- For #1175, the default value of serve-expired-ttl is set to 86400

(1 day) as suggested by RFC8767.
NLnetLabs · Dec 3, 2024 · 9de159b · 9de159b
1 parent bd2e66d
commit 9de159b
Show file tree

Hide file tree

Showing 5 changed files with 10 additions and 7 deletions.
diff --git a/doc/Changelog b/doc/Changelog
@@ -2,6 +2,8 @@
 	- Merge #1189: Fix the dname_str method to cause conversion errors
 	  when the domain name length is 255.
 	- Merge #1197: dname_str() fixes.
+	- For #1175, the default value of serve-expired-ttl is set to 86400
+	  (1 day) as suggested by RFC8767.
 
 22 November 2024: Yorgos
 	- Fix #1175: serve-expired does not adhere to secure-by-default

diff --git a/doc/example.conf.in b/doc/example.conf.in
@@ -737,7 +737,7 @@ server:
 	#
 	# Limit serving of expired responses to configured seconds after
 	# expiration. 0 disables the limit.
-	# serve-expired-ttl: 0
+	# serve-expired-ttl: 86400
 	#
 	# Set the TTL of expired records to the serve-expired-ttl value after a
 	# failed attempt to retrieve the record from upstream. This makes sure

diff --git a/doc/unbound.conf.5.in b/doc/unbound.conf.5.in
@@ -1408,10 +1408,11 @@ out or is taking more than serve\-expired\-client\-timeout to resolve.
 Default is "no".
 .TP
 .B serve\-expired\-ttl: \fI<seconds>
-Limit serving of expired responses to configured seconds after expiration. 0
-disables the limit.  This option only applies when \fBserve\-expired\fR is
-enabled.  A suggested value per RFC 8767 is between
-86400 (1 day) and 259200 (3 days).  The default is 0.
+Limit serving of expired responses to configured seconds after expiration.
+0 disables the limit.
+This option only applies when \fBserve\-expired\fR is enabled.
+A suggested value per RFC 8767 is between 86400 (1 day) and 259200 (3 days).
+The default is 86400.
 .TP
 .B serve\-expired\-ttl\-reset: \fI<yes or no>
 Set the TTL of expired records to the \fBserve\-expired\-ttl\fR value after a

diff --git a/util/config_file.c b/util/config_file.c
@@ -280,7 +280,7 @@ config_create(void)
 	cfg->ignore_cd = 0;
 	cfg->disable_edns_do = 0;
 	cfg->serve_expired = 0;
-	cfg->serve_expired_ttl = 0;
+	cfg->serve_expired_ttl = 86400;
 	cfg->serve_expired_ttl_reset = 0;
 	cfg->serve_expired_reply_ttl = 30;
 	cfg->serve_expired_client_timeout = 1800;

diff --git a/util/data/msgreply.c b/util/data/msgreply.c
@@ -66,7 +66,7 @@ time_t MIN_NEG_TTL = 0;
 /** If we serve expired entries and prefetch them */
 int SERVE_EXPIRED = 0;
 /** Time to serve records after expiration */
-time_t SERVE_EXPIRED_TTL = 0;
+time_t SERVE_EXPIRED_TTL = 86400;
 /** Reset serve expired TTL after failed update attempt */
 time_t SERVE_EXPIRED_TTL_RESET = 0;
 /** TTL to use for expired records */