- Fixes a regression bug with serve-expired that appeared in 1.22.0
and would not allow the iterator to update the cache with
not-yet-validated entries resulting in increased outgoing traffic.
- Treat serve_expired_norec_ttl as a backoff timer for failed updates of expired records.
- Try to use expired answers instead of SERVFAIL if serve-expired is
enabled even without serve-expired-client-timeout.
- Add suggestion to refresh the cached norec_ttl and expired_ttl when a
response cannot update the usable expired entry.
current delegation information be updated in cache. The fix allows
current delegation and validation recursion information to be
updated, but as a consequence no longer has certain expired
information around for later dnssec valid expired responses.
- Fix cache update when serve expired is used in order to not evict
still usable expired records. Modules are forbidden to update the
cache if their answer is DNSSEC unchecked or bogus and a valid
(expired) entry already exists. Bogus replies from the validator are
also discarded in favor of existing (expired) valid replies.
- serve-expired-ttl-reset should try to keep expired records in the
cache in case they are reset.
