Package: bind9 Version: 9.10.3.dfsg.P4-12.3 Severity: serious Please cherry-pick this upstream patch to fix the broken prefetching logic, which is enabled by default:
https://kb.isc.org/article/AA-01315/0/prefetch-performance-in-BIND-9.10.html --- bind9-9.10.3.dfsg.P4.orig/bin/named/query.c +++ bind9-9.10.3.dfsg.P4/bin/named/query.c @@ -92,6 +92,9 @@ /*% Want Recursion? */ #define WANTRECURSION(c) (((c)->query.attributes & \ NS_QUERYATTR_WANTRECURSION) != 0) +/*% Is TCP? */ +#define TCP(c) (((c)->attributes & NS_CLIENTATTR_TCP) != 0) + /*% Want DNSSEC? */ #define WANTDNSSEC(c) (((c)->attributes & \ NS_CLIENTATTR_WANTDNSSEC) != 0) @@ -3889,6 +3892,8 @@ query_prefetch(ns_client_t *client, dns_ if (client->recursionquota == NULL) { result = isc_quota_attach(&ns_g_server->recursionquota, &client->recursionquota); + if (result == ISC_R_SUCCESS && !client->mortal && !TCP(client)) + result = ns_client_replace(client); if (result != ISC_R_SUCCESS) return; isc_stats_increment(ns_g_server->nsstats,
signature.asc
Description: Digital signature
