Option to turn off EDNS globally?

Adam Tkac atkac at redhat.com
Thu Sep 20 08:12:25 UTC 2007 

Hi all,

Recently I've got report that syslog is flooded with messages like "Too many timeouts resolving $DOMAIN (in $DOMAIN?): disabling EDNS". Of course those messages will be easily supressed with "edns-disabled" logging option but this not suppress EDNS queries. I've created patch which will completely disable EDNS (patch adds edns option). Would it be possible include it in main source or this is step back?

Adam
-------------- next part --------------
diff -up bind-9.5.0a6/lib/dns/view.c.edns bind-9.5.0a6/lib/dns/view.c
--- bind-9.5.0a6/lib/dns/view.c.edns	2007-06-19 01:47:42.000000000 +0200
+++ bind-9.5.0a6/lib/dns/view.c	2007-09-19 17:46:10.000000000 +0200
@@ -179,6 +179,7 @@ dns_view_create(isc_mem_t *mctx, dns_rda
 	view->flush = ISC_FALSE;
 	view->dlv = NULL;
 	view->maxudp = 0;
+	view->edns = ISC_TRUE;
 	dns_fixedname_init(&view->dlv_fixed);
 
 	result = dns_order_create(view->mctx, &view->order);
diff -up bind-9.5.0a6/lib/dns/resolver.c.edns bind-9.5.0a6/lib/dns/resolver.c
--- bind-9.5.0a6/lib/dns/resolver.c.edns	2007-09-19 17:46:10.000000000 +0200
+++ bind-9.5.0a6/lib/dns/resolver.c	2007-09-19 17:47:19.000000000 +0200
@@ -1484,10 +1484,12 @@ resquery_send(resquery_t *query) {
 	 * The ADB does not know about servers with "edns no".  Check this,
 	 * and then inform the ADB for future use.
 	 */
-	if ((query->addrinfo->flags & DNS_FETCHOPT_NOEDNS0) == 0 &&
-	    peer != NULL &&
-	    dns_peer_getsupportedns(peer, &useedns) == ISC_R_SUCCESS &&
-	    !useedns)
+	if (((query->addrinfo->flags & DNS_FETCHOPT_NOEDNS0) == 0 ||
+             (query->options & DNS_FETCHOPT_NOEDNS0) == 0) &&
+	    (!(res->view->edns) ||
+	     (peer != NULL &&
+	      dns_peer_getsupportedns(peer, &useedns) == ISC_R_SUCCESS &&
+	      !useedns)))
 	{
 		query->options |= DNS_FETCHOPT_NOEDNS0;
 		dns_adb_changeflags(fctx->adb,
diff -up bind-9.5.0a6/lib/dns/include/dns/view.h.edns bind-9.5.0a6/lib/dns/include/dns/view.h
--- bind-9.5.0a6/lib/dns/include/dns/view.h.edns	2007-06-19 01:47:42.000000000 +0200
+++ bind-9.5.0a6/lib/dns/include/dns/view.h	2007-09-19 17:46:10.000000000 +0200
@@ -137,6 +137,7 @@ struct dns_view {
 	dns_name_t *			dlv;
 	dns_fixedname_t			dlv_fixed;
 	isc_uint16_t			maxudp;
+	isc_boolean_t			edns;
 
 	/*
 	 * Configurable data for server use only,
diff -up bind-9.5.0a6/lib/isccfg/namedconf.c.edns bind-9.5.0a6/lib/isccfg/namedconf.c
--- bind-9.5.0a6/lib/isccfg/namedconf.c.edns	2007-06-19 01:47:50.000000000 +0200
+++ bind-9.5.0a6/lib/isccfg/namedconf.c	2007-09-19 17:46:10.000000000 +0200
@@ -618,6 +618,7 @@ options_clauses[] = {
 	{ "deallocate-on-exit", &cfg_type_boolean, CFG_CLAUSEFLAG_OBSOLETE },
 	{ "directory", &cfg_type_qstring, CFG_CLAUSEFLAG_CALLBACK },
 	{ "dump-file", &cfg_type_qstring, 0 },
+	{ "edns", &cfg_type_boolean, 0 },
 	{ "fake-iquery", &cfg_type_boolean, CFG_CLAUSEFLAG_OBSOLETE },
 	{ "files", &cfg_type_size, 0 },
 	{ "has-old-clients", &cfg_type_boolean, CFG_CLAUSEFLAG_OBSOLETE },
diff -up bind-9.5.0a6/doc/misc/options.edns bind-9.5.0a6/doc/misc/options
--- bind-9.5.0a6/doc/misc/options.edns	2007-03-29 17:19:20.000000000 +0200
+++ bind-9.5.0a6/doc/misc/options	2007-09-19 17:46:10.000000000 +0200
@@ -11,6 +11,7 @@ options {
         deallocate-on-exit <boolean>; // obsolete
         directory <quoted_string>;
         dump-file <quoted_string>;
+	edns <boolean>;
         fake-iquery <boolean>; // obsolete
         files <size>;
         has-old-clients <boolean>; // obsolete
diff -up bind-9.5.0a6/bin/named/config.c.edns bind-9.5.0a6/bin/named/config.c
--- bind-9.5.0a6/bin/named/config.c.edns	2007-06-19 01:47:18.000000000 +0200
+++ bind-9.5.0a6/bin/named/config.c	2007-09-19 17:46:10.000000000 +0200
@@ -137,6 +137,7 @@ options {\n\
 	acache-enable no;\n\
 	acache-cleaning-interval 60;\n\
 	max-acache-size 0;\n\
+	edns yes;\n\
 	dnssec-enable yes;\n\
 	dnssec-validation no; /* Make yes for 9.5. */ \n\
 	dnssec-accept-expired no;\n\
diff -up bind-9.5.0a6/bin/named/server.c.edns bind-9.5.0a6/bin/named/server.c
--- bind-9.5.0a6/bin/named/server.c.edns	2007-09-19 17:46:10.000000000 +0200
+++ bind-9.5.0a6/bin/named/server.c	2007-09-19 17:46:10.000000000 +0200
@@ -1624,7 +1624,12 @@ configure_view(dns_view_t *view, const c
 	dns_resolver_setclientsperquery(view->resolver,
 					cfg_obj_asuint32(obj),
 					max_clients_per_query);
-			
+
+	obj = NULL;
+	result = ns_config_get(maps, "edns", &obj);
+	INSIST(result == ISC_R_SUCCESS);
+	view->edns = cfg_obj_asboolean(obj);
+
 	obj = NULL;
 	result = ns_config_get(maps, "dnssec-enable", &obj);
 	INSIST(result == ISC_R_SUCCESS);
diff -up bind-9.5.0a6/bin/named/named.conf.5.edns bind-9.5.0a6/bin/named/named.conf.5
--- bind-9.5.0a6/bin/named/named.conf.5.edns	2007-06-20 04:27:32.000000000 +0200
+++ bind-9.5.0a6/bin/named/named.conf.5	2007-09-19 17:46:10.000000000 +0200
@@ -160,6 +160,7 @@ options {
 	datasize \fIsize\fR;
 	directory \fIquoted_string\fR;
 	dump\-file \fIquoted_string\fR;
+	edns \fIboolean\fR;
 	files \fIsize\fR;
 	heartbeat\-interval \fIinteger\fR;
 	host\-statistics \fIboolean\fR; // not implemented

More information about the bind-workers mailing list