Hide Forgot
Description of problem: Support for stale-answer-enable and others is missing. Allows responding from cache when authoritative servers are under attack or not responding. Upstream change: 4700. [func] Serving of stale answers is now supported. This allows named to provide stale cached answers when the authoritative server is under attack. See max-stale-ttl, stale-answer-enable, stale-answer-ttl. [RT #44790] First commit: https://gitlab.isc.org/isc-projects/bind9/commit/df50751585b64f72d93ad665abf0f485c8941a3b Check bug #1653111 comment #7 for more details. Version-Release number of selected component (if applicable): bind-9.11.4-14.P2.el8 Additional info: Upstream has no support for stale cache in 9.11 ESV version, the feature was introduced in 9.12 version.
Note: Serve-stale feature introduced also some defects fixed in 9.12.2-P1 release. It has to be included right away. https://ftp.isc.org/isc/bind9/9.12.2-P1/RELEASE-NOTES-bind-9.12.2-P1.html
Previous refractoring of resolver [1] makes backport hard. Not simple to check it is possible or not, have to decipher which changes would land where in the old code. 1. https://gitlab.isc.org/isc-projects/bind9/commit/96912e44b0b180de56f47d438f91c9e70925bd16
Some working prototype was successful. More changes is required, but it seems possible into 9.11.
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHSA-2020:1845