lib/cache: no aggressive caching on minimal NSEC* ranges
We use packet cache instead. Also do the same on some kinds of weird RRsets, as even there some caching should be better than none at all. This "incidentally" works around all known cases of DVE-2018-0003.
Merge request reports
Activity
changed milestone to %4.1.0
assigned to @vcunat
added 41 commits
-
3fe64455...ac789eba - 40 commits from branch
master - 04746fe4 - lib/cache: no aggressive caching on minimal NSEC* ranges
-
3fe64455...ac789eba - 40 commits from branch
CI shows significant decrease in answertype differences in all respdiffs. (Significant in relative numbers; it's just around a dozen or two.) It seems these are instances of that DVE, e.g.:
== Field "answertypes", mismatch "expected 'A' got ''" query details Count Query 1 home.chance.cz. A 1 www.skontakt.cz. A 1 kdejinde.cz. A 1 adisepo.epo.mfcr.cz. A 1 www.cezdistribuce.cz. A 1 appft.uspto.gov. A 1 adisdpr.epo.mfcr.cz. Aassigned to @ikrumlova
added 1 commit
- 3d55a1a6 - WIP: adding integration test from Ivana Krumlova
marked as a Work In Progress from 3d55a1a6
added 19 commits
-
3d55a1a6...b2ad9443 - 17 commits from branch
master - f1be61dd - lib/cache: no aggressive caching on minimal NSEC* ranges
- f402b3d3 - tests: integration test for minimal NSEC3 range
-
3d55a1a6...b2ad9443 - 17 commits from branch
added performance label
enabled an automatic merge when the pipeline for f402b3d3 succeeds
mentioned in commit e4b7f259
@ikrumlova Thank you for the test!
mentioned in issue #509 (closed)
mentioned in issue #391
mentioned in issue #422 (closed)
