summaryrefslogtreecommitdiff
path: root/src/resolve/resolved-dns-scope.c
AgeCommit message (Collapse)Author
2015-08-14resolved: never allow routing of "localhost" queries to DNS or LLMNRLennart Poettering
We should never allow leaking of "localhost" queries onto the network, even if there's an explicit domain rotue set for this.
2015-08-03resolved: transaction - exponentially increase retry timeoutsTom Gundersen
Rather than fixing this to 5s for unicast DNS and 1s for LLMNR, start at a tenth of those values and increase exponentially until the old values are reached. For LLMNR the recommended timeout for IEEE802 networks (which basically means all of the ones we care about) is 100ms, so that should be uncontroversial. For unicast DNS I have found no recommended value. However, it seems vastly more likely that hitting a 500ms timeout is casued by a packet loss, rather than the RTT genuinely being greater than 500ms, so taking this as a startnig value seems reasonable to me. In the common case this greatly reduces the latency due to normal packet loss. Moreover, once we get support for probing for features, this means that we can send more packets before degrading the feature level whilst still allowing us to settle on the correct feature level in a reasonable timeframe. The timeouts are tracked per server (or per scope for the multicast protocols), and once a server (or scope) receives a successfull package the timeout is reset. We also track the largest RTT for the given server/scope, and always start our timouts at twice the largest observed RTT.
2015-07-29resolved: never attempt to resolve loopback addresses via DNS/LLMNR/mDNSLennart Poettering
We already refuse to resolve "localhost", hence we should also refuse resolving "127.0.0.1" and friends.
2015-07-27resolved: scope - write() unicast DNS packetsTom Gundersen
As we have connect()ed to the desired DNS server, we no longer need to pass control messages manually when sending packets. Simplify the logic accordingly.
2015-07-27resolved: transaction - introduce dns_transaction_emit()Tom Gundersen
This function emits the UDP packet via the scope, but first it will determine the current server (and connect to it) and store the server in the transaction. This should not change the behavior, but simplifies the code.
2015-07-27resolved: transaction - move DNS UDP socket creation to the scopeTom Gundersen
With access to the server when creating the socket, we can connect() to the server and hence simplify message sending and receiving in follow-up patches.
2015-07-27resloved: transaction - unify IPv4 and IPv6 socketsTom Gundersen
A transaction can only have one socket at a time, so no need to distinguish these.
2015-07-23resolve: drop dns_scope_good_dns_server()Lennart Poettering
It's not used anymore since 29815b6c608b836cada5e349d06a96b63eaa65f3, hence let's remove it from the sources.
2015-07-14resolved: use one UDP socket per transactionTom Gundersen
We used to have one global socket, use one per transaction instead. This has the side-effect of giving us a random UDP port per transaction, and hence increasing the entropy and making cache poisoining significantly harder to achieve. We still reuse the same port number for packets belonging to the same transaction (resent packets).
2015-07-14resolved: pin the server used in a transactionTom Gundersen
We want to discover information about the server and use that in when crafting packets to be resent.
2015-07-14resolved: packet - ensure there is space for IP+UDP headersTom Gundersen
Currently we only make sure our links can handle the size of the payload witohut taking the headers into account.
2015-07-13resolved: separate LLMNR specific header bitsDaniel Mack
The C and T bits in the DNS packet header definitions are specific to LLMNR. In regular DNS, they are called AA and RD instead. Reflect that by calling the macros accordingly, and alias LLMNR specific macros. While at it, define RA, AD and CD getters as well.
2015-07-13resolved: use a #define for LLMNR portDaniel Mack
De-duplicate some magic numbers.
2015-07-13resolved: move LLMNR related functions into separate fileDaniel Mack
2015-06-10resolve: move dns routines into sharedNick Owens
2015-05-18util: split all hostname related calls into hostname-util.cLennart Poettering
2015-04-11shared: add random-util.[ch]Ronny Chevalier
2015-03-13Use space after a silencing (void)Zbigniew Jędrzejewski-Szmek
We were using a space more often than not, and this way is codified in CODING_STYLE.
2015-03-13tree-wide: there is no ENOTSUP on linuxDavid Herrmann
Replace ENOTSUP by EOPNOTSUPP as this is what linux actually uses.
2014-12-11networkd/resolved: correct spacing near eol in code commentsTorstein Husebø
2014-12-03resolved: don't resolve the hostname "gateway" with LLMNR, leave that to ↵Lennart Poettering
nss-myhostname
2014-11-28treewide: yet more log_*_errno + return simplificationsMichal Schmidt
Using: find . -name '*.[ch]' | while read f; do perl -i.mmm -e \ 'local $/; local $_=<>; s/(if\s*\([^\n]+\))\s*{\n(\s*)(log_[a-z_]*_errno\(\s*([->a-zA-Z_]+)\s*,[^;]+);\s*return\s+\g4;\s+}/\1\n\2return \3;/msg; print;' $f done And a couple of manual whitespace fixups.
2014-11-28treewide: no need to negate errno for log_*_errno()Michal Schmidt
It corrrectly handles both positive and negative errno values.
2014-11-28treewide: auto-convert the simple cases to log_*_errno()Michal Schmidt
As a followup to 086891e5c1 "log: add an "error" parameter to all low-level logging calls and intrdouce log_error_errno() as log calls that take error numbers", use sed to convert the simple cases to use the new macros: find . -name '*.[ch]' | xargs sed -r -i -e \ 's/log_(debug|info|notice|warning|error|emergency)\("(.*)%s"(.*), strerror\(-([a-zA-Z_]+)\)\);/log_\1_errno(-\4, "\2%m"\3);/' Multi-line log_*() invocations are not covered. And we also should add log_unit_*_errno().
2014-11-17resolve: fix CID#1237549 Unchecked return valueSusant Sahani
2014-10-23resolve: make DnsScope::conflict_queue an OrderedHashmapMichal Schmidt
on_conflict_dispatch() uses hashmap_steal_first() and then does something non-trivial with it. It may care about the order.
2014-09-15hashmap: introduce hash_ops to make struct Hashmap smallerMichal Schmidt
It is redundant to store 'hash' and 'compare' function pointers in struct Hashmap separately. The functions always comprise a pair. Store a single pointer to struct hash_ops instead. systemd keeps hundreds of hashmaps, so this saves a little bit of memory.
2014-08-15resolved: fix assertion when joining llmnr mcast groupLennart Poettering
2014-08-14resolved: clarify that LLMNR scopes must have a link assignedLennart Poettering
This is supposed to remove some compiler warnings: http://lists.freedesktop.org/archives/systemd-devel/2014-July/021393.html
2014-08-14resolved: allow passing on which protocol, family and interface to look ↵Lennart Poettering
something up Also, return on which protocol/family/interface we found something.
2014-08-11resolved: implement full LLMNR conflict detection logicLennart Poettering
2014-08-05resolved: add 100ms initial jitter to all LLMNR requestsLennart Poettering
2014-08-05resolved: enforce ratelimit on LLMNR trafficLennart Poettering
2014-08-05resolved: never reuse transactions for probing that are already completed ↵Lennart Poettering
based on cached data
2014-08-03resolved: avoid possible dereference of null pointerThomas Hindoe Paaboel Andersen
In dns_scope_make_reply_packet the structs q, answer, and soa can be null. We should check for null before reading their fields.
2014-08-01resolved: always drop multicast membership before adding oneLennart Poettering
This is apparently necessary on some devices, such as veth.
2014-08-01resolved: flush cache each time we change to a different DNS serverLennart Poettering
2014-08-01resolved: beef up DNS server configuration logicLennart Poettering
We now maintain two lists of DNS servers: system servers and fallback servers. system servers are used in combination with any per-link servers. fallback servers are only used if there are no system servers or per-link servers configured. The system server list is supposed to be populated from a foreign tool's /etc/resolv.conf (not implemented yet). Also adds a configuration switch for LLMNR, that allows configuring whether LLMNR shall be used simply for resolving or also for responding.
2014-07-31resolved: implement LLMNR uniqueness verificationLennart Poettering
2014-07-30resolved: don't attempt to order empty answer arrayLennart Poettering
2014-07-30resolved: include SOA records in LLMNR replies for non-existing RRs to allow ↵Lennart Poettering
negative caching
2014-07-30resolved: when answer A or AAAA questions, order responses by whether ↵Lennart Poettering
addresses are link-local or not
2014-07-29resolved: the llmnr destination address check applies to queries, not to ↵Lennart Poettering
responses
2014-07-29resolved: set LLMNR TCP and UDP TTLs to the values suggested by the RFCLennart Poettering
2014-07-29resolved: discard more invalid llmnr messagesLennart Poettering
2014-07-29resolved: when resolving an address PTR record via llmnr, make a tcp ↵Lennart Poettering
connection by default
2014-07-29resolve: add llmnr responder side for UDP and TCPLennart Poettering
Name defending is still missing.
2014-07-23resolved: rework logic so that we can share transactions between queries of ↵Lennart Poettering
different clients
2014-07-18resolved: do not use unitialized variableZbigniew Jędrzejewski-Szmek
2014-07-18in-addr-util: remove family_to_string() APILennart Poettering
we already have a more complete one with af_to_name(), that is generated from the header files, no need to duplicate this.