Bound the amount of work performed for delegations

Limit the amount of database lookups that can be triggered in
fctx_getaddresses() (i.e. when determining the name server addresses to
query next) by setting a hard limit on the number of NS RRs processed
for any delegation encountered.  Without any limit in place, named can
be forced to perform large amounts of database lookups per each query
received, which severely impacts resolver performance.

The limit used (20) is an arbitrary value that is considered to be big
enough for any sane DNS delegation.

diff --git a/lib/dns/resolver.c b/lib/dns/resolver.c
index 8ae9a993bbd75c6383f0f1f5a24913085cc9e4fa..ac9a9ef5d009c7e28cf608b48b19c03587190d0c 100644 (file)
--- a/lib/dns/resolver.c
+++ b/lib/dns/resolver.c
@@ -180,6 +180,12 @@
  */
 #define NS_FAIL_LIMIT 4
 #define NS_RR_LIMIT   5
+/*
+ * IP address lookups are performed for at most NS_PROCESSING_LIMIT NS RRs in
+ * any NS RRset encountered, to avoid excessive resource use while processing
+ * large delegations.
+ */
+#define NS_PROCESSING_LIMIT 20
 
 /* Number of hash buckets for zone counters */
 #ifndef RES_DOMAIN_BUCKETS
@@ -3318,6 +3324,7 @@ fctx_getaddresses(fetchctx_t *fctx, bool badcache) {
        bool need_alternate = false;
        bool all_spilled = true;
        unsigned int no_addresses = 0;
+       unsigned int ns_processed = 0;
 
        FCTXTRACE5("getaddresses", "fctx->depth=", fctx->depth);
 
@@ -3504,6 +3511,11 @@ fctx_getaddresses(fetchctx_t *fctx, bool badcache) {
 
                dns_rdata_reset(&rdata);
                dns_rdata_freestruct(&ns);
+
+               if (++ns_processed >= NS_PROCESSING_LIMIT) {
+                       result = ISC_R_NOMORE;
+                       break;
+               }
        }
        if (result != ISC_R_NOMORE) {
                return (result);