From 1c30f8755ccae7ac289c3b7bbae998d978477e04 Mon Sep 17 00:00:00 2001
From: DL6ER <dl6er@dl6er.de>
Date: Thu, 8 Oct 2020 16:50:40 +0200
Subject: [PATCH 1/3] Add new status RETRIED (12) to be used for queries which
 were retried. If a query was retried five times before it suceeded, queries
 1-4 will be marked as RETRIED and only query 5 will stay in status FORWARDED.

Signed-off-by: DL6ER <dl6er@dl6er.de>
---
 src/dnsmasq/forward.c   |  2 +-
 src/dnsmasq_interface.c | 20 ++++++++++++++++++--
 src/dnsmasq_interface.h |  3 +--
 src/enums.h             |  1 +
 src/gc.c                |  3 ++-
 5 files changed, 23 insertions(+), 6 deletions(-)

diff --git a/src/dnsmasq/forward.c b/src/dnsmasq/forward.c
index 43e219074..fa7c06ce0 100644
--- a/src/dnsmasq/forward.c
+++ b/src/dnsmasq/forward.c
@@ -347,7 +347,7 @@ static int forward_query(int udpfd, union mysockaddr *udpaddr,
 	start = daemon->servers; /* at end of list, recycle */
       header->id = htons(forward->new_id);
 
-      FTL_forwarding_failed(forward->sentto);
+      FTL_forwarding_retried(forward->sentto, forward->log_id, daemon->log_id);
     }
   else 
     {
diff --git a/src/dnsmasq_interface.c b/src/dnsmasq_interface.c
index 6c5cc2937..3c87d464c 100644
--- a/src/dnsmasq_interface.c
+++ b/src/dnsmasq_interface.c
@@ -1773,7 +1773,7 @@ void getCacheInformation(const int *sock)
 	// looked up for the longest time is evicted.
 }
 
-void _FTL_forwarding_failed(const struct server *server, const char* file, const int line)
+void FTL_forwarding_retried(const struct server *server, const int oldID, const int newID)
 {
 	// Forwarding to upstream server failed
 
@@ -1795,7 +1795,11 @@ void _FTL_forwarding_failed(const struct server *server, const char* file, const
 	const int upstreamID = findUpstreamID(upstreamIP, false);
 
 	// Possible debugging information
-	if(config.debug & DEBUG_QUERIES) logg("**** forwarding to %s (ID %i, %s:%i) FAILED", dest, upstreamID, file, line);
+	if(config.debug & DEBUG_QUERIES)
+	{
+		logg("**** RETRIED query %i as %i to %s (ID %i)",
+		     oldID, newID, dest, upstreamID);
+	}
 
 	// Get upstream pointer
 	upstreamsData* upstream = getUpstream(upstreamID, true);
@@ -1804,6 +1808,18 @@ void _FTL_forwarding_failed(const struct server *server, const char* file, const
 	if(upstream != NULL)
 		upstream->failed++;
 
+	// Search for corresponding query identified by ID
+	const int queryID = findQueryID(oldID);
+	if(queryID >= 0)
+	{
+		// Get query pointer
+		queriesData* query = getQuery(queryID, true);
+
+		// Set retried status
+		if(query != NULL)
+			query->status = QUERY_RETRIED;
+	}
+
 	// Clean up and unlock shared memory
 	free(upstreamIP);
 	unlock_shm();
diff --git a/src/dnsmasq_interface.h b/src/dnsmasq_interface.h
index cb5880620..f90c7e7c3 100644
--- a/src/dnsmasq_interface.h
+++ b/src/dnsmasq_interface.h
@@ -39,8 +39,7 @@ void _FTL_dnssec(const int status, const int id, const char* file, const int lin
 #define FTL_header_analysis(header4, rcode, id) _FTL_header_analysis(header4, rcode, id, __FILE__, __LINE__)
 void _FTL_header_analysis(const unsigned char header4, const unsigned int rcode, const int id, const char* file, const int line);
 
-#define FTL_forwarding_failed(server) _FTL_forwarding_failed(server, __FILE__, __LINE__)
-void _FTL_forwarding_failed(const struct server *server, const char* file, const int line);
+void FTL_forwarding_retried(const struct server *server, const int oldID, const int newID);
 
 #define FTL_upstream_error(rcode, id) _FTL_upstream_error(rcode, id, __FILE__, __LINE__)
 void _FTL_upstream_error(const unsigned int rcode, const int id, const char* file, const int line);
diff --git a/src/enums.h b/src/enums.h
index 0eeb1c3ea..b67dc2898 100644
--- a/src/enums.h
+++ b/src/enums.h
@@ -40,6 +40,7 @@ enum query_status {
 	QUERY_GRAVITY_CNAME,
 	QUERY_REGEX_CNAME,
 	QUERY_BLACKLIST_CNAME,
+	QUERY_RETRIED,
 	QUERY_STATUS_MAX
 } __attribute__ ((packed));
 
diff --git a/src/gc.c b/src/gc.c
index 23cbcfa11..b54c1a04c 100644
--- a/src/gc.c
+++ b/src/gc.c
@@ -100,7 +100,8 @@ void *GC_thread(void *val)
 						// Unknown (?)
 						counters->unknown--;
 						break;
-					case QUERY_FORWARDED:
+					case QUERY_FORWARDED: // (fall through)
+					case QUERY_RETRIED:
 						// Forwarded to an upstream DNS server
 						// Adjust counters
 						counters->forwarded--;

From e640e45ceb62f307ed821b92340e212ff84fc83a Mon Sep 17 00:00:00 2001
From: DL6ER <dl6er@dl6er.de>
Date: Sun, 18 Oct 2020 18:55:39 +0200
Subject: [PATCH 2/3] Also handle retry events when the retry happened in the
 small timeframe of when we already have the upstream response but DNSSEC
 validation is still ongoing

Signed-off-by: DL6ER <dl6er@dl6er.de>
---
 src/dnsmasq/forward.c   |  3 ++-
 src/dnsmasq_interface.c | 20 ++++++++++++++++++--
 src/dnsmasq_interface.h |  2 +-
 src/enums.h             |  1 +
 src/gc.c                |  3 ++-
 5 files changed, 24 insertions(+), 5 deletions(-)

diff --git a/src/dnsmasq/forward.c b/src/dnsmasq/forward.c
index fa7c06ce0..941ba9252 100644
--- a/src/dnsmasq/forward.c
+++ b/src/dnsmasq/forward.c
@@ -311,6 +311,7 @@ static int forward_query(int udpfd, union mysockaddr *udpaddr,
 	  else
 	    log_query(F_NOEXTRA | F_DNSSEC | F_IPV6, "retry", (union all_addr *)&forward->sentto->addr.in6.sin6_addr, "dnssec");
 
+	  FTL_forwarding_retried(forward->sentto, forward->log_id, daemon->log_id, true);
   
 	  if (forward->sentto->sfd)
 	    fd = forward->sentto->sfd->fd;
@@ -347,7 +348,7 @@ static int forward_query(int udpfd, union mysockaddr *udpaddr,
 	start = daemon->servers; /* at end of list, recycle */
       header->id = htons(forward->new_id);
 
-      FTL_forwarding_retried(forward->sentto, forward->log_id, daemon->log_id);
+      FTL_forwarding_retried(forward->sentto, forward->log_id, daemon->log_id, false);
     }
   else 
     {
diff --git a/src/dnsmasq_interface.c b/src/dnsmasq_interface.c
index 3c87d464c..59c361049 100644
--- a/src/dnsmasq_interface.c
+++ b/src/dnsmasq_interface.c
@@ -1773,7 +1773,7 @@ void getCacheInformation(const int *sock)
 	// looked up for the longest time is evicted.
 }
 
-void FTL_forwarding_retried(const struct server *server, const int oldID, const int newID)
+void FTL_forwarding_retried(const struct server *server, const int oldID, const int newID, const bool dnssec)
 {
 	// Forwarding to upstream server failed
 
@@ -1817,7 +1817,23 @@ void FTL_forwarding_retried(const struct server *server, const int oldID, const
 
 		// Set retried status
 		if(query != NULL)
-			query->status = QUERY_RETRIED;
+		{
+			if(dnssec)
+			{
+				// There is point in retrying the query when
+				// we've already got an answer to this query,
+				// but we're awaiting keys for DNSSEC
+				// validation. We're retrying the DNSSEC query
+				// instead
+				query->status = QUERY_RETRIED_DNSSEC;
+			}
+			else
+			{
+				// Normal query retry due to answer not arriving
+				// soon enough at the requestor
+				query->status = QUERY_RETRIED;
+			}
+		}
 	}
 
 	// Clean up and unlock shared memory
diff --git a/src/dnsmasq_interface.h b/src/dnsmasq_interface.h
index f90c7e7c3..f1df563a7 100644
--- a/src/dnsmasq_interface.h
+++ b/src/dnsmasq_interface.h
@@ -39,7 +39,7 @@ void _FTL_dnssec(const int status, const int id, const char* file, const int lin
 #define FTL_header_analysis(header4, rcode, id) _FTL_header_analysis(header4, rcode, id, __FILE__, __LINE__)
 void _FTL_header_analysis(const unsigned char header4, const unsigned int rcode, const int id, const char* file, const int line);
 
-void FTL_forwarding_retried(const struct server *server, const int oldID, const int newID);
+void FTL_forwarding_retried(const struct server *server, const int oldID, const int newID, const bool dnssec);
 
 #define FTL_upstream_error(rcode, id) _FTL_upstream_error(rcode, id, __FILE__, __LINE__)
 void _FTL_upstream_error(const unsigned int rcode, const int id, const char* file, const int line);
diff --git a/src/enums.h b/src/enums.h
index b67dc2898..fdfa45a2a 100644
--- a/src/enums.h
+++ b/src/enums.h
@@ -41,6 +41,7 @@ enum query_status {
 	QUERY_REGEX_CNAME,
 	QUERY_BLACKLIST_CNAME,
 	QUERY_RETRIED,
+	QUERY_RETRIED_DNSSEC,
 	QUERY_STATUS_MAX
 } __attribute__ ((packed));
 
diff --git a/src/gc.c b/src/gc.c
index b54c1a04c..38d28b4cb 100644
--- a/src/gc.c
+++ b/src/gc.c
@@ -101,7 +101,8 @@ void *GC_thread(void *val)
 						counters->unknown--;
 						break;
 					case QUERY_FORWARDED: // (fall through)
-					case QUERY_RETRIED:
+					case QUERY_RETRIED: // (fall through)
+					case QUERY_RETRIED_DNSSEC:
 						// Forwarded to an upstream DNS server
 						// Adjust counters
 						counters->forwarded--;

From e4c4af4ff06f39fda83494deaa0c922f589a4b18 Mon Sep 17 00:00:00 2001
From: DL6ER <dl6er@dl6er.de>
Date: Mon, 19 Oct 2020 08:08:13 +0200
Subject: [PATCH 3/3] Retried DNSSEC queries are ignored, we have to flag
 themselves. Retried normal queries take over, we have to flat the original
 query.

Signed-off-by: DL6ER <dl6er@dl6er.de>
---
 src/dnsmasq_interface.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/src/dnsmasq_interface.c b/src/dnsmasq_interface.c
index 59c361049..9d12b01b7 100644
--- a/src/dnsmasq_interface.c
+++ b/src/dnsmasq_interface.c
@@ -1809,7 +1809,9 @@ void FTL_forwarding_retried(const struct server *server, const int oldID, const
 		upstream->failed++;
 
 	// Search for corresponding query identified by ID
-	const int queryID = findQueryID(oldID);
+	// Retried DNSSEC queries are ignored, we have to flag themselves (newID)
+	// Retried normal queries take over, we have to flat the original query (oldID)
+	const int queryID = findQueryID(dnssec ? newID : oldID);
 	if(queryID >= 0)
 	{
 		// Get query pointer