current delegation information be updated in cache. The fix allows
current delegation and validation recursion information to be
updated, but as a consequence no longer has certain expired
information around for later dnssec valid expired responses.
- Fix cache update when serve expired is used in order to not evict
still usable expired records. Modules are forbidden to update the
cache if their answer is DNSSEC unchecked or bogus and a valid
(expired) entry already exists. Bogus replies from the validator are
also discarded in favor of existing (expired) valid replies.
- serve-expired-ttl-reset should try to keep expired records in the
cache in case they are reset.
`harden-unverified-glue`, from Karthik Umashankar (Microsoft).
Enabling this option protects the Unbound resolver against bad
glue, that is unverified out of zone glue, by resolving them.
It uses the records as last resort if there is no other working
glue.
performed, so that with nonzero target-fetch-policy it fetches
forwarder addresses and uses them from cache. Also updated that
delegation point cache fill routines use CDflag for AAAA message
lookups, so that its negative lookup stops a recursion since the
cache uses the bit for disambiguation for dns64 but the recursion
uses CDflag for the AAAA target lookups, so the check correctly
stops a useless recursion by its cache lookup.
up to parent to not cause delegation invalidation because of an
expired child delegation that would never be updated. Most likely to
happen without qname-minimisation. Reported by Roland van Rijswijk-Deij.
- Fix SEGFAULT in load_cache control command.
- Change reason_bogus_str to an explicit NULL-terminated string.
- Fix potential memory leak when discarding a message for referrals and
0 TTL answers.
- Fix reason_bogus initialization in localzone answers.
- reply_info creation in validator is always regional.
This is a fix for issue #713
When infra-keep-probing is on, all hosts with expired entries were treated as
unresponsive servers and thus causing problems (see #713).
This commit change that, so that normal hosts with expired entries are treated
as unknown servers.
