1 /* 2 * iterator/iter_hints.c - iterative resolver module stub and root hints. 3 * 4 * Copyright (c) 2007, NLnet Labs. All rights reserved. 5 * 6 * This software is open source. 7 * 8 * Redistribution and use in source and binary forms, with or without 9 * modification, are permitted provided that the following conditions 10 * are met: 11 * 12 * Redistributions of source code must retain the above copyright notice, 13 * this list of conditions and the following disclaimer. 14 * 15 * Redistributions in binary form must reproduce the above copyright notice, 16 * this list of conditions and the following disclaimer in the documentation 17 * and/or other materials provided with the distribution. 18 * 19 * Neither the name of the NLNET LABS nor the names of its contributors may 20 * be used to endorse or promote products derived from this software without 21 * specific prior written permission. 22 * 23 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 24 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 25 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR 26 * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT 27 * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 28 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED 29 * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR 30 * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF 31 * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING 32 * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS 33 * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 34 */ 35 36 /** 37 * \file 38 * 39 * This file contains functions to assist the iterator module. 40 * Keep track of stub and root hints, and read those from config. 41 */ 42 #include "config.h" 43 #include "iterator/iter_hints.h" 44 #include "iterator/iter_delegpt.h" 45 #include "util/log.h" 46 #include "util/config_file.h" 47 #include "util/net_help.h" 48 #include "util/data/dname.h" 49 #include "sldns/rrdef.h" 50 #include "sldns/str2wire.h" 51 #include "sldns/wire2str.h" 52 53 struct iter_hints* 54 hints_create(void) 55 { 56 struct iter_hints* hints = (struct iter_hints*)calloc(1, 57 sizeof(struct iter_hints)); 58 if(!hints) 59 return NULL; 60 return hints; 61 } 62 63 static void hints_stub_free(struct iter_hints_stub* s) 64 { 65 if(!s) return; 66 delegpt_free_mlc(s->dp); 67 free(s); 68 } 69 70 static void delhintnode(rbnode_type* n, void* ATTR_UNUSED(arg)) 71 { 72 struct iter_hints_stub* node = (struct iter_hints_stub*)n; 73 hints_stub_free(node); 74 } 75 76 static void hints_del_tree(struct iter_hints* hints) 77 { 78 traverse_postorder(&hints->tree, &delhintnode, NULL); 79 } 80 81 void 82 hints_delete(struct iter_hints* hints) 83 { 84 if(!hints) 85 return; 86 hints_del_tree(hints); 87 free(hints); 88 } 89 90 /** add hint to delegation hints */ 91 static int 92 ah(struct delegpt* dp, const char* sv, const char* ip) 93 { 94 struct sockaddr_storage addr; 95 socklen_t addrlen; 96 size_t dname_len; 97 uint8_t* dname = sldns_str2wire_dname(sv, &dname_len); 98 if(!dname) { 99 log_err("could not parse %s", sv); 100 return 0; 101 } 102 if(!delegpt_add_ns_mlc(dp, dname, 0, NULL, UNBOUND_DNS_PORT) || 103 !extstrtoaddr(ip, &addr, &addrlen, UNBOUND_DNS_PORT) || 104 !delegpt_add_target_mlc(dp, dname, dname_len, 105 &addr, addrlen, 0, 0)) { 106 free(dname); 107 return 0; 108 } 109 free(dname); 110 return 1; 111 } 112 113 /** obtain compiletime provided root hints */ 114 static struct delegpt* 115 compile_time_root_prime(int do_ip4, int do_ip6) 116 { 117 /* from: 118 ; This file is made available by InterNIC 119 ; under anonymous FTP as 120 ; file /domain/named.cache 121 ; on server FTP.INTERNIC.NET 122 ; -OR- RS.INTERNIC.NET 123 ; 124 ; related version of root zone: changes-on-20120103 125 */ 126 struct delegpt* dp = delegpt_create_mlc((uint8_t*)"\000"); 127 if(!dp) 128 return NULL; 129 dp->has_parent_side_NS = 1; 130 if(do_ip4) { 131 if(!ah(dp, "A.ROOT-SERVERS.NET.", "198.41.0.4")) goto failed; 132 if(!ah(dp, "B.ROOT-SERVERS.NET.", "199.9.14.201")) goto failed; 133 if(!ah(dp, "C.ROOT-SERVERS.NET.", "192.33.4.12")) goto failed; 134 if(!ah(dp, "D.ROOT-SERVERS.NET.", "199.7.91.13")) goto failed; 135 if(!ah(dp, "E.ROOT-SERVERS.NET.", "192.203.230.10")) goto failed; 136 if(!ah(dp, "F.ROOT-SERVERS.NET.", "192.5.5.241")) goto failed; 137 if(!ah(dp, "G.ROOT-SERVERS.NET.", "192.112.36.4")) goto failed; 138 if(!ah(dp, "H.ROOT-SERVERS.NET.", "198.97.190.53")) goto failed; 139 if(!ah(dp, "I.ROOT-SERVERS.NET.", "192.36.148.17")) goto failed; 140 if(!ah(dp, "J.ROOT-SERVERS.NET.", "192.58.128.30")) goto failed; 141 if(!ah(dp, "K.ROOT-SERVERS.NET.", "193.0.14.129")) goto failed; 142 if(!ah(dp, "L.ROOT-SERVERS.NET.", "199.7.83.42")) goto failed; 143 if(!ah(dp, "M.ROOT-SERVERS.NET.", "202.12.27.33")) goto failed; 144 } 145 if(do_ip6) { 146 if(!ah(dp, "A.ROOT-SERVERS.NET.", "2001:503:ba3e::2:30")) goto failed; 147 if(!ah(dp, "B.ROOT-SERVERS.NET.", "2001:500:200::b")) goto failed; 148 if(!ah(dp, "C.ROOT-SERVERS.NET.", "2001:500:2::c")) goto failed; 149 if(!ah(dp, "D.ROOT-SERVERS.NET.", "2001:500:2d::d")) goto failed; 150 if(!ah(dp, "E.ROOT-SERVERS.NET.", "2001:500:a8::e")) goto failed; 151 if(!ah(dp, "F.ROOT-SERVERS.NET.", "2001:500:2f::f")) goto failed; 152 if(!ah(dp, "G.ROOT-SERVERS.NET.", "2001:500:12::d0d")) goto failed; 153 if(!ah(dp, "H.ROOT-SERVERS.NET.", "2001:500:1::53")) goto failed; 154 if(!ah(dp, "I.ROOT-SERVERS.NET.", "2001:7fe::53")) goto failed; 155 if(!ah(dp, "J.ROOT-SERVERS.NET.", "2001:503:c27::2:30")) goto failed; 156 if(!ah(dp, "K.ROOT-SERVERS.NET.", "2001:7fd::1")) goto failed; 157 if(!ah(dp, "L.ROOT-SERVERS.NET.", "2001:500:9f::42")) goto failed; 158 if(!ah(dp, "M.ROOT-SERVERS.NET.", "2001:dc3::35")) goto failed; 159 } 160 return dp; 161 failed: 162 delegpt_free_mlc(dp); 163 return 0; 164 } 165 166 /** insert new hint info into hint structure */ 167 static int 168 hints_insert(struct iter_hints* hints, uint16_t c, struct delegpt* dp, 169 int noprime) 170 { 171 struct iter_hints_stub* node = (struct iter_hints_stub*)malloc( 172 sizeof(struct iter_hints_stub)); 173 if(!node) { 174 delegpt_free_mlc(dp); 175 return 0; 176 } 177 node->dp = dp; 178 node->noprime = (uint8_t)noprime; 179 if(!name_tree_insert(&hints->tree, &node->node, dp->name, dp->namelen, 180 dp->namelabs, c)) { 181 char buf[257]; 182 dname_str(dp->name, buf); 183 log_err("second hints for zone %s ignored.", buf); 184 delegpt_free_mlc(dp); 185 free(node); 186 } 187 return 1; 188 } 189 190 /** set stub name */ 191 static struct delegpt* 192 read_stubs_name(struct config_stub* s) 193 { 194 struct delegpt* dp; 195 size_t dname_len; 196 uint8_t* dname; 197 if(!s->name) { 198 log_err("stub zone without a name"); 199 return NULL; 200 } 201 dname = sldns_str2wire_dname(s->name, &dname_len); 202 if(!dname) { 203 log_err("cannot parse stub zone name %s", s->name); 204 return NULL; 205 } 206 if(!(dp=delegpt_create_mlc(dname))) { 207 free(dname); 208 log_err("out of memory"); 209 return NULL; 210 } 211 free(dname); 212 return dp; 213 } 214 215 /** set stub host names */ 216 static int 217 read_stubs_host(struct config_stub* s, struct delegpt* dp) 218 { 219 struct config_strlist* p; 220 uint8_t* dname; 221 char* tls_auth_name; 222 int port; 223 for(p = s->hosts; p; p = p->next) { 224 log_assert(p->str); 225 dname = authextstrtodname(p->str, &port, &tls_auth_name); 226 if(!dname) { 227 log_err("cannot parse stub %s nameserver name: '%s'", 228 s->name, p->str); 229 return 0; 230 } 231 #if ! defined(HAVE_SSL_SET1_HOST) && ! defined(HAVE_X509_VERIFY_PARAM_SET1_HOST) 232 if(tls_auth_name) 233 log_err("no name verification functionality in " 234 "ssl library, ignored name for %s", p->str); 235 #endif 236 if(!delegpt_add_ns_mlc(dp, dname, 0, tls_auth_name, port)) { 237 free(dname); 238 log_err("out of memory"); 239 return 0; 240 } 241 free(dname); 242 } 243 return 1; 244 } 245 246 /** set stub server addresses */ 247 static int 248 read_stubs_addr(struct config_stub* s, struct delegpt* dp) 249 { 250 struct config_strlist* p; 251 struct sockaddr_storage addr; 252 socklen_t addrlen; 253 char* auth_name; 254 for(p = s->addrs; p; p = p->next) { 255 log_assert(p->str); 256 if(!authextstrtoaddr(p->str, &addr, &addrlen, &auth_name)) { 257 log_err("cannot parse stub %s ip address: '%s'", 258 s->name, p->str); 259 return 0; 260 } 261 #if ! defined(HAVE_SSL_SET1_HOST) && ! defined(HAVE_X509_VERIFY_PARAM_SET1_HOST) 262 if(auth_name) 263 log_err("no name verification functionality in " 264 "ssl library, ignored name for %s", p->str); 265 #endif 266 if(!delegpt_add_addr_mlc(dp, &addr, addrlen, 0, 0, 267 auth_name, -1)) { 268 log_err("out of memory"); 269 return 0; 270 } 271 } 272 return 1; 273 } 274 275 /** read stubs config */ 276 static int 277 read_stubs(struct iter_hints* hints, struct config_file* cfg) 278 { 279 struct config_stub* s; 280 struct delegpt* dp; 281 for(s = cfg->stubs; s; s = s->next) { 282 if(!(dp=read_stubs_name(s))) 283 return 0; 284 if(!read_stubs_host(s, dp) || !read_stubs_addr(s, dp)) { 285 delegpt_free_mlc(dp); 286 return 0; 287 } 288 /* the flag is turned off for 'stub-first' so that the 289 * last resort will ask for parent-side NS record and thus 290 * fallback to the internet name servers on a failure */ 291 dp->has_parent_side_NS = (uint8_t)!s->isfirst; 292 /* Do not cache if set. */ 293 dp->no_cache = s->no_cache; 294 /* ssl_upstream */ 295 dp->ssl_upstream = (uint8_t)s->ssl_upstream; 296 /* tcp_upstream */ 297 dp->tcp_upstream = (uint8_t)s->tcp_upstream; 298 delegpt_log(VERB_QUERY, dp); 299 if(!hints_insert(hints, LDNS_RR_CLASS_IN, dp, !s->isprime)) 300 return 0; 301 } 302 return 1; 303 } 304 305 /** read root hints from file */ 306 static int 307 read_root_hints(struct iter_hints* hints, char* fname) 308 { 309 struct sldns_file_parse_state pstate; 310 struct delegpt* dp; 311 uint8_t rr[LDNS_RR_BUF_SIZE]; 312 size_t rr_len, dname_len; 313 int status; 314 uint16_t c = LDNS_RR_CLASS_IN; 315 FILE* f = fopen(fname, "r"); 316 if(!f) { 317 log_err("could not read root hints %s: %s", 318 fname, strerror(errno)); 319 return 0; 320 } 321 dp = delegpt_create_mlc(NULL); 322 if(!dp) { 323 log_err("out of memory reading root hints"); 324 fclose(f); 325 return 0; 326 } 327 verbose(VERB_QUERY, "Reading root hints from %s", fname); 328 memset(&pstate, 0, sizeof(pstate)); 329 pstate.lineno = 1; 330 dp->has_parent_side_NS = 1; 331 while(!feof(f)) { 332 rr_len = sizeof(rr); 333 dname_len = 0; 334 status = sldns_fp2wire_rr_buf(f, rr, &rr_len, &dname_len, 335 &pstate); 336 if(status != 0) { 337 log_err("reading root hints %s %d:%d: %s", fname, 338 pstate.lineno, LDNS_WIREPARSE_OFFSET(status), 339 sldns_get_errorstr_parse(status)); 340 goto stop_read; 341 } 342 if(rr_len == 0) 343 continue; /* EMPTY line, TTL or ORIGIN */ 344 if(sldns_wirerr_get_type(rr, rr_len, dname_len) 345 == LDNS_RR_TYPE_NS) { 346 if(!delegpt_add_ns_mlc(dp, sldns_wirerr_get_rdata(rr, 347 rr_len, dname_len), 0, NULL, UNBOUND_DNS_PORT)) { 348 log_err("out of memory reading root hints"); 349 goto stop_read; 350 } 351 c = sldns_wirerr_get_class(rr, rr_len, dname_len); 352 if(!dp->name) { 353 if(!delegpt_set_name_mlc(dp, rr)) { 354 log_err("out of memory."); 355 goto stop_read; 356 } 357 } 358 } else if(sldns_wirerr_get_type(rr, rr_len, dname_len) 359 == LDNS_RR_TYPE_A && sldns_wirerr_get_rdatalen(rr, 360 rr_len, dname_len) == INET_SIZE) { 361 struct sockaddr_in sa; 362 socklen_t len = (socklen_t)sizeof(sa); 363 memset(&sa, 0, len); 364 sa.sin_family = AF_INET; 365 sa.sin_port = (in_port_t)htons(UNBOUND_DNS_PORT); 366 memmove(&sa.sin_addr, 367 sldns_wirerr_get_rdata(rr, rr_len, dname_len), 368 INET_SIZE); 369 if(!delegpt_add_target_mlc(dp, rr, dname_len, 370 (struct sockaddr_storage*)&sa, len, 371 0, 0)) { 372 log_err("out of memory reading root hints"); 373 goto stop_read; 374 } 375 } else if(sldns_wirerr_get_type(rr, rr_len, dname_len) 376 == LDNS_RR_TYPE_AAAA && sldns_wirerr_get_rdatalen(rr, 377 rr_len, dname_len) == INET6_SIZE) { 378 struct sockaddr_in6 sa; 379 socklen_t len = (socklen_t)sizeof(sa); 380 memset(&sa, 0, len); 381 sa.sin6_family = AF_INET6; 382 sa.sin6_port = (in_port_t)htons(UNBOUND_DNS_PORT); 383 memmove(&sa.sin6_addr, 384 sldns_wirerr_get_rdata(rr, rr_len, dname_len), 385 INET6_SIZE); 386 if(!delegpt_add_target_mlc(dp, rr, dname_len, 387 (struct sockaddr_storage*)&sa, len, 388 0, 0)) { 389 log_err("out of memory reading root hints"); 390 goto stop_read; 391 } 392 } else { 393 char buf[17]; 394 sldns_wire2str_type_buf(sldns_wirerr_get_type(rr, 395 rr_len, dname_len), buf, sizeof(buf)); 396 log_warn("root hints %s:%d skipping type %s", 397 fname, pstate.lineno, buf); 398 } 399 } 400 fclose(f); 401 if(!dp->name) { 402 log_warn("root hints %s: no NS content", fname); 403 delegpt_free_mlc(dp); 404 return 1; 405 } 406 delegpt_log(VERB_QUERY, dp); 407 if(!hints_insert(hints, c, dp, 0)) { 408 return 0; 409 } 410 return 1; 411 412 stop_read: 413 delegpt_free_mlc(dp); 414 fclose(f); 415 return 0; 416 } 417 418 /** read root hints list */ 419 static int 420 read_root_hints_list(struct iter_hints* hints, struct config_file* cfg) 421 { 422 struct config_strlist* p; 423 for(p = cfg->root_hints; p; p = p->next) { 424 log_assert(p->str); 425 if(p->str && p->str[0]) { 426 char* f = p->str; 427 if(cfg->chrootdir && cfg->chrootdir[0] && 428 strncmp(p->str, cfg->chrootdir, 429 strlen(cfg->chrootdir)) == 0) 430 f += strlen(cfg->chrootdir); 431 if(!read_root_hints(hints, f)) 432 return 0; 433 } 434 } 435 return 1; 436 } 437 438 int 439 hints_apply_cfg(struct iter_hints* hints, struct config_file* cfg) 440 { 441 hints_del_tree(hints); 442 name_tree_init(&hints->tree); 443 444 /* read root hints */ 445 if(!read_root_hints_list(hints, cfg)) 446 return 0; 447 448 /* read stub hints */ 449 if(!read_stubs(hints, cfg)) 450 return 0; 451 452 /* use fallback compiletime root hints */ 453 if(!hints_lookup_root(hints, LDNS_RR_CLASS_IN)) { 454 struct delegpt* dp = compile_time_root_prime(cfg->do_ip4, 455 cfg->do_ip6); 456 verbose(VERB_ALGO, "no config, using builtin root hints."); 457 if(!dp) 458 return 0; 459 if(!hints_insert(hints, LDNS_RR_CLASS_IN, dp, 0)) 460 return 0; 461 } 462 463 name_tree_init_parents(&hints->tree); 464 return 1; 465 } 466 467 struct delegpt* 468 hints_lookup_root(struct iter_hints* hints, uint16_t qclass) 469 { 470 uint8_t rootlab = 0; 471 struct iter_hints_stub *stub; 472 stub = (struct iter_hints_stub*)name_tree_find(&hints->tree, 473 &rootlab, 1, 1, qclass); 474 if(!stub) 475 return NULL; 476 return stub->dp; 477 } 478 479 struct iter_hints_stub* 480 hints_lookup_stub(struct iter_hints* hints, uint8_t* qname, 481 uint16_t qclass, struct delegpt* cache_dp) 482 { 483 size_t len; 484 int labs; 485 struct iter_hints_stub *r; 486 487 /* first lookup the stub */ 488 labs = dname_count_size_labels(qname, &len); 489 r = (struct iter_hints_stub*)name_tree_lookup(&hints->tree, qname, 490 len, labs, qclass); 491 if(!r) return NULL; 492 493 /* If there is no cache (root prime situation) */ 494 if(cache_dp == NULL) { 495 if(r->dp->namelabs != 1) 496 return r; /* no cache dp, use any non-root stub */ 497 return NULL; 498 } 499 500 /* 501 * If the stub is same as the delegation we got 502 * And has noprime set, we need to 'prime' to use this stub instead. 503 */ 504 if(r->noprime && query_dname_compare(cache_dp->name, r->dp->name)==0) 505 return r; /* use this stub instead of cached dp */ 506 507 /* 508 * If our cached delegation point is above the hint, we need to prime. 509 */ 510 if(dname_strict_subdomain(r->dp->name, r->dp->namelabs, 511 cache_dp->name, cache_dp->namelabs)) 512 return r; /* need to prime this stub */ 513 return NULL; 514 } 515 516 int hints_next_root(struct iter_hints* hints, uint16_t* qclass) 517 { 518 return name_tree_next_root(&hints->tree, qclass); 519 } 520 521 size_t 522 hints_get_mem(struct iter_hints* hints) 523 { 524 size_t s; 525 struct iter_hints_stub* p; 526 if(!hints) return 0; 527 s = sizeof(*hints); 528 RBTREE_FOR(p, struct iter_hints_stub*, &hints->tree) { 529 s += sizeof(*p) + delegpt_get_mem(p->dp); 530 } 531 return s; 532 } 533 534 int 535 hints_add_stub(struct iter_hints* hints, uint16_t c, struct delegpt* dp, 536 int noprime) 537 { 538 struct iter_hints_stub *z; 539 if((z=(struct iter_hints_stub*)name_tree_find(&hints->tree, 540 dp->name, dp->namelen, dp->namelabs, c)) != NULL) { 541 (void)rbtree_delete(&hints->tree, &z->node); 542 hints_stub_free(z); 543 } 544 if(!hints_insert(hints, c, dp, noprime)) 545 return 0; 546 name_tree_init_parents(&hints->tree); 547 return 1; 548 } 549 550 void 551 hints_delete_stub(struct iter_hints* hints, uint16_t c, uint8_t* nm) 552 { 553 struct iter_hints_stub *z; 554 size_t len; 555 int labs = dname_count_size_labels(nm, &len); 556 if(!(z=(struct iter_hints_stub*)name_tree_find(&hints->tree, 557 nm, len, labs, c))) 558 return; /* nothing to do */ 559 (void)rbtree_delete(&hints->tree, &z->node); 560 hints_stub_free(z); 561 name_tree_init_parents(&hints->tree); 562 } 563 564