Commit ba1a8cd3 authored by Marek Vavrusa's avatar Marek Vavrusa
Browse files

Merge branch 'better-rtt-tracking'

parents 25cea013 e2aefe58
......@@ -26,6 +26,7 @@
#endif
#include <assert.h>
#include "lib/utils.h"
#include "lib/layer.h"
#include "daemon/worker.h"
#include "daemon/engine.h"
#include "daemon/io.h"
......@@ -350,11 +351,28 @@ static void on_timeout(uv_timer_t *req)
knot_rrtype_to_string(knot_pkt_qtype(task->pktbuf), type_str, sizeof(type_str));
DEBUG_MSG("ioreq timeout %s %s %p\n", qname_str, type_str, req);
#endif
if (!uv_is_closing(handle)) {
struct worker_ctx *worker = task->worker;
worker->stats.timeout += 1;
qr_task_step(task, NULL, NULL);
/* Ignore if this timeout is being terminated. */
if (uv_is_closing(handle)) {
return;
}
/* Penalize all tried nameservers with a timeout. */
struct worker_ctx *worker = task->worker;
if (task->leading && task->pending_count > 0) {
struct kr_query *qry = array_tail(task->req.rplan.pending);
struct sockaddr_in6 *addrlist = (struct sockaddr_in6 *)task->addrlist;
for (uint16_t i = 0; i < MIN(task->pending_count, task->addrlist_count); ++i) {
struct sockaddr *choice = (struct sockaddr *)(&addrlist[i]);
WITH_DEBUG {
char addr_str[INET6_ADDRSTRLEN];
inet_ntop(choice->sa_family, kr_inaddr(choice), addr_str, sizeof(addr_str));
QRDEBUG(qry, "wrkr", "=> server: '%s' flagged as 'bad'\n", addr_str);
}
kr_nsrep_update_rtt(&qry->ns, choice, KR_NS_TIMEOUT, worker->engine->resolver.cache_rtt);
}
}
/* Interrupt current pending request. */
worker->stats.timeout += 1;
qr_task_step(task, NULL, NULL);
}
/* This is called when we send subrequest / answer */
......
......@@ -91,8 +91,9 @@ static int loot_rrcache(struct kr_cache *cache, knot_pkt_t *pkt, struct kr_query
rrtype = KNOT_RRTYPE_CNAME;
ret = loot_rr(&txn, pkt, qry->sname, qry->sclass, rrtype, qry, &rank, 0);
}
/* Record isn't flagged as INSECURE => doesn't have RRSIG. */
/* Record is flagged as INSECURE => doesn't have RRSIG. */
if (ret == 0 && (rank & KR_RANK_INSECURE)) {
qry->flags |= QUERY_DNSSEC_INSECURE;
qry->flags &= ~QUERY_DNSSEC_WANT;
/* Record may have RRSIG, try to find it. */
} else if (ret == 0 && dobit) {
......
......@@ -325,8 +325,8 @@ static int answer_finalize(struct kr_request *request, int state)
if (state == KNOT_STATE_DONE && rplan->resolved.len > 0) {
struct kr_query *last = array_tail(rplan->resolved);
/* Do not set AD for RRSIG query, as we can't validate it. */
if ((last->flags & QUERY_DNSSEC_WANT) && knot_pkt_has_dnssec(answer) &&
knot_pkt_qtype(answer) != KNOT_RRTYPE_RRSIG) {
const bool dnssec_ok = (last->flags & QUERY_DNSSEC_WANT) && !(last->flags & QUERY_DNSSEC_INSECURE);
if (dnssec_ok && knot_pkt_qtype(answer) != KNOT_RRTYPE_RRSIG) {
knot_wire_set_ad(answer->wire);
}
}
......@@ -393,7 +393,7 @@ static int resolve_query(struct kr_request *request, const knot_pkt_t *packet)
/* Want DNSSEC if it's posible to secure this name (e.g. is covered by any TA) */
map_t *negative_anchors = &request->ctx->negative_anchors;
map_t *trust_anchors = &request->ctx->trust_anchors;
if (knot_pkt_has_dnssec(packet) &&
if ((knot_wire_get_ad(packet->wire) || knot_pkt_has_dnssec(packet)) &&
kr_ta_covers(trust_anchors, qname) && !kr_ta_covers(negative_anchors, qname)) {
qry->flags |= QUERY_DNSSEC_WANT;
}
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment