Use experimental "_ A" minimization in relaxed mode.

qname minimization, even in relaxed mode, can fail on some very broken domains. In relaxed mode, instead of asking for "foo.bar NS" ask for "_.foo.bar A" to either get a delegation or NXDOMAIN. It will require more queries than regular mode for proper NXDOMAINs.
2019-05-28 14:03:13 +02:00
parent 2691e729f0
commit ae52c2117e
6 changed files with 136 additions and 35 deletions
--- a/lib/dns/include/dns/resolver.h
+++ b/lib/dns/include/dns/resolver.h
@@ -110,15 +110,20 @@ typedef enum {
 #define DNS_FETCHOPT_NOCACHED		0x00008000 /*%< Force cache update. */
 #define DNS_FETCHOPT_QMINIMIZE		0x00010000 /*%< Use qname
 							minimization. */
-#define DNS_FETCHOPT_QMIN_STRICT	0x00020000 /*%< Do not work around
+#define DNS_FETCHOPT_NOFOLLOW		0x00020000 /*%< Don't follow
+							delegations */
+#define DNS_FETCHOPT_QMIN_STRICT	0x00040000 /*%< Do not work around
 							servers that return
 							errors on non-empty
 							terminals. */
-#define DNS_FETCHOPT_QMIN_SKIP_IP6A	0x00040000 /*%< Skip some labels
+#define DNS_FETCHOPT_QMIN_USE_A		0x00080000 /*%< Use A type queries
+							instead of NS when
+							doing minimization */
+#define DNS_FETCHOPT_QMIN_SKIP_IP6A	0x00100000 /*%< Skip some labels
 							when doing qname
 							minimization on
 							ip6.arpa. */
-#define DNS_FETCHOPT_NOFORWARD		0x00080000 /*%< Do not use forwarders
+#define DNS_FETCHOPT_NOFORWARD		0x00200000 /*%< Do not use forwarders
 							if possible. */

 /* Reserved in use by adb.c		0x00400000 */