Lines Matching refs:client
166 client_trace(ns_client_t *client, int level, const char *message) { in client_trace() argument
167 if (client != NULL && client->query.qname != NULL) { in client_trace()
171 dns_name_format(client->query.qname, qbuf, in client_trace()
173 dns_rdatatype_format(client->query.qtype, tbuf, in client_trace()
179 client, isc_thread_self(), qbuf, tbuf, in client_trace()
187 client, isc_thread_self(), message); in client_trace()
190 #define CTRACE(l, m) client_trace(client, l, m)
191 #define CCTRACE(l, m) client_trace(qctx->client, l, m)
226 validate(ns_client_t *client, dns_db_t *db, dns_name_t *name,
231 dns_dbversion_t *version, ns_client_t *client,
236 log_queryerror(ns_client_t *client, isc_result_t result, int line, int level);
239 rpz_st_clear(ns_client_t *client);
242 rpz_ck_dnssec(ns_client_t *client, isc_result_t qresult,
391 qctx_init(ns_client_t *client, dns_fetchevent_t **eventp, dns_rdatatype_t qtype,
395 query_setup(ns_client_t *client, dns_rdatatype_t qtype);
505 query_clear_stale(ns_client_t *client);
511 inc_stats(ns_client_t *client, isc_statscounter_t counter) { in inc_stats() argument
512 dns_zone_t *zone = client->query.authzone; in inc_stats()
518 ns_stats_increment(client->sctx->nsstats, counter); in inc_stats()
539 rdataset = ISC_LIST_HEAD(client->query.qname->list); in inc_stats()
549 query_send(ns_client_t *client) { in query_send() argument
552 if ((client->message->flags & DNS_MESSAGEFLAG_AA) == 0) { in query_send()
553 inc_stats(client, ns_statscounter_nonauthans); in query_send()
555 inc_stats(client, ns_statscounter_authans); in query_send()
558 if (client->message->rcode == dns_rcode_noerror) { in query_send()
560 if (ISC_LIST_EMPTY(client->message->sections[answer])) { in query_send()
561 if (client->query.isreferral) { in query_send()
569 } else if (client->message->rcode == dns_rcode_nxdomain) { in query_send()
571 } else if (client->message->rcode == dns_rcode_badcookie) { in query_send()
577 inc_stats(client, counter); in query_send()
578 ns_client_send(client); in query_send()
580 if (!client->nodetach) { in query_send()
581 isc_nmhandle_detach(&client->reqhandle); in query_send()
586 query_error(ns_client_t *client, isc_result_t result, int line) { in query_error() argument
592 inc_stats(client, ns_statscounter_servfail); in query_error()
595 inc_stats(client, ns_statscounter_formerr); in query_error()
598 inc_stats(client, ns_statscounter_failure); in query_error()
602 if ((client->sctx->options & NS_SERVER_LOGQUERIES) != 0) { in query_error()
606 log_queryerror(client, result, line, loglevel); in query_error()
608 ns_client_error(client, result); in query_error()
610 if (!client->nodetach) { in query_error()
611 isc_nmhandle_detach(&client->reqhandle); in query_error()
616 query_next(ns_client_t *client, isc_result_t result) { in query_next() argument
618 inc_stats(client, ns_statscounter_duplicate); in query_next()
620 inc_stats(client, ns_statscounter_dropped); in query_next()
622 inc_stats(client, ns_statscounter_failure); in query_next()
624 ns_client_drop(client, result); in query_next()
626 if (!client->nodetach) { in query_next()
627 isc_nmhandle_detach(&client->reqhandle); in query_next()
632 query_freefreeversions(ns_client_t *client, bool everything) { in query_freefreeversions() argument
636 for (dbversion = ISC_LIST_HEAD(client->query.freeversions), i = 0; in query_freefreeversions()
645 ISC_LIST_UNLINK(client->query.freeversions, dbversion, in query_freefreeversions()
647 isc_mem_put(client->mctx, dbversion, in query_freefreeversions()
654 ns_query_cancel(ns_client_t *client) { in ns_query_cancel() argument
655 REQUIRE(NS_CLIENT_VALID(client)); in ns_query_cancel()
657 LOCK(&client->query.fetchlock); in ns_query_cancel()
658 if (client->query.fetch != NULL) { in ns_query_cancel()
659 dns_resolver_cancelfetch(client->query.fetch); in ns_query_cancel()
661 client->query.fetch = NULL; in ns_query_cancel()
663 UNLOCK(&client->query.fetchlock); in ns_query_cancel()
667 query_reset(ns_client_t *client, bool everything) { in query_reset() argument
680 ns_query_cancel(client); in query_reset()
685 for (dbversion = ISC_LIST_HEAD(client->query.activeversions); in query_reset()
691 ISC_LIST_INITANDAPPEND(client->query.freeversions, dbversion, in query_reset()
694 ISC_LIST_INIT(client->query.activeversions); in query_reset()
696 if (client->query.authdb != NULL) { in query_reset()
697 dns_db_detach(&client->query.authdb); in query_reset()
699 if (client->query.authzone != NULL) { in query_reset()
700 dns_zone_detach(&client->query.authzone); in query_reset()
703 if (client->query.dns64_aaaa != NULL) { in query_reset()
704 ns_client_putrdataset(client, &client->query.dns64_aaaa); in query_reset()
706 if (client->query.dns64_sigaaaa != NULL) { in query_reset()
707 ns_client_putrdataset(client, &client->query.dns64_sigaaaa); in query_reset()
709 if (client->query.dns64_aaaaok != NULL) { in query_reset()
710 isc_mem_put(client->mctx, client->query.dns64_aaaaok, in query_reset()
711 client->query.dns64_aaaaoklen * sizeof(bool)); in query_reset()
712 client->query.dns64_aaaaok = NULL; in query_reset()
713 client->query.dns64_aaaaoklen = 0; in query_reset()
716 ns_client_putrdataset(client, &client->query.redirect.rdataset); in query_reset()
717 ns_client_putrdataset(client, &client->query.redirect.sigrdataset); in query_reset()
718 if (client->query.redirect.db != NULL) { in query_reset()
719 if (client->query.redirect.node != NULL) { in query_reset()
720 dns_db_detachnode(client->query.redirect.db, in query_reset()
721 &client->query.redirect.node); in query_reset()
723 dns_db_detach(&client->query.redirect.db); in query_reset()
725 if (client->query.redirect.zone != NULL) { in query_reset()
726 dns_zone_detach(&client->query.redirect.zone); in query_reset()
729 query_freefreeversions(client, everything); in query_reset()
731 for (dbuf = ISC_LIST_HEAD(client->query.namebufs); dbuf != NULL; in query_reset()
736 ISC_LIST_UNLINK(client->query.namebufs, dbuf, link); in query_reset()
741 if (client->query.restarts > 0) { in query_reset()
745 dns_message_puttempname(client->message, &client->query.qname); in query_reset()
747 client->query.qname = NULL; in query_reset()
748 client->query.attributes = (NS_QUERYATTR_RECURSIONOK | in query_reset()
750 client->query.restarts = 0; in query_reset()
751 client->query.timerset = false; in query_reset()
752 if (client->query.rpz_st != NULL) { in query_reset()
753 rpz_st_clear(client); in query_reset()
755 INSIST(client->query.rpz_st->rpsdb == NULL); in query_reset()
756 isc_mem_put(client->mctx, client->query.rpz_st, in query_reset()
757 sizeof(*client->query.rpz_st)); in query_reset()
758 client->query.rpz_st = NULL; in query_reset()
761 client->query.origqname = NULL; in query_reset()
762 client->query.dboptions = 0; in query_reset()
763 client->query.fetchoptions = 0; in query_reset()
764 client->query.gluedb = NULL; in query_reset()
765 client->query.authdbset = false; in query_reset()
766 client->query.isreferral = false; in query_reset()
767 client->query.dns64_options = 0; in query_reset()
768 client->query.dns64_ttl = UINT32_MAX; in query_reset()
769 recparam_update(&client->query.recparam, 0, NULL, NULL); in query_reset()
770 client->query.root_key_sentinel_keyid = 0; in query_reset()
771 client->query.root_key_sentinel_is_ta = false; in query_reset()
772 client->query.root_key_sentinel_not_ta = false; in query_reset()
776 query_cleanup(ns_client_t *client) { in query_cleanup() argument
777 query_reset(client, false); in query_cleanup()
781 ns_query_free(ns_client_t *client) { in ns_query_free() argument
782 REQUIRE(NS_CLIENT_VALID(client)); in ns_query_free()
784 query_reset(client, true); in ns_query_free()
788 ns_query_init(ns_client_t *client) { in ns_query_init() argument
791 REQUIRE(NS_CLIENT_VALID(client)); in ns_query_init()
793 ISC_LIST_INIT(client->query.namebufs); in ns_query_init()
794 ISC_LIST_INIT(client->query.activeversions); in ns_query_init()
795 ISC_LIST_INIT(client->query.freeversions); in ns_query_init()
796 client->query.restarts = 0; in ns_query_init()
797 client->query.timerset = false; in ns_query_init()
798 client->query.rpz_st = NULL; in ns_query_init()
799 client->query.qname = NULL; in ns_query_init()
804 isc_mutex_init(&client->query.fetchlock); in ns_query_init()
806 client->query.fetch = NULL; in ns_query_init()
807 client->query.prefetch = NULL; in ns_query_init()
808 client->query.authdb = NULL; in ns_query_init()
809 client->query.authzone = NULL; in ns_query_init()
810 client->query.authdbset = false; in ns_query_init()
811 client->query.isreferral = false; in ns_query_init()
812 client->query.dns64_aaaa = NULL; in ns_query_init()
813 client->query.dns64_sigaaaa = NULL; in ns_query_init()
814 client->query.dns64_aaaaok = NULL; in ns_query_init()
815 client->query.dns64_aaaaoklen = 0; in ns_query_init()
816 client->query.redirect.db = NULL; in ns_query_init()
817 client->query.redirect.node = NULL; in ns_query_init()
818 client->query.redirect.zone = NULL; in ns_query_init()
819 client->query.redirect.qtype = dns_rdatatype_none; in ns_query_init()
820 client->query.redirect.result = ISC_R_SUCCESS; in ns_query_init()
821 client->query.redirect.rdataset = NULL; in ns_query_init()
822 client->query.redirect.sigrdataset = NULL; in ns_query_init()
823 client->query.redirect.authoritative = false; in ns_query_init()
824 client->query.redirect.is_zone = false; in ns_query_init()
825 client->query.redirect.fname = in ns_query_init()
826 dns_fixedname_initname(&client->query.redirect.fixed); in ns_query_init()
827 query_reset(client, false); in ns_query_init()
828 ns_client_newdbversion(client, 3); in ns_query_init()
829 ns_client_newnamebuf(client); in ns_query_init()
851 query_checkcacheaccess(ns_client_t *client, const dns_name_t *name, in query_checkcacheaccess() argument
855 if ((client->query.attributes & NS_QUERYATTR_CACHEACLOKVALID) == 0) { in query_checkcacheaccess()
864 result = ns_client_checkaclsilent(client, NULL, in query_checkcacheaccess()
865 client->view->cacheacl, true); in query_checkcacheaccess()
868 client, &client->destaddr, in query_checkcacheaccess()
869 client->view->cacheonacl, true); in query_checkcacheaccess()
875 client->query.attributes |= NS_QUERYATTR_CACHEACLOK; in query_checkcacheaccess()
879 client->view->rdclass, msg, in query_checkcacheaccess()
881 ns_client_log(client, DNS_LOGCATEGORY_SECURITY, in query_checkcacheaccess()
887 pfilter_notify(result, client, "checkcacheaccess"); in query_checkcacheaccess()
896 client->view->rdclass, msg, in query_checkcacheaccess()
898 ns_client_log(client, DNS_LOGCATEGORY_SECURITY, in query_checkcacheaccess()
907 client->query.attributes |= NS_QUERYATTR_CACHEACLOKVALID; in query_checkcacheaccess()
910 return ((client->query.attributes & NS_QUERYATTR_CACHEACLOK) != 0 in query_checkcacheaccess()
916 query_validatezonedb(ns_client_t *client, const dns_name_t *name, in query_validatezonedb() argument
931 return (query_checkcacheaccess(client, name, qtype, options)); in query_validatezonedb()
941 if (client->query.rpz_st == NULL && in query_validatezonedb()
942 !(WANTRECURSION(client) && RECURSIONOK(client)) && in query_validatezonedb()
943 client->query.authdbset && db != client->query.authdb) in query_validatezonedb()
954 !RECURSIONOK(client)) in query_validatezonedb()
970 dbversion = ns_client_findversion(client, db); in query_validatezonedb()
988 queryacl = client->view->queryacl; in query_validatezonedb()
989 if ((client->query.attributes & NS_QUERYATTR_QUERYOKVALID) != 0) in query_validatezonedb()
998 if ((client->query.attributes & NS_QUERYATTR_QUERYOK) == in query_validatezonedb()
1009 result = ns_client_checkaclsilent(client, NULL, queryacl, true); in query_validatezonedb()
1015 client->view->rdclass, msg, in query_validatezonedb()
1017 ns_client_log(client, DNS_LOGCATEGORY_SECURITY, in query_validatezonedb()
1023 pfilter_notify(result, client, "validatezonedb"); in query_validatezonedb()
1025 client->view->rdclass, msg, in query_validatezonedb()
1027 ns_client_log(client, DNS_LOGCATEGORY_SECURITY, in query_validatezonedb()
1033 if (queryacl == client->view->queryacl) { in query_validatezonedb()
1040 client->query.attributes |= NS_QUERYATTR_QUERYOK; in query_validatezonedb()
1046 client->query.attributes |= NS_QUERYATTR_QUERYOKVALID; in query_validatezonedb()
1053 queryonacl = client->view->queryonacl; in query_validatezonedb()
1056 result = ns_client_checkaclsilent(client, &client->destaddr, in query_validatezonedb()
1060 ns_client_log(client, DNS_LOGCATEGORY_SECURITY, in query_validatezonedb()
1082 query_getzonedb(ns_client_t *client, const dns_name_t *name, in query_getzonedb() argument
1102 result = dns_zt_find(client->view->zonetable, name, ztoptions, NULL, in query_getzonedb()
1116 result = query_validatezonedb(client, name, qtype, options, zone, db, in query_getzonedb()
1144 rpz_log_rewrite(ns_client_t *client, bool disabled, dns_rpz_policy_t policy, in rpz_log_rewrite() argument
1162 ns_stats_increment(client->sctx->nsstats, in rpz_log_rewrite()
1177 st = client->query.rpz_st; in rpz_log_rewrite()
1182 dns_name_format(client->query.qname, qname_buf, sizeof(qname_buf)); in rpz_log_rewrite()
1194 rdataset = ISC_LIST_HEAD(client->query.origqname->list); in rpz_log_rewrite()
1199 ns_client_log(client, DNS_LOGCATEGORY_RPZ, NS_LOGMODULE_QUERY, in rpz_log_rewrite()
1208 rpz_log_fail_helper(ns_client_t *client, int level, dns_name_t *p_name, in rpz_log_fail_helper() argument
1241 dns_name_format(client->query.qname, qnamebuf, sizeof(qnamebuf)); in rpz_log_fail_helper()
1251 ns_client_log(client, NS_LOGCATEGORY_QUERY_ERRORS, NS_LOGMODULE_QUERY, in rpz_log_fail_helper()
1258 rpz_log_fail(ns_client_t *client, int level, dns_name_t *p_name, in rpz_log_fail() argument
1260 rpz_log_fail_helper(client, level, p_name, rpz_type, DNS_RPZ_TYPE_BAD, in rpz_log_fail()
1268 rpz_getdb(ns_client_t *client, dns_name_t *p_name, dns_rpz_type_t rpz_type, in rpz_getdb() argument
1277 result = query_getzonedb(client, p_name, dns_rdatatype_any, in rpz_getdb()
1280 dns_rpz_st_t *st = client->query.rpz_st; in rpz_getdb()
1289 dns_name_format(client->query.qname, qnamebuf, in rpz_getdb()
1292 ns_client_log(client, DNS_LOGCATEGORY_RPZ, in rpz_getdb()
1301 rpz_log_fail(client, DNS_RPZ_ERROR_LEVEL, p_name, rpz_type, in rpz_getdb()
1311 query_getcachedb(ns_client_t *client, const dns_name_t *name, in query_getcachedb() argument
1318 if (!USECACHE(client)) { in query_getcachedb()
1322 dns_db_attach(client->view->cachedb, &db); in query_getcachedb()
1324 result = query_checkcacheaccess(client, name, qtype, options); in query_getcachedb()
1339 query_getdb(ns_client_t *client, dns_name_t *name, dns_rdatatype_t qtype, in query_getdb() argument
1355 result = query_getzonedb(client, name, qtype, options, &zone, dbp, in query_getdb()
1368 !ISC_LIST_EMPTY(client->view->dlz_searched))) in query_getdb()
1375 dns_clientinfo_init(&ci, client, &client->ecs, NULL); in query_getdb()
1378 tresult = dns_view_searchdlz(client->view, name, zonelabels, in query_getdb()
1404 dbversion = ns_client_findversion(client, tdbp); in query_getdb()
1432 result = query_getcachedb(client, name, qtype, dbp, in query_getdb()
1441 query_isduplicate(ns_client_t *client, dns_name_t *name, dns_rdatatype_t type, in query_isduplicate() argument
1452 result = dns_message_findname(client->message, section, name, in query_isduplicate()
1508 ns_client_t *client, dns_dbnode_t **nodep, in query_additionalauthfind() argument
1517 dns_clientinfo_init(&ci, client, NULL, NULL); in query_additionalauthfind()
1525 client->query.dboptions, client->now, &node, in query_additionalauthfind()
1584 ns_client_t *client = qctx->client; in query_additionalauth() local
1596 if (!client->query.authdbset || client->query.authdb == NULL) { in query_additionalauth()
1600 dbversion = ns_client_findversion(client, client->query.authdb); in query_additionalauth()
1605 dns_db_attach(client->query.authdb, &db); in query_additionalauth()
1610 result = query_additionalauthfind(db, version, name, type, client, in query_additionalauth()
1614 RECURSIONOK(client)) in query_additionalauth()
1622 result = query_getzonedb(client, name, type, DNS_GETDB_NOLOG, in query_additionalauth()
1632 client, &node, fname, in query_additionalauth()
1652 ns_client_t *client = qctx->client; in query_additional_cb() local
1670 REQUIRE(NS_CLIENT_VALID(client)); in query_additional_cb()
1673 if (!WANTDNSSEC(client) && dns_rdatatype_isdnssec(qtype)) { in query_additional_cb()
1680 dns_clientinfo_init(&ci, client, NULL, NULL); in query_additional_cb()
1697 dbuf = ns_client_getnamebuf(client); in query_additional_cb()
1701 fname = ns_client_newname(client, dbuf, &b); in query_additional_cb()
1702 rdataset = ns_client_newrdataset(client); in query_additional_cb()
1706 if (WANTDNSSEC(client)) { in query_additional_cb()
1707 sigrdataset = ns_client_newrdataset(client); in query_additional_cb()
1718 client->query.qtype != dns_rdatatype_ns) in query_additional_cb()
1740 result = query_getcachedb(client, name, qtype, &db, DNS_GETDB_NOLOG); in query_additional_cb()
1751 sigrdataset = ns_client_newrdataset(client); in query_additional_cb()
1759 client->query.dboptions | DNS_DBFIND_GLUEOK | in query_additional_cb()
1761 client->now, &node, fname, &cm, &ci, rdataset, in query_additional_cb()
1765 if (!WANTDNSSEC(client)) { in query_additional_cb()
1766 ns_client_putrdataset(client, &sigrdataset); in query_additional_cb()
1799 if (client->query.gluedb == NULL) { in query_additional_cb()
1806 if (!dns_name_issubdomain(name, dns_db_origin(client->query.gluedb))) { in query_additional_cb()
1810 dbversion = ns_client_findversion(client, client->query.gluedb); in query_additional_cb()
1815 dns_db_attach(client->query.gluedb, &db); in query_additional_cb()
1819 client->query.dboptions | DNS_DBFIND_GLUEOK, in query_additional_cb()
1820 client->now, &node, fname, &cm, &ci, rdataset, in query_additional_cb()
1833 ns_client_keepname(client, fname, dbuf); in query_additional_cb()
1841 !query_isduplicate(client, fname, type, &mname)) in query_additional_cb()
1845 ns_client_releasename(client, &fname); in query_additional_cb()
1879 rdataset = ns_client_newrdataset(client); in query_additional_cb()
1888 } else if (WANTDNSSEC(client)) { in query_additional_cb()
1889 sigrdataset = ns_client_newrdataset(client); in query_additional_cb()
1894 if (query_isduplicate(client, fname, dns_rdatatype_a, NULL)) { in query_additional_cb()
1898 0, client->now, rdataset, in query_additional_cb()
1918 invalid = !validate(client, db, fname, rdataset, in query_additional_cb()
1928 } else if (!query_isduplicate(client, fname, in query_additional_cb()
1933 ns_client_releasename(client, in query_additional_cb()
1948 ns_client_newrdataset(client); in query_additional_cb()
1950 rdataset = ns_client_newrdataset(client); in query_additional_cb()
1954 if (WANTDNSSEC(client) && sigrdataset == NULL) { in query_additional_cb()
1967 if (query_isduplicate(client, fname, dns_rdatatype_aaaa, NULL)) in query_additional_cb()
1972 dns_rdatatype_aaaa, 0, client->now, in query_additional_cb()
1993 invalid = !validate(client, db, fname, rdataset, in query_additional_cb()
2004 } else if (!query_isduplicate(client, fname, in query_additional_cb()
2010 ns_client_releasename(client, in query_additional_cb()
2046 dns_message_addname(client->message, fname, in query_additional_cb()
2063 ns_client_putrdataset(client, &rdataset); in query_additional_cb()
2065 ns_client_putrdataset(client, &sigrdataset); in query_additional_cb()
2068 ns_client_releasename(client, &fname); in query_additional_cb()
2094 ns_client_t *client = qctx->client; in query_setorder() local
2095 dns_order_t *order = client->view->order; in query_setorder()
2099 UNUSED(client); in query_setorder()
2113 ns_client_t *client = qctx->client; in query_additional() local
2118 if (NOADDITIONAL(client)) { in query_additional()
2127 (client->query.gluedb != NULL) && in query_additional()
2128 dns_db_iszone(client->query.gluedb)) in query_additional()
2132 dbversion = ns_client_findversion(client, client->query.gluedb); in query_additional()
2138 client->message); in query_additional()
2158 ns_client_t *client = qctx->client; in query_addrrset() local
2181 result = dns_message_findname(client->message, section, name, in query_addrrset()
2191 ns_client_releasename(client, namep); in query_addrrset()
2206 ns_client_keepname(client, name, dbuf); in query_addrrset()
2208 dns_message_addname(client->message, name, section); in query_addrrset()
2214 ns_client_releasename(client, namep); in query_addrrset()
2221 client->query.attributes &= ~NS_QUERYATTR_SECURE; in query_addrrset()
2254 mark_secure(ns_client_t *client, dns_db_t *db, dns_name_t *name, in mark_secure() argument
2266 dns_clientinfo_init(&ci, client, NULL, NULL); in mark_secure()
2278 client->view->acceptexpired); in mark_secure()
2280 (void)dns_db_addrdataset(db, node, NULL, client->now, rdataset, 0, in mark_secure()
2282 (void)dns_db_addrdataset(db, node, NULL, client->now, sigrdataset, 0, in mark_secure()
2294 get_key(ns_client_t *client, dns_db_t *db, dns_rdata_rrsig_t *rrsig, in get_key() argument
2303 dns_clientinfo_init(&ci, client, NULL, NULL); in get_key()
2314 client->now, keyrdataset, NULL); in get_key()
2338 client->mctx, keyp); in get_key()
2356 dns_rdata_t *rdata, ns_client_t *client) { in verify() argument
2365 client->view->maxbits, client->mctx, rdata, in verify()
2367 if (result == DNS_R_SIGEXPIRED && client->view->acceptexpired) { in verify()
2381 validate(ns_client_t *client, dns_db_t *db, dns_name_t *name, in validate() argument
2400 if (!dns_resolver_algorithm_supported(client->view->resolver, in validate()
2410 if (!get_key(client, db, &rrsig, &keyrdataset, &key)) { in validate()
2413 if (verify(key, name, rdataset, &rdata, client)) { in validate()
2416 mark_secure(client, db, name, &rrsig, rdataset, in validate()
2430 fixrdataset(ns_client_t *client, dns_rdataset_t **rdataset) { in fixrdataset() argument
2432 *rdataset = ns_client_newrdataset(client); in fixrdataset()
2439 fixfname(ns_client_t *client, dns_name_t **fname, isc_buffer_t **dbuf, in fixfname() argument
2442 *dbuf = ns_client_getnamebuf(client); in fixfname()
2446 *fname = ns_client_newname(client, *dbuf, nbuf); in fixfname()
2451 free_devent(ns_client_t *client, isc_event_t **eventp, in free_devent() argument
2469 ns_client_putrdataset(client, &devent->rdataset); in free_devent()
2472 ns_client_putrdataset(client, &devent->sigrdataset); in free_devent()
2488 ns_client_t *client; in prefetch_done() local
2493 client = devent->ev_arg; in prefetch_done()
2494 REQUIRE(NS_CLIENT_VALID(client)); in prefetch_done()
2495 REQUIRE(task == client->task); in prefetch_done()
2499 LOCK(&client->query.fetchlock); in prefetch_done()
2500 if (client->query.prefetch != NULL) { in prefetch_done()
2501 INSIST(devent->fetch == client->query.prefetch); in prefetch_done()
2502 client->query.prefetch = NULL; in prefetch_done()
2504 UNLOCK(&client->query.fetchlock); in prefetch_done()
2509 if (client->recursionquota != NULL) { in prefetch_done()
2510 isc_quota_detach(&client->recursionquota); in prefetch_done()
2511 ns_stats_decrement(client->sctx->nsstats, in prefetch_done()
2515 free_devent(client, &event, &devent); in prefetch_done()
2516 isc_nmhandle_detach(&client->prefetchhandle); in prefetch_done()
2520 query_prefetch(ns_client_t *client, dns_name_t *qname, in query_prefetch() argument
2529 if (client->query.prefetch != NULL || in query_prefetch()
2530 client->view->prefetch_trigger == 0U || in query_prefetch()
2531 rdataset->ttl > client->view->prefetch_trigger || in query_prefetch()
2537 if (client->recursionquota == NULL) { in query_prefetch()
2538 result = isc_quota_attach(&client->sctx->recursionquota, in query_prefetch()
2539 &client->recursionquota); in query_prefetch()
2542 ns_stats_increment(client->sctx->nsstats, in query_prefetch()
2546 isc_quota_detach(&client->recursionquota); in query_prefetch()
2553 tmprdataset = ns_client_newrdataset(client); in query_prefetch()
2558 if (!TCP(client)) { in query_prefetch()
2559 peeraddr = &client->peeraddr; in query_prefetch()
2564 isc_nmhandle_attach(client->handle, &client->prefetchhandle); in query_prefetch()
2565 options = client->query.fetchoptions | DNS_FETCHOPT_PREFETCH; in query_prefetch()
2567 client->view->resolver, qname, rdataset->type, NULL, NULL, NULL, in query_prefetch()
2568 peeraddr, client->message->id, options, 0, NULL, client->task, in query_prefetch()
2569 prefetch_done, client, tmprdataset, NULL, in query_prefetch()
2570 &client->query.prefetch); in query_prefetch()
2572 ns_client_putrdataset(client, &tmprdataset); in query_prefetch()
2573 isc_nmhandle_detach(&client->prefetchhandle); in query_prefetch()
2577 ns_stats_increment(client->sctx->nsstats, ns_statscounter_prefetch); in query_prefetch()
2607 rpz_ready(ns_client_t *client, dns_rdataset_t **rdatasetp) { in rpz_ready() argument
2613 *rdatasetp = ns_client_newrdataset(client); in rpz_ready()
2626 rpz_st_clear(ns_client_t *client) { in rpz_st_clear() argument
2627 dns_rpz_st_t *st = client->query.rpz_st; in rpz_st_clear()
2632 ns_client_putrdataset(client, &st->m.rdataset); in rpz_st_clear()
2638 ns_client_putrdataset(client, &st->r.ns_rdataset); in rpz_st_clear()
2641 ns_client_putrdataset(client, &st->r.r_rdataset); in rpz_st_clear()
2646 ns_client_putrdataset(client, &st->q.rdataset); in rpz_st_clear()
2649 ns_client_putrdataset(client, &st->q.sigrdataset); in rpz_st_clear()
2660 rpz_get_zbits(ns_client_t *client, dns_rdatatype_t ip_type, in rpz_get_zbits() argument
2665 REQUIRE(client != NULL); in rpz_get_zbits()
2666 REQUIRE(client->query.rpz_st != NULL); in rpz_get_zbits()
2668 st = client->query.rpz_st; in rpz_get_zbits()
2734 if (!RECURSIONOK(client)) { in rpz_get_zbits()
2742 query_rpzfetch(ns_client_t *client, dns_name_t *qname, dns_rdatatype_t type) { in query_rpzfetch() argument
2750 if (client->query.prefetch != NULL) { in query_rpzfetch()
2754 if (client->recursionquota == NULL) { in query_rpzfetch()
2755 result = isc_quota_attach(&client->sctx->recursionquota, in query_rpzfetch()
2756 &client->recursionquota); in query_rpzfetch()
2759 ns_stats_increment(client->sctx->nsstats, in query_rpzfetch()
2763 isc_quota_detach(&client->recursionquota); in query_rpzfetch()
2770 tmprdataset = ns_client_newrdataset(client); in query_rpzfetch()
2775 if (!TCP(client)) { in query_rpzfetch()
2776 peeraddr = &client->peeraddr; in query_rpzfetch()
2781 options = client->query.fetchoptions; in query_rpzfetch()
2782 isc_nmhandle_attach(client->handle, &client->prefetchhandle); in query_rpzfetch()
2784 client->view->resolver, qname, type, NULL, NULL, NULL, peeraddr, in query_rpzfetch()
2785 client->message->id, options, 0, NULL, client->task, in query_rpzfetch()
2786 prefetch_done, client, tmprdataset, NULL, in query_rpzfetch()
2787 &client->query.prefetch); in query_rpzfetch()
2789 ns_client_putrdataset(client, &tmprdataset); in query_rpzfetch()
2790 isc_nmhandle_detach(&client->prefetchhandle); in query_rpzfetch()
2799 rpz_rrset_find(ns_client_t *client, dns_name_t *name, dns_rdatatype_t type, in rpz_rrset_find() argument
2814 st = client->query.rpz_st; in rpz_rrset_find()
2823 ns_client_putrdataset(client, rdatasetp); in rpz_rrset_find()
2829 rpz_log_fail(client, DNS_RPZ_ERROR_LEVEL, name, in rpz_rrset_find()
2837 result = rpz_ready(client, rdatasetp); in rpz_rrset_find()
2849 result = query_getdb(client, name, type, 0, &zone, dbp, in rpz_rrset_find()
2852 rpz_log_fail(client, DNS_RPZ_ERROR_LEVEL, name, in rpz_rrset_find()
2868 dns_clientinfo_init(&ci, client, NULL, NULL); in rpz_rrset_find()
2869 result = dns_db_findext(*dbp, name, version, type, options, client->now, in rpz_rrset_find()
2871 if (result == DNS_R_DELEGATION && is_zone && USECACHE(client)) { in rpz_rrset_find()
2878 dns_db_attach(client->view->cachedb, dbp); in rpz_rrset_find()
2880 client->now, &node, found, &cm, &ci, in rpz_rrset_find()
2892 } else if (!client->view->rpzs->p.nsip_wait_recurse) { in rpz_rrset_find()
2893 query_rpzfetch(client, name, type); in rpz_rrset_find()
2897 result = ns_query_recurse(client, type, st->r_name, in rpz_rrset_find()
2913 rpz_get_p_name(ns_client_t *client, dns_name_t *p_name, dns_rpz_zone_t *rpz, in rpz_get_p_name() argument
2967 rpz_log_fail(client, DNS_RPZ_ERROR_LEVEL, suffix, in rpz_get_p_name()
2975 rpz_log_fail(client, DNS_RPZ_DEBUG_LEVEL1, suffix, in rpz_get_p_name()
2995 rpz_find_p(ns_client_t *client, dns_name_t *self_name, dns_rdatatype_t qtype, in rpz_find_p() argument
3012 dns_clientinfo_init(&ci, client, NULL, NULL); in rpz_find_p()
3019 result = rpz_ready(client, rdatasetp); in rpz_find_p()
3025 result = rpz_getdb(client, p_name, rpz_type, zonep, dbp, versionp); in rpz_find_p()
3032 client->now, nodep, found, &cm, &ci, *rdatasetp, in rpz_find_p()
3044 rpz_log_fail(client, DNS_RPZ_ERROR_LEVEL, p_name, in rpz_find_p()
3051 !ISC_LIST_EMPTY(client->view->dns64)) in rpz_find_p()
3079 rpz_log_fail(client, DNS_RPZ_ERROR_LEVEL, in rpz_find_p()
3101 qtype, 0, client->now, in rpz_find_p()
3145 rpz_log_fail(client, DNS_RPZ_ERROR_LEVEL, p_name, rpz_type, "", in rpz_find_p()
3192 dnsrps_ck(librpz_emsg_t *emsg, ns_client_t *client, rpsdb_t *rpsdb, in dnsrps_ck() argument
3224 dns_name_fromregion(client->query.rpz_st->p_name, ®ion); in dnsrps_ck()
3225 rpz_log_rewrite(client, true, dns_dnsrps_2policy(rpsdb->result.zpolicy), in dnsrps_ck()
3227 client->query.rpz_st->p_name, NULL, in dnsrps_ck()
3242 dnsrps_set_p(librpz_emsg_t *emsg, ns_client_t *client, dns_rpz_st_t *st, in dnsrps_set_p() argument
3289 rpz_ready(client, p_rdatasetp); in dnsrps_set_p()
3340 rpz_save_p(st, client->view->rpzs->zones[rpsdb->result.cznum], in dnsrps_set_p()
3350 dnsrps_rewrite_ip(ns_client_t *client, const isc_netaddr_t *netaddr, in dnsrps_rewrite_ip() argument
3360 st = client->query.rpz_st; in dnsrps_rewrite_ip()
3363 result = rpz_ready(client, p_rdatasetp); in dnsrps_rewrite_ip()
3394 (res = dnsrps_ck(&emsg, client, rpsdb, recursed)) < 0) in dnsrps_rewrite_ip()
3396 rpz_log_fail(client, DNS_RPZ_ERROR_LEVEL, NULL, in dnsrps_rewrite_ip()
3406 dnsrps_rewrite_name(ns_client_t *client, dns_name_t *trig_name, bool recursed, in dnsrps_rewrite_name() argument
3416 st = client->query.rpz_st; in dnsrps_rewrite_name()
3419 result = rpz_ready(client, p_rdatasetp); in dnsrps_rewrite_name()
3441 (res = dnsrps_ck(&emsg, client, rpsdb, recursed)) < 0) in dnsrps_rewrite_name()
3443 rpz_log_fail(client, DNS_RPZ_ERROR_LEVEL, NULL, in dnsrps_rewrite_name()
3457 rpz_rewrite_ip(ns_client_t *client, const isc_netaddr_t *netaddr, in rpz_rewrite_ip() argument
3476 rpzs = client->view->rpzs; in rpz_rewrite_ip()
3477 st = client->query.rpz_st; in rpz_rewrite_ip()
3480 return (dnsrps_rewrite_ip(client, netaddr, rpz_type, in rpz_rewrite_ip()
3522 result = rpz_get_p_name(client, p_name, rpz, rpz_type, ip_name); in rpz_rewrite_ip()
3526 result = rpz_find_p(client, ip_name, qtype, p_name, rpz, in rpz_rewrite_ip()
3590 rpz_log_rewrite(client, true, policy, rpz_type, p_zone, in rpz_rewrite_ip()
3604 rpz_rewrite_ip_rrset(ns_client_t *client, dns_name_t *name, in rpz_rewrite_ip_rrset() argument
3614 unsigned int options = client->query.dboptions | DNS_DBFIND_GLUEOK; in rpz_rewrite_ip_rrset()
3620 zbits = rpz_get_zbits(client, ip_type, rpz_type); in rpz_rewrite_ip_rrset()
3628 result = rpz_rrset_find(client, name, ip_type, options, in rpz_rewrite_ip_rrset()
3650 rpz_log_fail(client, DNS_RPZ_DEBUG_LEVEL1, name, in rpz_rewrite_ip_rrset()
3655 if (client->query.rpz_st->m.policy != in rpz_rewrite_ip_rrset()
3658 client->query.rpz_st->m.policy = in rpz_rewrite_ip_rrset()
3660 rpz_log_fail(client, DNS_RPZ_ERROR_LEVEL, name, in rpz_rewrite_ip_rrset()
3676 options = client->query.dboptions; in rpz_rewrite_ip_rrset()
3678 options = client->query.dboptions | DNS_DBFIND_GLUEOK; in rpz_rewrite_ip_rrset()
3706 result = rpz_rewrite_ip(client, &netaddr, qtype, in rpz_rewrite_ip_rrset()
3713 client->query.rpz_st->m.policy == DNS_RPZ_POLICY_MISS); in rpz_rewrite_ip_rrset()
3723 rpz_rewrite_ip_rrsets(ns_client_t *client, dns_name_t *name, in rpz_rewrite_ip_rrsets() argument
3734 st = client->query.rpz_st; in rpz_rewrite_ip_rrsets()
3747 client, name, qtype, rpz_type, dns_rdatatype_a, &ip_db, in rpz_rewrite_ip_rrsets()
3763 result = rpz_rewrite_ip_rrset(client, name, qtype, rpz_type, in rpz_rewrite_ip_rrsets()
3771 ns_client_putrdataset(client, &p_rdataset); in rpz_rewrite_ip_rrsets()
3783 rpz_rewrite_name(ns_client_t *client, dns_name_t *trig_name, in rpz_rewrite_name() argument
3807 rpzs = client->view->rpzs; in rpz_rewrite_name()
3808 st = client->query.rpz_st; in rpz_rewrite_name()
3812 return (dnsrps_rewrite_name(client, trig_name, recursed, in rpz_rewrite_name()
3817 zbits = rpz_get_zbits(client, qtype, rpz_type); in rpz_rewrite_name()
3871 result = rpz_get_p_name(client, p_name, rpz, rpz_type, in rpz_rewrite_name()
3876 result = rpz_find_p(client, trig_name, qtype, p_name, rpz, in rpz_rewrite_name()
3930 rpz_log_rewrite(client, true, policy, rpz_type, p_zone, in rpz_rewrite_name()
3941 rpz_rewrite_ns_skip(ns_client_t *client, dns_name_t *nsname, in rpz_rewrite_ns_skip() argument
3947 st = client->query.rpz_st; in rpz_rewrite_ns_skip()
3950 rpz_log_fail_helper(client, level, nsname, DNS_RPZ_TYPE_NSIP, in rpz_rewrite_ns_skip()
3975 rpz_rewrite(ns_client_t *client, dns_rdatatype_t qtype, isc_result_t qresult, in rpz_rewrite() argument
3995 rpzs = client->view->rpzs; in rpz_rewrite()
3996 st = client->query.rpz_st; in rpz_rewrite()
4004 if (RECURSING(client)) { in rpz_rewrite()
4010 (!RECURSIONOK(client) && rpzs->p.no_rd_ok == 0) || in rpz_rewrite()
4011 !rpz_ck_dnssec(client, qresult, ordataset, osigset)) in rpz_rewrite()
4026 st = isc_mem_get(client->mctx, sizeof(*st)); in rpz_rewrite()
4044 client->query.rpz_st = st; in rpz_rewrite()
4051 &emsg, st, rpzs, client->query.qname, in rpz_rewrite()
4052 client->mctx, RECURSIONOK(client)); in rpz_rewrite()
4054 rpz_log_fail(client, DNS_RPZ_ERROR_LEVEL, NULL, in rpz_rewrite()
4091 if (RECURSIONOK(client)) { in rpz_rewrite()
4100 rpz_log_fail(client, DNS_RPZ_DEBUG_LEVEL3, NULL, in rpz_rewrite()
4105 rpz_log_fail(client, DNS_RPZ_DEBUG_LEVEL1, NULL, in rpz_rewrite()
4140 zbits = rpz_get_zbits(client, dns_rdatatype_none, in rpz_rewrite()
4145 &client->peeraddr); in rpz_rewrite()
4146 result = rpz_rewrite_ip(client, &netaddr, qtype, in rpz_rewrite()
4162 result = rpz_rewrite_name(client, client->query.qname, in rpz_rewrite()
4173 st->r.label = dns_name_countlabels(client->query.qname); in rpz_rewrite()
4210 rpz_get_zbits(client, qtype, DNS_RPZ_TYPE_IP) != 0) in rpz_rewrite()
4212 result = rpz_rewrite_ip_rrsets(client, client->query.qname, in rpz_rewrite()
4230 if (rpz_get_zbits(client, dns_rdatatype_any, DNS_RPZ_TYPE_NSDNAME) == in rpz_rewrite()
4232 rpz_get_zbits(client, dns_rdatatype_any, DNS_RPZ_TYPE_NSIP) == 0) in rpz_rewrite()
4239 dns_name_clone(client->query.qname, dns_fixedname_name(&nsnamef)); in rpz_rewrite()
4240 options = client->query.dboptions | DNS_DBFIND_GLUEOK; in rpz_rewrite()
4246 if (st->r.label == dns_name_countlabels(client->query.qname)) { in rpz_rewrite()
4247 nsname = client->query.qname; in rpz_rewrite()
4250 dns_name_split(client->query.qname, st->r.label, NULL, in rpz_rewrite()
4257 result = rpz_rrset_find(client, nsname, in rpz_rewrite()
4292 rpz_rewrite_ns_skip(client, nsname, result, 0, in rpz_rewrite()
4298 rpz_rewrite_ns_skip(client, nsname, result, in rpz_rewrite()
4303 rpz_rewrite_ns_skip(client, nsname, result, in rpz_rewrite()
4337 client, &ns.name, qtype, in rpz_rewrite()
4349 result = rpz_rewrite_ip_rrsets(client, &ns.name, qtype, in rpz_rewrite()
4367 options = client->query.dboptions; in rpz_rewrite()
4369 options = client->query.dboptions | DNS_DBFIND_GLUEOK; in rpz_rewrite()
4373 if (rpz_get_zbits(client, dns_rdatatype_any, in rpz_rewrite()
4375 rpz_get_zbits(client, dns_rdatatype_any, in rpz_rewrite()
4390 !dnsrps_set_p(&emsg, client, st, qtype, &rdataset, in rpz_rewrite()
4393 rpz_log_fail(client, DNS_RPZ_ERROR_LEVEL, NULL, in rpz_rewrite()
4411 rpz_log_rewrite(client, false, st->m.policy, st->m.type, in rpz_rewrite()
4422 ns_client_putrdataset(client, &rdataset); in rpz_rewrite()
4435 rpz_ck_dnssec(ns_client_t *client, isc_result_t qresult, in rpz_ck_dnssec() argument
4445 if (client->view->rpzs->p.break_dnssec || !WANTDNSSEC(client)) { in rpz_ck_dnssec()
4591 warn_rfc1918(ns_client_t *client, dns_name_t *fname, dns_rdataset_t *rdataset) { in warn_rfc1918() argument
4618 ns_client_log(client, DNS_LOGCATEGORY_SECURITY, in warn_rfc1918()
4633 dns_dbversion_t *version, ns_client_t *client, in query_findclosestnsec3() argument
4662 dns_clientinfo_init(&ci, client, NULL, NULL); in query_findclosestnsec3()
4680 dboptions = client->query.dboptions | DNS_DBFIND_FORCENSEC3; in query_findclosestnsec3()
4682 dns_rdatatype_nsec3, dboptions, client->now, in query_findclosestnsec3()
4706 ns_client_log(client, DNS_LOGCATEGORY_DNSSEC, in query_findclosestnsec3()
4712 ns_client_log(client, DNS_LOGCATEGORY_DNSSEC, in query_findclosestnsec3()
4720 ns_client_log(client, DNS_LOGCATEGORY_DNSSEC, in query_findclosestnsec3()
4777 dns64_aaaaok(ns_client_t *client, dns_rdataset_t *rdataset, in dns64_aaaaok() argument
4781 ns_interfacemgr_getaclenv(client->manager->interface->mgr); in dns64_aaaaok()
4782 dns_dns64_t *dns64 = ISC_LIST_HEAD(client->view->dns64); in dns64_aaaaok()
4787 INSIST(client->query.dns64_aaaaok == NULL); in dns64_aaaaok()
4788 INSIST(client->query.dns64_aaaaoklen == 0); in dns64_aaaaok()
4789 INSIST(client->query.dns64_aaaa == NULL); in dns64_aaaaok()
4790 INSIST(client->query.dns64_sigaaaa == NULL); in dns64_aaaaok()
4796 if (RECURSIONOK(client)) { in dns64_aaaaok()
4800 if (WANTDNSSEC(client) && sigrdataset != NULL && in dns64_aaaaok()
4807 aaaaok = isc_mem_get(client->mctx, sizeof(bool) * count); in dns64_aaaaok()
4809 isc_netaddr_fromsockaddr(&netaddr, &client->peeraddr); in dns64_aaaaok()
4810 if (dns_dns64_aaaaok(dns64, &netaddr, client->signer, env, flags, in dns64_aaaaok()
4815 SAVE(client->query.dns64_aaaaok, aaaaok); in dns64_aaaaok()
4816 client->query.dns64_aaaaoklen = count; in dns64_aaaaok()
4821 isc_mem_put(client->mctx, aaaaok, sizeof(bool) * count); in dns64_aaaaok()
4826 isc_mem_put(client->mctx, aaaaok, sizeof(bool) * count); in dns64_aaaaok()
4840 redirect(ns_client_t *client, dns_name_t *name, dns_rdataset_t *rdataset, in redirect() argument
4856 if (client->view->redirect == NULL) { in redirect()
4864 dns_clientinfo_init(&ci, client, &client->ecs, NULL); in redirect()
4866 if (WANTDNSSEC(client) && dns_db_iszone(*dbp) && dns_db_issecure(*dbp)) in redirect()
4871 if (WANTDNSSEC(client) && dns_rdataset_isassociated(rdataset)) { in redirect()
4900 client, NULL, dns_zone_getqueryacl(client->view->redirect), in redirect()
4906 result = dns_zone_getdb(client->view->redirect, &db); in redirect()
4911 dbversion = ns_client_findversion(client, db); in redirect()
4920 result = dns_db_findext(db, client->query.qname, dbversion->version, in redirect()
4921 qtype, DNS_DBFIND_NOZONECUT, client->now, &node, in redirect()
4962 client->query.attributes |= (NS_QUERYATTR_NOAUTHORITY | in redirect()
4969 redirect2(ns_client_t *client, dns_name_t *name, dns_rdataset_t *rdataset, in redirect2() argument
4990 if (client->view->redirectzone == NULL) { in redirect2()
4994 if (dns_name_issubdomain(name, client->view->redirectzone)) { in redirect2()
5002 dns_clientinfo_init(&ci, client, &client->ecs, NULL); in redirect2()
5004 if (WANTDNSSEC(client) && dns_db_iszone(*dbp) && dns_db_issecure(*dbp)) in redirect2()
5009 if (WANTDNSSEC(client) && dns_rdataset_isassociated(rdataset)) { in redirect2()
5038 labels = dns_name_countlabels(client->query.qname); in redirect2()
5043 dns_name_getlabelsequence(client->query.qname, 0, labels - 1, in redirect2()
5046 client->view->redirectzone, in redirect2()
5052 dns_name_copynf(redirectname, client->view->redirectzone); in redirect2()
5056 result = query_getdb(client, redirectname, qtype, options, &zone, &db, in redirect2()
5069 client->now, &node, found, &cm, &ci, &trdataset, in redirect2()
5093 if (!REDIRECT(client)) { in redirect2()
5094 result = ns_query_recurse(client, qtype, redirectname, in redirect2()
5097 client->query.attributes |= in redirect2()
5099 client->query.attributes |= in redirect2()
5120 dns_name_split(found, dns_name_countlabels(client->view->redirectzone), in redirect2()
5148 client->query.attributes |= (NS_QUERYATTR_NOAUTHORITY | in redirect2()
5163 qctx_init(ns_client_t *client, dns_fetchevent_t **eventp, dns_rdatatype_t qtype, in qctx_init() argument
5166 REQUIRE(client != NULL); in qctx_init()
5171 qctx->client = client; in qctx_init()
5173 dns_view_attach(client->view, &qctx->view); in qctx_init()
5244 ns_client_putrdataset(qctx->client, &qctx->rdataset); in qctx_freedata()
5248 ns_client_putrdataset(qctx->client, &qctx->sigrdataset); in qctx_freedata()
5252 ns_client_releasename(qctx->client, &qctx->fname); in qctx_freedata()
5265 ns_client_putrdataset(qctx->client, &qctx->zsigrdataset); in qctx_freedata()
5266 ns_client_putrdataset(qctx->client, &qctx->zrdataset); in qctx_freedata()
5267 ns_client_releasename(qctx->client, &qctx->zfname); in qctx_freedata()
5272 if (qctx->event != NULL && !qctx->client->nodetach) { in qctx_freedata()
5273 free_devent(qctx->client, ISC_EVENT_PTR(&qctx->event), in qctx_freedata()
5295 if (qctx->client->query.origqname != NULL) { in query_trace()
5296 dns_name_format(qctx->client->query.origqname, qbuf, in query_trace()
5305 qctx->client->attributes, qctx->client->query.attributes, in query_trace()
5306 qctx->client->query.restarts, qbuf, in query_trace()
5307 (int)qctx->client->query.timerset, in query_trace()
5308 (int)qctx->client->query.authdbset, in query_trace()
5309 (int)qctx->client->query.isreferral); in query_trace()
5328 query_setup(ns_client_t *client, dns_rdatatype_t qtype) { in query_setup() argument
5332 qctx_init(client, NULL, qtype, &qctx); in query_setup()
5368 qctx->client->query.root_key_sentinel_keyid = v; in get_root_key_sentinel_id()
5380 const char *ndata = (const char *)qctx->client->query.qname->ndata; in root_key_sentinel_detect()
5382 if (qctx->client->query.qname->length > 30 && ndata[0] == 29 && in root_key_sentinel_detect()
5388 qctx->client->query.root_key_sentinel_is_ta = true; in root_key_sentinel_detect()
5394 ns_client_log(qctx->client, NS_LOGCATEGORY_TAT, in root_key_sentinel_detect()
5397 } else if (qctx->client->query.qname->length > 31 && ndata[0] == 30 && in root_key_sentinel_detect()
5403 qctx->client->query.root_key_sentinel_not_ta = true; in root_key_sentinel_detect()
5409 ns_client_log(qctx->client, NS_LOGCATEGORY_TAT, in root_key_sentinel_detect()
5439 if (!TCP(qctx->client) && qctx->view->requireservercookie && in ns__query_start()
5440 WANTCOOKIE(qctx->client) && !HAVECOOKIE(qctx->client)) in ns__query_start()
5442 qctx->client->message->flags &= ~DNS_MESSAGEFLAG_AA; in ns__query_start()
5443 qctx->client->message->flags &= ~DNS_MESSAGEFLAG_AD; in ns__query_start()
5444 qctx->client->message->rcode = dns_rcode_badcookie; in ns__query_start()
5449 !dns_rdata_checkowner(qctx->client->query.qname, in ns__query_start()
5450 qctx->client->message->rdclass, qctx->qtype, in ns__query_start()
5457 dns_name_format(qctx->client->query.qname, namebuf, in ns__query_start()
5460 dns_rdataclass_format(qctx->client->message->rdclass, classbuf, in ns__query_start()
5462 ns_client_log(qctx->client, DNS_LOGCATEGORY_SECURITY, in ns__query_start()
5474 qctx->client->query.restarts == 0 && in ns__query_start()
5477 (qctx->client->message->flags & DNS_MESSAGEFLAG_CD) == 0) in ns__query_start()
5487 !dns_name_equal(qctx->client->query.qname, dns_rootname)) in ns__query_start()
5498 result = query_getdb(qctx->client, qctx->client->query.qname, in ns__query_start()
5503 !RECURSIONOK(qctx->client) && in ns__query_start()
5518 qctx->client, qctx->client->query.qname, qctx->qtype, in ns__query_start()
5526 ns_client_putrdataset(qctx->client, &qctx->rdataset); in ns__query_start()
5559 if (WANTRECURSION(qctx->client)) { in ns__query_start()
5560 inc_stats(qctx->client, in ns__query_start()
5563 inc_stats(qctx->client, in ns__query_start()
5566 if (!PARTIALANSWER(qctx->client)) { in ns__query_start()
5600 if (qctx->event == NULL && qctx->client->query.restarts == 0) { in ns__query_start()
5608 &qctx->client->query.authzone); in ns__query_start()
5610 dns_db_attach(qctx->db, &qctx->client->query.authdb); in ns__query_start()
5612 qctx->client->query.authdbset = true; in ns__query_start()
5615 if (TCP(qctx->client)) { in ns__query_start()
5616 inc_stats(qctx->client, ns_statscounter_tcp); in ns__query_start()
5618 inc_stats(qctx->client, ns_statscounter_udp); in ns__query_start()
5655 REQUIRE(qctx->client != NULL); in qctx_prepare_buffers()
5658 qctx->dbuf = ns_client_getnamebuf(qctx->client); in qctx_prepare_buffers()
5666 qctx->fname = ns_client_newname(qctx->client, qctx->dbuf, buffer); in qctx_prepare_buffers()
5674 qctx->rdataset = ns_client_newrdataset(qctx->client); in qctx_prepare_buffers()
5681 if ((WANTDNSSEC(qctx->client) || qctx->findcoveringnsec) && in qctx_prepare_buffers()
5684 qctx->sigrdataset = ns_client_newrdataset(qctx->client); in qctx_prepare_buffers()
5697 ns_client_releasename(qctx->client, &qctx->fname); in qctx_prepare_buffers()
5700 ns_client_putrdataset(qctx->client, &qctx->rdataset); in qctx_prepare_buffers()
5723 REQUIRE(orig_qctx->client != NULL); in query_refresh_rrset()
5726 qctx.client->query.dboptions &= ~(DNS_DBFIND_STALETIMEOUT | in query_refresh_rrset()
5729 qctx.client->nodetach = false; in query_refresh_rrset()
5746 ns_client_releasename(qctx.client, &qctx.fname); in query_refresh_rrset()
5749 ns_client_putrdataset(qctx.client, &qctx.rdataset); in query_refresh_rrset()
5802 dns_clientinfo_init(&ci, qctx->client, in query_lookup()
5803 HAVEECS(qctx->client) ? &qctx->client->ecs : NULL, in query_lookup()
5819 rpzqname = qctx->client->query.rpz_st->p_name; in query_lookup()
5821 rpzqname = qctx->client->query.qname; in query_lookup()
5831 qctx->client->query.dboptions |= DNS_DBFIND_STALETIMEOUT; in query_lookup()
5834 dboptions = qctx->client->query.dboptions; in query_lookup()
5841 (void)dns_db_getservestalerefresh(qctx->client->view->cachedb, in query_lookup()
5844 dns_view_staleanswerenabled(qctx->client->view)) in query_lookup()
5850 dboptions, qctx->client->now, &qctx->node, in query_lookup()
5858 dns_name_copynf(qctx->client->query.qname, qctx->fname); in query_lookup()
5908 dns_name_format(qctx->client->query.qname, namebuf, in query_lookup()
5911 inc_stats(qctx->client, ns_statscounter_trystale); in query_lookup()
5919 inc_stats(qctx->client, ns_statscounter_usedstale); in query_lookup()
5966 dns_db_attach(qctx->client->view->cachedb, in query_lookup()
5968 qctx->client->query.dboptions &= in query_lookup()
5971 if (qctx->client->query.fetch != NULL) { in query_lookup()
5973 &qctx->client->query.fetch); in query_lookup()
5994 qctx->client->nodetach = qctx->refresh_rrset; in query_lookup()
6019 qctx->client->query.attributes |= in query_lookup()
6030 qctx->client->query.attributes |= NS_QUERYATTR_STALEOK; in query_lookup()
6090 query_clear_stale(ns_client_t *client) { in query_clear_stale() argument
6091 message_clearrdataset(client->message, DNS_RDATASETATTR_STALE_ADDED); in query_clear_stale()
6101 query_lookup_stale(ns_client_t *client) { in query_lookup_stale() argument
6104 qctx_init(client, NULL, client->query.qtype, &qctx); in query_lookup_stale()
6105 dns_db_attach(client->view->cachedb, &qctx.db); in query_lookup_stale()
6106 client->query.attributes &= ~NS_QUERYATTR_RECURSIONOK; in query_lookup_stale()
6107 client->query.dboptions |= DNS_DBFIND_STALETIMEOUT; in query_lookup_stale()
6108 client->nodetach = true; in query_lookup_stale()
6128 ns_client_t *client = NULL; in fetch_callback() local
6142 client = devent->ev_arg; in fetch_callback()
6144 REQUIRE(NS_CLIENT_VALID(client)); in fetch_callback()
6145 REQUIRE(task == client->task); in fetch_callback()
6146 REQUIRE(RECURSING(client)); in fetch_callback()
6152 query_lookup_stale(client); in fetch_callback()
6161 if (client->view->cachedb != NULL && client->view->recursion) { in fetch_callback()
6162 client->query.attributes |= NS_QUERYATTR_RECURSIONOK; in fetch_callback()
6164 client->query.fetchoptions &= ~DNS_FETCHOPT_TRYSTALE_ONTIMEOUT; in fetch_callback()
6165 client->query.dboptions &= ~DNS_DBFIND_STALETIMEOUT; in fetch_callback()
6166 client->nodetach = false; in fetch_callback()
6168 LOCK(&client->query.fetchlock); in fetch_callback()
6169 INSIST(client->query.fetch == devent->fetch || in fetch_callback()
6170 client->query.fetch == NULL); in fetch_callback()
6171 if (QUERY_STALEPENDING(&client->query)) { in fetch_callback()
6177 client->query.fetch = NULL; in fetch_callback()
6179 } else if (client->query.fetch != NULL) { in fetch_callback()
6183 INSIST(devent->fetch == client->query.fetch); in fetch_callback()
6184 client->query.fetch = NULL; in fetch_callback()
6189 isc_stdtime_get(&client->now); in fetch_callback()
6197 UNLOCK(&client->query.fetchlock); in fetch_callback()
6206 if (client->recursionquota != NULL) { in fetch_callback()
6207 isc_quota_detach(&client->recursionquota); in fetch_callback()
6208 ns_stats_decrement(client->sctx->nsstats, in fetch_callback()
6212 LOCK(&client->manager->reclock); in fetch_callback()
6213 if (ISC_LINK_LINKED(client, rlink)) { in fetch_callback()
6214 ISC_LIST_UNLINK(client->manager->recursing, client, rlink); in fetch_callback()
6216 UNLOCK(&client->manager->reclock); in fetch_callback()
6218 isc_nmhandle_detach(&client->fetchhandle); in fetch_callback()
6220 client->query.attributes &= ~NS_QUERYATTR_RECURSING; in fetch_callback()
6221 client->state = NS_CLIENTSTATE_WORKING; in fetch_callback()
6228 qctx_init(client, &devent, 0, &qctx); in fetch_callback()
6230 client_shuttingdown = ns_client_shuttingdown(client); in fetch_callback()
6245 query_error(client, DNS_R_SERVFAIL, __LINE__); in fetch_callback()
6247 query_next(client, ISC_R_CANCELED); in fetch_callback()
6326 ns_query_recurse(ns_client_t *client, dns_rdatatype_t qtype, dns_name_t *qname, in ns_query_recurse() argument
6339 if (recparam_match(&client->query.recparam, qtype, qname, qdomain)) { in ns_query_recurse()
6340 ns_client_log(client, NS_LOGCATEGORY_CLIENT, NS_LOGMODULE_QUERY, in ns_query_recurse()
6345 recparam_update(&client->query.recparam, qtype, qname, qdomain); in ns_query_recurse()
6348 inc_stats(client, ns_statscounter_recursion); in ns_query_recurse()
6361 if (client->recursionquota == NULL) { in ns_query_recurse()
6362 result = isc_quota_attach(&client->sctx->recursionquota, in ns_query_recurse()
6363 &client->recursionquota); in ns_query_recurse()
6365 ns_stats_increment(client->sctx->nsstats, in ns_query_recurse()
6374 ns_client_log(client, NS_LOGCATEGORY_CLIENT, in ns_query_recurse()
6381 client->recursionquota), in ns_query_recurse()
6383 client->recursionquota), in ns_query_recurse()
6385 client->recursionquota)); in ns_query_recurse()
6387 ns_client_killoldestquery(client); in ns_query_recurse()
6393 ns_server_t *sctx = client->sctx; in ns_query_recurse()
6396 client, NS_LOGCATEGORY_CLIENT, in ns_query_recurse()
6407 ns_client_killoldestquery(client); in ns_query_recurse()
6413 dns_message_clonebuffer(client->message); in ns_query_recurse()
6414 ns_client_recursing(client); in ns_query_recurse()
6421 REQUIRE(client->query.fetch == NULL); in ns_query_recurse()
6423 rdataset = ns_client_newrdataset(client); in ns_query_recurse()
6428 if (WANTDNSSEC(client)) { in ns_query_recurse()
6429 sigrdataset = ns_client_newrdataset(client); in ns_query_recurse()
6431 ns_client_putrdataset(client, &rdataset); in ns_query_recurse()
6438 if (!client->query.timerset) { in ns_query_recurse()
6439 ns_client_settimeout(client, 60); in ns_query_recurse()
6442 if (!TCP(client)) { in ns_query_recurse()
6443 peeraddr = &client->peeraddr; in ns_query_recurse()
6446 if (client->view->staleanswerclienttimeout > 0 && in ns_query_recurse()
6447 client->view->staleanswerclienttimeout != (uint32_t)-1 && in ns_query_recurse()
6448 dns_view_staleanswerenabled(client->view)) in ns_query_recurse()
6450 client->query.fetchoptions |= DNS_FETCHOPT_TRYSTALE_ONTIMEOUT; in ns_query_recurse()
6453 isc_nmhandle_attach(client->handle, &client->fetchhandle); in ns_query_recurse()
6455 client->view->resolver, qname, qtype, qdomain, nameservers, in ns_query_recurse()
6456 NULL, peeraddr, client->message->id, client->query.fetchoptions, in ns_query_recurse()
6457 0, NULL, client->task, fetch_callback, client, rdataset, in ns_query_recurse()
6458 sigrdataset, &client->query.fetch); in ns_query_recurse()
6460 isc_nmhandle_detach(&client->fetchhandle); in ns_query_recurse()
6461 ns_client_putrdataset(client, &rdataset); in ns_query_recurse()
6463 ns_client_putrdataset(client, &sigrdataset); in ns_query_recurse()
6497 qctx->rpz_st = qctx->client->query.rpz_st; in query_resume()
6543 ns_client_putrdataset(qctx->client, &qctx->event->sigrdataset); in query_resume()
6544 } else if (REDIRECT(qctx->client)) { in query_resume()
6550 dns_name_format(qctx->client->query.redirect.fname, qbuf, in query_resume()
6552 dns_rdatatype_format(qctx->client->query.redirect.qtype, tbuf, in query_resume()
6556 tbuf, qctx->client->query.redirect.authoritative); in query_resume()
6559 qctx->qtype = qctx->client->query.redirect.qtype; in query_resume()
6560 INSIST(qctx->client->query.redirect.rdataset != NULL); in query_resume()
6561 RESTORE(qctx->rdataset, qctx->client->query.redirect.rdataset); in query_resume()
6563 qctx->client->query.redirect.sigrdataset); in query_resume()
6564 RESTORE(qctx->db, qctx->client->query.redirect.db); in query_resume()
6565 RESTORE(qctx->node, qctx->client->query.redirect.node); in query_resume()
6566 RESTORE(qctx->zone, qctx->client->query.redirect.zone); in query_resume()
6568 qctx->client->query.redirect.authoritative; in query_resume()
6573 ns_client_putrdataset(qctx->client, &qctx->event->rdataset); in query_resume()
6574 ns_client_putrdataset(qctx->client, &qctx->event->sigrdataset); in query_resume()
6603 if (DNS64(qctx->client)) { in query_resume()
6604 qctx->client->query.attributes &= ~NS_QUERYATTR_DNS64; in query_resume()
6608 if (DNS64EXCLUDE(qctx->client)) { in query_resume()
6609 qctx->client->query.attributes &= ~NS_QUERYATTR_DNS64EXCLUDE; in query_resume()
6620 ns_client_log(qctx->client, NS_LOGCATEGORY_CLIENT, in query_resume()
6635 qctx->dbuf = ns_client_getnamebuf(qctx->client); in query_resume()
6643 qctx->fname = ns_client_newname(qctx->client, qctx->dbuf, &b); in query_resume()
6655 } else if (REDIRECT(qctx->client)) { in query_resume()
6656 tname = qctx->client->query.redirect.fname; in query_resume()
6668 free_devent(qctx->client, ISC_EVENT_PTR(&qctx->event), in query_resume()
6670 } else if (REDIRECT(qctx->client)) { in query_resume()
6671 result = qctx->client->query.redirect.result; in query_resume()
6699 if (!RECURSIONOK(qctx->client)) { in ns__query_sfcache()
6705 if (qctx->client->sctx->fuzztype == isc_fuzz_resolver) { in ns__query_sfcache()
6709 qctx->view->failcache, qctx->client->query.qname, in ns__query_sfcache()
6710 qctx->qtype, &flags, &qctx->client->tnow); in ns__query_sfcache()
6714 qctx->client->query.qname, qctx->qtype, in ns__query_sfcache()
6715 &flags, &qctx->client->tnow); in ns__query_sfcache()
6719 ((qctx->client->message->flags & DNS_MESSAGEFLAG_CD) == 0))) in ns__query_sfcache()
6725 dns_name_format(qctx->client->query.qname, namebuf, in ns__query_sfcache()
6729 ns_client_log(qctx->client, NS_LOGCATEGORY_CLIENT, in ns__query_sfcache()
6738 qctx->client->attributes |= NS_CLIENTATTR_NOSETFC; in ns__query_sfcache()
6768 qctx->client, DNS_LOGCATEGORY_RRL, NS_LOGMODULE_QUERY, in query_checkrrl()
6773 qctx->client->view->rrl, HAVECOOKIE(qctx->client), in query_checkrrl()
6776 qctx->is_zone, RECURSIONOK(qctx->client), in query_checkrrl()
6777 qctx->client->query.rpz_st, in query_checkrrl()
6778 qctx->client->query.rpz_st != NULL in query_checkrrl()
6779 ? ((qctx->client->query.rpz_st->state & in query_checkrrl()
6782 (qctx->client->query.attributes & NS_QUERYATTR_RRL_CHECKED) != in query_checkrrl()
6785 if (qctx->view->rrl != NULL && !HAVECOOKIE(qctx->client) && in query_checkrrl()
6787 (result == ISC_R_NOTFOUND && !RECURSIONOK(qctx->client))) && in query_checkrrl()
6789 RECURSIONOK(qctx->client)) && in query_checkrrl()
6790 (qctx->client->query.rpz_st == NULL || in query_checkrrl()
6791 (qctx->client->query.rpz_st->state & DNS_RPZ_REWRITTEN) == 0) && in query_checkrrl()
6792 (qctx->client->query.attributes & NS_QUERYATTR_RRL_CHECKED) == 0) in query_checkrrl()
6802 qctx->client->query.attributes |= NS_QUERYATTR_RRL_CHECKED; in query_checkrrl()
6858 qctx->view, qctx->zone, &qctx->client->peeraddr, in query_checkrrl()
6859 TCP(qctx->client), qctx->client->message->rdclass, in query_checkrrl()
6860 qctx->qtype, constname, resp_result, qctx->client->now, in query_checkrrl()
6874 ns_client_log(qctx->client, DNS_LOGCATEGORY_RRL, in query_checkrrl()
6885 inc_stats(qctx->client, in query_checkrrl()
6893 inc_stats(qctx->client, in query_checkrrl()
6895 if (WANTCOOKIE(qctx->client)) { in query_checkrrl()
6896 qctx->client->message->flags &= in query_checkrrl()
6898 qctx->client->message->flags &= in query_checkrrl()
6900 qctx->client->message->rcode = in query_checkrrl()
6903 qctx->client->message->flags |= in query_checkrrl()
6908 qctx->client->message in query_checkrrl()
6931 rresult = rpz_rewrite(qctx->client, qctx->qtype, result, qctx->resuming, in query_checkrpz()
6933 qctx->rpz_st = qctx->client->query.rpz_st; in query_checkrpz()
6945 INSIST(!RECURSING(qctx->client)); in query_checkrpz()
6956 qctx->client->query.attributes |= NS_QUERYATTR_RECURSING; in query_checkrpz()
6970 !TCP(qctx->client)) && in query_checkrpz()
6979 dns_name_copynf(qctx->client->query.qname, qctx->fname); in query_checkrpz()
6982 ns_client_putrdataset(qctx->client, &qctx->rdataset); in query_checkrpz()
7010 qctx->client->message->flags |= DNS_MESSAGEFLAG_TC; in query_checkrpz()
7014 qctx->client->message->rcode = in query_checkrpz()
7017 rpz_log_rewrite(qctx->client, false, in query_checkrpz()
7025 rpz_log_rewrite(qctx->client, false, in query_checkrpz()
7105 qctx->client->attributes &= ~(NS_CLIENTATTR_WANTDNSSEC | in query_checkrpz()
7107 qctx->client->message->flags &= ~DNS_MESSAGEFLAG_AD; in query_checkrpz()
7108 ns_client_putrdataset(qctx->client, &qctx->sigrdataset); in query_checkrpz()
7111 rpz_log_rewrite(qctx->client, false, qctx->rpz_st->m.policy, in query_checkrpz()
7128 ns_client_t *client; in query_rpzcname() local
7133 REQUIRE(qctx != NULL && qctx->client != NULL); in query_rpzcname()
7135 client = qctx->client; in query_rpzcname()
7142 dns_name_split(client->query.qname, 1, in query_rpzcname()
7151 client->message->rcode = dns_rcode_yxdomain; in query_rpzcname()
7159 ns_client_keepname(client, qctx->fname, qctx->dbuf); in query_rpzcname()
7166 rpz_log_rewrite(client, false, qctx->rpz_st->m.policy, in query_rpzcname()
7171 ns_client_qnamereplace(client, qctx->fname); in query_rpzcname()
7177 client->attributes &= ~(NS_CLIENTATTR_WANTDNSSEC | in query_rpzcname()
7194 dns_keytag_t sentinel = qctx->client->query.root_key_sentinel_keyid; in has_ta()
7251 if (!qctx->client->query.root_key_sentinel_is_ta && in root_key_sentinel_return_servfail()
7252 !qctx->client->query.root_key_sentinel_not_ta) in root_key_sentinel_return_servfail()
7276 ((qctx->client->query.root_key_sentinel_is_ta && !has_ta(qctx)) || in root_key_sentinel_return_servfail()
7277 (qctx->client->query.root_key_sentinel_not_ta && has_ta(qctx)))) in root_key_sentinel_return_servfail()
7286 qctx->client->query.root_key_sentinel_is_ta = false; in root_key_sentinel_return_servfail()
7287 qctx->client->query.root_key_sentinel_not_ta = false; in root_key_sentinel_return_servfail()
7298 if ((qctx->client->query.dboptions & DNS_DBFIND_STALEOK) != 0) { in query_usestale()
7328 if (dns_view_staleanswerenabled(qctx->client->view)) { in query_usestale()
7329 dns_db_attach(qctx->client->view->cachedb, &qctx->db); in query_usestale()
7331 qctx->client->query.dboptions |= DNS_DBFIND_STALEOK; in query_usestale()
7332 if (qctx->client->query.fetch != NULL) { in query_usestale()
7333 dns_resolver_destroyfetch(&qctx->client->query.fetch); in query_usestale()
7341 qctx->client->query.dboptions |= DNS_DBFIND_STALESTART; in query_usestale()
7367 if (!dns_name_equal(qctx->client->query.qname, dns_rootname)) { in query_gotanswer()
7375 if (RECURSING(qctx->client) && result == DNS_R_DISALLOWED) { in query_gotanswer()
7399 qctx->client->attributes |= NS_CLIENTATTR_NOSETFC; in query_gotanswer()
7470 qctx->client->rcode_override = dns_rcode_servfail; in query_gotanswer()
7482 ns_client_t *client = qctx->client; in query_addnoqnameproof() local
7494 dbuf = ns_client_getnamebuf(client); in query_addnoqnameproof()
7499 fname = ns_client_newname(client, dbuf, &b); in query_addnoqnameproof()
7500 neg = ns_client_newrdataset(client); in query_addnoqnameproof()
7501 negsig = ns_client_newrdataset(client); in query_addnoqnameproof()
7517 dbuf = ns_client_getnamebuf(client); in query_addnoqnameproof()
7521 fname = ns_client_newname(client, dbuf, &b); in query_addnoqnameproof()
7525 neg = ns_client_newrdataset(client); in query_addnoqnameproof()
7531 negsig = ns_client_newrdataset(client); in query_addnoqnameproof()
7547 ns_client_putrdataset(client, &neg); in query_addnoqnameproof()
7550 ns_client_putrdataset(client, &negsig); in query_addnoqnameproof()
7553 ns_client_releasename(client, &fname); in query_addnoqnameproof()
7592 ns_client_keepname(qctx->client, qctx->fname, qctx->dbuf); in query_respond_any()
7624 } else if (qctx->view->minimal_any && !TCP(qctx->client) && in query_respond_any()
7625 !WANTDNSSEC(qctx->client) && in query_respond_any()
7633 } else if (qctx->view->minimal_any && !TCP(qctx->client) && in query_respond_any()
7644 if (NOQNAME(qctx->rdataset) && WANTDNSSEC(qctx->client)) in query_respond_any()
7651 qctx->rpz_st = qctx->client->query.rpz_st; in query_respond_any()
7658 if (!qctx->is_zone && RECURSIONOK(qctx->client)) { in query_respond_any()
7662 query_prefetch(qctx->client, name, in query_respond_any()
7694 ns_client_putrdataset(qctx->client, in query_respond_any()
7698 qctx->rdataset = ns_client_newrdataset(qctx->client); in query_respond_any()
7731 dns_message_puttempname(qctx->client->message, &qctx->fname); in query_respond_any()
7748 qctx->client->attributes &= ~NS_CLIENTATTR_RA; in query_respond_any()
7757 dns_name_format(qctx->client->query.qname, namebuf, in query_respond_any()
7759 ns_client_log(qctx->client, DNS_LOGCATEGORY_DNSSEC, in query_respond_any()
7764 qctx->fname = ns_client_newname(qctx->client, qctx->dbuf, &b); in query_respond_any()
7792 qctx->client->query.restarts != 0 || in query_getexpire()
7793 (qctx->client->attributes & NS_CLIENTATTR_WANTEXPIRE) == 0) in query_getexpire()
7808 if (secs >= qctx->client->now && qctx->result == ISC_R_SUCCESS) in query_getexpire()
7810 qctx->client->attributes |= NS_CLIENTATTR_HAVEEXPIRE; in query_getexpire()
7811 qctx->client->expire = secs - qctx->client->now; in query_getexpire()
7825 qctx->client->expire = soa.expire; in query_getexpire()
7826 qctx->client->attributes |= NS_CLIENTATTR_HAVEEXPIRE; in query_getexpire()
7852 if (QUERY_STALEOK(&qctx->client->query) && in query_addanswer()
7853 !QUERY_STALETIMEOUT(&qctx->client->query) && !qctx->refresh_rrset) in query_addanswer()
7856 query_clear_stale(qctx->client); in query_addanswer()
7861 qctx->client->query.attributes &= ~NS_QUERYATTR_STALEOK; in query_addanswer()
7868 dns_message_puttemprdataset(qctx->client->message, in query_addanswer()
7893 } else if (qctx->client->query.dns64_aaaaok != NULL) { in query_addanswer()
7895 ns_client_putrdataset(qctx->client, &qctx->rdataset); in query_addanswer()
7897 if (!qctx->is_zone && RECURSIONOK(qctx->client) && in query_addanswer()
7898 !QUERY_STALETIMEOUT(&qctx->client->query)) in query_addanswer()
7900 query_prefetch(qctx->client, qctx->fname, in query_addanswer()
7903 if (WANTDNSSEC(qctx->client) && qctx->sigrdataset != NULL) { in query_addanswer()
7930 INSIST(qctx->client->query.dns64_aaaaok == NULL); in query_respond()
7934 qctx->client->message->rdclass == dns_rdataclass_in && in query_respond()
7935 !dns64_aaaaok(qctx->client, qctx->rdataset, qctx->sigrdataset)) in query_respond()
7940 qctx->client->query.dns64_ttl = qctx->rdataset->ttl; in query_respond()
7941 SAVE(qctx->client->query.dns64_aaaa, qctx->rdataset); in query_respond()
7942 SAVE(qctx->client->query.dns64_sigaaaa, qctx->sigrdataset); in query_respond()
7943 ns_client_releasename(qctx->client, &qctx->fname); in query_respond()
7961 if (NOQNAME(qctx->rdataset) && WANTDNSSEC(qctx->client)) { in query_respond()
7975 if (dns_name_equal(qctx->client->query.qname, in query_respond()
7985 if (dns_name_equal(qctx->client->query.qname, dns_rootname)) { in query_respond()
7986 qctx->client->query.attributes &= in query_respond()
7988 dns_db_attach(qctx->db, &qctx->client->query.gluedb); in query_respond()
8026 ns_client_t *client = qctx->client; in query_dns64() local
8028 ns_interfacemgr_getaclenv(client->manager->interface->mgr); in query_dns64()
8038 dns_view_t *view = client->view; in query_dns64()
8067 client->message, section, name, dns_rdatatype_aaaa, in query_dns64()
8077 ns_client_releasename(client, &qctx->fname); in query_dns64()
8085 ns_client_keepname(client, name, qctx->dbuf); in query_dns64()
8087 dns_message_addname(client->message, name, section); in query_dns64()
8093 ns_client_releasename(client, &qctx->fname); in query_dns64()
8098 client->query.attributes &= ~NS_QUERYATTR_SECURE; in query_dns64()
8101 isc_netaddr_fromsockaddr(&netaddr, &client->peeraddr); in query_dns64()
8103 isc_buffer_allocate(client->mctx, &buffer, in query_dns64()
8106 result = dns_message_gettemprdataset(client->message, &dns64_rdataset); in query_dns64()
8110 result = dns_message_gettemprdatalist(client->message, in query_dns64()
8119 if (client->query.dns64_ttl != UINT32_MAX) { in query_dns64()
8121 client->query.dns64_ttl); in query_dns64()
8126 if (RECURSIONOK(client)) { in query_dns64()
8134 if (WANTDNSSEC(qctx->client) && qctx->sigrdataset != NULL && in query_dns64()
8144 for (dns64 = ISC_LIST_HEAD(client->view->dns64); dns64 != NULL; in query_dns64()
8151 client->signer, env, flags, in query_dns64()
8160 result = dns_message_gettemprdata(client->message, in query_dns64()
8187 client->query.attributes |= NS_QUERYATTR_NOADDITIONAL; in query_dns64()
8195 dns_message_takebuffer(client->message, &buffer); in query_dns64()
8196 inc_stats(client, ns_statscounter_dns64); in query_dns64()
8205 dns_message_puttemprdata(client->message, &dns64_rdata); in query_dns64()
8209 dns_message_puttemprdataset(client->message, &dns64_rdataset); in query_dns64()
8219 dns_message_puttemprdata(client->message, &dns64_rdata); in query_dns64()
8221 dns_message_puttemprdatalist(client->message, &dns64_rdatalist); in query_dns64()
8230 ns_client_t *client = qctx->client; in query_filter64() local
8244 INSIST(client->query.dns64_aaaaok != NULL); in query_filter64()
8245 INSIST(client->query.dns64_aaaaoklen == in query_filter64()
8255 client->message, section, name, dns_rdatatype_aaaa, in query_filter64()
8265 ns_client_releasename(client, &qctx->fname); in query_filter64()
8274 ns_client_releasename(client, &qctx->fname); in query_filter64()
8280 client->query.attributes &= ~NS_QUERYATTR_SECURE; in query_filter64()
8283 isc_buffer_allocate(client->mctx, &buffer, in query_filter64()
8285 result = dns_message_gettemprdataset(client->message, &myrdataset); in query_filter64()
8289 result = dns_message_gettemprdatalist(client->message, &myrdatalist); in query_filter64()
8304 if (!client->query.dns64_aaaaok[i++]) { in query_filter64()
8312 result = dns_message_gettemprdata(client->message, &myrdata); in query_filter64()
8332 client->query.attributes |= NS_QUERYATTR_NOADDITIONAL; in query_filter64()
8335 ns_client_keepname(client, name, qctx->dbuf); in query_filter64()
8337 dns_message_addname(client->message, name, section); in query_filter64()
8347 dns_message_takebuffer(client->message, &buffer); in query_filter64()
8355 dns_message_puttemprdata(client->message, &myrdata); in query_filter64()
8359 dns_message_puttemprdataset(client->message, &myrdataset); in query_filter64()
8368 dns_message_puttemprdata(client->message, &myrdata); in query_filter64()
8370 dns_message_puttemprdatalist(client->message, &myrdatalist); in query_filter64()
8373 ns_client_releasename(client, &name); in query_filter64()
8407 dns_clientinfo_init(&ci, qctx->client, NULL, NULL); in query_notfound()
8411 dns_rdatatype_ns, 0, qctx->client->now, in query_notfound()
8429 if (RECURSIONOK(qctx->client)) { in query_notfound()
8430 INSIST(!REDIRECT(qctx->client)); in query_notfound()
8431 result = ns_query_recurse(qctx->client, qctx->qtype, in query_notfound()
8432 qctx->client->query.qname, in query_notfound()
8436 qctx->client->query.attributes |= in query_notfound()
8440 qctx->client->query.attributes |= in query_notfound()
8444 qctx->client->query.attributes |= in query_notfound()
8495 qctx->client->query.isreferral = true; in query_prepare_delegation_response()
8497 if (!dns_db_iscache(qctx->db) && qctx->client->query.gluedb == NULL) { in query_prepare_delegation_response()
8498 dns_db_attach(qctx->db, &qctx->client->query.gluedb); in query_prepare_delegation_response()
8506 qctx->client->query.attributes &= ~NS_QUERYATTR_NOADDITIONAL; in query_prepare_delegation_response()
8507 if (WANTDNSSEC(qctx->client) && qctx->sigrdataset != NULL) { in query_prepare_delegation_response()
8513 dns_db_detach(&qctx->client->query.gluedb); in query_prepare_delegation_response()
8543 if (!RECURSIONOK(qctx->client) && in query_zone_delegation()
8551 qctx->client, qctx->client->query.qname, qctx->qtype, in query_zone_delegation()
8562 ns_client_putrdataset(qctx->client, &qctx->rdataset); in query_zone_delegation()
8564 ns_client_putrdataset(qctx->client, in query_zone_delegation()
8568 ns_client_releasename(qctx->client, in query_zone_delegation()
8590 if (USECACHE(qctx->client) && in query_zone_delegation()
8591 (RECURSIONOK(qctx->client) || in query_zone_delegation()
8604 ns_client_keepname(qctx->client, qctx->fname, qctx->dbuf); in query_zone_delegation()
8665 ns_client_releasename(qctx->client, &qctx->fname); in query_delegation()
8674 ns_client_putrdataset(qctx->client, &qctx->rdataset); in query_delegation()
8676 ns_client_putrdataset(qctx->client, &qctx->sigrdataset); in query_delegation()
8708 dns_name_t *qname = qctx->client->query.qname; in query_delegation_recurse()
8712 if (!RECURSIONOK(qctx->client)) { in query_delegation_recurse()
8726 INSIST(!REDIRECT(qctx->client)); in query_delegation_recurse()
8732 result = ns_query_recurse(qctx->client, qctx->qtype, qname, in query_delegation_recurse()
8738 result = ns_query_recurse(qctx->client, dns_rdatatype_a, qname, in query_delegation_recurse()
8744 result = ns_query_recurse(qctx->client, qctx->qtype, qname, in query_delegation_recurse()
8750 qctx->client->query.attributes |= NS_QUERYATTR_RECURSING; in query_delegation_recurse()
8752 qctx->client->query.attributes |= NS_QUERYATTR_DNS64; in query_delegation_recurse()
8755 qctx->client->query.attributes |= in query_delegation_recurse()
8779 ns_client_t *client = qctx->client; in query_addds() local
8794 if (!WANTDNSSEC(client)) { in query_addds()
8801 rdataset = ns_client_newrdataset(client); in query_addds()
8802 sigrdataset = ns_client_newrdataset(client); in query_addds()
8811 dns_rdatatype_ds, 0, client->now, rdataset, in query_addds()
8819 0, client->now, rdataset, sigrdataset); in query_addds()
8834 result = dns_message_firstname(client->message, DNS_SECTION_AUTHORITY); in query_addds()
8846 dns_message_currentname(client->message, DNS_SECTION_AUTHORITY, in query_addds()
8852 result = dns_message_nextname(client->message, in query_addds()
8874 dbuf = ns_client_getnamebuf(client); in query_addds()
8878 fname = ns_client_newname(client, dbuf, &b); in query_addds()
8887 query_findclosestnsec3(name, qctx->db, qctx->version, client, rdataset, in query_addds()
8904 fixfname(client, &fname, &dbuf, &b); in query_addds()
8905 fixrdataset(client, &rdataset); in query_addds()
8906 fixrdataset(client, &sigrdataset); in query_addds()
8911 qctx->version, client, rdataset, in query_addds()
8922 ns_client_putrdataset(client, &rdataset); in query_addds()
8925 ns_client_putrdataset(client, &sigrdataset); in query_addds()
8928 ns_client_releasename(client, &fname); in query_addds()
8954 ns_client_putrdataset(qctx->client, &qctx->rdataset); in query_nodata()
8957 ns_client_putrdataset(qctx->client, &qctx->sigrdataset); in query_nodata()
8959 RESTORE(qctx->rdataset, qctx->client->query.dns64_aaaa); in query_nodata()
8960 RESTORE(qctx->sigrdataset, qctx->client->query.dns64_sigaaaa); in query_nodata()
8962 qctx->dbuf = ns_client_getnamebuf(qctx->client); in query_nodata()
8970 qctx->fname = ns_client_newname(qctx->client, in query_nodata()
8980 dns_name_copynf(qctx->client->query.qname, qctx->fname); in query_nodata()
8992 qctx->client->message->rdclass == dns_rdataclass_in && in query_nodata()
9007 qctx->client->query.dns64_ttl = in query_nodata()
9013 qctx->client->query.dns64_ttl = 0; in query_nodata()
9017 qctx->client->query.dns64_ttl = in query_nodata()
9024 SAVE(qctx->client->query.dns64_aaaa, qctx->rdataset); in query_nodata()
9025 SAVE(qctx->client->query.dns64_sigaaaa, qctx->sigrdataset); in query_nodata()
9026 ns_client_releasename(qctx->client, &qctx->fname); in query_nodata()
9041 ns_client_keepname(qctx->client, qctx->fname, in query_nodata()
9043 dns_message_addname(qctx->client->message, qctx->fname, in query_nodata()
9074 WANTDNSSEC(qctx->client)) in query_sign_nodata()
9083 qname = qctx->client->query.qname; in query_sign_nodata()
9086 qctx->client, qctx->rdataset, in query_sign_nodata()
9096 (((qctx->client->sctx->options & in query_sign_nodata()
9116 fixfname(qctx->client, &qctx->fname, in query_sign_nodata()
9118 fixrdataset(qctx->client, &qctx->rdataset); in query_sign_nodata()
9119 fixrdataset(qctx->client, &qctx->sigrdataset); in query_sign_nodata()
9139 qctx->client, qctx->rdataset, in query_sign_nodata()
9144 ns_client_releasename(qctx->client, &qctx->fname); in query_sign_nodata()
9154 ns_client_keepname(qctx->client, qctx->fname, qctx->dbuf); in query_sign_nodata()
9161 ns_client_releasename(qctx->client, &qctx->fname); in query_sign_nodata()
9179 if (WANTDNSSEC(qctx->client) && in query_sign_nodata()
9190 ns_client_t *client = qctx->client; in query_addnxrrsetnsec() local
9231 dbuf = ns_client_getnamebuf(client); in query_addnxrrsetnsec()
9236 fname = ns_client_newname(client, dbuf, &b); in query_addnxrrsetnsec()
9262 INSIST(qctx->is_zone || REDIRECT(qctx->client)); in query_nxdomain()
9277 ns_client_keepname(qctx->client, qctx->fname, qctx->dbuf); in query_nxdomain()
9284 ns_client_releasename(qctx->client, &qctx->fname); in query_nxdomain()
9314 if (WANTDNSSEC(qctx->client)) { in query_nxdomain()
9330 qctx->client->message->rcode = dns_rcode_noerror; in query_nxdomain()
9332 qctx->client->message->rcode = dns_rcode_nxdomain; in query_nxdomain()
9358 result = redirect(qctx->client, qctx->fname, qctx->rdataset, in query_redirect()
9362 inc_stats(qctx->client, ns_statscounter_nxdomainredirect); in query_redirect()
9376 result = redirect2(qctx->client, qctx->fname, qctx->rdataset, in query_redirect()
9381 inc_stats(qctx->client, ns_statscounter_nxdomainredirect); in query_redirect()
9384 inc_stats(qctx->client, in query_redirect()
9386 SAVE(qctx->client->query.redirect.db, qctx->db); in query_redirect()
9387 SAVE(qctx->client->query.redirect.node, qctx->node); in query_redirect()
9388 SAVE(qctx->client->query.redirect.zone, qctx->zone); in query_redirect()
9389 qctx->client->query.redirect.qtype = qctx->qtype; in query_redirect()
9391 SAVE(qctx->client->query.redirect.rdataset, qctx->rdataset); in query_redirect()
9392 SAVE(qctx->client->query.redirect.sigrdataset, in query_redirect()
9394 qctx->client->query.redirect.result = DNS_R_NCACHENXDOMAIN; in query_redirect()
9396 qctx->client->query.redirect.fname); in query_redirect()
9397 qctx->client->query.redirect.authoritative = in query_redirect()
9399 qctx->client->query.redirect.is_zone = qctx->is_zone; in query_redirect()
9425 ns_client_logv(qctx->client, NS_LOGCATEGORY_QUERIES, NS_LOGMODULE_QUERY, in log_noexistnodata()
9487 if (WANTDNSSEC(qctx->client)) { in query_synthnodata()
9488 ns_client_keepname(qctx->client, qctx->fname, qctx->dbuf); in query_synthnodata()
9490 ns_client_releasename(qctx->client, &qctx->fname); in query_synthnodata()
9493 dbuf = ns_client_getnamebuf(qctx->client); in query_synthnodata()
9499 name = ns_client_newname(qctx->client, dbuf, &b); in query_synthnodata()
9510 if (!WANTDNSSEC(qctx->client)) { in query_synthnodata()
9516 if (WANTDNSSEC(qctx->client)) { in query_synthnodata()
9525 inc_stats(qctx->client, ns_statscounter_nodatasynth); in query_synthnodata()
9529 ns_client_releasename(qctx->client, &name); in query_synthnodata()
9553 if (WANTDNSSEC(qctx->client)) { in query_synthwildcard()
9554 ns_client_keepname(qctx->client, qctx->fname, qctx->dbuf); in query_synthwildcard()
9556 ns_client_releasename(qctx->client, &qctx->fname); in query_synthwildcard()
9559 dbuf = ns_client_getnamebuf(qctx->client); in query_synthwildcard()
9565 name = ns_client_newname(qctx->client, dbuf, &b); in query_synthwildcard()
9570 dns_name_copynf(qctx->client->query.qname, name); in query_synthwildcard()
9572 cloneset = ns_client_newrdataset(qctx->client); in query_synthwildcard()
9582 if (WANTDNSSEC(qctx->client)) { in query_synthwildcard()
9583 clonesigset = ns_client_newrdataset(qctx->client); in query_synthwildcard()
9597 if (WANTDNSSEC(qctx->client)) { in query_synthwildcard()
9606 inc_stats(qctx->client, ns_statscounter_wildcardsynth); in query_synthwildcard()
9610 ns_client_releasename(qctx->client, &name); in query_synthwildcard()
9613 ns_client_putrdataset(qctx->client, &cloneset); in query_synthwildcard()
9616 ns_client_putrdataset(qctx->client, &clonesigset); in query_synthwildcard()
9639 qctx->client->query.attributes |= NS_QUERYATTR_PARTIALANSWER; in query_synthcnamewildcard()
9645 result = dns_message_gettempname(qctx->client->message, &tname); in query_synthcnamewildcard()
9652 dns_message_puttempname(qctx->client->message, &tname); in query_synthcnamewildcard()
9664 ns_client_qnamereplace(qctx->client, tname); in query_synthcnamewildcard()
9666 if (!WANTRECURSION(qctx->client)) { in query_synthcnamewildcard()
9705 if (WANTDNSSEC(qctx->client)) { in query_synthnxdomain()
9706 ns_client_keepname(qctx->client, qctx->fname, qctx->dbuf); in query_synthnxdomain()
9708 ns_client_releasename(qctx->client, &qctx->fname); in query_synthnxdomain()
9711 dbuf = ns_client_getnamebuf(qctx->client); in query_synthnxdomain()
9717 name = ns_client_newname(qctx->client, dbuf, &b); in query_synthnxdomain()
9728 if (!WANTDNSSEC(qctx->client)) { in query_synthnxdomain()
9734 if (WANTDNSSEC(qctx->client)) { in query_synthnxdomain()
9741 dbuf = ns_client_getnamebuf(qctx->client); in query_synthnxdomain()
9747 name = ns_client_newname(qctx->client, dbuf, &b); in query_synthnxdomain()
9755 cloneset = ns_client_newrdataset(qctx->client); in query_synthnxdomain()
9756 clonesigset = ns_client_newrdataset(qctx->client); in query_synthnxdomain()
9772 qctx->client->message->rcode = dns_rcode_nxdomain; in query_synthnxdomain()
9774 inc_stats(qctx->client, ns_statscounter_nxdomainsynth); in query_synthnxdomain()
9778 ns_client_releasename(qctx->client, &name); in query_synthnxdomain()
9781 ns_client_putrdataset(qctx->client, &cloneset); in query_synthnxdomain()
9784 ns_client_putrdataset(qctx->client, &clonesigset); in query_synthnxdomain()
9856 unsigned int dboptions = qctx->client->query.dboptions; in query_coveringnsec()
9876 dns_clientinfo_init(&ci, qctx->client, NULL, NULL); in query_coveringnsec()
9890 result = dns_nsec_noexistnodata(qctx->qtype, qctx->client->query.qname, in query_coveringnsec()
9909 qctx->rdataset->ttl == 0 && RECURSIONOK(qctx->client)) in query_coveringnsec()
9914 soardataset = ns_client_newrdataset(qctx->client); in query_coveringnsec()
9915 sigsoardataset = ns_client_newrdataset(qctx->client); in query_coveringnsec()
9926 qctx->client->now, &node, fname, &cm, in query_coveringnsec()
9944 qctx->client->now, &node, nowild, &cm, &ci, in query_coveringnsec()
9974 RECURSIONOK(qctx->client)) in query_coveringnsec()
10035 soardataset = ns_client_newrdataset(qctx->client); in query_coveringnsec()
10036 sigsoardataset = ns_client_newrdataset(qctx->client); in query_coveringnsec()
10045 dboptions, qctx->client->now, &node, fname, &cm, in query_coveringnsec()
10064 ns_client_putrdataset(qctx->client, &soardataset); in query_coveringnsec()
10067 ns_client_putrdataset(qctx->client, &sigsoardataset); in query_coveringnsec()
10086 ns_client_releasename(qctx->client, &qctx->fname); in query_coveringnsec()
10091 ns_client_putrdataset(qctx->client, &qctx->rdataset); in query_coveringnsec()
10093 ns_client_putrdataset(qctx->client, &qctx->sigrdataset); in query_coveringnsec()
10125 qctx->client->message->rcode = dns_rcode_nxdomain; in query_ncache()
10129 qctx->client->message->rdclass == dns_rdataclass_in && in query_ncache()
10132 warn_rfc1918(qctx->client, qctx->fname, qctx->rdataset); in query_ncache()
10152 qctx->rdataset->ttl != 0 || !RECURSIONOK(qctx->client)) in query_zerottl_refetch()
10159 INSIST(!REDIRECT(qctx->client)); in query_zerottl_refetch()
10161 result = ns_query_recurse(qctx->client, qctx->qtype, in query_zerottl_refetch()
10162 qctx->client->query.qname, NULL, NULL, in query_zerottl_refetch()
10166 qctx->client->query.attributes |= NS_QUERYATTR_RECURSING; in query_zerottl_refetch()
10169 qctx->client->query.attributes |= NS_QUERYATTR_DNS64; in query_zerottl_refetch()
10172 qctx->client->query.attributes |= in query_zerottl_refetch()
10220 if (WANTDNSSEC(qctx->client) && qctx->sigrdataset != NULL) { in query_cname()
10224 if (WANTDNSSEC(qctx->client) && in query_cname()
10233 if (NOQNAME(qctx->rdataset) && WANTDNSSEC(qctx->client)) { in query_cname()
10239 if (!qctx->is_zone && RECURSIONOK(qctx->client)) { in query_cname()
10240 query_prefetch(qctx->client, qctx->fname, qctx->rdataset); in query_cname()
10252 qctx->client->query.attributes |= NS_QUERYATTR_PARTIALANSWER; in query_cname()
10258 result = dns_message_gettempname(qctx->client->message, &tname); in query_cname()
10265 dns_message_puttempname(qctx->client->message, &tname); in query_cname()
10277 ns_client_qnamereplace(qctx->client, tname); in query_cname()
10279 if (!WANTRECURSION(qctx->client)) { in query_cname()
10317 namereln = dns_name_fullcompare(qctx->client->query.qname, qctx->fname, in query_dname()
10331 if (WANTDNSSEC(qctx->client) && qctx->sigrdataset != NULL) { in query_dname()
10335 if (WANTDNSSEC(qctx->client) && in query_dname()
10344 if (!qctx->is_zone && RECURSIONOK(qctx->client)) { in query_dname()
10345 query_prefetch(qctx->client, qctx->fname, qctx->rdataset); in query_dname()
10354 qctx->client->query.attributes |= NS_QUERYATTR_PARTIALANSWER; in query_dname()
10360 result = dns_message_gettempname(qctx->client->message, &tname); in query_dname()
10367 dns_message_puttempname(qctx->client->message, &tname); in query_dname()
10384 dns_name_split(qctx->client->query.qname, nlabels, prefix, NULL); in query_dname()
10386 qctx->dbuf = ns_client_getnamebuf(qctx->client); in query_dname()
10388 dns_message_puttempname(qctx->client->message, &tname); in query_dname()
10391 qctx->fname = ns_client_newname(qctx->client, qctx->dbuf, &b); in query_dname()
10393 dns_message_puttempname(qctx->client->message, &tname); in query_dname()
10397 dns_message_puttempname(qctx->client->message, &tname); in query_dname()
10405 qctx->client->message->rcode = dns_rcode_yxdomain; in query_dname()
10411 ns_client_keepname(qctx->client, qctx->fname, qctx->dbuf); in query_dname()
10442 ns_client_qnamereplace(qctx->client, qctx->fname); in query_dname()
10445 if (!WANTRECURSION(qctx->client)) { in query_dname()
10463 ns_client_t *client = qctx->client; in query_addcname() local
10471 result = dns_message_gettempname(client->message, &aname); in query_addcname()
10476 dns_name_copynf(client->query.qname, aname); in query_addcname()
10478 result = dns_message_gettemprdatalist(client->message, &rdatalist); in query_addcname()
10480 dns_message_puttempname(client->message, &aname); in query_addcname()
10484 result = dns_message_gettemprdata(client->message, &rdata); in query_addcname()
10486 dns_message_puttempname(client->message, &aname); in query_addcname()
10487 dns_message_puttemprdatalist(client->message, &rdatalist); in query_addcname()
10491 result = dns_message_gettemprdataset(client->message, &rdataset); in query_addcname()
10493 dns_message_puttempname(client->message, &aname); in query_addcname()
10494 dns_message_puttemprdatalist(client->message, &rdatalist); in query_addcname()
10495 dns_message_puttemprdata(client->message, &rdata); in query_addcname()
10500 rdatalist->rdclass = client->message->rdclass; in query_addcname()
10506 rdata->rdclass = client->message->rdclass; in query_addcname()
10520 dns_message_puttemprdataset(client->message, &rdataset); in query_addcname()
10523 dns_message_puttempname(client->message, &aname); in query_addcname()
10542 if (WANTDNSSEC(qctx->client) && in query_prepresponse()
10574 ns_client_t *client = qctx->client; in query_addsoa() local
10593 dns_clientinfo_init(&ci, client, NULL, NULL); in query_addsoa()
10598 if (((client->sctx->options & NS_SERVER_NOSOA) != 0) && in query_addsoa()
10599 (!WANTDNSSEC(client) || !dns_rdataset_isassociated(qctx->rdataset))) in query_addsoa()
10607 result = dns_message_gettempname(client->message, &name); in query_addsoa()
10618 rdataset = ns_client_newrdataset(client); in query_addsoa()
10624 if (WANTDNSSEC(client) && dns_db_issecure(qctx->db)) { in query_addsoa()
10625 sigrdataset = ns_client_newrdataset(client); in query_addsoa()
10639 dns_rdatatype_soa, 0, client->now, in query_addsoa()
10649 client->query.dboptions, 0, &node, in query_addsoa()
10704 ns_client_putrdataset(client, &rdataset); in query_addsoa()
10706 ns_client_putrdataset(client, &sigrdataset); in query_addsoa()
10709 ns_client_releasename(client, &name); in query_addsoa()
10723 ns_client_t *client = qctx->client; in query_addns() local
10742 dns_clientinfo_init(&ci, client, NULL, NULL); in query_addns()
10747 result = dns_message_gettempname(client->message, &name); in query_addns()
10754 rdataset = ns_client_newrdataset(client); in query_addns()
10762 if (WANTDNSSEC(client) && dns_db_issecure(qctx->db)) { in query_addns()
10763 sigrdataset = ns_client_newrdataset(client); in query_addns()
10778 dns_rdatatype_ns, 0, client->now, in query_addns()
10783 client->query.dboptions, 0, &node, in query_addns()
10806 ns_client_putrdataset(client, &rdataset); in query_addns()
10808 ns_client_putrdataset(client, &sigrdataset); in query_addns()
10811 ns_client_releasename(client, &name); in query_addns()
10826 ns_client_t *client = qctx->client; in query_addbestns() local
10844 dns_clientinfo_init(&ci, client, NULL, NULL); in query_addbestns()
10849 result = query_getdb(client, client->query.qname, dns_rdatatype_ns, 0, in query_addbestns()
10859 dbuf = ns_client_getnamebuf(client); in query_addbestns()
10863 fname = ns_client_newname(client, dbuf, &b); in query_addbestns()
10864 rdataset = ns_client_newrdataset(client); in query_addbestns()
10873 if (WANTDNSSEC(client) || !is_zone) { in query_addbestns()
10874 sigrdataset = ns_client_newrdataset(client); in query_addbestns()
10885 db, client->query.qname, version, dns_rdatatype_ns, in query_addbestns()
10886 client->query.dboptions, client->now, &node, fname, &cm, in query_addbestns()
10891 if (USECACHE(client)) { in query_addbestns()
10892 ns_client_keepname(client, fname, dbuf); in query_addbestns()
10899 dns_db_attach(client->view->cachedb, &db); in query_addbestns()
10905 db, client->query.qname, client->query.dboptions, in query_addbestns()
10906 client->now, &node, fname, NULL, rdataset, sigrdataset); in query_addbestns()
10929 ns_client_releasename(client, &fname); in query_addbestns()
10937 ns_client_putrdataset(client, &rdataset); in query_addbestns()
10939 ns_client_putrdataset(client, &sigrdataset); in query_addbestns()
10958 !validate(client, db, fname, rdataset, sigrdataset) && in query_addbestns()
10959 !PENDINGOK(client->query.dboptions)) in query_addbestns()
10966 !validate(client, db, fname, rdataset, sigrdataset) && in query_addbestns()
10967 SECURE(client) && WANTDNSSEC(client)) in query_addbestns()
10976 if (SECURE(client) && (WANTDNSSEC(client) || WANTAD(client)) && in query_addbestns()
10987 if (!WANTDNSSEC(client)) { in query_addbestns()
10988 ns_client_putrdataset(client, &sigrdataset); in query_addbestns()
10996 ns_client_putrdataset(client, &rdataset); in query_addbestns()
10999 ns_client_putrdataset(client, &sigrdataset); in query_addbestns()
11002 ns_client_releasename(client, &fname); in query_addbestns()
11014 ns_client_putrdataset(client, &zrdataset); in query_addbestns()
11016 ns_client_putrdataset(client, &zsigrdataset); in query_addbestns()
11019 ns_client_releasename(client, &zfname); in query_addbestns()
11027 ns_client_t *client = qctx->client; in query_addwildcardproof() local
11050 dns_clientinfo_init(&ci, client, NULL, NULL); in query_addwildcardproof()
11061 name = client->query.qname; in query_addwildcardproof()
11106 options = client->query.dboptions | DNS_DBFIND_NOWILD; in query_addwildcardproof()
11113 dbuf = ns_client_getnamebuf(client); in query_addwildcardproof()
11117 fname = ns_client_newname(client, dbuf, &b); in query_addwildcardproof()
11118 rdataset = ns_client_newrdataset(client); in query_addwildcardproof()
11119 sigrdataset = ns_client_newrdataset(client); in query_addwildcardproof()
11157 query_findclosestnsec3(cname, qctx->db, qctx->version, client, in query_addwildcardproof()
11172 dbuf = ns_client_getnamebuf(client); in query_addwildcardproof()
11176 fname = ns_client_newname(client, dbuf, &b); in query_addwildcardproof()
11180 rdataset = ns_client_newrdataset(client); in query_addwildcardproof()
11186 sigrdataset = ns_client_newrdataset(client); in query_addwildcardproof()
11204 query_findclosestnsec3(wname, qctx->db, qctx->version, client, in query_addwildcardproof()
11221 dbuf = ns_client_getnamebuf(client); in query_addwildcardproof()
11225 fname = ns_client_newname(client, dbuf, &b); in query_addwildcardproof()
11229 rdataset = ns_client_newrdataset(client); in query_addwildcardproof()
11235 sigrdataset = ns_client_newrdataset(client); in query_addwildcardproof()
11252 query_findclosestnsec3(wname, qctx->db, qctx->version, client, in query_addwildcardproof()
11298 ns_client_putrdataset(client, &rdataset); in query_addwildcardproof()
11301 ns_client_putrdataset(client, &sigrdataset); in query_addwildcardproof()
11304 ns_client_releasename(client, &fname); in query_addwildcardproof()
11315 ns_client_putrdataset(client, &rdataset); in query_addwildcardproof()
11318 ns_client_putrdataset(client, &sigrdataset); in query_addwildcardproof()
11321 ns_client_releasename(client, &fname); in query_addwildcardproof()
11336 if (!qctx->want_restart && !NOAUTHORITY(qctx->client)) { in query_addauth()
11345 ns_client_releasename(qctx->client, in query_addauth()
11397 ns_client_t *client = qctx->client; in query_setup_sortlist() local
11399 ns_interfacemgr_getaclenv(client->manager->interface->mgr); in query_setup_sortlist()
11402 isc_netaddr_fromsockaddr(&netaddr, &client->peeraddr); in query_setup_sortlist()
11403 switch (ns_sortlist_setup(client->view->sortlist, env, &netaddr, in query_setup_sortlist()
11407 dns_message_setsortorder(client->message, in query_setup_sortlist()
11412 dns_message_setsortorder(client->message, in query_setup_sortlist()
11429 const dns_namelist_t *secs = qctx->client->message->sections; in query_glueanswer()
11436 qctx->client->message->rcode != dns_rcode_noerror || in query_glueanswer()
11443 msg = qctx->client->message; in query_glueanswer()
11447 if (dns_name_equal(name, qctx->client->query.qname)) { in query_glueanswer()
11471 const dns_namelist_t *secs = qctx->client->message->sections; in ns_query_done()
11481 qctx->rpz_st = qctx->client->query.rpz_st; in ns_query_done()
11492 if (qctx->client->query.gluedb != NULL) { in ns_query_done()
11493 dns_db_detach(&qctx->client->query.gluedb); in ns_query_done()
11499 if (qctx->client->query.restarts == 0 && !qctx->authoritative) { in ns_query_done()
11500 qctx->client->message->flags &= ~DNS_MESSAGEFLAG_AA; in ns_query_done()
11506 if (qctx->want_restart && qctx->client->query.restarts < MAX_RESTARTS) { in ns_query_done()
11507 qctx->client->query.restarts++; in ns_query_done()
11512 (!PARTIALANSWER(qctx->client) || WANTRECURSION(qctx->client) || in ns_query_done()
11524 query_next(qctx->client, qctx->result); in ns_query_done()
11532 query_error(qctx->client, qctx->result, qctx->line); in ns_query_done()
11543 if (RECURSING(qctx->client) && in ns_query_done()
11544 (!QUERY_STALETIMEOUT(&qctx->client->query) || in ns_query_done()
11560 if (qctx->client->message->rcode == dns_rcode_nxdomain && in ns_query_done()
11563 qctx->client->message->flags |= DNS_MESSAGEFLAG_AA; in ns_query_done()
11573 qctx->client->message->rcode != dns_rcode_noerror)) in ns_query_done()
11584 nodetach = qctx->client->nodetach; in ns_query_done()
11585 query_send(qctx->client); in ns_query_done()
11597 message_clearrdataset(qctx->client->message, 0); in ns_query_done()
11611 log_tat(ns_client_t *client) { in log_tat() argument
11623 if ((client->query.qtype != dns_rdatatype_null || in log_tat()
11624 !dns_name_istat(client->query.qname)) && in log_tat()
11625 (client->keytag == NULL || in log_tat()
11626 client->query.qtype != dns_rdatatype_dnskey)) in log_tat()
11631 isc_netaddr_fromsockaddr(&netaddr, &client->peeraddr); in log_tat()
11632 dns_name_format(client->query.qname, namebuf, sizeof(namebuf)); in log_tat()
11634 dns_rdataclass_format(client->view->rdclass, classbuf, in log_tat()
11637 if (client->query.qtype == dns_rdatatype_dnskey) { in log_tat()
11638 uint16_t keytags = client->keytag_len / 2; in log_tat()
11640 char *cp = tags = isc_mem_get(client->mctx, taglen); in log_tat()
11643 INSIST(client->keytag != NULL); in log_tat()
11648 keytag = (client->keytag[i * 2] << 8) | in log_tat()
11649 client->keytag[i * 2 + 1]; in log_tat()
11666 isc_mem_put(client->mctx, tags, taglen); in log_tat()
11671 log_query(ns_client_t *client, unsigned int flags, unsigned int extflags) { in log_query() argument
11685 rdataset = ISC_LIST_HEAD(client->query.qname->list); in log_query()
11687 dns_name_format(client->query.qname, namebuf, sizeof(namebuf)); in log_query()
11690 isc_netaddr_format(&client->destaddr, onbuf, sizeof(onbuf)); in log_query()
11692 if (client->ednsversion >= 0) { in log_query()
11694 client->ednsversion); in log_query()
11697 if (HAVEECS(client)) { in log_query()
11699 dns_ecs_format(&client->ecs, ecsbuf + 6, sizeof(ecsbuf) - 6); in log_query()
11703 ns_client_log(client, NS_LOGCATEGORY_QUERIES, NS_LOGMODULE_QUERY, level, in log_query()
11705 classbuf, typebuf, WANTRECURSION(client) ? "+" : "-", in log_query()
11706 (client->signer != NULL) ? "S" : "", ednsbuf, in log_query()
11707 TCP(client) ? "T" : "", in log_query()
11710 HAVECOOKIE(client) ? "V" in log_query()
11711 : WANTCOOKIE(client) ? "K" in log_query()
11717 log_queryerror(ns_client_t *client, isc_result_t result, int line, int level) { in log_queryerror() argument
11735 if (client->query.origqname != NULL) { in log_queryerror()
11736 dns_name_format(client->query.origqname, namebuf, in log_queryerror()
11741 rdataset = ISC_LIST_HEAD(client->query.origqname->list); in log_queryerror()
11753 ns_client_log(client, NS_LOGCATEGORY_QUERY_ERRORS, NS_LOGMODULE_QUERY, in log_queryerror()
11760 ns_query_start(ns_client_t *client, isc_nmhandle_t *handle) { in ns_query_start() argument
11768 REQUIRE(NS_CLIENT_VALID(client)); in ns_query_start()
11773 isc_nmhandle_attach(handle, &client->reqhandle); in ns_query_start()
11775 message = client->message; in ns_query_start()
11776 saved_extflags = client->extflags; in ns_query_start()
11777 saved_flags = client->message->flags; in ns_query_start()
11784 client->cleanup = query_cleanup; in ns_query_start()
11787 client->query.attributes |= NS_QUERYATTR_WANTRECURSION; in ns_query_start()
11790 if ((client->extflags & DNS_MESSAGEEXTFLAG_DO) != 0) { in ns_query_start()
11791 client->attributes |= NS_CLIENTATTR_WANTDNSSEC; in ns_query_start()
11794 switch (client->view->minimalresponses) { in ns_query_start()
11798 client->query.attributes |= (NS_QUERYATTR_NOAUTHORITY | in ns_query_start()
11802 client->query.attributes |= NS_QUERYATTR_NOAUTHORITY; in ns_query_start()
11806 client->query.attributes |= NS_QUERYATTR_NOAUTHORITY; in ns_query_start()
11811 if (client->view->cachedb == NULL || !client->view->recursion) { in ns_query_start()
11816 client->query.attributes &= ~(NS_QUERYATTR_RECURSIONOK | in ns_query_start()
11818 client->attributes |= NS_CLIENTATTR_NOSETFC; in ns_query_start()
11819 } else if ((client->attributes & NS_CLIENTATTR_RA) == 0 || in ns_query_start()
11828 client->query.attributes &= ~NS_QUERYATTR_RECURSIONOK; in ns_query_start()
11829 client->attributes |= NS_CLIENTATTR_NOSETFC; in ns_query_start()
11836 query_error(client, DNS_R_FORMERR, __LINE__); in ns_query_start()
11845 query_error(client, result, __LINE__); in ns_query_start()
11849 &client->query.qname); in ns_query_start()
11850 client->query.origqname = client->query.qname; in ns_query_start()
11858 query_error(client, DNS_R_FORMERR, __LINE__); in ns_query_start()
11860 query_error(client, result, __LINE__); in ns_query_start()
11865 if ((client->sctx->options & NS_SERVER_LOGQUERIES) != 0) { in ns_query_start()
11866 log_query(client, saved_flags, saved_extflags); in ns_query_start()
11872 rdataset = ISC_LIST_HEAD(client->query.qname->list); in ns_query_start()
11874 client->query.qtype = qtype = rdataset->type; in ns_query_start()
11875 dns_rdatatypestats_increment(client->sctx->rcvquerystats, qtype); in ns_query_start()
11877 log_tat(client); in ns_query_start()
11885 ns_xfr_start(client, rdataset->type); in ns_query_start()
11889 query_error(client, DNS_R_NOTIMP, __LINE__); in ns_query_start()
11893 client->message, client->sctx->tkeyctx, in ns_query_start()
11894 client->view->dynamickeys); in ns_query_start()
11896 query_send(client); in ns_query_start()
11898 query_error(client, result, __LINE__); in ns_query_start()
11902 query_error(client, DNS_R_FORMERR, __LINE__); in ns_query_start()
11913 client->query.attributes |= (NS_QUERYATTR_NOAUTHORITY | in ns_query_start()
11919 client->query.attributes &= ~(NS_QUERYATTR_NOAUTHORITY | in ns_query_start()
11926 if (qtype == dns_rdatatype_any && client->view->minimal_any && in ns_query_start()
11927 !TCP(client)) in ns_query_start()
11929 client->query.attributes |= (NS_QUERYATTR_NOAUTHORITY | in ns_query_start()
11936 if (client->ednsversion >= 0 && client->udpsize <= 512U && !TCP(client)) in ns_query_start()
11938 client->query.attributes |= (NS_QUERYATTR_NOAUTHORITY | in ns_query_start()
11953 client->query.dboptions |= DNS_DBFIND_PENDINGOK; in ns_query_start()
11954 client->query.fetchoptions |= DNS_FETCHOPT_NOVALIDATE; in ns_query_start()
11955 } else if (!client->view->enablevalidation) { in ns_query_start()
11956 client->query.fetchoptions |= DNS_FETCHOPT_NOVALIDATE; in ns_query_start()
11959 if (client->view->qminimization) { in ns_query_start()
11960 client->query.fetchoptions |= DNS_FETCHOPT_QMINIMIZE | in ns_query_start()
11962 if (client->view->qmin_strict) { in ns_query_start()
11963 client->query.fetchoptions |= DNS_FETCHOPT_QMIN_STRICT; in ns_query_start()
11965 client->query.fetchoptions |= DNS_FETCHOPT_QMIN_USE_A; in ns_query_start()
11974 client->query.attributes &= ~NS_QUERYATTR_SECURE; in ns_query_start()
11982 client->attributes |= NS_CLIENTATTR_WANTAD; in ns_query_start()
11990 query_next(client, result); in ns_query_start()
12001 if ((client->sctx->options & NS_SERVER_NOAA) == 0) { in ns_query_start()
12009 if (WANTDNSSEC(client) || WANTAD(client)) { in ns_query_start()
12013 (void)query_setup(client, qtype); in ns_query_start()