* Thu May 01 2014 Paul Wouters <pwouters@redhat.com> - 1.4.22-2
- Added flushcache patch (SVN commit 3125)
This commit is contained in:
Paul Wouters
parent
5f65c3ce7c
commit
1b364a79c9
131
unbound-1.4.22-flushcache.patch
Normal file
131
unbound-1.4.22-flushcache.patch
Normal file
@ -0,0 +1,131 @@
|
||||
diff -Naur unbound-1.4.22-orig/daemon/remote.c unbound-1.4.22/daemon/remote.c
|
||||
--- unbound-1.4.22-orig/daemon/remote.c 2014-02-07 08:28:39.000000000 -0500
|
||||
+++ unbound-1.4.22/daemon/remote.c 2014-05-01 09:58:08.552554289 -0400
|
||||
@@ -1330,7 +1330,7 @@
|
||||
}
|
||||
}
|
||||
|
||||
-/** remove all rrsets and keys from zone from cache */
|
||||
+/** remove all bogus rrsets, msgs and keys from cache */
|
||||
static void
|
||||
do_flush_bogus(SSL* ssl, struct worker* worker)
|
||||
{
|
||||
@@ -1359,6 +1359,82 @@
|
||||
(unsigned)inf.num_msgs, (unsigned)inf.num_keys);
|
||||
}
|
||||
|
||||
+/** callback to delete negative and servfail rrsets */
|
||||
+static void
|
||||
+negative_del_rrset(struct lruhash_entry* e, void* arg)
|
||||
+{
|
||||
+ /* entry is locked */
|
||||
+ struct del_info* inf = (struct del_info*)arg;
|
||||
+ struct ub_packed_rrset_key* k = (struct ub_packed_rrset_key*)e->key;
|
||||
+ struct packed_rrset_data* d = (struct packed_rrset_data*)e->data;
|
||||
+ /* delete the parentside negative cache rrsets,
|
||||
+ * these are namerserver rrsets that failed lookup, rdata empty */
|
||||
+ if((k->rk.flags & PACKED_RRSET_PARENT_SIDE) && d->count == 1 &&
|
||||
+ d->rrsig_count == 0 && d->rr_len[0] == 0) {
|
||||
+ d->ttl = inf->expired;
|
||||
+ inf->num_rrsets++;
|
||||
+ }
|
||||
+}
|
||||
+
|
||||
+/** callback to delete negative and servfail messages */
|
||||
+static void
|
||||
+negative_del_msg(struct lruhash_entry* e, void* arg)
|
||||
+{
|
||||
+ /* entry is locked */
|
||||
+ struct del_info* inf = (struct del_info*)arg;
|
||||
+ struct reply_info* d = (struct reply_info*)e->data;
|
||||
+ /* rcode not NOERROR: NXDOMAIN, SERVFAIL, ..: an nxdomain or error
|
||||
+ * or NOERROR rcode with ANCOUNT==0: a NODATA answer */
|
||||
+ if(FLAGS_GET_RCODE(d->flags) != 0 || d->an_numrrsets == 0) {
|
||||
+ d->ttl = inf->expired;
|
||||
+ inf->num_msgs++;
|
||||
+ }
|
||||
+}
|
||||
+
|
||||
+/** callback to delete negative key entries */
|
||||
+static void
|
||||
+negative_del_kcache(struct lruhash_entry* e, void* arg)
|
||||
+{
|
||||
+ /* entry is locked */
|
||||
+ struct del_info* inf = (struct del_info*)arg;
|
||||
+ struct key_entry_data* d = (struct key_entry_data*)e->data;
|
||||
+ /* could be bad because of lookup failure on the DS, DNSKEY, which
|
||||
+ * was nxdomain or servfail, and thus a result of negative lookups */
|
||||
+ if(d->isbad) {
|
||||
+ d->ttl = inf->expired;
|
||||
+ inf->num_keys++;
|
||||
+ }
|
||||
+}
|
||||
+
|
||||
+/** remove all negative(NODATA,NXDOMAIN), and servfail messages from cache */
|
||||
+static void
|
||||
+do_flush_negative(SSL* ssl, struct worker* worker)
|
||||
+{
|
||||
+ struct del_info inf;
|
||||
+ /* what we do is to set them all expired */
|
||||
+ inf.worker = worker;
|
||||
+ inf.now = *worker->env.now;
|
||||
+ inf.expired = *worker->env.now;
|
||||
+ inf.expired -= 3; /* handle 3 seconds skew between threads */
|
||||
+ inf.num_rrsets = 0;
|
||||
+ inf.num_msgs = 0;
|
||||
+ inf.num_keys = 0;
|
||||
+ slabhash_traverse(&worker->env.rrset_cache->table, 1,
|
||||
+ &negative_del_rrset, &inf);
|
||||
+
|
||||
+ slabhash_traverse(worker->env.msg_cache, 1, &negative_del_msg, &inf);
|
||||
+
|
||||
+ /* and validator cache */
|
||||
+ if(worker->env.key_cache) {
|
||||
+ slabhash_traverse(worker->env.key_cache->slab, 1,
|
||||
+ &negative_del_kcache, &inf);
|
||||
+ }
|
||||
+
|
||||
+ (void)ssl_printf(ssl, "ok removed %lu rrsets, %lu messages "
|
||||
+ "and %lu key entries\n", (unsigned long)inf.num_rrsets,
|
||||
+ (unsigned long)inf.num_msgs, (unsigned long)inf.num_keys);
|
||||
+}
|
||||
+
|
||||
/** remove name rrset from cache */
|
||||
static void
|
||||
do_flush_name(SSL* ssl, struct worker* w, char* arg)
|
||||
@@ -2173,6 +2249,8 @@
|
||||
do_get_option(ssl, worker, skipwhite(p+10));
|
||||
} else if(cmdcmp(p, "flush_bogus", 11)) {
|
||||
do_flush_bogus(ssl, worker);
|
||||
+ } else if(cmdcmp(p, "flush_negative", 14)) {
|
||||
+ do_flush_negative(ssl, worker);
|
||||
} else {
|
||||
(void)ssl_printf(ssl, "error unknown command '%s'\n", p);
|
||||
}
|
||||
diff -Naur unbound-1.4.22-orig/doc/unbound-control.8.in unbound-1.4.22/doc/unbound-control.8.in
|
||||
--- unbound-1.4.22-orig/doc/unbound-control.8.in 2014-03-12 08:31:42.000000000 -0400
|
||||
+++ unbound-1.4.22/doc/unbound-control.8.in 2014-05-01 09:58:08.552554289 -0400
|
||||
@@ -133,6 +133,12 @@
|
||||
.B flush_bogus
|
||||
Remove all bogus data from the cache.
|
||||
.TP
|
||||
+.B flush_negative
|
||||
+Remove all negative data from the cache. This is nxdomain answers,
|
||||
+nodata answers and servfail answers. Also removes bad key entries
|
||||
+(which could be due to failed lookups) from the dnssec key cache, and
|
||||
+iterator last-resort lookup failures from the rrset cache.
|
||||
+.TP
|
||||
.B flush_stats
|
||||
Reset statistics to zero.
|
||||
.TP
|
||||
diff -Naur unbound-1.4.22-orig/smallapp/unbound-control.c unbound-1.4.22/smallapp/unbound-control.c
|
||||
--- unbound-1.4.22-orig/smallapp/unbound-control.c 2014-02-07 08:28:39.000000000 -0500
|
||||
+++ unbound-1.4.22/smallapp/unbound-control.c 2014-05-01 09:58:08.552554289 -0400
|
||||
@@ -95,6 +95,7 @@
|
||||
printf(" flush_zone <name> flush everything at or under name\n");
|
||||
printf(" from rr and dnssec caches\n");
|
||||
printf(" flush_bogus flush all bogus data\n");
|
||||
+ printf(" flush_negative flush all negative data\n");
|
||||
printf(" flush_stats flush statistics, make zero\n");
|
||||
printf(" flush_requestlist drop queries that are worked on\n");
|
||||
printf(" dump_requestlist show what is worked on\n");
|
||||
@ -11,7 +11,7 @@
|
||||
Summary: Validating, recursive, and caching DNS(SEC) resolver
|
||||
Name: unbound
|
||||
Version: 1.4.22
|
||||
Release: 1%{?dist}
|
||||
Release: 2%{?dist}
|
||||
License: BSD
|
||||
Url: http://www.nlnetlabs.nl/unbound/
|
||||
Source: http://www.unbound.net/downloads/%{name}-%{version}.tar.gz
|
||||
@ -32,6 +32,7 @@ Source13: root.anchor
|
||||
Source14: unbound.sysconfig
|
||||
Source15: unbound.cron
|
||||
Source16: unbound-munin.README
|
||||
Patch1: unbound-1.4.22-flushcache.patch
|
||||
|
||||
Group: System Environment/Daemons
|
||||
BuildRequires: flex, openssl-devel
|
||||
@ -104,6 +105,7 @@ Python modules and extensions for unbound
|
||||
|
||||
%prep
|
||||
%setup -q
|
||||
%patch1 -p1
|
||||
|
||||
%build
|
||||
export LDFLAGS="-Wl,-z,relro,-z,now -pie -specs=/usr/lib/rpm/redhat/redhat-hardened-ld"
|
||||
@ -279,6 +281,9 @@ exit 0
|
||||
/bin/systemctl try-restart unbound-keygen.service >/dev/null 2>&1 || :
|
||||
|
||||
%changelog
|
||||
* Thu May 01 2014 Paul Wouters <pwouters@redhat.com> - 1.4.22-2
|
||||
- Added flushcache patch (SVN commit 3125)
|
||||
|
||||
* Thu Mar 13 2014 Paul Wouters <pwouters@redhat.com> - 1.4.22-1
|
||||
- Updated to 1.4.22
|
||||
- No longer requires the ldns library
|
||||
|
||||
Loading…
Reference in New Issue
Block a user