Exempt QNAME minimization queries from fetches-per-zone

The calling fetch has already called fcount_incr() for this zone;
calling it again for a QMIN query results in double counting.

When resuming after a QMIN query is answered, however, we do now
ensure before continuing that the fetches-per-zone limit has not
been exceeded.

diff --git a/lib/dns/include/dns/resolver.h b/lib/dns/include/dns/resolver.h
index 52e0f6abae42b4a0e1f9f63617be091b789dc47c..7bedc07ee2938239301200b468e949ffcd0c92e7 100644 (file)
--- a/lib/dns/include/dns/resolver.h
+++ b/lib/dns/include/dns/resolver.h
@@ -129,6 +129,7 @@ enum {
                                                * on ip6.arpa. */
        DNS_FETCHOPT_NOFORWARD = 1 << 15,      /*%< Do not use forwarders if
                                                * possible. */
+       DNS_FETCHOPT_QMINFETCH = 1 << 16,      /*%< Qmin fetch */
 
        /*% EDNS version bits: */
        DNS_FETCHOPT_EDNSVERSIONSET = 1 << 23,

diff --git a/lib/dns/resolver.c b/lib/dns/resolver.c
index 7693c082527b22c91ecd83939fd23a231d145969..caf670b3ba27cc293a9dbe08c37ca19abf2e3978 100644 (file)
--- a/lib/dns/resolver.c
+++ b/lib/dns/resolver.c
@@ -1436,8 +1436,6 @@ fcount_incr(fetchctx_t *fctx, bool force) {
                counter = isc_mem_get(fctx->mctx, sizeof(*counter));
                *counter = (fctxcount_t){
                        .magic = FCTXCOUNT_MAGIC,
-                       .count = 0,
-                       .allowed = 0,
                };
                isc_mem_attach(fctx->mctx, &counter->mctx);
                isc_mutex_init(&counter->lock);
@@ -4138,7 +4136,8 @@ fctx_try(fetchctx_t *fctx, bool retrying) {
                fetchctx_ref(fctx);
                result = dns_resolver_createfetch(
                        fctx->res, fctx->qminname, fctx->qmintype, fctx->domain,
-                       &fctx->nameservers, NULL, NULL, 0, options, 0, fctx->qc,
+                       &fctx->nameservers, NULL, NULL, 0,
+                       options | DNS_FETCHOPT_QMINFETCH, 0, fctx->qc,
                        fctx->gqc, fctx->loop, resume_qmin, fctx, &fctx->edectx,
                        &fctx->qminrrset, NULL, &fctx->qminfetch);
                if (result != ISC_R_SUCCESS) {
@@ -4320,7 +4319,7 @@ resume_qmin(void *arg) {
 
        dns_name_copy(fname, fctx->domain);
 
-       result = fcount_incr(fctx, true);
+       result = fcount_incr(fctx, false);
        if (result != ISC_R_SUCCESS) {
                goto cleanup;
        }
@@ -4746,8 +4745,12 @@ fctx_create(dns_resolver_t *res, isc_loop_t *loop, const dns_name_t *name,
 
        /*
         * Exempt prefetch queries from the fetches-per-zone quota check
+        * also exempt QMIN fetches as the calling fetch has already
+        * successfully called fcount_incr for this zone.
         */
-       if ((fctx->options & DNS_FETCHOPT_PREFETCH) == 0) {
+       if ((fctx->options & DNS_FETCHOPT_PREFETCH) == 0 &&
+           (fctx->options & DNS_FETCHOPT_QMINFETCH) == 0)
+       {
                /*
                 * Are there too many simultaneous queries for this domain?
                 */
@@ -7146,7 +7149,7 @@ resume_dslookup(void *arg) {
 
                fcount_decr(fctx);
                dns_name_copy(fctx->nsname, fctx->domain);
-               result = fcount_incr(fctx, true);
+               result = fcount_incr(fctx, false);
                if (result != ISC_R_SUCCESS) {
                        goto cleanup;
                }
@@ -9407,7 +9410,7 @@ rctx_referral(respctx_t *rctx) {
                fctx_minimize_qname(fctx);
        }
 
-       result = fcount_incr(fctx, true);
+       result = fcount_incr(fctx, false);
        if (result != ISC_R_SUCCESS) {
                rctx->result = result;
                return ISC_R_COMPLETE;