Saving progress
diff --git a/src/dns-protocol.h b/src/dns-protocol.h
index 023be5f..07cc768 100644
--- a/src/dns-protocol.h
+++ b/src/dns-protocol.h
@@ -82,6 +82,8 @@
#define HB4_RCODE 0x0f
#define OPCODE(x) (((x)->hb3 & HB3_OPCODE) >> 3)
+#define SET_OPCODE(x, code) (x)->hb3 = ((x)->hb3 & ~HB3_OPCODE) | code
+
#define RCODE(x) ((x)->hb4 & HB4_RCODE)
#define SET_RCODE(x, code) (x)->hb4 = ((x)->hb4 & ~HB4_RCODE) | code
diff --git a/src/dnsmasq.h b/src/dnsmasq.h
index 7991dd0..bde72e2 100644
--- a/src/dnsmasq.h
+++ b/src/dnsmasq.h
@@ -511,9 +511,8 @@
#define FREC_NOREBIND 1
#define FREC_CHECKING_DISABLED 2
#define FREC_HAS_SUBNET 4
-#define FREC_DNSSEC_QUERY 8
-#define FREC_DNSKEY_QUERY 16
-#define FREC_DS_QUERY 32
+#define FREC_DNSKEY_QUERY 8
+#define FREC_DS_QUERY 16
struct frec {
union mysockaddr source;
diff --git a/src/forward.c b/src/forward.c
index ca4c118..97f8800 100644
--- a/src/forward.c
+++ b/src/forward.c
@@ -677,7 +677,16 @@
#ifdef HAVE_DNSSEC
if (option_bool(OPT_DNSSEC_VALID) && !(forward->flags & FREC_CHECKING_DISABLED))
{
- int status = dnssec_validate(forward->flags, header, n);
+ int status;
+ char rrbitmap[256/8];
+ int class;
+
+ if (forward->flags && FREC_DNSSKEY_QUERY)
+ status = dnssec_validate_by_ds(header, n, daemon->namebuff, &class);
+ else if (forward->flags && FREC_DS_QUERY)
+ status = dnssec_validate_dnskey(header, n, daemon->namebuff, &class);
+ else
+ status = dnssec_validate_reply(&rrbitmap, header, n, daemon->namebuff, &class);
/* Can't validate, as we're missing key data. Put this
answer aside, whilst we get that. */
@@ -687,26 +696,29 @@
if ((forward->stash = blockdata_alloc((char *)header, n)))
{
forward->stash_len = n;
-
- /* Now formulate a query for the missing data. */
- nn = dnssec_generate_query(header, status);
- new = get_new_frec(now, NULL, 1);
-
- if (new)
+
+ if ((new = get_new_frec(now, NULL, 1)))
{
int fd;
-
+
new = forward; /* copy everything, then overwrite */
new->dependent = forward; /* to find query awaiting new one. */
forward->blocking_query = new; /* for garbage cleaning */
- new->flags |= FREC_DNSSEC_QUERY;
+ /* validate routines leave name of required record in daemon->namebuff */
if (status == STAT_NEED_KEY)
- new->flags |= FREC_DNSKEY_QUERY; /* So we verify differently */
+ {
+ new->flags |= FREC_DNSKEY_QUERY;
+ nn = dnssec_generate_query(header, daemon->namebuff, class, T_DNSKEY);
+ }
else if (status == STAT_NEED_DS)
- new->flags |= FREC_DS_QUERY;
+ {
+ new->flags |= FREC_DS_QUERY;
+ nn = dnssec_generate_query(header, daemon->namebuff, class, T_DS);
+ }
new->crc = questions_crc(header, nn, daemon->namebuff);
new->new_id = get_id(new->crc);
-
+ header->id = htons(new->id);
+
/* Don't resend this. */
daemon->srv_save = NULL;
@@ -714,19 +726,19 @@
fd = server->sfd->fd;
else
#ifdef HAVE_IPV6
- /* Note that we use the same random port for the DNSSEC stuff */
- if (server->addr.sa.sa_family == AF_INET6)
- {
- fd = new->rfd6->fd;
- new->rfd6->refcount++;
- }
- else
+ /* Note that we use the same random port for the DNSSEC stuff */
+ if (server->addr.sa.sa_family == AF_INET6)
+ {
+ fd = new->rfd6->fd;
+ new->rfd6->refcount++;
+ }
+ else
#endif
- {
- fd = new->rfd4->fd;
- new->rfd4->refcount++;
- }
-
+ {
+ fd = new->rfd4->fd;
+ new->rfd4->refcount++;
+ }
+
/* Send DNSSEC query to same server as original query */
while (sendto(fd, (char *)header, nn, 0, &server->addr.sa, sa_len(&server->addr)) == -1 && retry_send());
}