|
 |
bcb1e2 |
From 7fe2204a2e8952bf892e4a70fea2ef5167e1f509 Mon Sep 17 00:00:00 2001
|
|
|
bcb1e2 |
From: Evan Hunt <each@isc.org>
|
|
|
bcb1e2 |
Date: Thu, 1 Sep 2022 16:22:46 -0700
|
|
|
bcb1e2 |
Subject: [PATCH] add a configuration option for the update quota
|
|
|
bcb1e2 |
|
|
|
bcb1e2 |
add an "update-quota" option to configure the update quota.
|
|
|
bcb1e2 |
|
|
|
bcb1e2 |
(cherry picked from commit f57758a7303ad0034ff2ff08eaaf2ef899630f19)
|
|
|
bcb1e2 |
---
|
|
|
bcb1e2 |
bin/named/config.c | 1 +
|
|
|
bcb1e2 |
bin/named/named.conf.rst | 9 +++++----
|
|
|
bcb1e2 |
bin/named/server.c | 1 +
|
|
|
bcb1e2 |
bin/tests/system/checkconf/good.conf | 1 +
|
|
|
bcb1e2 |
doc/arm/reference.rst | 7 ++++++-
|
|
|
bcb1e2 |
doc/man/named.conf.5in | 9 +++++----
|
|
|
bcb1e2 |
doc/misc/master.zoneopt.rst | 2 +-
|
|
|
bcb1e2 |
doc/misc/options | 1 +
|
|
|
bcb1e2 |
doc/misc/options.active | 1 +
|
|
|
bcb1e2 |
doc/misc/options.grammar.rst | 3 ++-
|
|
|
bcb1e2 |
doc/misc/slave.zoneopt.rst | 2 +-
|
|
|
bcb1e2 |
lib/isccfg/namedconf.c | 1 +
|
|
|
bcb1e2 |
12 files changed, 26 insertions(+), 12 deletions(-)
|
|
|
bcb1e2 |
|
|
|
bcb1e2 |
diff --git a/bin/named/config.c b/bin/named/config.c
|
|
|
bcb1e2 |
index 5fedee84d9..494147015f 100644
|
|
|
bcb1e2 |
--- a/bin/named/config.c
|
|
|
bcb1e2 |
+++ b/bin/named/config.c
|
|
|
bcb1e2 |
@@ -130,6 +130,7 @@ options {\n\
|
|
|
bcb1e2 |
transfers-out 10;\n\
|
|
|
bcb1e2 |
transfers-per-ns 2;\n\
|
|
|
bcb1e2 |
trust-anchor-telemetry yes;\n\
|
|
|
bcb1e2 |
+ update-quota 100;\n\
|
|
|
bcb1e2 |
\n\
|
|
|
bcb1e2 |
/* view */\n\
|
|
|
bcb1e2 |
allow-new-zones no;\n\
|
|
|
bcb1e2 |
diff --git a/bin/named/named.conf.rst b/bin/named/named.conf.rst
|
|
|
bcb1e2 |
index 27eed5ca3e..4c9f9a7370 100644
|
|
|
bcb1e2 |
--- a/bin/named/named.conf.rst
|
|
|
bcb1e2 |
+++ b/bin/named/named.conf.rst
|
|
|
bcb1e2 |
@@ -179,7 +179,7 @@ OPTIONS
|
|
|
bcb1e2 |
answer-cookie boolean;
|
|
|
bcb1e2 |
attach-cache string;
|
|
|
bcb1e2 |
auth-nxdomain boolean; // default changed
|
|
|
bcb1e2 |
- auto-dnssec ( allow | maintain | off );
|
|
|
bcb1e2 |
+ auto-dnssec ( allow | maintain | off );// deprecated
|
|
|
bcb1e2 |
automatic-interface-scan boolean;
|
|
|
bcb1e2 |
avoid-v4-udp-ports { portrange; ... };
|
|
|
bcb1e2 |
avoid-v6-udp-ports { portrange; ... };
|
|
|
bcb1e2 |
@@ -446,6 +446,7 @@ OPTIONS
|
|
|
bcb1e2 |
trust-anchor-telemetry boolean; // experimental
|
|
|
bcb1e2 |
try-tcp-refresh boolean;
|
|
|
bcb1e2 |
update-check-ksk boolean;
|
|
|
bcb1e2 |
+ update-quota integer;
|
|
|
bcb1e2 |
use-alt-transfer-source boolean;
|
|
|
bcb1e2 |
use-v4-udp-ports { portrange; ... };
|
|
|
bcb1e2 |
use-v6-udp-ports { portrange; ... };
|
|
|
bcb1e2 |
@@ -584,7 +585,7 @@ VIEW
|
|
|
bcb1e2 |
* ) ] [ dscp integer ];
|
|
|
bcb1e2 |
attach-cache string;
|
|
|
bcb1e2 |
auth-nxdomain boolean; // default changed
|
|
|
bcb1e2 |
- auto-dnssec ( allow | maintain | off );
|
|
|
bcb1e2 |
+ auto-dnssec ( allow | maintain | off );// deprecated
|
|
|
bcb1e2 |
cache-file quoted_string;// deprecated
|
|
|
bcb1e2 |
catalog-zones { zone string [ default-masters [ port integer ]
|
|
|
bcb1e2 |
[ dscp integer ] { ( remote-servers | ipv4_address [ port
|
|
|
bcb1e2 |
@@ -859,7 +860,7 @@ VIEW
|
|
|
bcb1e2 |
integer | * ) ] [ dscp integer ];
|
|
|
bcb1e2 |
alt-transfer-source-v6 ( ipv6_address | * ) [ port (
|
|
|
bcb1e2 |
integer | * ) ] [ dscp integer ];
|
|
|
bcb1e2 |
- auto-dnssec ( allow | maintain | off );
|
|
|
bcb1e2 |
+ auto-dnssec ( allow | maintain | off );// deprecated
|
|
|
bcb1e2 |
check-dup-records ( fail | warn | ignore );
|
|
|
bcb1e2 |
check-integrity boolean;
|
|
|
bcb1e2 |
check-mx ( fail | warn | ignore );
|
|
|
bcb1e2 |
@@ -977,7 +978,7 @@ ZONE
|
|
|
bcb1e2 |
] [ dscp integer ];
|
|
|
bcb1e2 |
alt-transfer-source-v6 ( ipv6_address | * ) [ port ( integer |
|
|
|
bcb1e2 |
* ) ] [ dscp integer ];
|
|
|
bcb1e2 |
- auto-dnssec ( allow | maintain | off );
|
|
|
bcb1e2 |
+ auto-dnssec ( allow | maintain | off );// deprecated
|
|
|
bcb1e2 |
check-dup-records ( fail | warn | ignore );
|
|
|
bcb1e2 |
check-integrity boolean;
|
|
|
bcb1e2 |
check-mx ( fail | warn | ignore );
|
|
|
bcb1e2 |
diff --git a/bin/named/server.c b/bin/named/server.c
|
|
|
bcb1e2 |
index 20443ff8a9..78a21d62a2 100644
|
|
|
bcb1e2 |
--- a/bin/named/server.c
|
|
|
bcb1e2 |
+++ b/bin/named/server.c
|
|
|
bcb1e2 |
@@ -8542,6 +8542,7 @@ load_configuration(const char *filename, named_server_t *server,
|
|
|
bcb1e2 |
configure_server_quota(maps, "tcp-clients", &server->sctx->tcpquota);
|
|
|
bcb1e2 |
configure_server_quota(maps, "recursive-clients",
|
|
|
bcb1e2 |
&server->sctx->recursionquota);
|
|
|
bcb1e2 |
+ configure_server_quota(maps, "update-quota", &server->sctx->updquota);
|
|
|
bcb1e2 |
|
|
|
bcb1e2 |
max = isc_quota_getmax(&server->sctx->recursionquota);
|
|
|
bcb1e2 |
if (max > 1000) {
|
|
|
bcb1e2 |
diff --git a/bin/tests/system/checkconf/good.conf b/bin/tests/system/checkconf/good.conf
|
|
|
bcb1e2 |
index b1f7059acf..0ecdb68e95 100644
|
|
|
bcb1e2 |
--- a/bin/tests/system/checkconf/good.conf
|
|
|
bcb1e2 |
+++ b/bin/tests/system/checkconf/good.conf
|
|
|
bcb1e2 |
@@ -75,6 +75,7 @@ options {
|
|
|
bcb1e2 |
recursive-clients 3000;
|
|
|
bcb1e2 |
serial-query-rate 100;
|
|
|
bcb1e2 |
server-id none;
|
|
|
bcb1e2 |
+ update-quota 200;
|
|
|
bcb1e2 |
check-names primary warn;
|
|
|
bcb1e2 |
check-names secondary ignore;
|
|
|
bcb1e2 |
max-cache-size 20000000000000;
|
|
|
bcb1e2 |
diff --git a/doc/arm/reference.rst b/doc/arm/reference.rst
|
|
|
bcb1e2 |
index 2603d60251..703663d0ba 100644
|
|
|
bcb1e2 |
--- a/doc/arm/reference.rst
|
|
|
bcb1e2 |
+++ b/doc/arm/reference.rst
|
|
|
bcb1e2 |
@@ -3151,6 +3151,11 @@ system.
|
|
|
bcb1e2 |
value as ``tcp-keepalive-timeout``. This value can be updated at
|
|
|
bcb1e2 |
runtime by using ``rndc tcp-timeouts``.
|
|
|
bcb1e2 |
|
|
|
bcb1e2 |
+``update-quota``
|
|
|
bcb1e2 |
+ This is the maximum number of simultaneous DNS UPDATE messages that
|
|
|
bcb1e2 |
+ the server will accept for updating local authoritiative zones or
|
|
|
bcb1e2 |
+ forwarding to a primary server. The default is ``100``.
|
|
|
bcb1e2 |
+
|
|
|
bcb1e2 |
.. _intervals:
|
|
|
bcb1e2 |
|
|
|
bcb1e2 |
Periodic Task Intervals
|
|
|
bcb1e2 |
@@ -6840,7 +6845,7 @@ Name Server Statistics Counters
|
|
|
bcb1e2 |
``UpdateQuota``
|
|
|
bcb1e2 |
This indicates the number of times a dynamic update or update
|
|
|
bcb1e2 |
forwarding request was rejected because the number of pending
|
|
|
bcb1e2 |
- requests exceeded the update quota.
|
|
|
bcb1e2 |
+ requests exceeded ``update-quota``.
|
|
|
bcb1e2 |
|
|
|
bcb1e2 |
``RateDropped``
|
|
|
bcb1e2 |
This indicates the number of responses dropped due to rate limits.
|
|
|
bcb1e2 |
diff --git a/doc/man/named.conf.5in b/doc/man/named.conf.5in
|
|
|
bcb1e2 |
index 4c46f47592..c87afa2881 100644
|
|
|
bcb1e2 |
--- a/doc/man/named.conf.5in
|
|
|
bcb1e2 |
+++ b/doc/man/named.conf.5in
|
|
|
bcb1e2 |
@@ -231,7 +231,7 @@ options {
|
|
|
bcb1e2 |
answer\-cookie boolean;
|
|
|
bcb1e2 |
attach\-cache string;
|
|
|
bcb1e2 |
auth\-nxdomain boolean; // default changed
|
|
|
bcb1e2 |
- auto\-dnssec ( allow | maintain | off );
|
|
|
bcb1e2 |
+ auto\-dnssec ( allow | maintain | off );// deprecated
|
|
|
bcb1e2 |
automatic\-interface\-scan boolean;
|
|
|
bcb1e2 |
avoid\-v4\-udp\-ports { portrange; ... };
|
|
|
bcb1e2 |
avoid\-v6\-udp\-ports { portrange; ... };
|
|
|
bcb1e2 |
@@ -498,6 +498,7 @@ options {
|
|
|
bcb1e2 |
trust\-anchor\-telemetry boolean; // experimental
|
|
|
bcb1e2 |
try\-tcp\-refresh boolean;
|
|
|
bcb1e2 |
update\-check\-ksk boolean;
|
|
|
bcb1e2 |
+ update\-quota integer;
|
|
|
bcb1e2 |
use\-alt\-transfer\-source boolean;
|
|
|
bcb1e2 |
use\-v4\-udp\-ports { portrange; ... };
|
|
|
bcb1e2 |
use\-v6\-udp\-ports { portrange; ... };
|
|
|
bcb1e2 |
@@ -668,7 +669,7 @@ view string [ class ] {
|
|
|
bcb1e2 |
* ) ] [ dscp integer ];
|
|
|
bcb1e2 |
attach\-cache string;
|
|
|
bcb1e2 |
auth\-nxdomain boolean; // default changed
|
|
|
bcb1e2 |
- auto\-dnssec ( allow | maintain | off );
|
|
|
bcb1e2 |
+ auto\-dnssec ( allow | maintain | off );// deprecated
|
|
|
bcb1e2 |
cache\-file quoted_string;// deprecated
|
|
|
bcb1e2 |
catalog\-zones { zone string [ default\-masters [ port integer ]
|
|
|
bcb1e2 |
[ dscp integer ] { ( remote\-servers | ipv4_address [ port
|
|
|
bcb1e2 |
@@ -943,7 +944,7 @@ view string [ class ] {
|
|
|
bcb1e2 |
integer | * ) ] [ dscp integer ];
|
|
|
bcb1e2 |
alt\-transfer\-source\-v6 ( ipv6_address | * ) [ port (
|
|
|
bcb1e2 |
integer | * ) ] [ dscp integer ];
|
|
|
bcb1e2 |
- auto\-dnssec ( allow | maintain | off );
|
|
|
bcb1e2 |
+ auto\-dnssec ( allow | maintain | off );// deprecated
|
|
|
bcb1e2 |
check\-dup\-records ( fail | warn | ignore );
|
|
|
bcb1e2 |
check\-integrity boolean;
|
|
|
bcb1e2 |
check\-mx ( fail | warn | ignore );
|
|
|
bcb1e2 |
@@ -1065,7 +1066,7 @@ zone string [ class ] {
|
|
|
bcb1e2 |
] [ dscp integer ];
|
|
|
bcb1e2 |
alt\-transfer\-source\-v6 ( ipv6_address | * ) [ port ( integer |
|
|
|
bcb1e2 |
* ) ] [ dscp integer ];
|
|
|
bcb1e2 |
- auto\-dnssec ( allow | maintain | off );
|
|
|
bcb1e2 |
+ auto\-dnssec ( allow | maintain | off );// deprecated
|
|
|
bcb1e2 |
check\-dup\-records ( fail | warn | ignore );
|
|
|
bcb1e2 |
check\-integrity boolean;
|
|
|
bcb1e2 |
check\-mx ( fail | warn | ignore );
|
|
|
bcb1e2 |
diff --git a/doc/misc/master.zoneopt.rst b/doc/misc/master.zoneopt.rst
|
|
|
bcb1e2 |
index 8fc7e1b4f0..346d59813e 100644
|
|
|
bcb1e2 |
--- a/doc/misc/master.zoneopt.rst
|
|
|
bcb1e2 |
+++ b/doc/misc/master.zoneopt.rst
|
|
|
bcb1e2 |
@@ -20,7 +20,7 @@
|
|
|
bcb1e2 |
also-notify [ port <integer> ] [ dscp <integer> ] { ( <remote-servers> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ]; ... };
|
|
|
bcb1e2 |
alt-transfer-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ] [ dscp <integer> ];
|
|
|
bcb1e2 |
alt-transfer-source-v6 ( <ipv6_address> | * ) [ port ( <integer> | * ) ] [ dscp <integer> ];
|
|
|
bcb1e2 |
- auto-dnssec ( allow | maintain | off );
|
|
|
bcb1e2 |
+ auto-dnssec ( allow | maintain | off ); // deprecated
|
|
|
bcb1e2 |
check-dup-records ( fail | warn | ignore );
|
|
|
bcb1e2 |
check-integrity <boolean>;
|
|
|
bcb1e2 |
check-mx ( fail | warn | ignore );
|
|
|
bcb1e2 |
diff --git a/doc/misc/options b/doc/misc/options
|
|
|
bcb1e2 |
index f57399499a..0dbcf101e1 100644
|
|
|
bcb1e2 |
--- a/doc/misc/options
|
|
|
bcb1e2 |
+++ b/doc/misc/options
|
|
|
bcb1e2 |
@@ -404,6 +404,7 @@ options {
|
|
|
bcb1e2 |
trust-anchor-telemetry <boolean>; // experimental
|
|
|
bcb1e2 |
try-tcp-refresh <boolean>;
|
|
|
bcb1e2 |
update-check-ksk <boolean>;
|
|
|
bcb1e2 |
+ update-quota <integer>;
|
|
|
bcb1e2 |
use-alt-transfer-source <boolean>;
|
|
|
bcb1e2 |
use-id-pool <boolean>; // ancient
|
|
|
bcb1e2 |
use-ixfr <boolean>; // obsolete
|
|
|
bcb1e2 |
diff --git a/doc/misc/options.active b/doc/misc/options.active
|
|
|
bcb1e2 |
index 5fc1ab29f4..eb75a86eae 100644
|
|
|
bcb1e2 |
--- a/doc/misc/options.active
|
|
|
bcb1e2 |
+++ b/doc/misc/options.active
|
|
|
bcb1e2 |
@@ -363,6 +363,7 @@ options {
|
|
|
bcb1e2 |
trust-anchor-telemetry <boolean>; // experimental
|
|
|
bcb1e2 |
try-tcp-refresh <boolean>;
|
|
|
bcb1e2 |
update-check-ksk <boolean>;
|
|
|
bcb1e2 |
+ update-quota <integer>;
|
|
|
bcb1e2 |
use-alt-transfer-source <boolean>;
|
|
|
bcb1e2 |
use-v4-udp-ports { <portrange>; ... };
|
|
|
bcb1e2 |
use-v6-udp-ports { <portrange>; ... };
|
|
|
bcb1e2 |
diff --git a/doc/misc/options.grammar.rst b/doc/misc/options.grammar.rst
|
|
|
bcb1e2 |
index 438072c95c..beef35341a 100644
|
|
|
bcb1e2 |
--- a/doc/misc/options.grammar.rst
|
|
|
bcb1e2 |
+++ b/doc/misc/options.grammar.rst
|
|
|
bcb1e2 |
@@ -33,7 +33,7 @@
|
|
|
bcb1e2 |
answer-cookie <boolean>;
|
|
|
bcb1e2 |
attach-cache <string>;
|
|
|
bcb1e2 |
auth-nxdomain <boolean>; // default changed
|
|
|
bcb1e2 |
- auto-dnssec ( allow | maintain | off );
|
|
|
bcb1e2 |
+ auto-dnssec ( allow | maintain | off ); // deprecated
|
|
|
bcb1e2 |
automatic-interface-scan <boolean>;
|
|
|
bcb1e2 |
avoid-v4-udp-ports { <portrange>; ... };
|
|
|
bcb1e2 |
avoid-v6-udp-ports { <portrange>; ... };
|
|
|
bcb1e2 |
@@ -300,6 +300,7 @@
|
|
|
bcb1e2 |
trust-anchor-telemetry <boolean>; // experimental
|
|
|
bcb1e2 |
try-tcp-refresh <boolean>;
|
|
|
bcb1e2 |
update-check-ksk <boolean>;
|
|
|
bcb1e2 |
+ update-quota <integer>;
|
|
|
bcb1e2 |
use-alt-transfer-source <boolean>;
|
|
|
bcb1e2 |
use-v4-udp-ports { <portrange>; ... };
|
|
|
bcb1e2 |
use-v6-udp-ports { <portrange>; ... };
|
|
|
bcb1e2 |
diff --git a/doc/misc/slave.zoneopt.rst b/doc/misc/slave.zoneopt.rst
|
|
|
bcb1e2 |
index cc72dcbf67..468a7f4d9a 100644
|
|
|
bcb1e2 |
--- a/doc/misc/slave.zoneopt.rst
|
|
|
bcb1e2 |
+++ b/doc/misc/slave.zoneopt.rst
|
|
|
bcb1e2 |
@@ -21,7 +21,7 @@
|
|
|
bcb1e2 |
also-notify [ port <integer> ] [ dscp <integer> ] { ( <remote-servers> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ]; ... };
|
|
|
bcb1e2 |
alt-transfer-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ] [ dscp <integer> ];
|
|
|
bcb1e2 |
alt-transfer-source-v6 ( <ipv6_address> | * ) [ port ( <integer> | * ) ] [ dscp <integer> ];
|
|
|
bcb1e2 |
- auto-dnssec ( allow | maintain | off );
|
|
|
bcb1e2 |
+ auto-dnssec ( allow | maintain | off ); // deprecated
|
|
|
bcb1e2 |
check-names ( fail | warn | ignore );
|
|
|
bcb1e2 |
database <string>;
|
|
|
bcb1e2 |
dialup ( notify | notify-passive | passive | refresh | <boolean> );
|
|
|
bcb1e2 |
diff --git a/lib/isccfg/namedconf.c b/lib/isccfg/namedconf.c
|
|
|
bcb1e2 |
index 45de0196bf..6e63d86816 100644
|
|
|
bcb1e2 |
--- a/lib/isccfg/namedconf.c
|
|
|
bcb1e2 |
+++ b/lib/isccfg/namedconf.c
|
|
|
bcb1e2 |
@@ -1267,6 +1267,7 @@ static cfg_clausedef_t options_clauses[] = {
|
|
|
bcb1e2 |
{ "transfers-out", &cfg_type_uint32, 0 },
|
|
|
bcb1e2 |
{ "transfers-per-ns", &cfg_type_uint32, 0 },
|
|
|
bcb1e2 |
{ "treat-cr-as-space", &cfg_type_boolean, CFG_CLAUSEFLAG_ANCIENT },
|
|
|
bcb1e2 |
+ { "update-quota", &cfg_type_uint32, 0 },
|
|
|
bcb1e2 |
{ "use-id-pool", &cfg_type_boolean, CFG_CLAUSEFLAG_ANCIENT },
|
|
|
bcb1e2 |
{ "use-ixfr", &cfg_type_boolean, CFG_CLAUSEFLAG_OBSOLETE },
|
|
|
bcb1e2 |
{ "use-v4-udp-ports", &cfg_type_bracketed_portlist, 0 },
|
|
|
bcb1e2 |
--
|
|
|
bcb1e2 |
2.39.1
|
|
|
bcb1e2 |
|