BIND 10 master, updated. 32f964bd9bf8ab5ee58b409a3006779b9a504b03 [master] ChangeLog for #2796
BIND 10 source code commits
bind10-changes at lists.isc.org
Thu Jun 13 06:28:37 UTC 2013
The branch, master has been updated
via 32f964bd9bf8ab5ee58b409a3006779b9a504b03 (commit)
via ea28774bc7f3586c2ef33028a88f2c51cfa9b691 (commit)
via 3d291f42cdb186682983aa833a1a67cb9e6a8434 (commit)
via 3174827557c878ee62a0624aa3ac93cc3fd37bef (commit)
via d6c6fe485c6ed9a4ed9a2efb4792870a58b33c7a (commit)
via bb08c0bcb4791c3c39f68ae8cefc2e9402ae9b92 (commit)
via d2460249eb2a7340b8adbdf12306744ba255eb6d (commit)
via 89b1ca9494abdcaf3ef2beec3fcb015b3328fea7 (commit)
via d3a4dc9a80f85583f71c789555deba8fae2f0381 (commit)
via 1ad0a17cfbc48bec8620958e3495720355b34f81 (commit)
via 367da9bd6d92f7fcef7505bf8c54b1a702146eef (commit)
via 192787144f8338dfc6443e6907ce2274fda95ca9 (commit)
via fdb231c9e31422dea878922607a0268675f50ec6 (commit)
from 95cb383de7f191fdd4e8796ef52b469be90e5523 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 32f964bd9bf8ab5ee58b409a3006779b9a504b03
Author: Yoshitaka Aharen <aharen at jprs.co.jp>
Date: Thu Jun 13 15:13:04 2013 +0900
[master] ChangeLog for #2796
commit ea28774bc7f3586c2ef33028a88f2c51cfa9b691
Author: Yoshitaka Aharen <aharen at jprs.co.jp>
Date: Thu Jun 13 15:11:08 2013 +0900
[master] ChangeLog style fix
commit 3d291f42cdb186682983aa833a1a67cb9e6a8434
Merge: 95cb383 3174827
Author: Yoshitaka Aharen <aharen at jprs.co.jp>
Date: Thu Jun 13 15:09:49 2013 +0900
Merge branch 'trac2796'
Conflicts:
ChangeLog
-----------------------------------------------------------------------
Summary of changes:
ChangeLog | 10 ++++-
src/bin/auth/auth_srv.cc | 2 +
src/bin/auth/b10-auth.xml.pre | 14 +++++-
src/bin/auth/statistics.cc.pre | 9 +++-
src/bin/auth/statistics.h | 18 ++++++++
src/bin/auth/statistics_msg_items.def | 1 +
src/bin/auth/tests/statistics_unittest.cc.pre | 58 +++++++++++++++++++++++++
tests/lettuce/features/auth_badzone.feature | 2 +-
tests/lettuce/features/example.feature | 2 +-
tests/lettuce/features/nsec3_auth.feature | 28 ++++++------
tests/lettuce/features/queries.feature | 11 ++---
tests/lettuce/features/resolver_basic.feature | 6 +--
tests/lettuce/features/terrain/querying.py | 12 ++++-
13 files changed, 143 insertions(+), 30 deletions(-)
-----------------------------------------------------------------------
diff --git a/ChangeLog b/ChangeLog
index fe779ea..a8f807a 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,9 +1,15 @@
-627 [func] tmark
+628. [func] y-aharen
+ b10-auth: A new statistics item 'qryrecursion' has been introduced.
+ The counter is for the number of queries (OpCode=Query) with Recursion
+ Desired (RD) bit on.
+ (Trac #2796, git 3d291f42cdb186682983aa833a1a67cb9e6a8434)
+
+627. [func] tmark
Logger name for DHCP-DDNS has been changed from "d2_logger" to "dhcpddns".
In addition, its log messages now use two suffixes, DCTL_ for logs the
emanate from the underlying base classes, and DHCP_DDNS_ for logs which
emanate from DHCP-DDNS specific code
- (trac #2978 git 5aec5fb20b0486574226f89bd877267cb9116921)
+ (Trac #2978, git 5aec5fb20b0486574226f89bd877267cb9116921)
626. [func] tmark
Created the initial implementation of DHCP-DDNS service
diff --git a/src/bin/auth/auth_srv.cc b/src/bin/auth/auth_srv.cc
index 90efee7..b96b847 100644
--- a/src/bin/auth/auth_srv.cc
+++ b/src/bin/auth/auth_srv.cc
@@ -521,6 +521,8 @@ AuthSrv::processMessage(const IOMessage& io_message, Message& message,
return;
}
+ stats_attrs.setRequestRD(message.getHeaderFlag(Message::HEADERFLAG_RD));
+
const Opcode& opcode = message.getOpcode();
// Get opcode at this point; for all requests regardless of message body
// sanity check.
diff --git a/src/bin/auth/b10-auth.xml.pre b/src/bin/auth/b10-auth.xml.pre
index db5be3e..2bf20c8 100644
--- a/src/bin/auth/b10-auth.xml.pre
+++ b/src/bin/auth/b10-auth.xml.pre
@@ -20,7 +20,7 @@
<refentry>
<refentryinfo>
- <date>February 5, 2013</date>
+ <date>May 22, 2013</date>
</refentryinfo>
<refmeta>
@@ -248,6 +248,18 @@
but remember that if there's any error related to TSIG, some
of the counted opcode may not be trustworthy.
</para>
+
+ <para>
+ The <quote>qryrecursion</quote> counter is limited to queries
+ (requests of opcode 0) even though the RD bit is not specific
+ to queries. In practice, this bit is generally just ignored for
+ other types of requests, while DNS servers behave differently
+ for queries depending on this bit. It is also known that
+ some authoritative-only servers receive a non negligible
+ number of queries with the RD bit being set, so it would be
+ of particular interest to have a specific counters for such
+ requests.
+ </para>
</note>
</refsect1>
diff --git a/src/bin/auth/statistics.cc.pre b/src/bin/auth/statistics.cc.pre
index 21141b0..14341fe 100644
--- a/src/bin/auth/statistics.cc.pre
+++ b/src/bin/auth/statistics.cc.pre
@@ -138,7 +138,14 @@ Counters::incRequest(const MessageAttributes& msgattrs) {
// if a short message which does not contain DNS header is received, or
// a response message (i.e. QR bit is set) is received.
if (opcode) {
- server_msg_counter_.inc(opcode_to_msgcounter[opcode.get().getCode()]);
+ server_msg_counter_.inc(opcode_to_msgcounter[opcode->getCode()]);
+
+ if (opcode.get() == Opcode::QUERY()) {
+ // Recursion Desired bit
+ if (msgattrs.requestHasRD()) {
+ server_msg_counter_.inc(MSG_QRYRECURSION);
+ }
+ }
}
// TSIG
diff --git a/src/bin/auth/statistics.h b/src/bin/auth/statistics.h
index 52f9bad..2ab987d 100644
--- a/src/bin/auth/statistics.h
+++ b/src/bin/auth/statistics.h
@@ -66,6 +66,8 @@ private:
enum BitAttributes {
REQ_WITH_EDNS_0, // request with EDNS ver.0
REQ_WITH_DNSSEC_OK, // DNSSEC OK (DO) bit is set in request
+ REQ_WITH_RD, // Recursion Desired (RD) bit is set in
+ // request
REQ_TSIG_SIGNED, // request is signed with valid TSIG
REQ_BADSIG, // request is signed but bad signature
RES_IS_TRUNCATED, // response is truncated
@@ -170,6 +172,22 @@ public:
bit_attributes_[REQ_WITH_DNSSEC_OK] = with_dnssec_ok;
}
+ /// \brief Return Recursion Desired (RD) bit of the request.
+ ///
+ /// \return true if Recursion Desired (RD) bit of the request is set
+ /// \throw None
+ bool requestHasRD() const {
+ return (bit_attributes_[REQ_WITH_RD]);
+ }
+
+ /// \brief Set Recursion Desired (RD) bit of the request.
+ ///
+ /// \param with_rd true if Recursion Desired (RD)bit of the request is set
+ /// \throw None
+ void setRequestRD(const bool with_rd) {
+ bit_attributes_[REQ_WITH_RD] = with_rd;
+ }
+
/// \brief Return whether the request is TSIG signed or not.
///
/// \return true if the request is TSIG signed
diff --git a/src/bin/auth/statistics_msg_items.def b/src/bin/auth/statistics_msg_items.def
index d8d3597..05d96c9 100644
--- a/src/bin/auth/statistics_msg_items.def
+++ b/src/bin/auth/statistics_msg_items.def
@@ -31,6 +31,7 @@ qrynoauthans MSG_QRYNOAUTHANS Number of queries received by the b10-auth server
qryreferral MSG_QRYREFERRAL Number of queries received by the b10-auth server resulted in referral answer.
qrynxrrset MSG_QRYNXRRSET Number of queries received by the b10-auth server resulted in NoError and AA bit is set in the response, but the number of answer RR == 0.
authqryrej MSG_QRYREJECT Number of authoritative queries rejected by the b10-auth server.
+qryrecursion MSG_QRYRECURSION Number of queries received by the b10-auth server with "Recursion Desired" (RD) bit was set.
rcode msg_counter_rcode Rcode statistics =
noerror MSG_RCODE_NOERROR Number of requests received by the b10-auth server resulted in RCODE = 0 (NoError).
formerr MSG_RCODE_FORMERR Number of requests received by the b10-auth server resulted in RCODE = 1 (FormErr).
diff --git a/src/bin/auth/tests/statistics_unittest.cc.pre b/src/bin/auth/tests/statistics_unittest.cc.pre
index cf6f29a..654bcd9 100644
--- a/src/bin/auth/tests/statistics_unittest.cc.pre
+++ b/src/bin/auth/tests/statistics_unittest.cc.pre
@@ -361,6 +361,64 @@ TEST_F(CountersTest, incrementTSIG) {
}
}
+TEST_F(CountersTest, incrementRD) {
+ Message response(Message::RENDER);
+ MessageAttributes msgattrs;
+ std::map<std::string, int> expect;
+
+ // Test these patterns:
+ // OpCode Recursion Desired
+ // ---------------------------
+ // 0 (Query) false
+ // 0 (Query) true
+ // 2 (Status) false
+ // 2 (Status) true
+ // Make sure the counter will be incremented only for the requests with
+ // OpCode=Query and Recursion Desired (RD) bit=1.
+ int count_opcode_query = 0;
+ int count_opcode_status = 0;
+ for (int i = 0; i < 4; ++i) {
+ const bool is_recursion_desired = i & 1;
+ const uint8_t opcode_code = i & 0x2;
+ const Opcode opcode(opcode_code);
+ buildSkeletonMessage(msgattrs);
+ msgattrs.setRequestRD(is_recursion_desired);
+ msgattrs.setRequestOpCode(opcode);
+
+ response.setRcode(Rcode::REFUSED());
+ response.addQuestion(Question(Name("example.com"),
+ RRClass::IN(), RRType::AAAA()));
+ response.setHeaderFlag(Message::HEADERFLAG_QR);
+
+ counters.inc(msgattrs, response, true);
+
+ if (opcode == Opcode::QUERY()) {
+ ++count_opcode_query;
+ } else {
+ ++count_opcode_status;
+ }
+
+ expect.clear();
+ expect["opcode.query"] = count_opcode_query;
+ expect["opcode.status"] = count_opcode_status;
+ expect["request.v4"] = i+1;
+ expect["request.udp"] = i+1;
+ expect["request.edns0"] = i+1;
+ expect["request.dnssec_ok"] = i+1;
+ expect["responses"] = i+1;
+ // qryrecursion will (only) be incremented if i == 1: OpCode=Query and
+ // RD bit=1
+ expect["qryrecursion"] = (i == 0) ? 0 : 1;
+ expect["rcode.refused"] = i+1;
+ // these counters are for queries; the value will be equal to the
+ // number of requests with OpCode=Query
+ expect["qrynoauthans"] = count_opcode_query;
+ expect["authqryrej"] = count_opcode_query;
+ checkStatisticsCounters(counters.get()->get("zones")->get("_SERVER_"),
+ expect);
+ }
+}
+
TEST_F(CountersTest, incrementOpcode) {
Message response(Message::RENDER);
MessageAttributes msgattrs;
diff --git a/tests/lettuce/features/auth_badzone.feature b/tests/lettuce/features/auth_badzone.feature
index ca805c8..8b902b3 100644
--- a/tests/lettuce/features/auth_badzone.feature
+++ b/tests/lettuce/features/auth_badzone.feature
@@ -24,7 +24,7 @@ Feature: Authoritative DNS server with a bad zone
And bind10 module Resolver should not be running
A query for www.example.org should have rcode NOERROR
- The last query response should have flags qr aa rd
+ The last query response should have flags qr aa
The last query response should have ancount 1
The last query response should have nscount 2
The last query response should have adcount 2
diff --git a/tests/lettuce/features/example.feature b/tests/lettuce/features/example.feature
index 86d20d3..ee84b46 100644
--- a/tests/lettuce/features/example.feature
+++ b/tests/lettuce/features/example.feature
@@ -120,7 +120,7 @@ Feature: Example feature
The last query response should have adcount 0
# When checking flags, we must pass them exactly as they appear in
# the output of dig.
- The last query response should have flags qr aa rd
+ The last query response should have flags qr aa
A query for www.example.org type TXT should have rcode NOERROR
The last query response should have ancount 0
diff --git a/tests/lettuce/features/nsec3_auth.feature b/tests/lettuce/features/nsec3_auth.feature
index 6d3a556..8ead43f 100644
--- a/tests/lettuce/features/nsec3_auth.feature
+++ b/tests/lettuce/features/nsec3_auth.feature
@@ -25,7 +25,7 @@ Feature: NSEC3 Authoritative service
And bind10 module StatsHttpd should not be running
A dnssec query for a.c.x.w.example. should have rcode NXDOMAIN
- The last query response should have flags qr aa rd
+ The last query response should have flags qr aa
The last query response should have edns_flags do
The last query response should have ancount 0
The last query response should have nscount 8
@@ -57,7 +57,7 @@ Feature: NSEC3 Authoritative service
And bind10 module StatsHttpd should not be running
A dnssec query for ns1.example. type MX should have rcode NOERROR
- The last query response should have flags qr aa rd
+ The last query response should have flags qr aa
The last query response should have edns_flags do
The last query response should have ancount 0
The last query response should have nscount 4
@@ -85,7 +85,7 @@ Feature: NSEC3 Authoritative service
And bind10 module StatsHttpd should not be running
A dnssec query for y.w.example. should have rcode NOERROR
- The last query response should have flags qr aa rd
+ The last query response should have flags qr aa
The last query response should have edns_flags do
The last query response should have ancount 0
The last query response should have nscount 4
@@ -113,7 +113,7 @@ Feature: NSEC3 Authoritative service
And bind10 module StatsHttpd should not be running
A dnssec query for mc.c.example. type MX should have rcode NOERROR
- The last query response should have flags qr rd
+ The last query response should have flags qr
The last query response should have edns_flags do
The last query response should have ancount 0
The last query response should have nscount 6
@@ -148,7 +148,7 @@ Feature: NSEC3 Authoritative service
And bind10 module StatsHttpd should not be running
A dnssec query for a.z.w.example. type MX should have rcode NOERROR
- The last query response should have flags qr aa rd
+ The last query response should have flags qr aa
The last query response should have edns_flags do
The last query response should have ancount 2
The last query response should have nscount 5
@@ -195,7 +195,7 @@ Feature: NSEC3 Authoritative service
And bind10 module StatsHttpd should not be running
A dnssec query for a.z.w.example. type AAAA should have rcode NOERROR
- The last query response should have flags qr aa rd
+ The last query response should have flags qr aa
The last query response should have edns_flags do
The last query response should have ancount 0
The last query response should have nscount 8
@@ -227,7 +227,7 @@ Feature: NSEC3 Authoritative service
And bind10 module StatsHttpd should not be running
A dnssec query for example. type DS should have rcode NOERROR
- The last query response should have flags qr aa rd
+ The last query response should have flags qr aa
The last query response should have edns_flags do
The last query response should have ancount 0
The last query response should have nscount 4
@@ -259,7 +259,7 @@ Feature: NSEC3 Authoritative service
And bind10 module StatsHttpd should not be running
A dnssec query for b.x.w.example. should have rcode NXDOMAIN
- The last query response should have flags qr aa rd
+ The last query response should have flags qr aa
The last query response should have edns_flags do
The last query response should have ancount 0
The last query response should have nscount 6
@@ -289,7 +289,7 @@ Feature: NSEC3 Authoritative service
And bind10 module StatsHttpd should not be running
A dnssec query for a.w.example. should have rcode NOERROR
- The last query response should have flags qr aa rd
+ The last query response should have flags qr aa
The last query response should have edns_flags do
The last query response should have ancount 0
The last query response should have nscount 6
@@ -319,7 +319,7 @@ Feature: NSEC3 Authoritative service
And bind10 module StatsHttpd should not be running
A dnssec query for *.w.example. type MX should have rcode NOERROR
- The last query response should have flags qr aa rd
+ The last query response should have flags qr aa
The last query response should have edns_flags do
The last query response should have ancount 2
The last query response should have nscount 3
@@ -362,7 +362,7 @@ Feature: NSEC3 Authoritative service
And bind10 module StatsHttpd should not be running
A dnssec query for *.w.example. type A should have rcode NOERROR
- The last query response should have flags qr aa rd
+ The last query response should have flags qr aa
The last query response should have edns_flags do
The last query response should have ancount 0
The last query response should have nscount 4
@@ -390,7 +390,7 @@ Feature: NSEC3 Authoritative service
And bind10 module StatsHttpd should not be running
A dnssec query for 0p9mhaveqvm6t7vbl5lop2u3t2rp3tom.example. type NSEC3 should have rcode NXDOMAIN
- The last query response should have flags qr aa rd
+ The last query response should have flags qr aa
The last query response should have edns_flags do
The last query response should have ancount 0
The last query response should have nscount 8
@@ -422,7 +422,7 @@ Feature: NSEC3 Authoritative service
And bind10 module StatsHttpd should not be running
A dnssec query for ai.example. type DS should have rcode NOERROR
- The last query response should have flags qr aa rd
+ The last query response should have flags qr aa
The last query response should have edns_flags do
The last query response should have ancount 0
The last query response should have nscount 4
@@ -450,7 +450,7 @@ Feature: NSEC3 Authoritative service
And bind10 module StatsHttpd should not be running
A dnssec query for c.example. type DS should have rcode NOERROR
- The last query response should have flags qr aa rd
+ The last query response should have flags qr aa
The last query response should have edns_flags do
The last query response should have ancount 0
The last query response should have nscount 6
diff --git a/tests/lettuce/features/queries.feature b/tests/lettuce/features/queries.feature
index b0a6fac..5fd0d58 100644
--- a/tests/lettuce/features/queries.feature
+++ b/tests/lettuce/features/queries.feature
@@ -75,7 +75,7 @@ Feature: Querying feature
The statistics counters are 0 in category .Auth.zones._SERVER_
A query for www.example.org should have rcode NOERROR
- The last query response should have flags qr aa rd
+ The last query response should have flags qr aa
The last query response should have ancount 1
The last query response should have nscount 2
The last query response should have adcount 2
@@ -121,7 +121,7 @@ Feature: Querying feature
# Repeat of the above
A query for www.example.org should have rcode NOERROR
- The last query response should have flags qr aa rd
+ The last query response should have flags qr aa
The last query response should have ancount 1
The last query response should have nscount 2
The last query response should have adcount 2
@@ -165,7 +165,7 @@ Feature: Querying feature
| rcode.noerror | 2 |
# And now query something completely different
- A query for nosuchname.example.org should have rcode NXDOMAIN
+ A recursive query for nosuchname.example.org should have rcode NXDOMAIN
The last query response should have flags qr aa rd
The last query response should have ancount 0
The last query response should have nscount 1
@@ -196,6 +196,7 @@ Feature: Querying feature
| responses | 3 |
| qrysuccess | 2 |
| qryauthans | 3 |
+ | qryrecursion | 1 |
| rcode.noerror | 2 |
| rcode.nxdomain | 1 |
@@ -225,7 +226,7 @@ Feature: Querying feature
The statistics counters are 0 in category .Auth.zones._SERVER_
A query for example.org type ANY should have rcode NOERROR
- The last query response should have flags qr aa rd
+ The last query response should have flags qr aa
The last query response should have ancount 4
The last query response should have nscount 0
The last query response should have adcount 3
@@ -284,7 +285,7 @@ Feature: Querying feature
The statistics counters are 0 in category .Auth.zones._SERVER_
A dnssec query for www.sub.example.org type AAAA should have rcode NOERROR
- The last query response should have flags qr rd
+ The last query response should have flags qr
The last query response should have edns_flags do
The last query response should have ancount 0
The last query response should have nscount 1
diff --git a/tests/lettuce/features/resolver_basic.feature b/tests/lettuce/features/resolver_basic.feature
index 47fc123..341c14c 100644
--- a/tests/lettuce/features/resolver_basic.feature
+++ b/tests/lettuce/features/resolver_basic.feature
@@ -24,13 +24,13 @@ Feature: Basic Resolver
And bind10 module StatsHttpd should not be running
# The ACL is set to reject any queries
- A query for l.root-servers.net. should have rcode REFUSED
+ A recursive query for l.root-servers.net. should have rcode REFUSED
# Test whether acl ACCEPT works
When I set bind10 configuration Resolver/query_acl[0] to {"action": "ACCEPT", "from": "127.0.0.1"}
# This address is currently hardcoded, so shouldn't cause outside traffic
- A query for l.root-servers.net. should have rcode NOERROR
+ A recursive query for l.root-servers.net. should have rcode NOERROR
# Check whether setting the ACL to reject again works
When I set bind10 configuration Resolver/query_acl[0] to {"action": "REJECT", "from": "127.0.0.1"}
- A query for l.root-servers.net. should have rcode REFUSED
+ A recursive query for l.root-servers.net. should have rcode REFUSED
diff --git a/tests/lettuce/features/terrain/querying.py b/tests/lettuce/features/terrain/querying.py
index ae348fd..ec75490 100644
--- a/tests/lettuce/features/terrain/querying.py
+++ b/tests/lettuce/features/terrain/querying.py
@@ -200,14 +200,19 @@ class QueryResult(object):
"""
pass
- at step('A (dnssec )?query for ([\S]+) (?:type ([A-Z0-9]+) )?' +
+ at step('A (dnssec )?(recursive )?query for ([\S]+) (?:type ([A-Z0-9]+) )?' +
'(?:class ([A-Z]+) )?(?:to ([^:]+|\[[0-9a-fA-F:]+\])(?::([0-9]+))? )?' +
'should have rcode ([\w.]+)')
-def query(step, dnssec, query_name, qtype, qclass, addr, port, rcode):
+def query(step, dnssec, recursive, query_name, qtype, qclass, addr, port,
+ rcode):
"""
Run a query, check the rcode of the response, and store the query
result in world.last_query_result.
Parameters:
+ dnssec ('dnssec'): DO bit is set in the query.
+ Defaults to unset (no DNSSEC).
+ recursive ('recursive'): RD bit is set in the query.
+ Defaults to unset (no recursion).
query_name ('query for <name>'): The domain name to query.
qtype ('type <type>', optional): The RR type to query. Defaults to A.
qclass ('class <class>', optional): The RR class to query. Defaults to IN.
@@ -234,6 +239,9 @@ def query(step, dnssec, query_name, qtype, qclass, addr, port, rcode):
# additional counts, so unless we need dnssec, explicitly
# disable edns0
additional_arguments.append("+noedns")
+ # dig sets RD bit by default.
+ if recursive is None:
+ additional_arguments.append("+norecurse")
query_result = QueryResult(query_name, qtype, qclass, addr, port,
additional_arguments)
assert query_result.rcode == rcode,\
More information about the bind10-changes
mailing list