picnoir
/
Systemd
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
Systemd/src/resolve
History
Lennart Poettering 201d99584e resolved: cache SERVFAIL responses for 30s 
Some domains (such as us.ynuf.alipay.com) almost appear as if they actively
want to sabotage our DNSSEC work. Specifically, they unconditionally
return SERVFAIL on SOA lookups and always only after a 1s delay (at
least). This is pretty bad for our validation logic, as we use SOA
lookups to distuingish zones from non-terminal names. Moreover, SERVFAIL
is an error that is typically returned if we send requests a server
doesn't grok, and thus is reason for us to downgrade our protocol and
try again. In case of these zones this means we'll accept the SERVFAIL
response only after a full iterative downgrade to our lowest feature
level: TCP. In combination with the 1s delays this has the effect of
making us hit our transaction timeout way to easily.

As first attempt to improve the situation: let's start caching SERVFAIL
responses in our cache, after the full downgrade for a short period of
time.

Conceptually this is exposed as "weird rcode" caching, but for now we
only consider SERVFAIL a "weird rcode" worthy of caching. Later on we
might want to add more.
 		2017-02-17 10:25:15 +01:00
..
.gitignore resolve: add more record types and convert to gperf table 2014-08-03 22:02:32 -04:00
Makefile resolved: add daemon to manage resolv.conf 2014-05-19 18:14:56 +02:00
RFCs tree-wide: use mdash instead of a two minuses 2016-04-21 23:00:13 -04:00
dns-type.c build-sys: add check for gperf lookup function signature (#5055) 2017-01-10 08:39:05 +01:00
dns-type.h resolved: explicitly refuse zone transfers using the bus API 2016-06-21 13:20:48 +02:00
org.freedesktop.resolve1.conf resolved: add legacy dbus service and policy files 2014-07-16 03:41:39 +02:00
org.freedesktop.resolve1.service resolved: add legacy dbus service and policy files 2014-07-16 03:41:39 +02:00
resolv.conf resolved: respond to local resolver requests on 127.0.0.53:53 2016-06-21 14:15:23 +02:00
resolve-tool.c Merge pull request #4832 from rojkov/mdns 2017-02-12 15:38:51 -05:00
resolved-bus.c resolved: when following a CNAME initialize authenticated bit by the weakest answer 2017-02-09 16:13:07 +01:00
resolved-bus.h tree-wide: remove Emacs lines from all files 2016-02-10 13:41:57 +01:00
resolved-conf.c Merge pull request #4061 from dm0-/coreos-1545 2016-10-07 23:38:03 +02:00
resolved-conf.h build-sys: add check for gperf lookup function signature (#5055) 2017-01-10 08:39:05 +01:00
resolved-def.h resolved: include inttypes.h in resolved-def.h given that we use UINT64_C 2016-02-10 14:32:27 +01:00
resolved-dns-answer.c treewide: fix typos and remove accidental repetition of words 2016-07-11 16:18:43 +02:00
resolved-dns-answer.h resolved: implement sending goodbye mDNS packet 2017-01-19 11:51:21 +02:00
resolved-dns-cache.c resolved: cache SERVFAIL responses for 30s 2017-02-17 10:25:15 +01:00
resolved-dns-cache.h resolved: when using the ResolveRecord() bus call, adjust TTL for caching time 2016-06-21 13:20:48 +02:00
resolved-dns-dnssec.c resolved: fix NSEC proofs for missing TLDs 2017-02-17 10:25:15 +01:00
resolved-dns-dnssec.h tree-wide: remove Emacs lines from all files 2016-02-10 13:41:57 +01:00
resolved-dns-packet.c resolved: implement sending goodbye mDNS packet 2017-01-19 11:51:21 +02:00
resolved-dns-packet.h resolved: add cache-flush bit to answers in mDNS announcements 2017-01-19 11:51:21 +02:00
resolved-dns-query.c resolved: when accepted a query candidate as final answer, propagate authentication bool even on failure 2017-02-17 10:25:15 +01:00
resolved-dns-query.h resolved: when following a CNAME initialize authenticated bit by the weakest answer 2017-02-09 16:13:07 +01:00
resolved-dns-question.c Replace DNS_RESOURCE_KEY_NAME with a version which always returns "." for root 2016-02-16 19:55:51 -05:00
resolved-dns-question.h resolved: add dns_answer_is_empty() and dns_question_is_empty() helpers 2016-06-21 13:20:48 +02:00
resolved-dns-rr.c resolved: add cache-flush bit to answers in mDNS announcements 2017-01-19 11:51:21 +02:00
resolved-dns-rr.h resolved: respond to local resolver requests on 127.0.0.53:53 2016-06-21 14:15:23 +02:00
resolved-dns-scope.c resolved: size the mdns announce answer array properly 2017-02-14 11:13:48 +01:00
resolved-dns-scope.h resolved: let's propagate errors from dns_scope_announce() and elsewhere 2017-02-13 20:44:11 +01:00
resolved-dns-search-domain.c tree-wide: use mfree more 2016-10-16 23:35:39 -04:00
resolved-dns-search-domain.h tree-wide: remove Emacs lines from all files 2016-02-10 13:41:57 +01:00
resolved-dns-server.c resolved: when DNSSEC mode is disabled, don't go beyond EDNS0 feature level 2017-02-17 10:25:15 +01:00
resolved-dns-server.h resolved: when the dns server feature level grace period elapses, flush caches 2017-02-17 10:25:15 +01:00
resolved-dns-stream.c tree-wide: use mfree more 2016-10-16 23:35:39 -04:00
resolved-dns-stream.h resolved: directly include some required headers instead of inheriting 2016-08-31 15:33:21 -07:00
resolved-dns-stub.c resolved: propagate AD bit for NXDOMAIN into stub replies 2017-02-17 10:25:15 +01:00
resolved-dns-stub.h resolved: simplify error handling in manager_dns_stub_{udp,tcp}_fd() 2016-10-09 21:22:23 -04:00
resolved-dns-synthesize.c Replace DNS_RESOURCE_KEY_NAME with a version which always returns "." for root 2016-02-16 19:55:51 -05:00
resolved-dns-synthesize.h resolved: synthesize RRs for data from /etc/hosts 2016-01-25 17:19:19 +01:00
resolved-dns-transaction.c resolved: lengthen timeout for TCP transactions 2017-02-17 10:25:15 +01:00
resolved-dns-transaction.h resolved: implement mDNS probing and announcement 2017-01-19 11:51:21 +02:00
resolved-dns-trust-anchor.c resolved: make sure configured NTAs affect subdomains too 2017-02-17 10:25:15 +01:00
resolved-dns-trust-anchor.h tree-wide: remove Emacs lines from all files 2016-02-10 13:41:57 +01:00
resolved-dns-zone.c resolved: implement mDNS probing and announcement 2017-01-19 11:51:21 +02:00
resolved-dns-zone.h resolved: populate mDNS scopes' zones with RRs for the host 2017-01-19 11:51:21 +02:00
resolved-etc-hosts.c resolved: correctly handle non-address RR types with /etc/hosts lookups (#4808) 2016-12-22 07:58:02 +01:00
resolved-etc-hosts.h resolved: synthesize RRs for data from /etc/hosts 2016-01-25 17:19:19 +01:00
resolved-gperf.gperf resolved: add an option to control the DNS stub listener 2016-10-07 12:14:38 -07:00
resolved-link-bus.c resolve: fix strv memleak 2017-01-24 22:27:21 -05:00
resolved-link-bus.h resolved: rename "SearchDomains" property in the Manager interface to "Domains" 2016-02-13 20:33:49 +01:00
resolved-link.c resolved: count the number of addresses per link 2017-02-13 20:41:09 +01:00
resolved-link.h resolved: count the number of addresses per link 2017-02-13 20:41:09 +01:00
resolved-llmnr.c resolved: respond to local resolver requests on 127.0.0.53:53 2016-06-21 14:15:23 +02:00
resolved-llmnr.h tree-wide: remove Emacs lines from all files 2016-02-10 13:41:57 +01:00
resolved-manager.c Merge pull request #4832 from rojkov/mdns 2017-02-12 15:38:51 -05:00
resolved-manager.h Merge pull request #4832 from rojkov/mdns 2017-02-12 15:38:51 -05:00
resolved-mdns.c resolved: restore ANY reply behaviour for mDNS 2017-02-14 11:13:58 +01:00
resolved-mdns.h resolved: implement mDNS probing and announcement 2017-01-19 11:51:21 +02:00
resolved-resolv-conf.c resolved: use macro for private resolve.conf 2016-11-10 14:23:33 +01:00
resolved-resolv-conf.h tree-wide: remove Emacs lines from all files 2016-02-10 13:41:57 +01:00
resolved.c treewide: fix typos (#4802) 2016-12-02 09:20:26 -05:00
resolved.conf.in resolved: add an option to control the DNS stub listener 2016-10-07 12:14:38 -07:00
test-dns-packet.c test: drop TEST_DATA_DIR, fold into get_testdata_dir() 2017-02-16 21:45:57 +01:00
test-dnssec-complex.c tree-wide: drop NULL sentinel from strjoin 2016-10-23 11:43:27 -04:00
test-dnssec.c test-dnssec: drop unused variable 2016-04-12 13:51:28 +02:00
test-resolve-tables.c test-resolve-tables: verify that dns type/class length is within limits 2016-02-16 19:55:51 -05:00