From eeefe9ac45ef4da0db71b8cc69a5d13da2102e83 Mon Sep 17 00:00:00 2001
From: Wouter Wijngaards <wouter@nlnetlabs.nl>
Date: Thu, 18 Feb 2010 11:21:11 +0000
Subject: [PATCH] Stops blacklisting because of strange firewalls.

git-svn-id: file:///svn/unbound/trunk@1987 be551aaa-1e26-0410-a405-d3ace91eadb9
---
 doc/Changelog         |  3 +++
 iterator/iter_utils.c | 34 ++++++++++++++++++----------------
 2 files changed, 21 insertions(+), 16 deletions(-)

diff --git a/doc/Changelog b/doc/Changelog
index bb11365f1..7813d7611 100644
--- a/doc/Changelog
+++ b/doc/Changelog
@@ -1,5 +1,8 @@
 18 February 2010: Wouter
 	- A little more strict DS scrubbing.
+	- No more blacklisting of unresponsive servers, a 2 minute timeout
+	  is backed off to.
+	- RD flag not enabled for dnssec-blacklisted tries, unless necessary.
 
 17 February 2010: Wouter
 	- Disregard DNSKEY from authority section for chain of trust.
diff --git a/iterator/iter_utils.c b/iterator/iter_utils.c
index 396814edf..cd000da37 100644
--- a/iterator/iter_utils.c
+++ b/iterator/iter_utils.c
@@ -202,8 +202,8 @@ iter_filter_unsuitable(struct iter_env* iter_env, struct module_env* env,
 			return -1; /* server is lame */
 		else if(rtt >= USEFUL_SERVER_TOP_TIMEOUT && 
 			lost >= USEFUL_SERVER_MAX_LOST)
-				/* server is unresponsive */
-			return USEFUL_SERVER_TOP_TIMEOUT; 
+			/* server is unresponsive, but keep trying slowly */
+			return USEFUL_SERVER_TOP_TIMEOUT+1;
 		else if(a->lame)
 			return rtt+USEFUL_SERVER_TOP_TIMEOUT+1; /* nonpref */
 		else if(rtt >= USEFUL_SERVER_TOP_TIMEOUT) /* not blacklisted*/
@@ -320,20 +320,22 @@ iter_server_selection(struct iter_env* iter_env,
 	if(num == 0)
 		return NULL;
 	verbose(VERB_ALGO, "selrtt %d", selrtt);
-	if(selrtt > USEFUL_SERVER_TOP_TIMEOUT*2) {
-		verbose(VERB_ALGO, "chase to recursion lame server");
-		*chase_to_rd = 1;
-	}
-	if(selrtt > USEFUL_SERVER_TOP_TIMEOUT) {
-		verbose(VERB_ALGO, "chase to dnssec lame server");
-		*dnssec_expected = 0;
-	}
-	if(selrtt == USEFUL_SERVER_TOP_TIMEOUT) {
-		verbose(VERB_ALGO, "chase to blacklisted lame server");
-		/* the best choice is a blacklisted, unresponsive server,
-		 * we need to throttle down our traffic towards it */
-		if(ub_random(env->rnd) % 100 != 1) {
-			/* 99% of the time, drop query */
+	if(selrtt > BLACKLIST_PENALTY) {
+		if(selrtt-BLACKLIST_PENALTY > USEFUL_SERVER_TOP_TIMEOUT*2) {
+			verbose(VERB_ALGO, "chase to recursion lame server");
+			*chase_to_rd = 1;
+		}
+	} else {
+		if(selrtt > USEFUL_SERVER_TOP_TIMEOUT*2) {
+			verbose(VERB_ALGO, "chase to recursion lame server");
+			*chase_to_rd = 1;
+		}
+		if(selrtt > USEFUL_SERVER_TOP_TIMEOUT) {
+			verbose(VERB_ALGO, "chase to dnssec lame server");
+			*dnssec_expected = 0;
+		}
+		if(selrtt == USEFUL_SERVER_TOP_TIMEOUT) {
+			verbose(VERB_ALGO, "chase to blacklisted lame server");
 			return NULL;
 		}
 	}
-- 
2.47.2