We need potentially higher privileges when reading key file, but not for
reading cert bundle. Try to update also TLS cert path configured for
remote TLS servers on reload command.
- Merge #1174: Serve expired cache update fixes. Fixes a regression bug
with serve-expired that appeared in 1.22.0 and would not allow the
iterator to update the cache with not-yet-validated entries resulting
in increased outgoing traffic.
- Fixes a regression bug with serve-expired that appeared in 1.22.0
and would not allow the iterator to update the cache with
not-yet-validated entries resulting in increased outgoing traffic.
- Treat serve_expired_norec_ttl as a backoff timer for failed updates of expired records.
- Try to use expired answers instead of SERVFAIL if serve-expired is
enabled even without serve-expired-client-timeout.
- Add suggestion to refresh the cached norec_ttl and expired_ttl when a
response cannot update the usable expired entry.
Fixes#1185 by creating the SSL_CTX for QUIC before chroot and
privilege drop, just like the other SSL_CTX creations.
---------
Co-authored-by: Wouter Wijngaards <wcawijngaards@users.noreply.github.com>
current delegation information be updated in cache. The fix allows
current delegation and validation recursion information to be
updated, but as a consequence no longer has certain expired
information around for later dnssec valid expired responses.
Without the change `make -j16 --shuffle` occasinally fails to build as:
$ make -j16 --shuffle
...
bison -y -d -o util/configparser.c ./util/configparser.y
...
/libtool --tag=CC --mode=compile gcc -I. -I...-openssl-3.3.2-dev/include -I...-libevent-2.1.12-dev/include -I...-expat-2.6.3-dev/include -DSRCDIR=. -g -O2 -flto -fPIE -pthread -o configparser.lo -c util/configparser.c
...
util/configparser.c:755:3: error: expected ',' or '}' at end of input
755 | YYSYMBOL_server_low_rtt = 626, /* server_low_rtt */
| ^
The build failure happens due to this `Makefile.in` rule:
util/configparser.c util/configparser.h: $(srcdir)/util/configparser.y
@-if test ! -d util; then $(INSTALL) -d util; fi
$(YACC) -d -o util/configparser.c $(srcdir)/util/configparser.y
For GNU make that means that each of the targets will attempt the rule
execution when the file is missing: one for .c file and another for .h
file:
https://www.gnu.org/software/make/manual/html_node/Multiple-Targets.html
The workaround is to only run $(YACC) for .c target and use .c as a
pre-requisite for an .h file.
Before the change the build fails about every 10-th run.
After the change no build failures after 100 successful builds.
