mirror of https://github.com/getdnsapi/getdns.git
Fetch TA before resolve for full recursion too
This commit is contained in:
parent
e2abb8aff4
commit
f0f2afbca7
24
src/dnssec.c
24
src/dnssec.c
|
@ -3263,6 +3263,7 @@ static void check_chain_complete(chain_head *chain)
|
|||
void _getdns_ta_notify_dnsreqs(getdns_context *context)
|
||||
{
|
||||
getdns_dns_req **dnsreq_p, *dnsreq = NULL;
|
||||
uint64_t now_ms = 0;
|
||||
|
||||
assert(context);
|
||||
|
||||
|
@ -3272,14 +3273,29 @@ void _getdns_ta_notify_dnsreqs(getdns_context *context)
|
|||
|
||||
dnsreq_p = &context->ta_notify;
|
||||
while ((dnsreq = *dnsreq_p)) {
|
||||
assert(dnsreq->waiting_for_ta);
|
||||
|
||||
assert(dnsreq->waiting_for_ta && dnsreq->chain);
|
||||
|
||||
if (dnsreq->chain)
|
||||
check_chain_complete(dnsreq->chain);
|
||||
else {
|
||||
getdns_network_req *netreq, **netreq_p;
|
||||
int r = GETDNS_RETURN_GOOD;
|
||||
|
||||
(void) _getdns_context_prepare_for_resolution(context, 0);
|
||||
|
||||
*dnsreq_p = dnsreq->ta_notify;
|
||||
for ( netreq_p = dnsreq->netreqs
|
||||
; !r && (netreq = *netreq_p)
|
||||
; netreq_p++ ) {
|
||||
|
||||
if (!(r = _getdns_submit_netreq(netreq, &now_ms)))
|
||||
continue;
|
||||
if (r == DNS_REQ_FINISHED)
|
||||
break;
|
||||
_getdns_netreq_change_state(netreq, NET_REQ_ERRORED);
|
||||
}
|
||||
}
|
||||
assert(*dnsreq_p != dnsreq);
|
||||
/* if (*dnsreq_p == dnsreq)
|
||||
dnsreq_p = &dnsreq->ta_notify; */
|
||||
}
|
||||
}
|
||||
|
||||
|
|
|
@ -581,27 +581,37 @@ getdns_general_ns(getdns_context *context, getdns_eventloop *loop,
|
|||
req->internal_cb = internal_cb;
|
||||
req->is_sync_request = loop == &context->sync_eventloop.loop;
|
||||
|
||||
if (req->dnssec_return_status) {
|
||||
if (context->trust_anchors_source == GETDNS_TASRC_XML_UPDATE)
|
||||
_getdns_start_fetching_ta(context, loop);
|
||||
|
||||
else if (context->trust_anchors_source == GETDNS_TASRC_NONE) {
|
||||
_getdns_context_equip_with_anchor(context, &now_ms);
|
||||
if (context->trust_anchors_source == GETDNS_TASRC_NONE)
|
||||
_getdns_start_fetching_ta(context, loop);
|
||||
}
|
||||
}
|
||||
/* Set up the context assuming we won't use the specified namespaces.
|
||||
This is (currently) identical to setting up a pure DNS namespace */
|
||||
if ((r = _getdns_context_prepare_for_resolution(context, 0)))
|
||||
return r;
|
||||
|
||||
if (return_netreq_p)
|
||||
*return_netreq_p = req->netreqs[0];
|
||||
|
||||
_getdns_context_track_outbound_request(req);
|
||||
|
||||
if (!usenamespaces)
|
||||
if (req->dnssec_extension_set) {
|
||||
if (context->trust_anchors_source == GETDNS_TASRC_XML_UPDATE)
|
||||
_getdns_start_fetching_ta(context, loop);
|
||||
|
||||
else if (context->trust_anchors_source == GETDNS_TASRC_NONE) {
|
||||
_getdns_context_equip_with_anchor(context, &now_ms);
|
||||
if (context->trust_anchors_source == GETDNS_TASRC_NONE) {
|
||||
_getdns_start_fetching_ta(context, loop);
|
||||
if (context->trust_anchors_source
|
||||
== GETDNS_TASRC_FETCHING
|
||||
&& context->resolution_type
|
||||
== GETDNS_RESOLUTION_RECURSING
|
||||
&& context->resolution_type
|
||||
!= context->resolution_type_set) {
|
||||
|
||||
req->waiting_for_ta = 1;
|
||||
req->ta_notify = context->ta_notify;
|
||||
context->ta_notify = req;
|
||||
return GETDNS_RETURN_GOOD;
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
if (!usenamespaces) {
|
||||
(void) _getdns_context_prepare_for_resolution(context, 0);
|
||||
|
||||
/* issue all network requests */
|
||||
for ( netreq_p = req->netreqs
|
||||
; !r && (netreq = *netreq_p)
|
||||
|
@ -616,7 +626,7 @@ getdns_general_ns(getdns_context *context, getdns_eventloop *loop,
|
|||
}
|
||||
}
|
||||
|
||||
else for (i = 0; i < context->namespace_count; i++) {
|
||||
} else for (i = 0; i < context->namespace_count; i++) {
|
||||
if (context->namespaces[i] == GETDNS_NAMESPACE_LOCALNAMES) {
|
||||
|
||||
if (!(r = _getdns_context_local_namespace_resolve(
|
||||
|
@ -650,6 +660,7 @@ getdns_general_ns(getdns_context *context, getdns_eventloop *loop,
|
|||
}
|
||||
#endif /* HAVE_MDNS_SUPPORT */
|
||||
} else if (context->namespaces[i] == GETDNS_NAMESPACE_DNS) {
|
||||
(void) _getdns_context_prepare_for_resolution(context, 0);
|
||||
|
||||
/* TODO: We will get a good return code here even if
|
||||
the name is not found (NXDOMAIN). We should consider
|
||||
|
|
|
@ -914,6 +914,7 @@ _getdns_dns_req_new(getdns_context *context, getdns_eventloop *loop,
|
|||
dnssec_return_full_validation_chain;
|
||||
result->dnssec_return_validation_chain = dnssec_return_validation_chain
|
||||
|| dnssec_return_full_validation_chain;
|
||||
result->dnssec_extension_set = dnssec_extension_set;
|
||||
result->edns_cookies = edns_cookies;
|
||||
#ifdef DNSSEC_ROADBLOCK_AVOIDANCE
|
||||
result->dnssec_roadblock_avoidance = dnssec_roadblock_avoidance;
|
||||
|
|
|
@ -300,6 +300,7 @@ typedef struct getdns_dns_req {
|
|||
unsigned dnssec_return_all_statuses : 1;
|
||||
unsigned dnssec_return_validation_chain : 1;
|
||||
unsigned dnssec_return_full_validation_chain : 1;
|
||||
unsigned dnssec_extension_set : 1;
|
||||
#ifdef DNSSEC_ROADBLOCK_AVOIDANCE
|
||||
unsigned dnssec_roadblock_avoidance : 1;
|
||||
unsigned avoid_dnssec_roadblocks : 1;
|
||||
|
|
Loading…
Reference in New Issue