Fetch TA before resolve for full recursion too

This commit is contained in:
Willem Toorop 2017-09-20 12:40:59 +02:00
parent e2abb8aff4
commit f0f2afbca7
4 changed files with 50 additions and 21 deletions

View File

@ -3263,6 +3263,7 @@ static void check_chain_complete(chain_head *chain)
void _getdns_ta_notify_dnsreqs(getdns_context *context)
{
getdns_dns_req **dnsreq_p, *dnsreq = NULL;
uint64_t now_ms = 0;
assert(context);
@ -3272,14 +3273,29 @@ void _getdns_ta_notify_dnsreqs(getdns_context *context)
dnsreq_p = &context->ta_notify;
while ((dnsreq = *dnsreq_p)) {
assert(dnsreq->waiting_for_ta);
assert(dnsreq->waiting_for_ta && dnsreq->chain);
if (dnsreq->chain)
check_chain_complete(dnsreq->chain);
else {
getdns_network_req *netreq, **netreq_p;
int r = GETDNS_RETURN_GOOD;
(void) _getdns_context_prepare_for_resolution(context, 0);
*dnsreq_p = dnsreq->ta_notify;
for ( netreq_p = dnsreq->netreqs
; !r && (netreq = *netreq_p)
; netreq_p++ ) {
if (!(r = _getdns_submit_netreq(netreq, &now_ms)))
continue;
if (r == DNS_REQ_FINISHED)
break;
_getdns_netreq_change_state(netreq, NET_REQ_ERRORED);
}
}
assert(*dnsreq_p != dnsreq);
/* if (*dnsreq_p == dnsreq)
dnsreq_p = &dnsreq->ta_notify; */
}
}

View File

@ -581,27 +581,37 @@ getdns_general_ns(getdns_context *context, getdns_eventloop *loop,
req->internal_cb = internal_cb;
req->is_sync_request = loop == &context->sync_eventloop.loop;
if (req->dnssec_return_status) {
if (context->trust_anchors_source == GETDNS_TASRC_XML_UPDATE)
_getdns_start_fetching_ta(context, loop);
else if (context->trust_anchors_source == GETDNS_TASRC_NONE) {
_getdns_context_equip_with_anchor(context, &now_ms);
if (context->trust_anchors_source == GETDNS_TASRC_NONE)
_getdns_start_fetching_ta(context, loop);
}
}
/* Set up the context assuming we won't use the specified namespaces.
This is (currently) identical to setting up a pure DNS namespace */
if ((r = _getdns_context_prepare_for_resolution(context, 0)))
return r;
if (return_netreq_p)
*return_netreq_p = req->netreqs[0];
_getdns_context_track_outbound_request(req);
if (!usenamespaces)
if (req->dnssec_extension_set) {
if (context->trust_anchors_source == GETDNS_TASRC_XML_UPDATE)
_getdns_start_fetching_ta(context, loop);
else if (context->trust_anchors_source == GETDNS_TASRC_NONE) {
_getdns_context_equip_with_anchor(context, &now_ms);
if (context->trust_anchors_source == GETDNS_TASRC_NONE) {
_getdns_start_fetching_ta(context, loop);
if (context->trust_anchors_source
== GETDNS_TASRC_FETCHING
&& context->resolution_type
== GETDNS_RESOLUTION_RECURSING
&& context->resolution_type
!= context->resolution_type_set) {
req->waiting_for_ta = 1;
req->ta_notify = context->ta_notify;
context->ta_notify = req;
return GETDNS_RETURN_GOOD;
}
}
}
}
if (!usenamespaces) {
(void) _getdns_context_prepare_for_resolution(context, 0);
/* issue all network requests */
for ( netreq_p = req->netreqs
; !r && (netreq = *netreq_p)
@ -616,7 +626,7 @@ getdns_general_ns(getdns_context *context, getdns_eventloop *loop,
}
}
else for (i = 0; i < context->namespace_count; i++) {
} else for (i = 0; i < context->namespace_count; i++) {
if (context->namespaces[i] == GETDNS_NAMESPACE_LOCALNAMES) {
if (!(r = _getdns_context_local_namespace_resolve(
@ -650,6 +660,7 @@ getdns_general_ns(getdns_context *context, getdns_eventloop *loop,
}
#endif /* HAVE_MDNS_SUPPORT */
} else if (context->namespaces[i] == GETDNS_NAMESPACE_DNS) {
(void) _getdns_context_prepare_for_resolution(context, 0);
/* TODO: We will get a good return code here even if
the name is not found (NXDOMAIN). We should consider

View File

@ -914,6 +914,7 @@ _getdns_dns_req_new(getdns_context *context, getdns_eventloop *loop,
dnssec_return_full_validation_chain;
result->dnssec_return_validation_chain = dnssec_return_validation_chain
|| dnssec_return_full_validation_chain;
result->dnssec_extension_set = dnssec_extension_set;
result->edns_cookies = edns_cookies;
#ifdef DNSSEC_ROADBLOCK_AVOIDANCE
result->dnssec_roadblock_avoidance = dnssec_roadblock_avoidance;

View File

@ -300,6 +300,7 @@ typedef struct getdns_dns_req {
unsigned dnssec_return_all_statuses : 1;
unsigned dnssec_return_validation_chain : 1;
unsigned dnssec_return_full_validation_chain : 1;
unsigned dnssec_extension_set : 1;
#ifdef DNSSEC_ROADBLOCK_AVOIDANCE
unsigned dnssec_roadblock_avoidance : 1;
unsigned avoid_dnssec_roadblocks : 1;