- Fix cache update when serve expired is used in order to not evict
still usable expired records. Modules are forbidden to update the
cache if their answer is DNSSEC unchecked or bogus and a valid
(expired) entry already exists. Bogus replies from the validator are
also discarded in favor of existing (expired) valid replies.
- serve-expired-ttl-reset should try to keep expired records in the
cache in case they are reset.
- Fix unbound-control commands that read stdin in multi-process
operation (local_zones_remove, local_zones, local_datas_remove,
local_datas, view_local_datas_remove, view_local_datas). They will
be properly distributed to all processes. dump_cache and load_cache
are no longer supported in multi-process operation.
- Remove testdata/remote-threaded.tdir. testdata/09-unbound-control.tdir
now checks both single and multi process/thread operation.
---------
Co-authored-by: Wouter Wijngaards <wcawijngaards@users.noreply.github.com>
fast reload, move most of the locking management to iter_fwd and
iter_hints methods. The caller still has the ability to handle its
own locking, if desired, for atomic operations on sets of different
structs.
Co-authored-by: Wouter Wijngaards <wcawijngaards@users.noreply.github.com>
forward_add and forward_delete should be distributed to other processes,
but when threaded, they should not be distributed to other threads because
the structure is not thread specific any more.
Add counter `num_queries_timed_out` meaning queries that were sitting in the
socket queue and waiting to being processed too long. There is no reason
to process such queries, so let's drop it in the very beginning of the
pipeline.
Signed-off-by: Vadim Fedorenko <vadfed@meta.com>
There are several definitions of the same functions manipulating timeval
structures. Let's move them to separate file and arrange the code
preperly.
Signed-off-by: Vadim Fedorenko <vadfed@meta.com>
Remove config parser/lexer code as it's rebuilded every time but can
break adding new config options.
Also clean up the code base to avoid mixing actual code changes and lint
issues.
Signed-off-by: Vadim Fedorenko <vadfed@meta.com>
Change mode first when configuring remote control unix socket. Some
security systems might strip capability of changing other user's system
even to process with effective uid 0. That is done on Fedora by SELinux
policy and systemd for example. SELinux audit then shows errors, because
unbound tries modifying permissions of not own file. Fix just by mode
change as first step, make it owned by unbound:unbound user as the last
step only.
Related: rhbz#1905441
