Skip to content

GitLab

  • Menu
Projects Groups Snippets
    • Loading...
  • Help
    • Help
    • Support
    • Community forum
    • Submit feedback
    • Contribute to GitLab
  • Sign in / Register
  • BIND BIND
  • Project information
    • Project information
    • Activity
    • Labels
    • Planning hierarchy
    • Members
  • Repository
    • Repository
    • Files
    • Commits
    • Branches
    • Tags
    • Contributors
    • Graph
    • Compare
  • Issues 524
    • Issues 524
    • List
    • Boards
    • Service Desk
    • Milestones
  • Merge requests 99
    • Merge requests 99
  • CI/CD
    • CI/CD
    • Pipelines
    • Jobs
    • Schedules
  • Deployments
    • Deployments
    • Environments
    • Releases
  • Monitor
    • Monitor
    • Incidents
  • Packages & Registries
    • Packages & Registries
    • Container Registry
  • Analytics
    • Analytics
    • Value stream
    • CI/CD
    • Repository
  • Wiki
    • Wiki
  • Snippets
    • Snippets
  • Activity
  • Graph
  • Create a new issue
  • Jobs
  • Commits
  • Issue Boards
Collapse sidebar
  • ISC Open Source Projects
  • BINDBIND
  • Merge requests
  • !1585

Merged
Created Mar 01, 2019 by Michał Kępień@michalOwner

Disable SERVFAIL cache for ns5 in the "mkeys" system test

  • Overview 1
  • Commits 1
  • Pipelines 2
  • Changes 1

The "check key refreshes are resumed after root servers become available" check may trigger a false positive for the "mkeys" system test if the second example/TXT query sent by dig is received by ns5 less than a second after it receives a REFUSED response to the upstream query it sends to ns1 in order to resolve the first example/TXT query sent by dig. Since that REFUSED response from ns1 causes ns5 to return a SERVFAIL answer to dig, example/TXT is added to the SERVFAIL cache, which is enabled by default with a TTL of 1 second. This in turn may cause ns5 to return a cached SERVFAIL response to the second example/TXT query sent by dig, i.e. make ns5 not perform full query processing as expected by the check.

Since the primary purpose of the check in question is to ensure that key refreshes are resumed once initially unavailable root servers become available, the optimal solution appears to be disabling SERVFAIL cache for ns5 as doing that still allows the check to fulfill its purpose and it is arguably more prudent than always sleeping for 1 second.

Assignee
Assign to
Reviewer
Request review from
Time tracking
Source branch: michal/disable-servfail-cache-for-ns5-in-the-mkeys-system-test