`max-ns-address-qperq`_ value. The limit wil not be reduced to a
number lower than 5.
+.. _setting-max-ns-per-resolve:
+
+``max-ns-per-resolve``
+----------------------
+.. versionadded:: 4.8.0
+
+- Integer
+- Default: 13
+
+The maximum number of NS records that will be considered to select a nameserver to contact to resolve a name.
+If a zone has more than `max-ns-per-resolve`_ NS records, a random sample of this size will be used.
+If `max-ns-per-resolve`_ is zero, no limit applies.
+
.. _setting-max-negative-ttl:
``max-negative-ttl``
SyncRes::s_nonresolvingnsthrottletime = ::arg().asNum("non-resolving-ns-throttle-time");
SyncRes::s_serverID = ::arg()["server-id"];
SyncRes::s_maxqperq = ::arg().asNum("max-qperq");
+ SyncRes::s_maxnsperresolve = ::arg().asNum("max-ns-per-resolve");
SyncRes::s_maxnsaddressqperq = ::arg().asNum("max-ns-address-qperq");
SyncRes::s_maxtotusec = 1000 * ::arg().asNum("max-total-msec");
SyncRes::s_maxdepth = ::arg().asNum("max-recursion-depth");
::arg().set("edns-outgoing-bufsize", "Outgoing EDNS buffer size") = "1232";
::arg().set("minimum-ttl-override", "The minimum TTL") = "1";
::arg().set("max-qperq", "Maximum outgoing queries per query") = "60";
+ ::arg().set("max-ns-per-resolve", "Maximum number of NS records to consider to resolve a name, 0 is no limit") = "13";
::arg().set("max-ns-address-qperq", "Maximum outgoing NS address queries per query") = "10";
::arg().set("max-total-msec", "Maximum total wall-clock time per query in milliseconds, 0 for unlimited") = "7000";
::arg().set("max-recursion-depth", "Maximum number of internal recursion calls per query, 0 for unlimited") = "40";
unsigned int SyncRes::s_maxbogusttl;
unsigned int SyncRes::s_maxcachettl;
unsigned int SyncRes::s_maxqperq;
+unsigned int SyncRes::s_maxnsperresolve;
unsigned int SyncRes::s_maxnsaddressqperq;
unsigned int SyncRes::s_maxtotusec;
unsigned int SyncRes::s_maxdepth;
*flawedNSSet = false;
if(g_recCache->get(d_now.tv_sec, subdomain, QType::NS, false, &ns, d_cacheRemote, false, d_routingTag) > 0) {
+ if (s_maxnsperresolve > 0 && ns.size() > s_maxnsperresolve) {
+ vector<DNSRecord> selected;
+ selected.reserve(s_maxnsperresolve);
+ std::sample(ns.cbegin(), ns.cend(), std::back_inserter(selected), s_maxnsperresolve, pdns::dns_random_engine());
+ ns = selected;
+ }
bestns.reserve(ns.size());
for(auto k=ns.cbegin();k!=ns.cend(); ++k) {
static unsigned int s_minimumTTL;
static unsigned int s_minimumECSTTL;
static unsigned int s_maxqperq;
+ static unsigned int s_maxnsperresolve;
static unsigned int s_maxnsaddressqperq;
static unsigned int s_maxtotusec;
static unsigned int s_maxdepth;
projects / thirdparty / pdns.git / commitdiff
