From: Nicki Křížek Date: Fri, 21 Nov 2025 14:05:36 +0000 (+0100) Subject: Increase the threshold for respdiff-third-party X-Git-Tag: v9.21.16~32^2 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=bcc4369b0bf243433ca5334cdce3982a15ce4027;p=thirdparty%2Fbind9.git Increase the threshold for respdiff-third-party There are multiple reasons for the increased amount of differences we've been seeing lately and for the raise of the threshold: 1. Recent hardening against cache poisoning (CVE-2025-40778) have uncovered a few edge cases where the domain can't be properly resolved with the new protections in place, but those are issues with upstream configuration and DNS setup. 2. The same hardening magnified some behaviour differences between 9.21 and older versions. Some misconfigured domains, which can be resolved with BIND 9.20 and older are no longer resolvable in 9.21+. This can be again attributed to upstream DNS misconfiguration. See #5649. 3. A change in the respdiff CI job to include timeouts in the comparison, or rather, increasing the timeouts to resolve the previously timed out queries, which are typically failures. With the previous job configuration, those were omitted from comparison, because they were timeouts. Now, there should be no timeouts, but there is a slight increase in the amount of differences for the threshold evaluation. --- diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 196ce3f807a..ddb03c1f322 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -1998,7 +1998,7 @@ respdiff-third-party: CC: gcc CFLAGS: "${CFLAGS_COMMON}" EXTRA_CONFIGURE: "-Doptimization=g" - MAX_DISAGREEMENTS_PERCENTAGE: "0.3" + MAX_DISAGREEMENTS_PERCENTAGE: "0.4" script: - bash respdiff.sh -s third_party -q "${PWD}/100k_mixed.txt" -c 1 -w "${PWD}/rspworkdir" "${CI_PROJECT_DIR}" - cd ../.. && ninja -C build clean >/dev/null 2>&1