From 4ea23f7ea1da5f32268612866ef9ec58b77eded7 Mon Sep 17 00:00:00 2001 From: Simon Kelley Date: Sun, 24 Nov 2024 21:52:39 +0000 Subject: [PATCH] Default --fast-dns-retries on when doing DNSSEC. When doing DNSSEC validation, a single downstream query may trigger many upstream queries. On an unreliable network, there may not be enough downstream retries to ensure that all these queries complete. --- man/dnsmasq.8 | 3 ++- src/option.c | 9 +++++++++ 2 files changed, 11 insertions(+), 1 deletion(-) diff --git a/man/dnsmasq.8 b/man/dnsmasq.8 index bc3257b..e56bcb7 100644 --- a/man/dnsmasq.8 +++ b/man/dnsmasq.8 @@ -114,7 +114,8 @@ which defaults to 1000ms. If the second parameter is given this controls how long the retries will continue for otherwise this defaults to 10000ms. Retries are repeated with exponential backoff. Using this option increases memory usage and -network bandwidth. +network bandwidth. If not otherwise configured, this option is activated +with the default parameters when \fB--dnssec\fP is set. .TP .B \-k, --keep-in-foreground Do not go into the background at startup but otherwise run as diff --git a/src/option.c b/src/option.c index be94b8e..ee505f8 100644 --- a/src/option.c +++ b/src/option.c @@ -6027,6 +6027,15 @@ void read_opts(int argc, char **argv, char *compile_opts) } #endif +#ifdef HAVE_DNSSEC + /* Default fast retry on when doing DNSSEC */ + if (option_bool(OPT_DNSSEC_VALID) && daemon->fast_retry_time == 0) + { + daemon->fast_retry_timeout = TIMEOUT; + daemon->fast_retry_time = DEFAULT_FAST_RETRY; + } +#endif + /* port might not be known when the address is parsed - fill in here */ if (daemon->servers) {