]> git.ipfire.org Git - thirdparty/bind9.git/commitdiff
Do not attach authdb
authorAlessio Podda <alessio@isc.org>
Mon, 6 Jul 2026 08:15:13 +0000 (10:15 +0200)
committerAlessio Podda <alessio@isc.org>
Fri, 17 Jul 2026 11:48:46 +0000 (11:48 +0000)
The authdb variable is used either to check that, on restarts, we
do not cross to a different zone unless recursion is enabled, and to
lookup the zone version when filling the additional section.

Neither use requires the pointer to be attached, and attaching the
pointer causes scalability issues. This commit solves the problem by
turning the pointer into an integer id.

lib/ns/client.c
lib/ns/include/ns/client.h
lib/ns/include/ns/query.h
lib/ns/query.c

index a767c3515250355348c288732340c3ade3399d56..4c5a701db7d7a78243f2877a66c669b9fd9ce6bd 100644 (file)
@@ -3166,6 +3166,17 @@ client_getdbversion(ns_client_t *client) {
        return dbversion;
 }
 
+ns_dbversion_t *
+ns_client_findversionid(ns_client_t *client, uintptr_t dbid) {
+       ISC_LIST_FOREACH(client->query.activeversions, dbversion, link) {
+               if ((uintptr_t)dbversion->db == dbid) {
+                       return dbversion;
+               }
+       }
+
+       return NULL;
+}
+
 ns_dbversion_t *
 ns_client_findversion(ns_client_t *client, dns_db_t *db) {
        ISC_LIST_FOREACH(client->query.activeversions, dbversion, link) {
index 3cf87e90b0531371a7974ca49aae2816fd89edc1..c0bb2533b6efda81b2d4b0bf5d3497e31c9b8e4d 100644 (file)
@@ -57,6 +57,7 @@
 
 #include <inttypes.h>
 #include <stdbool.h>
+#include <stdint.h>
 
 #include <isc/atomic.h>
 #include <isc/buffer.h>
@@ -562,6 +563,13 @@ ns_client_findversion(ns_client_t *client, dns_db_t *db);
  * allocated by ns_client_newdbversion().
  */
 
+ns_dbversion_t *
+ns_client_findversionid(ns_client_t *client, uintptr_t dbid);
+/*%<
+ * Find the active database version matching database identity 'dbid',
+ * without allocating a new database version if none is found.
+ */
+
 ISC_REFCOUNT_DECL(ns_clientmgr);
 
 void
index 44d0566fbc3608f3a2519bcbc79aa45b415102e9..c6eb341391c867c88d34148c5019b45141dfbf3a 100644 (file)
@@ -16,6 +16,7 @@
 /*! \file */
 
 #include <stdbool.h>
+#include <stdint.h>
 
 #include <isc/buffer.h>
 #include <isc/netaddr.h>
@@ -127,20 +128,20 @@ struct ns_query {
                };
        };
 
-       unsigned int     restarts;
-       isc_counter_t   *qc;
-       bool             timerset;
-       dns_name_t      *qname;
-       dns_name_t      *origqname;
-       dns_rdatatype_t  qtype;
-       unsigned int     dboptions;
-       unsigned int     fetchoptions;
-       dns_db_t        *gluedb;
-       dns_db_t        *authdb;
-       dns_zone_t      *authzone;
-       bool             authdbset;
-       bool             isreferral;
-       isc_mutex_t      fetchlock;
+       unsigned int    restarts;
+       isc_counter_t  *qc;
+       bool            timerset;
+       dns_name_t     *qname;
+       dns_name_t     *origqname;
+       dns_rdatatype_t qtype;
+       unsigned int    dboptions;
+       unsigned int    fetchoptions;
+       dns_db_t       *gluedb;
+       uintptr_t   authdb; /* Database identity; not an attached reference. */
+       dns_zone_t *authzone;
+       bool        authdbset;
+       bool        isreferral;
+       isc_mutex_t fetchlock;
        ns_hookasync_t  *hookasyncctx;
        dns_rpz_st_t    *rpz_st;
        isc_bufferlist_t namebufs;
index d2cd2347326cce2ed2fd3621bb4d57973a1b27b4..9e675084dc5ae263ada342b936241eda4ae2e96d 100644 (file)
@@ -754,9 +754,6 @@ query_reset(ns_client_t *client, bool everything) {
        }
        ISC_LIST_INIT(client->query.activeversions);
 
-       if (client->query.authdb != NULL) {
-               dns_db_detach(&client->query.authdb);
-       }
        if (client->query.authzone != NULL) {
                dns_zone_detach(&client->query.authzone);
        }
@@ -824,6 +821,7 @@ query_reset(ns_client_t *client, bool everything) {
        client->query.dboptions = 0;
        client->query.fetchoptions = 0;
        client->query.gluedb = NULL;
+       client->query.authdb = 0;
        client->query.authdbset = false;
        client->query.isreferral = false;
        client->query.dns64_options = 0;
@@ -1012,7 +1010,7 @@ query_validatezonedb(ns_client_t *client, const dns_name_t *name,
         */
        if (client->query.rpz_st == NULL &&
            !(client->query.wantrecursion && client->query.recursionok) &&
-           client->query.authdbset && db != client->query.authdb)
+           client->query.authdbset && (uintptr_t)db != client->query.authdb)
        {
                return DNS_R_REFUSED;
        }
@@ -1661,16 +1659,16 @@ query_additionalauth(query_ctx_t *qctx, const dns_name_t *name,
         * First, look within the same zone database for authoritative
         * additional data.
         */
-       if (!client->query.authdbset || client->query.authdb == NULL) {
+       if (!client->query.authdbset || client->query.authdb == 0) {
                return ISC_R_NOTFOUND;
        }
 
-       dbversion = ns_client_findversion(client, client->query.authdb);
+       dbversion = ns_client_findversionid(client, client->query.authdb);
        if (dbversion == NULL) {
                return ISC_R_NOTFOUND;
        }
 
-       dns_db_attach(client->query.authdb, &db);
+       dns_db_attach(dbversion->db, &db);
        version = dbversion->version;
 
        CTRACE(ISC_LOG_DEBUG(3), "query_additionalauth: same zone");
@@ -5327,7 +5325,7 @@ ns__query_start(query_ctx_t *qctx) {
                                        dns_zone_gethooktable(qctx->zone);
                                CALL_HOOK(NS_QUERY_AUTHZONE_ATTACHED, qctx);
                        }
-                       dns_db_attach(qctx->db, &qctx->client->query.authdb);
+                       qctx->client->query.authdb = (uintptr_t)qctx->db;
                }
                qctx->client->query.authdbset = true;