Ask more nameservers if choice is limited.

Lowered bogus-ttl to help validation-failure recovery times.

git-svn-id: file:///svn/unbound/trunk@1313 be551aaa-1e26-0410-a405-d3ace91eadb9

diff --git a/doc/Changelog b/doc/Changelog
index 7bef5262af3d9a20e2652bf3e653f567e9521e21..45f46a90ec5aa2f4ff08fc889a635e563a368723 100644 (file)
--- a/doc/Changelog
+++ b/doc/Changelog
@@ -3,6 +3,17 @@
        - iana portlist updated.
        - do not query bogus nameservers.  It is like nameservers that have 
          the NS or A or AAAA record bogus are listed as donotquery.
+       - if server selection is faced with only bad choices, it will
+         attempt to get more options to be fetched.
+       - changed bogus-ttl default value from 900 to 60 seconds.
+         In anticipation that operator caused failures are more likely than
+         actual attacks at this time.  And thus repeated validation helps
+         the operators get the problem fixed sooner.  It makes validation
+         failures go away sooner (60 seconds after the zone is fixed).
+         Also it is likely to try different nameserver targets every minute,
+         so that if a zone is bad on one server but not another, it is 
+         likely to pick up the 'correct' one after a couple minutes,
+         and if the TTL is big enough that solves validation for the zone.
 
 17 October 2008: Wouter
        - port Leopard/G5: fixup type conversion size_t/uint32.

diff --git a/doc/example.conf.in b/doc/example.conf.in
index ebe78a313c232e2be8260e9b9bf4b624683e9ca0..df5e03378e9e1e74fdc26fa107a7f74e3edd86a5 100644 (file)
--- a/doc/example.conf.in
+++ b/doc/example.conf.in
@@ -304,7 +304,7 @@ server:
        
        # The time to live for bogus data, rrsets and messages. This avoids
        # some of the revalidation, until the time interval expires. in secs.
-       # val-bogus-ttl: 900
+       # val-bogus-ttl: 60
        
        # Should additional section of secure message also be kept clean of
        # unsecure data. Useful to shield the users of this validator from

diff --git a/doc/unbound.conf.5.in b/doc/unbound.conf.5.in
index 389f0f13b356afa232a24a128b8018bee7cbad9a..3e2ee11128f96d04b5ebb1a1ab61c480beb332ed 100644 (file)
--- a/doc/unbound.conf.5.in
+++ b/doc/unbound.conf.5.in
@@ -501,7 +501,7 @@ you are debugging signature inception and expiration.
 .B val\-bogus\-ttl: \fI<number>
 The time to live for bogus data. This is data that has failed validation;
 due to invalid signatures or other checks. The TTL from that data cannot be
-trusted, and this value is used instead. The value is in seconds, default 900.
+trusted, and this value is used instead. The value is in seconds, default 60.
 The time interval prevents repeated revalidation of bogus data.
 .TP
 .B val\-clean\-additional: \fI<yes or no>

diff --git a/iterator/iter_utils.c b/iterator/iter_utils.c
index 4cbd5da27241ac2da29d6603d8e97ca18122688a..a9db4179b9b87cc3df6a835e0e0b8efa58ac9897 100644 (file)
--- a/iterator/iter_utils.c
+++ b/iterator/iter_utils.c
@@ -207,6 +207,10 @@ iter_filter_order(struct iter_env* iter_env, struct module_env* env,
                &low_rtt);
        if(got_num == 0) 
                return 0;
+       if(low_rtt >= USEFUL_SERVER_TOP_TIMEOUT &&
+               delegpt_count_missing_targets(dp) > 0)
+               return 0; /* we want more choice. The best choice is a bad one.
+                            return 0 to force the caller to fetch more */
 
        got_num = 0;
        a = dp->result_list;

diff --git a/util/config_file.c b/util/config_file.c
index a083aee68a0c3a256bf4f1871f8059cdc3e7f679..a56ef0c7e440605a5d40a49b25bd14a8240fa3d4 100644 (file)
--- a/util/config_file.c
+++ b/util/config_file.c
@@ -99,7 +99,7 @@ config_create()
        cfg->rrset_cache_slabs = 4;
        cfg->host_ttl = 900;
        cfg->lame_ttl = 900;
-       cfg->bogus_ttl = 900;
+       cfg->bogus_ttl = 60;
        cfg->max_ttl = 3600 * 24;
        cfg->infra_cache_slabs = 4;
        cfg->infra_cache_numhosts = 10000;