mirror of
https://github.com/isc-projects/bind9.git
synced 2026-02-25 10:59:35 -05:00
71ce8b0a51
There are a couple of problems with dns_request_createvia(): a UDP retry count of zero means unlimited retries (it should mean no retries), and the overall request timeout is not enforced. The combination of these bugs means that requests can be retried forever. This change alters calls to dns_request_createvia() to avoid the infinite retry bug by providing an explicit retry count. Previously, the calls specified infinite retries and relied on the limit implied by the overall request timeout and the UDP timeout (which did not work because the overall timeout is not enforced). The `udpretries` argument is also changed to be the number of retries; previously, zero was interpreted as infinity because of an underflow to UINT_MAX, which appeared to be a mistake. And `mdig` is updated to match the change in retry accounting. The bug could be triggered by zone maintenance queries, including NOTIFY messages, DS parental checks, refresh SOA queries and stub zone nameserver lookups. It could also occur with `nsupdate -r 0`. (But `mdig` had its own code to avoid the bug.) |
||
|---|---|---|
| .. | ||
| .gitignore | ||
| arpaname.c | ||
| arpaname.rst | ||
| dnstap-read.c | ||
| dnstap-read.rst | ||
| Makefile.am | ||
| mdig.c | ||
| mdig.rst | ||
| named-journalprint.c | ||
| named-journalprint.rst | ||
| named-nzd2nzf.c | ||
| named-nzd2nzf.rst | ||
| named-rrchecker.c | ||
| named-rrchecker.rst | ||
| nsec3hash.c | ||
| nsec3hash.rst | ||