[Bug 216260] dns/djbdns: loop detection false positives.
bugzilla-noreply at freebsd.org
bugzilla-noreply at freebsd.org
Thu Jan 19 17:23:18 UTC 2017
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=216260
Bug ID: 216260
Summary: dns/djbdns: loop detection false positives.
Product: Ports & Packages
Version: Latest
Hardware: Any
OS: Any
Status: New
Severity: Affects Only Me
Priority: ---
Component: Individual Port(s)
Assignee: lx at FreeBSD.org
Reporter: tjd-freebsd at phlegethon.org
Flags: maintainer-feedback?(lx at FreeBSD.org)
Assignee: lx at FreeBSD.org
Created attachment 179072
--> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=179072&action=edit
Patch to bump loop detection limit from 100 to 500.
djbdns will give up resolving a name after 100 queries, to avoid following
CNAME loops forever. But 'modern' CDNs use complex layers of DNS redirection
that can hit this limit when resolving a valid query from a cold cache.
I found that resolving the Let's Encrypt OCSP responder
(ocsp.int-x3.letsencrypt.org.) through dnscache would fail and time out.
The attached patch bumps the limit from 100 to 500, and makes that particular
name resolve again on my system (10.3-RELEASE-p11 amd64,
djbdns-ipv6-1.05.b23_21,1 with IP6 config enabled).
I searched a bit and it looks like this is a known issue, WONTFIX'd upstream.
--
You are receiving this mail because:
You are the assignee for the bug.
More information about the freebsd-ports-bugs
mailing list