diff options
| author | Jeremy Harris <jgh146exb@wizmail.org> | 2021-05-08 23:07:34 +0100 |
|---|---|---|
| committer | Jeremy Harris <jgh146exb@wizmail.org> | 2021-05-08 23:07:34 +0100 |
| commit | 320fe6140189f08168dce2deca19821b4237e747 (patch) | |
| tree | 1f6a1cd00fa99a1ef4ff021f69ceeb39f0d03334 /src | |
| parent | 143b1159402424b930881bc8d25c640f1d6cd581 (diff) | |
DNS: Better handling of SOA when negative-caching lookups
Diffstat (limited to 'src')
| -rw-r--r-- | src/src/dns.c | 73 | ||||
| -rw-r--r-- | src/src/string.c | 2 |
2 files changed, 32 insertions, 43 deletions
diff --git a/src/src/dns.c b/src/src/dns.c index 217fe5f87..490eb883d 100644 --- a/src/src/dns.c +++ b/src/src/dns.c @@ -730,37 +730,37 @@ dns_expire_from_soa(dns_answer * dnsa, int type) { dns_scan dnss; -if (!fake_dnsa_len_for_fail(dnsa, type)) return 0; +if (fake_dnsa_len_for_fail(dnsa, type)) + for (dns_record * rr = dns_next_rr(dnsa, &dnss, RESET_AUTHORITY); + rr; rr = dns_next_rr(dnsa, &dnss, RESET_NEXT) + ) if (rr->type == T_SOA) + { + const uschar * p = rr->data; + uschar discard_buf[256]; + int len; + unsigned long ttl; + + /* Skip the mname & rname strings */ + + if ((len = dn_expand(dnsa->answer, dnsa->answer + dnsa->answerlen, + p, (DN_EXPAND_ARG4_TYPE)discard_buf, 256)) < 0) + break; + p += len; + if ((len = dn_expand(dnsa->answer, dnsa->answer + dnsa->answerlen, + p, (DN_EXPAND_ARG4_TYPE)discard_buf, 256)) < 0) + break; + p += len; + + /* Skip the SOA serial, refresh, retry & expire. Grab the TTL */ + + if (p > dnsa->answer + dnsa->answerlen - 5 * INT32SZ) + break; + p += 4 * INT32SZ; + GETLONG(ttl, p); + + return time(NULL) + ttl; + } -for (dns_record * rr = dns_next_rr(dnsa, &dnss, RESET_AUTHORITY); - rr; rr = dns_next_rr(dnsa, &dnss, RESET_NEXT) - ) if (rr->type == T_SOA) - { - const uschar * p = rr->data; - uschar discard_buf[256]; - int len; - unsigned long ttl; - - /* Skip the mname & rname strings */ - - if ((len = dn_expand(dnsa->answer, dnsa->answer + dnsa->answerlen, - p, (DN_EXPAND_ARG4_TYPE)discard_buf, 256)) < 0) - break; - p += len; - if ((len = dn_expand(dnsa->answer, dnsa->answer + dnsa->answerlen, - p, (DN_EXPAND_ARG4_TYPE)discard_buf, 256)) < 0) - break; - p += len; - - /* Skip the SOA serial, refresh, retry & expire. Grab the TTL */ - - if (p > dnsa->answer + dnsa->answerlen - 5 * INT32SZ) - break; - p += 4 * INT32SZ; - GETLONG(ttl, p); - - return time(NULL) + ttl; - } DEBUG(D_dns) debug_printf("DNS: no SOA record found for neg-TTL\n"); return 0; } @@ -1205,18 +1205,7 @@ switch (type) If the TLD and the 2LD exist but the explicit CSA record lookup failed, then the AUTHORITY SOA will be the 2LD's or a subdomain thereof. */ - if (rc == DNS_NOMATCH) - { - if (!fake_dnsa_len_for_fail(dnsa, T_CSA)) return DNS_NOMATCH; - - for (rr = dns_next_rr(dnsa, &dnss, RESET_AUTHORITY); - rr; rr = dns_next_rr(dnsa, &dnss, RESET_NEXT) - ) - if (rr->type != T_SOA) continue; - else if (strcmpic(rr->name, US"") == 0 || - strcmpic(rr->name, tld) == 0) return DNS_NOMATCH; - else break; - } + if (rc == DNS_NOMATCH) return DNS_NOMATCH; for (i = 0; i < limit; i++) { diff --git a/src/src/string.c b/src/src/string.c index fbb19537c..cb9132420 100644 --- a/src/src/string.c +++ b/src/src/string.c @@ -960,7 +960,7 @@ else && (g->ptr == 1 || g->s[g->ptr-2] != '\\') ) g->ptr--; buffer = string_from_gstring(g); - gstring_release_unused_trc(g, func, line); + gstring_release_unused_trc(g, CCS func, line); } /* Update the current pointer and return the new string */ |