diff options
author | Simon Kelley <simon@thekelleys.org.uk> | 2023-03-28 18:24:22 +0100 |
---|---|---|
committer | Simon Kelley <simon@thekelleys.org.uk> | 2023-03-28 18:24:22 +0100 |
commit | 042c64273d553c8305d3747849b44a0b257b0622 (patch) | |
tree | ff4ed1c8aeb18fc225e771afeac928c36656bab9 | |
parent | 638c7c4d20004c0f320820098e29df62a27dd2a1 (diff) | |
download | dnsmasq-042c64273d553c8305d3747849b44a0b257b0622.tar.gz |
Remove code for caching SRV.
Function replaced by the ability to cache any RR type.
For backwards compatibilty SRV records are always on the
list of cacheable RR-types.
-rw-r--r-- | man/dnsmasq.8 | 7 | ||||
-rw-r--r-- | src/cache.c | 43 | ||||
-rw-r--r-- | src/dnsmasq.h | 8 | ||||
-rw-r--r-- | src/forward.c | 6 | ||||
-rw-r--r-- | src/option.c | 6 | ||||
-rw-r--r-- | src/rfc1035.c | 102 |
6 files changed, 42 insertions, 130 deletions
diff --git a/man/dnsmasq.8 b/man/dnsmasq.8 index 5acb935..6d844bf 100644 --- a/man/dnsmasq.8 +++ b/man/dnsmasq.8 @@ -376,6 +376,13 @@ Remove A records from answers. No IPv4 addresses will be returned. .B --filter-AAAA Remove AAAA records from answers. No IPv6 addresses will be returned. .TP +.B --cache-rr=<rrtype>[,<rrtype>...] +By default, dnsmasq caches A, AAAA, CNAME and SRV DNS record types. +This option adds other record types to the cache. The RR-type can be given +as a name such as TXT or MX or a decimal number. A single --cache-rr option +can take a comma-separated list or RR-types and more than one --cache-rr option +is allowed. +.TP .B \-r, --resolv-file=<file> Read the IP addresses of the upstream nameservers from <file>, instead of /etc/resolv.conf. For the format of this file see diff --git a/src/cache.c b/src/cache.c index 64fc69d..f49def4 100644 --- a/src/cache.c +++ b/src/cache.c @@ -136,7 +136,7 @@ static void cache_hash(struct crec *crecp); unsigned short rrtype(char *in) { - int i; + unsigned int i; for (i = 0; i < (sizeof(typestr)/sizeof(typestr[0])); i++) if (strcasecmp(in, typestr[i].name) == 0) @@ -275,9 +275,7 @@ static void cache_blockdata_free(struct crec *crecp) { if (!(crecp->flags & F_NEG)) { - if (crecp->flags & F_SRV) - blockdata_free(crecp->addr.srv.target); - else if (crecp->flags & F_RR) + if (crecp->flags & F_RR) blockdata_free(crecp->addr.rr.rrdata); #ifdef HAVE_DNSSEC else if (crecp->flags & F_DNSKEY) @@ -472,7 +470,7 @@ static struct crec *cache_scan_free(char *name, union all_addr *addr, unsigned s if ((crecp->flags & F_FORWARD) && hostname_isequal(cache_get_name(crecp), name)) { /* Don't delete DNSSEC in favour of a CNAME, they can co-exist */ - if ((flags & crecp->flags & (F_IPV4 | F_IPV6 | F_SRV | F_NXDOMAIN)) || + if ((flags & crecp->flags & (F_IPV4 | F_IPV6 | F_RR | F_NXDOMAIN)) || (((crecp->flags | flags) & F_CNAME) && !(crecp->flags & (F_DNSKEY | F_DS))) || ((crecp->flags & flags & F_RR) && addr->rr.rrtype == crecp->addr.rr.rrtype)) { @@ -791,14 +789,9 @@ void cache_end_insert(void) read_write(daemon->pipe_to_parent, (unsigned char *)&new_chain->ttd, sizeof(new_chain->ttd), 0); read_write(daemon->pipe_to_parent, (unsigned char *)&flags, sizeof(flags), 0); - if (flags & (F_IPV4 | F_IPV6 | F_DNSKEY | F_DS | F_SRV | F_RR)) + if (flags & (F_IPV4 | F_IPV6 | F_DNSKEY | F_DS | F_RR)) read_write(daemon->pipe_to_parent, (unsigned char *)&new_chain->addr, sizeof(new_chain->addr), 0); - if (flags & F_SRV) - { - /* A negative SRV entry is possible and has no data, obviously. */ - if (!(flags & F_NEG)) - blockdata_write(new_chain->addr.srv.target, new_chain->addr.srv.targetlen, daemon->pipe_to_parent); - } + if (flags & F_RR) { /* A negative RR entry is possible and has no data, obviously. */ @@ -869,16 +862,13 @@ int cache_recv_insert(time_t now, int fd) ttl = difftime(ttd, now); - if (flags & (F_IPV4 | F_IPV6 | F_DNSKEY | F_DS | F_SRV | F_RR)) + if (flags & (F_IPV4 | F_IPV6 | F_DNSKEY | F_DS | F_RR)) { unsigned short class = C_IN; if (!read_write(fd, (unsigned char *)&addr, sizeof(addr), 1)) return 0; - if ((flags & F_SRV) && !(flags & F_NEG) && !(addr.srv.target = blockdata_read(fd, addr.srv.targetlen))) - return 0; - if ((flags & F_RR) && !(flags & F_NEG) && !(addr.rr.rrdata = blockdata_read(fd, addr.rr.datalen))) return 0; #ifdef HAVE_DNSSEC @@ -1610,7 +1600,7 @@ static void make_non_terminals(struct crec *source) if (!is_outdated_cname_pointer(crecp) && (crecp->flags & F_FORWARD) && (crecp->flags & type) && - !(crecp->flags & (F_IPV4 | F_IPV6 | F_CNAME | F_SRV | F_DNSKEY | F_DS | F_RR)) && + !(crecp->flags & (F_IPV4 | F_IPV6 | F_CNAME | F_DNSKEY | F_DS | F_RR)) && hostname_isequal(name, cache_get_name(crecp))) { *up = crecp->hash_next; @@ -1667,7 +1657,7 @@ static void make_non_terminals(struct crec *source) if (crecp) { - crecp->flags = (source->flags | F_NAMEP) & ~(F_IPV4 | F_IPV6 | F_CNAME | F_SRV | F_RR | F_DNSKEY | F_DS | F_REVERSE); + crecp->flags = (source->flags | F_NAMEP) & ~(F_IPV4 | F_IPV6 | F_CNAME | F_RR | F_DNSKEY | F_DS | F_REVERSE); if (!(crecp->flags & F_IMMORTAL)) crecp->ttd = source->ttd; crecp->name.namep = name; @@ -1804,17 +1794,6 @@ static void dump_cache_entry(struct crec *cache, time_t now) p += sprintf(p, "%-30.30s ", sanitise(n)); if ((cache->flags & F_CNAME) && !is_outdated_cname_pointer(cache)) a = sanitise(cache_get_cname_target(cache)); - else if ((cache->flags & F_SRV) && !(cache->flags & F_NEG)) - { - int targetlen = cache->addr.srv.targetlen; - ssize_t len = sprintf(a, "%u %u %u ", cache->addr.srv.priority, - cache->addr.srv.weight, cache->addr.srv.srvport); - - if (targetlen > (40 - len)) - targetlen = 40 - len; - blockdata_retrieve(cache->addr.srv.target, targetlen, a + len); - a[len + targetlen] = 0; - } else if (cache->flags & F_RR) sprintf(a, "%s", querystr(NULL, cache->addr.rr.rrtype)); #ifdef HAVE_DNSSEC @@ -1843,8 +1822,6 @@ static void dump_cache_entry(struct crec *cache, time_t now) t = "6"; else if (cache->flags & F_CNAME) t = "C"; - else if (cache->flags & F_SRV) - t = "V"; else if (cache->flags & F_RR) t = "T"; #ifdef HAVE_DNSSEC @@ -2133,8 +2110,6 @@ void log_query(unsigned int flags, char *name, union all_addr *addr, char *arg, } else if (flags & F_CNAME) dest = "<CNAME>"; - else if (flags & F_SRV) - dest = "<SRV>"; else if (flags & F_RRNAME) dest = arg; @@ -2158,7 +2133,7 @@ void log_query(unsigned int flags, char *name, union all_addr *addr, char *arg, } else if (flags & F_AUTH) source = "auth"; - else if (flags & F_NOERR) + else if (flags & F_DNSSEC) { source = arg; verb = "to"; diff --git a/src/dnsmasq.h b/src/dnsmasq.h index 376c630..7a00ece 100644 --- a/src/dnsmasq.h +++ b/src/dnsmasq.h @@ -326,10 +326,6 @@ union all_addr { unsigned char algo; unsigned char digest; } ds; - struct { - struct blockdata *target; - unsigned short targetlen, srvport, priority, weight; - } srv; /* for log_query */ struct { unsigned short keytag, algo, digest, rcode; @@ -510,7 +506,7 @@ struct crec { #define F_QUERY (1u<<19) #define F_NOERR (1u<<20) #define F_AUTH (1u<<21) -#define F_RR (1u<<22) +#define F_DNSSEC (1u<<22) #define F_KEYTAG (1u<<23) #define F_SECSTAT (1u<<24) #define F_NO_RR (1u<<25) @@ -518,7 +514,7 @@ struct crec { #define F_NOEXTRA (1u<<27) #define F_DOMAINSRV (1u<<28) #define F_RCODE (1u<<29) -#define F_SRV (1u<<30) +#define F_RR (1u<<30) #define F_STALE (1u<<31) #define UID_NONE 0 diff --git a/src/forward.c b/src/forward.c index 7cd2d9a..d79cc56 100644 --- a/src/forward.c +++ b/src/forward.c @@ -545,7 +545,7 @@ static int forward_query(int udpfd, union mysockaddr *udpaddr, } #ifdef HAVE_DNSSEC else - log_query_mysockaddr(F_NOEXTRA | F_NOERR | F_SERVER, daemon->namebuff, &srv->addr, + log_query_mysockaddr(F_NOEXTRA | F_DNSSEC | F_SERVER, daemon->namebuff, &srv->addr, (forward->flags & FREC_DNSKEY_QUERY) ? "dnssec-retry[DNSKEY]" : "dnssec-retry[DS]", 0); #endif @@ -1050,7 +1050,7 @@ static void dnssec_validate(struct frec *forward, struct dns_header *header, #ifdef HAVE_DUMPFILE dump_packet_udp(DUMP_SEC_QUERY, (void *)header, (size_t)nn, NULL, &server->addr, fd); #endif - log_query_mysockaddr(F_NOEXTRA | F_NOERR | F_SERVER, daemon->keyname, &server->addr, + log_query_mysockaddr(F_NOEXTRA | F_DNSSEC | F_SERVER, daemon->keyname, &server->addr, STAT_ISEQUAL(status, STAT_NEED_KEY) ? "dnssec-query[DNSKEY]" : "dnssec-query[DS]", 0); return; } @@ -2059,7 +2059,7 @@ static int tcp_key_recurse(time_t now, int status, struct dns_header *header, si log_save = daemon->log_display_id; daemon->log_display_id = ++daemon->log_id; - log_query_mysockaddr(F_NOEXTRA | F_NOERR | F_SERVER, keyname, &server->addr, + log_query_mysockaddr(F_NOEXTRA | F_DNSSEC | F_SERVER, keyname, &server->addr, STAT_ISEQUAL(status, STAT_NEED_KEY) ? "dnssec-query[DNSKEY]" : "dnssec-query[DS]", 0); new_status = tcp_key_recurse(now, new_status, new_header, m, class, name, keyname, server, have_mark, mark, keycount); diff --git a/src/option.c b/src/option.c index 87a321e..0f70932 100644 --- a/src/option.c +++ b/src/option.c @@ -3446,7 +3446,7 @@ static int one_opt(int option, char *arg, char *errstr, char *gen_err, int comma break; } - case LOPT_FAST_RETRY: + case LOPT_FAST_RETRY: /* --fast-dns-retry */ daemon->fast_retry_timeout = TIMEOUT; if (!arg) @@ -3469,7 +3469,7 @@ static int one_opt(int option, char *arg, char *errstr, char *gen_err, int comma } break; - case LOPT_CACHE_RR: + case LOPT_CACHE_RR: /* --cache-rr */ while (1) { int type; struct rrlist *new; @@ -5184,7 +5184,7 @@ err: break; } - case LOPT_STALE_CACHE: + case LOPT_STALE_CACHE: /* --use-stale-cache */ { int max_expiry = STALE_CACHE_EXPIRY; if (arg) diff --git a/src/rfc1035.c b/src/rfc1035.c index 28579c6..63aff8a 100644 --- a/src/rfc1035.c +++ b/src/rfc1035.c @@ -705,9 +705,7 @@ int extract_addresses(struct dns_header *header, size_t qlen, char *name, time_t addrlen = IN6ADDRSZ; flags |= F_IPV6; } - else if (qtype == T_SRV) - flags |= F_SRV; - else if (qtype != T_CNAME && rr_on_list(daemon->cache_rr, qtype)) + else if (qtype != T_CNAME && (qtype == T_SRV || rr_on_list(daemon->cache_rr, qtype))) flags |= F_RR; else insert = 0; /* NOTE: do not cache data from CNAME queries. */ @@ -800,26 +798,7 @@ int extract_addresses(struct dns_header *header, size_t qlen, char *name, time_t { found = 1; - if (flags & F_SRV) - { - unsigned char *tmp = namep; - - if (!CHECK_LEN(header, p1, qlen, 6)) - return 2; /* bad packet */ - GETSHORT(addr.srv.priority, p1); - GETSHORT(addr.srv.weight, p1); - GETSHORT(addr.srv.srvport, p1); - if (!extract_name(header, qlen, &p1, name, 1, 0)) - return 2; - addr.srv.targetlen = strlen(name) + 1; /* include terminating zero */ - if (!(addr.srv.target = blockdata_alloc(name, addr.srv.targetlen))) - return 0; - - /* we overwrote the original name, so get it back here. */ - if (!extract_name(header, qlen, &tmp, name, 1, 0)) - return 2; - } - else if (flags & F_RR) + if (flags & F_RR) { short desc, *rrdesc = rrfilter_desc(aqtype); unsigned char *tmp = namep; @@ -953,7 +932,7 @@ int extract_addresses(struct dns_header *header, size_t qlen, char *name, time_t { if (flags & F_NXDOMAIN) { - flags &= ~(F_IPV4 | F_IPV6 | F_SRV | F_RR); + flags &= ~(F_IPV4 | F_IPV6 | F_RR); /* Can store NXDOMAIN reply for any qtype. */ insert = 1; @@ -1998,7 +1977,7 @@ size_t answer_request(struct dns_header *header, char *limit, size_t qlen, since its existence allows us to return a NODATA answer. Note that we never set the AD flag, since we didn't authentucate the record. */ - if (cache_find_by_name(NULL, name, now, F_IPV4 | F_IPV6 | F_SRV)) + if (cache_find_by_name(NULL, name, now, F_IPV4 | F_IPV6 | F_RR)) { ans = 1; sec_data = auth = 0; @@ -2053,13 +2032,12 @@ size_t answer_request(struct dns_header *header, char *limit, size_t qlen, if (qtype == T_SRV || qtype == T_ANY) { - int found = 0; struct mx_srv_record *move = NULL, **up = &daemon->mxnames; for (rec = daemon->mxnames; rec; rec = rec->next) if (rec->issrv && hostname_isequal(name, rec->name)) { - found = ans = 1; + ans = 1; sec_data = 0; if (!dryrun) { @@ -2093,60 +2071,6 @@ size_t answer_request(struct dns_header *header, char *limit, size_t qlen, *up = move; move->next = NULL; } - - if (!found) - { - if ((crecp = cache_find_by_name(NULL, name, now, F_SRV | F_NXDOMAIN | (dryrun ? F_NO_RR : 0))) && - rd_bit && (!do_bit || cache_validated(crecp))) - do - { - int stale_flag = 0; - - if (crec_isstale(crecp, now)) - { - if (stale) - *stale = 1; - - stale_flag = F_STALE; - } - /* don't answer wildcard queries with data not from /etc/hosts or dhcp leases, except for NXDOMAIN */ - if (qtype == T_ANY && !(crecp->flags & (F_NXDOMAIN))) - break; - - if (!(crecp->flags & F_DNSSECOK)) - sec_data = 0; - - auth = 0; - found = ans = 1; - - if (crecp->flags & F_NEG) - { - if (crecp->flags & F_NXDOMAIN) - nxdomain = 1; - if (!dryrun) - log_query(stale_flag | crecp->flags, name, NULL, NULL, 0); - } - else if (!dryrun) - { - char *target = blockdata_retrieve(crecp->addr.srv.target, crecp->addr.srv.targetlen, NULL); - log_query(stale_flag | crecp->flags, name, NULL, NULL, 0); - - if (add_resource_record(header, limit, &trunc, nameoffset, &ansp, - crec_ttl(crecp, now), NULL, T_SRV, C_IN, "sssd", - crecp->addr.srv.priority, crecp->addr.srv.weight, crecp->addr.srv.srvport, - target)) - anscount++; - } - } while ((crecp = cache_find_by_name(crecp, name, now, F_SRV))); - } - - if (!found && option_bool(OPT_FILTER) && (qtype == T_SRV || (qtype == T_ANY && strchr(name, '_')))) - { - ans = 1; - sec_data = 0; - if (!dryrun) - log_query(F_CONFIG | F_NEG, name, NULL, NULL, 0); - } } if (qtype == T_NAPTR || qtype == T_ANY) @@ -2199,7 +2123,10 @@ size_t answer_request(struct dns_header *header, char *limit, size_t qlen, if (!(crecp->flags & F_DNSSECOK)) sec_data = 0; - + + if (crecp->flags & F_NXDOMAIN) + nxdomain = 1; + auth = 0; ans = 1; @@ -2231,9 +2158,16 @@ size_t answer_request(struct dns_header *header, char *limit, size_t qlen, if (!ans) { - /* We may know that the domain doesn't exist for any RRtype. */ - if ((crecp = cache_find_by_name(NULL, name, now, F_NXDOMAIN))) + if (option_bool(OPT_FILTER) && (qtype == T_SRV || (qtype == T_ANY && strchr(name, '_')))) + { + ans = 1; + sec_data = 0; + if (!dryrun) + log_query(F_CONFIG | F_NEG, name, NULL, NULL, 0); + } + else if ((crecp = cache_find_by_name(NULL, name, now, F_NXDOMAIN))) { + /* We may know that the domain doesn't exist for any RRtype. */ ans = nxdomain = 1; auth = 0; |