- Cached messages that reach 0 TTL are considered expired. This prevents
Unbound itself from issuing replies with TTL 0 and possibly causing a
thundering herd at the last second. Upstream replies of TTL 0 still
get the usual pass-through but they are not considered for caching
from Unbound or any of its caching modules.
- 'serve-expired-reply-ttl' is changed and is now capped by the original
TTL value of the record to try and make some sense when replying
with expired records.
- TTL decoding was updated to adhere to RFC8767 section 4 where a set
high-order bit means the value is positive instead of 0.
- Fixes a regression bug with serve-expired that appeared in 1.22.0
and would not allow the iterator to update the cache with
not-yet-validated entries resulting in increased outgoing traffic.
- Treat serve_expired_norec_ttl as a backoff timer for failed updates of expired records.
- Try to use expired answers instead of SERVFAIL if serve-expired is
enabled even without serve-expired-client-timeout.
- Add suggestion to refresh the cached norec_ttl and expired_ttl when a
response cannot update the usable expired entry.
- Fix cache update when serve expired is used in order to not evict
still usable expired records. Modules are forbidden to update the
cache if their answer is DNSSEC unchecked or bogus and a valid
(expired) entry already exists. Bogus replies from the validator are
also discarded in favor of existing (expired) valid replies.
- serve-expired-ttl-reset should try to keep expired records in the
cache in case they are reset.
