diff options
Diffstat (limited to 'services/cache')
| -rw-r--r-- | services/cache/dns.c | 17 | ||||
| -rw-r--r-- | services/cache/dns.h | 6 | ||||
| -rw-r--r-- | services/cache/infra.c | 4 | ||||
| -rw-r--r-- | services/cache/infra.h | 2 |
4 files changed, 23 insertions, 6 deletions
diff --git a/services/cache/dns.c b/services/cache/dns.c index a8fde9f2890e..764205e53cbe 100644 --- a/services/cache/dns.c +++ b/services/cache/dns.c @@ -41,6 +41,7 @@ #include "config.h" #include "iterator/iter_delegpt.h" #include "validator/val_nsec.h" +#include "validator/val_utils.h" #include "services/cache/dns.h" #include "services/cache/rrset.h" #include "util/data/msgreply.h" @@ -182,7 +183,7 @@ addr_to_additional(struct ub_packed_rrset_key* rrset, struct regional* region, } /** lookup message in message cache */ -static struct msgreply_entry* +struct msgreply_entry* msg_cache_lookup(struct module_env* env, uint8_t* qname, size_t qnamelen, uint16_t qtype, uint16_t qclass, uint16_t flags, time_t now, int wr) { @@ -755,10 +756,16 @@ dns_cache_lookup(struct module_env* env, if( qtype != LDNS_RR_TYPE_DS && (rrset=rrset_cache_lookup(env->rrset_cache, qname, qnamelen, LDNS_RR_TYPE_CNAME, qclass, 0, now, 0))) { - struct dns_msg* msg = rrset_msg(rrset, region, now, &k); - if(msg) { - lock_rw_unlock(&rrset->entry.lock); - return msg; + uint8_t* wc = NULL; + /* if the rrset is not a wildcard expansion, with wcname */ + /* because, if we return that CNAME rrset on its own, it is + * missing the NSEC or NSEC3 proof */ + if(!(val_rrset_wildcard(rrset, &wc) && wc != NULL)) { + struct dns_msg* msg = rrset_msg(rrset, region, now, &k); + if(msg) { + lock_rw_unlock(&rrset->entry.lock); + return msg; + } } lock_rw_unlock(&rrset->entry.lock); } diff --git a/services/cache/dns.h b/services/cache/dns.h index 0dfb68874403..096ddf28db63 100644 --- a/services/cache/dns.h +++ b/services/cache/dns.h @@ -208,4 +208,10 @@ int dns_msg_authadd(struct dns_msg* msg, struct regional* region, int dns_cache_prefetch_adjust(struct module_env* env, struct query_info* qinfo, time_t adjust, uint16_t flags); +/** lookup message in message cache + * the returned nonNULL entry is locked and has to be unlocked by the caller */ +struct msgreply_entry* msg_cache_lookup(struct module_env* env, + uint8_t* qname, size_t qnamelen, uint16_t qtype, uint16_t qclass, + uint16_t flags, time_t now, int wr); + #endif /* SERVICES_CACHE_DNS_H */ diff --git a/services/cache/infra.c b/services/cache/infra.c index 314c85ef5112..ca1102ef5f7f 100644 --- a/services/cache/infra.c +++ b/services/cache/infra.c @@ -893,6 +893,8 @@ int infra_ratelimit_inc(struct infra_cache* infra, uint8_t* name, /* find ratelimit */ lim = infra_find_ratelimit(infra, name, namelen); + if(!lim) + return 1; /* disabled for this domain */ /* find or insert ratedata */ entry = infra_find_ratedata(infra, name, namelen, 1); @@ -941,6 +943,8 @@ int infra_ratelimit_exceeded(struct infra_cache* infra, uint8_t* name, /* find ratelimit */ lim = infra_find_ratelimit(infra, name, namelen); + if(!lim) + return 0; /* disabled for this domain */ /* find current rate */ entry = infra_find_ratedata(infra, name, namelen, 0); diff --git a/services/cache/infra.h b/services/cache/infra.h index 6f9471a3941c..10db796bfcdd 100644 --- a/services/cache/infra.h +++ b/services/cache/infra.h @@ -401,7 +401,7 @@ int infra_ratelimit_exceeded(struct infra_cache* infra, uint8_t* name, /** find the maximum rate stored, not too old. 0 if no information. */ int infra_rate_max(void* data, time_t now); -/** find the ratelimit in qps for a domain */ +/** find the ratelimit in qps for a domain. 0 if no limit for domain. */ int infra_find_ratelimit(struct infra_cache* infra, uint8_t* name, size_t namelen); |