1 /* 2 * iterator/iter_delegpt.h - delegation point with NS and address information. 3 * 4 * Copyright (c) 2007, NLnet Labs. All rights reserved. 5 * 6 * This software is open source. 7 * 8 * Redistribution and use in source and binary forms, with or without 9 * modification, are permitted provided that the following conditions 10 * are met: 11 * 12 * Redistributions of source code must retain the above copyright notice, 13 * this list of conditions and the following disclaimer. 14 * 15 * Redistributions in binary form must reproduce the above copyright notice, 16 * this list of conditions and the following disclaimer in the documentation 17 * and/or other materials provided with the distribution. 18 * 19 * Neither the name of the NLNET LABS nor the names of its contributors may 20 * be used to endorse or promote products derived from this software without 21 * specific prior written permission. 22 * 23 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 24 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 25 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR 26 * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT 27 * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 28 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED 29 * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR 30 * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF 31 * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING 32 * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS 33 * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 34 */ 35 36 /** 37 * \file 38 * 39 * This file implements the Delegation Point. It contains a list of name servers 40 * and their addresses if known. 41 */ 42 43 #ifndef ITERATOR_ITER_DELEGPT_H 44 #define ITERATOR_ITER_DELEGPT_H 45 #include "util/log.h" 46 struct regional; 47 struct delegpt_ns; 48 struct delegpt_addr; 49 struct dns_msg; 50 struct ub_packed_rrset_key; 51 struct msgreply_entry; 52 53 /** 54 * Delegation Point. 55 * For a domain name, the NS rrset, and the A and AAAA records for those. 56 */ 57 struct delegpt { 58 /** the domain name of the delegation point. */ 59 uint8_t* name; 60 /** length of the delegation point name */ 61 size_t namelen; 62 /** number of labels in delegation point */ 63 int namelabs; 64 65 /** the nameservers, names from the NS RRset rdata. */ 66 struct delegpt_ns* nslist; 67 /** the target addresses for delegation */ 68 struct delegpt_addr* target_list; 69 /** the list of usable targets; subset of target_list 70 * the items in this list are not part of the result list. */ 71 struct delegpt_addr* usable_list; 72 /** the list of returned targets; subset of target_list */ 73 struct delegpt_addr* result_list; 74 75 /** if true, the NS RRset was bogus. All info is bad. */ 76 int bogus; 77 /** if true, the parent-side NS record has been applied: 78 * its names have been added and their addresses can follow later. 79 * Also true if the delegationpoint was created from a delegation 80 * message and thus contains the parent-side-info already. */ 81 uint8_t has_parent_side_NS; 82 /** if true, the delegation point has reached last resort processing 83 * and the parent side information has been possibly added to the 84 * delegation point. 85 * For now this signals that further target lookups will ignore 86 * the configured target-fetch-policy and only resolve on 87 * demand to try and avoid triggering limits at this stage (.i.e, it 88 * is very likely that the A/AAAA queries for the newly added name 89 * servers will not yield new IP addresses and trigger NXNS 90 * countermeasures. */ 91 uint8_t fallback_to_parent_side_NS; 92 /** for assertions on type of delegpt */ 93 uint8_t dp_type_mlc; 94 /** use SSL for upstream query */ 95 uint8_t ssl_upstream; 96 /** use TCP for upstream query */ 97 uint8_t tcp_upstream; 98 /** delegpt from authoritative zone that is locally hosted */ 99 uint8_t auth_dp; 100 /*** no cache */ 101 int no_cache; 102 }; 103 104 /** 105 * Nameservers for a delegation point. 106 */ 107 struct delegpt_ns { 108 /** next in list */ 109 struct delegpt_ns* next; 110 /** name of nameserver */ 111 uint8_t* name; 112 /** length of name */ 113 size_t namelen; 114 /** number of cache lookups for the name */ 115 int cache_lookup_count; 116 /** 117 * If the name has been resolved. false if not queried for yet. 118 * true if the A, AAAA queries have been generated. 119 * marked true if those queries fail. 120 * and marked true if got4 and got6 are both true. 121 */ 122 int resolved; 123 /** if the ipv4 address is in the delegpt, 0=not, 1=yes 2=negative, 124 * negative means it was done, but no content. */ 125 uint8_t got4; 126 /** if the ipv6 address is in the delegpt, 0=not, 1=yes 2=negative */ 127 uint8_t got6; 128 /** 129 * If the name is parent-side only and thus dispreferred. 130 * Its addresses become dispreferred as well 131 */ 132 uint8_t lame; 133 /** if the parent-side ipv4 address has been looked up (last resort). 134 * Also enabled if a parent-side cache entry exists, or a parent-side 135 * negative-cache entry exists. */ 136 uint8_t done_pside4; 137 /** if the parent-side ipv6 address has been looked up (last resort). 138 * Also enabled if a parent-side cache entry exists, or a parent-side 139 * negative-cache entry exists. */ 140 uint8_t done_pside6; 141 /** the TLS authentication name, (if not NULL) to use. */ 142 char* tls_auth_name; 143 /** the port to use; it should mostly be the default 53 but configured 144 * upstreams can provide nondefault ports. */ 145 int port; 146 }; 147 148 /** 149 * Address of target nameserver in delegation point. 150 */ 151 struct delegpt_addr { 152 /** next delegation point in results */ 153 struct delegpt_addr* next_result; 154 /** next delegation point in usable list */ 155 struct delegpt_addr* next_usable; 156 /** next delegation point in all targets list */ 157 struct delegpt_addr* next_target; 158 159 /** delegation point address */ 160 struct sockaddr_storage addr; 161 /** length of addr */ 162 socklen_t addrlen; 163 /** number of attempts for this addr */ 164 int attempts; 165 /** rtt stored here in the selection algorithm */ 166 int sel_rtt; 167 /** if true, the A or AAAA RR was bogus, so this address is bad. 168 * Also check the dp->bogus to see if everything is bogus. */ 169 uint8_t bogus; 170 /** if true, this address is dispreferred: it is a lame IP address */ 171 uint8_t lame; 172 /** if the address is dnsseclame, but this cannot be cached, this 173 * option is useful to mark the address dnsseclame. 174 * This value is not copied in addr-copy and dp-copy. */ 175 uint8_t dnsseclame; 176 /** the TLS authentication name, (if not NULL) to use. */ 177 char* tls_auth_name; 178 }; 179 180 /** 181 * Create new delegation point. 182 * @param regional: where to allocate it. 183 * @return new delegation point or NULL on error. 184 */ 185 struct delegpt* delegpt_create(struct regional* regional); 186 187 /** 188 * Create a copy of a delegation point. 189 * @param dp: delegation point to copy. 190 * @param regional: where to allocate it. 191 * @return new delegation point or NULL on error. 192 */ 193 struct delegpt* delegpt_copy(struct delegpt* dp, struct regional* regional); 194 195 /** 196 * Set name of delegation point. 197 * @param dp: delegation point. 198 * @param regional: where to allocate the name copy. 199 * @param name: name to use. 200 * @return false on error. 201 */ 202 int delegpt_set_name(struct delegpt* dp, struct regional* regional, 203 uint8_t* name); 204 205 /** 206 * Add a name to the delegation point. 207 * @param dp: delegation point. 208 * @param regional: where to allocate the info. 209 * @param name: domain name in wire format. 210 * @param lame: name is lame, disprefer it. 211 * @param tls_auth_name: TLS authentication name (or NULL). 212 * @param port: port to use for resolved addresses. 213 * @return false on error. 214 */ 215 int delegpt_add_ns(struct delegpt* dp, struct regional* regional, 216 uint8_t* name, uint8_t lame, char* tls_auth_name, int port); 217 218 /** 219 * Add NS rrset; calls add_ns repeatedly. 220 * @param dp: delegation point. 221 * @param regional: where to allocate the info. 222 * @param ns_rrset: NS rrset. 223 * @param lame: rrset is lame, disprefer it. 224 * @return 0 on alloc error. 225 */ 226 int delegpt_rrset_add_ns(struct delegpt* dp, struct regional* regional, 227 struct ub_packed_rrset_key* ns_rrset, uint8_t lame); 228 229 /** 230 * Add target address to the delegation point. 231 * @param dp: delegation point. 232 * @param regional: where to allocate the info. 233 * @param name: name for which target was found (must be in nslist). 234 * This name is marked resolved. 235 * @param namelen: length of name. 236 * @param addr: the address. 237 * @param addrlen: the length of addr. 238 * @param bogus: security status for the address, pass true if bogus. 239 * @param lame: address is lame. 240 * @param additions: will be set to 1 if a new address is added 241 * @return false on error. 242 */ 243 int delegpt_add_target(struct delegpt* dp, struct regional* regional, 244 uint8_t* name, size_t namelen, struct sockaddr_storage* addr, 245 socklen_t addrlen, uint8_t bogus, uint8_t lame, int* additions); 246 247 /** 248 * Add A RRset to delegpt. 249 * @param dp: delegation point. 250 * @param regional: where to allocate the info. 251 * @param rrset: RRset A to add. 252 * @param lame: rrset is lame, disprefer it. 253 * @param additions: will be set to 1 if a new address is added 254 * @return 0 on alloc error. 255 */ 256 int delegpt_add_rrset_A(struct delegpt* dp, struct regional* regional, 257 struct ub_packed_rrset_key* rrset, uint8_t lame, int* additions); 258 259 /** 260 * Add AAAA RRset to delegpt. 261 * @param dp: delegation point. 262 * @param regional: where to allocate the info. 263 * @param rrset: RRset AAAA to add. 264 * @param lame: rrset is lame, disprefer it. 265 * @param additions: will be set to 1 if a new address is added 266 * @return 0 on alloc error. 267 */ 268 int delegpt_add_rrset_AAAA(struct delegpt* dp, struct regional* regional, 269 struct ub_packed_rrset_key* rrset, uint8_t lame, int* additions); 270 271 /** 272 * Add any RRset to delegpt. 273 * Does not check for duplicates added. 274 * @param dp: delegation point. 275 * @param regional: where to allocate the info. 276 * @param rrset: RRset to add, NS, A, AAAA. 277 * @param lame: rrset is lame, disprefer it. 278 * @param additions: will be set to 1 if a new address is added 279 * @return 0 on alloc error. 280 */ 281 int delegpt_add_rrset(struct delegpt* dp, struct regional* regional, 282 struct ub_packed_rrset_key* rrset, uint8_t lame, int* additions); 283 284 /** 285 * Add address to the delegation point. No servername is associated or checked. 286 * @param dp: delegation point. 287 * @param regional: where to allocate the info. 288 * @param addr: the address. 289 * @param addrlen: the length of addr. 290 * @param bogus: if address is bogus. 291 * @param lame: if address is lame. 292 * @param tls_auth_name: TLS authentication name (or NULL). 293 * @param port: the port to use; if -1 the port is taken from addr. 294 * @param additions: will be set to 1 if a new address is added 295 * @return false on error. 296 */ 297 int delegpt_add_addr(struct delegpt* dp, struct regional* regional, 298 struct sockaddr_storage* addr, socklen_t addrlen, 299 uint8_t bogus, uint8_t lame, char* tls_auth_name, int port, 300 int* additions); 301 302 /** 303 * Find NS record in name list of delegation point. 304 * @param dp: delegation point. 305 * @param name: name of nameserver to look for, uncompressed wireformat. 306 * @param namelen: length of name. 307 * @return the ns structure or NULL if not found. 308 */ 309 struct delegpt_ns* delegpt_find_ns(struct delegpt* dp, uint8_t* name, 310 size_t namelen); 311 312 /** 313 * Find address record in total list of delegation point. 314 * @param dp: delegation point. 315 * @param addr: address 316 * @param addrlen: length of addr 317 * @return the addr structure or NULL if not found. 318 */ 319 struct delegpt_addr* delegpt_find_addr(struct delegpt* dp, 320 struct sockaddr_storage* addr, socklen_t addrlen); 321 322 /** 323 * Print the delegation point to the log. For debugging. 324 * @param v: verbosity value that is needed to emit to log. 325 * @param dp: delegation point. 326 */ 327 void delegpt_log(enum verbosity_value v, struct delegpt* dp); 328 329 /** count NS and number missing for logging */ 330 void delegpt_count_ns(struct delegpt* dp, size_t* numns, size_t* missing); 331 332 /** count addresses, and number in result and available lists, for logging */ 333 void delegpt_count_addr(struct delegpt* dp, size_t* numaddr, size_t* numres, 334 size_t* numavail); 335 336 /** 337 * Add all usable targets to the result list. 338 * @param dp: delegation point. 339 */ 340 void delegpt_add_unused_targets(struct delegpt* dp); 341 342 /** 343 * Count number of missing targets. These are ns names with no resolved flag. 344 * @param dp: delegation point. 345 * @param alllame: if set, check if all the missing targets are lame. 346 * @return number of missing targets (or 0). 347 */ 348 size_t delegpt_count_missing_targets(struct delegpt* dp, int* alllame); 349 350 /** count total number of targets in dp */ 351 size_t delegpt_count_targets(struct delegpt* dp); 352 353 /** 354 * Create new delegation point from a dns message 355 * 356 * Note that this method does not actually test to see if the message is an 357 * actual referral. It really is just checking to see if it can construct a 358 * delegation point, so the message could be of some other type (some ANSWER 359 * messages, some CNAME messages, generally.) Note that the resulting 360 * DelegationPoint will contain targets for all "relevant" glue (i.e., 361 * address records whose ownernames match the target of one of the NS 362 * records), so if policy dictates that some glue should be discarded beyond 363 * that, discard it before calling this method. Note that this method will 364 * find "glue" in either the ADDITIONAL section or the ANSWER section. 365 * 366 * @param msg: the dns message, referral. 367 * @param regional: where to allocate delegation point. 368 * @return new delegation point or NULL on alloc error, or if the 369 * message was not appropriate. 370 */ 371 struct delegpt* delegpt_from_message(struct dns_msg* msg, 372 struct regional* regional); 373 374 /** 375 * Mark negative return in delegation point for specific nameserver. 376 * sets the got4 or got6 to negative, updates the ns->resolved. 377 * @param ns: the nameserver in the delegpt. 378 * @param qtype: A or AAAA (host order). 379 */ 380 void delegpt_mark_neg(struct delegpt_ns* ns, uint16_t qtype); 381 382 /** 383 * Add negative message to delegation point. 384 * @param dp: delegation point. 385 * @param msg: the message added, marks off A or AAAA from an NS entry. 386 */ 387 void delegpt_add_neg_msg(struct delegpt* dp, struct msgreply_entry* msg); 388 389 /** 390 * Register the fact that there is no ipv6 and thus AAAAs are not going 391 * to be queried for or be useful. 392 * @param dp: the delegation point. Updated to reflect no ipv6. 393 */ 394 void delegpt_no_ipv6(struct delegpt* dp); 395 396 /** 397 * Register the fact that there is no ipv4 and thus As are not going 398 * to be queried for or be useful. 399 * @param dp: the delegation point. Updated to reflect no ipv4. 400 */ 401 void delegpt_no_ipv4(struct delegpt* dp); 402 403 /** 404 * create malloced delegation point, with the given name 405 * @param name: uncompressed wireformat of delegpt name. 406 * @return NULL on alloc failure 407 */ 408 struct delegpt* delegpt_create_mlc(uint8_t* name); 409 410 /** 411 * free malloced delegation point. 412 * @param dp: must have been created with delegpt_create_mlc, free'd. 413 */ 414 void delegpt_free_mlc(struct delegpt* dp); 415 416 /** 417 * Set name of delegation point. 418 * @param dp: delegation point. malloced. 419 * @param name: name to use. 420 * @return false on error. 421 */ 422 int delegpt_set_name_mlc(struct delegpt* dp, uint8_t* name); 423 424 /** 425 * add a name to malloced delegation point. 426 * @param dp: must have been created with delegpt_create_mlc. 427 * @param name: the name to add. 428 * @param lame: the name is lame, disprefer. 429 * @param tls_auth_name: TLS authentication name (or NULL). 430 * @param port: port to use for resolved addresses. 431 * @return false on error. 432 */ 433 int delegpt_add_ns_mlc(struct delegpt* dp, uint8_t* name, uint8_t lame, 434 char* tls_auth_name, int port); 435 436 /** 437 * add an address to a malloced delegation point. 438 * @param dp: must have been created with delegpt_create_mlc. 439 * @param addr: the address. 440 * @param addrlen: the length of addr. 441 * @param bogus: if address is bogus. 442 * @param lame: if address is lame. 443 * @param tls_auth_name: TLS authentication name (or NULL). 444 * @param port: the port to use; if -1 the port is taken from addr. 445 * @return false on error. 446 */ 447 int delegpt_add_addr_mlc(struct delegpt* dp, struct sockaddr_storage* addr, 448 socklen_t addrlen, uint8_t bogus, uint8_t lame, char* tls_auth_name, 449 int port); 450 451 /** 452 * Add target address to the delegation point. 453 * @param dp: must have been created with delegpt_create_mlc. 454 * @param name: name for which target was found (must be in nslist). 455 * This name is marked resolved. 456 * @param namelen: length of name. 457 * @param addr: the address. 458 * @param addrlen: the length of addr. 459 * @param bogus: security status for the address, pass true if bogus. 460 * @param lame: address is lame. 461 * @return false on error. 462 */ 463 int delegpt_add_target_mlc(struct delegpt* dp, uint8_t* name, size_t namelen, 464 struct sockaddr_storage* addr, socklen_t addrlen, uint8_t bogus, 465 uint8_t lame); 466 467 /** get memory in use by dp */ 468 size_t delegpt_get_mem(struct delegpt* dp); 469 470 /** 471 * See if the addr is on the result list. 472 * @param dp: delegation point. 473 * @param find: the pointer is searched for on the result list. 474 * @return 1 if found, 0 if not found. 475 */ 476 int delegpt_addr_on_result_list(struct delegpt* dp, struct delegpt_addr* find); 477 478 /** 479 * Remove the addr from the usable list. 480 * @param dp: the delegation point. 481 * @param del: the addr to remove from the list, the pointer is searched for. 482 */ 483 void delegpt_usable_list_remove_addr(struct delegpt* dp, 484 struct delegpt_addr* del); 485 486 /** 487 * Add the delegpt_addr back to the result list, if it is not already on 488 * the result list. Also removes it from the usable list. 489 * @param dp: delegation point. 490 * @param a: addr to add, nothing happens if it is already on the result list. 491 * It is removed from the usable list. 492 */ 493 void delegpt_add_to_result_list(struct delegpt* dp, struct delegpt_addr* a); 494 495 #endif /* ITERATOR_ITER_DELEGPT_H */ 496