[PR #2998] [MERGED] Remove post-hoc recursion depth check #3483

New issue

Closed

opened 2026-03-16 11:46:04 +03:00 by kerem · 0 comments

kerem commented

2026-03-16 11:46:04 +03:00

Owner

📋 Pull Request Information

Original PR: https://github.com/hickory-dns/hickory-dns/pull/2998
Author: @divergentdave
Created: 5/19/2025
Status: ✅ Merged
Merged: 5/20/2025
Merged by: @djc

Base: main ← Head: david/remove-post-hoc-depth-check

📝 Commits (1)

1555b9e Remove post-hoc recursion depth check

📊 Changes

2 files changed (+11 additions, -11 deletions)

View changed files

📝 crates/recursor/src/recursor_dns_handle.rs (+4 -5)
📝 tests/e2e-tests/src/recursor/delegation/scenarios.rs (+7 -6)

📄 Description

This removes a recursion depth check that happens after the recursive calls are complete. This check alone does not protect us from DoS attacks, since it's in the wrong place, but the depth check at the top of ns_pool_for_zone() does take care of this. Since the ns_depth variable is not used anywhere else in this method, we can delete the increment of it, and ignore the depth returned from ns_pool_for_zone() here. This will simplify future analysis of and changes to recursion limits. One test needed to be tweaked as a result of removing this check.

_{🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.}

## 📋 Pull Request Information **Original PR:** https://github.com/hickory-dns/hickory-dns/pull/2998 **Author:** [@divergentdave](https://github.com/divergentdave) **Created:** 5/19/2025 **Status:** ✅ Merged **Merged:** 5/20/2025 **Merged by:** [@djc](https://github.com/djc) **Base:** `main` ← **Head:** `david/remove-post-hoc-depth-check` --- ### 📝 Commits (1) - [`1555b9e`](https://github.com/hickory-dns/hickory-dns/commit/1555b9eecf82ac14615894190f7c183335aff4af) Remove post-hoc recursion depth check ### 📊 Changes **2 files changed** (+11 additions, -11 deletions) <details> <summary>View changed files</summary> 📝 `crates/recursor/src/recursor_dns_handle.rs` (+4 -5) 📝 `tests/e2e-tests/src/recursor/delegation/scenarios.rs` (+7 -6) </details> ### 📄 Description This removes a recursion depth check that happens after the recursive calls are complete. This check alone does not protect us from DoS attacks, since it's in the wrong place, but the depth check at the top of `ns_pool_for_zone()` does take care of this. Since the `ns_depth` variable is not used anywhere else in this method, we can delete the increment of it, and ignore the depth returned from `ns_pool_for_zone()` here. This will simplify future analysis of and changes to recursion limits. One test needed to be tweaked as a result of removing this check. --- <sub>🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.</sub>