limit CNAME recursion

src/core/ngx_resolver.c

diff --git a/src/core/ngx_resolver.c b/src/core/ngx_resolver.c
index 47e43ab..a5b8efb 100644
--- a/src/core/ngx_resolver.c
+++ b/src/core/ngx_resolver.c
@@ -435,10 +435,29 @@
 
             /* NGX_RESOLVE_CNAME */
 
-            ctx->name.len = rn->cnlen;
-            ctx->name.data = rn->u.cname;
+            if (ctx->recursion++ < NGX_RESOLVER_MAX_RECURSION) {
 
-            return ngx_resolve_name_locked(r, ctx);
+                ctx->name.len = rn->cnlen;
+                ctx->name.data = rn->u.cname;
+
+                return ngx_resolve_name_locked(r, ctx);
+            }
+
+            ctx->next = rn->waiting;
+            rn->waiting = NULL;
+
+            /* unlock name mutex */
+
+            do {
+                ctx->state = NGX_RESOLVE_NXDOMAIN;
+                next = ctx->next;
+
+                ctx->handler(ctx);
+
+                ctx = next;
+            } while (ctx);
+
+            return NGX_OK;
         }
 
         if (rn->waiting) {

src/core/ngx_resolver.h

diff --git a/src/core/ngx_resolver.h b/src/core/ngx_resolver.h
index 0086d6a..6c4afac 100644
--- a/src/core/ngx_resolver.h
+++ b/src/core/ngx_resolver.h
@@ -29,6 +29,8 @@
 
 #define NGX_NO_RESOLVER       (void *) -1
 
+#define NGX_RESOLVER_MAX_RECURSION    50
+
 
 typedef struct {
     ngx_connection_t         *connection;
@@ -128,6 +130,7 @@
     ngx_msec_t                timeout;
 
     ngx_uint_t                quick;  /* unsigned  quick:1; */
+    ngx_uint_t                recursion;
     ngx_event_t              *event;
 };