From: Otto Moerbeek Date: Fri, 22 Sep 2023 11:46:12 +0000 (+0200) Subject: Implement setting and rewrite the unThrottle logic a bit X-Git-Tag: rec-5.0.0-alpha2~44^2~1 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=824408708e0e454d713213d2a6f84f2ba39e255e;p=thirdparty%2Fpdns.git Implement setting and rewrite the unThrottle logic a bit --- diff --git a/pdns/recursordist/rec-main.cc b/pdns/recursordist/rec-main.cc index 09bf5acf8d..43d125f236 100644 --- a/pdns/recursordist/rec-main.cc +++ b/pdns/recursordist/rec-main.cc @@ -1641,6 +1641,7 @@ static int initSyncRes(Logr::log_t log) SyncRes::s_serverdownmaxfails = ::arg().asNum("server-down-max-fails"); SyncRes::s_serverdownthrottletime = ::arg().asNum("server-down-throttle-time"); + SyncRes::s_unthrottle_n = ::arg().asNum("server-down-use-probability"); SyncRes::s_nonresolvingnsmaxfails = ::arg().asNum("non-resolving-ns-max-fails"); SyncRes::s_nonresolvingnsthrottletime = ::arg().asNum("non-resolving-ns-throttle-time"); SyncRes::s_serverID = ::arg()["server-id"]; diff --git a/pdns/recursordist/settings/table.py b/pdns/recursordist/settings/table.py index b1f14c7fa6..ab7e1ceb8e 100644 --- a/pdns/recursordist/settings/table.py +++ b/pdns/recursordist/settings/table.py @@ -2154,6 +2154,19 @@ Even a single response packet will drop the block. Throttle a server that has failed to respond :ref:`setting-server-down-max-fails` times for this many seconds. ''', }, + { + 'name' : 'server_down_use_probability', + 'section' : 'recursor', + 'type' : LType.Uint64, + 'default' : '25', + 'help' : 'Determines the probability of a server marked down to be used anyway', + 'doc' : ''' +This setting determines the probability of a server marked down to be used anyway. +A value of ``n`` means that the chance of a server marked down being used after it wins speed selection is is ``1/n``. +If this setting is zero this mechanism is not active. + ''', + 'versionadded': '5.0.0' + }, { 'name' : 'server_id', 'section' : 'recursor', diff --git a/pdns/recursordist/syncres.cc b/pdns/recursordist/syncres.cc index 2fdf209df8..57a91f980d 100644 --- a/pdns/recursordist/syncres.cc +++ b/pdns/recursordist/syncres.cc @@ -443,7 +443,7 @@ unsigned int SyncRes::s_packetcacheservfailttl; unsigned int SyncRes::s_packetcachenegativettl; unsigned int SyncRes::s_serverdownmaxfails; unsigned int SyncRes::s_serverdownthrottletime; -unsigned int SyncRes::s_unthrottle_n = 100; +unsigned int SyncRes::s_unthrottle_n; unsigned int SyncRes::s_nonresolvingnsmaxfails; unsigned int SyncRes::s_nonresolvingnsthrottletime; unsigned int SyncRes::s_ecscachelimitttl; @@ -1240,12 +1240,15 @@ bool SyncRes::isThrottled(time_t now, const ComboAddress& server, const DNSName& bool SyncRes::isThrottled(time_t now, const ComboAddress& server) { - // Give fully throttled servers a chance to be used, to avoid having one bad domain spoil the NS record for others usingf the same NS - // If the NS answers, it will be unThrottled immediately - if (dns_random(s_unthrottle_n) == 0) { - return false; + auto throttled = s_throttle.lock()->shouldThrottle(now, std::tuple(server, g_rootdnsname, 0)); + if (throttled) { + // Give fully throttled servers a chance to be used, to avoid having one bad zone spoil the NS + // record for others using the same NS. If the NS answers, it will be unThrottled immediately + if (s_unthrottle_n > 0 && dns_random(s_unthrottle_n) == 0) { + throttled = false; + } } - return s_throttle.lock()->shouldThrottle(now, std::tuple(server, g_rootdnsname, 0)); + return throttled; } void SyncRes::unThrottle(const ComboAddress& server, const DNSName& name, QType qtype)