While there, add a few entries to the upgrade guide.
SyncRes::clearECSStats();
SyncRes::s_ecsipv4cachelimit = ::arg().asNum("ecs-ipv4-cache-bits");
SyncRes::s_ecsipv6cachelimit = ::arg().asNum("ecs-ipv6-cache-bits");
+ SyncRes::s_ecsipv4nevercache = ::arg().mustDo("ecs-ipv4-never-cache");
+ SyncRes::s_ecsipv6nevercache = ::arg().mustDo("ecs-ipv6-never-cache");
SyncRes::s_ecscachelimitttl = ::arg().asNum("ecs-cache-limit-ttl");
SyncRes::s_qnameminimization = ::arg().mustDo("qname-minimization");
- Default: 24
Maximum number of bits of client IPv4 address used by the authoritative server (as indicated by the EDNS Client Subnet scope in the answer) for an answer to be inserted into the query cache. This condition applies in conjunction with ``ecs-cache-limit-ttl``.
-That is, only if both the limits apply, the record will not be cached.
+That is, only if both the limits apply, the record will not be cached. This decision can be overridden by ``ecs-ipv4-never-cache`` and ``ecs-ipv6-never-cache``.
.. _setting-ecs-ipv6-bits:
- Default: 56
Maximum number of bits of client IPv6 address used by the authoritative server (as indicated by the EDNS Client Subnet scope in the answer) for an answer to be inserted into the query cache. This condition applies in conjunction with ``ecs-cache-limit-ttl``.
-That is, only if both the limits apply, the record will not be cached.
+That is, only if both the limits apply, the record will not be cached. This decision can be overridden by ``ecs-ipv4-never-cache`` and ``ecs-ipv6-never-cache``.
+
+.. _setting-ecs-ipv4-never-cache:
+
+``ecs-ipv4-never-cache``
+------------------------
+.. versionadded:: 4.5.0
+
+- Boolean
+- Default: no
+
+When set, never cache replies carrying EDNS IPv4 Client Subnet scope in the record cache.
+In this case the decision made by ```ecs-ipv4-cache-bits`` and ``ecs-cache-limit-ttl`` is no longer relevant.
+
+.. _setting-ecs-ipv6-never-cache:
+
+``ecs-ipv6-never-cache``
+------------------------
+.. versionadded:: 4.5.0
+
+- Boolean
+- Default: no
+
+When set, never cache replies carrying EDNS IPv6 Client Subnet scope in the record cache.
+In this case the decision made by ```ecs-ipv6-cache-bits`` and ``ecs-cache-limit-ttl`` is no longer relevant.
.. _setting-ecs-minimum-ttl-override:
- Default: 0 (disabled)
The minimum TTL for an ECS-specific answer to be inserted into the query cache. This condition applies in conjunction with ``ecs-ipv4-cache-bits`` or ``ecs-ipv6-cache-bits``.
-That is, only if both the limits apply, the record will not be cached.
+That is, only if both the limits apply, the record will not be cached. This decision can be overridden by ``ecs-ipv4-never-cache`` and ``ecs-ipv6-never-cache``.
.. _setting-ecs-scope-zero-address:
- For :ref:`setting-new-domain-whitelist` use :ref:`setting-new-domain-ignore-list`.
- For :ref:`setting-snmp-master-socket` use :ref:`setting-snmp-daemon-socket`.
- For the LUA config function :func:`rpzMaster` use :func:`rpzPrimary`.
-
+
Currently, the older setting names are also accepted and used.
The next release will start deprecating them.
Users are advised to start using the new names to avoid future
trouble.
+New Settings
+^^^^^^^^^^^^
+- The :ref:`setting-extended-resolution-errors` has been added, enabling adding EDNS Extended Errors to responses.
+- The :ref:`setting-refresh-on-ttl-perc`, enabling an automatic cache-refresh mechanism,
+- The :ref:`setting-ecs-ipv4-never-cache` and :ref:`setting-ecs-ipv6-never-cache` settings have been added, allowing an overrule of the existing decision whether to to cache EDNS responses carrying subnet information.
+
Deprecated and changed settings
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
- The :ref:`setting-minimum-ttl-override` and :ref:`setting-ecs-minimum-ttl-override` defaults have ben changed from 0 to 1.
- The :ref:`setting-spoof-nearmiss-max` default has been changed from 20 to 1.
+Removed settings
+^^^^^^^^^^^^^^^^
+- The :ref:`setting-query-local-address6` has been removed. It already was deprecated.
+
4.3.x to 4.4.0
--------------
uint8_t SyncRes::s_ecsipv6limit;
uint8_t SyncRes::s_ecsipv4cachelimit;
uint8_t SyncRes::s_ecsipv6cachelimit;
+bool SyncRes::s_ecsipv4nevercache;
+bool SyncRes::s_ecsipv6nevercache;
bool SyncRes::s_doIPv4;
bool SyncRes::s_doIPv6;
bool doCache = true;
if (i->first.place == DNSResourceRecord::ANSWER && ednsmask) {
+ const bool isv4 = ednsmask->isIPv4();
+ if ((isv4 && s_ecsipv4nevercache) || (!isv4 && s_ecsipv6nevercache)) {
+ doCache = false;
+ }
// If ednsmask is relevant, we do not want to cache if the scope prefix length is large and TTL is small
- if (SyncRes::s_ecscachelimitttl > 0) {
- bool manyMaskBits = (ednsmask->isIPv4() && ednsmask->getBits() > SyncRes::s_ecsipv4cachelimit) ||
- (ednsmask->isIPv6() && ednsmask->getBits() > SyncRes::s_ecsipv6cachelimit);
+ if (doCache && s_ecscachelimitttl > 0) {
+ bool manyMaskBits = (isv4 && ednsmask->getBits() > s_ecsipv4cachelimit) ||
+ (!isv4 && ednsmask->getBits() > s_ecsipv6cachelimit);
if (manyMaskBits) {
uint32_t minttl = UINT32_MAX;
if (it.d_ttl < minttl)
minttl = it.d_ttl;
}
- bool ttlIsSmall = minttl < SyncRes::s_ecscachelimitttl + d_now.tv_sec;
+ bool ttlIsSmall = minttl < s_ecscachelimitttl + d_now.tv_sec;
if (ttlIsSmall) {
// Case: many bits and ttlIsSmall
doCache = false;
static uint8_t s_ecsipv6limit;
static uint8_t s_ecsipv4cachelimit;
static uint8_t s_ecsipv6cachelimit;
+ static bool s_ecsipv4nevercache;
+ static bool s_ecsipv6nevercache;
+
static bool s_doIPv4;
static bool s_doIPv6;
static bool s_noEDNSPing;
projects / thirdparty / pdns.git / commitdiff
