Reduce the default value for max-stale-ttl from 1 week to 12 hours

Originally, the default value for max-stale-ttl was 1 week, which could and in some scenarios lead to cache exhaustion on a busy resolvers. Picking the default value will always be juggling between value that's useful (e.g. keeping the already cached records after they have already expired and the upstream name servers are down) and not bloating the cache too much (e.g. keeping everything for a very long time). The new default reflects what we think is a reasonable to time to react on both sides (upstream authoritative and downstream recursive).
2026-06-08 19:52:07 -04:00 · 2020-05-27 17:48:39 +02:00 · 2020-05-27 17:48:39 +02:00 · 13fd3ecfab
commit 13fd3ecfab
parent b1dc79b5d7
3 changed files with 7 additions and 5 deletions
--- a/bin/named/config.c
+++ b/bin/named/config.c
@ -170,7 +170,7 @@ options {\n\
 	max-ncache-ttl 10800; /* 3 hours */\n\
 	max-recursion-depth 7;\n\
 	max-recursion-queries 75;\n\
-	max-stale-ttl 604800; /* 1 week */\n\
+	max-stale-ttl 43200; /* 12 hours */\n\
 	message-compression yes;\n\
 	min-ncache-ttl 0; /* 0 hours */\n\
 	min-cache-ttl 0; /* 0 seconds */\n\
--- a/bin/tests/system/serve-stale/tests.sh
+++ b/bin/tests/system/serve-stale/tests.sh
@ -21,6 +21,8 @@ waitfile () {
    done
 }

+max_stale_ttl=$(sed -ne 's,^[[:space:]]*max-stale-ttl \([[:digit:]]*\).*,\1,p' $TOP_SRCDIR/bin/named/config.c)
+
 status=0
 n=0

@ -723,7 +725,7 @@ n=$((n+1))
 echo_i "check 'rndc serve-stale status' ($n)"
 ret=0
 $RNDCCMD 10.53.0.3 serve-stale status > rndc.out.test$n 2>&1 || ret=1
-grep '_default: off (stale-answer-ttl=1 max-stale-ttl=604800)' rndc.out.test$n > /dev/null || ret=1
+grep "_default: off (stale-answer-ttl=1 max-stale-ttl=$max_stale_ttl)" rndc.out.test$n > /dev/null || ret=1
 if [ $ret != 0 ]; then echo_i "failed"; fi
 status=$((status+ret))

@ -804,7 +806,7 @@ n=$((n+1))
 echo_i "check 'rndc serve-stale status' ($n)"
 ret=0
 $RNDCCMD 10.53.0.3 serve-stale status > rndc.out.test$n 2>&1 || ret=1
-grep '_default: on (rndc) (stale-answer-ttl=1 max-stale-ttl=604800)' rndc.out.test$n > /dev/null || ret=1
+grep "_default: on (rndc) (stale-answer-ttl=1 max-stale-ttl=$max_stale_ttl)" rndc.out.test$n > /dev/null || ret=1
 if [ $ret != 0 ]; then echo_i "failed"; fi
 status=$((status+ret))

@ -951,7 +953,7 @@ n=$((n+1))
 echo_i "check 'rndc serve-stale status' ($n)"
 ret=0
 $RNDCCMD 10.53.0.4 serve-stale status > rndc.out.test$n 2>&1 || ret=1
-grep '_default: off (stale-answer-ttl=1 max-stale-ttl=604800)' rndc.out.test$n > /dev/null || ret=1
+grep "_default: off (stale-answer-ttl=1 max-stale-ttl=$max_stale_ttl)" rndc.out.test$n > /dev/null || ret=1
 if [ $ret != 0 ]; then echo_i "failed"; fi
 status=$((status+ret))

--- a/doc/arm/reference.rst
+++ b/doc/arm/reference.rst
@ -3264,7 +3264,7 @@ Tuning
   If stale answers are enabled, ``max-stale-ttl`` sets the maximum time
   for which the server retains records past their normal expiry to
   return them as stale records, when the servers for those records are
-   not reachable. The default is 1 week. The minimum allowed is 1
+   not reachable. The default is 12 hours. The minimum allowed is 1
   second; a value of 0 is updated silently to 1 second.

   For stale answers to be returned, they must be enabled, either in the