From: Wouter Wijngaards <wouter@nlnetlabs.nl>
Date: Mon, 15 Feb 2010 15:41:38 +0000 (+0000)
Subject: Documentation on requery
X-Git-Tag: release-1.4.2~28
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=a4f769e214b3fcdd137200e7d8763b73964f5000;p=thirdparty%2Funbound.git

Documentation on requery

git-svn-id: file:///svn/unbound/trunk@1983 be551aaa-1e26-0410-a405-d3ace91eadb9
---

diff --git a/doc/requirements.txt b/doc/requirements.txt
index 350d5a711..a66962d4a 100644
--- a/doc/requirements.txt
+++ b/doc/requirements.txt
@@ -281,3 +281,14 @@ o Parent and child with different nameserver information.
   those misconfigured domains where the servers reported by the parent
   are the only ones working, and servers reported by the child do not.
 
+o Failure of validation and probing.
+  Retries on a validation failure are now 5x to a different nameserver IP
+  (if possible), and then it gives up, for one name, type, class entry in
+  the message cache.  If a DNSKEY or DS fails in the chain of trust in the
+  key cache additionally, after the probing, a bad key entry is created that
+  makes the entire zone bogus for 900 seconds.  This is a fixed value at
+  this time and is conservative in sending probes.  It makes the compound
+  effect of many resolvers less and easier to handle, but penalizes
+  individual resolvers by having less probes and a longer time before fixes
+  are picked up.
+