resolved-dns-server.c revision 6a1a5eec43892dee3ff6e208bceb1931c25c782e
74b2466e14a1961bf3ac0e8a60cfaceec705bd59Lennart Poettering/*-*- Mode: C; c-basic-offset: 8; indent-tabs-mode: nil -*-*/
74b2466e14a1961bf3ac0e8a60cfaceec705bd59Lennart Poettering This file is part of systemd.
74b2466e14a1961bf3ac0e8a60cfaceec705bd59Lennart Poettering Copyright 2014 Lennart Poettering
74b2466e14a1961bf3ac0e8a60cfaceec705bd59Lennart Poettering systemd is free software; you can redistribute it and/or modify it
74b2466e14a1961bf3ac0e8a60cfaceec705bd59Lennart Poettering under the terms of the GNU Lesser General Public License as published by
74b2466e14a1961bf3ac0e8a60cfaceec705bd59Lennart Poettering the Free Software Foundation; either version 2.1 of the License, or
74b2466e14a1961bf3ac0e8a60cfaceec705bd59Lennart Poettering (at your option) any later version.
74b2466e14a1961bf3ac0e8a60cfaceec705bd59Lennart Poettering systemd is distributed in the hope that it will be useful, but
74b2466e14a1961bf3ac0e8a60cfaceec705bd59Lennart Poettering WITHOUT ANY WARRANTY; without even the implied warranty of
74b2466e14a1961bf3ac0e8a60cfaceec705bd59Lennart Poettering MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
74b2466e14a1961bf3ac0e8a60cfaceec705bd59Lennart Poettering Lesser General Public License for more details.
74b2466e14a1961bf3ac0e8a60cfaceec705bd59Lennart Poettering You should have received a copy of the GNU Lesser General Public License
74b2466e14a1961bf3ac0e8a60cfaceec705bd59Lennart Poettering along with systemd; If not, see <http://www.gnu.org/licenses/>.
4e945a6f7971fd7d1f6b2c62ee3afdaff3c95ce4Lennart Poettering/* After how much time to repeat classic DNS requests */
74b2466e14a1961bf3ac0e8a60cfaceec705bd59Lennart Poettering#define DNS_TIMEOUT_MIN_USEC (500 * USEC_PER_MSEC)
0dd25fb9f005d8ab7ac4bc10a609d00569f8c56aLennart Poettering#define DNS_TIMEOUT_MAX_USEC (5 * USEC_PER_SEC)
74b2466e14a1961bf3ac0e8a60cfaceec705bd59Lennart Poettering/* The amount of time to wait before retrying with a full feature set */
74b2466e14a1961bf3ac0e8a60cfaceec705bd59Lennart Poettering#define DNS_SERVER_FEATURE_GRACE_PERIOD_MAX_USEC (6 * USEC_PER_HOUR)
74b2466e14a1961bf3ac0e8a60cfaceec705bd59Lennart Poettering#define DNS_SERVER_FEATURE_GRACE_PERIOD_MIN_USEC (5 * USEC_PER_MINUTE)
4e945a6f7971fd7d1f6b2c62ee3afdaff3c95ce4Lennart Poettering/* The number of times we will attempt a certain feature set before degrading */
74b2466e14a1961bf3ac0e8a60cfaceec705bd59Lennart Poettering#define DNS_SERVER_FEATURE_RETRY_ATTEMPTS 3
74b2466e14a1961bf3ac0e8a60cfaceec705bd59Lennart Poettering assert((type == DNS_SERVER_LINK) == !!l);
4e945a6f7971fd7d1f6b2c62ee3afdaff3c95ce4Lennart Poettering if (l->n_dns_servers >= LINK_DNS_SERVERS_MAX)
74b2466e14a1961bf3ac0e8a60cfaceec705bd59Lennart Poettering if (m->n_dns_servers >= MANAGER_DNS_SERVERS_MAX)
74b2466e14a1961bf3ac0e8a60cfaceec705bd59Lennart Poettering s->verified_feature_level = _DNS_SERVER_FEATURE_LEVEL_INVALID;
74b2466e14a1961bf3ac0e8a60cfaceec705bd59Lennart Poettering s->possible_feature_level = DNS_SERVER_FEATURE_LEVEL_BEST;
74b2466e14a1961bf3ac0e8a60cfaceec705bd59Lennart Poettering s->features_grace_period_usec = DNS_SERVER_FEATURE_GRACE_PERIOD_MIN_USEC;
74b2466e14a1961bf3ac0e8a60cfaceec705bd59Lennart Poettering s->received_udp_packet_max = DNS_PACKET_UNICAST_SIZE_MAX;
74b2466e14a1961bf3ac0e8a60cfaceec705bd59Lennart Poettering s->resend_timeout = DNS_TIMEOUT_MIN_USEC;
3e684349c2cead2e6fd2f816c34eb17daba23a49Lennart Poettering LIST_APPEND(servers, m->fallback_dns_servers, s);
74b2466e14a1961bf3ac0e8a60cfaceec705bd59Lennart Poettering assert_not_reached("Unknown server type");
d5099efc47d4e6ac60816b5381a5f607ab03f06eMichal Schmidt /* A new DNS server that isn't fallback is added and the one
87f5a19343acf8ba697acc5a62bdb1a2b8c9eda3Lennart Poettering * we used so far was a fallback one? Then let's try to pick
87f5a19343acf8ba697acc5a62bdb1a2b8c9eda3Lennart Poettering * the new one */
87f5a19343acf8ba697acc5a62bdb1a2b8c9eda3Lennart Poettering m->current_dns_server->type == DNS_SERVER_FALLBACK)
return NULL;
s->n_ref --;
if (s->n_ref > 0)
return NULL;
free(s);
return NULL;
assert(s);
if (!s->linked)
switch (s->type) {
case DNS_SERVER_LINK:
case DNS_SERVER_SYSTEM:
case DNS_SERVER_FALLBACK:
s->linked = false;
dns_server_unref(s);
assert(s);
if (!s->marked)
s->marked = false;
switch (s->type) {
case DNS_SERVER_LINK:
case DNS_SERVER_SYSTEM:
case DNS_SERVER_FALLBACK:
void dns_server_packet_received(DnsServer *s, DnsServerFeatureLevel level, usec_t rtt, size_t size) {
assert(s);
s->n_failed_attempts = 0;
assert(s);
s->n_failed_attempts ++;
assert(s);
assert(s);
log_warning("DNS server %s does not augment replies with RRSIG records, DNSSEC not available.", strna(ip));
s->rrsig_missing = true;
assert(s);
if (s->verified_usec == 0)
s->features_grace_period_usec = MIN(s->features_grace_period_usec * 2, DNS_SERVER_FEATURE_GRACE_PERIOD_MAX_USEC);
assert(s);
s->n_failed_attempts = 0;
s->verified_usec = 0;
s->rrsig_missing = false;
* responds on one of them. Note that we generally prefer UDP over TCP (which is why it is at a higher
s->possible_feature_level --;
s->n_failed_attempts = 0;
s->verified_usec = 0;
return s->possible_feature_level;
bool edns_do;
const DnsServer *s = p;
assert(s);
static int dns_server_compare_func(const void *a, const void *b) {
const DnsServer *x = a, *y = b;
if (!first)
if (!first)
if (!first)
DnsServer *s;
return NULL;
assert(m);
case DNS_SERVER_SYSTEM:
return m->dns_servers;
case DNS_SERVER_FALLBACK:
return m->fallback_dns_servers;
return NULL;
assert(m);
if (m->current_dns_server == s)
if (m->unicast_scope)
Link *l;
assert(m);
/* Try to read updates resolv.conf */
if (!m->current_dns_server)
if (!m->current_dns_server) {
bool found = false;
Iterator i;
if (l->dns_servers) {
found = true;
if (!found)
return m->current_dns_server;
assert(m);
if (!m->current_dns_server)