Skip to content

rndc flush resets stale-refresh-time option to 0

Summary

rndc flush command resets stale-refresh-time value to 0 (might be rsetes something else what I don't follow) rndc reconfig returns stale-refresh-time to the value what was set in config file or default.

Affected versions Bind9.16 and Bind9.18

BIND version used

# named -V
BIND 9.18.18-1+ubuntu22.04.1+isc+1-Ubuntu (Extended Support Version) <id:>
running on Linux x86_64 5.19.0-1025-aws #26~22.04.1-Ubuntu SMP Mon Apr 24 01:58:15 UTC 2023
built by make with  '--build=x86_64-linux-gnu' '--prefix=/usr' '--includedir=${prefix}/include' '--mandir=${prefix}/share/man' '--infodir=${prefix}/share/info' '--sysconfdir=/etc' '--localstatedir=/var' '--disable-option-checking' '--disable-silent-rules' '--libdir=${prefix}/lib/x86_64-linux-gnu' '--libexecdir=${prefix}/lib/x86_64-linux-gnu' '--disable-maintainer-mode' '--disable-dependency-tracking' '--libdir=/usr/lib/x86_64-linux-gnu' '--sysconfdir=/etc/bind' '--with-python=python3' '--localstatedir=/' '--enable-threads' '--enable-largefile' '--with-libtool' '--enable-shared' '--disable-static' '--with-gost=no' '--with-openssl=/usr' '--with-gssapi=yes' '--with-libidn2' '--with-json-c' '--with-lmdb=/usr' '--with-gnu-ld' '--with-maxminddb' '--with-atf=no' '--enable-ipv6' '--enable-rrl' '--enable-filter-aaaa' '--disable-native-pkcs11' '--enable-dnstap' 'build_alias=x86_64-linux-gnu' 'CFLAGS=-g -O2 -ffile-prefix-map=/build/bind9-hOOOml/bind9-9.18.18=. -flto=auto -ffat-lto-objects -flto=auto -ffat-lto-objects -fstack-protector-strong -Wformat -Werror=format-security -fno-strict-aliasing -fno-delete-null-pointer-checks -DNO_VERSION_DATE -DDIG_SIGCHASE' 'LDFLAGS=-Wl,-Bsymbolic-functions -flto=auto -ffat-lto-objects -flto=auto -Wl,-z,relro -Wl,-z,now' 'CPPFLAGS=-Wdate-time -D_FORTIFY_SOURCE=2'
compiled by GCC 11.4.0
compiled with OpenSSL version: OpenSSL 3.0.2 15 Mar 2022
linked to OpenSSL version: OpenSSL 3.0.2 15 Mar 2022
compiled with libuv version: 1.44.2
linked to libuv version: 1.44.2
compiled with libnghttp2 version: 1.43.0
linked to libnghttp2 version: 1.43.0
compiled with libxml2 version: 2.9.13
linked to libxml2 version: 20913
compiled with json-c version: 0.15
linked to json-c version: 0.15
compiled with zlib version: 1.2.11
linked to zlib version: 1.2.11
linked to maxminddb version: 1.5.2
compiled with protobuf-c version: 1.3.3
linked to protobuf-c version: 1.3.3
threads support is enabled
DNSSEC algorithms: RSASHA1 NSEC3RSASHA1 RSASHA256 RSASHA512 ECDSAP256SHA256 ECDSAP384SHA384 ED25519 ED448
DS algorithms: SHA-1 SHA-256 SHA-384
HMAC algorithms: HMAC-MD5 HMAC-SHA1 HMAC-SHA224 HMAC-SHA256 HMAC-SHA384 HMAC-SHA512
TKEY mode 2 support (Diffie-Hellman): yes
TKEY mode 3 support (GSS-API): yes

default paths:
  named configuration:  /etc/bind/named.conf
  rndc configuration:   /etc/bind/rndc.conf
  DNSSEC root key:      /etc/bind/bind.keys
  nsupdate session key: //run/named/session.key
  named PID file:       //run/named/named.pid
  named lock file:      //run/named/named.lock
  geoip-directory:      /usr/share/GeoIP

Steps to reproduce

# rndc serve-stale status
_default: stale cache enabled; stale answers enabled (stale-answer-ttl=30 max-stale-ttl=86400 stale-refresh-time=30)
_bind: stale cache enabled; stale answers enabled (stale-answer-ttl=30 max-stale-ttl=86400 stale-refresh-time=30)

# rndc flush
# rndc serve-stale status
_default: stale cache enabled; stale answers enabled (stale-answer-ttl=30 max-stale-ttl=86400 stale-refresh-time=0)
_bind: stale cache enabled; stale answers enabled (stale-answer-ttl=30 max-stale-ttl=86400 stale-refresh-time=0)

# rndc reconfig
# rndc serve-stale status
_default: stale cache enabled; stale answers enabled (stale-answer-ttl=30 max-stale-ttl=86400 stale-refresh-time=30)
_bind: stale cache enabled; stale answers enabled (stale-answer-ttl=30 max-stale-ttl=86400 stale-refresh-time=30)

What is the current bug behavior?

stale-refresh-time resets to value = 0 (what disables refresh time window mechanism at all)

What is the expected correct behavior?

stale-refresh-time must not be reseted

Relevant configuration files

# named-checkconf -p -x
options {
    directory "/var/cache/bind";
    listen-on-v6  {
        "any";
    };
    dnssec-validation auto;
    stale-answer-enable yes;
    stale-answer-client-timeout 1800;
    stale-cache-enable yes;
    stale-refresh-time 30;
};
zone "." {
    type hint;
    file "/usr/share/dns/root.hints";
};
zone "localhost" {
    type master;
    file "/etc/bind/db.local";
};
zone "127.in-addr.arpa" {
    type master;
    file "/etc/bind/db.127";
};
zone "0.in-addr.arpa" {
    type master;
    file "/etc/bind/db.0";
};
zone "255.in-addr.arpa" {
    type master;
    file "/etc/bind/db.255";
};
To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information