Log the servfail-until-ready message not faster than once per second

Since the log level has been raised, busy servers can "explode" from
the amount of log messages. Use the usual practice of logging "every
once in a while".

diff --git a/lib/ns/query.c b/lib/ns/query.c
index 11b9ee0214520e66b01833be82f66f0b7a5d4bc6..99f742a29291cff7d828130a6274110efd1071e8 100644 (file)
--- a/lib/ns/query.c
+++ b/lib/ns/query.c
@@ -20,6 +20,7 @@
 #include <string.h>
 
 #include <isc/async.h>
+#include <isc/atomic.h>
 #include <isc/counter.h>
 #include <isc/hex.h>
 #include <isc/list.h>
@@ -208,6 +209,20 @@ client_trace(ns_client_t *client, int level, const char *message) {
        } while (0)
 #define RESTORE(a, b) SAVE(a, b)
 
+static atomic_uint_fast32_t last_rpznotready_log = 0;
+
+static bool
+can_log_rpznotready(void) {
+       isc_stdtime_t last;
+       isc_stdtime_t now = isc_stdtime_now();
+       last = atomic_exchange_relaxed(&last_rpznotready_log, now);
+       if (now != last) {
+               return true;
+       }
+
+       return false;
+}
+
 static bool
 validate(ns_client_t *client, dns_db_t *db, dns_name_t *name,
         dns_rdataset_t *rdataset, dns_rdataset_t *sigrdataset);
@@ -4007,9 +4022,12 @@ rpz_rewrite(ns_client_t *client, dns_rdatatype_t qtype, isc_result_t qresult,
                /* Do not pollute SERVFAIL cache  */
                client->inner.attributes |= NS_CLIENTATTR_NOSETFC;
 
-               rpz_log_fail(client, DNS_RPZ_INFO_LEVEL, NULL,
-                            DNS_RPZ_TYPE_QNAME, "RPZ servfail-until-ready",
-                            DNS_R_WAIT);
+               if (can_log_rpznotready()) {
+                       rpz_log_fail(client, DNS_RPZ_INFO_LEVEL, NULL,
+                                    DNS_RPZ_TYPE_QNAME,
+                                    "RPZ servfail-until-ready", DNS_R_WAIT);
+               }
+
                st->m.policy = DNS_RPZ_POLICY_ERROR;
                goto cleanup;
        }