Fast fail a validator deadlock

We return DNS_R_NOVALIDSIG if we detected a deadlock. Then in
'validate_async_done()', this result value is used to check if we
need to fall back to insecure. As part of that we create a new fetch
but that fails because of the detected deadlock. This results in a loop
of deadlock detected, fallback to insecure, deadlock detected, ...

Add a new result value, ISC_R_DEADLOCK, and return this instead when
we have detected a deadlock. This will be treated as a generic error,
as there is no special handling for this result value.

diff --git a/lib/dns/validator.c b/lib/dns/validator.c
index de0765b8c2738a59c746b801a61438c8a05044b5..400143f79e538e5ec77a9d73580034130fe8cc28 100644 (file)
--- a/lib/dns/validator.c
+++ b/lib/dns/validator.c
@@ -972,7 +972,7 @@ create_fetch(dns_validator_t *val, dns_name_t *name, dns_rdatatype_t type,
        if (check_deadlock(val, name, type, NULL, NULL)) {
                validator_log(val, ISC_LOG_DEBUG(3),
                              "deadlock found (create_fetch)");
-               return DNS_R_NOVALIDSIG;
+               return ISC_R_DEADLOCK;
        }
 
        if ((val->options & DNS_VALIDATOR_NOCDFLAG) != 0) {
@@ -1016,7 +1016,7 @@ create_validator(dns_validator_t *val, dns_name_t *name, dns_rdatatype_t type,
        if (check_deadlock(val, name, type, rdataset, sig)) {
                validator_log(val, ISC_LOG_DEBUG(3),
                              "deadlock found (create_validator)");
-               return DNS_R_NOVALIDSIG;
+               return ISC_R_DEADLOCK;
        }
 
        /* OK to clear other options, but preserve NOCDFLAG and NONTA. */

diff --git a/lib/isc/include/isc/result.h b/lib/isc/include/isc/result.h
index 3c5d6a75d7f929b225b21db205084760640af2c4..05dffd50b95000bc8ea665638dbdf42428fdfd56 100644 (file)
--- a/lib/isc/include/isc/result.h
+++ b/lib/isc/include/isc/result.h
@@ -85,6 +85,7 @@ typedef enum isc_result {
        ISC_R_HTTP2ALPNERROR,   /*%< ALPN for HTTP/2 failed */
        ISC_R_DOTALPNERROR,     /*%< ALPN for DoT failed */
        ISC_R_INVALIDPROTO,     /*%< invalid protocol */
+       ISC_R_DEADLOCK,         /*%< deadlock found */
 
        DNS_R_LABELTOOLONG,
        DNS_R_BADESCAPE,

diff --git a/lib/isc/result.c b/lib/isc/result.c
index f362d812f7347ff8d68c98078aadcf3595103f14..1d00a34b53fe2e78530fc01dea53e7363be00480 100644 (file)
--- a/lib/isc/result.c
+++ b/lib/isc/result.c
@@ -88,6 +88,7 @@ static const char *description[ISC_R_NRESULTS] = {
        [ISC_R_HTTP2ALPNERROR] = "ALPN for HTTP/2 failed",
        [ISC_R_DOTALPNERROR] = "ALPN for DoT failed",
        [ISC_R_INVALIDPROTO] = "invalid protocol",
+       [ISC_R_DEADLOCK] = "deadlock found",
 
        [DNS_R_LABELTOOLONG] = "label too long",
        [DNS_R_BADESCAPE] = "bad escape",