diff --git a/doc/Changelog b/doc/Changelog index d96ae8020..331d03c55 100644 --- a/doc/Changelog +++ b/doc/Changelog @@ -2,6 +2,8 @@ - Merge #1189: Fix the dname_str method to cause conversion errors when the domain name length is 255. - Merge #1197: dname_str() fixes. + - For #1175, the default value of serve-expired-ttl is set to 86400 + (1 day) as suggested by RFC8767. 22 November 2024: Yorgos - Fix #1175: serve-expired does not adhere to secure-by-default diff --git a/doc/example.conf.in b/doc/example.conf.in index e0ee39ad4..33e12f180 100644 --- a/doc/example.conf.in +++ b/doc/example.conf.in @@ -737,7 +737,7 @@ server: # # Limit serving of expired responses to configured seconds after # expiration. 0 disables the limit. - # serve-expired-ttl: 0 + # serve-expired-ttl: 86400 # # Set the TTL of expired records to the serve-expired-ttl value after a # failed attempt to retrieve the record from upstream. This makes sure diff --git a/doc/unbound.conf.5.in b/doc/unbound.conf.5.in index cf6f14915..4d1fb13f8 100644 --- a/doc/unbound.conf.5.in +++ b/doc/unbound.conf.5.in @@ -1408,10 +1408,11 @@ out or is taking more than serve\-expired\-client\-timeout to resolve. Default is "no". .TP .B serve\-expired\-ttl: \fI -Limit serving of expired responses to configured seconds after expiration. 0 -disables the limit. This option only applies when \fBserve\-expired\fR is -enabled. A suggested value per RFC 8767 is between -86400 (1 day) and 259200 (3 days). The default is 0. +Limit serving of expired responses to configured seconds after expiration. +0 disables the limit. +This option only applies when \fBserve\-expired\fR is enabled. +A suggested value per RFC 8767 is between 86400 (1 day) and 259200 (3 days). +The default is 86400. .TP .B serve\-expired\-ttl\-reset: \fI Set the TTL of expired records to the \fBserve\-expired\-ttl\fR value after a diff --git a/util/config_file.c b/util/config_file.c index c1c55c529..58567dccc 100644 --- a/util/config_file.c +++ b/util/config_file.c @@ -280,7 +280,7 @@ config_create(void) cfg->ignore_cd = 0; cfg->disable_edns_do = 0; cfg->serve_expired = 0; - cfg->serve_expired_ttl = 0; + cfg->serve_expired_ttl = 86400; cfg->serve_expired_ttl_reset = 0; cfg->serve_expired_reply_ttl = 30; cfg->serve_expired_client_timeout = 1800; diff --git a/util/data/msgreply.c b/util/data/msgreply.c index 167581c0c..530eee701 100644 --- a/util/data/msgreply.c +++ b/util/data/msgreply.c @@ -66,7 +66,7 @@ time_t MIN_NEG_TTL = 0; /** If we serve expired entries and prefetch them */ int SERVE_EXPIRED = 0; /** Time to serve records after expiration */ -time_t SERVE_EXPIRED_TTL = 0; +time_t SERVE_EXPIRED_TTL = 86400; /** Reset serve expired TTL after failed update attempt */ time_t SERVE_EXPIRED_TTL_RESET = 0; /** TTL to use for expired records */