upstream/unbound
1
0
Fork 0
mirror of https://github.com/NLnetLabs/unbound.git synced 2025-12-20 23:00:56 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions

- For #1175, the default value of serve-expired-ttl is set to 86400

Browse source 
(1 day) as suggested by RFC8767.
This commit is contained in:
Yorgos Thessalonikefs 2024-12-03 13:09:51 +01:00
parent bd2e66de1e
commit 9de159b96b
5 changed files with 10 additions and 7 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
doc/Changelog
View file

@ -2,6 +2,8 @@
- Merge #1189: Fix the dname_str method to cause conversion errors - Merge #1189: Fix the dname_str method to cause conversion errors
when the domain name length is 255. when the domain name length is 255.
- Merge #1197: dname_str() fixes. - Merge #1197: dname_str() fixes.
- For #1175, the default value of serve-expired-ttl is set to 86400
(1 day) as suggested by RFC8767.
22 November 2024: Yorgos 22 November 2024: Yorgos
- Fix #1175: serve-expired does not adhere to secure-by-default - Fix #1175: serve-expired does not adhere to secure-by-default

2
doc/example.conf.in
View file

@ -737,7 +737,7 @@ server:
# #
# Limit serving of expired responses to configured seconds after # Limit serving of expired responses to configured seconds after
# expiration. 0 disables the limit. # expiration. 0 disables the limit.
# serve-expired-ttl: 0 # serve-expired-ttl: 86400
# #
# Set the TTL of expired records to the serve-expired-ttl value after a # Set the TTL of expired records to the serve-expired-ttl value after a
# failed attempt to retrieve the record from upstream. This makes sure # failed attempt to retrieve the record from upstream. This makes sure

9
doc/unbound.conf.5.in
View file

@ -1408,10 +1408,11 @@ out or is taking more than serve\-expired\-client\-timeout to resolve.
Default is "no". Default is "no".
.TP .TP
.B serve\-expired\-ttl: \fI<seconds> .B serve\-expired\-ttl: \fI<seconds>
Limit serving of expired responses to configured seconds after expiration. 0 Limit serving of expired responses to configured seconds after expiration.
disables the limit. This option only applies when \fBserve\-expired\fR is 0 disables the limit.
enabled. A suggested value per RFC 8767 is between This option only applies when \fBserve\-expired\fR is enabled.
86400 (1 day) and 259200 (3 days). The default is 0. A suggested value per RFC 8767 is between 86400 (1 day) and 259200 (3 days).
The default is 86400.
.TP .TP
.B serve\-expired\-ttl\-reset: \fI<yes or no> .B serve\-expired\-ttl\-reset: \fI<yes or no>
Set the TTL of expired records to the \fBserve\-expired\-ttl\fR value after a Set the TTL of expired records to the \fBserve\-expired\-ttl\fR value after a

2
util/config_file.c
View file

@ -280,7 +280,7 @@ config_create(void)
cfg->ignore_cd = 0; cfg->ignore_cd = 0;
cfg->disable_edns_do = 0; cfg->disable_edns_do = 0;
cfg->serve_expired = 0; cfg->serve_expired = 0;
cfg->serve_expired_ttl = 0; cfg->serve_expired_ttl = 86400;
cfg->serve_expired_ttl_reset = 0; cfg->serve_expired_ttl_reset = 0;
cfg->serve_expired_reply_ttl = 30; cfg->serve_expired_reply_ttl = 30;
cfg->serve_expired_client_timeout = 1800; cfg->serve_expired_client_timeout = 1800;

2
util/data/msgreply.c
View file

@ -66,7 +66,7 @@ time_t MIN_NEG_TTL = 0;
/** If we serve expired entries and prefetch them */ /** If we serve expired entries and prefetch them */
int SERVE_EXPIRED = 0; int SERVE_EXPIRED = 0;
/** Time to serve records after expiration */ /** Time to serve records after expiration */
time_t SERVE_EXPIRED_TTL = 0; time_t SERVE_EXPIRED_TTL = 86400;
/** Reset serve expired TTL after failed update attempt */ /** Reset serve expired TTL after failed update attempt */
time_t SERVE_EXPIRED_TTL_RESET = 0; time_t SERVE_EXPIRED_TTL_RESET = 0;
/** TTL to use for expired records */ /** TTL to use for expired records */