sendnrw/netbird
2
0
Fork 0
mirror of https://github.com/netbirdio/netbird.git synced 2026-05-19 07:09:56 +00:00
Code Issues Packages Projects Releases Wiki Activity

Switch nonRetryableEDE to a map lookup

Browse Source
This commit is contained in:
Viktor Liu
2026-05-06 10:22:40 +02:00
parent 34c3c1a6f0
commit e394818b9f
1 changed files with 24 additions and 20 deletions
Download Patch File Download Diff File Expand all files Collapse all files

44
client/internal/dns/upstream.go
View File

@@ -29,6 +29,27 @@ import (
var currentMTU uint16 = iface.DefaultMTU var currentMTU uint16 = iface.DefaultMTU
// nonRetryableEDECodes lists EDE info codes (RFC 8914) for which a SERVFAIL
// from one upstream means another upstream would return the same answer:
// DNSSEC validation outcomes and policy-based blocks. Transient errors
// (network, cached, not ready) are not included.
var nonRetryableEDECodes = map[uint16]struct{}{
dns.ExtendedErrorCodeUnsupportedDNSKEYAlgorithm: {},
dns.ExtendedErrorCodeUnsupportedDSDigestType: {},
dns.ExtendedErrorCodeDNSSECIndeterminate: {},
dns.ExtendedErrorCodeDNSBogus: {},
dns.ExtendedErrorCodeSignatureExpired: {},
dns.ExtendedErrorCodeSignatureNotYetValid: {},
dns.ExtendedErrorCodeDNSKEYMissing: {},
dns.ExtendedErrorCodeRRSIGsMissing: {},
dns.ExtendedErrorCodeNoZoneKeyBitSet: {},
dns.ExtendedErrorCodeNSECMissing: {},
dns.ExtendedErrorCodeBlocked: {},
dns.ExtendedErrorCodeCensored: {},
dns.ExtendedErrorCodeFiltered: {},
dns.ExtendedErrorCodeProhibited: {},
}
func SetCurrentMTU(mtu uint16) { func SetCurrentMTU(mtu uint16) {
currentMTU = mtu currentMTU = mtu
} }
@@ -342,11 +363,8 @@ func formatFailures(failures []upstreamFailure) string {
return strings.Join(parts, ", ") return strings.Join(parts, ", ")
} }
// nonRetryableEDE reports whether the response carries an Extended DNS Error // nonRetryableEDE returns the first non-retryable EDE code carried in the
// (RFC 8914) indicating the answer is definitive and trying another upstream // response, if any.
// would yield the same result. DNSSEC validation failures and policy-based
// blocks fall into this category; transient errors (network, cached, not
// ready) do not.
func nonRetryableEDE(rm *dns.Msg) (uint16, bool) { func nonRetryableEDE(rm *dns.Msg) (uint16, bool) {
opt := rm.IsEdns0() opt := rm.IsEdns0()
if opt == nil { if opt == nil {
@@ -357,21 +375,7 @@ func nonRetryableEDE(rm *dns.Msg) (uint16, bool) {
if !ok { if !ok {
continue continue
} }
switch ede.InfoCode { if _, ok := nonRetryableEDECodes[ede.InfoCode]; ok {
case dns.ExtendedErrorCodeUnsupportedDNSKEYAlgorithm,
dns.ExtendedErrorCodeUnsupportedDSDigestType,
dns.ExtendedErrorCodeDNSSECIndeterminate,
dns.ExtendedErrorCodeDNSBogus,
dns.ExtendedErrorCodeSignatureExpired,
dns.ExtendedErrorCodeSignatureNotYetValid,
dns.ExtendedErrorCodeDNSKEYMissing,
dns.ExtendedErrorCodeRRSIGsMissing,
dns.ExtendedErrorCodeNoZoneKeyBitSet,
dns.ExtendedErrorCodeNSECMissing,
dns.ExtendedErrorCodeBlocked,
dns.ExtendedErrorCodeCensored,
dns.ExtendedErrorCodeFiltered,
dns.ExtendedErrorCodeProhibited:
return ede.InfoCode, true return ede.InfoCode, true
} }
} }