Commit be7fba80 authored by Evan Hunt's avatar Evan Hunt
Browse files

[master] adjust max-recursion-queries

4021.	[bug]		Adjust max-recursion-queries to accommodate
			the need for more queries when the cache is
			empty. [RT #38104]
parent 132410d3
4021. [bug] Adjust max-recursion-queries to accommodate
the need for more queries when the cache is
empty. [RT #38104]
4020. [bug] Change 3736 broke nsupdate's SOA MNAME discovery
resulting in updates being sent to the wrong server.
[RT #37925]
......
......@@ -175,7 +175,7 @@ options {\n\
clients-per-query 10;\n\
max-clients-per-query 100;\n\
max-recursion-depth 7;\n\
max-recursion-queries 50;\n\
max-recursion-queries 75;\n\
zero-no-soa-ttl-cache no;\n\
nsec3-test-zone no;\n\
allow-new-zones no;\n\
......
......@@ -27,6 +27,7 @@ options {
listen-on-v6 { none; };
servfail-ttl 0;
max-recursion-depth 100;
max-recursion-queries 50;
};
key rndc_key {
......
......@@ -9123,8 +9123,10 @@ avoid-v6-udp-ports { 40000; range 50000 60000; };
Sets the maximum number of iterative queries that
may be sent while servicing a recursive query.
If more queries are sent, the recursive query
is terminated and returns SERVFAIL. The default
is 50.
is terminated and returns SERVFAIL. Queries to
look up top level comains such as "com" and "net"
and the DNS root zone are exempt from this limitation.
The default is 75.
</para>
</listitem>
</varlistentry>
......
......@@ -423,6 +423,13 @@
rather than the SOA MNAME server when sending the UPDATE.
</para>
</listitem>
<listitem>
<para>
Adjusted max-recursion-queries to accommodate the smaller
initial packet sizes used in BIND 9.10 and higher when
contacting authoritative servers for the first time.
</para>
</listitem>
</itemizedlist>
</sect2>
<sect2 id="end_of_life">
......
......@@ -3893,11 +3893,11 @@ fetch_callback(isc_task_t *task, isc_event_t *ev) {
goto out;
/* XXXMLG Don't pound on bad servers. */
if (address_type == DNS_ADBFIND_INET) {
name->expire_v4 = ISC_MIN(name->expire_v4, now + 300);
name->expire_v4 = ISC_MIN(name->expire_v4, now + 10);
name->fetch_err = FIND_ERR_FAILURE;
inc_stats(adb, dns_resstatscounter_gluefetchv4fail);
} else {
name->expire_v6 = ISC_MIN(name->expire_v6, now + 300);
name->expire_v6 = ISC_MIN(name->expire_v6, now + 10);
name->fetch6_err = FIND_ERR_FAILURE;
inc_stats(adb, dns_resstatscounter_gluefetchv6fail);
}
......
......@@ -164,7 +164,7 @@
/* The default maximum number of iterative queries to allow before giving up. */
#ifndef DEFAULT_MAX_QUERIES
#define DEFAULT_MAX_QUERIES 50
#define DEFAULT_MAX_QUERIES 75
#endif
/*%
......@@ -3416,6 +3416,16 @@ fctx_try(fetchctx_t *fctx, isc_boolean_t retrying, isc_boolean_t badcache) {
REQUIRE(!ADDRWAIT(fctx));
/* We've already exceeded maximum query count */
if (isc_counter_used(fctx->qc) > fctx->res->maxqueries) {
isc_log_write(dns_lctx, DNS_LOGCATEGORY_RESOLVER,
DNS_LOGMODULE_RESOLVER, ISC_LOG_DEBUG(3),
"exceeded max queries resolving '%s'",
fctx->info);
fctx_done(fctx, DNS_R_SERVFAIL, __LINE__);
return;
}
addrinfo = fctx_nextaddress(fctx);
if (addrinfo == NULL) {
/*
......@@ -3453,14 +3463,16 @@ fctx_try(fetchctx_t *fctx, isc_boolean_t retrying, isc_boolean_t badcache) {
}
}
result = isc_counter_increment(fctx->qc);
if (result != ISC_R_SUCCESS) {
isc_log_write(dns_lctx, DNS_LOGCATEGORY_RESOLVER,
DNS_LOGMODULE_RESOLVER, ISC_LOG_DEBUG(3),
"exceeded max queries resolving '%s'",
fctx->info);
fctx_done(fctx, DNS_R_SERVFAIL, __LINE__);
return;
if (dns_name_countlabels(&fctx->domain) > 2) {
result = isc_counter_increment(fctx->qc);
if (result != ISC_R_SUCCESS) {
isc_log_write(dns_lctx, DNS_LOGCATEGORY_RESOLVER,
DNS_LOGMODULE_RESOLVER, ISC_LOG_DEBUG(3),
"exceeded max queries resolving '%s'",
fctx->info);
fctx_done(fctx, DNS_R_SERVFAIL, __LINE__);
return;
}
}
result = fctx_query(fctx, addrinfo, fctx->options);
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment