resolved: lower SERVFAIL cache timeout from 30s to 10s

Apparently 30s is a bit too long for some cases, see #5552. But not caching SERVFAIL at all also breaks stuff, see explanation in 201d99584ed7af8078bb243ce2587e5455074713. Let's try to find some middle ground, by lowering the cache timeout to 10s. This should be ample for the problem 201d99584ed7af8078bb243ce2587e5455074713 attackes, but not as long as half a miute, as #5552 complains. Fixes: #5552
author: Lennart Poettering <lennart@poettering.net> 2020-11-12 17:52:09 +0100
committer: Yu Watanabe <watanabe.yu+github@gmail.com> 2020-12-03 08:52:27 +0900
commit: 19bcef9dc3fde342f138394333ab04d7e44b7da2 (patch)
tree: c7140d76badf850d34821b929ac7c48063a299f5 /src/resolve
parent: 34f80876f8a9dba2f569eb8fdacf785d64058c52 (diff)
download: systemd-19bcef9dc3fde342f138394333ab04d7e44b7da2.tar.gz
1 files changed, 1 insertions, 1 deletions
diff --git a/src/resolve/resolved-dns-cache.c b/src/resolve/resolved-dns-cache.c
index 2407887f90..75f1ccb649 100644
--- a/src/resolve/resolved-dns-cache.c
+++ b/src/resolve/resolved-dns-cache.c
@@ -20,7 +20,7 @@
 
 /* How long to cache strange rcodes, i.e. rcodes != SUCCESS and != NXDOMAIN (specifically: that's only SERVFAIL for
  * now) */
-#define CACHE_TTL_STRANGE_RCODE_USEC (30 * USEC_PER_SEC)
+#define CACHE_TTL_STRANGE_RCODE_USEC (10 * USEC_PER_SEC)
 
 typedef enum DnsCacheItemType DnsCacheItemType;
 typedef struct DnsCacheItem DnsCacheItem;
author	Lennart Poettering <lennart@poettering.net>	2020-11-12 17:52:09 +0100
committer	Yu Watanabe <watanabe.yu+github@gmail.com>	2020-12-03 08:52:27 +0900
commit	19bcef9dc3fde342f138394333ab04d7e44b7da2 (patch)
tree	c7140d76badf850d34821b929ac7c48063a299f5 /src/resolve
parent	34f80876f8a9dba2f569eb8fdacf785d64058c52 (diff)
download	systemd-19bcef9dc3fde342f138394333ab04d7e44b7da2.tar.gz