reduce the max-recursion-queries default to 32

the number of iterative queries that can be sent to resolve a
name now defaults to 32 rather than 100.

(cherry picked from commit 7e3b425dc283df66df9c46002307ab676e10e4fd)
(cherry picked from commit a11367ade3f4ebd314c31a1ef45965e3859b5095)

diff --git a/bin/named/config.c b/bin/named/config.c
index d24e4f8a26ec23a3823d1109b35aa0478eb43cb9..d9e6be5bb4825f4fffebbe730caf164ebfc342a2 100644 (file)
--- a/bin/named/config.c
+++ b/bin/named/config.c
@@ -185,7 +185,7 @@ options {\n\
        max-clients-per-query 100;\n\
        max-ncache-ttl 10800; /* 3 hours */\n\
        max-recursion-depth 7;\n\
-       max-recursion-queries 100;\n\
+       max-recursion-queries 32;\n\
        message-compression yes;\n\
 #      min-roots <obsolete>;\n\
        minimal-any false;\n\

diff --git a/bin/tests/system/reclimit/ns3/named1.conf.in b/bin/tests/system/reclimit/ns3/named1.conf.in
index ff82fc85970cc642699b56763d0776d4b98e2299..01ff6fa66e828180e7600750111f17dca3bdb156 100644 (file)
--- a/bin/tests/system/reclimit/ns3/named1.conf.in
+++ b/bin/tests/system/reclimit/ns3/named1.conf.in
@@ -19,6 +19,7 @@ options {
        listen-on { 10.53.0.3; };
        listen-on-v6 { none; };
        servfail-ttl 0;
+       max-recursion-queries 50;
        max-recursion-depth 12;
 };
 

diff --git a/bin/tests/system/resolver/ns1/named.conf.in b/bin/tests/system/resolver/ns1/named.conf.in
index 9c60f871508813d7de2cffe9e31223661ff8181b..63020e6db9defb593776c85d80edbc2fb7f4bf3f 100644 (file)
--- a/bin/tests/system/resolver/ns1/named.conf.in
+++ b/bin/tests/system/resolver/ns1/named.conf.in
@@ -27,6 +27,7 @@ options {
        allow-query {!10.53.0.8; any; };
        max-zone-ttl unlimited;
        attach-cache "globalcache";
+       max-recursion-queries 50;
 };
 
 server 10.53.0.3 {

diff --git a/doc/arm/Bv9ARM-book.xml b/doc/arm/Bv9ARM-book.xml
index b949b8b553ebd4508da16ada5f677ad2b03d59b9..8221eb17968783fc031415f6dfd2c87ef112802c 100644 (file)
--- a/doc/arm/Bv9ARM-book.xml
+++ b/doc/arm/Bv9ARM-book.xml
@@ -9297,10 +9297,14 @@ avoid-v6-udp-ports { 40000; range 50000 60000; };
              <listitem>
                <para>
                  This sets the maximum number of iterative queries that
-                 may be sent while servicing a recursive query.
-                 If more queries are sent, the recursive query
-                 is terminated and returns SERVFAIL.  The default is 100.
-               </para>
+                 may be sent by a resolver while looking up a single name.
+                  If more queries than this need to be sent before
+                  an answer is reached, then recursion is terminated
+                 and a SERVFAIL response is returned to the client.
+                 (Note: if the answer is a CNAME, then the subsequent
+                 lookup for the target of the CNAME is counted
+                  separately.) The default is 32.
+                </para>
              </listitem>
            </varlistentry>
 

diff --git a/lib/dns/resolver.c b/lib/dns/resolver.c
index 41e0aa5b5a9b3cdede0702b62e4e399b0a369dc9..a4e4f4c6f6a48af380b2ea66caecd0d2f41c0cbf 100644 (file)
--- a/lib/dns/resolver.c
+++ b/lib/dns/resolver.c
@@ -170,7 +170,7 @@
 
 /* The default maximum number of iterative queries to allow before giving up. */
 #ifndef DEFAULT_MAX_QUERIES
-#define DEFAULT_MAX_QUERIES 100
+#define DEFAULT_MAX_QUERIES 50
 #endif /* ifndef DEFAULT_MAX_QUERIES */
 
 /*