resolved-dns-server.c revision f4461e5641d53f27d6e76e0607bdaa9c0c58c1f6
74b2466e14a1961bf3ac0e8a60cfaceec705bd59Lennart Poettering/*-*- Mode: C; c-basic-offset: 8; indent-tabs-mode: nil -*-*/
74b2466e14a1961bf3ac0e8a60cfaceec705bd59Lennart Poettering This file is part of systemd.
74b2466e14a1961bf3ac0e8a60cfaceec705bd59Lennart Poettering Copyright 2014 Lennart Poettering
74b2466e14a1961bf3ac0e8a60cfaceec705bd59Lennart Poettering systemd is free software; you can redistribute it and/or modify it
74b2466e14a1961bf3ac0e8a60cfaceec705bd59Lennart Poettering under the terms of the GNU Lesser General Public License as published by
74b2466e14a1961bf3ac0e8a60cfaceec705bd59Lennart Poettering the Free Software Foundation; either version 2.1 of the License, or
74b2466e14a1961bf3ac0e8a60cfaceec705bd59Lennart Poettering (at your option) any later version.
74b2466e14a1961bf3ac0e8a60cfaceec705bd59Lennart Poettering systemd is distributed in the hope that it will be useful, but
74b2466e14a1961bf3ac0e8a60cfaceec705bd59Lennart Poettering WITHOUT ANY WARRANTY; without even the implied warranty of
74b2466e14a1961bf3ac0e8a60cfaceec705bd59Lennart Poettering MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
74b2466e14a1961bf3ac0e8a60cfaceec705bd59Lennart Poettering Lesser General Public License for more details.
74b2466e14a1961bf3ac0e8a60cfaceec705bd59Lennart Poettering You should have received a copy of the GNU Lesser General Public License
74b2466e14a1961bf3ac0e8a60cfaceec705bd59Lennart Poettering along with systemd; If not, see <http://www.gnu.org/licenses/>.
9df3ba6c6cb65eecec06f39dfe85a3596cedac4eTom Gundersen/* After how much time to repeat classic DNS requests */
9df3ba6c6cb65eecec06f39dfe85a3596cedac4eTom Gundersen#define DNS_TIMEOUT_MIN_USEC (500 * USEC_PER_MSEC)
9df3ba6c6cb65eecec06f39dfe85a3596cedac4eTom Gundersen#define DNS_TIMEOUT_MAX_USEC (5 * USEC_PER_SEC)
be808ea083fa07271116b4519c3c27fd20c5f077Tom Gundersen/* The amount of time to wait before retrying with a full feature set */
be808ea083fa07271116b4519c3c27fd20c5f077Tom Gundersen#define DNS_SERVER_FEATURE_GRACE_PERIOD_MAX_USEC (6 * USEC_PER_HOUR)
be808ea083fa07271116b4519c3c27fd20c5f077Tom Gundersen#define DNS_SERVER_FEATURE_GRACE_PERIOD_MIN_USEC (5 * USEC_PER_MINUTE)
be808ea083fa07271116b4519c3c27fd20c5f077Tom Gundersen/* The number of times we will attempt a certain feature set before degrading */
4e945a6f7971fd7d1f6b2c62ee3afdaff3c95ce4Lennart Poettering assert((type == DNS_SERVER_LINK) == !!l);
eed857b71702f8551b46b66b31fa0d08583cf23cLennart Poettering if (l->n_dns_servers >= LINK_DNS_SERVERS_MAX)
eed857b71702f8551b46b66b31fa0d08583cf23cLennart Poettering if (m->n_dns_servers >= MANAGER_DNS_SERVERS_MAX)
f4461e5641d53f27d6e76e0607bdaa9c0c58c1f6Lennart Poettering s->verified_feature_level = _DNS_SERVER_FEATURE_LEVEL_INVALID;
f4461e5641d53f27d6e76e0607bdaa9c0c58c1f6Lennart Poettering s->possible_feature_level = DNS_SERVER_FEATURE_LEVEL_BEST;
be808ea083fa07271116b4519c3c27fd20c5f077Tom Gundersen s->features_grace_period_usec = DNS_SERVER_FEATURE_GRACE_PERIOD_MIN_USEC;
d74fb368b18f0fbd9a4fe6f15691bbea7f3c4a01Tom Gundersen s->received_udp_packet_max = DNS_PACKET_UNICAST_SIZE_MAX;
eed857b71702f8551b46b66b31fa0d08583cf23cLennart Poettering LIST_APPEND(servers, m->fallback_dns_servers, s);
4e945a6f7971fd7d1f6b2c62ee3afdaff3c95ce4Lennart Poettering assert_not_reached("Unknown server type");
4e945a6f7971fd7d1f6b2c62ee3afdaff3c95ce4Lennart Poettering /* A new DNS server that isn't fallback is added and the one
4e945a6f7971fd7d1f6b2c62ee3afdaff3c95ce4Lennart Poettering * we used so far was a fallback one? Then let's try to pick
4e945a6f7971fd7d1f6b2c62ee3afdaff3c95ce4Lennart Poettering * the new one */
3e684349c2cead2e6fd2f816c34eb17daba23a49Lennart Poettering m->current_dns_server->type == DNS_SERVER_FALLBACK)
0eac462399c8e87bcce252cf058eba9f2678f2bdLennart PoetteringDnsServer* dns_server_unref(DnsServer *s) {
0eac462399c8e87bcce252cf058eba9f2678f2bdLennart Poettering /* This removes the specified server from the linked list of
0eac462399c8e87bcce252cf058eba9f2678f2bdLennart Poettering * servers, but any server might still stay around if it has
0eac462399c8e87bcce252cf058eba9f2678f2bdLennart Poettering * refs, for example from an ongoing transaction. */
0eac462399c8e87bcce252cf058eba9f2678f2bdLennart Poettering LIST_REMOVE(servers, s->link->dns_servers, s);
0eac462399c8e87bcce252cf058eba9f2678f2bdLennart Poettering LIST_REMOVE(servers, s->manager->dns_servers, s);
0eac462399c8e87bcce252cf058eba9f2678f2bdLennart Poettering LIST_REMOVE(servers, s->manager->fallback_dns_servers, s);
0eac462399c8e87bcce252cf058eba9f2678f2bdLennart Poettering if (s->link && s->link->current_dns_server == s)
0eac462399c8e87bcce252cf058eba9f2678f2bdLennart Poettering manager_set_dns_server(s->manager, NULL);
0b58db658b5c3f586ac3a837427f1f7fec2abb2eLennart Poetteringvoid dns_server_move_back_and_unmark(DnsServer *s) {
0b58db658b5c3f586ac3a837427f1f7fec2abb2eLennart Poettering /* Move us to the end of the list, so that the order is
0b58db658b5c3f586ac3a837427f1f7fec2abb2eLennart Poettering * strictly kept, if we are not at the end anyway. */
0b58db658b5c3f586ac3a837427f1f7fec2abb2eLennart Poettering LIST_REMOVE(servers, s->link->dns_servers, s);
0b58db658b5c3f586ac3a837427f1f7fec2abb2eLennart Poettering LIST_INSERT_AFTER(servers, s->link->dns_servers, tail, s);
0b58db658b5c3f586ac3a837427f1f7fec2abb2eLennart Poettering LIST_REMOVE(servers, s->manager->dns_servers, s);
0b58db658b5c3f586ac3a837427f1f7fec2abb2eLennart Poettering LIST_INSERT_AFTER(servers, s->manager->dns_servers, tail, s);
0b58db658b5c3f586ac3a837427f1f7fec2abb2eLennart Poettering LIST_REMOVE(servers, s->manager->fallback_dns_servers, s);
0b58db658b5c3f586ac3a837427f1f7fec2abb2eLennart Poettering LIST_INSERT_AFTER(servers, s->manager->fallback_dns_servers, tail, s);
0b58db658b5c3f586ac3a837427f1f7fec2abb2eLennart Poettering assert_not_reached("Unknown server type");
f4461e5641d53f27d6e76e0607bdaa9c0c58c1f6Lennart Poetteringvoid dns_server_packet_received(DnsServer *s, DnsServerFeatureLevel level, usec_t rtt, size_t size) {
f4461e5641d53f27d6e76e0607bdaa9c0c58c1f6Lennart Poettering if (level == DNS_SERVER_FEATURE_LEVEL_LARGE) {
b652d4a2099d1c167584dcc1d179d47c58dc38a2Lennart Poettering /* Even if we successfully receive a reply to a
b652d4a2099d1c167584dcc1d179d47c58dc38a2Lennart Poettering request announcing support for large packets, that
b652d4a2099d1c167584dcc1d179d47c58dc38a2Lennart Poettering does not mean we can necessarily receive large
f4461e5641d53f27d6e76e0607bdaa9c0c58c1f6Lennart Poettering if (s->verified_feature_level < DNS_SERVER_FEATURE_LEVEL_LARGE - 1) {
f4461e5641d53f27d6e76e0607bdaa9c0c58c1f6Lennart Poettering s->verified_feature_level = DNS_SERVER_FEATURE_LEVEL_LARGE - 1;
d74fb368b18f0fbd9a4fe6f15691bbea7f3c4a01Tom Gundersen assert_se(sd_event_now(s->manager->event, clock_boottime_or_monotonic(), &s->verified_usec) >= 0);
f4461e5641d53f27d6e76e0607bdaa9c0c58c1f6Lennart Poettering } else if (s->verified_feature_level < level) {
be808ea083fa07271116b4519c3c27fd20c5f077Tom Gundersen assert_se(sd_event_now(s->manager->event, clock_boottime_or_monotonic(), &s->verified_usec) >= 0);
d74fb368b18f0fbd9a4fe6f15691bbea7f3c4a01Tom Gundersen /* Remember the size of the largest UDP packet we received from a server,
d74fb368b18f0fbd9a4fe6f15691bbea7f3c4a01Tom Gundersen we know that we can always announce support for packets with at least
d74fb368b18f0fbd9a4fe6f15691bbea7f3c4a01Tom Gundersen this size. */
be808ea083fa07271116b4519c3c27fd20c5f077Tom Gundersen s->resend_timeout = MIN(MAX(DNS_TIMEOUT_MIN_USEC, s->max_rtt * 2), DNS_TIMEOUT_MAX_USEC);
f4461e5641d53f27d6e76e0607bdaa9c0c58c1f6Lennart Poetteringvoid dns_server_packet_lost(DnsServer *s, DnsServerFeatureLevel level, usec_t usec) {
84129d46cd6e95e142973da93aede4c7433c9600Lennart Poettering s->resend_timeout = MIN(s->resend_timeout * 2, DNS_TIMEOUT_MAX_USEC);
f4461e5641d53f27d6e76e0607bdaa9c0c58c1f6Lennart Poetteringvoid dns_server_packet_failed(DnsServer *s, DnsServerFeatureLevel level) {
b652d4a2099d1c167584dcc1d179d47c58dc38a2Lennart Poetteringvoid dns_server_packet_rrsig_missing(DnsServer *s) {
b652d4a2099d1c167584dcc1d179d47c58dc38a2Lennart Poettering in_addr_to_string(s->family, &s->address, &ip);
b652d4a2099d1c167584dcc1d179d47c58dc38a2Lennart Poettering log_warning("DNS server %s does not augment replies with RRSIG records, DNSSEC not available.", strna(ip));
be808ea083fa07271116b4519c3c27fd20c5f077Tom Gundersenstatic bool dns_server_grace_period_expired(DnsServer *s) {
be808ea083fa07271116b4519c3c27fd20c5f077Tom Gundersen return false;
be808ea083fa07271116b4519c3c27fd20c5f077Tom Gundersen assert_se(sd_event_now(s->manager->event, clock_boottime_or_monotonic(), &ts) >= 0);
be808ea083fa07271116b4519c3c27fd20c5f077Tom Gundersen if (s->verified_usec + s->features_grace_period_usec > ts)
be808ea083fa07271116b4519c3c27fd20c5f077Tom Gundersen return false;
be808ea083fa07271116b4519c3c27fd20c5f077Tom Gundersen s->features_grace_period_usec = MIN(s->features_grace_period_usec * 2, DNS_SERVER_FEATURE_GRACE_PERIOD_MAX_USEC);
f4461e5641d53f27d6e76e0607bdaa9c0c58c1f6Lennart PoetteringDnsServerFeatureLevel dns_server_possible_feature_level(DnsServer *s) {
f4461e5641d53f27d6e76e0607bdaa9c0c58c1f6Lennart Poettering if (s->possible_feature_level != DNS_SERVER_FEATURE_LEVEL_BEST &&
f4461e5641d53f27d6e76e0607bdaa9c0c58c1f6Lennart Poettering s->possible_feature_level = DNS_SERVER_FEATURE_LEVEL_BEST;
be808ea083fa07271116b4519c3c27fd20c5f077Tom Gundersen in_addr_to_string(s->family, &s->address, &ip);
be808ea083fa07271116b4519c3c27fd20c5f077Tom Gundersen log_info("Grace period over, resuming full feature set for DNS server %s", strna(ip));
f4461e5641d53f27d6e76e0607bdaa9c0c58c1f6Lennart Poettering } else if (s->possible_feature_level <= s->verified_feature_level)
f4461e5641d53f27d6e76e0607bdaa9c0c58c1f6Lennart Poettering s->possible_feature_level = s->verified_feature_level;
be808ea083fa07271116b4519c3c27fd20c5f077Tom Gundersen else if (s->n_failed_attempts >= DNS_SERVER_FEATURE_RETRY_ATTEMPTS &&
f4461e5641d53f27d6e76e0607bdaa9c0c58c1f6Lennart Poettering s->possible_feature_level > DNS_SERVER_FEATURE_LEVEL_WORST) {
be808ea083fa07271116b4519c3c27fd20c5f077Tom Gundersen in_addr_to_string(s->family, &s->address, &ip);
be808ea083fa07271116b4519c3c27fd20c5f077Tom Gundersen log_warning("Using degraded feature set (%s) for DNS server %s",
f4461e5641d53f27d6e76e0607bdaa9c0c58c1f6Lennart Poettering dns_server_feature_level_to_string(s->possible_feature_level), strna(ip));
519ef04651b07a547f010d6462603669d7fde4e5Lennart Poetteringint dns_server_adjust_opt(DnsServer *server, DnsPacket *packet, DnsServerFeatureLevel level) {
519ef04651b07a547f010d6462603669d7fde4e5Lennart Poettering assert(packet->protocol == DNS_PROTOCOL_DNS);
519ef04651b07a547f010d6462603669d7fde4e5Lennart Poettering /* Fix the OPT field in the packet to match our current feature level. */
519ef04651b07a547f010d6462603669d7fde4e5Lennart Poettering if (level < DNS_SERVER_FEATURE_LEVEL_EDNS0)
519ef04651b07a547f010d6462603669d7fde4e5Lennart Poettering edns_do = level >= DNS_SERVER_FEATURE_LEVEL_DO;
519ef04651b07a547f010d6462603669d7fde4e5Lennart Poettering if (level >= DNS_SERVER_FEATURE_LEVEL_LARGE)
519ef04651b07a547f010d6462603669d7fde4e5Lennart Poettering packet_size = DNS_PACKET_UNICAST_SIZE_LARGE_MAX;
519ef04651b07a547f010d6462603669d7fde4e5Lennart Poettering packet_size = server->received_udp_packet_max;
519ef04651b07a547f010d6462603669d7fde4e5Lennart Poettering return dns_packet_append_opt(packet, packet_size, edns_do, NULL);
b826ab586c9e0a9c0d438a75c28cf3a8ab485929Tom Gundersenstatic void dns_server_hash_func(const void *p, struct siphash *state) {
b826ab586c9e0a9c0d438a75c28cf3a8ab485929Tom Gundersen siphash24_compress(&s->family, sizeof(s->family), state);
b826ab586c9e0a9c0d438a75c28cf3a8ab485929Tom Gundersen siphash24_compress(&s->address, FAMILY_ADDRESS_SIZE(s->family), state);
d5099efc47d4e6ac60816b5381a5f607ab03f06eMichal Schmidtstatic int dns_server_compare_func(const void *a, const void *b) {
87f5a19343acf8ba697acc5a62bdb1a2b8c9eda3Lennart Poettering const DnsServer *x = a, *y = b;
87f5a19343acf8ba697acc5a62bdb1a2b8c9eda3Lennart Poettering return memcmp(&x->address, &y->address, FAMILY_ADDRESS_SIZE(x->family));
4b95f1798f22c1bb75295f448188560cb6ec9eceLennart Poetteringvoid dns_server_unlink_all(DnsServer *first) {
4b95f1798f22c1bb75295f448188560cb6ec9eceLennart Poetteringvoid dns_server_unlink_marked(DnsServer *first) {
4b95f1798f22c1bb75295f448188560cb6ec9eceLennart Poetteringvoid dns_server_mark_all(DnsServer *first) {
4b95f1798f22c1bb75295f448188560cb6ec9eceLennart Poettering dns_server_mark_all(first->servers_next);
4b95f1798f22c1bb75295f448188560cb6ec9eceLennart PoetteringDnsServer *dns_server_find(DnsServer *first, int family, const union in_addr_union *in_addr) {
4b95f1798f22c1bb75295f448188560cb6ec9eceLennart Poettering if (s->family == family && in_addr_equal(family, &s->address, in_addr) > 0)
4b95f1798f22c1bb75295f448188560cb6ec9eceLennart PoetteringDnsServer *manager_get_first_dns_server(Manager *m, DnsServerType t) {
f2f1dbe50fea13abadc9c1e845a29031b90b40f3Lennart PoetteringDnsServer *manager_set_dns_server(Manager *m, DnsServer *s) {
f2f1dbe50fea13abadc9c1e845a29031b90b40f3Lennart Poettering in_addr_to_string(s->family, &s->address, &ip);
f2f1dbe50fea13abadc9c1e845a29031b90b40f3Lennart Poettering log_info("Switching to system DNS server %s.", strna(ip));
0eac462399c8e87bcce252cf058eba9f2678f2bdLennart Poettering m->current_dns_server = dns_server_ref(s);
f2f1dbe50fea13abadc9c1e845a29031b90b40f3Lennart Poettering dns_cache_flush(&m->unicast_scope->cache);
f2f1dbe50fea13abadc9c1e845a29031b90b40f3Lennart PoetteringDnsServer *manager_get_dns_server(Manager *m) {
f2f1dbe50fea13abadc9c1e845a29031b90b40f3Lennart Poettering /* Try to read updates resolv.conf */
f2f1dbe50fea13abadc9c1e845a29031b90b40f3Lennart Poettering /* If no DNS server was chose so far, pick the first one */
f2f1dbe50fea13abadc9c1e845a29031b90b40f3Lennart Poettering manager_set_dns_server(m, m->dns_servers);
f2f1dbe50fea13abadc9c1e845a29031b90b40f3Lennart Poettering /* No DNS servers configured, let's see if there are
f2f1dbe50fea13abadc9c1e845a29031b90b40f3Lennart Poettering * any on any links. If not, we use the fallback
f2f1dbe50fea13abadc9c1e845a29031b90b40f3Lennart Poettering manager_set_dns_server(m, m->fallback_dns_servers);
f2f1dbe50fea13abadc9c1e845a29031b90b40f3Lennart Poetteringvoid manager_next_dns_server(Manager *m) {
f2f1dbe50fea13abadc9c1e845a29031b90b40f3Lennart Poettering /* If there's currently no DNS server set, then the next
f2f1dbe50fea13abadc9c1e845a29031b90b40f3Lennart Poettering * manager_get_dns_server() will find one */
0eac462399c8e87bcce252cf058eba9f2678f2bdLennart Poettering /* Change to the next one, but make sure to follow the linked
0eac462399c8e87bcce252cf058eba9f2678f2bdLennart Poettering * list only if the server is still linked. */
0eac462399c8e87bcce252cf058eba9f2678f2bdLennart Poettering if (m->current_dns_server->linked && m->current_dns_server->servers_next) {
f2f1dbe50fea13abadc9c1e845a29031b90b40f3Lennart Poettering manager_set_dns_server(m, m->current_dns_server->servers_next);
f2f1dbe50fea13abadc9c1e845a29031b90b40f3Lennart Poettering /* If there was no next one, then start from the beginning of
f2f1dbe50fea13abadc9c1e845a29031b90b40f3Lennart Poettering if (m->current_dns_server->type == DNS_SERVER_FALLBACK)
f2f1dbe50fea13abadc9c1e845a29031b90b40f3Lennart Poettering manager_set_dns_server(m, m->fallback_dns_servers);
f2f1dbe50fea13abadc9c1e845a29031b90b40f3Lennart Poettering manager_set_dns_server(m, m->dns_servers);
be808ea083fa07271116b4519c3c27fd20c5f077Tom Gundersenstatic const char* const dns_server_feature_level_table[_DNS_SERVER_FEATURE_LEVEL_MAX] = {
9c5e12a4314e7192e834e1b855e5e80111e636a6Tom Gundersen [DNS_SERVER_FEATURE_LEVEL_EDNS0] = "UDP+EDNS0",
7586f4d172dd9c3ccc3126fc47dca9e49adec132Tom Gundersen [DNS_SERVER_FEATURE_LEVEL_DO] = "UDP+EDNS0+DO",
d74fb368b18f0fbd9a4fe6f15691bbea7f3c4a01Tom Gundersen [DNS_SERVER_FEATURE_LEVEL_LARGE] = "UDP+EDNS0+DO+LARGE",