[v9_9] adjust max-recursion-queries

4021.	[bug]		Adjust max-recursion-queries to accommodate
			the need for more queries when the cache is
			empty. [RT #38104]

(cherry picked from commit be7fba80190c33b0e50f086509b42bb319bb95b4)
(cherry picked from commit b0e91083115c8a555e1d55acfeb230700f9eb1ff)

diff --git a/CHANGES b/CHANGES
index 8039af7bd5ef5b47909079f4f460e848c8ae76b7..915dac5c27e21decf1f54bae741a7dc5567c77c2 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -1,3 +1,7 @@
+4021.  [bug]           Adjust max-recursion-queries to accommodate 
+                       the need for more queries when the cache is
+                       empty. [RT #38104]
+
 4020.  [bug]           Change 3736 broke nsupdate's SOA MNAME discovery
                        resulting in updates being sent to the wrong server.
                        [RT #37925]

diff --git a/doc/arm/Bv9ARM-book.xml b/doc/arm/Bv9ARM-book.xml
index 2b5fd5d33ed5d52a2ba8db37ad499dc4d1d97554..819514143edcd60364642e1794abb2c90215c43b 100644 (file)
--- a/doc/arm/Bv9ARM-book.xml
+++ b/doc/arm/Bv9ARM-book.xml
@@ -8710,8 +8710,10 @@ avoid-v6-udp-ports { 40000; range 50000 60000; };
                  Sets the maximum number of iterative queries that
                  may be sent while servicing a recursive query.
                  If more queries are sent, the recursive query
-                 is terminated and returns SERVFAIL. The default
-                 is 50.
+                 is terminated and returns SERVFAIL. Queries to
+                 look up top level comains such as "com" and "net"
+                 and the DNS root zone are exempt from this limitation.
+                 The default is 50.
                </para>
              </listitem>
            </varlistentry>

diff --git a/doc/arm/notes.xml b/doc/arm/notes.xml
index 4401019f6b81dec03bfc3911da982f133c0013ab..d00f742c2b5f1d864d3d73e8dd6f7d55cb8b33d4 100644 (file)
--- a/doc/arm/notes.xml
+++ b/doc/arm/notes.xml
@@ -225,6 +225,12 @@
          rather than the SOA MNAME server when sending the UPDATE.
         </para>
       </listitem>
+      <listitem>
+        <para>
+         Adjusted max-recursion-queries to better accommodate empty
+         caches.
+        </para>
+      </listitem>
     </itemizedlist>
   </sect2>
   <sect2 id="end_of_life">

diff --git a/lib/dns/adb.c b/lib/dns/adb.c
index c75ea59f751f8cc5a01e2df3e236b1573f8f87d9..a9ffd2ad9f44e1e8818e4c9d4632106731f7e20c 100644 (file)
--- a/lib/dns/adb.c
+++ b/lib/dns/adb.c
@@ -3805,11 +3805,11 @@ fetch_callback(isc_task_t *task, isc_event_t *ev) {
                        goto out;
                /* XXXMLG Don't pound on bad servers. */
                if (address_type == DNS_ADBFIND_INET) {
-                       name->expire_v4 = ISC_MIN(name->expire_v4, now + 300);
+                       name->expire_v4 = ISC_MIN(name->expire_v4, now + 10);
                        name->fetch_err = FIND_ERR_FAILURE;
                        inc_stats(adb, dns_resstatscounter_gluefetchv4fail);
                } else {
-                       name->expire_v6 = ISC_MIN(name->expire_v6, now + 300);
+                       name->expire_v6 = ISC_MIN(name->expire_v6, now + 10);
                        name->fetch6_err = FIND_ERR_FAILURE;
                        inc_stats(adb, dns_resstatscounter_gluefetchv6fail);
                }

diff --git a/lib/dns/resolver.c b/lib/dns/resolver.c
index cbdeb2ead1f7d1a1e0d92aef1eb83b925260af37..8daf6e0450703c27527f1fac7dfa14dc8cae379a 100644 (file)
--- a/lib/dns/resolver.c
+++ b/lib/dns/resolver.c
@@ -3082,6 +3082,16 @@ fctx_try(fetchctx_t *fctx, isc_boolean_t retrying, isc_boolean_t badcache) {
 
        REQUIRE(!ADDRWAIT(fctx));
 
+       /* We've already exceeded maximum query count */
+       if (isc_counter_used(fctx->qc) > fctx->res->maxqueries) {
+               isc_log_write(dns_lctx, DNS_LOGCATEGORY_RESOLVER,
+                             DNS_LOGMODULE_RESOLVER, ISC_LOG_DEBUG(3),
+                             "exceeded max queries resolving '%s'",
+                             fctx->info);
+               fctx_done(fctx, DNS_R_SERVFAIL, __LINE__);
+               return;
+       }
+
        addrinfo = fctx_nextaddress(fctx);
        if (addrinfo == NULL) {
                /*
@@ -3119,14 +3129,16 @@ fctx_try(fetchctx_t *fctx, isc_boolean_t retrying, isc_boolean_t badcache) {
                }
        }
 
-       result = isc_counter_increment(fctx->qc);
-       if (result != ISC_R_SUCCESS) {
-               isc_log_write(dns_lctx, DNS_LOGCATEGORY_RESOLVER,
-                             DNS_LOGMODULE_RESOLVER, ISC_LOG_DEBUG(3),
-                             "exceeded max queries resolving '%s'",
-                             fctx->info);
-               fctx_done(fctx, DNS_R_SERVFAIL, __LINE__);
-               return;
+       if (dns_name_countlabels(&fctx->domain) > 2) {
+               result = isc_counter_increment(fctx->qc);
+               if (result != ISC_R_SUCCESS) {
+                       isc_log_write(dns_lctx, DNS_LOGCATEGORY_RESOLVER,
+                                     DNS_LOGMODULE_RESOLVER, ISC_LOG_DEBUG(3),
+                                     "exceeded max queries resolving '%s'",
+                                     fctx->info);
+                       fctx_done(fctx, DNS_R_SERVFAIL, __LINE__);
+                       return;
+               }
        }
 
        result = fctx_query(fctx, addrinfo, fctx->options);