Delivery of non-cached replies

Wed Oct 21 08:19:14 EDT 2009

Hi,

I currently try to include Deadwood as caching DNS server in the CernVM
appliance.  So Deadwood will in certain setups talk to the DNS servers
of a virtual machine monitor's NAT layer.

I had a particular problem with VMware Fusion and negative replies.
Deadwood is not able to cache such answers with the error "Empty packet"
and then drops the reply.  I uploaded a small tcpdump file where I
queried for an non-existing domain:
https://jblomer.web.cern.ch/jblomer/dns-nxdomain.dump.
The DNS chain is:
172.16.8.129 (virtual machine running Deadwood) --> 172.16.8.2 (VMware
Fusion's NAT DNS) --> 137.138.16.5 (Cern DNS Server).

While I didn't look into the particular problem, as a workaround it
would be helpful to deliver a DNS response, even if it could not be
added to the cache.  Since this way all sorts of crap is possibly
delivered, perhaps this behaviour can be added optionally (see patch below).

Cheers,
Jakob



diff -u ../../deadwood-2.3.04/src/DwMararc.c ./DwMararc.c

--- ../../deadwood-2.3.04/src/DwMararc.c	2009-05-21 23:02:20.000000000 +0200
+++ ./DwMararc.c	2009-10-21 13:41:30.000000000 +0200
@@ -28,7 +28,7 @@
 /* Number of dictionary parameters in the mararc file */
 #define KEY_D_COUNT 1
 /* Number of numeric parameters in the mararc file */
-#define KEY_N_COUNT 15
+#define KEY_N_COUNT 16

 dwm_fs fsm[DWM_MAX_STATES + 1]; /* Finite state machine */
 dw_str *key_s[KEY_S_COUNT + 1]; /* All of the string dwood2rc parameters */
@@ -72,6 +72,7 @@
 	"num_retries", /* Number of times we try to connect to an upstream
                         * server before giving up */
 	"verbose_level", /* How verbose our logging should be */
+	"deliver_all", /* Deliver non-cachable replies */
         0 };

 char *fsm_desc=dwm_machine;
diff -u ../../deadwood-2.3.04/src/DwMararc.h ./DwMararc.h
--- ../../deadwood-2.3.04/src/DwMararc.h	2009-05-21 23:02:20.000000000 +0200
+++ ./DwMararc.h	2009-10-21 13:40:34.000000000 +0200
@@ -45,6 +45,7 @@
 #define DWM_N_resurrections 12
 #define DWM_N_num_retries 13
 #define DWM_N_verbose_level 14
+#define DWM_N_deliver_all 15

 /* Various character classes used by the Mararc parser's finite state
  * machine */
diff -u ../../deadwood-2.3.04/src/DwSocket.c ./DwSocket.c
--- ../../deadwood-2.3.04/src/DwSocket.c	2009-04-21 17:17:28.000000000 +0200
+++ ./DwSocket.c	2009-10-21 14:11:28.000000000 +0200
@@ -58,6 +58,7 @@
 int32_t maradns_uid = 99;
 int32_t maradns_gid = 99;
 int num_retries = 1;
+int deliver_all = 0;

 #ifdef MINGW
 u_long dont_block = 0;
@@ -359,6 +360,7 @@
         maradns_gid = get_key_n(DWM_N_maradns_gid,10,65535,99);
         resurrections = get_key_n(DWM_N_resurrections,0,1,1);
         num_retries = get_key_n(DWM_N_num_retries,0,8,1);
+	deliver_all = get_key_n(DWM_N_deliver_all,0,1,1);	

         if((num_ports & (num_ports - 1)) != 0) {
                 dw_fatal("num_ports must be a power of 2");
diff -u ../../deadwood-2.3.04/src/DwUdpSocket.c ./DwUdpSocket.c
--- ../../deadwood-2.3.04/src/DwUdpSocket.c	2009-04-21
17:27:21.000000000 +0200
+++ ./DwUdpSocket.c	2009-10-21 14:01:29.000000000 +0200
@@ -49,6 +49,7 @@
 extern int min_bind;
 extern int num_ports;
 extern int num_retries;
+extern int deliver_all;

 #ifdef MINGW
 /* Needed for the Windows way of making a socket non-blocking */
@@ -600,7 +601,7 @@
         if((a[2] & 0x02) == 0x00) { /* If not truncated */
 		fflush(stdout);
 #ifndef NOCACHE
-                if(cache_dns_reply(a,count) == -1) {
+                if((cache_dns_reply(a,count) == -1) && (deliver_all ==
0)) {
 			return; /* Bad reply */
 		}
 #endif /* NOCACHE */
