From: Wouter Wijngaards Date: Thu, 10 Sep 2009 10:01:36 +0000 (+0000) Subject: Fixup TTL too large bug for bogus responses. X-Git-Tag: release-1.4.0rc1~81 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=dcb11b2ee408577fc53bad414930d45c4d2c0e29;p=thirdparty%2Funbound.git Fixup TTL too large bug for bogus responses. git-svn-id: file:///svn/unbound/trunk@1822 be551aaa-1e26-0410-a405-d3ace91eadb9 --- diff --git a/doc/Changelog b/doc/Changelog index a272e4adf..bd281e5c0 100644 --- a/doc/Changelog +++ b/doc/Changelog @@ -1,3 +1,9 @@ +9 September 2009: Wouter + - Fix bug where DNSSEC-bogus messages were marked with too high TTL. + The RRsets would still expire at the normal time, but this would + keep messages bogus in the cache for too long. + - regression test for that bug. + 8 September 2009: Wouter - fixup printing errors when load_cache, they were printed to the SSL connection which broke, now to the log. diff --git a/services/cache/dns.c b/services/cache/dns.c index 3712486d1..a152fa726 100644 --- a/services/cache/dns.c +++ b/services/cache/dns.c @@ -673,6 +673,8 @@ dns_cache_store(struct module_env* env, struct query_info* msgqinf, rep = reply_info_copy(msgrep, env->alloc, NULL); if(!rep) return 0; + /* ttl must be relative ;i.e. 0..86400 not time(0)+86400. + * the env->now is added to message and RRsets in this routine. */ if(is_referral) { /* store rrsets */ diff --git a/testdata/fwd_bogus.tpkg b/testdata/fwd_bogus.tpkg new file mode 100644 index 000000000..0dede419c Binary files /dev/null and b/testdata/fwd_bogus.tpkg differ diff --git a/validator/validator.c b/validator/validator.c index 2e33fd007..27f3fea93 100644 --- a/validator/validator.c +++ b/validator/validator.c @@ -1825,7 +1825,7 @@ processFinished(struct module_qstate* qstate, struct val_qstate* vq, /* if the result is bogus - set message ttl to bogus ttl to avoid * endless bogus revalidation */ if(vq->orig_msg->rep->security == sec_status_bogus) { - vq->orig_msg->rep->ttl = *qstate->env->now + ve->bogus_ttl; + vq->orig_msg->rep->ttl = ve->bogus_ttl; if(qstate->env->cfg->val_log_level >= 1) { log_query_info(0, "validation failure", &qstate->qinfo); }