From: Pieter Lexis <pieter.lexis@powerdns.com>
Date: Thu, 18 Apr 2019 15:47:27 +0000 (+0200)
Subject: Also don't throttle on SERVFAIL/REFUSED or TC over TCP
X-Git-Tag: rec-4.2.0-beta1~7^2~4
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=5c8c72bf1e4cec59c31445cdc6d97e7669c74669;p=thirdparty%2Fpdns.git

Also don't throttle on SERVFAIL/REFUSED or TC over TCP
---

diff --git a/pdns/syncres.cc b/pdns/syncres.cc
index 2c156c562f..13482fb068 100644
--- a/pdns/syncres.cc
+++ b/pdns/syncres.cc
@@ -2751,6 +2751,13 @@ bool SyncRes::doResolveAtThisIP(const std::string& prefix, const DNSName& qname,
   d_totUsec += lwr.d_usec;
   accountAuthLatency(lwr.d_usec, remoteIP.sin4.sin_family);
 
+  bool dontThrottle = false;
+  {
+    auto dontThrottleNames = g_dontThrottleNames.getLocal();
+    auto dontThrottleNetmasks = g_dontThrottleNetmasks.getLocal();
+    dontThrottle = dontThrottleNames->check(nsName) || dontThrottleNetmasks->match(remoteIP);
+  }
+
   if(resolveret != 1) {
     /* Error while resolving */
     if(resolveret == 0) {
@@ -2780,10 +2787,7 @@ bool SyncRes::doResolveAtThisIP(const std::string& prefix, const DNSName& qname,
       LOG(prefix<<qname<<": error resolving from "<<remoteIP.toString()<< (doTCP ? " over TCP" : "") <<", possible error: "<<strerror(errno)<< endl);
     }
 
-    auto dontThrottleNames = g_dontThrottleNames.getLocal();
-    auto dontThrottleNetmasks = g_dontThrottleNetmasks.getLocal();
-
-    if(resolveret != -2 && !chained && !(dontThrottleNames->check(nsName) || dontThrottleNetmasks->match(remoteIP))) {
+    if(resolveret != -2 && !chained && !dontThrottle) {
       // don't account for resource limits, they are our own fault
       // And don't throttle when the IP address is on the dontThrottleNetmasks list or the name is part of dontThrottleNames
       t_sstorage.nsSpeeds[nsName.empty()? DNSName(remoteIP.toStringWithPort()) : nsName].submit(remoteIP, 1000000, &d_now); // 1 sec
@@ -2810,7 +2814,7 @@ bool SyncRes::doResolveAtThisIP(const std::string& prefix, const DNSName& qname,
   /* we got an answer */
   if(lwr.d_rcode==RCode::ServFail || lwr.d_rcode==RCode::Refused) {
     LOG(prefix<<qname<<": "<<nsName<<" ("<<remoteIP.toString()<<") returned a "<< (lwr.d_rcode==RCode::ServFail ? "ServFail" : "Refused") << ", trying sibling IP or NS"<<endl);
-    if (!chained) {
+    if (!chained && !dontThrottle) {
       t_sstorage.throttle.throttle(d_now.tv_sec, boost::make_tuple(remoteIP, qname, qtype.getCode()), 60, 3);
     }
     return false;
@@ -2824,7 +2828,7 @@ bool SyncRes::doResolveAtThisIP(const std::string& prefix, const DNSName& qname,
   if(lwr.d_tcbit) {
     *truncated = true;
 
-    if (doTCP) {
+    if (doTCP && !dontThrottle) {
       LOG(prefix<<qname<<": truncated bit set, over TCP?"<<endl);
       /* let's treat that as a ServFail answer from this server */
       t_sstorage.throttle.throttle(d_now.tv_sec, boost::make_tuple(remoteIP, qname, qtype.getCode()), 60, 3);