summaryrefslogtreecommitdiff
path: root/validator
diff options
context:
space:
mode:
Diffstat (limited to 'validator')
-rw-r--r--validator/autotrust.c2
-rw-r--r--validator/autotrust.h2
-rw-r--r--validator/val_kcache.c2
-rw-r--r--validator/validator.c35
4 files changed, 27 insertions, 14 deletions
diff --git a/validator/autotrust.c b/validator/autotrust.c
index 7bc5577f4f65..a34a7c96c814 100644
--- a/validator/autotrust.c
+++ b/validator/autotrust.c
@@ -2306,7 +2306,7 @@ autr_debug_print(struct val_anchors* anchors)
void probe_answer_cb(void* arg, int ATTR_UNUSED(rcode),
sldns_buffer* ATTR_UNUSED(buf), enum sec_status ATTR_UNUSED(sec),
- char* ATTR_UNUSED(why_bogus))
+ char* ATTR_UNUSED(why_bogus), int ATTR_UNUSED(was_ratelimited))
{
/* retry was set before the query was done,
* re-querytime is set when query succeeded, but that may not
diff --git a/validator/autotrust.h b/validator/autotrust.h
index c549798f0e3c..057f2b68aed7 100644
--- a/validator/autotrust.h
+++ b/validator/autotrust.h
@@ -206,6 +206,6 @@ void autr_debug_print(struct val_anchors* anchors);
/** callback for query answer to 5011 probe */
void probe_answer_cb(void* arg, int rcode, struct sldns_buffer* buf,
- enum sec_status sec, char* errinf);
+ enum sec_status sec, char* errinf, int was_ratelimited);
#endif /* VALIDATOR_AUTOTRUST_H */
diff --git a/validator/val_kcache.c b/validator/val_kcache.c
index 22070cc6a90e..e0b88b6df81d 100644
--- a/validator/val_kcache.c
+++ b/validator/val_kcache.c
@@ -89,7 +89,7 @@ key_cache_insert(struct key_cache* kcache, struct key_entry_key* kkey,
if(key_entry_isbad(k) && qstate->errinf &&
qstate->env->cfg->val_log_level >= 2) {
/* on malloc failure there is simply no reason string */
- key_entry_set_reason(k, errinf_to_str(qstate));
+ key_entry_set_reason(k, errinf_to_str_bogus(qstate));
}
key_entry_hash(k);
slabhash_insert(kcache->slab, k->entry.hash, &k->entry,
diff --git a/validator/validator.c b/validator/validator.c
index 5777b2932cb4..fa8d5419a80a 100644
--- a/validator/validator.c
+++ b/validator/validator.c
@@ -388,6 +388,14 @@ generate_request(struct module_qstate* qstate, int id, uint8_t* name,
if(qtype == LDNS_RR_TYPE_DLV)
valrec = 0;
else valrec = 1;
+
+ fptr_ok(fptr_whitelist_modenv_detect_cycle(qstate->env->detect_cycle));
+ if((*qstate->env->detect_cycle)(qstate, &ask,
+ (uint16_t)(BIT_RD|flags), 0, valrec)) {
+ verbose(VERB_ALGO, "Could not generate request: cycle detected");
+ return 0;
+ }
+
if(detached) {
struct mesh_state* sub = NULL;
fptr_ok(fptr_whitelist_modenv_add_sub(
@@ -467,7 +475,7 @@ generate_keytag_query(struct module_qstate* qstate, int id,
LDNS_RR_TYPE_NULL, ta->dclass);
if(!generate_request(qstate, id, keytagdname, dnamebuf_len,
LDNS_RR_TYPE_NULL, ta->dclass, 0, &newq, 1)) {
- log_err("failed to generate key tag signaling request");
+ verbose(VERB_ALGO, "failed to generate key tag signaling request");
return 0;
}
@@ -524,12 +532,12 @@ prime_trust_anchor(struct module_qstate* qstate, struct val_qstate* vq,
if(newq && qstate->env->cfg->trust_anchor_signaling &&
!generate_keytag_query(qstate, id, toprime)) {
- log_err("keytag signaling query failed");
+ verbose(VERB_ALGO, "keytag signaling query failed");
return 0;
}
if(!ret) {
- log_err("Could not prime trust anchor: out of memory");
+ verbose(VERB_ALGO, "Could not prime trust anchor");
return 0;
}
/* ignore newq; validator does not need state created for that
@@ -1673,7 +1681,7 @@ processFindKey(struct module_qstate* qstate, struct val_qstate* vq, int id)
if(!generate_request(qstate, id, vq->ds_rrset->rk.dname,
vq->ds_rrset->rk.dname_len, LDNS_RR_TYPE_DNSKEY,
vq->qchase.qclass, BIT_CD, &newq, 0)) {
- log_err("mem error generating DNSKEY request");
+ verbose(VERB_ALGO, "error generating DNSKEY request");
return val_error(qstate, id);
}
return 0;
@@ -1745,7 +1753,7 @@ processFindKey(struct module_qstate* qstate, struct val_qstate* vq, int id)
if(!generate_request(qstate, id, vq->ds_rrset->rk.dname,
vq->ds_rrset->rk.dname_len, LDNS_RR_TYPE_DNSKEY,
vq->qchase.qclass, BIT_CD, &newq, 0)) {
- log_err("mem error generating DNSKEY request");
+ verbose(VERB_ALGO, "error generating DNSKEY request");
return val_error(qstate, id);
}
return 0;
@@ -1774,7 +1782,7 @@ processFindKey(struct module_qstate* qstate, struct val_qstate* vq, int id)
if(!generate_request(qstate, id, target_key_name,
target_key_len, LDNS_RR_TYPE_DS, vq->qchase.qclass,
BIT_CD, &newq, 0)) {
- log_err("mem error generating DS request");
+ verbose(VERB_ALGO, "error generating DS request");
return val_error(qstate, id);
}
return 0;
@@ -1784,7 +1792,7 @@ processFindKey(struct module_qstate* qstate, struct val_qstate* vq, int id)
if(!generate_request(qstate, id, vq->ds_rrset->rk.dname,
vq->ds_rrset->rk.dname_len, LDNS_RR_TYPE_DNSKEY,
vq->qchase.qclass, BIT_CD, &newq, 0)) {
- log_err("mem error generating DNSKEY request");
+ verbose(VERB_ALGO, "error generating DNSKEY request");
return val_error(qstate, id);
}
@@ -2227,13 +2235,17 @@ processFinished(struct module_qstate* qstate, struct val_qstate* vq,
vq->orig_msg->rep->ttl = ve->bogus_ttl;
vq->orig_msg->rep->prefetch_ttl =
PREFETCH_TTL_CALC(vq->orig_msg->rep->ttl);
- if(qstate->env->cfg->val_log_level >= 1 &&
+ vq->orig_msg->rep->serve_expired_ttl =
+ vq->orig_msg->rep->ttl + qstate->env->cfg->serve_expired_ttl;
+ if((qstate->env->cfg->val_log_level >= 1 ||
+ qstate->env->cfg->log_servfail) &&
!qstate->env->cfg->val_log_squelch) {
- if(qstate->env->cfg->val_log_level < 2)
+ if(qstate->env->cfg->val_log_level < 2 &&
+ !qstate->env->cfg->log_servfail)
log_query_info(0, "validation failure",
&qstate->qinfo);
else {
- char* err = errinf_to_str(qstate);
+ char* err = errinf_to_str_bogus(qstate);
if(err) log_info("%s", err);
free(err);
}
@@ -2332,6 +2344,7 @@ processDLVLookup(struct module_qstate* qstate, struct val_qstate* vq,
if(vq->dlv_status == dlv_error) {
verbose(VERB_QUERY, "failed DLV lookup");
+ errinf(qstate, "failed DLV lookup");
return val_error(qstate, id);
} else if(vq->dlv_status == dlv_success) {
uint8_t* nm;
@@ -2367,7 +2380,7 @@ processDLVLookup(struct module_qstate* qstate, struct val_qstate* vq,
if(!generate_request(qstate, id, vq->ds_rrset->rk.dname,
vq->ds_rrset->rk.dname_len, LDNS_RR_TYPE_DNSKEY,
vq->qchase.qclass, BIT_CD, &newq, 0)) {
- log_err("mem error generating DNSKEY request");
+ verbose(VERB_ALGO, "error generating DNSKEY request");
return val_error(qstate, id);
}
return 0;
generated by cgit v1.3 (git 2.53.0) at 2026-05-21 19:57:10 +0000