d_totUsec += lwr.d_usec;
accountAuthLatency(lwr.d_usec, remoteIP.sin4.sin_family);
+ bool dontThrottle = false;
+ {
+ auto dontThrottleNames = g_dontThrottleNames.getLocal();
+ auto dontThrottleNetmasks = g_dontThrottleNetmasks.getLocal();
+ dontThrottle = dontThrottleNames->check(nsName) || dontThrottleNetmasks->match(remoteIP);
+ }
+
if(resolveret != 1) {
/* Error while resolving */
if(resolveret == 0) {
LOG(prefix<<qname<<": error resolving from "<<remoteIP.toString()<< (doTCP ? " over TCP" : "") <<", possible error: "<<strerror(errno)<< endl);
}
- auto dontThrottleNames = g_dontThrottleNames.getLocal();
- auto dontThrottleNetmasks = g_dontThrottleNetmasks.getLocal();
-
- if(resolveret != -2 && !chained && !(dontThrottleNames->check(nsName) || dontThrottleNetmasks->match(remoteIP))) {
+ if(resolveret != -2 && !chained && !dontThrottle) {
// don't account for resource limits, they are our own fault
// And don't throttle when the IP address is on the dontThrottleNetmasks list or the name is part of dontThrottleNames
t_sstorage.nsSpeeds[nsName.empty()? DNSName(remoteIP.toStringWithPort()) : nsName].submit(remoteIP, 1000000, &d_now); // 1 sec
/* we got an answer */
if(lwr.d_rcode==RCode::ServFail || lwr.d_rcode==RCode::Refused) {
LOG(prefix<<qname<<": "<<nsName<<" ("<<remoteIP.toString()<<") returned a "<< (lwr.d_rcode==RCode::ServFail ? "ServFail" : "Refused") << ", trying sibling IP or NS"<<endl);
- if (!chained) {
+ if (!chained && !dontThrottle) {
t_sstorage.throttle.throttle(d_now.tv_sec, boost::make_tuple(remoteIP, qname, qtype.getCode()), 60, 3);
}
return false;
if(lwr.d_tcbit) {
*truncated = true;
- if (doTCP) {
+ if (doTCP && !dontThrottle) {
LOG(prefix<<qname<<": truncated bit set, over TCP?"<<endl);
/* let's treat that as a ServFail answer from this server */
t_sstorage.throttle.throttle(d_now.tv_sec, boost::make_tuple(remoteIP, qname, qtype.getCode()), 60, 3);
projects / thirdparty / pdns.git / commitdiff
