resolved: lower SERVFAIL cache timeout from 30s to 10s

Apparently 30s is a bit too long for some cases, see #5552. But not
caching SERVFAIL at all also breaks stuff, see explanation in
201d99584ed7af8078bb243ce2587e5455074713.

Let's try to find some middle ground, by lowering the cache timeout to
10s. This should be ample for the problem
201d99584ed7af8078bb243ce2587e5455074713 attackes, but not as long as
half a miute, as #5552 complains.

Fixes: #5552

diff --git a/src/resolve/resolved-dns-cache.c b/src/resolve/resolved-dns-cache.c
index 2407887f906967be70f774bc237bfb61bb4b0630..75f1ccb6498ef9987d272aebd46bce1e8473c3d9 100644 (file)
--- a/src/resolve/resolved-dns-cache.c
+++ b/src/resolve/resolved-dns-cache.c
@@ -20,7 +20,7 @@
 
 /* How long to cache strange rcodes, i.e. rcodes != SUCCESS and != NXDOMAIN (specifically: that's only SERVFAIL for
  * now) */
-#define CACHE_TTL_STRANGE_RCODE_USEC (30 * USEC_PER_SEC)
+#define CACHE_TTL_STRANGE_RCODE_USEC (10 * USEC_PER_SEC)
 
 typedef enum DnsCacheItemType DnsCacheItemType;
 typedef struct DnsCacheItem DnsCacheItem;