picnoir
/
Systemd
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

resolved: lower SERVFAIL cache timeout from 30s to 10s 

Apparently 30s is a bit too long for some cases, see #5552. But not
caching SERVFAIL at all also breaks stuff, see explanation in
201d99584e.

Let's try to find some middle ground, by lowering the cache timeout to
10s. This should be ample for the problem
201d99584e attackes, but not as long as
half a miute, as #5552 complains.

Fixes: #5552
This commit is contained in:
Lennart Poettering 2020-11-12 17:52:09 +01:00 committed by Yu Watanabe
parent 34f80876f8
commit 19bcef9dc3
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
src/resolve/resolved-dns-cache.c
View File

@ -20,7 +20,7 @@
/* How long to cache strange rcodes, i.e. rcodes != SUCCESS and != NXDOMAIN (specifically: that's only SERVFAIL for
* now) */
#define CACHE_TTL_STRANGE_RCODE_USEC (30 * USEC_PER_SEC)
#define CACHE_TTL_STRANGE_RCODE_USEC (10 * USEC_PER_SEC)
typedef enum DnsCacheItemType DnsCacheItemType;
typedef struct DnsCacheItem DnsCacheItem;