From 56fed3e1487513083b39ddbf22c80356ca2037a7 Mon Sep 17 00:00:00 2001 From: kn Date: Tue, 31 Aug 2021 20:18:03 +0000 Subject: [PATCH] Say autoconf not dhcp Do not abuse "dhcp" to say "DHCP and SLAAC". unwind.conf(5) does so but unwindctl(8) does not; in fact, the latter already has `status autoconf' to Show nameservers learned from dhclient(8), dhcpleased(8) or slaacd(8). Adjust unwind's config manual and internal code accordingly; still accept the old keyword but do not document it. hostname.if(5) already advises for `inet[6] autoconf' instead of `dhcp' and other related daemons don't abuse the word "dhcp" like unwind does. Feedback sthen OK florian --- sbin/unwind/parse.y | 14 +++++++---- sbin/unwind/resolver.c | 50 +++++++++++++++++++-------------------- sbin/unwind/unwind.c | 6 ++--- sbin/unwind/unwind.conf.5 | 12 +++++----- sbin/unwind/unwind.h | 14 +++++------ 5 files changed, 50 insertions(+), 46 deletions(-) diff --git a/sbin/unwind/parse.y b/sbin/unwind/parse.y index d361ae55cae..f3efcc5689e 100644 --- a/sbin/unwind/parse.y +++ b/sbin/unwind/parse.y @@ -1,4 +1,4 @@ -/* $OpenBSD: parse.y,v 1.26 2021/07/25 08:34:43 florian Exp $ */ +/* $OpenBSD: parse.y,v 1.27 2021/08/31 20:18:03 kn Exp $ */ /* * Copyright (c) 2018 Florian Obser @@ -100,8 +100,8 @@ typedef struct { %} %token INCLUDE ERROR -%token FORWARDER DOT PORT ODOT_FORWARDER ODOT_DHCP -%token AUTHENTICATION NAME PREFERENCE RECURSOR DHCP STUB +%token FORWARDER DOT PORT ODOT_FORWARDER ODOT_AUTOCONF ODOT_DHCP +%token AUTHENTICATION NAME PREFERENCE RECURSOR AUTOCONF DHCP STUB %token BLOCK LIST LOG FORCE ACCEPT BOGUS %token STRING @@ -223,8 +223,10 @@ prefopt : DOT { $$ = UW_RES_DOT; } | FORWARDER { $$ = UW_RES_FORWARDER; } | ODOT_FORWARDER { $$ = UW_RES_ODOT_FORWARDER; } | RECURSOR { $$ = UW_RES_RECURSOR; } - | DHCP { $$ = UW_RES_DHCP; } - | ODOT_DHCP { $$ = UW_RES_ODOT_DHCP; } + | AUTOCONF { $$ = UW_RES_AUTOCONF; } + | DHCP { $$ = UW_RES_AUTOCONF; } + | ODOT_AUTOCONF { $$ = UW_RES_ODOT_AUTOCONF; } + | ODOT_DHCP { $$ = UW_RES_ODOT_AUTOCONF; } | STUB { $$ = UW_RES_ASR; } ; @@ -416,6 +418,7 @@ lookup(char *s) {"DoT", DOT}, {"accept", ACCEPT}, {"authentication", AUTHENTICATION}, + {"autoconf", AUTOCONF}, {"block", BLOCK}, {"bogus", BOGUS}, {"dhcp", DHCP}, @@ -426,6 +429,7 @@ lookup(char *s) {"list", LIST}, {"log", LOG}, {"name", NAME}, + {"oDoT-autoconf", ODOT_AUTOCONF}, {"oDoT-dhcp", ODOT_DHCP}, {"oDoT-forwarder", ODOT_FORWARDER}, {"port", PORT}, diff --git a/sbin/unwind/resolver.c b/sbin/unwind/resolver.c index 502a27cb35c..81485b230fa 100644 --- a/sbin/unwind/resolver.c +++ b/sbin/unwind/resolver.c @@ -1,4 +1,4 @@ -/* $OpenBSD: resolver.c,v 1.148 2021/08/30 11:09:58 kn Exp $ */ +/* $OpenBSD: resolver.c,v 1.149 2021/08/31 20:18:03 kn Exp $ */ /* * Copyright (c) 2018 Florian Obser @@ -864,8 +864,8 @@ resolve(struct uw_resolver *res, const char* name, int rrtype, int rrclass, } break; case UW_RES_RECURSOR: - case UW_RES_DHCP: - case UW_RES_ODOT_DHCP: + case UW_RES_AUTOCONF: + case UW_RES_ODOT_AUTOCONF: case UW_RES_FORWARDER: case UW_RES_ODOT_FORWARDER: case UW_RES_DOT: @@ -1088,8 +1088,8 @@ new_resolver(enum uw_resolver_type type, enum uw_resolver_state state) switch (type) { case UW_RES_ASR: - case UW_RES_DHCP: - case UW_RES_ODOT_DHCP: + case UW_RES_AUTOCONF: + case UW_RES_ODOT_AUTOCONF: if (TAILQ_EMPTY(&autoconf_forwarder_list)) return; break; @@ -1110,8 +1110,8 @@ new_resolver(enum uw_resolver_type type, enum uw_resolver_state state) switch (type) { case UW_RES_RECURSOR: - case UW_RES_DHCP: - case UW_RES_ODOT_DHCP: + case UW_RES_AUTOCONF: + case UW_RES_ODOT_AUTOCONF: case UW_RES_FORWARDER: case UW_RES_ODOT_FORWARDER: case UW_RES_DOT: @@ -1228,8 +1228,8 @@ create_resolver(enum uw_resolver_type type) free(resolv_conf); break; case UW_RES_RECURSOR: - case UW_RES_DHCP: - case UW_RES_ODOT_DHCP: + case UW_RES_AUTOCONF: + case UW_RES_ODOT_AUTOCONF: case UW_RES_FORWARDER: case UW_RES_ODOT_FORWARDER: case UW_RES_DOT: @@ -1311,10 +1311,10 @@ create_resolver(enum uw_resolver_type type) break; case UW_RES_RECURSOR: break; - case UW_RES_DHCP: + case UW_RES_AUTOCONF: set_forwarders(res, &autoconf_forwarder_list, 0); break; - case UW_RES_ODOT_DHCP: + case UW_RES_ODOT_AUTOCONF: set_forwarders(res, &autoconf_forwarder_list, 853); ub_ctx_set_option(res->ctx, "tls-cert-bundle:", TLS_DEFAULT_CA_CERT_FILE); @@ -1342,8 +1342,8 @@ create_resolver(enum uw_resolver_type type) /* for the forwarder cases allow AS112 zones */ switch(res->type) { - case UW_RES_DHCP: - case UW_RES_ODOT_DHCP: + case UW_RES_AUTOCONF: + case UW_RES_ODOT_AUTOCONF: case UW_RES_FORWARDER: case UW_RES_ODOT_FORWARDER: case UW_RES_DOT: @@ -1548,8 +1548,8 @@ check_resolver_done(struct uw_resolver *res, void *arg, int rcode, } if (sec == SECURE) { - if (dns64_present && (res->type == UW_RES_DHCP || - res->type == UW_RES_ODOT_DHCP)) { + if (dns64_present && (res->type == UW_RES_AUTOCONF || + res->type == UW_RES_ODOT_AUTOCONF)) { /* do not upgrade to validating, DNS64 breaks DNSSEC */ if (prev_state != RESOLVING) new_resolver(checked_resolver->type, @@ -2049,8 +2049,8 @@ replace_autoconf_forwarders(struct imsg_rdns_proposal *rdns_proposal) replace_forwarders(&new_forwarder_list, &autoconf_forwarder_list); new_resolver(UW_RES_ASR, UNKNOWN); - new_resolver(UW_RES_DHCP, UNKNOWN); - new_resolver(UW_RES_ODOT_DHCP, UNKNOWN); + new_resolver(UW_RES_AUTOCONF, UNKNOWN); + new_resolver(UW_RES_ODOT_AUTOCONF, UNKNOWN); } else { while ((tmp = TAILQ_FIRST(&new_forwarder_list)) != NULL) { TAILQ_REMOVE(&new_forwarder_list, tmp, entry); @@ -2278,7 +2278,7 @@ check_dns64_done(struct asr_result *ar, void *arg) } if (ar->ar_rcode == LDNS_RCODE_NXDOMAIN) { - /* XXX this means that the dhcp resolver is broken */ + /* XXX this means that the autoconf resolver is broken */ log_debug("%s: NXDOMAIN", __func__); goto out; } @@ -2336,13 +2336,13 @@ check_dns64_done(struct asr_result *ar, void *arg) dns64_present = count > 0; if (dns64_present) { - /* downgrade DHCP resolvers, DNS64 breaks DNSSEC */ - if (resolvers[UW_RES_DHCP] != NULL && - resolvers[UW_RES_DHCP]->state == VALIDATING) - new_resolver(UW_RES_DHCP, RESOLVING); - if (resolvers[UW_RES_ODOT_DHCP] != NULL && - resolvers[UW_RES_ODOT_DHCP]->state == VALIDATING) - new_resolver(UW_RES_ODOT_DHCP, RESOLVING); + /* downgrade SLAAC resolvers, DNS64 breaks DNSSEC */ + if (resolvers[UW_RES_AUTOCONF] != NULL && + resolvers[UW_RES_AUTOCONF]->state == VALIDATING) + new_resolver(UW_RES_AUTOCONF, RESOLVING); + if (resolvers[UW_RES_ODOT_AUTOCONF] != NULL && + resolvers[UW_RES_ODOT_AUTOCONF]->state == VALIDATING) + new_resolver(UW_RES_ODOT_AUTOCONF, RESOLVING); } resolver_imsg_compose_frontend(IMSG_NEW_DNS64_PREFIXES_START, 0, diff --git a/sbin/unwind/unwind.c b/sbin/unwind/unwind.c index 2e3ae7c93e5..ba9d1819df6 100644 --- a/sbin/unwind/unwind.c +++ b/sbin/unwind/unwind.c @@ -1,4 +1,4 @@ -/* $OpenBSD: unwind.c,v 1.62 2021/07/25 08:34:43 florian Exp $ */ +/* $OpenBSD: unwind.c,v 1.63 2021/08/31 20:18:03 kn Exp $ */ /* * Copyright (c) 2018 Florian Obser @@ -690,8 +690,8 @@ config_new_empty(void) UW_RES_ODOT_FORWARDER, UW_RES_FORWARDER, UW_RES_RECURSOR, - UW_RES_ODOT_DHCP, - UW_RES_DHCP, + UW_RES_ODOT_AUTOCONF, + UW_RES_AUTOCONF, UW_RES_ASR}; struct uw_conf *xconf; int i; diff --git a/sbin/unwind/unwind.conf.5 b/sbin/unwind/unwind.conf.5 index 5206883ec04..38516b2df89 100644 --- a/sbin/unwind/unwind.conf.5 +++ b/sbin/unwind/unwind.conf.5 @@ -1,4 +1,4 @@ -.\" $OpenBSD: unwind.conf.5,v 1.28 2021/07/24 14:15:34 kn Exp $ +.\" $OpenBSD: unwind.conf.5,v 1.29 2021/08/31 20:18:03 kn Exp $ .\" .\" Copyright (c) 2018 Florian Obser .\" Copyright (c) 2005 Esben Norby @@ -18,7 +18,7 @@ .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. .\" -.Dd $Mdocdate: July 24 2021 $ +.Dd $Mdocdate: August 31 2021 $ .Dt UNWIND.CONF 5 .Os .Sh NAME @@ -100,9 +100,9 @@ See Will never validate. Useful when running behind broken middle boxes that do not like edns0. DNS answers from stub name servers are not cached. -.It Ic dhcp +.It Ic autoconf Name servers learned via DHCP or SLAAC. -.It Ic oDoT-dhcp +.It Ic oDoT-autoconf Name servers learned via DHCP or SLAAC. .Nm unwind tries to opportunistically use DNS over TLS. @@ -123,7 +123,7 @@ itself recursively resolves names. .El .Pp The default preference is -.Ic DoT oDoT-forwarder forwarder recursor oDoT-dhcp dhcp stub . +.Ic DoT oDoT-forwarder forwarder recursor oDoT-autoconf autoconf stub . .It Ic force Oo Cm accept bogus Oc Ar type Brq Ar name ... Force resolving of .Ar name @@ -160,7 +160,7 @@ force .Xr unwind 8 to use a specific resolver type: .Bd -literal -offset indent -force dhcp { domain.local } +force autoconf { domain.local } .Ed .Sh SEE ALSO .Xr rc.conf.local 8 , diff --git a/sbin/unwind/unwind.h b/sbin/unwind/unwind.h index 42fff966e65..f21baf72970 100644 --- a/sbin/unwind/unwind.h +++ b/sbin/unwind/unwind.h @@ -1,4 +1,4 @@ -/* $OpenBSD: unwind.h,v 1.55 2021/07/25 08:34:43 florian Exp $ */ +/* $OpenBSD: unwind.h,v 1.56 2021/08/31 20:18:03 kn Exp $ */ /* * Copyright (c) 2018 Florian Obser @@ -46,8 +46,8 @@ enum uw_resolver_type { UW_RES_RECURSOR, - UW_RES_DHCP, - UW_RES_ODOT_DHCP, + UW_RES_AUTOCONF, + UW_RES_ODOT_AUTOCONF, UW_RES_ASR, UW_RES_FORWARDER, UW_RES_ODOT_FORWARDER, @@ -57,8 +57,8 @@ enum uw_resolver_type { static const char * const uw_resolver_type_str[] = { "recursor", - "dhcp", - "oDoT-dhcp", + "autoconf", + "oDoT-autoconf", "stub", "forwarder", "oDoT-forwarder", @@ -67,8 +67,8 @@ static const char * const uw_resolver_type_str[] = { static const char * const uw_resolver_type_short[] = { "rec", - "dhcp", - "dhcp*", + "auto", + "auto*", "stub", "forw", "forw*", -- 2.20.1