dblookup() used to only return the first matching entry. in
case of ipv6, we want all entries returned to get both v4
and v6 addresses... and these might not neccesarily be in
the same entry (see /lib/ndb/common). note also this makes
it behave the same as in cachedb mode which reads in the
whole database.
we do not know if v4 or v6 routing works, so the simplest
is just to query v4 and v6 nameservers in parallel. this is
done by changing serveraddrs() to return one address type,
and we make sure to get at least one v4 and one v6 address
each round.
get rid of the weigthed timeout code... there where too many
assumptions. instead, we give a round 500ms timeout (or 1 second
in patient mode) and honor the maximum query time.
remove myaddr() function and replace with myip() function
that receives binary ip address. and don't use string
comparsion for ip addresses... parse and then ipcmp().
for sanity reasons, normalize ip address strings and
reject unparsable ones. done by calling ipalookup()
with a binary ip address.
continue recursing when we get empty but non-negative answer
from a (claimed) authoritative nameserer that provides more
nameservers.
this fixes wordpress dns:
63766.3: sending to 192.0.80.93/ns1.wordpress.com bossypally.files.wordpress.com ip
63766: rcvd OK from 192.0.80.93 (authoritative)
Q: bossypally.files.wordpress.com ip
Auth: files.wordpress.com 5 min ns mdns1.wordpress.com
files.wordpress.com 5 min ns mdns2.wordpress.com
files.wordpress.com 5 min ns mdns3.wordpress.com
files.wordpress.com 5 min ns mdns4.wordpress.com
files.wordpress.com 5 min ns mdns5.wordpress.com
Hint: mdns1.wordpress.com 4 hr ip 192.0.75.7
mdns2.wordpress.com 4 hr ip 198.181.117.7
mdns3.wordpress.com 4 hr ip 198.181.116.7
mdns4.wordpress.com 4 hr ip 198.181.118.7
mdns5.wordpress.com 4 hr ip 192.0.74.7
63766.4: sending to 192.0.75.7/mdns1.wordpress.com bossypally.files.wordpress.com ip
63766: rcvd OK from 192.0.75.7 (authoritative)
Q: bossypally.files.wordpress.com ip
Ans: bossypally.files.wordpress.com 5 min ip 192.0.72.2
bossypally.files.wordpress.com 5 min ip 192.0.72.3
----------------------------
answer bossypally.files.wordpress.com 5 min ip 192.0.72.2
answer bossypally.files.wordpress.com 5 min ip 192.0.72.3
----------------------------
note the authoritative flag in the first response from ns1.wordpress.com that
would otherwise terminate the search.
we used to set RD flag in requests unconditionally, which
is fine by the standard but some dns server administrators
seem to use it as a denial of service indicator (for ther
non recursive authoritative nameservers) and ignore the
request.
so only set the RD flag when talking to local dns servers.
we might get a unreachable nameserver ip from a parent
nameserver. if the remaining set of nameservers does not
loop, we should try to resolve them.
so skip the loopcheck for nameservers already tried.
we have to fail the whole query that got no cached
nameservers and nameservers are looping, not just omit
the looping nameserver. issuequery() will refresh
nameserver info for the domain when recursing up.
never try to resolve a nameserver address when that nameserver
is in the set of nameservers already being queried.
this situation can happen when the Ta and Taaaa RR's expire, but
the Tns records are still in the cache so there is no usable
nameserver but they still refer to each another.
stop absolute/relative dual use of RR.ttl. now RR.ttl is
*always* the *relative* ttl value. we derive absolute
timeout in RR.expire.
remove unused lookuptime field in DN. replace refs and
keep with mark field in DN. we do not care about the
number of references. only *iff* it is referenced, so
use a single bit for that (bit 0). for keep, we use
bit 1.
remove dolock parameter in dnagenever(), it is not
needed. we always need to lock.
mark local dns servers and domains as never to be aged.
the keeper bit is *just* a cache optimization, preventing
the domain and the domains it points to from being flushed.
it should not be used as a write protect bit in rrattach()
for preventing spoofing as it will prevent updates of say,
cname domains.
remove "removing spam ..." message. these are usualy just
hints, so normal. still, remove the hint as we currently
do no check if the nameserver has authority over the
cname domain.
remove "mydnsquery: trying to send to myself (%s); bzzzt"
message. this can happen when myaddr() fails for other
reasons. myaddr() will print error for us anyway.
overriding aborttime in udpquery() makes no sense. it causes
recursive queries to extend the timeout infinitely. nobody
but the issuer of the request should modify aborttime.
removing the querylck from the DN as it was never used or being
effective which saves like a ton on space per domain name.
remove the Query.tcplock and put query on the stack. it is
unneccesary to lock the query as its only used by one process
at a time. put Query's on the stack.
change outsidens() to outsidensip() which now takes the ip
buffer that it fills instead of returning static buffer (which
would race with multiple processes involved).
eleminate mostly all of the lock(&dnlock)/unlock(&dnlock) calls.
we'r not working on shared cache RR's in the resolver procs.
we work on *copies* done by rrlookup() made under the dnlock.
the cache garbage collection only runs when all processes are
locked out and is also taking the dnlock while doing so.
cleanup xmitquery(). for the tcp case, we dont need to get
more nameserver addresses, just take the ip from the udp header
that tcpquery() placed there for us.
fixed baddelegation() to actually check for delegation loop even
if theres no dom info for our host.
remove lots of debug code. remove the dnforceage() as it doenst
make sure other processes are locked out. this could destroy
dn's currenctly refered by running queries.
remove dnageallnever() as its not used. dont attach rr's to
keepers to prevent outside spoofing.
make myaddr() retrive the ip address if not set.
