Parameterise work limits for DNSSEC validation.

src/cache.c

@@ -834,6 +834,12 @@ void cache_end_insert(void)
   if (daemon->pipe_to_parent != -1)
     {
       ssize_t m = -1;
+
+#ifdef HAVE_DNSSEC
+      /* Sneak out possibly updated crypto HWM. */
+      m = -1 - daemon->metrics[METRIC_CRYTO_HWM];
+#endif
+
       read_write(daemon->pipe_to_parent, (unsigned char *)&m, sizeof(m), 0);
     }
       
@@ -859,8 +865,13 @@ int cache_recv_insert(time_t now, int fd)
       if (!read_write(fd, (unsigned char *)&m, sizeof(m), 1))
 	return 0;
       
-      if (m == -1)
+      if (m < 0)
 	{
+#ifdef HAVE_DNSSEC
+	  /* Sneak in possibly updated crypto HWM. */
+	  if ((-m - 1) > daemon->metrics[METRIC_CRYTO_HWM])
+	    daemon->metrics[METRIC_CRYTO_HWM] = -m - 1;
+#endif
 	  cache_end_insert();
 	  return 1;
 	}
@@ -1893,6 +1904,9 @@ void dump_cache(time_t now)
 #ifdef HAVE_AUTH
   my_syslog(LOG_INFO, _("queries for authoritative zones %u"), daemon->metrics[METRIC_DNS_AUTH_ANSWERED]);
 #endif
+#ifdef HAVE_DNSSEC
+  my_syslog(LOG_INFO, _("DNSSEC per-query crypto HWM %u"), daemon->metrics[METRIC_CRYTO_HWM]);
+#endif
 
   blockdata_report();
   my_syslog(LOG_INFO, _("child processes for TCP requests: in use %zu, highest since last SIGUSR1 %zu, max allowed %zu."),