Only probe somewhat popular auths; i.e. auths that are revisited at least once

diff --git a/pdns/recursordist/docs/settings.rst b/pdns/recursordist/docs/settings.rst
index 005be69d9ccfb291932f8ba05d66114d613f159d..46d65110f1fd80042e6c8912ca4ae10571aaea46 100644 (file)
--- a/pdns/recursordist/docs/settings.rst
+++ b/pdns/recursordist/docs/settings.rst
@@ -1075,7 +1075,7 @@ See :ref:`hooks-maintenance-callback`
 - Integer
 - Default: 0
 
-Limit the maxmium number of simultaneous DoT probes the Recursor will schedule.
+Limit the maximum number of simultaneous DoT probes the Recursor will schedule.
 The default value 0 means no DoT probes are scheduled.
 
 DoT probes are used to check if an authoritative server's IP address supports DoT.

diff --git a/pdns/recursordist/taskqueue.hh b/pdns/recursordist/taskqueue.hh
index 99f82ca7c88c22ee56105fb2f5da925c40b6e06d..8740130f7e176b3dbee6acd486e7a3872d3b1e73 100644 (file)
--- a/pdns/recursordist/taskqueue.hh
+++ b/pdns/recursordist/taskqueue.hh
@@ -55,7 +55,7 @@ struct ResolveTask
   // Whether to run this task in regular mode (false) or in the mode that refreshes almost expired tasks
   bool d_refreshMode;
   // Use a function pointer as comparing std::functions is a nuisance
-  using TaskFunction  = void (*)(const struct timeval& now, bool logErrors, const ResolveTask& task);
+  using TaskFunction = void (*)(const struct timeval& now, bool logErrors, const ResolveTask& task);
   TaskFunction d_func;
   // IP used by DoT probe tasks
   ComboAddress d_ip;

diff --git a/pdns/syncres.cc b/pdns/syncres.cc
index cef04a77f851f4e67295e948b6aec5133fd4e8de..9f868d0f0868f59429543b24c348b212afed7ac8 100644 (file)
--- a/pdns/syncres.cc
+++ b/pdns/syncres.cc
@@ -288,10 +288,15 @@ static LockGuarded<fails_t<DNSName>> s_nonresolving;
 
 struct DoTStatus
 {
+  DoTStatus(const ComboAddress& ip, const DNSName& auth, time_t ttd) :
+    d_address(ip), d_auth(auth), d_ttd(ttd)
+  {
+  }
   enum Status : uint8_t { Unknown, Busy, Bad, Good };
   const ComboAddress d_address;
   const DNSName d_auth;
   time_t d_ttd;
+  mutable uint64_t d_count{0};
   mutable Status d_status{Unknown};
   std::string toString() const
   {
@@ -1217,7 +1222,7 @@ uint64_t SyncRes::doDumpDoTProbeMap(int fd)
     return 0;
   }
   fprintf(fp.get(), "; DoT probing map follows");
-  fprintf(fp.get(), "; ip\tstatus\tttd\n");
+  fprintf(fp.get(), "; ip\tdomain\tcount\tstatus\tttd\n");
   uint64_t count=0;
 
   // We get a copy, so the I/O does not need to happen while holding the lock
@@ -1229,7 +1234,7 @@ uint64_t SyncRes::doDumpDoTProbeMap(int fd)
   for (const auto& i : copy.d_map) {
     count++;
     char tmp[26];
-    fprintf(fp.get(), "%s\t%s\t%s\t%s\n", i.d_address.toString().c_str(), i.d_auth.toString().c_str(), i.toString().c_str(), timestamp(i.d_ttd, tmp, sizeof(tmp)));
+    fprintf(fp.get(), "%s\t%s\t%" PRIu64 "\t%s\t%s\n", i.d_address.toString().c_str(), i.d_auth.toString().c_str(), i.d_count, i.toString().c_str(), timestamp(i.d_ttd, tmp, sizeof(tmp)));
   }
   return count;
 }
@@ -4751,6 +4756,10 @@ static void submitTryDotTask(ComboAddress address, const DNSName& auth, time_t n
     if (it->d_status == DoTStatus::Good) {
       return;
     }
+    // We only want to probe auths that we have seen before, auth that only come around once are not interesting
+    if (it->d_status == DoTStatus::Unknown && it->d_count == 0) {
+      return;
+    }
   }
   lock->d_map.modify(it, [=] (DoTStatus& st){ st.d_ttd = now + dotFailWait; });
   bool pushed = pushTryDoTTask(auth, QType::SOA, address, std::numeric_limits<time_t>::max());
@@ -4766,9 +4775,9 @@ static bool shouldDoDoT(ComboAddress address, time_t now)
   auto lock = s_dotMap.lock();
   auto it = lock->d_map.find(address);
   if (it == lock->d_map.end()) {
-    // Pruned...
     return false;
   }
+  it->d_count++;
   if (it->d_status == DoTStatus::Good && it->d_ttd > now) {
     return true;
   }