770. [func] Add the "edns yes_or_no" statement to the server

clause. [RT #524]
2025-08-29 13:38:26 +00:00 · 2001-03-06 23:54:37 +00:00 · 2001-03-06 23:54:37 +00:00 · d25dd5b056
commit d25dd5b056
parent 3fccea030d
8 changed files with 81 additions and 12 deletions
--- a/3
+++ b/3
@ -1,3 +1,6 @@
+ 770.	[func]		Add the "edns yes_or_no" statement to the server
+			clause. [RT #524]
+
 769.	[func]		Improved error reporting when parsing rdata. [RT #740]

 768.	[bug]		The server did not emit an SOA when a CNAME
--- a/bin/named/server.c
+++ b/bin/named/server.c
@ -15,7 +15,7 @@
 * WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 */

-/* $Id: server.c,v 1.297 2001/03/06 19:04:42 bwelling Exp $ */
+/* $Id: server.c,v 1.298 2001/03/06 23:54:29 bwelling Exp $ */

 #include <config.h>

@ -423,6 +423,11 @@ configure_peer(cfg_obj_t *cpeer, isc_mem_t *mctx, dns_peer_t **peerp) {
 	if (obj != NULL)
 		dns_peer_setrequestixfr(peer, cfg_obj_asboolean(obj));

+	obj = NULL;
+	(void)cfg_map_get(cpeer, "edns", &obj);
+	if (obj != NULL)
+		dns_peer_setsupportedns(peer, cfg_obj_asboolean(obj));
+
 	obj = NULL;
 	(void)cfg_map_get(cpeer, "transfers", &obj);
 	if (obj != NULL)
--- a/doc/arm/Bv9ARM-book.xml
+++ b/doc/arm/Bv9ARM-book.xml
@ -2,7 +2,7 @@
 <!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.0//EN"
               "http://www.oasis-open.org/docbook/xml/4.0/docbookx.dtd">

-<!-- File: $Id: Bv9ARM-book.xml,v 1.109 2001/03/06 07:38:18 bwelling Exp $ -->
+<!-- File: $Id: Bv9ARM-book.xml,v 1.110 2001/03/06 23:54:30 bwelling Exp $ -->

 <book>
 <title>BIND 9 Administrator Reference Manual</title>
@ -3661,6 +3661,7 @@ failure response other than those above.</para></entry>
    <optional> bogus <replaceable>yes_or_no</replaceable> ; </optional>
    <optional> provide-ixfr <replaceable>yes_or_no</replaceable> ; </optional>
    <optional> request-ixfr <replaceable>yes_or_no</replaceable> ; </optional>
+    <optional> edns <replaceable>yes_or_no</replaceable> ; </optional>
    <optional> transfers <replaceable>number</replaceable> ; </optional>
    <optional> transfer-format <replaceable>( one-answer | many-answers )</replaceable> ; ]</optional>
    <optional> keys <replaceable>{ string ; <optional> string ; <optional>...</optional></optional> }</replaceable> ; </optional>
@ -3701,6 +3702,11 @@ The purpose of the <command>provide-ixfr</command> and
 to make it possible to disable the use of IXFR even when both master
 and slave claim to support it, for example if one of the servers
 is buggy and crashes or corrupts data when IXFR is used.</para>
+
+<para>The <command>edns</command> clause determines whether the local server
+will attempt to use EDNS when communicating with the remote server.  The
+default is yes.</para>
+
 <para>The server supports two zone transfer methods. The first, <command>one-answer</command>,
 uses one DNS message per resource record transferred. <command>many-answers</command> packs
 as many resource records as possible into a message. <command>many-answers</command> is
@ -3713,6 +3719,7 @@ by the <command>options</command> statement will be used.</para>
 concurrent inbound zone transfers from the specified server. If
 no <command>transfers</command> clause is specified, the limit is
 set according to the <command>transfers-per-ns</command> option.</para>
+
 <para>The <command>keys</command> clause is used to identify a <command>key_id</command> defined
 by the <command>key</command> statement, to be used for transaction
 security when talking to the remote server. The <command>key</command> statement
@ -3721,6 +3728,7 @@ it. When a request is sent to the remote server, a request signature
 will be generated using the key specified here and appended to the
 message. A request originating from the remote server is not required
 to be signed by this key.</para>
+
 <para>Although the grammar of the <command>keys</command> clause
 allows for multiple keys, only a single key per server is currently
 supported.</para></sect2>
--- a/doc/misc/options
+++ b/doc/misc/options
@ -1,7 +1,7 @@
 Copyright (C) 2000, 2001  Internet Software Consortium.
 See COPYRIGHT in the source root or http://isc.org/copyright.html for terms.

-$Id: options,v 1.60 2001/03/05 23:44:59 bwelling Exp $
+$Id: options,v 1.61 2001/03/06 23:54:32 bwelling Exp $

 This is a summary of the implementation status of the various named.conf
 options in BIND 9.
@ -141,6 +141,7 @@ server ip_addr {
  [ request-ixfr yes_or_no; ]				    Yes*
  [ provide-ixfr yes_or_no; ]				    Yes*
  [ support-ixfr yes_or_no; ]				    Obsolete
+  [ edns yes_or_no; ]					    Yes*
  [ transfers number; ]					    Yes
  [ transfer-format ( one-answer | many-answers ); ]	    Yes
  [ keys { key_id [key_id ... ] }; ]			    Yes
--- a/lib/dns/include/dns/peer.h
+++ b/lib/dns/include/dns/peer.h
@ -15,7 +15,7 @@
 * WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 */

-/* $Id: peer.h,v 1.13 2001/01/09 21:53:10 bwelling Exp $ */
+/* $Id: peer.h,v 1.14 2001/03/06 23:54:36 bwelling Exp $ */

 #ifndef DNS_PEER_H
 #define DNS_PEER_H 1
@ -70,6 +70,7 @@ struct dns_peer {
 	isc_boolean_t		support_ixfr;
 	isc_boolean_t		provide_ixfr;
 	isc_boolean_t		request_ixfr;
+	isc_boolean_t		support_edns;
 	dns_name_t	       *key;

 	isc_uint32_t		bitflags;
@ -143,6 +144,12 @@ dns_peer_setprovideixfr(dns_peer_t *peer, isc_boolean_t newval);
 isc_result_t
 dns_peer_getprovideixfr(dns_peer_t *peer, isc_boolean_t *retval);

+isc_result_t
+dns_peer_setsupportedns(dns_peer_t *peer, isc_boolean_t newval);
+
+isc_result_t
+dns_peer_getsupportedns(dns_peer_t *peer, isc_boolean_t *retval);
+
 isc_result_t
 dns_peer_settransfers(dns_peer_t *peer, isc_int32_t newval);

--- a/lib/dns/peer.c
+++ b/lib/dns/peer.c
@ -15,7 +15,7 @@
 * WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 */

-/* $Id: peer.c,v 1.13 2001/03/01 02:28:34 bwelling Exp $ */
+/* $Id: peer.c,v 1.14 2001/03/06 23:54:33 bwelling Exp $ */

 #include <config.h>

@ -36,6 +36,7 @@
 #define TRANSFERS_BIT			2
 #define PROVIDE_IXFR_BIT		3
 #define REQUEST_IXFR_BIT		4
+#define SUPPORT_EDNS_BIT		5

 static isc_result_t
 dns_peerlist_delete(dns_peerlist_t **list);
@ -358,6 +359,32 @@ dns_peer_getrequestixfr(dns_peer_t *peer, isc_boolean_t *retval) {
 		return (ISC_R_NOTFOUND);
 }

+isc_result_t
+dns_peer_setsupportedns(dns_peer_t *peer, isc_boolean_t newval) {
+	isc_boolean_t existed;
+
+	REQUIRE(DNS_PEER_VALID(peer));
+
+	existed = DNS_BIT_CHECK(SUPPORT_EDNS_BIT, &peer->bitflags);
+
+	peer->support_edns = newval;
+	DNS_BIT_SET(SUPPORT_EDNS_BIT, &peer->bitflags);
+
+	return (existed ? ISC_R_EXISTS : ISC_R_SUCCESS);
+}
+
+isc_result_t
+dns_peer_getsupportedns(dns_peer_t *peer, isc_boolean_t *retval) {
+	REQUIRE(DNS_PEER_VALID(peer));
+	REQUIRE(retval != NULL);
+
+	if (DNS_BIT_CHECK(SUPPORT_EDNS_BIT, &peer->bitflags)) {
+		*retval = peer->support_edns;
+		return (ISC_R_SUCCESS);
+	} else
+		return (ISC_R_NOTFOUND);
+}
+
 isc_result_t
 dns_peer_settransfers(dns_peer_t *peer, isc_int32_t newval) {
 	isc_boolean_t existed;
--- a/lib/dns/resolver.c
+++ b/lib/dns/resolver.c
@ -15,7 +15,7 @@
 * WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 */

-/* $Id: resolver.c,v 1.207 2001/03/05 21:15:44 bwelling Exp $ */
+/* $Id: resolver.c,v 1.208 2001/03/06 23:54:34 bwelling Exp $ */

 #include <config.h>

@ -852,6 +852,7 @@ resquery_send(resquery_t *query) {
 	dns_tsigkey_t *tsigkey = NULL;
 	dns_acl_t *blackhole;
 	dns_peer_t *peer = NULL;
+	isc_boolean_t useedns;
 	isc_boolean_t bogus;
 	isc_boolean_t aborted = ISC_FALSE;
 	dns_compress_t cctx;
@ -943,6 +944,26 @@ resquery_send(resquery_t *query) {
 	if (result != ISC_R_SUCCESS)
 		goto cleanup_message;

+	peer = NULL;
+	isc_netaddr_fromsockaddr(&ipaddr, &query->addrinfo->sockaddr);
+	(void) dns_peerlist_peerbyaddr(fctx->res->view->peers, &ipaddr, &peer);
+
+	/*
+	 * The ADB does not know about servers with "edns no".  Check this,
+	 * and then inform the ADB for future use.
+	 */
+	if ((query->addrinfo->flags & DNS_FETCHOPT_NOEDNS0) == 0 &&
+	    peer != NULL &&
+	    dns_peer_getsupportedns(peer, &useedns) == ISC_R_SUCCESS &&
+	    !useedns)
+	{
+		query->options |= DNS_FETCHOPT_NOEDNS0;
+		dns_adb_changeflags(fctx->res->view->adb,
+				    query->addrinfo,
+				    DNS_FETCHOPT_NOEDNS0,
+				    DNS_FETCHOPT_NOEDNS0);
+	}
+
 	/*
 	 * Use EDNS0, unless the caller doesn't want it, or we know that
 	 * the remote server doesn't like it.
@ -993,7 +1014,6 @@ resquery_send(resquery_t *query) {
 	/*
 	 * Add TSIG record tailored to the current recipient.
 	 */
-	isc_netaddr_fromsockaddr(&ipaddr, &query->addrinfo->sockaddr);
 	result = dns_view_getpeertsig(fctx->res->view, &ipaddr, &tsigkey);
 	if (result != ISC_R_SUCCESS && result != ISC_R_NOTFOUND)
 		goto cleanup_message;
@ -1059,10 +1079,7 @@ resquery_send(resquery_t *query) {
 			aborted = ISC_TRUE;
 	}

-	peer = NULL;
-	result = dns_peerlist_peerbyaddr(fctx->res->view->peers, &ipaddr,
-					 &peer);
-	if (result == ISC_R_SUCCESS &&
+	if (peer != NULL &&
 	    dns_peer_getbogus(peer, &bogus) == ISC_R_SUCCESS &&
 	    bogus)
 		aborted = ISC_TRUE;
--- a/lib/isccfg/parser.c
+++ b/lib/isccfg/parser.c
@ -15,7 +15,7 @@
 * WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 */

-/* $Id: parser.c,v 1.43 2001/03/06 19:13:01 gson Exp $ */
+/* $Id: parser.c,v 1.44 2001/03/06 23:54:37 bwelling Exp $ */

 #include <config.h>

@ -1014,6 +1014,7 @@ server_clauses[] = {
 	{ "transfers", &cfg_type_uint32, 0 },
 	{ "transfer-format", &cfg_type_transferformat, 0 },
 	{ "keys", &cfg_type_server_key_kludge, 0 },
+	{ "edns", &cfg_type_boolean, 0 },
 	{ NULL, NULL, 0 }
 };
 static cfg_clausedef_t *