resolve: Adjust and unify D-Bus call timeout (#7847)

DNS queries have a timeout of DNS_TRANSACTION_ATTEMPTS_MAX *
DNS_TIMEOUT_MAX_USEC = 120 s. Calls to the ResolveHostname method of
the org.freedesktop.resolve1.Manager interface have various call
timeouts that are smaller than 120 s. So it seems correct to adjust
the call timeout to the maximum query timeout and to unify the call
timeout among all callers.

A timeout of 120 s might seem large, in particular since BIND does seem
to have a query timeout of 10 s. However, it seems match the timeout
value of 120 s of Unbound. Moreover, the query and timeout handling of
resolve have problems and might be improved in the future, so this
change is at best an interim solution.

diff --git a/src/nss-resolve/nss-resolve.c b/src/nss-resolve/nss-resolve.c
index cab3c22..fe6ce4c 100644 (file)
--- a/src/nss-resolve/nss-resolve.c
+++ b/src/nss-resolve/nss-resolve.c
@@ -30,6 +30,7 @@
 #include "in-addr-util.h"
 #include "macro.h"
 #include "nss-util.h"
+#include "resolved-def.h"
 #include "string-util.h"
 #include "util.h"
 #include "signal-util.h"
@@ -37,8 +38,6 @@
 NSS_GETHOSTBYNAME_PROTOTYPES(resolve);
 NSS_GETHOSTBYADDR_PROTOTYPES(resolve);
 
-#define DNS_CALL_TIMEOUT_USEC (45*USEC_PER_SEC)
-
 static bool bus_error_shall_fallback(sd_bus_error *e) {
         return sd_bus_error_has_name(e, SD_BUS_ERROR_SERVICE_UNKNOWN) ||
                sd_bus_error_has_name(e, SD_BUS_ERROR_NAME_HAS_NO_OWNER) ||
@@ -157,7 +156,7 @@ enum nss_status _nss_resolve_gethostbyname4_r(
         if (r < 0)
                 goto fail;
 
-        r = sd_bus_call(bus, req, DNS_CALL_TIMEOUT_USEC, &error, &reply);
+        r = sd_bus_call(bus, req, SD_RESOLVED_QUERY_TIMEOUT_USEC, &error, &reply);
         if (r < 0) {
                 if (sd_bus_error_has_name(&error, _BUS_ERROR_DNS "NXDOMAIN")) {
                         *errnop = ESRCH;
@@ -335,7 +334,7 @@ enum nss_status _nss_resolve_gethostbyname3_r(
         if (r < 0)
                 goto fail;
 
-        r = sd_bus_call(bus, req, DNS_CALL_TIMEOUT_USEC, &error, &reply);
+        r = sd_bus_call(bus, req, SD_RESOLVED_QUERY_TIMEOUT_USEC, &error, &reply);
         if (r < 0) {
                 if (sd_bus_error_has_name(&error, _BUS_ERROR_DNS "NXDOMAIN")) {
                         *errnop = ESRCH;
@@ -533,7 +532,7 @@ enum nss_status _nss_resolve_gethostbyaddr2_r(
         if (r < 0)
                 goto fail;
 
-        r = sd_bus_call(bus, req, DNS_CALL_TIMEOUT_USEC, &error, &reply);
+        r = sd_bus_call(bus, req, SD_RESOLVED_QUERY_TIMEOUT_USEC, &error, &reply);
         if (r < 0) {
                 if (sd_bus_error_has_name(&error, _BUS_ERROR_DNS "NXDOMAIN")) {
                         *errnop = ESRCH;

diff --git a/src/resolve/resolve-tool.c b/src/resolve/resolve-tool.c
index 0252bdf..2a6bf94 100644 (file)
--- a/src/resolve/resolve-tool.c
+++ b/src/resolve/resolve-tool.c
@@ -41,8 +41,6 @@
 #include "strv.h"
 #include "terminal-util.h"
 
-#define DNS_CALL_TIMEOUT_USEC (90*USEC_PER_SEC)
-
 static int arg_family = AF_UNSPEC;
 static int arg_ifindex = 0;
 static uint16_t arg_type = 0;
@@ -175,7 +173,7 @@ static int resolve_host(sd_bus *bus, const char *name) {
 
         ts = now(CLOCK_MONOTONIC);
 
-        r = sd_bus_call(bus, req, DNS_CALL_TIMEOUT_USEC, &error, &reply);
+        r = sd_bus_call(bus, req, SD_RESOLVED_QUERY_TIMEOUT_USEC, &error, &reply);
         if (r < 0)
                 return log_error_errno(r, "%s: resolve call failed: %s", name, bus_error_message(&error, r));
 
@@ -306,7 +304,7 @@ static int resolve_address(sd_bus *bus, int family, const union in_addr_union *a
 
         ts = now(CLOCK_MONOTONIC);
 
-        r = sd_bus_call(bus, req, DNS_CALL_TIMEOUT_USEC, &error, &reply);
+        r = sd_bus_call(bus, req, SD_RESOLVED_QUERY_TIMEOUT_USEC, &error, &reply);
         if (r < 0) {
                 log_error("%s: resolve call failed: %s", pretty, bus_error_message(&error, r));
                 return r;
@@ -442,7 +440,7 @@ static int resolve_record(sd_bus *bus, const char *name, uint16_t class, uint16_
 
         ts = now(CLOCK_MONOTONIC);
 
-        r = sd_bus_call(bus, req, DNS_CALL_TIMEOUT_USEC, &error, &reply);
+        r = sd_bus_call(bus, req, SD_RESOLVED_QUERY_TIMEOUT_USEC, &error, &reply);
         if (r < 0) {
                 if (warn_missing || r != -ENXIO)
                         log_error("%s: resolve call failed: %s", name, bus_error_message(&error, r));
@@ -685,7 +683,7 @@ static int resolve_service(sd_bus *bus, const char *name, const char *type, cons
 
         ts = now(CLOCK_MONOTONIC);
 
-        r = sd_bus_call(bus, req, DNS_CALL_TIMEOUT_USEC, &error, &reply);
+        r = sd_bus_call(bus, req, SD_RESOLVED_QUERY_TIMEOUT_USEC, &error, &reply);
         if (r < 0)
                 return log_error_errno(r, "Resolve call failed: %s", bus_error_message(&error, r));
 

diff --git a/src/resolve/resolved-def.h b/src/resolve/resolved-def.h
index 64c2b15..96f9310 100644 (file)
--- a/src/resolve/resolved-def.h
+++ b/src/resolve/resolved-def.h
@@ -22,6 +22,8 @@
 
 #include <inttypes.h>
 
+#include "time-util.h"
+
 #define SD_RESOLVED_DNS           (UINT64_C(1) << 0)
 #define SD_RESOLVED_LLMNR_IPV4    (UINT64_C(1) << 1)
 #define SD_RESOLVED_LLMNR_IPV6    (UINT64_C(1) << 2)
@@ -37,3 +39,5 @@
 #define SD_RESOLVED_MDNS          (SD_RESOLVED_MDNS_IPV4|SD_RESOLVED_MDNS_IPV6)
 
 #define SD_RESOLVED_PROTOCOLS_ALL (SD_RESOLVED_MDNS|SD_RESOLVED_LLMNR|SD_RESOLVED_DNS)
+
+#define SD_RESOLVED_QUERY_TIMEOUT_USEC (120 * USEC_PER_SEC)

diff --git a/src/resolve/resolved-dns-query.c b/src/resolve/resolved-dns-query.c
index 227d0b5..5f51340 100644 (file)
--- a/src/resolve/resolved-dns-query.c
+++ b/src/resolve/resolved-dns-query.c
@@ -28,9 +28,6 @@
 #include "resolved-etc-hosts.h"
 #include "string-util.h"
 
-/* How long to wait for the query in total */
-#define QUERY_TIMEOUT_USEC (60 * USEC_PER_SEC)
-
 #define CNAME_MAX 8
 #define QUERIES_MAX 2048
 #define AUXILIARY_QUERIES_MAX 64
@@ -769,8 +766,8 @@ int dns_query_go(DnsQuery *q) {
                         q->manager->event,
                         &q->timeout_event_source,
                         clock_boottime_or_monotonic(),
-                        now(clock_boottime_or_monotonic()) + QUERY_TIMEOUT_USEC, 0,
-                        on_query_timeout, q);
+                        now(clock_boottime_or_monotonic()) + SD_RESOLVED_QUERY_TIMEOUT_USEC,
+                        0, on_query_timeout, q);
         if (r < 0)
                 goto fail;
 

diff --git a/src/resolve/resolved-dns-server.c b/src/resolve/resolved-dns-server.c
index d470a64..68c5d5c 100644 (file)
--- a/src/resolve/resolved-dns-server.c
+++ b/src/resolve/resolved-dns-server.c
@@ -30,7 +30,7 @@
 
 /* After how much time to repeat classic DNS requests */
 #define DNS_TIMEOUT_MIN_USEC (750 * USEC_PER_MSEC)
-#define DNS_TIMEOUT_MAX_USEC (5 * USEC_PER_SEC)
+#define DNS_TIMEOUT_MAX_USEC (SD_RESOLVED_QUERY_TIMEOUT_USEC / DNS_TRANSACTION_ATTEMPTS_MAX)
 
 /* The amount of time to wait before retrying with a full feature set */
 #define DNS_SERVER_FEATURE_GRACE_PERIOD_MAX_USEC (6 * USEC_PER_HOUR)

diff --git a/src/resolve/test-dnssec-complex.c b/src/resolve/test-dnssec-complex.c
index e7b0779..514f72e 100644 (file)
--- a/src/resolve/test-dnssec-complex.c
+++ b/src/resolve/test-dnssec-complex.c
@@ -27,11 +27,10 @@
 #include "bus-common-errors.h"
 #include "dns-type.h"
 #include "random-util.h"
+#include "resolved-def.h"
 #include "string-util.h"
 #include "time-util.h"
 
-#define DNS_CALL_TIMEOUT_USEC (45*USEC_PER_SEC)
-
 static void prefix_random(const char *name, char **ret) {
         uint64_t i, u;
         char *m = NULL;
@@ -75,7 +74,7 @@ static void test_rr_lookup(sd_bus *bus, const char *name, uint16_t type, const c
 
         assert_se(sd_bus_message_append(req, "isqqt", 0, name, DNS_CLASS_IN, type, UINT64_C(0)) >= 0);
 
-        r = sd_bus_call(bus, req, DNS_CALL_TIMEOUT_USEC, &error, &reply);
+        r = sd_bus_call(bus, req, SD_RESOLVED_QUERY_TIMEOUT_USEC, &error, &reply);
 
         if (r < 0) {
                 assert_se(result);
@@ -112,7 +111,7 @@ static void test_hostname_lookup(sd_bus *bus, const char *name, int family, cons
 
         assert_se(sd_bus_message_append(req, "isit", 0, name, family, UINT64_C(0)) >= 0);
 
-        r = sd_bus_call(bus, req, DNS_CALL_TIMEOUT_USEC, &error, &reply);
+        r = sd_bus_call(bus, req, SD_RESOLVED_QUERY_TIMEOUT_USEC, &error, &reply);
 
         if (r < 0) {
                 assert_se(result);