Commit 403660e4 authored by Vladimír Čunát's avatar Vladimír Čunát

Merge branch 'master' into hints-name-order

... to fix conflict in NEWS.
parents ffdd55a9 da26b547
Pipeline #10132 canceled with stages
in 1 minute and 4 seconds
......@@ -10,7 +10,7 @@ Bugfixes
--------
- daemon: check existence of config file even if rundir isn't specified
- policy.FORWARD and STUB: use RTT tracking to choose servers (#125, #208)
- dns64: fix CNAME problems (#203) It still won't work with query policies.
- dns64: fix CNAME problems (#203) It still won't work with policy.STUB.
- hints: better interpretation of hosts-like files (#204)
also, error out if a bad entry is encountered in the file
......
......@@ -290,7 +290,7 @@ You can hack on the container by changing the container entrypoint to shell like
.. _sphinx_rtd_theme: https://pypi.python.org/pypi/sphinx_rtd_theme
.. _GNU Make: https://www.gnu.org/software/make/
.. _pkg-config: https://www.freedesktop.org/wiki/Software/pkg-config/
.. _libknot: https://gitlab.labs.nic.cz/labs/knot
.. _libknot: https://gitlab.labs.nic.cz/knot/knot-dns
.. _cmocka: https://cmocka.org/
.. _Python: https://www.python.org/
.. _luasec: https://luarocks.org/modules/brunoos/luasec
......@@ -300,7 +300,7 @@ You can hack on the container by changing the container entrypoint to shell like
.. _boot2docker: http://boot2docker.io/
.. _deckard: https://gitlab.labs.nic.cz/knot/deckard
.. _deckard_doc: https://gitlab.labs.nic.cz/knot/resolver/blob/master/tests/README.rst
.. _deckard_doc: https://gitlab.labs.nic.cz/knot/knot-resolver/blob/master/tests/README.rst
.. _libsystemd: https://www.freedesktop.org/wiki/Software/systemd/
.. _dnstap: http://dnstap.info/
......
......@@ -76,7 +76,9 @@ it means that it yielded before and now it is resumed. This is useful in a situa
Writing layers
==============
The resolver :ref:`library <lib_index>` leverages the `processing API`_ from the libknot to separate packet processing code into layers.
.. warning:: FIXME: this dev-docs section is outdated! Better see comments in files instead, for now.
The resolver :ref:`library <lib_index>` leverages the processing API from the libknot to separate packet processing code into layers.
.. note:: This is only crash-course in the library internals, see the resolver :ref:`library <lib_index>` documentation for the complete overview of the services.
......@@ -272,8 +274,7 @@ As described in the layers, you can not only retrieve information about current
req:pop(qry)
.. _libknot: https://gitlab.labs.nic.cz/labs/knot/tree/master/src/libknot
.. _`processing API`: https://gitlab.labs.nic.cz/labs/knot/tree/master/src/libknot/processing
.. _bindings: https://gitlab.labs.nic.cz/knot/resolver/blob/master/daemon/lua/kres.lua#L361
.. _libknot: https://gitlab.labs.nic.cz/knot/knot-dns/tree/master/src/libknot
.. _bindings: https://gitlab.labs.nic.cz/knot/knot-resolver/blob/master/daemon/lua/kres.lua.in
.. |---| unicode:: U+02014 .. em dash
......@@ -271,7 +271,6 @@ struct rrcache_baton
struct kr_query *qry;
struct kr_cache *cache;
unsigned timestamp;
uint32_t min_ttl;
};
static int commit_rrsig(struct rrcache_baton *baton, uint8_t rank, uint8_t flags, knot_rrset_t *rr)
......@@ -288,14 +287,6 @@ static int commit_rr(const char *key, void *val, void *data)
{
knot_rrset_t *rr = val;
struct rrcache_baton *baton = data;
/* Ensure minimum TTL */
knot_rdata_t *rd = rr->rrs.data;
for (uint16_t i = 0; i < rr->rrs.rr_count; ++i) {
if (knot_rdata_ttl(rd) < baton->min_ttl) {
knot_rdata_set_ttl(rd, baton->min_ttl);
}
rd = kr_rdataset_next(rd);
}
/* Save RRSIG in a special cache. */
uint8_t rank = KEY_FLAG_RANK(key);
......@@ -343,7 +334,6 @@ static int stash_commit(map_t *stash, struct kr_query *qry, struct kr_cache *cac
.qry = qry,
.cache = cache,
.timestamp = qry->timestamp.tv_sec,
.min_ttl = MAX(DEFAULT_MINTTL, cache->ttl_min),
};
return map_walk(stash, &commit_rr, &baton);
}
......@@ -370,6 +360,8 @@ static int stash_selected(struct kr_request *req, knot_pkt_t *pkt, map_t *stash,
if (!arr->len) {
return kr_ok();
}
uint32_t min_ttl = MAX(DEFAULT_MINTTL, req->ctx->cache.ttl_min);
/* uncached entries are located at the end */
for (ssize_t i = arr->len - 1; i >= 0; --i) {
ranked_rr_array_entry_t *entry = arr->at[i];
......@@ -379,7 +371,17 @@ static int stash_selected(struct kr_request *req, knot_pkt_t *pkt, map_t *stash,
if (entry->cached) {
continue;
}
const knot_rrset_t *rr = entry->rr;
knot_rrset_t *rr = entry->rr;
/* Ensure minimum TTL */
knot_rdata_t *rd = rr->rrs.data;
for (uint16_t i = 0; i < rr->rrs.rr_count; ++i) {
if (knot_rdata_ttl(rd) < min_ttl) {
knot_rdata_set_ttl(rd, min_ttl);
}
rd = kr_rdataset_next(rd);
}
/* Skip NSEC3 RRs and their signatures. We don't use them this way.
* They would be stored under the hashed name, etc. */
if (kr_rrset_type_maysig(rr) == KNOT_RRTYPE_NSEC3) {
......
......@@ -958,6 +958,7 @@ static int forward_trust_chain_check(struct kr_request *request, struct kr_query
if (qry->parent != NULL &&
!(qry->forward_flags & QUERY_CNAME) &&
!(qry->flags & QUERY_DNS64_MARK) &&
knot_dname_in(qry->parent->zone_cut.name, qry->zone_cut.name)) {
return KR_STATE_PRODUCE;
}
......
......@@ -51,4 +51,4 @@ Dependencies
^^^^^^^^^^^^
* `Nettle <https://www.lysator.liu.se/~nisse/nettle/>`_ required for HMAC-SHA256
* development version of `libknot (master branch) <https://gitlab.labs.nic.cz/labs/knot/tree/master>`_ for DNS cookies handling
......@@ -5,7 +5,7 @@ DNS64
The module for :rfc:`6147` DNS64 AAAA-from-A record synthesis, it is used to enable client-server communication between an IPv6-only client and an IPv4-only server. See the well written `introduction`_ in the PowerDNS documentation.
.. warning:: The module currently won't work well with query policies.
.. warning:: The module currently won't work well with policy.STUB.
.. tip:: The A record sub-requests will be DNSSEC secured, but the synthetic AAAA records can't be. Make sure the last mile between stub and resolver is secure to avoid spoofing.
......
......@@ -44,7 +44,7 @@ struct dnstap_data {
/*
* dt_pack packs the dnstap message for transport
* https://gitlab.labs.nic.cz/labs/knot/blob/master/src/contrib/dnstap/dnstap.c#L24
* https://gitlab.labs.nic.cz/knot/knot-dns/blob/master/src/contrib/dnstap/dnstap.c#L24
* */
uint8_t* dt_pack(const Dnstap__Dnstap *d, uint8_t **buf, size_t *sz)
{
......@@ -65,7 +65,7 @@ uint8_t* dt_pack(const Dnstap__Dnstap *d, uint8_t **buf, size_t *sz)
}
/* set_address fills in address detail in dnstap_message
* https://gitlab.labs.nic.cz/labs/knot/blob/master/src/contrib/dnstap/message.c#L28
* https://gitlab.labs.nic.cz/knot/knot-dns/blob/master/src/contrib/dnstap/message.c#L28
*/
static void set_address(const struct sockaddr *sockaddr,
ProtobufCBinaryData *addr,
......@@ -236,7 +236,7 @@ int dnstap_deinit(struct kr_module *module) {
}
/* dnstap_unix_writer returns a unix fstream writer
* https://gitlab.labs.nic.cz/labs/knot/blob/master/src/knot/modules/dnstap.c#L159
* https://gitlab.labs.nic.cz/knot/knot-dns/blob/master/src/knot/modules/dnstap.c#L159
*/
static struct fstrm_writer* dnstap_unix_writer(const char *path) {
......
......@@ -20,7 +20,7 @@ CMD ["/usr/local/sbin/kresd"]
RUN \
apk --update add ${RUN_PKGS} && \
apk add --virtual build-dep ${BUILD_PKGS} && \
git clone https://gitlab.labs.nic.cz/knot/resolver.git /tmp/build && \
git clone https://gitlab.labs.nic.cz/knot/knot-resolver.git /tmp/build && \
cd /tmp/build && \
./scripts/bootstrap-depends.sh /usr/local && \
make -j4 install && \
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment