreq->owner;
 	char name[1024];
 
-	if (
+
 #ifdef STUB_NATIVE_DNSSEC
-#ifdef DNSSEC_ROADBLOCK_AVOIDANCE
+# ifdef DNSSEC_ROADBLOCK_AVOIDANCE
-	    (
+
-#endif
+	if ((dns_req->context->resolution_type == GETDNS_RESOLUTION_RECURSING
-#endif
+	    && !dns_req->dnssec_roadblock_avoidance)
-	    dns_req->context->resolution_type == GETDNS_RESOLUTION_RECURSING
+	    ||  dns_req->avoid_dnssec_roadblocks) {
-	    /* TODO: Until DNSSEC with the new async stub resolver is finished,
+# else
-	     *       use unbound when we need DNSSEC.
+	if ( dns_req->context->resolution_type == GETDNS_RESOLUTION_RECURSING) {
-	     */
+# endif
-#ifndef STUB_NATIVE_DNSSEC
+#else
+	if ( dns_req->context->resolution_type == GETDNS_RESOLUTION_RECURSING
 	    || dns_req->dnssec_return_status
 	    || dns_req->dnssec_return_only_secure
-	    || dns_req->dnssec_return_validation_chain
+	    || dns_req->dnssec_return_validation_chain) {
-#else
-#ifdef DNSSEC_ROADBLOCK_AVOIDANCE
-	    && !dns_req->dnssec_roadblock_avoidance
-	    ) ||  dns_req->avoid_dnssec_roadblocks
 #endif
-#endif
-	    ) {
-
 		/* schedule the timeout */
 		if (! dns_req->timeout.timeout_cb) {
 			dns_req->timeout.userarg    = dns_req;

src/request-internal.c

@@ -221,10 +221,19 @@ _getdns_dns_req_new(getdns_context *context, getdns_eventloop *loop,
 	    =  is_extension_set(extensions, "dnssec_return_validation_chain");
 	int edns_cookies
 	    =  is_extension_set(extensions, "edns_cookies");
+#ifdef DNSSEC_ROADBLOCK_AVOIDANCE
+	int dnssec_roadblock_avoidance
+	    = is_extension_set(extensions, "dnssec_roadblock_avoidance")
+	    || (extensions == dnssec_ok_checking_disabled);
+#endif
 
 	int dnssec_extension_set = dnssec_return_status
 	    || dnssec_return_only_secure || dnssec_return_validation_chain
-	    || (extensions == dnssec_ok_checking_disabled);
+	    || (extensions == dnssec_ok_checking_disabled)
+#ifdef DNSSEC_ROADBLOCK_AVOIDANCE
+	    || dnssec_roadblock_avoidance
+#endif
+	    ;
 
 	uint32_t edns_do_bit;
 	int      edns_maximum_udp_payload_size;
@@ -305,7 +314,12 @@ _getdns_dns_req_new(getdns_context *context, getdns_eventloop *loop,
 	    ? edns_maximum_udp_payload_size : 512;
 
 	/* (x + 7) / 8 * 8 to align on 8 byte boundries */
+#ifdef DNSSEC_ROADBLOCK_AVOIDANCE
+	if (context->resolution_type == GETDNS_RESOLUTION_RECURSING
+	    && !dnssec_roadblock_avoidance) 
+#else
 	if (context->resolution_type == GETDNS_RESOLUTION_RECURSING)
+#endif
 		max_query_sz = 0;
 	else {
 		for (i = 0; i < noptions; i++) {
@@ -373,8 +387,7 @@ _getdns_dns_req_new(getdns_context *context, getdns_eventloop *loop,
 	result->dnssec_return_validation_chain = dnssec_return_validation_chain;
 	result->edns_cookies                   = edns_cookies;
 #ifdef DNSSEC_ROADBLOCK_AVOIDANCE
-	result->dnssec_roadblock_avoidance     = is_extension_set(
+	result->dnssec_roadblock_avoidance     = dnssec_roadblock_avoidance;
-	    extensions, "dnssec_roadblock_avoidance");
 	result->avoid_dnssec_roadblocks        = 0;
 #endif
 

src/util-internal.c

@@ -38,6 +38,7 @@
 #include <stdint.h>
 #include <stdlib.h>
 #include <ctype.h>
+#include "config.h"
 #include "getdns/getdns.h"
 #include "dict.h"
 #include "list.h"
@@ -699,7 +700,11 @@ _getdns_create_getdns_response(getdns_dns_req *completed_request)
 		return NULL;
 
 	dnssec_return_status = completed_request->dnssec_return_status ||
-	                       completed_request->dnssec_return_only_secure;
+	                       completed_request->dnssec_return_only_secure
+#ifdef DNSSEC_ROADBLOCK_AVOIDANCE
+	                    || completed_request->dnssec_roadblock_avoidance
+#endif
+	                       ;
 
 	if (completed_request->netreqs[0]->request_type == GETDNS_RRTYPE_A ||
 	    completed_request->netreqs[0]->request_type == GETDNS_RRTYPE_AAAA)