diff options
| author |   florian <florian@openbsd.org> | 2017-04-15 09:15:45 +0000 |
|---|---|---|
| committer | florian <florian@openbsd.org> | 2017-04-15 09:15:45 +0000 |
| commit | db7d0d02cdf695b4f3cbc8748a264162da703c76 (patch) | |
| tree | c302a4ac1b7f2522b323ea4bebe14cb679a0a258 /usr.sbin/nsd | |
| parent | Fix format string in ACPI_MEMDEBUG block (diff) | |
| download | wireguard-openbsd-db7d0d02cdf695b4f3cbc8748a264162da703c76.tar.xz wireguard-openbsd-db7d0d02cdf695b4f3cbc8748a264162da703c76.zip | |
update to 4.1.16rc1
tests & OK sthen
(if there are more changes coming for 4.1.16 release we will just
commit them on top)
Diffstat (limited to 'usr.sbin/nsd')
| -rw-r--r-- | usr.sbin/nsd/configlexer.lex | 1 | ||||
| -rw-r--r-- | usr.sbin/nsd/configparser.y | 16 | ||||
| -rw-r--r-- | usr.sbin/nsd/configure.ac | 2 | ||||
| -rw-r--r-- | usr.sbin/nsd/difffile.c | 4 | ||||
| -rw-r--r-- | usr.sbin/nsd/nsd-checkconf.c | 2 | ||||
| -rw-r--r-- | usr.sbin/nsd/nsd.conf.5.in | 8 | ||||
| -rw-r--r-- | usr.sbin/nsd/nsd.conf.sample.in | 3 | ||||
| -rw-r--r-- | usr.sbin/nsd/options.c | 1 | ||||
| -rw-r--r-- | usr.sbin/nsd/options.h | 1 | ||||
| -rw-r--r-- | usr.sbin/nsd/packet.c | 1 | ||||
| -rw-r--r-- | usr.sbin/nsd/packet.h | 2 | ||||
| -rw-r--r-- | usr.sbin/nsd/query.c | 6 | ||||
| -rw-r--r-- | usr.sbin/nsd/rdata.c | 2 | ||||
| -rw-r--r-- | usr.sbin/nsd/server.c | 2 | ||||
| -rw-r--r-- | usr.sbin/nsd/udb.c | 6 | ||||
| -rw-r--r-- | usr.sbin/nsd/xfrd.c | 6 | ||||
| -rw-r--r-- | usr.sbin/nsd/zonec.c | 2 |
17 files changed, 55 insertions, 10 deletions
diff --git a/usr.sbin/nsd/configlexer.lex b/usr.sbin/nsd/configlexer.lex index 42dbd152f16..547e7db3e02 100644 --- a/usr.sbin/nsd/configlexer.lex +++ b/usr.sbin/nsd/configlexer.lex @@ -271,6 +271,7 @@ zonefiles-check{COLON} { LEXOUT(("v(%s) ", yytext)); return VAR_ZONEFILES_CHECK; zonefiles-write{COLON} { LEXOUT(("v(%s) ", yytext)); return VAR_ZONEFILES_WRITE;} log-time-ascii{COLON} { LEXOUT(("v(%s) ", yytext)); return VAR_LOG_TIME_ASCII;} round-robin{COLON} { LEXOUT(("v(%s) ", yytext)); return VAR_ROUND_ROBIN;} +minimal-responses{COLON} { LEXOUT(("v(%s) ", yytext)); return VAR_MINIMAL_RESPONSES;} max-refresh-time{COLON} { LEXOUT(("v(%s) ", yytext)); return VAR_MAX_REFRESH_TIME;} min-refresh-time{COLON} { LEXOUT(("v(%s) ", yytext)); return VAR_MIN_REFRESH_TIME;} max-retry-time{COLON} { LEXOUT(("v(%s) ", yytext)); return VAR_MAX_RETRY_TIME;} diff --git a/usr.sbin/nsd/configparser.y b/usr.sbin/nsd/configparser.y index bf20db12c72..36c87c44d19 100644 --- a/usr.sbin/nsd/configparser.y +++ b/usr.sbin/nsd/configparser.y @@ -71,7 +71,7 @@ extern config_parser_state_type* cfg_parser; %token VAR_ROUND_ROBIN VAR_ZONESTATS VAR_REUSEPORT VAR_VERSION %token VAR_MAX_REFRESH_TIME VAR_MIN_REFRESH_TIME %token VAR_MAX_RETRY_TIME VAR_MIN_RETRY_TIME -%token VAR_MULTI_MASTER_CHECK +%token VAR_MULTI_MASTER_CHECK VAR_MINIMAL_RESPONSES %% toplevelvars: /* empty */ | toplevelvars toplevelvar ; @@ -102,7 +102,8 @@ content_server: server_ip_address | server_ip_transparent | server_debug_mode | server_rrl_ipv4_prefix_length | server_rrl_ipv6_prefix_length | server_rrl_whitelist_ratelimit | server_zonefiles_check | server_do_ip4 | server_do_ip6 | server_zonefiles_write | server_log_time_ascii | server_round_robin | - server_reuseport | server_version | server_ip_freebind; + server_reuseport | server_version | server_ip_freebind | + server_minimal_responses; server_ip_address: VAR_IP_ADDRESS STRING { OUTYY(("P(server_ip_address:%s)\n", $2)); @@ -292,6 +293,17 @@ server_round_robin: VAR_ROUND_ROBIN STRING } } ; +server_minimal_responses: VAR_MINIMAL_RESPONSES STRING + { + OUTYY(("P(server_minimal_responses:%s)\n", $2)); + if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0) + yyerror("expected yes or no."); + else { + cfg_parser->opt->minimal_responses = (strcmp($2, "yes")==0); + minimal_responses = cfg_parser->opt->minimal_responses; + } + } + ; server_server_count: VAR_SERVER_COUNT STRING { OUTYY(("P(server_server_count:%s)\n", $2)); diff --git a/usr.sbin/nsd/configure.ac b/usr.sbin/nsd/configure.ac index b984cac435a..e9cba15c44a 100644 --- a/usr.sbin/nsd/configure.ac +++ b/usr.sbin/nsd/configure.ac @@ -4,7 +4,7 @@ dnl sinclude(acx_nlnetlabs.m4) -AC_INIT(NSD,4.1.15,nsd-bugs@nlnetlabs.nl) +AC_INIT(NSD,4.1.16,nsd-bugs@nlnetlabs.nl) AC_CONFIG_HEADER([config.h]) CFLAGS="$CFLAGS" diff --git a/usr.sbin/nsd/difffile.c b/usr.sbin/nsd/difffile.c index 720e3a5cc6e..dfef60dccc7 100644 --- a/usr.sbin/nsd/difffile.c +++ b/usr.sbin/nsd/difffile.c @@ -752,7 +752,9 @@ add_RR(namedb_type* db, const dname_type* dname, rr_type *rrs_old; ssize_t rdata_num; int rrnum; +#ifdef NSEC3 int rrset_added = 0; +#endif domain = domain_table_find(db->domains, dname); if(!domain) { /* create the domain */ @@ -770,7 +772,9 @@ add_RR(namedb_type* db, const dname_type* dname, rrset->rrs = 0; rrset->rr_count = 0; domain_add_rrset(domain, rrset); +#ifdef NSEC3 rrset_added = 1; +#endif } /* dnames in rdata are normalized, conform RFC 4035, diff --git a/usr.sbin/nsd/nsd-checkconf.c b/usr.sbin/nsd/nsd-checkconf.c index 0f8b2c8e1cd..6f3354fa95b 100644 --- a/usr.sbin/nsd/nsd-checkconf.c +++ b/usr.sbin/nsd/nsd-checkconf.c @@ -368,6 +368,7 @@ config_print_zone(nsd_options_type* opt, const char* k, int s, const char *o, SERV_GET_BIN(zonefiles_check, o); SERV_GET_BIN(log_time_ascii, o); SERV_GET_BIN(round_robin, o); + SERV_GET_BIN(minimal_responses, o); /* str */ SERV_GET_PATH(final, database, o); SERV_GET_STR(identity, o); @@ -506,6 +507,7 @@ config_test_print_server(nsd_options_type* opt) printf("\txfrd-reload-timeout: %d\n", opt->xfrd_reload_timeout); printf("\tlog-time-ascii: %s\n", opt->log_time_ascii?"yes":"no"); printf("\tround-robin: %s\n", opt->round_robin?"yes":"no"); + printf("\tminimal-responses: %s\n", opt->minimal_responses?"yes":"no"); printf("\tverbosity: %d\n", opt->verbosity); for(ip = opt->ip_addresses; ip; ip=ip->next) { diff --git a/usr.sbin/nsd/nsd.conf.5.in b/usr.sbin/nsd/nsd.conf.5.in index 6b2588f19cc..ec2cdd6d894 100644 --- a/usr.sbin/nsd/nsd.conf.5.in +++ b/usr.sbin/nsd/nsd.conf.5.in @@ -369,6 +369,14 @@ Enable round robin rotation of records in the answer. This changes the order of records in the answer and this may balance load across them. The default is no. .TP +.B minimal\-responses:\fR <yes or no> +Enable minimal responses for smaller answers. This makes packets smaller. +Extra data is only added for referrals, when it is really necessary. +This is different from the \-\-enable-minimal-responses configure time option, +that reduces packets, but exactly to the fragmentation length, the nsd.conf +option reduces packets as small as possible. +The default is no. +.TP .B zonefiles\-check:\fR <yes or no> Make NSD check the mtime of zone files on start and sighup. If you disable it it starts faster (less disk activity in case of a lot of zones). diff --git a/usr.sbin/nsd/nsd.conf.sample.in b/usr.sbin/nsd/nsd.conf.sample.in index 2f2214c9570..1b6ceef4361 100644 --- a/usr.sbin/nsd/nsd.conf.sample.in +++ b/usr.sbin/nsd/nsd.conf.sample.in @@ -132,6 +132,9 @@ server: # round robin rotation of records in the answer. # round-robin: no + # minimal-responses only emits extra data for referrals. + # minimal-responses: no + # check mtime of all zone files on start and sighup # zonefiles-check: yes diff --git a/usr.sbin/nsd/options.c b/usr.sbin/nsd/options.c index 883f154ed24..026f8b91fac 100644 --- a/usr.sbin/nsd/options.c +++ b/usr.sbin/nsd/options.c @@ -63,6 +63,7 @@ nsd_options_create(region_type* region) opt->logfile = 0; opt->log_time_ascii = 1; opt->round_robin = 0; /* also packet.h::round_robin */ + opt->minimal_responses = 0; /* also packet.h::minimal_responses */ opt->server_count = 1; opt->tcp_count = 100; opt->tcp_query_count = 0; diff --git a/usr.sbin/nsd/options.h b/usr.sbin/nsd/options.h index 9e1d1efc3e1..dedb9bfb662 100644 --- a/usr.sbin/nsd/options.h +++ b/usr.sbin/nsd/options.h @@ -93,6 +93,7 @@ struct nsd_options { int zonefiles_write; int log_time_ascii; int round_robin; + int minimal_responses; int reuseport; /** remote control section. enable toggle. */ diff --git a/usr.sbin/nsd/packet.c b/usr.sbin/nsd/packet.c index b0699d67747..0643202ae94 100644 --- a/usr.sbin/nsd/packet.c +++ b/usr.sbin/nsd/packet.c @@ -16,6 +16,7 @@ #include "rdata.h" int round_robin = 0; +int minimal_responses = 0; static void encode_dname(query_type *q, domain_type *domain) diff --git a/usr.sbin/nsd/packet.h b/usr.sbin/nsd/packet.h index a09f38b90dd..8540dcfdf6a 100644 --- a/usr.sbin/nsd/packet.h +++ b/usr.sbin/nsd/packet.h @@ -145,6 +145,8 @@ struct query; /* use round robin rotation */ extern int round_robin; +/* use minimal responses (more minimal, with additional only for referrals) */ +extern int minimal_responses; /* * Encode RR with OWNER as owner name into QUERY. Returns the number diff --git a/usr.sbin/nsd/query.c b/usr.sbin/nsd/query.c index a9317d2c794..d6e45a2e9d3 100644 --- a/usr.sbin/nsd/query.c +++ b/usr.sbin/nsd/query.c @@ -711,6 +711,9 @@ add_rrset(struct query *query, assert(rrset_rrclass(rrset) == CLASS_IN); result = answer_add_rrset(answer, section, owner, rrset); + if(minimal_responses && section != AUTHORITY_SECTION && + query->qtype != TYPE_NS) + return result; switch (rrset_rrtype(rrset)) { case TYPE_NS: #if defined(INET6) @@ -1007,7 +1010,8 @@ answer_domain(struct nsd* nsd, struct query *q, answer_type *answer, return; } - if (q->qclass != CLASS_ANY && q->zone->ns_rrset && answer_needs_ns(q)) { + if (q->qclass != CLASS_ANY && q->zone->ns_rrset && answer_needs_ns(q) + && !minimal_responses) { add_rrset(q, answer, OPTIONAL_AUTHORITY_SECTION, q->zone->apex, q->zone->ns_rrset); } diff --git a/usr.sbin/nsd/rdata.c b/usr.sbin/nsd/rdata.c index 0be90849511..3368e69fa7c 100644 --- a/usr.sbin/nsd/rdata.c +++ b/usr.sbin/nsd/rdata.c @@ -58,6 +58,8 @@ lookup_table_type dns_algorithms[] = { { 12, "ECC-GOST" }, /* RFC 5933 */ { 13, "ECDSAP256SHA256" }, /* RFC 6605 */ { 14, "ECDSAP384SHA384" }, /* RFC 6605 */ + { 15, "ED25519" }, /* RFC 8080 */ + { 16, "ED448" }, /* RFC 8080 */ { 252, "INDIRECT" }, { 253, "PRIVATEDNS" }, { 254, "PRIVATEOID" }, diff --git a/usr.sbin/nsd/server.c b/usr.sbin/nsd/server.c index 9018031cd74..c0835ce8c11 100644 --- a/usr.sbin/nsd/server.c +++ b/usr.sbin/nsd/server.c @@ -37,7 +37,9 @@ #ifdef HAVE_MMAP #include <sys/mman.h> #endif /* HAVE_MMAP */ +#ifdef HAVE_OPENSSL_RAND_H #include <openssl/rand.h> +#endif #ifndef USE_MINI_EVENT # ifdef HAVE_EVENT_H # include <event.h> diff --git a/usr.sbin/nsd/udb.c b/usr.sbin/nsd/udb.c index 6ec17aec0b6..3e91c7c8b4c 100644 --- a/usr.sbin/nsd/udb.c +++ b/usr.sbin/nsd/udb.c @@ -427,8 +427,7 @@ grow_ram_hash(udb_base* udb, udb_ptr** newhash) void udb_base_link_ptr(udb_base* udb, udb_ptr* ptr) { - uint32_t i = chunk_hash_ptr(ptr->data) & udb->ram_mask; - assert((size_t)i < udb->ram_size); + uint32_t i; #ifdef UDB_CHECK assert(udb_valid_dataptr(udb, ptr->data)); /* must be to whole chunk*/ #endif @@ -441,6 +440,9 @@ void udb_base_link_ptr(udb_base* udb, udb_ptr* ptr) grow_ram_hash(udb, newram); } } + i = chunk_hash_ptr(ptr->data) & udb->ram_mask; + assert((size_t)i < udb->ram_size); + ptr->prev = NULL; ptr->next = udb->ram_hash[i]; udb->ram_hash[i] = ptr; diff --git a/usr.sbin/nsd/xfrd.c b/usr.sbin/nsd/xfrd.c index 810ee3e2954..1c03750dacf 100644 --- a/usr.sbin/nsd/xfrd.c +++ b/usr.sbin/nsd/xfrd.c @@ -1892,13 +1892,13 @@ xfrd_parse_received_xfr_packet(xfrd_zone_type* zone, buffer_type* packet, zone->soa_disk_acquired = xfrd_time(); if(zone->soa_nsd.serial == soa->serial) zone->soa_nsd_acquired = xfrd_time(); + xfrd_set_zone_state(zone, xfrd_zone_ok); + DEBUG(DEBUG_XFRD,1, (LOG_INFO, "xfrd: zone %s is ok", + zone->apex_str)); if(zone->zone_options->pattern->multi_master_check) { region_destroy(tempregion); return xfrd_packet_drop; } - xfrd_set_zone_state(zone, xfrd_zone_ok); - DEBUG(DEBUG_XFRD,1, (LOG_INFO, "xfrd: zone %s is ok", - zone->apex_str)); if(zone->soa_notified_acquired == 0) { /* not notified or anything, so stop asking around */ zone->round_num = -1; /* next try start a new round */ diff --git a/usr.sbin/nsd/zonec.c b/usr.sbin/nsd/zonec.c index c186171039c..02e1a056b83 100644 --- a/usr.sbin/nsd/zonec.c +++ b/usr.sbin/nsd/zonec.c @@ -250,7 +250,7 @@ zparser_conv_serial(region_type *region, const char *serialstr) serial = strtoserial(serialstr, &t); if (*t != '\0') { - zc_error_prev_line("serial is expected"); + zc_error_prev_line("serial is expected or serial too big"); } else { serial = htonl(serial); r = alloc_rdata_init(region, &serial, sizeof(serial)); |