3 October 2025: Yorgos
- Note 'respip' and 'dns64' module order in the unbound.conf
man page.
+ - Note clearly that 'wait-limit: 0' disables all wait limits.
+ - 'wait-limit-cookie: 0' can now disable cookie validated wait
+ limits.
2 October 2025: Wouter
- Fix that https is set up as enabled when the port is listed in
This makes a ratelimit per IP address of waiting replies for recursion.
It stops very large amounts of queries waiting to be returned to one
destination.
- The value ``0`` disables wait limits.
+ The value ``0`` disables all wait limits.
Default: 1000
@@UAHL@unbound.conf@wait-limit-cookie@@: *<number>*
The number of replies that can wait for recursion, for an IP address
that sent the query with a valid DNS Cookie.
- Since the cookie validates the client address, this limit can be higher.
+ Since the cookie already validates the client address, this option allows
+ to override a configured
+ :ref:`wait-limit<unbound.conf.wait-limit>` value usually with a higher one
+ for cookie validated queries.
+ The value ``0`` disables wait limits for cookie validated queries.
Default: 10000
int cookie_valid, struct config_file* cfg)
{
struct lruhash_entry* entry;
- if(cfg->wait_limit == 0)
+ if(cfg->wait_limit == 0 ||
+ (cookie_valid && cfg->wait_limit_cookie == 0))
return 1;
entry = infra_find_ip_ratedata(infra, &rep->client_addr,
projects / thirdparty / unbound.git / commitdiff
