mir/bind
2
0
Fork 0
mirror of https://gitlab.isc.org/isc-projects/bind9 synced 2025-08-22 18:19:42 +00:00
Code Issues Releases Wiki Activity

Implement 'max-query-count'

Browse Source 
Add another option to configure how many outgoing queries per
client request is allowed. The existing 'max-recursion-queries' is
per restart, this one is a global limit.
This commit is contained in:
Matthijs Mekking 2024-11-07 10:52:19 +01:00
parent 522581469c
commit bbc16cc8e6
9 changed files with 42 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
bin/named/config.c
View File

@ -169,6 +169,7 @@ options {\n\
max-ncache-ttl 10800; /* 3 hours */\n\ max-ncache-ttl 10800; /* 3 hours */\n\
max-recursion-depth 7;\n\ max-recursion-depth 7;\n\
max-recursion-queries 32;\n\ max-recursion-queries 32;\n\
max-query-count 200;\n\
max-query-restarts 11;\n\ max-query-restarts 11;\n\
max-stale-ttl 86400; /* 1 day */\n\ max-stale-ttl 86400; /* 1 day */\n\
message-compression yes;\n\ message-compression yes;\n\

5
bin/named/server.c
View File

@ -5292,6 +5292,11 @@ configure_view(dns_view_t *view, dns_viewlist_t *viewlist, cfg_obj_t *config,
INSIST(result == ISC_R_SUCCESS); INSIST(result == ISC_R_SUCCESS);
dns_view_setmaxrestarts(view, cfg_obj_asuint32(obj)); dns_view_setmaxrestarts(view, cfg_obj_asuint32(obj));
obj = NULL;
result = named_config_get(maps, "max-query-count", &obj);
INSIST(result == ISC_R_SUCCESS);
dns_view_setmaxqueries(view, cfg_obj_asuint32(obj));
obj = NULL; obj = NULL;
result = named_config_get(maps, "max-validations-per-fetch", &obj); result = named_config_get(maps, "max-validations-per-fetch", &obj);
if (result == ISC_R_SUCCESS) { if (result == ISC_R_SUCCESS) {

1
bin/tests/system/checkconf/good.conf.in
View File

@ -74,6 +74,7 @@ options {
check-names primary warn; check-names primary warn;
check-names secondary ignore; check-names secondary ignore;
max-cache-size 20000000000000; max-cache-size 20000000000000;
max-query-count 100;
max-query-restarts 10; max-query-restarts 10;
nta-lifetime 604800; nta-lifetime 604800;
nta-recheck 604800; nta-recheck 604800;

9
doc/arm/reference.rst
View File

@ -4472,6 +4472,15 @@ Tuning
format is more human-readable, and is thus suitable when a zone is to format is more human-readable, and is thus suitable when a zone is to
be edited by hand. The default is ``relative``. be edited by hand. The default is ``relative``.
.. namedconf:statement:: max-query-count
:tags: server, query
:short: Sets the maximum number of iterative queries while servicing a recursive query.
This sets the maximum number of iterative queries that may be sent
by a resolver while looking up a single name. If more queries than this
need to be sent before an answer is reached, then recursion is terminated
and a SERVFAIL response is returned to the client. The default is ``200``.
.. namedconf:statement:: max-recursion-depth .. namedconf:statement:: max-recursion-depth
:tags: server :tags: server
:short: Sets the maximum number of levels of recursion permitted at any one time while servicing a recursive query. :short: Sets the maximum number of levels of recursion permitted at any one time while servicing a recursive query.

2
doc/misc/options
View File

@ -179,6 +179,7 @@ options {
max-ixfr-ratio ( unlimited | <percentage> ); max-ixfr-ratio ( unlimited | <percentage> );
max-journal-size ( default | unlimited | <sizeval> ); max-journal-size ( default | unlimited | <sizeval> );
max-ncache-ttl <duration>; max-ncache-ttl <duration>;
max-query-count <integer>;
max-query-restarts <integer>; max-query-restarts <integer>;
max-records <integer>; max-records <integer>;
max-records-per-type <integer>; max-records-per-type <integer>;
@ -470,6 +471,7 @@ view <string> [ <class> ] {
max-ixfr-ratio ( unlimited | <percentage> ); max-ixfr-ratio ( unlimited | <percentage> );
max-journal-size ( default | unlimited | <sizeval> ); max-journal-size ( default | unlimited | <sizeval> );
max-ncache-ttl <duration>; max-ncache-ttl <duration>;
max-query-count <integer>;
max-query-restarts <integer>; max-query-restarts <integer>;
max-records <integer>; max-records <integer>;
max-records-per-type <integer>; max-records-per-type <integer>;

14
lib/dns/include/dns/view.h
View File

@ -185,6 +185,7 @@ struct dns_view {
unsigned int udpsize; unsigned int udpsize;
uint32_t maxrrperset; uint32_t maxrrperset;
uint32_t maxtypepername; uint32_t maxtypepername;
uint16_t max_queries;
uint8_t max_restarts; uint8_t max_restarts;
/* /*
@ -1335,4 +1336,17 @@ dns_view_setmaxrestarts(dns_view_t *view, uint8_t max_restarts);
*\li 'max_restarts' is greater than 0. *\li 'max_restarts' is greater than 0.
*/ */
void
dns_view_setmaxqueries(dns_view_t *view, uint16_t max_queries);
/*%
* Set the number of permissible outgoing queries before we give up.
* This defaults to 200.
*
* Requires:
*
*\li 'view' is valid;
*\li 'max_queries' is greater than 0.
*/
ISC_LANG_ENDDECLS ISC_LANG_ENDDECLS

1
lib/dns/resolver.c
View File

@ -566,6 +566,7 @@ struct dns_resolver {
unsigned int query_timeout; unsigned int query_timeout;
unsigned int maxdepth; unsigned int maxdepth;
unsigned int maxqueries; unsigned int maxqueries;
unsigned int maxquerycount;
isc_result_t quotaresp[2]; isc_result_t quotaresp[2];
isc_stats_t *stats; isc_stats_t *stats;
dns_stats_t *querystats; dns_stats_t *querystats;

8
lib/dns/view.c
View File

@ -2447,3 +2447,11 @@ dns_view_setmaxrestarts(dns_view_t *view, uint8_t max_restarts) {
view->max_restarts = max_restarts; view->max_restarts = max_restarts;
} }
void
dns_view_setmaxqueries(dns_view_t *view, uint16_t max_queries) {
REQUIRE(DNS_VIEW_VALID(view));
REQUIRE(max_queries > 0);
view->max_queries = max_queries;
}

1
lib/isccfg/namedconf.c
View File

@ -2108,6 +2108,7 @@ static cfg_clausedef_t view_clauses[] = {
{ "max-ncache-ttl", &cfg_type_duration, 0 }, { "max-ncache-ttl", &cfg_type_duration, 0 },
{ "max-recursion-depth", &cfg_type_uint32, 0 }, { "max-recursion-depth", &cfg_type_uint32, 0 },
{ "max-recursion-queries", &cfg_type_uint32, 0 }, { "max-recursion-queries", &cfg_type_uint32, 0 },
{ "max-query-count", &cfg_type_uint32, 0 },
{ "max-query-restarts", &cfg_type_uint32, 0 }, { "max-query-restarts", &cfg_type_uint32, 0 },
{ "max-stale-ttl", &cfg_type_duration, 0 }, { "max-stale-ttl", &cfg_type_duration, 0 },
{ "max-udp-size", &cfg_type_uint32, 0 }, { "max-udp-size", &cfg_type_uint32, 0 },