reduce MAX_RESTARTS to 11

the number of steps that can be followed in a CNAME chain
before terminating the lookup has been reduced from 16 to 11.
(this is a hard-coded value, but will be made configurable later.)

(cherry picked from commit 05d78671bb6a5ba63d78d77339e17cbc73f18188)
(cherry picked from commit dd88a4cdfc8042e2cd2fdae93b803ba8490b88dc)

diff --git a/bin/named/query.c b/bin/named/query.c
index f1098056b8d479f11fcafc53fa8fe52219ee68e3..e5def824bf1005fd18a0d16176609bb14c695eaf 100644 (file)
--- a/bin/named/query.c
+++ b/bin/named/query.c
@@ -5999,7 +5999,7 @@ rpz_add_cname(ns_client_t *client, dns_rpz_st_t *st,
        return (ISC_R_SUCCESS);
 }
 
-#define MAX_RESTARTS 16
+#define MAX_RESTARTS 11
 
 #define QUERY_ERROR(r) \
 do { \

diff --git a/bin/tests/system/chain/tests.sh b/bin/tests/system/chain/tests.sh
index 4aee59f826e5a3696cd36e670e1c36b77d2a5ea2..9e25346fd9779f0a84077eaf666e2ae41dbbee52 100644 (file)
--- a/bin/tests/system/chain/tests.sh
+++ b/bin/tests/system/chain/tests.sh
@@ -128,7 +128,7 @@ ret=0
 $RNDCCMD 10.53.0.7 null --- start test$n --- 2>&1 | sed 's/^/ns7 /' | cat_i
 $DIG $DIGOPTS @10.53.0.7 loop.example > dig.out.test$n
 grep "status: NOERROR" dig.out.test$n > /dev/null || ret=1
-grep "ANSWER: 17" dig.out.test$n > /dev/null || ret=1
+grep "ANSWER: 12" dig.out.test$n > /dev/null || ret=1
 if [ $ret != 0 ]; then echo_i "failed"; fi
 status=`expr $status + $ret`
 

diff --git a/lib/dns/client.c b/lib/dns/client.c
index c2dca94bada46994b19dfc723b6190bf1b7d76b1..9accdf7dd9163e895f0ec5e0c20eb5293c7b4849 100644 (file)
--- a/lib/dns/client.c
+++ b/lib/dns/client.c
@@ -63,7 +63,7 @@
 #define UCTX_MAGIC                     ISC_MAGIC('U', 'c', 't', 'x')
 #define UCTX_VALID(c)                  ISC_MAGIC_VALID(c, UCTX_MAGIC)
 
-#define MAX_RESTARTS 16
+#define MAX_RESTARTS 11
 
 #ifdef TUNE_LARGE
 #define RESOLVER_NTASKS 523