Adjust default value of "max-recursion-queries"

Since the queries sent towards root and TLD servers are now included in the count (as a result of the fix for CVE-2020-8616), "max-recursion-queries" has a higher chance of being exceeded by non-attack queries. Increase its default value from 75 to 100. (cherry picked from commit ab0bf49203)
2020-11-26 15:59:14 +11:00
parent c4178b7d8d
commit 5c10b5a4e8
5 changed files with 12 additions and 3 deletions
--- a/doc/arm/reference.rst
+++ b/doc/arm/reference.rst
@@ -3500,7 +3500,7 @@ Tuning
 ``max-recursion-queries``
   This sets the maximum number of iterative queries that may be sent while
   servicing a recursive query. If more queries are sent, the recursive
-   query is terminated and returns SERVFAIL. The default is 75.
+   query is terminated and returns SERVFAIL. The default is 100.

 ``notify-delay``
   This sets the delay, in seconds, between sending sets of notify messages for a
--- a/doc/notes/notes-current.rst
+++ b/doc/notes/notes-current.rst
@@ -40,6 +40,12 @@ Feature Changes
  configuration. A new option 'nsec3param' can be used to set the desired
  NSEC3 parameters, and will detect collisions when resalting. [GL #1620].

+- Adjust the ``max-recursion-queries`` default from 75 to 100. Since the
+  queries sent towards root and TLD servers are now included in the
+  count (as a result of the fix for CVE-2020-8616), ``max-recursion-queries``
+  has a higher chance of being exceeded by non-attack queries, which is the
+  main reason for increasing its default value. [GL #2305]
+
 Bug Fixes
 ~~~~~~~~~