2190. [func] Make fallback to plain DNS from EDNS due to timeouts

more visible. New logging category "edns-disabled". [RT #16871]
2007-05-21 02:03:22 +00:00
parent 4bb0f1046f
commit bc6af069c8
5 changed files with 59 additions and 9 deletions
--- a/4
+++ b/4
@@ -1,3 +1,7 @@
+2190.	[func]		Make fallback to plain DNS from EDNS due to timeouts
+			more visible.  New logging category "edns-disabled".
+			[RT #16871]
+
 2189.	[bug]		Handle socket() returning EINTR. [RT #15949]

 2188.	[contrib]	queryperf: autoconf changes to make the search for
--- a/doc/arm/Bv9ARM-book.xml
+++ b/doc/arm/Bv9ARM-book.xml
@@ -18,7 +18,7 @@
 - PERFORMANCE OF THIS SOFTWARE.
 -->

-<!-- File: $Id: Bv9ARM-book.xml,v 1.324 2007/05/16 04:33:28 marka Exp $ -->
+<!-- File: $Id: Bv9ARM-book.xml,v 1.325 2007/05/21 02:03:22 marka Exp $ -->
 <book xmlns:xi="http://www.w3.org/2001/XInclude">
  <title>BIND 9 Administrator Reference Manual</title>

@@ -4273,10 +4273,43 @@ category notify { null; };
                    </para>
                  </entry>
                </row>
-              </tbody>
-            </tgroup>
-          </informaltable>
-        </sect3>
+                <row rowsep="0">
+                  <entry colname="1">
+                    <para><command>edns-disabled</command></para>
+                  </entry>
+		  <entry colname="2">
+		    <para>
+		      Log queries that have been forced to use plain
+		      DNS due to timeouts.  This is often due to
+		      the remote servers not being RFC 1034 compliant
+		      (not always returning FORMERR or similar to
+		      EDNS queries and other extension to the DNS
+		      when they are not understood).  i.e. this is
+		      targeted at servers that fail to respond to
+		      DNS queries that they don't understand.
+		    </para>
+		    <para>
+		      Note: the log message can be also due to
+		      packet loss.  Before reporting servers for
+		      non RFC 1034 compliance they should be re-tested
+		      to determine the nature of of the non-compliance.
+		      This testing should prevent / reduce the
+		      number of false positive reports.
+		    </para>
+		    <para>
+		      Note: eventually named will have to stop
+		      treating such timeouts as due to RFC 1034 non
+		      compliance and start treating it as plain
+		      packet loss as falsely classifying packet
+		      loss as due to RFC 1034 non compliance impacts
+		      on DNSSEC validation.
+		    </para>
+		  </entry>
+		</row>
+	      </tbody>
+	    </tgroup>
+	  </informaltable>
+	</sect3>
      </sect2>

      <sect2>
--- a/lib/dns/include/dns/log.h
+++ b/lib/dns/include/dns/log.h
@@ -15,7 +15,7 @@
 * PERFORMANCE OF THIS SOFTWARE.
 */

-/* $Id: log.h,v 1.39 2006/12/22 01:59:43 marka Exp $ */
+/* $Id: log.h,v 1.40 2007/05/21 02:03:22 marka Exp $ */

 /*! \file dns/log.h
 * \author  Principal Authors: DCL */
@@ -41,6 +41,7 @@ LIBDNS_EXTERNAL_DATA extern isc_logmodule_t dns_modules[];
 #define DNS_LOGCATEGORY_DISPATCH	(&dns_categories[8])
 #define DNS_LOGCATEGORY_LAME_SERVERS	(&dns_categories[9])
 #define DNS_LOGCATEGORY_DELEGATION_ONLY	(&dns_categories[10])
+#define DNS_LOGCATEGORY_EDNS_DISABLED	(&dns_categories[11])

 /* Backwards compatibility. */
 #define DNS_LOGCATEGORY_GENERAL		ISC_LOGCATEGORY_GENERAL
--- a/lib/dns/log.c
+++ b/lib/dns/log.c
@@ -15,7 +15,7 @@
 * PERFORMANCE OF THIS SOFTWARE.
 */

-/* $Id: log.c,v 1.42 2006/12/22 01:59:43 marka Exp $ */
+/* $Id: log.c,v 1.43 2007/05/21 02:03:22 marka Exp $ */

 /*! \file */

@@ -43,6 +43,7 @@ LIBDNS_EXTERNAL_DATA isc_logcategory_t dns_categories[] = {
 	{ "dispatch",	0 },
 	{ "lame-servers", 0 },
 	{ "delegation-only", 0 },
+	{ "edns-disabled", 0 },
 	{ NULL, 	0 }
 };

--- a/lib/dns/resolver.c
+++ b/lib/dns/resolver.c
@@ -15,7 +15,7 @@
 * PERFORMANCE OF THIS SOFTWARE.
 */

-/* $Id: resolver.c,v 1.346 2007/03/29 04:13:22 marka Exp $ */
+/* $Id: resolver.c,v 1.347 2007/05/21 02:03:22 marka Exp $ */

 /*! \file */

@@ -1331,6 +1331,17 @@ add_triededns512(fetchctx_t *fctx, isc_sockaddr_t *address) {
 	ISC_LIST_INITANDAPPEND(fctx->edns512, sa, link);
 }

+static inline void
+log_edns(fetchctx_t *fctx) {
+	char domainbuf[DNS_NAME_FORMATSIZE];	
+	
+	dns_name_format(&fctx->domain, domainbuf, sizeof(domainbuf));
+	isc_log_write(dns_lctx, DNS_LOGCATEGORY_EDNS_DISABLED,
+		      DNS_LOGMODULE_RESOLVER, ISC_LOG_INFO,
+		      "too many timeouts resolving '%s' (in '%s'?): "
+		      "disabling EDNS", fctx->info, domainbuf);
+}
+
 static isc_result_t
 resquery_send(resquery_t *query) {
 	fetchctx_t *fctx;
@@ -1485,7 +1496,7 @@ resquery_send(resquery_t *query) {
 	     fctx->timeouts >= (MAX_EDNS0_TIMEOUTS * 2)) &&
 	    (query->options & DNS_FETCHOPT_NOEDNS0) == 0) {
 		query->options |= DNS_FETCHOPT_NOEDNS0;
-		FCTXTRACE("too many timeouts, disabling EDNS0");
+		log_edns(fctx);
 	} else if ((triededns(fctx, &query->addrinfo->sockaddr) ||
 		    fctx->timeouts >= MAX_EDNS0_TIMEOUTS) &&
 	           (query->options & DNS_FETCHOPT_NOEDNS0) == 0) {