--------
- dnstap module: don't break request resolution on dnstap errors (!1147)
- cache garbage collector: fix crashes introduced in 5.3.0 (!1153)
+- policy.TLS_FORWARD: better avoid dead addresses (#671, !1156)
Knot Resolver 5.3.0 (2021-02-25)
switch (sel_error) {
case KR_SELECTION_OK:
return;
+ case KR_SELECTION_TCP_CONNECT_FAILED:
+ case KR_SELECTION_TCP_CONNECT_TIMEOUT:
+ qry->server_selection.local_state->force_udp = true;
+ qry->flags.NO_0X20 = false;
+ /* Connection and handshake failures have properties similar
+ * to UDP timeouts, so we handle them (almost) the same way. */
+ /* fall-through */
+ case KR_SELECTION_TLS_HANDSHAKE_FAILED:
case KR_SELECTION_QUERY_TIMEOUT:
qry->server_selection.local_state->timeouts++;
/* Make sure that the query was chosen by this query and timeout wasn't capped
qry->flags.NO_MINIMIZE = true;
}
break;
- case KR_SELECTION_TCP_CONNECT_FAILED:
- case KR_SELECTION_TCP_CONNECT_TIMEOUT:
- qry->server_selection.local_state->force_udp = true;
- qry->flags.NO_0X20 = false;
- break;
case KR_SELECTION_NOTIMPL:
case KR_SELECTION_OTHER_RCODE:
case KR_SELECTION_DNSSEC_ERROR:
/* These errors are fatal, no point in trying this server again. */
addr_state->broken = true;
break;
- case KR_SELECTION_TLS_HANDSHAKE_FAILED:
- /* These might get resolved by retrying. */
- break;
default:
assert(0);
break;
struct rtt_state {
int32_t srtt; /**< Smoothed RTT, i.e. an estimate of round-trip time. */
int32_t variance; /**< An estimate of RTT's standard derivation (not variance). */
+ /** Note: some TCP and TLS failures are also considered as timeouts. */
int32_t consecutive_timeouts;
/** Timestamp of pronouncing this IP bad based on KR_NS_TIMEOUT_ROW_DEAD */
uint64_t dead_since;
projects / thirdparty / knot-resolver.git / commitdiff
