- Fix #4208: 'stub-no-cache' and 'forward-no-cache' not work.
- New and better fix for Fix #4193: Fix that prefetch failure does
not overwrite valid cache entry with SERVFAIL.
+ - auth-zone give SERVFAIL when expired, fallback activates when
+ expired, and this is documented in the man page.
26 November 2018: Wouter
- Fix to not set GLOB_NOSORT so the unbound.conf include: files are
Authority zones can be read from zonefile. And can be kept updated via
AXFR and IXFR. After update the zonefile is rewritten. The update mechanism
uses the SOA timer values and performs SOA UDP queries to detect zone changes.
+.LP
+If the update fetch fails, the timers in the SOA record are used to time
+another fetch attempt. Until the SOA expiry timer is reached. Then the
+zone is expired. When a zone is expired, queries are SERVFAIL, and
+any new serial number is accepted from the master (even if older), and if
+fallback is enabled, the fallback activates to fetch from the upstream instead
+of the SERVFAIL.
.TP
.B name: \fI<zone name>
Name of the authority zone.
*fallback = 1;
return 0;
}
+ if(z->zone_expired) {
+ *fallback = z->fallback_enabled;
+ lock_rw_unlock(&z->lock);
+ return 0;
+ }
/* see what answer that zone would generate */
r = auth_zone_generate_answer(z, qinfo, region, msg, fallback);
lock_rw_unlock(&z->lock);
lock_rw_unlock(&z->lock);
return 0;
}
+ if(z->zone_expired) {
+ if(z->fallback_enabled) {
+ lock_rw_unlock(&z->lock);
+ return 0;
+ }
+ lock_rw_unlock(&z->lock);
+ auth_error_encode(qinfo, env, edns, repinfo, buf, temp,
+ LDNS_RCODE_SERVFAIL);
+ return 1;
+ }
/* answer it from zone z */
r = auth_zone_generate_answer(z, qinfo, temp, &msg, &fallback);
projects / thirdparty / unbound.git / commitdiff
