Commit bc6af069 authored by Mark Andrews's avatar Mark Andrews

2190. [func] Make fallback to plain DNS from EDNS due to timeouts

                        more visible.  New logging category "edns-disabled".
                        [RT #16871]
parent 4bb0f104
2190. [func] Make fallback to plain DNS from EDNS due to timeouts
more visible. New logging category "edns-disabled".
[RT #16871]
2189. [bug] Handle socket() returning EINTR. [RT #15949]
2188. [contrib] queryperf: autoconf changes to make the search for
......
......@@ -18,7 +18,7 @@
- PERFORMANCE OF THIS SOFTWARE.
-->
<!-- File: $Id: Bv9ARM-book.xml,v 1.324 2007/05/16 04:33:28 marka Exp $ -->
<!-- File: $Id: Bv9ARM-book.xml,v 1.325 2007/05/21 02:03:22 marka Exp $ -->
<book xmlns:xi="http://www.w3.org/2001/XInclude">
<title>BIND 9 Administrator Reference Manual</title>
......@@ -4273,10 +4273,43 @@ category notify { null; };
</para>
</entry>
</row>
</tbody>
</tgroup>
</informaltable>
</sect3>
<row rowsep="0">
<entry colname="1">
<para><command>edns-disabled</command></para>
</entry>
<entry colname="2">
<para>
Log queries that have been forced to use plain
DNS due to timeouts. This is often due to
the remote servers not being RFC 1034 compliant
(not always returning FORMERR or similar to
EDNS queries and other extension to the DNS
when they are not understood). i.e. this is
targeted at servers that fail to respond to
DNS queries that they don't understand.
</para>
<para>
Note: the log message can be also due to
packet loss. Before reporting servers for
non RFC 1034 compliance they should be re-tested
to determine the nature of of the non-compliance.
This testing should prevent / reduce the
number of false positive reports.
</para>
<para>
Note: eventually named will have to stop
treating such timeouts as due to RFC 1034 non
compliance and start treating it as plain
packet loss as falsely classifying packet
loss as due to RFC 1034 non compliance impacts
on DNSSEC validation.
</para>
</entry>
</row>
</tbody>
</tgroup>
</informaltable>
</sect3>
</sect2>
<sect2>
......
......@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: log.h,v 1.39 2006/12/22 01:59:43 marka Exp $ */
/* $Id: log.h,v 1.40 2007/05/21 02:03:22 marka Exp $ */
/*! \file dns/log.h
* \author Principal Authors: DCL */
......@@ -41,6 +41,7 @@ LIBDNS_EXTERNAL_DATA extern isc_logmodule_t dns_modules[];
#define DNS_LOGCATEGORY_DISPATCH (&dns_categories[8])
#define DNS_LOGCATEGORY_LAME_SERVERS (&dns_categories[9])
#define DNS_LOGCATEGORY_DELEGATION_ONLY (&dns_categories[10])
#define DNS_LOGCATEGORY_EDNS_DISABLED (&dns_categories[11])
/* Backwards compatibility. */
#define DNS_LOGCATEGORY_GENERAL ISC_LOGCATEGORY_GENERAL
......
......@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: log.c,v 1.42 2006/12/22 01:59:43 marka Exp $ */
/* $Id: log.c,v 1.43 2007/05/21 02:03:22 marka Exp $ */
/*! \file */
......@@ -43,6 +43,7 @@ LIBDNS_EXTERNAL_DATA isc_logcategory_t dns_categories[] = {
{ "dispatch", 0 },
{ "lame-servers", 0 },
{ "delegation-only", 0 },
{ "edns-disabled", 0 },
{ NULL, 0 }
};
......
......@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: resolver.c,v 1.346 2007/03/29 04:13:22 marka Exp $ */
/* $Id: resolver.c,v 1.347 2007/05/21 02:03:22 marka Exp $ */
/*! \file */
......@@ -1331,6 +1331,17 @@ add_triededns512(fetchctx_t *fctx, isc_sockaddr_t *address) {
ISC_LIST_INITANDAPPEND(fctx->edns512, sa, link);
}
static inline void
log_edns(fetchctx_t *fctx) {
char domainbuf[DNS_NAME_FORMATSIZE];
dns_name_format(&fctx->domain, domainbuf, sizeof(domainbuf));
isc_log_write(dns_lctx, DNS_LOGCATEGORY_EDNS_DISABLED,
DNS_LOGMODULE_RESOLVER, ISC_LOG_INFO,
"too many timeouts resolving '%s' (in '%s'?): "
"disabling EDNS", fctx->info, domainbuf);
}
static isc_result_t
resquery_send(resquery_t *query) {
fetchctx_t *fctx;
......@@ -1485,7 +1496,7 @@ resquery_send(resquery_t *query) {
fctx->timeouts >= (MAX_EDNS0_TIMEOUTS * 2)) &&
(query->options & DNS_FETCHOPT_NOEDNS0) == 0) {
query->options |= DNS_FETCHOPT_NOEDNS0;
FCTXTRACE("too many timeouts, disabling EDNS0");
log_edns(fctx);
} else if ((triededns(fctx, &query->addrinfo->sockaddr) ||
fctx->timeouts >= MAX_EDNS0_TIMEOUTS) &&
(query->options & DNS_FETCHOPT_NOEDNS0) == 0) {
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment