Pi-Hole/dnsmasq
1
0
Fork 0
mirror of https://github.com/pi-hole/dnsmasq.git synced 2025-12-19 10:18:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

Default --fast-dns-retries on when doing DNSSEC.

Browse Source 
When doing DNSSEC validation, a single downstream query may
trigger many upstream queries. On an unreliable network, there
may not be enough downstream retries to ensure that all these
queries complete.
This commit is contained in:
Simon Kelley
2024-11-24 21:52:39 +00:00
parent 163c05c61d
commit 4ea23f7ea1
2 changed files with 11 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
man/dnsmasq.8
View File

@@ -114,7 +114,8 @@ which defaults to 1000ms. If the second parameter is given this controls
how long the retries will continue for how long the retries will continue for
otherwise this defaults to 10000ms. Retries are repeated with exponential otherwise this defaults to 10000ms. Retries are repeated with exponential
backoff. Using this option increases memory usage and backoff. Using this option increases memory usage and
network bandwidth. network bandwidth. If not otherwise configured, this option is activated
with the default parameters when \fB--dnssec\fP is set.
.TP .TP
.B \-k, --keep-in-foreground .B \-k, --keep-in-foreground
Do not go into the background at startup but otherwise run as Do not go into the background at startup but otherwise run as

9
src/option.c
View File

@@ -6027,6 +6027,15 @@ void read_opts(int argc, char **argv, char *compile_opts)
} }
#endif #endif
#ifdef HAVE_DNSSEC
/* Default fast retry on when doing DNSSEC */
if (option_bool(OPT_DNSSEC_VALID) && daemon->fast_retry_time == 0)
{
daemon->fast_retry_timeout = TIMEOUT;
daemon->fast_retry_time = DEFAULT_FAST_RETRY;
}
#endif
/* port might not be known when the address is parsed - fill in here */ /* port might not be known when the address is parsed - fill in here */
if (daemon->servers) if (daemon->servers)
{ {