- Consider reconfigurations when calculating the still_useful_timeout

  for servers in the infrastructure cache.

diff --git a/doc/Changelog b/doc/Changelog
index b33dfa8e82194a5ea6d5ea75bb0f5e177fd8e8bb..e4d8aada0f4a52d7b6b7a98d4cc42cf24b0ef6d3 100644 (file)
--- a/doc/Changelog
+++ b/doc/Changelog
@@ -1,3 +1,7 @@
+17 February 2025: Yorgos
+       - Consider reconfigurations when calculating the still_useful_timeout
+         for servers in the infrastructure cache.
+
 30 January 2025: Wouter
        - Fix #986: Resolving sas.com with dnssec-validation fails though
          signed delegations seem to be (mostly) correct.

diff --git a/services/cache/infra.c b/services/cache/infra.c
index bb3ee87e9a51fc8954c1f9d95224c3921323ef50..0ed3c297b96224e419e38acc55d0990a21887479 100644 (file)
--- a/services/cache/infra.c
+++ b/services/cache/infra.c
@@ -60,16 +60,6 @@
  * can do this number of packets (until those all timeout too) */
 #define TIMEOUT_COUNT_MAX 3
 
-/** Minus 1000 because that is outside of the RTTBAND, so
- * blacklisted servers stay blacklisted if this is chosen.
- * If USEFUL_SERVER_TOP_TIMEOUT is below 1000 (configured via RTT_MAX_TIMEOUT,
- * infra-cache-max-rtt) change it to just above the RTT_BAND. */
-#define STILL_USEFUL_TIMEOUT (                         \
-       USEFUL_SERVER_TOP_TIMEOUT < 1000 ||             \
-       USEFUL_SERVER_TOP_TIMEOUT - 1000 <= RTT_BAND    \
-               ?RTT_BAND + 1                           \
-               :USEFUL_SERVER_TOP_TIMEOUT - 1000)
-
 /** ratelimit value for delegation point */
 int infra_dp_ratelimit = 0;
 
@@ -82,6 +72,19 @@ int infra_ip_ratelimit = 0;
  *  For clients with a valid DNS Cookie. */
 int infra_ip_ratelimit_cookie = 0;
 
+/** Minus 1000 because that is outside of the RTTBAND, so
+ * blacklisted servers stay blacklisted if this is chosen.
+ * If USEFUL_SERVER_TOP_TIMEOUT is below 1000 (configured via RTT_MAX_TIMEOUT,
+ * infra-cache-max-rtt) change it to just above the RTT_BAND. */
+static int still_useful_timeout()
+{
+       return
+       USEFUL_SERVER_TOP_TIMEOUT < 1000 ||
+       USEFUL_SERVER_TOP_TIMEOUT - 1000 <= RTT_BAND
+               ?RTT_BAND + 1
+               :USEFUL_SERVER_TOP_TIMEOUT - 1000;
+}
+
 size_t 
 infra_sizefunc(void* k, void* ATTR_UNUSED(d))
 {
@@ -668,7 +671,7 @@ infra_update_tcp_works(struct infra_cache* infra,
        if(data->rtt.rto >= RTT_MAX_TIMEOUT)
                /* do not disqualify this server altogether, it is better
                 * than nothing */
-               data->rtt.rto = STILL_USEFUL_TIMEOUT;
+               data->rtt.rto = still_useful_timeout();
        lock_rw_unlock(&e->lock);
 }
 
@@ -808,7 +811,7 @@ infra_get_lame_rtt(struct infra_cache* infra,
                && infra->infra_keep_probing) {
                /* single probe, keep probing */
                if(*rtt >= USEFUL_SERVER_TOP_TIMEOUT)
-                       *rtt = STILL_USEFUL_TIMEOUT;
+                       *rtt = still_useful_timeout();
        } else if(host->rtt.rto >= PROBE_MAXRTO && timenow < host->probedelay
                && rtt_notimeout(&host->rtt)*4 <= host->rtt.rto) {
                /* single probe for this domain, and we are not probing */
@@ -816,15 +819,15 @@ infra_get_lame_rtt(struct infra_cache* infra,
                if(qtype == LDNS_RR_TYPE_A) {
                        if(host->timeout_A >= TIMEOUT_COUNT_MAX)
                                *rtt = USEFUL_SERVER_TOP_TIMEOUT;
-                       else    *rtt = STILL_USEFUL_TIMEOUT;
+                       else    *rtt = still_useful_timeout();
                } else if(qtype == LDNS_RR_TYPE_AAAA) {
                        if(host->timeout_AAAA >= TIMEOUT_COUNT_MAX)
                                *rtt = USEFUL_SERVER_TOP_TIMEOUT;
-                       else    *rtt = STILL_USEFUL_TIMEOUT;
+                       else    *rtt = still_useful_timeout();
                } else {
                        if(host->timeout_other >= TIMEOUT_COUNT_MAX)
                                *rtt = USEFUL_SERVER_TOP_TIMEOUT;
-                       else    *rtt = STILL_USEFUL_TIMEOUT;
+                       else    *rtt = still_useful_timeout();
                }
        }
        /* expired entry */
@@ -832,7 +835,7 @@ infra_get_lame_rtt(struct infra_cache* infra,
                /* see if this can be a re-probe of an unresponsive server */
                if(host->rtt.rto >= USEFUL_SERVER_TOP_TIMEOUT) {
                        lock_rw_unlock(&e->lock);
-                       *rtt = STILL_USEFUL_TIMEOUT;
+                       *rtt = still_useful_timeout();
                        *lame = 0;
                        *dnsseclame = 0;
                        *reclame = 0;