Codebase list unbound / 71db243
Merge branch 'restart_conf' of https://github.com/cgallred/unbound into cgallred-restart_conf George Thessalonikefs 1 year, 4 months ago
8 changed file(s) with 30 addition(s) and 2 deletion(s). Raw diff Collapse all Expand all
+8
-1
doc/unbound.conf.5.in less more
18331833 It resets on query restarts (e.g., CNAME) and referrals.
18341834 Default is 32.
18351835 .TP 5
1836 .B max\-query\-restarts: \fI<number>
1837 Set the maximum number of times a query is allowed to restart upon encountering
1838 a CNAME record.
1839 If a query encounters more than the specified number of CNAME
1840 records before resolving, Unbound will reply with SERVFAIL.
1841 Default is 11.
1842 .TP 5
18361843 .B fast\-server\-permil: \fI<number>
18371844 Specify how many times out of 1000 to pick from the set of fastest servers.
18381845 0 turns the feature off. A value of 900 would pick from the fastest
18661873 When the \fBval-log-level\fR option is also set to \fB2\fR, responses with
18671874 Extended DNS Errors concerning DNSSEC failures that are not served from cache,
18681875 will also contain a descriptive text message about the reason for the failure.
1869 .TP
1876 .TP 5
18701877 .B ede\-serve\-expired: \fI<yes or no>
18711878 If enabled, Unbound will attach an Extended DNS Error (RFC8914) Code 3 - Stale
18721879 Answer as EDNS0 option to the expired response. Note that this will not attach
+1
-0
iterator/iter_utils.c less more
175175 iter_env->supports_ipv4 = cfg->do_ip4;
176176 iter_env->outbound_msg_retry = cfg->outbound_msg_retry;
177177 iter_env->max_sent_count = cfg->max_sent_count;
178 iter_env->max_query_restarts = cfg->max_query_restarts;
178179 return 1;
179180 }
180181
+1
-1
iterator/iterator.c less more
13131313
13141314 /* We enforce a maximum number of query restarts. This is primarily a
13151315 * cheap way to prevent CNAME loops. */
1316 if(iq->query_restart_count > MAX_RESTART_COUNT) {
1316 if(iq->query_restart_count > ie->max_query_restarts) {
13171317 verbose(VERB_QUERY, "request has exceeded the maximum number"
13181318 " of query restarts with %d", iq->query_restart_count);
13191319 errinf(qstate, "request has exceeded the maximum number "
+2
-0
iterator/iterator.h less more
140140 /** number of queries that have been ratelimited */
141141 size_t num_queries_ratelimited;
142142
143 /** max number of query restarts to limit length of CNAME chain */
144 size_t max_query_restarts;
143145 /** number of retries on outgoing queries */
144146 int outbound_msg_retry;
145147
+3
-0
util/config_file.c less more
357357 cfg->pad_responses_block_size = 468; /* from RFC8467 */
358358 cfg->pad_queries = 1;
359359 cfg->pad_queries_block_size = 128; /* from RFC8467 */
360 cfg->max_query_restarts = MAX_RESTART_COUNT;
360361 #ifdef USE_IPSECMOD
361362 cfg->ipsecmod_enabled = 1;
362363 cfg->ipsecmod_ignore_bogus = 0;
781782 else S_YNO("ratelimit-backoff:", ratelimit_backoff)
782783 else S_NUMBER_NONZERO("outbound-msg-retry:", outbound_msg_retry)
783784 else S_NUMBER_NONZERO("max-sent-count", max_sent_count)
785 else S_SIZET_NONZERO("max-query-restarts:", max_query_restarts)
784786 else S_SIZET_NONZERO("fast-server-num:", fast_server_num)
785787 else S_NUMBER_OR_ZERO("fast-server-permil:", fast_server_permil)
786788 else S_YNO("qname-minimisation:", qname_minimisation)
12431245 else O_YNO(opt, "ratelimit-backoff", ratelimit_backoff)
12441246 else O_UNS(opt, "outbound-msg-retry", outbound_msg_retry)
12451247 else O_UNS(opt, "max-sent-count", max_sent_count)
1248 else O_DEC(opt, "max-query-restarts", max_query_restarts)
12461249 else O_DEC(opt, "fast-server-num", fast_server_num)
12471250 else O_DEC(opt, "fast-server-permil", fast_server_permil)
12481251 else O_DEC(opt, "val-sig-skew-min", val_sig_skew_min)
+3
-0
util/config_file.h less more
661661 /** block size with which to pad encrypted queries (default: 128) */
662662 size_t pad_queries_block_size;
663663
664 /** max number of query restarts. Determines max number of CNAME chain (default: 8) */
665 size_t max_query_restarts;
666
664667 /** IPsec module */
665668 #ifdef USE_IPSECMOD
666669 /** false to bypass the IPsec module */
+1
-0
util/configlexer.lex less more
540540 pad-responses-block-size{COLON} { YDVAR(1, VAR_PAD_RESPONSES_BLOCK_SIZE) }
541541 pad-queries{COLON} { YDVAR(1, VAR_PAD_QUERIES) }
542542 pad-queries-block-size{COLON} { YDVAR(1, VAR_PAD_QUERIES_BLOCK_SIZE) }
543 max-query-restarts{COLON} { YDVAR(1, VAR_MAX_QUERY_RESTARTS) }
543544 ipsecmod-enabled{COLON} { YDVAR(1, VAR_IPSECMOD_ENABLED) }
544545 ipsecmod-ignore-bogus{COLON} { YDVAR(1, VAR_IPSECMOD_IGNORE_BOGUS) }
545546 ipsecmod-hook{COLON} { YDVAR(1, VAR_IPSECMOD_HOOK) }
+11
-0
util/configparser.y less more
170170 %token VAR_DNSCRYPT_NONCE_CACHE_SLABS
171171 %token VAR_PAD_RESPONSES VAR_PAD_RESPONSES_BLOCK_SIZE
172172 %token VAR_PAD_QUERIES VAR_PAD_QUERIES_BLOCK_SIZE
173 %token VAR_MAX_QUERY_RESTARTS
173174 %token VAR_IPSECMOD_ENABLED VAR_IPSECMOD_HOOK VAR_IPSECMOD_IGNORE_BOGUS
174175 %token VAR_IPSECMOD_MAX_TTL VAR_IPSECMOD_WHITELIST VAR_IPSECMOD_STRICT
175176 %token VAR_CACHEDB VAR_CACHEDB_BACKEND VAR_CACHEDB_SECRETSEED
297298 server_qname_minimisation_strict |
298299 server_pad_responses | server_pad_responses_block_size |
299300 server_pad_queries | server_pad_queries_block_size |
301 server_max_query_restarts |
300302 server_serve_expired |
301303 server_serve_expired_ttl | server_serve_expired_ttl_reset |
302304 server_serve_expired_reply_ttl | server_serve_expired_client_timeout |
27322734 if(atoi($2) == 0)
27332735 yyerror("number expected");
27342736 else cfg_parser->cfg->pad_queries_block_size = atoi($2);
2737 free($2);
2738 }
2739 ;
2740 server_max_query_restarts: VAR_MAX_QUERY_RESTARTS STRING_ARG
2741 {
2742 OUTYY(("P(server_max_query_restarts:%s)\n", $2));
2743 if(atoi($2) == 0)
2744 yyerror("number expected");
2745 else cfg_parser->cfg->max_query_restarts = atoi($2);
27352746 free($2);
27362747 }
27372748 ;