upstream/unbound
1
0
Fork 0
mirror of https://github.com/NLnetLabs/unbound.git synced 2025-12-20 23:00:56 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions
unbound/testdata/serve_expired_client_timeout_servfail.rpl

220 lines
4.8 KiB
Text
Raw Normal View History

Serve stale (#159) - Added serve-stale functionality as described in draft-ietf-dnsop-serve-stale-10. `serve-expired-*` options can be used to configure the behavior. - Updated cachedb to honor `serve-expired-ttl`; Fixes #107. - Renamed statistic `num.zero_ttl` to `num.expired` as expired replies come with a configurable TTL value (`serve-expired-reply-ttl`). - Fixed stats when replying with cached, cname-aliased records. - Added missing default values for redis cachedb backend.
2020-02-05 08:20:27 -05:00
; config options
server:
module-config: "validator iterator"
qname-minimisation: "no"
minimal-responses: no
serve-expired: yes
- Ignore expired error responses.
2022-11-22 11:44:55 -05:00
serve-expired-client-timeout: 1
Serve stale (#159) - Added serve-stale functionality as described in draft-ietf-dnsop-serve-stale-10. `serve-expired-*` options can be used to configure the behavior. - Updated cachedb to honor `serve-expired-ttl`; Fixes #107. - Renamed statistic `num.zero_ttl` to `num.expired` as expired replies come with a configurable TTL value (`serve-expired-reply-ttl`). - Fixed stats when replying with cached, cname-aliased records. - Added missing default values for redis cachedb backend.
2020-02-05 08:20:27 -05:00
serve-expired-reply-ttl: 123
Add the basic EDE (RFC8914) cases (#604)
2022-05-06 06:48:53 -04:00
ede: yes
ede-serve-expired: yes
Serve stale (#159) - Added serve-stale functionality as described in draft-ietf-dnsop-serve-stale-10. `serve-expired-*` options can be used to configure the behavior. - Updated cachedb to honor `serve-expired-ttl`; Fixes #107. - Renamed statistic `num.zero_ttl` to `num.expired` as expired replies come with a configurable TTL value (`serve-expired-reply-ttl`). - Fixed stats when replying with cached, cname-aliased records. - Added missing default values for redis cachedb backend.
2020-02-05 08:20:27 -05:00
stub-zone:
name: "example.com"
stub-addr: 1.2.3.4
CONFIG_END
SCENARIO_BEGIN Test serve-expired with client-timeout and a SERVFAIL upstream reply
; Scenario overview:
; - query for example.com. IN A
; - check that we get an answer for example.com. IN A with the correct TTL
; - query again right after the TTL expired
; - answer from upstream is servfail
Fix cache update when serve expired is used (#1143) - Fix cache update when serve expired is used in order to not evict still usable expired records. Modules are forbidden to update the cache if their answer is DNSSEC unchecked or bogus and a valid (expired) entry already exists. Bogus replies from the validator are also discarded in favor of existing (expired) valid replies. - serve-expired-ttl-reset should try to keep expired records in the cache in case they are reset.
2024-09-24 10:47:04 -04:00
; - (expired cached answer will not be replaced, instead marked as unresolvable for NORR_TTL(5))
; - check that we get the expired cached answer
; - query again (the answer is available on the upstream server now)
; - check that we get the immediate expired answer back instead
Serve expired cache update fixes (#1174) - Fixes a regression bug with serve-expired that appeared in 1.22.0 and would not allow the iterator to update the cache with not-yet-validated entries resulting in increased outgoing traffic. - Treat serve_expired_norec_ttl as a backoff timer for failed updates of expired records. - Try to use expired answers instead of SERVFAIL if serve-expired is enabled even without serve-expired-client-timeout. - Add suggestion to refresh the cached norec_ttl and expired_ttl when a response cannot update the usable expired entry.
2024-12-31 10:28:12 -05:00
; - query again (the answer is available on the upstream server now)
; - check that we *still* get the immediate expired answer back instead, recursion is blocked for NORR_TTL(5)
; - wait for NORR_TTL(5) to expire
; - query again
Fix cache update when serve expired is used (#1143) - Fix cache update when serve expired is used in order to not evict still usable expired records. Modules are forbidden to update the cache if their answer is DNSSEC unchecked or bogus and a valid (expired) entry already exists. Bogus replies from the validator are also discarded in favor of existing (expired) valid replies. - serve-expired-ttl-reset should try to keep expired records in the cache in case they are reset.
2024-09-24 10:47:04 -04:00
; - check that we get the freshly cached answer
Serve stale (#159) - Added serve-stale functionality as described in draft-ietf-dnsop-serve-stale-10. `serve-expired-*` options can be used to configure the behavior. - Updated cachedb to honor `serve-expired-ttl`; Fixes #107. - Renamed statistic `num.zero_ttl` to `num.expired` as expired replies come with a configurable TTL value (`serve-expired-reply-ttl`). - Fixed stats when replying with cached, cname-aliased records. - Added missing default values for redis cachedb backend.
2020-02-05 08:20:27 -05:00
; ns.example.com.
RANGE_BEGIN 0 20
ADDRESS 1.2.3.4
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR NOERROR
SECTION QUESTION
Fixed some syntax errors in rpl files.
2023-12-07 05:38:01 -05:00
example.com. IN NS
Serve stale (#159) - Added serve-stale functionality as described in draft-ietf-dnsop-serve-stale-10. `serve-expired-*` options can be used to configure the behavior. - Updated cachedb to honor `serve-expired-ttl`; Fixes #107. - Renamed statistic `num.zero_ttl` to `num.expired` as expired replies come with a configurable TTL value (`serve-expired-reply-ttl`). - Fixed stats when replying with cached, cname-aliased records. - Added missing default values for redis cachedb backend.
2020-02-05 08:20:27 -05:00
SECTION ANSWER
A few changes for TTL processing: - Cached messages that reach 0 TTL are considered expired. This prevents Unbound itself from issuing replies with TTL 0 and possibly causing a thundering herd at the last second. Upstream replies of TTL 0 still get the usual pass-through but they are not considered for caching from Unbound or any of its caching modules. - 'serve-expired-reply-ttl' is changed and is now capped by the original TTL value of the record to try and make some sense when replying with expired records. - TTL decoding was updated to adhere to RFC8767 section 4 where a set high-order bit means the value is positive instead of 0.
2025-09-15 04:03:35 -04:00
example.com. 200 IN NS ns.example.com.
Serve stale (#159) - Added serve-stale functionality as described in draft-ietf-dnsop-serve-stale-10. `serve-expired-*` options can be used to configure the behavior. - Updated cachedb to honor `serve-expired-ttl`; Fixes #107. - Renamed statistic `num.zero_ttl` to `num.expired` as expired replies come with a configurable TTL value (`serve-expired-reply-ttl`). - Fixed stats when replying with cached, cname-aliased records. - Added missing default values for redis cachedb backend.
2020-02-05 08:20:27 -05:00
SECTION ADDITIONAL
A few changes for TTL processing: - Cached messages that reach 0 TTL are considered expired. This prevents Unbound itself from issuing replies with TTL 0 and possibly causing a thundering herd at the last second. Upstream replies of TTL 0 still get the usual pass-through but they are not considered for caching from Unbound or any of its caching modules. - 'serve-expired-reply-ttl' is changed and is now capped by the original TTL value of the record to try and make some sense when replying with expired records. - TTL decoding was updated to adhere to RFC8767 section 4 where a set high-order bit means the value is positive instead of 0.
2025-09-15 04:03:35 -04:00
ns.example.com. 200 IN A 1.2.3.4
Serve stale (#159) - Added serve-stale functionality as described in draft-ietf-dnsop-serve-stale-10. `serve-expired-*` options can be used to configure the behavior. - Updated cachedb to honor `serve-expired-ttl`; Fixes #107. - Renamed statistic `num.zero_ttl` to `num.expired` as expired replies come with a configurable TTL value (`serve-expired-reply-ttl`). - Fixed stats when replying with cached, cname-aliased records. - Added missing default values for redis cachedb backend.
2020-02-05 08:20:27 -05:00
ENTRY_END
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR NOERROR
SECTION QUESTION
example.com. IN A
SECTION ANSWER
A few changes for TTL processing: - Cached messages that reach 0 TTL are considered expired. This prevents Unbound itself from issuing replies with TTL 0 and possibly causing a thundering herd at the last second. Upstream replies of TTL 0 still get the usual pass-through but they are not considered for caching from Unbound or any of its caching modules. - 'serve-expired-reply-ttl' is changed and is now capped by the original TTL value of the record to try and make some sense when replying with expired records. - TTL decoding was updated to adhere to RFC8767 section 4 where a set high-order bit means the value is positive instead of 0.
2025-09-15 04:03:35 -04:00
example.com. 200 IN A 5.6.7.8
Serve stale (#159) - Added serve-stale functionality as described in draft-ietf-dnsop-serve-stale-10. `serve-expired-*` options can be used to configure the behavior. - Updated cachedb to honor `serve-expired-ttl`; Fixes #107. - Renamed statistic `num.zero_ttl` to `num.expired` as expired replies come with a configurable TTL value (`serve-expired-reply-ttl`). - Fixed stats when replying with cached, cname-aliased records. - Added missing default values for redis cachedb backend.
2020-02-05 08:20:27 -05:00
SECTION AUTHORITY
A few changes for TTL processing: - Cached messages that reach 0 TTL are considered expired. This prevents Unbound itself from issuing replies with TTL 0 and possibly causing a thundering herd at the last second. Upstream replies of TTL 0 still get the usual pass-through but they are not considered for caching from Unbound or any of its caching modules. - 'serve-expired-reply-ttl' is changed and is now capped by the original TTL value of the record to try and make some sense when replying with expired records. - TTL decoding was updated to adhere to RFC8767 section 4 where a set high-order bit means the value is positive instead of 0.
2025-09-15 04:03:35 -04:00
example.com. 200 IN NS ns.example.com.
Serve stale (#159) - Added serve-stale functionality as described in draft-ietf-dnsop-serve-stale-10. `serve-expired-*` options can be used to configure the behavior. - Updated cachedb to honor `serve-expired-ttl`; Fixes #107. - Renamed statistic `num.zero_ttl` to `num.expired` as expired replies come with a configurable TTL value (`serve-expired-reply-ttl`). - Fixed stats when replying with cached, cname-aliased records. - Added missing default values for redis cachedb backend.
2020-02-05 08:20:27 -05:00
SECTION ADDITIONAL
A few changes for TTL processing: - Cached messages that reach 0 TTL are considered expired. This prevents Unbound itself from issuing replies with TTL 0 and possibly causing a thundering herd at the last second. Upstream replies of TTL 0 still get the usual pass-through but they are not considered for caching from Unbound or any of its caching modules. - 'serve-expired-reply-ttl' is changed and is now capped by the original TTL value of the record to try and make some sense when replying with expired records. - TTL decoding was updated to adhere to RFC8767 section 4 where a set high-order bit means the value is positive instead of 0.
2025-09-15 04:03:35 -04:00
ns.example.com. 200 IN A 1.2.3.4
Serve stale (#159) - Added serve-stale functionality as described in draft-ietf-dnsop-serve-stale-10. `serve-expired-*` options can be used to configure the behavior. - Updated cachedb to honor `serve-expired-ttl`; Fixes #107. - Renamed statistic `num.zero_ttl` to `num.expired` as expired replies come with a configurable TTL value (`serve-expired-reply-ttl`). - Fixed stats when replying with cached, cname-aliased records. - Added missing default values for redis cachedb backend.
2020-02-05 08:20:27 -05:00
ENTRY_END
RANGE_END
; ns.example.com.
Fix cache update when serve expired is used (#1143) - Fix cache update when serve expired is used in order to not evict still usable expired records. Modules are forbidden to update the cache if their answer is DNSSEC unchecked or bogus and a valid (expired) entry already exists. Bogus replies from the validator are also discarded in favor of existing (expired) valid replies. - serve-expired-ttl-reset should try to keep expired records in the cache in case they are reset.
2024-09-24 10:47:04 -04:00
RANGE_BEGIN 30 40
Serve stale (#159) - Added serve-stale functionality as described in draft-ietf-dnsop-serve-stale-10. `serve-expired-*` options can be used to configure the behavior. - Updated cachedb to honor `serve-expired-ttl`; Fixes #107. - Renamed statistic `num.zero_ttl` to `num.expired` as expired replies come with a configurable TTL value (`serve-expired-reply-ttl`). - Fixed stats when replying with cached, cname-aliased records. - Added missing default values for redis cachedb backend.
2020-02-05 08:20:27 -05:00
ADDRESS 1.2.3.4
; response to A query
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR AA SERVFAIL
SECTION QUESTION
example.com. IN A
ENTRY_END
RANGE_END
Fix cache update when serve expired is used (#1143) - Fix cache update when serve expired is used in order to not evict still usable expired records. Modules are forbidden to update the cache if their answer is DNSSEC unchecked or bogus and a valid (expired) entry already exists. Bogus replies from the validator are also discarded in favor of existing (expired) valid replies. - serve-expired-ttl-reset should try to keep expired records in the cache in case they are reset.
2024-09-24 10:47:04 -04:00
; ns.example.com.
Serve expired cache update fixes (#1174) - Fixes a regression bug with serve-expired that appeared in 1.22.0 and would not allow the iterator to update the cache with not-yet-validated entries resulting in increased outgoing traffic. - Treat serve_expired_norec_ttl as a backoff timer for failed updates of expired records. - Try to use expired answers instead of SERVFAIL if serve-expired is enabled even without serve-expired-client-timeout. - Add suggestion to refresh the cached norec_ttl and expired_ttl when a response cannot update the usable expired entry.
2024-12-31 10:28:12 -05:00
RANGE_BEGIN 50 100
Fix cache update when serve expired is used (#1143) - Fix cache update when serve expired is used in order to not evict still usable expired records. Modules are forbidden to update the cache if their answer is DNSSEC unchecked or bogus and a valid (expired) entry already exists. Bogus replies from the validator are also discarded in favor of existing (expired) valid replies. - serve-expired-ttl-reset should try to keep expired records in the cache in case they are reset.
2024-09-24 10:47:04 -04:00
ADDRESS 1.2.3.4
; response to A query
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR NOERROR
SECTION QUESTION
example.com. IN A
SECTION ANSWER
A few changes for TTL processing: - Cached messages that reach 0 TTL are considered expired. This prevents Unbound itself from issuing replies with TTL 0 and possibly causing a thundering herd at the last second. Upstream replies of TTL 0 still get the usual pass-through but they are not considered for caching from Unbound or any of its caching modules. - 'serve-expired-reply-ttl' is changed and is now capped by the original TTL value of the record to try and make some sense when replying with expired records. - TTL decoding was updated to adhere to RFC8767 section 4 where a set high-order bit means the value is positive instead of 0.
2025-09-15 04:03:35 -04:00
example.com. 200 IN A 5.6.7.8
Fix cache update when serve expired is used (#1143) - Fix cache update when serve expired is used in order to not evict still usable expired records. Modules are forbidden to update the cache if their answer is DNSSEC unchecked or bogus and a valid (expired) entry already exists. Bogus replies from the validator are also discarded in favor of existing (expired) valid replies. - serve-expired-ttl-reset should try to keep expired records in the cache in case they are reset.
2024-09-24 10:47:04 -04:00
SECTION AUTHORITY
A few changes for TTL processing: - Cached messages that reach 0 TTL are considered expired. This prevents Unbound itself from issuing replies with TTL 0 and possibly causing a thundering herd at the last second. Upstream replies of TTL 0 still get the usual pass-through but they are not considered for caching from Unbound or any of its caching modules. - 'serve-expired-reply-ttl' is changed and is now capped by the original TTL value of the record to try and make some sense when replying with expired records. - TTL decoding was updated to adhere to RFC8767 section 4 where a set high-order bit means the value is positive instead of 0.
2025-09-15 04:03:35 -04:00
example.com. 200 IN NS ns.example.com.
Fix cache update when serve expired is used (#1143) - Fix cache update when serve expired is used in order to not evict still usable expired records. Modules are forbidden to update the cache if their answer is DNSSEC unchecked or bogus and a valid (expired) entry already exists. Bogus replies from the validator are also discarded in favor of existing (expired) valid replies. - serve-expired-ttl-reset should try to keep expired records in the cache in case they are reset.
2024-09-24 10:47:04 -04:00
SECTION ADDITIONAL
A few changes for TTL processing: - Cached messages that reach 0 TTL are considered expired. This prevents Unbound itself from issuing replies with TTL 0 and possibly causing a thundering herd at the last second. Upstream replies of TTL 0 still get the usual pass-through but they are not considered for caching from Unbound or any of its caching modules. - 'serve-expired-reply-ttl' is changed and is now capped by the original TTL value of the record to try and make some sense when replying with expired records. - TTL decoding was updated to adhere to RFC8767 section 4 where a set high-order bit means the value is positive instead of 0.
2025-09-15 04:03:35 -04:00
ns.example.com. 200 IN A 1.2.3.4
Fix cache update when serve expired is used (#1143) - Fix cache update when serve expired is used in order to not evict still usable expired records. Modules are forbidden to update the cache if their answer is DNSSEC unchecked or bogus and a valid (expired) entry already exists. Bogus replies from the validator are also discarded in favor of existing (expired) valid replies. - serve-expired-ttl-reset should try to keep expired records in the cache in case they are reset.
2024-09-24 10:47:04 -04:00
ENTRY_END
RANGE_END
Serve stale (#159) - Added serve-stale functionality as described in draft-ietf-dnsop-serve-stale-10. `serve-expired-*` options can be used to configure the behavior. - Updated cachedb to honor `serve-expired-ttl`; Fixes #107. - Renamed statistic `num.zero_ttl` to `num.expired` as expired replies come with a configurable TTL value (`serve-expired-reply-ttl`). - Fixed stats when replying with cached, cname-aliased records. - Added missing default values for redis cachedb backend.
2020-02-05 08:20:27 -05:00
; Query with RD flag
STEP 1 QUERY
ENTRY_BEGIN
REPLY RD
SECTION QUESTION
example.com. IN A
ENTRY_END
; Check that we got the correct answer (should be cached)
STEP 10 CHECK_ANSWER
ENTRY_BEGIN
MATCH all ttl
REPLY QR RD RA NOERROR
SECTION QUESTION
example.com. IN A
SECTION ANSWER
A few changes for TTL processing: - Cached messages that reach 0 TTL are considered expired. This prevents Unbound itself from issuing replies with TTL 0 and possibly causing a thundering herd at the last second. Upstream replies of TTL 0 still get the usual pass-through but they are not considered for caching from Unbound or any of its caching modules. - 'serve-expired-reply-ttl' is changed and is now capped by the original TTL value of the record to try and make some sense when replying with expired records. - TTL decoding was updated to adhere to RFC8767 section 4 where a set high-order bit means the value is positive instead of 0.
2025-09-15 04:03:35 -04:00
example.com. 200 IN A 5.6.7.8
Serve stale (#159) - Added serve-stale functionality as described in draft-ietf-dnsop-serve-stale-10. `serve-expired-*` options can be used to configure the behavior. - Updated cachedb to honor `serve-expired-ttl`; Fixes #107. - Renamed statistic `num.zero_ttl` to `num.expired` as expired replies come with a configurable TTL value (`serve-expired-reply-ttl`). - Fixed stats when replying with cached, cname-aliased records. - Added missing default values for redis cachedb backend.
2020-02-05 08:20:27 -05:00
SECTION AUTHORITY
A few changes for TTL processing: - Cached messages that reach 0 TTL are considered expired. This prevents Unbound itself from issuing replies with TTL 0 and possibly causing a thundering herd at the last second. Upstream replies of TTL 0 still get the usual pass-through but they are not considered for caching from Unbound or any of its caching modules. - 'serve-expired-reply-ttl' is changed and is now capped by the original TTL value of the record to try and make some sense when replying with expired records. - TTL decoding was updated to adhere to RFC8767 section 4 where a set high-order bit means the value is positive instead of 0.
2025-09-15 04:03:35 -04:00
example.com. 200 IN NS ns.example.com.
Serve stale (#159) - Added serve-stale functionality as described in draft-ietf-dnsop-serve-stale-10. `serve-expired-*` options can be used to configure the behavior. - Updated cachedb to honor `serve-expired-ttl`; Fixes #107. - Renamed statistic `num.zero_ttl` to `num.expired` as expired replies come with a configurable TTL value (`serve-expired-reply-ttl`). - Fixed stats when replying with cached, cname-aliased records. - Added missing default values for redis cachedb backend.
2020-02-05 08:20:27 -05:00
SECTION ADDITIONAL
A few changes for TTL processing: - Cached messages that reach 0 TTL are considered expired. This prevents Unbound itself from issuing replies with TTL 0 and possibly causing a thundering herd at the last second. Upstream replies of TTL 0 still get the usual pass-through but they are not considered for caching from Unbound or any of its caching modules. - 'serve-expired-reply-ttl' is changed and is now capped by the original TTL value of the record to try and make some sense when replying with expired records. - TTL decoding was updated to adhere to RFC8767 section 4 where a set high-order bit means the value is positive instead of 0.
2025-09-15 04:03:35 -04:00
ns.example.com. 200 IN A 1.2.3.4
Serve stale (#159) - Added serve-stale functionality as described in draft-ietf-dnsop-serve-stale-10. `serve-expired-*` options can be used to configure the behavior. - Updated cachedb to honor `serve-expired-ttl`; Fixes #107. - Renamed statistic `num.zero_ttl` to `num.expired` as expired replies come with a configurable TTL value (`serve-expired-reply-ttl`). - Fixed stats when replying with cached, cname-aliased records. - Added missing default values for redis cachedb backend.
2020-02-05 08:20:27 -05:00
ENTRY_END
; Wait for the TTL to expire
A few changes for TTL processing: - Cached messages that reach 0 TTL are considered expired. This prevents Unbound itself from issuing replies with TTL 0 and possibly causing a thundering herd at the last second. Upstream replies of TTL 0 still get the usual pass-through but they are not considered for caching from Unbound or any of its caching modules. - 'serve-expired-reply-ttl' is changed and is now capped by the original TTL value of the record to try and make some sense when replying with expired records. - TTL decoding was updated to adhere to RFC8767 section 4 where a set high-order bit means the value is positive instead of 0.
2025-09-15 04:03:35 -04:00
STEP 11 TIME_PASSES ELAPSE 200
Serve stale (#159) - Added serve-stale functionality as described in draft-ietf-dnsop-serve-stale-10. `serve-expired-*` options can be used to configure the behavior. - Updated cachedb to honor `serve-expired-ttl`; Fixes #107. - Renamed statistic `num.zero_ttl` to `num.expired` as expired replies come with a configurable TTL value (`serve-expired-reply-ttl`). - Fixed stats when replying with cached, cname-aliased records. - Added missing default values for redis cachedb backend.
2020-02-05 08:20:27 -05:00
; Query again
STEP 30 QUERY
ENTRY_BEGIN
Add the basic EDE (RFC8914) cases (#604)
2022-05-06 06:48:53 -04:00
REPLY RD DO
Serve stale (#159) - Added serve-stale functionality as described in draft-ietf-dnsop-serve-stale-10. `serve-expired-*` options can be used to configure the behavior. - Updated cachedb to honor `serve-expired-ttl`; Fixes #107. - Renamed statistic `num.zero_ttl` to `num.expired` as expired replies come with a configurable TTL value (`serve-expired-reply-ttl`). - Fixed stats when replying with cached, cname-aliased records. - Added missing default values for redis cachedb backend.
2020-02-05 08:20:27 -05:00
SECTION QUESTION
example.com. IN A
ENTRY_END
Fix cache update when serve expired is used (#1143) - Fix cache update when serve expired is used in order to not evict still usable expired records. Modules are forbidden to update the cache if their answer is DNSSEC unchecked or bogus and a valid (expired) entry already exists. Bogus replies from the validator are also discarded in favor of existing (expired) valid replies. - serve-expired-ttl-reset should try to keep expired records in the cache in case they are reset.
2024-09-24 10:47:04 -04:00
; Check that we got a stale answer because of the upstream SERVFAIL
Serve stale (#159) - Added serve-stale functionality as described in draft-ietf-dnsop-serve-stale-10. `serve-expired-*` options can be used to configure the behavior. - Updated cachedb to honor `serve-expired-ttl`; Fixes #107. - Renamed statistic `num.zero_ttl` to `num.expired` as expired replies come with a configurable TTL value (`serve-expired-reply-ttl`). - Fixed stats when replying with cached, cname-aliased records. - Added missing default values for redis cachedb backend.
2020-02-05 08:20:27 -05:00
STEP 40 CHECK_ANSWER
ENTRY_BEGIN
Add the basic EDE (RFC8914) cases (#604)
2022-05-06 06:48:53 -04:00
MATCH all ttl ede=3
REPLY QR RD RA DO NOERROR
Serve stale (#159) - Added serve-stale functionality as described in draft-ietf-dnsop-serve-stale-10. `serve-expired-*` options can be used to configure the behavior. - Updated cachedb to honor `serve-expired-ttl`; Fixes #107. - Renamed statistic `num.zero_ttl` to `num.expired` as expired replies come with a configurable TTL value (`serve-expired-reply-ttl`). - Fixed stats when replying with cached, cname-aliased records. - Added missing default values for redis cachedb backend.
2020-02-05 08:20:27 -05:00
SECTION QUESTION
example.com. IN A
SECTION ANSWER
example.com. 123 IN A 5.6.7.8
SECTION AUTHORITY
example.com. 123 IN NS ns.example.com.
SECTION ADDITIONAL
ns.example.com. 123 IN A 1.2.3.4
ENTRY_END
Fix cache update when serve expired is used (#1143) - Fix cache update when serve expired is used in order to not evict still usable expired records. Modules are forbidden to update the cache if their answer is DNSSEC unchecked or bogus and a valid (expired) entry already exists. Bogus replies from the validator are also discarded in favor of existing (expired) valid replies. - serve-expired-ttl-reset should try to keep expired records in the cache in case they are reset.
2024-09-24 10:47:04 -04:00
; Query again
STEP 50 QUERY
ENTRY_BEGIN
REPLY RD DO
SECTION QUESTION
example.com. IN A
ENTRY_END
; Check that we got an immediate stale answer because of the previous failure,
Serve expired cache update fixes (#1174) - Fixes a regression bug with serve-expired that appeared in 1.22.0 and would not allow the iterator to update the cache with not-yet-validated entries resulting in increased outgoing traffic. - Treat serve_expired_norec_ttl as a backoff timer for failed updates of expired records. - Try to use expired answers instead of SERVFAIL if serve-expired is enabled even without serve-expired-client-timeout. - Add suggestion to refresh the cached norec_ttl and expired_ttl when a response cannot update the usable expired entry.
2024-12-31 10:28:12 -05:00
; regardless if upstream has the answer already in this range.
Fix cache update when serve expired is used (#1143) - Fix cache update when serve expired is used in order to not evict still usable expired records. Modules are forbidden to update the cache if their answer is DNSSEC unchecked or bogus and a valid (expired) entry already exists. Bogus replies from the validator are also discarded in favor of existing (expired) valid replies. - serve-expired-ttl-reset should try to keep expired records in the cache in case they are reset.
2024-09-24 10:47:04 -04:00
STEP 60 CHECK_ANSWER
ENTRY_BEGIN
MATCH all ttl ede=3
REPLY QR RD RA DO NOERROR
SECTION QUESTION
example.com. IN A
SECTION ANSWER
example.com. 123 IN A 5.6.7.8
SECTION AUTHORITY
example.com. 123 IN NS ns.example.com.
SECTION ADDITIONAL
ns.example.com. 123 IN A 1.2.3.4
ENTRY_END
; Query again
STEP 70 QUERY
ENTRY_BEGIN
Serve expired cache update fixes (#1174) - Fixes a regression bug with serve-expired that appeared in 1.22.0 and would not allow the iterator to update the cache with not-yet-validated entries resulting in increased outgoing traffic. - Treat serve_expired_norec_ttl as a backoff timer for failed updates of expired records. - Try to use expired answers instead of SERVFAIL if serve-expired is enabled even without serve-expired-client-timeout. - Add suggestion to refresh the cached norec_ttl and expired_ttl when a response cannot update the usable expired entry.
2024-12-31 10:28:12 -05:00
REPLY RD DO
Fix cache update when serve expired is used (#1143) - Fix cache update when serve expired is used in order to not evict still usable expired records. Modules are forbidden to update the cache if their answer is DNSSEC unchecked or bogus and a valid (expired) entry already exists. Bogus replies from the validator are also discarded in favor of existing (expired) valid replies. - serve-expired-ttl-reset should try to keep expired records in the cache in case they are reset.
2024-09-24 10:47:04 -04:00
SECTION QUESTION
example.com. IN A
ENTRY_END
Serve expired cache update fixes (#1174) - Fixes a regression bug with serve-expired that appeared in 1.22.0 and would not allow the iterator to update the cache with not-yet-validated entries resulting in increased outgoing traffic. - Treat serve_expired_norec_ttl as a backoff timer for failed updates of expired records. - Try to use expired answers instead of SERVFAIL if serve-expired is enabled even without serve-expired-client-timeout. - Add suggestion to refresh the cached norec_ttl and expired_ttl when a response cannot update the usable expired entry.
2024-12-31 10:28:12 -05:00
; Check that we still get the immediate stale answer because of the previous failure,
; regardless if upstream has the answer already in this range. NORR_TTL(5) blocks us from
; recursion.
Fix cache update when serve expired is used (#1143) - Fix cache update when serve expired is used in order to not evict still usable expired records. Modules are forbidden to update the cache if their answer is DNSSEC unchecked or bogus and a valid (expired) entry already exists. Bogus replies from the validator are also discarded in favor of existing (expired) valid replies. - serve-expired-ttl-reset should try to keep expired records in the cache in case they are reset.
2024-09-24 10:47:04 -04:00
STEP 80 CHECK_ANSWER
Serve expired cache update fixes (#1174) - Fixes a regression bug with serve-expired that appeared in 1.22.0 and would not allow the iterator to update the cache with not-yet-validated entries resulting in increased outgoing traffic. - Treat serve_expired_norec_ttl as a backoff timer for failed updates of expired records. - Try to use expired answers instead of SERVFAIL if serve-expired is enabled even without serve-expired-client-timeout. - Add suggestion to refresh the cached norec_ttl and expired_ttl when a response cannot update the usable expired entry.
2024-12-31 10:28:12 -05:00
ENTRY_BEGIN
MATCH all ttl ede=3
REPLY QR RD RA DO NOERROR
SECTION QUESTION
example.com. IN A
SECTION ANSWER
example.com. 123 IN A 5.6.7.8
SECTION AUTHORITY
example.com. 123 IN NS ns.example.com.
SECTION ADDITIONAL
ns.example.com. 123 IN A 1.2.3.4
ENTRY_END
; Let NORR_TTL(5) expire
STEP 81 TIME_PASSES ELAPSE 5
; Query again
STEP 90 QUERY
ENTRY_BEGIN
REPLY RD
SECTION QUESTION
example.com. IN A
ENTRY_END
; Check fresh reply
STEP 100 CHECK_ANSWER
Fix cache update when serve expired is used (#1143) - Fix cache update when serve expired is used in order to not evict still usable expired records. Modules are forbidden to update the cache if their answer is DNSSEC unchecked or bogus and a valid (expired) entry already exists. Bogus replies from the validator are also discarded in favor of existing (expired) valid replies. - serve-expired-ttl-reset should try to keep expired records in the cache in case they are reset.
2024-09-24 10:47:04 -04:00
ENTRY_BEGIN
MATCH all ttl
REPLY QR RD RA NOERROR
SECTION QUESTION
example.com. IN A
SECTION ANSWER
A few changes for TTL processing: - Cached messages that reach 0 TTL are considered expired. This prevents Unbound itself from issuing replies with TTL 0 and possibly causing a thundering herd at the last second. Upstream replies of TTL 0 still get the usual pass-through but they are not considered for caching from Unbound or any of its caching modules. - 'serve-expired-reply-ttl' is changed and is now capped by the original TTL value of the record to try and make some sense when replying with expired records. - TTL decoding was updated to adhere to RFC8767 section 4 where a set high-order bit means the value is positive instead of 0.
2025-09-15 04:03:35 -04:00
example.com. 200 IN A 5.6.7.8
Fix cache update when serve expired is used (#1143) - Fix cache update when serve expired is used in order to not evict still usable expired records. Modules are forbidden to update the cache if their answer is DNSSEC unchecked or bogus and a valid (expired) entry already exists. Bogus replies from the validator are also discarded in favor of existing (expired) valid replies. - serve-expired-ttl-reset should try to keep expired records in the cache in case they are reset.
2024-09-24 10:47:04 -04:00
SECTION AUTHORITY
A few changes for TTL processing: - Cached messages that reach 0 TTL are considered expired. This prevents Unbound itself from issuing replies with TTL 0 and possibly causing a thundering herd at the last second. Upstream replies of TTL 0 still get the usual pass-through but they are not considered for caching from Unbound or any of its caching modules. - 'serve-expired-reply-ttl' is changed and is now capped by the original TTL value of the record to try and make some sense when replying with expired records. - TTL decoding was updated to adhere to RFC8767 section 4 where a set high-order bit means the value is positive instead of 0.
2025-09-15 04:03:35 -04:00
example.com. 200 IN NS ns.example.com.
Fix cache update when serve expired is used (#1143) - Fix cache update when serve expired is used in order to not evict still usable expired records. Modules are forbidden to update the cache if their answer is DNSSEC unchecked or bogus and a valid (expired) entry already exists. Bogus replies from the validator are also discarded in favor of existing (expired) valid replies. - serve-expired-ttl-reset should try to keep expired records in the cache in case they are reset.
2024-09-24 10:47:04 -04:00
SECTION ADDITIONAL
A few changes for TTL processing: - Cached messages that reach 0 TTL are considered expired. This prevents Unbound itself from issuing replies with TTL 0 and possibly causing a thundering herd at the last second. Upstream replies of TTL 0 still get the usual pass-through but they are not considered for caching from Unbound or any of its caching modules. - 'serve-expired-reply-ttl' is changed and is now capped by the original TTL value of the record to try and make some sense when replying with expired records. - TTL decoding was updated to adhere to RFC8767 section 4 where a set high-order bit means the value is positive instead of 0.
2025-09-15 04:03:35 -04:00
ns.example.com. 200 IN A 1.2.3.4
Fix cache update when serve expired is used (#1143) - Fix cache update when serve expired is used in order to not evict still usable expired records. Modules are forbidden to update the cache if their answer is DNSSEC unchecked or bogus and a valid (expired) entry already exists. Bogus replies from the validator are also discarded in favor of existing (expired) valid replies. - serve-expired-ttl-reset should try to keep expired records in the cache in case they are reset.
2024-09-24 10:47:04 -04:00
ENTRY_END
Serve stale (#159) - Added serve-stale functionality as described in draft-ietf-dnsop-serve-stale-10. `serve-expired-*` options can be used to configure the behavior. - Updated cachedb to honor `serve-expired-ttl`; Fixes #107. - Renamed statistic `num.zero_ttl` to `num.expired` as expired replies come with a configurable TTL value (`serve-expired-reply-ttl`). - Fixed stats when replying with cached, cname-aliased records. - Added missing default values for redis cachedb backend.
2020-02-05 08:20:27 -05:00
SCENARIO_END
Reference in a new issue Copy permalink