summaryrefslogtreecommitdiff
path: root/src/resolve/resolved-dns-transaction.c
diff options
context:
space:
mode:
authorLennart Poettering <lennart@poettering.net>2016-01-08 18:50:41 +0100
committerLennart Poettering <lennart@poettering.net>2016-01-11 19:40:00 +0100
commit6bb2c08597c999c429e889cd2403b2fef5f3e1a0 (patch)
treef424703e1ce9b959b0a38ee904b4371e6b59615c /src/resolve/resolved-dns-transaction.c
parentef9fb66c0b292d3543c16bfce99ad677bef0f401 (diff)
resolved: rework server feature level logic
This changes the DnsServer logic to count failed UDP and TCP failures separately. This is useful so that we don't end up downgrading the feature level from one UDP level to a lower UDP level just because a TCP connection we did because of a TC response failed. This also adds accounting of truncated packets. If we detect incoming truncated packets, and count too many failed TCP connections (which is the normal fall back if we get a trucnated UDP packet) we downgrade the feature level, given that the responses at the current levels don't get through, and we somehow need to make sure they become smaller, which they will do if we don't request DNSSEC or EDNS support. This makes resolved work much better with crappy DNS servers that do not implement TCP and only limited UDP packet sizes, but otherwise support DNSSEC RRs. They end up choking on the generally larger DNSSEC RRs and there's no way to retrieve the full data.
Diffstat (limited to 'src/resolve/resolved-dns-transaction.c')
-rw-r--r--src/resolve/resolved-dns-transaction.c13
1 files changed, 8 insertions, 5 deletions
diff --git a/src/resolve/resolved-dns-transaction.c b/src/resolve/resolved-dns-transaction.c
index 1ab9550cb3..1450acb260 100644
--- a/src/resolve/resolved-dns-transaction.c
+++ b/src/resolve/resolved-dns-transaction.c
@@ -370,7 +370,7 @@ static int on_stream_complete(DnsStream *s, int error) {
log_debug_errno(error, "Connection failure for DNS TCP stream, treating as lost packet: %m");
assert_se(sd_event_now(t->scope->manager->event, clock_boottime_or_monotonic(), &usec) >= 0);
- dns_server_packet_lost(t->server, t->current_features, usec - t->start_usec);
+ dns_server_packet_lost(t->server, IPPROTO_TCP, t->current_features, usec - t->start_usec);
dns_transaction_retry(t);
return 0;
@@ -670,8 +670,10 @@ void dns_transaction_process_reply(DnsTransaction *t, DnsPacket *p) {
dns_server_packet_failed(t->server, t->current_features);
dns_transaction_retry(t);
return;
- } else
- dns_server_packet_received(t->server, t->current_features, ts - t->start_usec, p->size);
+ } else if (DNS_PACKET_TC(p))
+ dns_server_packet_truncated(t->server, t->current_features);
+ else
+ dns_server_packet_received(t->server, p->ipproto, t->current_features, ts - t->start_usec, p->size);
break;
@@ -797,7 +799,7 @@ static int on_dns_packet(sd_event_source *s, int fd, uint32_t revents, void *use
log_debug_errno(r, "Connection failure for DNS UDP packet, treating as lost packet: %m");
assert_se(sd_event_now(t->scope->manager->event, clock_boottime_or_monotonic(), &usec) >= 0);
- dns_server_packet_lost(t->server, t->current_features, usec - t->start_usec);
+ dns_server_packet_lost(t->server, IPPROTO_UDP, t->current_features, usec - t->start_usec);
dns_transaction_retry(t);
return 0;
@@ -889,7 +891,7 @@ static int on_transaction_timeout(sd_event_source *s, usec_t usec, void *userdat
case DNS_PROTOCOL_DNS:
assert(t->server);
- dns_server_packet_lost(t->server, t->current_features, usec - t->start_usec);
+ dns_server_packet_lost(t->server, t->stream ? IPPROTO_TCP : IPPROTO_UDP, t->current_features, usec - t->start_usec);
break;
case DNS_PROTOCOL_LLMNR:
@@ -2375,6 +2377,7 @@ int dns_transaction_validate_dnssec(DnsTransaction *t) {
(t->server && t->server->rrsig_missing)) {
/* The server does not support DNSSEC, or doesn't augment responses with RRSIGs. */
t->answer_dnssec_result = DNSSEC_INCOMPATIBLE_SERVER;
+ log_debug("Cannot validate reponse, server lacks DNSSEC support.");
return 0;
}
generated by cgit v1.2.3-54-g00ecf (git 2.45.2) at 2024-11-10 09:05:43 +0000