From: Otto Moerbeek <otto.moerbeek@open-xchange.com>
Date: Wed, 17 Jul 2024 08:46:58 +0000 (+0200)
Subject: rec: optimize processing of additionals
X-Git-Tag: rec-4.9.8^2
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=a7139a119c450ab4c02a44fd93d1ca462a52babd;p=thirdparty%2Fpdns.git

rec: optimize processing of additionals

(cherry picked from commit cd2de2ee7ad55f295a00dfce5488ee3863d974d6)
---

diff --git a/pdns/recursordist/syncres.cc b/pdns/recursordist/syncres.cc
index 812e367321..04681ca5b1 100644
--- a/pdns/recursordist/syncres.cc
+++ b/pdns/recursordist/syncres.cc
@@ -4078,6 +4078,12 @@ void SyncRes::fixupAnswer(const std::string& prefix, LWResult& lwr, const DNSNam
 
 static void allowAdditionalEntry(std::unordered_set<DNSName>& allowedAdditionals, const DNSRecord& rec)
 {
+  // As we only use a limited amount of NS names for resolving, limit number of additional names as
+  // well.  s_maxnsperresolve is a proper limit for the NS case and is also reasonable for other
+  // qtypes.  Allow one extra for qname itself, which is always in allowedAdditionals.
+  if (SyncRes::s_maxnsperresolve > 0 && allowedAdditionals.size() > SyncRes::s_maxnsperresolve + 1) {
+    return;
+  }
   switch (rec.d_type) {
   case QType::MX:
     if (auto mxContent = getRR<MXRecordContent>(rec)) {