| Age | Commit message (Collapse) | Author |
|---|
|
Allow specifying the local IP addresses that
the UDP dns server will listen on when the
-s flag is given.
|
|
txt and caa rr strings might contain binary control characters
such as newlines and double quotes which mess up the output
in ndb(6) format.
so handle them as binary blobs internally and escape special
characters as \DDD where D is a octal digit when printing.
txtrr() will unescape them when reading into internal
binary representation.
remove the undocumented nullrr ndb attribute parsing code.
|
|
---
To: 9front@9front.org
Date: Sun, 07 Feb 2021 14:56:39 +0100
From: kvik@a-b.xyz
Subject: Re: [9front] transient dns errors cause smtp failure
Reply-To: 9front@9front.org
I think I found a reason for DNS failing on known good domains.
/sys/src/cmd/ndb/dns.h:156,157
/* tune; was 60*1000; keep it short */
Maxreqtm= 8*1000, /* max. ms to process a request */
So, 8 seconds is how much the resolver will bother with a request it
has been handed, before dropping it on the floor with little
explanation.
It seems quite possible that this is too short a timeout on a machine
during a spam queue run, which predictably stresses the compute and
network resources.
In turn, negative response caching might explain why a particular
unlucky domain would basically stop receiveing any mail for a while.
I'm dying to know if bumping this limit would clear up the queue of
such DNS errors.
---
[narrator: it did.]
|
|
|
|
|
|
|
|
|
|
|
|
remove myaddr() function and replace with myip() function
that receives binary ip address. and don't use string
comparsion for ip addresses... parse and then ipcmp().
for sanity reasons, normalize ip address strings and
reject unparsable ones. done by calling ipalookup()
with a binary ip address.
|
|
testing code
when ndb/dns runs as a resolver only (cfg.cachedb == 0),
we still want to purge the "local#" db records to reread
dns server configuration or react to changed ip addresses.
removing old poolcheck and dncheck code, these bugs have
been fixed a long time ago.
|
|
instead of copying the whole packet, just save the
udp header and restore it aftwards. dont call redistrib()
when there are no forwards (this should be almost always
the case).
|
|
|
|
only cache what we asked for or need to resolve the
query. filter out everything else.
|
|
never try to resolve a nameserver address when that nameserver
is in the set of nameservers already being queried.
this situation can happen when the Ta and Taaaa RR's expire, but
the Tns records are still in the cache so there is no usable
nameserver but they still refer to each another.
|
|
stop absolute/relative dual use of RR.ttl. now RR.ttl is
*always* the *relative* ttl value. we derive absolute
timeout in RR.expire.
remove unused lookuptime field in DN. replace refs and
keep with mark field in DN. we do not care about the
number of references. only *iff* it is referenced, so
use a single bit for that (bit 0). for keep, we use
bit 1.
remove dolock parameter in dnagenever(), it is not
needed. we always need to lock.
mark local dns servers and domains as never to be aged.
the keeper bit is *just* a cache optimization, preventing
the domain and the domains it points to from being flushed.
it should not be used as a write protect bit in rrattach()
for preventing spoofing as it will prevent updates of say,
cname domains.
remove "removing spam ..." message. these are usualy just
hints, so normal. still, remove the hint as we currently
do no check if the nameserver has authority over the
cname domain.
remove "mydnsquery: trying to send to myself (%s); bzzzt"
message. this can happen when myaddr() fails for other
reasons. myaddr() will print error for us anyway.
|
|
removing the querylck from the DN as it was never used or being
effective which saves like a ton on space per domain name.
remove the Query.tcplock and put query on the stack. it is
unneccesary to lock the query as its only used by one process
at a time. put Query's on the stack.
change outsidens() to outsidensip() which now takes the ip
buffer that it fills instead of returning static buffer (which
would race with multiple processes involved).
eleminate mostly all of the lock(&dnlock)/unlock(&dnlock) calls.
we'r not working on shared cache RR's in the resolver procs.
we work on *copies* done by rrlookup() made under the dnlock.
the cache garbage collection only runs when all processes are
locked out and is also taking the dnlock while doing so.
cleanup xmitquery(). for the tcp case, we dont need to get
more nameserver addresses, just take the ip from the udp header
that tcpquery() placed there for us.
fixed baddelegation() to actually check for delegation loop even
if theres no dom info for our host.
remove lots of debug code. remove the dnforceage() as it doenst
make sure other processes are locked out. this could destroy
dn's currenctly refered by running queries.
remove dnageallnever() as its not used. dont attach rr's to
keepers to prevent outside spoofing.
make myaddr() retrive the ip address if not set.
|
|
|
|
|
|
|
