of the DNSKEY signature validity. This is now fixed.
[GL #2383]
+5560. [func] The default value of "max-stale-ttl" has been changed
+ from 12 hours to 1 day and the default value of
+ "stale-answer-ttl" has been changed from 1 second to
+ 30 seconds, following RFC 8767 recommendations.
+ [GL #2248]
+
5456. [func] Added "primaries" as a synonym for "masters" in
named.conf, and "primary-only" as a synonym for
"master-only" in the parameters to "notify", to bring
max-ncache-ttl 10800; /* 3 hours */\n\
max-recursion-depth 7;\n\
max-recursion-queries 100;\n\
- max-stale-ttl 43200; /* 12 hours */\n\
+ max-stale-ttl 86400; /* 1 day */\n\
message-compression yes;\n\
min-ncache-ttl 0; /* 0 hours */\n\
min-cache-ttl 0; /* 0 seconds */\n\
# sortlist <none>\n\
stale-answer-enable false;\n\
stale-refresh-time 30; /* 30 seconds */\n\
- stale-answer-ttl 1; /* 1 second */\n\
+ stale-answer-ttl 30; /* 30 seconds */\n\
stale-cache-enable true;\n\
synth-from-dnssec no;\n\
# topology <none>\n\
treated as ``unlimited``.
``stale-answer-ttl``
- This specifies the TTL to be returned on stale answers. The default is 1
- second. The minimum allowed is also 1 second; a value of 0 is
- updated silently to 1 second.
+ This specifies the TTL to be returned on stale answers. The default is 30
+ seconds. The minimum allowed is 1 second; a value of 0 is updated silently
+ to 1 second.
For stale answers to be returned, they must be enabled, either in the
configuration file using ``stale-answer-enable`` or via
``max-stale-ttl``
If retaining stale RRsets in cache is enabled, and returning of stale cached
- answers is also enabled, ``max-stale-ttl`` sets the maximum time
- for which the server retains records past their normal expiry to
- return them as stale records, when the servers for those records are
- not reachable. The default is 12 hours. The minimum allowed is 1
- second; a value of 0 is updated silently to 1 second.
+ answers is also enabled, ``max-stale-ttl`` sets the maximum time for which
+ the server retains records past their normal expiry to return them as stale
+ records, when the servers for those records are not reachable. The default
+ is 1 day. The minimum allowed is 1 second; a value of 0 is updated silently
+ to 1 second.
For stale answers to be returned, the retaining of them in cache must be
enabled via the configuration option ``stale-cache-enable``, and returning
to distribute incoming queries among multiple threads on systems which
lack support for load-balanced sockets (except Windows). [GL #2137]
+- The default value of ``max-stale-ttl`` has been changed from 12 hours to 1
+ day and the default value of ``stale-answer-ttl`` has been changed from 1
+ second to 30 seconds, following RFC 8767 recommendations. [GL #2248]
+
- When using the ``unixtime`` or ``date`` method to update the SOA
serial number, ``named`` and ``dnssec-signzone`` silently fell back to
the ``increment`` method to prevent the new serial number from being
projects / thirdparty / bind9.git / commitdiff
