[Asterisk-code-review] pjproject bundled: Prevent SERVFAIL from marking name serve... (asterisk[14])
George Joseph
asteriskteam at digium.com
Thu Sep 15 08:23:29 CDT 2016
George Joseph has uploaded a new change for review.
https://gerrit.asterisk.org/3911
Change subject: pjproject_bundled: Prevent SERVFAIL from marking name server bad
......................................................................
pjproject_bundled: Prevent SERVFAIL from marking name server bad
A name server that returns "Server Failure" is indicating only that
the server couldn't process that particular request. We should NOT
assume that the name server is incapable of serving other requests.
Here's the scenario we've been encountering...
* 2 local name servers configured in resolv.conf.
* An OPTIONS request causes a request for A and AAAA records to go out
to both nameservers.
* The A responses both come back successfully resolved.
* Because of an issue at some upstream nameserver, the AAAA responses
for that particular query come back as "SERVFAIL" from both local
name servers.
* Both local servers are marked as bad and no further queries can be
sent until the 60 second ttl expires. Only previously cached results
can be used.
* In this case, 60 seconds is just enough time for another OPTIONS
request to go out to the same host so the cycle repeats.
We could set the bad ttl really low but that also affects REFUSED and
NOTAUTH which probably DO signal a real server issue. Besides, even
a really low bad ttl would be an issue on a pbx.
Although we use our own resolver in 14 and master and don't have this
issue there, Teluu has merged this patch upstream so it's appropriate
to cherry-pick to 14 and master to keep pjproject consistent.
Change-Id: Ie03ba902288e274aff23f9b9bb2786e1e8be09e0
---
A third-party/pjproject/patches/0004-resolver.c-Prevent-SERVFAIL-from-marking-name-server.patch
1 file changed, 48 insertions(+), 0 deletions(-)
git pull ssh://gerrit.asterisk.org:29418/asterisk refs/changes/11/3911/1
diff --git a/third-party/pjproject/patches/0004-resolver.c-Prevent-SERVFAIL-from-marking-name-server.patch b/third-party/pjproject/patches/0004-resolver.c-Prevent-SERVFAIL-from-marking-name-server.patch
new file mode 100644
index 0000000..55f3d2d
--- /dev/null
+++ b/third-party/pjproject/patches/0004-resolver.c-Prevent-SERVFAIL-from-marking-name-server.patch
@@ -0,0 +1,48 @@
+From a5efddbe9151e9ad99279e59566c86f8bc27d3a9 Mon Sep 17 00:00:00 2001
+From: George Joseph <gjoseph at digium.com>
+Date: Wed, 7 Sep 2016 13:10:57 -0600
+Subject: [PATCH] resolver.c: Prevent SERVFAIL from marking name server bad
+
+A name server that returns "Server Failure" is indicating only that
+the server couldn't process that particular request. We should NOT
+assume that the name server is incapable of serving other requests.
+
+Here's the scenario we've been encountering...
+
+* 2 local name servers configured in resolv.conf.
+* An OPTIONS request causes a request for A and AAAA records to go out
+ to both nameservers.
+* The A responses both come back successfully resolved.
+* Because of an issue at some upstream nameserver, the AAAA responses
+ for that particular query come back as "SERVFAIL" from both local
+ name servers.
+* Both local servers are marked as bad and no further queries can be
+ sent until the 60 second ttl expires. Only previously cached results
+ can be used.
+* In this case, 60 seconds is just enough time for another OPTIONS
+ request to go out to the same host so the cycle repeats.
+
+We could set the bad ttl really low but that also affects REFUSED and
+NOTAUTH which probably DO signal a real server issue. Besides, even
+a really low bad ttl would be an issue on a pbx.
+---
+ pjlib-util/src/pjlib-util/resolver.c | 3 +--
+ 1 file changed, 1 insertion(+), 2 deletions(-)
+
+diff --git a/pjlib-util/src/pjlib-util/resolver.c b/pjlib-util/src/pjlib-util/resolver.c
+index d277e4f..540f88f 100644
+--- a/pjlib-util/src/pjlib-util/resolver.c
++++ b/pjlib-util/src/pjlib-util/resolver.c
+@@ -1384,8 +1384,7 @@ static void report_nameserver_status(pj_dns_resolver *resolver,
+ q_id = (pj_uint32_t)-1;
+ }
+
+- if (!pkt || rcode == PJ_DNS_RCODE_SERVFAIL ||
+- rcode == PJ_DNS_RCODE_REFUSED ||
++ if (!pkt || rcode == PJ_DNS_RCODE_REFUSED ||
+ rcode == PJ_DNS_RCODE_NOTAUTH)
+ {
+ is_good = PJ_FALSE;
+--
+2.7.4
+
--
To view, visit https://gerrit.asterisk.org/3911
To unsubscribe, visit https://gerrit.asterisk.org/settings
Gerrit-MessageType: newchange
Gerrit-Change-Id: Ie03ba902288e274aff23f9b9bb2786e1e8be09e0
Gerrit-PatchSet: 1
Gerrit-Project: asterisk
Gerrit-Branch: 14
Gerrit-Owner: George Joseph <gjoseph at digium.com>
More information about the asterisk-code-review
mailing list