Log the servfail-until-ready message not faster than once per second

Since the log level has been raised, busy servers can "explode" from the amount of log messages. Use the usual practice of logging "every once in a while". (cherry picked from commit 1962857ac4)
2026-05-26 03:12:16 -04:00 · 2025-08-27 15:25:43 +00:00 · 2025-08-27 15:25:43 +00:00 · 36ef759164
commit 36ef759164
parent 25e08a0cfe
1 changed files with 21 additions and 3 deletions
--- a/lib/ns/query.c
+++ b/lib/ns/query.c
@ -20,6 +20,7 @@
 #include <string.h>

 #include <isc/async.h>
+#include <isc/atomic.h>
 #include <isc/counter.h>
 #include <isc/hex.h>
 #include <isc/mem.h>
@ -209,6 +210,20 @@ client_trace(ns_client_t *client, int level, const char *message) {
 	} while (0)
 #define RESTORE(a, b) SAVE(a, b)

+static atomic_uint_fast32_t last_rpznotready_log = 0;
+
+static bool
+can_log_rpznotready(void) {
+	isc_stdtime_t last;
+	isc_stdtime_t now = isc_stdtime_now();
+	last = atomic_exchange_relaxed(&last_rpznotready_log, now);
+	if (now != last) {
+		return true;
+	}
+
+	return false;
+}
+
 static bool
 validate(ns_client_t *client, dns_db_t *db, dns_name_t *name,
 	 dns_rdataset_t *rdataset, dns_rdataset_t *sigrdataset);
@ -4362,9 +4377,12 @@ rpz_rewrite(ns_client_t *client, dns_rdatatype_t qtype, isc_result_t qresult,
 		/* Do not pollute SERVFAIL cache  */
 		client->attributes |= NS_CLIENTATTR_NOSETFC;

-		rpz_log_fail(client, DNS_RPZ_INFO_LEVEL, NULL,
-			     DNS_RPZ_TYPE_QNAME, "RPZ servfail-until-ready",
-			     DNS_R_WAIT);
+		if (can_log_rpznotready()) {
+			rpz_log_fail(client, DNS_RPZ_INFO_LEVEL, NULL,
+				     DNS_RPZ_TYPE_QNAME,
+				     "RPZ servfail-until-ready", DNS_R_WAIT);
+		}
+
 		st->m.policy = DNS_RPZ_POLICY_ERROR;
 		goto cleanup;
 	}