qname minimization: issue a warning only if the server is really broken

2026-04-22 06:37:42 -04:00 · 2018-11-08 11:51:29 +00:00 · 2018-11-08 11:51:29 +00:00 · 9c8fead6d8
commit 9c8fead6d8
parent 13e53ef38a
2 changed files with 27 additions and 9 deletions
--- a/bin/tests/system/qmin/tests.sh
+++ b/bin/tests/system/qmin/tests.sh
@ -234,6 +234,13 @@ if [ $ret != 0 ]; then echo_i "failed"; fi
 status=`expr $status + $ret`
 $RNDCCMD 10.53.0.7 flush

+n=`expr $n + 1`
+echo_i "information that minimization was unsuccessful for .ugly is logged ($n)"
+ret=0
+grep "success resolving 'icky.icky.icky.ptang.zoop.boing.ugly/A' after disabling qname minimization due to 'FORMERR'" ns7/named.run > /dev/null || ret=1
+if [ $ret != 0 ]; then echo_i "failed"; fi
+status=`expr $status + $ret`
+
 n=`expr $n + 1`
 echo_i "query for .slow is properly minimized when qname-minimization is on ($n)"
 ret=0
--- a/lib/dns/resolver.c
+++ b/lib/dns/resolver.c
@ -305,11 +305,12 @@ struct fetchctx {
 	ISC_LIST(dns_validator_t)       validators;
 	dns_db_t *			cache;
 	dns_adb_t *			adb;
-	bool			ns_ttl_ok;
+	bool				ns_ttl_ok;
 	uint32_t			ns_ttl;
 	isc_counter_t *			qc;
-	bool			minimized;
+	bool				minimized;
 	unsigned int			qmin_labels;
+	isc_result_t			qmin_warning;
 	bool				ip6arpaskip;
 	bool				forwarding;
 	dns_name_t			qminname;
@ -1664,8 +1665,6 @@ log_edns(fetchctx_t *fctx) {
 		      DNS_LOGMODULE_RESOLVER, ISC_LOG_INFO,
 		      "success resolving '%s' (in '%s'?) after %s",
 		      fctx->info, domainbuf, fctx->reason);
-
-	fctx->reason = NULL;
 }

 static void
@ -1686,9 +1685,19 @@ fctx_done(fetchctx_t *fctx, isc_result_t result, int line) {
 		 */
 		log_edns(fctx);
 		no_response = true;
-	} else if (result == ISC_R_TIMEDOUT)
+		if (fctx->qmin_warning != ISC_R_SUCCESS) {
+			isc_log_write(dns_lctx, DNS_LOGCATEGORY_LAME_SERVERS,
+				      DNS_LOGMODULE_RESOLVER, ISC_LOG_INFO,
+				      "success resolving '%s' "
+				      "after disabling qname minimization due to '%s'",
+				      fctx->info,
+				      isc_result_totext(fctx->qmin_warning));
+		}
+	} else if (result == ISC_R_TIMEDOUT) {
 		age_untried = true;
+	}

+	fctx->qmin_warning = ISC_R_SUCCESS;
 	fctx->reason = NULL;

 	fctx_stopqueries(fctx, no_response, age_untried);
@ -4101,11 +4110,12 @@ resume_qmin(isc_task_t *task, isc_event_t *event) {
 	    result == DNS_R_REMOTEFORMERR)
 	{
 		if ((fctx->options & DNS_FETCHOPT_QMIN_STRICT) == 0) {
-			isc_log_write(dns_lctx, DNS_LOGCATEGORY_RESOLVER,
-				      DNS_LOGMODULE_RESOLVER, ISC_LOG_INFO,
-				      "disabling qname minimization for '%s' "
-				      "due to nxdomain", fctx->info);
 			fctx->qmin_labels = DNS_MAX_LABELS + 1;
+			/*
+			 * We store the result. If we succeed in the end
+			 * we'll issue a warning that the server is broken.
+			 */
+			fctx->qmin_warning = result;
 		} else {
 			fctx_done(fctx, result, __LINE__);
 			goto cleanup;
@ -4683,6 +4693,7 @@ fctx_create(dns_resolver_t *res, const dns_name_t *name, dns_rdatatype_t type,
 	fctx->ip6arpaskip = false;
 	fctx->forwarding = false;
 	fctx->qmin_labels = 1;
+	fctx->qmin_warning = ISC_R_SUCCESS;
 	fctx->qminfetch = NULL;
 	dns_rdataset_init(&fctx->qminrrset);
 	dns_name_init(&fctx->qmindcname, NULL);