summaryrefslogtreecommitdiff
path: root/contrib/unbound/validator/val_neg.c
diff options
context:
space:
mode:
Diffstat (limited to 'contrib/unbound/validator/val_neg.c')
-rw-r--r--contrib/unbound/validator/val_neg.c102
1 files changed, 0 insertions, 102 deletions
diff --git a/contrib/unbound/validator/val_neg.c b/contrib/unbound/validator/val_neg.c
index 4c08e6bbc92f..67699b1f7c1e 100644
--- a/contrib/unbound/validator/val_neg.c
+++ b/contrib/unbound/validator/val_neg.c
@@ -965,108 +965,6 @@ static int neg_closest_data(struct val_neg_zone* zone,
}
}
-int val_neg_dlvlookup(struct val_neg_cache* neg, uint8_t* qname, size_t len,
- uint16_t qclass, struct rrset_cache* rrset_cache, time_t now)
-{
- /* lookup closest zone */
- struct val_neg_zone* zone;
- struct val_neg_data* data;
- int labs;
- struct ub_packed_rrset_key* nsec;
- struct packed_rrset_data* d;
- uint32_t flags;
- uint8_t* wc;
- struct query_info qinfo;
- if(!neg) return 0;
-
- log_nametypeclass(VERB_ALGO, "negcache dlvlookup", qname,
- LDNS_RR_TYPE_DLV, qclass);
-
- labs = dname_count_labels(qname);
- lock_basic_lock(&neg->lock);
- zone = neg_closest_zone_parent(neg, qname, len, labs, qclass);
- while(zone && !zone->in_use)
- zone = zone->parent;
- if(!zone) {
- lock_basic_unlock(&neg->lock);
- return 0;
- }
- log_nametypeclass(VERB_ALGO, "negcache zone", zone->name, 0,
- zone->dclass);
-
- /* DLV is defined to use NSEC only */
- if(zone->nsec3_hash) {
- lock_basic_unlock(&neg->lock);
- return 0;
- }
-
- /* lookup closest data record */
- (void)neg_closest_data(zone, qname, len, labs, &data);
- while(data && !data->in_use)
- data = data->parent;
- if(!data) {
- lock_basic_unlock(&neg->lock);
- return 0;
- }
- log_nametypeclass(VERB_ALGO, "negcache rr", data->name,
- LDNS_RR_TYPE_NSEC, zone->dclass);
-
- /* lookup rrset in rrset cache */
- flags = 0;
- if(query_dname_compare(data->name, zone->name) == 0)
- flags = PACKED_RRSET_NSEC_AT_APEX;
- nsec = rrset_cache_lookup(rrset_cache, data->name, data->len,
- LDNS_RR_TYPE_NSEC, zone->dclass, flags, now, 0);
-
- /* check if secure and TTL ok */
- if(!nsec) {
- lock_basic_unlock(&neg->lock);
- return 0;
- }
- d = (struct packed_rrset_data*)nsec->entry.data;
- if(!d || now > d->ttl) {
- lock_rw_unlock(&nsec->entry.lock);
- /* delete data record if expired */
- neg_delete_data(neg, data);
- lock_basic_unlock(&neg->lock);
- return 0;
- }
- if(d->security != sec_status_secure) {
- lock_rw_unlock(&nsec->entry.lock);
- neg_delete_data(neg, data);
- lock_basic_unlock(&neg->lock);
- return 0;
- }
- verbose(VERB_ALGO, "negcache got secure rrset");
-
- /* check NSEC security */
- /* check if NSEC proves no DLV type exists */
- /* check if NSEC proves NXDOMAIN for qname */
- qinfo.qname = qname;
- qinfo.qtype = LDNS_RR_TYPE_DLV;
- qinfo.qclass = qclass;
- qinfo.local_alias = NULL;
- if(!nsec_proves_nodata(nsec, &qinfo, &wc) &&
- !val_nsec_proves_name_error(nsec, qname)) {
- /* the NSEC is not a denial for the DLV */
- lock_rw_unlock(&nsec->entry.lock);
- lock_basic_unlock(&neg->lock);
- verbose(VERB_ALGO, "negcache not proven");
- return 0;
- }
- /* so the NSEC was a NODATA proof, or NXDOMAIN proof. */
-
- /* no need to check for wildcard NSEC; no wildcards in DLV repos */
- /* no need to lookup SOA record for client; no response message */
-
- lock_rw_unlock(&nsec->entry.lock);
- /* if OK touch the LRU for neg_data element */
- neg_lru_touch(neg, data);
- lock_basic_unlock(&neg->lock);
- verbose(VERB_ALGO, "negcache DLV denial proven");
- return 1;
-}
-
void val_neg_addreferral(struct val_neg_cache* neg, struct reply_info* rep,
uint8_t* zone_name)
{
generated by cgit v1.2.3 (git 2.25.1) at 2024-06-27 11:52:48 +0000