diff --git a/doc/Changelog b/doc/Changelog index 7bef5262a..45f46a90e 100644 --- a/doc/Changelog +++ b/doc/Changelog @@ -3,6 +3,17 @@ - iana portlist updated. - do not query bogus nameservers. It is like nameservers that have the NS or A or AAAA record bogus are listed as donotquery. + - if server selection is faced with only bad choices, it will + attempt to get more options to be fetched. + - changed bogus-ttl default value from 900 to 60 seconds. + In anticipation that operator caused failures are more likely than + actual attacks at this time. And thus repeated validation helps + the operators get the problem fixed sooner. It makes validation + failures go away sooner (60 seconds after the zone is fixed). + Also it is likely to try different nameserver targets every minute, + so that if a zone is bad on one server but not another, it is + likely to pick up the 'correct' one after a couple minutes, + and if the TTL is big enough that solves validation for the zone. 17 October 2008: Wouter - port Leopard/G5: fixup type conversion size_t/uint32. diff --git a/doc/example.conf.in b/doc/example.conf.in index ebe78a313..df5e03378 100644 --- a/doc/example.conf.in +++ b/doc/example.conf.in @@ -304,7 +304,7 @@ server: # The time to live for bogus data, rrsets and messages. This avoids # some of the revalidation, until the time interval expires. in secs. - # val-bogus-ttl: 900 + # val-bogus-ttl: 60 # Should additional section of secure message also be kept clean of # unsecure data. Useful to shield the users of this validator from diff --git a/doc/unbound.conf.5.in b/doc/unbound.conf.5.in index 389f0f13b..3e2ee1112 100644 --- a/doc/unbound.conf.5.in +++ b/doc/unbound.conf.5.in @@ -501,7 +501,7 @@ you are debugging signature inception and expiration. .B val\-bogus\-ttl: \fI The time to live for bogus data. This is data that has failed validation; due to invalid signatures or other checks. The TTL from that data cannot be -trusted, and this value is used instead. The value is in seconds, default 900. +trusted, and this value is used instead. The value is in seconds, default 60. The time interval prevents repeated revalidation of bogus data. .TP .B val\-clean\-additional: \fI diff --git a/iterator/iter_utils.c b/iterator/iter_utils.c index 4cbd5da27..a9db4179b 100644 --- a/iterator/iter_utils.c +++ b/iterator/iter_utils.c @@ -207,6 +207,10 @@ iter_filter_order(struct iter_env* iter_env, struct module_env* env, &low_rtt); if(got_num == 0) return 0; + if(low_rtt >= USEFUL_SERVER_TOP_TIMEOUT && + delegpt_count_missing_targets(dp) > 0) + return 0; /* we want more choice. The best choice is a bad one. + return 0 to force the caller to fetch more */ got_num = 0; a = dp->result_list; diff --git a/util/config_file.c b/util/config_file.c index a083aee68..a56ef0c7e 100644 --- a/util/config_file.c +++ b/util/config_file.c @@ -99,7 +99,7 @@ config_create() cfg->rrset_cache_slabs = 4; cfg->host_ttl = 900; cfg->lame_ttl = 900; - cfg->bogus_ttl = 900; + cfg->bogus_ttl = 60; cfg->max_ttl = 3600 * 24; cfg->infra_cache_slabs = 4; cfg->infra_cache_numhosts = 10000;