From 953d704bd25627d1d83294a8b11fc7c78d6e8a78 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Micha=C5=82=20K=C4=99pie=C5=84?= <michal@isc.org>
Date: Thu, 30 Jul 2020 10:58:39 +0200
Subject: [PATCH 1/2] Fix idle timeout for connected TCP sockets

When named acting as a resolver connects to an authoritative server over
TCP, it sets the idle timeout for that connection to 20 seconds.  This
fixed timeout was picked back when the default processing timeout for
each client query was hardcoded to 30 seconds.  Commit
000a8970f840a0c27c5cc404826853c4674362ac made this processing timeout
configurable through "resolver-query-timeout" and decreased its default
value to 10 seconds, but the idle TCP timeout was not adjusted to
reflect that change.  As a result, with the current defaults in effect,
a single hung TCP connection will consistently cause the resolution
process for a given query to time out.

Set the idle timeout for connected TCP sockets to half of the client
query processing timeout configured for a resolver.  This allows named
to handle hung TCP connections more robustly and prevents the timeout
mismatch issue from resurfacing in the future if the default is ever
changed again.
---
 lib/dns/resolver.c | 13 ++++++++-----
 1 file changed, 8 insertions(+), 5 deletions(-)

diff --git a/lib/dns/resolver.c b/lib/dns/resolver.c
index 8aa78191e8..893eb340d2 100644
--- a/lib/dns/resolver.c
+++ b/lib/dns/resolver.c
@@ -3012,12 +3012,15 @@ resquery_connected(isc_task_t *task, isc_event_t *event) {
 		case ISC_R_SUCCESS:
 
 			/*
-			 * Extend the idle timer for TCP.  20 seconds
-			 * should be long enough for a TCP connection to be
-			 * established, a single DNS request to be sent,
-			 * and the response received.
+			 * Extend the idle timer for TCP.  Half of
+			 * "resolver-query-timeout" will hopefully be long
+			 * enough for a TCP connection to be established, a
+			 * single DNS request to be sent, and the response
+			 * received.
 			 */
-			isc_interval_set(&interval, 20, 0);
+			isc_interval_set(&interval,
+					 fctx->res->query_timeout / 1000 / 2,
+					 0);
 			result = fctx_startidletimer(query->fctx, &interval);
 			if (result != ISC_R_SUCCESS) {
 				FCTXTRACE("query canceled: idle timer failed; "

From 18efb2456f58d53a96f001a02a871cf47db82198 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Micha=C5=82=20K=C4=99pie=C5=84?= <michal@isc.org>
Date: Thu, 30 Jul 2020 10:58:39 +0200
Subject: [PATCH 2/2] Add CHANGES for GL #2024

---
 CHANGES | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/CHANGES b/CHANGES
index 9007dd24ee..84b52bfe66 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,3 +1,7 @@
+5477.	[bug]		The idle timeout for connected TCP sockets is now
+			derived from the client query processing timeout
+			configured for a resolver. [GL #2024]
+
 5476.	[placeholder]
 
 5475.	[bug]		Fix RPZ wildcard passthru ignored when a rejection