From 05d78671bb6a5ba63d78d77339e17cbc73f18188 Mon Sep 17 00:00:00 2001
From: Evan Hunt <each@isc.org>
Date: Tue, 25 Jun 2024 12:28:23 -0700
Subject: [PATCH] reduce MAX_RESTARTS to 11

the number of steps that can be followed in a CNAME chain
before terminating the lookup has been reduced from 16 to 11.
(this is a hard-coded value, but will be made configurable later.)
---
 bin/tests/system/chain/tests.sh    | 2 +-
 bin/tests/system/resolver/tests.sh | 2 +-
 lib/dns/client.c                   | 2 +-
 lib/ns/query.c                     | 2 +-
 4 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/bin/tests/system/chain/tests.sh b/bin/tests/system/chain/tests.sh
index 2c87e123e4..996378d16c 100644
--- a/bin/tests/system/chain/tests.sh
+++ b/bin/tests/system/chain/tests.sh
@@ -454,7 +454,7 @@ ret=0
 $DIG $DIGOPTS @10.53.0.2 loop.example >dig.out.test$n
 grep "status: SERVFAIL" dig.out.test$n >/dev/null || ret=1
 grep "max. restarts reached" dig.out.test$n >/dev/null || ret=1
-grep "ANSWER: 17" dig.out.test$n >/dev/null || ret=1
+grep "ANSWER: 12" dig.out.test$n >/dev/null || ret=1
 if [ $ret != 0 ]; then echo_i "failed"; fi
 status=$((status + ret))
 
diff --git a/bin/tests/system/resolver/tests.sh b/bin/tests/system/resolver/tests.sh
index 0e6db14457..d718362e01 100755
--- a/bin/tests/system/resolver/tests.sh
+++ b/bin/tests/system/resolver/tests.sh
@@ -149,7 +149,7 @@ dig_with_opts +tcp longcname1.example.net @10.53.0.1 a >dig.out.ns1.test${n} ||
 grep -F "status: SERVFAIL" dig.out.ns1.test${n} >/dev/null || ret=1
 grep -F "max. restarts reached" dig.out.ns1.test${n} >/dev/null || ret=1
 lines=$(grep -F "CNAME" dig.out.ns1.test${n} | wc -l)
-test ${lines:-1} -eq 17 || ret=1
+test ${lines:-1} -eq 12 || ret=1
 if [ $ret != 0 ]; then echo_i "failed"; fi
 status=$((status + ret))
 
diff --git a/lib/dns/client.c b/lib/dns/client.c
index f0b0311b37..a945b93d79 100644
--- a/lib/dns/client.c
+++ b/lib/dns/client.c
@@ -57,7 +57,7 @@
 #define UCTX_MAGIC    ISC_MAGIC('U', 'c', 't', 'x')
 #define UCTX_VALID(c) ISC_MAGIC_VALID(c, UCTX_MAGIC)
 
-#define MAX_RESTARTS 16
+#define MAX_RESTARTS 11
 
 #define CHECK(r)                             \
 	do {                                 \
diff --git a/lib/ns/query.c b/lib/ns/query.c
index 0c36f7ae2b..4e66f7b736 100644
--- a/lib/ns/query.c
+++ b/lib/ns/query.c
@@ -90,7 +90,7 @@
  * Maximum number of chained queries before we give up
  * to prevent CNAME loops.
  */
-#define MAX_RESTARTS 16
+#define MAX_RESTARTS 11
 
 #define QUERY_ERROR(qctx, r)                  \
 	do {                                  \