KumiSystems/openwrtv3
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
openwrtv3/package/network/services/dnsmasq/patches/0006-Handle-query-retry-on-REFUSED-or-SERVFAIL-for-DNSSEC.patch

88 lines
3 KiB
Diff
Raw Normal View History

dnsmasq: bump to 2.80test2 Refresh patches and backport upstream to current HEAD: 1f1873a Log warning on very large cachesize config, instead of truncating it. 0a496f0 Do unsolicited RAs for interfaces which appear after dnsmasq startup. e27825b Fix logging in previous. 1f60a18 Retry SERVFAIL DNSSEC queries to a different server, if possible. a0088e8 Handle query retry on REFUSED or SERVFAIL for DNSSEC-generated queries. 34e26e1 Retry query to other servers on receipt of SERVFAIL rcode. 6b17335 Add packet-dump debugging facility. 07ed585 Add logging for DNS error returns from upstream and local configuration. 0669ee7 Fix DHCP broken-ness when --no-ping AND --dhcp-sequential-ip are set. f84e674 Be persistent with broken-upstream-DNSSEC warnings. Compile & run tested: ar71xx Archer C7 v2 Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
2018-05-12 14:37:33 +00:00
From a0088e83640d7d1544127dd668660462e9f78e52 Mon Sep 17 00:00:00 2001
From: Simon Kelley <simon@thekelleys.org.uk>
Date: Thu, 10 May 2018 21:43:14 +0100
Subject: [PATCH 06/10] Handle query retry on REFUSED or SERVFAIL for
DNSSEC-generated queries.
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
---
src/forward.c | 46 ++++++++++++++++++++++++++++++++++++++++------
1 file changed, 40 insertions(+), 6 deletions(-)
--- a/src/forward.c
+++ b/src/forward.c
@@ -298,9 +298,9 @@ static int forward_query(int udpfd, unio
fd = forward->rfd4->fd;
}
- while (retry_send( sendto(fd, (char *)header, plen, 0,
- &forward->sentto->addr.sa,
- sa_len(&forward->sentto->addr))));
+ while (retry_send(sendto(fd, (char *)header, plen, 0,
+ &forward->sentto->addr.sa,
+ sa_len(&forward->sentto->addr))));
return 1;
}
@@ -804,8 +804,7 @@ void reply_query(int fd, int family, tim
dump_packet((forward->flags & (FREC_DNSKEY_QUERY | FREC_DS_QUERY)) ? DUMP_SEC_REPLY : DUMP_UP_REPLY,
(void *)header, n, &serveraddr, NULL);
#endif
-
-
+
/* log_query gets called indirectly all over the place, so
pass these in global variables - sorry. */
daemon->log_display_id = forward->log_id;
@@ -826,6 +825,40 @@ void reply_query(int fd, int family, tim
size_t plen;
int is_sign;
+ /* For DNSSEC originated queries, just retry the query to the same server. */
+ if (forward->flags & (FREC_DNSKEY_QUERY | FREC_DS_QUERY))
+ {
+ blockdata_retrieve(forward->stash, forward->stash_len, (void *)header);
+ plen = forward->stash_len;
+
+ forward->forwardall = 2; /* only retry once */
+
+ if (forward->sentto->addr.sa.sa_family == AF_INET)
+ log_query(F_NOEXTRA | F_DNSSEC | F_IPV4, "retry", (struct all_addr *)&forward->sentto->addr.in.sin_addr, "dnssec");
+#ifdef HAVE_IPV6
+ else
+ log_query(F_NOEXTRA | F_DNSSEC | F_IPV6, "retry", (struct all_addr *)&forward->sentto->addr.in6.sin6_addr, "dnssec");
+#endif
+
+ if (forward->sentto->sfd)
+ fd = forward->sentto->sfd->fd;
+ else
+ {
+#ifdef HAVE_IPV6
+ if (forward->sentto->addr.sa.sa_family == AF_INET6)
+ fd = forward->rfd6->fd;
+ else
+#endif
+ fd = forward->rfd4->fd;
+ }
+
+ while (retry_send(sendto(fd, (char *)header, plen, 0,
+ &forward->sentto->addr.sa,
+ sa_len(&forward->sentto->addr))));
+
+ return;
+ }
+
/* In strict order mode, there must be a server later in the chain
left to send to, otherwise without the forwardall mechanism,
code further on will cycle around the list forwever if they
@@ -1017,7 +1050,8 @@ void reply_query(int fd, int family, tim
#ifdef HAVE_IPV6
new->rfd6 = NULL;
#endif
- new->flags &= ~(FREC_DNSKEY_QUERY | FREC_DS_QUERY);
+ new->flags &= ~(FREC_DNSKEY_QUERY | FREC_DS_QUERY | FREC_HAS_EXTRADATA);
+ new->forwardall = 0;
new->dependent = forward; /* to find query awaiting new one. */
forward->blocking_query = new; /* for garbage cleaning */
Reference in a new issue Copy permalink