For zones having many NS records, we are not interested in all so take a sample.

diff --git a/pdns/recursordist/docs/settings.rst b/pdns/recursordist/docs/settings.rst
index 529d0b4d82115854bb7a9c7dd26f1fba3b3484ce..d918804c87677371f4aac75501a4d7caf146a106 100644 (file)
--- a/pdns/recursordist/docs/settings.rst
+++ b/pdns/recursordist/docs/settings.rst
@@ -1224,6 +1224,19 @@ it by the number of NS records found above the
 `max-ns-address-qperq`_ value. The limit wil not be reduced to a
 number lower than 5.
 
+.. _setting-max-ns-per-resolve:
+
+``max-ns-per-resolve``
+----------------------
+.. versionadded:: 4.8.0
+
+-  Integer
+-  Default: 13
+
+The maximum number of NS records that will be considered to select a nameserver to contact to resolve a name.
+If a zone has more than `max-ns-per-resolve`_ NS records, a random sample of this size will be used.
+If `max-ns-per-resolve`_ is zero, no limit applies.
+
 .. _setting-max-negative-ttl:
 
 ``max-negative-ttl``

diff --git a/pdns/recursordist/rec-main.cc b/pdns/recursordist/rec-main.cc
index 595903de261811878adce01d880ed0b3fd67dd76..4c1d563bb1c8883ee9c2cfb9fa1eb2681c0d0b27 100644 (file)
--- a/pdns/recursordist/rec-main.cc
+++ b/pdns/recursordist/rec-main.cc
@@ -1496,6 +1496,7 @@ static int serviceMain(int argc, char* argv[], Logr::log_t log)
   SyncRes::s_nonresolvingnsthrottletime = ::arg().asNum("non-resolving-ns-throttle-time");
   SyncRes::s_serverID = ::arg()["server-id"];
   SyncRes::s_maxqperq = ::arg().asNum("max-qperq");
+  SyncRes::s_maxnsperresolve = ::arg().asNum("max-ns-per-resolve");
   SyncRes::s_maxnsaddressqperq = ::arg().asNum("max-ns-address-qperq");
   SyncRes::s_maxtotusec = 1000 * ::arg().asNum("max-total-msec");
   SyncRes::s_maxdepth = ::arg().asNum("max-recursion-depth");
@@ -2702,6 +2703,7 @@ int main(int argc, char** argv)
     ::arg().set("edns-outgoing-bufsize", "Outgoing EDNS buffer size") = "1232";
     ::arg().set("minimum-ttl-override", "The minimum TTL") = "1";
     ::arg().set("max-qperq", "Maximum outgoing queries per query") = "60";
+    ::arg().set("max-ns-per-resolve", "Maximum number of NS records to consider to resolve a name, 0 is no limit") = "13";
     ::arg().set("max-ns-address-qperq", "Maximum outgoing NS address queries per query") = "10";
     ::arg().set("max-total-msec", "Maximum total wall-clock time per query in milliseconds, 0 for unlimited") = "7000";
     ::arg().set("max-recursion-depth", "Maximum number of internal recursion calls per query, 0 for unlimited") = "40";

diff --git a/pdns/syncres.cc b/pdns/syncres.cc
index c9d3c5fa3fa03645ac61faffe9368bed6209f0ea..3a9006bb23a99c9bfe0a1c41747c79f92fed43ca 100644 (file)
--- a/pdns/syncres.cc
+++ b/pdns/syncres.cc
@@ -414,6 +414,7 @@ unsigned int SyncRes::s_maxnegttl;
 unsigned int SyncRes::s_maxbogusttl;
 unsigned int SyncRes::s_maxcachettl;
 unsigned int SyncRes::s_maxqperq;
+unsigned int SyncRes::s_maxnsperresolve;
 unsigned int SyncRes::s_maxnsaddressqperq;
 unsigned int SyncRes::s_maxtotusec;
 unsigned int SyncRes::s_maxdepth;
@@ -2198,6 +2199,12 @@ void SyncRes::getBestNSFromCache(const DNSName &qname, const QType qtype, vector
     *flawedNSSet = false;
 
     if(g_recCache->get(d_now.tv_sec, subdomain, QType::NS, false, &ns, d_cacheRemote, false, d_routingTag) > 0) {
+      if (s_maxnsperresolve > 0 && ns.size() > s_maxnsperresolve) {
+        vector<DNSRecord> selected;
+        selected.reserve(s_maxnsperresolve);
+        std::sample(ns.cbegin(), ns.cend(), std::back_inserter(selected), s_maxnsperresolve, pdns::dns_random_engine());
+        ns = selected;
+      }
       bestns.reserve(ns.size());
 
       for(auto k=ns.cbegin();k!=ns.cend(); ++k) {

diff --git a/pdns/syncres.hh b/pdns/syncres.hh
index c07ecfa26df99e4bd23e25573f308c12be57f8b1..fd18d37a8adefb8c3a8030ffa92a536819f55ff0 100644 (file)
--- a/pdns/syncres.hh
+++ b/pdns/syncres.hh
@@ -459,6 +459,7 @@ public:
   static unsigned int s_minimumTTL;
   static unsigned int s_minimumECSTTL;
   static unsigned int s_maxqperq;
+  static unsigned int s_maxnsperresolve;
   static unsigned int s_maxnsaddressqperq;
   static unsigned int s_maxtotusec;
   static unsigned int s_maxdepth;