mirror of
https://github.com/isc-projects/bind9.git
synced 2026-06-10 14:20:00 -04:00
Merge branch '3386-nxdomain-serve-stale-v9_18' into 'v9_18'
don't keep stale NXDOMAIN cache entries [v9.18] See merge request isc-projects/bind9!7180
This commit is contained in:
Ondřej Surý
commit
d3ae26fa8e
4 changed files with 24 additions and 30 deletions
4
CHANGES
4
CHANGES
|
|
@ -52,6 +52,10 @@
|
|||
headers. Bump the number of allowed HTTP headers
|
||||
to 100. [GL #3670]
|
||||
|
||||
5902. [func] NXDOMAIN cache records are no longer retained in
|
||||
the cache after expiry, even when serve-stale is
|
||||
in use. [GL #3386]
|
||||
|
||||
--- 9.18.9 released ---
|
||||
|
||||
6013. [bug] Fix a crash that could happen when you change
|
||||
|
|
|
|||
|
|
@ -173,10 +173,8 @@ status=$((status+ret))
|
|||
n=$((n+1))
|
||||
echo_i "check stale nxdomain.example TXT ($n)"
|
||||
ret=0
|
||||
grep "status: NXDOMAIN" dig.out.test$n > /dev/null || ret=1
|
||||
grep "status: SERVFAIL" dig.out.test$n > /dev/null || ret=1
|
||||
grep "ANSWER: 0," dig.out.test$n > /dev/null || ret=1
|
||||
grep "EDE: 19 (Stale NXDOMAIN Answer): (resolver failure)" dig.out.test$n > /dev/null || ret=1
|
||||
grep "example\..*4.*IN.*SOA" dig.out.test$n > /dev/null || ret=1
|
||||
if [ $ret != 0 ]; then echo_i "failed"; fi
|
||||
status=$((status+ret))
|
||||
|
||||
|
|
@ -195,7 +193,6 @@ grep "1 TXT" ns1/named.stats.$n.cachedb > /dev/null || ret=1
|
|||
grep "1 #Others" ns1/named.stats.$n.cachedb > /dev/null || ret=1
|
||||
grep "1 #TXT" ns1/named.stats.$n.cachedb > /dev/null || ret=1
|
||||
grep "1 #!TXT" ns1/named.stats.$n.cachedb > /dev/null || ret=1
|
||||
grep "1 #NXDOMAIN" ns1/named.stats.$n.cachedb > /dev/null || ret=1
|
||||
status=$((status+ret))
|
||||
if [ $ret != 0 ]; then echo_i "failed"; fi
|
||||
|
||||
|
|
@ -409,10 +406,8 @@ status=$((status+ret))
|
|||
n=$((n+1))
|
||||
echo_i "check stale nxdomain.example TXT (serve-stale on) ($n)"
|
||||
ret=0
|
||||
grep "status: NXDOMAIN" dig.out.test$n > /dev/null || ret=1
|
||||
grep "EDE: 19 (Stale NXDOMAIN Answer): (resolver failure)" dig.out.test$n > /dev/null || ret=1
|
||||
grep "status: SERVFAIL" dig.out.test$n > /dev/null || ret=1
|
||||
grep "ANSWER: 0," dig.out.test$n > /dev/null || ret=1
|
||||
grep "example\..*4.*IN.*SOA" dig.out.test$n > /dev/null || ret=1
|
||||
if [ $ret != 0 ]; then echo_i "failed"; fi
|
||||
status=$((status+ret))
|
||||
|
||||
|
|
@ -479,10 +474,8 @@ status=$((status+ret))
|
|||
n=$((n+1))
|
||||
echo_i "check stale nxdomain.example TXT (serve-stale reset) ($n)"
|
||||
ret=0
|
||||
grep "status: NXDOMAIN" dig.out.test$n > /dev/null || ret=1
|
||||
grep "EDE: 19 (Stale NXDOMAIN Answer): (resolver failure)" dig.out.test$n > /dev/null || ret=1
|
||||
grep "status: SERVFAIL" dig.out.test$n > /dev/null || ret=1
|
||||
grep "ANSWER: 0," dig.out.test$n > /dev/null || ret=1
|
||||
grep "example\..*4.*IN.*SOA" dig.out.test$n > /dev/null || ret=1
|
||||
if [ $ret != 0 ]; then echo_i "failed"; fi
|
||||
status=$((status+ret))
|
||||
|
||||
|
|
@ -675,10 +668,8 @@ status=$((status+ret))
|
|||
n=$((n+1))
|
||||
echo_i "check stale nxdomain.example TXT (low max-stale-ttl) ($n)"
|
||||
ret=0
|
||||
grep "status: NXDOMAIN" dig.out.test$n > /dev/null || ret=1
|
||||
grep "EDE: 19 (Stale NXDOMAIN Answer): (resolver failure)" dig.out.test$n > /dev/null || ret=1
|
||||
grep "status: SERVFAIL" dig.out.test$n > /dev/null || ret=1
|
||||
grep "ANSWER: 0," dig.out.test$n > /dev/null || ret=1
|
||||
grep "example\..*3.*IN.*SOA" dig.out.test$n > /dev/null || ret=1
|
||||
if [ $ret != 0 ]; then echo_i "failed"; fi
|
||||
status=$((status+ret))
|
||||
|
||||
|
|
@ -697,7 +688,6 @@ grep "1 TXT" ns1/named.stats.$n.cachedb > /dev/null || ret=1
|
|||
grep "1 #TXT" ns1/named.stats.$n.cachedb > /dev/null || ret=1
|
||||
grep "1 #Others" ns1/named.stats.$n.cachedb > /dev/null || ret=1
|
||||
grep "1 #!TXT" ns1/named.stats.$n.cachedb > /dev/null || ret=1
|
||||
grep "1 #NXDOMAIN" ns1/named.stats.$n.cachedb > /dev/null || ret=1
|
||||
|
||||
status=$((status+ret))
|
||||
if [ $ret != 0 ]; then echo_i "failed"; fi
|
||||
|
|
@ -1118,7 +1108,6 @@ grep "1 TXT" ns3/named.stats.$n.cachedb > /dev/null || ret=1
|
|||
grep "1 #TXT" ns3/named.stats.$n.cachedb > /dev/null || ret=1
|
||||
grep "1 #Others" ns3/named.stats.$n.cachedb > /dev/null || ret=1
|
||||
grep "1 #!TXT" ns3/named.stats.$n.cachedb > /dev/null || ret=1
|
||||
grep "1 #NXDOMAIN" ns3/named.stats.$n.cachedb > /dev/null || ret=1
|
||||
|
||||
status=$((status+ret))
|
||||
if [ $ret != 0 ]; then echo_i "failed"; fi
|
||||
|
|
@ -1193,10 +1182,8 @@ status=$((status+ret))
|
|||
n=$((n+1))
|
||||
echo_i "check nxdomain.example TXT (max-stale-ttl default) ($n)"
|
||||
ret=0
|
||||
grep "status: NXDOMAIN" dig.out.test$n > /dev/null || ret=1
|
||||
grep "EDE: 19 (Stale NXDOMAIN Answer): (resolver failure)" dig.out.test$n > /dev/null || ret=1
|
||||
grep "status: SERVFAIL" dig.out.test$n > /dev/null || ret=1
|
||||
grep "ANSWER: 0," dig.out.test$n > /dev/null || ret=1
|
||||
grep "example\..*30.*IN.*SOA" dig.out.test$n > /dev/null || ret=1
|
||||
if [ $ret != 0 ]; then echo_i "failed"; fi
|
||||
status=$((status+ret))
|
||||
|
||||
|
|
@ -1369,7 +1356,6 @@ grep "1 TXT" ns4/named.stats.$n.cachedb > /dev/null || ret=1
|
|||
grep "1 #TXT" ns4/named.stats.$n.cachedb > /dev/null || ret=1
|
||||
grep "1 #Others" ns4/named.stats.$n.cachedb > /dev/null || ret=1
|
||||
grep "1 #!TXT" ns4/named.stats.$n.cachedb > /dev/null || ret=1
|
||||
grep "1 #NXDOMAIN" ns4/named.stats.$n.cachedb > /dev/null || ret=1
|
||||
status=$((status+ret))
|
||||
if [ $ret != 0 ]; then echo_i "failed"; fi
|
||||
|
||||
|
|
@ -1497,7 +1483,6 @@ grep -A 10 "++ Cache DB RRsets ++" ns5/named.stats.$n > ns5/named.stats.$n.cache
|
|||
grep "2 TXT" ns5/named.stats.$n.cachedb > /dev/null || ret=1
|
||||
grep "1 Others" ns5/named.stats.$n.cachedb > /dev/null || ret=1
|
||||
grep "1 !TXT" ns5/named.stats.$n.cachedb > /dev/null || ret=1
|
||||
grep "1 NXDOMAIN" ns5/named.stats.$n.cachedb > /dev/null || ret=1
|
||||
status=$((status+ret))
|
||||
if [ $ret != 0 ]; then echo_i "failed"; fi
|
||||
|
||||
|
|
@ -1579,7 +1564,6 @@ grep -A 10 "++ Cache DB RRsets ++" ns5/named.stats.$n > ns5/named.stats.$n.cache
|
|||
grep -F "1 Others" ns5/named.stats.$n.cachedb > /dev/null || ret=1
|
||||
grep -F "2 TXT" ns5/named.stats.$n.cachedb > /dev/null || ret=1
|
||||
grep -F "1 !TXT" ns5/named.stats.$n.cachedb > /dev/null || ret=1
|
||||
grep -F "1 NXDOMAIN" ns5/named.stats.$n.cachedb > /dev/null || ret=1
|
||||
status=$((status+ret))
|
||||
if [ $ret != 0 ]; then echo_i "failed"; fi
|
||||
|
||||
|
|
@ -1655,7 +1639,6 @@ grep -A 10 "++ Cache DB RRsets ++" ns5/named.stats.$n > ns5/named.stats.$n.cache
|
|||
grep -F "#TXT" ns5/named.stats.$n.cachedb > /dev/null && ret=1
|
||||
grep -F "#Others" ns5/named.stats.$n.cachedb > /dev/null && ret=1
|
||||
grep -F "#!TXT" ns5/named.stats.$n.cachedb > /dev/null && ret=1
|
||||
grep -F "#NXDOMAIN" ns5/named.stats.$n.cachedb > /dev/null && ret=1
|
||||
status=$((status+ret))
|
||||
if [ $ret != 0 ]; then echo_i "failed"; fi
|
||||
|
||||
|
|
|
|||
|
|
@ -30,7 +30,10 @@ Removed Features
|
|||
Feature Changes
|
||||
~~~~~~~~~~~~~~~
|
||||
|
||||
- None.
|
||||
- In order to reduce unnecessary memory consumption in the cache,
|
||||
NXDOMAIN records are no longer retained past the normal negative
|
||||
cache TTL, even if ``stale-cache-enable`` is set to ``yes``.
|
||||
:gl:`#3386`.
|
||||
|
||||
- The option :any:`auto-dnssec` is deprecated and will be removed in 9.19.
|
||||
Please migrate to :any:`dnssec-policy`. :gl:`#3667`
|
||||
|
|
|
|||
|
|
@ -297,6 +297,7 @@ typedef ISC_LIST(dns_rbtnode_t) rbtnodelist_t;
|
|||
#define STATCOUNT(header) \
|
||||
((atomic_load_acquire(&(header)->attributes) & \
|
||||
RDATASET_ATTR_STATCOUNT) != 0)
|
||||
#define STALE_TTL(header, rbtdb) (NXDOMAIN(header) ? 0 : rbtdb->serve_stale_ttl)
|
||||
|
||||
#define RDATASET_ATTR_GET(header, attribute) \
|
||||
(atomic_load_acquire(&(header)->attributes) & attribute)
|
||||
|
|
@ -3003,7 +3004,8 @@ bind_rdataset(dns_rbtdb_t *rbtdb, dns_rbtnode_t *node, rdatasetheader_t *header,
|
|||
* Mark header stale or ancient if the RRset is no longer active.
|
||||
*/
|
||||
if (!ACTIVE(header, now)) {
|
||||
dns_ttl_t stale_ttl = header->rdh_ttl + rbtdb->serve_stale_ttl;
|
||||
dns_ttl_t stale_ttl = header->rdh_ttl +
|
||||
STALE_TTL(header, rbtdb);
|
||||
/*
|
||||
* If this data is in the stale window keep it and if
|
||||
* DNS_DBFIND_STALEOK is not set we tell the caller to
|
||||
|
|
@ -3043,7 +3045,8 @@ bind_rdataset(dns_rbtdb_t *rbtdb, dns_rbtnode_t *node, rdatasetheader_t *header,
|
|||
}
|
||||
|
||||
if (stale && !ancient) {
|
||||
dns_ttl_t stale_ttl = header->rdh_ttl + rbtdb->serve_stale_ttl;
|
||||
dns_ttl_t stale_ttl = header->rdh_ttl +
|
||||
STALE_TTL(header, rbtdb);
|
||||
if (stale_ttl > now) {
|
||||
rdataset->ttl = stale_ttl - now;
|
||||
} else {
|
||||
|
|
@ -4468,7 +4471,7 @@ check_stale_header(dns_rbtnode_t *node, rdatasetheader_t *header,
|
|||
rbtdb_search_t *search, rdatasetheader_t **header_prev) {
|
||||
if (!ACTIVE(header, search->now)) {
|
||||
dns_ttl_t stale = header->rdh_ttl +
|
||||
search->rbtdb->serve_stale_ttl;
|
||||
STALE_TTL(header, search->rbtdb);
|
||||
/*
|
||||
* If this data is in the stale window keep it and if
|
||||
* DNS_DBFIND_STALEOK is not set we tell the caller to
|
||||
|
|
@ -5606,7 +5609,7 @@ expirenode(dns_db_t *db, dns_dbnode_t *node, isc_stdtime_t now) {
|
|||
isc_rwlocktype_write);
|
||||
|
||||
for (header = rbtnode->data; header != NULL; header = header->next) {
|
||||
if (header->rdh_ttl + rbtdb->serve_stale_ttl <=
|
||||
if (header->rdh_ttl + STALE_TTL(header, rbtdb) <=
|
||||
now - RBTDB_VIRTUAL)
|
||||
{
|
||||
/*
|
||||
|
|
@ -5880,7 +5883,7 @@ cache_findrdataset(dns_db_t *db, dns_dbnode_t *node, dns_dbversion_t *version,
|
|||
for (header = rbtnode->data; header != NULL; header = header_next) {
|
||||
header_next = header->next;
|
||||
if (!ACTIVE(header, now)) {
|
||||
if ((header->rdh_ttl + rbtdb->serve_stale_ttl <
|
||||
if ((header->rdh_ttl + STALE_TTL(header, rbtdb) <
|
||||
now - RBTDB_VIRTUAL) &&
|
||||
(locktype == isc_rwlocktype_write ||
|
||||
NODE_TRYUPGRADE(lock) == ISC_R_SUCCESS))
|
||||
|
|
@ -6959,8 +6962,9 @@ addrdataset(dns_db_t *db, dns_dbnode_t *node, dns_dbversion_t *version,
|
|||
}
|
||||
|
||||
header = isc_heap_element(rbtdb->heaps[rbtnode->locknum], 1);
|
||||
if (header != NULL && header->rdh_ttl + rbtdb->serve_stale_ttl <
|
||||
now - RBTDB_VIRTUAL)
|
||||
if (header != NULL &&
|
||||
header->rdh_ttl + STALE_TTL(header, rbtdb) <
|
||||
now - RBTDB_VIRTUAL)
|
||||
{
|
||||
expire_header(rbtdb, header, tree_locked, expire_ttl);
|
||||
}
|
||||
|
|
|
|||
Loading…
Reference in a new issue