diff --git a/bin/named/server.c b/bin/named/server.c index f11a4e97e0..036799831b 100644 --- a/bin/named/server.c +++ b/bin/named/server.c @@ -4191,7 +4191,7 @@ configure_view(dns_view_t *view, dns_viewlist_t *viewlist, cfg_obj_t *config, uint32_t maxbits; unsigned int resopts = 0; dns_zone_t *zone = NULL; - uint32_t max_clients_per_query; + uint32_t clients_per_query, max_clients_per_query; bool empty_zones_enable; const cfg_obj_t *disablelist = NULL; isc_stats_t *resstats = NULL; @@ -5621,15 +5621,26 @@ configure_view(dns_view_t *view, dns_viewlist_t *viewlist, cfg_obj_t *config, INSIST(result == ISC_R_SUCCESS); view->v6bias = cfg_obj_asuint32(obj) * 1000; + obj = NULL; + result = named_config_get(maps, "clients-per-query", &obj); + INSIST(result == ISC_R_SUCCESS); + clients_per_query = cfg_obj_asuint32(obj); + obj = NULL; result = named_config_get(maps, "max-clients-per-query", &obj); INSIST(result == ISC_R_SUCCESS); max_clients_per_query = cfg_obj_asuint32(obj); - obj = NULL; - result = named_config_get(maps, "clients-per-query", &obj); - INSIST(result == ISC_R_SUCCESS); - dns_resolver_setclientsperquery(view->resolver, cfg_obj_asuint32(obj), + if (max_clients_per_query < clients_per_query) { + cfg_obj_log(obj, named_g_lctx, ISC_LOG_WARNING, + "configured clients-per-query (%u) exceeds " + "max-clients-per-query (%u); automatically " + "adjusting max-clients-per-query to (%u)", + clients_per_query, max_clients_per_query, + clients_per_query); + max_clients_per_query = clients_per_query; + } + dns_resolver_setclientsperquery(view->resolver, clients_per_query, max_clients_per_query); /* diff --git a/bin/tests/system/fetchlimit/ns5/named3.conf.in b/bin/tests/system/fetchlimit/ns5/named3.conf.in new file mode 100644 index 0000000000..7fb1bafd80 --- /dev/null +++ b/bin/tests/system/fetchlimit/ns5/named3.conf.in @@ -0,0 +1,52 @@ +/* + * Copyright (C) Internet Systems Consortium, Inc. ("ISC") + * + * SPDX-License-Identifier: MPL-2.0 + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, you can obtain one at https://mozilla.org/MPL/2.0/. + * + * See the COPYRIGHT file distributed with this work for additional + * information regarding copyright ownership. + */ + +options { + query-source address 10.53.0.5; + notify-source 10.53.0.5; + transfer-source 10.53.0.5; + port @PORT@; + directory "."; + pid-file "named.pid"; + listen-on { 10.53.0.5; }; + listen-on-v6 { none; }; + recursion yes; + dnssec-validation yes; + notify yes; + stale-answer-enable yes; + stale-cache-enable yes; + stale-answer-client-timeout 0; + /* max-clients-per-query < clients-per-query */ + clients-per-query 10; + max-clients-per-query 5; +}; + +trust-anchors { }; + +server 10.53.0.4 { + edns no; +}; + +key rndc_key { + secret "1234abcd8765"; + algorithm @DEFAULT_HMAC@; +}; + +controls { + inet 10.53.0.5 port @CONTROLPORT@ allow { any; } keys { rndc_key; }; +}; + +zone "." { + type hint; + file "root.hint"; +}; diff --git a/bin/tests/system/fetchlimit/tests.sh b/bin/tests/system/fetchlimit/tests.sh index 9a5bdc20bd..0909f57a22 100644 --- a/bin/tests/system/fetchlimit/tests.sh +++ b/bin/tests/system/fetchlimit/tests.sh @@ -328,5 +328,14 @@ echo_i "$zspill clients spilled (expected $expected)" if [ $ret != 0 ]; then echo_i "failed"; fi status=$((status + ret)) +n=$((n + 1)) +echo_i "checking a warning is logged if max-clients-per-query < clients-per-query ($n)" +ret=0 +copy_setports ns5/named3.conf.in ns5/named.conf +rndc_reconfig ns5 10.53.0.5 +wait_for_message ns5/named.run "configured clients-per-query (10) exceeds max-clients-per-query (5); automatically adjusting max-clients-per-query to (10)" || ret=1 +if [ $ret != 0 ]; then echo_i "failed"; fi +status=$((status + ret)) + echo_i "exit status: $status" [ $status -eq 0 ] || exit 1 diff --git a/doc/arm/reference.rst b/doc/arm/reference.rst index de79b3d027..75a46f0bff 100644 --- a/doc/arm/reference.rst +++ b/doc/arm/reference.rst @@ -3804,9 +3804,13 @@ system. after 20 minutes if it has remained unchanged. If :any:`max-clients-per-query` is set to zero, there is no upper bound, other - than that imposed by :any:`recursive-clients`. If :any:`clients-per-query` is - set to zero, :any:`max-clients-per-query` no longer applies and there is no - upper bound, other than that imposed by :any:`recursive-clients`. + than that imposed by :any:`recursive-clients`. If the option is set to a + lower value than :any:`clients-per-query`, the value is adjusted to + :any:`clients-per-query`. + + If :any:`clients-per-query` is set to zero, :any:`max-clients-per-query` no + longer applies and there is no upper bound, other than that imposed by + :any:`recursive-clients`. .. namedconf:statement:: max-validations-per-fetch :tags: server