diff --git a/doc/Changelog b/doc/Changelog index af26a2559..49674aa11 100644 --- a/doc/Changelog +++ b/doc/Changelog @@ -1,3 +1,6 @@ +16 June 2017: Ralph + - Fix #1277: disable domain ratelimit by setting value to 0. + 16 June 2017: Wouter - Fix #1301: memory leak in respip and tests. - Free callback in edns-subnetmod on exit and restart. diff --git a/doc/unbound.conf.5.in b/doc/unbound.conf.5.in index f88116a67..721cd3d76 100644 --- a/doc/unbound.conf.5.in +++ b/doc/unbound.conf.5.in @@ -1202,20 +1202,20 @@ This can make ordinary queries complete (if repeatedly queried for), and enter the cache, whilst also mitigating the traffic flow by the factor given. .TP 5 -.B ratelimit\-for\-domain: \fI +.B ratelimit\-for\-domain: \fI Override the global ratelimit for an exact match domain name with the listed number. You can give this for any number of names. For example, for a top\-level\-domain you may want to have a higher limit than other names. -A value of \-1 will disable ratelimiting for that domain. +A value of 0 will disable ratelimiting for that domain. .TP 5 -.B ratelimit\-below\-domain: \fI +.B ratelimit\-below\-domain: \fI Override the global ratelimit for a domain name that ends in this name. You can give this multiple times, it then describes different settings in different parts of the namespace. The closest matching suffix is used to determine the qps limit. The rate for the exact matching domain name is not changed, use ratelimit\-for\-domain to set that, you might want to use different settings for a top\-level\-domain and subdomains. -A value of \-1 will disable ratelimiting for domain names that end in this name. +A value of 0 will disable ratelimiting for domain names that end in this name. .TP 5 .B ip\-ratelimit: \fI Enable global ratelimiting of queries accepted per ip address. diff --git a/services/cache/infra.c b/services/cache/infra.c index 314c85ef5..ca1102ef5 100644 --- a/services/cache/infra.c +++ b/services/cache/infra.c @@ -893,6 +893,8 @@ int infra_ratelimit_inc(struct infra_cache* infra, uint8_t* name, /* find ratelimit */ lim = infra_find_ratelimit(infra, name, namelen); + if(!lim) + return 1; /* disabled for this domain */ /* find or insert ratedata */ entry = infra_find_ratedata(infra, name, namelen, 1); @@ -941,6 +943,8 @@ int infra_ratelimit_exceeded(struct infra_cache* infra, uint8_t* name, /* find ratelimit */ lim = infra_find_ratelimit(infra, name, namelen); + if(!lim) + return 0; /* disabled for this domain */ /* find current rate */ entry = infra_find_ratedata(infra, name, namelen, 0); diff --git a/services/cache/infra.h b/services/cache/infra.h index 6f9471a39..10db796bf 100644 --- a/services/cache/infra.h +++ b/services/cache/infra.h @@ -401,7 +401,7 @@ int infra_ratelimit_exceeded(struct infra_cache* infra, uint8_t* name, /** find the maximum rate stored, not too old. 0 if no information. */ int infra_rate_max(void* data, time_t now); -/** find the ratelimit in qps for a domain */ +/** find the ratelimit in qps for a domain. 0 if no limit for domain. */ int infra_find_ratelimit(struct infra_cache* infra, uint8_t* name, size_t namelen);