Pi-Hole/dnsmasq
1
0
Fork 0
mirror of https://github.com/pi-hole/dnsmasq.git synced 2025-12-19 10:18:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

Revise negative DNS caching to better comply with RFC2308.

Browse Source
This commit is contained in:
Simon Kelley
2025-04-16 21:29:42 +01:00
parent 942a35f517
commit 0620309b73
1 changed files with 44 additions and 35 deletions
Download Patch File Download Diff File Expand all files Collapse all files

43
src/rfc1035.c
View File

@@ -534,9 +534,6 @@ static int find_soa(struct dns_header *header, size_t qlen, char *name, int *sub
if (substring) if (substring)
*substring = name_len; *substring = name_len;
if (ttlp)
*ttlp = daemon->neg_ttl;
for (i = 0; i < ntohs(header->nscount); i++) for (i = 0; i < ntohs(header->nscount); i++)
{ {
if (!extract_name(header, qlen, &p, daemon->workspacename, EXTR_NAME_EXTRACT, 0)) if (!extract_name(header, qlen, &p, daemon->workspacename, EXTR_NAME_EXTRACT, 0))
@@ -812,21 +809,32 @@ int extract_addresses(struct dns_header *header, size_t qlen, char *name, time_t
} }
} }
if (!found && !option_bool(OPT_NO_NEG)) if (!found)
{
flags |= F_NEG | (secure ? F_DNSSECOK : 0);
if (name_encoding)
flags |= F_REVERSE | name_encoding;
log_query(flags | F_UPSTREAM, name, &addr, NULL, 0);
if (name_encoding && !option_bool(OPT_NO_NEG))
{ {
/* For reverse records, we use the name field to store the SOA name. */ /* For reverse records, we use the name field to store the SOA name. */
int substring, have_soa = find_soa(header, qlen, name, &substring, &ttl, no_cache_dnssec, now); int substring, have_soa = find_soa(header, qlen, name, &substring, &ttl, no_cache_dnssec, now);
flags |= F_NEG | (secure ? F_DNSSECOK : 0); if (have_soa || daemon->neg_ttl)
if (name_encoding && ttl)
{ {
flags |= F_REVERSE | name_encoding; /* If daemon->neg_ttl is set, we can cache even without an SOA. */
if (!have_soa) if (!have_soa)
{
flags |= F_NO_RR; /* Marks no SOA found. */ flags |= F_NO_RR; /* Marks no SOA found. */
cache_insert(name + substring, &addr, C_IN, now, ttl, flags); ttl = daemon->neg_ttl;
} }
log_query(flags | F_UPSTREAM, name, &addr, NULL, 0); cache_insert(name + substring, &addr, C_IN, now, ttl, flags);
}
}
} }
} }
else else
@@ -1114,17 +1122,17 @@ int extract_addresses(struct dns_header *header, size_t qlen, char *name, time_t
{ {
int substring, have_soa = find_soa(header, qlen, name, &substring, &ttl, no_cache_dnssec, now); int substring, have_soa = find_soa(header, qlen, name, &substring, &ttl, no_cache_dnssec, now);
/* If there's no SOA to get the TTL from, but there is a CNAME if (have_soa || daemon->neg_ttl)
pointing at this, inherit its TTL */ {
if (ttl || cpp) if (have_soa)
{ {
if (!ttl)
ttl = cttl;
addr.rrdata.datalen = substring; addr.rrdata.datalen = substring;
addr.rrdata.rrtype = qtype; addr.rrdata.rrtype = qtype;
}
if (!have_soa) else
{
/* If daemon->neg_ttl is set, we can cache even without an SOA. */
ttl = daemon->neg_ttl;
flags |= F_NO_RR; /* Marks no SOA found. */ flags |= F_NO_RR; /* Marks no SOA found. */
} }
@@ -1138,6 +1146,7 @@ int extract_addresses(struct dns_header *header, size_t qlen, char *name, time_t
} }
} }
} }
}
/* Don't cache replies from non-recursive nameservers, since we may get a /* Don't cache replies from non-recursive nameservers, since we may get a
reply containing a CNAME but not its target, even though the target reply containing a CNAME but not its target, even though the target