Deprecate (or improve/replace) the fetches-per-zone option
The fetches-per-zone
is a measure to prevent abuse of the nameservers.
How we pick a bucket?
When fetch (fctx
) is created, the fctx->domain
is initialized with a domain name that could be:
Argument passed by the called
domain
passed by the caller - from dns_adb
/fetch_name
when start_at_name
is set and from ns_query
/ns_query_recurse()
No example here, we can (sort of) ignore this case.
In the forward-only mode
The .
when we are in forward-only mode - there's only a single counter!
With QNAME Minimization On and Off
increasing counter for '.' in the '0x7fed97e3e000/www.google.com/A' to 1 (allowed 1 spilled 0)
increasing counter for '.' in the '0x7fed97a26800/com/DS' to 2 (allowed 2 spilled 0)
increasing counter for '.' in the '0x7fed97a25400/google.com/DS' to 3 (allowed 3 spilled 0)
decreasing counter for '.' in the '0x7fed97a26800/com/DS' to 2 (allowed 3 spilled 0)
increasing counter for '.' in the '0x7fed97226800/com/DNSKEY' to 3 (allowed 4 spilled 0)
decreasing counter for '.' in the '0x7fed97226800/com/DNSKEY' to 2 (allowed 4 spilled 0)
decreasing counter for '.' in the '0x7fed97a25400/google.com/DS' to 1 (allowed 4 spilled 0)
dropping counter for '.' in the '0x7fed97e3e000/www.google.com/A' to 0 (allowed 4 spilled 0)
Everything else
Whatever dns_view_findzonecut()
returns. This includes forward-first configurations.
Example with QNAME minimization:
increasing counter for '.' in the '0x7f4b9983e000/www.google.com/A' to 1 (allowed 1 spilled 0)
increasing counter for '.' in the '0x7f4b9b81a000/_.com/A' to 2 (allowed 2 spilled 0)
decreasing counter for '.' in the '0x7f4b9b81a000/_.com/A' to 1 (allowed 2 spilled 0)
increasing counter for 'com' in the '0x7f4b9b81a000/_.com/A' to 1 (allowed 1 spilled 0)
dropping counter for 'com' in the '0x7f4b9b81a000/_.com/A' to 0 (allowed 1 spilled 0)
dropping counter for '.' in the '0x7f4b9983e000/www.google.com/A' to 0 (allowed 2 spilled 0)
increasing counter for 'com' in the '0x7f4b9983e000/www.google.com/A' to 1 (allowed 1 spilled 0)
increasing counter for 'com' in the '0x7f4b9b81a000/_.google.com/A' to 2 (allowed 2 spilled 0)
decreasing counter for 'com' in the '0x7f4b9b81a000/_.google.com/A' to 1 (allowed 2 spilled 0)
increasing counter for 'google.com' in the '0x7f4b9b81a000/_.google.com/A' to 1 (allowed 1 spilled 0)
dropping counter for 'google.com' in the '0x7f4b9b81a000/_.google.com/A' to 0 (allowed 1 spilled 0)
dropping counter for 'com' in the '0x7f4b9983e000/www.google.com/A' to 0 (allowed 2 spilled 0)
increasing counter for 'google.com' in the '0x7f4b9983e000/www.google.com/A' to 1 (allowed 1 spilled 0)
increasing counter for 'com' in the '0x7f4b9b81c800/google.com/DS' to 1 (allowed 1 spilled 0)
increasing counter for 'com' in the '0x7f4b99027800/com/DNSKEY' to 2 (allowed 2 spilled 0)
decreasing counter for 'com' in the '0x7f4b99027800/com/DNSKEY' to 1 (allowed 2 spilled 0)
dropping counter for 'com' in the '0x7f4b9b81c800/google.com/DS' to 0 (allowed 2 spilled 0)
dropping counter for 'google.com' in the '0x7f4b9983e000/www.google.com/A' to 0 (allowed 1 spilled 0)
Example without QNAME minimization:
increasing counter for '.' in the '0x7fc30803e000/www.google.com/A' to 1 (allowed 1 spilled 0)
dropping counter for '.' in the '0x7fc30803e000/www.google.com/A' to 0 (allowed 1 spilled 0)
increasing counter for 'com' in the '0x7fc30803e000/www.google.com/A' to 1 (allowed 1 spilled 0)
dropping counter for 'com' in the '0x7fc30803e000/www.google.com/A' to 0 (allowed 1 spilled 0)
increasing counter for 'com' in the '0x7fc30803e000/www.google.com/A' to 1 (allowed 1 spilled 0)
dropping counter for 'com' in the '0x7fc30803e000/www.google.com/A' to 0 (allowed 1 spilled 0)
increasing counter for 'google.com' in the '0x7fc30803e000/www.google.com/A' to 1 (allowed 1 spilled 0)
dropping counter for 'google.com' in the '0x7fc30803e000/www.google.com/A' to 0 (allowed 1 spilled 0)
increasing counter for 'google.com' in the '0x7fc30803e000/www.google.com/A' to 1 (allowed 1 spilled 0)
increasing counter for 'com' in the '0x7fc307c28c00/google.com/DS' to 1 (allowed 1 spilled 0)
increasing counter for 'com' in the '0x7fc307c27800/com/DNSKEY' to 2 (allowed 2 spilled 0)
decreasing counter for 'com' in the '0x7fc307c27800/com/DNSKEY' to 1 (allowed 2 spilled 0)
dropping counter for 'com' in the '0x7fc307c28c00/google.com/DS' to 0 (allowed 2 spilled 0)
dropping counter for 'google.com' in the '0x7fc30803e000/www.google.com/A' to 0 (allowed 1 spilled 0)
NOTE: The similar effect here has the fetches-per-server
- but fetches-per-server
is more fine-grained.