Dns.cpp

#include "Dns.h"
#include "HashTableT.h"
#include "Process.h"
#include "File.h"
#include "Conf.h"
#include "Hostdb.h"
#include "Dns_internals.h"
#include "ip.h"
#include "Mem.h"
#include "Errno.h"
#include "hash.h"
#include "utf8_fast.h"
#include "gbmemcpy.h"
#include <fcntl.h>


// comment out the following line to disable DNS TLD caching
// TLD caching seems to give about 15% performance increase over not caching.
// it has been pretty thoroughly tested, but if there is a problem,
// feel free to disable it.
#define DNS_TLD_CACHE

// See section 7. RESOLVER IMPLEMENTATION in the rfc 1035

// TODO: use the canonical name as a normalization!!


#define MAX_DEPTH 18 // we can have a lot of CNAME aliases w/ akamai
#define MAX_TRIED_IPS 32 // stop after asking 32 nameservers, return timed out
#define LOOP_BUF_SIZE 26100
#define MAX_DNS_HOSTNAME_LEN	127
// use a default of 1 day for both caches
#define DNS_CACHE_MAX_AGE       (60*60*24)


struct DnsState {
	key96_t     m_hostnameKey;
	// key for lookup into s_dnsTable hash table
	int64_t     m_tableKey;
	Dns        *m_this ;
	void       *m_state;
	void      (*m_callback)(void *state, int32_t ip);
	bool        m_freeit;
	char        m_hostname[MAX_DNS_HOSTNAME_LEN+1];

	// . point to the replies received from dns servers
	// . m_dnsNames[] should point into these reply buffers
	//char *m_replyBufPtrs[6];
	//int32_t  m_numReplies;

	// we can do a recursion up to 5 levels deep. sometimes the reply
	// we get back is a list of ips of nameservers we need to ask.
	// that can happen a few times in a row, and we have to keep track
	// of the depth here. initially we set these ips to those of the
	// root servers (or sometimes the local bind servers).
	bool    m_rootTLD  [MAX_DEPTH];
	int32_t m_fallbacks[MAX_DEPTH];
	int32_t m_dnsIps   [MAX_DEPTH][MAX_DNS_IPS];
	int32_t m_numDnsIps[MAX_DEPTH];
	int32_t m_depth;  // current depth

	// . use these nameservers to do the lookup
	// . if not provided, they default to the root nameservers
	// . the first one we ask is based on hash of hostname % m_numDns,
	//   if that times out, the 2nd is right after the first, etc. so we
	//   always stay in order.
	// . m_dnsNames point into m_nameBuf, m_namePtr pts to the end of
	//   m_nameBuf so you can add new names to it.
	//   m_dnsNames are NULLified when getIPOfDNS() get their ip address
	//   which is then added to m_dnsIps[]
	char   *m_dnsNames    [MAX_DEPTH][MAX_DNS_IPS];
	int32_t m_numDnsNames [MAX_DEPTH];
	char    m_nameBuf     [512];
	char   *m_nameBufPtr;
	char   *m_nameBufEnd;

	// this holds the one and only dns request
	char  m_request[512];
	int32_t  m_requestSize;

	// after we send to a nameserver add its ip to this list so we don't
	// send to it again. or so we do not even add it to m_dnsIps again.
	int32_t m_triedIps[MAX_TRIED_IPS];
	int32_t m_numTried;

	// if we have to get the ip of the dns, then we get back more dns
	// that refer to that dns and we have to get the ip of those, ... etc.
	// for getting the ip of a dns we cast m_buf as a DnsState and use
	// that to avoid having to allocate more memory. however, we have to
	// keep track of how many times we do that recursively until we run
	// out of m_buf.
	int32_t m_loopCount;

	// set to EDNSDEAD (hostname does not exist) if we encounter that
	// error, however, we continue to ask other dns servers about the
	// hostname because we can often uncover the ip address that way.
	// but if we never do, we want to return this error, not ETIMEDOUT.
	int32_t m_errno;

	// we have to turn it off in some requests for some reason
	// like for www.fsis.usda.gov, othewise we get a refused to talk error
	bool m_recursionDesired;

	// have a total timeout function
	int32_t m_startTime;

	char m_buf[LOOP_BUF_SIZE];
};


// a global class extern'd in .h file
Dns g_dns;

static RdbCache g_timedoutCache;

static int64_t s_antiLockCount = 1LL;

#define TIMEOUT_SINGLE_HOST_MS 30000
#define TIMEOUT_TOTAL       90


// CallbackEntry now defined in HashTableT.cpp
static HashTableT<int64_t,CallbackEntry> s_dnstable;
static HashTableT<uint32_t,TLDIPEntry> s_TLDIPtable;

Dns::Dns() {
	m_ips      = NULL;
	m_keys     = NULL;
	m_numSlots = 0;
	m_dnsClientPort = 0;
}

// reset the udp server and rdb cache
void Dns::reset() {
	log("db: resetting dns");
	m_udpServer.reset();
	m_rdbCache.reset();
	g_timedoutCache.reset();
	s_dnstable.reset();
	s_TLDIPtable.reset();
	m_rdbCacheLocal.reset();
	// free hash table of /etc/hosts
	if ( m_ips  ) mfree ( m_ips  , m_numSlots*4            , "Dns");
	if ( m_keys ) mfree ( m_keys , m_numSlots*sizeof(key96_t), "Dns");
	m_ips      = NULL;
	m_keys     = NULL;
	m_numSlots = 0;
}

// . port will be incremented if already in use
// . use 1 socket for recving and sending
// . we can use a shared rdb cache
// . we use the dbId to separate our cache entries from other db's entries
bool Dns::init ( uint16_t clientPort ) {
	// get primary dns server info from the conf class
	m_dnsClientPort = clientPort; // g_conf.m_dnsClientPort;
	// set the name of the cache. it will save to WORKDIR/{name}.dat
	int32_t maxMem = g_conf.m_dnsMaxCacheMem ;
	// . how many nodes in cache tree can we fit?
	// . each rec is key (12) and ip(4)
	// . overhead in cache is 56
	// . that makes 56 + 4 = 60
	// . not correct? stats suggest it's less than 25 bytes each
	int32_t maxCacheNodes = maxMem / 25;
	// make a copy of our protocol to pass to udp server
	// static DnsProtocol proto;
	// set the cache
	if ( ! m_rdbCache.init ( maxMem        ,
				 4             ,  // fixed data size of rec
				 maxCacheNodes ,
				 "dns"         ,  // dbname
				 true,            // save cache to disk?
				 12,              //cachekeysize
				 -1            )) { // numPtrsMax
		log( LOG_ERROR, "dns: Cache init failed." );
		return false;
	}

	// make a copy of our protocol to pass to udp server
	// static DnsProtocol proto;
	// set the cache
	int32_t maxMemLocal = 100000;
	if ( ! m_rdbCacheLocal.init ( maxMemLocal   ,
				      4             , // fixed data size of rec
				      maxMemLocal/25,
				      "dnsLocal"    ,  // dbname
				      true,            // save cache to disk?
				      12,              //cachekeysize
				      -1            )) { // numPtrsMax
		log( LOG_ERROR, "dns: Cache local init failed." );
		return false;
	}

	// . set the port, proto and hostmap in our udpServer
	// . poll for timeouts every 11 seconds (11000 milliseconds)
	if ( ! m_udpServer.init ( m_dnsClientPort, 
				  &m_proto       ,
				  64000          ,// sock read buf
				  32000          ,// sock write buf
				  500            ,//polltime(.5secs)
				  500            ,//maxudpslots
				  true           )) { // is dns?
		log( LOG_ERROR, "dns: Udp server init failed." );
		return false;
	}

	// innocent log msg
	log ( LOG_INIT,"dns: Sending requests on client port %" PRIu16, (uint16_t)m_dnsClientPort );

	for ( int32_t i = 0 ; i < g_conf.m_numDns ; i++ ) {
		if ( !g_conf.m_dnsIps[i] ) continue;
		char ipbuf[16];
		log ( LOG_INIT, "dns: Using nameserver %s:%i.",
		      iptoa(g_conf.m_dnsIps[i],ipbuf) , g_conf.m_dnsPorts[i] );
	}

	// . only init the timedout cache once
	// . cache the dns servers' ips who timeout on us so we don't slow
	//   things down. later we can turn this into a "speed" cache, so
	//   we ask the fastest servers first.
	static bool s_init = false;
	if ( s_init ) return true;
	// just 30k for this little guy
	int32_t maxCacheMem = 30000;
	maxCacheNodes = maxCacheMem / 25;
	g_timedoutCache.init ( maxCacheMem ,
			       4     ,  // fixed data size of rec
			       maxCacheNodes           ,
			       "dnstimedout"           ,  // dbname
			       true,            // save cache to disk?
			       12,              //cachekeysize
			       -1);             // numPtrsMax
	return true;
}

static bool isTimedOut(int32_t ip) {
	// is this ip address in the "timed out" cache. if so,
	// then do not try again for at least 1 hour
	char *rec;
	int32_t  recSize;
	int32_t  maxAge = 3600; // 1 hour in seconds
	key96_t k;
	k.n0 = 0LL;
	k.n1 = ip;
	RdbCacheLock rcl(g_timedoutCache);
	bool  inCache = g_timedoutCache.getRecord ( (collnum_t)0 ,
							k       , // key
							&rec    ,
							&recSize,
							false   ,//do copy?
							maxAge  ,
							true    );//inc cnt
	return inCache;
}

inline bool parseTLD(DnsState* ds, char* buf, int32_t* len) {
	// parse out the TLD
	const char*	hostname=	ds->m_hostname;
	const char*	cbeg	=	hostname + strlen(hostname);
	const char*	cend	=	cbeg;
	bool		found	=	false;
	char*		curs;
	while (cbeg > hostname) {
		if (*cbeg == '.') {
			cbeg++;
			found = true;
			if (cend - cbeg > *len - 1)
				return false;
			*len = cend - cbeg;
			gbmemcpy(buf, cbeg, *len);
			buf[*len] = '\0';
			for (curs = buf; *curs; curs++)
				*curs = to_lower_a(*curs);
			//log(LOG_DEBUG,"dns: parseTLD found '%s'", buf);
			return true;
		}
		cbeg--;
	}
	return found;
}

inline uint32_t TLDIPKey(char* buf, int32_t len) {
	// build "key" for TLD hash table
	uint32_t	key;
	key = 0;
	if (len > 4)
		len = 4;
	gbmemcpy(&key, buf, len);
	return key;
}

#ifdef DNS_TLD_CACHE
// returns NULL if we had a TLD cache miss
// returns ptr if we had a TLD cache hit
// adjusts ds->m_depth and ds->m_dnsIps on a hit
static const TLDIPEntry* getTLDIP(DnsState* ds) {

	//log(LOG_DEBUG, "dns: getTLDIP entry");

	char		buf[64];
	int32_t		len	=	sizeof(buf);
	if (!parseTLD(ds, buf, &len)) {
		log(LOG_WARN, "dns: unable to determine TLD for %s",
			ds->m_hostname);
		return NULL;
	}
	uint32_t	key	=	TLDIPKey(buf, len);
	if (key == 0) {
		log(LOG_WARN, "dns: getTLDIP invalid key");
		return NULL;
	}
	TLDIPEntry* tldip = s_TLDIPtable.getValuePointer(key);
	if (tldip == NULL) {
		//log(LOG_DEBUG, "dns: getTLDIP not in cache");
		return NULL;
	}

	// JAB: 2038
	if (tldip->expiry <= time(NULL)) {
		log(LOG_DEBUG, "dns: getTLDIP expired for %s", ds->m_hostname);
		return NULL;
	}

	log(LOG_DEBUG,"dns: TLD cache hit .%s NS depth %" PRId32" for %s.",
		buf, (int32_t) ds->m_depth, ds->m_hostname);

	return tldip;
}

static void dumpTLDIP(	const char*	tld,
			TLDIPEntry*	tldip) {
	for (int32_t i = 0; i < tldip->numTLDIPs; i++) {
		char ipbuf[16];
		log(LOG_DEBUG, "dns: .%s TLD IP %s",
			tld, iptoa(tldip->TLDIP[i],ipbuf));
	}
}

static void setTLDIP(	DnsState*	ds,
			TLDIPEntry*	tldip) {

	// see if it's already in cache (i.e. poss. expired).
	const TLDIPEntry*	cached	=	getTLDIP(ds);
	int32_t			now	=	time(NULL);
	// expire TLD NS in 24 hours
	tldip->expiry = now + 3600 * 24;
	char			buf[64];
	int32_t			len	=	sizeof(buf);
	if (!parseTLD(ds, buf, &len)) {
		log(LOG_WARN, "dns: unable to determine TLD for %s",
			ds->m_hostname);
		return;
	}
	char			tld[64];
	gbmemcpy(tld, buf, len);
	tld[len] = '\0';
	if (cached == NULL) {
		uint32_t	key	=	TLDIPKey(buf, len);
		if (!s_TLDIPtable.addKey(key, *tldip)) {
			log(LOG_WARN, "dns: unable to add %s to TLD cache",
				ds->m_hostname);
			return;
		}
		log(LOG_DEBUG, "dns: TLD .%s NS cache add", buf);
		dumpTLDIP(tld, tldip);
	}
	else if (cached->expiry <= now) {
		// JAB: non-const cast...
		gbmemcpy((TLDIPEntry*) cached, tldip, sizeof(TLDIPEntry));
		log(LOG_DEBUG, "dns: TLD .%s NS cache update", buf);
		dumpTLDIP(tld, tldip);
	}
	else {
		//log(LOG_DEBUG, "dns: TLD cache up-to-date");
	}
}
#else	// DNS_TLD_CACHE

// code that is run when TLDIP cache is disabled...
static const TLDIPEntry* getTLDIP(DnsState* ds) {
	return NULL;
}
#endif	// DNS_TLD_CACHE

// . returns true and sets g_errno on error
// . returns false if transaction blocked, true if completed
// . returns false if you must wait
// . calls gotIp with ip when it gets it or timesOut or errors out
// . sets *ip to 0 if none (does not exist)
// . sets *ip to -1 and sets g_errno if there was an error
bool Dns::getIp ( const char *hostname,
		  int32_t  hostnameLen ,
		  int32_t *ip       ,
		  void *state    ,
		  void (* callback ) ( void *state , int32_t ip ) ,
		  DnsState *ds ,
		  int32_t   timeout     ,
		  bool   dnsLookup) {

	// . don't accept large hostnames
	// . technically the limit is 255 but i'm stricter
	if ( hostnameLen > MAX_DNS_HOSTNAME_LEN ) {
		g_errno = EHOSTNAMETOOBIG;
		log("dns: Asked to get IP of hostname over %d characters long.", MAX_DNS_HOSTNAME_LEN);
		*ip=0;
		return true;
	}
	// debug msg
	char tmp[MAX_DNS_HOSTNAME_LEN+1];
	gbmemcpy ( tmp , hostname , hostnameLen );
	tmp [ hostnameLen ] = '\0';

	log(LOG_DEBUG, "dns: hostname '%s'", tmp);

	// assume no error
	g_errno = 0;

	// only g_dnsDistributed should be calling this, not g_dnsLocal
	if ( this != &g_dns ) { g_process.shutdownAbort(true); }

	// not thread safe
	//if ( g_threads.amThread() ) { g_process.shutdownAbort(true); }

	if ( hostnameLen <= 0 ) {
		log(LOG_LOGIC,"dns: Asked to get IP of zero length hostname.");
		*ip = 0;
		return true;
	}
	// if url is already in a.b.c.d format return that
	*ip = atoip ( hostname , hostnameLen );
	if ( *ip != 0 ) {
		log(LOG_DEBUG, "dns: IP address passed into getIp '%s'", tmp);
		return true;
	}
	// key is hash of the hostname
	key96_t  hostKey96  = hash96 ( hostname , hostnameLen );
	// . is it in the /etc/hosts file?
	// . BAD: could have a key collision!! TODO: fix..
	if ( g_conf.m_useEtcHosts && isInFile ( hostKey96 , ip ) ) return true;
	// . try getting from the cache first
	// . this returns true if was in the cache and sets *ip to the ip
	// . we now cached EDNSTIMEDOUT errors for a day, so *ip can be -1
	// . TODO: watchout for key collision
	if ( isInCache ( hostKey96 , ip ) ) {
		// return 1 to indicate we got it right away in *ip
		if ( ! g_conf.m_logDebugDns ) return true;
		//char *dd = "distributed";
		//if ( this == &g_dnsLocal ) dd = "local";
		// debug msg
		char ipbuf[16];
		log(LOG_DEBUG,"dns: got ip of %s for %s in distributed cache.",
		    iptoa(*ip,ipbuf),tmp);
		return true;
	}

	
	// . if this hostname request is already in progress, wait for that
	//   reply to to come back rather than launching a duplicate request.
	// . each bucket in the s_dnstable hashtable is a possible head of a 
	//   linked list of callback/state pairs which are waiting for that 
	//   hostname's ip
	// . is the ip for this hostname already being fetched?
	// . if so, there will be a callback entry class that should match its 
	//   DnsState::m_callback in there and have a key of key.n0 (see below)
	// . TODO: we can have collisions and end up getting back the wrong ip
	//   how can we fix this? keep a ptr to ds->m_hostname? and if does
	//   not match then just error out?
	int64_t hostKey64 = hostKey96.n0 & 0x7fffffffffffffffLL;
	// never let this be zero
	if ( hostKey64 == 0 ) {
		hostKey64 = 1;
	}
	// see if we are already looking up this hostname
	CallbackEntry *ptr = s_dnstable.getValuePointer ( hostKey64 );

	// if he has our key see if his hostname matches ours, it should.
	if ( ptr && 
	     // we do not store hostnameLen in ds, so make sure this is 0 
	     ! ptr->m_ds->m_hostname[hostnameLen] &&
	     (int32_t)strlen(ptr->m_ds->m_hostname) == hostnameLen && 
	     strncmp ( ptr->m_ds->m_hostname, hostname, hostnameLen ) != 0 ) {

		g_errno = EBADENGINEER;
		log(LOG_WARN, "dns: Found key collision in wait queue. host %s has "
		    "same key as %s. key=%" PRIu64".",
		    ptr->m_ds->m_hostname, tmp, hostKey64);
		//g_process.shutdownAbort(true);
		// we should just error out if this happens, it is better
		// than giving him the wrong ip, he will be retried later
		// by the spider.
		return true;
	}
	// regardless, add our "ce" to the table, but assume we are NOT first
	// in line for a hostname and use a bogus key. it  doesn't matter, 
	// we just need some memory to store our CallbackEntry class.
	static int64_t s_bogus = 0;
	// make a CallbackEntry class to add to a slot in the table
	CallbackEntry ce;
	ce.m_callback = callback;
	ce.m_state    = state;
	ce.m_nextKey  = 0LL; // assume we are the first for this hostname
	ce.m_ds       = NULL;
	ce.m_listSize = 0;
	ce.m_listId   = 0;

	// always inc now no matter what now so no danger of re-use
	s_bogus++;
	// if we are the first guy requesting the ip for this hostname
	// then use "hostKey" to get the slot to store "ce", 
	int64_t finalKey = hostKey64 ;
	// otherwise use "s_bogus" as the key. the bogus key is just for 
	// getting a slot to use to store "ce".
	if ( ptr ) {
		// let's hash it up for efficiency
		finalKey = hash64 ( (char *)&s_bogus,8);
		// never let this be 0
		if ( finalKey == 0 ) finalKey = 1LL;
		// bogus should never equal a key.n0 for any request, otherwise
		// that is a collision. to avoid this possibility keep its hi 
		// bit set, and hi bit clear on the key.n0 key (hostKey). this
		// way, a waiting slot can never collide with any other slot.
		finalKey |= 0x8000000000000000LL;
	}

	// BUT if we are looking up a dns server's ip, then NEVER wait in
	// line because we could deadlock!
	if ( dnsLookup ) {
	loop:
		finalKey  = hash64 ( hostKey64 , s_antiLockCount++ );
		// it is not waiting in anyone's line, so turn this bit off
		finalKey &= 0x7fffffffffffffffLL;	
		// ensure not 0
		if ( finalKey == 0 ) finalKey = 1;
		// assume hostKey is not in the table, even though it
		// may be, we cannot wait in line behind it
		ptr = NULL;
		// ensure no collision, if so, s_antiLockCount will be
		// different now so hash again until we do not collide
		if ( s_dnstable.getValuePointer ( finalKey ) )
			goto loop;
	}

	// assume we have no parent
	int64_t parentKey = 0;
	// if parent, set parentKey to "hostKey", the hash of the hostname
	if ( ptr ) parentKey = hostKey64;

	// make sure we do not have a circular dependency if we are looking
	// up the ip of a dns in order to ask him the ip of what we are
	// looking up.
	// EXAMPLE: 
	// 1. get ip of xyz.com
	// 2. have to ask dns1.xyz.com
	// 3. to get his ip we have to ask dns2.xyz.com 
	// 4. and to get his ip we have to as dns1.xyz.com
	// 5. which we'll see that it is already outstanding in the hashtable,
	//    i.e., it has a parent in there, and it will just wait in line
	//    never to get out of it, if it were not for the following circular
	//    dependency check:
	// example url: www.hagener-schulen.de
	int32_t loopCount = 0;
	// loopCount is how many times we've had to ask for the ip of a 
	// nameserver recursively.
	if ( ds ) loopCount = ds->m_loopCount;
	// point to the current DnsState
	char *parent = (char *)ds;
	// the DnsState was built to hold a few DnsStates in it for just
	// this purpose, so we can "backup" to our "parents" and make sure
	// they did not initiate this linked list. Search for "ds2" below
	// to see where we initiate the recursion.
	while ( ptr && loopCount-- > 0 ) {
		// the recursive "ds"es occupy DnsState::m_buf of their 
		// containing DnsState. go back one.
		parent -= ((char *)ds->m_buf - (char *)ds);
		// sanity check
		//if ( ((DnsState *)parent)->m_buf != (char *)ds ) {
		//	g_process.shutdownAbort(true); }
		// do we have the circular dependency?
		if ( parent == (char *)ptr->m_ds ) {
			g_errno = EBADENGINEER;
			log(LOG_DEBUG,"dns: Caught circular dependency.");
			return true;
		}
	}

	// debug msg
	log(LOG_DEBUG,"dns: Adding key %" PRIu64" from table. "
	    "parentKey=%" PRIu64" callback=%p state=%p.",
	    finalKey,parentKey,callback,state);
	// ensure "bogus" key not already present in table, otherwise,
	// addKey will just overwrite the value!!
	while ( ptr && s_dnstable.getValuePointer ( finalKey ) ) {
		log("dns: Got collision on incremental key.");
		finalKey += 1LL;
		finalKey |= 0x8000000000000000LL;
	}
	// we need to be able to add ourselves to the table so our callback
	// can get called, otherwise it is pointless. this returns false
	// and sets g_errno on error.
	int32_t slotNum = -1;
	if ( ! s_dnstable.addKey ( finalKey , ce , &slotNum ) ) {
		log("dns: Failed to add key to table: %s.",mstrerror(g_errno));
		return true;
	}
	// get the value from the slot so we can insert into linked list.
	CallbackEntry *ppp = s_dnstable.getValuePointerFromSlot ( slotNum );
	// sanity check
	if ( ppp->m_callback != callback || ppp->m_state != state  ) {
		log("dns: Failed sanity check 3.");
		g_process.shutdownAbort(true); 
	}
	// adding a key may have changed the parent ptr... get again just
	// in case
	if ( ptr ) {
		ptr = s_dnstable.getValuePointer ( hostKey64 );
		// sanity check - it should still be there for sure
		if ( ! ptr ) { g_process.shutdownAbort(true); }
	}
	// . insert into beginning of the linked list to avoid having to scan
	// . "ptr" is a ptr to the parent CallbackEntry, head of linked list
	if ( ptr ) {
		int64_t oldNext = ptr->m_nextKey;
		ptr->m_nextKey    = finalKey;
		ppp->m_nextKey    = oldNext;
		// let parent know how big its linked list is
		ptr->m_listSize++;
		// propagate the list id, it is stored in the parent node
		// so put it into us, too
		ppp->m_listId = ptr->m_listId;
		if ( g_conf.m_logDebugDns )
			log(LOG_DEBUG,"dns: Waiting in line for %s. key=%" PRIu64". "
			    "nextKey=%" PRIu64" listSize=%" PRId32" listId=%" PRId32" "
			    "numSlots=%" PRId32".",
			    tmp,finalKey,oldNext,
			    ptr->m_listSize,ptr->m_listId,
			    s_dnstable.getNumSlots());
		// ok, we block now, waiting for the initial callback
		return false;
	}

	// init our linked list size count
	ppp->m_listSize = 1;
	// it is the parent, use 0 to indicate none
	static int32_t s_listId = 0;
	ppp->m_listId = s_listId++;

	// . make a DnsState
	// . set g_errno and return true on malloc() error
	if ( ds ) 
		ds->m_freeit = false;
	else {
		ds = (DnsState *) mmalloc ( sizeof(DnsState ), "Dns" );
		if ( ! ds ) {
			log("dns: Failed to allocate mem for ip lookup.");
			// debug msg
			log(LOG_DEBUG,"dns: Removing2 key %" PRIu64" from table. "
			    "parentKey=%" PRIu64" callback=%p state=%p.",
			    hostKey64,parentKey,
				callback,state);
			s_dnstable.removeKey ( finalKey );
			return true;
		}
		ds->m_freeit = true;
		// keep track of how many times we pluck out a DnsState
		// from DnsState::m_buf.
		ds->m_loopCount = 0;
		ds->m_startTime = getTime();
	}

	// set the ce.m_ds to our dns state so if a key collides later
	// we can check DnsState::m_hostname. actually i think this is only
	// used for sanity checking now.
	ppp->m_ds = ds;
	// reset this stuff
	ds->m_numDnsIps  [0] = 0;
	ds->m_numDnsNames[0] = 0;
	ds->m_depth        = 0;
	ds->m_numTried     = 0;
	ds->m_nameBufPtr   = ds->m_nameBuf ;
	ds->m_nameBufEnd   = ds->m_nameBuf + 512;
	ds->m_errno        = 0;
	ds->m_recursionDesired = true;
	// debug msg
	//log("dns::getIp: %s (key=%" PRIu64") NOT in cache...",tmp,key.n0);

	// reset m_loopCount and startTime if we are just starting
	if ( callback != gotIpOfDNSWrapper ) {
		ds->m_loopCount = 0;
		ds->m_startTime = getTime();
	}

	// set caller callback info
	// hostKey96 and finalKey are basically the same thing for hostnames
	// that are NOT waiting in line. but finalKey is the lower 64 bits
	// of hostKey96, but finalKey should have its hi bit cleared to 
	// indicate it is not waiting in line. Also, if looking up the IP
	// of a dns, dnsLookup is true, and finalKey is hashed with a
	// special count to give a unique hash because we can not have
	// dnsLookups waiting in line because of deadlock issues.
	// search for "dns A" below to see what i'm talking about.
	ds->m_hostnameKey = hostKey96;
	ds->m_tableKey    = finalKey;
	ds->m_this        = this;
	ds->m_state       = state;
	ds->m_callback    = callback;	
	gbmemcpy ( ds->m_hostname , hostname , hostnameLen );
	ds->m_hostname [ hostnameLen ] = '\0';

	// copy the sendBuf cuz we need it in gotIp() to ensure hostnames match
	//char *copy = (char *) mdup ( msg , msgSize , "Dns" );
	//if ( ! copy ) { 
	//	if ( ds->m_freeit ) mfree (ds,sizeof(DnsState),"Dns"); 
	//	return -1; 
	//}
	// hack this for now
	//int32_t numDns = 0; 
	//int32_t dnsIps[MAX_DNSIPS];

	// copy the initial nameserver ips into ds->m_dnsIps[0] (depth 0)
	if ( g_conf.m_askRootNameservers ) {
		// ROOT TLD CACHE ATTEMPT GOES HERE...
		// this will fill in depth 1 in the query,
		// if we have the nameservers cached...
		log(LOG_DEBUG,"dns: hostname %s", ds->m_hostname);
		gbmemcpy(ds->m_dnsIps[0],g_conf.m_rnsIps, g_conf.m_numRns * 4);
		ds->m_numDnsIps[0] = g_conf.m_numRns;
		ds->m_numDnsNames[0] = 0;
		ds->m_rootTLD[0] = true;
		ds->m_fallbacks[0] = 0;
		// if a TLD is cached, copy it to depth 1
		const TLDIPEntry*	tldip	=	getTLDIP(ds);
		if (tldip) {
			gbmemcpy( ds->m_dnsIps[1],
				tldip->TLDIP,
				tldip->numTLDIPs * sizeof(uint32_t));
			ds->m_numDnsIps[1] = tldip->numTLDIPs;
			ds->m_numDnsNames[1] = 0;
			ds->m_rootTLD[1] = true;
			ds->m_fallbacks[1] = 0;
			ds->m_depth = 1;
		}
	}
	// otherwise, use the local bind9 servers
	else {
		//gbmemcpy(ds->m_dnsIps[0],g_conf.m_dnsIps,g_conf.m_numDns * 4);
		int32_t numDns = 0;
		for ( int32_t i = 0; i < MAX_DNSIPS; i++ ) {
			if ( g_conf.m_dnsIps[i] == 0 ) continue;
			ds->m_dnsIps[0][numDns] = g_conf.m_dnsIps[i];
			numDns++;
		}
		ds->m_numDnsIps[0] = numDns;
		ds->m_numDnsNames[0] = 0;
		ds->m_rootTLD[0] = false;
		ds->m_fallbacks[0] = 0;
	}

	// return 0 if we block on the reply
	//if ( ! sendToNextDNS ( ds , timeout ) ) return false;
	// timeout from an individual dns is 20 seconds
	if ( ! sendToNextDNS ( ds ) )
		return false;

	// debug msg
	log(LOG_DEBUG,"dns: Removing3 key %" PRIu64" from table. "
	    "parentKey=%" PRIu64" callback=%p state=%p.",
	    hostKey64,parentKey,
		callback,state);
	// if we made it here, remove from table
	s_dnstable.removeKey ( finalKey ) ;
	// should we free it
	if ( ds->m_freeit ) mfree ( ds , sizeof(DnsState) ,"Dns" );
	// ok, g_errno should still be set, return true as specified
	return true;
}

// . returns false if blocked, sets g_errno and returns true otherwise
// . this is called by sendToNextDNS() when it has to get the ip of the DNS to
//   send the request to.
bool Dns::getIpOfDNS ( DnsState *ds ) {
	// bail if none
	if ( ds->m_numDnsNames[ds->m_depth] <= 0 ) {
		log(LOG_DEBUG, "dns: no dnsnames for '%s'",
			ds->m_hostname);
		return true;
	}
	// use the secondary ds for doing this
	DnsState *ds2 = (DnsState *)ds->m_buf;
	// do not keep getting the ip of the ns which may require us to get
	// the ips of its ns, etc...
	if ( ds->m_loopCount >= 3 ) {
		addToCache ( ds->m_hostnameKey , -1 );
		g_errno = EBADENGINEER;
		log(LOG_INFO,"dns: Hit too many authority redirects for %s.",
		    ds->m_hostname);
		return true;
	}
	// sanity check
	if ( LOOP_BUF_SIZE / (sizeof(DnsState) - LOOP_BUF_SIZE) < 3 ) {
		log("dns: Increase LOOP_BUF_SIZE, %" PRId32", in Dns.h.",
		    (int32_t)LOOP_BUF_SIZE);
		g_process.shutdownAbort(true); 
	}
	// increment the loop count, we can only use m_buf so many times
	// before running out of room.
	ds2->m_loopCount = ds->m_loopCount + 1;
	// set start time for timing out
	ds2->m_startTime = ds->m_startTime;
	// or if we have too many ips already, do not bother adding more
	if (ds->m_numDnsIps[ds->m_depth]>=MAX_DNS_IPS){
		log(LOG_WARN, "dns: Already have %" PRId32" ips at depth %" PRId32".",
		    (int32_t)MAX_DNS_IPS,(int32_t)ds->m_depth);
		g_errno=EBUFTOOSMALL;
		return true;
	}
	// do not do this!  this will break!
	// int32_t n         = ds->m_hostnameKey.n0 % numNames;
	int32_t  n           = 0; // first is usually ns1, usually better
 loop:
	// get the name to get the ip for
	int32_t  depth       = ds->m_depth;
	int32_t  numNames    = ds->m_numDnsNames[depth];
	char *hostname    = ds->m_dnsNames[depth][n];
	int32_t  hostnameLen = strlen(hostname);
	int32_t  ip          = 0;
	// loop over all dnsnames in case one causes a circular dependency
	// . remove him from the array so we do not do him again
	// . actually, this is not a guarantee, so we put a circular
	//   dependency check in getIP() above
	ds->m_dnsNames   [depth][n] = ds->m_dnsNames[depth][numNames-1];
	ds->m_numDnsNames[depth]--;
	//ds->m_numTried++;
	//if (ds->m_numTried > .....
	// debug note
	log(LOG_DEBUG,"dns: Getting ip address of dns, %s for %s.",
	    hostname,ds->m_hostname);
	// . returns -1 and sets g_errno on error
	// . returns 0 if transaction blocked, 1 if completed
	// . returns 0 if you must wait
	// . calls gotIp with ip when it gets it or timesOut or errors out
	// . set *ip to 0 if none (does not exist)
	// . keep the timeout down to only 5 secs
	// . do not set a mutual exclusion lock on ip lookups of dns servers
	//   in order to avoid having to lookups locking each other up. like
	// . 1. we are getting the ip of dns A for resolve of hostname #1
	// . 2. we are getting the ip of dns B for resolve of hostname #2
	// . 3. dns A says to ask B and B says to ask A, we end up in
	//      a deadlock
	if ( !g_dns.getIp ( hostname ,
			    hostnameLen ,
			    &ip         ,
			    ds         ,//state
			    gotIpOfDNSWrapper , //state,ip
			    ds2 ,
			    5   , // timeout
			    true )) { // dns lookup?
	     log(LOG_DEBUG, "dns: no block for getIp for '%s'", hostname);
	     return false;
	}

	// if that would cause a circulare dependency, try the next one
	if ( g_errno == EBADENGINEER ) {
		if ( ds->m_numDnsNames[depth] ) {
			log("dns: looping in getIpOfDns for '%s'",
				hostname);
			goto loop;
		}
		else
			log("dns: No names left to try after %s",hostname);
	}


	// did it have an error? g_errno will be set
	// . if ip is 0 it was a does not exist
	// . add it to the array of ips
	if ( ip != 0 && ds->m_numDnsIps[depth] + 1 < MAX_DNS_IPS) {
		if (isTimedOut(ip)) {
			char ipbuf[16];
			log(LOG_DEBUG, "dns: Not adding [1] ip %s - timed out",
			    iptoa(ip,ipbuf));
		}
		else {
			int32_t depth = ds->m_depth;
			char ipbuf[16];
			log(LOG_DEBUG,
				"dns: Added ip [1-%" PRId32"] %s to depth %" PRId32" for %s.",
		    		ds->m_numDnsIps[depth],
				iptoa(ip,ipbuf),(int32_t)depth,ds->m_hostname);
			ds->m_dnsIps[depth][ds->m_numDnsIps[depth]++] = ip ;
		}
	}
	// we did not block
	return true;
}

void Dns::gotIpOfDNSWrapper(void *state, int32_t ip) {
	DnsState *ds = (DnsState *)state;
	// log debug msg
	//DnsState *ds2 = (DnsState *)ds->m_buf;
	char ipbuf[16];
	log(LOG_DEBUG,"dns: Got ip of dns %s for %s.",
	    iptoa(ip,ipbuf),ds->m_hostname);
	// sanity check
	if ( ds->m_numDnsIps[ds->m_depth] + 1 >= MAX_DNS_IPS ) {
		log("dns: Wierd. Not enough buffer.");
		g_process.shutdownAbort(true); 
	}
	// . if ip is 0 it was a does not exist
	// . add it to the array of ips
	if ( ! g_errno && ip != 0 &&
	     ds->m_numDnsIps[ds->m_depth] + 1 < MAX_DNS_IPS) {
		if (isTimedOut(ip)) {
			char ipbuf[16];
			log(LOG_DEBUG, "dns: Not adding [2] ip %s - timed out",
			    iptoa(ip,ipbuf));
		}
		else {
			int32_t depth = ds->m_depth;
			ds->m_dnsIps[depth][ds->m_numDnsIps[depth]++] = ip ;
			char ipbuf[16];
			log(LOG_DEBUG,
				"dns: Added ip [2-%" PRId32"] %s to depth %" PRId32" for %s.",
				ds->m_numDnsIps[depth],
				iptoa(ip,ipbuf),(int32_t)depth,ds->m_hostname);
		}
	}
	// disregard any g_errnos cuz we will try again
	g_errno = 0;
	// just return if this blocks
	if ( ! g_dns.sendToNextDNS ( ds ) ) {
		log(LOG_DEBUG, "dns: sendToNextDns blocking for '%s'",
			ds->m_hostname);
		return ;
	}
	// if that does not block, then we are done... we got the final ip
	// or g_errno is set. so call the callbacks.
	log(LOG_DEBUG, "dns: getIpOfDNSWrapper calling returnIp for '%s'",
		ds->m_hostname);
	returnIp ( ds , ip );
	// . otherwise, we must call the callback
	// . call the callback w/ state and ip if there is one
	// . g_errno may be set
	//if ( ds->m_callback ) ds->m_callback ( ds->m_state , ip );
	// free our state holding structure
	//if ( ds->m_freeit ) mfree ( ds , sizeof(DnsState) ,"Dns" );
}

// returns false if blocked, sets g_errno and returns true otherwise
bool Dns::sendToNextDNS ( DnsState *ds ) {
	//log(LOG_DEBUG, "dns: sendToNextDNS depth %d", ds->m_depth);
	// let's clear g_errno since caller may have set it in gotIp()
	g_errno = 0;
	// if we have been at this too long, give up
	int32_t now = getTime();
	int32_t delta = now - ds->m_startTime;
	// quick fix if the system clock was changed on us
	if ( delta < 0   ) ds->m_startTime = now;
	//if ( delta > 100 ) ds->m_startTime = now;
	if ( delta > TIMEOUT_TOTAL  ) {
		log(LOG_DEBUG,"dns: Timing out the request for %s. Took over "
		    "%" PRId32" seconds. delta=%" PRId32". now=%" PRId32".",
		    ds->m_hostname,(int32_t)TIMEOUT_TOTAL,delta,now);
		if ( ds->m_errno ) g_errno = ds->m_errno;
		else               g_errno = EDNSTIMEDOUT; 
		return true;
	}
	// if we have no more room to add to tried array, we're done,
	// we've tried to ask too many nameservers already
	if ( ds->m_numTried >= MAX_TRIED_IPS ) {
		log(LOG_INFO,"dns: Asked maximum number of name servers, "
		     "%" PRId32", for %s. Timing out.",(int32_t)MAX_TRIED_IPS,
		    ds->m_hostname);
		if ( ds->m_errno ) g_errno = ds->m_errno;
		else               g_errno = EDNSTIMEDOUT; 
		return true;
	}
	// get the current depth. if we exhaust all nameserver ips at this
	// depth we may have to decrease it until we find some nameservers
	// we haven't yet asked.
	int32_t depth = ds->m_depth;

 top:
 	log(LOG_DEBUG, "dns: at 'top' for '%s'", ds->m_hostname);
	int32_t n = -1;
	// how many ip do we have at this depth level? save this for 
	// comparing down below.
	int32_t numDnsIps = ds->m_numDnsIps[depth];
	// each DnsState has a list of ips of the nameservers to ask
	// but which one we ask first depends on this hash
	if ( ds->m_numDnsIps[depth] > 0 ) {
		// easy var
		int32_t num = ds->m_numDnsIps[depth];
		// . pick the first candidate to send to
		// . this should not always be zero because picking the groupId
		//   and hostId to send to is now in Dns::getResponsibleHost()
		//   and uses key.n1 exclusively
		n = ds->m_hostnameKey.n0 % num;
		// conenvience ptr
		int32_t *ips = ds->m_dnsIps[depth];
		// save
		int32_t orign = n;
		do {
			if (!isTimedOut(ips[n]))
				break;
			// note it
			char ipbuf[16];
			log(LOG_DEBUG, "dns: skipping ip %s - timed out",
				iptoa(ips[n],ipbuf));
			// advance
			if ( ++n >= num )
				n = 0;
		} while (n != orign);
	}

	// . save n for wrap check below, to make sure we do not re-ask him
	// . this may be -1 if we did not have any dns ips to pick from
	int32_t startn = n;

	// is the nth ip the next best candidate to send the request to?
 checkip:
	// get the nth ip
	int32_t ip = 0;
	if ( n >= 0 ) ip = ds->m_dnsIps[depth][n];
	// loop over all the ips of nameservers we've already tried and make 
	// sure this one is not one of them. only check if n is valid (>=0)
	bool tried = false;
	for ( int32_t i = 0 ; n >=0 && i < ds->m_numTried ; i++ ) {
		// check next tried ip if this one does not match.
		if ( ip != ds->m_triedIps[i] ) continue;
		// we've already tried this ip, do not send to it again
		tried = true;
		break;
	}

	// advance n if we already tried its ip, or if its ip is bogus.
	// only do this if n >= 0 already, though. if it is -1 that means we
	// have no candidates at this depth level
	if ( n >= 0 && (tried || ip == 0 || ip == -1) ) {
		// advance n
		if ( ++n == ds->m_numDnsIps[depth] ) n = 0;
		// if still a bogus ip, keep advancing
		// but if we wrap, there are no valid n's
		if ( n != startn ) goto checkip;
		// set n to -1 to indicate no new and good ip available at
		// this depth level
		n = -1;
	}

	// if no ips to try, try the canonical names if there are some
	if ( n == -1 && ds->m_numDnsNames[depth] > 0 ) {
		// . return false if this blocked
		// . this will remove the names from m_numDnsNames and 
		//   put them in as ips into m_dnsIps.
		// . it will decrease m_numDnsNames
		// . this returns true if it does not block
		if ( ! getIpOfDNS ( ds ) ) {
			log(LOG_DEBUG, "dns: SendToNextDns blocked on "
				"getIpOfDNS for '%s'", ds->m_hostname);
			return false;
		}
		// getIpOfDNS may have set g_errno. it, as of this writing,
		// only does that if we have too many ips already, 
		// MAX_DNS_IPS, so in that case, just ignore it and go down a 
		// level, it will not have added a new ip.
		// NOTE: it will also set to EBADENGINEER if it caught
		// a circular dependency. (see above)
		g_errno = 0;
		// ok, did we gain a new ip to try? if so, try run it through
		// from the top.
		if ( ds->m_numDnsIps[depth] > numDnsIps ) {
			log(LOG_DEBUG, "dns: "
			    "SendToNextDNS going back to top 0 "
			    "for '%s'", ds->m_hostname);
			goto top;
		}
		// if you made it here, we did not gain a new ip, probably 
		// because of error.  n is still -1 to indicate no candidate 
		// at this depth level.
	}

	// ok, if we have no dns ips or hostnames to try at this point on
	// this depth level then go back up to the previous level and see if 
	// those nameservers can recommend another set of nameservers to try.
	// but this will be -1 if there are no more left to ask, and we will
	// send back a EDNSTIMEDOUT error above.
	if ( n == -1 ) {
		depth--;
		// decrease the depth, this may be the end of the chain... and
		// we do not want to chain through all the root servers at depth 0
		// because they are almost never wrong i guess.
		if ( depth <= 0 ) {
			log(LOG_DEBUG,"dns: Exhausted all chains except "
		    	"root. Giving up for %s",ds->m_hostname);
			if ( ds->m_errno ) g_errno = ds->m_errno;
			else               g_errno = EDNSTIMEDOUT; 
			return true;
		}

		// log this...
		ds->m_fallbacks[depth]++;
		log(LOG_DEBUG,
			"dns: depth %" PRId32"/%" PRId32" rootTLD %d #fb %" PRId32" #ip %" PRId32" #name %" PRId32,
			depth, ds->m_depth,
			ds->m_rootTLD[depth],
			ds->m_fallbacks[depth],
			ds->m_numDnsIps[depth],
			ds->m_numDnsNames[depth]);

		// too many fallbacks on root or TLD nameservers?
		if ( ds->m_rootTLD[depth] &&
		     ds->m_fallbacks[depth] > 2) {
			log(LOG_DEBUG,
				"dns: too many fallbacks on rootTLD. "
				"Giving up for %s.",
				ds->m_hostname);
			if ( ds->m_errno ) g_errno = ds->m_errno;
			else               g_errno = EDNSTIMEDOUT; 
			return true;
		}

		// ok, we have more chains to explore starting at this decreased depth
		// so take it from the top, "depth" as been decreased.

		log(LOG_DEBUG, "dns: "
		    "SendToNextDNS going back to top 1 for '%s'",
			ds->m_hostname);
		goto top;
	}

	// sanity check
	if ( ip != ds->m_dnsIps[depth][n] ) { g_process.shutdownAbort(true); }
	// alright, we got a valid ip to send the request to.
	// mark this ip we are about to ask as tried.
	ds->m_triedIps[ds->m_numTried++] = ip; //ds->m_dnsIps[depth][n];
	// record our current depth in case it changed
	ds->m_depth = depth;
	// this 512 byte buffer is now part of the DnsState
	char *msg = ds->m_request;

	// . the dns header has this format:
        // . u_int16_t dns_id;          /* client query ID number */
        // . u_int16_t dns_flags;       /* qualify contents <see below> */
        // . u_int16_t dns_q_count;     /* number of questions */
        // . u_int16_t dns_rr_count;    /* number of answer RRs */
        // . u_int16_t dns_auth_count;  /* number of authority RRs */
        // . u_int16_t dns_add_count;   /* number of additional RRs */

	/// @todo ALC something fishy is going on here. investigate!
	// HACK: if udpserver's transId is too big for us, reset it
	if(m_udpServer.m_nextTransId > 65535 ) 
		m_udpServer.m_nextTransId =0;
	// . first word is id (not really that releveant since queried domain
	//   should also be in response)
	// . steal the transId from our g_udpServer
	uint16_t transId = m_udpServer.m_nextTransId;
	// . *(uint16_t *) msg = htons ( m_dnsTransId++ );
	// . UdpServer will inc it's m_transId in UdpServer::sendRequest()
	//   when it calls getTransId()
	*(uint16_t *) msg = htons ( transId );
	// . some fancy foot work (big endian here) this byte is msg[2]
	// .     qr: 1; /* response flag (high bit)*/
	// . opcode: 4; /* purpose of message */   0 = query, 1=invQuery, ...
	// .     aa: 1; /* authoritative answer */
	// .     tc: 1; /* truncated message */
	// .     rd: 1; /* recursion desired (low bit)*/	
	// ---------------------------------------- this byte is msg[3]
        // .     ra: 1; /* recursion available (high bit)*/
	// . unused: 1; /* unused bits (MBZ as of 4.9.3a3) */
	// .     ad: 1; /* authentic data from named */
	// .     cd: 1; /* checking disabled by resolver */
	// .  rcode: 4; /* response code (low bits)*/
	// ---------------------------------------- 
	// . values of rcode:
	// . "No Error",        /* 0: ok */
        // . "Format Error",    /* 1: bad query */
        // . "Server Failure",  /* 2: server is hosed */
        // . "Name Error",      /* 3: name doesn't exist (authoritative) */
        // . "Not Implemented", /* 4: server doesn't support query */
        // . "Refused"          /* 5: server refused request */
	// some dns'es REFUSE our request if this is set... so keep it 0
	// like www.fsis.usda.gov, however www.altx.com needs it set!
	if ( ds->m_recursionDesired ) msg[2] = 0x01 ;
	else                          msg[2] = 0x00 ;
	// if asking bind9 servers, always set it on
	if ( ! g_conf.m_askRootNameservers ) msg[2] = 0x01;
	// try this fix
	//msg[2] = 0x04;
	msg[3] = 0;
	// rr means resource record
	*(int16_t *)(msg + 4  ) = htons ( 1 ); // we have 1 question
	*(int16_t *)(msg + 6  ) = 0          ; // we have 0 answer    rr's
	*(int16_t *)(msg + 8  ) = 0          ; // we have 0 authority rr's
	*(int16_t *)(msg + 10 ) = 0          ; // we have 0 addition  rr's

	// ask for MX record? used by Emailer in Facebook.cpp.
	char *hostname = ds->m_hostname;
	bool  getmx = false;
	if ( strncmp(ds->m_hostname,"gbmxrec-",8) == 0 ) {
		hostname += 8;
		getmx = true;
	}

	// . we're done populating the dns request HEADER 
	// . now make the QNAME entry (the hostname to get ip for)
	// . break up the hostname by the dots
	// . make "msg" point passed header
	char *start = hostname;
	char *end   = hostname;
	// . point to where to store the length of each name and name itself
	// . a name is a component in the hostname, like the "com" in "x.com"
	u_char *len   = (u_char *)msg+12;
	char   *dest  = msg+13;
	// . now make the query entry
	// . break the hostname into labels and store in dns record style.
	// . basically store length/label pairs
	char *hostEnd = hostname + strlen(hostname);
	while ( start < hostEnd ) {
		while ( *start != '.'  && *start && start < hostEnd ) {
			//log(LOG_DEBUG,"dns: name: %c", *start);
			*dest++ = *start++;
		}
		//log(LOG_DEBUG,"dns: name delimit");
		// . each "name" in the hostname must be less than 64 bytes
		// . the 2 high bits are set for compression
		int32_t nlen = start - end;
		if ( nlen >= 64 ) {
			g_errno = EHOSTNAMETOOBIG;
			log(LOG_INFO,"dns: Request's host component is %" PRId32" bytes. "
			    "Must be under 64.",nlen);
			return true;
		}
		// store the length as a byte
		*len = (u_char)nlen ;
		// advance the length
		len = (u_char *)dest;
		// advance the dest over the length
		dest++;
		// skip start over the . or \0
		start++;
		// set the end to to the beginning of the next name
		end = start;
	}
	// store a 0 at the end
	len[0] = 0;
	// . now store queryType (2 bytes) and queryClass (2 bytes)
	// . a query type of 0 is "host address" query (see nameser.h)
	// . a queryClass of 1 means the arpa internet (see nameser.h)
	// . watch out for alignment
	len[1] = 0; // query type  (network order)
	if ( getmx ) len[2] = 15; // query type  (network order)
	else         len[2] = 1;
	len[3] = 0; // query class (network order)
	len[4] = 1; // query class (network order)
	// compute the msgSize
	//int32_t msgSize = (char *)len - msg + 5 ;
	ds->m_requestSize = (char *)len - msg + 5 ;
	// copy the msg into an alloc'd buffer
	// char *copy = mdup ( msg , msgSize );
	// if ( ! copy ) return true;

	// debug msg
	char ipbuf[16];
	log(LOG_DEBUG,
		"dns: Asking %s (depth=%" PRId32",%" PRId32") att %" PRId32" "
		"for ip of %s (tid=%" PRId32")",
		iptoa(ds->m_dnsIps[depth][n],ipbuf), (int32_t)depth,(int32_t)n,
		(int32_t) ds->m_numTried, ds->m_hostname , (int32_t)transId);

	// . queue a send
	// . this returns false and sets g_errno on error
	// . calls callback when reply is received
	// . resend timeout for non-ack protocols (dns) is 10 secs in UdpSlot
	// . seems like 60 second timeout is about right, 
	// . seems like dns really slows down when we're looking up failed ips
	//   while doing url retries
	// . well, i went back to 30 seconds after i fixed the transId overflow
	//   bug
	// . resend time is set to 20 seconds in UdpSlot::setResendTime()
	// use niceness 0 now so if the msgC slot gets converted from 1 to 0 this will not hold it up!
	if (!m_udpServer.sendRequest(ds->m_request, ds->m_requestSize, msg_type_dns, ip, 53, -1, NULL, ds, gotIpWrapper, TIMEOUT_SINGLE_HOST_MS, 0, ds->m_hostname)) {
		// g_errno should be set at this point and we will not try
		// any more nameservers because the error seemed too bad.
		log(LOG_DEBUG, "dns: errors seemed too bad for '%s'...", ds->m_hostname);
		return true;
	}
	// return 0 cuz we're blocking on the reply
	log(LOG_DEBUG, "dns: SendToNextDNS blocking on reply for '%s'", ds->m_hostname);
	return false;
}


void Dns::gotIpWrapper(void *state, UdpSlot *slot) {
	DnsState *ds = (DnsState *) state;
	log(LOG_DEBUG, "dns: gotIpWrapper for '%s'", ds->m_hostname);
	//log(LOG_DEBUG, "dns: gotIpWrapper depth %d", ds->m_depth);
	// never let udpserver free the send buffer, we own that, it is
	// ds->m_request
	slot->m_sendBufAlloc = NULL;
	// get our Dns server
	// Dns *THIS = ds->m_this;
	// set ip to -1 to indicate dns transaction error
	int32_t ip = -1;
	// THIS is obsolete because we got s_dnstable now.
	// sometimes a parallel request might have thrown it in the cache
	// and we timeout because the dns is pissed at us hitting it with
	// requests all the time.
	//if (g_errno&& g_dnsDistributed.isInCache ( ds->m_hostnameKey, &ip ) )
	//	g_errno = 0;
	// might as well check local, too
	//if ( g_errno && g_dnsLocal.isInCache ( ds->m_hostnameKey, &ip ) )
	//	g_errno = 0;

	// get the ip from slot if no error
	if ( ! g_errno ) ip = g_dns.gotIp ( slot , ds );

	// . if we timed out change it to a more specific thing
	// . an ip of -1 (255.255.255.255) means it timed out i guess
	// . an ip of -1 could also be a SERVFAIL reply too, in which case
	//   g_errno will not be set...
	if ( g_errno == EUDPTIMEDOUT || ip == -1 ) {
		// log it so we know which dns server had the problem
		if ( g_errno ) {
			char ipbuf[16];
			log(LOG_DEBUG,"dns: dns server at %s timed out.",
			    iptoa(slot->getIp(),ipbuf));
			g_errno = EDNSTIMEDOUT;
		}
		else {
			char ipbuf[16];
			log(LOG_DEBUG,"dns: dns server at %s failed.",
			    iptoa(slot->getIp(),ipbuf));
		}
		// try again? yes, if we timed out on router1's bind9
		if ( ds->m_dnsIps[0][0] != atoip(PUBLICLY_AVAILABLE_DNS1) ) {
			g_errno = ETRYAGAIN;
			//ds->m_depth++;
			// note it
			char ipbuf[16];
			log(LOG_DEBUG, "dns: trying backup-dns %s (old=%s)",
			    PUBLICLY_AVAILABLE_DNS1,iptoa(ds->m_dnsIps[0][0],ipbuf));
			// try google's public dns
			ds->m_dnsIps[0][0] = atoip(PUBLICLY_AVAILABLE_DNS1);
		}
	}
	// debug msg
	//log("got %s [%" PRIu32"] for %s",iptoa(ip),ip,ds->m_hostname );
	// bitch on error
	if ( g_errno ) {
		//int32_t type = LOG_WARN;
		// . these can be those SERVFAIL messages we get from nslookup
		//   usually when a domain name has disappeared from radar
		// . might also happen if recursive-clients is set too low
		//   on a dns server
		//if ( g_errno == EDNSDEAD     ) type = LOG_INFO;
		// this happens so much... not necessarily an error, but it
		// certainly can be if our dns is dead
		//if ( g_errno == EDNSTIMEDOUT ) type = LOG_INFO;
		if ( g_errno != ETRYAGAIN )
			log(LOG_DEBUG,"dns: %s: %s.",
			    ds->m_hostname,mstrerror(g_errno));
		// save this for returning later
		if (g_errno != ETRYAGAIN &&
		    g_errno != EDNSTIMEDOUT &&
		    g_errno != EUDPTIMEDOUT )
		    //g_errno != ETIMEDOUT ) // == DNSDEAD
			ds->m_errno = g_errno;
		// mdw
		if ( (g_errno == EUDPTIMEDOUT || g_errno == EDNSTIMEDOUT) &&
		     // do not do this if we our hitting our local bind9 
		     // server. this was adding public DNS server
		     // was then logging "skipping ip x.x.x.x - timed out"
		     // and we were missing out!
		     g_conf.m_askRootNameservers ) {
			int32_t timestamp = getTime();
			key96_t k;
			k.n0 = 0LL;
			k.n1 = slot->getIp();
			static const char s_data[] = "1111";
			char ipbuf[16];
			log(LOG_DEBUG, "dns: adding ip %s to timedout cache: %s",
			    iptoa(slot->getIp(),ipbuf),mstrerror(g_errno));
			RdbCacheLock rcl(g_timedoutCache);
			g_timedoutCache.addRecord((collnum_t)0,
						  k           , // key
						  s_data      , // value
						  4           , // value size
						  timestamp   );
		}

		// . send to the next nameserver in line
		// . this returns false if blocks, returns true and sets
		//   g_errno otherwise. does recursion. 
		// . do not send to next guy if we got EDNSDEAD because that
		//   means the hostname does not exist
		// . ok, i've seen too many false positives with EDNSDEAD,
		//   so let's try again on that too!
		// . set timeout to 10 seconds
		if ( //g_errno != EDNSDEAD &&
		     ! g_dns.sendToNextDNS(ds) )  {
		     	log(LOG_DEBUG, "dns: gotIpWrapper blocking on "
				"SendToNextDNS for '%s'", ds->m_hostname);
			return;
		}
	}
	// . otherwise, we must call the callback
	// . call the callback w/ state and ip if there is one
	// . g_errno may be set
	// . if we are just getting the ip of a dns server in the chain, then
	//   call the callback now, it is not the *final* callback.
	//if ( ds->m_callback == gotIpOfDNSWrapper ) {
	//	ds->m_callback ( ds->m_state , ip );
	//	return;
	//}

	log(LOG_DEBUG, "dns: gotIpWrapper calling returnIp for '%s'",
		ds->m_hostname);
	// call the callbacks
	returnIp ( ds , ip );
}

// caller should set g_errno because we call the callbacks here
void Dns::returnIp(DnsState *ds, int32_t ip) {
	// ok, we got the final answer at this point
	// debug msg
	const char *pre = "";
	if ( ip == 0 ) pre = " [NXDOMAIN]";
	if ( ip == -1 ) pre = " [DNSTIMEDOUT|SERVFAIL]";
	if ( g_conf.m_logDebugDns ) {
		char ipbuf1[16];
		iptoa(ds->m_dnsIps[0][0],ipbuf1);
		char ipbuf2[16];
		log(LOG_DEBUG,"dns: Got FINAL ANSWER of %s for %s %s(%s) "
		    "from dns %s.",
		    iptoa(ip,ipbuf2),ds->m_hostname,pre,mstrerror(g_errno),ipbuf1);
	}
	// not thread safe
	//if ( g_threads.amThread() ) { g_process.shutdownAbort(true); }
	// save g_errno
	int32_t err = g_errno;
	// if we timed out, cache this so future lookups are fast
	// but only give it a ttl of about a day so we can retry a day later
	// with a fresh lookup. and add a -1 to the cache instead of a zero
	// so we know it is a cached error and not a cached EDNSDEAD, which
	// means the hostname does not exist for sure. (that is not an error
	// really) Well only cache for 10 minutes, we might really need it.
	// if the internet goes down briefly then we end up pretty useless
	// for 10 minutes then! and the spider recs stream on by. so let's
	// comment this out. actually, let's keep it here for 15 seconds
	// so when adding links if they are all from a non-responsive domain
	// like www.castleburyinn.com then we don't wait for a 30 second
	// timeout 100 times in a row. 
	bool cache = false;
	// no longer cache these! i think the spider should evenly sample
	// every other IP address before returning to the timed out IP address...
	// ideally. plus i added the <company>'s public dns x.x.x.x as a secondary
	// dns ip to fallback to in the case of timeouts i guess... so make
	// sure that's what it does.
	// CRAP, we lookup the dns entry of all the outlinks, so we need this,
	// so leave it there...
	if ( g_errno == EDNSTIMEDOUT || g_errno==EUDPTIMEDOUT ) cache = true;
	// and NEVER cache a timeout on a root server or root TLD server
	if ( g_conf.m_askRootNameservers && ds->m_rootTLD[ds->m_depth] )
		cache = false;

	// cache for 6 hrs, these things slow us down
	if ( cache ) g_dns.addToCache ( ds->m_hostnameKey, -1, 3600*6 );
	// . otherwise, we must call the callback
	// . call the callback w/ state and ip if there is one
	// . g_errno may be set
	// . no, it will be called below from the hash table
	//if ( ds->m_callback ) ds->m_callback ( ds->m_state , ip );

	// . if the ip request is in progress, wait for it to come back
	// . each bucket in the callback entry hashtable is a linked list of
	//   callback/state pairs (CallbackEntries) waiting for that ip.
	//int64_t key = ds->m_hostnameKey.n0 & 0x7fffffffffffffffLL;
	int64_t key = ds->m_tableKey & 0x7fffffffffffffffLL;
	// was it a dns lookup?
	bool dnsLookup = false;
	// these will be the same if not. i created ds->m_tableKey
	// just so we could make a special hash for such lookups so
	// they would not be waiting in lines and deadlock.
	if ( key != (int64_t)(ds->m_hostnameKey.n0 & 0x7fffffffffffffffLL) )
		dnsLookup = true;
	// look up the entry from the table
	CallbackEntry *ce = s_dnstable.getValuePointer ( key );
	// sanity check
	if ( ! ce ||
	     ce->m_callback != ds->m_callback ||
	     ce->m_state    != ds->m_state    ||
	     ce->m_ds       != ds              ) {
		log("dns: Failed sanity check 1.");
		g_process.shutdownAbort(true); 
	}
	// calling the callback for "ds" could free it, so record this now
	bool freeit = ds->m_freeit;
	// and record the hostname here, too, it should be NULL terminated
	char tmp[2048];
	if ( g_conf.m_logDebugDns )
		strncpy ( tmp , ds->m_hostname , 2040 );
	// save parent for debugging purposes
	int64_t parentKey = key;
	// how many in the list?
	int32_t listSize = ce->m_listSize;
	// only the nodes in this list have this id
	int32_t listId   = ce->m_listId;
	// go through each node in the linked list
	int32_t count = 0;
	while ( ce ) {
		// restore g_errno
		g_errno = err;
		// get the next one to call in the linked list
		int64_t nextKey = ce->m_nextKey;
		// debug msg
		log(LOG_DEBUG,"dns: Removing key %" PRIu64" from table. "
		    "parentKey=%" PRIu64" nextKey=%" PRIu64" callback=%p "
		    "state=%p.",
		    key,
		    parentKey,
		    nextKey,
		    ce->m_callback,
		    ce->m_state);
		// get stuff
		void (* callback ) ( void *state , int32_t ip );
		callback    = ce->m_callback;
		void *state = ce->m_state;
		// remove from hash table, so if this was the parent node
		// of the linked list, and "callback" calls getIp() again
		// for this hostname, it will be added to a SEPARATE linked
		// list and not mess us up. otherwise, it may get inserted
		// and NEVER get called.
		s_dnstable.removeKey ( key );
		// debug msg
		log(LOG_DEBUG,"dns: table now has %" PRId32" used slots.",
		    (int32_t)s_dnstable.getNumUsedSlots());
		// then call the callback
		// CAREFUL: calling this callback can alter the hash
		// table (if it is a dns wrapper callback) and move what
		// "ce" points to! SO, get nextKey before calling this...
		//if ( ce->m_callback ) ce->m_callback ( ce->m_state , ip );
		if ( callback ) callback ( state , ip );
		// count for debug purposes
		count++;
		// now that we secured "nextKey" we can delete this guy
		//s_dnstable.removeKey ( key );
		// if nextKey is 0 that is the end of the list. waiting
		// buckets (not firstInLine, that is) always use the "s_bogus"
		// key which starts 1 and is incremented from there
		if ( nextKey == 0LL ) break;
		// nobody is allowed to wait in line of a dns lookup
		if ( dnsLookup ) { 
			log("dns: Failed sanity check 8.");
			g_process.shutdownAbort(true);
		}
		// another sanity check
		if ( ! (nextKey & 0x8000000000000000LL) ) {
			log("dns: Failed sanity check 7.");
			g_process.shutdownAbort(true);
		}
		// get next guy's value
		ce = s_dnstable.getValuePointer ( nextKey );
		// he better be there, otherwise, core
		if ( ! ce ) {
			log("dns: Failed sanity check 5.");
			g_process.shutdownAbort(true);
		}
		// update key
		key = nextKey;
	}

	// debug msg
	if ( g_conf.m_logDebugDns ) 
		log(LOG_DEBUG,"dns: Called %" PRId32" callbacks for %s.",
		    count,tmp);

	// free our state holding structure
	if ( freeit ) mfree ( ds , sizeof(DnsState) ,"Dns" );

	// debug check
	if ( count == listSize ) return;

	log("dns: Only called %" PRId32" callbacks out of %" PRId32". Critical "
	    "error. Scanning table for missing callback.",count,listSize);

 loop:
	// scan for the missing guys
	for ( int32_t i = 0 ; i < s_dnstable.getNumSlots() ; i++ ) {
		// get its key
		key = s_dnstable.getKey(i);
		// skip if empty. a key of 0LL signifies an empty bucket/slot.
		if ( key == 0LL ) continue;
		// get it
		CallbackEntry *e = s_dnstable.getValuePointerFromSlot(i);
		// skip if no match
		if ( e->m_listId != listId ) continue;
		// call its callback
		ce->m_callback ( ce->m_state , ip );
		// note it
		log("dns: Calling callback for slot #%" PRId32".",i);
		// remove it. restart from top in case table shrank
		s_dnstable.removeKey ( key );
		goto loop;
	}
		

}

// return NULL and set g_errno on error
static const char *getRRName ( const char *rr, const char *dgram, const char *end ) {
	static char s_buf[1024];
	char *bufEnd = s_buf + 1024;
	char *dst = s_buf;
	size_t dgram_size = (size_t)(end-dgram);
	// store into our buffer
	const char *p = rr;
	while ( *p && p < end ) {
		// is compression bit set?
		while ( (((uint8_t)(*p)) & 0xc0) == 0xc0 ) {
			// we are jumping within the dgram
			uint16_t offset = ntohs(*(int16_t*)p)&0x3fff;
			if(offset>=dgram_size)
				break;
			p = dgram + offset;
			// bust out of while loop if we should
			if ( !*p || p>=end )
				break;
		}
		// watch out for corruption
		if ( dst + *p + 1 > bufEnd ) {
			g_errno = EBADREPLY;
			return NULL;
		}
		// watch out for corruption
		if ( *p < 0 ) {
			g_errno = EBADREPLY;
			return NULL;
		}
		// copy the hostname
		memcpy ( dst, p+1, *p );
		dst += *p;
		*dst++ = '.';
		p += ((u_char)*p) + 1;
	}
	if ( dst > s_buf && dst[-1] == '.' ) dst--;
	*dst = '\0';
	return s_buf;
}

// . function to parse out the smallest ip from DNS reply
// . returns -1  on error and sets g_errno (could be ETIMEOUT)
// . returns  0 if hostname does not have an ip (non-existant)
// . otherwise, returns the ip
// . NOTE: we also call HostMap::stampHost() here rather than override readPoll
// . TODO: update timestamp for this dns server
int32_t Dns::gotIp ( UdpSlot *slot , DnsState *ds ) {
	log(LOG_DEBUG, "dns: gotIp called for '%s'", ds->m_hostname);
	char ipbuf[16];
	//log(LOG_DEBUG, "dns: gotIp depth %d", ds->m_depth);
	// get the hostname from the request's query record
	char  *dgram  = (char *) slot->m_sendBuf;
	if ( ! dgram ) {
		log(LOG_DEBUG, "dns: dgram is NULL for '%s'", ds->m_hostname);
		return 0;
	}
	// how many query records in the record heap?
	int16_t qdcount = ntohs (*(int16_t *)(dgram + 4 )) ; 
	// we better have 1 and only 1 query record
	if ( qdcount != 1 ) {
		log(LOG_DEBUG, "dns: more than one query record for '%s'",
			ds->m_hostname);
		return 0; 
	}
	// now get the hostname from reply's query record to see if the same
	dgram = slot->m_readBuf;
	// return -1 and set g_errno if no read buf
	if ( ! dgram ) { 
		g_errno = EBADREPLY; 
		log("dns: Nameserver (%s) returned empty reply", iptoa(slot->getIp(),ipbuf));
		return -1; 
	}
	// get the size of the read buf
	int32_t dgramSize = slot->m_readBufSize;
	// return -1 if too small
	if ( dgramSize < 12 ) { 
		log(LOG_INFO,"dns: Nameserver (%s) returned bad "
		    "reply size of %" PRId32" bytes which is less than 12 bytes.",
		    iptoa(slot->getIp(),ipbuf),dgramSize);
		g_errno = EBADREPLY; 
		return -1; 
	}
	// get the response code (lower 4 bits of byte #3)
	int32_t rcode = dgram[3] & 0x0f;
	// . return -1 if response code indicates an error
	// . set g_errno as well
	switch ( rcode ) {
	case 0: break; // valid
	case 1: log(LOG_DEBUG,"dns: Nameserver (%s) returned request format error.",
		    iptoa(slot->getIp(),ipbuf));
		g_errno = EBADREQUEST;
		return -1;
	case 2: //log("dns::gotIp: dns server failure"              ); 
		//    log("dns: Nameserver (%s) could not handle query. "
		//	"Should you add \"recursive-clients 2000\" in "
		//	"\"options { ... };\" bracket of "
		//	"/etc/bind/named.conf?");
		// we have to try another dns if we get this message!
		log(LOG_DEBUG,"dns: Nameserver (%s) returned SERVFAIL.",
		    iptoa(slot->getIp(),ipbuf));
		//g_errno = ETRYAGAIN;
		//break;
		return -1;
		// name does not exist
	case 3: log(LOG_DEBUG,
			"dns::gotIp: name does not exist, returning ip of 0"
			"for '%s'", ds->m_hostname);
		// cache a not-found ip entry for this hostname
		addToCache ( ds->m_hostnameKey , 0 );
		return 0;
	case 4: log(LOG_DEBUG,"dns: Nameserver (%s) does not support query.",
		    iptoa(slot->getIp(),ipbuf));
		g_errno = EBADREQUEST;
		return -1;
	case 5: log(LOG_DEBUG,"dns: Nameserver (%s) refused request.",
		    iptoa(slot->getIp(),ipbuf));
		// www.fsis.usda.gov will error here if recursion bit is set
		// so restart from the beginning with it turned off
		if ( ds->m_recursionDesired ) {
			log(LOG_DEBUG,"dns: Turning off recursion "
			    "desired bit and retrying.");
			ds->m_recursionDesired = false;
			// retry the same ips of dns'es again
			ds->m_numTried = 0;
			g_errno = ETRYAGAIN;
			return -1;
		}
		g_errno = EDNSREFUSED;
		return -1;
	default: log(LOG_INFO,"dns: Nameserver (%s) returned unknown "
		    "return code = %" PRId32".",
		    iptoa(slot->getIp(),ipbuf), rcode );
		g_errno = EBADREPLY;
		return -1;
	}
	// does this name server support recursion?
	bool supportRecursion = dgram[3] & 0x80;
	// now if it said name does not exist but it did NOT set the
	// recursion is available flag, that's bad
	if ( ! supportRecursion && rcode == 3 ) {
		g_errno = EDNSBAD;
		char ipbuf[16];
		log(LOG_INFO,"dns: Nameserver (%s) will not not recurse.",
		    iptoa(slot->getIp(),ipbuf));
		return -1;
	}
	// otherwise if rcode is 3 then the name really does not exist so ret 0
	if ( rcode == 3 ) return 0;
	// how many query & answer records in the record heap?
	qdcount = ntohs (*(int16_t *)(dgram + 4 )) ; 
	// . we better have 1 query record
	// . return -1 on error
	if ( qdcount != 1 ) { 
		g_errno = EBADREPLY; 
		char ipbuf[16];
		log (LOG_INFO,"dns: Nameserver (%s) returned query count of %" PRId32" (not 1).",
		     iptoa(slot->getIp(),ipbuf), (int32_t)qdcount);
		return -1; 
	}
	// . now we should have our answer here
	// . if no answer/resource records then that's an error
	// . however, if nscount is positive that is a referral... and
	//   we need to ask those servers. and the additional section
	//   will have the ip addresses of those servers sometimes. that is
	//   why we need to check that section first for ips.
	int16_t ancount = ntohs (*(int16_t *)(dgram + 6 )) ; // answer
	int16_t nscount = ntohs (*(int16_t *)(dgram + 8 )) ; // authority
        int16_t arcount = ntohs (*(int16_t *)(dgram + 10 )); // additional
 	if ( ancount < 0 ) { 
		g_errno = EBADREPLY; 
		char ipbuf[16];
		log (LOG_WARN, "dns: Nameserver (%s) returned a negative answer count of %" PRId32".",
		     iptoa(slot->getIp(),ipbuf), (int32_t)ancount);
		return -1; 
	}

	// if it does not exist and no CNAME in the answer, bail now
	if ( rcode == 2 && ancount == 0 ) {
		addToCache ( ds->m_hostnameKey , 0 );
		g_errno = EDNSDEAD;
		return 0;
	}

	// treat a 0 answer count like an rcode of 3, a non-existent domain
	//if ( ancount == 0 ) {
	//	log ("dns: Nameserver (%s) returned a 0 answer count. "
	//	     "Assuming domain name does not exist.",  
	//	     iptoa ( slot->m_ip ) );
	//	addToCache ( ds->m_hostnameKey , 0 );
	//	return 0;
	//}

	// point to the end of our reply dgram
	// char *end = dgram + dgramSize;

	// . get hostname this is the ip for
	// . dgram+12 points to the hostname in label format
	//char hostname[256];
	//if ( ! extractHostname ( dgram , dgram + 12 , hostname ) ) return -1;

	// . now we should point to to the meat of the resource record
	// . we should have "ancount" resource records
	// . here's the format of one resource record (length is 12 bytes)
	// . u_int16_t rr_type;     /* RR type code (e.g. A, MX, NS, etc.) */
        // . u_int16_t rr_class;    /* RR class code (IN for Internet) */
        // . u_int32_t  rr_ttl;      /* Time-to-live for resource */
        // . u_int16_t rr_rdlength; /* length of RDATA field (in octets) */
        // . u_int16_t rr_rdata;    /* (fieldname used as a ptr) */

	// . here's SOME values for rr_type field
	// . A     1   IP Address (32-bit IP version 4)
	// . NS    2   Name server QNAME (for referrals & recursive queries)
	// . CNAME 5   Canonical name of an alias (in QNAME format)
	// . SOA   6   Start of Zone Transfer (see definition below)
	// . WKS   11  Well-known services (see definition below)
	// . PTR   12  QNAME pointing to other nodes (e.g. in inverse lookups)
	// . HINFO 13  Host Information (CPU string, then OS string)
	// . MX    15  Mail server preference and QNAME (see below)

	// . here's values for the rr_class field
        // . "<invalid>",
        // . IN    1   Internet - used for most queries!
        // . CS    2   CSNET <obsolete>
        // . CH    3   CHAOS Net
        // . HS    4   Hesiod (mit?)

	// . point to heap of resource records (after the query record)
	// . TODO: what is this 2 byte thing?
	char *end = dgram + slot->m_readBufSize ;
	char *rr  = dgram ;
	// . skip rr over first canonical name which actually, may not be
	//   the name we sent!!!
	// . for instance, www.montigny78.fr first name is actually
	//   www.mairie-montigny78.fr ... strange ...
	// . pages.plaza-antique-mall.com has a different name too
	// . first point to start of canonical name
	rr += 12;
	// watch out for corruption
	if ( rr >= end ) {
		addToCache ( ds->m_hostnameKey , -1 );
		g_errno = EBADREPLY;
		char ipbuf[16];
		log(LOG_INFO,"dns: Nameserver (%s) returned a corrupt reply [0] for %s.",
		    iptoa(slot->getIp(),ipbuf),ds->m_hostname);
		return -1;
	}
	// jump over each label
	unsigned char len = *rr;
	while ( len > 0 ) { 
		// point to length byte of next label
		rr += len + 1;
		// break if we exceed the end
		if ( rr >= end ) break;
		// get length of next label
		len = *rr;
	}
	// skip over last byte, it's contents should be 0
	rr++;
	// skip 4 bytes after... for what?
	rr += 4;
	// watch out for corruption
	if ( rr >= end ) {
		addToCache ( ds->m_hostnameKey , -1 );
		g_errno = EBADREPLY;
		char ipbuf[16];
		log(LOG_INFO,"dns: Nameserver (%s) returned a corrupt reply [1] for %s.",
		    iptoa(slot->getIp(),ipbuf),ds->m_hostname);
		return -1;
	}
	// . store the ips of the nameservers we have to ask into "ips"
	// . throw these ips into the next depth level, though
	int32_t *ips = NULL;
	int32_t  numIps = 0;
	// but may be too deep, make sure we can increase the depth by 1
	if ( ds->m_depth + 1 < MAX_DEPTH ) {
		ips         = ds->m_dnsIps  [ds->m_depth+1];
		ds->m_rootTLD     [ ds->m_depth+1 ] = false;
		ds->m_fallbacks   [ ds->m_depth+1 ] = 0;
		ds->m_numDnsIps   [ ds->m_depth+1 ] = 0;
		ds->m_numDnsNames [ ds->m_depth+1 ] = 0;
	}
	
	// ask for MX record? used by Emailer in Facebook.cpp.
	bool getmx = false;
	if ( strncmp(ds->m_hostname,"gbmxrec-",8) == 0 ) 
		getmx = true;

	// scan ALL answer records for ips and select the minimum
	uint32_t minIp = 0;
	int32_t          minttl = 15;
	bool gotIp = false;
	//while ( ancount-- ) {
	int32_t maxi = ancount;
	// seems like mx records themselves are type 15 and are only
	// text, the answer sections has the ips
	if ( getmx ) maxi = ancount + nscount + arcount;
	if ( maxi == 0 ) maxi = nscount + arcount;
	TLDIPEntry	tldip;
	tldip.numTLDIPs = 0;
	int64_t answerHash64 = 0LL;

	for ( int32_t i = 0 ; i < maxi; i++ ) {
		// well, this is the name of the record
		// kinda, so this is how we will map
		// an MX resource record to its A record
		// in the answer section
		const char *s = getRRName ( rr , dgram, end );
		//log("dns: got rr name: %s",s);
		int64_t rrHash64 = 0LL;
		if ( s ) rrHash64 = hash64n ( s );
		// . now a domain name should follow
		// . but if the next byte has hi bit set then it means its
		//   a 2 byte pointer to another domain label
		// . if hi bit is clear the label follows here
		// . both bits must be on for message compression
		while ( rr < end ) {
			// parse out the label
			if ( ! *rr ) {
				rr += 1;
				break;
			}
			else if ( (*rr & 0xc0) != 0xc0 )
				rr += (u_char)(*rr)+1;			
			// skip over the compressed thingy
			else {
				rr += 2;
				break;
			}
		}
		// need to have room for the rdata
		if ( rr + 10 >= end ) {
			addToCache ( ds->m_hostnameKey , -1 );
			g_errno = EBADREPLY;
			char ipbuf[16];
			log(LOG_INFO,"dns: Nameserver (%s) returned a corrupt reply [2] for %s.",
			    iptoa(slot->getIp(),ipbuf),ds->m_hostname);
			return -1;
		}
		// the type (A=1,CNAME=5,...)
		int16_t rrtype = ntohs ( *(int16_t *)rr);
		rr += 2;
		// skip the rr class(2)
		rr += 2;
		// skip the ttl(4)
		int32_t ttl = ntohl(*(int32_t *)rr);
		rr += 4;
		// get the length of the rr data (sometimes ip)
		int16_t rlen = ntohs ( *(int16_t *)rr);
		// skip to the actual resource data
		rr += 2;

		// ask for MX record? used by Emailer in Facebook.cpp.
		if ( getmx && rrtype == 15 && rlen == 4 ) goto extractIp;

		// a match by hash?
		if ( rrtype == 1 && rlen == 4 && answerHash64 &&
		     answerHash64 == rrHash64 )
			goto extractIp;

		// get the ip if we have an A record
		if ( rrtype == 1 && rlen == 4 && ! answerHash64 )
			goto extractIp;

		// watch our for negative rlens
		if ( rlen < 0 ) {
			g_errno = EBADREPLY;
			char ipbuf[16];
			log(LOG_INFO,"dns: Nameserver (%s) returned a negative resource len.", iptoa(slot->getIp(),ipbuf) );
			return -1;
			
		}
		// . TODO: rewrite this messy section of code nice and neat.
		// . do we have a hostname to ask for this ip?
		// . ns records always come after answers records, which we
		//   have none of if this is true, and they always come before
		//   "additional records" (arcount). Usually the additional
		//   records just contain the ip addresses of the ns records.
		//   but when they do not we may have to get the ips of the
		//   hostnames of these dns servers, so store the names into
		//   ds->m_nameBuf and have ds->m_dnsNames point into 
		//   ds->m_nameBuf.
		if ( //! getmx &&
		    // if we are in the NS section we have a referring name
		    // server, most likely without an IP since arcount<nscount
		    // so store that name into the name buffer
		    ((ancount == 0 && i < nscount && arcount < nscount &&
		      rrtype==2) ||
		      // OR, if we are in the answer section and we do not
		      // have an IP yet, we may just have an alias we have
		      // to use as the hostname
		      (!gotIp && i < ancount && (rrtype==5||rrtype==15)))
		     &&
		     ds->m_depth + 1 < MAX_DEPTH &&
		     ds->m_numDnsNames[ds->m_depth+1] < MAX_DNS_IPS &&
		     ds->m_nameBufPtr + rlen + 1 < ds->m_nameBufEnd ) {
			//log("got rr we want");
			char *dst = ds->m_nameBufPtr;
			// store into our buffer
			char *p = rr;
			char *pend = p + rlen;

			// for mx records, i think we got a int16_t mx #
			if ( rrtype == 15 ) {
				p += 2;
			}

			while ( *p && p < pend ) {
				// is compression bit set?
				while ( ((( uint8_t)(*p)) & 0xc0) == 0xc0 ) {
					// we are jumping within the dgram
					uint16_t offset = ntohs(*(int16_t *)p)&0x3fff;
					if(offset>(end-dgram))
						break;
					p = dgram + offset;
					// bust out of while loop if we should
					if ( !*p || p>=pend )
						break;
				}
				// watch out for corruption
				if ( dst + *p + 1 > ds->m_nameBufEnd ) {
					addToCache ( ds->m_hostnameKey , -1);
					g_errno = EBADREPLY;
					char ipbuf[16];
					log(LOG_INFO,
						"dns: Nameserver (%s) returned"
						" a corrupt reply [3] for %s.",
						iptoa(slot->getIp(),ipbuf),
						ds->m_hostname);
					return -1;
				}
				// watch out for corruption
				if ( *p < 0 ) {
					addToCache ( ds->m_hostnameKey , -1);
					g_errno = EBADREPLY;
					char ipbuf[16];
					log(LOG_INFO,
						"dns: Nameserver (%s) returned"
						" a corrupt reply [4] for %s.",
						iptoa(slot->getIp(),ipbuf),
						ds->m_hostname);
					return -1;
				}
				// copy the hostname
				memcpy ( dst , p+1 , *p );
				dst += *p;
				*dst++ = '.';
				p += ((u_char)*p) + 1;
			}
			// last '.' should be a 0 really
			dst[-1] = '\0';
			// make ptr to it
			// if it was a NS name, do that
			if ( rrtype == 2 ) {
				log(LOG_DEBUG,
					"dns: Added name [0-%" PRId32"] %s to "
					"depth %" PRId32" for %s.",
					ds->m_numDnsNames[ds->m_depth+1],
					ds->m_nameBufPtr,
					(int32_t)ds->m_depth+1,
					ds->m_hostname);
				ds->m_dnsNames[ds->m_depth+1]
					[ds->m_numDnsNames[ds->m_depth+1]++] = 
					ds->m_nameBufPtr;
			}
			// otherwise, a new hostname
			else {
				// note it
				if ( getmx || g_conf.m_logDebugDns )
					logf(LOG_DEBUG,"dns: Got CNAME "
					     "alias %s for %s",
					     ds->m_nameBufPtr, ds->m_hostname);
				// . get hash of it
				// . then if we are scanning the additional
				//   resource records that are A records
				//   and they match this hash, use that ip!
				answerHash64 = hash64n ( ds->m_nameBufPtr );
				// reset the tries, because we can retry the
				// ips of the nameservers again because now
				// we have a different hostname. otherwise,
				// we will fail looking up www.astronomy.org.nz
				ds->m_numTried = 0;
				// hostname changes now
				int32_t len = strlen(ds->m_nameBufPtr);
				if ( len > 127 ) {
					/*
					  this spams the log!
					log(LOG_INFO,
					    "dns: Aliased hostname %s is %" PRId32" > "
					    "127 chars long.",ds->m_nameBufPtr,len);
					*/
					g_errno = EBUFTOOSMALL;
					return -1;
				}
				strncpy ( ds->m_hostname , 
					  ds->m_nameBufPtr,
					  len );
				ds->m_hostname[len] = 0;

				// so we have to start over...
				int32_t d = ds->m_depth+1;
				const TLDIPEntry *cached = getTLDIP(ds);

				if ( g_conf.m_askRootNameservers && cached) {
					gbmemcpy( ds->m_dnsIps[d],
						cached->TLDIP,
						cached->numTLDIPs *
						sizeof(uint32_t));
					ds->m_numDnsIps[d] = cached->numTLDIPs;
					ds->m_numDnsNames[d] = 0;
					ds->m_rootTLD[d] = true;
					ds->m_fallbacks[d] = 0;
					numIps = cached->numTLDIPs;

				} 
				else 
				if ( g_conf.m_askRootNameservers ) {
					gbmemcpy ( ds->m_dnsIps[d],
						 g_conf.m_rnsIps,
						 g_conf.m_numRns * 4);
					ds->m_numDnsIps[d] = g_conf.m_numRns;
					ds->m_numDnsNames[d] = 0;
					ds->m_rootTLD[d] = true;
					ds->m_fallbacks[d] = 0;
					numIps             = g_conf.m_numRns;
				}
				// otherwise, use the local bind9 servers
				else {
					gbmemcpy ( ds->m_dnsIps[d],
						 g_conf.m_dnsIps,
						 g_conf.m_numDns * 4);
					ds->m_numDnsIps[d] = g_conf.m_numDns;
					ds->m_numDnsNames[d] = 0;
					ds->m_rootTLD[d] = false;
					ds->m_fallbacks[d] = 0;
					numIps             = g_conf.m_numDns;
				}
			}
			// update our current name buf pointer
			ds->m_nameBufPtr = (char *)dst;
		}
		// . if record is not type 5 (CNAME) then bitch
		// . we can be in an authority/additional section now
		//   so comment this out
		//if ( rrtype != 5 ) {
		//	g_errno = EBADREPLY;
		//	log("dns: Nameserver (%s) returned "
		//	    "a bad rr type of %" PRId32".", iptoa(slot->m_ip),
		//	    (int32_t)rrtype);
		//	return -1;
		//}
	
		//HEY, see rfc1034... gota redo with this as the name i think


		// TODO: use the canonical name as a normalization!!
		// skip resource data
		rr += rlen;
		continue;
	extractIp:
		// . now "s" should pt to the resource data, hopefully the ip
		// . add another ip to our array and inc numIps
		// . ips should be in network order
		uint32_t ip ; gbmemcpy ( (char *)&ip , rr , 4 );

		// TODO: detect bogus responses such as those from Verisign's SiteFinder "service" where unknown domains resolved to a fixed IP-address.
		// if ... something ...
		//    addToCache ( ds->m_hostnameKey , 0 );
		//    return 0;

		// debug msg
		//fprintf(stderr,".... got ip=%s for %s\n",iptoa(ip),hostname);
		// get the smallest ip (or largest??? what is the byte order?)
		if ( ip < minIp || ! gotIp ) {
			minIp  = ip;
			minttl = ttl;
		}
		// we got one now
		gotIp = true;
		// . add to list of ips of nameservers to ask
		// . must not be in the answer section (i>=ancount)
		if ( ips && numIps + 1 < MAX_DNS_IPS ) {
			if (isTimedOut(ip)) {
				char ipbuf[16];
				log(LOG_DEBUG, "dns: Not adding [0] ip %s - timed out",
				    iptoa(ip,ipbuf));
			}
			else {
				ips[numIps] = ip;
				char ipbuf[16];
				log(LOG_DEBUG,
					"dns: Added ip [0-%" PRId32"] %s to depth %" PRId32" "
					"for %s.",
					numIps, iptoa(ip,ipbuf),(int32_t)ds->m_depth+1,
					ds->m_hostname);
				numIps++;
			}
			// build TLDIP entry, regardless of timed-out status
			if ( g_conf.m_askRootNameservers && ds->m_depth == 0 &&
			     tldip.numTLDIPs < MAX_DNS_IPS ) {
				tldip.TLDIP[tldip.numTLDIPs++] = ip;
			}
		}
		// skip resource data and continue
		rr += rlen;
	}
	//log(LOG_DEBUG, "dns: gotIp depth %d done", ds->m_depth);
	#ifdef DNS_TLD_CACHE
	if ( g_conf.m_askRootNameservers && ds->m_depth == 0 && g_errno == 0 ) {
		setTLDIP(ds, &tldip);
		ds->m_rootTLD[1] = true;
	}
	#endif

	//if ( ! gotIp && ancount > 0 ) {
	//	log("got answer with no ip!");
	//}
	// debug msg
	//fprintf(stderr,".... using minip=%s for %s\n",iptoa(minIp),hostname);
	// if we did have an answer section, assume minIp is the answer
	if ( ancount > 0 && gotIp ) {
		char ipbuf[16];
		log(LOG_DEBUG, "dns: got ip %s for '%s'",
			iptoa(minIp,ipbuf), ds->m_hostname);
		// . get the key of the hostname
		addToCache ( ds->m_hostnameKey , minIp , minttl );
		// return the minimum ip
		return minIp;
	}

	//
	// begin the new code. 
	//
	// if we did not have an ip address in our reply we probably got a 
	// list of nameservers we have to ask for the ip address. so our
	// caller should call sendToNextDNS() after we return.
	// 
	
	// bail if already went too deep
	if ( ! ips ) {
		g_errno = EBADREPLY;
		log(LOG_INFO,"dns: Exceeded max recursion depth of %" PRId32" for %s",
		    (int32_t)MAX_DEPTH,ds->m_hostname);
		return -1;
	}
	// if we did not get more nameserver ips to ask, this was a dead end
	//if ( numIps <= 0 ) {
	//	//g_errno = EBADREPLY;
	//	log("dns: Got reply with no ip or nameserver ips.");
	//	//return -1;
	//}

	// ok, increase the depth since we got some more nameserver ips to ask
	ds->m_depth++;
	// set up ds2
	ds->m_numDnsIps[ds->m_depth] = numIps;
	log(LOG_DEBUG,
		"dns: depth +%" PRId32" rootTLD %d #fb %" PRId32" #ip %" PRId32" #name %" PRId32,
		ds->m_depth,
		ds->m_rootTLD[ds->m_depth],
		ds->m_fallbacks[ds->m_depth],
		ds->m_numDnsIps[ds->m_depth],
		ds->m_numDnsNames[ds->m_depth]);

	// initialize next depth level
	int32_t d1 = ds->m_depth + 1;
	if( d1 < MAX_DEPTH ) {
		ds->m_rootTLD[d1] = false;
		ds->m_fallbacks[d1] = 0;
		ds->m_numDnsIps[d1] = 0;
		ds->m_numDnsNames[d1] = 0;
	}
	// set g_errno so gotIp() will call sendToNextDNS(ds)
	log(LOG_DEBUG, "dns: gotIp returning ETRYAGAIN");
	g_errno = ETRYAGAIN;
	return -1;
}

bool Dns::isInCache ( key96_t key , int32_t *ip ) {
	// debug msg
	//log("dns::isInCache: checking");
	// . returns 0 if not in cache
	// . returns -1 if a cached not-found
	// . otherwise returns ip of "hostname"
	// . any cache entry over 24hrs is stale
	int32_t   maxAge = DNS_CACHE_MAX_AGE; // 60*60*24; 
	// . look up the ip in the cache
	// . TODO: can you pass a NULL ptr for the dataSize?
	// . TODO: is it ok to leave the caller hanging??
	// . the callback, gotIp(), can be NULL if we're just updating times
	// . TODO: ensure list owns the data
	// if not found, return false;
	char *rec;
	int32_t  recSize;
	// return false if not in cache
	RdbCacheLock rcl(m_rdbCache);
	if ( ! m_rdbCache.getRecord ( (collnum_t)0 ,
				      key      , 
				      &rec     ,
				      &recSize ,
				      false    ,  // do copy?
				      maxAge   ,
				      true     )) // inc count?
		return false;
	// recSize must be 4 -- sanity check
	if ( recSize != 4 ) {
		log( LOG_WARN, "dns: Got bad record of size %" PRId32" from cache.", recSize);
		return false;
	}

	// the data ptr itself is the ip
	*ip = *(int32_t *)rec ;
	// return true since we found it
	return true;
}

// ttl is in seconds
void Dns::addToCache ( key96_t hostnameKey , int32_t ip , int32_t ttl ) {
	// debug msg
	char ipbuf[16];
	log(LOG_DEBUG, "dns: addToCache added key %" PRIu64" ip %s ttl %" PRId32" to cache",
		hostnameKey.n0, iptoa(ip,ipbuf), ttl);
        // set timestamp to be maxTime (24 hours = 8640 sec) - ttl
        int32_t timestamp;
	// watch out for crazy ttls, bigger than 2 days
	if ( ttl > 60*60*24*2 ) ttl = 60*60*24*2;
	// if ttl is less than how long we trust the cached ip for, reduce
	// the timestamp to fool Dns::isInCache()
        if   ( ttl > 0 ) timestamp = getTime() - DNS_CACHE_MAX_AGE + ttl;
        else             timestamp = getTime();

	// . select the cache, we should add it to
	// . generally, local cache is used to save over-the-network lookups
	//   and is smaller than the distributed cache, m_rdbCache
	RdbCache *c ;
// 	if ( getResponsibleHost(hostnameKey) != g_hostdb.m_myHost )
// 		c = &m_rdbCacheLocal;
// 	else    
		c = &m_rdbCache;

 	// just add a record to the cache
	RdbCacheLock rcl(*c);
	c->addRecord((collnum_t)0,hostnameKey,(char *)&ip,4,
		     timestamp);//rec size
	// reset g_errno in case it had an error (we don't care)
	g_errno = 0;	
}

// . s pts to the hostname in the len/label pair format
// . hostname will be filled with the hostname
bool Dns::extractHostname ( const char *dgram,
			    const char *record,
			    char *hostname ) {

	hostname[0] = '\0';
	int32_t    i = 0;
	const char *end = dgram + DGRAM_SIZE;

	while ( *record ) {
		int16_t  len   = (u_char)(*record);
		const char  *src   =  record + 1;
		int32_t   times = 0;
		// if 2 hi bits on "len" are set it's a label offset
		while ( (len & 0xc0) && times++ < 5 ) {
			int16_t offset = (len & 0x3f) << 8 | src[0];
			if ( dgram + offset >= end ) {
				g_errno = EBADREPLY; return false; }
			len    = (u_char)(*(dgram + offset));
			src    = dgram + offset + 1;
		}
		// breech check
		if ( times     >= 5   ) { g_errno = EBADREPLY; return false; }
		if ( i   + len >= 255 ) { g_errno = EBADREPLY; return false; }
		if ( src + len >= end ) { g_errno = EBADREPLY; return false; }
		// copy to hostname
		gbmemcpy ( &hostname[i] , record + 1 , len );
		// if we had a ptr then just add 2
		if ( times > 0 ) record += 2;
		else             record += 1 + len;
		// advance the hostname
		i      += len;
		// there should be SOME room left over (enough for . and \0)
		if ( i >= 254 ) { g_errno = EBADREPLY; return false; }
		// add a .
		hostname [ i++ ] = '.';
	}

	// cover up that dot
	if ( i < 0 ) { g_errno = EBADREPLY; return false; }
	hostname [ i - 1 ] = '\0';

	return true;
}

// TODO: hostname key collision is possible, so watch out. 
//       should we also store ptr to the whole hostname in hash table?
bool Dns::isInFile ( key96_t key , int32_t *ip ) {
	// flush and reload our /etc/hosts hash table every minute
	static int32_t s_lastTime = 0;
	int32_t now = getTime();
	if ( now - 60 >= s_lastTime ) {
		s_lastTime = now;
		loadFile ();
		// ignore any error from this
		g_errno = 0;
	}
	// bail if no hash table
	if ( m_numSlots <= 0 ) return false;
	// check hash table
	int32_t n = key.n1 % m_numSlots;
	while ( m_ips[n] && m_keys[n] != key )
		if ( ++n >= m_numSlots ) n = 0;
	// return false if not found in our hash table (/etc/hosts file)
	if ( ! m_ips[n] ) return false;
	// otherwise we got it
	*ip = m_ips[n];
	return true;
}


// returns false and sets g_errno on error
bool Dns::loadFile ( ) {
	File f;
	f.set ("/etc/","hosts");
	int32_t fsize = f.getFileSize();
	if ( fsize < 0 ) {
		log( LOG_WARN, "dns: Getting file size of /etc/hosts : %s.", mstrerror(g_errno) );
		return false;
	}

	// add 1 so we can NULL terminate
	int32_t bufSize = fsize + 1;
	// make mem
	char *buf = (char *)mmalloc ( bufSize , "Dns" );
	if ( ! buf ) {
		log( LOG_WARN, "dns: Could not read /etc/hosts : %s.", mstrerror(g_errno));
		return false;
	}

	// pre-open the file
	f.open ( O_RDONLY );
	// read it all in
	if ( f.read ( buf , fsize , 0 ) < 0 ) {
		mfree ( buf , bufSize , "Dns" );
		f.close();
		log( LOG_WARN, "dns: Could not read /etc/hosts : %s.", mstrerror(g_errno));
		return false;
	}

	// NULL terminate it
	buf [ fsize ] = '\0';
	// free hash table
	mfree ( m_ips  , m_numSlots*4            , "Dns");
	mfree ( m_keys , m_numSlots*sizeof(key96_t), "Dns");
	m_ips      = NULL;
	m_keys     = NULL;
	m_numSlots = 0;
	// count # of lines in buf as upper bound for number of entries
	char *p     = buf;
	int32_t  count = 0;
	for ( ; *p ; p++ ) if ( *p == '\n' ) count++;
	// alloc the hash table
	m_numSlots = count * 2;
	m_ips  = (int32_t  *) mmalloc ( 4             * m_numSlots , "Dns" );
	m_keys = (key96_t *) mmalloc ( sizeof(key96_t) * m_numSlots , "Dns" );
	if ( ! m_ips || ! m_keys ) {
		if ( m_ips ) mfree ( m_ips  , m_numSlots*4            , "Dns");
		if ( m_keys) mfree ( m_keys , m_numSlots*sizeof(key96_t), "Dns");
		m_numSlots = 0;
		mfree ( buf , bufSize , "Dns" );
		f.close();
		log( LOG_WARN, "dns: Read /etc/hosts : %s.", mstrerror(g_errno));
		return false;
	}
	// clear hash table
	memset ( m_ips , 0 , 4 * m_numSlots );
	// declare vars here
	char *e;
	int32_t  ip;
	key96_t key;
	int32_t  n;
	// point to first line
	p = buf;
 loop:
	// skip comments
	if ( *p == '#' ) goto skipline;
	// skip spaces
	while ( isspace ( *p ) ) p++;
	// if this is not a digit, continue
	if ( ! isdigit(*p) ) goto skipline;
	// find the end, a space
	e = p;
	while ( *e && ! isspace(*e) ) e++;
	// get ip, will stop at first space
	ip = atoip ( p , (int32_t)(e - p) );
	// get the hostname
	p = e;
	// skip spaces after ip
	while ( isspace ( *p ) ) p++;
	// this should be the hostname, starting with an alnum
	if ( ! isalnum (*p) ) goto skipline;
	// get the end of the hostname
	e = p;
	while ( isalnum(*e) || *e=='.' || *e=='-' ) e++;
	// get the hash of the hostname
	key  = hash96 ( p , e - p );
	// advance p
	p = e;
	// store in hash table
	n = key.n1 % m_numSlots;
	while ( m_ips[n] && m_keys[n] != key )
		if ( ++n >= m_numSlots ) n = 0;
	// if already in there skip it
	if ( m_ips[n] ) goto skipline;
	// otherwise add it
	m_ips [n] = ip;
	m_keys[n] = key;
 skipline:
	while ( *p && *p != '\n' ) p++;
	while (       *p == '\n' ) p++;
	if    ( *p ) goto loop;
	// now all the hostname/ip pairs are hashed
	mfree ( buf , bufSize , "Dns" );
	f.close();
	return true;
}		

key96_t Dns::getKey ( const char *hostname, int32_t hostnameLen ) {
	// use the domain name name. so *.blogspot.com does not flood their dns
	return hash96 ( hostname , hostnameLen );
	//int32_t  dlen = 0;
	//char *dom  = getDomFastFromHostname ( hostname , &dlen );
	//if ( ! dom || dlen <=2 ) return hash96 ( hostname , hostnameLen );
	//return hash96 ( dom , dlen );
}

// . MsgC uses this to see which host is responsible for this key
//   which is just a hash96() of the hostname (see getKey() above)
// . returns -1 if not host available to send request to
Host *Dns::getIPLookupHost(key96_t key) {
	logTrace( g_conf.m_logTraceDns, "BEGIN" );

	// get the hostNum that should handle this
	int32_t hostId = key.n1 % g_hostdb.getNumHosts();

	logTrace( g_conf.m_logTraceDns, "numHosts: %" PRIu32, g_hostdb.getNumHosts() );
	logTrace( g_conf.m_logTraceDns, "key.n1: %" PRIu32, key.n1 );
	logTrace( g_conf.m_logTraceDns, "hostId: %" PRIu32, hostId );

	// return it if it is alive
	Host* h = g_hostdb.getHost ( hostId );
	
	if ( h->m_spiderEnabled && ! g_hostdb.isDead ( hostId ) ) {
		logTrace( g_conf.m_logTraceDns, "END. Spidering enabled and not dead. Returning." );
		return h;
	}
		
		
		
	// how many are up?
	int32_t numAlive = g_hostdb.getNumHostsAlive();

	logTrace( g_conf.m_logTraceDns, "Above is dead. numAlive: %" PRIu32, numAlive );

	// NULL if none
	if ( numAlive == 0 ) {
		logTrace( g_conf.m_logTraceDns, "END. None alive. return NULL" );
		g_errno = EHOSTDEAD;
		return NULL;
	}
	
	// try another hostNum
	int32_t hostNum = key.n1 % numAlive;
	logTrace( g_conf.m_logTraceDns, "hostNum: %" PRIu32, hostNum );
	
	// otherwise, chain to him
	int32_t count = 0;
	for ( int32_t i = 0 ; i < g_hostdb.getNumHosts() ; i++ ) {
		// get the ith host
		Host *host = &g_hostdb.m_hosts[i];
		if ( !host->m_spiderEnabled ) {
			logTrace( g_conf.m_logTraceDns, "i: %" PRId32" - spidering disabled", i );
			continue;
		}
		
		// skip him if he is dead
		if ( g_hostdb.isDead ( host ) ) {
			logTrace( g_conf.m_logTraceDns, "i: %" PRId32" - dead", i );
			continue;
		}
			
		// count it if alive, continue if not our number
		if ( count++ != hostNum ) {
			logTrace( g_conf.m_logTraceDns, "i: %" PRId32" - not our host (% " PRId32")", i, hostNum );
			continue;
		}

		// we got a match, we cannot use hostNum as the hostId now
		// because the host with that hostId might be dead
		logTrace( g_conf.m_logTraceDns, "END. i: %" PRId32" - Match!", i );
		
		return host;
	}

	logTrace( g_conf.m_logTraceDns, "END. Return EHOSTDEAD. None found" );
	g_errno = EHOSTDEAD;
	return NULL;
}