1 /* $NetBSD: resolver.h,v 1.8 2022/09/23 12:15:30 christos Exp $ */ 2 3 /* 4 * Copyright (C) Internet Systems Consortium, Inc. ("ISC") 5 * 6 * SPDX-License-Identifier: MPL-2.0 7 * 8 * This Source Code Form is subject to the terms of the Mozilla Public 9 * License, v. 2.0. If a copy of the MPL was not distributed with this 10 * file, you can obtain one at https://mozilla.org/MPL/2.0/. 11 * 12 * See the COPYRIGHT file distributed with this work for additional 13 * information regarding copyright ownership. 14 */ 15 16 #ifndef DNS_RESOLVER_H 17 #define DNS_RESOLVER_H 1 18 19 /***** 20 ***** Module Info 21 *****/ 22 23 /*! \file dns/resolver.h 24 * 25 * \brief 26 * This is the BIND 9 resolver, the module responsible for resolving DNS 27 * requests by iteratively querying authoritative servers and following 28 * referrals. This is a "full resolver", not to be confused with 29 * the stub resolvers most people associate with the word "resolver". 30 * The full resolver is part of the caching name server or resolver 31 * daemon the stub resolver talks to. 32 * 33 * MP: 34 *\li The module ensures appropriate synchronization of data structures it 35 * creates and manipulates. 36 * 37 * Reliability: 38 *\li No anticipated impact. 39 * 40 * Resources: 41 *\li TBS 42 * 43 * Security: 44 *\li No anticipated impact. 45 * 46 * Standards: 47 *\li RFCs: 1034, 1035, 2181, TBS 48 *\li Drafts: TBS 49 */ 50 51 #include <inttypes.h> 52 #include <stdbool.h> 53 54 #include <isc/lang.h> 55 #include <isc/socket.h> 56 #include <isc/stats.h> 57 58 #include <dns/fixedname.h> 59 #include <dns/types.h> 60 61 ISC_LANG_BEGINDECLS 62 63 /*% 64 * A dns_fetchevent_t is sent when a 'fetch' completes. Any of 'db', 65 * 'node', 'rdataset', and 'sigrdataset' may be bound. It is the 66 * receiver's responsibility to detach before freeing the event. 67 * \brief 68 * 'rdataset', 'sigrdataset', 'client' and 'id' are the values that were 69 * supplied when dns_resolver_createfetch() was called. They are returned 70 * to the caller so that they may be freed. 71 */ 72 typedef struct dns_fetchevent { 73 ISC_EVENT_COMMON(struct dns_fetchevent); 74 dns_fetch_t *fetch; 75 isc_result_t result; 76 dns_rdatatype_t qtype; 77 dns_db_t *db; 78 dns_dbnode_t *node; 79 dns_rdataset_t *rdataset; 80 dns_rdataset_t *sigrdataset; 81 dns_fixedname_t foundname; 82 const isc_sockaddr_t *client; 83 dns_messageid_t id; 84 isc_result_t vresult; 85 } dns_fetchevent_t; 86 87 /*% 88 * The two quota types (fetches-per-zone and fetches-per-server) 89 */ 90 typedef enum { dns_quotatype_zone = 0, dns_quotatype_server } dns_quotatype_t; 91 92 /* 93 * Options that modify how a 'fetch' is done. 94 */ 95 #define DNS_FETCHOPT_TCP 0x00000001 /*%< Use TCP. */ 96 #define DNS_FETCHOPT_UNSHARED 0x00000002 /*%< See below. */ 97 #define DNS_FETCHOPT_RECURSIVE 0x00000004 /*%< Set RD? */ 98 #define DNS_FETCHOPT_NOEDNS0 0x00000008 /*%< Do not use EDNS. */ 99 #define DNS_FETCHOPT_FORWARDONLY 0x00000010 /*%< Only use forwarders. */ 100 #define DNS_FETCHOPT_NOVALIDATE 0x00000020 /*%< Disable validation. */ 101 #define DNS_FETCHOPT_EDNS512 \ 102 0x00000040 /*%< Advertise a 512 byte \ 103 * UDP buffer. */ 104 #define DNS_FETCHOPT_WANTNSID 0x00000080 /*%< Request NSID */ 105 #define DNS_FETCHOPT_PREFETCH 0x00000100 /*%< Do prefetch */ 106 #define DNS_FETCHOPT_NOCDFLAG 0x00000200 /*%< Don't set CD flag. */ 107 #define DNS_FETCHOPT_NONTA 0x00000400 /*%< Ignore NTA table. */ 108 /* RESERVED ECS 0x00000000 */ 109 /* RESERVED ECS 0x00001000 */ 110 /* RESERVED ECS 0x00002000 */ 111 /* RESERVED TCPCLIENT 0x00004000 */ 112 #define DNS_FETCHOPT_NOCACHED 0x00008000 /*%< Force cache update. */ 113 #define DNS_FETCHOPT_QMINIMIZE \ 114 0x00010000 /*%< Use qname \ 115 * minimization. */ 116 #define DNS_FETCHOPT_NOFOLLOW \ 117 0x00020000 /*%< Don't follow \ 118 * delegations */ 119 #define DNS_FETCHOPT_QMIN_STRICT \ 120 0x00040000 /*%< Do not work around \ 121 * servers that return \ 122 * errors on non-empty \ 123 * terminals. */ 124 #define DNS_FETCHOPT_QMIN_USE_A \ 125 0x00080000 /*%< Use A type queries \ 126 * instead of NS when \ 127 * doing minimization */ 128 #define DNS_FETCHOPT_QMIN_SKIP_IP6A \ 129 0x00100000 /*%< Skip some labels \ 130 * when doing qname \ 131 * minimization on \ 132 * ip6.arpa. */ 133 #define DNS_FETCHOPT_NOFORWARD \ 134 0x00200000 /*%< Do not use forwarders \ 135 * if possible. */ 136 137 /* Reserved in use by adb.c 0x00400000 */ 138 #define DNS_FETCHOPT_EDNSVERSIONSET 0x00800000 139 #define DNS_FETCHOPT_EDNSVERSIONMASK 0xff000000 140 #define DNS_FETCHOPT_EDNSVERSIONSHIFT 24 141 #define DNS_FETCHOPT_TRYSTALE_ONTIMEOUT 0x01000000 142 143 /* 144 * Upper bounds of class of query RTT (ms). Corresponds to 145 * dns_resstatscounter_queryrttX statistics counters. 146 */ 147 #define DNS_RESOLVER_QRYRTTCLASS0 10 148 #define DNS_RESOLVER_QRYRTTCLASS0STR "10" 149 #define DNS_RESOLVER_QRYRTTCLASS1 100 150 #define DNS_RESOLVER_QRYRTTCLASS1STR "100" 151 #define DNS_RESOLVER_QRYRTTCLASS2 500 152 #define DNS_RESOLVER_QRYRTTCLASS2STR "500" 153 #define DNS_RESOLVER_QRYRTTCLASS3 800 154 #define DNS_RESOLVER_QRYRTTCLASS3STR "800" 155 #define DNS_RESOLVER_QRYRTTCLASS4 1600 156 #define DNS_RESOLVER_QRYRTTCLASS4STR "1600" 157 158 /* 159 * XXXRTH Should this API be made semi-private? (I.e. 160 * _dns_resolver_create()). 161 */ 162 163 #define DNS_RESOLVER_CHECKNAMES 0x01 164 #define DNS_RESOLVER_CHECKNAMESFAIL 0x02 165 166 #define DNS_QMIN_MAXLABELS 7 167 #define DNS_QMIN_MAX_NO_DELEGATION 3 168 #define DNS_MAX_LABELS 127 169 170 isc_result_t 171 dns_resolver_create(dns_view_t *view, isc_taskmgr_t *taskmgr, 172 unsigned int ntasks, unsigned int ndisp, 173 isc_socketmgr_t *socketmgr, isc_timermgr_t *timermgr, 174 unsigned int options, dns_dispatchmgr_t *dispatchmgr, 175 dns_dispatch_t *dispatchv4, dns_dispatch_t *dispatchv6, 176 dns_resolver_t **resp); 177 178 /*%< 179 * Create a resolver. 180 * 181 * Notes: 182 * 183 *\li Generally, applications should not create a resolver directly, but 184 * should instead call dns_view_createresolver(). 185 * 186 * Requires: 187 * 188 *\li 'view' is a valid view. 189 * 190 *\li 'taskmgr' is a valid task manager. 191 * 192 *\li 'ntasks' > 0. 193 * 194 *\li 'socketmgr' is a valid socket manager. 195 * 196 *\li 'timermgr' is a valid timer manager. 197 * 198 *\li 'dispatchv4' is a dispatch with an IPv4 UDP socket, or is NULL. 199 * If not NULL, 'ndisp' clones of it will be created by the resolver. 200 * 201 *\li 'dispatchv6' is a dispatch with an IPv6 UDP socket, or is NULL. 202 * If not NULL, 'ndisp' clones of it will be created by the resolver. 203 * 204 *\li resp != NULL && *resp == NULL. 205 * 206 * Returns: 207 * 208 *\li #ISC_R_SUCCESS On success. 209 * 210 *\li Anything else Failure. 211 */ 212 213 void 214 dns_resolver_freeze(dns_resolver_t *res); 215 /*%< 216 * Freeze resolver. 217 * 218 * Notes: 219 * 220 *\li Certain configuration changes cannot be made after the resolver 221 * is frozen. Fetches cannot be created until the resolver is frozen. 222 * 223 * Requires: 224 * 225 *\li 'res' is a valid resolver. 226 * 227 * Ensures: 228 * 229 *\li 'res' is frozen. 230 */ 231 232 void 233 dns_resolver_prime(dns_resolver_t *res); 234 /*%< 235 * Prime resolver. 236 * 237 * Notes: 238 * 239 *\li Resolvers which have a forwarding policy other than dns_fwdpolicy_only 240 * need to be primed with the root nameservers, otherwise the root 241 * nameserver hints data may be used indefinitely. This function requests 242 * that the resolver start a priming fetch, if it isn't already priming. 243 * 244 * Requires: 245 * 246 *\li 'res' is a valid, frozen resolver. 247 */ 248 249 void 250 dns_resolver_whenshutdown(dns_resolver_t *res, isc_task_t *task, 251 isc_event_t **eventp); 252 /*%< 253 * Send '*eventp' to 'task' when 'res' has completed shutdown. 254 * 255 * Notes: 256 * 257 *\li It is not safe to detach the last reference to 'res' until 258 * shutdown is complete. 259 * 260 * Requires: 261 * 262 *\li 'res' is a valid resolver. 263 * 264 *\li 'task' is a valid task. 265 * 266 *\li *eventp is a valid event. 267 * 268 * Ensures: 269 * 270 *\li *eventp == NULL. 271 */ 272 273 void 274 dns_resolver_shutdown(dns_resolver_t *res); 275 /*%< 276 * Start the shutdown process for 'res'. 277 * 278 * Notes: 279 * 280 *\li This call has no effect if the resolver is already shutting down. 281 * 282 * Requires: 283 * 284 *\li 'res' is a valid resolver. 285 */ 286 287 void 288 dns_resolver_attach(dns_resolver_t *source, dns_resolver_t **targetp); 289 290 void 291 dns_resolver_detach(dns_resolver_t **resp); 292 293 isc_result_t 294 dns_resolver_createfetch(dns_resolver_t *res, const dns_name_t *name, 295 dns_rdatatype_t type, const dns_name_t *domain, 296 dns_rdataset_t *nameservers, 297 dns_forwarders_t *forwarders, 298 const isc_sockaddr_t *client, dns_messageid_t id, 299 unsigned int options, unsigned int depth, 300 isc_counter_t *qc, isc_task_t *task, 301 isc_taskaction_t action, void *arg, 302 dns_rdataset_t *rdataset, dns_rdataset_t *sigrdataset, 303 dns_fetch_t **fetchp); 304 /*%< 305 * Recurse to answer a question. 306 * 307 * Notes: 308 * 309 *\li This call starts a query for 'name', type 'type'. 310 * 311 *\li The 'domain' is a parent domain of 'name' for which 312 * a set of name servers 'nameservers' is known. If no 313 * such name server information is available, set 314 * 'domain' and 'nameservers' to NULL. 315 * 316 *\li 'forwarders' is unimplemented, and subject to change when 317 * we figure out how selective forwarding will work. 318 * 319 *\li When the fetch completes (successfully or otherwise), a 320 * #DNS_EVENT_FETCHDONE event with action 'action' and arg 'arg' will be 321 * posted to 'task'. 322 * 323 *\li The values of 'rdataset' and 'sigrdataset' will be returned in 324 * the FETCHDONE event. 325 * 326 *\li 'client' and 'id' are used for duplicate query detection. '*client' 327 * must remain stable until after 'action' has been called or 328 * dns_resolver_cancelfetch() is called. 329 * 330 * Requires: 331 * 332 *\li 'res' is a valid resolver that has been frozen. 333 * 334 *\li 'name' is a valid name. 335 * 336 *\li 'type' is not a meta type other than ANY. 337 * 338 *\li 'domain' is a valid name or NULL. 339 * 340 *\li 'nameservers' is a valid NS rdataset (whose owner name is 'domain') 341 * iff. 'domain' is not NULL. 342 * 343 *\li 'forwarders' is NULL. 344 * 345 *\li 'client' is a valid sockaddr or NULL. 346 * 347 *\li 'options' contains valid options. 348 * 349 *\li 'rdataset' is a valid, disassociated rdataset. 350 * 351 *\li 'sigrdataset' is NULL, or is a valid, disassociated rdataset. 352 * 353 *\li fetchp != NULL && *fetchp == NULL. 354 * 355 * Returns: 356 * 357 *\li #ISC_R_SUCCESS Success 358 *\li #DNS_R_DUPLICATE 359 *\li #DNS_R_DROP 360 * 361 *\li Many other values are possible, all of which indicate failure. 362 */ 363 364 void 365 dns_resolver_cancelfetch(dns_fetch_t *fetch); 366 /*%< 367 * Cancel 'fetch'. 368 * 369 * Notes: 370 * 371 *\li If 'fetch' has not completed, post its FETCHDONE event with a 372 * result code of #ISC_R_CANCELED. 373 * 374 * Requires: 375 * 376 *\li 'fetch' is a valid fetch. 377 */ 378 379 void 380 dns_resolver_destroyfetch(dns_fetch_t **fetchp); 381 /*%< 382 * Destroy 'fetch'. 383 * 384 * Requires: 385 * 386 *\li '*fetchp' is a valid fetch. 387 * 388 *\li The caller has received the FETCHDONE event (either because the 389 * fetch completed or because dns_resolver_cancelfetch() was called). 390 * 391 * Ensures: 392 * 393 *\li *fetchp == NULL. 394 */ 395 396 void 397 dns_resolver_logfetch(dns_fetch_t *fetch, isc_log_t *lctx, 398 isc_logcategory_t *category, isc_logmodule_t *module, 399 int level, bool duplicateok); 400 /*%< 401 * Dump a log message on internal state at the completion of given 'fetch'. 402 * 'lctx', 'category', 'module', and 'level' are used to write the log message. 403 * By default, only one log message is written even if the corresponding fetch 404 * context serves multiple clients; if 'duplicateok' is true the suppression 405 * is disabled and the message can be written every time this function is 406 * called. 407 * 408 * Requires: 409 * 410 *\li 'fetch' is a valid fetch, and has completed. 411 */ 412 413 dns_dispatchmgr_t * 414 dns_resolver_dispatchmgr(dns_resolver_t *resolver); 415 416 dns_dispatch_t * 417 dns_resolver_dispatchv4(dns_resolver_t *resolver); 418 419 dns_dispatch_t * 420 dns_resolver_dispatchv6(dns_resolver_t *resolver); 421 422 isc_socketmgr_t * 423 dns_resolver_socketmgr(dns_resolver_t *resolver); 424 425 isc_taskmgr_t * 426 dns_resolver_taskmgr(dns_resolver_t *resolver); 427 428 uint32_t 429 dns_resolver_getlamettl(dns_resolver_t *resolver); 430 /*%< 431 * Get the resolver's lame-ttl. zero => no lame processing. 432 * 433 * Requires: 434 *\li 'resolver' to be valid. 435 */ 436 437 void 438 dns_resolver_setlamettl(dns_resolver_t *resolver, uint32_t lame_ttl); 439 /*%< 440 * Set the resolver's lame-ttl. zero => no lame processing. 441 * 442 * Requires: 443 *\li 'resolver' to be valid. 444 */ 445 446 isc_result_t 447 dns_resolver_addalternate(dns_resolver_t *resolver, const isc_sockaddr_t *alt, 448 const dns_name_t *name, in_port_t port); 449 /*%< 450 * Add alternate addresses to be tried in the event that the nameservers 451 * for a zone are not available in the address families supported by the 452 * operating system. 453 * 454 * Require: 455 * \li only one of 'name' or 'alt' to be valid. 456 */ 457 458 void 459 dns_resolver_setudpsize(dns_resolver_t *resolver, uint16_t udpsize); 460 /*%< 461 * Set the EDNS UDP buffer size advertised by the server. 462 */ 463 464 uint16_t 465 dns_resolver_getudpsize(dns_resolver_t *resolver); 466 /*%< 467 * Get the current EDNS UDP buffer size. 468 */ 469 470 void 471 dns_resolver_reset_algorithms(dns_resolver_t *resolver); 472 /*%< 473 * Clear the disabled DNSSEC algorithms. 474 */ 475 476 void 477 dns_resolver_reset_ds_digests(dns_resolver_t *resolver); 478 /*%< 479 * Clear the disabled DS digest types. 480 */ 481 482 isc_result_t 483 dns_resolver_disable_algorithm(dns_resolver_t *resolver, const dns_name_t *name, 484 unsigned int alg); 485 /*%< 486 * Mark the given DNSSEC algorithm as disabled and below 'name'. 487 * Valid algorithms are less than 256. 488 * 489 * Returns: 490 *\li #ISC_R_SUCCESS 491 *\li #ISC_R_RANGE 492 *\li #ISC_R_NOMEMORY 493 */ 494 495 isc_result_t 496 dns_resolver_disable_ds_digest(dns_resolver_t *resolver, const dns_name_t *name, 497 unsigned int digest_type); 498 /*%< 499 * Mark the given DS digest type as disabled and below 'name'. 500 * Valid types are less than 256. 501 * 502 * Returns: 503 *\li #ISC_R_SUCCESS 504 *\li #ISC_R_RANGE 505 *\li #ISC_R_NOMEMORY 506 */ 507 508 bool 509 dns_resolver_algorithm_supported(dns_resolver_t *resolver, 510 const dns_name_t *name, unsigned int alg); 511 /*%< 512 * Check if the given algorithm is supported by this resolver. 513 * This checks whether the algorithm has been disabled via 514 * dns_resolver_disable_algorithm(), then checks the underlying 515 * crypto libraries if it was not specifically disabled. 516 */ 517 518 bool 519 dns_resolver_ds_digest_supported(dns_resolver_t *resolver, 520 const dns_name_t *name, 521 unsigned int digest_type); 522 /*%< 523 * Check if the given digest type is supported by this resolver. 524 * This checks whether the digest type has been disabled via 525 * dns_resolver_disable_ds_digest(), then checks the underlying 526 * crypto libraries if it was not specifically disabled. 527 */ 528 529 void 530 dns_resolver_resetmustbesecure(dns_resolver_t *resolver); 531 532 isc_result_t 533 dns_resolver_setmustbesecure(dns_resolver_t *resolver, const dns_name_t *name, 534 bool value); 535 536 bool 537 dns_resolver_getmustbesecure(dns_resolver_t *resolver, const dns_name_t *name); 538 539 void 540 dns_resolver_settimeout(dns_resolver_t *resolver, unsigned int timeout); 541 /*%< 542 * Set the length of time the resolver will work on a query, in milliseconds. 543 * 544 * 'timeout' was originally defined in seconds, and later redefined to be in 545 * milliseconds. Values less than or equal to 300 are treated as seconds. 546 * 547 * If timeout is 0, the default timeout will be applied. 548 * 549 * Requires: 550 * \li resolver to be valid. 551 */ 552 553 unsigned int 554 dns_resolver_gettimeout(dns_resolver_t *resolver); 555 /*%< 556 * Get the current length of time the resolver will work on a query, 557 * in milliseconds. 558 * 559 * Requires: 560 * \li resolver to be valid. 561 */ 562 563 void 564 dns_resolver_setclientsperquery(dns_resolver_t *resolver, uint32_t min, 565 uint32_t max); 566 void 567 dns_resolver_setfetchesperzone(dns_resolver_t *resolver, uint32_t clients); 568 569 void 570 dns_resolver_getclientsperquery(dns_resolver_t *resolver, uint32_t *cur, 571 uint32_t *min, uint32_t *max); 572 573 bool 574 dns_resolver_getzeronosoattl(dns_resolver_t *resolver); 575 576 void 577 dns_resolver_setzeronosoattl(dns_resolver_t *resolver, bool state); 578 579 unsigned int 580 dns_resolver_getretryinterval(dns_resolver_t *resolver); 581 582 void 583 dns_resolver_setretryinterval(dns_resolver_t *resolver, unsigned int interval); 584 /*%< 585 * Sets the amount of time, in milliseconds, that is waited for a reply 586 * to a server before another server is tried. Interacts with the 587 * value of dns_resolver_getnonbackofftries() by trying that number of times 588 * at this interval, before doing exponential backoff and doubling the interval 589 * on each subsequent try, to a maximum of 10 seconds. Defaults to 800 ms; 590 * silently capped at 2000 ms. 591 * 592 * Requires: 593 * \li resolver to be valid. 594 * \li interval > 0. 595 */ 596 597 unsigned int 598 dns_resolver_getnonbackofftries(dns_resolver_t *resolver); 599 600 void 601 dns_resolver_setnonbackofftries(dns_resolver_t *resolver, unsigned int tries); 602 /*%< 603 * Sets the number of failures of getting a reply from remote servers for 604 * a query before backing off by doubling the retry interval for each 605 * subsequent request sent. Defaults to 3. 606 * 607 * Requires: 608 * \li resolver to be valid. 609 * \li tries > 0. 610 */ 611 612 unsigned int 613 dns_resolver_getoptions(dns_resolver_t *resolver); 614 /*%< 615 * Get the resolver options. 616 * 617 * Requires: 618 * \li resolver to be valid. 619 */ 620 621 void 622 dns_resolver_addbadcache(dns_resolver_t *resolver, const dns_name_t *name, 623 dns_rdatatype_t type, isc_time_t *expire); 624 /*%< 625 * Add a entry to the bad cache for <name,type> that will expire at 'expire'. 626 * 627 * Requires: 628 * \li resolver to be valid. 629 * \li name to be valid. 630 */ 631 632 bool 633 dns_resolver_getbadcache(dns_resolver_t *resolver, const dns_name_t *name, 634 dns_rdatatype_t type, isc_time_t *now); 635 /*%< 636 * Check to see if there is a unexpired entry in the bad cache for 637 * <name,type>. 638 * 639 * Requires: 640 * \li resolver to be valid. 641 * \li name to be valid. 642 */ 643 644 void 645 dns_resolver_flushbadcache(dns_resolver_t *resolver, const dns_name_t *name); 646 /*%< 647 * Flush the bad cache of all entries at 'name' if 'name' is non NULL. 648 * Flush the entire bad cache if 'name' is NULL. 649 * 650 * Requires: 651 * \li resolver to be valid. 652 */ 653 654 void 655 dns_resolver_flushbadnames(dns_resolver_t *resolver, const dns_name_t *name); 656 /*%< 657 * Flush the bad cache of all entries at or below 'name'. 658 * 659 * Requires: 660 * \li resolver to be valid. 661 * \li name != NULL 662 */ 663 664 void 665 dns_resolver_printbadcache(dns_resolver_t *resolver, FILE *fp); 666 /*% 667 * Print out the contents of the bad cache to 'fp'. 668 * 669 * Requires: 670 * \li resolver to be valid. 671 */ 672 673 void 674 dns_resolver_setquerydscp4(dns_resolver_t *resolver, isc_dscp_t dscp); 675 isc_dscp_t 676 dns_resolver_getquerydscp4(dns_resolver_t *resolver); 677 678 void 679 dns_resolver_setquerydscp6(dns_resolver_t *resolver, isc_dscp_t dscp); 680 isc_dscp_t 681 dns_resolver_getquerydscp6(dns_resolver_t *resolver); 682 /*% 683 * Get and set the DSCP values for the resolver's IPv4 and IPV6 query 684 * sources. 685 * 686 * Requires: 687 * \li resolver to be valid. 688 */ 689 690 void 691 dns_resolver_setmaxdepth(dns_resolver_t *resolver, unsigned int maxdepth); 692 unsigned int 693 dns_resolver_getmaxdepth(dns_resolver_t *resolver); 694 /*% 695 * Get and set how many NS indirections will be followed when looking for 696 * nameserver addresses. 697 * 698 * Requires: 699 * \li resolver to be valid. 700 */ 701 702 void 703 dns_resolver_setmaxqueries(dns_resolver_t *resolver, unsigned int queries); 704 unsigned int 705 dns_resolver_getmaxqueries(dns_resolver_t *resolver); 706 /*% 707 * Get and set how many iterative queries will be allowed before 708 * terminating a recursive query. 709 * 710 * Requires: 711 * \li resolver to be valid. 712 */ 713 714 void 715 dns_resolver_setquotaresponse(dns_resolver_t *resolver, dns_quotatype_t which, 716 isc_result_t resp); 717 isc_result_t 718 dns_resolver_getquotaresponse(dns_resolver_t *resolver, dns_quotatype_t which); 719 /*% 720 * Get and set the result code that will be used when quotas 721 * are exceeded. If 'which' is set to quotatype "zone", then the 722 * result specified in 'resp' will be used when the fetches-per-zone 723 * quota is exceeded by a fetch. If 'which' is set to quotatype "server", 724 * then the result specified in 'resp' will be used when the 725 * fetches-per-server quota has been exceeded for all the 726 * authoritative servers for a zone. Valid choices are 727 * DNS_R_DROP or DNS_R_SERVFAIL. 728 * 729 * Requires: 730 * \li 'resolver' to be valid. 731 * \li 'which' to be dns_quotatype_zone or dns_quotatype_server 732 * \li 'resp' to be DNS_R_DROP or DNS_R_SERVFAIL. 733 */ 734 735 void 736 dns_resolver_dumpfetches(dns_resolver_t *resolver, isc_statsformat_t format, 737 FILE *fp); 738 739 #ifdef ENABLE_AFL 740 /*% 741 * Enable fuzzing of resolver, changes behaviour and eliminates retries 742 */ 743 void 744 dns_resolver_setfuzzing(void); 745 #endif /* ifdef ENABLE_AFL */ 746 747 ISC_LANG_ENDDECLS 748 749 #endif /* DNS_RESOLVER_H */ 750