From: George Thessalonikefs <george@nlnetlabs.nl>
Date: Tue, 13 Dec 2022 13:35:01 +0000 (+0100)
Subject: Merge branch 'restart_conf' of https://github.com/cgallred/unbound into cgallred... 
X-Git-Tag: release-1.17.1rc1~6^2~1
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=71db243b0de86a8a6e22316b23e7a7dc63fc1fe5;p=thirdparty%2Funbound.git

Merge branch 'restart_conf' of https://github.com/cgallred/unbound into cgallred-restart_conf
---

71db243b0de86a8a6e22316b23e7a7dc63fc1fe5
diff --cc doc/unbound.conf.5.in
index 08c13e898,3397d706a..2dd855c51
--- a/doc/unbound.conf.5.in
+++ b/doc/unbound.conf.5.in
@@@ -1821,19 -1752,10 +1821,26 @@@ set ip\-ratelimit to a suspicious rate 
  traffic.  Default is off.
  .TP 5
  .B outbound\-msg\-retry: \fI<number>
 -The number of retries Unbound will do in case of a non positive response is
 -received. If a forward nameserver is used, this is the number of retries per
 -forward nameserver in case of throwaway response.
 +The number of retries, per upstream nameserver in a delegation, that Unbound
 +will attempt in case a throwaway response is received.
 +No response (timeout) contributes to the retry counter.
 +If a forward/stub zone is used, this is the number of retries per nameserver in
 +the zone.
 +Default is 5.
 +.TP 5
 +.B max\-sent\-count: \fI<number>
 +Hard limit on the number of outgoing queries Unbound will make while resolving
 +a name, making sure large NS sets do not loop.
 +It resets on query restarts (e.g., CNAME) and referrals.
 +Default is 32.
 +.TP 5
++.B max\-query\-restarts: \fI<number>
++Set the maximum number of times a query is allowed to restart upon encountering
++a CNAME record.
++If a query encounters more than the specified number of CNAME
++records before resolving, Unbound will reply with SERVFAIL.
++Default is 11.
+ .TP 5
  .B fast\-server\-permil: \fI<number>
  Specify how many times out of 1000 to pick from the set of fastest servers.
  0 turns the feature off.  A value of 900 would pick from the fastest
@@@ -1859,20 -1781,10 +1866,20 @@@ EDNS0 option code for the \fIedns\-clie
  A value from the `Reserved for Local/Experimental` range (65001-65534) should
  be used.  Default is 65001.
  .TP 5
 -.B max\-query\-restarts: \fI<number>
 -Set the maximum number of times a query is allowed to restart upon encountering
 -a CNAME record. If a query encounters more than the specified number of CNAME
 -records before resolving, unbound will reply with SERVFAIL. Default is 8.
 +.B ede: \fI<yes or no>
 +If enabled, Unbound will respond with Extended DNS Error codes (RFC8914).
 +These EDEs attach informative error messages to a response for various
 +errors. Default is "no".
 +
 +When the \fBval-log-level\fR option is also set to \fB2\fR, responses with
 +Extended DNS Errors concerning DNSSEC failures that are not served from cache,
 +will also contain a descriptive text message about the reason for the failure.
- .TP
++.TP 5
 +.B ede\-serve\-expired: \fI<yes or no>
 +If enabled, Unbound will attach an Extended DNS Error (RFC8914) Code 3 - Stale
 +Answer as EDNS0 option to the expired response. Note that this will not attach
 +the EDE code without setting the global \fBede\fR option to "yes" as well.
 +Default is "no".
  .SS "Remote Control Options"
  In the
  .B remote\-control:
diff --cc iterator/iter_utils.c
index b17b6ef86,5c811c6d3..b2a2309ab
--- a/iterator/iter_utils.c
+++ b/iterator/iter_utils.c
@@@ -174,8 -176,9 +174,9 @@@ iter_apply_cfg(struct iter_env* iter_en
  	}
  	iter_env->supports_ipv6 = cfg->do_ip6;
  	iter_env->supports_ipv4 = cfg->do_ip4;
 -	iter_env->max_query_restarts = cfg->max_query_restarts;
  	iter_env->outbound_msg_retry = cfg->outbound_msg_retry;
 -
 +	iter_env->max_sent_count = cfg->max_sent_count;
++	iter_env->max_query_restarts = cfg->max_query_restarts;
  	return 1;
  }
  
diff --cc iterator/iterator.h
index 8175ec12e,57d06ef8a..3118e65b4
--- a/iterator/iterator.h
+++ b/iterator/iterator.h
@@@ -141,11 -138,10 +141,13 @@@ struct iter_env 
  	/** number of queries that have been ratelimited */
  	size_t num_queries_ratelimited;
  
+ 	/** max number of query restarts to limit length of CNAME chain */
+ 	size_t max_query_restarts;
  	/** number of retries on outgoing queries */
  	int outbound_msg_retry;
 +
 +	/** number of queries_sent */
 +	int max_sent_count;
  };
  
  /**
diff --cc util/config_file.c
index 7f97a4f21,ef6ecf63e..b6f16a587
--- a/util/config_file.c
+++ b/util/config_file.c
@@@ -781,7 -767,6 +782,8 @@@ int config_set_option(struct config_fil
  	else S_YNO("ip-ratelimit-backoff:", ip_ratelimit_backoff)
  	else S_YNO("ratelimit-backoff:", ratelimit_backoff)
  	else S_NUMBER_NONZERO("outbound-msg-retry:", outbound_msg_retry)
 +	else S_NUMBER_NONZERO("max-sent-count", max_sent_count)
++	else S_SIZET_NONZERO("max-query-restarts:", max_query_restarts)
  	else S_SIZET_NONZERO("fast-server-num:", fast_server_num)
  	else S_NUMBER_OR_ZERO("fast-server-permil:", fast_server_permil)
  	else S_YNO("qname-minimisation:", qname_minimisation)
@@@ -1243,7 -1223,6 +1245,8 @@@ config_get_option(struct config_file* c
  	else O_YNO(opt, "ip-ratelimit-backoff", ip_ratelimit_backoff)
  	else O_YNO(opt, "ratelimit-backoff", ratelimit_backoff)
  	else O_UNS(opt, "outbound-msg-retry", outbound_msg_retry)
 +	else O_UNS(opt, "max-sent-count", max_sent_count)
++	else O_DEC(opt, "max-query-restarts", max_query_restarts)
  	else O_DEC(opt, "fast-server-num", fast_server_num)
  	else O_DEC(opt, "fast-server-permil", fast_server_permil)
  	else O_DEC(opt, "val-sig-skew-min", val_sig_skew_min)