Merge branch '1877-reduce-default-for-max-stale-ttl-to-something-more-reasonable-12-hours-or-similar-v9_16' into 'v9_16'

Resolve "Reduce default for max-stale-ttl to something more reasonable - 12 hours or similar" (v9.16)

See merge request isc-projects/bind9!3628

CHANGES

@@ -1,3 +1,6 @@
+5425.	[func]		The default value of "max-stale-ttl" has been change
+			from 1 week to 12 hours. [GL #1877]
+
 5424.	[bug]		With kasp, when creating a successor key, the goal
 			state of the current active key (predecessor) was not
 			changed and thus was never is removed from the zone.

bin/named/config.c

@@ -169,7 +169,7 @@ options {\n\
 	max-ncache-ttl 10800; /* 3 hours */\n\
 	max-recursion-depth 7;\n\
 	max-recursion-queries 75;\n\
-	max-stale-ttl 604800; /* 1 week */\n\
+	max-stale-ttl 43200; /* 12 hours */\n\
 	message-compression yes;\n\
 	min-ncache-ttl 0; /* 0 hours */\n\
 	min-cache-ttl 0; /* 0 seconds */\n\

bin/tests/system/serve-stale/tests.sh

@@ -22,6 +22,8 @@ waitfile () {
     done
 }
 
+max_stale_ttl=$(sed -ne 's,^[[:space:]]*max-stale-ttl \([[:digit:]]*\).*,\1,p' $TOP/bin/named/config.c)
+
 status=0
 n=0
 
@@ -724,7 +726,7 @@ n=$((n+1))
 echo_i "check 'rndc serve-stale status' ($n)"
 ret=0
 $RNDCCMD 10.53.0.3 serve-stale status > rndc.out.test$n 2>&1 || ret=1
-grep '_default: off (stale-answer-ttl=1 max-stale-ttl=604800)' rndc.out.test$n > /dev/null || ret=1
+grep "_default: off (stale-answer-ttl=1 max-stale-ttl=$max_stale_ttl)" rndc.out.test$n > /dev/null || ret=1
 if [ $ret != 0 ]; then echo_i "failed"; fi
 status=$((status+ret))
 
@@ -805,7 +807,7 @@ n=$((n+1))
 echo_i "check 'rndc serve-stale status' ($n)"
 ret=0
 $RNDCCMD 10.53.0.3 serve-stale status > rndc.out.test$n 2>&1 || ret=1
-grep '_default: on (rndc) (stale-answer-ttl=1 max-stale-ttl=604800)' rndc.out.test$n > /dev/null || ret=1
+grep "_default: on (rndc) (stale-answer-ttl=1 max-stale-ttl=$max_stale_ttl)" rndc.out.test$n > /dev/null || ret=1
 if [ $ret != 0 ]; then echo_i "failed"; fi
 status=$((status+ret))
 
@@ -952,7 +954,7 @@ n=$((n+1))
 echo_i "check 'rndc serve-stale status' ($n)"
 ret=0
 $RNDCCMD 10.53.0.4 serve-stale status > rndc.out.test$n 2>&1 || ret=1
-grep '_default: off (stale-answer-ttl=1 max-stale-ttl=604800)' rndc.out.test$n > /dev/null || ret=1
+grep "_default: off (stale-answer-ttl=1 max-stale-ttl=$max_stale_ttl)" rndc.out.test$n > /dev/null || ret=1
 if [ $ret != 0 ]; then echo_i "failed"; fi
 status=$((status+ret))
 

doc/arm/reference.rst

@@ -3274,7 +3274,7 @@ Tuning
    If stale answers are enabled, ``max-stale-ttl`` sets the maximum time
    for which the server retains records past their normal expiry to
    return them as stale records, when the servers for those records are
-   not reachable. The default is 1 week. The minimum allowed is 1
+   not reachable. The default is 12 hours. The minimum allowed is 1
    second; a value of 0 is updated silently to 1 second.
 
    For stale answers to be returned, they must be enabled, either in the

doc/notes/notes-current.rst

@@ -37,6 +37,9 @@ Feature Changes
 
 .. _relnotes-9.16.4-bugs:
 
+-  The default value of ``max-stale-ttl`` has changed from 1 week to
+   12 hours. [GL #1877]
+
 Bug Fixes
 ---------
 
@@ -52,4 +55,3 @@ Bug Fixes
 -  With dnssec-policy, when creating a successor key, the goal state of
    the current active key (the predecessor) was not changed and thus was
    never is removed from the zone. [GL #1846]
-