-
Notifications
You must be signed in to change notification settings - Fork 904
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Fix the forward zones in the recursor #3244
Conversation
ToDo:
|
@@ -954,14 +951,14 @@ int SyncRes::doResolveAt(set<DNSName> nameservers, DNSName auth, bool flawedNSSe | |||
bool sendRDQuery=false; | |||
boost::optional<Netmask> ednsmask; | |||
LWResult lwr; | |||
if(tns->empty()) { | |||
if(tns->empty() && nameservers[*tns].first == ComboAddress() ) { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'm not sure if this is idiomatic. We should maybe add a test for it if it is. It looks like we currently get away with it.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I added a unit test for this.
In the pre-DNSName era, when dns-native names were passed as strings, we overloaded the NS-name for a forward or auth zone. e.g. an empty string meant 'this is an auth zone' and '+203.0.113.1' meant 'forward to 203.0.113.1 with the RD bit set'. With DNSNames, this is impossible (yay!). In this commit, the set of strings (and later DNSNames), is replaced by a map where a DNSName is the key and the value is a pair of a ComboAddress and a boolean. A non-empty DNSName: This is a normal NS, recurse as usual (the pair is ignored). An empty DNSName and empty ComboAddress: We are auth for this zone, check the auth store for an answer. An empty DNSName and non-empty ComboAddress: The query must be forwarded to the ComboAddress specified and the boolean in the pair tells us the value of the RD bit in the query we need to send.
629564c
to
68b1e9f
Compare
68b1e9f
to
c9ff7d5
Compare
Fix the forward zones in the recursor
In the pre-DNSName era, when dns-native names were passed as strings, we
overloaded the NS-name for a forward or auth zone. e.g. an empty string
meant 'this is an auth zone' and '+203.0.113.1' meant 'forward to 203.0.113.1
with the RD bit set'. With DNSNames, this is impossible (yay!).
In this commit, the set of strings (and later DNSNames), is replaced by
a map where a DNSName is the key and the value is a pair of a
ComboAddress and a boolean.
A non-empty DNSName: This is a normal NS, recurse as usual (the pair is
ignored).
An empty DNSName and empty ComboAddress: We are auth for this zone,
check the auth store for an answer.
An empty DNSName and non-empty ComboAddress: The query must be forwarded
to the ComboAddress specified and the boolean in the pair tells us the
value of the RD bit in the query we need to send.