From d682f897d9583bcec9d5d4dd2b0c9d0255aed509 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Nicki=20K=C5=99=C3=AD=C5=BEek?= Date: Fri, 21 Nov 2025 15:05:36 +0100 Subject: [PATCH] Increase the threshold for respdiff-third-party There are multiple reasons for the increased amount of differences we've been seeing lately and for the raise of the threshold: 1. Recent hardening against cache poisoning (CVE-2025-40778) have uncovered a few edge cases where the domain can't be properly resolved with the new protections in place, but those are issues with upstream configuration and DNS setup. 2. The same hardening magnified some behaviour differences between 9.21 and older versions. Some misconfigured domains, which can be resolved with BIND 9.20 and older are no longer resolvable in 9.21+. This can be again attributed to upstream DNS misconfiguration. See #5649. 3. A change in the respdiff CI job to include timeouts in the comparison, or rather, increasing the timeouts to resolve the previously timed out queries, which are typically failures. With the previous job configuration, those were omitted from comparison, because they were timeouts. Now, there should be no timeouts, but there is a slight increase in the amount of differences for the threshold evaluation. (cherry picked from commit bcc4369b0bf243433ca5334cdce3982a15ce4027) --- .gitlab-ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 5c5057471f..e1aefd956c 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -1955,7 +1955,7 @@ respdiff-third-party: variables: CC: gcc CFLAGS: "${CFLAGS_COMMON} -Og" - MAX_DISAGREEMENTS_PERCENTAGE: "0.3" + MAX_DISAGREEMENTS_PERCENTAGE: "0.4" script: - bash respdiff.sh -s third_party -q "${PWD}/100k_mixed.txt" -c 1 -w "${PWD}/rspworkdir" "${CI_PROJECT_DIR}" - cd ../.. && make clean >/dev/null 2>&1