Since the queries sent towards root and TLD servers are now included in
the count (as a result of the fix for CVE-2020-8616),
"max-recursion-queries" has a higher chance of being exceeded by
non-attack queries. Increase its default value from 75 to 100.
(cherry picked from commit
ab0bf492035c01687dfff8f546b78ac30739348c)
+5541. [func] Adjust the "max-recursion-queries" default from 75 to
+ 100. [GL #2305]
+
5540. [port] Fix building with native PKCS#11 support for AEP Keyper.
[GL #2315]
max-clients-per-query 100;\n\
max-ncache-ttl 10800; /* 3 hours */\n\
max-recursion-depth 7;\n\
- max-recursion-queries 75;\n\
+ max-recursion-queries 100;\n\
max-stale-ttl 43200; /* 12 hours */\n\
message-compression yes;\n\
min-ncache-ttl 0; /* 0 hours */\n\
``max-recursion-queries``
This sets the maximum number of iterative queries that may be sent while
servicing a recursive query. If more queries are sent, the recursive
- query is terminated and returns SERVFAIL. The default is 75.
+ query is terminated and returns SERVFAIL. The default is 100.
``notify-delay``
This sets the delay, in seconds, between sending sets of notify messages for a
configuration. A new option 'nsec3param' can be used to set the desired
NSEC3 parameters, and will detect collisions when resalting. [GL #1620].
+- Adjust the ``max-recursion-queries`` default from 75 to 100. Since the
+ queries sent towards root and TLD servers are now included in the
+ count (as a result of the fix for CVE-2020-8616), ``max-recursion-queries``
+ has a higher chance of being exceeded by non-attack queries, which is the
+ main reason for increasing its default value. [GL #2305]
+
Bug Fixes
~~~~~~~~~
/* The default maximum number of iterative queries to allow before giving up. */
#ifndef DEFAULT_MAX_QUERIES
-#define DEFAULT_MAX_QUERIES 75
+#define DEFAULT_MAX_QUERIES 100
#endif /* ifndef DEFAULT_MAX_QUERIES */
/*
projects / thirdparty / bind9.git / commitdiff
