mirror of
https://github.com/NLnetLabs/unbound.git
synced 2025-12-20 23:00:56 -05:00
73e408f1d0
- Cached messages that reach 0 TTL are considered expired. This prevents Unbound itself from issuing replies with TTL 0 and possibly causing a thundering herd at the last second. Upstream replies of TTL 0 still get the usual pass-through but they are not considered for caching from Unbound or any of its caching modules. - 'serve-expired-reply-ttl' is changed and is now capped by the original TTL value of the record to try and make some sense when replying with expired records. - TTL decoding was updated to adhere to RFC8767 section 4 where a set high-order bit means the value is positive instead of 0.
101 lines
2.1 KiB
Text
101 lines
2.1 KiB
Text
; config options go here.
|
|
server:
|
|
serve-expired: yes
|
|
serve-expired-ttl: 1
|
|
serve-expired-ttl-reset: yes
|
|
serve-expired-reply-ttl: 123
|
|
serve-expired-client-timeout: 0
|
|
ede: yes
|
|
ede-serve-expired: yes
|
|
forward-zone: name: "." forward-addr: 216.0.0.1
|
|
CONFIG_END
|
|
SCENARIO_BEGIN Serve expired ttl with reset on forwarder with a timeout on upstream query
|
|
; Scenario overview:
|
|
; - Send query
|
|
; - Get reply
|
|
; - Wait for it to expire (+ serve-expired-ttl)
|
|
; - Send query again
|
|
; - Upstream timeouts
|
|
; - Error response from iterator SERVFAIL, resets expired-ttl on cache and sets norec_ttl blocking recursion
|
|
; - Check we are getting the cached response because it was expired-ttl-reset
|
|
; - Query again
|
|
; - Check we are getting the expired answer; prefetching is blocked by norec_ttl
|
|
; - If there was prefetching the test would fail with the pending upstream query
|
|
|
|
STEP 1 QUERY
|
|
ENTRY_BEGIN
|
|
REPLY RD
|
|
SECTION QUESTION
|
|
www.example.com. IN A
|
|
ENTRY_END
|
|
|
|
; Upstream reply
|
|
STEP 2 REPLY
|
|
ENTRY_BEGIN
|
|
REPLY QR AA NOERROR
|
|
SECTION QUESTION
|
|
www.example.com. IN A
|
|
SECTION ANSWER
|
|
www.example.com. 200 IN A 0.0.0.0
|
|
ENTRY_END
|
|
|
|
STEP 3 CHECK_ANSWER
|
|
ENTRY_BEGIN
|
|
MATCH all ttl
|
|
REPLY QR RA RD NOERROR
|
|
SECTION QUESTION
|
|
www.example.com. IN A
|
|
SECTION ANSWER
|
|
www.example.com. 200 IN A 0.0.0.0
|
|
ENTRY_END
|
|
|
|
; Expire the record (+ serve-expired-ttl)
|
|
STEP 4 TIME_PASSES ELAPSE 201
|
|
|
|
STEP 5 QUERY
|
|
ENTRY_BEGIN
|
|
REPLY RD DO
|
|
SECTION QUESTION
|
|
www.example.com. IN A
|
|
ENTRY_END
|
|
|
|
; But the pending query times out!
|
|
; outbound-msg-retry times timeout.
|
|
STEP 6 TIMEOUT
|
|
STEP 7 TIMEOUT
|
|
STEP 8 TIMEOUT
|
|
STEP 9 TIMEOUT
|
|
STEP 10 TIMEOUT
|
|
|
|
; Returns
|
|
; but error response from iterator resets the expired ttl
|
|
STEP 11 CHECK_ANSWER
|
|
ENTRY_BEGIN
|
|
MATCH all ttl ede=3
|
|
REPLY QR RA RD DO NOERROR
|
|
SECTION QUESTION
|
|
www.example.com. IN A
|
|
SECTION ANSWER
|
|
www.example.com. 123 IN A 0.0.0.0
|
|
ENTRY_END
|
|
|
|
; Query again
|
|
STEP 12 QUERY
|
|
ENTRY_BEGIN
|
|
REPLY RD DO
|
|
SECTION QUESTION
|
|
www.example.com. IN A
|
|
ENTRY_END
|
|
|
|
; Check that we get the expired answer
|
|
STEP 13 CHECK_ANSWER
|
|
ENTRY_BEGIN
|
|
MATCH all ttl ede=3
|
|
REPLY QR RA RD DO NOERROR
|
|
SECTION QUESTION
|
|
www.example.com. IN A
|
|
SECTION ANSWER
|
|
www.example.com. 123 IN A 0.0.0.0
|
|
ENTRY_END
|
|
|
|
SCENARIO_END
|