clones/unbound
1
0
Fork 0
mirror of https://github.com/NLnetLabs/unbound.git synced 2024-09-21 14:47:09 +00:00
Code Issues Packages Projects Releases Wiki Activity

- auth-zone give SERVFAIL when expired, fallback activates when

Browse Source 
expired, and this is documented in the man page.


git-svn-id: file:///svn/unbound/trunk@4983 be551aaa-1e26-0410-a405-d3ace91eadb9
This commit is contained in:
Wouter Wijngaards 2018-11-27 12:31:37 +00:00
parent d96de4c222
commit b04e84ab9e
3 changed files with 24 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
doc/Changelog
View File

@ -5,6 +5,8 @@
- Fix #4208: 'stub-no-cache' and 'forward-no-cache' not work.
- New and better fix for Fix #4193: Fix that prefetch failure does
not overwrite valid cache entry with SERVFAIL.
- auth-zone give SERVFAIL when expired, fallback activates when
expired, and this is documented in the man page.
26 November 2018: Wouter
- Fix to not set GLOB_NOSORT so the unbound.conf include: files are

7
doc/unbound.conf.5.in
View File

@ -1614,6 +1614,13 @@ lookups of that data.
Authority zones can be read from zonefile. And can be kept updated via
AXFR and IXFR. After update the zonefile is rewritten. The update mechanism
uses the SOA timer values and performs SOA UDP queries to detect zone changes.
.LP
If the update fetch fails, the timers in the SOA record are used to time
another fetch attempt. Until the SOA expiry timer is reached. Then the
zone is expired. When a zone is expired, queries are SERVFAIL, and
any new serial number is accepted from the master (even if older), and if
fallback is enabled, the fallback activates to fetch from the upstream instead
of the SERVFAIL.
.TP
.B name: \fI<zone name>
Name of the authority zone.

15
services/authzone.c
View File

@ -3169,6 +3169,11 @@ int auth_zones_lookup(struct auth_zones* az, struct query_info* qinfo,
*fallback = 1;
return 0;
}
if(z->zone_expired) {
*fallback = z->fallback_enabled;
lock_rw_unlock(&z->lock);
return 0;
}
/* see what answer that zone would generate */
r = auth_zone_generate_answer(z, qinfo, region, msg, fallback);
lock_rw_unlock(&z->lock);
@ -3256,6 +3261,16 @@ int auth_zones_answer(struct auth_zones* az, struct module_env* env,
lock_rw_unlock(&z->lock);
return 0;
}
if(z->zone_expired) {
if(z->fallback_enabled) {
lock_rw_unlock(&z->lock);
return 0;
}
lock_rw_unlock(&z->lock);
auth_error_encode(qinfo, env, edns, repinfo, buf, temp,
LDNS_RCODE_SERVFAIL);
return 1;
}
/* answer it from zone z */
r = auth_zone_generate_answer(z, qinfo, temp, &msg, &fallback);