From e0b5e49d7643ab2cf18eb09892c72b3233d8d7f3 Mon Sep 17 00:00:00 2001 From: Remi Gacogne Date: Wed, 23 Nov 2016 09:43:40 +0100 Subject: [PATCH] dnsdist: Add `setUDPTimeout(n)` --- pdns/README-dnsdist.md | 5 +++-- pdns/dnsdist-console.cc | 1 + pdns/dnsdist-lua.cc | 2 ++ pdns/dnsdist.cc | 3 ++- pdns/dnsdist.hh | 1 + 5 files changed, 9 insertions(+), 3 deletions(-) diff --git a/pdns/README-dnsdist.md b/pdns/README-dnsdist.md index 12f2884183..ca3cc993ae 100644 --- a/pdns/README-dnsdist.md +++ b/pdns/README-dnsdist.md @@ -1485,13 +1485,14 @@ instantiate a server with additional parameters * member `check(DNSName)`: returns true if DNSName is matched by this group * member `add(DNSName)`: add this DNSName to the node * Tuning related: - * `setTCPRecvTimeout(n)`: set the read timeout on TCP connections from the client, in seconds - * `setTCPSendTimeout(n)`: set the write timeout on TCP connections from the client, in seconds * `setMaxTCPClientThreads(n)`: set the maximum of TCP client threads, handling TCP connections * `setMaxTCPQueuedConnections(n)`: set the maximum number of TCP connections queued (waiting to be picked up by a client thread), defaults to 1000. 0 means unlimited * `setMaxUDPOutstanding(n)`: set the maximum number of outstanding UDP queries to a given backend server. This can only be set at configuration time and defaults to 10240 * `setCacheCleaningDelay(n)`: set the interval in seconds between two runs of the cache cleaning algorithm, removing expired entries * `setStaleCacheEntriesTTL(n)`: allows using cache entries expired for at most `n` seconds when no backend available to answer for a query + * `setTCPRecvTimeout(n)`: set the read timeout on TCP connections from the client, in seconds + * `setTCPSendTimeout(n)`: set the write timeout on TCP connections from the client, in seconds + * `setUDPTimeout(n)`: set the maximum time dnsdist will wait for a response from a backend over UDP, in seconds. Defaults to 2 * DNSCrypt related: * `addDNSCryptBind("127.0.0.1:8443", "provider name", "/path/to/resolver.cert", "/path/to/resolver.key", [false], [TCP Fast Open queue size]):` listen to incoming DNSCrypt queries on 127.0.0.1 port 8443, with a provider name of "provider name", using a resolver certificate and associated key stored respectively in the `resolver.cert` and `resolver.key` files. The fifth optional parameter sets SO_REUSEPORT when available. The last parameter sets the TCP Fast Open queue size, enabling TCP Fast Open when available and the value is larger than 0. * `generateDNSCryptProviderKeys("/path/to/providerPublic.key", "/path/to/providerPrivate.key"):` generate a new provider keypair diff --git a/pdns/dnsdist-console.cc b/pdns/dnsdist-console.cc index 437c4b5525..686d50de12 100644 --- a/pdns/dnsdist-console.cc +++ b/pdns/dnsdist-console.cc @@ -341,6 +341,7 @@ const std::vector g_consoleKeywords{ { "setServerPolicyLua", true, "name, function", "set server selection policy to one named 'name' and provided by 'function'" }, { "setTCPRecvTimeout", true, "n", "set the read timeout on TCP connections from the client, in seconds" }, { "setTCPSendTimeout", true, "n", "set the write timeout on TCP connections from the client, in seconds" }, + { "setUDPTimeout", true, "n", "set the maximum time dnsdist will wait for a response from a backend over UDP, in seconds" }, { "setVerboseHealthChecks", true, "bool", "set whether health check errors will be logged" }, { "show", true, "string", "outputs `string`" }, { "showACL", true, "", "show our ACL set" }, diff --git a/pdns/dnsdist-lua.cc b/pdns/dnsdist-lua.cc index ecfc53e800..0edfb21deb 100644 --- a/pdns/dnsdist-lua.cc +++ b/pdns/dnsdist-lua.cc @@ -1458,6 +1458,8 @@ vector> setupLua(bool client, const std::string& confi g_lua.writeFunction("setTCPSendTimeout", [](int timeout) { g_tcpSendTimeout=timeout; }); + g_lua.writeFunction("setUDPTimeout", [](int timeout) { g_udpTimeout=timeout; }); + g_lua.writeFunction("setMaxUDPOutstanding", [](uint16_t max) { if (!g_configurationDone) { g_maxOutstanding = max; diff --git a/pdns/dnsdist.cc b/pdns/dnsdist.cc index 4a281515de..3aa2cac858 100644 --- a/pdns/dnsdist.cc +++ b/pdns/dnsdist.cc @@ -133,6 +133,7 @@ GlobalStateHolder> g_dynblockSMT; DNSAction::Action g_dynBlockAction = DNSAction::Action::Drop; int g_tcpRecvTimeout{2}; int g_tcpSendTimeout{2}; +int g_udpTimeout{2}; bool g_truncateTC{1}; bool g_fixupCase{0}; @@ -1362,7 +1363,7 @@ void* healthChecksThread() dss->prev.reuseds.store(dss->reuseds.load()); for(IDState& ids : dss->idStates) { // timeouts - if(ids.origFD >=0 && ids.age++ > 2) { + if(ids.origFD >=0 && ids.age++ > g_udpTimeout) { /* We set origFD to -1 as soon as possible to limit the risk of racing with the responder thread. diff --git a/pdns/dnsdist.hh b/pdns/dnsdist.hh index 4ada81837c..bb19c82ab0 100644 --- a/pdns/dnsdist.hh +++ b/pdns/dnsdist.hh @@ -683,6 +683,7 @@ extern bool g_truncateTC; extern bool g_fixupCase; extern int g_tcpRecvTimeout; extern int g_tcpSendTimeout; +extern int g_udpTimeout; extern uint16_t g_maxOutstanding; extern std::atomic g_configurationDone; extern uint64_t g_maxTCPClientThreads; -- 2.47.2