Skip to content

Bad interaction with 0 TTL records and serve-expired #860

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
saksham-m opened this issue Mar 9, 2023 · 0 comments
Closed

Bad interaction with 0 TTL records and serve-expired #860

saksham-m opened this issue Mar 9, 2023 · 0 comments

Comments

@saksham-m
Copy link

Describe the bug

NXDOMAIN will get stuck in the cache with serve-expired: yes when the new record is 0 TTL

To reproduce
Steps to reproduce the behavior:

  1. serve-expired: yes
  2. Let us say host.example.com is NXDOMAIN. This will be cached according to the SOA TTL
  3. Now add a new record for host.example.com with TTL 0.
  4. Cache will forever serve NXDOMAIN as the new record is not allowed to be cached (Log shown: debug: TTL 0: dropped msg from cache)

Expected behavior
Cache should eventually recover without the need to flush the domain.

Other notes

removing the FLAGS_GET_RCODE(rep->flags) != LDNS_RCODE_NXDOMAIN &&
check in line 629 of worker.c resolves the issue.

But of course, that means we will always resolve NXDOMAIN answers and not serve-expired

  1. Setting cache-min-ttl: 1 also resolves the issue by forcing cache to write the new record.

System:

  • Unbound version:
  • OS: linux
  • unbound -V output:

saksham@lhotse:/tmp/unbound-1.17.1$ sudo unbound -V
Version 1.17.1

Configure line:
Linked libs: mini-event internal (it uses select), OpenSSL 1.1.1f 31 Mar 2020
Linked modules: dns64 respip validator iterator

Additional information
Add any other information that you may have gathered about the issue here.
Philip-NLnetLabs added a commit that referenced this issue Mar 22, 2023
@Philip-NLnetLabs
Fix issue #860: Bad interaction with 0 TTL records and serve-expired
9d7b1d3
@Philip-NLnetLabs Philip-NLnetLabs mentioned this issue Mar 22, 2023
Merged
Philip-NLnetLabs added a commit that referenced this issue Apr 26, 2023
@Philip-NLnetLabs
Changelog for #860
a50ddd7
jedisct1 added a commit to jedisct1/unbound that referenced this issue May 25, 2023
@jedisct1
Merge remote-tracking branch 'nlnet/master'
cb8d41e 
* nlnet/master: (39 commits)
  - Fix unbound-dnstap-socket time fraction conversion for printout.
  - Fix unbound-dnstap-socket printout when no query is present.
  - Fix to remove unused variables from RPZ clientip data structure.
  - Fix RPZ removal of client-ip, nsip, nsdname triggers from IXFR.
  - Fix to print debug log for ancillary data with correct IP address.
  - Fix NLnetLabs#888: [FR] Use kernel timestamps for dnstap.
  - Fix warning in windows compile, in set_recvtimestamp.
  - Fix doxygen in addr_to_nat64 header definition.
  - Fix to remove unused whitespace from acx_nlnetlabs.m4 and config.h.
  - Fix NLnetLabs#885: Error: util/configlexer.c: No such file or directory,   adds error messages explaining to install flex and bison.
  Changelog entry for NLnetLabs#722: - Merge NLnetLabs#722 from David 'eqvinox' Lamparter: NAT64 support. - For NLnetLabs#722: minor fixes, formatting, refactoring.
  - For NLnetLabs#722: Minor fixes, formatting and refactoring.
  - Fix RPZ IP responses with trigger rpz-drop on cache entries, that   they are dropped.
  Changelog for NLnetLabs#860
  Remove msg_del_for_0ttl, call msg_cache_remove directly
  - Fix for NLnetLabs#882: document variable to stop doxygen warning.
  - Fix for NLnetLabs#882: small changes, date updated in Copyright for   util/timeval_func.c and util/timeval_func.h. Man page entries and   example entry.
  stats: add query max wait time metric
  stats: add counter for timed out queries
  config: add sock_queue_timeout configuration
  ...
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@saksham-m