1 /* 2 * Copyright (C) Internet Systems Consortium, Inc. ("ISC") 3 * 4 * SPDX-License-Identifier: MPL-2.0 5 * 6 * This Source Code Form is subject to the terms of the Mozilla Public 7 * License, v. 2.0. If a copy of the MPL was not distributed with this 8 * file, you can obtain one at https://mozilla.org/MPL/2.0/. 9 * 10 * See the COPYRIGHT file distributed with this work for additional 11 * information regarding copyright ownership. 12 */ 13 14 #ifndef DNS_RESOLVER_H 15 #define DNS_RESOLVER_H 1 16 17 /***** 18 ***** Module Info 19 *****/ 20 21 /*! \file dns/resolver.h 22 * 23 * \brief 24 * This is the BIND 9 resolver, the module responsible for resolving DNS 25 * requests by iteratively querying authoritative servers and following 26 * referrals. This is a "full resolver", not to be confused with 27 * the stub resolvers most people associate with the word "resolver". 28 * The full resolver is part of the caching name server or resolver 29 * daemon the stub resolver talks to. 30 * 31 * MP: 32 *\li The module ensures appropriate synchronization of data structures it 33 * creates and manipulates. 34 * 35 * Reliability: 36 *\li No anticipated impact. 37 * 38 * Resources: 39 *\li TBS 40 * 41 * Security: 42 *\li No anticipated impact. 43 * 44 * Standards: 45 *\li RFCs: 1034, 1035, 2181, TBS 46 *\li Drafts: TBS 47 */ 48 49 #include <inttypes.h> 50 #include <stdbool.h> 51 52 #include <isc/lang.h> 53 #include <isc/socket.h> 54 #include <isc/stats.h> 55 56 #include <dns/fixedname.h> 57 #include <dns/types.h> 58 59 ISC_LANG_BEGINDECLS 60 61 /*% 62 * A dns_fetchevent_t is sent when a 'fetch' completes. Any of 'db', 63 * 'node', 'rdataset', and 'sigrdataset' may be bound. It is the 64 * receiver's responsibility to detach before freeing the event. 65 * \brief 66 * 'rdataset', 'sigrdataset', 'client' and 'id' are the values that were 67 * supplied when dns_resolver_createfetch() was called. They are returned 68 * to the caller so that they may be freed. 69 */ 70 typedef struct dns_fetchevent { 71 ISC_EVENT_COMMON(struct dns_fetchevent); 72 dns_fetch_t *fetch; 73 isc_result_t result; 74 dns_rdatatype_t qtype; 75 dns_db_t *db; 76 dns_dbnode_t *node; 77 dns_rdataset_t *rdataset; 78 dns_rdataset_t *sigrdataset; 79 dns_fixedname_t foundname; 80 const isc_sockaddr_t *client; 81 dns_messageid_t id; 82 isc_result_t vresult; 83 } dns_fetchevent_t; 84 85 /*% 86 * The two quota types (fetches-per-zone and fetches-per-server) 87 */ 88 typedef enum { dns_quotatype_zone = 0, dns_quotatype_server } dns_quotatype_t; 89 90 /* 91 * Options that modify how a 'fetch' is done. 92 */ 93 #define DNS_FETCHOPT_TCP 0x00000001 /*%< Use TCP. */ 94 #define DNS_FETCHOPT_UNSHARED 0x00000002 /*%< See below. */ 95 #define DNS_FETCHOPT_RECURSIVE 0x00000004 /*%< Set RD? */ 96 #define DNS_FETCHOPT_NOEDNS0 0x00000008 /*%< Do not use EDNS. */ 97 #define DNS_FETCHOPT_FORWARDONLY 0x00000010 /*%< Only use forwarders. */ 98 #define DNS_FETCHOPT_NOVALIDATE 0x00000020 /*%< Disable validation. */ 99 #define DNS_FETCHOPT_EDNS512 \ 100 0x00000040 /*%< Advertise a 512 byte \ 101 * UDP buffer. */ 102 #define DNS_FETCHOPT_WANTNSID 0x00000080 /*%< Request NSID */ 103 #define DNS_FETCHOPT_PREFETCH 0x00000100 /*%< Do prefetch */ 104 #define DNS_FETCHOPT_NOCDFLAG 0x00000200 /*%< Don't set CD flag. */ 105 #define DNS_FETCHOPT_NONTA 0x00000400 /*%< Ignore NTA table. */ 106 /* RESERVED ECS 0x00000000 */ 107 /* RESERVED ECS 0x00001000 */ 108 /* RESERVED ECS 0x00002000 */ 109 /* RESERVED TCPCLIENT 0x00004000 */ 110 #define DNS_FETCHOPT_NOCACHED 0x00008000 /*%< Force cache update. */ 111 #define DNS_FETCHOPT_QMINIMIZE \ 112 0x00010000 /*%< Use qname \ 113 * minimization. */ 114 #define DNS_FETCHOPT_NOFOLLOW \ 115 0x00020000 /*%< Don't follow \ 116 * delegations */ 117 #define DNS_FETCHOPT_QMIN_STRICT \ 118 0x00040000 /*%< Do not work around \ 119 * servers that return \ 120 * errors on non-empty \ 121 * terminals. */ 122 #define DNS_FETCHOPT_QMIN_USE_A \ 123 0x00080000 /*%< Use A type queries \ 124 * instead of NS when \ 125 * doing minimization */ 126 #define DNS_FETCHOPT_QMIN_SKIP_IP6A \ 127 0x00100000 /*%< Skip some labels \ 128 * when doing qname \ 129 * minimization on \ 130 * ip6.arpa. */ 131 #define DNS_FETCHOPT_NOFORWARD \ 132 0x00200000 /*%< Do not use forwarders \ 133 * if possible. */ 134 135 /* Reserved in use by adb.c 0x00400000 */ 136 #define DNS_FETCHOPT_EDNSVERSIONSET 0x00800000 137 #define DNS_FETCHOPT_EDNSVERSIONMASK 0xff000000 138 #define DNS_FETCHOPT_EDNSVERSIONSHIFT 24 139 #define DNS_FETCHOPT_TRYSTALE_ONTIMEOUT 0x01000000 140 141 /* 142 * Upper bounds of class of query RTT (ms). Corresponds to 143 * dns_resstatscounter_queryrttX statistics counters. 144 */ 145 #define DNS_RESOLVER_QRYRTTCLASS0 10 146 #define DNS_RESOLVER_QRYRTTCLASS0STR "10" 147 #define DNS_RESOLVER_QRYRTTCLASS1 100 148 #define DNS_RESOLVER_QRYRTTCLASS1STR "100" 149 #define DNS_RESOLVER_QRYRTTCLASS2 500 150 #define DNS_RESOLVER_QRYRTTCLASS2STR "500" 151 #define DNS_RESOLVER_QRYRTTCLASS3 800 152 #define DNS_RESOLVER_QRYRTTCLASS3STR "800" 153 #define DNS_RESOLVER_QRYRTTCLASS4 1600 154 #define DNS_RESOLVER_QRYRTTCLASS4STR "1600" 155 156 /* 157 * XXXRTH Should this API be made semi-private? (I.e. 158 * _dns_resolver_create()). 159 */ 160 161 #define DNS_RESOLVER_CHECKNAMES 0x01 162 #define DNS_RESOLVER_CHECKNAMESFAIL 0x02 163 164 #define DNS_QMIN_MAXLABELS 7 165 #define DNS_QMIN_MAX_NO_DELEGATION 3 166 #define DNS_MAX_LABELS 127 167 168 isc_result_t 169 dns_resolver_create(dns_view_t *view, isc_taskmgr_t *taskmgr, 170 unsigned int ntasks, unsigned int ndisp, 171 isc_socketmgr_t *socketmgr, isc_timermgr_t *timermgr, 172 unsigned int options, dns_dispatchmgr_t *dispatchmgr, 173 dns_dispatch_t *dispatchv4, dns_dispatch_t *dispatchv6, 174 dns_resolver_t **resp); 175 176 /*%< 177 * Create a resolver. 178 * 179 * Notes: 180 * 181 *\li Generally, applications should not create a resolver directly, but 182 * should instead call dns_view_createresolver(). 183 * 184 * Requires: 185 * 186 *\li 'view' is a valid view. 187 * 188 *\li 'taskmgr' is a valid task manager. 189 * 190 *\li 'ntasks' > 0. 191 * 192 *\li 'socketmgr' is a valid socket manager. 193 * 194 *\li 'timermgr' is a valid timer manager. 195 * 196 *\li 'dispatchv4' is a dispatch with an IPv4 UDP socket, or is NULL. 197 * If not NULL, 'ndisp' clones of it will be created by the resolver. 198 * 199 *\li 'dispatchv6' is a dispatch with an IPv6 UDP socket, or is NULL. 200 * If not NULL, 'ndisp' clones of it will be created by the resolver. 201 * 202 *\li resp != NULL && *resp == NULL. 203 * 204 * Returns: 205 * 206 *\li #ISC_R_SUCCESS On success. 207 * 208 *\li Anything else Failure. 209 */ 210 211 void 212 dns_resolver_freeze(dns_resolver_t *res); 213 /*%< 214 * Freeze resolver. 215 * 216 * Notes: 217 * 218 *\li Certain configuration changes cannot be made after the resolver 219 * is frozen. Fetches cannot be created until the resolver is frozen. 220 * 221 * Requires: 222 * 223 *\li 'res' is a valid resolver. 224 * 225 * Ensures: 226 * 227 *\li 'res' is frozen. 228 */ 229 230 void 231 dns_resolver_prime(dns_resolver_t *res); 232 /*%< 233 * Prime resolver. 234 * 235 * Notes: 236 * 237 *\li Resolvers which have a forwarding policy other than dns_fwdpolicy_only 238 * need to be primed with the root nameservers, otherwise the root 239 * nameserver hints data may be used indefinitely. This function requests 240 * that the resolver start a priming fetch, if it isn't already priming. 241 * 242 * Requires: 243 * 244 *\li 'res' is a valid, frozen resolver. 245 */ 246 247 void 248 dns_resolver_whenshutdown(dns_resolver_t *res, isc_task_t *task, 249 isc_event_t **eventp); 250 /*%< 251 * Send '*eventp' to 'task' when 'res' has completed shutdown. 252 * 253 * Notes: 254 * 255 *\li It is not safe to detach the last reference to 'res' until 256 * shutdown is complete. 257 * 258 * Requires: 259 * 260 *\li 'res' is a valid resolver. 261 * 262 *\li 'task' is a valid task. 263 * 264 *\li *eventp is a valid event. 265 * 266 * Ensures: 267 * 268 *\li *eventp == NULL. 269 */ 270 271 void 272 dns_resolver_shutdown(dns_resolver_t *res); 273 /*%< 274 * Start the shutdown process for 'res'. 275 * 276 * Notes: 277 * 278 *\li This call has no effect if the resolver is already shutting down. 279 * 280 * Requires: 281 * 282 *\li 'res' is a valid resolver. 283 */ 284 285 void 286 dns_resolver_attach(dns_resolver_t *source, dns_resolver_t **targetp); 287 288 void 289 dns_resolver_detach(dns_resolver_t **resp); 290 291 isc_result_t 292 dns_resolver_createfetch(dns_resolver_t *res, const dns_name_t *name, 293 dns_rdatatype_t type, const dns_name_t *domain, 294 dns_rdataset_t *nameservers, 295 dns_forwarders_t *forwarders, 296 const isc_sockaddr_t *client, dns_messageid_t id, 297 unsigned int options, unsigned int depth, 298 isc_counter_t *qc, isc_task_t *task, 299 isc_taskaction_t action, void *arg, 300 dns_rdataset_t *rdataset, dns_rdataset_t *sigrdataset, 301 dns_fetch_t **fetchp); 302 /*%< 303 * Recurse to answer a question. 304 * 305 * Notes: 306 * 307 *\li This call starts a query for 'name', type 'type'. 308 * 309 *\li The 'domain' is a parent domain of 'name' for which 310 * a set of name servers 'nameservers' is known. If no 311 * such name server information is available, set 312 * 'domain' and 'nameservers' to NULL. 313 * 314 *\li 'forwarders' is unimplemented, and subject to change when 315 * we figure out how selective forwarding will work. 316 * 317 *\li When the fetch completes (successfully or otherwise), a 318 * #DNS_EVENT_FETCHDONE event with action 'action' and arg 'arg' will be 319 * posted to 'task'. 320 * 321 *\li The values of 'rdataset' and 'sigrdataset' will be returned in 322 * the FETCHDONE event. 323 * 324 *\li 'client' and 'id' are used for duplicate query detection. '*client' 325 * must remain stable until after 'action' has been called or 326 * dns_resolver_cancelfetch() is called. 327 * 328 * Requires: 329 * 330 *\li 'res' is a valid resolver that has been frozen. 331 * 332 *\li 'name' is a valid name. 333 * 334 *\li 'type' is not a meta type other than ANY. 335 * 336 *\li 'domain' is a valid name or NULL. 337 * 338 *\li 'nameservers' is a valid NS rdataset (whose owner name is 'domain') 339 * iff. 'domain' is not NULL. 340 * 341 *\li 'forwarders' is NULL. 342 * 343 *\li 'client' is a valid sockaddr or NULL. 344 * 345 *\li 'options' contains valid options. 346 * 347 *\li 'rdataset' is a valid, disassociated rdataset. 348 * 349 *\li 'sigrdataset' is NULL, or is a valid, disassociated rdataset. 350 * 351 *\li fetchp != NULL && *fetchp == NULL. 352 * 353 * Returns: 354 * 355 *\li #ISC_R_SUCCESS Success 356 *\li #DNS_R_DUPLICATE 357 *\li #DNS_R_DROP 358 * 359 *\li Many other values are possible, all of which indicate failure. 360 */ 361 362 void 363 dns_resolver_cancelfetch(dns_fetch_t *fetch); 364 /*%< 365 * Cancel 'fetch'. 366 * 367 * Notes: 368 * 369 *\li If 'fetch' has not completed, post its FETCHDONE event with a 370 * result code of #ISC_R_CANCELED. 371 * 372 * Requires: 373 * 374 *\li 'fetch' is a valid fetch. 375 */ 376 377 void 378 dns_resolver_destroyfetch(dns_fetch_t **fetchp); 379 /*%< 380 * Destroy 'fetch'. 381 * 382 * Requires: 383 * 384 *\li '*fetchp' is a valid fetch. 385 * 386 *\li The caller has received the FETCHDONE event (either because the 387 * fetch completed or because dns_resolver_cancelfetch() was called). 388 * 389 * Ensures: 390 * 391 *\li *fetchp == NULL. 392 */ 393 394 void 395 dns_resolver_logfetch(dns_fetch_t *fetch, isc_log_t *lctx, 396 isc_logcategory_t *category, isc_logmodule_t *module, 397 int level, bool duplicateok); 398 /*%< 399 * Dump a log message on internal state at the completion of given 'fetch'. 400 * 'lctx', 'category', 'module', and 'level' are used to write the log message. 401 * By default, only one log message is written even if the corresponding fetch 402 * context serves multiple clients; if 'duplicateok' is true the suppression 403 * is disabled and the message can be written every time this function is 404 * called. 405 * 406 * Requires: 407 * 408 *\li 'fetch' is a valid fetch, and has completed. 409 */ 410 411 dns_dispatchmgr_t * 412 dns_resolver_dispatchmgr(dns_resolver_t *resolver); 413 414 dns_dispatch_t * 415 dns_resolver_dispatchv4(dns_resolver_t *resolver); 416 417 dns_dispatch_t * 418 dns_resolver_dispatchv6(dns_resolver_t *resolver); 419 420 isc_socketmgr_t * 421 dns_resolver_socketmgr(dns_resolver_t *resolver); 422 423 isc_taskmgr_t * 424 dns_resolver_taskmgr(dns_resolver_t *resolver); 425 426 uint32_t 427 dns_resolver_getlamettl(dns_resolver_t *resolver); 428 /*%< 429 * Get the resolver's lame-ttl. zero => no lame processing. 430 * 431 * Requires: 432 *\li 'resolver' to be valid. 433 */ 434 435 void 436 dns_resolver_setlamettl(dns_resolver_t *resolver, uint32_t lame_ttl); 437 /*%< 438 * Set the resolver's lame-ttl. zero => no lame processing. 439 * 440 * Requires: 441 *\li 'resolver' to be valid. 442 */ 443 444 isc_result_t 445 dns_resolver_addalternate(dns_resolver_t *resolver, const isc_sockaddr_t *alt, 446 const dns_name_t *name, in_port_t port); 447 /*%< 448 * Add alternate addresses to be tried in the event that the nameservers 449 * for a zone are not available in the address families supported by the 450 * operating system. 451 * 452 * Require: 453 * \li only one of 'name' or 'alt' to be valid. 454 */ 455 456 void 457 dns_resolver_setudpsize(dns_resolver_t *resolver, uint16_t udpsize); 458 /*%< 459 * Set the EDNS UDP buffer size advertised by the server. 460 */ 461 462 uint16_t 463 dns_resolver_getudpsize(dns_resolver_t *resolver); 464 /*%< 465 * Get the current EDNS UDP buffer size. 466 */ 467 468 void 469 dns_resolver_reset_algorithms(dns_resolver_t *resolver); 470 /*%< 471 * Clear the disabled DNSSEC algorithms. 472 */ 473 474 void 475 dns_resolver_reset_ds_digests(dns_resolver_t *resolver); 476 /*%< 477 * Clear the disabled DS digest types. 478 */ 479 480 isc_result_t 481 dns_resolver_disable_algorithm(dns_resolver_t *resolver, const dns_name_t *name, 482 unsigned int alg); 483 /*%< 484 * Mark the given DNSSEC algorithm as disabled and below 'name'. 485 * Valid algorithms are less than 256. 486 * 487 * Returns: 488 *\li #ISC_R_SUCCESS 489 *\li #ISC_R_RANGE 490 *\li #ISC_R_NOMEMORY 491 */ 492 493 isc_result_t 494 dns_resolver_disable_ds_digest(dns_resolver_t *resolver, const dns_name_t *name, 495 unsigned int digest_type); 496 /*%< 497 * Mark the given DS digest type as disabled and below 'name'. 498 * Valid types are less than 256. 499 * 500 * Returns: 501 *\li #ISC_R_SUCCESS 502 *\li #ISC_R_RANGE 503 *\li #ISC_R_NOMEMORY 504 */ 505 506 bool 507 dns_resolver_algorithm_supported(dns_resolver_t *resolver, 508 const dns_name_t *name, unsigned int alg); 509 /*%< 510 * Check if the given algorithm is supported by this resolver. 511 * This checks whether the algorithm has been disabled via 512 * dns_resolver_disable_algorithm(), then checks the underlying 513 * crypto libraries if it was not specifically disabled. 514 */ 515 516 bool 517 dns_resolver_ds_digest_supported(dns_resolver_t *resolver, 518 const dns_name_t *name, 519 unsigned int digest_type); 520 /*%< 521 * Check if the given digest type is supported by this resolver. 522 * This checks whether the digest type has been disabled via 523 * dns_resolver_disable_ds_digest(), then checks the underlying 524 * crypto libraries if it was not specifically disabled. 525 */ 526 527 void 528 dns_resolver_resetmustbesecure(dns_resolver_t *resolver); 529 530 isc_result_t 531 dns_resolver_setmustbesecure(dns_resolver_t *resolver, const dns_name_t *name, 532 bool value); 533 534 bool 535 dns_resolver_getmustbesecure(dns_resolver_t *resolver, const dns_name_t *name); 536 537 void 538 dns_resolver_settimeout(dns_resolver_t *resolver, unsigned int timeout); 539 /*%< 540 * Set the length of time the resolver will work on a query, in milliseconds. 541 * 542 * 'timeout' was originally defined in seconds, and later redefined to be in 543 * milliseconds. Values less than or equal to 300 are treated as seconds. 544 * 545 * If timeout is 0, the default timeout will be applied. 546 * 547 * Requires: 548 * \li resolver to be valid. 549 */ 550 551 unsigned int 552 dns_resolver_gettimeout(dns_resolver_t *resolver); 553 /*%< 554 * Get the current length of time the resolver will work on a query, 555 * in milliseconds. 556 * 557 * Requires: 558 * \li resolver to be valid. 559 */ 560 561 void 562 dns_resolver_setclientsperquery(dns_resolver_t *resolver, uint32_t min, 563 uint32_t max); 564 void 565 dns_resolver_setfetchesperzone(dns_resolver_t *resolver, uint32_t clients); 566 567 void 568 dns_resolver_getclientsperquery(dns_resolver_t *resolver, uint32_t *cur, 569 uint32_t *min, uint32_t *max); 570 571 bool 572 dns_resolver_getzeronosoattl(dns_resolver_t *resolver); 573 574 void 575 dns_resolver_setzeronosoattl(dns_resolver_t *resolver, bool state); 576 577 unsigned int 578 dns_resolver_getretryinterval(dns_resolver_t *resolver); 579 580 void 581 dns_resolver_setretryinterval(dns_resolver_t *resolver, unsigned int interval); 582 /*%< 583 * Sets the amount of time, in milliseconds, that is waited for a reply 584 * to a server before another server is tried. Interacts with the 585 * value of dns_resolver_getnonbackofftries() by trying that number of times 586 * at this interval, before doing exponential backoff and doubling the interval 587 * on each subsequent try, to a maximum of 10 seconds. Defaults to 800 ms; 588 * silently capped at 2000 ms. 589 * 590 * Requires: 591 * \li resolver to be valid. 592 * \li interval > 0. 593 */ 594 595 unsigned int 596 dns_resolver_getnonbackofftries(dns_resolver_t *resolver); 597 598 void 599 dns_resolver_setnonbackofftries(dns_resolver_t *resolver, unsigned int tries); 600 /*%< 601 * Sets the number of failures of getting a reply from remote servers for 602 * a query before backing off by doubling the retry interval for each 603 * subsequent request sent. Defaults to 3. 604 * 605 * Requires: 606 * \li resolver to be valid. 607 * \li tries > 0. 608 */ 609 610 unsigned int 611 dns_resolver_getoptions(dns_resolver_t *resolver); 612 /*%< 613 * Get the resolver options. 614 * 615 * Requires: 616 * \li resolver to be valid. 617 */ 618 619 void 620 dns_resolver_addbadcache(dns_resolver_t *resolver, const dns_name_t *name, 621 dns_rdatatype_t type, isc_time_t *expire); 622 /*%< 623 * Add a entry to the bad cache for <name,type> that will expire at 'expire'. 624 * 625 * Requires: 626 * \li resolver to be valid. 627 * \li name to be valid. 628 */ 629 630 bool 631 dns_resolver_getbadcache(dns_resolver_t *resolver, const dns_name_t *name, 632 dns_rdatatype_t type, isc_time_t *now); 633 /*%< 634 * Check to see if there is a unexpired entry in the bad cache for 635 * <name,type>. 636 * 637 * Requires: 638 * \li resolver to be valid. 639 * \li name to be valid. 640 */ 641 642 void 643 dns_resolver_flushbadcache(dns_resolver_t *resolver, const dns_name_t *name); 644 /*%< 645 * Flush the bad cache of all entries at 'name' if 'name' is non NULL. 646 * Flush the entire bad cache if 'name' is NULL. 647 * 648 * Requires: 649 * \li resolver to be valid. 650 */ 651 652 void 653 dns_resolver_flushbadnames(dns_resolver_t *resolver, const dns_name_t *name); 654 /*%< 655 * Flush the bad cache of all entries at or below 'name'. 656 * 657 * Requires: 658 * \li resolver to be valid. 659 * \li name != NULL 660 */ 661 662 void 663 dns_resolver_printbadcache(dns_resolver_t *resolver, FILE *fp); 664 /*% 665 * Print out the contents of the bad cache to 'fp'. 666 * 667 * Requires: 668 * \li resolver to be valid. 669 */ 670 671 void 672 dns_resolver_setquerydscp4(dns_resolver_t *resolver, isc_dscp_t dscp); 673 isc_dscp_t 674 dns_resolver_getquerydscp4(dns_resolver_t *resolver); 675 676 void 677 dns_resolver_setquerydscp6(dns_resolver_t *resolver, isc_dscp_t dscp); 678 isc_dscp_t 679 dns_resolver_getquerydscp6(dns_resolver_t *resolver); 680 /*% 681 * Get and set the DSCP values for the resolver's IPv4 and IPV6 query 682 * sources. 683 * 684 * Requires: 685 * \li resolver to be valid. 686 */ 687 688 void 689 dns_resolver_setmaxdepth(dns_resolver_t *resolver, unsigned int maxdepth); 690 unsigned int 691 dns_resolver_getmaxdepth(dns_resolver_t *resolver); 692 /*% 693 * Get and set how many NS indirections will be followed when looking for 694 * nameserver addresses. 695 * 696 * Requires: 697 * \li resolver to be valid. 698 */ 699 700 void 701 dns_resolver_setmaxqueries(dns_resolver_t *resolver, unsigned int queries); 702 unsigned int 703 dns_resolver_getmaxqueries(dns_resolver_t *resolver); 704 /*% 705 * Get and set how many iterative queries will be allowed before 706 * terminating a recursive query. 707 * 708 * Requires: 709 * \li resolver to be valid. 710 */ 711 712 void 713 dns_resolver_setquotaresponse(dns_resolver_t *resolver, dns_quotatype_t which, 714 isc_result_t resp); 715 isc_result_t 716 dns_resolver_getquotaresponse(dns_resolver_t *resolver, dns_quotatype_t which); 717 /*% 718 * Get and set the result code that will be used when quotas 719 * are exceeded. If 'which' is set to quotatype "zone", then the 720 * result specified in 'resp' will be used when the fetches-per-zone 721 * quota is exceeded by a fetch. If 'which' is set to quotatype "server", 722 * then the result specified in 'resp' will be used when the 723 * fetches-per-server quota has been exceeded for all the 724 * authoritative servers for a zone. Valid choices are 725 * DNS_R_DROP or DNS_R_SERVFAIL. 726 * 727 * Requires: 728 * \li 'resolver' to be valid. 729 * \li 'which' to be dns_quotatype_zone or dns_quotatype_server 730 * \li 'resp' to be DNS_R_DROP or DNS_R_SERVFAIL. 731 */ 732 733 void 734 dns_resolver_dumpfetches(dns_resolver_t *resolver, isc_statsformat_t format, 735 FILE *fp); 736 737 #ifdef ENABLE_AFL 738 /*% 739 * Enable fuzzing of resolver, changes behaviour and eliminates retries 740 */ 741 void 742 dns_resolver_setfuzzing(void); 743 #endif /* ifdef ENABLE_AFL */ 744 745 ISC_LANG_ENDDECLS 746 747 #endif /* DNS_RESOLVER_H */ 748