webadmin/bpfire
1
0
Fork 0
mirror of https://github.com/vincentmli/bpfire.git synced 2026-05-11 01:38:25 +02:00
Code Issues Packages Projects Releases Wiki Activity

DNS: Fall back to permissive mode if recursor mode is unavailable

Browse Source 
The tests when assigning DNS name servers has been extended so that
if no working forwarder can be found, we will test if the local recursor
mode is an option.

If not, we will configure unbound's validator module into permissive
mode so that at least some DNS functionality is available.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
This commit is contained in:
Michael Tremer
2017-02-27 21:38:03 +00:00
parent 63de1e482a
commit e432689aa9
4 changed files with 107 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

43
src/patches/unbound-allow-setting-validator-permissive-mode-at-runtime.patch Normal file
View File

@@ -0,0 +1,43 @@
diff --git a/validator/validator.c b/validator/validator.c
index 676dcdf..7c19f3d 100644
--- a/validator/validator.c
+++ b/validator/validator.c
@@ -113,7 +113,7 @@ val_apply_cfg(struct module_env* env, struct val_env* val_env,
int c;
val_env->bogus_ttl = (uint32_t)cfg->bogus_ttl;
val_env->clean_additional = cfg->val_clean_additional;
- val_env->permissive_mode = cfg->val_permissive_mode;
+ val_env->permissive_mode = &cfg->val_permissive_mode;
if(!env->anchors)
env->anchors = anchors_create();
if(!env->anchors) {
@@ -170,7 +170,6 @@ val_init(struct module_env* env, int id)
}
env->modinfo[id] = (void*)val_env;
env->need_to_validate = 1;
- val_env->permissive_mode = 0;
lock_basic_init(&val_env->bogus_lock);
lock_protect(&val_env->bogus_lock, &val_env->num_rrset_bogus,
sizeof(val_env->num_rrset_bogus));
@@ -2084,7 +2083,7 @@ processFinished(struct module_qstate* qstate, struct val_qstate* vq,
}
}
/* If we are in permissive mode, bogus gets indeterminate */
- if(ve->permissive_mode)
+ if(*ve->permissive_mode)
vq->orig_msg->rep->security = sec_status_indeterminate;
}
diff --git a/validator/validator.h b/validator/validator.h
index 23d3072..f8464b8 100644
--- a/validator/validator.h
+++ b/validator/validator.h
@@ -104,7 +104,7 @@ struct val_env {
* This allows an operator to run validation 'shadow' without
* hurting responses to clients.
*/
- int permissive_mode;
+ int* permissive_mode;
/**
* Number of entries in the NSEC3 maximum iteration count table.