Stops blacklisting because of strange firewalls.

author Wouter Wijngaards <wouter@nlnetlabs.nl>

Thu, 18 Feb 2010 11:21:11 +0000 (11:21 +0000)

committer Wouter Wijngaards <wouter@nlnetlabs.nl>

Thu, 18 Feb 2010 11:21:11 +0000 (11:21 +0000)
author Wouter Wijngaards <wouter@nlnetlabs.nl>
Thu, 18 Feb 2010 11:21:11 +0000 (11:21 +0000)
committer Wouter Wijngaards <wouter@nlnetlabs.nl>
Thu, 18 Feb 2010 11:21:11 +0000 (11:21 +0000)
diff --git a/doc/Changelog b/doc/Changelog

index bb11365f19024e4d1ddf349ee483cae5b12a0cb0..7813d7611411d08517f3a1c4b609394bd04ce69d 100644 (file)
--- a/doc/Changelog
+++ b/doc/Changelog
@@ -1,5 +1,8 @@
  18 February 2010: Wouter
         - A little more strict DS scrubbing.
+       - No more blacklisting of unresponsive servers, a 2 minute timeout
+         is backed off to.
+       - RD flag not enabled for dnssec-blacklisted tries, unless necessary.
  
  17 February 2010: Wouter
         - Disregard DNSKEY from authority section for chain of trust.
diff --git a/iterator/iter_utils.c b/iterator/iter_utils.c

index 396814edf67fc34c2bdf167b994cd52afbd9ca65..cd000da37105839943b222655e8f47346188a8d6 100644 (file)
--- a/iterator/iter_utils.c
+++ b/iterator/iter_utils.c
@@ -202,8 +202,8 @@ iter_filter_unsuitable(struct iter_env* iter_env, struct module_env* env,
                         return -1; /* server is lame */
                 else if(rtt >= USEFUL_SERVER_TOP_TIMEOUT && 
                         lost >= USEFUL_SERVER_MAX_LOST)
-                               /* server is unresponsive */
-                       return USEFUL_SERVER_TOP_TIMEOUT; 
+                       /* server is unresponsive, but keep trying slowly */
+                       return USEFUL_SERVER_TOP_TIMEOUT+1;
                 else if(a->lame)
                         return rtt+USEFUL_SERVER_TOP_TIMEOUT+1; /* nonpref */
                 else if(rtt >= USEFUL_SERVER_TOP_TIMEOUT) /* not blacklisted*/
@@ -320,20 +320,22 @@ iter_server_selection(struct iter_env* iter_env,
         if(num == 0)
                 return NULL;
         verbose(VERB_ALGO, "selrtt %d", selrtt);
-       if(selrtt > USEFUL_SERVER_TOP_TIMEOUT*2) {
-               verbose(VERB_ALGO, "chase to recursion lame server");
-               *chase_to_rd = 1;
-       }
-       if(selrtt > USEFUL_SERVER_TOP_TIMEOUT) {
-               verbose(VERB_ALGO, "chase to dnssec lame server");
-               *dnssec_expected = 0;
-       }
-       if(selrtt == USEFUL_SERVER_TOP_TIMEOUT) {
-               verbose(VERB_ALGO, "chase to blacklisted lame server");
-               /* the best choice is a blacklisted, unresponsive server,
-                * we need to throttle down our traffic towards it */
-               if(ub_random(env->rnd) % 100 != 1) {
-                       /* 99% of the time, drop query */
+       if(selrtt > BLACKLIST_PENALTY) {
+               if(selrtt-BLACKLIST_PENALTY > USEFUL_SERVER_TOP_TIMEOUT*2) {
+                       verbose(VERB_ALGO, "chase to recursion lame server");
+                       *chase_to_rd = 1;
+               }
+       } else {
+               if(selrtt > USEFUL_SERVER_TOP_TIMEOUT*2) {
+                       verbose(VERB_ALGO, "chase to recursion lame server");
+                       *chase_to_rd = 1;
+               }
+               if(selrtt > USEFUL_SERVER_TOP_TIMEOUT) {
+                       verbose(VERB_ALGO, "chase to dnssec lame server");
+                       *dnssec_expected = 0;
+               }
+               if(selrtt == USEFUL_SERVER_TOP_TIMEOUT) {
+                       verbose(VERB_ALGO, "chase to blacklisted lame server");
                         return NULL;
                 }
         }
author	Wouter Wijngaards <wouter@nlnetlabs.nl>
	Thu, 18 Feb 2010 11:21:11 +0000 (11:21 +0000)
committer	Wouter Wijngaards <wouter@nlnetlabs.nl>
	Thu, 18 Feb 2010 11:21:11 +0000 (11:21 +0000)
doc/Changelog		patch \| blob \| blame \| history
iterator/iter_utils.c		patch \| blob \| blame \| history