diff --git a/bin/tests/system/randomizens/README b/bin/tests/system/randomizens/README new file mode 100644 index 0000000000..1628e6b5e2 --- /dev/null +++ b/bin/tests/system/randomizens/README @@ -0,0 +1,21 @@ +Copyright (C) Internet Systems Consortium, Inc. ("ISC") + +SPDX-License-Identifier: MPL-2.0 + +This Source Code Form is subject to the terms of the Mozilla Public +License, v. 2.0. If a copy of the MPL was not distributed with this +file, you can obtain one at https://mozilla.org/MPL/2.0/. + +See the COPYRIGHT file distributed with this work for additional +information regarding copyright ownership. + +ns1 is root +ns{2-4} are auth server on example. but lame +ns5 is an auth server on example. and works +ns6 is a resolver + +Because `getaddresses_allowed()` logic won't allow to query more than 3 NS at +the top-level, only ns{2-4} will be tried without randomization, and example. +couldn't be resolved. However, with randomization, some queries won't start +picking example. NS from ns2, but ns3, ns4 or ns5. This enable to resolver +example. diff --git a/bin/tests/system/randomizens/ns1/named.conf.j2 b/bin/tests/system/randomizens/ns1/named.conf.j2 new file mode 100644 index 0000000000..eb079c95ab --- /dev/null +++ b/bin/tests/system/randomizens/ns1/named.conf.j2 @@ -0,0 +1,29 @@ +/* + * Copyright (C) Internet Systems Consortium, Inc. ("ISC") + * + * SPDX-License-Identifier: MPL-2.0 + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, you can obtain one at https://mozilla.org/MPL/2.0/. + * + * See the COPYRIGHT file distributed with this work for additional + * information regarding copyright ownership. + */ + +options { + query-source address 10.53.0.1; + notify-source 10.53.0.1; + transfer-source 10.53.0.1; + port @PORT@; + pid-file "named.pid"; + listen-on { 10.53.0.1; }; + listen-on-v6 { none; }; + recursion no; + notify yes; +}; + +zone "." { + type primary; + file "root.db"; +}; diff --git a/bin/tests/system/randomizens/ns1/root.db b/bin/tests/system/randomizens/ns1/root.db new file mode 100644 index 0000000000..98b36c970c --- /dev/null +++ b/bin/tests/system/randomizens/ns1/root.db @@ -0,0 +1,40 @@ +; Copyright (C) Internet Systems Consortium, Inc. ("ISC") +; +; SPDX-License-Identifier: MPL-2.0 +; +; This Source Code Form is subject to the terms of the Mozilla Public +; License, v. 2.0. If a copy of the MPL was not distributed with this +; file, you can obtain one at https://mozilla.org/MPL/2.0/. +; +; See the COPYRIGHT file distributed with this work for additional +; information regarding copyright ownership. + +$TTL 300 +. IN SOA gson.nominum.com. a.root.servers.nil. ( + 2000042100 ; serial + 600 ; refresh + 600 ; retry + 1200 ; expire + 600 ; minimum + ) +. NS a.root-servers.nil. +a.root-servers.nil. A 10.53.0.1 + +example. NS ns2.1st. +example. NS ns3.1st. +example. NS ns4.1st. +example. NS ns5.xxx. + +1st. NS ns2.2nd. +1st. NS ns3.2nd. +1st. NS ns5.xxx. + +2nd. NS ns2.3rd. +2nd. NS ns5.xxx. + +3rd. NS ns2.1st. +3rd. NS ns5.xxx. + +xxx. NS ns2.1st. +xxx. NS ns2.xxx. +ns2.xxx. A 10.53.0.2 diff --git a/bin/tests/system/randomizens/ns2/1st.db b/bin/tests/system/randomizens/ns2/1st.db new file mode 100644 index 0000000000..7f06af074b --- /dev/null +++ b/bin/tests/system/randomizens/ns2/1st.db @@ -0,0 +1,25 @@ +; Copyright (C) Internet Systems Consortium, Inc. ("ISC") +; +; SPDX-License-Identifier: MPL-2.0 +; +; This Source Code Form is subject to the terms of the Mozilla Public +; License, v. 2.0. If a copy of the MPL was not distributed with this +; file, you can obtain one at https://mozilla.org/MPL/2.0/. +; +; See the COPYRIGHT file distributed with this work for additional +; information regarding copyright ownership. + +$TTL 300 ; 5 minutes +@ IN SOA mname1. . ( + 2000042407 ; serial + 20 ; refresh (20 seconds) + 20 ; retry (20 seconds) + 1814400 ; expire (3 weeks) + 3600 ; minimum (1 hour) + ) +1st. NS ns2.2nd. +1st. NS ns3.2nd. +1st. NS ns5.xxx. +ns2.1st. A 10.53.0.2 +ns3.1st. A 10.53.0.3 +ns4.1st. A 10.53.0.4 diff --git a/bin/tests/system/randomizens/ns2/2nd.db b/bin/tests/system/randomizens/ns2/2nd.db new file mode 100644 index 0000000000..254772b55c --- /dev/null +++ b/bin/tests/system/randomizens/ns2/2nd.db @@ -0,0 +1,23 @@ +; Copyright (C) Internet Systems Consortium, Inc. ("ISC") +; +; SPDX-License-Identifier: MPL-2.0 +; +; This Source Code Form is subject to the terms of the Mozilla Public +; License, v. 2.0. If a copy of the MPL was not distributed with this +; file, you can obtain one at https://mozilla.org/MPL/2.0/. +; +; See the COPYRIGHT file distributed with this work for additional +; information regarding copyright ownership. + +$TTL 300 ; 5 minutes +@ IN SOA mname1. . ( + 2000042407 ; serial + 20 ; refresh (20 seconds) + 20 ; retry (20 seconds) + 1814400 ; expire (3 weeks) + 3600 ; minimum (1 hour) + ) +2nd. NS ns2.3rd. +2nd. NS ns5.xxx. +ns2.2nd. A 10.53.0.2 +ns3.2nd. A 10.53.0.3 diff --git a/bin/tests/system/randomizens/ns2/example.db b/bin/tests/system/randomizens/ns2/example.db new file mode 100644 index 0000000000..440eeb84dd --- /dev/null +++ b/bin/tests/system/randomizens/ns2/example.db @@ -0,0 +1,25 @@ +; Copyright (C) Internet Systems Consortium, Inc. ("ISC") +; +; SPDX-License-Identifier: MPL-2.0 +; +; This Source Code Form is subject to the terms of the Mozilla Public +; License, v. 2.0. If a copy of the MPL was not distributed with this +; file, you can obtain one at https://mozilla.org/MPL/2.0/. +; +; See the COPYRIGHT file distributed with this work for additional +; information regarding copyright ownership. + +$TTL 300 ; 5 minutes +@ IN SOA mname1. . ( + 2000042407 ; serial + 20 ; refresh (20 seconds) + 20 ; retry (20 seconds) + 1814400 ; expire (3 weeks) + 3600 ; minimum (1 hour) + ) + +example. NS ns2.1st. +example. NS ns3.1st. +example. NS ns4.1st. +example. NS ns5.xxx. +foo.example. A 10.53.0.10 diff --git a/bin/tests/system/randomizens/ns2/named.conf.j2 b/bin/tests/system/randomizens/ns2/named.conf.j2 new file mode 100644 index 0000000000..761a5867b8 --- /dev/null +++ b/bin/tests/system/randomizens/ns2/named.conf.j2 @@ -0,0 +1,53 @@ +/* + * Copyright (C) Internet Systems Consortium, Inc. ("ISC") + * + * SPDX-License-Identifier: MPL-2.0 + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, you can obtain one at https://mozilla.org/MPL/2.0/. + * + * See the COPYRIGHT file distributed with this work for additional + * information regarding copyright ownership. + */ + +options { + query-source address 10.53.0.2; + notify-source 10.53.0.2; + transfer-source 10.53.0.2; + port @PORT@; + pid-file "named.pid"; + listen-on { 10.53.0.2; }; + listen-on-v6 { none; }; + recursion no; + notify yes; +}; + +key rndc_key { + secret "1234abcd8765"; + algorithm @DEFAULT_HMAC@; +}; + +controls { + inet 10.53.0.2 port @CONTROLPORT@ allow { any; } keys { rndc_key; }; +}; + +zone "example" { + type primary; + file "example.db"; +}; + +zone "1st" { + type primary; + file "1st.db"; +}; + +zone "2nd" { + type primary; + file "2nd.db"; +}; + +zone "xxx" { + type primary; + file "xxx.db"; +}; diff --git a/bin/tests/system/randomizens/ns2/xxx.db b/bin/tests/system/randomizens/ns2/xxx.db new file mode 100644 index 0000000000..2bb4535356 --- /dev/null +++ b/bin/tests/system/randomizens/ns2/xxx.db @@ -0,0 +1,23 @@ +; Copyright (C) Internet Systems Consortium, Inc. ("ISC") +; +; SPDX-License-Identifier: MPL-2.0 +; +; This Source Code Form is subject to the terms of the Mozilla Public +; License, v. 2.0. If a copy of the MPL was not distributed with this +; file, you can obtain one at https://mozilla.org/MPL/2.0/. +; +; See the COPYRIGHT file distributed with this work for additional +; information regarding copyright ownership. + +$TTL 300 ; 5 minutes +@ IN SOA mname1. . ( + 2000042407 ; serial + 20 ; refresh (20 seconds) + 20 ; retry (20 seconds) + 1814400 ; expire (3 weeks) + 3600 ; minimum (1 hour) + ) +xxx. NS ns2.xxx. +xxx. NS ns2.1st. +ns2.xxx. A 10.53.0.2 +ns5.xxx. A 10.53.0.5 diff --git a/bin/tests/system/randomizens/ns3/1st.db b/bin/tests/system/randomizens/ns3/1st.db new file mode 100644 index 0000000000..7f06af074b --- /dev/null +++ b/bin/tests/system/randomizens/ns3/1st.db @@ -0,0 +1,25 @@ +; Copyright (C) Internet Systems Consortium, Inc. ("ISC") +; +; SPDX-License-Identifier: MPL-2.0 +; +; This Source Code Form is subject to the terms of the Mozilla Public +; License, v. 2.0. If a copy of the MPL was not distributed with this +; file, you can obtain one at https://mozilla.org/MPL/2.0/. +; +; See the COPYRIGHT file distributed with this work for additional +; information regarding copyright ownership. + +$TTL 300 ; 5 minutes +@ IN SOA mname1. . ( + 2000042407 ; serial + 20 ; refresh (20 seconds) + 20 ; retry (20 seconds) + 1814400 ; expire (3 weeks) + 3600 ; minimum (1 hour) + ) +1st. NS ns2.2nd. +1st. NS ns3.2nd. +1st. NS ns5.xxx. +ns2.1st. A 10.53.0.2 +ns3.1st. A 10.53.0.3 +ns4.1st. A 10.53.0.4 diff --git a/bin/tests/system/randomizens/ns3/example.db b/bin/tests/system/randomizens/ns3/example.db new file mode 100644 index 0000000000..440eeb84dd --- /dev/null +++ b/bin/tests/system/randomizens/ns3/example.db @@ -0,0 +1,25 @@ +; Copyright (C) Internet Systems Consortium, Inc. ("ISC") +; +; SPDX-License-Identifier: MPL-2.0 +; +; This Source Code Form is subject to the terms of the Mozilla Public +; License, v. 2.0. If a copy of the MPL was not distributed with this +; file, you can obtain one at https://mozilla.org/MPL/2.0/. +; +; See the COPYRIGHT file distributed with this work for additional +; information regarding copyright ownership. + +$TTL 300 ; 5 minutes +@ IN SOA mname1. . ( + 2000042407 ; serial + 20 ; refresh (20 seconds) + 20 ; retry (20 seconds) + 1814400 ; expire (3 weeks) + 3600 ; minimum (1 hour) + ) + +example. NS ns2.1st. +example. NS ns3.1st. +example. NS ns4.1st. +example. NS ns5.xxx. +foo.example. A 10.53.0.10 diff --git a/bin/tests/system/randomizens/ns3/named.conf.j2 b/bin/tests/system/randomizens/ns3/named.conf.j2 new file mode 100644 index 0000000000..0aaf81552b --- /dev/null +++ b/bin/tests/system/randomizens/ns3/named.conf.j2 @@ -0,0 +1,43 @@ +/* + * Copyright (C) Internet Systems Consortium, Inc. ("ISC") + * + * SPDX-License-Identifier: MPL-2.0 + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, you can obtain one at https://mozilla.org/MPL/2.0/. + * + * See the COPYRIGHT file distributed with this work for additional + * information regarding copyright ownership. + */ + +options { + query-source address 10.53.0.3; + notify-source 10.53.0.3; + transfer-source 10.53.0.3; + port @PORT@; + pid-file "named.pid"; + listen-on { 10.53.0.3; }; + listen-on-v6 { none; }; + recursion no; + notify yes; +}; + +key rndc_key { + secret "1234abcd8765"; + algorithm @DEFAULT_HMAC@; +}; + +controls { + inet 10.53.0.3 port @CONTROLPORT@ allow { any; } keys { rndc_key; }; +}; + +zone "1st" { + type primary; + file "1st.db"; +}; + +zone "example" { + type primary; + file "example.db"; +}; diff --git a/bin/tests/system/randomizens/ns4/example.db b/bin/tests/system/randomizens/ns4/example.db new file mode 100644 index 0000000000..440eeb84dd --- /dev/null +++ b/bin/tests/system/randomizens/ns4/example.db @@ -0,0 +1,25 @@ +; Copyright (C) Internet Systems Consortium, Inc. ("ISC") +; +; SPDX-License-Identifier: MPL-2.0 +; +; This Source Code Form is subject to the terms of the Mozilla Public +; License, v. 2.0. If a copy of the MPL was not distributed with this +; file, you can obtain one at https://mozilla.org/MPL/2.0/. +; +; See the COPYRIGHT file distributed with this work for additional +; information regarding copyright ownership. + +$TTL 300 ; 5 minutes +@ IN SOA mname1. . ( + 2000042407 ; serial + 20 ; refresh (20 seconds) + 20 ; retry (20 seconds) + 1814400 ; expire (3 weeks) + 3600 ; minimum (1 hour) + ) + +example. NS ns2.1st. +example. NS ns3.1st. +example. NS ns4.1st. +example. NS ns5.xxx. +foo.example. A 10.53.0.10 diff --git a/bin/tests/system/randomizens/ns4/named.conf.j2 b/bin/tests/system/randomizens/ns4/named.conf.j2 new file mode 100644 index 0000000000..76f48ff10d --- /dev/null +++ b/bin/tests/system/randomizens/ns4/named.conf.j2 @@ -0,0 +1,38 @@ +/* + * Copyright (C) Internet Systems Consortium, Inc. ("ISC") + * + * SPDX-License-Identifier: MPL-2.0 + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, you can obtain one at https://mozilla.org/MPL/2.0/. + * + * See the COPYRIGHT file distributed with this work for additional + * information regarding copyright ownership. + */ + +options { + query-source address 10.53.0.4; + notify-source 10.53.0.4; + transfer-source 10.53.0.4; + port @PORT@; + pid-file "named.pid"; + listen-on { 10.53.0.4; }; + listen-on-v6 { none; }; + recursion no; + notify yes; +}; + +key rndc_key { + secret "1234abcd8765"; + algorithm @DEFAULT_HMAC@; +}; + +controls { + inet 10.53.0.4 port @CONTROLPORT@ allow { any; } keys { rndc_key; }; +}; + +zone "example" { + type primary; + file "example.db"; +}; diff --git a/bin/tests/system/randomizens/ns5/1st.db b/bin/tests/system/randomizens/ns5/1st.db new file mode 100644 index 0000000000..7f06af074b --- /dev/null +++ b/bin/tests/system/randomizens/ns5/1st.db @@ -0,0 +1,25 @@ +; Copyright (C) Internet Systems Consortium, Inc. ("ISC") +; +; SPDX-License-Identifier: MPL-2.0 +; +; This Source Code Form is subject to the terms of the Mozilla Public +; License, v. 2.0. If a copy of the MPL was not distributed with this +; file, you can obtain one at https://mozilla.org/MPL/2.0/. +; +; See the COPYRIGHT file distributed with this work for additional +; information regarding copyright ownership. + +$TTL 300 ; 5 minutes +@ IN SOA mname1. . ( + 2000042407 ; serial + 20 ; refresh (20 seconds) + 20 ; retry (20 seconds) + 1814400 ; expire (3 weeks) + 3600 ; minimum (1 hour) + ) +1st. NS ns2.2nd. +1st. NS ns3.2nd. +1st. NS ns5.xxx. +ns2.1st. A 10.53.0.2 +ns3.1st. A 10.53.0.3 +ns4.1st. A 10.53.0.4 diff --git a/bin/tests/system/randomizens/ns5/2nd.db b/bin/tests/system/randomizens/ns5/2nd.db new file mode 100644 index 0000000000..254772b55c --- /dev/null +++ b/bin/tests/system/randomizens/ns5/2nd.db @@ -0,0 +1,23 @@ +; Copyright (C) Internet Systems Consortium, Inc. ("ISC") +; +; SPDX-License-Identifier: MPL-2.0 +; +; This Source Code Form is subject to the terms of the Mozilla Public +; License, v. 2.0. If a copy of the MPL was not distributed with this +; file, you can obtain one at https://mozilla.org/MPL/2.0/. +; +; See the COPYRIGHT file distributed with this work for additional +; information regarding copyright ownership. + +$TTL 300 ; 5 minutes +@ IN SOA mname1. . ( + 2000042407 ; serial + 20 ; refresh (20 seconds) + 20 ; retry (20 seconds) + 1814400 ; expire (3 weeks) + 3600 ; minimum (1 hour) + ) +2nd. NS ns2.3rd. +2nd. NS ns5.xxx. +ns2.2nd. A 10.53.0.2 +ns3.2nd. A 10.53.0.3 diff --git a/bin/tests/system/randomizens/ns5/3rd.db b/bin/tests/system/randomizens/ns5/3rd.db new file mode 100644 index 0000000000..5bb2d24b98 --- /dev/null +++ b/bin/tests/system/randomizens/ns5/3rd.db @@ -0,0 +1,22 @@ +; Copyright (C) Internet Systems Consortium, Inc. ("ISC") +; +; SPDX-License-Identifier: MPL-2.0 +; +; This Source Code Form is subject to the terms of the Mozilla Public +; License, v. 2.0. If a copy of the MPL was not distributed with this +; file, you can obtain one at https://mozilla.org/MPL/2.0/. +; +; See the COPYRIGHT file distributed with this work for additional +; information regarding copyright ownership. + +$TTL 300 ; 5 minutes +@ IN SOA mname1. . ( + 2000042407 ; serial + 20 ; refresh (20 seconds) + 20 ; retry (20 seconds) + 1814400 ; expire (3 weeks) + 3600 ; minimum (1 hour) + ) +3rd. NS ns5.xxx. +3rd. NS ns2.1st. +ns2.3rd. A 10.53.0.2 diff --git a/bin/tests/system/randomizens/ns5/example.db b/bin/tests/system/randomizens/ns5/example.db new file mode 100644 index 0000000000..440eeb84dd --- /dev/null +++ b/bin/tests/system/randomizens/ns5/example.db @@ -0,0 +1,25 @@ +; Copyright (C) Internet Systems Consortium, Inc. ("ISC") +; +; SPDX-License-Identifier: MPL-2.0 +; +; This Source Code Form is subject to the terms of the Mozilla Public +; License, v. 2.0. If a copy of the MPL was not distributed with this +; file, you can obtain one at https://mozilla.org/MPL/2.0/. +; +; See the COPYRIGHT file distributed with this work for additional +; information regarding copyright ownership. + +$TTL 300 ; 5 minutes +@ IN SOA mname1. . ( + 2000042407 ; serial + 20 ; refresh (20 seconds) + 20 ; retry (20 seconds) + 1814400 ; expire (3 weeks) + 3600 ; minimum (1 hour) + ) + +example. NS ns2.1st. +example. NS ns3.1st. +example. NS ns4.1st. +example. NS ns5.xxx. +foo.example. A 10.53.0.10 diff --git a/bin/tests/system/randomizens/ns5/named.conf.j2 b/bin/tests/system/randomizens/ns5/named.conf.j2 new file mode 100644 index 0000000000..339d552740 --- /dev/null +++ b/bin/tests/system/randomizens/ns5/named.conf.j2 @@ -0,0 +1,53 @@ +/* + * Copyright (C) Internet Systems Consortium, Inc. ("ISC") + * + * SPDX-License-Identifier: MPL-2.0 + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, you can obtain one at https://mozilla.org/MPL/2.0/. + * + * See the COPYRIGHT file distributed with this work for additional + * information regarding copyright ownership. + */ + +options { + query-source address 10.53.0.5; + notify-source 10.53.0.5; + transfer-source 10.53.0.5; + port @PORT@; + pid-file "named.pid"; + listen-on { 10.53.0.5; }; + listen-on-v6 { none; }; + recursion no; + notify yes; +}; + +key rndc_key { + secret "1234abcd8765"; + algorithm @DEFAULT_HMAC@; +}; + +controls { + inet 10.53.0.5 port @CONTROLPORT@ allow { any; } keys { rndc_key; }; +}; + +zone "1st" { + type primary; + file "1st.db"; +}; + +zone "2nd" { + type primary; + file "2nd.db"; +}; + +zone "3rd" { + type primary; + file "3rd.db"; +}; + +zone "example" { + type primary; + file "example.db"; +}; diff --git a/bin/tests/system/randomizens/ns6/named.conf.j2 b/bin/tests/system/randomizens/ns6/named.conf.j2 new file mode 100644 index 0000000000..1c68943d22 --- /dev/null +++ b/bin/tests/system/randomizens/ns6/named.conf.j2 @@ -0,0 +1,39 @@ +/* + * Copyright (C) Internet Systems Consortium, Inc. ("ISC") + * + * SPDX-License-Identifier: MPL-2.0 + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, you can obtain one at https://mozilla.org/MPL/2.0/. + * + * See the COPYRIGHT file distributed with this work for additional + * information regarding copyright ownership. + */ + + +options { + query-source address 10.53.0.6; + notify-source 10.53.0.6; + transfer-source 10.53.0.6; + port @PORT@; + pid-file "named.pid"; + listen-on { 10.53.0.6; }; + listen-on-v6 { none; }; + recursion yes; + dnssec-validation no; +}; + +key rndc_key { + secret "1234abcd8765"; + algorithm @DEFAULT_HMAC@; +}; + +controls { + inet 10.53.0.6 port @CONTROLPORT@ allow { any; } keys { rndc_key; }; +}; + +zone "." { + type hint; + file "../../_common/root.hint"; +}; diff --git a/bin/tests/system/randomizens/tests_randomizens.py b/bin/tests/system/randomizens/tests_randomizens.py new file mode 100644 index 0000000000..907a82aadc --- /dev/null +++ b/bin/tests/system/randomizens/tests_randomizens.py @@ -0,0 +1,32 @@ +# Copyright (C) Internet Systems Consortium, Inc. ("ISC") +# +# SPDX-License-Identifier: MPL-2.0 +# +# This Source Code Form is subject to the terms of the Mozilla Public +# License, v. 2.0. If a copy of the MPL was not distributed with this +# file, you can obtain one at https://mozilla.org/MPL/2.0/. +# +# See the COPYRIGHT file distributed with this work for additional +# information regarding copyright ownership. + +import dns.rcode + +import isctest + + +def attempt_query(ns): + ns.rndc("flush") + msg = isctest.query.create("foo.example.", "A") + res = isctest.query.udp(msg, ns.ip) + if msg.rcode() == dns.rcode.NOERROR: + return len(res.answer) == 1 + return False + + +def test_randomizens(ns6): + resolved = False + for _ in range(1, 25): + if attempt_query(ns6): + resolved = True + break + assert resolved diff --git a/lib/dns/resolver.c b/lib/dns/resolver.c index 38e4411820..5240817c0f 100644 --- a/lib/dns/resolver.c +++ b/lib/dns/resolver.c @@ -3673,49 +3673,65 @@ fctx_getaddresses_nameservers(fetchctx_t *fctx, isc_stdtime_t now, dns_rdata_ns_t ns; bool have_address = false; unsigned int ns_processed = 0; + size_t nscount = dns_rdataset_count(&fctx->nameservers); + size_t maxstartns = nscount > NS_PROCESSING_LIMIT ? NS_PROCESSING_LIMIT + : nscount; + size_t startns = isc_random_uniform(maxstartns); - DNS_RDATASET_FOREACH(&fctx->nameservers) { - isc_result_t result = ISC_R_SUCCESS; - dns_rdata_t rdata = DNS_RDATA_INIT; - bool overquota = false; - unsigned int static_stub = 0; - unsigned int no_fetch = 0; + for (size_t pass = 0; pass < 2; pass++) { + size_t curns = 0; - dns_rdataset_current(&fctx->nameservers, &rdata); - /* - * Extract the name from the NS record. - */ - result = dns_rdata_tostruct(&rdata, &ns, NULL); - if (result != ISC_R_SUCCESS) { - continue; - } + DNS_RDATASET_FOREACH(&fctx->nameservers) { + isc_result_t result = ISC_R_SUCCESS; + dns_rdata_t rdata = DNS_RDATA_INIT; + bool overquota = false; + unsigned int static_stub = 0; + unsigned int no_fetch = 0; - if (STATICSTUB(&fctx->nameservers) && - dns_name_equal(&ns.name, fctx->domain)) - { - static_stub = DNS_ADBFIND_STATICSTUB; - } + if (pass == 0 && curns++ < startns) { + continue; + } + if (pass == 1 && curns++ >= startns) { + break; + } - /* - * Make sure we only launch a limited number of - * outgoing fetches. - */ - if (fctx->pending_running >= fetches_allowed) { - no_fetch = DNS_ADBFIND_NOFETCH; - } + dns_rdataset_current(&fctx->nameservers, &rdata); + /* + * Extract the name from the NS record. + */ + result = dns_rdata_tostruct(&rdata, &ns, NULL); + if (result != ISC_R_SUCCESS) { + continue; + } - findname(fctx, &ns.name, 0, stdoptions | static_stub | no_fetch, - 0, now, &overquota, need_alternatep, &have_address); + if (STATICSTUB(&fctx->nameservers) && + dns_name_equal(&ns.name, fctx->domain)) + { + static_stub = DNS_ADBFIND_STATICSTUB; + } - if (!overquota) { - *all_spilledp = false; - } + /* + * Make sure we only launch a limited number of + * outgoing fetches. + */ + if (fctx->pending_running >= fetches_allowed) { + no_fetch = DNS_ADBFIND_NOFETCH; + } - dns_rdata_reset(&rdata); - dns_rdata_freestruct(&ns); + findname(fctx, &ns.name, 0, + stdoptions | static_stub | no_fetch, 0, now, + &overquota, need_alternatep, &have_address); - if (++ns_processed >= NS_PROCESSING_LIMIT) { - break; + if (!overquota) { + *all_spilledp = false; + } + + dns_rdata_reset(&rdata); + dns_rdata_freestruct(&ns); + + if (++ns_processed >= NS_PROCESSING_LIMIT) { + break; + } } }