1
Deadwood-3: A full DNS recursive resolver. Target date: None
3
Plan for recursive design:
5
* When looking at a packet, we need to know two facts:
7
1) The name and record type of the hostname we are seeking
9
2) The permitted bailiwick for any NS referrals we get
11
* When we get a packet from the remote nameserver, we need to determine
12
if the packet is a complete packet. A complete packet is a packet where
13
either one of the following are true:
15
1) We look for CNAME referrals in the AN section of the packet. We make
16
the question we had a CNAME, and see if that CNAME is in the packet.
17
If it is, we change the question to the name the CNAME points to,
18
and see if *that* CNAME is in the AN section of the packet. If it
19
is, we see that the CNAME points to and see if the corresponding CNAME
20
is in the packet, and so on.
22
Eventually, we won't find a CNAME record. Once we don't find the
23
appropriate CNAME record, we change the name we are looking for to
24
the name the last found CNAME pointed to, but keep the same record
25
type. Looking for a CNAME is a special case; we're done once we
26
find the CNAME and the packet is complete.
28
If we never found a CNAME, we just preserve the original host name.
30
Once we know the name we're looking for by chasing down CNAME referrals,
31
we look for that record in the AN section. If we find it, we're gold
32
and the packet is complete; we're done with our hostname search.
34
If we found CNAME records but did not find the ultimate hostname we
35
looked for, this is an incomplete CNAME referral.
37
2) There is a single SOA record in the NS section
39
3) If there are NS records in the NS section and possibly the AR section,
40
but no records in the AN section, this is an incomplete NS referral.
42
* If a packet is an incomplete CNAME referral, we do the following with
45
1) We find the last CNAME referral valid for the hostname we originally
48
2) We store the record in the cache as something along the lines of
49
"hostname whatever.example.com. is a CNAME record which points to
50
realname.example.net." This is stored as a CNAME record.
52
3) We increase the depth level and look for the hostname the CNAME
53
points to, such as looking for the A record for "realname.example.net."
55
* If the packet is an incomplete NS referral, we do the following with the
58
1) We remove any packets which are out-of-bailiwick; for a packet to be
59
in-bailiwick it has to be a NS referral for a hostname *longer* than
60
the current bailiwick, and with the same ending as the current
61
bailiwick. For example, if the bailiwick is .com, we must have
62
a NS referral for example.com; another NS referral for .com will be
65
2) Should, after removing all out-of-bailiwick records, we have no NS
66
referrals left, the packet is a "dead end"; we backtrack and try another
67
NS record for this hostname until a given limit is hit.
69
3) Once we remove all OOB records, we connect NS records to A and AAAA
70
records in the AR section. For example, if the packet has in the NS
71
section "example.com NS ns1.example.com" and the AR section has
72
"ns1.example.com A 192.168.78.32", we make the packet "example.com NS
73
192.168.78.32" and store it in the cache.