Commit 3a366622 authored by Mark Andrews's avatar Mark Andrews
Browse files

Merge branch '2305-adjust-recursion-limits' into 'main'

Adjust recursion limits

Closes #2305

See merge request !4424
parents 1d11013a ab0bf492
Pipeline #58216 passed with stages
in 2 minutes and 4 seconds
5541. [func] Adjust the "max-recursion-queries" default from 75 to
100. [GL #2305]
5540. [port] Fix building with native PKCS#11 support for AEP Keyper.
[GL #2315]
......
......@@ -170,7 +170,7 @@ options {\n\
max-clients-per-query 100;\n\
max-ncache-ttl 10800; /* 3 hours */\n\
max-recursion-depth 7;\n\
max-recursion-queries 75;\n\
max-recursion-queries 100;\n\
max-stale-ttl 43200; /* 12 hours */\n\
message-compression yes;\n\
min-ncache-ttl 0; /* 0 hours */\n\
......
......@@ -3514,7 +3514,7 @@ Tuning
``max-recursion-queries``
This sets the maximum number of iterative queries that may be sent while
servicing a recursive query. If more queries are sent, the recursive
query is terminated and returns SERVFAIL. The default is 75.
query is terminated and returns SERVFAIL. The default is 100.
``notify-delay``
This sets the delay, in seconds, between sending sets of NOTIFY messages for a
......
......@@ -41,6 +41,12 @@ Feature Changes
configuration. A new option 'nsec3param' can be used to set the desired
NSEC3 parameters, and will detect collisions when resalting. [GL #1620].
- Adjust the ``max-recursion-queries`` default from 75 to 100. Since the
queries sent towards root and TLD servers are now included in the
count (as a result of the fix for CVE-2020-8616), ``max-recursion-queries``
has a higher chance of being exceeded by non-attack queries, which is the
main reason for increasing its default value. [GL #2305]
Bug Fixes
~~~~~~~~~
......
......@@ -181,7 +181,7 @@
/* The default maximum number of iterative queries to allow before giving up. */
#ifndef DEFAULT_MAX_QUERIES
#define DEFAULT_MAX_QUERIES 75
#define DEFAULT_MAX_QUERIES 100
#endif /* ifndef DEFAULT_MAX_QUERIES */
/*
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment