]> git.ipfire.org Git - thirdparty/unbound.git/commitdiff
projects / thirdparty / unbound.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 30d0bf1)
Fixup TTL too large bug for bogus responses.
authorWouter Wijngaards <wouter@nlnetlabs.nl>
Thu, 10 Sep 2009 10:01:36 +0000 (10:01 +0000)
committerWouter Wijngaards <wouter@nlnetlabs.nl>
Thu, 10 Sep 2009 10:01:36 +0000 (10:01 +0000)
git-svn-id: file:///svn/unbound/trunk@1822 be551aaa-1e26-0410-a405-d3ace91eadb9

doc/Changelog patch | blob | blame | history
services/cache/dns.c patch | blob | blame | history
testdata/fwd_bogus.tpkg [new file with mode: 0644] patch | blob
validator/validator.c patch | blob | blame | history

diff --git a/doc/Changelog b/doc/Changelog
index a272e4adf36ffe4ddb5be4e9788a3a4784127c29..bd281e5c021d0909b4da7b710ee2cb672d304ffc 100644 (file)
--- a/doc/Changelog
+++ b/doc/Changelog
@@ -1,3 +1,9 @@
+9 September 2009: Wouter
+       - Fix bug where DNSSEC-bogus messages were marked with too high TTL.
+         The RRsets would still expire at the normal time, but this would
+         keep messages bogus in the cache for too long.
+       - regression test for that bug.
+
 8 September 2009: Wouter
        - fixup printing errors when load_cache, they were printed to the
          SSL connection which broke, now to the log.
diff --git a/services/cache/dns.c b/services/cache/dns.c
index 3712486d1da1cc029eec6859420a29b896c6b361..a152fa726c7c6737583b1a3aac7a51f13b88aedf 100644 (file)
--- a/services/cache/dns.c
+++ b/services/cache/dns.c
@@ -673,6 +673,8 @@ dns_cache_store(struct module_env* env, struct query_info* msgqinf,
        rep = reply_info_copy(msgrep, env->alloc, NULL);
        if(!rep)
                return 0;
+       /* ttl must be relative ;i.e. 0..86400 not  time(0)+86400. 
+        * the env->now is added to message and RRsets in this routine. */
 
        if(is_referral) {
                /* store rrsets */
diff --git a/testdata/fwd_bogus.tpkg b/testdata/fwd_bogus.tpkg
new file mode 100644 (file)
index 0000000..0dede41
Binary files /dev/null and b/testdata/fwd_bogus.tpkg differ
diff --git a/validator/validator.c b/validator/validator.c
index 2e33fd007fc8bd77ea58a696758c320dfefcfde7..27f3fea932e134e6d98a13312e936a497d0b4351 100644 (file)
--- a/validator/validator.c
+++ b/validator/validator.c
@@ -1825,7 +1825,7 @@ processFinished(struct module_qstate* qstate, struct val_qstate* vq,
        /* if the result is bogus - set message ttl to bogus ttl to avoid
         * endless bogus revalidation */
        if(vq->orig_msg->rep->security == sec_status_bogus) {
-               vq->orig_msg->rep->ttl = *qstate->env->now + ve->bogus_ttl;
+               vq->orig_msg->rep->ttl = ve->bogus_ttl;
                if(qstate->env->cfg->val_log_level >= 1) {
                        log_query_info(0, "validation failure", &qstate->qinfo);
                }
Mirror of https://github.com/NLnetLabs/unbound.git