From d9a03233c6ea11f20c2fbeca87b763673859f8b2 Mon Sep 17 00:00:00 2001
From: Evan Hunt <each@isc.org>
Date: Thu, 1 Sep 2022 16:22:46 -0700
Subject: [PATCH] add a configuration option for the update quota

add an "update-quota" option to configure the update quota.

(cherry picked from commit f57758a7303ad0034ff2ff08eaaf2ef899630f19)
---
 bin/named/config.c                   |  1 +
 bin/named/named.conf.docbook         |  2 ++
 bin/named/server.c                   |  1 +
 bin/tests/system/checkconf/good.conf |  1 +
 doc/arm/Bv9ARM-book.xml              | 11 +++++++++++
 doc/arm/options.grammar.xml          |  1 +
 doc/misc/options                     |  1 +
 lib/isccfg/namedconf.c               |  1 +
 8 files changed, 19 insertions(+)

diff --git a/bin/named/config.c b/bin/named/config.c
index 62d1e88..e3731cf 100644
--- a/bin/named/config.c
+++ b/bin/named/config.c
@@ -134,6 +134,7 @@ options {\n\
 	transfers-per-ns 2;\n\
 #	treat-cr-as-space <obsolete>;\n\
 	trust-anchor-telemetry yes;\n\
+	update-quota 100;\n\
 #	use-id-pool <obsolete>;\n\
 #	use-ixfr <obsolete>;\n\
 \n\
diff --git a/bin/named/named.conf.docbook b/bin/named/named.conf.docbook
index 6565fce..5842cb5 100644
--- a/bin/named/named.conf.docbook
+++ b/bin/named/named.conf.docbook
@@ -455,6 +455,7 @@ options {
 	trust-anchor-telemetry <replaceable>boolean</replaceable>; // experimental
 	try-tcp-refresh <replaceable>boolean</replaceable>;
 	update-check-ksk <replaceable>boolean</replaceable>;
+	update-quota <replaceable>integer</replaceable>;
 	use-alt-transfer-source <replaceable>boolean</replaceable>;
 	use-v4-udp-ports { <replaceable>portrange</replaceable>; ... };
 	use-v6-udp-ports { <replaceable>portrange</replaceable>; ... };
@@ -864,6 +865,7 @@ view <replaceable>string</replaceable> [ <replaceable>class</replaceable> ] {
 		type ( delegation-only | forward | hint | master | redirect
 		    | slave | static-stub | stub );
 		update-check-ksk <replaceable>boolean</replaceable>;
+		update-quota <replaceable>integer</replaceable>;
 		update-policy ( local | { ( deny | grant ) <replaceable>string</replaceable> (
 		    6to4-self | external | krb5-self | krb5-selfsub |
 		    krb5-subdomain | ms-self | ms-selfsub | ms-subdomain |
diff --git a/bin/named/server.c b/bin/named/server.c
index f09b895..7af90d0 100644
--- a/bin/named/server.c
+++ b/bin/named/server.c
@@ -7792,6 +7792,7 @@ load_configuration(const char *filename, ns_server_t *server,
 	configure_server_quota(maps, "tcp-clients", &server->tcpquota);
 	configure_server_quota(maps, "recursive-clients",
 			       &server->recursionquota);
+	configure_server_quota(maps, "update-quota", &server->updquota);
 
 	if (server->recursionquota.max > 1000) {
 		int margin = ISC_MAX(100, ns_g_cpus + 1);
diff --git a/bin/tests/system/checkconf/good.conf b/bin/tests/system/checkconf/good.conf
index 1359cf3..5d9b292 100644
--- a/bin/tests/system/checkconf/good.conf
+++ b/bin/tests/system/checkconf/good.conf
@@ -63,6 +63,7 @@ options {
 	serial-queries 10;
 	serial-query-rate 100;
 	server-id none;
+	update-quota 200;
 	max-cache-size 20000000000000;
 	nta-lifetime 604800;
 	nta-recheck 604800;
diff --git a/doc/arm/Bv9ARM-book.xml b/doc/arm/Bv9ARM-book.xml
index 9aca6d7..acf772b 100644
--- a/doc/arm/Bv9ARM-book.xml
+++ b/doc/arm/Bv9ARM-book.xml
@@ -8599,6 +8599,17 @@ avoid-v6-udp-ports { 40000; range 50000 60000; };
 	      </listitem>
 	    </varlistentry>
 
+	    <varlistentry>
+	      <term><command>update-quota</command></term>
+	      <listitem>
+		<para>
+		This is the maximum number of simultaneous DNS UPDATE messages that
+		the server will accept for updating local authoritiative zones or
+			forwarding to a primary server. The default is <userinput>100</userinput>.
+		</para>
+	      </listitem>
+	    </varlistentry>
+
 	  </variablelist>
 
 	</section>
diff --git a/doc/arm/options.grammar.xml b/doc/arm/options.grammar.xml
index 793ac0b..1d17ea8 100644
--- a/doc/arm/options.grammar.xml
+++ b/doc/arm/options.grammar.xml
@@ -277,6 +277,7 @@
 	<command>trust-anchor-telemetry</command> <replaceable>boolean</replaceable>; // experimental
 	<command>try-tcp-refresh</command> <replaceable>boolean</replaceable>;
 	<command>update-check-ksk</command> <replaceable>boolean</replaceable>;
+	<command>update-quota</command> <replaceable>integer</replaceable>;
 	<command>use-alt-transfer-source</command> <replaceable>boolean</replaceable>;
 	<command>use-v4-udp-ports</command> { <replaceable>portrange</replaceable>; ... };
 	<command>use-v6-udp-ports</command> { <replaceable>portrange</replaceable>; ... };
diff --git a/doc/misc/options b/doc/misc/options
index fde93c7..e6d6ba6 100644
--- a/doc/misc/options
+++ b/doc/misc/options
@@ -357,6 +357,7 @@ options {
         trust-anchor-telemetry <boolean>; // experimental
         try-tcp-refresh <boolean>;
         update-check-ksk <boolean>;
+        update-quota <integer>;
         use-alt-transfer-source <boolean>;
         use-id-pool <boolean>; // obsolete
         use-ixfr <boolean>; // obsolete
diff --git a/lib/isccfg/namedconf.c b/lib/isccfg/namedconf.c
index b562f95..667111c 100644
--- a/lib/isccfg/namedconf.c
+++ b/lib/isccfg/namedconf.c
@@ -1136,6 +1136,7 @@ options_clauses[] = {
 	{ "transfers-out", &cfg_type_uint32, 0 },
 	{ "transfers-per-ns", &cfg_type_uint32, 0 },
 	{ "treat-cr-as-space", &cfg_type_boolean, CFG_CLAUSEFLAG_OBSOLETE },
+	{ "update-quota", &cfg_type_uint32, 0 },
 	{ "use-id-pool", &cfg_type_boolean, CFG_CLAUSEFLAG_OBSOLETE },
 	{ "use-ixfr", &cfg_type_boolean, CFG_CLAUSEFLAG_OBSOLETE },
 	{ "use-v4-udp-ports", &cfg_type_bracketed_portlist, 0 },
-- 
2.39.2