Lines Matching defs:client
58 #include <named/client.h>
110 "client %p: %s", client, (m))
128 ns_client_t *client;
133 query_find(ns_client_t *client, dns_fetchevent_t *event, dns_rdatatype_t qtype);
136 validate(ns_client_t *client, dns_db_t *db, dns_name_t *name,
141 dns_dbversion_t *version, ns_client_t *client,
147 log_queryerror(ns_client_t *client, isc_result_t result, int line, int level);
153 inc_stats(ns_client_t *client, isc_statscounter_t counter) {
154 dns_zone_t *zone = client->query.authzone;
166 query_send(ns_client_t *client) {
168 if ((client->message->flags & DNS_MESSAGEFLAG_AA) == 0)
169 inc_stats(client, dns_nsstatscounter_nonauthans);
171 inc_stats(client, dns_nsstatscounter_authans);
172 if (client->message->rcode == dns_rcode_noerror) {
173 if (ISC_LIST_EMPTY(client->message->sections[DNS_SECTION_ANSWER])) {
174 if (client->query.isreferral) {
182 } else if (client->message->rcode == dns_rcode_nxdomain) {
188 inc_stats(client, counter);
189 ns_client_send(client);
193 query_error(ns_client_t *client, isc_result_t result, int line) {
199 inc_stats(client, dns_nsstatscounter_servfail);
202 inc_stats(client, dns_nsstatscounter_formerr);
205 inc_stats(client, dns_nsstatscounter_failure);
209 log_queryerror(client, result, line, loglevel);
211 ns_client_error(client, result);
215 query_next(ns_client_t *client, isc_result_t result) {
217 inc_stats(client, dns_nsstatscounter_duplicate);
219 inc_stats(client, dns_nsstatscounter_dropped);
221 inc_stats(client, dns_nsstatscounter_failure);
222 ns_client_next(client, result);
226 query_freefreeversions(ns_client_t *client, isc_boolean_t everything) {
230 for (dbversion = ISC_LIST_HEAD(client->query.freeversions), i = 0;
240 ISC_LIST_UNLINK(client->query.freeversions, dbversion,
242 isc_mem_put(client->mctx, dbversion,
249 ns_query_cancel(ns_client_t *client) {
250 LOCK(&client->query.fetchlock);
251 if (client->query.fetch != NULL) {
252 dns_resolver_cancelfetch(client->query.fetch);
254 client->query.fetch = NULL;
256 UNLOCK(&client->query.fetchlock);
260 query_reset(ns_client_t *client, isc_boolean_t everything) {
265 * Reset the query state of a client to its default state.
271 ns_query_cancel(client);
276 for (dbversion = ISC_LIST_HEAD(client->query.activeversions);
283 ISC_LIST_INITANDAPPEND(client->query.freeversions,
286 ISC_LIST_INIT(client->query.activeversions);
288 if (client->query.authdb != NULL)
289 dns_db_detach(&client->query.authdb);
290 if (client->query.authzone != NULL)
291 dns_zone_detach(&client->query.authzone);
293 query_freefreeversions(client, everything);
295 for (dbuf = ISC_LIST_HEAD(client->query.namebufs);
300 ISC_LIST_UNLINK(client->query.namebufs, dbuf, link);
305 if (client->query.restarts > 0) {
307 * client->query.qname was dynamically allocated.
309 dns_message_puttempname(client->message,
310 &client->query.qname);
312 client->query.qname = NULL;
313 client->query.attributes = (NS_QUERYATTR_RECURSIONOK |
316 client->query.restarts = 0;
317 client->query.timerset = ISC_FALSE;
318 client->query.origqname = NULL;
319 client->query.qname = NULL;
320 client->query.dboptions = 0;
321 client->query.fetchoptions = 0;
322 client->query.gluedb = NULL;
323 client->query.authdbset = ISC_FALSE;
324 client->query.isreferral = ISC_FALSE;
328 query_next_callback(ns_client_t *client) {
329 query_reset(client, ISC_FALSE);
333 ns_query_free(ns_client_t *client) {
334 query_reset(client, ISC_TRUE);
338 query_newnamebuf(ns_client_t *client) {
348 result = isc_buffer_allocate(client->mctx, &dbuf, 1024);
353 ISC_LIST_APPEND(client->query.namebufs, dbuf, link);
360 query_getnamebuf(ns_client_t *client) {
371 if (ISC_LIST_EMPTY(client->query.namebufs)) {
372 result = query_newnamebuf(client);
379 dbuf = ISC_LIST_TAIL(client->query.namebufs);
383 result = query_newnamebuf(client);
389 dbuf = ISC_LIST_TAIL(client->query.namebufs);
398 query_keepname(ns_client_t *client, dns_name_t *name, isc_buffer_t *dbuf) {
407 REQUIRE((client->query.attributes & NS_QUERYATTR_NAMEBUFUSED) != 0);
412 client->query.attributes &= ~NS_QUERYATTR_NAMEBUFUSED;
416 query_releasename(ns_client_t *client, dns_name_t **namep) {
427 INSIST((client->query.attributes & NS_QUERYATTR_NAMEBUFUSED)
429 client->query.attributes &= ~NS_QUERYATTR_NAMEBUFUSED;
431 dns_message_puttempname(client->message, namep);
436 query_newname(ns_client_t *client, isc_buffer_t *dbuf,
443 REQUIRE((client->query.attributes & NS_QUERYATTR_NAMEBUFUSED) == 0);
447 result = dns_message_gettempname(client->message, &name);
456 client->query.attributes |= NS_QUERYATTR_NAMEBUFUSED;
463 query_newrdataset(ns_client_t *client) {
469 result = dns_message_gettemprdataset(client->message, &rdataset);
482 query_putrdataset(ns_client_t *client, dns_rdataset_t **rdatasetp) {
489 dns_message_puttemprdataset(client->message, rdatasetp);
496 query_newdbversion(ns_client_t *client, unsigned int n) {
501 dbversion = isc_mem_get(client->mctx, sizeof(*dbversion));
505 ISC_LIST_INITANDAPPEND(client->query.freeversions,
523 query_getdbversion(ns_client_t *client) {
527 if (ISC_LIST_EMPTY(client->query.freeversions)) {
528 result = query_newdbversion(client, 1);
532 dbversion = ISC_LIST_HEAD(client->query.freeversions);
534 ISC_LIST_UNLINK(client->query.freeversions, dbversion, link);
540 ns_query_init(ns_client_t *client) {
543 ISC_LIST_INIT(client->query.namebufs);
544 ISC_LIST_INIT(client->query.activeversions);
545 ISC_LIST_INIT(client->query.freeversions);
546 client->query.restarts = 0;
547 client->query.timerset = ISC_FALSE;
548 client->query.qname = NULL;
549 result = isc_mutex_init(&client->query.fetchlock);
552 client->query.fetch = NULL;
553 client->query.authdb = NULL;
554 client->query.authzone = NULL;
555 client->query.authdbset = ISC_FALSE;
556 client->query.isreferral = ISC_FALSE;
557 query_reset(client, ISC_FALSE);
558 result = query_newdbversion(client, 3);
560 DESTROYLOCK(&client->query.fetchlock);
563 result = query_newnamebuf(client);
565 query_freefreeversions(client, ISC_TRUE);
571 query_findversion(ns_client_t *client, dns_db_t *db,
581 for (dbversion = ISC_LIST_HEAD(client->query.activeversions);
593 dbversion = query_getdbversion(client);
599 ISC_LIST_APPEND(client->query.activeversions,
609 query_validatezonedb(ns_client_t *client, dns_name_t *name,
628 if (!client->view->additionalfromauth &&
629 client->query.authdbset &&
630 db != client->query.authdb)
648 dbversion = query_findversion(client, db, &new_zone);
664 queryacl = client->view->queryacl;
665 if ((client->query.attributes &
669 * NS_QUERYATTR_QUERYOK is set, then the client is
674 if ((client->query.attributes &
688 result = ns_client_checkaclsilent(client, NULL, queryacl,
697 client->view->rdclass,
699 ns_client_log(client,
707 client->view->rdclass,
709 ns_client_log(client, DNS_LOGCATEGORY_SECURITY,
715 if (queryacl == client->view->queryacl) {
722 client->query.attributes |=
729 client->query.attributes |= NS_QUERYATTR_QUERYOKVALID;
739 queryonacl = client->view->queryonacl;
741 result = ns_client_checkaclsilent(client,
742 &client->interface->addr,
746 ns_client_log(client, DNS_LOGCATEGORY_SECURITY,
777 query_getzonedb(ns_client_t *client, dns_name_t *name, dns_rdatatype_t qtype,
796 result = dns_zt_find(client->view->zonetable, name, ztoptions, NULL,
806 result = query_validatezonedb(client, name, qtype, options, zone, db,
830 query_getcachedb(ns_client_t *client, dns_name_t *name, dns_rdatatype_t qtype,
841 * This may fail with DNS_R_REFUSED if the client
845 if (!USECACHE(client))
847 dns_db_attach(client->view->cachedb, &db);
849 if ((client->query.attributes & NS_QUERYATTR_CACHEACLOKVALID) != 0) {
852 * NS_QUERYATTR_CACHEACLOK is set, then the client is
857 if ((client->query.attributes & NS_QUERYATTR_CACHEACLOK) == 0)
870 result = ns_client_checkaclsilent(client, NULL,
871 client->view->cacheacl,
878 client->query.attributes |=
884 client->view->rdclass,
886 ns_client_log(client,
894 client->view->rdclass, msg,
896 ns_client_log(client, DNS_LOGCATEGORY_SECURITY,
904 client->query.attributes |= NS_QUERYATTR_CACHEACLOKVALID;
928 query_getdb(ns_client_t *client, dns_name_t *name, dns_rdatatype_t qtype,
950 result = query_getzonedb(client, name, qtype, options, &zone,
960 if (zonelabels < namelabels && client->view->dlzdatabase != NULL) {
961 tresult = dns_dlzfindzone(client->view, name,
1001 result = query_getzonedb(client, name, qtype, options,
1015 result = query_getcachedb(client, name, qtype, dbp, options);
1022 query_isduplicate(ns_client_t *client, dns_name_t *name,
1034 result = dns_message_findname(client->message, section,
1062 ns_client_t *client = arg;
1075 REQUIRE(NS_CLIENT_VALID(client));
1078 if (!WANTDNSSEC(client) && dns_rdatatype_isdnssec(qtype))
1112 dbuf = query_getnamebuf(client);
1115 fname = query_newname(client, dbuf, &b);
1116 rdataset = query_newrdataset(client);
1119 if (WANTDNSSEC(client)) {
1120 sigrdataset = query_newrdataset(client);
1129 result = query_getzonedb(client, name, qtype, DNS_GETDB_NOLOG,
1142 result = dns_db_find(db, name, version, type, client->query.dboptions,
1143 client->now, &node, fname, rdataset,
1166 result = query_getcachedb(client, name, qtype, &db, DNS_GETDB_NOLOG);
1169 * Most likely the client isn't allowed to query the cache.
1176 sigrdataset = query_newrdataset(client);
1181 client->query.dboptions |
1183 client->now, &node, fname, rdataset,
1186 validate(client, db, fname, rdataset, sigrdataset))
1188 if (!WANTDNSSEC(client))
1189 query_putrdataset(client, &sigrdataset);
1214 * case (identified by client->query.gluedb being set).
1217 if (client->query.gluedb == NULL)
1223 if (!dns_name_issubdomain(name, dns_db_origin(client->query.gluedb)))
1226 dns_db_attach(client->query.gluedb, &db);
1228 client->query.dboptions | DNS_DBFIND_GLUEOK,
1229 client->now, &node, fname, rdataset,
1241 query_keepname(client, fname, dbuf);
1249 !query_isduplicate(client, fname, type, &mname)) {
1252 query_releasename(client, &fname);
1284 rdataset = query_newrdataset(client);
1291 } else if (WANTDNSSEC(client)) {
1292 sigrdataset = query_newrdataset(client);
1296 if (query_isduplicate(client, fname, dns_rdatatype_a, NULL))
1300 client->now, rdataset,
1312 if (!query_isduplicate(client, fname,
1316 query_releasename(client, &fname);
1329 query_newrdataset(client);
1331 rdataset = query_newrdataset(client);
1334 if (WANTDNSSEC(client) && sigrdataset == NULL)
1344 if (query_isduplicate(client, fname, dns_rdatatype_aaaa, NULL))
1348 client->now, rdataset,
1360 if (!query_isduplicate(client, fname,
1364 query_releasename(client, &fname);
1397 dns_message_addname(client->message, fname,
1420 client);
1425 query_putrdataset(client, &rdataset);
1427 query_putrdataset(client, &sigrdataset);
1429 query_releasename(client, &fname);
1442 query_discardcache(ns_client_t *client, dns_rdataset_t *rdataset_base,
1452 query_putrdataset(client, &rdataset);
1462 (void)dns_rdataset_putadditional(client->view->acache, rdataset_base,
1497 ns_client_t *client;
1516 client = additionalctx->client;
1517 REQUIRE(NS_CLIENT_VALID(client));
1519 if (qtype != dns_rdatatype_a || client->view->acache == NULL) {
1525 return (query_addadditional(additionalctx->client,
1567 dbuf = query_getnamebuf(client);
1570 fname = query_newname(client, dbuf, &b);
1577 type, client->view->acache, &zone,
1579 client->message, client->now);
1591 query_discardcache(client, rdataset_base, additionaltype,
1610 result = query_validatezonedb(client, name, qtype, DNS_GETDB_NOLOG,
1613 query_discardcache(client, rdataset_base, additionaltype,
1625 query_keepname(client, fname, dbuf);
1633 result = query_getzonedb(client, name, qtype, DNS_GETDB_NOLOG,
1638 type, client->view->acache,
1652 result = dns_db_find(db, name, version, type, client->query.dboptions,
1653 client->now, &node, fname, NULL, NULL);
1659 type, client->view->acache, zone, db,
1673 result = query_getcachedb(client, name, qtype, &db, DNS_GETDB_NOLOG);
1676 * Most likely the client isn't allowed to query the cache.
1681 client->query.dboptions |
1683 client->now, &node, fname, NULL, NULL);
1704 * case (identified by client->query.gluedb being set).
1706 if (client->query.gluedb == NULL)
1712 if (!dns_name_issubdomain(name, dns_db_origin(client->query.gluedb)))
1718 type, client->view->acache, NULL,
1720 client->message, client->now);
1724 result = query_iscachevalid(zone, cdb, client->query.gluedb, cversion);
1727 query_discardcache(client, rdataset_base, additionaltype,
1747 query_keepname(client, fname, dbuf);
1751 dns_db_attach(client->query.gluedb, &db);
1753 client->query.dboptions | DNS_DBFIND_GLUEOK,
1754 client->now, &node, fname, NULL, NULL);
1760 type, client->view->acache,
1774 query_keepname(client, fname, dbuf);
1777 rdataset = query_newrdataset(client);
1781 sigrdataset = query_newrdataset(client);
1786 query_isduplicate(client, fname, dns_rdatatype_a, NULL))
1790 * for a client using DNSSEC, we'll continue the process to make a
1796 client->now, rdataset, sigrdataset);
1805 !validate(client, db, fname, rdataset, sigrdataset)) {
1823 sigrdataset = query_newrdataset(client);
1825 rdataset = query_newrdataset(client);
1834 query_isduplicate(client, fname, dns_rdatatype_aaaa, NULL))
1838 0, client->now, rdataset, sigrdataset);
1847 !validate(client, db, fname, rdataset, sigrdataset)) {
1871 type, client->view->acache,
1889 if (!query_isduplicate(client, fname, crdataset->type,
1903 query_releasename(client, &fname);
1916 need_sigrrset && WANTDNSSEC(client)) {
1938 dns_message_addname(client->message, fname,
1946 query_putrdataset(client, &rdataset);
1948 query_putrdataset(client, &sigrdataset);
1951 query_putrdataset(client, &crdataset);
1954 query_releasename(client, &fname);
1967 query_addrdataset(ns_client_t *client, dns_name_t *fname,
1974 * 'fname', a name in the response message for 'client'.
1981 if (client->view->order != NULL)
1982 rdataset->attributes |= dns_order_find(client->view->order,
1987 if (NOADDITIONAL(client))
1995 additionalctx.client = client;
2003 query_addrrset(ns_client_t *client, dns_name_t **namep,
2012 * To the current response for 'client', add the answer RRset
2030 result = dns_message_findname(client->message, section,
2040 query_releasename(client, namep);
2047 query_keepname(client, name, dbuf);
2048 dns_message_addname(client->message, name, section);
2054 query_releasename(client, namep);
2060 client->query.attributes &= ~NS_QUERYATTR_SECURE;
2066 query_addrdataset(client, mname, rdataset);
2079 query_addsoa(ns_client_t *client, dns_db_t *db, dns_dbversion_t *version,
2100 if (ns_g_nosoa && (!WANTDNSSEC(client) || !isassociated))
2106 result = dns_message_gettempname(client->message, &name);
2111 rdataset = query_newrdataset(client);
2116 if (WANTDNSSEC(client) && dns_db_issecure(db)) {
2117 sigrdataset = query_newrdataset(client);
2131 0, client->now, rdataset,
2141 client->query.dboptions, 0, &node,
2182 query_addrrset(client, &name, &rdataset, sigrdatasetp, NULL,
2187 query_putrdataset(client, &rdataset);
2189 query_putrdataset(client, &sigrdataset);
2191 query_releasename(client, &name);
2199 query_addns(ns_client_t *client, dns_db_t *db, dns_dbversion_t *version) {
2221 result = dns_message_gettempname(client->message, &name);
2228 rdataset = query_newrdataset(client);
2234 if (WANTDNSSEC(client) && dns_db_issecure(db)) {
2235 sigrdataset = query_newrdataset(client);
2250 0, client->now, rdataset,
2255 client->query.dboptions, 0, &node,
2272 query_addrrset(client, &name, &rdataset, sigrdatasetp, NULL,
2278 query_putrdataset(client, &rdataset);
2280 query_putrdataset(client, &sigrdataset);
2282 query_releasename(client, &name);
2291 query_addcnamelike(ns_client_t *client, dns_name_t *qname, dns_name_t *tname,
2308 result = dns_message_gettemprdatalist(client->message, &rdatalist);
2312 result = dns_message_gettemprdata(client->message, &rdata);
2316 result = dns_message_gettemprdataset(client->message, &rdataset);
2320 result = dns_name_dup(qname, client->mctx, *anamep);
2322 dns_message_puttemprdataset(client->message, &rdataset);
2328 rdatalist->rdclass = client->message->rdclass;
2334 rdata->rdclass = client->message->rdclass;
2343 query_addrrset(client, anamep, &rdataset, NULL, NULL,
2349 dns_message_puttemprdataset(client->message, &rdataset);
2360 mark_secure(ns_client_t *client, dns_db_t *db, dns_name_t *name,
2388 (void)dns_db_addrdataset(db, node, NULL, client->now, rdataset,
2390 (void)dns_db_addrdataset(db, node, NULL, client->now, sigrdataset,
2402 get_key(ns_client_t *client, dns_db_t *db, dns_rdata_rrsig_t *rrsig,
2416 client->now, keyrdataset, NULL);
2437 client->mctx, keyp);
2477 validate(ns_client_t *client, dns_db_t *db, dns_name_t *name,
2498 if (!dns_resolver_algorithm_supported(client->view->resolver,
2505 if (!get_key(client, db, &rrsig, &keyrdataset, &key))
2507 if (verify(key, name, rdataset, &rdata, client->mctx,
2508 client->view->acceptexpired)) {
2511 mark_secure(client, db, name,
2525 query_addbestns(ns_client_t *client) {
2555 result = query_getdb(client, client->query.qname, dns_rdatatype_ns, 0,
2564 dbuf = query_getnamebuf(client);
2567 fname = query_newname(client, dbuf, &b);
2568 rdataset = query_newrdataset(client);
2572 * Get the RRSIGs if the client requested them or if we may
2575 if (WANTDNSSEC(client) || !is_zone) {
2576 sigrdataset = query_newrdataset(client);
2585 result = dns_db_find(db, client->query.qname, version,
2586 dns_rdatatype_ns, client->query.dboptions,
2587 client->now, &node, fname,
2591 if (USECACHE(client)) {
2592 query_keepname(client, fname, dbuf);
2603 dns_db_attach(client->view->cachedb, &db);
2608 result = dns_db_findzonecut(db, client->query.qname,
2609 client->query.dboptions,
2610 client->now, &node, fname,
2632 query_releasename(client, &fname);
2642 query_putrdataset(client, &rdataset);
2644 query_putrdataset(client, &sigrdataset);
2656 && !validate(client, db, fname, rdataset, sigrdataset) &&
2657 !PENDINGOK(client->query.dboptions))
2662 !validate(client, db, fname, rdataset, sigrdataset) &&
2663 SECURE(client) && WANTDNSSEC(client))
2667 * If the answer is secure only add NS records if they are secure * when the client may be looking for AD in the response.
2669 if (SECURE(client) && (WANTDNSSEC(client) || WANTAD(client)) &&
2675 * If the client doesn't want DNSSEC we can discard the sigrdataset
2678 if (!WANTDNSSEC(client))
2679 query_putrdataset(client, &sigrdataset);
2680 query_addrrset(client, &fname, &rdataset, &sigrdataset, dbuf,
2685 query_putrdataset(client, &rdataset);
2687 query_putrdataset(client, &sigrdataset);
2689 query_releasename(client, &fname);
2697 query_putrdataset(client, &zrdataset);
2699 query_putrdataset(client, &zsigrdataset);
2701 query_releasename(client, &zfname);
2707 fixrdataset(ns_client_t *client, dns_rdataset_t **rdataset) {
2709 *rdataset = query_newrdataset(client);
2715 fixfname(ns_client_t *client, dns_name_t **fname, isc_buffer_t **dbuf,
2719 *dbuf = query_getnamebuf(client);
2722 *fname = query_newname(client, *dbuf, nbuf);
2727 query_addds(ns_client_t *client, dns_db_t *db, dns_dbnode_t *node,
2746 rdataset = query_newrdataset(client);
2747 sigrdataset = query_newrdataset(client);
2755 client->now, rdataset, sigrdataset);
2761 dns_rdatatype_nsec, 0, client->now,
2774 result = dns_message_firstname(client->message, DNS_SECTION_AUTHORITY);
2779 dns_message_currentname(client->message, DNS_SECTION_AUTHORITY,
2797 dbuf = query_getnamebuf(client);
2800 fname = query_newname(client, dbuf, &b);
2806 query_findclosestnsec3(name, db, version, client, rdataset,
2811 query_addrrset(client, &fname, &rdataset, &sigrdataset, dbuf,
2822 fixfname(client, &fname, &dbuf, &b);
2823 fixrdataset(client, &rdataset);
2824 fixrdataset(client, &sigrdataset);
2828 client, rdataset, sigrdataset, fname,
2832 query_addrrset(client, &fname, &rdataset, &sigrdataset, dbuf,
2838 query_putrdataset(client, &rdataset);
2840 query_putrdataset(client, &sigrdataset);
2842 query_releasename(client, &fname);
2846 query_addwildcardproof(ns_client_t *client, dns_db_t *db,
2914 options = client->query.dboptions | DNS_DBFIND_NOWILD;
2922 dbuf = query_getnamebuf(client);
2925 fname = query_newname(client, dbuf, &b);
2926 rdataset = query_newrdataset(client);
2927 sigrdataset = query_newrdataset(client);
2962 query_findclosestnsec3(cname, db, NULL, client, rdataset,
2967 query_addrrset(client, &fname, &rdataset, &sigrdataset,
2974 dbuf = query_getnamebuf(client);
2977 fname = query_newname(client, dbuf, &b);
2981 rdataset = query_newrdataset(client);
2986 sigrdataset = query_newrdataset(client);
3001 query_findclosestnsec3(wname, db, NULL, client, rdataset,
3005 query_addrrset(client, &fname, &rdataset, &sigrdataset,
3015 dbuf = query_getnamebuf(client);
3018 fname = query_newname(client, dbuf, &b);
3022 rdataset = query_newrdataset(client);
3027 sigrdataset = query_newrdataset(client);
3041 query_findclosestnsec3(wname, db, NULL, client, rdataset,
3045 query_addrrset(client, &fname, &rdataset, &sigrdataset,
3078 query_addrrset(client, &fname, &rdataset, &sigrdataset,
3082 query_putrdataset(client, &rdataset);
3084 query_putrdataset(client, &sigrdataset);
3086 query_releasename(client, &fname);
3096 query_putrdataset(client, &rdataset);
3098 query_putrdataset(client, &sigrdataset);
3100 query_releasename(client, &fname);
3104 query_addnxrrsetnsec(ns_client_t *client, dns_db_t *db,
3119 query_addrrset(client, namep, rdatasetp, sigrdatasetp,
3144 query_addwildcardproof(client, db, version, client->query.qname,
3150 dbuf = query_getnamebuf(client);
3153 fname = query_newname(client, dbuf, &b);
3160 query_addrrset(client, &fname, rdatasetp, sigrdatasetp,
3168 ns_client_t *client;
3181 client = devent->ev_arg;
3182 REQUIRE(NS_CLIENT_VALID(client));
3183 REQUIRE(task == client->task);
3184 REQUIRE(RECURSING(client));
3186 LOCK(&client->query.fetchlock);
3187 if (client->query.fetch != NULL) {
3191 INSIST(devent->fetch == client->query.fetch);
3192 client->query.fetch = NULL;
3195 * Update client->now.
3197 isc_stdtime_get(&client->now);
3205 UNLOCK(&client->query.fetchlock);
3206 INSIST(client->query.fetch == NULL);
3208 client->query.attributes &= ~NS_QUERYATTR_RECURSING;
3213 * If this client is shutting down, or this transaction
3216 client_shuttingdown = ns_client_shuttingdown(client);
3222 query_putrdataset(client, &devent->rdataset);
3224 query_putrdataset(client, &devent->sigrdataset);
3227 query_error(client, DNS_R_SERVFAIL, __LINE__);
3229 query_next(client, ISC_R_CANCELED);
3231 * This may destroy the client.
3233 ns_client_detach(&client);
3235 result = query_find(client, devent, 0);
3254 query_recurse(ns_client_t *client, dns_rdatatype_t qtype, dns_name_t *qdomain,
3262 inc_stats(client, dns_nsstatscounter_recursion);
3265 * We are about to recurse, which means that this client will
3267 * amount of time. If this client is currently responsible
3268 * for handling incoming queries, set up a new client
3274 if (client->recursionquota == NULL) {
3276 &client->recursionquota);
3283 ns_client_log(client, NS_LOGCATEGORY_CLIENT,
3289 ns_client_killoldestquery(client);
3297 ns_client_log(client, NS_LOGCATEGORY_CLIENT,
3303 ns_client_killoldestquery(client);
3305 if (result == ISC_R_SUCCESS && !client->mortal &&
3306 (client->attributes & NS_CLIENTATTR_TCP) == 0) {
3307 result = ns_client_replace(client);
3309 ns_client_log(client, NS_LOGCATEGORY_CLIENT,
3314 isc_quota_detach(&client->recursionquota);
3319 ns_client_recursing(client);
3326 REQUIRE(client->query.fetch == NULL);
3328 rdataset = query_newrdataset(client);
3331 if (WANTDNSSEC(client)) {
3332 sigrdataset = query_newrdataset(client);
3334 query_putrdataset(client, &rdataset);
3340 if (client->query.timerset == ISC_FALSE)
3341 ns_client_settimeout(client, 60);
3342 if ((client->attributes & NS_CLIENTATTR_TCP) == 0)
3343 peeraddr = &client->peeraddr;
3346 result = dns_resolver_createfetch2(client->view->resolver,
3347 client->query.qname,
3349 NULL, peeraddr, client->message->id,
3350 client->query.fetchoptions,
3351 client->task,
3352 query_resume, client,
3354 &client->query.fetch);
3358 * Record that we're waiting for an event. A client which
3363 query_putrdataset(client, &rdataset);
3365 query_putrdataset(client, &sigrdataset);
3445 * Find the sortlist statement that applies to 'client' and set up
3446 * the sortlist info in in client->message appropriately.
3449 setup_query_sortlist(ns_client_t *client) {
3454 isc_netaddr_fromsockaddr(&netaddr, &client->peeraddr);
3455 switch (ns_sortlist_setup(client->view->sortlist,
3470 dns_message_setsortorder(client->message, order, order_arg);
3474 query_addnoqnameproof(ns_client_t *client, dns_rdataset_t *rdataset) {
3486 dbuf = query_getnamebuf(client);
3489 fname = query_newname(client, dbuf, &b);
3490 neg = query_newrdataset(client);
3491 negsig = query_newrdataset(client);
3498 query_addrrset(client, &fname, &neg, &negsig, dbuf,
3505 dbuf = query_getnamebuf(client);
3508 fname = query_newname(client, dbuf, &b);
3511 neg = query_newrdataset(client);
3515 negsig = query_newrdataset(client);
3523 query_addrrset(client, &fname, &neg, &negsig, dbuf,
3528 query_putrdataset(client, &neg);
3530 query_putrdataset(client, &negsig);
3532 query_releasename(client, &fname);
3536 answer_in_glue(ns_client_t *client, dns_rdatatype_t qtype) {
3542 msg = client->message;
3546 if (dns_name_equal(name, client->query.qname)) {
3629 warn_rfc1918(ns_client_t *client, dns_name_t *fname, dns_rdataset_t *rdataset) {
3655 ns_client_log(client, DNS_LOGCATEGORY_SECURITY,
3669 dns_dbversion_t *version, ns_client_t *client,
3711 dboptions = client->query.dboptions | DNS_DBFIND_FORCENSEC3;
3713 dns_rdatatype_nsec3, dboptions, client->now,
3735 ns_client_log(client, DNS_LOGCATEGORY_DNSSEC,
3741 ns_client_log(client, DNS_LOGCATEGORY_DNSSEC,
3749 ns_client_log(client, DNS_LOGCATEGORY_DNSSEC,
3762 * Do the bulk of query processing for the current query of 'client'.
3767 query_find(ns_client_t *client, dns_fetchevent_t *event, dns_rdatatype_t qtype)
3847 dbuf = query_getnamebuf(client);
3852 fname = query_newname(client, dbuf, &b);
3889 if (client->view->checknames &&
3890 !dns_rdata_checkowner(client->query.qname,
3891 client->message->rdclass,
3897 dns_name_format(client->query.qname, namebuf, sizeof(namebuf));
3899 dns_rdataclass_format(client->message->rdclass, classname,
3901 ns_client_log(client, DNS_LOGCATEGORY_SECURITY,
3914 !dns_name_equal(client->query.qname, dns_rootname))
3916 result = query_getdb(client, client->query.qname, qtype, options,
3918 if ((result != ISC_R_SUCCESS || !is_zone) && !RECURSIONOK(client) &&
3929 tresult = query_getzonedb(client, client->query.qname, qtype,
3934 query_putrdataset(client, &rdataset);
3953 if (WANTRECURSION(client)) {
3954 inc_stats(client,
3957 inc_stats(client, dns_nsstatscounter_authrej);
3958 if (!PARTIALANSWER(client))
3968 if (event == NULL && client->query.restarts == 0) {
3977 dns_zone_attach(zone, &client->query.authzone);
3981 dns_db_attach(db, &client->query.authdb);
3983 client->query.authdbset = ISC_TRUE;
3991 dbuf = query_getnamebuf(client);
3996 fname = query_newname(client, dbuf, &b);
3997 rdataset = query_newrdataset(client);
4002 if (WANTDNSSEC(client) && (!is_zone || dns_db_issecure(db))) {
4003 sigrdataset = query_newrdataset(client);
4013 result = dns_db_find(db, client->query.qname, version, type,
4014 client->query.dboptions, client->now,
4042 if (client->view->hints == NULL) {
4046 dns_db_attach(client->view->hints, &db);
4049 0, client->now, &node, fname,
4069 if (RECURSIONOK(client)) {
4070 result = query_recurse(client, qtype,
4073 client->query.attributes |=
4095 if (!RECURSIONOK(client) &&
4101 result = query_getzonedb(client,
4102 client->query.qname,
4109 query_putrdataset(client, &rdataset);
4111 query_putrdataset(client,
4114 query_releasename(client,
4136 if (!USECACHE(client) || !RECURSIONOK(client)) {
4147 * If the client is making a nonrecursive
4156 * database by setting client->query.gluedb.
4158 client->query.gluedb = db;
4159 client->query.isreferral = ISC_TRUE;
4166 client->query.attributes &=
4172 query_addrrset(client, &fname,
4175 client->query.gluedb = NULL;
4176 if (WANTDNSSEC(client))
4177 query_addds(client, db, node, version,
4188 query_keepname(client, fname, dbuf);
4200 dns_db_attach(client->view->cachedb, &db);
4213 query_releasename(client, &fname);
4223 query_putrdataset(client, &rdataset);
4225 query_putrdataset(client,
4240 if (RECURSIONOK(client)) {
4245 result = query_recurse(client, qtype,
4249 result = query_recurse(client, qtype,
4253 client->query.attributes |=
4266 client->query.attributes |=
4268 client->query.gluedb = zdb;
4269 client->query.isreferral = ISC_TRUE;
4276 client->query.attributes &=
4282 query_addrrset(client, &fname,
4285 client->query.gluedb = NULL;
4286 client->query.attributes &=
4288 if (WANTDNSSEC(client))
4289 query_addds(client, db, node, version,
4303 WANTDNSSEC(client)) {
4310 qname = client->query.qname;
4313 client, rdataset,
4333 query_addrrset(client, &fname,
4346 fixfname(client, &fname, &dbuf, &b);
4347 fixrdataset(client, &rdataset);
4348 fixrdataset(client, &sigrdataset);
4361 client,
4369 query_releasename(client, &fname);
4370 query_addwildcardproof(client, db, version,
4371 client->query.qname,
4381 query_keepname(client, fname, dbuf);
4388 query_releasename(client, &fname);
4393 result = query_addsoa(client, db, version, ISC_FALSE,
4402 if (WANTDNSSEC(client)) {
4404 query_addnxrrsetnsec(client, db, version,
4422 query_keepname(client, fname, dbuf);
4429 query_releasename(client, &fname);
4443 result = query_addsoa(client, db, version, ISC_TRUE,
4446 result = query_addsoa(client, db, version, ISC_FALSE,
4453 if (WANTDNSSEC(client)) {
4458 query_addrrset(client, &fname, &rdataset,
4461 query_addwildcardproof(client, db, version,
4462 client->query.qname, ISC_FALSE,
4470 client->message->rcode = dns_rcode_noerror;
4472 client->message->rcode = dns_rcode_nxdomain;
4483 client->message->rcode = dns_rcode_nxdomain;
4489 client->message->rdclass == dns_rdataclass_in &&
4491 warn_rfc1918(client, fname, rdataset);
4496 query_keepname(client, fname, dbuf);
4497 dns_message_addname(client->message, fname,
4518 if (WANTDNSSEC(client) &&
4526 if (NOQNAME(rdataset) && WANTDNSSEC(client))
4530 query_addrrset(client, &fname, &rdataset, sigrdatasetp, dbuf,
4533 query_addnoqnameproof(client, noqname);
4538 client->query.attributes |= NS_QUERYATTR_PARTIALANSWER;
4544 result = dns_message_gettempname(client->message, &tname);
4549 dns_message_puttempname(client->message, &tname);
4556 dns_message_puttempname(client->message, &tname);
4560 result = dns_name_dup(&cname.cname, client->mctx, tname);
4562 dns_message_puttempname(client->message, &tname);
4567 ns_client_qnamereplace(client, tname);
4569 if (!WANTRECURSION(client))
4578 namereln = dns_name_fullcompare(client->query.qname, fname,
4594 if (WANTDNSSEC(client) &&
4602 query_addrrset(client, &fname, &rdataset, sigrdatasetp, dbuf,
4608 client->query.attributes |= NS_QUERYATTR_PARTIALANSWER;
4613 result = dns_message_gettempname(client->message, &tname);
4618 dns_message_puttempname(client->message, &tname);
4625 dns_message_puttempname(client->message, &tname);
4636 dns_name_split(client->query.qname, nlabels, prefix, NULL);
4638 dbuf = query_getnamebuf(client);
4640 dns_message_puttempname(client->message, &tname);
4643 fname = query_newname(client, dbuf, &b);
4645 dns_message_puttempname(client->message, &tname);
4656 client->message->rcode = dns_rcode_yxdomain;
4658 dns_message_puttempname(client->message, &tname);
4662 query_keepname(client, fname, dbuf);
4677 (void)query_addcnamelike(client, client->query.qname, fname,
4681 dns_message_puttempname(client->message, &tname);
4685 ns_client_qnamereplace(client, fname);
4688 if (!WANTRECURSION(client))
4699 if (WANTDNSSEC(client) &&
4730 query_keepname(client, fname, dbuf);
4746 if (NOQNAME(rdataset) && WANTDNSSEC(client))
4750 query_addrrset(client,
4755 query_addnoqnameproof(client, noqname);
4763 query_putrdataset(client, &rdataset);
4764 rdataset = query_newrdataset(client);
4777 dns_message_puttempname(client->message, &fname);
4791 client->attributes &= ~NS_CLIENTATTR_RA;
4798 dns_name_format(client->query.qname,
4801 ns_client_log(client,
4810 fname = query_newname(client, dbuf, &b);
4829 if (NOQNAME(rdataset) && WANTDNSSEC(client))
4837 dns_name_equal(client->query.qname, dns_rootname))
4838 client->query.attributes &= ~NS_QUERYATTR_NOADDITIONAL;
4840 query_addrrset(client, &fname, &rdataset, sigrdatasetp, dbuf,
4843 query_addnoqnameproof(client, noqname);
4857 if (!want_restart && !NOAUTHORITY(client)) {
4861 dns_name_equal(client->query.qname,
4863 (void)query_addns(client, db, version);
4866 query_releasename(client, &fname);
4867 query_addbestns(client);
4876 query_addwildcardproof(client, db, version,
4885 query_putrdataset(client, &rdataset);
4887 query_putrdataset(client, &sigrdataset);
4889 query_releasename(client, &fname);
4897 query_putrdataset(client, &zrdataset);
4899 query_putrdataset(client, &zsigrdataset);
4901 query_releasename(client, &zfname);
4910 if (client->query.restarts == 0 && !authoritative) {
4915 client->message->flags &= ~DNS_MESSAGEFLAG_AA;
4921 if (want_restart && client->query.restarts < MAX_RESTARTS) {
4922 client->query.restarts++;
4927 (!PARTIALANSWER(client) || WANTRECURSION(client))) {
4934 query_next(client, eresult);
4937 * If we don't have any answer to give the client,
4938 * or if the client requested recursion and thus wanted
4942 query_error(client, eresult, line);
4944 ns_client_detach(&client);
4945 } else if (!RECURSING(client)) {
4952 setup_query_sortlist(client);
4959 if (ISC_LIST_EMPTY(client->message->sections[DNS_SECTION_ANSWER]) &&
4960 client->message->rcode == dns_rcode_noerror &&
4962 answer_in_glue(client, qtype);
4964 if (client->message->rcode == dns_rcode_nxdomain &&
4965 client->view->auth_nxdomain == ISC_TRUE)
4966 client->message->flags |= DNS_MESSAGEFLAG_AA;
4969 * If the response is somehow unexpected for the client and this
4974 (ISC_LIST_EMPTY(client->message->sections[DNS_SECTION_ANSWER]) ||
4975 client->message->rcode != dns_rcode_noerror))
4978 query_send(client);
4979 ns_client_detach(&client);
4987 log_query(ns_client_t *client, unsigned int flags, unsigned int extflags) {
4997 rdataset = ISC_LIST_HEAD(client->query.qname->list);
4999 dns_name_format(client->query.qname, namebuf, sizeof(namebuf));
5003 ns_client_log(client, NS_LOGCATEGORY_QUERIES, NS_LOGMODULE_QUERY,
5005 typename, WANTRECURSION(client) ? "+" : "-",
5006 (client->signer != NULL) ? "S": "",
5007 (client->opt != NULL) ? "E" : "",
5013 log_queryerror(ns_client_t *client, isc_result_t result, int line, int level) {
5030 if (client->query.origqname != NULL) {
5031 dns_name_format(client->query.origqname, namebuf,
5036 rdataset = ISC_LIST_HEAD(client->query.origqname->list);
5048 ns_client_log(client, NS_LOGCATEGORY_QUERY_EERRORS, NS_LOGMODULE_QUERY,
5055 ns_query_start(ns_client_t *client) {
5057 dns_message_t *message = client->message;
5061 unsigned int saved_extflags = client->extflags;
5062 unsigned int saved_flags = client->message->flags;
5069 if (ns_g_clienttest && (client->attributes & NS_CLIENTATTR_TCP) == 0)
5070 RUNTIME_CHECK(ns_client_replace(client) == ISC_R_SUCCESS);
5075 client->next = query_next_callback;
5080 if (!client->view->enablednssec) {
5082 client->extflags &= ~DNS_MESSAGEEXTFLAG_DO;
5083 if (client->opt != NULL)
5084 client->opt->ttl &= ~DNS_MESSAGEEXTFLAG_DO;
5088 client->query.attributes |= NS_QUERYATTR_WANTRECURSION;
5090 if ((client->extflags & DNS_MESSAGEEXTFLAG_DO) != 0)
5091 client->attributes |= NS_CLIENTATTR_WANTDNSSEC;
5093 if (client->view->minimalresponses)
5094 client->query.attributes |= (NS_QUERYATTR_NOAUTHORITY |
5097 if ((client->view->cachedb == NULL)
5098 || (!client->view->additionalfromcache)) {
5103 client->query.attributes &=
5105 } else if ((client->attributes & NS_CLIENTATTR_RA) == 0 ||
5108 * If the client isn't allowed to recurse (due to
5113 client->query.attributes &= ~NS_QUERYATTR_RECURSIONOK;
5121 query_error(client, result, __LINE__);
5125 &client->query.qname);
5126 client->query.origqname = client->query.qname;
5134 query_error(client, DNS_R_FORMERR, __LINE__);
5136 query_error(client, result, __LINE__);
5141 log_query(client, saved_flags, saved_extflags);
5147 query_error(client, DNS_R_FORMERR, __LINE__);
5154 rdataset = ISC_LIST_HEAD(client->query.qname->list);
5164 ns_xfr_start(client, rdataset->type);
5168 query_error(client, DNS_R_NOTIMP, __LINE__);
5171 result = dns_tkey_processquery(client->message,
5173 client->view->dynamickeys);
5175 query_send(client);
5177 query_error(client, result, __LINE__);
5180 query_error(client, DNS_R_FORMERR, __LINE__);
5189 client->query.attributes |= (NS_QUERYATTR_NOAUTHORITY |
5195 if (client->opt != NULL && client->udpsize <= 512U &&
5196 (client->attributes & NS_CLIENTATTR_TCP) == 0)
5197 client->query.attributes |= (NS_QUERYATTR_NOAUTHORITY |
5201 * If the client has requested that DNSSEC checking be disabled,
5211 client->query.dboptions |= DNS_DBFIND_PENDINGOK;
5212 client->query.fetchoptions |= DNS_FETCHOPT_NOVALIDATE;
5213 } else if (!client->view->enablevalidation)
5214 client->query.fetchoptions |= DNS_FETCHOPT_NOVALIDATE;
5221 client->query.attributes &= ~NS_QUERYATTR_SECURE;
5224 * Set NS_CLIENTATTR_WANTDNSSEC if the client has set AD in the query.
5228 client->attributes |= NS_CLIENTATTR_WANTAD;
5235 query_next(client, result);
5253 if (WANTDNSSEC(client) || WANTAD(client))
5257 ns_client_attach(client, &qclient);