diff options
author | Lennart Poettering <lennart@poettering.net> | 2016-01-04 22:25:38 +0100 |
---|---|---|
committer | Lennart Poettering <lennart@poettering.net> | 2016-01-04 22:42:10 +0100 |
commit | f2992dc184398c6361273a39d3fde5c605e045e0 (patch) | |
tree | a3cfc3913fcdfc944e04c16ca7353a6520d80535 /src/boot | |
parent | 51e399bcebefb27d6b147d90de84d07f010fa170 (diff) |
resolved: explicitly avoid cyclic transaction dependencies
We already try hard not to create cyclic transaction dependencies, where
a transaction requires another one for DNSSEC validation purposes, which
in turn (possibly indirectly) pulls in the original transaction again,
thus resulting in a cyclic dependency and ultimately a deadlock since
each transaction waits for another one forever.
So far we wanted to avoid such cyclic dependencies by only going "up the
tree" when requesting auxiliary RRs and only going from one RR type to
another, but never back. However this turned out to be insufficient.
Consider a domain that publishes one or more DNSKEY but which has no DS
for it. A request for the domain's DNSKEY triggers a request for the
domain's DS, which will then fail, but return an NSEC, signed by the
DNSKEY. To validate that we'd request the DNSKEY again. Thus a DNSKEY
request results in a DS request which results in the original DNSKEY
request again. If the original lookup had been a DS lookup we'd end up
in the same cyclic dependency, hence we cannot statically break one of
them, since both requests are of course fully valid. Hence, do full
cyclic dependency checking: each time we are about to add a dependency
to a transaction, check if the transaction is already a dependency of
the dependency (recursively down the tree).
Diffstat (limited to 'src/boot')
0 files changed, 0 insertions, 0 deletions