Attachment #876221 for bug #1228256

View | Details | Raw Unified | Return to bug 1228256
Collapse All | Expand All

Lines 233-240 options {\n\ Link Here

(-)a/bin/named/config.c (+2 lines)
233	ixfr-from-differences false;\n\	233	ixfr-from-differences false;\n\
234	max-journal-size default;\n\	234	max-journal-size default;\n\
235	max-records 0;\n\	235	max-records 0;\n\
		236	max-records-per-type 100;\n\
236	max-refresh-time 2419200; /* 4 weeks */\n\	237	max-refresh-time 2419200; /* 4 weeks */\n\
237	max-retry-time 1209600; /* 2 weeks */\n\	238	max-retry-time 1209600; /* 2 weeks */\n\
		239	max-types-per-name 100;\n\
238	max-transfer-idle-in 60;\n\	240	max-transfer-idle-in 60;\n\
239	max-transfer-idle-out 60;\n\	241	max-transfer-idle-out 60;\n\
240	max-transfer-time-in 120;\n\	242	max-transfer-time-in 120;\n\




	dns_resolver_setclientsperquery(view->resolver, cfg_obj_asuint32(obj),
					max_clients_per_query);

	/*
	 * This is used for the cache and also as a default value
	 * for zone databases.
	 */
	obj = NULL;
	result = named_config_get(maps, "max-records-per-type", &obj);
	INSIST(result == ISC_R_SUCCESS);
	dns_view_setmaxrrperset(view, cfg_obj_asuint32(obj));

	/*
	 * This is used for the cache and also as a default value
	 * for zone databases.
	 */
	obj = NULL;
	result = named_config_get(maps, "max-types-per-name", &obj);
	INSIST(result == ISC_R_SUCCESS);
	dns_view_setmaxtypepername(view, cfg_obj_asuint32(obj));

	obj = NULL;
	result = named_config_get(maps, "max-recursion-depth", &obj);
	INSIST(result == ISC_R_SUCCESS);




		dns_zone_setmaxrecords(zone, 0);
	}

	obj = NULL;
	result = named_config_get(maps, "max-records-per-type", &obj);
	INSIST(result == ISC_R_SUCCESS && obj != NULL);
	dns_zone_setmaxrrperset(mayberaw, cfg_obj_asuint32(obj));
	if (zone != mayberaw) {
		dns_zone_setmaxrrperset(zone, 0);
	}

	obj = NULL;
	result = named_config_get(maps, "max-types-per-name", &obj);
	INSIST(result == ISC_R_SUCCESS && obj != NULL);
	dns_zone_setmaxtypepername(mayberaw, cfg_obj_asuint32(obj));
	if (zone != mayberaw) {
		dns_zone_setmaxtypepername(zone, 0);
	}

	if (raw != NULL && filename != NULL) {
#define SIGNED ".signed"
		size_t signedlen = strlen(filename) + sizeof(SIGNED);

Lines 49-54 options { Link Here

(-)a/bin/tests/system/doth/ns2/named.conf.in (+1 lines)
49	ixfr-from-differences yes;	49	ixfr-from-differences yes;
50	check-integrity no;	50	check-integrity no;
51	dnssec-validation yes;	51	dnssec-validation yes;
		52	max-records-per-type 0;
52	transfers-in 100;	53	transfers-in 100;
53	transfers-out 100;	54	transfers-out 100;
54	};	55	};

Lines 44-49 options { Link Here

(-)a/bin/tests/system/doth/ns3/named.conf.in (+1 lines)
44	ixfr-from-differences yes;	44	ixfr-from-differences yes;
45	check-integrity no;	45	check-integrity no;
46	dnssec-validation yes;	46	dnssec-validation yes;
		47	max-records-per-type 0;
47	};	48	};
48		49
49	zone "." {	50	zone "." {

Lines 52-57 options { Link Here

(-)a/bin/tests/system/doth/ns4/named.conf.in (+1 lines)
52	ixfr-from-differences yes;	52	ixfr-from-differences yes;
53	check-integrity no;	53	check-integrity no;
54	dnssec-validation yes;	54	dnssec-validation yes;
		55	max-records-per-type 0;
55	};	56	};
56		57
57	zone "." {	58	zone "." {

Lines 40-45 options { Link Here

(-)a/bin/tests/system/doth/ns5/named.conf.in (+1 lines)
40	ixfr-from-differences yes;	40	ixfr-from-differences yes;
41	check-integrity no;	41	check-integrity no;
42	dnssec-validation yes;	42	dnssec-validation yes;
		43	max-records-per-type 0;
43	};	44	};
44		45
45	zone "." {	46	zone "." {




 * determine which implementation of dns_db_*() function to call.
 */
static dns_dbmethods_t sampledb_methods = {
	attach,
	detach,
	beginload,
	endload,
	dump,
	currentversion,
	newversion,
	attachversion,
	closeversion,
	findnode,
	find,
	findzonecut,
	attachnode,
	detachnode,
	expirenode,
	printnode,
	createiterator,
	findrdataset,
	allrdatasets,
	addrdataset,
	subtractrdataset,
	deleterdataset,
	issecure,
	nodecount,
	ispersistent,
	overmem,
	settask,
	getoriginnode,
	transfernode,
	getnsec3parameters,
	findnsec3node,
	setsigningtime,
	getsigningtime,
	resigned,
	isdnssec,
	getrrsetstats,
	NULL, /* rpz_attach */
	NULL, /* rpz_ready */
	findnodeext,
	findext,
	setcachestats,
	hashsize,
	NULL, /* nodefullname */
	NULL, /* getsize */
	NULL, /* setservestalettl */
	NULL, /* getservestalettl */
	NULL, /* setservestalerefresh */
	NULL, /* getservestalerefresh */
	NULL, /* setgluecachestats */
	NULL, /* setmaxrrperset */
	NULL  /* setmaxtypepername */
};

/* Auxiliary driver functions. */




   This sets the maximum number of records permitted in a zone. The default is
   zero, which means the maximum is unlimited.

.. namedconf:statement:: max-records-per-type
   :tags: server
   :short: Sets the maximum number of records that can be stored in an RRset

   This sets the maximum number of resource records that can be stored
   in an RRset in a database. When configured in :namedconf:ref:`options`
   or :namedconf:ref:`view`, it controls the cache database; it also sets
   the default value for zone databases, which can be overridden by setting
   it at the :namedconf:ref:`zone` level.

   If set to a positive value, any attempt to cache or to add to a zone
   an RRset with more than the specified number of records will result in
   a failure.  If set to 0, there is no cap on RRset size.  The default is
   100.

.. namedconf:statement:: max-types-per-name
   :tags: server
   :short: Sets the maximum number of RR types that can be stored for an owner name

   This sets the maximum number of resource record types that can be stored
   for a single owner name in a database. When configured in :namedconf:ref:`options`
   or :namedconf:ref:`view`, it controls the cache database, and also sets
   the default value for zone databases, which can be overridden by setting
   it at the :namedconf:ref:`zone` level

   If set to a positive value, any attempt to cache or to add to a zone an owner
   name with more than the specified number of resource record types will result
   in a failure.  If set to 0, there is no cap on RR types number.  The default is
   100.

.. namedconf:statement:: recursive-clients
   :tags: query
   :short: Specifies the maximum number of concurrent recursive queries the server can perform.




	max-ixfr-ratio ( unlimited | <percentage> );
	max-journal-size ( default | unlimited | <sizeval> );
	max-records <integer>;
	max-records-per-type <integer>;
	max-refresh-time <integer>;
	max-retry-time <integer>;
	max-transfer-idle-in <integer>;
	max-transfer-idle-out <integer>;
	max-transfer-time-in <integer>;
	max-transfer-time-out <integer>;
	max-types-per-name <integer>;
	min-refresh-time <integer>;
	min-retry-time <integer>;
	multi-master <boolean>;




	max-journal-size ( default | unlimited | <sizeval> );
	max-ncache-ttl <duration>;
	max-records <integer>;
	max-records-per-type <integer>;
	max-recursion-depth <integer>;
	max-recursion-queries <integer>;
	max-refresh-time <integer>;

	max-transfer-idle-out <integer>;
	max-transfer-time-in <integer>;
	max-transfer-time-out <integer>;
	max-types-per-name <integer>;
	max-udp-size <integer>;
	max-zone-ttl ( unlimited | <duration> );
	memstatistics <boolean>;

	max-journal-size ( default | unlimited | <sizeval> );
	max-ncache-ttl <duration>;
	max-records <integer>;
	max-records-per-type <integer>;
	max-recursion-depth <integer>;
	max-recursion-queries <integer>;
	max-refresh-time <integer>;

	max-transfer-idle-out <integer>;
	max-transfer-time-in <integer>;
	max-transfer-time-out <integer>;
	max-types-per-name <integer>;
	max-udp-size <integer>;
	max-zone-ttl ( unlimited | <duration> );
	message-compression <boolean>;

Lines 38-45 zone <string> [ <class> ] { Link Here

(-)a/doc/misc/primary.zoneopt (+2 lines)
38	max-ixfr-ratio ( unlimited \| <percentage> );	38	max-ixfr-ratio ( unlimited \| <percentage> );
39	max-journal-size ( default \| unlimited \| <sizeval> );	39	max-journal-size ( default \| unlimited \| <sizeval> );
40	max-records <integer>;	40	max-records <integer>;
		41	max-records-per-type <integer>;
41	max-transfer-idle-out <integer>;	42	max-transfer-idle-out <integer>;
42	max-transfer-time-out <integer>;	43	max-transfer-time-out <integer>;
		44	max-types-per-name <integer>;
43	max-zone-ttl ( unlimited \| <duration> );	45	max-zone-ttl ( unlimited \| <duration> );
44	notify ( explicit \| master-only \| primary-only \| <boolean> );	46	notify ( explicit \| master-only \| primary-only \| <boolean> );
45	notify-delay <integer>;	47	notify-delay <integer>;

Lines 7-12 zone <string> [ <class> ] { Link Here

(-)a/doc/misc/redirect.zoneopt (+2 lines)
7	masterfile-format ( raw \| text );	7	masterfile-format ( raw \| text );
8	masterfile-style ( full \| relative );	8	masterfile-style ( full \| relative );
9	max-records <integer>;	9	max-records <integer>;
		10	max-records-per-type <integer>;
		11	max-types-per-name <integer>;
10	max-zone-ttl ( unlimited \| <duration> );	12	max-zone-ttl ( unlimited \| <duration> );
11	primaries [ port <integer> ] { ( <remote-servers> \| <ipv4_address> [ port <integer> ] \| <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]; ... };	13	primaries [ port <integer> ] { ( <remote-servers> \| <ipv4_address> [ port <integer> ] \| <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]; ... };
12	zone-statistics ( full \| terse \| none \| <boolean> );	14	zone-statistics ( full \| terse \| none \| <boolean> );




	max-ixfr-ratio ( unlimited | <percentage> );
	max-journal-size ( default | unlimited | <sizeval> );
	max-records <integer>;
	max-records-per-type <integer>;
	max-refresh-time <integer>;
	max-retry-time <integer>;
	max-transfer-idle-in <integer>;
	max-transfer-idle-out <integer>;
	max-transfer-time-in <integer>;
	max-transfer-time-out <integer>;
	max-types-per-name <integer>;
	min-refresh-time <integer>;
	min-retry-time <integer>;
	multi-master <boolean>;

Lines 5-10 zone <string> [ <class> ] { Link Here

(-)a/doc/misc/static-stub.zoneopt (+2 lines)
5	forward ( first \| only );	5	forward ( first \| only );
6	forwarders [ port <integer> ] { ( <ipv4_address> \| <ipv6_address> ) [ port <integer> ]; ... };	6	forwarders [ port <integer> ] { ( <ipv4_address> \| <ipv6_address> ) [ port <integer> ]; ... };
7	max-records <integer>;	7	max-records <integer>;
		8	max-records-per-type <integer>;
		9	max-types-per-name <integer>;
8	server-addresses { ( <ipv4_address> \| <ipv6_address> ); ... };	10	server-addresses { ( <ipv4_address> \| <ipv6_address> ); ... };
9	server-names { <string>; ... };	11	server-names { <string>; ... };
10	zone-statistics ( full \| terse \| none \| <boolean> );	12	zone-statistics ( full \| terse \| none \| <boolean> );




	masterfile-format ( raw | text );
	masterfile-style ( full | relative );
	max-records <integer>;
	max-records-per-type <integer>;
	max-refresh-time <integer>;
	max-retry-time <integer>;
	max-transfer-idle-in <integer>;
	max-transfer-time-in <integer>;
	max-types-per-name <integer>;
	min-refresh-time <integer>;
	min-retry-time <integer>;
	multi-master <boolean>;

Lines 145-150 struct dns_cache { Link Here

(-)a/lib/dns/cache.c (+24 lines)
145	dns_ttl_t serve_stale_ttl;	145	dns_ttl_t serve_stale_ttl;
146	dns_ttl_t serve_stale_refresh;	146	dns_ttl_t serve_stale_refresh;
147	isc_stats_t *stats;	147	isc_stats_t *stats;
		148	uint32_t maxrrperset;
		149	uint32_t maxtypepername;
148	};	150	};
149		151
150	/***	152	/***
Lines 182-187 cache_create_db(dns_cache_t cache, dns_db_t *db) { Link Here
182		184
183	dns_db_setservestalettl(*db, cache->serve_stale_ttl);	185	dns_db_setservestalettl(*db, cache->serve_stale_ttl);
184	dns_db_setservestalerefresh(*db, cache->serve_stale_refresh);	186	dns_db_setservestalerefresh(*db, cache->serve_stale_refresh);
		187	dns_db_setmaxrrperset(*db, cache->maxrrperset);
		188	dns_db_setmaxtypepername(*db, cache->maxtypepername);
185		189
186	if (cache->taskmgr == NULL) {	190	if (cache->taskmgr == NULL) {
187	return (ISC_R_SUCCESS);	191	return (ISC_R_SUCCESS);
Lines 1229-1234 dns_cache_updatestats(dns_cache_t *cache, isc_result_t result) { Link Here
1229	}	1233	}
1230	}	1234	}
1231		1235
		1236	void
		1237	dns_cache_setmaxrrperset(dns_cache_t *cache, uint32_t value) {
		1238	REQUIRE(VALID_CACHE(cache));
		1239
		1240	cache->maxrrperset = value;
		1241	if (cache->db != NULL) {
		1242	dns_db_setmaxrrperset(cache->db, value);
		1243	}
		1244	}
		1245
		1246	void
		1247	dns_cache_setmaxtypepername(dns_cache_t *cache, uint32_t value) {
		1248	REQUIRE(VALID_CACHE(cache));
		1249
		1250	cache->maxtypepername = value;
		1251	if (cache->db != NULL) {
		1252	dns_db_setmaxtypepername(cache->db, value);
		1253	}
		1254	}
		1255
1232	/*	1256	/*
1233	* XXX: Much of the following code has been copied in from statschannel.c.	1257	* XXX: Much of the following code has been copied in from statschannel.c.
1234	* We should refactor this into a generic function in stats.c that can be	1258	* We should refactor this into a generic function in stats.c that can be





	return (ISC_R_NOTIMPLEMENTED);
}

void
dns_db_setmaxrrperset(dns_db_t *db, uint32_t value) {
	REQUIRE(DNS_DB_VALID(db));

	if (db->methods->setmaxrrperset != NULL) {
		(db->methods->setmaxrrperset)(db, value);
	}
}

void
dns_db_setmaxtypepername(dns_db_t *db, uint32_t value) {
	REQUIRE(DNS_DB_VALID(db));

	if (db->methods->setmaxtypepername != NULL) {
		(db->methods->setmaxtypepername)(db, value);
	}
}

Lines 975-980 static dns_dbmethods_t rpsdb_db_methods = { Link Here

(-)a/lib/dns/dnsrps.c (+2 lines)
975	NULL, /* setservestalerefresh */	975	NULL, /* setservestalerefresh */
976	NULL, /* getservestalerefresh */	976	NULL, /* getservestalerefresh */
977	NULL, /* setgluecachestats */	977	NULL, /* setgluecachestats */
		978	NULL, /* setmaxrrperset */
		979	NULL /* setmaxtypepername */
978	};	980	};
979		981
980	static dns_rdatasetmethods_t rpsdb_rdataset_methods = {	982	static dns_rdatasetmethods_t rpsdb_rdataset_methods = {




 * Update cache statistics based on result code in 'result'
 */

void
dns_cache_setmaxrrperset(dns_cache_t *cache, uint32_t value);
/*%<
 * Set the maximum resource records per RRSet that can be cached.
 */

void
dns_cache_setmaxtypepername(dns_cache_t *cache, uint32_t value);
/*%<
 * Set the maximum resource record types per owner name that can be cached.
 */

#ifdef HAVE_LIBXML2
int
dns_cache_renderxml(dns_cache_t *cache, void *writer0);

Lines 185-190 typedef struct dns_dbmethods { Link Here

(-)a/lib/dns/include/dns/db.h (+19 lines)
185	isc_result_t (setservestalerefresh)(dns_db_t db, uint32_t interval);	185	isc_result_t (setservestalerefresh)(dns_db_t db, uint32_t interval);
186	isc_result_t (getservestalerefresh)(dns_db_t db, uint32_t *interval);	186	isc_result_t (getservestalerefresh)(dns_db_t db, uint32_t *interval);
187	isc_result_t (setgluecachestats)(dns_db_t db, isc_stats_t *stats);	187	isc_result_t (setgluecachestats)(dns_db_t db, isc_stats_t *stats);
		188	void (setmaxrrperset)(dns_db_t db, uint32_t value);
		189	void (setmaxtypepername)(dns_db_t db, uint32_t value);
188	} dns_dbmethods_t;	190	} dns_dbmethods_t;
189		191
190	typedef isc_result_t (dns_dbcreatefunc_t)(isc_mem_t mctx,	192	typedef isc_result_t (dns_dbcreatefunc_t)(isc_mem_t mctx,
Lines 1759-1762 dns_db_setgluecachestats(dns_db_t db, isc_stats_t stats); Link Here
1759	* dns_rdatasetstats_create(); otherwise NULL.	1761	* dns_rdatasetstats_create(); otherwise NULL.
1760	*/	1762	*/
1761		1763
		1764	void
		1765	dns_db_setmaxrrperset(dns_db_t *db, uint32_t value);
		1766	/*%<
		1767	* Set the maximum permissible number of RRs per RRset. If 'value'
		1768	* is nonzero, then any subsequent attempt to add an rdataset with
		1769	* more than 'value' RRs will return ISC_R_NOSPACE.
		1770	*/
		1771
		1772	void
		1773	dns_db_setmaxtypepername(dns_db_t *db, uint32_t value);
		1774	/*%<
		1775	* Set the maximum permissible number of RR types per owner name.
		1776	*
		1777	* If 'value' is nonzero, then any subsequent attempt to add an rdataset with a
		1778	* RR type that would exceed the number of already stored RR types will return
		1779	* ISC_R_NOSPACE.
		1780	*/
1762	ISC_LANG_ENDDECLS	1781	ISC_LANG_ENDDECLS





isc_result_t
dns_rdataslab_fromrdataset(dns_rdataset_t *rdataset, isc_mem_t *mctx,
			   isc_region_t *region, unsigned int reservelen,
			   uint32_t limit);
/*%<
 * Slabify a rdataset.  The slab area will be allocated and returned
 * in 'region'.

dns_rdataslab_merge(unsigned char *oslab, unsigned char *nslab,
		    unsigned int reservelen, isc_mem_t *mctx,
		    dns_rdataclass_t rdclass, dns_rdatatype_t type,
		    unsigned int flags, uint32_t maxrrperset,
		    unsigned char **tslabp);
/*%<
 * Merge 'oslab' and 'nslab'.
 */

Lines 191-196 struct dns_view { Link Here

(-)a/lib/dns/include/dns/view.h (+14 lines)
191	dns_dlzdblist_t dlz_unsearched;	191	dns_dlzdblist_t dlz_unsearched;
192	uint32_t fail_ttl;	192	uint32_t fail_ttl;
193	dns_badcache_t *failcache;	193	dns_badcache_t *failcache;
		194	uint32_t maxrrperset;
		195	uint32_t maxtypepername;
194		196
195	/*	197	/*
196	* Configurable data for server use only,	198	* Configurable data for server use only,
Lines 1413-1416 dns_view_sfd_find(dns_view_t view, const dns_name_t name, Link Here
1413	*\li 'foundname' to be valid with a buffer sufficient to hold the name.	1415	*\li 'foundname' to be valid with a buffer sufficient to hold the name.
1414	*/	1416	*/
1415		1417
		1418	void
		1419	dns_view_setmaxrrperset(dns_view_t *view, uint32_t value);
		1420	/*%<
		1421	* Set the maximum resource records per RRSet that can be cached.
		1422	*/
		1423
		1424	void
		1425	dns_view_setmaxtypepername(dns_view_t *view, uint32_t value);
		1426	/*%<
		1427	* Set the maximum resource record types per owner name that can be cached.
		1428	*/
		1429
1416	ISC_LANG_ENDDECLS	1430	ISC_LANG_ENDDECLS

Lines 165-170 dns_zone_create(dns_zone_t *zonep, isc_mem_t mctx); Link Here

(-)a/lib/dns/include/dns/zone.h (+39 lines)
165	*\li #ISC_R_UNEXPECTED	165	*\li #ISC_R_UNEXPECTED
166	*/	166	*/
167		167
		168	isc_result_t
		169	dns_zone_makedb(dns_zone_t zone, dns_db_t *dbp);
		170	/*%<
		171	* Creates a new empty database for the 'zone'.
		172	*
		173	* Requires:
		174	*\li 'zone' to be a valid zone.
		175	*\li 'dbp' to point to NULL pointer.
		176	*
		177	* Returns:
		178	*\li dns_db_create() error codes.
		179	*/
		180
168	void	181	void
169	dns_zone_setclass(dns_zone_t *zone, dns_rdataclass_t rdclass);	182	dns_zone_setclass(dns_zone_t *zone, dns_rdataclass_t rdclass);
170	/*%<	183	/*%<
Lines 350-355 dns_zone_getmaxrecords(dns_zone_t *zone); Link Here
350	*\li uint32_t maxrecords.	363	*\li uint32_t maxrecords.
351	*/	364	*/
352		365
		366	void
		367	dns_zone_setmaxrrperset(dns_zone_t *zone, uint32_t maxrrperset);
		368	/*%<
		369	* Sets the maximum number of records per rrset permitted in a zone.
		370	* 0 implies unlimited.
		371	*
		372	* Requires:
		373	*\li 'zone' to be valid initialised zone.
		374	*
		375	* Returns:
		376	*\li void
		377	*/
		378
		379	void
		380	dns_zone_setmaxtypepername(dns_zone_t *zone, uint32_t maxtypepername);
		381	/*%<
		382	* Sets the maximum number of resource record types per owner name
		383	* permitted in a zone. 0 implies unlimited.
		384	*
		385	* Requires:
		386	*\li 'zone' to be valid initialised zone.
		387	*
		388	* Returns:
		389	*\li void
		390	*/
		391
353	void	392	void
354	dns_zone_setmaxttl(dns_zone_t *zone, uint32_t maxttl);	393	dns_zone_setmaxttl(dns_zone_t *zone, uint32_t maxttl);
355	/*%<	394	/*%<

Lines 462-467 struct dns_rbtdb { Link Here

(-)a/lib/dns/rbtdb.c (-17 / +121 lines)
462	rbtdb_serial_t current_serial;	462	rbtdb_serial_t current_serial;
463	rbtdb_serial_t least_serial;	463	rbtdb_serial_t least_serial;
464	rbtdb_serial_t next_serial;	464	rbtdb_serial_t next_serial;
		465	uint32_t maxrrperset;
		466	uint32_t maxtypepername;
465	rbtdb_version_t *current_version;	467	rbtdb_version_t *current_version;
466	rbtdb_version_t *future_version;	468	rbtdb_version_t *future_version;
467	rbtdb_versionlist_t open_versions;	469	rbtdb_versionlist_t open_versions;
Lines 929-934 prio_type(rbtdb_rdatatype_t type) { Link Here
929	case RBTDB_RDATATYPE_VALUE(dns_rdatatype_rrsig, dns_rdatatype_soa):	931	case RBTDB_RDATATYPE_VALUE(dns_rdatatype_rrsig, dns_rdatatype_soa):
930	case dns_rdatatype_a:	932	case dns_rdatatype_a:
931	case RBTDB_RDATATYPE_VALUE(dns_rdatatype_rrsig, dns_rdatatype_a):	933	case RBTDB_RDATATYPE_VALUE(dns_rdatatype_rrsig, dns_rdatatype_a):
		934	case dns_rdatatype_mx:
		935	case RBTDB_RDATATYPE_VALUE(dns_rdatatype_rrsig, dns_rdatatype_mx):
932	case dns_rdatatype_aaaa:	936	case dns_rdatatype_aaaa:
933	case RBTDB_RDATATYPE_VALUE(dns_rdatatype_rrsig, dns_rdatatype_aaaa):	937	case RBTDB_RDATATYPE_VALUE(dns_rdatatype_rrsig, dns_rdatatype_aaaa):
934	case dns_rdatatype_nsec:	938	case dns_rdatatype_nsec:
Lines 941-946 prio_type(rbtdb_rdatatype_t type) { Link Here
941	case RBTDB_RDATATYPE_VALUE(dns_rdatatype_rrsig, dns_rdatatype_ds):	945	case RBTDB_RDATATYPE_VALUE(dns_rdatatype_rrsig, dns_rdatatype_ds):
942	case dns_rdatatype_cname:	946	case dns_rdatatype_cname:
943	case RBTDB_RDATATYPE_VALUE(dns_rdatatype_rrsig, dns_rdatatype_cname):	947	case RBTDB_RDATATYPE_VALUE(dns_rdatatype_rrsig, dns_rdatatype_cname):
		948	case dns_rdatatype_dname:
		949	case RBTDB_RDATATYPE_VALUE(dns_rdatatype_rrsig, dns_rdatatype_dname):
		950	case dns_rdatatype_svcb:
		951	case RBTDB_RDATATYPE_VALUE(dns_rdatatype_rrsig, dns_rdatatype_svcb):
		952	case dns_rdatatype_https:
		953	case RBTDB_RDATATYPE_VALUE(dns_rdatatype_rrsig, dns_rdatatype_https):
		954	case dns_rdatatype_dnskey:
		955	case RBTDB_RDATATYPE_VALUE(dns_rdatatype_rrsig, dns_rdatatype_dnskey):
		956	case dns_rdatatype_srv:
		957	case RBTDB_RDATATYPE_VALUE(dns_rdatatype_rrsig, dns_rdatatype_srv):
		958	case dns_rdatatype_txt:
		959	case RBTDB_RDATATYPE_VALUE(dns_rdatatype_rrsig, dns_rdatatype_txt):
		960	case dns_rdatatype_ptr:
		961	case RBTDB_RDATATYPE_VALUE(dns_rdatatype_rrsig, dns_rdatatype_ptr):
		962	case dns_rdatatype_naptr:
		963	case RBTDB_RDATATYPE_VALUE(dns_rdatatype_rrsig, dns_rdatatype_naptr):
944	return (true);	964	return (true);
945	}	965	}
946	return (false);	966	return (false);
Lines 6238-6243 update_recordsandxfrsize(bool add, rbtdb_version_t *rbtversion, Link Here
6238	RWUNLOCK(&rbtversion->rwlock, isc_rwlocktype_write);	6258	RWUNLOCK(&rbtversion->rwlock, isc_rwlocktype_write);
6239	}	6259	}
6240		6260
		6261	static bool
		6262	overmaxtype(dns_rbtdb_t *rbtdb, uint32_t ntypes) {
		6263	if (rbtdb->maxtypepername == 0) {
		6264	return (false);
		6265	}
		6266
		6267	return (ntypes >= rbtdb->maxtypepername);
		6268	}
		6269
		6270	static bool
		6271	prio_header(rdatasetheader_t *header) {
		6272	if (NEGATIVE(header) && prio_type(RBTDB_RDATATYPE_EXT(header->type))) {
		6273	return (true);
		6274	}
		6275
		6276	return (prio_type(header->type));
		6277	}
		6278
6241	/*	6279	/*
6242	* write lock on rbtnode must be held.	6280	* write lock on rbtnode must be held.
6243	*/	6281	*/
Lines 6249-6255 add32(dns_rbtdb_t rbtdb, dns_rbtnode_t rbtnode, const dns_name_t *nodename, Link Here
6249	rbtdb_changed_t *changed = NULL;	6287	rbtdb_changed_t *changed = NULL;
6250	rdatasetheader_t topheader = NULL, topheader_prev = NULL;	6288	rdatasetheader_t topheader = NULL, topheader_prev = NULL;
6251	rdatasetheader_t header = NULL, sigheader = NULL;	6289	rdatasetheader_t header = NULL, sigheader = NULL;
6252	rdatasetheader_t *prioheader = NULL;	6290	rdatasetheader_t prioheader = NULL, expireheader = NULL;
6253	unsigned char *merged = NULL;	6291	unsigned char *merged = NULL;
6254	isc_result_t result;	6292	isc_result_t result;
6255	bool header_nx;	6293	bool header_nx;
Lines 6259-6264 add32(dns_rbtdb_t rbtdb, dns_rbtnode_t rbtnode, const dns_name_t *nodename, Link Here
6259	rbtdb_rdatatype_t negtype, sigtype;	6297	rbtdb_rdatatype_t negtype, sigtype;
6260	dns_trust_t trust;	6298	dns_trust_t trust;
6261	int idx;	6299	int idx;
		6300	uint32_t ntypes = 0;
6262		6301
6263	/*	6302	/*
6264	* Add an rdatasetheader_t to a node.	6303	* Add an rdatasetheader_t to a node.
Lines 6334-6339 add32(dns_rbtdb_t rbtdb, dns_rbtnode_t rbtnode, const dns_name_t *nodename, Link Here
6334	{	6373	{
6335	if (topheader->type == sigtype) {	6374	if (topheader->type == sigtype) {
6336	sigheader = topheader;	6375	sigheader = topheader;
		6376	break;
6337	}	6377	}
6338	}	6378	}
6339	negtype = RBTDB_RDATATYPE_VALUE(covers, 0);	6379	negtype = RBTDB_RDATATYPE_VALUE(covers, 0);
Lines 6396-6402 add32(dns_rbtdb_t rbtdb, dns_rbtnode_t rbtnode, const dns_name_t *nodename, Link Here
6396	for (topheader = rbtnode->data; topheader != NULL;	6436	for (topheader = rbtnode->data; topheader != NULL;
6397	topheader = topheader->next)	6437	topheader = topheader->next)
6398	{	6438	{
6399	if (prio_type(topheader->type)) {	6439	if (IS_CACHE(rbtdb) && ACTIVE(topheader, now)) {
		6440	++ntypes;
		6441	expireheader = topheader;
		6442	} else if (!IS_CACHE(rbtdb)) {
		6443	++ntypes;
		6444	}
		6445	if (prio_header(topheader)) {
6400	prioheader = topheader;	6446	prioheader = topheader;
6401	}	6447	}
6402	if (topheader->type == newheader->type \|\|	6448	if (topheader->type == newheader->type \|\|
Lines 6486-6492 find_header: Link Here
6486	rbtdb->common.mctx,	6532	rbtdb->common.mctx,
6487	rbtdb->common.rdclass,	6533	rbtdb->common.rdclass,
6488	(dns_rdatatype_t)header->type, flags,	6534	(dns_rdatatype_t)header->type, flags,
6489	&merged);	6535	rbtdb->maxrrperset, &merged);
6490	}	6536	}
6491	if (result == ISC_R_SUCCESS) {	6537	if (result == ISC_R_SUCCESS) {
6492	/*	6538	/*
Lines 6765-6773 find_header: Link Here
6765	/*	6811	/*
6766	* No rdatasets of the given type exist at the node.	6812	* No rdatasets of the given type exist at the node.
6767	*/	6813	*/
		6814	if (!IS_CACHE(rbtdb) && overmaxtype(rbtdb, ntypes)) {
		6815	free_rdataset(rbtdb, rbtdb->common.mctx,
		6816	newheader);
		6817	return (DNS_R_TOOMANYRECORDS);
		6818	}
		6819
6768	newheader->down = NULL;	6820	newheader->down = NULL;
6769		6821
6770	if (prio_type(newheader->type)) {	6822	if (prio_header(newheader)) {
6771	/* This is a priority type, prepend it */	6823	/* This is a priority type, prepend it */
6772	newheader->next = rbtnode->data;	6824	newheader->next = rbtnode->data;
6773	rbtnode->data = newheader;	6825	rbtnode->data = newheader;
Lines 6780-6785 find_header: Link Here
6780	newheader->next = rbtnode->data;	6832	newheader->next = rbtnode->data;
6781	rbtnode->data = newheader;	6833	rbtnode->data = newheader;
6782	}	6834	}
		6835
		6836	if (IS_CACHE(rbtdb) && overmaxtype(rbtdb, ntypes)) {
		6837	if (expireheader == NULL) {
		6838	expireheader = newheader;
		6839	}
		6840	if (NEGATIVE(newheader) &&
		6841	!prio_header(newheader))
		6842	{
		6843	/*
		6844	* Add the new non-priority negative
		6845	* header to the database only
		6846	* temporarily.
		6847	*/
		6848	expireheader = newheader;
		6849	}
		6850
		6851	set_ttl(rbtdb, expireheader, 0);
		6852	mark_header_ancient(rbtdb, expireheader);
		6853	/*
		6854	* FIXME: In theory, we should mark the RRSIG
		6855	* and the header at the same time, but there is
		6856	* no direct link between those two header, so
		6857	* we would have to check the whole list again.
		6858	*/
		6859	}
6783	}	6860	}
6784	}	6861	}
6785		6862
Lines 6825-6831 delegating_type(dns_rbtdb_t rbtdb, dns_rbtnode_t node, Link Here
6825		6902
6826	static isc_result_t	6903	static isc_result_t
6827	addnoqname(dns_rbtdb_t rbtdb, rdatasetheader_t newheader,	6904	addnoqname(dns_rbtdb_t rbtdb, rdatasetheader_t newheader,
6828	dns_rdataset_t *rdataset) {	6905	uint32_t maxrrperset, dns_rdataset_t *rdataset) {
6829	struct noqname *noqname;	6906	struct noqname *noqname;
6830	isc_mem_t *mctx = rbtdb->common.mctx;	6907	isc_mem_t *mctx = rbtdb->common.mctx;
6831	dns_name_t name;	6908	dns_name_t name;
Lines 6846-6857 addnoqname(dns_rbtdb_t rbtdb, rdatasetheader_t newheader, Link Here
6846	noqname->negsig = NULL;	6923	noqname->negsig = NULL;
6847	noqname->type = neg.type;	6924	noqname->type = neg.type;
6848	dns_name_dup(&name, mctx, &noqname->name);	6925	dns_name_dup(&name, mctx, &noqname->name);
6849	result = dns_rdataslab_fromrdataset(&neg, mctx, &r, 0);	6926	result = dns_rdataslab_fromrdataset(&neg, mctx, &r, 0, maxrrperset);
6850	if (result != ISC_R_SUCCESS) {	6927	if (result != ISC_R_SUCCESS) {
6851	goto cleanup;	6928	goto cleanup;
6852	}	6929	}
6853	noqname->neg = r.base;	6930	noqname->neg = r.base;
6854	result = dns_rdataslab_fromrdataset(&negsig, mctx, &r, 0);	6931	result = dns_rdataslab_fromrdataset(&negsig, mctx, &r, 0, maxrrperset);
6855	if (result != ISC_R_SUCCESS) {	6932	if (result != ISC_R_SUCCESS) {
6856	goto cleanup;	6933	goto cleanup;
6857	}	6934	}
Lines 6870-6876 cleanup: Link Here
6870		6947
6871	static isc_result_t	6948	static isc_result_t
6872	addclosest(dns_rbtdb_t rbtdb, rdatasetheader_t newheader,	6949	addclosest(dns_rbtdb_t rbtdb, rdatasetheader_t newheader,
6873	dns_rdataset_t *rdataset) {	6950	uint32_t maxrrperset, dns_rdataset_t *rdataset) {
6874	struct noqname *closest;	6951	struct noqname *closest;
6875	isc_mem_t *mctx = rbtdb->common.mctx;	6952	isc_mem_t *mctx = rbtdb->common.mctx;
6876	dns_name_t name;	6953	dns_name_t name;
Lines 6891-6902 addclosest(dns_rbtdb_t rbtdb, rdatasetheader_t newheader, Link Here
6891	closest->negsig = NULL;	6968	closest->negsig = NULL;
6892	closest->type = neg.type;	6969	closest->type = neg.type;
6893	dns_name_dup(&name, mctx, &closest->name);	6970	dns_name_dup(&name, mctx, &closest->name);
6894	result = dns_rdataslab_fromrdataset(&neg, mctx, &r, 0);	6971	result = dns_rdataslab_fromrdataset(&neg, mctx, &r, 0, maxrrperset);
6895	if (result != ISC_R_SUCCESS) {	6972	if (result != ISC_R_SUCCESS) {
6896	goto cleanup;	6973	goto cleanup;
6897	}	6974	}
6898	closest->neg = r.base;	6975	closest->neg = r.base;
6899	result = dns_rdataslab_fromrdataset(&negsig, mctx, &r, 0);	6976	result = dns_rdataslab_fromrdataset(&negsig, mctx, &r, 0, maxrrperset);
6900	if (result != ISC_R_SUCCESS) {	6977	if (result != ISC_R_SUCCESS) {
6901	goto cleanup;	6978	goto cleanup;
6902	}	6979	}
Lines 6977-6983 addrdataset(dns_db_t db, dns_dbnode_t node, dns_dbversion_t *version, Link Here
6977	}	7054	}
6978		7055
6979	result = dns_rdataslab_fromrdataset(rdataset, rbtdb->common.mctx,	7056	result = dns_rdataslab_fromrdataset(rdataset, rbtdb->common.mctx,
6980	&region, sizeof(rdatasetheader_t));	7057	&region, sizeof(rdatasetheader_t),
		7058	rbtdb->maxrrperset);
6981	if (result != ISC_R_SUCCESS) {	7059	if (result != ISC_R_SUCCESS) {
6982	return (result);	7060	return (result);
6983	}	7061	}
Lines 7035-7041 addrdataset(dns_db_t db, dns_dbnode_t node, dns_dbversion_t *version, Link Here
7035	RDATASET_ATTR_SET(newheader, RDATASET_ATTR_OPTOUT);	7113	RDATASET_ATTR_SET(newheader, RDATASET_ATTR_OPTOUT);
7036	}	7114	}
7037	if ((rdataset->attributes & DNS_RDATASETATTR_NOQNAME) != 0) {	7115	if ((rdataset->attributes & DNS_RDATASETATTR_NOQNAME) != 0) {
7038	result = addnoqname(rbtdb, newheader, rdataset);	7116	result = addnoqname(rbtdb, newheader,
		7117	rbtdb->maxrrperset, rdataset);
7039	if (result != ISC_R_SUCCESS) {	7118	if (result != ISC_R_SUCCESS) {
7040	free_rdataset(rbtdb, rbtdb->common.mctx,	7119	free_rdataset(rbtdb, rbtdb->common.mctx,
7041	newheader);	7120	newheader);
Lines 7043-7049 addrdataset(dns_db_t db, dns_dbnode_t node, dns_dbversion_t *version, Link Here
7043	}	7122	}
7044	}	7123	}
7045	if ((rdataset->attributes & DNS_RDATASETATTR_CLOSEST) != 0) {	7124	if ((rdataset->attributes & DNS_RDATASETATTR_CLOSEST) != 0) {
7046	result = addclosest(rbtdb, newheader, rdataset);	7125	result = addclosest(rbtdb, newheader,
		7126	rbtdb->maxrrperset, rdataset);
7047	if (result != ISC_R_SUCCESS) {	7127	if (result != ISC_R_SUCCESS) {
7048	free_rdataset(rbtdb, rbtdb->common.mctx,	7128	free_rdataset(rbtdb, rbtdb->common.mctx,
7049	newheader);	7129	newheader);
Lines 7188-7194 subtractrdataset(dns_db_t db, dns_dbnode_t node, dns_dbversion_t *version, Link Here
7188	nodefullname(db, node, nodename);	7268	nodefullname(db, node, nodename);
7189		7269
7190	result = dns_rdataslab_fromrdataset(rdataset, rbtdb->common.mctx,	7270	result = dns_rdataslab_fromrdataset(rdataset, rbtdb->common.mctx,
7191	&region, sizeof(rdatasetheader_t));	7271	&region, sizeof(rdatasetheader_t),
		7272	0);
7192	if (result != ISC_R_SUCCESS) {	7273	if (result != ISC_R_SUCCESS) {
7193	return (result);	7274	return (result);
7194	}	7275	}
Lines 7570-7576 loading_addrdataset(void arg, const dns_name_t name, Link Here
7570	}	7651	}
7571		7652
7572	result = dns_rdataslab_fromrdataset(rdataset, rbtdb->common.mctx,	7653	result = dns_rdataslab_fromrdataset(rdataset, rbtdb->common.mctx,
7573	&region, sizeof(rdatasetheader_t));	7654	&region, sizeof(rdatasetheader_t),
		7655	rbtdb->maxrrperset);
7574	if (result != ISC_R_SUCCESS) {	7656	if (result != ISC_R_SUCCESS) {
7575	return (result);	7657	return (result);
7576	}	7658	}
Lines 8112-8117 setgluecachestats(dns_db_t db, isc_stats_t stats) { Link Here
8112	return (ISC_R_SUCCESS);	8194	return (ISC_R_SUCCESS);
8113	}	8195	}
8114		8196
		8197	static void
		8198	setmaxrrperset(dns_db_t *db, uint32_t maxrrperset) {
		8199	dns_rbtdb_t rbtdb = (dns_rbtdb_t )db;
		8200
		8201	REQUIRE(VALID_RBTDB(rbtdb));
		8202
		8203	rbtdb->maxrrperset = maxrrperset;
		8204	}
		8205
		8206	static void
		8207	setmaxtypepername(dns_db_t *db, uint32_t maxtypepername) {
		8208	dns_rbtdb_t rbtdb = (dns_rbtdb_t )db;
		8209
		8210	REQUIRE(VALID_RBTDB(rbtdb));
		8211
		8212	rbtdb->maxtypepername = maxtypepername;
		8213	}
		8214
8115	static dns_stats_t *	8215	static dns_stats_t *
8116	getrrsetstats(dns_db_t *db) {	8216	getrrsetstats(dns_db_t *db) {
8117	dns_rbtdb_t rbtdb = (dns_rbtdb_t )db;	8217	dns_rbtdb_t rbtdb = (dns_rbtdb_t )db;
Lines 8233-8239 static dns_dbmethods_t zone_methods = { attach, Link Here
8233	NULL, /* getservestalettl */	8333	NULL, /* getservestalettl */
8234	NULL, /* setservestalerefresh */	8334	NULL, /* setservestalerefresh */
8235	NULL, /* getservestalerefresh */	8335	NULL, /* getservestalerefresh */
8236	setgluecachestats };	8336	setgluecachestats,
		8337	setmaxrrperset,
		8338	setmaxtypepername };
8237		8339
8238	static dns_dbmethods_t cache_methods = { attach,	8340	static dns_dbmethods_t cache_methods = { attach,
8239	detach,	8341	detach,
Lines 8283-8289 static dns_dbmethods_t cache_methods = { attach, Link Here
8283	getservestalettl,	8385	getservestalettl,
8284	setservestalerefresh,	8386	setservestalerefresh,
8285	getservestalerefresh,	8387	getservestalerefresh,
8286	NULL };	8388	NULL,
		8389	setmaxrrperset,
		8390	setmaxtypepername };
8287		8391
8288	isc_result_t	8392	isc_result_t
8289	dns_rbtdb_create(isc_mem_t mctx, const dns_name_t origin, dns_dbtype_t type,	8393	dns_rbtdb_create(isc_mem_t mctx, const dns_name_t origin, dns_dbtype_t type,

Lines 114-120 fillin_offsets(unsigned char offsetbase, unsigned int offsettable, Link Here

(-)a/lib/dns/rdataslab.c (-2 / +12 lines)
114		114
115	isc_result_t	115	isc_result_t
116	dns_rdataslab_fromrdataset(dns_rdataset_t rdataset, isc_mem_t mctx,	116	dns_rdataslab_fromrdataset(dns_rdataset_t rdataset, isc_mem_t mctx,
117	isc_region_t *region, unsigned int reservelen) {	117	isc_region_t *region, unsigned int reservelen,
		118	uint32_t maxrrperset) {
118	/*	119	/*
119	* Use &removed as a sentinel pointer for duplicate	120	* Use &removed as a sentinel pointer for duplicate
120	* rdata as rdata.data == NULL is valid.	121	* rdata as rdata.data == NULL is valid.
Lines 156-161 dns_rdataslab_fromrdataset(dns_rdataset_t rdataset, isc_mem_t mctx, Link Here
156	return (ISC_R_SUCCESS);	157	return (ISC_R_SUCCESS);
157	}	158	}
158		159
		160	if (maxrrperset > 0 && nitems > maxrrperset) {
		161	return (DNS_R_TOOMANYRECORDS);
		162	}
		163
159	if (nitems > 0xffff) {	164	if (nitems > 0xffff) {
160	return (ISC_R_NOSPACE);	165	return (ISC_R_NOSPACE);
161	}	166	}
Lines 484-490 isc_result_t Link Here
484	dns_rdataslab_merge(unsigned char oslab, unsigned char nslab,	489	dns_rdataslab_merge(unsigned char oslab, unsigned char nslab,
485	unsigned int reservelen, isc_mem_t *mctx,	490	unsigned int reservelen, isc_mem_t *mctx,
486	dns_rdataclass_t rdclass, dns_rdatatype_t type,	491	dns_rdataclass_t rdclass, dns_rdatatype_t type,
487	unsigned int flags, unsigned char **tslabp) {	492	unsigned int flags, uint32_t maxrrperset,
		493	unsigned char **tslabp) {
488	unsigned char ocurrent, ostart, ncurrent, tstart, tcurrent, data;	494	unsigned char ocurrent, ostart, ncurrent, tstart, tcurrent, data;
489	unsigned int ocount, ncount, count, olength, tlength, tcount, length;	495	unsigned int ocount, ncount, count, olength, tlength, tcount, length;
490	dns_rdata_t ordata = DNS_RDATA_INIT;	496	dns_rdata_t ordata = DNS_RDATA_INIT;
Lines 524-529 dns_rdataslab_merge(unsigned char oslab, unsigned char nslab, Link Here
524	#endif /* if DNS_RDATASET_FIXED */	530	#endif /* if DNS_RDATASET_FIXED */
525	INSIST(ocount > 0 && ncount > 0);	531	INSIST(ocount > 0 && ncount > 0);
526		532
		533	if (maxrrperset > 0 && ocount + ncount > maxrrperset) {
		534	return (DNS_R_TOOMANYRECORDS);
		535	}
		536
527	#if DNS_RDATASET_FIXED	537	#if DNS_RDATASET_FIXED
528	oncount = ncount;	538	oncount = ncount;
529	#endif /* if DNS_RDATASET_FIXED */	539	#endif /* if DNS_RDATASET_FIXED */




}

static dns_dbmethods_t sdb_methods = {
	attach,
	detach,
	beginload,
	endload,
	dump,
	currentversion,
	newversion,
	attachversion,
	closeversion,
	NULL, /* findnode */
	NULL, /* find */
	findzonecut,
	attachnode,
	detachnode,
	expirenode,
	printnode,
	createiterator,
	findrdataset,
	allrdatasets,
	addrdataset,
	subtractrdataset,
	deleterdataset,
	issecure,
	nodecount,
	ispersistent,
	overmem,
	settask,
	getoriginnode, /* getoriginnode */
	NULL,	       /* transfernode */
	NULL,	       /* getnsec3parameters */

	NULL,	       /* getrrsetstats */
	NULL,	       /* rpz_attach */
	NULL,	       /* rpz_ready */
	findnodeext,
	findext,
	NULL, /* setcachestats */
	NULL, /* hashsize */
	NULL, /* nodefullname */

	NULL, /* setservestalerefresh */
	NULL, /* getservestalerefresh */
	NULL, /* setgluecachestats */
	NULL, /* setmaxrrperset */
	NULL  /* setmaxtypepername */
};

static isc_result_t




}

static dns_dbmethods_t sdlzdb_methods = {
	attach,
	detach,
	beginload,
	endload,
	dump,
	currentversion,
	newversion,
	attachversion,
	closeversion,
	findnode,
	find,
	findzonecut,
	attachnode,
	detachnode,
	expirenode,
	printnode,
	createiterator,
	findrdataset,
	allrdatasets,
	addrdataset,
	subtractrdataset,
	deleterdataset,
	issecure,
	nodecount,
	ispersistent,
	overmem,
	settask,
	getoriginnode,
	NULL, /* transfernode */
	NULL, /* getnsec3parameters */
	NULL, /* findnsec3node */
	NULL, /* setsigningtime */
	NULL, /* getsigningtime */
	NULL, /* resigned */
	NULL, /* isdnssec */
	NULL, /* getrrsetstats */
	NULL, /* rpz_attach */
	NULL, /* rpz_ready */
	findnodeext,
	findext,
	NULL, /* setcachestats */
	NULL, /* hashsize */
	NULL, /* nodefullname */
	NULL, /* getsize */
	NULL, /* setservestalettl */
	NULL, /* getservestalettl */
	NULL, /* setservestalerefresh */
	NULL, /* getservestalerefresh */
	NULL, /* setgluecachestats */
	NULL, /* setmaxrrperset */
	NULL  /* setmaxtypepername */
};

/*

Lines 892-897 dns_view_setcache(dns_view_t view, dns_cache_t cache, bool shared) { Link Here

(-)a/lib/dns/view.c (+21 lines)
892	dns_cache_attach(cache, &view->cache);	892	dns_cache_attach(cache, &view->cache);
893	dns_cache_attachdb(cache, &view->cachedb);	893	dns_cache_attachdb(cache, &view->cachedb);
894	INSIST(DNS_DB_VALID(view->cachedb));	894	INSIST(DNS_DB_VALID(view->cachedb));
		895
		896	dns_cache_setmaxrrperset(view->cache, view->maxrrperset);
		897	dns_cache_setmaxtypepername(view->cache, view->maxtypepername);
895	}	898	}
896		899
897	bool	900	bool
Lines 2759-2761 dns_view_sfd_find(dns_view_t view, const dns_name_t name, Link Here
2759	dns_name_copy(dns_rootname, foundname);	2762	dns_name_copy(dns_rootname, foundname);
2760	}	2763	}
2761	}	2764	}
		2765
		2766	void
		2767	dns_view_setmaxrrperset(dns_view_t *view, uint32_t value) {
		2768	REQUIRE(DNS_VIEW_VALID(view));
		2769	view->maxrrperset = value;
		2770	if (view->cache != NULL) {
		2771	dns_cache_setmaxrrperset(view->cache, value);
		2772	}
		2773	}
		2774
		2775	void
		2776	dns_view_setmaxtypepername(dns_view_t *view, uint32_t value) {
		2777	REQUIRE(DNS_VIEW_VALID(view));
		2778	view->maxtypepername = value;
		2779	if (view->cache != NULL) {
		2780	dns_cache_setmaxtypepername(view->cache, value);
		2781	}
		2782	}

Lines 211-218 xfrin_create(isc_mem_t mctx, dns_zone_t zone, dns_db_t db, isc_nm_t netmgr, Link Here

(-)a/lib/dns/xfrin.c (-19 / +5 lines)
211	static isc_result_t	211	static isc_result_t
212	axfr_init(dns_xfrin_ctx_t *xfr);	212	axfr_init(dns_xfrin_ctx_t *xfr);
213	static isc_result_t	213	static isc_result_t
214	axfr_makedb(dns_xfrin_ctx_t xfr, dns_db_t *dbp);
215	static isc_result_t
216	axfr_putdata(dns_xfrin_ctx_t xfr, dns_diffop_t op, dns_name_t name,	214	axfr_putdata(dns_xfrin_ctx_t xfr, dns_diffop_t op, dns_name_t name,
217	dns_ttl_t ttl, dns_rdata_t *rdata);	215	dns_ttl_t ttl, dns_rdata_t *rdata);
218	static isc_result_t	216	static isc_result_t
Lines 288-294 axfr_init(dns_xfrin_ctx_t *xfr) { Link Here
288	dns_db_detach(&xfr->db);	286	dns_db_detach(&xfr->db);
289	}	287	}
290		288
291	CHECK(axfr_makedb(xfr, &xfr->db));	289	CHECK(dns_zone_makedb(xfr->zone, &xfr->db));
		290
		291	dns_zone_rpz_enable_db(xfr->zone, xfr->db);
		292	dns_zone_catz_enable_db(xfr->zone, xfr->db);
		293
292	dns_rdatacallbacks_init(&xfr->axfr);	294	dns_rdatacallbacks_init(&xfr->axfr);
293	CHECK(dns_db_beginload(xfr->db, &xfr->axfr));	295	CHECK(dns_db_beginload(xfr->db, &xfr->axfr));
294	result = ISC_R_SUCCESS;	296	result = ISC_R_SUCCESS;
Lines 296-317 failure: Link Here
296	return (result);	298	return (result);
297	}	299	}
298		300
299	static isc_result_t
300	axfr_makedb(dns_xfrin_ctx_t xfr, dns_db_t *dbp) {
301	isc_result_t result;
302
303	result = dns_db_create(xfr->mctx, /* XXX */
304	"rbt", /* XXX guess */
305	&xfr->name, dns_dbtype_zone, xfr->rdclass, 0,
306	NULL, /* XXX guess */
307	dbp);
308	if (result == ISC_R_SUCCESS) {
309	dns_zone_rpz_enable_db(xfr->zone, *dbp);
310	dns_zone_catz_enable_db(xfr->zone, *dbp);
311	}
312	return (result);
313	}
314
315	static isc_result_t	301	static isc_result_t
316	axfr_putdata(dns_xfrin_ctx_t xfr, dns_diffop_t op, dns_name_t name,	302	axfr_putdata(dns_xfrin_ctx_t xfr, dns_diffop_t op, dns_name_t name,
317	dns_ttl_t ttl, dns_rdata_t *rdata) {	303	dns_ttl_t ttl, dns_rdata_t *rdata) {




	uint32_t minretry;

	uint32_t maxrecords;
	uint32_t maxrrperset;
	uint32_t maxtypepername;

	isc_sockaddr_t *primaries;
	dns_name_t **primarykeynames;

	dns_zone_logc(zone, DNS_LOGCATEGORY_ZONELOAD, ISC_LOG_DEBUG(1),
		      "starting load");

	result = dns_zone_makedb(zone, &db);
			       (zone->type == dns_zone_stub) ? dns_dbtype_stub
							     : dns_dbtype_zone,
			       zone->rdclass, zone->db_argc - 1,
			       zone->db_argv + 1, &db);

	if (result != ISC_R_SUCCESS) {
		dns_zone_logc(zone, DNS_LOGCATEGORY_ZONELOAD, ISC_LOG_ERROR,
			      "loading zone: creating database: %s",
			      isc_result_totext(result));
		goto cleanup;
	}
	dns_db_settask(db, zone->task, zone->task);

	if (zone->type == dns_zone_primary ||
	    zone->type == dns_zone_secondary || zone->type == dns_zone_mirror)
	{
		result = dns_db_setgluecachestats(db, zone->gluecachestats);
		if (result == ISC_R_NOTIMPLEMENTED) {
			result = ISC_R_SUCCESS;
		}
		if (result != ISC_R_SUCCESS) {
			goto cleanup;
		}
	}

	if (!dns_db_ispersistent(db)) {
		if (zone->masterfile != NULL || zone->stream != NULL) {

	}

	dns_diff_clear(&_sig_diff);
	dns_diff_clear(&post_diff);

	for (i = 0; i < nkeys; i++) {
		dst_key_free(&zone_keys[i]);

	zone->maxrecords = val;
}

void
dns_zone_setmaxrrperset(dns_zone_t *zone, uint32_t val) {
	REQUIRE(DNS_ZONE_VALID(zone));

	zone->maxrrperset = val;
	if (zone->db != NULL) {
		dns_db_setmaxrrperset(zone->db, val);
	}
}

void
dns_zone_setmaxtypepername(dns_zone_t *zone, uint32_t val) {
	REQUIRE(DNS_ZONE_VALID(zone));

	zone->maxtypepername = val;
	if (zone->db != NULL) {
		dns_db_setmaxtypepername(zone->db, val);
	}
}

static bool
notify_isqueued(dns_zone_t *zone, unsigned int flags, dns_name_t *name,
		isc_sockaddr_t *addr, dns_tsigkey_t *key,

				goto cleanup;
			}
			dns_db_settask(stub->db, zone->task, zone->task);
			dns_db_setmaxrrperset(stub->db, zone->maxrrperset);
			dns_db_setmaxtypepername(stub->db,
						 zone->maxtypepername);
		}

		result = dns_db_newversion(stub->db, &stub->version);

	}
	zone_attachdb(zone, db);
	dns_db_settask(zone->db, zone->task, zone->task);
	dns_db_setmaxrrperset(zone->db, zone->maxrrperset);
	dns_db_setmaxtypepername(zone->db, zone->maxtypepername);
	DNS_ZONE_SETFLAG(zone, DNS_ZONEFLG_LOADED | DNS_ZONEFLG_NEEDNOTIFY);
	return (ISC_R_SUCCESS);


		 * Something went wrong; try again in ten minutes or
		 * after a key refresh interval, whichever is shorter.
		 */
		int loglevel = ISC_LOG_DEBUG(3);
		if (result != DNS_R_NOTLOADED) {
			loglevel = ISC_LOG_ERROR;
		}
		dnssec_log(zone, loglevel,
			   "zone_rekey failure: %s (retry in %u seconds)",
			   isc_result_totext(result),
			   ISC_MIN(zone->refreshkeyinterval, 600));


	RWUNLOCK(&zmgr->tlsctx_cache_rwlock, isc_rwlocktype_read);
}

isc_result_t
dns_zone_makedb(dns_zone_t *zone, dns_db_t **dbp) {
	REQUIRE(DNS_ZONE_VALID(zone));
	REQUIRE(dbp != NULL && *dbp == NULL);

	dns_db_t *db = NULL;

	isc_result_t result = dns_db_create(
		zone->mctx, zone->db_argv[0], &zone->origin,
		(zone->type == dns_zone_stub) ? dns_dbtype_stub
					      : dns_dbtype_zone,
		zone->rdclass, zone->db_argc - 1, zone->db_argv + 1, &db);
	if (result != ISC_R_SUCCESS) {
		return (result);
	}

	switch (zone->type) {
	case dns_zone_primary:
	case dns_zone_secondary:
	case dns_zone_mirror:
		result = dns_db_setgluecachestats(db, zone->gluecachestats);
		if (result == ISC_R_NOTIMPLEMENTED) {
			result = ISC_R_SUCCESS;
		}
		if (result != ISC_R_SUCCESS) {
			dns_db_detach(&db);
			return (result);
		}
		break;
	default:
		break;
	}

	dns_db_settask(db, zone->task, zone->task);
	dns_db_setmaxrrperset(db, zone->maxrrperset);
	dns_db_setmaxtypepername(db, zone->maxtypepername);

	*dbp = db;

	return (ISC_R_SUCCESS);
}

Lines 2300-2305 static cfg_clausedef_t zone_clauses[] = { Link Here

(-)a/lib/isccfg/namedconf.c (+6 lines)
2300	{ "max-records", &cfg_type_uint32,	2300	{ "max-records", &cfg_type_uint32,
2301	CFG_ZONE_PRIMARY \| CFG_ZONE_SECONDARY \| CFG_ZONE_MIRROR \|	2301	CFG_ZONE_PRIMARY \| CFG_ZONE_SECONDARY \| CFG_ZONE_MIRROR \|
2302	CFG_ZONE_STUB \| CFG_ZONE_STATICSTUB \| CFG_ZONE_REDIRECT },	2302	CFG_ZONE_STUB \| CFG_ZONE_STATICSTUB \| CFG_ZONE_REDIRECT },
		2303	{ "max-records-per-type", &cfg_type_uint32,
		2304	CFG_ZONE_PRIMARY \| CFG_ZONE_SECONDARY \| CFG_ZONE_MIRROR \|
		2305	CFG_ZONE_STUB \| CFG_ZONE_STATICSTUB \| CFG_ZONE_REDIRECT },
		2306	{ "max-types-per-name", &cfg_type_uint32,
		2307	CFG_ZONE_PRIMARY \| CFG_ZONE_SECONDARY \| CFG_ZONE_MIRROR \|
		2308	CFG_ZONE_STUB \| CFG_ZONE_STATICSTUB \| CFG_ZONE_REDIRECT },
2303	{ "max-refresh-time", &cfg_type_uint32,	2309	{ "max-refresh-time", &cfg_type_uint32,
2304	CFG_ZONE_SECONDARY \| CFG_ZONE_MIRROR \| CFG_ZONE_STUB },	2310	CFG_ZONE_SECONDARY \| CFG_ZONE_MIRROR \| CFG_ZONE_STUB },
2305	{ "max-retry-time", &cfg_type_uint32,	2311	{ "max-retry-time", &cfg_type_uint32,




						dns_diff_clear(&ctx.add_diff);
						goto failure;
					}
					result = update_one_rr(
						db, ver, &diff, DNS_DIFFOP_ADD,
						name, ttl, &rdata);
					if (result != ISC_R_SUCCESS) {
						update_log(client, zone,
							   LOGLEVEL_PROTOCOL,
							   "adding an RR "
							   "failed: %s",
							   isc_result_totext(
								   result));
						goto failure;
					}
				}
			}
		} else if (update_class == dns_rdataclass_any) {

Return to bug 1228256

Lines 5566-5571 configure_view(dns_view_t view, dns_viewlist_t viewlist, cfg_obj_t *config, Link Here

(-)a/bin/named/server.c (+18 lines)
5566	dns_resolver_setclientsperquery(view->resolver, cfg_obj_asuint32(obj),	5566	dns_resolver_setclientsperquery(view->resolver, cfg_obj_asuint32(obj),
5567	max_clients_per_query);	5567	max_clients_per_query);
5568		5568
		5569	/*
		5570	* This is used for the cache and also as a default value
		5571	* for zone databases.
		5572	*/
		5573	obj = NULL;
		5574	result = named_config_get(maps, "max-records-per-type", &obj);
		5575	INSIST(result == ISC_R_SUCCESS);
		5576	dns_view_setmaxrrperset(view, cfg_obj_asuint32(obj));
		5577
		5578	/*
		5579	* This is used for the cache and also as a default value
		5580	* for zone databases.
		5581	*/
		5582	obj = NULL;
		5583	result = named_config_get(maps, "max-types-per-name", &obj);
		5584	INSIST(result == ISC_R_SUCCESS);
		5585	dns_view_setmaxtypepername(view, cfg_obj_asuint32(obj));
		5586
5569	obj = NULL;	5587	obj = NULL;
5570	result = named_config_get(maps, "max-recursion-depth", &obj);	5588	result = named_config_get(maps, "max-recursion-depth", &obj);
5571	INSIST(result == ISC_R_SUCCESS);	5589	INSIST(result == ISC_R_SUCCESS);

Lines 1083-1088 named_zone_configure(const cfg_obj_t config, const cfg_obj_t vconfig, Link Here

(-)a/bin/named/zoneconf.c (+16 lines)
1083	dns_zone_setmaxrecords(zone, 0);	1083	dns_zone_setmaxrecords(zone, 0);
1084	}	1084	}
1085		1085
		1086	obj = NULL;
		1087	result = named_config_get(maps, "max-records-per-type", &obj);
		1088	INSIST(result == ISC_R_SUCCESS && obj != NULL);
		1089	dns_zone_setmaxrrperset(mayberaw, cfg_obj_asuint32(obj));
		1090	if (zone != mayberaw) {
		1091	dns_zone_setmaxrrperset(zone, 0);
		1092	}
		1093
		1094	obj = NULL;
		1095	result = named_config_get(maps, "max-types-per-name", &obj);
		1096	INSIST(result == ISC_R_SUCCESS && obj != NULL);
		1097	dns_zone_setmaxtypepername(mayberaw, cfg_obj_asuint32(obj));
		1098	if (zone != mayberaw) {
		1099	dns_zone_setmaxtypepername(zone, 0);
		1100	}
		1101
1086	if (raw != NULL && filename != NULL) {	1102	if (raw != NULL && filename != NULL) {
1087	#define SIGNED ".signed"	1103	#define SIGNED ".signed"
1088	size_t signedlen = strlen(filename) + sizeof(SIGNED);	1104	size_t signedlen = strlen(filename) + sizeof(SIGNED);

Lines 3766-3771 system. Link Here

(-)a/doc/arm/reference.rst (+30 lines)
3766	This sets the maximum number of records permitted in a zone. The default is	3766	This sets the maximum number of records permitted in a zone. The default is
3767	zero, which means the maximum is unlimited.	3767	zero, which means the maximum is unlimited.
3768		3768
		3769	.. namedconf:statement:: max-records-per-type
		3770	:tags: server
		3771	:short: Sets the maximum number of records that can be stored in an RRset
		3772
		3773	This sets the maximum number of resource records that can be stored
		3774	in an RRset in a database. When configured in :namedconf:ref:`options`
		3775	or :namedconf:ref:`view`, it controls the cache database; it also sets
		3776	the default value for zone databases, which can be overridden by setting
		3777	it at the :namedconf:ref:`zone` level.
		3778
		3779	If set to a positive value, any attempt to cache or to add to a zone
		3780	an RRset with more than the specified number of records will result in
		3781	a failure. If set to 0, there is no cap on RRset size. The default is
		3782	100.
		3783
		3784	.. namedconf:statement:: max-types-per-name
		3785	:tags: server
		3786	:short: Sets the maximum number of RR types that can be stored for an owner name
		3787
		3788	This sets the maximum number of resource record types that can be stored
		3789	for a single owner name in a database. When configured in :namedconf:ref:`options`
		3790	or :namedconf:ref:`view`, it controls the cache database, and also sets
		3791	the default value for zone databases, which can be overridden by setting
		3792	it at the :namedconf:ref:`zone` level
		3793
		3794	If set to a positive value, any attempt to cache or to add to a zone an owner
		3795	name with more than the specified number of resource record types will result
		3796	in a failure. If set to 0, there is no cap on RR types number. The default is
		3797	100.
		3798
3769	.. namedconf:statement:: recursive-clients	3799	.. namedconf:statement:: recursive-clients
3770	:tags: query	3800	:tags: query
3771	:short: Specifies the maximum number of concurrent recursive queries the server can perform.	3801	:short: Specifies the maximum number of concurrent recursive queries the server can perform.

Lines 1121-1123 dns_db_setgluecachestats(dns_db_t db, isc_stats_t stats) { Link Here

(-)a/lib/dns/db.c (+18 lines)
1121		1121
1122	return (ISC_R_NOTIMPLEMENTED);	1122	return (ISC_R_NOTIMPLEMENTED);
1123	}	1123	}
		1124
		1125	void
		1126	dns_db_setmaxrrperset(dns_db_t *db, uint32_t value) {
		1127	REQUIRE(DNS_DB_VALID(db));
		1128
		1129	if (db->methods->setmaxrrperset != NULL) {
		1130	(db->methods->setmaxrrperset)(db, value);
		1131	}
		1132	}
		1133
		1134	void
		1135	dns_db_setmaxtypepername(dns_db_t *db, uint32_t value) {
		1136	REQUIRE(DNS_DB_VALID(db));
		1137
		1138	if (db->methods->setmaxtypepername != NULL) {
		1139	(db->methods->setmaxtypepername)(db, value);
		1140	}
		1141	}

Lines 1270-1289 settask(dns_db_t db, isc_task_t task, isc_task_t *prunetask) { Link Here

(-)a/lib/dns/sdb.c (-15 / +31 lines)
1270	}	1270	}
1271		1271
1272	static dns_dbmethods_t sdb_methods = {	1272	static dns_dbmethods_t sdb_methods = {
1273	attach, detach,	1273	attach,
1274	beginload, endload,	1274	detach,
1275	dump, currentversion,	1275	beginload,
1276	newversion, attachversion,	1276	endload,
1277	closeversion, NULL, /* findnode */	1277	dump,
1278	NULL, /* find */	1278	currentversion,
1279	findzonecut, attachnode,	1279	newversion,
1280	detachnode, expirenode,	1280	attachversion,
1281	printnode, createiterator,	1281	closeversion,
1282	findrdataset, allrdatasets,	1282	NULL, /* findnode */
1283	addrdataset, subtractrdataset,	1283	NULL, /* find */
1284	deleterdataset, issecure,	1284	findzonecut,
1285	nodecount, ispersistent,	1285	attachnode,
1286	overmem, settask,	1286	detachnode,
		1287	expirenode,
		1288	printnode,
		1289	createiterator,
		1290	findrdataset,
		1291	allrdatasets,
		1292	addrdataset,
		1293	subtractrdataset,
		1294	deleterdataset,
		1295	issecure,
		1296	nodecount,
		1297	ispersistent,
		1298	overmem,
		1299	settask,
1287	getoriginnode, /* getoriginnode */	1300	getoriginnode, /* getoriginnode */
1288	NULL, /* transfernode */	1301	NULL, /* transfernode */
1289	NULL, /* getnsec3parameters */	1302	NULL, /* getnsec3parameters */
Lines 1295-1301 static dns_dbmethods_t sdb_methods = { Link Here
1295	NULL, /* getrrsetstats */	1308	NULL, /* getrrsetstats */
1296	NULL, /* rpz_attach */	1309	NULL, /* rpz_attach */
1297	NULL, /* rpz_ready */	1310	NULL, /* rpz_ready */
1298	findnodeext, findext,	1311	findnodeext,
		1312	findext,
1299	NULL, /* setcachestats */	1313	NULL, /* setcachestats */
1300	NULL, /* hashsize */	1314	NULL, /* hashsize */
1301	NULL, /* nodefullname */	1315	NULL, /* nodefullname */
Lines 1305-1310 static dns_dbmethods_t sdb_methods = { Link Here
1305	NULL, /* setservestalerefresh */	1319	NULL, /* setservestalerefresh */
1306	NULL, /* getservestalerefresh */	1320	NULL, /* getservestalerefresh */
1307	NULL, /* setgluecachestats */	1321	NULL, /* setgluecachestats */
		1322	NULL, /* setmaxrrperset */
		1323	NULL /* setmaxtypepername */
1308	};	1324	};
1309		1325
1310	static isc_result_t	1326	static isc_result_t

Lines 563-590 hashsize(dns_db_t *db) { Link Here

(-)a/bin/tests/system/dyndb/driver/db.c (-20 / +49 lines)
563	* determine which implementation of dns_db_*() function to call.	563	* determine which implementation of dns_db_*() function to call.
564	*/	564	*/
565	static dns_dbmethods_t sampledb_methods = {	565	static dns_dbmethods_t sampledb_methods = {
566	attach, detach, beginload,	566	attach,
567	endload, dump, currentversion,	567	detach,
568	newversion, attachversion, closeversion,	568	beginload,
569	findnode, find, findzonecut,	569	endload,
570	attachnode, detachnode, expirenode,	570	dump,
571	printnode, createiterator, findrdataset,	571	currentversion,
572	allrdatasets, addrdataset, subtractrdataset,	572	newversion,
573	deleterdataset, issecure, nodecount,	573	attachversion,
574	ispersistent, overmem, settask,	574	closeversion,
575	getoriginnode, transfernode, getnsec3parameters,	575	findnode,
576	findnsec3node, setsigningtime, getsigningtime,	576	find,
577	resigned, isdnssec, getrrsetstats,	577	findzonecut,
		578	attachnode,
		579	detachnode,
		580	expirenode,
		581	printnode,
		582	createiterator,
		583	findrdataset,
		584	allrdatasets,
		585	addrdataset,
		586	subtractrdataset,
		587	deleterdataset,
		588	issecure,
		589	nodecount,
		590	ispersistent,
		591	overmem,
		592	settask,
		593	getoriginnode,
		594	transfernode,
		595	getnsec3parameters,
		596	findnsec3node,
		597	setsigningtime,
		598	getsigningtime,
		599	resigned,
		600	isdnssec,
		601	getrrsetstats,
578	NULL, /* rpz_attach */	602	NULL, /* rpz_attach */
579	NULL, /* rpz_ready */	603	NULL, /* rpz_ready */
580	findnodeext, findext, setcachestats,	604	findnodeext,
581	hashsize, NULL, /* nodefullname */	605	findext,
582	NULL, /* getsize */	606	setcachestats,
583	NULL, /* setservestalettl */	607	hashsize,
584	NULL, /* getservestalettl */	608	NULL, /* nodefullname */
585	NULL, /* setservestalerefresh */	609	NULL, /* getsize */
586	NULL, /* getservestalerefresh */	610	NULL, /* setservestalettl */
587	NULL, /* setgluecachestats */	611	NULL, /* getservestalettl */
		612	NULL, /* setservestalerefresh */
		613	NULL, /* getservestalerefresh */
		614	NULL, /* setgluecachestats */
		615	NULL, /* setmaxrrperset */
		616	NULL /* setmaxtypepername */
588	};	617	};
589		618
590	/* Auxiliary driver functions. */	619	/* Auxiliary driver functions. */

Lines 18-29 zone <string> [ <class> ] { Link Here

(-)a/doc/misc/mirror.zoneopt (+2 lines)
18	max-ixfr-ratio ( unlimited \| <percentage> );	18	max-ixfr-ratio ( unlimited \| <percentage> );
19	max-journal-size ( default \| unlimited \| <sizeval> );	19	max-journal-size ( default \| unlimited \| <sizeval> );
20	max-records <integer>;	20	max-records <integer>;
		21	max-records-per-type <integer>;
21	max-refresh-time <integer>;	22	max-refresh-time <integer>;
22	max-retry-time <integer>;	23	max-retry-time <integer>;
23	max-transfer-idle-in <integer>;	24	max-transfer-idle-in <integer>;
24	max-transfer-idle-out <integer>;	25	max-transfer-idle-out <integer>;
25	max-transfer-time-in <integer>;	26	max-transfer-time-in <integer>;
26	max-transfer-time-out <integer>;	27	max-transfer-time-out <integer>;
		28	max-types-per-name <integer>;
27	min-refresh-time <integer>;	29	min-refresh-time <integer>;
28	min-retry-time <integer>;	30	min-retry-time <integer>;
29	multi-master <boolean>;	31	multi-master <boolean>;

Lines 181-186 options { Link Here

(-)a/doc/misc/options (+4 lines)
181	max-journal-size ( default \| unlimited \| <sizeval> );	181	max-journal-size ( default \| unlimited \| <sizeval> );
182	max-ncache-ttl <duration>;	182	max-ncache-ttl <duration>;
183	max-records <integer>;	183	max-records <integer>;
		184	max-records-per-type <integer>;
184	max-recursion-depth <integer>;	185	max-recursion-depth <integer>;
185	max-recursion-queries <integer>;	186	max-recursion-queries <integer>;
186	max-refresh-time <integer>;	187	max-refresh-time <integer>;
Lines 191-196 options { Link Here
191	max-transfer-idle-out <integer>;	192	max-transfer-idle-out <integer>;
192	max-transfer-time-in <integer>;	193	max-transfer-time-in <integer>;
193	max-transfer-time-out <integer>;	194	max-transfer-time-out <integer>;
		195	max-types-per-name <integer>;
194	max-udp-size <integer>;	196	max-udp-size <integer>;
195	max-zone-ttl ( unlimited \| <duration> );	197	max-zone-ttl ( unlimited \| <duration> );
196	memstatistics <boolean>;	198	memstatistics <boolean>;
Lines 471-476 view <string> [ <class> ] { Link Here
471	max-journal-size ( default \| unlimited \| <sizeval> );	473	max-journal-size ( default \| unlimited \| <sizeval> );
472	max-ncache-ttl <duration>;	474	max-ncache-ttl <duration>;
473	max-records <integer>;	475	max-records <integer>;
		476	max-records-per-type <integer>;
474	max-recursion-depth <integer>;	477	max-recursion-depth <integer>;
475	max-recursion-queries <integer>;	478	max-recursion-queries <integer>;
476	max-refresh-time <integer>;	479	max-refresh-time <integer>;
Lines 480-485 view <string> [ <class> ] { Link Here
480	max-transfer-idle-out <integer>;	483	max-transfer-idle-out <integer>;
481	max-transfer-time-in <integer>;	484	max-transfer-time-in <integer>;
482	max-transfer-time-out <integer>;	485	max-transfer-time-out <integer>;
		486	max-types-per-name <integer>;
483	max-udp-size <integer>;	487	max-udp-size <integer>;
484	max-zone-ttl ( unlimited \| <duration> );	488	max-zone-ttl ( unlimited \| <duration> );
485	message-compression <boolean>;	489	message-compression <boolean>;

Lines 30-41 zone <string> [ <class> ] { Link Here

(-)a/doc/misc/secondary.zoneopt (+2 lines)
30	max-ixfr-ratio ( unlimited \| <percentage> );	30	max-ixfr-ratio ( unlimited \| <percentage> );
31	max-journal-size ( default \| unlimited \| <sizeval> );	31	max-journal-size ( default \| unlimited \| <sizeval> );
32	max-records <integer>;	32	max-records <integer>;
		33	max-records-per-type <integer>;
33	max-refresh-time <integer>;	34	max-refresh-time <integer>;
34	max-retry-time <integer>;	35	max-retry-time <integer>;
35	max-transfer-idle-in <integer>;	36	max-transfer-idle-in <integer>;
36	max-transfer-idle-out <integer>;	37	max-transfer-idle-out <integer>;
37	max-transfer-time-in <integer>;	38	max-transfer-time-in <integer>;
38	max-transfer-time-out <integer>;	39	max-transfer-time-out <integer>;
		40	max-types-per-name <integer>;
39	min-refresh-time <integer>;	41	min-refresh-time <integer>;
40	min-retry-time <integer>;	42	min-retry-time <integer>;
41	multi-master <boolean>;	43	multi-master <boolean>;

Lines 12-21 zone <string> [ <class> ] { Link Here

(-)a/doc/misc/stub.zoneopt (+2 lines)
12	masterfile-format ( raw \| text );	12	masterfile-format ( raw \| text );
13	masterfile-style ( full \| relative );	13	masterfile-style ( full \| relative );
14	max-records <integer>;	14	max-records <integer>;
		15	max-records-per-type <integer>;
15	max-refresh-time <integer>;	16	max-refresh-time <integer>;
16	max-retry-time <integer>;	17	max-retry-time <integer>;
17	max-transfer-idle-in <integer>;	18	max-transfer-idle-in <integer>;
18	max-transfer-time-in <integer>;	19	max-transfer-time-in <integer>;
		20	max-types-per-name <integer>;
19	min-refresh-time <integer>;	21	min-refresh-time <integer>;
20	min-retry-time <integer>;	22	min-retry-time <integer>;
21	multi-master <boolean>;	23	multi-master <boolean>;

Lines 278-283 dns_cache_updatestats(dns_cache_t *cache, isc_result_t result); Link Here

(-)a/lib/dns/include/dns/cache.h (+12 lines)
278	* Update cache statistics based on result code in 'result'	278	* Update cache statistics based on result code in 'result'
279	*/	279	*/
280		280
		281	void
		282	dns_cache_setmaxrrperset(dns_cache_t *cache, uint32_t value);
		283	/*%<
		284	* Set the maximum resource records per RRSet that can be cached.
		285	*/
		286
		287	void
		288	dns_cache_setmaxtypepername(dns_cache_t *cache, uint32_t value);
		289	/*%<
		290	* Set the maximum resource record types per owner name that can be cached.
		291	*/
		292
281	#ifdef HAVE_LIBXML2	293	#ifdef HAVE_LIBXML2
282	int	294	int
283	dns_cache_renderxml(dns_cache_t cache, void writer0);	295	dns_cache_renderxml(dns_cache_t cache, void writer0);

Lines 66-72 ISC_LANG_BEGINDECLS Link Here

(-)a/lib/dns/include/dns/rdataslab.h (-2 / +4 lines)
66		66
67	isc_result_t	67	isc_result_t
68	dns_rdataslab_fromrdataset(dns_rdataset_t rdataset, isc_mem_t mctx,	68	dns_rdataslab_fromrdataset(dns_rdataset_t rdataset, isc_mem_t mctx,
69	isc_region_t *region, unsigned int reservelen);	69	isc_region_t *region, unsigned int reservelen,
		70	uint32_t limit);
70	/*%<	71	/*%<
71	* Slabify a rdataset. The slab area will be allocated and returned	72	* Slabify a rdataset. The slab area will be allocated and returned
72	* in 'region'.	73	* in 'region'.
Lines 122-128 isc_result_t Link Here
122	dns_rdataslab_merge(unsigned char oslab, unsigned char nslab,	123	dns_rdataslab_merge(unsigned char oslab, unsigned char nslab,
123	unsigned int reservelen, isc_mem_t *mctx,	124	unsigned int reservelen, isc_mem_t *mctx,
124	dns_rdataclass_t rdclass, dns_rdatatype_t type,	125	dns_rdataclass_t rdclass, dns_rdatatype_t type,
125	unsigned int flags, unsigned char **tslabp);	126	unsigned int flags, uint32_t maxrrperset,
		127	unsigned char **tslabp);
126	/*%<	128	/*%<
127	* Merge 'oslab' and 'nslab'.	129	* Merge 'oslab' and 'nslab'.
128	*/	130	*/

Lines 1243-1276 getoriginnode(dns_db_t db, dns_dbnode_t *nodep) { Link Here

(-)a/lib/dns/sdlz.c (-28 / +51 lines)
1243	}	1243	}
1244		1244
1245	static dns_dbmethods_t sdlzdb_methods = {	1245	static dns_dbmethods_t sdlzdb_methods = {
1246	attach, detach, beginload,	1246	attach,
1247	endload, dump, currentversion,	1247	detach,
1248	newversion, attachversion, closeversion,	1248	beginload,
1249	findnode, find, findzonecut,	1249	endload,
1250	attachnode, detachnode, expirenode,	1250	dump,
1251	printnode, createiterator, findrdataset,	1251	currentversion,
1252	allrdatasets, addrdataset, subtractrdataset,	1252	newversion,
1253	deleterdataset, issecure, nodecount,	1253	attachversion,
1254	ispersistent, overmem, settask,	1254	closeversion,
1255	getoriginnode, NULL, /* transfernode */	1255	findnode,
1256	NULL, /* getnsec3parameters */	1256	find,
1257	NULL, /* findnsec3node */	1257	findzonecut,
1258	NULL, /* setsigningtime */	1258	attachnode,
1259	NULL, /* getsigningtime */	1259	detachnode,
1260	NULL, /* resigned */	1260	expirenode,
1261	NULL, /* isdnssec */	1261	printnode,
1262	NULL, /* getrrsetstats */	1262	createiterator,
1263	NULL, /* rpz_attach */	1263	findrdataset,
1264	NULL, /* rpz_ready */	1264	allrdatasets,
1265	findnodeext, findext, NULL, /* setcachestats */	1265	addrdataset,
1266	NULL, /* hashsize */	1266	subtractrdataset,
1267	NULL, /* nodefullname */	1267	deleterdataset,
1268	NULL, /* getsize */	1268	issecure,
1269	NULL, /* setservestalettl */	1269	nodecount,
1270	NULL, /* getservestalettl */	1270	ispersistent,
1271	NULL, /* setservestalerefresh */	1271	overmem,
1272	NULL, /* getservestalerefresh */	1272	settask,
1273	NULL, /* setgluecachestats */	1273	getoriginnode,
		1274	NULL, /* transfernode */
		1275	NULL, /* getnsec3parameters */
		1276	NULL, /* findnsec3node */
		1277	NULL, /* setsigningtime */
		1278	NULL, /* getsigningtime */
		1279	NULL, /* resigned */
		1280	NULL, /* isdnssec */
		1281	NULL, /* getrrsetstats */
		1282	NULL, /* rpz_attach */
		1283	NULL, /* rpz_ready */
		1284	findnodeext,
		1285	findext,
		1286	NULL, /* setcachestats */
		1287	NULL, /* hashsize */
		1288	NULL, /* nodefullname */
		1289	NULL, /* getsize */
		1290	NULL, /* setservestalettl */
		1291	NULL, /* getservestalettl */
		1292	NULL, /* setservestalerefresh */
		1293	NULL, /* getservestalerefresh */
		1294	NULL, /* setgluecachestats */
		1295	NULL, /* setmaxrrperset */
		1296	NULL /* setmaxtypepername */
1274	};	1297	};
1275		1298
1276	/*	1299	/*

Lines 309-314 struct dns_zone { Link Here

(-)a/lib/dns/zone.c (-20 / +76 lines)
309	uint32_t minretry;	309	uint32_t minretry;
310		310
311	uint32_t maxrecords;	311	uint32_t maxrecords;
		312	uint32_t maxrrperset;
		313	uint32_t maxtypepername;
312		314
313	isc_sockaddr_t *primaries;	315	isc_sockaddr_t *primaries;
314	dns_name_t **primarykeynames;	316	dns_name_t **primarykeynames;
Lines 2327-2357 zone_load(dns_zone_t *zone, unsigned int flags, bool locked) { Link Here
2327	dns_zone_logc(zone, DNS_LOGCATEGORY_ZONELOAD, ISC_LOG_DEBUG(1),	2329	dns_zone_logc(zone, DNS_LOGCATEGORY_ZONELOAD, ISC_LOG_DEBUG(1),
2328	"starting load");	2330	"starting load");
2329		2331
2330	result = dns_db_create(zone->mctx, zone->db_argv[0], &zone->origin,	2332	result = dns_zone_makedb(zone, &db);
2331	(zone->type == dns_zone_stub) ? dns_dbtype_stub
2332	: dns_dbtype_zone,
2333	zone->rdclass, zone->db_argc - 1,
2334	zone->db_argv + 1, &db);
2335
2336	if (result != ISC_R_SUCCESS) {	2333	if (result != ISC_R_SUCCESS) {
2337	dns_zone_logc(zone, DNS_LOGCATEGORY_ZONELOAD, ISC_LOG_ERROR,	2334	dns_zone_logc(zone, DNS_LOGCATEGORY_ZONELOAD, ISC_LOG_ERROR,
2338	"loading zone: creating database: %s",	2335	"loading zone: creating database: %s",
2339	isc_result_totext(result));	2336	isc_result_totext(result));
2340	goto cleanup;	2337	goto cleanup;
2341	}	2338	}
2342	dns_db_settask(db, zone->task, zone->task);
2343
2344	if (zone->type == dns_zone_primary \|\|
2345	zone->type == dns_zone_secondary \|\| zone->type == dns_zone_mirror)
2346	{
2347	result = dns_db_setgluecachestats(db, zone->gluecachestats);
2348	if (result == ISC_R_NOTIMPLEMENTED) {
2349	result = ISC_R_SUCCESS;
2350	}
2351	if (result != ISC_R_SUCCESS) {
2352	goto cleanup;
2353	}
2354	}
2355		2339
2356	if (!dns_db_ispersistent(db)) {	2340	if (!dns_db_ispersistent(db)) {
2357	if (zone->masterfile != NULL \|\| zone->stream != NULL) {	2341	if (zone->masterfile != NULL \|\| zone->stream != NULL) {
Lines 10017-10022 cleanup: Link Here
10017	}	10001	}
10018		10002
10019	dns_diff_clear(&_sig_diff);	10003	dns_diff_clear(&_sig_diff);
		10004	dns_diff_clear(&post_diff);
10020		10005
10021	for (i = 0; i < nkeys; i++) {	10006	for (i = 0; i < nkeys; i++) {
10022	dst_key_free(&zone_keys[i]);	10007	dst_key_free(&zone_keys[i]);
Lines 12286-12291 dns_zone_setmaxrecords(dns_zone_t *zone, uint32_t val) { Link Here
12286	zone->maxrecords = val;	12271	zone->maxrecords = val;
12287	}	12272	}
12288		12273
		12274	void
		12275	dns_zone_setmaxrrperset(dns_zone_t *zone, uint32_t val) {
		12276	REQUIRE(DNS_ZONE_VALID(zone));
		12277
		12278	zone->maxrrperset = val;
		12279	if (zone->db != NULL) {
		12280	dns_db_setmaxrrperset(zone->db, val);
		12281	}
		12282	}
		12283
		12284	void
		12285	dns_zone_setmaxtypepername(dns_zone_t *zone, uint32_t val) {
		12286	REQUIRE(DNS_ZONE_VALID(zone));
		12287
		12288	zone->maxtypepername = val;
		12289	if (zone->db != NULL) {
		12290	dns_db_setmaxtypepername(zone->db, val);
		12291	}
		12292	}
		12293
12289	static bool	12294	static bool
12290	notify_isqueued(dns_zone_t zone, unsigned int flags, dns_name_t name,	12295	notify_isqueued(dns_zone_t zone, unsigned int flags, dns_name_t name,
12291	isc_sockaddr_t addr, dns_tsigkey_t key,	12296	isc_sockaddr_t addr, dns_tsigkey_t key,
Lines 14753-14758 ns_query(dns_zone_t zone, dns_rdataset_t soardataset, dns_stub_t *stub) { Link Here
14753	goto cleanup;	14758	goto cleanup;
14754	}	14759	}
14755	dns_db_settask(stub->db, zone->task, zone->task);	14760	dns_db_settask(stub->db, zone->task, zone->task);
		14761	dns_db_setmaxrrperset(stub->db, zone->maxrrperset);
		14762	dns_db_setmaxtypepername(stub->db,
		14763	zone->maxtypepername);
14756	}	14764	}
14757		14765
14758	result = dns_db_newversion(stub->db, &stub->version);	14766	result = dns_db_newversion(stub->db, &stub->version);
Lines 17857-17862 zone_replacedb(dns_zone_t zone, dns_db_t db, bool dump) { Link Here
17857	}	17865	}
17858	zone_attachdb(zone, db);	17866	zone_attachdb(zone, db);
17859	dns_db_settask(zone->db, zone->task, zone->task);	17867	dns_db_settask(zone->db, zone->task, zone->task);
		17868	dns_db_setmaxrrperset(zone->db, zone->maxrrperset);
		17869	dns_db_setmaxtypepername(zone->db, zone->maxtypepername);
17860	DNS_ZONE_SETFLAG(zone, DNS_ZONEFLG_LOADED \| DNS_ZONEFLG_NEEDNOTIFY);	17870	DNS_ZONE_SETFLAG(zone, DNS_ZONEFLG_LOADED \| DNS_ZONEFLG_NEEDNOTIFY);
17861	return (ISC_R_SUCCESS);	17871	return (ISC_R_SUCCESS);
17862		17872
Lines 22563-22569 failure: Link Here
22563	* Something went wrong; try again in ten minutes or	22573	* Something went wrong; try again in ten minutes or
22564	* after a key refresh interval, whichever is shorter.	22574	* after a key refresh interval, whichever is shorter.
22565	*/	22575	*/
22566	dnssec_log(zone, ISC_LOG_DEBUG(3),	22576	int loglevel = ISC_LOG_DEBUG(3);
		22577	if (result != DNS_R_NOTLOADED) {
		22578	loglevel = ISC_LOG_ERROR;
		22579	}
		22580	dnssec_log(zone, loglevel,
22567	"zone_rekey failure: %s (retry in %u seconds)",	22581	"zone_rekey failure: %s (retry in %u seconds)",
22568	isc_result_totext(result),	22582	isc_result_totext(result),
22569	ISC_MIN(zone->refreshkeyinterval, 600));	22583	ISC_MIN(zone->refreshkeyinterval, 600));
Lines 24224-24226 zmgr_tlsctx_attach(dns_zonemgr_t zmgr, isc_tlsctx_cache_t *ptlsctx_cache) { Link Here
24224		24238
24225	RWUNLOCK(&zmgr->tlsctx_cache_rwlock, isc_rwlocktype_read);	24239	RWUNLOCK(&zmgr->tlsctx_cache_rwlock, isc_rwlocktype_read);
24226	}	24240	}
		24241
		24242	isc_result_t
		24243	dns_zone_makedb(dns_zone_t zone, dns_db_t *dbp) {
		24244	REQUIRE(DNS_ZONE_VALID(zone));
		24245	REQUIRE(dbp != NULL && *dbp == NULL);
		24246
		24247	dns_db_t *db = NULL;
		24248
		24249	isc_result_t result = dns_db_create(
		24250	zone->mctx, zone->db_argv[0], &zone->origin,
		24251	(zone->type == dns_zone_stub) ? dns_dbtype_stub
		24252	: dns_dbtype_zone,
		24253	zone->rdclass, zone->db_argc - 1, zone->db_argv + 1, &db);
		24254	if (result != ISC_R_SUCCESS) {
		24255	return (result);
		24256	}
		24257
		24258	switch (zone->type) {
		24259	case dns_zone_primary:
		24260	case dns_zone_secondary:
		24261	case dns_zone_mirror:
		24262	result = dns_db_setgluecachestats(db, zone->gluecachestats);
		24263	if (result == ISC_R_NOTIMPLEMENTED) {
		24264	result = ISC_R_SUCCESS;
		24265	}
		24266	if (result != ISC_R_SUCCESS) {
		24267	dns_db_detach(&db);
		24268	return (result);
		24269	}
		24270	break;
		24271	default:
		24272	break;
		24273	}
		24274
		24275	dns_db_settask(db, zone->task, zone->task);
		24276	dns_db_setmaxrrperset(db, zone->maxrrperset);
		24277	dns_db_setmaxtypepername(db, zone->maxtypepername);
		24278
		24279	*dbp = db;
		24280
		24281	return (ISC_R_SUCCESS);
		24282	}

Lines 3302-3310 update_action(isc_task_t task, isc_event_t event) { Link Here

(-)a/lib/ns/update.c (-3 / +12 lines)
3302	dns_diff_clear(&ctx.add_diff);	3302	dns_diff_clear(&ctx.add_diff);
3303	goto failure;	3303	goto failure;
3304	}	3304	}
3305	CHECK(update_one_rr(db, ver, &diff,	3305	result = update_one_rr(
3306	DNS_DIFFOP_ADD,	3306	db, ver, &diff, DNS_DIFFOP_ADD,
3307	name, ttl, &rdata));	3307	name, ttl, &rdata);
		3308	if (result != ISC_R_SUCCESS) {
		3309	update_log(client, zone,
		3310	LOGLEVEL_PROTOCOL,
		3311	"adding an RR "
		3312	"failed: %s",
		3313	isc_result_totext(
		3314	result));
		3315	goto failure;
		3316	}
3308	}	3317	}
3309	}	3318	}
3310	} else if (update_class == dns_rdataclass_any) {	3319	} else if (update_class == dns_rdataclass_any) {