If we received a delegation, also sample NS set if size > s_maxnsperresolve

author Otto Moerbeek <otto.moerbeek@open-xchange.com>

Wed, 26 Nov 2025 10:57:05 +0000 (11:57 +0100)

committer Otto Moerbeek <otto.moerbeek@open-xchange.com>

Mon, 9 Feb 2026 12:24:15 +0000 (13:24 +0100)
author Otto Moerbeek <otto.moerbeek@open-xchange.com>
Wed, 26 Nov 2025 10:57:05 +0000 (11:57 +0100)
committer Otto Moerbeek <otto.moerbeek@open-xchange.com>
Mon, 9 Feb 2026 12:24:15 +0000 (13:24 +0100)
diff --git a/pdns/recursordist/syncres.cc b/pdns/recursordist/syncres.cc

index e4ea06d98d1c693f89d2517fe2f1b8ecb0804e0f..7cec0c96d85fa33c0dc1eb869a739172bd7e0c1f 100644 (file)
--- a/pdns/recursordist/syncres.cc
+++ b/pdns/recursordist/syncres.cc
@@ -5828,6 +5828,13 @@ bool SyncRes::processAnswer(unsigned int depth, const string& prefix, LWResult&
        nameservers.insert({nameserver, {{}, false}});
      }
      LOG("looping to them" << endl);
+    if (s_maxnsperresolve > 0 && nameservers.size() > s_maxnsperresolve) {
+      LOG(prefix << qname << "Reducing number of NS attempted to " << s_maxnsperresolve << endl);
+      NsSet selected;
+      std::sample(nameservers.cbegin(), nameservers.cend(), std::inserter(selected, selected.begin()), s_maxnsperresolve, pdns::dns_random_engine());
+      nameservers = std::move(selected);
+    }
+
      *gotNewServers = true;
      auth = std::move(newauth);
  
@@ -5881,6 +5888,7 @@ int SyncRes::doResolveAt(NsSet& nameservers, DNSName auth, bool flawedNSSet, con
      if (rnameservers.size() > nsLimit) {
        int newLimit = static_cast<int>(nsLimit - (rnameservers.size() - nsLimit));
        nsLimit = std::max(5, newLimit);
+      LOG("Applying nsLimit " << nsLimit << endl);
      }
  
      for (auto tns = rnameservers.cbegin();; ++tns) {
diff --git a/pdns/recursordist/test-syncres_cc2.cc b/pdns/recursordist/test-syncres_cc2.cc

index 32a80fb38c71a434d657073c15ff7432e4af0b1f..ebf3c7aecb96b6fe3b5035c13395c2e26db06615 100644 (file)
--- a/pdns/recursordist/test-syncres_cc2.cc
+++ b/pdns/recursordist/test-syncres_cc2.cc
@@ -1591,9 +1591,9 @@ BOOST_AUTO_TEST_CASE(test_completely_flawed_big_nsset)
    }
    catch (const ImmediateServFailException& ex) {
      BOOST_CHECK_EQUAL(ret.size(), 0U);
-    // one query to get NSs, then A and AAAA for each NS, 5th NS hits the limit
-    // limit is reduced to 5, because zone publishes many (20) NS
-    BOOST_CHECK_EQUAL(queriesCount, 11U);
+    // one query to get NSs, then A and AAAA for each NS, 7th NS hits the limit
+    // limit is reduced to 7, because zone publishes many (20, but actually reduced to 13 used) NS
+    BOOST_CHECK_EQUAL(queriesCount, 15U);
    }
  }
author	Otto Moerbeek <otto.moerbeek@open-xchange.com>
	Wed, 26 Nov 2025 10:57:05 +0000 (11:57 +0100)
committer	Otto Moerbeek <otto.moerbeek@open-xchange.com>
	Mon, 9 Feb 2026 12:24:15 +0000 (13:24 +0100)
pdns/recursordist/syncres.cc		patch \| blob \| blame \| history
pdns/recursordist/test-syncres_cc2.cc		patch \| blob \| blame \| history