Maintained by: NLnet Labs
Macros | Functions
authzone.c File Reference

This file contains the functions for an authority zone. More...

#include "config.h"
#include "services/authzone.h"
#include "util/data/dname.h"
#include "util/data/msgreply.h"
#include "util/data/packed_rrset.h"
#include "util/regional.h"
#include "util/net_help.h"
#include "util/config_file.h"
#include "util/log.h"
#include "services/cache/dns.h"
#include "sldns/rrdef.h"
#include "sldns/pkthdr.h"
#include "sldns/sbuffer.h"
#include "sldns/str2wire.h"
#include "sldns/wire2str.h"
#include "sldns/parseutil.h"
#include "validator/val_nsec3.h"
#include "validator/val_secalgo.h"

Macros

#define N3HASHBUFLEN   32
 bytes to use for NSEC3 hash buffer. More...
 
#define MAX_CNAME_CHAIN   8
 max number of CNAMEs we are willing to follow (in one answer)
 

Functions

static struct dns_msgmsg_create (struct regional *region, struct query_info *qinfo)
 create new dns_msg
 
static int msg_grow_array (struct regional *region, struct dns_msg *msg)
 grow rrset array by one in msg
 
static time_t get_rrset_ttl (struct ub_packed_rrset_key *k)
 get ttl of rrset
 
static struct ub_packed_rrset_keyauth_packed_rrset_copy_region (struct auth_zone *z, struct auth_data *node, struct auth_rrset *rrset, struct regional *region, time_t adjust)
 Copy rrset into region from domain-datanode and packet rrset.
 
static void msg_ttl (struct dns_msg *msg)
 fix up msg->rep TTL and prefetch ttl
 
static int msg_rrset_duplicate (struct dns_msg *msg, uint8_t *nm, size_t nmlen, uint16_t type, uint16_t dclass)
 see if rrset is a duplicate in the answer message
 
static int msg_add_rrset_an (struct auth_zone *z, struct regional *region, struct dns_msg *msg, struct auth_data *node, struct auth_rrset *rrset)
 add rrset to answer section (no auth, add rrsets yet)
 
static int msg_add_rrset_ns (struct auth_zone *z, struct regional *region, struct dns_msg *msg, struct auth_data *node, struct auth_rrset *rrset)
 add rrset to authority section (no additonal section rrsets yet)
 
static int msg_add_rrset_ar (struct auth_zone *z, struct regional *region, struct dns_msg *msg, struct auth_data *node, struct auth_rrset *rrset)
 add rrset to additional section
 
struct auth_zonesauth_zones_create (void)
 Create auth zones structure.
 
int auth_zone_cmp (const void *z1, const void *z2)
 compare auth_zones for sorted rbtree
 
int auth_data_cmp (const void *z1, const void *z2)
 compare auth_data for sorted rbtree
 
static void auth_rrset_delete (struct auth_rrset *rrset)
 delete auth rrset node
 
static void auth_data_delete (struct auth_data *n)
 delete auth data domain node
 
static void auth_data_del (rbnode_type *n, void *ATTR_UNUSED(arg))
 helper traverse to delete zones
 
static void auth_zone_delete (struct auth_zone *z)
 delete an auth zone structure (tree remove must be done elsewhere)
 
struct auth_zoneauth_zone_create (struct auth_zones *az, uint8_t *nm, size_t nmlen, uint16_t dclass)
 create an auth zone. More...
 
struct auth_zoneauth_zone_find (struct auth_zones *az, uint8_t *nm, size_t nmlen, uint16_t dclass)
 find an auth zone by name (exact match by name or NULL returned)
 
static int auth_zone_find_less_equal (struct auth_zones *az, uint8_t *nm, size_t nmlen, uint16_t dclass, struct auth_zone **z)
 find an auth zone or sorted less-or-equal, return true if exact
 
struct auth_zoneauth_zones_find_zone (struct auth_zones *az, struct query_info *qinfo)
 find the auth zone that is above the given qname More...
 
static struct auth_zoneauth_zones_find_or_add_zone (struct auth_zones *az, char *name)
 find or create zone with name str. More...
 
int auth_zone_set_zonefile (struct auth_zone *z, char *zonefile)
 set auth zone zonefile string. More...
 
int auth_zone_set_fallback (struct auth_zone *z, char *fallbackstr)
 set auth zone fallback. More...
 
static struct auth_dataaz_domain_create (struct auth_zone *z, uint8_t *nm, size_t nmlen)
 create domain with the given name
 
static struct auth_dataaz_find_name (struct auth_zone *z, uint8_t *nm, size_t nmlen)
 find domain with exactly the given name
 
static void az_find_domain (struct auth_zone *z, struct query_info *qinfo, int *node_exact, struct auth_data **node)
 Find domain name (or closest match)
 
static struct auth_dataaz_domain_find_or_create (struct auth_zone *z, uint8_t *dname, size_t dname_len)
 find or create domain with name in zone
 
static struct auth_rrsetaz_domain_rrset (struct auth_data *n, uint16_t t)
 find rrset of given type in the domain
 
static void domain_remove_rrset (struct auth_data *node, uint16_t rr_type)
 remove rrset of this type from domain
 
static int rdata_duplicate (struct packed_rrset_data *d, uint8_t *rdata, size_t len)
 see if rdata is duplicate
 
static uint16_t rrsig_rdata_get_type_covered (uint8_t *rdata, size_t rdatalen)
 get rrsig type covered from rdata. More...
 
static int rrset_add_rr (struct auth_rrset *rrset, uint32_t rr_ttl, uint8_t *rdata, size_t rdatalen, int insert_sig)
 add RR to existing RRset. More...
 
static struct auth_rrsetrrset_create (struct auth_data *node, uint16_t rr_type, uint32_t rr_ttl, uint8_t *rdata, size_t rdatalen)
 Create new rrset for node with packed rrset with one RR element.
 
static size_t rrsig_num_that_cover (struct auth_rrset *rrsig, uint16_t rr_type, size_t *sigsz)
 count number (and size) of rrsigs that cover a type
 
static int rrset_moveover_rrsigs (struct auth_data *node, uint16_t rr_type, struct auth_rrset *rrset, struct auth_rrset *rrsig)
 See if rrsig set has covered sigs for rrset and move them over.
 
static int az_domain_add_rr (struct auth_data *node, uint16_t rr_type, uint32_t rr_ttl, uint8_t *rdata, size_t rdatalen)
 Add rr to node, ignores duplicate RRs, rdata points to buffer with rdatalen octets, starts with 2bytelength. More...
 
static int az_insert_rr (struct auth_zone *z, uint8_t *rr, size_t rr_len, size_t dname_len)
 insert RR into zone, ignore duplicates
 
static int az_parse_file (struct auth_zone *z, FILE *in, uint8_t *rr, size_t rrbuflen, struct sldns_file_parse_state *state)
 Parse zonefile. More...
 
int auth_zone_read_zonefile (struct auth_zone *z)
 read auth zone from zonefile. More...
 
static int write_out (FILE *out, const char *str)
 write buffer to file and check return codes
 
static int auth_zone_write_rrset (struct auth_zone *z, struct auth_data *node, struct auth_rrset *r, FILE *out)
 write rrset to file
 
static int auth_zone_write_domain (struct auth_zone *z, struct auth_data *n, FILE *out)
 write domain to file
 
int auth_zone_write_file (struct auth_zone *z, const char *fname)
 Write auth zone data to file, in zonefile format.
 
static int auth_zones_read_zones (struct auth_zones *az)
 read all auth zones from file (if they have)
 
static int auth_zones_cfg_zonefile (struct auth_zones *az, struct config_str2list *zlist)
 set str2list with (zonename, zonefile) config items and create zones
 
static int auth_zones_cfg_fallback (struct auth_zones *az, struct config_str2list *zlist)
 set str2list with (zonename, fallback) config items and create zones
 
int auth_zones_apply_config (struct auth_zones *az, struct config_file *cfg)
 Apply configuration to auth zones. More...
 
static void auth_zone_del (rbnode_type *n, void *ATTR_UNUSED(arg))
 helper traverse to delete zones
 
void auth_zones_delete (struct auth_zones *az)
 Delete auth zones structure.
 
static int domain_has_only_nsec3 (struct auth_data *n)
 true if domain has only nsec3
 
static struct auth_dataaz_find_wildcard_domain (struct auth_zone *z, uint8_t *nm, size_t nmlen)
 see if the domain has a wildcard child '*.domain'
 
static struct auth_dataaz_find_wildcard (struct auth_zone *z, struct query_info *qinfo, struct auth_data *ce)
 find wildcard between qname and cename
 
static struct auth_dataaz_find_candidate_ce (struct auth_zone *z, struct query_info *qinfo, struct auth_data *n)
 domain is not exact, find first candidate ce (name that matches a part of qname) in tree
 
static struct auth_dataaz_domain_go_up (struct auth_zone *z, struct auth_data *n)
 go up the auth tree to next existing name. More...
 
static int az_find_ce (struct auth_zone *z, struct query_info *qinfo, struct auth_data *node, int node_exact, struct auth_data **ce, struct auth_rrset **rrset)
 Find the closest encloser, an name that exists and is above the qname. More...
 
static int az_add_additionals_from (struct auth_zone *z, struct regional *region, struct dns_msg *msg, struct auth_rrset *rrset, size_t offset)
 add additional A/AAAA from domain names in rrset rdata (+offset) offset is number of bytes in rdata where the dname is located. More...
 
static int az_add_negative_soa (struct auth_zone *z, struct regional *region, struct dns_msg *msg)
 add negative SOA record (with negative TTL)
 
static int az_empty_nonterminal (struct auth_zone *z, struct query_info *qinfo, struct auth_data *node)
 See if the query goes to empty nonterminal (that has no auth_data, but there are nodes underneath. More...
 
static size_t synth_cname_buf (uint8_t *qname, size_t qname_len, size_t dname_len, uint8_t *dtarg, size_t dtarglen, uint8_t *buf, size_t buflen)
 create synth cname target name in buffer, or fail if too long
 
static int create_synth_cname (uint8_t *qname, size_t qname_len, struct regional *region, struct auth_data *node, struct auth_rrset *dname, uint16_t dclass, struct ub_packed_rrset_key **cname)
 create synthetic CNAME rrset for in a DNAME answer in region, false on alloc failure, cname==NULL when name too long. More...
 
static int add_synth_cname (struct auth_zone *z, uint8_t *qname, size_t qname_len, struct regional *region, struct dns_msg *msg, struct auth_data *dname, struct auth_rrset *rrset)
 add a synthesized CNAME to the answer section
 
static void az_change_dnames (struct dns_msg *msg, uint8_t *oldname, uint8_t *newname, size_t newlen, int an_only)
 Change a dname to a different one, for wildcard namechange.
 
static struct auth_rrsetaz_find_nsec_cover (struct auth_zone *z, struct auth_data **node)
 find NSEC record covering the query
 
static int az_nsec_wildcard_denial (struct auth_zone *z, struct regional *region, struct dns_msg *msg, uint8_t *cenm, size_t cenmlen)
 Find NSEC and add for wildcard denial.
 
static int az_nsec3_param (struct auth_zone *z, int *algo, size_t *iter, uint8_t **salt, size_t *saltlen)
 Find the NSEC3PARAM rrset (if any) and if true you have the parameters.
 
static size_t az_nsec3_hash (uint8_t *buf, size_t buflen, uint8_t *nm, size_t nmlen, int algo, size_t iter, uint8_t *salt, size_t saltlen)
 Hash a name with nsec3param into buffer, it has zone name appended. More...
 
static int az_nsec3_hashname (struct auth_zone *z, uint8_t *hashname, size_t *hashnmlen, uint8_t *nm, size_t nmlen, int algo, size_t iter, uint8_t *salt, size_t saltlen)
 Hash name and return b32encoded hashname for lookup, zone name appended.
 
struct auth_dataaz_nsec3_findnode (struct auth_zone *z, uint8_t *hashnm, size_t hashnmlen)
 Find the datanode that covers the nsec3hash-name.
 
static struct auth_dataaz_nsec3_find_cover (struct auth_zone *z, uint8_t *nm, size_t nmlen, int algo, size_t iter, uint8_t *salt, size_t saltlen)
 Find cover for hashed(nm, nmlen) (or NULL)
 
static struct auth_dataaz_nsec3_find_exact (struct auth_zone *z, uint8_t *nm, size_t nmlen, int algo, size_t iter, uint8_t *salt, size_t saltlen)
 Find exact match for hashed(nm, nmlen) NSEC3 record or NULL.
 
static void az_nsec3_get_nextcloser (uint8_t *cenm, uint8_t *qname, size_t qname_len, uint8_t **nx, size_t *nxlen)
 Return nextcloser name (as a ref into the qname). More...
 
static struct auth_dataaz_nsec3_find_ce (struct auth_zone *z, uint8_t **cenm, size_t *cenmlen, int *no_exact_ce, int algo, size_t iter, uint8_t *salt, size_t saltlen)
 Find the closest encloser that has exact NSEC3. More...
 
static int az_nsec3_insert (struct auth_zone *z, struct regional *region, struct dns_msg *msg, struct auth_data *node)
 
static int az_add_nsec3_proof (struct auth_zone *z, struct regional *region, struct dns_msg *msg, uint8_t *cenm, size_t cenmlen, uint8_t *qname, size_t qname_len, int nxproof, int wcproof)
 add NSEC3 records to the zone for the nsec3 proof. More...
 
static int az_generate_positive_answer (struct auth_zone *z, struct regional *region, struct dns_msg *msg, struct auth_data *node, struct auth_rrset *rrset)
 generate answer for positive answer
 
static int az_generate_any_answer (struct auth_zone *z, struct regional *region, struct dns_msg *msg, struct auth_data *node)
 generate answer for type ANY answer
 
static int follow_cname_chain (struct auth_zone *z, uint16_t qtype, struct regional *region, struct dns_msg *msg, struct packed_rrset_data *d)
 follow cname chain and add more data to the answer section
 
static int az_generate_cname_answer (struct auth_zone *z, struct query_info *qinfo, struct regional *region, struct dns_msg *msg, struct auth_data *node, struct auth_rrset *rrset)
 generate answer for cname answer
 
static int az_generate_notype_answer (struct auth_zone *z, struct regional *region, struct dns_msg *msg, struct auth_data *node)
 generate answer for notype answer
 
static int az_generate_referral_answer (struct auth_zone *z, struct regional *region, struct dns_msg *msg, struct auth_data *ce, struct auth_rrset *rrset)
 generate answer for referral answer
 
static int az_generate_dname_answer (struct auth_zone *z, struct query_info *qinfo, struct regional *region, struct dns_msg *msg, struct auth_data *ce, struct auth_rrset *rrset)
 generate answer for DNAME answer
 
static int az_generate_wildcard_answer (struct auth_zone *z, struct query_info *qinfo, struct regional *region, struct dns_msg *msg, struct auth_data *ce, struct auth_data *wildcard, struct auth_data *node)
 generate answer for wildcard answer
 
static int az_generate_nxdomain_answer (struct auth_zone *z, struct regional *region, struct dns_msg *msg, struct auth_data *ce, struct auth_data *node)
 generate answer for nxdomain answer
 
static int az_generate_answer_with_node (struct auth_zone *z, struct query_info *qinfo, struct regional *region, struct dns_msg *msg, struct auth_data *node)
 Create answers when an exact match exists for the domain name.
 
static int az_generate_answer_nonexistnode (struct auth_zone *z, struct query_info *qinfo, struct regional *region, struct dns_msg *msg, struct auth_data *ce, struct auth_rrset *rrset, struct auth_data *node)
 Generate answer without an existing-node that we can use. More...
 
static int auth_zone_generate_answer (struct auth_zone *z, struct query_info *qinfo, struct regional *region, struct dns_msg **msg, int *fallback)
 Lookup answer in a zone. More...
 
int auth_zones_lookup (struct auth_zones *az, struct query_info *qinfo, struct regional *region, struct dns_msg **msg, int *fallback, uint8_t *dp_nm, size_t dp_nmlen)
 Use auth zones to lookup the answer to a query. More...
 

Detailed Description

This file contains the functions for an authority zone.

This zone is queried by the iterator, just like a stub or forward zone, but then the data is locally held.

Macro Definition Documentation

◆ N3HASHBUFLEN

#define N3HASHBUFLEN   32

bytes to use for NSEC3 hash buffer.

20 for sha1

Referenced by az_nsec3_hash(), and az_nsec3_hashname().

Function Documentation

◆ auth_zone_create()

struct auth_zone* auth_zone_create ( struct auth_zones az,
uint8_t *  nm,
size_t  nmlen,
uint16_t  dclass 
)

◆ auth_zones_find_zone()

struct auth_zone* auth_zones_find_zone ( struct auth_zones az,
struct query_info qinfo 
)

find the auth zone that is above the given qname

Find the auth zone that is above the given qname.

References auth_zone_find(), auth_zone_find_less_equal(), dname_count_size_labels(), dname_get_shared_topdomain(), dname_is_root(), dname_remove_label(), auth_zone::name, query_info::qclass, query_info::qname, and query_info::qname_len.

◆ auth_zones_find_or_add_zone()

static struct auth_zone* auth_zones_find_or_add_zone ( struct auth_zones az,
char *  name 
)
static

find or create zone with name str.

caller must have lock on az. returns a wrlocked zone

References auth_zone_create(), auth_zone_find(), LDNS_MAX_DOMAINLEN, LDNS_RR_CLASS_IN, auth_zone::lock, log_err(), and sldns_str2wire_dname_buf().

Referenced by auth_zones_cfg_fallback(), and auth_zones_cfg_zonefile().

◆ auth_zone_set_zonefile()

int auth_zone_set_zonefile ( struct auth_zone z,
char *  zonefile 
)

set auth zone zonefile string.

caller must have lock on zone

References log_err().

Referenced by auth_zones_cfg_zonefile().

◆ auth_zone_set_fallback()

int auth_zone_set_fallback ( struct auth_zone z,
char *  fallbackstr 
)

set auth zone fallback.

caller must have lock on zone

References log_err().

Referenced by auth_zones_cfg_fallback().

◆ rrsig_rdata_get_type_covered()

static uint16_t rrsig_rdata_get_type_covered ( uint8_t *  rdata,
size_t  rdatalen 
)
static

get rrsig type covered from rdata.

Parameters
rdatardata in wireformat, starting with 16bit rdlength.
rdatalenlength of rdata buffer.
Returns
type covered (or 0).

Referenced by az_domain_add_rr(), rrset_moveover_rrsigs(), and rrsig_num_that_cover().

◆ rrset_add_rr()

static int rrset_add_rr ( struct auth_rrset rrset,
uint32_t  rr_ttl,
uint8_t *  rdata,
size_t  rdatalen,
int  insert_sig 
)
static

add RR to existing RRset.

If insert_sig is true, add to rrsigs. This reallocates the packed rrset for a new one

References packed_rrset_data::count, auth_rrset::data, log_err(), packed_rrset_ptr_fixup(), packed_rrset_sizeof(), packed_rrset_data::rr_data, packed_rrset_data::rr_len, packed_rrset_data::rr_ttl, packed_rrset_data::rrsig_count, and packed_rrset_data::ttl.

Referenced by az_domain_add_rr().

◆ az_domain_add_rr()

static int az_domain_add_rr ( struct auth_data node,
uint16_t  rr_type,
uint32_t  rr_ttl,
uint8_t *  rdata,
size_t  rdatalen 
)
static

Add rr to node, ignores duplicate RRs, rdata points to buffer with rdatalen octets, starts with 2bytelength.

References az_domain_rrset(), auth_rrset::data, LDNS_RR_TYPE_RRSIG, rdata_duplicate(), rrset_add_rr(), rrset_create(), rrset_moveover_rrsigs(), and rrsig_rdata_get_type_covered().

Referenced by az_insert_rr().

◆ az_parse_file()

static int az_parse_file ( struct auth_zone z,
FILE *  in,
uint8_t *  rr,
size_t  rrbuflen,
struct sldns_file_parse_state state 
)
static

Parse zonefile.

Parameters
zzone to read in.
infile to read from (just opened).
rrbuffer to use for RRs, 64k. passed so that recursive includes can use the same buffer and do not grow the stack too much.
rrbuflensizeof rr buffer.
stateparse state with $ORIGIN, $TTL and 'prev-dname' and so on, that is kept between includes. The lineno is set at 1 and then increased by the function. returns false on failure, has printed an error message

References sldns_file_parse_state::lineno, and sldns_fp2wire_rr_buf().

Referenced by auth_zone_read_zonefile().

◆ auth_zone_read_zonefile()

int auth_zone_read_zonefile ( struct auth_zone z)

◆ auth_zones_apply_config()

int auth_zones_apply_config ( struct auth_zones az,
struct config_file cfg 
)

Apply configuration to auth zones.

Reads zonefiles.

References auth_zones_cfg_fallback(), auth_zones_cfg_zonefile(), and auth_zones_read_zones().

◆ az_domain_go_up()

static struct auth_data* az_domain_go_up ( struct auth_zone z,
struct auth_data n 
)
static

go up the auth tree to next existing name.

References az_find_name(), dname_is_root(), dname_remove_label(), auth_data::name, and auth_data::namelen.

Referenced by az_find_ce().

◆ az_find_ce()

static int az_find_ce ( struct auth_zone z,
struct query_info qinfo,
struct auth_data node,
int  node_exact,
struct auth_data **  ce,
struct auth_rrset **  rrset 
)
static

Find the closest encloser, an name that exists and is above the qname.

return true if the node (param node) is existing, nonobscured and can be used to generate answers from. It is then also node_exact. returns false if the node is not good enough (or it wasn't node_exact) in this case the ce can be filled. if ce is NULL, no ce exists, and likely the zone is completely empty, not even with a zone apex. if ce is nonNULL it is the closest enclosing upper name (that exists itself for answer purposes). That name may have DNAME, NS or wildcard rrset is the closest DNAME or NS rrset that was found.

References az_domain_go_up(), az_domain_rrset(), az_find_candidate_ce(), domain_has_only_nsec3(), LDNS_RR_TYPE_DNAME, LDNS_RR_TYPE_DS, LDNS_RR_TYPE_NS, auth_zone::namelen, auth_data::namelen, auth_data::node, query_info::qname_len, and query_info::qtype.

Referenced by auth_zone_generate_answer().

◆ az_add_additionals_from()

static int az_add_additionals_from ( struct auth_zone z,
struct regional region,
struct dns_msg msg,
struct auth_rrset rrset,
size_t  offset 
)
static

add additional A/AAAA from domain names in rrset rdata (+offset) offset is number of bytes in rdata where the dname is located.

References az_domain_rrset(), az_find_name(), packed_rrset_data::count, auth_rrset::data, dname_valid(), LDNS_RR_TYPE_A, LDNS_RR_TYPE_AAAA, msg_add_rrset_ar(), packed_rrset_data::rr_data, and packed_rrset_data::rr_len.

Referenced by az_generate_positive_answer().

◆ az_empty_nonterminal()

static int az_empty_nonterminal ( struct auth_zone z,
struct query_info qinfo,
struct auth_data node 
)
static

See if the query goes to empty nonterminal (that has no auth_data, but there are nodes underneath.

We already checked that there are not NS, or DNAME above, so that we only need to check if some node exists below (with nonempty rr list), return true if emptynonterminal

References auth_zone::data, dname_strict_subdomain_c(), auth_data::name, auth_data::node, query_info::qname, rbtree_first(), rbtree_next(), RBTREE_NULL, and auth_data::rrsets.

Referenced by az_generate_answer_nonexistnode().

◆ create_synth_cname()

static int create_synth_cname ( uint8_t *  qname,
size_t  qname_len,
struct regional region,
struct auth_data node,
struct auth_rrset dname,
uint16_t  dclass,
struct ub_packed_rrset_key **  cname 
)
static

create synthetic CNAME rrset for in a DNAME answer in region, false on alloc failure, cname==NULL when name too long.

References packed_rrset_data::count, auth_rrset::data, LDNS_MAX_DOMAINLEN, packed_rrset_data::rr_data, and packed_rrset_data::rr_len.

Referenced by add_synth_cname().

◆ az_nsec3_hash()

static size_t az_nsec3_hash ( uint8_t *  buf,
size_t  buflen,
uint8_t *  nm,
size_t  nmlen,
int  algo,
size_t  iter,
uint8_t *  salt,
size_t  saltlen 
)
static

Hash a name with nsec3param into buffer, it has zone name appended.

return length of hash

References LDNS_MAX_DOMAINLEN, N3HASHBUFLEN, nsec3_hash_algo_size_supported(), query_dname_tolower(), and secalgo_nsec3_hash().

Referenced by az_nsec3_hashname().

◆ az_nsec3_get_nextcloser()

static void az_nsec3_get_nextcloser ( uint8_t *  cenm,
uint8_t *  qname,
size_t  qname_len,
uint8_t **  nx,
size_t *  nxlen 
)
static

Return nextcloser name (as a ref into the qname).

This is one label more than the cenm (cename must be a suffix of qname)

References dname_count_labels(), dname_remove_labels(), dname_strict_subdomain(), and log_assert.

◆ az_nsec3_find_ce()

static struct auth_data* az_nsec3_find_ce ( struct auth_zone z,
uint8_t **  cenm,
size_t *  cenmlen,
int *  no_exact_ce,
int  algo,
size_t  iter,
uint8_t *  salt,
size_t  saltlen 
)
static

Find the closest encloser that has exact NSEC3.

updated cenm to the new name. If it went up no-exact-ce is true.

References az_nsec3_find_exact(), dname_remove_label(), auth_zone::namelen, and auth_data::node.

Referenced by az_add_nsec3_proof().

◆ az_add_nsec3_proof()

static int az_add_nsec3_proof ( struct auth_zone z,
struct regional region,
struct dns_msg msg,
uint8_t *  cenm,
size_t  cenmlen,
uint8_t *  qname,
size_t  qname_len,
int  nxproof,
int  wcproof 
)
static

add NSEC3 records to the zone for the nsec3 proof.

Specify with the flags with parts of the proof are required. the ce is the exact matching name (for notype) but also delegation points. qname is the one where the nextcloser name can be derived from. If NSEC3 is not properly there (in the zone) nothing is added. always enabled: include nsec3 proving about the Closest Encloser. that is an exact match that should exist for it. If that does not exist, a higher exact match + nxproof is enabled (for some sort of opt-out empty nonterminal cases). nxproof: include denial of the qname. wcproof: include denial of wildcard (wildcard.ce).

References az_nsec3_find_ce(), az_nsec3_param(), and auth_data::node.

Referenced by az_generate_wildcard_answer().

◆ az_generate_answer_nonexistnode()

static int az_generate_answer_nonexistnode ( struct auth_zone z,
struct query_info qinfo,
struct regional region,
struct dns_msg msg,
struct auth_data ce,
struct auth_rrset rrset,
struct auth_data node 
)
static

◆ auth_zone_generate_answer()

static int auth_zone_generate_answer ( struct auth_zone z,
struct query_info qinfo,
struct regional region,
struct dns_msg **  msg,
int *  fallback 
)
static

◆ auth_zones_lookup()

int auth_zones_lookup ( struct auth_zones az,
struct query_info qinfo,
struct regional region,
struct dns_msg **  msg,
int *  fallback,
uint8_t *  dp_nm,
size_t  dp_nmlen 
)

Use auth zones to lookup the answer to a query.

The query is from the iterator. And the auth zones attempts to provide the answer instead of going to the internet.

Parameters
azauth zones structure.
qinfoquery info to lookup.
regionregion to use to allocate the reply in.
msgreply is stored here (if one).
fallbackif true, fallback to making a query to the internet.
dp_nmname of delegation point to look for. This zone is used to answer the query. If the dp_nm is not found, fallback is set to true and false returned.
dp_nmlenlength of dp_nm.
Returns
0: failure (an error of some sort, like servfail). if 0 and fallback is true, fallback to the internet. if 0 and fallback is false, like getting servfail. If true, an answer is available.

References auth_zone_find(), auth_zone_generate_answer(), auth_zones::lock, auth_zone::lock, query_info::qclass, VERB_ALGO, and verbose().

Referenced by q_ans_query().