[v9_10] adjust max-recursion-queries

author Evan Hunt <each@isc.org>

Tue, 16 Dec 2014 06:28:26 +0000 (22:28 -0800)

committer Evan Hunt <each@isc.org>

Tue, 16 Dec 2014 06:28:26 +0000 (22:28 -0800)
author Evan Hunt <each@isc.org>
Tue, 16 Dec 2014 06:28:26 +0000 (22:28 -0800)
committer Evan Hunt <each@isc.org>
Tue, 16 Dec 2014 06:28:26 +0000 (22:28 -0800)
diff --git a/CHANGES b/CHANGES

index 030d276b3f996c38cf00ce3304f49f62c996836a..8b5338049b548dcd83a3cc34758edae9951d4468 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -1,3 +1,7 @@
+4021.  [bug]           Adjust max-recursion-queries to accommodate 
+                       the need for more queries when the cache is
+                       empty. [RT #38104]
+
  4020.  [bug]           Change 3736 broke nsupdate's SOA MNAME discovery
                         resulting in updates being sent to the wrong server.
                         [RT #37925]
diff --git a/bin/named/config.c b/bin/named/config.c

index 8a611e6b4ac48169e95ee3ac28d8491924014d92..404c383b687dac309676163abe6ef6e53872dc5d 100644 (file)
--- a/bin/named/config.c
+++ b/bin/named/config.c
@@ -169,7 +169,7 @@ options {\n\
         clients-per-query 10;\n\
         max-clients-per-query 100;\n\
         max-recursion-depth 7;\n\
-       max-recursion-queries 50;\n\
+       max-recursion-queries 75;\n\
         zero-no-soa-ttl-cache no;\n\
         nsec3-test-zone no;\n\
         allow-new-zones no;\n\
diff --git a/bin/tests/system/reclimit/ns3/named3.conf b/bin/tests/system/reclimit/ns3/named3.conf

index 2267699424a8fc9723391f697106ff87244ca4f8..d1c9ff676e2a8509520cdd1e1bd11d215ee2a8ca 100644 (file)
--- a/bin/tests/system/reclimit/ns3/named3.conf
+++ b/bin/tests/system/reclimit/ns3/named3.conf
@@ -26,6 +26,7 @@ options {
         listen-on { 10.53.0.3; };
         listen-on-v6 { none; };
         max-recursion-depth 100;
+       max-recursion-queries 50;
  };
  
  key rndc_key {
diff --git a/doc/arm/Bv9ARM-book.xml b/doc/arm/Bv9ARM-book.xml

index a658282b2f30bdbb85b1776dc65d82564197dc83..96a86ef65963e3876d65d18d8a137dc9ff5180c2 100644 (file)
--- a/doc/arm/Bv9ARM-book.xml
+++ b/doc/arm/Bv9ARM-book.xml
@@ -8971,8 +8971,10 @@ avoid-v6-udp-ports { 40000; range 50000 60000; };
                   Sets the maximum number of iterative queries that
                   may be sent while servicing a recursive query.
                   If more queries are sent, the recursive query
-                 is terminated and returns SERVFAIL. The default
-                 is 50.
+                 is terminated and returns SERVFAIL. Queries to
+                 look up top level comains such as "com" and "net"
+                 and the DNS root zone are exempt from this limitation.
+                 The default is 75.
                 </para>
               </listitem>
             </varlistentry>
diff --git a/doc/arm/notes.xml b/doc/arm/notes.xml

index fc35312ba066b6ab7660ab211d23481362650fe6..4e62335577acd3525f5af699bb535e1404ceed37 100644 (file)
--- a/doc/arm/notes.xml
+++ b/doc/arm/notes.xml
@@ -268,6 +268,13 @@
           rather than the SOA MNAME server when sending the UPDATE.
          </para>
        </listitem>
+      <listitem>
+        <para>
+         Adjusted max-recursion-queries to accommodate the smaller
+         initial packet sizes used in BIND 9.10 and higher when
+         contacting authoritative servers for the first time.
+        </para>
+      </listitem>
      </itemizedlist>
    </sect2>
    <sect2 id="end_of_life">
diff --git a/lib/dns/adb.c b/lib/dns/adb.c

index 2a45dadae49a2a3f1d6a11080e12e636d6707f76..51bac51f4c742e85f26f3bb1d3b19f874a331346 100644 (file)
--- a/lib/dns/adb.c
+++ b/lib/dns/adb.c
@@ -3893,11 +3893,11 @@ fetch_callback(isc_task_t *task, isc_event_t *ev) {
                         goto out;
                 /* XXXMLG Don't pound on bad servers. */
                 if (address_type == DNS_ADBFIND_INET) {
-                       name->expire_v4 = ISC_MIN(name->expire_v4, now + 300);
+                       name->expire_v4 = ISC_MIN(name->expire_v4, now + 10);
                         name->fetch_err = FIND_ERR_FAILURE;
                         inc_stats(adb, dns_resstatscounter_gluefetchv4fail);
                 } else {
-                       name->expire_v6 = ISC_MIN(name->expire_v6, now + 300);
+                       name->expire_v6 = ISC_MIN(name->expire_v6, now + 10);
                         name->fetch6_err = FIND_ERR_FAILURE;
                         inc_stats(adb, dns_resstatscounter_gluefetchv6fail);
                 }
diff --git a/lib/dns/resolver.c b/lib/dns/resolver.c

index 2f0c11b7a4035f085cde6299b9a72c863375894b..cc00c2a7fd568899bb6f48cd91ff2d1f69827f2b 100644 (file)
--- a/lib/dns/resolver.c
+++ b/lib/dns/resolver.c
@@ -144,7 +144,7 @@
  
  /* The default maximum number of iterative queries to allow before giving up. */
  #ifndef DEFAULT_MAX_QUERIES
-#define DEFAULT_MAX_QUERIES 50
+#define DEFAULT_MAX_QUERIES 75
  #endif
  
  /*%
@@ -3327,6 +3327,16 @@ fctx_try(fetchctx_t *fctx, isc_boolean_t retrying, isc_boolean_t badcache) {
  
         REQUIRE(!ADDRWAIT(fctx));
  
+       /* We've already exceeded maximum query count */
+       if (isc_counter_used(fctx->qc) > fctx->res->maxqueries) {
+               isc_log_write(dns_lctx, DNS_LOGCATEGORY_RESOLVER,
+                             DNS_LOGMODULE_RESOLVER, ISC_LOG_DEBUG(3),
+                             "exceeded max queries resolving '%s'",
+                             fctx->info);
+               fctx_done(fctx, DNS_R_SERVFAIL, __LINE__);
+               return;
+       }
+
         addrinfo = fctx_nextaddress(fctx);
         if (addrinfo == NULL) {
                 /*
@@ -3364,14 +3374,16 @@ fctx_try(fetchctx_t *fctx, isc_boolean_t retrying, isc_boolean_t badcache) {
                 }
         }
  
-       result = isc_counter_increment(fctx->qc);
-       if (result != ISC_R_SUCCESS) {
-               isc_log_write(dns_lctx, DNS_LOGCATEGORY_RESOLVER,
-                             DNS_LOGMODULE_RESOLVER, ISC_LOG_DEBUG(3),
-                             "exceeded max queries resolving '%s'",
-                             fctx->info);
-               fctx_done(fctx, DNS_R_SERVFAIL, __LINE__);
-               return;
+       if (dns_name_countlabels(&fctx->domain) > 2) {
+               result = isc_counter_increment(fctx->qc);
+               if (result != ISC_R_SUCCESS) {
+                       isc_log_write(dns_lctx, DNS_LOGCATEGORY_RESOLVER,
+                                     DNS_LOGMODULE_RESOLVER, ISC_LOG_DEBUG(3),
+                                     "exceeded max queries resolving '%s'",
+                                     fctx->info);
+                       fctx_done(fctx, DNS_R_SERVFAIL, __LINE__);
+                       return;
+               }
         }
  
         result = fctx_query(fctx, addrinfo, fctx->options);
author	Evan Hunt <each@isc.org>
	Tue, 16 Dec 2014 06:28:26 +0000 (22:28 -0800)
committer	Evan Hunt <each@isc.org>
	Tue, 16 Dec 2014 06:28:26 +0000 (22:28 -0800)
CHANGES		patch \| blob \| blame \| history
bin/named/config.c		patch \| blob \| blame \| history
bin/tests/system/reclimit/ns3/named3.conf		patch \| blob \| blame \| history
doc/arm/Bv9ARM-book.xml		patch \| blob \| blame \| history
doc/arm/notes.xml		patch \| blob \| blame \| history
lib/dns/adb.c		patch \| blob \| blame \| history
lib/dns/resolver.c		patch \| blob \| blame \| history