Increase the threshold for respdiff-third-party

There are multiple reasons for the increased amount of differences we've
been seeing lately and for the raise of the threshold:

1. Recent hardening against cache poisoning (CVE-2025-40778) have
   uncovered a few edge cases where the domain can't be properly
   resolved with the new protections in place, but those are issues with
   upstream configuration and DNS setup.
2. The same hardening magnified some behaviour differences between 9.21
   and older versions. Some misconfigured domains, which can be resolved
   with BIND 9.20 and older are no longer resolvable in 9.21+. This can
   be again attributed to upstream DNS misconfiguration. See #5649.
3. A change in the respdiff CI job to include timeouts in the
   comparison, or rather, increasing the timeouts to resolve the
   previously timed out queries, which are typically failures. With the
   previous job configuration, those were omitted from comparison,
   because they were timeouts. Now, there should be no timeouts, but
   there is a slight increase in the amount of differences for the
   threshold evaluation.

(cherry picked from commit bcc4369b0bf243433ca5334cdce3982a15ce4027)

diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index 5eaafc68ed1f3eec8fe9f7a6c836d44080c53847..7f5d81a4e562bf35623fa18f95e58d45e6663001 100644 (file)
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -816,7 +816,7 @@ respdiff-third-party:
   variables:
     CC: gcc
     CFLAGS: "${CFLAGS_COMMON} -Og -DOPENSSL_SUPPRESS_DEPRECATED"
-    MAX_DISAGREEMENTS_PERCENTAGE: "0.3"
+    MAX_DISAGREEMENTS_PERCENTAGE: "0.4"
   script:
     - *configure
     - make -j${BUILD_PARALLEL_JOBS:-1} V=1