mir/bind
2
0
Fork 0
mirror of https://gitlab.isc.org/isc-projects/bind9 synced 2025-08-30 05:57:52 +00:00
Code Issues Releases Wiki Activity

[9.20] fix: usr: Ensure max-clients-per-query is at least clients-per-query

Browse Source 
If the `max-clients-per-query` option is set to a lower value than `clients-per-query`, the value is adjusted to match `clients-per-query`.

Closes #5224

Backport of MR !10241

Merge branch 'backport-5224-raise-max-clients-per-query-to-be-at-least-9.20' into 'bind-9.20'

See merge request isc-projects/bind9!10244
This commit is contained in:
Matthijs Mekking 2025-03-20 13:57:03 +00:00
commit 8f78219cc1
4 changed files with 84 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

21
bin/named/server.c
View File

@ -4191,7 +4191,7 @@ configure_view(dns_view_t *view, dns_viewlist_t *viewlist, cfg_obj_t *config,
uint32_t maxbits; uint32_t maxbits;
unsigned int resopts = 0; unsigned int resopts = 0;
dns_zone_t *zone = NULL; dns_zone_t *zone = NULL;
uint32_t max_clients_per_query; uint32_t clients_per_query, max_clients_per_query;
bool empty_zones_enable; bool empty_zones_enable;
const cfg_obj_t *disablelist = NULL; const cfg_obj_t *disablelist = NULL;
isc_stats_t *resstats = NULL; isc_stats_t *resstats = NULL;
@ -5621,15 +5621,26 @@ configure_view(dns_view_t *view, dns_viewlist_t *viewlist, cfg_obj_t *config,
INSIST(result == ISC_R_SUCCESS); INSIST(result == ISC_R_SUCCESS);
view->v6bias = cfg_obj_asuint32(obj) * 1000; view->v6bias = cfg_obj_asuint32(obj) * 1000;
obj = NULL;
result = named_config_get(maps, "clients-per-query", &obj);
INSIST(result == ISC_R_SUCCESS);
clients_per_query = cfg_obj_asuint32(obj);
obj = NULL; obj = NULL;
result = named_config_get(maps, "max-clients-per-query", &obj); result = named_config_get(maps, "max-clients-per-query", &obj);
INSIST(result == ISC_R_SUCCESS); INSIST(result == ISC_R_SUCCESS);
max_clients_per_query = cfg_obj_asuint32(obj); max_clients_per_query = cfg_obj_asuint32(obj);
obj = NULL; if (max_clients_per_query < clients_per_query) {
result = named_config_get(maps, "clients-per-query", &obj); cfg_obj_log(obj, named_g_lctx, ISC_LOG_WARNING,
INSIST(result == ISC_R_SUCCESS); "configured clients-per-query (%u) exceeds "
dns_resolver_setclientsperquery(view->resolver, cfg_obj_asuint32(obj), "max-clients-per-query (%u); automatically "
"adjusting max-clients-per-query to (%u)",
clients_per_query, max_clients_per_query,
clients_per_query);
max_clients_per_query = clients_per_query;
}
dns_resolver_setclientsperquery(view->resolver, clients_per_query,
max_clients_per_query); max_clients_per_query);
/* /*

52
bin/tests/system/fetchlimit/ns5/named3.conf.in Normal file
View File

@ -0,0 +1,52 @@
/*
* Copyright (C) Internet Systems Consortium, Inc. ("ISC")
*
* SPDX-License-Identifier: MPL-2.0
*
* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, you can obtain one at https://mozilla.org/MPL/2.0/.
*
* See the COPYRIGHT file distributed with this work for additional
* information regarding copyright ownership.
*/
options {
query-source address 10.53.0.5;
notify-source 10.53.0.5;
transfer-source 10.53.0.5;
port @PORT@;
directory ".";
pid-file "named.pid";
listen-on { 10.53.0.5; };
listen-on-v6 { none; };
recursion yes;
dnssec-validation yes;
notify yes;
stale-answer-enable yes;
stale-cache-enable yes;
stale-answer-client-timeout 0;
/* max-clients-per-query < clients-per-query */
clients-per-query 10;
max-clients-per-query 5;
};
trust-anchors { };
server 10.53.0.4 {
edns no;
};
key rndc_key {
secret "1234abcd8765";
algorithm @DEFAULT_HMAC@;
};
controls {
inet 10.53.0.5 port @CONTROLPORT@ allow { any; } keys { rndc_key; };
};
zone "." {
type hint;
file "root.hint";
};

9
bin/tests/system/fetchlimit/tests.sh
View File

@ -328,5 +328,14 @@ echo_i "$zspill clients spilled (expected $expected)"
if [ $ret != 0 ]; then echo_i "failed"; fi if [ $ret != 0 ]; then echo_i "failed"; fi
status=$((status + ret)) status=$((status + ret))
n=$((n + 1))
echo_i "checking a warning is logged if max-clients-per-query < clients-per-query ($n)"
ret=0
copy_setports ns5/named3.conf.in ns5/named.conf
rndc_reconfig ns5 10.53.0.5
wait_for_message ns5/named.run "configured clients-per-query (10) exceeds max-clients-per-query (5); automatically adjusting max-clients-per-query to (10)" || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=$((status + ret))
echo_i "exit status: $status" echo_i "exit status: $status"
[ $status -eq 0 ] || exit 1 [ $status -eq 0 ] || exit 1

10
doc/arm/reference.rst
View File

@ -3804,9 +3804,13 @@ system.
after 20 minutes if it has remained unchanged. after 20 minutes if it has remained unchanged.
If :any:`max-clients-per-query` is set to zero, there is no upper bound, other If :any:`max-clients-per-query` is set to zero, there is no upper bound, other
than that imposed by :any:`recursive-clients`. If :any:`clients-per-query` is than that imposed by :any:`recursive-clients`. If the option is set to a
set to zero, :any:`max-clients-per-query` no longer applies and there is no lower value than :any:`clients-per-query`, the value is adjusted to
upper bound, other than that imposed by :any:`recursive-clients`. :any:`clients-per-query`.
If :any:`clients-per-query` is set to zero, :any:`max-clients-per-query` no
longer applies and there is no upper bound, other than that imposed by
:any:`recursive-clients`.
.. namedconf:statement:: max-validations-per-fetch .. namedconf:statement:: max-validations-per-fetch
:tags: server :tags: server