reduce the max-recursion-queries default to 32

the number of iterative queries that can be sent to resolve a name now defaults to 32 rather than 100. (cherry picked from commit 7e3b425dc2)
2026-05-27 12:13:20 -04:00 · 2024-06-25 14:39:58 -07:00 · 2024-06-25 14:39:58 -07:00 · a11367ade3
commit a11367ade3
parent bfbc6a6c84
5 changed files with 10 additions and 5 deletions
--- a/bin/named/config.c
+++ b/bin/named/config.c
@ -174,7 +174,7 @@ options {\n\
 	max-clients-per-query 100;\n\
 	max-ncache-ttl 10800; /* 3 hours */\n\
 	max-recursion-depth 7;\n\
-	max-recursion-queries 100;\n\
+	max-recursion-queries 32;\n\
 	max-stale-ttl 86400; /* 1 day */\n\
 	message-compression yes;\n\
 	min-ncache-ttl 0; /* 0 hours */\n\
--- a/bin/tests/system/reclimit/ns3/named1.conf.in
+++ b/bin/tests/system/reclimit/ns3/named1.conf.in
@ -22,6 +22,7 @@ options {
 	listen-on-v6 { none; };
 	servfail-ttl 0;
 	qname-minimization disabled;
+	max-recursion-queries 50;
 	max-recursion-depth 12;
 	recursion yes;
 	dnssec-validation yes;
--- a/bin/tests/system/resolver/ns1/named.conf.in
+++ b/bin/tests/system/resolver/ns1/named.conf.in
@ -29,6 +29,7 @@ options {
 	allow-query {!10.53.0.8; any; };
 	max-zone-ttl unlimited;
 	attach-cache "globalcache";
+	max-recursion-queries 50;
 };

 server 10.53.0.3 {
--- a/doc/arm/reference.rst
+++ b/doc/arm/reference.rst
@ -4690,9 +4690,12 @@ Tuning
   :tags: server, query
   :short: Sets the maximum number of iterative queries while servicing a recursive query.

-   This sets the maximum number of iterative queries that may be sent while
-   servicing a recursive query. If more queries are sent, the recursive
-   query is terminated and returns SERVFAIL. The default is 100.
+   This sets the maximum number of iterative queries that may be sent
+   by a resolver while looking up a single name. If more queries than this
+   need to be sent before an answer is reached, then recursion is terminated
+   and a SERVFAIL response is returned to the client. (Note: if the answer
+   is a CNAME, then the subsequent lookup for the target of the CNAME is
+   counted separately.) The default is 32.

 .. namedconf:statement:: notify-delay
   :tags: transfer, zone
--- a/lib/dns/resolver.c
+++ b/lib/dns/resolver.c
@ -199,7 +199,7 @@

 /* The default maximum number of iterative queries to allow before giving up. */
 #ifndef DEFAULT_MAX_QUERIES
-#define DEFAULT_MAX_QUERIES 100
+#define DEFAULT_MAX_QUERIES 50
 #endif /* ifndef DEFAULT_MAX_QUERIES */

 /*