Skip to content
GitLab
Projects Groups Snippets
  • /
  • Help
    • Help
    • Support
    • Community forum
    • Submit feedback
    • Contribute to GitLab
  • Sign in / Register
  • BIND BIND
  • Project information
    • Project information
    • Activity
    • Labels
    • Members
  • Repository
    • Repository
    • Files
    • Commits
    • Branches
    • Tags
    • Contributors
    • Graph
    • Compare
  • Issues 598
    • Issues 598
    • List
    • Boards
    • Service Desk
    • Milestones
  • Merge requests 95
    • Merge requests 95
  • CI/CD
    • CI/CD
    • Pipelines
    • Jobs
    • Schedules
  • Deployments
    • Deployments
    • Environments
    • Releases
  • Packages and registries
    • Packages and registries
    • Container Registry
  • Monitor
    • Monitor
    • Incidents
  • Analytics
    • Analytics
    • Value stream
    • CI/CD
    • Repository
  • Wiki
    • Wiki
  • Snippets
    • Snippets
  • Activity
  • Graph
  • Create a new issue
  • Jobs
  • Commits
  • Issue Boards
Collapse sidebar
  • ISC Open Source ProjectsISC Open Source Projects
  • BINDBIND
  • Merge requests
  • !1585

Disable SERVFAIL cache for ns5 in the "mkeys" system test

  • Review changes

  • Download
  • Email patches
  • Plain diff
Merged Michał Kępień requested to merge michal/disable-servfail-cache-for-ns5-in-the-mkeys-system-test into master Mar 01, 2019
  • Overview 1
  • Commits 1
  • Pipelines 2
  • Changes 1

The "check key refreshes are resumed after root servers become available" check may trigger a false positive for the "mkeys" system test if the second example/TXT query sent by dig is received by ns5 less than a second after it receives a REFUSED response to the upstream query it sends to ns1 in order to resolve the first example/TXT query sent by dig. Since that REFUSED response from ns1 causes ns5 to return a SERVFAIL answer to dig, example/TXT is added to the SERVFAIL cache, which is enabled by default with a TTL of 1 second. This in turn may cause ns5 to return a cached SERVFAIL response to the second example/TXT query sent by dig, i.e. make ns5 not perform full query processing as expected by the check.

Since the primary purpose of the check in question is to ensure that key refreshes are resumed once initially unavailable root servers become available, the optimal solution appears to be disabling SERVFAIL cache for ns5 as doing that still allows the check to fulfill its purpose and it is arguably more prudent than always sleeping for 1 second.

Assignee
Assign to
Reviewers
Request review from
Time tracking
Source branch: michal/disable-servfail-cache-for-ns5-in-the-mkeys-system-test