2564. [bug] 'named' was treating a TCP retry as a timeout when

author Mark Andrews <marka@isc.org>

Wed, 25 Feb 2009 22:47:12 +0000 (22:47 +0000)

committer Mark Andrews <marka@isc.org>

Wed, 25 Feb 2009 22:47:12 +0000 (22:47 +0000)
author Mark Andrews <marka@isc.org>
Wed, 25 Feb 2009 22:47:12 +0000 (22:47 +0000)
committer Mark Andrews <marka@isc.org>
Wed, 25 Feb 2009 22:47:12 +0000 (22:47 +0000)
diff --git a/CHANGES b/CHANGES

index 4d1b75a4dbb45d382a0a857fbee3b39dfcb8b52c..4892d0a2138502bf54efec629ea34917699b8ccd 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -1,3 +1,7 @@
+2564.  [bug]           'named' was treating a TCP retry as a timeout when
+                       deciding whether to perform a EDNS fallback step.
+                       [RT #19393]
+
  2563.  [bug]           Dig could leak a socket causing it to wait forever
                         to exit. [RT #19359]
  
diff --git a/lib/dns/resolver.c b/lib/dns/resolver.c

index 1aafa4d3c978688eb1d9d5b4d236da8a28525785..1c14c3e52873171215d0a93015b303505bed486d 100644 (file)
--- a/lib/dns/resolver.c
+++ b/lib/dns/resolver.c
@@ -15,7 +15,7 @@
   * PERFORMANCE OF THIS SOFTWARE.
   */
  
-/* $Id: resolver.c,v 1.384.14.7 2009/02/15 23:16:42 marka Exp $ */
+/* $Id: resolver.c,v 1.384.14.8 2009/02/25 22:47:12 marka Exp $ */
  
  /*! \file */
  
@@ -1634,28 +1634,44 @@ resquery_send(resquery_t *query) {
                                     DNS_FETCHOPT_NOEDNS0);
         }
  
-       /* Sync NOEDNS0 flag in addrinfo->flags and options now */
+       /* Sync NOEDNS0 flag in addrinfo->flags and options now. */
         if ((query->addrinfo->flags & DNS_FETCHOPT_NOEDNS0) != 0)
                 query->options |= DNS_FETCHOPT_NOEDNS0;
  
         /*
-        * Use EDNS0, unless the caller doesn't want it, or we know that
-        * the remote server doesn't like it.
+        * Handle UDP timeouts by reducing the UDP response size to 512
+        * bytes then if that doesn't work disabling EDNS (includes DO)
+        * and CD.
+        *
+        * These timeout can be due to:
+        *      * broken nameservers that don't respond to EDNS queries.
+        *      * broken/misconfigured firewalls and NAT implementations
+        *        that don't handle IP fragmentation.
+        *      * broken/misconfigured firewalls that don't handle responses
+        *        greater than 512 bytes.
+        *      * broken/misconfigured firewalls that don't handle EDNS, DO
+        *        or CD.
+        *      * packet loss / link outage.
          */
-
-       if ((triededns512(fctx, &query->addrinfo->sockaddr) ||
-            fctx->timeouts >= (MAX_EDNS0_TIMEOUTS * 2)) &&
-           (query->options & DNS_FETCHOPT_NOEDNS0) == 0) {
-               query->options |= DNS_FETCHOPT_NOEDNS0;
-               fctx->reason = "disabling EDNS";
-       } else if ((triededns(fctx, &query->addrinfo->sockaddr) ||
-                   fctx->timeouts >= MAX_EDNS0_TIMEOUTS) &&
-                  (query->options & DNS_FETCHOPT_NOEDNS0) == 0) {
-               query->options |= DNS_FETCHOPT_EDNS512;
-               fctx->reason = "reducing the advertised EDNS UDP packet "
-                              "size to 512 octets";
+       if ((query->options & DNS_FETCHOPT_TCP) == 0) {
+               if ((triededns512(fctx, &query->addrinfo->sockaddr) ||
+                    fctx->timeouts >= (MAX_EDNS0_TIMEOUTS * 2)) &&
+                   (query->options & DNS_FETCHOPT_NOEDNS0) == 0) {
+                       query->options |= DNS_FETCHOPT_NOEDNS0;
+                       fctx->reason = "disabling EDNS";
+               } else if ((triededns(fctx, &query->addrinfo->sockaddr) ||
+                           fctx->timeouts >= MAX_EDNS0_TIMEOUTS) &&
+                          (query->options & DNS_FETCHOPT_NOEDNS0) == 0) {
+                       query->options |= DNS_FETCHOPT_EDNS512;
+                       fctx->reason = "reducing the advertised EDNS UDP "
+                                      "packet size to 512 octets";
+               }
         }
  
+       /*
+        * Use EDNS0, unless the caller doesn't want it, or we know that
+        * the remote server doesn't like it.
+        */
         if ((query->options & DNS_FETCHOPT_NOEDNS0) == 0) {
                 if ((query->addrinfo->flags & DNS_FETCHOPT_NOEDNS0) == 0) {
                         unsigned int version = 0;       /* Default version. */
author	Mark Andrews <marka@isc.org>
	Wed, 25 Feb 2009 22:47:12 +0000 (22:47 +0000)
committer	Mark Andrews <marka@isc.org>
	Wed, 25 Feb 2009 22:47:12 +0000 (22:47 +0000)
CHANGES		patch \| blob \| blame \| history
lib/dns/resolver.c		patch \| blob \| blame \| history