reduce the max-recursion-queries default to 32

the number of iterative queries that can be sent to resolve a
name now defaults to 32 rather than 100.

(cherry picked from commit 7e3b425dc283df66df9c46002307ab676e10e4fd)
(cherry picked from commit a11367ade3f4ebd314c31a1ef45965e3859b5095)

diff --git a/bin/named/config.c b/bin/named/config.c
index ec48840e4b40d07440992333133092309e4f96ec..ff3f272d266322708b64674e7301962062201a95 100644 (file)
--- a/bin/named/config.c
+++ b/bin/named/config.c
@@ -167,7 +167,7 @@ options {\n\
        max-clients-per-query 100;\n\
        max-ncache-ttl 10800; /* 3 hours */\n\
        max-recursion-depth 7;\n\
-       max-recursion-queries 100;\n\
+       max-recursion-queries 32;\n\
        max-stale-ttl 86400; /* 1 day */\n\
        message-compression yes;\n\
        min-ncache-ttl 0; /* 0 hours */\n\

diff --git a/bin/tests/system/reclimit/ns3/named1.conf.in b/bin/tests/system/reclimit/ns3/named1.conf.in
index 3eaaf6a2c3cdc9952aebf54aa0f49d6885027d3f..4dc06d593a183e997be7eb57f46b864a0fd841eb 100644 (file)
--- a/bin/tests/system/reclimit/ns3/named1.conf.in
+++ b/bin/tests/system/reclimit/ns3/named1.conf.in
@@ -22,6 +22,7 @@ options {
        listen-on-v6 { none; };
        servfail-ttl 0;
        qname-minimization disabled;
+       max-recursion-queries 50;
        max-recursion-depth 12;
        recursion yes;
        dnssec-validation yes;

diff --git a/bin/tests/system/resolver/ns1/named.conf.in b/bin/tests/system/resolver/ns1/named.conf.in
index 7ca1cafd38eb8a6950f32c6c1012351141eb7628..9f27ed1e23ce74680d7957cf3da4026670e4e9db 100644 (file)
--- a/bin/tests/system/resolver/ns1/named.conf.in
+++ b/bin/tests/system/resolver/ns1/named.conf.in
@@ -29,6 +29,7 @@ options {
        allow-query {!10.53.0.8; any; };
        max-zone-ttl unlimited;
        attach-cache "globalcache";
+       max-recursion-queries 50;
 };
 
 server 10.53.0.3 {

diff --git a/doc/arm/reference.rst b/doc/arm/reference.rst
index 0ce2d1f989322b3e377c5d50401e3a4a36f908e4..9127dc0d9a284d4c49f2429ab700fae9994c7a62 100644 (file)
--- a/doc/arm/reference.rst
+++ b/doc/arm/reference.rst
@@ -3693,9 +3693,12 @@ Tuning
    The default is 7.
 
 ``max-recursion-queries``
-   This sets the maximum number of iterative queries that may be sent while
-   servicing a recursive query. If more queries are sent, the recursive
-   query is terminated and returns SERVFAIL. The default is 100.
+   This sets the maximum number of iterative queries that may be sent
+   by a resolver while looking up a single name. If more queries than this
+   need to be sent before an answer is reached, then recursion is terminated
+   and a SERVFAIL response is returned to the client. (Note: if the answer
+   is a CNAME, then the subsequent lookup for the target of the CNAME is
+   counted separately.) The default is 32.
 
 ``notify-delay``
    This sets the delay, in seconds, between sending sets of NOTIFY messages

diff --git a/lib/dns/resolver.c b/lib/dns/resolver.c
index 6606468f16edd74e5705641a9ab6af908ccc5c54..fe2c464329a0fc86005b76afd33b58c298473710 100644 (file)
--- a/lib/dns/resolver.c
+++ b/lib/dns/resolver.c
@@ -185,7 +185,7 @@
 
 /* The default maximum number of iterative queries to allow before giving up. */
 #ifndef DEFAULT_MAX_QUERIES
-#define DEFAULT_MAX_QUERIES 100
+#define DEFAULT_MAX_QUERIES 50
 #endif /* ifndef DEFAULT_MAX_QUERIES */
 
 /*