Commit 3a366622 authored by Mark Andrews's avatar Mark Andrews
Browse files

Merge branch '2305-adjust-recursion-limits' into 'main'

Adjust recursion limits

Closes #2305

See merge request isc-projects/bind9!4424
parents 1d11013a ab0bf492
Pipeline #58216 passed with stages
in 2 minutes and 4 seconds
5541. [func] Adjust the "max-recursion-queries" default from 75 to
100. [GL #2305]
5540. [port] Fix building with native PKCS#11 support for AEP Keyper.
[GL #2315]
......@@ -170,7 +170,7 @@ options {\n\
max-clients-per-query 100;\n\
max-ncache-ttl 10800; /* 3 hours */\n\
max-recursion-depth 7;\n\
max-recursion-queries 75;\n\
max-recursion-queries 100;\n\
max-stale-ttl 43200; /* 12 hours */\n\
message-compression yes;\n\
min-ncache-ttl 0; /* 0 hours */\n\
......@@ -3514,7 +3514,7 @@ Tuning
This sets the maximum number of iterative queries that may be sent while
servicing a recursive query. If more queries are sent, the recursive
query is terminated and returns SERVFAIL. The default is 75.
query is terminated and returns SERVFAIL. The default is 100.
This sets the delay, in seconds, between sending sets of NOTIFY messages for a
......@@ -41,6 +41,12 @@ Feature Changes
configuration. A new option 'nsec3param' can be used to set the desired
NSEC3 parameters, and will detect collisions when resalting. [GL #1620].
- Adjust the ``max-recursion-queries`` default from 75 to 100. Since the
queries sent towards root and TLD servers are now included in the
count (as a result of the fix for CVE-2020-8616), ``max-recursion-queries``
has a higher chance of being exceeded by non-attack queries, which is the
main reason for increasing its default value. [GL #2305]
Bug Fixes
......@@ -181,7 +181,7 @@
/* The default maximum number of iterative queries to allow before giving up. */
#endif /* ifndef DEFAULT_MAX_QUERIES */
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment