From d85b936898306a0e659a0a02c71977df62a9636d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ond=C5=99ej=20Sur=C3=BD?= Date: Wed, 27 May 2020 17:48:39 +0200 Subject: [PATCH 1/3] Reduce the default value for max-stale-ttl from 1 week to 12 hours Originally, the default value for max-stale-ttl was 1 week, which could and in some scenarios lead to cache exhaustion on a busy resolvers. Picking the default value will always be juggling between value that's useful (e.g. keeping the already cached records after they have already expired and the upstream name servers are down) and not bloating the cache too much (e.g. keeping everything for a very long time). The new default reflects what we think is a reasonable to time to react on both sides (upstream authoritative and downstream recursive). (cherry picked from commit 13fd3ecfab812526a730e21517cc669e4278930f) --- bin/named/config.c | 2 +- bin/tests/system/serve-stale/tests.sh | 8 +++++--- doc/arm/reference.rst | 2 +- 3 files changed, 7 insertions(+), 5 deletions(-) diff --git a/bin/named/config.c b/bin/named/config.c index 862f3e5025..878dcfda50 100644 --- a/bin/named/config.c +++ b/bin/named/config.c @@ -169,7 +169,7 @@ options {\n\ max-ncache-ttl 10800; /* 3 hours */\n\ max-recursion-depth 7;\n\ max-recursion-queries 75;\n\ - max-stale-ttl 604800; /* 1 week */\n\ + max-stale-ttl 43200; /* 12 hours */\n\ message-compression yes;\n\ min-ncache-ttl 0; /* 0 hours */\n\ min-cache-ttl 0; /* 0 seconds */\n\ diff --git a/bin/tests/system/serve-stale/tests.sh b/bin/tests/system/serve-stale/tests.sh index 252eeab994..c1271f5640 100755 --- a/bin/tests/system/serve-stale/tests.sh +++ b/bin/tests/system/serve-stale/tests.sh @@ -22,6 +22,8 @@ waitfile () { done } +max_stale_ttl=$(sed -ne 's,^[[:space:]]*max-stale-ttl \([[:digit:]]*\).*,\1,p' $TOP/bin/named/config.c) + status=0 n=0 @@ -724,7 +726,7 @@ n=$((n+1)) echo_i "check 'rndc serve-stale status' ($n)" ret=0 $RNDCCMD 10.53.0.3 serve-stale status > rndc.out.test$n 2>&1 || ret=1 -grep '_default: off (stale-answer-ttl=1 max-stale-ttl=604800)' rndc.out.test$n > /dev/null || ret=1 +grep "_default: off (stale-answer-ttl=1 max-stale-ttl=$max_stale_ttl)" rndc.out.test$n > /dev/null || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi status=$((status+ret)) @@ -805,7 +807,7 @@ n=$((n+1)) echo_i "check 'rndc serve-stale status' ($n)" ret=0 $RNDCCMD 10.53.0.3 serve-stale status > rndc.out.test$n 2>&1 || ret=1 -grep '_default: on (rndc) (stale-answer-ttl=1 max-stale-ttl=604800)' rndc.out.test$n > /dev/null || ret=1 +grep "_default: on (rndc) (stale-answer-ttl=1 max-stale-ttl=$max_stale_ttl)" rndc.out.test$n > /dev/null || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi status=$((status+ret)) @@ -952,7 +954,7 @@ n=$((n+1)) echo_i "check 'rndc serve-stale status' ($n)" ret=0 $RNDCCMD 10.53.0.4 serve-stale status > rndc.out.test$n 2>&1 || ret=1 -grep '_default: off (stale-answer-ttl=1 max-stale-ttl=604800)' rndc.out.test$n > /dev/null || ret=1 +grep "_default: off (stale-answer-ttl=1 max-stale-ttl=$max_stale_ttl)" rndc.out.test$n > /dev/null || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi status=$((status+ret)) diff --git a/doc/arm/reference.rst b/doc/arm/reference.rst index 7b2eb4c2a4..34904cc208 100644 --- a/doc/arm/reference.rst +++ b/doc/arm/reference.rst @@ -3274,7 +3274,7 @@ Tuning If stale answers are enabled, ``max-stale-ttl`` sets the maximum time for which the server retains records past their normal expiry to return them as stale records, when the servers for those records are - not reachable. The default is 1 week. The minimum allowed is 1 + not reachable. The default is 12 hours. The minimum allowed is 1 second; a value of 0 is updated silently to 1 second. For stale answers to be returned, they must be enabled, either in the From 5e0c510d7977721d65281e4f201761526bac995e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ond=C5=99ej=20Sur=C3=BD?= Date: Wed, 27 May 2020 17:51:56 +0200 Subject: [PATCH 2/3] Add release notes for #1877 (cherry picked from commit fc4f3b92ab0c538305e02c58507855f33eb6c8a4) --- doc/notes/notes-current.rst | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/doc/notes/notes-current.rst b/doc/notes/notes-current.rst index 20f54cbc77..0f06a8a5ed 100644 --- a/doc/notes/notes-current.rst +++ b/doc/notes/notes-current.rst @@ -37,6 +37,9 @@ Feature Changes .. _relnotes-9.16.4-bugs: +- The default value of ``max-stale-ttl`` has changed from 1 week to + 12 hours. [GL #1877] + Bug Fixes --------- @@ -52,4 +55,3 @@ Bug Fixes - With dnssec-policy, when creating a successor key, the goal state of the current active key (the predecessor) was not changed and thus was never is removed from the zone. [GL #1846] - From ae8944a017e5c94d9fb7d03aef78bad9d837942b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ond=C5=99ej=20Sur=C3=BD?= Date: Wed, 27 May 2020 17:52:49 +0200 Subject: [PATCH 3/3] Add CHANGES for #1877 (cherry picked from commit e81728289cedcd8c72728dc1fd92d2f7d0389ea4) --- CHANGES | 3 +++ 1 file changed, 3 insertions(+) diff --git a/CHANGES b/CHANGES index 73d9465dcf..72b8c8bf22 100644 --- a/CHANGES +++ b/CHANGES @@ -1,3 +1,6 @@ +5425. [func] The default value of "max-stale-ttl" has been change + from 1 week to 12 hours. [GL #1877] + 5424. [bug] With kasp, when creating a successor key, the goal state of the current active key (predecessor) was not changed and thus was never is removed from the zone.