mirror of https://github.com/systemd/systemd-stable.git synced 2024-12-25 23:21:33 +03:00

Backports of patch from systemd git to stable distributions

Go to file

Matthias-Christian Ott dbc4661a2c resolve: do not derive query timeout from RTT DNS queries need timeout values to detect whether a DNS server is unresponsive or, if the query is sent over UDP, whether a DNS message was lost and has to be resent. The total time that it takes to answer a query to arrive is t + RTT, where t is the maximum time that the DNS server that is being queried needs to answer the query. An authoritative server stores a copy of the zone that it serves in main memory or secondary storage, so t is very small and therefore the time that it takes to answer a query is almost entirely determined by the RTT. Modern authoritative server software keeps its zones in main memory and, for example, Knot DNS and NSD are able to answer in less than 100 µs [1]. So iterative resolvers continuously measure the RTT to optimize their query timeouts and to resend queries more quickly if they are lost. systemd-resolved is a stub resolver: it forwards DNS queries to an upstream resolver and waits for an answer. So the time that it takes for systemd-resolved to answer a query is determined by the RTT and the time that it takes the upstream resolver to answer the query. It seems common for iterative resolver software to set a total timeout for the query. Such total timeout subsumes the timeout of all queries that the iterative has to make to answer a query. For example, BIND seems to use a default timeout of 10 s. At the moment systemd-resolved derives its query timeout entirely from the RTT and does not consider the query timeout of the upstream resolver. Therefore it often mistakenly degrades the feature set of its upstream resolvers if it takes them longer than usual to answer a query. It has been reported to be a considerable problem in practice, in particular if DNSSEC=yes. So the query timeout systemd-resolved should be derived from the timeout of the upstream resolved and the RTT to the upstream resolver. At the moment systemd-resolved measures the RTT as the time that it takes the upstream resolver to answer a query. This clearly leads to incorrect measurements. In order to correctly measure the RTT systemd-resolved would have to measure RTT separately and continuously, for example with a query with an empty question section or a query for the SOA RR of the root zone so that the upstream resolver would be able to answer to query without querying another server. However, this requires significant changes to systemd-resolved. So it seems best to postpone them until other issues have been addressed and to set the resend timeout to a fixed value for now. As mentioned, BIND seems to use a timeout of 10 s, so perhaps 12 s is a reasonable value that also accounts for common RTT values. If we assume that the we are going to retry, it could be less. So it should be enough to set the resend timeout to DNS_TIMEOUT_MAX_USEC as DNS_SERVER_FEATURE_RETRY_ATTEMPTS * DNS_TIMEOUT_MAX_USEC = 15 s. However, this will not solve the incorrect feature set degradation and should be seen as a temporary change until systemd-resolved does probe the feature set of an upstream resolver independently from the actual queries. [1] https://www.knot-dns.cz/benchmark/		2018-06-12 23:21:18 +02:00
.github	github: use multiple issue templates	2018-05-10 07:58:38 -07:00
.mkosi	mkosi: ensure the 'hostname' tool is available in the build environment	2018-04-19 11:30:18 +02:00
catalog	tree-wide: drop license boilerplate	2018-04-06 18:58:55 +02:00
coccinelle	tools: make various scripts find the top-levle git dir automatically	2018-06-07 16:22:16 +02:00
doc	doc: typo fixes, mostly duplicated words	2018-06-12 15:49:37 +02:00
factory/etc	factory: remove broken pam_limits	2014-07-30 15:21:54 +02:00
hwdb	hwdb: HP ZBook Studio G4 wireless switch	2018-06-07 13:13:47 +02:00
man	Merge pull request #8849 from irtimmer/feature/dns-over-tls	2018-06-12 20:45:39 +02:00
modprobe.d	Add SPDX license headers to various assorted files	2017-11-19 19:08:15 +01:00
network	tree-wide: drop license boilerplate	2018-04-06 18:58:55 +02:00
po	po: update French translation	2018-05-30 08:21:40 +02:00
presets	tree-wide: drop license boilerplate	2018-04-06 18:58:55 +02:00
rules	udev: create /dev/disk/by-label symlink for LUKS2 (#8998 )	2018-05-15 16:51:07 +02:00
shell-completion	bash-completion: add completion for portablectl	2018-05-28 18:15:06 +09:00
src	resolve: do not derive query timeout from RTT	2018-06-12 23:21:18 +02:00
sysctl.d	sysctl.d: request ECN on both in and outgoing connections (#9143 )	2018-05-31 13:30:10 +02:00
sysusers.d	network: set DynamicUser= to systemd-networkd.service	2018-05-22 22:37:34 +09:00
test	Merge pull request #9246 from keszybz/ellipsize-invalid-mem-ref	2018-06-11 12:52:38 +02:00
tmpfiles.d	add new portable service framework	2018-05-24 17:01:57 +02:00
tools	coverity.sh: check that coverity responds with 200	2018-06-07 17:49:54 +00:00
travis-ci	travis: use Fedora 27 as a base image	2018-06-05 12:03:18 +03:00
units	add new portable service framework	2018-05-24 17:01:57 +02:00
xorg	login: avoid external process call	2018-01-12 18:02:57 +01:00
.dir-locals.el	meson: also indent scripts with 8 spaces	2017-04-25 08:49:16 -04:00
.editorconfig	editorconfig: add rule for meson.build files (#6671 )	2017-08-28 16:37:23 +02:00
.gitattributes	git: indicate that tabs are never OK in the systemd tree	2013-10-30 02:25:38 +01:00
.gitignore	Add mkosi.output/ to .gitignore	2017-11-29 14:33:56 +01:00
.mailmap	mailmap: one more person	2018-03-05 17:21:09 +01:00
.travis.yml	travis: stop sending notifications to the authors of randomly chosen commits	2018-06-07 17:51:01 +00:00
.vimrc	vimrc: fix indentation logic for our docbook xml files	2016-04-29 12:23:34 +02:00
.ycm_extra_conf.py	ycm: add doc string for all the functions in configuration file	2017-11-29 13:21:49 -07:00
configure	build-sys: add basic support for ./configure && make && make install	2017-07-18 10:05:06 -04:00
LICENSE.GPL2	relicense to LGPLv2.1 (with exceptions)	2012-04-12 00:24:39 +02:00
LICENSE.LGPL2.1	licence: remove references to old FSF address	2012-12-17 11:41:31 +01:00
Makefile	build-sys: Fix Makefile wrapper for install target (#6548 )	2017-08-07 11:29:20 +02:00
meson_options.txt	resolved: support for DNS-over-TLS	2018-06-11 21:35:58 +02:00
meson.build	resolved: support for DNS-over-TLS	2018-06-11 21:35:58 +02:00
mkosi.build	mkosi: drop dumping all test output to console again	2018-04-19 11:41:28 +02:00
mkosi.default	mkosi: create .mkosi directory	2016-10-06 11:53:58 -04:00
NEWS	NEWS: typo fixes	2018-06-12 15:41:38 +02:00
README	Turn VALGRIND variable into a meson configuration switch	2018-05-17 09:54:36 -07:00
README.md	README.md: embed the Travis CI badge	2018-06-07 17:53:43 +00:00
TODO	update TODO	2018-06-07 18:20:42 +02:00
zanata.xml	po: add basic fedora.zanata.org configuration	2018-02-19 13:56:57 +01:00

README.md

systemd - System and Service Manager

Details

General information about systemd can be found in the systemd Wiki.

Information about build requirements are provided in the README file.

Consult our NEWS file for information about what's new in the most recent systemd versions.

Please see the HACKING file for information how to hack on systemd and test your modifications.

Please see our Contribution Guidelines for more information about filing GitHub Issues and posting GitHub Pull Requests.

When preparing patches for systemd, please follow our Coding Style Guidelines.

If you are looking for support, please contact our mailing list or join our IRC channel.

Stable branches with backported patches are available in the stable repo.