With the current c-ares parser, as per PR #765 parsing was broken due to
validation that didn't understand the `SIG` record class. This PR adds
basic, non validating, and incomplete support for the `SIG` record type.
The additional `KEY` and `NXT` which would be required for additional
verification of the records is not implemented. It also does not store
the raw unprocessed RR data that would be required for the validation.
The primary purpose of this PR is to be able to recognize the record and
handle some periphery aspects such as validation of the class associated
with the RR and to not honor the TTL in the RR in the c-ares query cache
since it will always be 0.
Fixes#765
Fix By: Brad House (@bradh352)
The query cache wasn't properly flushing on server list changes
and was attempting to flush even when the server list didn't
actually change.
Fix By: Brad House (@bradh352)
As per Issue #760, the use of `struct timeval` is meant for only time
differentials, however it could be used to denote an exact timeout. This
could lead to y2k38 issues on some platforms.
Fixes Issue #760
Fix By: Brad House (@bradh352)
The DNS message protocol when using non-binary strings needs to be in
the ASCII printable range. The function prototype does elude to this
but it was not actually validating the string was in anyway valid and
could be used. DNS parsing will now fail if an expected string isn't
an ASCII string.
Fixes Issue: #769
Fix By: Brad House (@bradh352)
Missing header reference in Makefile.inc prevents necessary header file from being packaged in official distribution.
Fixes Issue: #763
Fix By: Brad House (@bradh352)
Automatically detect configuration changes and reload. On systems which
provide notification mechanisms, use those, otherwise fallback to
polling. When a system configuration change is detected, it
asynchronously applies the configuration in order to ensure it is a
non-blocking operation for any queries which may still be being
processed.
On Windows, however, changes aren't detected if a user manually
sets/changes the DNS servers on an interface, it doesn't appear there is
any mechanism capable of this. We are relying on
`NotifyIpInterfaceChange()` for notifications.
Fixes Issue: #613
Fix By: Brad House (@bradh352)
at https://github.com/c-ares/c-ares/pull/601#issuecomment-1801935063 you
chose not to scatter `const` on the public interface because of the plan
- now realised - to add threading to c-ares, and in the expectation that
even read operations would need to lock the mutex.
But the threading implementation has a _pointer_ to a mutex inside the
ares channel and as I understand it, that means that it is just fine to
mark `ares__channel_lock` (and `ares__channel_unlock`) as taking a
`const` channel. It is the pointed-to mutex that is not constant, but C
does not propagate `const`-ness through pointers.
This PR sprinkles const where appropriate on public interfaces.
Fix By: David Hotham (@dimbleby)
Due to a logic flaw dns name compression writing was not properly implemented
which would result in the name prefix not being written for a partial match.
Fixes Bug: #757
Fix By: Brad House (@bradh352)
salen validation should be greater than or equal to the required
storage size. Its not uncommon to use `struct sockaddr_storage` in
modern code which is definitely larger than `struct sockaddr_in` and
on some systems even larger than `struct sockaddr_in6`.
Fixes Issue: #752
Fix By: Brad House (@bradh352)
The DNS configuration for apple is stored in the system configuration
database. Apple does provide an emulated `/etc/resolv.conf` on MacOS
(but not iOS), it cannot, however, represent the entirety of the DNS
configuration. Alternatively, libresolv could be used to also retrieve
some system configuration, but it too is not capable of retrieving the
entirety of the DNS configuration.
Attempts to use the preferred public API of `SCDynamicStoreCreate()` and
friends yielded incomplete DNS information. Instead, that leaves some
apple "internal" symbols from `configd` that we need to access in order
to get the entire configuration. We can see that we're not the only ones
to do this as Google Chrome also does:
https://chromium.googlesource.com/chromium/src/+/HEAD/net/dns/dns_config_watcher_mac.cc
These internal functions are what what`libresolv` and `scutil` use to
retrieve the dns configuration. Since these symbols are not publicly
available, we will dynamically load the symbols from `libSystem` and
import the `dnsinfo.h` private header extracted from:
https://opensource.apple.com/source/configd/configd-1109.140.1/dnsinfo/dnsinfo.h
Fix By: Brad House (@bradh352)
**Summary**
This PR adds a server state callback that is invoked whenever a query to
a DNS server finishes.
The callback is invoked with the server details (as a string), a boolean
indicating whether the query succeeded or failed, flags describing the
query (currently just indicating whether TCP or UDP was used), and
custom userdata.
This can be used by user applications to gain observability into DNS
server health and usage. For example, alerts when a DNS server
fails/recovers or metrics to track how often a DNS server is used and
responds successfully.
**Testing**
Three new regression tests `MockChannelTest.ServStateCallback*` have
been added to test the new callback in different success/failure
scenarios.
Fix By: Oliver Welsh (@oliverwelsh)
If an invalid event thread system was provided, it would crash during cleanup due to a NULL pointer dereference.
Fixes Issue: #749
Fix By: Brad House (@bradh352)
Improve reliability in the server retry delay regression tests by
increasing the retry delay and sleeping for a little more than the retry
delay when attempting to force retries.
This helps to account for unreliable timing (e.g. NTP slew)
intermittently breaking pipelines.
Fix By: Oliver Welsh (@oliverwelsh)
I tried to build c-ares using CMake with the latest Android NDK
(r26/27), but failed as follows.
```
Building C object _deps/c-ares-source-build/src/lib/CMakeFiles/c-ares.dir/Debug/ares__buf.c.o
FAILED: _deps/c-ares-source-build/src/lib/CMakeFiles/c-ares.dir/Debug/ares__buf.c.o
In file included from c-ares/src/lib/ares__buf.c:27:
In file included from c-ares/include/ares.h:85:
In file included from Android/sdk/ndk/27.0.11718014/toolchains/llvm/prebuilt/darwin-x86_64/sysroot/usr/include/netinet/in.h:36:
In file included from Android/sdk/ndk/27.0.11718014/toolchains/llvm/prebuilt/darwin-x86_64/sysroot/usr/include/linux/in.h:231:
In file included from Android/sdk/ndk/27.0.11718014/toolchains/llvm/prebuilt/darwin-x86_64/sysroot/usr/include/aarch64-linux-android/asm/byteorder.h:12:
In file included from Android/sdk/ndk/27.0.11718014/toolchains/llvm/prebuilt/darwin-x86_64/sysroot/usr/include/linux/byteorder/little_endian.h:17:
Android/sdk/ndk/27.0.11718014/toolchains/llvm/prebuilt/darwin-x86_64/sysroot/usr/include/linux/swab.h:28:8: error: unknown type name 'inline'
28 | static inline __attribute__((__const__)) __u32 __fswahw32(__u32 val) {
| ^
Android/sdk/ndk/27.0.11718014/toolchains/llvm/prebuilt/darwin-x86_64/sysroot/usr/include/linux/swab.h:28:47: error: expected ';' after top level declarator
28 | static inline __attribute__((__const__)) __u32 __fswahw32(__u32 val) {
| ^
```
It looks like the NDK recently added C99 code containing `inline`
functions, but c-ares is setting the `C_STANDARD` CMake property to C90.
Fix By: Jiwoo Park (@jimmy-park)
There is a missing break statement in the case that timeout_ms >= 0
leading to a possible infinite loop.
Fixes Issue: #742
Fix By: Brad House (@bradh352)
**Summary**
By default c-ares will select the server with the least number of
consecutive failures when sending a query. However, this means that if a
server temporarily goes down and hits failures (e.g. a transient network
issue), then that server will never be retried until all other servers
hit the same number of failures.
This is an issue if the failed server is preferred to other servers in
the list. For example if a primary server and a backup server are
configured.
This PR adds new server failover retry behavior, where failed servers
are retried with small probability after a minimum delay has passed. The
probability and minimum delay are configurable via the
`ARES_OPT_SERVER_FAILOVER` option. By default c-ares will use a
probability of 10% and a minimum delay of 5 seconds.
In addition, this PR includes a small change to always close out
connections to servers which have hit failures, even with
`ARES_FLAG_STAYOPEN`. It's possible that resetting the connection can
resolve some server issues (e.g. by resetting the source port).
**Testing**
A new set of regression tests have been added to test the new server
failover retry behavior.
Fixes Issue: #717
Fix By: Oliver Welsh (@oliverwelsh)
Brad House
David Hotham
Volker Schlecht
Oliver Welsh
Jiwoo Park
Aviv Keller
Chenyu Yang