From: W.C.A. Wijngaards Date: Fri, 12 Apr 2024 12:22:18 +0000 (+0200) Subject: - Fixup cachedb to not refetch when serve-expired-client-timeout is X-Git-Tag: release-1.20.0rc1~23 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=491b56d051b1d5271d62c6064fbcc21780ab0122;p=thirdparty%2Funbound.git - Fixup cachedb to not refetch when serve-expired-client-timeout is used. --- diff --git a/cachedb/cachedb.c b/cachedb/cachedb.c index 2ce5bdb8d..9985588e1 100644 --- a/cachedb/cachedb.c +++ b/cachedb/cachedb.c @@ -628,6 +628,7 @@ parse_data(struct module_qstate* qstate, struct sldns_buffer* buf, * 'now' should be redundant given how these values were calculated, * but we check it just in case as does good_expiry_and_qinfo(). */ if(qstate->env->cfg->serve_expired && + !qstate->env->cfg->serve_expired_client_timeout && (adjust == -1 || (time_t)expiry < *qstate->env->now)) { qstate->need_refetch = 1; } diff --git a/doc/Changelog b/doc/Changelog index d9d77dcf4..6a2cd0ad7 100644 --- a/doc/Changelog +++ b/doc/Changelog @@ -2,6 +2,8 @@ - Fix cachedb for serve-expired with serve-expired-client-timeout. - Fixup unit test for cachedb server expired client timeout with a check if response if from upstream or from cachedb. + - Fixup cachedb to not refetch when serve-expired-client-timeout is + used. 10 April 2024: Wouter - Implement cachedb-check-when-serve-expired: yes option, default diff --git a/testdata/cachedb_subnet_expired.crpl b/testdata/cachedb_subnet_expired.crpl new file mode 100644 index 000000000..0efed94f4 --- /dev/null +++ b/testdata/cachedb_subnet_expired.crpl @@ -0,0 +1,308 @@ +; config options +server: + target-fetch-policy: "0 0 0 0 0" + qname-minimisation: no + minimal-responses: no + serve-expired: yes + serve-expired-reply-ttl: 30 + ; at least one second, so we can time skip past the timer in the + ; testbound script steps, but also reply within the time. + serve-expired-client-timeout: 1200 + send-client-subnet: 1.2.3.4 + max-client-subnet-ipv4: 17 + ; subnetcache is to the left of cachedb, because it sets no cache + ; store for edns subnet content for modules to the right of it. + ; this keeps subnet content out of cachedb as global content. + module-config: "subnetcache cachedb iterator" + +cachedb: + backend: "testframe" + secret-seed: "testvalue" + cachedb-check-when-serve-expired: yes + +stub-zone: + name: "." + stub-addr: 193.0.14.129 +CONFIG_END + +SCENARIO_BEGIN Test cachedb, subnet and serve-expired-client-timeout. + +; K.ROOT-SERVERS.NET. +RANGE_BEGIN 0 400 + ADDRESS 193.0.14.129 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +. IN NS +SECTION ANSWER +. IN NS K.ROOT-SERVERS.NET. +SECTION ADDITIONAL +K.ROOT-SERVERS.NET. IN A 193.0.14.129 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode subdomain +ADJUST copy_id copy_query +REPLY QR NOERROR +SECTION QUESTION +com. IN NS +SECTION AUTHORITY +com. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END +RANGE_END + +; a.gtld-servers.net. +RANGE_BEGIN 0 400 + ADDRESS 192.5.6.30 +ENTRY_BEGIN +MATCH opcode subdomain +ADJUST copy_id copy_query +REPLY QR NOERROR +SECTION QUESTION +example.com. IN NS +SECTION AUTHORITY +example.com. IN NS ns2.example.com. +SECTION ADDITIONAL +ns2.example.com. IN A 1.2.3.5 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode subdomain +ADJUST copy_id copy_query +REPLY QR NOERROR +SECTION QUESTION +foo.com. IN NS +SECTION AUTHORITY +foo.com. IN NS ns.foo.com. +SECTION ADDITIONAL +ns.foo.com. IN A 1.2.3.4 +ENTRY_END +RANGE_END + +; ns2.example.com. +RANGE_BEGIN 0 30 + ADDRESS 1.2.3.5 +ENTRY_BEGIN +MATCH opcode qname qtype +REPLY QR AA NOERROR +SECTION QUESTION +www.example.com. IN A +SECTION ANSWER +www.example.com. 10 IN A 1.2.3.4 +ENTRY_END +RANGE_END + +; ns2.example.com. - after change +RANGE_BEGIN 40 100 + ADDRESS 1.2.3.5 +ENTRY_BEGIN +MATCH opcode qname qtype +REPLY QR AA NOERROR +SECTION QUESTION +www.example.com. IN A +SECTION ANSWER +www.example.com. 10 IN CNAME example.foo.com. +ENTRY_END +RANGE_END + +; ns.foo.com. +RANGE_BEGIN 40 100 + ADDRESS 1.2.3.4 +ENTRY_BEGIN +MATCH opcode qname qtype ednsdata +REPLY QR AA NOERROR +SECTION QUESTION +example.foo.com. IN A +SECTION ANSWER +example.foo.com. 10 IN A 1.2.3.5 +SECTION ADDITIONAL + HEX_EDNSDATA_BEGIN + ; client is 127.0.0.1 + 00 08 ; OPC + 00 07 ; option length + 00 01 ; Family + 11 00 ; source mask, scopemask + 7f 00 00 ; address + HEX_EDNSDATA_END +ENTRY_END +RANGE_END + +; ns2.example.com. and ns.foo.com - no answer in 110-130. + +; ns2.example.com. - later +RANGE_BEGIN 140 200 + ADDRESS 1.2.3.5 +ENTRY_BEGIN +MATCH opcode qname qtype +REPLY QR AA NOERROR +SECTION QUESTION +www.example.com. IN A +SECTION ANSWER +www.example.com. 10 IN CNAME example.foo.com. +ENTRY_END +RANGE_END + +; ns.foo.com. - later +RANGE_BEGIN 140 200 + ADDRESS 1.2.3.4 +ENTRY_BEGIN +MATCH opcode qname qtype ednsdata +REPLY QR AA NOERROR +SECTION QUESTION +example.foo.com. IN A +SECTION ANSWER +example.foo.com. 10 IN A 1.2.3.6 +SECTION ADDITIONAL + HEX_EDNSDATA_BEGIN + ; client is 127.0.0.1 + 00 08 ; OPC + 00 07 ; option length + 00 01 ; Family + 11 00 ; source mask, scopemask + 7f 00 00 ; address + HEX_EDNSDATA_END +ENTRY_END +RANGE_END + + +; make time not 0 +STEP 2 TIME_PASSES ELAPSE 212 + +; Get an entry in cache. +STEP 4 QUERY +ENTRY_BEGIN +REPLY RD +SECTION QUESTION +www.example.com. IN A +ENTRY_END + +; get the answer for it +STEP 10 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA NOERROR +SECTION QUESTION +www.example.com. IN A +SECTION ANSWER +www.example.com. 10 IN A 1.2.3.4 +ENTRY_END + +; now valid in cache and valid in cachedb, without subnet. +STEP 20 FLUSH_MESSAGE www.example.com. IN A +STEP 30 TIME_PASSES ELAPSE 20 + +; now nothing in cache and cachedb has an expired entry. +; the upstream is updated to CNAME to a subnet zone A record. + +STEP 40 QUERY ADDRESS 127.0.0.1 +ENTRY_BEGIN +REPLY RD +SECTION QUESTION +www.example.com. IN A +ENTRY_END + +STEP 50 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA NOERROR +SECTION QUESTION +www.example.com. IN A +SECTION ANSWER +www.example.com. 10 IN CNAME example.foo.com. +example.foo.com. 10 IN A 1.2.3.5 +ENTRY_END + +; check that subnet has the query in cache. +STEP 58 TIME_PASSES ELAPSE 2 +STEP 60 QUERY ADDRESS 127.0.0.1 +ENTRY_BEGIN +REPLY RD +SECTION QUESTION +www.example.com. IN A +ENTRY_END + +STEP 70 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA NOERROR +SECTION QUESTION +www.example.com. IN A +SECTION ANSWER +www.example.com. 8 IN CNAME example.foo.com. +example.foo.com. 8 IN A 1.2.3.5 +ENTRY_END + +; everything is expired, cache, subnetcache and cachedb. +STEP 80 TIME_PASSES ELAPSE 20 + +; send the query, reply arrives quickly. +STEP 90 QUERY ADDRESS 127.0.0.1 +ENTRY_BEGIN +REPLY RD +SECTION QUESTION +www.example.com. IN A +ENTRY_END + +STEP 100 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA NOERROR +SECTION QUESTION +www.example.com. IN A +SECTION ANSWER +www.example.com. 10 IN CNAME example.foo.com. +example.foo.com. 10 IN A 1.2.3.5 +ENTRY_END + +; everything is expired, cache, subnetcache and cachedb. +STEP 110 TIME_PASSES ELAPSE 20 + +; send the query, but the reply is late, and there is expired data, +; the expired entry from cachedb is used to reply with. +STEP 120 QUERY ADDRESS 127.0.0.1 +ENTRY_BEGIN +REPLY RD +SECTION QUESTION +www.example.com. IN A +ENTRY_END + +STEP 122 TIME_PASSES ELAPSE 2 + +STEP 130 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA NOERROR +SECTION QUESTION +www.example.com. IN A +SECTION ANSWER +www.example.com. 30 IN A 1.2.3.4 +ENTRY_END + +; reply can flow again. +STEP 140 TRAFFIC + +; see the entry now in cache, from the subnetcache. +STEP 142 TIME_PASSES ELAPSE 2 +STEP 150 QUERY ADDRESS 127.0.0.1 +ENTRY_BEGIN +REPLY RD +SECTION QUESTION +www.example.com. IN A +ENTRY_END + +STEP 160 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA NOERROR +SECTION QUESTION +www.example.com. IN A +SECTION ANSWER +www.example.com. 8 IN CNAME example.foo.com. +example.foo.com. 8 IN A 1.2.3.6 +ENTRY_END + +SCENARIO_END