Detect recursion loops during query processing

Interrupt query processing when query_recurse() attempts to ask the same name servers for the same QNAME/QTYPE tuple for two times in a row as this indicates that query processing may be stuck for an indeterminate period of time, e.g. due to interactions between features able to restart query_lookup().
2018-04-27 09:13:26 +02:00
parent 391fac1fc8
commit 46bb4dd124
2 changed files with 81 additions and 0 deletions
--- a/lib/ns/include/ns/query.h
+++ b/lib/ns/include/ns/query.h
@@ -34,6 +34,18 @@ typedef struct ns_dbversion {
 	ISC_LINK(struct ns_dbversion)	link;
 } ns_dbversion_t;

+/*%
+ * nameserver recursion parameters, to uniquely identify a recursion
+ * query; this is used to detect a recursion loop
+ */
+typedef struct ns_query_recparam {
+	dns_rdatatype_t			qtype;
+	dns_name_t *			qname;
+	dns_fixedname_t			fqname;
+	dns_name_t *			qdomain;
+	dns_fixedname_t			fqdomain;
+} ns_query_recparam_t;
+
 /*% nameserver query structure */
 struct ns_query {
 	unsigned int			attributes;
@@ -62,6 +74,7 @@ struct ns_query {
 	unsigned int			dns64_aaaaoklen;
 	unsigned int			dns64_options;
 	unsigned int			dns64_ttl;
+
 	struct {
 		dns_db_t *      	db;
 		dns_zone_t *      	zone;
@@ -76,6 +89,8 @@ struct ns_query {
 		isc_boolean_t		is_zone;
 	} redirect;

+	ns_query_recparam_t		recparam;
+
 	dns_keytag_t root_key_sentinel_keyid;
 	isc_boolean_t root_key_sentinel_is_ta;
 	isc_boolean_t root_key_sentinel_not_ta;