Commit 5a518341 authored by Grigorii Demidov's avatar Grigorii Demidov Committed by Petr Špaček

lib/resolve: cut fetching: don't use root hints if no keys fetched, but glue addresses found

parent 2ead5d2a
......@@ -267,12 +267,12 @@ static int ns_fetch_cut(struct kr_query *qry, const knot_dname_t *requested_name
qry->flags.DNSSEC_WANT = false;
}
/* Check if any DNSKEY found for cached cut */
if ((qry->flags.DNSSEC_WANT) && (cut_found.key == NULL)) {
/* No DNSKEY was found for cached cut.
* If no glue were fetched for this cut,
* we have got circular dependency - must fetch A\AAAA
* from authoritative, but we have no key to verify it.
* TODO - try to refetch cut only if no glue were fetched */
if (qry->flags.DNSSEC_WANT && cut_found.key == NULL &&
!kr_zonecut_is_any_glue(&cut_found)) {
/* Cut found and there are no proofs of zone insecurity.
* But no DNSKEY found and no glue fetched.
* We have got circular dependency - must fetch A\AAAA
* from authoritative, but we have no key to verify it. */
kr_zonecut_deinit(&cut_found);
if (requested_name[0] != '\0' ) {
/* If not root - try next label */
......
......@@ -250,6 +250,34 @@ pack_t *kr_zonecut_find(struct kr_zonecut *cut, const knot_dname_t *ns)
return map_get(nsset, key);
}
static int is_any_glue(const char *k, void *v, void *baton)
{
bool *glue_found = (bool *)baton;
if (*glue_found) {
return kr_ok();
}
pack_t *pack = (pack_t *)v;
if (pack != NULL && pack->len != 0) {
*glue_found = true;
}
return kr_ok();
}
bool kr_zonecut_is_any_glue(struct kr_zonecut *cut)
{
if (!cut) {
return false;
}
bool glue_found = false;
map_t *nsset = &cut->nsset;
map_walk(nsset, is_any_glue, &glue_found);
return glue_found;
}
int kr_zonecut_set_sbelt(struct kr_context *ctx, struct kr_zonecut *cut)
{
if (!ctx || !cut) {
......
......@@ -150,3 +150,11 @@ KR_EXPORT
int kr_zonecut_find_cached(struct kr_context *ctx, struct kr_zonecut *cut,
const knot_dname_t *name, const struct kr_query *qry,
bool * restrict secured);
/**
* Check if any glue addresses are present in zone cut
*
* @param cut zone cut to check
* @return true/false
*/
KR_EXPORT
bool kr_zonecut_is_any_glue(struct kr_zonecut *cut);
Subproject commit 9c7c6313552892913fd6e3e13d295c166b1c0623
Subproject commit ca6336af648f52b71a0d13f17bba3d41728569cb
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment