Increase the threshold for respdiff-third-party

There are multiple reasons for the increased amount of differences we've
been seeing lately and for the raise of the threshold:

1. Recent hardening against cache poisoning (CVE-2025-40778) have
   uncovered a few edge cases where the domain can't be properly
   resolved with the new protections in place, but those are issues with
   upstream configuration and DNS setup.
2. The same hardening magnified some behaviour differences between 9.21
   and older versions. Some misconfigured domains, which can be resolved
   with BIND 9.20 and older are no longer resolvable in 9.21+. This can
   be again attributed to upstream DNS misconfiguration. See #5649.
3. A change in the respdiff CI job to include timeouts in the
   comparison, or rather, increasing the timeouts to resolve the
   previously timed out queries, which are typically failures. With the
   previous job configuration, those were omitted from comparison,
   because they were timeouts. Now, there should be no timeouts, but
   there is a slight increase in the amount of differences for the
   threshold evaluation.

(cherry picked from commit bcc4369b0bf243433ca5334cdce3982a15ce4027)

diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index 94f65665fcaa54094af00df7d0dba6f1a54bcb2b..da46becce2a52840b031150359b40fdc0f9e4732 100644 (file)
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -1055,7 +1055,7 @@ respdiff-third-party:
   variables:
     CC: gcc
     CFLAGS: "${CFLAGS_COMMON} -Og"
-    MAX_DISAGREEMENTS_PERCENTAGE: "0.3"
+    MAX_DISAGREEMENTS_PERCENTAGE: "0.4"
   script:
     - bash respdiff.sh -s third_party -q "${PWD}/100k_mixed.txt" -c 1 -w "${PWD}/rspworkdir" "${CI_PROJECT_DIR}"