From: Evan Hunt <each@isc.org>
Date: Wed, 7 Aug 2024 21:12:07 +0000 (+0000)
Subject: new: usr: Tighten 'max-recursion-queries' and add 'max-query-restarts' option
X-Git-Tag: v9.21.0~7
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=f202937078f21eac8437fd1d0674e9fc84a229ce;p=thirdparty%2Fbind9.git

new: usr: Tighten 'max-recursion-queries' and add 'max-query-restarts' option

There were cases in resolver.c when the `max-recursion-queries` quota was ineffective. It was possible to craft zones that would cause a resolver to waste resources by sending excessive queries while attempting to resolve a name. This has been addressed by correcting errors in the implementation of `max-recursion-queries`, and by reducing the default value from 100 to 32.

In addition, a new `max-query-restarts` option has been added which limits the number of times a recursive server will follow CNAME or DNAME records before terminating resolution. This was previously a hard-coded limit of 16, and now defaults to 11.

Closes #4741

Merge branch '4741-reclimit-restarts' into 'main'

Closes #4741

See merge request isc-projects/bind9!9281
---

f202937078f21eac8437fd1d0674e9fc84a229ce