Fast fail a validator deadlock

We return DNS_R_NOVALIDSIG if we detected a deadlock. Then in
'validate_async_done()', this result value is used to check if we
need to fall back to insecure. As part of that we create a new fetch
but that fails because of the detected deadlock. This results in a loop
of deadlock detected, fallback to insecure, deadlock detected, ...

Add a new result value, ISC_R_DEADLOCK, and return this instead when
we have detected a deadlock. This will be treated as a generic error,
as there is no special handling for this result value.

(cherry picked from commit bc1d177cc2e82f18a77985c518e169f0e37d88c7)

diff --git a/lib/dns/validator.c b/lib/dns/validator.c
index 4ab4ee407e01c9e82199c501bf25eff97a3b07af..3dacbd11311b90fb90e3c6c1a7b806e649f32b26 100644 (file)
--- a/lib/dns/validator.c
+++ b/lib/dns/validator.c
@@ -973,7 +973,7 @@ create_fetch(dns_validator_t *val, dns_name_t *name, dns_rdatatype_t type,
        if (check_deadlock(val, name, type, NULL, NULL)) {
                validator_log(val, ISC_LOG_DEBUG(3),
                              "deadlock found (create_fetch)");
-               return DNS_R_NOVALIDSIG;
+               return ISC_R_DEADLOCK;
        }
 
        if ((val->options & DNS_VALIDATOR_NOCDFLAG) != 0) {
@@ -1017,7 +1017,7 @@ create_validator(dns_validator_t *val, dns_name_t *name, dns_rdatatype_t type,
        if (check_deadlock(val, name, type, rdataset, sig)) {
                validator_log(val, ISC_LOG_DEBUG(3),
                              "deadlock found (create_validator)");
-               return DNS_R_NOVALIDSIG;
+               return ISC_R_DEADLOCK;
        }
 
        /* OK to clear other options, but preserve NOCDFLAG and NONTA. */

diff --git a/lib/isc/include/isc/result.h b/lib/isc/include/isc/result.h
index 129cdef7515cd92d7aadea521375f1737886f263..f9563e3df0150894d25576eac18b7503b797fdc3 100644 (file)
--- a/lib/isc/include/isc/result.h
+++ b/lib/isc/include/isc/result.h
@@ -96,6 +96,7 @@ typedef enum isc_result {
        ISC_R_HTTP2ALPNERROR, /*%< ALPN for HTTP/2 failed */
        ISC_R_DOTALPNERROR,   /*%< ALPN for DoT failed */
        ISC_R_INVALIDPROTO,   /*%< invalid protocol */
+       ISC_R_DEADLOCK,       /*%< deadlock found */
 
        DNS_R_LABELTOOLONG,
        DNS_R_BADESCAPE,

diff --git a/lib/isc/result.c b/lib/isc/result.c
index 6ba7f9948413373e607a6f8338c86de674a9c5fd..29b8bc65f4e73f6a6f8775d056cb27aa8c8c14a9 100644 (file)
--- a/lib/isc/result.c
+++ b/lib/isc/result.c
@@ -96,6 +96,7 @@ static const char *description[ISC_R_NRESULTS] = {
        [ISC_R_HTTP2ALPNERROR] = "ALPN for HTTP/2 failed",
        [ISC_R_DOTALPNERROR] = "ALPN for DoT failed",
        [ISC_R_INVALIDPROTO] = "invalid protocol",
+       [ISC_R_DEADLOCK] = "deadlock found",
 
        [DNS_R_LABELTOOLONG] = "label too long",
        [DNS_R_BADESCAPE] = "bad escape",