Date: Thu, 19 Jan 2017 17:23:18 +0000 From: bugzilla-noreply@freebsd.org To: freebsd-ports-bugs@FreeBSD.org Subject: [Bug 216260] dns/djbdns: loop detection false positives. Message-ID: <bug-216260-13@https.bugs.freebsd.org/bugzilla/>
next in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D216260 Bug ID: 216260 Summary: dns/djbdns: loop detection false positives. Product: Ports & Packages Version: Latest Hardware: Any OS: Any Status: New Severity: Affects Only Me Priority: --- Component: Individual Port(s) Assignee: lx@FreeBSD.org Reporter: tjd-freebsd@phlegethon.org Flags: maintainer-feedback?(lx@FreeBSD.org) Assignee: lx@FreeBSD.org Created attachment 179072 --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=3D179072&action= =3Dedit Patch to bump loop detection limit from 100 to 500. djbdns will give up resolving a name after 100 queries, to avoid following CNAME loops forever. But 'modern' CDNs use complex layers of DNS redirecti= on that can hit this limit when resolving a valid query from a cold cache.=20 I found that resolving the Let's Encrypt OCSP responder (ocsp.int-x3.letsencrypt.org.) through dnscache would fail and time out.=20 The attached patch bumps the limit from 100 to 500, and makes that particul= ar name resolve again on my system (10.3-RELEASE-p11 amd64, djbdns-ipv6-1.05.b23_21,1 with IP6 config enabled). I searched a bit and it looks like this is a known issue, WONTFIX'd upstrea= m. --=20 You are receiving this mail because: You are the assignee for the bug.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-216260-13>