- serve-expired config option: serve expired responses with TTL 0.

git-svn-id: http://unbound.nlnetlabs.nl/svn/trunk@3903 be551aaa-1e26-0410-a405-d3ace91eadb9

daemon/worker.c

@@ -557,17 +557,25 @@ answer_from_cache(struct worker* worker, struct query_info* qinfo,
 	int secure;
 	int must_validate = (!(flags&BIT_CD) || worker->env.cfg->ignore_cd)
 		&& worker->env.need_to_validate;
-	/* see if it is possible */
-	if(rep->ttl < timenow) {
-		/* the rrsets may have been updated in the meantime.
-		 * we will refetch the message format from the
-		 * authoritative server 
-		 */
-		return 0;
+	if(worker->env.cfg->serve_expired) {
+		/* always lock rrsets, rep->ttl is ignored */
+		if(!rrset_array_lock(rep->ref, rep->rrset_count, 0))
+			return 0;
+		/* below, rrsets with ttl before timenow become TTL 0 in
+		 * the response */
+	} else {
+		/* see if it is possible */
+		if(rep->ttl < timenow) {
+			/* the rrsets may have been updated in the meantime.
+			 * we will refetch the message format from the
+			 * authoritative server 
+			 */
+			return 0;
+		}
+		if(!rrset_array_lock(rep->ref, rep->rrset_count, timenow))
+			return 0;
+		/* locked and ids and ttls are OK. */
 	}
-	if(!rrset_array_lock(rep->ref, rep->rrset_count, timenow))
-		return 0;
-	/* locked and ids and ttls are OK. */
 	/* check CNAME chain (if any) */
 	if(rep->an_numrrsets > 0 && (rep->rrsets[0]->rk.type == 
 		htons(LDNS_RR_TYPE_CNAME) || rep->rrsets[0]->rk.type == 
@@ -1019,10 +1027,14 @@ worker_handle_request(struct comm_point* c, void* arg, int error,
 			sldns_buffer_read_u16_at(c->buffer, 2), repinfo, 
 			&edns)) {
 			/* prefetch it if the prefetch TTL expired */
-			if(worker->env.cfg->prefetch && *worker->env.now >=
-				((struct reply_info*)e->data)->prefetch_ttl) {
+			if((worker->env.cfg->prefetch && *worker->env.now >=
+				((struct reply_info*)e->data)->prefetch_ttl)
+				|| worker->env.cfg->serve_expired) {
 				time_t leeway = ((struct reply_info*)e->
 					data)->ttl - *worker->env.now;
+				if(((struct reply_info*)e->data)->ttl
+					< *worker->env.now)
+					leeway = 0;
 				lock_rw_unlock(&e->lock);
 				reply_and_prefetch(worker, &qinfo, 
 					sldns_buffer_read_u16_at(c->buffer, 2),

doc/Changelog

@@ -1,3 +1,6 @@
+24 October 2016: Wouter
+	- serve-expired config option: serve expired responses with TTL 0.
+
 21 October 2016: Wouter
 	- Ported tests for local_cname unit test to testbound framework.
 

doc/example.conf.in

@@ -486,6 +486,10 @@ server:
 	# that set CD but cannot validate themselves.
 	# ignore-cd-flag: no
 
+	# Serve expired reponses from cache, with TTL 0 in the response,
+	# and then attempt to fetch the data afresh.
+	# serve-expired: no
+
 	# Have the validator log failed validations for your diagnosis.
 	# 0: off. 1: A line per failed user query. 2: With reason and bad IP.
 	# val-log-level: 0

doc/unbound.conf.5.in

@@ -869,6 +869,11 @@ servers that set the CD flag but cannot validate DNSSEC themselves are
 the clients, and then unbound provides them with DNSSEC protection.
 The default value is "no".
 .TP
+.B serve\-expired: \fI<yes or no>
+If enabled, unbound attempts to serve old responses from cache with a
+TTL of 0 in the response without waiting for the actual resolution to finish.
+The actual resolution answer ends up in the cache later on.  Default is "no".
+.TP
 .B val\-nsec3\-keysize\-iterations: \fI<"list of values">
 List of keysize and iteration count values, separated by spaces, surrounded
 by quotes. Default is "1024 150 2048 500 4096 2500". This determines the

util/config_file.c

@@ -203,6 +203,7 @@ config_create(void)
 	cfg->val_log_squelch = 0;
 	cfg->val_permissive_mode = 0;
 	cfg->ignore_cd = 0;
+	cfg->serve_expired = 0;
 	cfg->add_holddown = 30*24*3600;
 	cfg->del_holddown = 30*24*3600;
 	cfg->keep_missing = 366*24*3600; /* one year plus a little leeway */
@@ -455,6 +456,7 @@ int config_set_option(struct config_file* cfg, const char* opt,
 	else S_YNO("log-queries:", log_queries)
 	else S_YNO("val-permissive-mode:", val_permissive_mode)
 	else S_YNO("ignore-cd-flag:", ignore_cd)
+	else S_YNO("serve-expired:", serve_expired)
 	else S_STR("val-nsec3-keysize-iterations:", val_nsec3_key_iterations)
 	else S_UNSIGNED_OR_ZERO("add-holddown:", add_holddown)
 	else S_UNSIGNED_OR_ZERO("del-holddown:", del_holddown)
@@ -751,6 +753,7 @@ config_get_option(struct config_file* cfg, const char* opt,
 	else O_DEC(opt, "val-log-level", val_log_level)
 	else O_YNO(opt, "val-permissive-mode", val_permissive_mode)
 	else O_YNO(opt, "ignore-cd-flag", ignore_cd)
+	else O_YNO(opt, "serve-expired", serve_expired)
 	else O_STR(opt, "val-nsec3-keysize-iterations",val_nsec3_key_iterations)
 	else O_UNS(opt, "add-holddown", add_holddown)
 	else O_UNS(opt, "del-holddown", del_holddown)

util/config_file.h

@@ -275,6 +275,8 @@ struct config_file {
 	int val_permissive_mode;
 	/** ignore the CD flag in incoming queries and refuse them bogus data */
 	int ignore_cd;
+	/** serve expired entries and prefetch them */
+	int serve_expired;
 	/** nsec3 maximum iterations per key size, string */
 	char* val_nsec3_key_iterations;
 	/** autotrust add holddown time, in seconds */