From 21f02a086562abc10ff203f2c0a835b947690e93 Mon Sep 17 00:00:00 2001 From: Yorgos Thessalonikefs Date: Fri, 3 Oct 2025 16:44:44 +0200 Subject: [PATCH] - Note clearly that 'wait-limit: 0' disables all wait limits. - 'wait-limit-cookie: 0' can now disable cookie validated wait limits. --- doc/Changelog | 3 +++ doc/unbound.conf.rst | 8 ++++++-- services/cache/infra.c | 3 ++- 3 files changed, 11 insertions(+), 3 deletions(-) diff --git a/doc/Changelog b/doc/Changelog index 28b86fb45..0c28d6bab 100644 --- a/doc/Changelog +++ b/doc/Changelog @@ -1,6 +1,9 @@ 3 October 2025: Yorgos - Note 'respip' and 'dns64' module order in the unbound.conf man page. + - Note clearly that 'wait-limit: 0' disables all wait limits. + - 'wait-limit-cookie: 0' can now disable cookie validated wait + limits. 2 October 2025: Wouter - Fix that https is set up as enabled when the port is listed in diff --git a/doc/unbound.conf.rst b/doc/unbound.conf.rst index 22c53620a..ec40136e0 100644 --- a/doc/unbound.conf.rst +++ b/doc/unbound.conf.rst @@ -510,7 +510,7 @@ These options are part of the **server:** clause. This makes a ratelimit per IP address of waiting replies for recursion. It stops very large amounts of queries waiting to be returned to one destination. - The value ``0`` disables wait limits. + The value ``0`` disables all wait limits. Default: 1000 @@ -518,7 +518,11 @@ These options are part of the **server:** clause. @@UAHL@unbound.conf@wait-limit-cookie@@: ** The number of replies that can wait for recursion, for an IP address that sent the query with a valid DNS Cookie. - Since the cookie validates the client address, this limit can be higher. + Since the cookie already validates the client address, this option allows + to override a configured + :ref:`wait-limit` value usually with a higher one + for cookie validated queries. + The value ``0`` disables wait limits for cookie validated queries. Default: 10000 diff --git a/services/cache/infra.c b/services/cache/infra.c index cf999422d..4d2cd8d49 100644 --- a/services/cache/infra.c +++ b/services/cache/infra.c @@ -1269,7 +1269,8 @@ int infra_wait_limit_allowed(struct infra_cache* infra, struct comm_reply* rep, int cookie_valid, struct config_file* cfg) { struct lruhash_entry* entry; - if(cfg->wait_limit == 0) + if(cfg->wait_limit == 0 || + (cookie_valid && cfg->wait_limit_cookie == 0)) return 1; entry = infra_find_ip_ratedata(infra, &rep->client_addr, -- 2.47.3