upstream/unbound
1
0
Fork 0
mirror of https://github.com/NLnetLabs/unbound.git synced 2026-01-01 04:19:36 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

Stops blacklisting because of strange firewalls.

Browse source 
git-svn-id: file:///svn/unbound/trunk@1987 be551aaa-1e26-0410-a405-d3ace91eadb9
This commit is contained in:
Wouter Wijngaards 2010-02-18 11:21:11 +00:00
parent 38c6664caf
commit eeefe9ac45
2 changed files with 21 additions and 16 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
doc/Changelog
View file

@ -1,5 +1,8 @@
18 February 2010: Wouter
- A little more strict DS scrubbing.
- No more blacklisting of unresponsive servers, a 2 minute timeout
is backed off to.
- RD flag not enabled for dnssec-blacklisted tries, unless necessary.
17 February 2010: Wouter
- Disregard DNSKEY from authority section for chain of trust.

34
iterator/iter_utils.c
View file

@ -202,8 +202,8 @@ iter_filter_unsuitable(struct iter_env* iter_env, struct module_env* env,
return -1; /* server is lame */
else if(rtt >= USEFUL_SERVER_TOP_TIMEOUT &&
lost >= USEFUL_SERVER_MAX_LOST)
/* server is unresponsive */
return USEFUL_SERVER_TOP_TIMEOUT;
/* server is unresponsive, but keep trying slowly */
return USEFUL_SERVER_TOP_TIMEOUT+1;
else if(a->lame)
return rtt+USEFUL_SERVER_TOP_TIMEOUT+1; /* nonpref */
else if(rtt >= USEFUL_SERVER_TOP_TIMEOUT) /* not blacklisted*/
@ -320,20 +320,22 @@ iter_server_selection(struct iter_env* iter_env,
if(num == 0)
return NULL;
verbose(VERB_ALGO, "selrtt %d", selrtt);
if(selrtt > USEFUL_SERVER_TOP_TIMEOUT*2) {
verbose(VERB_ALGO, "chase to recursion lame server");
*chase_to_rd = 1;
}
if(selrtt > USEFUL_SERVER_TOP_TIMEOUT) {
verbose(VERB_ALGO, "chase to dnssec lame server");
*dnssec_expected = 0;
}
if(selrtt == USEFUL_SERVER_TOP_TIMEOUT) {
verbose(VERB_ALGO, "chase to blacklisted lame server");
/* the best choice is a blacklisted, unresponsive server,
* we need to throttle down our traffic towards it */
if(ub_random(env->rnd) % 100 != 1) {
/* 99% of the time, drop query */
if(selrtt > BLACKLIST_PENALTY) {
if(selrtt-BLACKLIST_PENALTY > USEFUL_SERVER_TOP_TIMEOUT*2) {
verbose(VERB_ALGO, "chase to recursion lame server");
*chase_to_rd = 1;
}
} else {
if(selrtt > USEFUL_SERVER_TOP_TIMEOUT*2) {
verbose(VERB_ALGO, "chase to recursion lame server");
*chase_to_rd = 1;
}
if(selrtt > USEFUL_SERVER_TOP_TIMEOUT) {
verbose(VERB_ALGO, "chase to dnssec lame server");
*dnssec_expected = 0;
}
if(selrtt == USEFUL_SERVER_TOP_TIMEOUT) {
verbose(VERB_ALGO, "chase to blacklisted lame server");
return NULL;
}
}