rc1 is out, running fine here with minimal-responses: yes for some time
tests/OKs?
diff --git configlexer.lex configlexer.lex
index 42dbd152f16..547e7db3e02 100644
--- configlexer.lex
+++ configlexer.lex
@@ -271,6 +271,7 @@ zonefiles-check{COLON} { LEXOUT(("v(%s) ", yytext));
return VAR_ZONEFILES_CHECK;
zonefiles-write{COLON} { LEXOUT(("v(%s) ", yytext)); return
VAR_ZONEFILES_WRITE;}
log-time-ascii{COLON} { LEXOUT(("v(%s) ", yytext)); return
VAR_LOG_TIME_ASCII;}
round-robin{COLON} { LEXOUT(("v(%s) ", yytext)); return VAR_ROUND_ROBIN;}
+minimal-responses{COLON} { LEXOUT(("v(%s) ", yytext)); return
VAR_MINIMAL_RESPONSES;}
max-refresh-time{COLON} { LEXOUT(("v(%s) ", yytext)); return
VAR_MAX_REFRESH_TIME;}
min-refresh-time{COLON} { LEXOUT(("v(%s) ", yytext)); return
VAR_MIN_REFRESH_TIME;}
max-retry-time{COLON} { LEXOUT(("v(%s) ", yytext)); return
VAR_MAX_RETRY_TIME;}
diff --git configparser.y configparser.y
index bf20db12c72..36c87c44d19 100644
--- configparser.y
+++ configparser.y
@@ -71,7 +71,7 @@ extern config_parser_state_type* cfg_parser;
%token VAR_ROUND_ROBIN VAR_ZONESTATS VAR_REUSEPORT VAR_VERSION
%token VAR_MAX_REFRESH_TIME VAR_MIN_REFRESH_TIME
%token VAR_MAX_RETRY_TIME VAR_MIN_RETRY_TIME
-%token VAR_MULTI_MASTER_CHECK
+%token VAR_MULTI_MASTER_CHECK VAR_MINIMAL_RESPONSES
%%
toplevelvars: /* empty */ | toplevelvars toplevelvar ;
@@ -102,7 +102,8 @@ content_server: server_ip_address | server_ip_transparent |
server_debug_mode |
server_rrl_ipv4_prefix_length | server_rrl_ipv6_prefix_length |
server_rrl_whitelist_ratelimit |
server_zonefiles_check | server_do_ip4 | server_do_ip6 |
server_zonefiles_write | server_log_time_ascii | server_round_robin |
- server_reuseport | server_version | server_ip_freebind;
+ server_reuseport | server_version | server_ip_freebind |
+ server_minimal_responses;
server_ip_address: VAR_IP_ADDRESS STRING
{
OUTYY(("P(server_ip_address:%s)\n", $2));
@@ -292,6 +293,17 @@ server_round_robin: VAR_ROUND_ROBIN STRING
}
}
;
+server_minimal_responses: VAR_MINIMAL_RESPONSES STRING
+ {
+ OUTYY(("P(server_minimal_responses:%s)\n", $2));
+ if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
+ yyerror("expected yes or no.");
+ else {
+ cfg_parser->opt->minimal_responses = (strcmp($2,
"yes")==0);
+ minimal_responses = cfg_parser->opt->minimal_responses;
+ }
+ }
+ ;
server_server_count: VAR_SERVER_COUNT STRING
{
OUTYY(("P(server_server_count:%s)\n", $2));
diff --git configure configure
index b77177afc5b..f7a3001de55 100644
--- configure
+++ configure
@@ -1,6 +1,6 @@
#! /bin/sh
# Guess values for system-dependent variables and create Makefiles.
-# Generated by GNU Autoconf 2.69 for NSD 4.1.15.
+# Generated by GNU Autoconf 2.69 for NSD 4.1.16.
#
# Report bugs to <[email protected]>.
#
@@ -580,8 +580,8 @@ MAKEFLAGS=
# Identity of this package.
PACKAGE_NAME='NSD'
PACKAGE_TARNAME='nsd'
-PACKAGE_VERSION='4.1.15'
-PACKAGE_STRING='NSD 4.1.15'
+PACKAGE_VERSION='4.1.16'
+PACKAGE_STRING='NSD 4.1.16'
PACKAGE_BUGREPORT='[email protected]'
PACKAGE_URL=''
@@ -1284,7 +1284,7 @@ if test "$ac_init_help" = "long"; then
# Omit some internal or obsolete options to make the list less imposing.
# This message is too long to be a string in the A/UX 3.1 sh.
cat <<_ACEOF
-\`configure' configures NSD 4.1.15 to adapt to many kinds of systems.
+\`configure' configures NSD 4.1.16 to adapt to many kinds of systems.
Usage: $0 [OPTION]... [VAR=VALUE]...
@@ -1345,7 +1345,7 @@ fi
if test -n "$ac_init_help"; then
case $ac_init_help in
- short | recursive ) echo "Configuration of NSD 4.1.15:";;
+ short | recursive ) echo "Configuration of NSD 4.1.16:";;
esac
cat <<\_ACEOF
@@ -1491,7 +1491,7 @@ fi
test -n "$ac_init_help" && exit $ac_status
if $ac_init_version; then
cat <<\_ACEOF
-NSD configure 4.1.15
+NSD configure 4.1.16
generated by GNU Autoconf 2.69
Copyright (C) 2012 Free Software Foundation, Inc.
@@ -2200,7 +2200,7 @@ cat >config.log <<_ACEOF
This file contains any messages produced by compilers while
running configure, to aid debugging if configure makes a mistake.
-It was created by NSD $as_me 4.1.15, which was
+It was created by NSD $as_me 4.1.16, which was
generated by GNU Autoconf 2.69. Invocation command line was
$ $0 $@
@@ -9717,7 +9717,7 @@ cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
# report actual input values of CONFIG_FILES etc. instead of their
# values after options handling.
ac_log="
-This file was extended by NSD $as_me 4.1.15, which was
+This file was extended by NSD $as_me 4.1.16, which was
generated by GNU Autoconf 2.69. Invocation command line was
CONFIG_FILES = $CONFIG_FILES
@@ -9779,7 +9779,7 @@ _ACEOF
cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //;
s/[\\""\`\$]/\\\\&/g'`"
ac_cs_version="\\
-NSD config.status 4.1.15
+NSD config.status 4.1.16
configured by $0, generated by GNU Autoconf 2.69,
with options \\"\$ac_cs_config\\"
diff --git configure.ac configure.ac
index b984cac435a..e9cba15c44a 100644
--- configure.ac
+++ configure.ac
@@ -4,7 +4,7 @@ dnl
sinclude(acx_nlnetlabs.m4)
-AC_INIT(NSD,4.1.15,[email protected])
+AC_INIT(NSD,4.1.16,[email protected])
AC_CONFIG_HEADER([config.h])
CFLAGS="$CFLAGS"
diff --git difffile.c difffile.c
index 720e3a5cc6e..dfef60dccc7 100644
--- difffile.c
+++ difffile.c
@@ -752,7 +752,9 @@ add_RR(namedb_type* db, const dname_type* dname,
rr_type *rrs_old;
ssize_t rdata_num;
int rrnum;
+#ifdef NSEC3
int rrset_added = 0;
+#endif
domain = domain_table_find(db->domains, dname);
if(!domain) {
/* create the domain */
@@ -770,7 +772,9 @@ add_RR(namedb_type* db, const dname_type* dname,
rrset->rrs = 0;
rrset->rr_count = 0;
domain_add_rrset(domain, rrset);
+#ifdef NSEC3
rrset_added = 1;
+#endif
}
/* dnames in rdata are normalized, conform RFC 4035,
diff --git nsd-checkconf.c nsd-checkconf.c
index 0f8b2c8e1cd..6f3354fa95b 100644
--- nsd-checkconf.c
+++ nsd-checkconf.c
@@ -368,6 +368,7 @@ config_print_zone(nsd_options_type* opt, const char* k, int
s, const char *o,
SERV_GET_BIN(zonefiles_check, o);
SERV_GET_BIN(log_time_ascii, o);
SERV_GET_BIN(round_robin, o);
+ SERV_GET_BIN(minimal_responses, o);
/* str */
SERV_GET_PATH(final, database, o);
SERV_GET_STR(identity, o);
@@ -506,6 +507,7 @@ config_test_print_server(nsd_options_type* opt)
printf("\txfrd-reload-timeout: %d\n", opt->xfrd_reload_timeout);
printf("\tlog-time-ascii: %s\n", opt->log_time_ascii?"yes":"no");
printf("\tround-robin: %s\n", opt->round_robin?"yes":"no");
+ printf("\tminimal-responses: %s\n", opt->minimal_responses?"yes":"no");
printf("\tverbosity: %d\n", opt->verbosity);
for(ip = opt->ip_addresses; ip; ip=ip->next)
{
diff --git nsd.conf.5.in nsd.conf.5.in
index 6b2588f19cc..ec2cdd6d894 100644
--- nsd.conf.5.in
+++ nsd.conf.5.in
@@ -369,6 +369,14 @@ Enable round robin rotation of records in the answer.
This changes the
order of records in the answer and this may balance load across them.
The default is no.
.TP
+.B minimal\-responses:\fR <yes or no>
+Enable minimal responses for smaller answers. This makes packets smaller.
+Extra data is only added for referrals, when it is really necessary.
+This is different from the \-\-enable-minimal-responses configure time option,
+that reduces packets, but exactly to the fragmentation length, the nsd.conf
+option reduces packets as small as possible.
+The default is no.
+.TP
.B zonefiles\-check:\fR <yes or no>
Make NSD check the mtime of zone files on start and sighup. If you
disable it it starts faster (less disk activity in case of a lot of zones).
diff --git nsd.conf.sample.in nsd.conf.sample.in
index 2f2214c9570..1b6ceef4361 100644
--- nsd.conf.sample.in
+++ nsd.conf.sample.in
@@ -132,6 +132,9 @@ server:
# round robin rotation of records in the answer.
# round-robin: no
+ # minimal-responses only emits extra data for referrals.
+ # minimal-responses: no
+
# check mtime of all zone files on start and sighup
# zonefiles-check: yes
diff --git options.c options.c
index 883f154ed24..026f8b91fac 100644
--- options.c
+++ options.c
@@ -63,6 +63,7 @@ nsd_options_create(region_type* region)
opt->logfile = 0;
opt->log_time_ascii = 1;
opt->round_robin = 0; /* also packet.h::round_robin */
+ opt->minimal_responses = 0; /* also packet.h::minimal_responses */
opt->server_count = 1;
opt->tcp_count = 100;
opt->tcp_query_count = 0;
diff --git options.h options.h
index 9e1d1efc3e1..dedb9bfb662 100644
--- options.h
+++ options.h
@@ -93,6 +93,7 @@ struct nsd_options {
int zonefiles_write;
int log_time_ascii;
int round_robin;
+ int minimal_responses;
int reuseport;
/** remote control section. enable toggle. */
diff --git packet.c packet.c
index b0699d67747..0643202ae94 100644
--- packet.c
+++ packet.c
@@ -16,6 +16,7 @@
#include "rdata.h"
int round_robin = 0;
+int minimal_responses = 0;
static void
encode_dname(query_type *q, domain_type *domain)
diff --git packet.h packet.h
index a09f38b90dd..8540dcfdf6a 100644
--- packet.h
+++ packet.h
@@ -145,6 +145,8 @@ struct query;
/* use round robin rotation */
extern int round_robin;
+/* use minimal responses (more minimal, with additional only for referrals) */
+extern int minimal_responses;
/*
* Encode RR with OWNER as owner name into QUERY. Returns the number
diff --git query.c query.c
index a9317d2c794..d6e45a2e9d3 100644
--- query.c
+++ query.c
@@ -711,6 +711,9 @@ add_rrset(struct query *query,
assert(rrset_rrclass(rrset) == CLASS_IN);
result = answer_add_rrset(answer, section, owner, rrset);
+ if(minimal_responses && section != AUTHORITY_SECTION &&
+ query->qtype != TYPE_NS)
+ return result;
switch (rrset_rrtype(rrset)) {
case TYPE_NS:
#if defined(INET6)
@@ -1007,7 +1010,8 @@ answer_domain(struct nsd* nsd, struct query *q,
answer_type *answer,
return;
}
- if (q->qclass != CLASS_ANY && q->zone->ns_rrset && answer_needs_ns(q)) {
+ if (q->qclass != CLASS_ANY && q->zone->ns_rrset && answer_needs_ns(q)
+ && !minimal_responses) {
add_rrset(q, answer, OPTIONAL_AUTHORITY_SECTION, q->zone->apex,
q->zone->ns_rrset);
}
diff --git rdata.c rdata.c
index 0be90849511..3368e69fa7c 100644
--- rdata.c
+++ rdata.c
@@ -58,6 +58,8 @@ lookup_table_type dns_algorithms[] = {
{ 12, "ECC-GOST" }, /* RFC 5933 */
{ 13, "ECDSAP256SHA256" }, /* RFC 6605 */
{ 14, "ECDSAP384SHA384" }, /* RFC 6605 */
+ { 15, "ED25519" }, /* RFC 8080 */
+ { 16, "ED448" }, /* RFC 8080 */
{ 252, "INDIRECT" },
{ 253, "PRIVATEDNS" },
{ 254, "PRIVATEOID" },
diff --git server.c server.c
index 9018031cd74..c0835ce8c11 100644
--- server.c
+++ server.c
@@ -37,7 +37,9 @@
#ifdef HAVE_MMAP
#include <sys/mman.h>
#endif /* HAVE_MMAP */
+#ifdef HAVE_OPENSSL_RAND_H
#include <openssl/rand.h>
+#endif
#ifndef USE_MINI_EVENT
# ifdef HAVE_EVENT_H
# include <event.h>
diff --git udb.c udb.c
index 6ec17aec0b6..3e91c7c8b4c 100644
--- udb.c
+++ udb.c
@@ -427,8 +427,7 @@ grow_ram_hash(udb_base* udb, udb_ptr** newhash)
void udb_base_link_ptr(udb_base* udb, udb_ptr* ptr)
{
- uint32_t i = chunk_hash_ptr(ptr->data) & udb->ram_mask;
- assert((size_t)i < udb->ram_size);
+ uint32_t i;
#ifdef UDB_CHECK
assert(udb_valid_dataptr(udb, ptr->data)); /* must be to whole chunk*/
#endif
@@ -441,6 +440,9 @@ void udb_base_link_ptr(udb_base* udb, udb_ptr* ptr)
grow_ram_hash(udb, newram);
}
}
+ i = chunk_hash_ptr(ptr->data) & udb->ram_mask;
+ assert((size_t)i < udb->ram_size);
+
ptr->prev = NULL;
ptr->next = udb->ram_hash[i];
udb->ram_hash[i] = ptr;
diff --git xfrd.c xfrd.c
index 810ee3e2954..1c03750dacf 100644
--- xfrd.c
+++ xfrd.c
@@ -1892,13 +1892,13 @@ xfrd_parse_received_xfr_packet(xfrd_zone_type* zone,
buffer_type* packet,
zone->soa_disk_acquired = xfrd_time();
if(zone->soa_nsd.serial == soa->serial)
zone->soa_nsd_acquired = xfrd_time();
+ xfrd_set_zone_state(zone, xfrd_zone_ok);
+ DEBUG(DEBUG_XFRD,1, (LOG_INFO, "xfrd: zone %s is ok",
+ zone->apex_str));
if(zone->zone_options->pattern->multi_master_check) {
region_destroy(tempregion);
return xfrd_packet_drop;
}
- xfrd_set_zone_state(zone, xfrd_zone_ok);
- DEBUG(DEBUG_XFRD,1, (LOG_INFO, "xfrd: zone %s is ok",
- zone->apex_str));
if(zone->soa_notified_acquired == 0) {
/* not notified or anything, so stop asking
around */
zone->round_num = -1; /* next try start a new
round */
diff --git zonec.c zonec.c
index c186171039c..02e1a056b83 100644
--- zonec.c
+++ zonec.c
@@ -250,7 +250,7 @@ zparser_conv_serial(region_type *region, const char
*serialstr)
serial = strtoserial(serialstr, &t);
if (*t != '\0') {
- zc_error_prev_line("serial is expected");
+ zc_error_prev_line("serial is expected or serial too big");
} else {
serial = htonl(serial);
r = alloc_rdata_init(region, &serial, sizeof(serial));
--
I'm not entirely sure you are real.
