Commit 08c90261 authored by Mark Andrews's avatar Mark Andrews
Browse files

1953. [func] Named now falls back to advertising EDNS with a

                        512 byte receive buffer if the initial EDNS queries
                        fail.  [RT #14852]

1952.   [func]          The maximum EDNS UDP response named will send can
                        now be set in named.conf (max-udp-size).  This is
                        independent of the advertised receive buffer
                        (edns-udp-size). [RT #14852]
parent acb4f523
1953. [func] Named now falls back to advertising EDNS with a
512 byte receive buffer if the initial EDNS queries
fail. [RT #14852]
1952. [func] The maximum EDNS UDP response named will send can
now be set in named.conf (max-udp-size). This is
independent of the advertised receive buffer
(edns-udp-size). [RT #14852]
1952. [port] hpux: tell the linker to build a runtime link
path "-Wl,+b:". [RT #14816].
......
......@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: client.c,v 1.234 2006/01/04 23:50:24 marka Exp $ */
/* $Id: client.c,v 1.235 2006/01/05 00:01:46 marka Exp $ */
#include <config.h>
......@@ -34,12 +34,13 @@
#include <dns/dispatch.h>
#include <dns/events.h>
#include <dns/message.h>
#include <dns/peer.h>
#include <dns/rcode.h>
#include <dns/resolver.h>
#include <dns/rdata.h>
#include <dns/rdataclass.h>
#include <dns/rdatalist.h>
#include <dns/rdataset.h>
#include <dns/resolver.h>
#include <dns/tsig.h>
#include <dns/view.h>
#include <dns/zone.h>
......@@ -1705,6 +1706,19 @@ client_request(isc_task_t *task, isc_event_t *event) {
ISC_LOG_DEBUG(3), ra ? "recursion available" :
"recursion not available");
/*
* Adjust maximum UDP response size for this client.
*/
if (client->udpsize > 512) {
dns_peer_t *peer = NULL;
isc_uint16_t udpsize = view->maxudp;
(void) dns_peerlist_peerbyaddr(view->peers, &netaddr, &peer);
if (peer != NULL)
dns_peer_getmaxudp(peer, &udpsize);
if (client->udpsize > udpsize)
client->udpsize = udpsize;
}
/*
* Dispatch the request.
*/
......
......@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: config.c,v 1.64 2006/01/04 23:50:24 marka Exp $ */
/* $Id: config.c,v 1.65 2006/01/05 00:01:46 marka Exp $ */
/*! \file */
......@@ -97,6 +97,7 @@ options {\n\
use-id-pool true;\n\
use-ixfr true;\n\
edns-udp-size 4096;\n\
max-udp-size 4096;\n\
\n\
/* view */\n\
allow-notify {none;};\n\
......
......@@ -17,7 +17,7 @@
- PERFORMANCE OF THIS SOFTWARE.
-->
<!-- $Id: named.conf.docbook,v 1.16 2006/01/04 23:50:24 marka Exp $ -->
<!-- $Id: named.conf.docbook,v 1.17 2006/01/05 00:01:46 marka Exp $ -->
<refentry>
<refentryinfo>
<date>Aug 13, 2004</date>
......@@ -104,6 +104,7 @@ server ( <replaceable>ipv4_address<optional>/prefixlen</optional></replaceable>
bogus <replaceable>boolean</replaceable>;
edns <replaceable>boolean</replaceable>;
edns-udp-size <replaceable>integer</replaceable>;
max-udp-size <replaceable>integer</replaceable>;
provide-ixfr <replaceable>boolean</replaceable>;
request-ixfr <replaceable>boolean</replaceable>;
keys <replaceable>server_key</replaceable>;
......@@ -256,6 +257,7 @@ options {
<replaceable>ipv6_address</replaceable> <optional>port <replaceable>integer</replaceable></optional> ); ...
};
edns-udp-size <replaceable>integer</replaceable>;
max-udp-size <replaceable>integer</replaceable>;
root-delegation-only <optional> exclude { <replaceable>quoted_string</replaceable>; ... } </optional>;
disable-algorithms <replaceable>string</replaceable> { <replaceable>string</replaceable>; ... };
dnssec-enable <replaceable>boolean</replaceable>;
......@@ -397,6 +399,7 @@ view <replaceable>string</replaceable> <replaceable>optional_class</replaceable>
<replaceable>ipv6_address</replaceable> <optional>port <replaceable>integer</replaceable></optional> ); ...
};
edns-udp-size <replaceable>integer</replaceable>;
max-udp-size <replaceable>integer</replaceable>;
root-delegation-only <optional> exclude { <replaceable>quoted_string</replaceable>; ... } </optional>;
disable-algorithms <replaceable>string</replaceable> { <replaceable>string</replaceable>; ... };
dnssec-enable <replaceable>boolean</replaceable>;
......
......@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: server.c,v 1.453 2006/01/04 23:50:24 marka Exp $ */
/* $Id: server.c,v 1.454 2006/01/05 00:01:46 marka Exp $ */
/*! \file */
......@@ -686,6 +686,17 @@ configure_peer(cfg_obj_t *cpeer, isc_mem_t *mctx, dns_peer_t **peerp) {
CHECK(dns_peer_setudpsize(peer, (isc_uint16_t)udpsize));
}
obj = NULL;
(void)cfg_map_get(cpeer, "max-udp-size", &obj);
if (obj != NULL) {
isc_uint32_t udpsize = cfg_obj_asuint32(obj);
if (udpsize < 512)
udpsize = 512;
if (udpsize > 4096)
udpsize = 4096;
CHECK(dns_peer_setmaxudp(peer, (isc_uint16_t)udpsize));
}
obj = NULL;
(void)cfg_map_get(cpeer, "transfers", &obj);
if (obj != NULL)
......@@ -1149,6 +1160,19 @@ configure_view(dns_view_t *view, cfg_obj_t *config, cfg_obj_t *vconfig,
udpsize = 4096;
dns_resolver_setudpsize(view->resolver, (isc_uint16_t)udpsize);
/*
* Set the maximum UDP response size.
*/
obj = NULL;
result = ns_config_get(maps, "max-udp-size", &obj);
INSIST(result == ISC_R_SUCCESS);
udpsize = cfg_obj_asuint32(obj);
if (udpsize < 512)
udpsize = 512;
if (udpsize > 4096)
udpsize = 4096;
view->maxudp = udpsize;
/*
* Set supported DNSSEC algorithms.
*/
......
......@@ -18,7 +18,7 @@
- PERFORMANCE OF THIS SOFTWARE.
-->
<!-- File: $Id: Bv9ARM-book.xml,v 1.286 2006/01/04 23:50:24 marka Exp $ -->
<!-- File: $Id: Bv9ARM-book.xml,v 1.287 2006/01/05 00:01:46 marka Exp $ -->
<book xmlns:xi="http://www.w3.org/2001/XInclude">
<title>BIND 9 Administrator Reference Manual</title>
......@@ -4479,6 +4479,7 @@ category notify { null; };
<optional> match-mapped-addresses <replaceable>yes_or_no</replaceable>; </optional>
<optional> preferred-glue ( <replaceable>A</replaceable> | <replaceable>AAAA</replaceable> | <replaceable>NONE</replaceable> ); </optional>
<optional> edns-udp-size <replaceable>number</replaceable>; </optional>
<optional> max-udp-size <replaceable>number</replaceable>; </optional>
<optional> root-delegation-only <optional> exclude { <replaceable>namelist</replaceable> } </optional> ; </optional>
<optional> querylog <replaceable>yes_or_no</replaceable> ; </optional>
<optional> disable-algorithms <replaceable>domain</replaceable> { <replaceable>algorithm</replaceable>; <optional> <replaceable>algorithm</replaceable>; </optional> }; </optional>
......@@ -6989,6 +6990,22 @@ query-source-v6 address * port *;
</listitem>
</varlistentry>
<varlistentry>
<term><command>max-udp-size</command></term>
<listitem>
<para>
Sets the maximum EDNS UDP message size named will
send. Valid values are 512 to 4096 (values outside
this range will be silently adjusted). The default
value is 4096. The usual reason for setting
max-udp-size to a non default value it to get UDP
answers to pass through broken firewalls that
block fragmented packets and/or block UDP packets
that are greater than 512 bytes.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term><command>masterfile-format</command></term>
<listitem>
......@@ -7507,6 +7524,7 @@ query-source-v6 address * port *;
<optional> request-ixfr <replaceable>yes_or_no</replaceable> ; </optional>
<optional> edns <replaceable>yes_or_no</replaceable> ; </optional>
<optional> edns-udp-size <replaceable>number</replaceable> ; </optional>
<optional> max-udp-size <replaceable>number</replaceable> ; </optional>
<optional> transfers <replaceable>number</replaceable> ; </optional>
<optional> transfer-format <replaceable>( one-answer | many-answers )</replaceable> ; ]</optional>
<optional> keys <replaceable>{ string ; <optional> string ; <optional>...</optional></optional> }</replaceable> ; </optional>
......@@ -7611,6 +7629,15 @@ query-source-v6 address * port *;
remote site that is blocking large replies.
</para>
<para>
The <command>max-udp-size</command> option sets the
maximum EDNS UDP message size named will send. Valid
values are 512 to 4096 (values outside this range will
be silently adjusted). This option is useful when you
know that there is a firewall that is blocking large
replies from named.
</para>
<para>
The server supports two zone transfer methods. The first, <command>one-answer</command>,
uses one DNS message per resource record transferred. <command>many-answers</command> packs
......
......@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: peer.h,v 1.24 2005/06/07 00:27:34 marka Exp $ */
/* $Id: peer.h,v 1.25 2006/01/05 00:01:46 marka Exp $ */
#ifndef DNS_PEER_H
#define DNS_PEER_H 1
......@@ -75,7 +75,8 @@ struct dns_peer {
isc_boolean_t support_edns;
dns_name_t *key;
isc_sockaddr_t *transfer_source;
isc_uint16_t udpsize;
isc_uint16_t udpsize; /* recieve size */
isc_uint16_t maxudp; /* transmit size */
isc_uint32_t bitflags;
......@@ -185,6 +186,12 @@ dns_peer_setudpsize(dns_peer_t *peer, isc_uint16_t udpsize);
isc_result_t
dns_peer_getudpsize(dns_peer_t *peer, isc_uint16_t *udpsize);
isc_result_t
dns_peer_setmaxudp(dns_peer_t *peer, isc_uint16_t maxudp);
isc_result_t
dns_peer_getmaxudp(dns_peer_t *peer, isc_uint16_t *maxudp);
ISC_LANG_ENDDECLS
#endif /* DNS_PEER_H */
......@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: resolver.h,v 1.48 2005/07/18 05:58:59 marka Exp $ */
/* $Id: resolver.h,v 1.49 2006/01/05 00:01:46 marka Exp $ */
#ifndef DNS_RESOLVER_H
#define DNS_RESOLVER_H 1
......@@ -92,6 +92,8 @@ typedef struct dns_fetchevent {
#define DNS_FETCHOPT_NOEDNS0 0x08 /*%< Do not use EDNS. */
#define DNS_FETCHOPT_FORWARDONLY 0x10 /*%< Only use forwarders. */
#define DNS_FETCHOPT_NOVALIDATE 0x20 /*%< Disable validation. */
#define DNS_FETCHOPT_EDNS512 0x40 /*%< Advertise a 512 byte
UDP buffer. */
#define DNS_FETCHOPT_EDNSVERSIONSET 0x00800000
#define DNS_FETCHOPT_EDNSVERSIONMASK 0xff000000
......
......@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: view.h,v 1.99 2006/01/04 23:50:24 marka Exp $ */
/* $Id: view.h,v 1.100 2006/01/05 00:01:46 marka Exp $ */
#ifndef DNS_VIEW_H
#define DNS_VIEW_H 1
......@@ -131,6 +131,7 @@ struct dns_view {
isc_boolean_t checknames;
dns_name_t * dlv;
dns_fixedname_t dlv_fixed;
isc_uint16_t maxudp;
/*
* Configurable data for server use only,
......
......@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: peer.c,v 1.23 2005/06/07 00:27:33 marka Exp $ */
/* $Id: peer.c,v 1.24 2006/01/05 00:01:46 marka Exp $ */
/*! \file */
......@@ -41,6 +41,7 @@
#define REQUEST_IXFR_BIT 4
#define SUPPORT_EDNS_BIT 5
#define SERVER_UDPSIZE_BIT 6
#define SERVER_MAXUDP_BIT 7
static void
peerlist_delete(dns_peerlist_t **list);
......@@ -68,7 +69,6 @@ dns_peerlist_new(isc_mem_t *mem, dns_peerlist_t **list) {
return (ISC_R_SUCCESS);
}
void
dns_peerlist_attach(dns_peerlist_t *source, dns_peerlist_t **target) {
REQUIRE(DNS_PEERLIST_VALID(source));
......@@ -587,3 +587,31 @@ dns_peer_getudpsize(dns_peer_t *peer, isc_uint16_t *udpsize) {
return (ISC_R_NOTFOUND);
}
}
isc_result_t
dns_peer_setmaxudp(dns_peer_t *peer, isc_uint16_t maxudp) {
isc_boolean_t existed;
REQUIRE(DNS_PEER_VALID(peer));
existed = DNS_BIT_CHECK(SERVER_MAXUDP_BIT, &peer->bitflags);
peer->maxudp = maxudp;
DNS_BIT_SET(SERVER_MAXUDP_BIT, &peer->bitflags);
return (existed ? ISC_R_EXISTS : ISC_R_SUCCESS);
}
isc_result_t
dns_peer_getmaxudp(dns_peer_t *peer, isc_uint16_t *maxudp) {
REQUIRE(DNS_PEER_VALID(peer));
REQUIRE(maxudp != NULL);
if (DNS_BIT_CHECK(SERVER_MAXUDP_BIT, &peer->bitflags)) {
*maxudp = peer->maxudp;
return (ISC_R_SUCCESS);
} else {
return (ISC_R_NOTFOUND);
}
}
......@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: resolver.c,v 1.324 2006/01/04 04:14:39 marka Exp $ */
/* $Id: resolver.c,v 1.325 2006/01/05 00:01:46 marka Exp $ */
/*! \file */
......@@ -1297,10 +1297,15 @@ resquery_send(resquery_t *query) {
* Use EDNS0, unless the caller doesn't want it, or we know that
* the remote server doesn't like it.
*/
if (fctx->timeouts >= MAX_EDNS0_TIMEOUTS &&
if (fctx->timeouts >= (MAX_EDNS0_TIMEOUTS * 2) &&
(query->options & DNS_FETCHOPT_NOEDNS0) == 0) {
query->options |= DNS_FETCHOPT_NOEDNS0;
FCTXTRACE("too many timeouts, disabling EDNS0");
} else if (fctx->timeouts >= MAX_EDNS0_TIMEOUTS &&
(query->options & DNS_FETCHOPT_EDNS512) == 0) {
query->options |= DNS_FETCHOPT_EDNS512;
FCTXTRACE("too many timeouts, setting EDNS size to 512");
}
if ((query->options & DNS_FETCHOPT_NOEDNS0) == 0) {
......@@ -1314,7 +1319,9 @@ resquery_send(resquery_t *query) {
version = flags & DNS_FETCHOPT_EDNSVERSIONMASK;
version >>= DNS_FETCHOPT_EDNSVERSIONSHIFT;
}
if (peer != NULL)
if ((query->options & DNS_FETCHOPT_EDNS512) != 0)
udpsize = 512;
else if (peer != NULL)
(void)dns_peer_getudpsize(peer, &udpsize);
result = fctx_addopt(fctx->qmessage, version, udpsize);
if (result != ISC_R_SUCCESS) {
......
......@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: view.c,v 1.135 2006/01/04 23:50:24 marka Exp $ */
/* $Id: view.c,v 1.136 2006/01/05 00:01:46 marka Exp $ */
/*! \file */
......@@ -174,6 +174,7 @@ dns_view_create(isc_mem_t *mctx, dns_rdataclass_t rdclass,
view->preferred_glue = 0;
view->flush = ISC_FALSE;
view->dlv = NULL;
view->maxudp = 0;
dns_fixedname_init(&view->dlv_fixed);
result = dns_order_create(view->mctx, &view->order);
......
......@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: namedconf.c,v 1.60 2006/01/04 23:50:24 marka Exp $ */
/* $Id: namedconf.c,v 1.61 2006/01/05 00:01:46 marka Exp $ */
/*! \file */
......@@ -763,6 +763,7 @@ view_clauses[] = {
{ "preferred-glue", &cfg_type_astring, 0 },
{ "dual-stack-servers", &cfg_type_nameportiplist, 0 },
{ "edns-udp-size", &cfg_type_uint32, 0 },
{ "max-udp-size", &cfg_type_uint32, 0 },
{ "root-delegation-only", &cfg_type_optional_exclude, 0 },
{ "disable-algorithms", &cfg_type_disablealgorithm,
CFG_CLAUSEFLAG_MULTI },
......@@ -969,6 +970,7 @@ server_clauses[] = {
{ "keys", &cfg_type_server_key_kludge, 0 },
{ "edns", &cfg_type_boolean, 0 },
{ "edns-udp-size", &cfg_type_uint32, 0 },
{ "max-udp-size", &cfg_type_uint32, 0 },
{ "transfer-source", &cfg_type_sockaddr4wild, 0 },
{ "transfer-source-v6", &cfg_type_sockaddr6wild, 0 },
{ NULL, NULL, 0 }
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment