- iana portlist updated.
- do not query bogus nameservers. It is like nameservers that have
the NS or A or AAAA record bogus are listed as donotquery.
+ - if server selection is faced with only bad choices, it will
+ attempt to get more options to be fetched.
+ - changed bogus-ttl default value from 900 to 60 seconds.
+ In anticipation that operator caused failures are more likely than
+ actual attacks at this time. And thus repeated validation helps
+ the operators get the problem fixed sooner. It makes validation
+ failures go away sooner (60 seconds after the zone is fixed).
+ Also it is likely to try different nameserver targets every minute,
+ so that if a zone is bad on one server but not another, it is
+ likely to pick up the 'correct' one after a couple minutes,
+ and if the TTL is big enough that solves validation for the zone.
17 October 2008: Wouter
- port Leopard/G5: fixup type conversion size_t/uint32.
# The time to live for bogus data, rrsets and messages. This avoids
# some of the revalidation, until the time interval expires. in secs.
- # val-bogus-ttl: 900
+ # val-bogus-ttl: 60
# Should additional section of secure message also be kept clean of
# unsecure data. Useful to shield the users of this validator from
.B val\-bogus\-ttl: \fI<number>
The time to live for bogus data. This is data that has failed validation;
due to invalid signatures or other checks. The TTL from that data cannot be
-trusted, and this value is used instead. The value is in seconds, default 900.
+trusted, and this value is used instead. The value is in seconds, default 60.
The time interval prevents repeated revalidation of bogus data.
.TP
.B val\-clean\-additional: \fI<yes or no>
&low_rtt);
if(got_num == 0)
return 0;
+ if(low_rtt >= USEFUL_SERVER_TOP_TIMEOUT &&
+ delegpt_count_missing_targets(dp) > 0)
+ return 0; /* we want more choice. The best choice is a bad one.
+ return 0 to force the caller to fetch more */
got_num = 0;
a = dp->result_list;
cfg->rrset_cache_slabs = 4;
cfg->host_ttl = 900;
cfg->lame_ttl = 900;
- cfg->bogus_ttl = 900;
+ cfg->bogus_ttl = 60;
cfg->max_ttl = 3600 * 24;
cfg->infra_cache_slabs = 4;
cfg->infra_cache_numhosts = 10000;