Merge branch '3461-fetches-per-zone-final-log-message' into 'main'

Resolve "Do a better job of logging when fetches-per-zone is triggered" Closes #3461 See merge request isc-projects/bind9!6595
2025-08-31 14:35:26 +00:00 · 2022-08-01 14:33:42 +00:00
parent 0f6a6b9a70 50d57a7551
commit 1f306f9a8a
3 changed files with 33 additions and 8 deletions
--- a/5
+++ b/5
@@ -1,3 +1,8 @@
+5934.	[func]		Improve fetches-per-zone fetch limit logging to log
+			the final allowed and spilled values of the fetch
+			counters before the counter object gets destroyed.
+			[GL #3461]
+
 5933.	[port]		Automatically disable RSASHA1 and NSEC3RSASHA1 in
 			named on Fedorda 33, Oracle Linux 9 and RHEL9 when
 			they are disabled by the security policy. [GL #3469]
--- a/doc/notes/notes-current.rst
+++ b/doc/notes/notes-current.rst
@@ -48,6 +48,10 @@ Feature Changes
  to different DNSSEC algorithms is not possible when RSASHA1 is
  disallowed by the OS. :gl:`#3469`

+- Fetch limit log messages have been improved to provide more complete
+  information. Specifically, the final values of allowed and spilled fetches
+  will now be logged before the counter object gets destroyed. :gl:`#3461`
+
 Bug Fixes
 ~~~~~~~~~

--- a/lib/dns/resolver.c
+++ b/lib/dns/resolver.c
@@ -1566,7 +1566,7 @@ fctx_cancelqueries(fetchctx_t *fctx, bool no_response, bool age_untried) {
 }

 static void
-fcount_logspill(fetchctx_t *fctx, fctxcount_t *counter) {
+fcount_logspill(fetchctx_t *fctx, fctxcount_t *counter, bool final) {
 	char dbuf[DNS_NAME_FORMATSIZE];
 	isc_stdtime_t now;

@@ -1574,18 +1574,33 @@ fcount_logspill(fetchctx_t *fctx, fctxcount_t *counter) {
 		return;
 	}

+	/* Do not log a message if there were no dropped fetches. */
+	if (counter->dropped == 0) {
+		return;
+	}
+
+	/* Do not log the cumulative message if the previous log is recent. */
 	isc_stdtime_get(&now);
-	if (counter->logged > now - 60) {
+	if (!final && counter->logged > now - 60) {
 		return;
 	}

 	dns_name_format(fctx->domain, dbuf, sizeof(dbuf));

-	isc_log_write(dns_lctx, DNS_LOGCATEGORY_SPILL, DNS_LOGMODULE_RESOLVER,
-		      ISC_LOG_INFO,
+	if (!final) {
+		isc_log_write(dns_lctx, DNS_LOGCATEGORY_SPILL,
+			      DNS_LOGMODULE_RESOLVER, ISC_LOG_INFO,
 			      "too many simultaneous fetches for %s "
 			      "(allowed %d spilled %d)",
 			      dbuf, counter->allowed, counter->dropped);
+	} else {
+		isc_log_write(dns_lctx, DNS_LOGCATEGORY_SPILL,
+			      DNS_LOGMODULE_RESOLVER, ISC_LOG_INFO,
+			      "fetch counters for %s now being discarded "
+			      "(allowed %d spilled %d; cumulative since "
+			      "initial trigger event)",
+			      dbuf, counter->allowed, counter->dropped);
+	}

 	counter->logged = now;
 }
@@ -1653,7 +1668,7 @@ fcount_incr(fetchctx_t *fctx, bool force) {
 		uint_fast32_t spill = atomic_load_acquire(&res->zspill);
 		if (!force && spill != 0 && counter->count >= spill) {
 			counter->dropped++;
-			fcount_logspill(fctx, counter);
+			fcount_logspill(fctx, counter, false);
 			result = ISC_R_QUOTA;
 		} else {
 			counter->count++;
@@ -1696,6 +1711,7 @@ fcount_decr(fetchctx_t *fctx) {
 		fctx->zbucket = NULL;

 		if (counter->count == 0) {
+			fcount_logspill(fctx, counter, true);
 			ISC_LIST_UNLINK(zbucket->list, counter, link);
 			isc_mem_put(fctx->res->mctx, counter, sizeof(*counter));
 		}