add a configuration option for the update quota

add an "update-quota" option to configure the update quota.

(cherry picked from commit f57758a7303ad0034ff2ff08eaaf2ef899630f19)

diff --git a/bin/named/config.c b/bin/named/config.c
index 5fedee84d9913127ae5bfee59aecbc1d0ef379aa..494147015ff01ef526f7b462da102ac32e0b7372 100644 (file)
--- a/bin/named/config.c
+++ b/bin/named/config.c
@@ -130,6 +130,7 @@ options {\n\
        transfers-out 10;\n\
        transfers-per-ns 2;\n\
        trust-anchor-telemetry yes;\n\
+       update-quota 100;\n\
 \n\
        /* view */\n\
        allow-new-zones no;\n\

diff --git a/bin/named/named.conf.rst b/bin/named/named.conf.rst
index 27eed5ca3e4e9c07e450c3d7d08ecf338981a2f2..4c9f9a73704b4a3a62f26af2c5805b7d8d391863 100644 (file)
--- a/bin/named/named.conf.rst
+++ b/bin/named/named.conf.rst
@@ -179,7 +179,7 @@ OPTIONS
        answer-cookie boolean;
        attach-cache string;
        auth-nxdomain boolean; // default changed
-       auto-dnssec ( allow | maintain | off );
+       auto-dnssec ( allow | maintain | off );// deprecated
        automatic-interface-scan boolean;
        avoid-v4-udp-ports { portrange; ... };
        avoid-v6-udp-ports { portrange; ... };
@@ -446,6 +446,7 @@ OPTIONS
        trust-anchor-telemetry boolean; // experimental
        try-tcp-refresh boolean;
        update-check-ksk boolean;
+       update-quota integer;
        use-alt-transfer-source boolean;
        use-v4-udp-ports { portrange; ... };
        use-v6-udp-ports { portrange; ... };
@@ -584,7 +585,7 @@ VIEW
            * ) ] [ dscp integer ];
        attach-cache string;
        auth-nxdomain boolean; // default changed
-       auto-dnssec ( allow | maintain | off );
+       auto-dnssec ( allow | maintain | off );// deprecated
        cache-file quoted_string;// deprecated
        catalog-zones { zone string [ default-masters [ port integer ]
            [ dscp integer ] { ( remote-servers | ipv4_address [ port
@@ -859,7 +860,7 @@ VIEW
                    integer | * ) ] [ dscp integer ];
                alt-transfer-source-v6 ( ipv6_address | * ) [ port (
                    integer | * ) ] [ dscp integer ];
-               auto-dnssec ( allow | maintain | off );
+               auto-dnssec ( allow | maintain | off );// deprecated
                check-dup-records ( fail | warn | ignore );
                check-integrity boolean;
                check-mx ( fail | warn | ignore );
@@ -977,7 +978,7 @@ ZONE
            ] [ dscp integer ];
        alt-transfer-source-v6 ( ipv6_address | * ) [ port ( integer |
            * ) ] [ dscp integer ];
-       auto-dnssec ( allow | maintain | off );
+       auto-dnssec ( allow | maintain | off );// deprecated
        check-dup-records ( fail | warn | ignore );
        check-integrity boolean;
        check-mx ( fail | warn | ignore );

diff --git a/bin/named/server.c b/bin/named/server.c
index 20443ff8a9414f0aff7d26a406457c17707d83e7..78a21d62a20fde5be38c54a22d3b691894c8ea7d 100644 (file)
--- a/bin/named/server.c
+++ b/bin/named/server.c
@@ -8542,6 +8542,7 @@ load_configuration(const char *filename, named_server_t *server,
        configure_server_quota(maps, "tcp-clients", &server->sctx->tcpquota);
        configure_server_quota(maps, "recursive-clients",
                               &server->sctx->recursionquota);
+       configure_server_quota(maps, "update-quota", &server->sctx->updquota);
 
        max = isc_quota_getmax(&server->sctx->recursionquota);
        if (max > 1000) {

diff --git a/bin/tests/system/checkconf/good.conf b/bin/tests/system/checkconf/good.conf
index b1f7059acf8794f743d816e00cb216b652d0454a..0ecdb68e95af6b04c54f951c1c926f5772984a2b 100644 (file)
--- a/bin/tests/system/checkconf/good.conf
+++ b/bin/tests/system/checkconf/good.conf
@@ -75,6 +75,7 @@ options {
        recursive-clients 3000;
        serial-query-rate 100;
        server-id none;
+       update-quota 200;
        check-names primary warn;
        check-names secondary ignore;
        max-cache-size 20000000000000;

diff --git a/doc/arm/reference.rst b/doc/arm/reference.rst
index 2603d602518d0a3341cf97250c3dc3024aa90336..703663d0ba6a3fd2e28c237e3d3f795832cc05e3 100644 (file)
--- a/doc/arm/reference.rst
+++ b/doc/arm/reference.rst
@@ -3151,6 +3151,11 @@ system.
    value as ``tcp-keepalive-timeout``. This value can be updated at
    runtime by using ``rndc tcp-timeouts``.
 
+``update-quota``
+   This is the maximum number of simultaneous DNS UPDATE messages that
+   the server will accept for updating local authoritiative zones or
+   forwarding to a primary server. The default is ``100``.
+
 .. _intervals:
 
 Periodic Task Intervals
@@ -6840,7 +6845,7 @@ Name Server Statistics Counters
 ``UpdateQuota``
     This indicates the number of times a dynamic update or update
     forwarding request was rejected because the number of pending
-    requests exceeded the update quota.
+    requests exceeded ``update-quota``.
 
 ``RateDropped``
     This indicates the number of responses dropped due to rate limits.

diff --git a/doc/man/named.conf.5in b/doc/man/named.conf.5in
index 4c46f475929c5cc044fd381df3e3791f9a89146a..c87afa288131335d50d99c32297e921c74442cc2 100644 (file)
--- a/doc/man/named.conf.5in
+++ b/doc/man/named.conf.5in
@@ -231,7 +231,7 @@ options {
       answer\-cookie boolean;
       attach\-cache string;
       auth\-nxdomain boolean; // default changed
-      auto\-dnssec ( allow | maintain | off );
+      auto\-dnssec ( allow | maintain | off );// deprecated
       automatic\-interface\-scan boolean;
       avoid\-v4\-udp\-ports { portrange; ... };
       avoid\-v6\-udp\-ports { portrange; ... };
@@ -498,6 +498,7 @@ options {
       trust\-anchor\-telemetry boolean; // experimental
       try\-tcp\-refresh boolean;
       update\-check\-ksk boolean;
+      update\-quota integer;
       use\-alt\-transfer\-source boolean;
       use\-v4\-udp\-ports { portrange; ... };
       use\-v6\-udp\-ports { portrange; ... };
@@ -668,7 +669,7 @@ view string [ class ] {
           * ) ] [ dscp integer ];
       attach\-cache string;
       auth\-nxdomain boolean; // default changed
-      auto\-dnssec ( allow | maintain | off );
+      auto\-dnssec ( allow | maintain | off );// deprecated
       cache\-file quoted_string;// deprecated
       catalog\-zones { zone string [ default\-masters [ port integer ]
           [ dscp integer ] { ( remote\-servers | ipv4_address [ port
@@ -943,7 +944,7 @@ view string [ class ] {
                   integer | * ) ] [ dscp integer ];
               alt\-transfer\-source\-v6 ( ipv6_address | * ) [ port (
                   integer | * ) ] [ dscp integer ];
-              auto\-dnssec ( allow | maintain | off );
+              auto\-dnssec ( allow | maintain | off );// deprecated
               check\-dup\-records ( fail | warn | ignore );
               check\-integrity boolean;
               check\-mx ( fail | warn | ignore );
@@ -1065,7 +1066,7 @@ zone string [ class ] {
           ] [ dscp integer ];
       alt\-transfer\-source\-v6 ( ipv6_address | * ) [ port ( integer |
           * ) ] [ dscp integer ];
-      auto\-dnssec ( allow | maintain | off );
+      auto\-dnssec ( allow | maintain | off );// deprecated
       check\-dup\-records ( fail | warn | ignore );
       check\-integrity boolean;
       check\-mx ( fail | warn | ignore );

diff --git a/doc/misc/master.zoneopt.rst b/doc/misc/master.zoneopt.rst
index 8fc7e1b4f0d73bca71ae378e20a04f6129a504c4..346d59813ee0765fd23ca2f0e007ae76ae7950bb 100644 (file)
--- a/doc/misc/master.zoneopt.rst
+++ b/doc/misc/master.zoneopt.rst
@@ -20,7 +20,7 @@
        also-notify [ port <integer> ] [ dscp <integer> ] { ( <remote-servers> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ]; ... };
        alt-transfer-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ] [ dscp <integer> ];
        alt-transfer-source-v6 ( <ipv6_address> | * ) [ port ( <integer> | * ) ] [ dscp <integer> ];
-       auto-dnssec ( allow | maintain | off );
+       auto-dnssec ( allow | maintain | off ); // deprecated
        check-dup-records ( fail | warn | ignore );
        check-integrity <boolean>;
        check-mx ( fail | warn | ignore );

diff --git a/doc/misc/options b/doc/misc/options
index f57399499a501096e3f7860847a6de63a2d555f8..0dbcf101e1c3ed05b0e5228a0b3490c0a7df2b64 100644 (file)
--- a/doc/misc/options
+++ b/doc/misc/options
@@ -404,6 +404,7 @@ options {
         trust-anchor-telemetry <boolean>; // experimental
         try-tcp-refresh <boolean>;
         update-check-ksk <boolean>;
+        update-quota <integer>;
         use-alt-transfer-source <boolean>;
         use-id-pool <boolean>; // ancient
         use-ixfr <boolean>; // obsolete

diff --git a/doc/misc/options.active b/doc/misc/options.active
index 5fc1ab29f42b41cfdb7533ec9496dd3d0efc3ef5..eb75a86eae9517ccefbed5f279b358e88575fea2 100644 (file)
--- a/doc/misc/options.active
+++ b/doc/misc/options.active
@@ -363,6 +363,7 @@ options {
         trust-anchor-telemetry <boolean>; // experimental
         try-tcp-refresh <boolean>;
         update-check-ksk <boolean>;
+        update-quota <integer>;
         use-alt-transfer-source <boolean>;
         use-v4-udp-ports { <portrange>; ... };
         use-v6-udp-ports { <portrange>; ... };

diff --git a/doc/misc/options.grammar.rst b/doc/misc/options.grammar.rst
index 438072c95c41d712322727428c4de1a7c441b254..beef35341a13b4b54f6e85418cc55fdf0942c2f6 100644 (file)
--- a/doc/misc/options.grammar.rst
+++ b/doc/misc/options.grammar.rst
@@ -33,7 +33,7 @@
        answer-cookie <boolean>;
        attach-cache <string>;
        auth-nxdomain <boolean>; // default changed
-       auto-dnssec ( allow | maintain | off );
+       auto-dnssec ( allow | maintain | off ); // deprecated
        automatic-interface-scan <boolean>;
        avoid-v4-udp-ports { <portrange>; ... };
        avoid-v6-udp-ports { <portrange>; ... };
@@ -300,6 +300,7 @@
        trust-anchor-telemetry <boolean>; // experimental
        try-tcp-refresh <boolean>;
        update-check-ksk <boolean>;
+       update-quota <integer>;
        use-alt-transfer-source <boolean>;
        use-v4-udp-ports { <portrange>; ... };
        use-v6-udp-ports { <portrange>; ... };

diff --git a/doc/misc/slave.zoneopt.rst b/doc/misc/slave.zoneopt.rst
index cc72dcbf67751a858ab39d1eab21a54d72f5b80e..468a7f4d9a388afdd7295b411427751ad14a87a3 100644 (file)
--- a/doc/misc/slave.zoneopt.rst
+++ b/doc/misc/slave.zoneopt.rst
@@ -21,7 +21,7 @@
        also-notify [ port <integer> ] [ dscp <integer> ] { ( <remote-servers> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ]; ... };
        alt-transfer-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ] [ dscp <integer> ];
        alt-transfer-source-v6 ( <ipv6_address> | * ) [ port ( <integer> | * ) ] [ dscp <integer> ];
-       auto-dnssec ( allow | maintain | off );
+       auto-dnssec ( allow | maintain | off ); // deprecated
        check-names ( fail | warn | ignore );
        database <string>;
        dialup ( notify | notify-passive | passive | refresh | <boolean> );

diff --git a/lib/isccfg/namedconf.c b/lib/isccfg/namedconf.c
index 45de0196bf451012805a6d68169f3e2a21ddb19e..6e63d86816e164a38ca4f2331d4790f1a03de223 100644 (file)
--- a/lib/isccfg/namedconf.c
+++ b/lib/isccfg/namedconf.c
@@ -1267,6 +1267,7 @@ static cfg_clausedef_t options_clauses[] = {
        { "transfers-out", &cfg_type_uint32, 0 },
        { "transfers-per-ns", &cfg_type_uint32, 0 },
        { "treat-cr-as-space", &cfg_type_boolean, CFG_CLAUSEFLAG_ANCIENT },
+       { "update-quota", &cfg_type_uint32, 0 },
        { "use-id-pool", &cfg_type_boolean, CFG_CLAUSEFLAG_ANCIENT },
        { "use-ixfr", &cfg_type_boolean, CFG_CLAUSEFLAG_OBSOLETE },
        { "use-v4-udp-ports", &cfg_type_bracketed_portlist, 0 },