Slightly different approach as suggested by rgacogne: if

qname-minimization is active, force maxqperq to be >= 100.

diff --git a/pdns/pdns_recursor.cc b/pdns/pdns_recursor.cc
index 0c8319e796d31efed5c6132e5b87bfb8b48f5537..c7a2598ead491663dc7fb3c70d99628b12e9af12 100644 (file)
--- a/pdns/pdns_recursor.cc
+++ b/pdns/pdns_recursor.cc
@@ -3970,7 +3970,7 @@ static int serviceMain(int argc, char*argv[])
   if (SyncRes::s_qnameminimization) {
     // With an empty cache, a rev ipv6 query with dnssec enabled takes
     // almost 100 queries. Default maxqperq is 60.
-    SyncRes::s_maxqperq = SyncRes::s_maxqperq * 5 / 3;
+    SyncRes::s_maxqperq = std::max(SyncRes::s_maxqperq, 100);
   }
 
   SyncRes::s_hardenNXD = SyncRes::HardenNXD::DNSSEC;

diff --git a/pdns/recursordist/docs/settings.rst b/pdns/recursordist/docs/settings.rst
index 41c17262619b66e36b725159d9c641a58f24508b..cbebe9f2ef239d9580ae5c597d4d5f12b8eaf937 100644 (file)
--- a/pdns/recursordist/docs/settings.rst
+++ b/pdns/recursordist/docs/settings.rst
@@ -918,8 +918,8 @@ Maximum number of Packet Cache entries.
 
 The maximum number of outgoing queries that will be sent out during the resolution of a single client query.
 This is used to limit endlessly chasing CNAME redirections.
-If qname-minimization is enabled, the number will be increased to
-allow for the extra queries qname-minimization generates when the cache is empty.
+If qname-minimization is enabled, the number will be forced to be 100
+at a minimum to allow for the extra queries qname-minimization generates when the cache is empty.
 
 .. _setting-max-negative-ttl: