Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

rec: Only check the netmask for subnet specific cache entries #5319

Merged
merged 2 commits into from May 17, 2017
Merged

rec: Only check the netmask for subnet specific cache entries #5319

merged 2 commits into from May 17, 2017

Conversation

rgacogne
Copy link
Member

@rgacogne rgacogne commented May 12, 2017
edited

Short description

We used to check the netmask for all entries for a qname if at least one of them was a subnet specific one. Since an empty Netmask doesn't match anything, we would effectively ignore every
non subnet specific entries if we had at least one subnet specific one.
This was part of a very hard to reproduce issue with for example f.root-servers.net that includes an EDNS Client Subnet option in its answer for NS . if the query has an EDNS Client Subnet option.
This caused the recursor to cache a subnet specific entry for NS .. When that entry expired, we retrieved and cached a non subnet specific one, but that new one was ignored as long as the subnet specific was not expunged from the cache.

Checklist

I have:

  • read the CONTRIBUTING.md document
  • compiled and tested this code
  • included documentation (including possible behaviour changes)
  • documented the code
  • added or modified regression test(s)
  • added or modified unit test(s)

@rgacogne
rec: Only check the netmask for subnet specific cache entries
65fdd18 
We used to check the netmask for all entries for a qname
if at least one of them was a subnet specific one. Since an empty
`Netmask` doesn't match anything, we would effectively ignore every
non subnet specific entries if we had at least one subnet specific
one.
This caused a very hard to reproduce issue with for example
f.root-servers.net that includes an EDNS Client Subnet option in its
answer for `NS .` if the query has an EDNS Client Subnet option.
This caused the recursor to cache a subnet specific entry for `NS .`.
When that entry expired, we retrieved and cached a non subnet specific
one, but that new one was ignored as long as the subnet specific
was not expunged from the cache.
Under certain circumstances that could cause a root refresh loop
using a lot of stack memory.
@rgacogne rgacogne added this to the rec-4.1.0 milestone May 12, 2017
@zeha
Copy link
Collaborator

zeha commented May 14, 2017

just reading this... might want a test?

@rgacogne
Copy link
Member Author

I just pushed a new commit adding unit tests for the MemRecursorCache class, one of them covering this exact issue.

@rgacogne rgacogne mentioned this pull request May 16, 2017
Merged
7 tasks
@pieterlexis pieterlexis merged commit 7d8a0ea into PowerDNS:master May 17, 2017
@rgacogne rgacogne deleted the rec-cache-edns-specific branch May 17, 2017 07:24
pieterlexis added a commit to pieterlexis/pdns that referenced this pull request May 17, 2017
@pieterlexis
Recursor 4.0.5: Backport PowerDNS#5319
28e4e13
pieterlexis added a commit to pieterlexis/pdns that referenced this pull request May 17, 2017
@pieterlexis
Recursor 4.0.5: Backport PowerDNS#5319
101a1f5
pieterlexis added a commit to pieterlexis/pdns that referenced this pull request May 17, 2017
@pieterlexis
Recursor 4.0.5: Backport PowerDNS#5319
a471974
@rgacogne rgacogne mentioned this pull request Jun 29, 2018
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
defect rec
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@rgacogne @zeha @pieterlexis