Merge branch 'restart_conf' of https://github.com/cgallred/unbound into cgallred-restart_conf
George Thessalonikefs
1 year, 4 months ago
1833 | 1833 | It resets on query restarts (e.g., CNAME) and referrals. |
1834 | 1834 | Default is 32. |
1835 | 1835 | .TP 5 |
1836 | .B max\-query\-restarts: \fI<number> | |
1837 | Set the maximum number of times a query is allowed to restart upon encountering | |
1838 | a CNAME record. | |
1839 | If a query encounters more than the specified number of CNAME | |
1840 | records before resolving, Unbound will reply with SERVFAIL. | |
1841 | Default is 11. | |
1842 | .TP 5 | |
1836 | 1843 | .B fast\-server\-permil: \fI<number> |
1837 | 1844 | Specify how many times out of 1000 to pick from the set of fastest servers. |
1838 | 1845 | 0 turns the feature off. A value of 900 would pick from the fastest |
1866 | 1873 | When the \fBval-log-level\fR option is also set to \fB2\fR, responses with |
1867 | 1874 | Extended DNS Errors concerning DNSSEC failures that are not served from cache, |
1868 | 1875 | will also contain a descriptive text message about the reason for the failure. |
1869 | .TP | |
1876 | .TP 5 | |
1870 | 1877 | .B ede\-serve\-expired: \fI<yes or no> |
1871 | 1878 | If enabled, Unbound will attach an Extended DNS Error (RFC8914) Code 3 - Stale |
1872 | 1879 | Answer as EDNS0 option to the expired response. Note that this will not attach |
175 | 175 | iter_env->supports_ipv4 = cfg->do_ip4; |
176 | 176 | iter_env->outbound_msg_retry = cfg->outbound_msg_retry; |
177 | 177 | iter_env->max_sent_count = cfg->max_sent_count; |
178 | iter_env->max_query_restarts = cfg->max_query_restarts; | |
178 | 179 | return 1; |
179 | 180 | } |
180 | 181 |
1313 | 1313 | |
1314 | 1314 | /* We enforce a maximum number of query restarts. This is primarily a |
1315 | 1315 | * cheap way to prevent CNAME loops. */ |
1316 | if(iq->query_restart_count > MAX_RESTART_COUNT) { | |
1316 | if(iq->query_restart_count > ie->max_query_restarts) { | |
1317 | 1317 | verbose(VERB_QUERY, "request has exceeded the maximum number" |
1318 | 1318 | " of query restarts with %d", iq->query_restart_count); |
1319 | 1319 | errinf(qstate, "request has exceeded the maximum number " |
140 | 140 | /** number of queries that have been ratelimited */ |
141 | 141 | size_t num_queries_ratelimited; |
142 | 142 | |
143 | /** max number of query restarts to limit length of CNAME chain */ | |
144 | size_t max_query_restarts; | |
143 | 145 | /** number of retries on outgoing queries */ |
144 | 146 | int outbound_msg_retry; |
145 | 147 |
357 | 357 | cfg->pad_responses_block_size = 468; /* from RFC8467 */ |
358 | 358 | cfg->pad_queries = 1; |
359 | 359 | cfg->pad_queries_block_size = 128; /* from RFC8467 */ |
360 | cfg->max_query_restarts = MAX_RESTART_COUNT; | |
360 | 361 | #ifdef USE_IPSECMOD |
361 | 362 | cfg->ipsecmod_enabled = 1; |
362 | 363 | cfg->ipsecmod_ignore_bogus = 0; |
781 | 782 | else S_YNO("ratelimit-backoff:", ratelimit_backoff) |
782 | 783 | else S_NUMBER_NONZERO("outbound-msg-retry:", outbound_msg_retry) |
783 | 784 | else S_NUMBER_NONZERO("max-sent-count", max_sent_count) |
785 | else S_SIZET_NONZERO("max-query-restarts:", max_query_restarts) | |
784 | 786 | else S_SIZET_NONZERO("fast-server-num:", fast_server_num) |
785 | 787 | else S_NUMBER_OR_ZERO("fast-server-permil:", fast_server_permil) |
786 | 788 | else S_YNO("qname-minimisation:", qname_minimisation) |
1243 | 1245 | else O_YNO(opt, "ratelimit-backoff", ratelimit_backoff) |
1244 | 1246 | else O_UNS(opt, "outbound-msg-retry", outbound_msg_retry) |
1245 | 1247 | else O_UNS(opt, "max-sent-count", max_sent_count) |
1248 | else O_DEC(opt, "max-query-restarts", max_query_restarts) | |
1246 | 1249 | else O_DEC(opt, "fast-server-num", fast_server_num) |
1247 | 1250 | else O_DEC(opt, "fast-server-permil", fast_server_permil) |
1248 | 1251 | else O_DEC(opt, "val-sig-skew-min", val_sig_skew_min) |
661 | 661 | /** block size with which to pad encrypted queries (default: 128) */ |
662 | 662 | size_t pad_queries_block_size; |
663 | 663 | |
664 | /** max number of query restarts. Determines max number of CNAME chain (default: 8) */ | |
665 | size_t max_query_restarts; | |
666 | ||
664 | 667 | /** IPsec module */ |
665 | 668 | #ifdef USE_IPSECMOD |
666 | 669 | /** false to bypass the IPsec module */ |
540 | 540 | pad-responses-block-size{COLON} { YDVAR(1, VAR_PAD_RESPONSES_BLOCK_SIZE) } |
541 | 541 | pad-queries{COLON} { YDVAR(1, VAR_PAD_QUERIES) } |
542 | 542 | pad-queries-block-size{COLON} { YDVAR(1, VAR_PAD_QUERIES_BLOCK_SIZE) } |
543 | max-query-restarts{COLON} { YDVAR(1, VAR_MAX_QUERY_RESTARTS) } | |
543 | 544 | ipsecmod-enabled{COLON} { YDVAR(1, VAR_IPSECMOD_ENABLED) } |
544 | 545 | ipsecmod-ignore-bogus{COLON} { YDVAR(1, VAR_IPSECMOD_IGNORE_BOGUS) } |
545 | 546 | ipsecmod-hook{COLON} { YDVAR(1, VAR_IPSECMOD_HOOK) } |
170 | 170 | %token VAR_DNSCRYPT_NONCE_CACHE_SLABS |
171 | 171 | %token VAR_PAD_RESPONSES VAR_PAD_RESPONSES_BLOCK_SIZE |
172 | 172 | %token VAR_PAD_QUERIES VAR_PAD_QUERIES_BLOCK_SIZE |
173 | %token VAR_MAX_QUERY_RESTARTS | |
173 | 174 | %token VAR_IPSECMOD_ENABLED VAR_IPSECMOD_HOOK VAR_IPSECMOD_IGNORE_BOGUS |
174 | 175 | %token VAR_IPSECMOD_MAX_TTL VAR_IPSECMOD_WHITELIST VAR_IPSECMOD_STRICT |
175 | 176 | %token VAR_CACHEDB VAR_CACHEDB_BACKEND VAR_CACHEDB_SECRETSEED |
297 | 298 | server_qname_minimisation_strict | |
298 | 299 | server_pad_responses | server_pad_responses_block_size | |
299 | 300 | server_pad_queries | server_pad_queries_block_size | |
301 | server_max_query_restarts | | |
300 | 302 | server_serve_expired | |
301 | 303 | server_serve_expired_ttl | server_serve_expired_ttl_reset | |
302 | 304 | server_serve_expired_reply_ttl | server_serve_expired_client_timeout | |
2732 | 2734 | if(atoi($2) == 0) |
2733 | 2735 | yyerror("number expected"); |
2734 | 2736 | else cfg_parser->cfg->pad_queries_block_size = atoi($2); |
2737 | free($2); | |
2738 | } | |
2739 | ; | |
2740 | server_max_query_restarts: VAR_MAX_QUERY_RESTARTS STRING_ARG | |
2741 | { | |
2742 | OUTYY(("P(server_max_query_restarts:%s)\n", $2)); | |
2743 | if(atoi($2) == 0) | |
2744 | yyerror("number expected"); | |
2745 | else cfg_parser->cfg->max_query_restarts = atoi($2); | |
2735 | 2746 | free($2); |
2736 | 2747 | } |
2737 | 2748 | ; |