Skip to content

update-policy external is synchronous and blocking without timeouts

Summary

update-policy external is using synchronous blocking I/O on a Unix socket.

BIND version used

0744ebe2, but as far as I can tell all versions after 9.8.0b1 are affected. (We did not have the external policy before that version.)

Steps to reproduce

I've just looked at the code - function dns_ssu_external_match().

What is the current bug behavior?

Connect/write/read operations are done synchronously on an unix socket. If the external system takes non-zero time to process the query (say, because it's doing database lookups ... or because it just crashed) a named thread will be blocked while waiting for the answer.

What is the expected correct behavior?

I would expect it to be asynchronous... Or that we don't have the policy :-0

To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information