Tree - rpms/bind - CentOS Git server

rpms / bind

Blame SOURCES/bind-9.11-serve-stale.patch

Blob History Raw

		eb7207	`From d55a57427ee696dec51149950478394e43019607 Mon Sep 17 00:00:00 2001`
		27025e	`From: =?UTF-8?q?Petr=20Men=C5=A1=C3=ADk?= <pemensik@redhat.com>`
		27025e	`Date: Thu, 7 Nov 2019 14:31:03 +0100`
		27025e	`Subject: [PATCH] Implement serve-stale in 9.11`
		27025e	`MIME-Version: 1.0`
		27025e	`Content-Type: text/plain; charset=UTF-8`
		27025e	`Content-Transfer-Encoding: 8bit`
		27025e
		27025e	`Squashed commit of the following:`
		27025e
		27025e	`commit 32f47f36e545223b2a4757588d7bd4af8c5f5760`
		27025e	`Author: Petr Menšík <pemensik@redhat.com>`
		27025e	`Date: Tue Sep 3 18:45:54 2019 +0200`
		27025e
		27025e	`convert serve_stale to db_test`
		27025e
		27025e	`Manual checkout from commit e8f61dd315c5d1c88915bb79361182241e42e47a.`
		27025e	`Use test modified for cmocka, including serve-stale tests.`
		27025e
		27025e	`commit 071eb1fb0786f6d614955813d99c3caabff33383`
		27025e	`Author: Michał Kępień <michal@isc.org>`
		27025e	`Date: Fri Apr 27 09:13:26 2018 +0200`
		27025e
		27025e	`Detect recursion loops during query processing`
		27025e
		27025e	`Interrupt query processing when query_recurse() attempts to ask the same`
		27025e	`name servers for the same QNAME/QTYPE tuple for two times in a row as`
		27025e	`this indicates that query processing may be stuck for an indeterminate`
		27025e	`period of time, e.g. due to interactions between features able to`
		27025e	`restart query_lookup().`
		27025e
		27025e	`(cherry picked from commit 46bb4dd124ed031d4c219d1e37a3c6322092e30c)`
		27025e
		27025e	`commit c12090bc361c7fa4522ace73899e778e44e9b295`
		27025e	`Author: Petr Menšík <pemensik@redhat.com>`
		27025e	`Date: Mon Sep 2 11:12:32 2019 +0200`
		27025e
		27025e	`Fix test name used in whole test-suite`
		27025e
		27025e	`Correct name is serve-stale`
		27025e
		27025e	`commit ff4d826f295d268a248ca06941d65c903e1b405c`
		27025e	`Author: Petr Menšík <pemensik@redhat.com>`
		27025e	`Date: Fri Aug 30 17:43:28 2019 +0200`
		27025e
		27025e	`Clean files in more generic rules`
		27025e
		27025e	`commit 8d81ed15eda9a2a11e1433d1fdddacfc772708b6`
		27025e	`Author: Petr Menšík <pemensik@redhat.com>`
		27025e	`Date: Thu Aug 29 21:27:57 2019 +0200`
		27025e
		27025e	`[rt46602] Pass port numbers to tests via environment variables`
		27025e
		27025e	`Manually applied commit f5d8f079008b648d2e343543e66dd728054c6101`
		27025e
		27025e	`commit 94fafa477891576286def8c4041ad127734af2d1`
		27025e	`Author: Tony Finch <dot@dotat.at>`
		27025e	`Date: Tue Apr 10 16:17:57 2018 +0100`
		27025e
		27025e	`Move serve-stale logging to its own category, so that its verbosity can be curtailed.`
		27025e
		27025e	`(cherry picked from commit 4b442c309dfb2c8880b19af4133047655bb734df)`
		27025e
		27025e	`commit e0c884bee98c3d2533dfaa667f58c6a80d8a3a00`
		27025e	`Author: Michał Kępień <michal@isc.org>`
		27025e	`Date: Fri Apr 27 09:13:26 2018 +0200`
		27025e
		27025e	`Prevent check_stale_header() from leaking rdataset headers`
		27025e
		27025e	`check_stale_header() fails to update the pointer to the previous header`
		27025e	`while processing rdataset headers eligible for serve-stale, thus`
		27025e	`enabling rdataset headers to be leaked (i.e. disassociated from a node`
		27025e	`and left on the relevant TTL heap) while iterating through a node. This`
		27025e	`can lead to several different assertion failures. Add the missing`
		27025e	`pointer update.`
		27025e
		27025e	`(cherry picked from commit 391fac1fc8d2e470287b5cc4344b3adb90c6f54a)`
		27025e
		27025e	`commit d724cc1d80ee8d46113eaf82549d49636739b67c`
		27025e	`Author: Matthijs Mekking <matthijs@isc.org>`
		27025e	`Date: Thu Jan 24 10:24:44 2019 +0100`
		27025e
		27025e	`Print in dump-file stale ttl`
		27025e
		27025e	`This change makes rndc dumpdb correctly print the "; stale" line.`
		27025e	`It also provides extra information on how long this data may still`
		27025e	`be served to clients (in other words how long the stale RRset may`
		27025e	`still be used).`
		27025e
		27025e	`(cherry picked from commit 924ebc605db798e2a383ee5eaaebad739e7c789c)`
		27025e
		27025e	`commit 625da4bd4590ac6108bb30eddd23ceffb245ae49`
		27025e	`Author: Michał Kępień <michal@isc.org>`
		27025e	`Date: Mon Oct 22 15:26:45 2018 +0200`
		27025e
		27025e	`Check serve-stale behavior with a cold cache`
		27025e
		27025e	`Ensure that serve-stale works as expected when returning stale answers`
		27025e	`is enabled, the authoritative server does not respond, and there is no`
		27025e	`cached answer available.`
		27025e
		27025e	`(cherry picked from commit 27cfe83a388147edfa0451b28c06c746912ea684)`
		27025e
		27025e	`commit d67ae10461c409fdafdbbe64f857db2552b71059`
		27025e	`Author: Michał Kępień <michal@isc.org>`
		27025e	`Date: Mon Oct 22 15:26:45 2018 +0200`
		27025e
		27025e	`Check TTL of stale answers`
		27025e
		27025e	`Make sure that stale answers returned when the serve-stale feature is`
		27025e	`enabled have a TTL matching the value of the stale-answer-ttl setting.`
		27025e
		27025e	`(cherry picked from commit 893ab37ce78c658215bd3a019f25afe795b37d5a)`
		27025e
		27025e	`commit 50459107805e68e4a63a8e497bf58ef3ce013ddb`
		27025e	`Author: Michał Kępień <michal@isc.org>`
		27025e	`Date: Mon Jul 9 14:35:12 2018 +0200`
		27025e
		27025e	`Do not use Net::DNS::Nameserver in the "serve-stale" system test`
		27025e
		27025e	`Net::DNS versions older than 0.67 respond to queries sent to a`
		27025e	`Net::DNS::Nameserver even if its ReplyHandler returns undef. This makes`
		27025e	`the "serve-stale" system test fail as it takes advantage of the newer`
		27025e	`behavior. Since the latest Net::DNS version available with stock`
		27025e	`RHEL/CentOS 6 packages is 0.65 and we officially support that operating`
		27025e	`system, bin/tests/system/serve-stale/ans2/ans.pl should behave`
		27025e	`consistently for various Net::DNS versions. Ensure that by reworking it`
		27025e	`so that it does not use Net::DNS::Nameserver.`
		27025e
		27025e	`(cherry picked from commit c4209418a50c09142375f7edadca731c526f3d3a)`
		27025e
		27025e	`commit 4b5befc714bb386bd245b1c14ce3bce5ae6fb5fa`
		27025e	`Author: Petr Menšík <pemensik@redhat.com>`
		27025e	`Date: Tue Jun 5 21:38:29 2018 +0200`
		27025e
		27025e	`Fix server-stale requirement, skip without Time::HiRes`
		27025e
		27025e	`(cherry picked from commit 7a0c7bf9c8e6a724e52635eed213ad25b9504e66)`
		27025e
		27025e	`commit 5ce51a3a7e5ef3087c4d022e3fca42fb2fd0c996`
		27025e	`Author: Ondřej Surý <ondrej@sury.org>`
		27025e	`Date: Wed Oct 18 13:01:14 2017 +0200`
		27025e
		27025e	`[rt46602] Update server-stale test to run on port passed from run.sh script`
		27025e
		27025e	`(cherry picked from commit f83ebd34b9555a5a834c58146035173bcbd01dda)`
		27025e
		27025e	`commit 3954a9bf3437f6fab050294a7f2f954a23d161ec`
		27025e	`Author: Ondřej Surý <ondrej@sury.org>`
		27025e	`Date: Wed Oct 18 14:18:59 2017 +0200`
		27025e
		27025e	`[rt46602] Add serve-stale working files to .gitignore`
		27025e
		27025e	`(cherry picked from commit cba162e70e7fac43435a606106841a69ce468526)`
		27025e
		27025e	`commit 112aa21f5fa875494820e4d1eb70e41e10e1aae7`
		27025e	`Author: Mark Andrews <marka@isc.org>`
		27025e	`Date: Thu Oct 12 15:33:47 2017 +1100`
		27025e
		27025e	`test for Net::DNS::Nameserver`
		27025e
		27025e	`(cherry picked from commit 5b60d0608ac2852753180b762d1917163f9dc315)`
		27025e
		27025e	`commit 9d610e46af8a636f44914cee4cf8b2016054db1e`
		27025e	`Author: Mark Andrews <marka@isc.org>`
		27025e	`Date: Thu Oct 12 15:19:45 2017 +1100`
		27025e
		27025e	`add Net::DNS prerequiste test`
		27025e
		27025e	`(cherry picked from commit fa644181f51559da3e3913acd72dbc3f6d916e71)`
		27025e
		27025e	`commit e4ea7ba88d9a9a0c79579400c68a5dabe03e8572`
		27025e	`Author: Mark Andrews <marka@isc.org>`
		27025e	`Date: Wed Sep 6 19:26:10 2017 +1000`
		27025e
		27025e	`add quotes arount $send_response`
		27025e
		27025e	`(cherry picked from commit 023ab19634b287543169e9b7b5259f3126cd60ff)`
		27025e
		27025e	`commit 0af0c5d33c2de34da164571288b650282c6be10a`
		27025e	`Author: Mark Andrews <marka@isc.org>`
		27025e	`Date: Thu Nov 23 16:11:49 2017 +1100`
		27025e
		27025e	`initalise serve_stale_ttl`
		27025e
		27025e	`(cherry picked from commit 2f4e0e5a81278f59037bf06ae99ff52245cd57e9)`
		27025e
		27025e	`commit fbadd90ee81863d617c4c319d5f0079b877fe102`
		27025e	`Author: Evan Hunt <each@isc.org>`
		27025e	`Date: Thu Sep 14 11:48:21 2017 -0700`
		27025e
		27025e	`[master] add thanks to APNIC and add missing note for serve-stale`
		27025e
		27025e	`commit deb8adaa59955970b9d2f2fe58060a3cbf08312b`
		27025e	`Author: Mark Andrews <marka@isc.org>`
		27025e	`Date: Wed Sep 6 12:16:10 2017 +1000`
		27025e
		27025e	`silence 'staleanswersok' may be used uninitialized in this function warning. [RT #14147`
		27025e
		27025e	`commit 0e2d03823768dc545015e6ce309777210f4a9f85`
		27025e	`Author: Petr Menšík <pemensik@redhat.com>`
		27025e	`Date: Thu Aug 29 19:57:58 2019 +0200`
		27025e
		27025e	`More fixes to merge`
		27025e
		27025e	`commit 360e25ffe7623ea0a2eec49395001f4940967776`
		27025e	`Author: Mark Andrews <marka@isc.org>`
		27025e	`Date: Wed Sep 6 09:58:29 2017 +1000`
		27025e
		27025e	`4700. [func] Serving of stale answers is now supported. This`
		27025e	`allows named to provide stale cached answers when`
		27025e	`the authoritative server is under attack.`
		27025e	`See max-stale-ttl, stale-answer-enable,`
		27025e	`stale-answer-ttl. [RT #44790]`
		27025e
		27025e	`Signed-off-by: Petr Menšík <pemensik@redhat.com>`
		27025e	`---`
		27025e	`bin/named/config.c \| 9 +-`
		27025e	`bin/named/control.c \| 2 +`
		27025e	`bin/named/include/named/control.h \| 1 +`
		27025e	`bin/named/include/named/log.h \| 1 +`
		27025e	`bin/named/include/named/query.h \| 15 +`
		27025e	`bin/named/include/named/server.h \| 13 +-`
		27025e	`bin/named/log.c \| 1 +`
		27025e	`bin/named/query.c \| 164 +++++-`
		27025e	`bin/named/server.c \| 177 +++++-`
		27025e	`bin/named/statschannel.c \| 6 +`
		27025e	`bin/rndc/rndc.c \| 2 +`
		27025e	`bin/rndc/rndc.docbook \| 19 +`
		27025e	`bin/tests/system/chain/prereq.sh \| 7 +`
		27025e	`bin/tests/system/conf.sh.in \| 2 +-`
		27025e	`bin/tests/system/dyndb/driver/db.c \| 2 +`
		27025e	`bin/tests/system/serve-stale/.gitignore \| 11 +`
		27025e	`bin/tests/system/serve-stale/ans2/ans.pl.in \| 178 ++++++`
		27025e	`bin/tests/system/serve-stale/clean.sh \| 15 +`
		27025e	`.../system/serve-stale/ns1/named1.conf.in \| 35 ++`
		27025e	`.../system/serve-stale/ns1/named2.conf.in \| 35 ++`
		27025e	`bin/tests/system/serve-stale/ns1/root.db \| 5 +`
		27025e	`.../system/serve-stale/ns3/named.conf.in \| 35 ++`
		27025e	`bin/tests/system/serve-stale/prereq.sh \| 38 ++`
		27025e	`bin/tests/system/serve-stale/setup.sh \| 13 +`
		27025e	`bin/tests/system/serve-stale/tests.sh \| 536 ++++++++++++++++++`
		eb7207	`doc/arm/Bv9ARM-book.xml \| 77 ++-`
		27025e	`doc/arm/logging-categories.xml \| 11 +`
		27025e	`doc/arm/notes-rh-changes.xml \| 14 +-`
		27025e	`doc/misc/options \| 10 +`
		27025e	`lib/bind9/check.c \| 78 ++-`
		27025e	`lib/dns/cache.c \| 38 +-`
		27025e	`lib/dns/db.c \| 22 +`
		27025e	`lib/dns/ecdb.c \| 4 +-`
		27025e	`lib/dns/include/dns/cache.h \| 21 +`
		27025e	`lib/dns/include/dns/db.h \| 35 ++`
		27025e	`lib/dns/include/dns/rdataset.h \| 11 +`
		27025e	`lib/dns/include/dns/resolver.h \| 43 +-`
		27025e	`lib/dns/include/dns/types.h \| 6 +`
		27025e	`lib/dns/include/dns/view.h \| 3 +`
		27025e	`lib/dns/master.c \| 14 +-`
		27025e	`lib/dns/masterdump.c \| 23 +`
		27025e	`lib/dns/rbtdb.c \| 207 ++++++-`
		b9f8ff	`lib/dns/resolver.c \| 79 ++-`
		27025e	`lib/dns/sdb.c \| 4 +-`
		27025e	`lib/dns/sdlz.c \| 4 +-`
		27025e	`lib/dns/tests/db_test.c \| 198 ++++++-`
		27025e	`lib/dns/view.c \| 3 +`
		27025e	`lib/isccfg/namedconf.c \| 5 +`
		eb7207	`48 files changed, 2126 insertions(+), 106 deletions(-)`
		27025e	`create mode 100644 bin/tests/system/serve-stale/.gitignore`
		27025e	`create mode 100644 bin/tests/system/serve-stale/ans2/ans.pl.in`
		27025e	`create mode 100644 bin/tests/system/serve-stale/clean.sh`
		27025e	`create mode 100644 bin/tests/system/serve-stale/ns1/named1.conf.in`
		27025e	`create mode 100644 bin/tests/system/serve-stale/ns1/named2.conf.in`
		27025e	`create mode 100644 bin/tests/system/serve-stale/ns1/root.db`
		27025e	`create mode 100644 bin/tests/system/serve-stale/ns3/named.conf.in`
		27025e	`create mode 100644 bin/tests/system/serve-stale/prereq.sh`
		27025e	`create mode 100644 bin/tests/system/serve-stale/setup.sh`
		27025e	`create mode 100755 bin/tests/system/serve-stale/tests.sh`
		27025e
		27025e	`diff --git a/bin/named/config.c b/bin/named/config.c`
		eb7207	`index 9e071bb..d2cd3bc 100644`
		27025e	`--- a/bin/named/config.c`
		27025e	`+++ b/bin/named/config.c`
		27025e	`@@ -182,13 +182,14 @@ options {\n\`
		27025e	`#ifdef HAVE_LMDB`
		27025e	`" lmdb-mapsize 32M;\n"`
		27025e	`#endif`
		27025e	`-" max-acache-size 16M;\n\`
		27025e	`- max-cache-size 90%;\n\`
		27025e	`+" max-cache-size 90%;\n\`
		27025e	`+ max-acache-size 16M;\n\`
		27025e	`max-cache-ttl 604800; /* 1 week */\n\`
		27025e	`max-clients-per-query 100;\n\`
		27025e	`max-ncache-ttl 10800; /* 3 hours */\n\`
		27025e	`max-recursion-depth 7;\n\`
		eb7207	`max-recursion-queries 100;\n\`
		27025e	`+ max-stale-ttl 604800; /* 1 week */\n\`
		27025e	`message-compression yes;\n\`
		27025e	`# min-roots <obsolete>;\n\`
		27025e	`minimal-any false;\n\`
		27025e	`@@ -203,10 +204,14 @@ options {\n\`
		27025e	`request-expire true;\n\`
		27025e	`request-ixfr true;\n\`
		27025e	`require-server-cookie no;\n\`
		27025e	`+ resolver-nonbackoff-tries 3;\n\`
		27025e	`+ resolver-retry-interval 800; /* in milliseconds */\n\`
		27025e	`# rfc2308-type1 <obsolete>;\n\`
		27025e	`root-key-sentinel yes;\n\`
		27025e	`servfail-ttl 1;\n\`
		27025e	`# sortlist <none>\n\`
		27025e	`+ stale-answer-enable false;\n\`
		27025e	`+ stale-answer-ttl 1; /* 1 second */\n\`
		27025e	`# topology <none>\n\`
		27025e	`transfer-format many-answers;\n\`
		27025e	`v6-bias 50;\n\`
		27025e	`diff --git a/bin/named/control.c b/bin/named/control.c`
		eb7207	`index 23620b4..0756c73 100644`
		27025e	`--- a/bin/named/control.c`
		27025e	`+++ b/bin/named/control.c`
		27025e	`@@ -282,6 +282,8 @@ ns_control_docommand(isccc_sexpr_t *message, bool readonly,`
		27025e	`result = ns_server_validation(ns_g_server, lex, text);`
		27025e	`} else if (command_compare(command, NS_COMMAND_ZONESTATUS)) {`
		27025e	`result = ns_server_zonestatus(ns_g_server, lex, text);`
		27025e	`+ } else if (command_compare(command, NS_COMMAND_SERVESTALE)) {`
		27025e	`+ result = ns_server_servestale(ns_g_server, lex, text);`
		27025e	`} else {`
		27025e	`isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL,`
		27025e	`NS_LOGMODULE_CONTROL, ISC_LOG_WARNING,`
		27025e	`diff --git a/bin/named/include/named/control.h b/bin/named/include/named/control.h`
		eb7207	`index 56bad8d..37403f1 100644`
		27025e	`--- a/bin/named/include/named/control.h`
		27025e	`+++ b/bin/named/include/named/control.h`
		eb7207	`@@ -67,6 +67,7 @@`
		27025e	`#define NS_COMMAND_MKEYS "managed-keys"`
		27025e	`#define NS_COMMAND_DNSTAPREOPEN "dnstap-reopen"`
		27025e	`#define NS_COMMAND_DNSTAP "dnstap"`
		27025e	`+#define NS_COMMAND_SERVESTALE "serve-stale"`
		27025e
		27025e	`isc_result_t`
		27025e	`ns_controls_create(ns_server_t server, ns_controls_t *ctrlsp);`
		27025e	`diff --git a/bin/named/include/named/log.h b/bin/named/include/named/log.h`
		eb7207	`index 76e3a51..0d1d985 100644`
		27025e	`--- a/bin/named/include/named/log.h`
		27025e	`+++ b/bin/named/include/named/log.h`
		eb7207	`@@ -30,6 +30,7 @@`
		27025e	`#define NS_LOGCATEGORY_UPDATE_SECURITY (&ns_g_categories[6])`
		27025e	`#define NS_LOGCATEGORY_QUERY_ERRORS (&ns_g_categories[7])`
		27025e	`#define NS_LOGCATEGORY_TAT (&ns_g_categories[8])`
		27025e	`+#define NS_LOGCATEGORY_SERVE_STALE (&ns_g_categories[9])`
		27025e
		27025e	`/*`
		27025e	`* Backwards compatibility.`
		27025e	`diff --git a/bin/named/include/named/query.h b/bin/named/include/named/query.h`
		eb7207	`index ef1b172..53c052b 100644`
		27025e	`--- a/bin/named/include/named/query.h`
		27025e	`+++ b/bin/named/include/named/query.h`
		27025e	`@@ -35,6 +35,18 @@ typedef struct ns_dbversion {`
		27025e	`ISC_LINK(struct ns_dbversion) link;`
		27025e	`} ns_dbversion_t;`
		27025e
		27025e	`+/*%`
		27025e	`+ * nameserver recursion parameters, to uniquely identify a recursion`
		27025e	`+ * query; this is used to detect a recursion loop`
		27025e	`+ */`
		27025e	`+typedef struct ns_query_recparam {`
		27025e	`+ dns_rdatatype_t qtype;`
		27025e	`+ dns_name_t * qname;`
		27025e	`+ dns_fixedname_t fqname;`
		27025e	`+ dns_name_t * qdomain;`
		27025e	`+ dns_fixedname_t fqdomain;`
		27025e	`+} ns_query_recparam_t;`
		27025e	`+`
		27025e	`/% nameserver query structure /`
		27025e	`struct ns_query {`
		27025e	`unsigned int attributes;`
		27025e	`@@ -63,6 +75,7 @@ struct ns_query {`
		27025e	`unsigned int dns64_aaaaoklen;`
		27025e	`unsigned int dns64_options;`
		27025e	`unsigned int dns64_ttl;`
		27025e	`+`
		27025e	`struct {`
		27025e	`dns_db_t * db;`
		27025e	`dns_zone_t * zone;`
		27025e	`@@ -76,6 +89,8 @@ struct ns_query {`
		27025e	`bool authoritative;`
		27025e	`bool is_zone;`
		27025e	`} redirect;`
		27025e	`+`
		27025e	`+ ns_query_recparam_t recparam;`
		27025e	`dns_keytag_t root_key_sentinel_keyid;`
		27025e	`bool root_key_sentinel_is_ta;`
		27025e	`bool root_key_sentinel_not_ta;`
		27025e	`diff --git a/bin/named/include/named/server.h b/bin/named/include/named/server.h`
		eb7207	`index 0ba2627..08a02dc 100644`
		27025e	`--- a/bin/named/include/named/server.h`
		27025e	`+++ b/bin/named/include/named/server.h`
		eb7207	`@@ -227,7 +227,10 @@ enum {`
		27025e
		b9f8ff	`dns_nsstatscounter_reclimitdropped = 58,`
		27025e
		b9f8ff	`- dns_nsstatscounter_max = 59`
		b9f8ff	`+ dns_nsstatscounter_trystale = 59,`
		b9f8ff	`+ dns_nsstatscounter_usedstale = 60,`
		27025e	`+`
		b9f8ff	`+ dns_nsstatscounter_max = 61`
		27025e	`};`
		27025e
		27025e	`/*%`
		eb7207	`@@ -766,4 +769,12 @@ ns_server_mkeys(ns_server_t server, isc_lex_t lex, isc_buffer_t **text);`
		27025e	`isc_result_t`
		27025e	`ns_server_dnstap(ns_server_t server, isc_lex_t lex, isc_buffer_t **text);`
		27025e
		27025e	`+`
		27025e	`+/*%`
		27025e	`+ * Control whether stale answers are served or not when configured in`
		27025e	`+ * named.conf.`
		27025e	`+ */`
		27025e	`+isc_result_t`
		27025e	`+ns_server_servestale(ns_server_t server, isc_lex_t lex,`
		27025e	`+ isc_buffer_t **text);`
		27025e	`#endif /* NAMED_SERVER_H */`
		27025e	`diff --git a/bin/named/log.c b/bin/named/log.c`
		eb7207	`index acfa766..ea6f114 100644`
		27025e	`--- a/bin/named/log.c`
		27025e	`+++ b/bin/named/log.c`
		27025e	`@@ -38,6 +38,7 @@ static isc_logcategory_t categories[] = {`
		27025e	`{ "update-security", 0 },`
		27025e	`{ "query-errors", 0 },`
		27025e	`{ "trust-anchor-telemetry", 0 },`
		27025e	`+ { "serve-stale", 0 },`
		27025e	`{ NULL, 0 }`
		27025e	`};`
		27025e
		27025e	`diff --git a/bin/named/query.c b/bin/named/query.c`
		eb7207	`index b14f081..a95f5ad 100644`
		27025e	`--- a/bin/named/query.c`
		27025e	`+++ b/bin/named/query.c`
		eb7207	`@@ -149,10 +149,14 @@ last_cmpxchg(isc_stdtime_t x, isc_stdtime_t e, isc_stdtime_t r) {`
		27025e	`#define REDIRECT(c) (((c)->query.attributes & \`
		27025e	`NS_QUERYATTR_REDIRECT) != 0)`
		27025e
		27025e	`-/% No QNAME Proof? /`
		27025e	`+/% Does the rdataset 'r' have an attached 'No QNAME Proof'? /`
		27025e	`#define NOQNAME(r) (((r)->attributes & \`
		27025e	`DNS_RDATASETATTR_NOQNAME) != 0)`
		27025e
		27025e	`+/% Does the rdataset 'r' contain a stale answer? /`
		27025e	`+#define STALE(r) (((r)->attributes & \`
		27025e	`+ DNS_RDATASETATTR_STALE) != 0)`
		27025e	`+`
		27025e	`#ifdef WANT_QUERYTRACE`
		27025e	`static inline void`
		27025e	`client_trace(ns_client_t client, int level, const char message) {`
		eb7207	`@@ -241,6 +245,10 @@ static bool`
		27025e	`rpz_ck_dnssec(ns_client_t *client, isc_result_t qresult,`
		27025e	`dns_rdataset_t rdataset, dns_rdataset_t sigrdataset);`
		27025e
		27025e	`+static void`
		27025e	`+recparam_update(ns_query_recparam_t *param, dns_rdatatype_t qtype,`
		27025e	`+ const dns_name_t qname, const dns_name_t qdomain);`
		27025e	`+`
		27025e	`/*%`
		27025e	`* Increment query statistics counters.`
		27025e	`*/`
		eb7207	`@@ -494,6 +502,7 @@ query_reset(ns_client_t *client, bool everything) {`
		27025e	`client->query.isreferral = false;`
		27025e	`client->query.dns64_options = 0;`
		27025e	`client->query.dns64_ttl = UINT32_MAX;`
		27025e	`+ recparam_update(&client->query.recparam, 0, NULL, NULL);`
		27025e	`client->query.root_key_sentinel_keyid = 0;`
		27025e	`client->query.root_key_sentinel_is_ta = false;`
		27025e	`client->query.root_key_sentinel_not_ta = false;`
		eb7207	`@@ -4305,6 +4314,54 @@ log_quota(ns_client_t client, isc_stdtime_t last, isc_stdtime_t now,`
		eb7207	`}`
		27025e	`}`
		27025e
		27025e	`+/*%`
		27025e	`+ * Check whether the recursion parameters in 'param' match the current query's`
		27025e	`+ * recursion parameters provided in 'qtype', 'qname', and 'qdomain'.`
		27025e	`+ */`
		27025e	`+static bool`
		27025e	`+recparam_match(const ns_query_recparam_t *param, dns_rdatatype_t qtype,`
		27025e	`+ const dns_name_t qname, const dns_name_t qdomain)`
		27025e	`+{`
		27025e	`+ REQUIRE(param != NULL);`
		27025e	`+`
		27025e	`+ return (param->qtype == qtype &&`
		27025e	`+ param->qname != NULL && qname != NULL &&`
		27025e	`+ param->qdomain != NULL && qdomain != NULL &&`
		27025e	`+ dns_name_equal(param->qname, qname) &&`
		27025e	`+ dns_name_equal(param->qdomain, qdomain));`
		27025e	`+}`
		27025e	`+`
		27025e	`+/*%`
		27025e	`+ * Update 'param' with current query's recursion parameters provided in`
		27025e	`+ * 'qtype', 'qname', and 'qdomain'.`
		27025e	`+ */`
		27025e	`+static void`
		27025e	`+recparam_update(ns_query_recparam_t *param, dns_rdatatype_t qtype,`
		27025e	`+ const dns_name_t qname, const dns_name_t qdomain)`
		27025e	`+{`
		27025e	`+ isc_result_t result;`
		27025e	`+`
		27025e	`+ REQUIRE(param != NULL);`
		27025e	`+`
		27025e	`+ param->qtype = qtype;`
		27025e	`+`
		27025e	`+ if (qname == NULL) {`
		27025e	`+ param->qname = NULL;`
		27025e	`+ } else {`
		27025e	`+ param->qname = dns_fixedname_initname(&param->fqname);`
		27025e	`+ result = dns_name_copy(qname, param->qname, NULL);`
		27025e	`+ RUNTIME_CHECK(result == ISC_R_SUCCESS);`
		27025e	`+ }`
		27025e	`+`
		27025e	`+ if (qdomain == NULL) {`
		27025e	`+ param->qdomain = NULL;`
		27025e	`+ } else {`
		27025e	`+ param->qdomain = dns_fixedname_initname(&param->fqdomain);`
		27025e	`+ result = dns_name_copy(qdomain, param->qdomain, NULL);`
		27025e	`+ RUNTIME_CHECK(result == ISC_R_SUCCESS);`
		27025e	`+ }`
		27025e	`+}`
		27025e	`+`
		27025e	`static isc_result_t`
		27025e	`query_recurse(ns_client_t client, dns_rdatatype_t qtype, dns_name_t qname,`
		27025e	`dns_name_t qdomain, dns_rdataset_t nameservers,`
		eb7207	`@@ -4314,6 +4371,19 @@ query_recurse(ns_client_t client, dns_rdatatype_t qtype, dns_name_t qname,`
		27025e	`dns_rdataset_t rdataset, sigrdataset;`
		27025e	`isc_sockaddr_t *peeraddr;`
		27025e
		27025e	`+ /*`
		27025e	`+ * Check recursion parameters from the previous query to see if they`
		27025e	`+ * match. If not, update recursion parameters and proceed.`
		27025e	`+ */`
		27025e	`+ if (recparam_match(&client->query.recparam, qtype, qname, qdomain)) {`
		27025e	`+ ns_client_log(client, NS_LOGCATEGORY_CLIENT,`
		27025e	`+ NS_LOGMODULE_QUERY, ISC_LOG_INFO,`
		27025e	`+ "recursion loop detected");`
		27025e	`+ return (ISC_R_FAILURE);`
		27025e	`+ }`
		27025e	`+`
		27025e	`+ recparam_update(&client->query.recparam, qtype, qname, qdomain);`
		27025e	`+`
		27025e	`if (!resuming)`
		27025e	`inc_stats(client, dns_nsstatscounter_recursion);`
		27025e
		eb7207	`@@ -6821,6 +6891,7 @@ query_find(ns_client_t client, dns_fetchevent_t event, dns_rdatatype_t qtype)`
		27025e	`int line = -1;`
		27025e	`bool dns64_exclude, dns64, rpz;`
		27025e	`bool nxrewrite = false;`
		27025e	`+ bool want_stale = false;`
		27025e	`bool redirected = false;`
		27025e	`dns_clientinfomethods_t cm;`
		27025e	`dns_clientinfo_t ci;`
		eb7207	`@@ -7130,6 +7201,7 @@ query_find(ns_client_t client, dns_fetchevent_t event, dns_rdatatype_t qtype)`
		27025e	`type = qtype;`
		27025e
		27025e	`restart:`
		27025e	`+ // query_start`
		27025e	`CTRACE(ISC_LOG_DEBUG(3), "query_find: restart");`
		27025e	`want_restart = false;`
		27025e	`authoritative = false;`
		eb7207	`@@ -7274,6 +7346,7 @@ query_find(ns_client_t client, dns_fetchevent_t event, dns_rdatatype_t qtype)`
		27025e	`}`
		27025e
		27025e	`db_find:`
		27025e	`+ // query_lookup`
		27025e	`CTRACE(ISC_LOG_DEBUG(3), "query_find: db_find");`
		27025e	`/*`
		27025e	`* We'll need some resources...`
		eb7207	`@@ -7331,6 +7404,35 @@ query_find(ns_client_t client, dns_fetchevent_t event, dns_rdatatype_t qtype)`
		27025e	`if (!is_zone)`
		27025e	`dns_cache_updatestats(client->view->cache, result);`
		27025e
		27025e	`+ if (want_stale) {`
		27025e	`+ char namebuf[DNS_NAME_FORMATSIZE];`
		27025e	`+ bool success;`
		27025e	`+`
		27025e	`+ client->query.dboptions &= ~DNS_DBFIND_STALEOK;`
		27025e	`+ want_stale = false;`
		27025e	`+`
		27025e	`+ if (dns_rdataset_isassociated(rdataset) &&`
		27025e	`+ dns_rdataset_count(rdataset) > 0 &&`
		27025e	`+ STALE(rdataset)) {`
		27025e	`+ rdataset->ttl = client->view->staleanswerttl;`
		27025e	`+ success = true;`
		27025e	`+ } else {`
		27025e	`+ success = false;`
		27025e	`+ }`
		27025e	`+`
		27025e	`+ dns_name_format(client->query.qname,`
		27025e	`+ namebuf, sizeof(namebuf));`
		27025e	`+ isc_log_write(ns_g_lctx, NS_LOGCATEGORY_SERVE_STALE,`
		27025e	`+ NS_LOGMODULE_QUERY, ISC_LOG_INFO,`
		27025e	`+ "%s resolver failure, stale answer %s",`
		27025e	`+ namebuf, success ? "used" : "unavailable");`
		27025e	`+`
		27025e	`+ if (!success) {`
		27025e	`+ QUERY_ERROR(DNS_R_SERVFAIL);`
		27025e	`+ goto cleanup;`
		27025e	`+ }`
		27025e	`+ }`
		27025e	`+`
		27025e	`resume:`
		27025e	`CTRACE(ISC_LOG_DEBUG(3), "query_find: resume");`
		27025e
		eb7207	`@@ -7676,6 +7778,7 @@ query_find(ns_client_t client, dns_fetchevent_t event, dns_rdatatype_t qtype)`
		27025e	`* The cache doesn't even have the root NS. Get them from`
		27025e	`* the hints DB.`
		27025e	`*/`
		27025e	`+ // query_notfound`
		27025e	`INSIST(!is_zone);`
		27025e	`if (db != NULL)`
		27025e	`dns_db_detach(&db);`
		eb7207	`@@ -7738,12 +7841,14 @@ query_find(ns_client_t client, dns_fetchevent_t event, dns_rdatatype_t qtype)`
		27025e	`*/`
		27025e	`/* FALLTHROUGH */`
		27025e	`case DNS_R_DELEGATION:`
		27025e	`+ // query_delegation`
		27025e	`authoritative = false;`
		27025e	`if (is_zone) {`
		27025e	`/*`
		27025e	`* Look to see if we are authoritative for the`
		27025e	`* child zone if the query type is DS.`
		27025e	`*/`
		27025e	`+ // query_zone_delegation`
		27025e	`if (!RECURSIONOK(client) &&`
		27025e	`(options & DNS_GETDB_NOEXACT) != 0 &&`
		27025e	`qtype == dns_rdatatype_ds) {`
		eb7207	`@@ -8130,6 +8235,7 @@ query_find(ns_client_t client, dns_fetchevent_t event, dns_rdatatype_t qtype)`
		27025e	`false, true);`
		27025e	`}`
		27025e	`}`
		27025e	`+ // query_nxdomain`
		27025e	`if (dns_rdataset_isassociated(rdataset)) {`
		27025e	`/*`
		27025e	`* If we've got a NSEC record, we need to save the`
		eb7207	`@@ -8450,7 +8556,8 @@ query_find(ns_client_t client, dns_fetchevent_t event, dns_rdatatype_t qtype)`
		27025e	`/*`
		27025e	`* If we have a zero ttl from the cache refetch it.`
		27025e	`*/`
		27025e	`- if (!is_zone && !resuming && rdataset->ttl == 0 &&`
		27025e	`+ // query_cname`
		27025e	`+ if (!is_zone && !resuming && !STALE(rdataset) && rdataset->ttl == 0 &&`
		27025e	`RECURSIONOK(client))`
		27025e	`{`
		27025e	`if (dns_rdataset_isassociated(rdataset))`
		eb7207	`@@ -8676,7 +8783,11 @@ query_find(ns_client_t client, dns_fetchevent_t event, dns_rdatatype_t qtype)`
		27025e	`"query_find: unexpected error after resuming: %s",`
		27025e	`isc_result_totext(result));`
		27025e	`CTRACE(ISC_LOG_ERROR, errmsg);`
		27025e	`- QUERY_ERROR(DNS_R_SERVFAIL);`
		27025e	`+ if (resuming) {`
		27025e	`+ want_stale = true;`
		27025e	`+ } else {`
		27025e	`+ QUERY_ERROR(DNS_R_SERVFAIL);`
		27025e	`+ }`
		27025e	`goto cleanup;`
		27025e	`}`
		27025e
		eb7207	`@@ -8932,7 +9043,7 @@ query_find(ns_client_t client, dns_fetchevent_t event, dns_rdatatype_t qtype)`
		27025e	`/*`
		27025e	`* If we have a zero ttl from the cache refetch it.`
		27025e	`*/`
		27025e	`- if (!is_zone && !resuming && rdataset->ttl == 0 &&`
		27025e	`+ if (!is_zone && !resuming && !STALE(rdataset) && rdataset->ttl == 0 &&`
		27025e	`RECURSIONOK(client))`
		27025e	`{`
		27025e	`if (dns_rdataset_isassociated(rdataset))`
		eb7207	`@@ -8943,6 +9054,7 @@ query_find(ns_client_t client, dns_fetchevent_t event, dns_rdatatype_t qtype)`
		27025e	`if (node != NULL)`
		27025e	`dns_db_detachnode(db, &node);`
		27025e
		27025e	`+ // query_respond`
		27025e	`INSIST(!REDIRECT(client));`
		27025e	`result = query_recurse(client, qtype,`
		27025e	`client->query.qname,`
		eb7207	`@@ -9223,6 +9335,7 @@ query_find(ns_client_t client, dns_fetchevent_t event, dns_rdatatype_t qtype)`
		27025e	`dns_fixedname_name(&wildcardname),`
		27025e	`true, false);`
		27025e	`cleanup:`
		27025e	`+ // query_done`
		27025e	`CTRACE(ISC_LOG_DEBUG(3), "query_find: cleanup");`
		27025e	`/*`
		27025e	`* General cleanup.`
		eb7207	`@@ -9279,6 +9392,49 @@ query_find(ns_client_t client, dns_fetchevent_t event, dns_rdatatype_t qtype)`
		27025e	`goto restart;`
		27025e	`}`
		27025e
		27025e	`+ if (want_stale) {`
		27025e	`+ dns_ttl_t stale_ttl = 0;`
		27025e	`+ isc_result_t result;`
		27025e	`+ bool staleanswersok = false;`
		27025e	`+`
		27025e	`+ /*`
		27025e	`+ * Stale answers only make sense if stale_ttl > 0 but`
		27025e	`+ * we want rndc to be able to control returning stale`
		27025e	`+ * answers if they are configured.`
		27025e	`+ */`
		27025e	`+ dns_db_attach(client->view->cachedb, &db);`
		27025e	`+ result = dns_db_getservestalettl(db, &stale_ttl);`
		27025e	`+ if (result == ISC_R_SUCCESS && stale_ttl > 0) {`
		27025e	`+ switch (client->view->staleanswersok) {`
		27025e	`+ case dns_stale_answer_yes:`
		27025e	`+ staleanswersok = true;`
		27025e	`+ break;`
		27025e	`+ case dns_stale_answer_conf:`
		27025e	`+ staleanswersok =`
		27025e	`+ client->view->staleanswersenable;`
		27025e	`+ break;`
		27025e	`+ case dns_stale_answer_no:`
		27025e	`+ staleanswersok = false;`
		27025e	`+ break;`
		27025e	`+ }`
		27025e	`+ } else {`
		27025e	`+ staleanswersok = false;`
		27025e	`+ }`
		27025e	`+`
		27025e	`+ if (staleanswersok) {`
		27025e	`+ client->query.dboptions \|= DNS_DBFIND_STALEOK;`
		27025e	`+ inc_stats(client, dns_nsstatscounter_trystale);`
		27025e	`+ if (client->query.fetch != NULL)`
		27025e	`+ dns_resolver_destroyfetch(`
		27025e	`+ &client->query.fetch);`
		27025e	`+ goto db_find;`
		27025e	`+ }`
		27025e	`+ dns_db_detach(&db);`
		27025e	`+ want_stale = false;`
		27025e	`+ QUERY_ERROR(DNS_R_SERVFAIL);`
		27025e	`+ goto cleanup;`
		27025e	`+ }`
		27025e	`+`
		27025e	`if (eresult != ISC_R_SUCCESS &&`
		27025e	`(!PARTIALANSWER(client) \|\| WANTRECURSION(client)`
		27025e	`\|\| eresult == DNS_R_DROP)) {`
		27025e	`diff --git a/bin/named/server.c b/bin/named/server.c`
		eb7207	`index 2bdf690..3a5ba91 100644`
		27025e	`--- a/bin/named/server.c`
		27025e	`+++ b/bin/named/server.c`
		b9f8ff	`@@ -1720,7 +1720,8 @@ static bool`
		27025e	`cache_sharable(dns_view_t originview, dns_view_t view,`
		27025e	`bool new_zero_no_soattl,`
		27025e	`unsigned int new_cleaning_interval,`
		27025e	`- uint64_t new_max_cache_size)`
		27025e	`+ uint64_t new_max_cache_size,`
		27025e	`+ uint32_t new_stale_ttl)`
		27025e	`{`
		27025e	`/*`
		27025e	`* If the cache cannot even reused for the same view, it cannot be`
		b9f8ff	`@@ -1735,6 +1736,7 @@ cache_sharable(dns_view_t originview, dns_view_t view,`
		27025e	`*/`
		27025e	`if (dns_cache_getcleaninginterval(originview->cache) !=`
		27025e	`new_cleaning_interval \|\|`
		27025e	`+ dns_cache_getservestalettl(originview->cache) != new_stale_ttl \|\|`
		27025e	`dns_cache_getcachesize(originview->cache) != new_max_cache_size) {`
		27025e	`return (false);`
		27025e	`}`
		b9f8ff	`@@ -3290,6 +3292,7 @@ configure_view(dns_view_t view, dns_viewlist_t viewlist,`
		27025e	`size_t max_acache_size;`
		27025e	`size_t max_adb_size;`
		27025e	`uint32_t lame_ttl, fail_ttl;`
		27025e	`+ uint32_t max_stale_ttl;`
		27025e	`dns_tsig_keyring_t *ring = NULL;`
		27025e	`dns_view_t pview = NULL; / Production view */`
		27025e	`isc_mem_t cmctx = NULL, hmctx = NULL;`
		b9f8ff	`@@ -3318,6 +3321,7 @@ configure_view(dns_view_t view, dns_viewlist_t viewlist,`
		27025e	`bool old_rpz_ok = false;`
		27025e	`isc_dscp_t dscp4 = -1, dscp6 = -1;`
		27025e	`dns_dyndbctx_t *dctx = NULL;`
		27025e	`+ unsigned int resolver_param;`
		27025e
		27025e	`REQUIRE(DNS_VIEW_VALID(view));`
		27025e
		b9f8ff	`@@ -3732,6 +3736,24 @@ configure_view(dns_view_t view, dns_viewlist_t viewlist,`
		27025e	`if (view->maxncachettl > 7 * 24 * 3600)`
		27025e	`view->maxncachettl = 7 * 24 * 3600;`
		27025e
		27025e	`+ obj = NULL;`
		27025e	`+ result = ns_config_get(maps, "max-stale-ttl", &obj);`
		27025e	`+ INSIST(result == ISC_R_SUCCESS);`
		27025e	`+ max_stale_ttl = cfg_obj_asuint32(obj);`
		27025e	`+`
		27025e	`+ obj = NULL;`
		27025e	`+ result = ns_config_get(maps, "stale-answer-enable", &obj);`
		27025e	`+ INSIST(result == ISC_R_SUCCESS);`
		27025e	`+ view->staleanswersenable = cfg_obj_asboolean(obj);`
		27025e	`+`
		27025e	`+ result = dns_viewlist_find(&ns_g_server->viewlist, view->name,`
		27025e	`+ view->rdclass, &pview);`
		27025e	`+ if (result == ISC_R_SUCCESS) {`
		27025e	`+ view->staleanswersok = pview->staleanswersok;`
		27025e	`+ dns_view_detach(&pview);`
		27025e	`+ } else`
		27025e	`+ view->staleanswersok = dns_stale_answer_conf;`
		27025e	`+`
		27025e	`/*`
		27025e	`* Configure the view's cache.`
		27025e	`*`
		b9f8ff	`@@ -3765,7 +3787,8 @@ configure_view(dns_view_t view, dns_viewlist_t viewlist,`
		27025e	`nsc = cachelist_find(cachelist, cachename, view->rdclass);`
		27025e	`if (nsc != NULL) {`
		27025e	`if (!cache_sharable(nsc->primaryview, view, zero_no_soattl,`
		27025e	`- cleaning_interval, max_cache_size)) {`
		27025e	`+ cleaning_interval, max_cache_size,`
		27025e	`+ max_stale_ttl)) {`
		27025e	`isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL,`
		27025e	`NS_LOGMODULE_SERVER, ISC_LOG_ERROR,`
		27025e	`"views %s and %s can't share the cache "`
		b9f8ff	`@@ -3864,9 +3887,15 @@ configure_view(dns_view_t view, dns_viewlist_t viewlist,`
		27025e
		27025e	`dns_cache_setcleaninginterval(cache, cleaning_interval);`
		27025e	`dns_cache_setcachesize(cache, max_cache_size);`
		27025e	`+ dns_cache_setservestalettl(cache, max_stale_ttl);`
		27025e
		27025e	`dns_cache_detach(&cache);`
		27025e
		27025e	`+ obj = NULL;`
		27025e	`+ result = ns_config_get(maps, "stale-answer-ttl", &obj);`
		27025e	`+ INSIST(result == ISC_R_SUCCESS);`
		27025e	`+ view->staleanswerttl = ISC_MAX(cfg_obj_asuint32(obj), 1);`
		27025e	`+`
		27025e	`/*`
		27025e	`* Resolver.`
		27025e	`*`
		b9f8ff	`@@ -4055,6 +4084,21 @@ configure_view(dns_view_t view, dns_viewlist_t viewlist,`
		27025e	`maxbits = 4096;`
		27025e	`view->maxbits = maxbits;`
		27025e
		27025e	`+ /*`
		27025e	`+ * Set resolver retry parameters.`
		27025e	`+ */`
		27025e	`+ obj = NULL;`
		27025e	`+ CHECK(ns_config_get(maps, "resolver-retry-interval", &obj));`
		27025e	`+ resolver_param = cfg_obj_asuint32(obj);`
		27025e	`+ if (resolver_param > 0)`
		27025e	`+ dns_resolver_setretryinterval(view->resolver, resolver_param);`
		27025e	`+`
		27025e	`+ obj = NULL;`
		27025e	`+ CHECK(ns_config_get(maps, "resolver-nonbackoff-tries", &obj));`
		27025e	`+ resolver_param = cfg_obj_asuint32(obj);`
		27025e	`+ if (resolver_param > 0)`
		27025e	`+ dns_resolver_setnonbackofftries(view->resolver, resolver_param);`
		27025e	`+`
		27025e	`/*`
		27025e	`* Set supported DNSSEC algorithms.`
		27025e	`*/`
		eb7207	`@@ -14559,3 +14603,132 @@ ns_server_dnstap(ns_server_t server, isc_lex_t lex, isc_buffer_t **text) {`
		27025e	`return (ISC_R_NOTIMPLEMENTED);`
		27025e	`#endif`
		27025e	`}`
		27025e	`+`
		27025e	`+isc_result_t`
		27025e	`+ns_server_servestale(ns_server_t server, isc_lex_t lex,`
		27025e	`+ isc_buffer_t **text)`
		27025e	`+{`
		27025e	`+ char ptr, classtxt, *viewtxt = NULL;`
		27025e	`+ char msg[128];`
		27025e	`+ dns_rdataclass_t rdclass = dns_rdataclass_in;`
		27025e	`+ dns_view_t *view;`
		27025e	`+ bool found = false;`
		27025e	`+ dns_stale_answer_t staleanswersok = dns_stale_answer_conf;`
		27025e	`+ bool wantstatus = false;`
		27025e	`+ isc_result_t result = ISC_R_SUCCESS;`
		27025e	`+`
		27025e	`+ /* Skip the command name. */`
		27025e	`+ ptr = next_token(lex, text);`
		27025e	`+ if (ptr == NULL)`
		27025e	`+ return (ISC_R_UNEXPECTEDEND);`
		27025e	`+`
		27025e	`+ ptr = next_token(lex, NULL);`
		27025e	`+ if (ptr == NULL)`
		27025e	`+ return (ISC_R_UNEXPECTEDEND);`
		27025e	`+`
		27025e	`+ if (strcasecmp(ptr, "on") == 0 \|\| strcasecmp(ptr, "yes") == 0) {`
		27025e	`+ staleanswersok = dns_stale_answer_yes;`
		27025e	`+ } else if (strcasecmp(ptr, "off") == 0 \|\| strcasecmp(ptr, "no") == 0) {`
		27025e	`+ staleanswersok = dns_stale_answer_no;`
		27025e	`+ } else if (strcasecmp(ptr, "reset") == 0) {`
		27025e	`+ staleanswersok = dns_stale_answer_conf;`
		27025e	`+ } else if (strcasecmp(ptr, "status") == 0) {`
		27025e	`+ wantstatus = true;`
		27025e	`+ } else`
		27025e	`+ return (DNS_R_SYNTAX);`
		27025e	`+`
		27025e	`+ /* Look for the optional class name. */`
		27025e	`+ classtxt = next_token(lex, text);`
		27025e	`+ if (classtxt != NULL) {`
		27025e	`+ /* Look for the optional view name. */`
		27025e	`+ viewtxt = next_token(lex, text);`
		27025e	`+ }`
		27025e	`+`
		27025e	`+ if (classtxt != NULL) {`
		27025e	`+ isc_textregion_t r;`
		27025e	`+`
		27025e	`+ r.base = classtxt;`
		27025e	`+ r.length = strlen(classtxt);`
		27025e	`+ result = dns_rdataclass_fromtext(&rdclass, &r);`
		27025e	`+ if (result != ISC_R_SUCCESS) {`
		27025e	`+ if (viewtxt == NULL) {`
		27025e	`+ viewtxt = classtxt;`
		27025e	`+ classtxt = NULL;`
		27025e	`+ result = ISC_R_SUCCESS;`
		27025e	`+ } else {`
		27025e	`+ snprintf(msg, sizeof(msg),`
		27025e	`+ "unknown class '%s'", classtxt);`
		27025e	`+ (void) putstr(text, msg);`
		27025e	`+ goto cleanup;`
		27025e	`+ }`
		27025e	`+ }`
		27025e	`+ }`
		27025e	`+`
		27025e	`+ result = isc_task_beginexclusive(server->task);`
		27025e	`+ RUNTIME_CHECK(result == ISC_R_SUCCESS);`
		27025e	`+`
		27025e	`+ for (view = ISC_LIST_HEAD(server->viewlist);`
		27025e	`+ view != NULL;`
		27025e	`+ view = ISC_LIST_NEXT(view, link))`
		27025e	`+ {`
		27025e	`+ dns_ttl_t stale_ttl = 0;`
		27025e	`+ dns_db_t *db = NULL;`
		27025e	`+`
		27025e	`+ if (classtxt != NULL && rdclass != view->rdclass)`
		27025e	`+ continue;`
		27025e	`+`
		27025e	`+ if (viewtxt != NULL && strcmp(view->name, viewtxt) != 0)`
		27025e	`+ continue;`
		27025e	`+`
		27025e	`+ if (!wantstatus) {`
		27025e	`+ view->staleanswersok = staleanswersok;`
		27025e	`+ found = true;`
		27025e	`+ continue;`
		27025e	`+ }`
		27025e	`+`
		27025e	`+ db = NULL;`
		27025e	`+ dns_db_attach(view->cachedb, &db);`
		27025e	`+ (void)dns_db_getservestalettl(db, &stale_ttl);`
		27025e	`+ dns_db_detach(&db);`
		27025e	`+ if (found)`
		27025e	`+ CHECK(putstr(text, "\n"));`
		27025e	`+ CHECK(putstr(text, view->name));`
		27025e	`+ CHECK(putstr(text, ": "));`
		27025e	`+ switch (view->staleanswersok) {`
		27025e	`+ case dns_stale_answer_yes:`
		27025e	`+ if (stale_ttl > 0)`
		27025e	`+ CHECK(putstr(text, "on (rndc)"));`
		27025e	`+ else`
		27025e	`+ CHECK(putstr(text, "off (not-cached)"));`
		27025e	`+ break;`
		27025e	`+ case dns_stale_answer_no:`
		27025e	`+ CHECK(putstr(text, "off (rndc)"));`
		27025e	`+ break;`
		27025e	`+ case dns_stale_answer_conf:`
		27025e	`+ if (view->staleanswersenable && stale_ttl > 0)`
		27025e	`+ CHECK(putstr(text, "on"));`
		27025e	`+ else if (view->staleanswersenable)`
		27025e	`+ CHECK(putstr(text, "off (not-cached)"));`
		27025e	`+ else`
		27025e	`+ CHECK(putstr(text, "off"));`
		27025e	`+ break;`
		27025e	`+ }`
		27025e	`+ if (stale_ttl > 0) {`
		27025e	`+ snprintf(msg, sizeof(msg),`
		27025e	`+ " (stale-answer-ttl=%u max-stale-ttl=%u)",`
		27025e	`+ view->staleanswerttl, stale_ttl);`
		27025e	`+ CHECK(putstr(text, msg));`
		27025e	`+ }`
		27025e	`+ found = true;`
		27025e	`+ }`
		27025e	`+ isc_task_endexclusive(ns_g_server->task);`
		27025e	`+`
		27025e	`+ if (!found)`
		27025e	`+ result = ISC_R_NOTFOUND;`
		27025e	`+`
		27025e	`+cleanup:`
		27025e	`+ if (isc_buffer_usedlength(*text) > 0)`
		27025e	`+ (void) putnull(text);`
		27025e	`+`
		27025e	`+ return (result);`
		27025e	`+}`
		27025e	`diff --git a/bin/named/statschannel.c b/bin/named/statschannel.c`
		eb7207	`index 12ab048..4938c03 100644`
		27025e	`--- a/bin/named/statschannel.c`
		27025e	`+++ b/bin/named/statschannel.c`
		b9f8ff	`@@ -300,6 +300,12 @@ init_desc(void) {`
		b9f8ff	`SET_NSSTATDESC(reclimitdropped,`
		b9f8ff	`"queries dropped due to recursive client limit",`
		b9f8ff	`"RecLimitDropped");`
		27025e	`+ SET_NSSTATDESC(trystale,`
		27025e	`+ "attempts to use stale cache data after lookup failure",`
		27025e	`+ "QryTryStale");`
		27025e	`+ SET_NSSTATDESC(usedstale,`
		27025e	`+ "successful uses of stale cache data after lookup failure",`
		27025e	`+ "QryUsedStale");`
		27025e	`INSIST(i == dns_nsstatscounter_max);`
		27025e
		27025e	`/* Initialize resolver statistics */`
		27025e	`diff --git a/bin/rndc/rndc.c b/bin/rndc/rndc.c`
		eb7207	`index 0acfe3a..2c21c1d 100644`
		27025e	`--- a/bin/rndc/rndc.c`
		27025e	`+++ b/bin/rndc/rndc.c`
		27025e	`@@ -160,6 +160,8 @@ command is one of the following:\n\`
		27025e	`scan Scan available network interfaces for changes.\n\`
		27025e	`secroots [view ...]\n\`
		27025e	`Write security roots to the secroots file.\n\`
		27025e	`+ serve-stale ( yes \| no \| reset ) [class [view]]\n\`
		27025e	`+ Control whether stale answers are returned\n\`
		27025e	`showzone zone [class [view]]\n\`
		27025e	`Print a zone's configuration.\n\`
		27025e	`sign zone [class [view]]\n\`
		27025e	`diff --git a/bin/rndc/rndc.docbook b/bin/rndc/rndc.docbook`
		eb7207	`index 159ded9..12a7208 100644`
		27025e	`--- a/bin/rndc/rndc.docbook`
		27025e	`+++ b/bin/rndc/rndc.docbook`
		b9f8ff	`@@ -689,6 +689,25 @@`
		27025e	`</listitem>`
		27025e	`</varlistentry>`
		27025e
		27025e	`+ <varlistentry>`
		27025e	`+ <term><userinput>serve-stale ( on \| off \| reset \| status) <optional><replaceable>class</replaceable> <optional><replaceable>view</replaceable></optional></optional></userinput></term>`
		27025e	`+ <listitem>`
		27025e	`+ <para>`
		27025e	`+ Enable, disable, or reset the serving of stale answers`
		27025e	`+ as configured in named.conf. Serving of stale answers`
		27025e	`+ will remain disabled across <filename>named.conf</filename>`
		27025e	`+ reloads if disabled via rndc until it is reset via rndc.`
		27025e	`+ </para>`
		27025e	`+ <para>`
		27025e	`+ Status will report whether serving of stale answers is`
		27025e	`+ currently enabled, disabled or not configured for a`
		27025e	`+ view. If serving of stale records is configured then`
		27025e	`+ the values of stale-answer-ttl and max-stale-ttl are`
		27025e	`+ reported.`
		27025e	`+ </para>`
		27025e	`+ </listitem>`
		27025e	`+ </varlistentry>`
		27025e	`+`
		27025e	`<varlistentry>`
		27025e	`<term><userinput>secroots <optional>-</optional> <optional><replaceable>view ...</replaceable></optional></userinput></term>`
		27025e	`<listitem>`
		27025e	`diff --git a/bin/tests/system/chain/prereq.sh b/bin/tests/system/chain/prereq.sh`
		eb7207	`index 23bedcd..43385de 100644`
		27025e	`--- a/bin/tests/system/chain/prereq.sh`
		27025e	`+++ b/bin/tests/system/chain/prereq.sh`
		27025e	`@@ -48,3 +48,10 @@ else`
		27025e	`echo_i "This test requires the Net::DNS::Nameserver library." >&2`
		27025e	`exit 1`
		27025e	`fi`
		27025e	`+if $PERL -e 'use Net::DNS::Nameserver;' 2>/dev/null`
		27025e	`+then`
		27025e	`+ :`
		27025e	`+else`
		27025e	`+ echo "I:This test requires the Net::DNS::Nameserver library." >&2`
		27025e	`+ exit 1`
		27025e	`+fi`
		27025e	`diff --git a/bin/tests/system/conf.sh.in b/bin/tests/system/conf.sh.in`
		eb7207	`index f6412f6..26c8901 100644`
		27025e	`--- a/bin/tests/system/conf.sh.in`
		27025e	`+++ b/bin/tests/system/conf.sh.in`
		b9f8ff	`@@ -128,7 +128,7 @@ PARALLELDIRS="dnssec rpzrecurse \`
		27025e	`reclimit redirect resolver rndc rootkeysentinel rpz \`
		27025e	`rrchecker rrl rrsetorder rsabigexponent runtime \`
		27025e	`sfcache smartsign sortlist \`
		27025e	`- spf staticstub statistics statschannel stub \`
		27025e	`+ spf serve-stale staticstub statistics statschannel stub \`
		27025e	`tcp tsig tsiggss \`
		27025e	`unknown upforwd verify views wildcard \`
		27025e	`xfer xferquota zero zonechecks"`
		27025e	`diff --git a/bin/tests/system/dyndb/driver/db.c b/bin/tests/system/dyndb/driver/db.c`
		27025e	`index 02aa6ab..a77c7de 100644`
		27025e	`--- a/bin/tests/system/dyndb/driver/db.c`
		27025e	`+++ b/bin/tests/system/dyndb/driver/db.c`
		27025e	`@@ -629,6 +629,8 @@ static dns_dbmethods_t sampledb_methods = {`
		27025e	`hashsize,`
		27025e	`NULL,`
		27025e	`NULL,`
		27025e	`+ NULL,`
		27025e	`+ NULL,`
		27025e	`};`
		27025e
		27025e	`/* Auxiliary driver functions. */`
		27025e	`diff --git a/bin/tests/system/serve-stale/.gitignore b/bin/tests/system/serve-stale/.gitignore`
		27025e	`new file mode 100644`
		27025e	`index 0000000..2272eef`
		27025e	`--- /dev/null`
		27025e	`+++ b/bin/tests/system/serve-stale/.gitignore`
		27025e	`@@ -0,0 +1,11 @@`
		27025e	`+/ans2/ans.pid`
		27025e	`+/ans2/ans.pl`
		27025e	`+/dig.out*`
		27025e	`+/ns1/named.conf`
		27025e	`+/ns3/named.conf`
		27025e	`+/ns3/root.bk`
		27025e	`+/rndc.out*`
		27025e	`+named.lock`
		27025e	`+named.pid`
		27025e	`+named.port`
		27025e	`+named.run`
		27025e	`diff --git a/bin/tests/system/serve-stale/ans2/ans.pl.in b/bin/tests/system/serve-stale/ans2/ans.pl.in`
		27025e	`new file mode 100644`
		27025e	`index 0000000..2b39eca`
		27025e	`--- /dev/null`
		27025e	`+++ b/bin/tests/system/serve-stale/ans2/ans.pl.in`
		27025e	`@@ -0,0 +1,178 @@`
		27025e	`+#!/usr/bin/env perl`
		27025e	`+#`
		27025e	`+# Copyright (C) 2014-2016 Internet Systems Consortium, Inc. ("ISC")`
		27025e	`+#`
		27025e	`+# This Source Code Form is subject to the terms of the Mozilla Public`
		27025e	`+# License, v. 2.0. If a copy of the MPL was not distributed with this`
		27025e	`+# file, You can obtain one at http://mozilla.org/MPL/2.0/.`
		27025e	`+`
		27025e	`+use strict;`
		27025e	`+use warnings;`
		27025e	`+`
		27025e	`+use IO::File;`
		27025e	`+use IO::Socket;`
		27025e	`+use Getopt::Long;`
		27025e	`+use Net::DNS;`
		27025e	`+use Time::HiRes qw(usleep nanosleep);`
		27025e	`+`
		27025e	`+my $pidf = new IO::File "ans.pid", "w" or die "cannot open pid file: $!";`
		27025e	`+print $pidf "$$\n" or die "cannot write pid file: $!";`
		27025e	`+$pidf->close or die "cannot close pid file: $!";`
		27025e	`+sub rmpid { unlink "ans.pid"; exit 1; };`
		27025e	`+`
		27025e	`+$SIG{INT} = \&rmpid;`
		27025e	`+$SIG{TERM} = \&rmpid;`
		27025e	`+`
		27025e	`+my $send_response = 1;`
		27025e	`+`
		27025e	`+my $localaddr = "10.53.0.2";`
		27025e	`+my $localport = @PORT@;`
		27025e	`+my $udpsock = IO::Socket::INET->new(LocalAddr => "$localaddr",`
		27025e	`+ LocalPort => $localport, Proto => "udp", Reuse => 1) or die "$!";`
		27025e	`+`
		27025e	`+#`
		27025e	`+# Delegation`
		27025e	`+#`
		27025e	`+my $SOA = "example 300 IN SOA . . 0 0 0 0 300";`
		27025e	`+my $NS = "example 300 IN NS ns.example";`
		27025e	`+my $A = "ns.example 300 IN A $localaddr";`
		27025e	`+#`
		27025e	`+# Records to be TTL stretched`
		27025e	`+#`
		27025e	`+my $TXT = "data.example 1 IN TXT \"A text record with a 1 second ttl\"";`
		27025e	`+my $negSOA = "example 1 IN SOA . . 0 0 0 0 300";`
		27025e	`+`
		27025e	`+sub reply_handler {`
		27025e	`+ my ($qname, $qclass, $qtype) = @_;`
		27025e	`+ my ($rcode, @ans, @auth, @add);`
		27025e	`+`
		27025e	`+ print ("request: $qname/$qtype\n");`
		27025e	`+ STDOUT->flush();`
		27025e	`+`
		27025e	`+ # Control whether we send a response or not.`
		27025e	`+ # We always respond to control commands.`
		27025e	`+ if ($qname eq "enable" ) {`
		27025e	`+ if ($qtype eq "TXT") {`
		27025e	`+ $send_response = 1;`
		27025e	`+ my $rr = new Net::DNS::RR("$qname 0 $qclass TXT \"$send_response\"");`
		27025e	`+ push @ans, $rr;`
		27025e	`+ }`
		27025e	`+ $rcode = "NOERROR";`
		27025e	`+ return ($rcode, \@ans, \@auth, \@add, { aa => 1 });`
		27025e	`+ } elsif ($qname eq "disable" ) {`
		27025e	`+ if ($qtype eq "TXT") {`
		27025e	`+ $send_response = 0;`
		27025e	`+ my $rr = new Net::DNS::RR("$qname 0 $qclass TXT \"$send_response\"");`
		27025e	`+ push @ans, $rr;`
		27025e	`+ }`
		27025e	`+ $rcode = "NOERROR";`
		27025e	`+ return ($rcode, \@ans, \@auth, \@add, { aa => 1 });`
		27025e	`+ }`
		27025e	`+`
		27025e	`+ # If we are not responding to queries we are done.`
		27025e	`+ return if (!$send_response);`
		27025e	`+`
		27025e	`+ # Construct the response and send it.`
		27025e	`+ if ($qname eq "ns.example" ) {`
		27025e	`+ if ($qtype eq "A") {`
		27025e	`+ my $rr = new Net::DNS::RR($A);`
		27025e	`+ push @ans, $rr;`
		27025e	`+ } else {`
		27025e	`+ my $rr = new Net::DNS::RR($SOA);`
		27025e	`+ push @auth, $rr;`
		27025e	`+ }`
		27025e	`+ $rcode = "NOERROR";`
		27025e	`+ } elsif ($qname eq "example") {`
		27025e	`+ if ($qtype eq "NS") {`
		27025e	`+ my $rr = new Net::DNS::RR($NS);`
		27025e	`+ push @auth, $rr;`
		27025e	`+ $rr = new Net::DNS::RR($A);`
		27025e	`+ push @add, $rr;`
		27025e	`+ } elsif ($qtype eq "SOA") {`
		27025e	`+ my $rr = new Net::DNS::RR($SOA);`
		27025e	`+ push @ans, $rr;`
		27025e	`+ } else {`
		27025e	`+ my $rr = new Net::DNS::RR($SOA);`
		27025e	`+ push @auth, $rr;`
		27025e	`+ }`
		27025e	`+ $rcode = "NOERROR";`
		27025e	`+ } elsif ($qname eq "nodata.example") {`
		27025e	`+ my $rr = new Net::DNS::RR($negSOA);`
		27025e	`+ push @auth, $rr;`
		27025e	`+ $rcode = "NOERROR";`
		27025e	`+ } elsif ($qname eq "data.example") {`
		27025e	`+ if ($qtype eq "TXT") {`
		27025e	`+ my $rr = new Net::DNS::RR($TXT);`
		27025e	`+ push @ans, $rr;`
		27025e	`+ } else {`
		27025e	`+ my $rr = new Net::DNS::RR($negSOA);`
		27025e	`+ push @auth, $rr;`
		27025e	`+ }`
		27025e	`+ $rcode = "NOERROR";`
		27025e	`+ } elsif ($qname eq "nxdomain.example") {`
		27025e	`+ my $rr = new Net::DNS::RR($negSOA);`
		27025e	`+ push @auth, $rr;`
		27025e	`+ $rcode = "NXDOMAIN";`
		27025e	`+ } else {`
		27025e	`+ my $rr = new Net::DNS::RR($SOA);`
		27025e	`+ push @auth, $rr;`
		27025e	`+ $rcode = "NXDOMAIN";`
		27025e	`+ }`
		27025e	`+`
		27025e	`+ # mark the answer as authoritive (by setting the 'aa' flag`
		27025e	`+ return ($rcode, \@ans, \@auth, \@add, { aa => 1 });`
		27025e	`+}`
		27025e	`+`
		27025e	`+GetOptions(`
		27025e	`+ 'port=i' => \$localport,`
		27025e	`+);`
		27025e	`+`
		27025e	`+my $rin;`
		27025e	`+my $rout;`
		27025e	`+`
		27025e	`+for (;;) {`
		27025e	`+ $rin = '';`
		27025e	`+ vec($rin, fileno($udpsock), 1) = 1;`
		27025e	`+`
		27025e	`+ select($rout = $rin, undef, undef, undef);`
		27025e	`+`
		27025e	`+ if (vec($rout, fileno($udpsock), 1)) {`
		27025e	`+ my ($buf, $request, $err);`
		27025e	`+ $udpsock->recv($buf, 512);`
		27025e	`+`
		27025e	`+ if ($Net::DNS::VERSION > 0.68) {`
		27025e	`+ $request = new Net::DNS::Packet(\$buf, 0);`
		27025e	`+ $@ and die $@;`
		27025e	`+ } else {`
		27025e	`+ my $err;`
		27025e	`+ ($request, $err) = new Net::DNS::Packet(\$buf, 0);`
		27025e	`+ $err and die $err;`
		27025e	`+ }`
		27025e	`+`
		27025e	`+ my @questions = $request->question;`
		27025e	`+ my $qname = $questions[0]->qname;`
		27025e	`+ my $qclass = $questions[0]->qclass;`
		27025e	`+ my $qtype = $questions[0]->qtype;`
		27025e	`+ my $id = $request->header->id;`
		27025e	`+`
		27025e	`+ my ($rcode, $ans, $auth, $add, $headermask) = reply_handler($qname, $qclass, $qtype);`
		27025e	`+`
		27025e	`+ if (!defined($rcode)) {`
		27025e	`+ print " Silently ignoring query\n";`
		27025e	`+ next;`
		27025e	`+ }`
		27025e	`+`
		27025e	`+ my $reply = Net::DNS::Packet->new();`
		27025e	`+ $reply->header->qr(1);`
		27025e	`+ $reply->header->aa(1) if $headermask->{'aa'};`
		27025e	`+ $reply->header->id($id);`
		27025e	`+ $reply->header->rcode($rcode);`
		27025e	`+ $reply->push("question", @questions);`
		27025e	`+ $reply->push("answer", @$ans) if $ans;`
		27025e	`+ $reply->push("authority", @$auth) if $auth;`
		27025e	`+ $reply->push("additional", @$add) if $add;`
		27025e	`+`
		27025e	`+ my $num_chars = $udpsock->send($reply->data);`
		27025e	`+ print " Sent $num_chars bytes via UDP\n";`
		27025e	`+ }`
		27025e	`+}`
		27025e	`diff --git a/bin/tests/system/serve-stale/clean.sh b/bin/tests/system/serve-stale/clean.sh`
		27025e	`new file mode 100644`
		27025e	`index 0000000..2397326`
		27025e	`--- /dev/null`
		27025e	`+++ b/bin/tests/system/serve-stale/clean.sh`
		27025e	`@@ -0,0 +1,15 @@`
		27025e	`+# Copyright (C) 2017 Internet Systems Consortium, Inc. ("ISC")`
		27025e	`+#`
		27025e	`+# This Source Code Form is subject to the terms of the Mozilla Public`
		27025e	`+# License, v. 2.0. If a copy of the MPL was not distributed with this`
		27025e	`+# file, You can obtain one at http://mozilla.org/MPL/2.0/.`
		27025e	`+`
		27025e	`+rm -f test.output`
		27025e	`+rm -f dig.out.test*`
		27025e	`+rm -f ans2/ans.pl`
		27025e	`+rm -f ns3/root.bk`
		27025e	`+rm -f rndc.out.test*`
		27025e	`+rm -f ns*/named.memstats`
		27025e	`+rm -f ns*/managed-keys.bind`
		27025e	`+rm -f ns*/named.conf`
		27025e	`+rm -f ns*/named.run`
		27025e	`diff --git a/bin/tests/system/serve-stale/ns1/named1.conf.in b/bin/tests/system/serve-stale/ns1/named1.conf.in`
		27025e	`new file mode 100644`
		27025e	`index 0000000..8a75a10`
		27025e	`--- /dev/null`
		27025e	`+++ b/bin/tests/system/serve-stale/ns1/named1.conf.in`
		27025e	`@@ -0,0 +1,35 @@`
		27025e	`+/*`
		27025e	`+ * Copyright (C) 2017 Internet Systems Consortium, Inc. ("ISC")`
		27025e	`+ *`
		27025e	`+ * This Source Code Form is subject to the terms of the Mozilla Public`
		27025e	`+ * License, v. 2.0. If a copy of the MPL was not distributed with this`
		27025e	`+ * file, You can obtain one at http://mozilla.org/MPL/2.0/.`
		27025e	`+ */`
		27025e	`+`
		27025e	`+key rndc_key {`
		27025e	`+ secret "1234abcd8765";`
		27025e	`+ algorithm hmac-sha256;`
		27025e	`+};`
		27025e	`+`
		27025e	`+controls {`
		27025e	`+ inet 10.53.0.1 port @CONTROLPORT@ allow { any; } keys { rndc_key; };`
		27025e	`+};`
		27025e	`+`
		27025e	`+options {`
		27025e	`+ query-source address 10.53.0.1;`
		27025e	`+ notify-source 10.53.0.1;`
		27025e	`+ transfer-source 10.53.0.1;`
		27025e	`+ port @PORT@;`
		27025e	`+ pid-file "named.pid";`
		27025e	`+ listen-on { 10.53.0.1; };`
		27025e	`+ listen-on-v6 { none; };`
		27025e	`+ recursion yes;`
		27025e	`+ max-stale-ttl 3600;`
		27025e	`+ stale-answer-ttl 1;`
		27025e	`+ stale-answer-enable yes;`
		27025e	`+};`
		27025e	`+`
		27025e	`+zone "." {`
		27025e	`+ type master;`
		27025e	`+ file "root.db";`
		27025e	`+};`
		27025e	`diff --git a/bin/tests/system/serve-stale/ns1/named2.conf.in b/bin/tests/system/serve-stale/ns1/named2.conf.in`
		27025e	`new file mode 100644`
		27025e	`index 0000000..072e6ec`
		27025e	`--- /dev/null`
		27025e	`+++ b/bin/tests/system/serve-stale/ns1/named2.conf.in`
		27025e	`@@ -0,0 +1,35 @@`
		27025e	`+/*`
		27025e	`+ * Copyright (C) 2017 Internet Systems Consortium, Inc. ("ISC")`
		27025e	`+ *`
		27025e	`+ * This Source Code Form is subject to the terms of the Mozilla Public`
		27025e	`+ * License, v. 2.0. If a copy of the MPL was not distributed with this`
		27025e	`+ * file, You can obtain one at http://mozilla.org/MPL/2.0/.`
		27025e	`+ */`
		27025e	`+`
		27025e	`+key rndc_key {`
		27025e	`+ secret "1234abcd8765";`
		27025e	`+ algorithm hmac-sha256;`
		27025e	`+};`
		27025e	`+`
		27025e	`+controls {`
		27025e	`+ inet 10.53.0.1 port @CONTROLPORT@ allow { any; } keys { rndc_key; };`
		27025e	`+};`
		27025e	`+`
		27025e	`+options {`
		27025e	`+ query-source address 10.53.0.1;`
		27025e	`+ notify-source 10.53.0.1;`
		27025e	`+ transfer-source 10.53.0.1;`
		27025e	`+ port @PORT@;`
		27025e	`+ pid-file "named.pid";`
		27025e	`+ listen-on { 10.53.0.1; };`
		27025e	`+ listen-on-v6 { none; };`
		27025e	`+ recursion yes;`
		27025e	`+ max-stale-ttl 7200;`
		27025e	`+ stale-answer-ttl 2;`
		27025e	`+ stale-answer-enable yes;`
		27025e	`+};`
		27025e	`+`
		27025e	`+zone "." {`
		27025e	`+ type master;`
		27025e	`+ file "root.db";`
		27025e	`+};`
		27025e	`diff --git a/bin/tests/system/serve-stale/ns1/root.db b/bin/tests/system/serve-stale/ns1/root.db`
		27025e	`new file mode 100644`
		27025e	`index 0000000..eb9ad3e`
		27025e	`--- /dev/null`
		27025e	`+++ b/bin/tests/system/serve-stale/ns1/root.db`
		27025e	`@@ -0,0 +1,5 @@`
		27025e	`+. 300 SOA . . 0 0 0 0 0`
		27025e	`+. 300 NS ns.nil.`
		27025e	`+ns.nil. 300 A 10.53.0.1`
		27025e	`+example. 300 NS ns.example.`
		27025e	`+ns.example. 300 A 10.53.0.2`
		27025e	`diff --git a/bin/tests/system/serve-stale/ns3/named.conf.in b/bin/tests/system/serve-stale/ns3/named.conf.in`
		27025e	`new file mode 100644`
		27025e	`index 0000000..24a3293`
		27025e	`--- /dev/null`
		27025e	`+++ b/bin/tests/system/serve-stale/ns3/named.conf.in`
		27025e	`@@ -0,0 +1,35 @@`
		27025e	`+/*`
		27025e	`+ * Copyright (C) 2017 Internet Systems Consortium, Inc. ("ISC")`
		27025e	`+ *`
		27025e	`+ * This Source Code Form is subject to the terms of the Mozilla Public`
		27025e	`+ * License, v. 2.0. If a copy of the MPL was not distributed with this`
		27025e	`+ * file, You can obtain one at http://mozilla.org/MPL/2.0/.`
		27025e	`+ */`
		27025e	`+`
		27025e	`+key rndc_key {`
		27025e	`+ secret "1234abcd8765";`
		27025e	`+ algorithm hmac-sha256;`
		27025e	`+};`
		27025e	`+`
		27025e	`+controls {`
		27025e	`+ inet 10.53.0.3 port @CONTROLPORT@ allow { any; } keys { rndc_key; };`
		27025e	`+};`
		27025e	`+`
		27025e	`+options {`
		27025e	`+ query-source address 10.53.0.3;`
		27025e	`+ notify-source 10.53.0.3;`
		27025e	`+ transfer-source 10.53.0.3;`
		27025e	`+ port @PORT@;`
		27025e	`+ pid-file "named.pid";`
		27025e	`+ listen-on { 10.53.0.3; };`
		27025e	`+ listen-on-v6 { none; };`
		27025e	`+ recursion yes;`
		27025e	`+ // max-stale-ttl 3600;`
		27025e	`+ // stale-answer-ttl 3;`
		27025e	`+};`
		27025e	`+`
		27025e	`+zone "." {`
		27025e	`+ type slave;`
		27025e	`+ masters { 10.53.0.1; };`
		27025e	`+ file "root.bk";`
		27025e	`+};`
		27025e	`diff --git a/bin/tests/system/serve-stale/prereq.sh b/bin/tests/system/serve-stale/prereq.sh`
		27025e	`new file mode 100644`
		27025e	`index 0000000..a3bbef8`
		27025e	`--- /dev/null`
		27025e	`+++ b/bin/tests/system/serve-stale/prereq.sh`
		27025e	`@@ -0,0 +1,38 @@`
		27025e	`+#!/bin/sh`
		27025e	`+#`
		27025e	`+# Copyright (C) 2011, 2012, 2014, 2016 Internet Systems Consortium, Inc. ("ISC")`
		27025e	`+#`
		27025e	`+# This Source Code Form is subject to the terms of the Mozilla Public`
		27025e	`+# License, v. 2.0. If a copy of the MPL was not distributed with this`
		27025e	`+# file, You can obtain one at http://mozilla.org/MPL/2.0/.`
		27025e	`+`
		27025e	`+SYSTEMTESTTOP=..`
		27025e	`+. $SYSTEMTESTTOP/conf.sh`
		27025e	`+`
		27025e	`+if $PERL -e 'use Net::DNS;' 2>/dev/null`
		27025e	`+then`
		27025e	`+ if $PERL -e 'use Net::DNS; die if ($Net::DNS::VERSION >= 0.69 && $Net::DNS::VERSION <= 0.74);' 2>/dev/null`
		27025e	`+ then`
		27025e	`+ :`
		27025e	`+ else`
		27025e	`+ echo "I:Net::DNS versions 0.69 to 0.74 have bugs that cause this test to fail: please update." >&2`
		27025e	`+ exit 1`
		27025e	`+ fi`
		27025e	`+else`
		27025e	`+ echo "I:This test requires the Net::DNS library." >&2`
		27025e	`+ exit 1`
		27025e	`+fi`
		27025e	`+if $PERL -e 'use Net::DNS::Nameserver;' 2>/dev/null`
		27025e	`+then`
		27025e	`+ :`
		27025e	`+else`
		27025e	`+ echo "I:This test requires the Net::DNS::Nameserver library." >&2`
		27025e	`+ exit 1`
		27025e	`+fi`
		27025e	`+if $PERL -e 'use Time::HiRes;' 2>/dev/null`
		27025e	`+then`
		27025e	`+ :`
		27025e	`+else`
		27025e	`+ echo "I:This test requires the Time::HiRes library." >&2`
		27025e	`+ exit 1`
		27025e	`+fi`
		27025e	`diff --git a/bin/tests/system/serve-stale/setup.sh b/bin/tests/system/serve-stale/setup.sh`
		27025e	`new file mode 100644`
		27025e	`index 0000000..690f43c`
		27025e	`--- /dev/null`
		27025e	`+++ b/bin/tests/system/serve-stale/setup.sh`
		27025e	`@@ -0,0 +1,13 @@`
		27025e	`+#!/bin/sh`
		27025e	`+# Copyright (C) 2017 Internet Systems Consortium, Inc. ("ISC")`
		27025e	`+#`
		27025e	`+# This Source Code Form is subject to the terms of the Mozilla Public`
		27025e	`+# License, v. 2.0. If a copy of the MPL was not distributed with this`
		27025e	`+# file, You can obtain one at http://mozilla.org/MPL/2.0/.`
		27025e	`+`
		27025e	`+SYSTEMTESTTOP=..`
		27025e	`+. $SYSTEMTESTTOP/conf.sh`
		27025e	`+`
		27025e	`+copy_setports ns1/named1.conf.in ns1/named.conf`
		27025e	`+copy_setports ans2/ans.pl.in ans2/ans.pl`
		27025e	`+copy_setports ns3/named.conf.in ns3/named.conf`
		27025e	`diff --git a/bin/tests/system/serve-stale/tests.sh b/bin/tests/system/serve-stale/tests.sh`
		27025e	`new file mode 100755`
		27025e	`index 0000000..201c996`
		27025e	`--- /dev/null`
		27025e	`+++ b/bin/tests/system/serve-stale/tests.sh`
		27025e	`@@ -0,0 +1,536 @@`
		27025e	`+#!/bin/sh`
		27025e	`+#`
		27025e	`+# Copyright (C) 2000, 2001, 2004, 2007, 2009-2016 Internet Systems Consortium, Inc. ("ISC")`
		27025e	`+#`
		27025e	`+# This Source Code Form is subject to the terms of the Mozilla Public`
		27025e	`+# License, v. 2.0. If a copy of the MPL was not distributed with this`
		27025e	`+# file, You can obtain one at http://mozilla.org/MPL/2.0/.`
		27025e	`+`
		27025e	`+SYSTEMTESTTOP=..`
		27025e	`+. $SYSTEMTESTTOP/conf.sh`
		27025e	`+`
		27025e	`+while getopts "p:c:" flag; do`
		27025e	`+ case "$flag" in`
		27025e	`+ p) port=$OPTARG ;;`
		27025e	`+ c) controlport=$OPTARG ;;`
		27025e	`+ *) exit 1 ;;`
		27025e	`+ esac`
		27025e	`+done`
		27025e	`+`
		27025e	`+RNDCCMD="$RNDC -c $SYSTEMTESTTOP/common/rndc.conf -p ${CONTROLPORT} -s"`
		27025e	`+`
		27025e	`+echo "RNDCCMD: ${RNDCCMD}"`
		27025e	`+`
		27025e	`+status=0`
		27025e	`+n=0`
		27025e	`+`
		27025e	`+#echo "I:check ans.pl server ($n)"`
		27025e	`+#$DIG -p ${PORT} @10.53.0.2 example NS`
		27025e	`+#$DIG -p ${PORT} @10.53.0.2 example SOA`
		27025e	`+#$DIG -p ${PORT} @10.53.0.2 ns.example A`
		27025e	`+#$DIG -p ${PORT} @10.53.0.2 ns.example AAAA`
		27025e	`+#$DIG -p ${PORT} @10.53.0.2 txt enable`
		27025e	`+#$DIG -p ${PORT} @10.53.0.2 txt disable`
		27025e	`+#$DIG -p ${PORT} @10.53.0.2 ns.example AAAA`
		27025e	`+#$DIG -p ${PORT} @10.53.0.2 txt enable`
		27025e	`+#$DIG -p ${PORT} @10.53.0.2 ns.example AAAA`
		27025e	`+##$DIG -p ${PORT} @10.53.0.2 data.example TXT`
		27025e	`+#$DIG -p ${PORT} @10.53.0.2 nodata.example TXT`
		27025e	`+#$DIG -p ${PORT} @10.53.0.2 nxdomain.example TXT`
		27025e	`+`
		27025e	+n=`expr $n + 1`
		27025e	`+echo "I:prime cache data.example ($n)"`
		27025e	`+ret=0`
		27025e	`+$DIG -p ${PORT} @10.53.0.1 data.example TXT > dig.out.test$n`
		27025e	`+grep "status: NOERROR" dig.out.test$n > /dev/null \|\| ret=1`
		27025e	`+grep "ANSWER: 1," dig.out.test$n > /dev/null \|\| ret=1`
		27025e	`+if [ $ret != 0 ]; then echo "I:failed"; fi`
		27025e	+status=`expr $status + $ret`
		27025e	`+`
		27025e	+n=`expr $n + 1`
		27025e	`+echo "I:prime cache nodata.example ($n)"`
		27025e	`+ret=0`
		27025e	`+$DIG -p ${PORT} @10.53.0.1 nodata.example TXT > dig.out.test$n`
		27025e	`+grep "status: NOERROR" dig.out.test$n > /dev/null \|\| ret=1`
		27025e	`+grep "ANSWER: 0," dig.out.test$n > /dev/null \|\| ret=1`
		27025e	`+if [ $ret != 0 ]; then echo "I:failed"; fi`
		27025e	+status=`expr $status + $ret`
		27025e	`+`
		27025e	+n=`expr $n + 1`
		27025e	`+echo "I:prime cache nxdomain.example ($n)"`
		27025e	`+ret=0`
		27025e	`+$DIG -p ${PORT} @10.53.0.1 nxdomain.example TXT > dig.out.test$n`
		27025e	`+grep "status: NXDOMAIN" dig.out.test$n > /dev/null \|\| ret=1`
		27025e	`+grep "ANSWER: 0," dig.out.test$n > /dev/null \|\| ret=1`
		27025e	`+if [ $ret != 0 ]; then echo "I:failed"; fi`
		27025e	+status=`expr $status + $ret`
		27025e	`+`
		27025e	+n=`expr $n + 1`
		27025e	`+echo "I:disable responses from authoritative server ($n)"`
		27025e	`+ret=0`
		27025e	`+$DIG -p ${PORT} @10.53.0.2 txt disable > dig.out.test$n`
		27025e	`+grep "ANSWER: 1," dig.out.test$n > /dev/null \|\| ret=1`
		27025e	`+grep "TXT.\"0\"" dig.out.test$n > /dev/null \|\| ret=1`
		27025e	`+if [ $ret != 0 ]; then echo "I:failed"; fi`
		27025e	+status=`expr $status + $ret`
		27025e	`+`
		27025e	`+sleep 1`
		27025e	`+`
		27025e	+n=`expr $n + 1`
		27025e	`+echo "I:check 'rndc serve-stale status' ($n)"`
		27025e	`+ret=0`
		27025e	`+$RNDCCMD 10.53.0.1 serve-stale status > rndc.out.test$n 2>&1 \|\| ret=1`
		27025e	`+grep '_default: on (stale-answer-ttl=1 max-stale-ttl=3600)' rndc.out.test$n > /dev/null \|\| ret=1`
		27025e	`+if [ $ret != 0 ]; then echo "I:failed"; fi`
		27025e	+status=`expr $status + $ret`
		27025e	`+`
		27025e	+n=`expr $n + 1`
		27025e	`+echo "I:check stale data.example ($n)"`
		27025e	`+ret=0`
		27025e	`+$DIG -p ${PORT} @10.53.0.1 data.example TXT > dig.out.test$n`
		27025e	`+grep "status: NOERROR" dig.out.test$n > /dev/null \|\| ret=1`
		27025e	`+grep "ANSWER: 1," dig.out.test$n > /dev/null \|\| ret=1`
		27025e	`+grep "example.1.IN" dig.out.test$n > /dev/null \|\| ret=1`
		27025e	`+if [ $ret != 0 ]; then echo "I:failed"; fi`
		27025e	+status=`expr $status + $ret`
		27025e	`+`
		27025e	+n=`expr $n + 1`
		27025e	`+echo "I:check stale nodata.example ($n)"`
		27025e	`+ret=0`
		27025e	`+$DIG -p ${PORT} @10.53.0.1 nodata.example TXT > dig.out.test$n`
		27025e	`+grep "status: NOERROR" dig.out.test$n > /dev/null \|\| ret=1`
		27025e	`+grep "ANSWER: 0," dig.out.test$n > /dev/null \|\| ret=1`
		27025e	`+grep "example.1.IN" dig.out.test$n > /dev/null \|\| ret=1`
		27025e	`+if [ $ret != 0 ]; then echo "I:failed"; fi`
		27025e	+status=`expr $status + $ret`
		27025e	`+`
		27025e	+n=`expr $n + 1`
		27025e	`+echo "I:check stale nxdomain.example ($n)"`
		27025e	`+ret=0`
		27025e	`+$DIG -p ${PORT} @10.53.0.1 nxdomain.example TXT > dig.out.test$n`
		27025e	`+grep "status: NXDOMAIN" dig.out.test$n > /dev/null \|\| ret=1`
		27025e	`+grep "ANSWER: 0," dig.out.test$n > /dev/null \|\| ret=1`
		27025e	`+grep "example.1.IN" dig.out.test$n > /dev/null \|\| ret=1`
		27025e	`+if [ $ret != 0 ]; then echo "I:failed"; fi`
		27025e	+status=`expr $status + $ret`
		27025e	`+`
		27025e	+n=`expr $n + 1`
		27025e	`+echo "I:running 'rndc serve-stale off' ($n)"`
		27025e	`+ret=0`
		27025e	`+$RNDCCMD 10.53.0.1 serve-stale off \|\| ret=1`
		27025e	`+if [ $ret != 0 ]; then echo "I:failed"; fi`
		27025e	+status=`expr $status + $ret`
		27025e	`+`
		27025e	+n=`expr $n + 1`
		27025e	`+echo "I:check 'rndc serve-stale status' ($n)"`
		27025e	`+ret=0`
		27025e	`+$RNDCCMD 10.53.0.1 serve-stale status > rndc.out.test$n 2>&1 \|\| ret=1`
		27025e	`+grep '_default: off (rndc) (stale-answer-ttl=1 max-stale-ttl=3600)' rndc.out.test$n > /dev/null \|\| ret=1`
		27025e	`+if [ $ret != 0 ]; then echo "I:failed"; fi`
		27025e	+status=`expr $status + $ret`
		27025e	`+`
		27025e	+n=`expr $n + 1`
		27025e	`+echo "I:check stale data.example (serve-stale off) ($n)"`
		27025e	`+ret=0`
		27025e	`+$DIG -p ${PORT} @10.53.0.1 data.example TXT > dig.out.test$n`
		27025e	`+grep "status: SERVFAIL" dig.out.test$n > /dev/null \|\| ret=1`
		27025e	`+if [ $ret != 0 ]; then echo "I:failed"; fi`
		27025e	+status=`expr $status + $ret`
		27025e	`+if [ $ret != 0 ]; then echo "I:failed"; fi`
		27025e	+status=`expr $status + $ret`
		27025e	`+`
		27025e	+n=`expr $n + 1`
		27025e	`+echo "I:check stale nodata.example (serve-stale off) ($n)"`
		27025e	`+ret=0`
		27025e	`+$DIG -p ${PORT} @10.53.0.1 nodata.example TXT > dig.out.test$n`
		27025e	`+grep "status: SERVFAIL" dig.out.test$n > /dev/null \|\| ret=1`
		27025e	`+if [ $ret != 0 ]; then echo "I:failed"; fi`
		27025e	+status=`expr $status + $ret`
		27025e	`+`
		27025e	+n=`expr $n + 1`
		27025e	`+echo "I:check stale nxdomain.example (serve-stale off) ($n)"`
		27025e	`+ret=0`
		27025e	`+$DIG -p ${PORT} @10.53.0.1 nxdomain.example TXT > dig.out.test$n`
		27025e	`+grep "status: SERVFAIL" dig.out.test$n > /dev/null \|\| ret=1`
		27025e	`+if [ $ret != 0 ]; then echo "I:failed"; fi`
		27025e	+status=`expr $status + $ret`
		27025e	`+`
		27025e	+n=`expr $n + 1`
		27025e	`+echo "I:running 'rndc serve-stale on' ($n)"`
		27025e	`+ret=0`
		27025e	`+$RNDCCMD 10.53.0.1 serve-stale on \|\| ret=1`
		27025e	`+if [ $ret != 0 ]; then echo "I:failed"; fi`
		27025e	+status=`expr $status + $ret`
		27025e	`+`
		27025e	+n=`expr $n + 1`
		27025e	`+echo "I:check 'rndc serve-stale status' ($n)"`
		27025e	`+ret=0`
		27025e	`+$RNDCCMD 10.53.0.1 serve-stale status > rndc.out.test$n 2>&1 \|\| ret=1`
		27025e	`+grep '_default: on (rndc) (stale-answer-ttl=1 max-stale-ttl=3600)' rndc.out.test$n > /dev/null \|\| ret=1`
		27025e	`+if [ $ret != 0 ]; then echo "I:failed"; fi`
		27025e	+status=`expr $status + $ret`
		27025e	`+`
		27025e	+n=`expr $n + 1`
		27025e	`+echo "I:check stale data.example (serve-stale on) ($n)"`
		27025e	`+ret=0`
		27025e	`+$DIG -p ${PORT} @10.53.0.1 data.example TXT > dig.out.test$n`
		27025e	`+grep "status: NOERROR" dig.out.test$n > /dev/null \|\| ret=1`
		27025e	`+grep "ANSWER: 1," dig.out.test$n > /dev/null \|\| ret=1`
		27025e	`+grep "example.1.IN" dig.out.test$n > /dev/null \|\| ret=1`
		27025e	`+if [ $ret != 0 ]; then echo "I:failed"; fi`
		27025e	+status=`expr $status + $ret`
		27025e	`+`
		27025e	+n=`expr $n + 1`
		27025e	`+echo "I:check stale nodata.example (serve-stale on) ($n)"`
		27025e	`+ret=0`
		27025e	`+$DIG -p ${PORT} @10.53.0.1 nodata.example TXT > dig.out.test$n`
		27025e	`+grep "status: NOERROR" dig.out.test$n > /dev/null \|\| ret=1`
		27025e	`+grep "ANSWER: 0," dig.out.test$n > /dev/null \|\| ret=1`
		27025e	`+grep "example.1.IN" dig.out.test$n > /dev/null \|\| ret=1`
		27025e	`+if [ $ret != 0 ]; then echo "I:failed"; fi`
		27025e	+status=`expr $status + $ret`
		27025e	`+`
		27025e	+n=`expr $n + 1`
		27025e	`+echo "I:check stale nxdomain.example (serve-stale on) ($n)"`
		27025e	`+ret=0`
		27025e	`+$DIG -p ${PORT} @10.53.0.1 nxdomain.example TXT > dig.out.test$n`
		27025e	`+grep "status: NXDOMAIN" dig.out.test$n > /dev/null \|\| ret=1`
		27025e	`+grep "ANSWER: 0," dig.out.test$n > /dev/null \|\| ret=1`
		27025e	`+grep "example.1.IN" dig.out.test$n > /dev/null \|\| ret=1`
		27025e	`+if [ $ret != 0 ]; then echo "I:failed"; fi`
		27025e	+status=`expr $status + $ret`
		27025e	`+`
		27025e	+n=`expr $n + 1`
		27025e	`+echo "I:running 'rndc serve-stale no' ($n)"`
		27025e	`+ret=0`
		27025e	`+$RNDCCMD 10.53.0.1 serve-stale no \|\| ret=1`
		27025e	`+if [ $ret != 0 ]; then echo "I:failed"; fi`
		27025e	+status=`expr $status + $ret`
		27025e	`+`
		27025e	+n=`expr $n + 1`
		27025e	`+echo "I:check 'rndc serve-stale status' ($n)"`
		27025e	`+ret=0`
		27025e	`+$RNDCCMD 10.53.0.1 serve-stale status > rndc.out.test$n 2>&1 \|\| ret=1`
		27025e	`+grep '_default: off (rndc) (stale-answer-ttl=1 max-stale-ttl=3600)' rndc.out.test$n > /dev/null \|\| ret=1`
		27025e	`+if [ $ret != 0 ]; then echo "I:failed"; fi`
		27025e	+status=`expr $status + $ret`
		27025e	`+`
		27025e	+n=`expr $n + 1`
		27025e	`+echo "I:check stale data.example (serve-stale no) ($n)"`
		27025e	`+ret=0`
		27025e	`+$DIG -p ${PORT} @10.53.0.1 data.example TXT > dig.out.test$n`
		27025e	`+grep "status: SERVFAIL" dig.out.test$n > /dev/null \|\| ret=1`
		27025e	`+if [ $ret != 0 ]; then echo "I:failed"; fi`
		27025e	+status=`expr $status + $ret`
		27025e	`+if [ $ret != 0 ]; then echo "I:failed"; fi`
		27025e	+status=`expr $status + $ret`
		27025e	`+`
		27025e	+n=`expr $n + 1`
		27025e	`+echo "I:check stale nodata.example (serve-stale no) ($n)"`
		27025e	`+ret=0`
		27025e	`+$DIG -p ${PORT} @10.53.0.1 nodata.example TXT > dig.out.test$n`
		27025e	`+grep "status: SERVFAIL" dig.out.test$n > /dev/null \|\| ret=1`
		27025e	`+if [ $ret != 0 ]; then echo "I:failed"; fi`
		27025e	+status=`expr $status + $ret`
		27025e	`+`
		27025e	+n=`expr $n + 1`
		27025e	`+echo "I:check stale nxdomain.example (serve-stale no) ($n)"`
		27025e	`+ret=0`
		27025e	`+$DIG -p ${PORT} @10.53.0.1 nxdomain.example TXT > dig.out.test$n`
		27025e	`+grep "status: SERVFAIL" dig.out.test$n > /dev/null \|\| ret=1`
		27025e	`+if [ $ret != 0 ]; then echo "I:failed"; fi`
		27025e	+status=`expr $status + $ret`
		27025e	`+`
		27025e	+n=`expr $n + 1`
		27025e	`+echo "I:running 'rndc serve-stale yes' ($n)"`
		27025e	`+ret=0`
		27025e	`+$RNDCCMD 10.53.0.1 serve-stale yes \|\| ret=1`
		27025e	`+if [ $ret != 0 ]; then echo "I:failed"; fi`
		27025e	+status=`expr $status + $ret`
		27025e	`+`
		27025e	+n=`expr $n + 1`
		27025e	`+echo "I:check 'rndc serve-stale status' ($n)"`
		27025e	`+ret=0`
		27025e	`+$RNDCCMD 10.53.0.1 serve-stale status > rndc.out.test$n 2>&1 \|\| ret=1`
		27025e	`+grep '_default: on (rndc) (stale-answer-ttl=1 max-stale-ttl=3600)' rndc.out.test$n > /dev/null \|\| ret=1`
		27025e	`+if [ $ret != 0 ]; then echo "I:failed"; fi`
		27025e	+status=`expr $status + $ret`
		27025e	`+`
		27025e	+n=`expr $n + 1`
		27025e	`+echo "I:check stale data.example (serve-stale yes) ($n)"`
		27025e	`+ret=0`
		27025e	`+$DIG -p ${PORT} @10.53.0.1 data.example TXT > dig.out.test$n`
		27025e	`+grep "status: NOERROR" dig.out.test$n > /dev/null \|\| ret=1`
		27025e	`+grep "ANSWER: 1," dig.out.test$n > /dev/null \|\| ret=1`
		27025e	`+grep "example.1.IN" dig.out.test$n > /dev/null \|\| ret=1`
		27025e	`+if [ $ret != 0 ]; then echo "I:failed"; fi`
		27025e	+status=`expr $status + $ret`
		27025e	`+`
		27025e	+n=`expr $n + 1`
		27025e	`+echo "I:check stale nodata.example (serve-stale yes) ($n)"`
		27025e	`+ret=0`
		27025e	`+$DIG -p ${PORT} @10.53.0.1 nodata.example TXT > dig.out.test$n`
		27025e	`+grep "status: NOERROR" dig.out.test$n > /dev/null \|\| ret=1`
		27025e	`+grep "ANSWER: 0," dig.out.test$n > /dev/null \|\| ret=1`
		27025e	`+grep "example.1.IN" dig.out.test$n > /dev/null \|\| ret=1`
		27025e	`+if [ $ret != 0 ]; then echo "I:failed"; fi`
		27025e	+status=`expr $status + $ret`
		27025e	`+`
		27025e	+n=`expr $n + 1`
		27025e	`+echo "I:check stale nxdomain.example (serve-stale yes) ($n)"`
		27025e	`+ret=0`
		27025e	`+$DIG -p ${PORT} @10.53.0.1 nxdomain.example TXT > dig.out.test$n`
		27025e	`+grep "status: NXDOMAIN" dig.out.test$n > /dev/null \|\| ret=1`
		27025e	`+grep "ANSWER: 0," dig.out.test$n > /dev/null \|\| ret=1`
		27025e	`+grep "example.1.IN" dig.out.test$n > /dev/null \|\| ret=1`
		27025e	`+if [ $ret != 0 ]; then echo "I:failed"; fi`
		27025e	+status=`expr $status + $ret`
		27025e	`+`
		27025e	+n=`expr $n + 1`
		27025e	`+echo "I:running 'rndc serve-stale off' ($n)"`
		27025e	`+ret=0`
		27025e	`+$RNDCCMD 10.53.0.1 serve-stale off \|\| ret=1`
		27025e	`+if [ $ret != 0 ]; then echo "I:failed"; fi`
		27025e	+status=`expr $status + $ret`
		27025e	`+`
		27025e	+n=`expr $n + 1`
		27025e	`+echo "I:running 'rndc serve-stale reset' ($n)"`
		27025e	`+ret=0`
		27025e	`+$RNDCCMD 10.53.0.1 serve-stale reset \|\| ret=1`
		27025e	`+if [ $ret != 0 ]; then echo "I:failed"; fi`
		27025e	+status=`expr $status + $ret`
		27025e	`+`
		27025e	+n=`expr $n + 1`
		27025e	`+echo "I:check 'rndc serve-stale status' ($n)"`
		27025e	`+ret=0`
		27025e	`+$RNDCCMD 10.53.0.1 serve-stale status > rndc.out.test$n 2>&1 \|\| ret=1`
		27025e	`+grep '_default: on (stale-answer-ttl=1 max-stale-ttl=3600)' rndc.out.test$n > /dev/null \|\| ret=1`
		27025e	`+if [ $ret != 0 ]; then echo "I:failed"; fi`
		27025e	+status=`expr $status + $ret`
		27025e	`+`
		27025e	+n=`expr $n + 1`
		27025e	`+echo "I:check stale data.example (serve-stale reset) ($n)"`
		27025e	`+ret=0`
		27025e	`+$DIG -p ${PORT} @10.53.0.1 data.example TXT > dig.out.test$n`
		27025e	`+grep "status: NOERROR" dig.out.test$n > /dev/null \|\| ret=1`
		27025e	`+grep "ANSWER: 1," dig.out.test$n > /dev/null \|\| ret=1`
		27025e	`+grep "example.1.IN" dig.out.test$n > /dev/null \|\| ret=1`
		27025e	`+if [ $ret != 0 ]; then echo "I:failed"; fi`
		27025e	+status=`expr $status + $ret`
		27025e	`+`
		27025e	+n=`expr $n + 1`
		27025e	`+echo "I:check stale nodata.example (serve-stale reset) ($n)"`
		27025e	`+ret=0`
		27025e	`+$DIG -p ${PORT} @10.53.0.1 nodata.example TXT > dig.out.test$n`
		27025e	`+grep "status: NOERROR" dig.out.test$n > /dev/null \|\| ret=1`
		27025e	`+grep "ANSWER: 0," dig.out.test$n > /dev/null \|\| ret=1`
		27025e	`+grep "example.1.IN" dig.out.test$n > /dev/null \|\| ret=1`
		27025e	`+if [ $ret != 0 ]; then echo "I:failed"; fi`
		27025e	+status=`expr $status + $ret`
		27025e	`+`
		27025e	+n=`expr $n + 1`
		27025e	`+echo "I:check stale nxdomain.example (serve-stale reset) ($n)"`
		27025e	`+ret=0`
		27025e	`+$DIG -p ${PORT} @10.53.0.1 nxdomain.example TXT > dig.out.test$n`
		27025e	`+grep "status: NXDOMAIN" dig.out.test$n > /dev/null \|\| ret=1`
		27025e	`+grep "ANSWER: 0," dig.out.test$n > /dev/null \|\| ret=1`
		27025e	`+grep "example.1.IN" dig.out.test$n > /dev/null \|\| ret=1`
		27025e	`+if [ $ret != 0 ]; then echo "I:failed"; fi`
		27025e	+status=`expr $status + $ret`
		27025e	`+`
		27025e	+n=`expr $n + 1`
		27025e	`+echo "I:running 'rndc serve-stale off' ($n)"`
		27025e	`+ret=0`
		27025e	`+$RNDCCMD 10.53.0.1 serve-stale off \|\| ret=1`
		27025e	`+if [ $ret != 0 ]; then echo "I:failed"; fi`
		27025e	+status=`expr $status + $ret`
		27025e	`+`
		27025e	+n=`expr $n + 1`
		27025e	`+echo "I:check 'rndc serve-stale status' ($n)"`
		27025e	`+ret=0`
		27025e	`+$RNDCCMD 10.53.0.1 serve-stale status > rndc.out.test$n 2>&1 \|\| ret=1`
		27025e	`+grep '_default: off (rndc) (stale-answer-ttl=1 max-stale-ttl=3600)' rndc.out.test$n > /dev/null \|\| ret=1`
		27025e	`+if [ $ret != 0 ]; then echo "I:failed"; fi`
		27025e	+status=`expr $status + $ret`
		27025e	`+`
		27025e	+n=`expr $n + 1`
		27025e	`+echo "I:updating ns1/named.conf ($n)"`
		27025e	`+ret=0`
		27025e	`+sed -e "s/@PORT@/${PORT}/g;s/@CONTROLPORT@/${CONTROLPORT}/g" < ns1/named2.conf.in > ns1/named.conf`
		27025e	`+if [ $ret != 0 ]; then echo "I:failed"; fi`
		27025e	+status=`expr $status + $ret`
		27025e	`+`
		27025e	+n=`expr $n + 1`
		27025e	`+echo "I:running 'rndc reload' ($n)"`
		27025e	`+ret=0`
		27025e	`+$RNDCCMD 10.53.0.1 reload > rndc.out.test$n 2>&1 \|\| ret=1`
		27025e	`+grep "server reload successful" rndc.out.test$n > /dev/null \|\| ret=1`
		27025e	`+if [ $ret != 0 ]; then echo "I:failed"; fi`
		27025e	+status=`expr $status + $ret`
		27025e	`+`
		27025e	+n=`expr $n + 1`
		27025e	`+echo "I:check 'rndc serve-stale status' ($n)"`
		27025e	`+ret=0`
		27025e	`+$RNDCCMD 10.53.0.1 serve-stale status > rndc.out.test$n 2>&1 \|\| ret=1`
		27025e	`+grep '_default: off (rndc) (stale-answer-ttl=2 max-stale-ttl=7200)' rndc.out.test$n > /dev/null \|\| ret=1`
		27025e	`+if [ $ret != 0 ]; then echo "I:failed"; fi`
		27025e	+status=`expr $status + $ret`
		27025e	`+`
		27025e	+n=`expr $n + 1`
		27025e	`+echo "I:check 'rndc serve-stale' ($n)"`
		27025e	`+ret=0`
		27025e	`+$RNDCCMD 10.53.0.1 serve-stale > rndc.out.test$n 2>&1 && ret=1`
		27025e	`+grep "unexpected end of input" rndc.out.test$n > /dev/null \|\| ret=1`
		27025e	`+if [ $ret != 0 ]; then echo "I:failed"; fi`
		27025e	+status=`expr $status + $ret`
		27025e	`+`
		27025e	+n=`expr $n + 1`
		27025e	`+echo "I:check 'rndc serve-stale unknown' ($n)"`
		27025e	`+ret=0`
		27025e	`+$RNDCCMD 10.53.0.1 serve-stale unknown > rndc.out.test$n 2>&1 && ret=1`
		27025e	`+grep "syntax error" rndc.out.test$n > /dev/null \|\| ret=1`
		27025e	`+if [ $ret != 0 ]; then echo "I:failed"; fi`
		27025e	+status=`expr $status + $ret`
		27025e	`+`
		27025e	+n=`expr $n + 1`
		27025e	`+echo_i "flush cache, re-enable serve-stale and query again ($n)"`
		27025e	`+ret=0`
		27025e	`+$RNDCCMD 10.53.0.1 flushtree example > rndc.out.test$n.1 2>&1 \|\| ret=1`
		27025e	`+$RNDCCMD 10.53.0.1 serve-stale on > rndc.out.test$n.2 2>&1 \|\| ret=1`
		27025e	`+$DIG -p ${PORT} @10.53.0.1 data.example TXT > dig.out.test$n`
		27025e	`+grep "status: SERVFAIL" dig.out.test$n > /dev/null \|\| ret=1`
		27025e	`+grep "ANSWER: 0," dig.out.test$n > /dev/null \|\| ret=1`
		27025e	`+if [ $ret != 0 ]; then echo_i "failed"; fi`
		27025e	+status=`expr $status + $ret`
		27025e	`+`
		27025e	+n=`expr $n + 1`
		27025e	`+ret=0`
		27025e	`+$DIG -p ${PORT} @10.53.0.2 txt enable > dig.out.test$n`
		27025e	`+grep "ANSWER: 1," dig.out.test$n > /dev/null \|\| ret=1`
		27025e	`+grep "TXT.\"1\"" dig.out.test$n > /dev/null \|\| ret=1`
		27025e	`+if [ $ret != 0 ]; then echo "I:failed"; fi`
		27025e	+status=`expr $status + $ret`
		27025e	`+`
		27025e	+n=`expr $n + 1`
		27025e	`+echo "I:prime cache data.example (max-stale-ttl default) ($n)"`
		27025e	`+ret=0`
		27025e	`+$DIG -p ${PORT} @10.53.0.3 data.example TXT > dig.out.test$n`
		27025e	`+grep "status: NOERROR" dig.out.test$n > /dev/null \|\| ret=1`
		27025e	`+grep "ANSWER: 1," dig.out.test$n > /dev/null \|\| ret=1`
		27025e	`+grep "example.1.IN" dig.out.test$n > /dev/null \|\| ret=1`
		27025e	`+if [ $ret != 0 ]; then echo "I:failed"; fi`
		27025e	+status=`expr $status + $ret`
		27025e	`+`
		27025e	+n=`expr $n + 1`
		27025e	`+echo "I:prime cache nodata.example (max-stale-ttl default) ($n)"`
		27025e	`+ret=0`
		27025e	`+$DIG -p ${PORT} @10.53.0.3 nodata.example TXT > dig.out.test$n`
		27025e	`+grep "status: NOERROR" dig.out.test$n > /dev/null \|\| ret=1`
		27025e	`+grep "ANSWER: 0," dig.out.test$n > /dev/null \|\| ret=1`
		27025e	`+grep "example.1.IN" dig.out.test$n > /dev/null \|\| ret=1`
		27025e	`+if [ $ret != 0 ]; then echo "I:failed"; fi`
		27025e	+status=`expr $status + $ret`
		27025e	`+`
		27025e	+n=`expr $n + 1`
		27025e	`+echo "I:prime cache nxdomain.example (max-stale-ttl default) ($n)"`
		27025e	`+ret=0`
		27025e	`+$DIG -p ${PORT} @10.53.0.3 nxdomain.example TXT > dig.out.test$n`
		27025e	`+grep "status: NXDOMAIN" dig.out.test$n > /dev/null \|\| ret=1`
		27025e	`+grep "ANSWER: 0," dig.out.test$n > /dev/null \|\| ret=1`
		27025e	`+grep "example.1.IN" dig.out.test$n > /dev/null \|\| ret=1`
		27025e	`+if [ $ret != 0 ]; then echo "I:failed"; fi`
		27025e	+status=`expr $status + $ret`
		27025e	`+`
		27025e	+n=`expr $n + 1`
		27025e	`+echo "I:disable responses from authoritative server ($n)"`
		27025e	`+ret=0`
		27025e	`+$DIG -p ${PORT} @10.53.0.2 txt disable > dig.out.test$n`
		27025e	`+grep "ANSWER: 1," dig.out.test$n > /dev/null \|\| ret=1`
		27025e	`+grep "TXT.\"0\"" dig.out.test$n > /dev/null \|\| ret=1`
		27025e	`+if [ $ret != 0 ]; then echo "I:failed"; fi`
		27025e	+status=`expr $status + $ret`
		27025e	`+`
		27025e	`+sleep 1`
		27025e	`+`
		27025e	+n=`expr $n + 1`
		27025e	`+echo "I:check 'rndc serve-stale status' ($n)"`
		27025e	`+ret=0`
		27025e	`+$RNDCCMD 10.53.0.3 serve-stale status > rndc.out.test$n 2>&1 \|\| ret=1`
		27025e	`+grep '_default: off (stale-answer-ttl=1 max-stale-ttl=604800)' rndc.out.test$n > /dev/null \|\| ret=1`
		27025e	`+if [ $ret != 0 ]; then echo "I:failed"; fi`
		27025e	+status=`expr $status + $ret`
		27025e	`+`
		27025e	+n=`expr $n + 1`
		27025e	`+echo "I:check fail of data.example (max-stale-ttl default) ($n)"`
		27025e	`+ret=0`
		27025e	`+$DIG -p ${PORT} @10.53.0.3 data.example TXT > dig.out.test$n`
		27025e	`+grep "status: SERVFAIL" dig.out.test$n > /dev/null \|\| ret=1`
		27025e	`+grep "ANSWER: 0," dig.out.test$n > /dev/null \|\| ret=1`
		27025e	`+if [ $ret != 0 ]; then echo "I:failed"; fi`
		27025e	+status=`expr $status + $ret`
		27025e	`+`
		27025e	+n=`expr $n + 1`
		27025e	`+echo "I:check fail of nodata.example (max-stale-ttl default) ($n)"`
		27025e	`+ret=0`
		27025e	`+$DIG -p ${PORT} @10.53.0.3 nodata.example TXT > dig.out.test$n`
		27025e	`+grep "status: SERVFAIL" dig.out.test$n > /dev/null \|\| ret=1`
		27025e	`+grep "ANSWER: 0," dig.out.test$n > /dev/null \|\| ret=1`
		27025e	`+if [ $ret != 0 ]; then echo "I:failed"; fi`
		27025e	+status=`expr $status + $ret`
		27025e	`+`
		27025e	+n=`expr $n + 1`
		27025e	`+echo "I:check fail of nxdomain.example (max-stale-ttl default) ($n)"`
		27025e	`+ret=0`
		27025e	`+$DIG -p ${PORT} @10.53.0.3 nxdomain.example TXT > dig.out.test$n`
		27025e	`+grep "status: SERVFAIL" dig.out.test$n > /dev/null \|\| ret=1`
		27025e	`+grep "ANSWER: 0," dig.out.test$n > /dev/null \|\| ret=1`
		27025e	`+if [ $ret != 0 ]; then echo "I:failed"; fi`
		27025e	+status=`expr $status + $ret`
		27025e	`+`
		27025e	+n=`expr $n + 1`
		27025e	`+echo "I:check 'rndc serve-stale on' ($n)"`
		27025e	`+ret=0`
		27025e	`+$RNDCCMD 10.53.0.3 serve-stale on > rndc.out.test$n 2>&1 \|\| ret=1`
		27025e	`+if [ $ret != 0 ]; then echo "I:failed"; fi`
		27025e	+status=`expr $status + $ret`
		27025e	`+`
		27025e	+n=`expr $n + 1`
		27025e	`+echo "I:check 'rndc serve-stale status' ($n)"`
		27025e	`+ret=0`
		27025e	`+$RNDCCMD 10.53.0.3 serve-stale status > rndc.out.test$n 2>&1 \|\| ret=1`
		27025e	`+grep '_default: on (rndc) (stale-answer-ttl=1 max-stale-ttl=604800)' rndc.out.test$n > /dev/null \|\| ret=1`
		27025e	`+if [ $ret != 0 ]; then echo "I:failed"; fi`
		27025e	+status=`expr $status + $ret`
		27025e	`+`
		27025e	+n=`expr $n + 1`
		27025e	`+echo "I:check data.example (max-stale-ttl default) ($n)"`
		27025e	`+ret=0`
		27025e	`+$DIG -p ${PORT} @10.53.0.3 data.example TXT > dig.out.test$n`
		27025e	`+grep "status: NOERROR" dig.out.test$n > /dev/null \|\| ret=1`
		27025e	`+grep "ANSWER: 1," dig.out.test$n > /dev/null \|\| ret=1`
		27025e	`+grep "example.1.IN" dig.out.test$n > /dev/null \|\| ret=1`
		27025e	`+if [ $ret != 0 ]; then echo "I:failed"; fi`
		27025e	+status=`expr $status + $ret`
		27025e	`+`
		27025e	+n=`expr $n + 1`
		27025e	`+echo "I:check nodata.example (max-stale-ttl default) ($n)"`
		27025e	`+ret=0`
		27025e	`+$DIG -p ${PORT} @10.53.0.3 nodata.example TXT > dig.out.test$n`
		27025e	`+grep "status: NOERROR" dig.out.test$n > /dev/null \|\| ret=1`
		27025e	`+grep "ANSWER: 0," dig.out.test$n > /dev/null \|\| ret=1`
		27025e	`+grep "example.1.IN" dig.out.test$n > /dev/null \|\| ret=1`
		27025e	`+if [ $ret != 0 ]; then echo "I:failed"; fi`
		27025e	+status=`expr $status + $ret`
		27025e	`+`
		27025e	+n=`expr $n + 1`
		27025e	`+echo "I:check nxdomain.example (max-stale-ttl default) ($n)"`
		27025e	`+ret=0`
		27025e	`+$DIG -p ${PORT} @10.53.0.3 nxdomain.example TXT > dig.out.test$n`
		27025e	`+grep "status: NXDOMAIN" dig.out.test$n > /dev/null \|\| ret=1`
		27025e	`+grep "ANSWER: 0," dig.out.test$n > /dev/null \|\| ret=1`
		27025e	`+grep "example.1.IN" dig.out.test$n > /dev/null \|\| ret=1`
		27025e	`+if [ $ret != 0 ]; then echo "I:failed"; fi`
		27025e	+status=`expr $status + $ret`
		27025e	`+`
		27025e	`+echo "I:exit status: $status"`
		27025e	`+[ $status -eq 0 ] \|\| exit 1`
		27025e	`diff --git a/doc/arm/Bv9ARM-book.xml b/doc/arm/Bv9ARM-book.xml`
		eb7207	`index 99c8680..5fbabfe 100644`
		27025e	`--- a/doc/arm/Bv9ARM-book.xml`
		27025e	`+++ b/doc/arm/Bv9ARM-book.xml`
		eb7207	`@@ -4336,6 +4336,9 @@ badresp:1,adberr:0,findfail:0,valfail:0]`
		27025e	`statement in the <filename>named.conf</filename> file:`
		27025e	`</para>`
		27025e	`<xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="options.grammar.xml"/>`
		27025e	`+ [ <command>max-stale-ttl</command> <replaceable>number</replaceable> ; ]`
		27025e	`+ [ <command>stale-answer-enable</command> <replaceable>yes_or_no</replaceable> ; ]`
		27025e	`+ [ <command>stale-answer-ttl</command> <replaceable>number</replaceable> ; ]`
		27025e	`</section>`
		27025e
		27025e	`<section xml:id="options"><info><title><command>options</command> Statement Definition and`
		eb7207	`@@ -4429,6 +4432,7 @@ badresp:1,adberr:0,findfail:0,valfail:0]`
		27025e	`<command>dnssec-validation</command>,`
		27025e	`<command>max-cache-ttl</command>,`
		27025e	`<command>max-ncache-ttl</command>,`
		27025e	`+ <command>max-stale-ttl</command>,`
		27025e	`<command>max-cache-size</command>, and`
		27025e	`<command>zero-no-soa-ttl</command>.`
		27025e	`</para>`
		eb7207	`@@ -5438,7 +5442,6 @@ options {`
		27025e	`</listitem>`
		27025e	`</varlistentry>`
		27025e
		27025e	`-`
		27025e	`<varlistentry>`
		27025e	`<term><command>max-zone-ttl</command></term>`
		27025e	`<listitem>`
		eb7207	`@@ -5474,6 +5477,21 @@ options {`
		27025e	`</listitem>`
		27025e	`</varlistentry>`
		27025e
		27025e	`+ <varlistentry>`
		27025e	`+ <term><command>stale-answer-ttl</command></term>`
		27025e	`+ <listitem>`
		27025e	`+ <para>`
		27025e	`+ Specifies the TTL to be returned on stale answers.`
		27025e	`+ The default is 1 second. The minimal allowed is`
		27025e	`+ also 1 second; a value of 0 will be updated silently`
		27025e	`+ to 1 second. For stale answers to be returned`
		27025e	`+ <option>max-stale-ttl</option> must be set to a`
		27025e	`+ non zero value and they must not have been disabled`
		27025e	`+ by <command>rndc</command>.`
		27025e	`+ </para>`
		27025e	`+ </listitem>`
		27025e	`+ </varlistentry>`
		27025e	`+`
		27025e	`<varlistentry>`
		27025e	`<term><command>serial-update-method</command></term>`
		27025e	`<listitem>`
		eb7207	`@@ -6227,6 +6245,22 @@ options {`
		27025e	`</listitem>`
		27025e	`</varlistentry>`
		27025e
		27025e	`+ <varlistentry>`
		27025e	`+ <term><command>serve-stale-enable</command></term>`
		27025e	`+ <listitem>`
		27025e	`+ <para>`
		27025e	`+ Enable the returning of stale answers when the`
		27025e	`+ nameservers for the zone are not answering. This`
		27025e	`+ is off by default but can be enabled/disabled via`
		27025e	`+ <command>rndc server-stale on</command> and`
		27025e	`+ <command>rndc server-stale off</command> which`
		27025e	`+ override the named.conf setting. <command>rndc`
		27025e	`+ server-stale reset</command> will restore control`
		27025e	`+ via named.conf.`
		27025e	`+ </para>`
		27025e	`+ </listitem>`
		27025e	`+ </varlistentry>`
		27025e	`+`
		27025e	`<varlistentry>`
		27025e	`<term><command>nocookie-udp-size</command></term>`
		27025e	`<listitem>`
		eb7207	`@@ -7449,13 +7483,19 @@ options {`
		27025e	`<term><command>resolver-query-timeout</command></term>`
		27025e	`<listitem>`
		27025e	`<para>`
		eb7207	`- This is the amount of time in seconds that the`
		eb7207	`- resolver spends attempting to resolve a recursive`
		eb7207	`- query before failing. The default and minimum`
		27025e	`- is <literal>10</literal> and the maximum is`
		27025e	`- <literal>30</literal>. Setting it to`
		eb7207	`- <literal>0</literal> results in the default`
		eb7207	`- being used.`
		eb7207	`+ The amount of time in milliseconds that the resolver`
		eb7207	`+ will spend attempting to resolve a recursive`
		eb7207	`+ query before failing. The default and minimum`
		27025e	`+ is <literal>10000</literal> and the maximum is`
		27025e	`+ <literal>30000</literal>. Setting it to`
		eb7207	`+ <literal>0</literal> will result in the default`
		eb7207	`+ being used.`
		eb7207	`+ </para>`
		27025e	`+ <para>`
		27025e	`+ This value was originally specified in seconds.`
		27025e	`+ Values less than or equal to 300 will be be treated`
		27025e	`+ as seconds and converted to milliseconds before`
		27025e	`+ applying the above limits.`
		eb7207	`</para>`
		27025e	`</listitem>`
		27025e	`</varlistentry>`
		eb7207	`@@ -9016,6 +9056,27 @@ avoid-v6-udp-ports { 40000; range 50000 60000; };`
		27025e	`</listitem>`
		27025e	`</varlistentry>`
		27025e
		27025e	`+ <varlistentry>`
		27025e	`+ <term><command>max-stale-ttl</command></term>`
		27025e	`+ <listitem>`
		27025e	`+ <para>`
		27025e	`+ Sets the maximum time for which the server will`
		27025e	`+ retain records past their normal expiry to`
		27025e	`+ return them as stale records when the servers`
		27025e	`+ for those records are not reachable. The default`
		27025e	`+ is to not retain the record.`
		27025e	`+ </para>`
		27025e	`+ <para>`
		27025e	`+ <command>rndc serve-stale</command> can be used`
		27025e	`+ to disable and re-enable the serving of stale`
		27025e	`+ records at runtime. Reloading or reconfiguring`
		27025e	`+ <command>named</command> will not re-enable serving`
		27025e	`+ of stale records if they have been disabled via`
		27025e	`+ <command>rndc</command>.`
		27025e	`+ </para>`
		27025e	`+ </listitem>`
		27025e	`+ </varlistentry>`
		27025e	`+`
		27025e	`<varlistentry>`
		27025e	`<term><command>min-roots</command></term>`
		27025e	`<listitem>`
		27025e	`diff --git a/doc/arm/logging-categories.xml b/doc/arm/logging-categories.xml`
		eb7207	`index 56d05e8..098342b 100644`
		27025e	`--- a/doc/arm/logging-categories.xml`
		27025e	`+++ b/doc/arm/logging-categories.xml`
		27025e	`@@ -311,6 +311,17 @@`
		27025e	`</para>`
		27025e	`</entry>`
		27025e	`</row>`
		27025e	`+ <row rowsep="0">`
		27025e	`+ <entry colname="1">`
		27025e	`+ <para><command>serve-stale</command></para>`
		27025e	`+ </entry>`
		27025e	`+ <entry colname="2">`
		27025e	`+ <para>`
		27025e	`+ Whether or not a stale answer is used`
		27025e	`+ following a resolver failure.`
		27025e	`+ </para>`
		27025e	`+ </entry>`
		27025e	`+ </row>`
		27025e	`<row rowsep="0">`
		27025e	`<entry colname="1">`
		27025e	`<para><command>spill</command></para>`
		27025e	`diff --git a/doc/arm/notes-rh-changes.xml b/doc/arm/notes-rh-changes.xml`
		b9f8ff	`index 89a4961..80b7dee 100644`
		27025e	`--- a/doc/arm/notes-rh-changes.xml`
		27025e	`+++ b/doc/arm/notes-rh-changes.xml`
		b9f8ff	`@@ -12,6 +12,9 @@`
		27025e	`<section xml:id="relnotes_rh_changes"><info><title>Red Hat Specific Changes</title></info>`
		27025e	`<itemizedlist>`
		27025e	`<listitem>`
		27025e	`+ <para>`
		27025e	`+ This version includes some features not present in releases by ISC.`
		27025e	`+ </para>`
		27025e	`<para>`
		27025e	`By default, BIND now uses the random number generation functions`
		27025e	`in the cryptographic library (i.e., OpenSSL or a PKCS#11`
		b9f8ff	`@@ -36,7 +39,16 @@`
		27025e	`case <filename>/dev/random</filename> will be the default`
		27025e	`entropy source. [RT #31459] [RT #46047]`
		27025e	`</para>`
		27025e	`- </listitem>`
		27025e	`+ <para>`
		27025e	`+ When acting as a recursive resolver, <command>named</command>`
		27025e	`+ can now continue returning answers whose TTLs have expired`
		27025e	`+ when the authoritative server is under attack and unable to`
		27025e	`+ respond. This is controlled by the`
		27025e	`+ <command>stale-answer-enable</command>,`
		27025e	`+ <command>stale-answer-ttl</command> and`
		27025e	`+ <command>max-stale-ttl</command> options. [RT #44790]`
		27025e	`+ </para>`
		27025e	`+ </listitem>`
		27025e	`</itemizedlist>`
		27025e	`</section>`
		27025e
		27025e	`diff --git a/doc/misc/options b/doc/misc/options`
		27025e	`index e11beed..fde93c7 100644`
		27025e	`--- a/doc/misc/options`
		27025e	`+++ b/doc/misc/options`
		27025e	`@@ -225,6 +225,7 @@ options {`
		27025e	`max-refresh-time <integer>;`
		27025e	`max-retry-time <integer>;`
		27025e	`max-rsa-exponent-size <integer>;`
		27025e	`+ max-stale-ttl <ttlval>;`
		27025e	`max-transfer-idle-in <integer>;`
		27025e	`max-transfer-idle-out <integer>;`
		27025e	`max-transfer-time-in <integer>;`
		27025e	`@@ -298,7 +299,9 @@ options {`
		27025e	`request-sit <boolean>; // obsolete`
		27025e	`require-server-cookie <boolean>;`
		27025e	`reserved-sockets <integer>;`
		27025e	`+ resolver-nonbackoff-tries <integer>;`
		27025e	`resolver-query-timeout <integer>;`
		27025e	`+ resolver-retry-interval <integer>;`
		27025e	`response-policy { zone <string> [ log <boolean> ] [ max-policy-ttl`
		27025e	`<integer> ] [ policy ( cname \| disabled \| drop \| given \| no-op`
		27025e	`\| nodata \| nxdomain \| passthru \| tcp-only <quoted_string> ) ] [`
		27025e	`@@ -328,6 +331,8 @@ options {`
		27025e	`sit-secret <string>; // obsolete`
		27025e	`sortlist { <address_match_element>; ... };`
		27025e	`stacksize ( default \| unlimited \| <sizeval> );`
		27025e	`+ stale-answer-enable <boolean>;`
		27025e	`+ stale-answer-ttl <ttlval>;`
		27025e	`startup-notify-rate <integer>;`
		27025e	`statistics-file <quoted_string>;`
		27025e	`statistics-interval <integer>; // not yet implemented`
		27025e	`@@ -539,6 +544,7 @@ view <string> [ <class> ] {`
		27025e	`max-recursion-queries <integer>;`
		27025e	`max-refresh-time <integer>;`
		27025e	`max-retry-time <integer>;`
		27025e	`+ max-stale-ttl <ttlval>;`
		27025e	`max-transfer-idle-in <integer>;`
		27025e	`max-transfer-idle-out <integer>;`
		27025e	`max-transfer-time-in <integer>;`
		27025e	`@@ -600,7 +606,9 @@ view <string> [ <class> ] {`
		27025e	`request-nsid <boolean>;`
		27025e	`request-sit <boolean>; // obsolete`
		27025e	`require-server-cookie <boolean>;`
		27025e	`+ resolver-nonbackoff-tries <integer>;`
		27025e	`resolver-query-timeout <integer>;`
		27025e	`+ resolver-retry-interval <integer>;`
		27025e	`response-policy { zone <string> [ log <boolean> ] [ max-policy-ttl`
		27025e	`<integer> ] [ policy ( cname \| disabled \| drop \| given \| no-op`
		27025e	`\| nodata \| nxdomain \| passthru \| tcp-only <quoted_string> ) ] [`
		27025e	`@@ -655,6 +663,8 @@ view <string> [ <class> ] {`
		27025e	`sig-signing-type <integer>;`
		27025e	`sig-validity-interval <integer> [ <integer> ];`
		27025e	`sortlist { <address_match_element>; ... };`
		27025e	`+ stale-answer-enable <boolean>;`
		27025e	`+ stale-answer-ttl <ttlval>;`
		27025e	`suppress-initial-notify <boolean>; // not yet implemented`
		27025e	`topology { <address_match_element>; ... }; // not implemented`
		27025e	`transfer-format ( many-answers \| one-answer );`
		27025e	`diff --git a/lib/bind9/check.c b/lib/bind9/check.c`
		eb7207	`index bf769fe..6c57fa4 100644`
		27025e	`--- a/lib/bind9/check.c`
		27025e	`+++ b/lib/bind9/check.c`
		27025e	`@@ -99,7 +99,8 @@ check_orderent(const cfg_obj_t ent, isc_log_t logctx) {`
		27025e	`cfg_obj_log(obj, logctx, ISC_LOG_ERROR,`
		27025e	`"rrset-order: invalid class '%s'",`
		27025e	`r.base);`
		27025e	`- result = ISC_R_FAILURE;`
		27025e	`+ if (result == ISC_R_SUCCESS)`
		27025e	`+ result = ISC_R_FAILURE;`
		27025e	`}`
		27025e	`}`
		27025e
		27025e	`@@ -112,7 +113,8 @@ check_orderent(const cfg_obj_t ent, isc_log_t logctx) {`
		27025e	`cfg_obj_log(obj, logctx, ISC_LOG_ERROR,`
		27025e	`"rrset-order: invalid type '%s'",`
		27025e	`r.base);`
		27025e	`- result = ISC_R_FAILURE;`
		27025e	`+ if (result == ISC_R_SUCCESS)`
		27025e	`+ result = ISC_R_FAILURE;`
		27025e	`}`
		27025e	`}`
		27025e
		27025e	`@@ -126,7 +128,8 @@ check_orderent(const cfg_obj_t ent, isc_log_t logctx) {`
		27025e	`if (tresult != ISC_R_SUCCESS) {`
		27025e	`cfg_obj_log(obj, logctx, ISC_LOG_ERROR,`
		27025e	`"rrset-order: invalid name '%s'", str);`
		27025e	`- result = ISC_R_FAILURE;`
		27025e	`+ if (result == ISC_R_SUCCESS)`
		27025e	`+ result = ISC_R_FAILURE;`
		27025e	`}`
		27025e	`}`
		27025e
		27025e	`@@ -135,14 +138,16 @@ check_orderent(const cfg_obj_t ent, isc_log_t logctx) {`
		27025e	`strcasecmp("order", cfg_obj_asstring(obj)) != 0) {`
		27025e	`cfg_obj_log(ent, logctx, ISC_LOG_ERROR,`
		27025e	`"rrset-order: keyword 'order' missing");`
		27025e	`- result = ISC_R_FAILURE;`
		27025e	`+ if (result == ISC_R_SUCCESS)`
		27025e	`+ result = ISC_R_FAILURE;`
		27025e	`}`
		27025e
		27025e	`obj = cfg_tuple_get(ent, "ordering");`
		27025e	`if (!cfg_obj_isstring(obj)) {`
		27025e	`cfg_obj_log(ent, logctx, ISC_LOG_ERROR,`
		27025e	`"rrset-order: missing ordering");`
		27025e	`- result = ISC_R_FAILURE;`
		27025e	`+ if (result == ISC_R_SUCCESS)`
		27025e	`+ result = ISC_R_FAILURE;`
		27025e	`} else if (strcasecmp(cfg_obj_asstring(obj), "fixed") == 0) {`
		27025e	`#if !DNS_RDATASET_FIXED`
		27025e	`cfg_obj_log(obj, logctx, ISC_LOG_WARNING,`
		27025e	`@@ -154,7 +159,8 @@ check_orderent(const cfg_obj_t ent, isc_log_t logctx) {`
		27025e	`cfg_obj_log(obj, logctx, ISC_LOG_ERROR,`
		27025e	`"rrset-order: invalid order '%s'",`
		27025e	`cfg_obj_asstring(obj));`
		27025e	`- result = ISC_R_FAILURE;`
		27025e	`+ if (result == ISC_R_SUCCESS)`
		27025e	`+ result = ISC_R_FAILURE;`
		27025e	`}`
		27025e	`return (result);`
		27025e	`}`
		27025e	`@@ -174,7 +180,7 @@ check_order(const cfg_obj_t options, isc_log_t logctx) {`
		27025e	`element = cfg_list_next(element))`
		27025e	`{`
		27025e	`tresult = check_orderent(cfg_listelt_value(element), logctx);`
		27025e	`- if (tresult != ISC_R_SUCCESS)`
		27025e	`+ if (result == ISC_R_SUCCESS && tresult != ISC_R_SUCCESS)`
		27025e	`result = tresult;`
		27025e	`}`
		27025e	`return (result);`
		27025e	`@@ -204,7 +210,8 @@ check_dual_stack(const cfg_obj_t options, isc_log_t logctx) {`
		27025e	`if (val > UINT16_MAX) {`
		27025e	`cfg_obj_log(obj, logctx, ISC_LOG_ERROR,`
		27025e	`"port '%u' out of range", val);`
		27025e	`- result = ISC_R_FAILURE;`
		27025e	`+ if (result == ISC_R_SUCCESS)`
		27025e	`+ result = ISC_R_RANGE;`
		27025e	`}`
		27025e	`}`
		27025e	`obj = cfg_tuple_get(alternates, "addresses");`
		27025e	`@@ -224,7 +231,8 @@ check_dual_stack(const cfg_obj_t options, isc_log_t logctx) {`
		27025e	`if (tresult != ISC_R_SUCCESS) {`
		27025e	`cfg_obj_log(obj, logctx, ISC_LOG_ERROR,`
		27025e	`"bad name '%s'", str);`
		27025e	`- result = ISC_R_FAILURE;`
		27025e	`+ if (result == ISC_R_SUCCESS)`
		27025e	`+ result = tresult;`
		27025e	`}`
		27025e	`obj = cfg_tuple_get(value, "port");`
		27025e	`if (cfg_obj_isuint32(obj)) {`
		27025e	`@@ -232,7 +240,8 @@ check_dual_stack(const cfg_obj_t options, isc_log_t logctx) {`
		27025e	`if (val > UINT16_MAX) {`
		27025e	`cfg_obj_log(obj, logctx, ISC_LOG_ERROR,`
		27025e	`"port '%u' out of range", val);`
		27025e	`- result = ISC_R_FAILURE;`
		27025e	`+ if (result == ISC_R_SUCCESS)`
		27025e	`+ result = ISC_R_RANGE;`
		27025e	`}`
		27025e	`}`
		27025e	`}`
		b9f8ff	`@@ -1271,7 +1280,8 @@ check_options(const cfg_obj_t options, isc_log_t logctx, isc_mem_t *mctx,`
		27025e	`cfg_obj_log(obj, logctx, ISC_LOG_ERROR,`
		27025e	`"auto-dnssec may only be activated at the "`
		27025e	`"zone level");`
		27025e	`- result = ISC_R_FAILURE;`
		27025e	`+ if (result == ISC_R_SUCCESS)`
		27025e	`+ result = ISC_R_FAILURE;`
		27025e	`}`
		27025e	`}`
		27025e
		b9f8ff	`@@ -1291,7 +1301,7 @@ check_options(const cfg_obj_t options, isc_log_t logctx, isc_mem_t *mctx,`
		27025e	`{`
		27025e	`obj = cfg_listelt_value(element);`
		27025e	`tresult = mustbesecure(obj, symtab, logctx, mctx);`
		27025e	`- if (tresult != ISC_R_SUCCESS)`
		27025e	`+ if (result == ISC_R_SUCCESS && tresult != ISC_R_SUCCESS)`
		27025e	`result = tresult;`
		27025e	`}`
		27025e	`if (symtab != NULL)`
		b9f8ff	`@@ -1310,7 +1320,8 @@ check_options(const cfg_obj_t options, isc_log_t logctx, isc_mem_t *mctx,`
		27025e	`cfg_obj_log(obj, logctx, ISC_LOG_ERROR,`
		27025e	`"%s: invalid name '%s'",`
		27025e	`server_contact[i], str);`
		27025e	`- result = ISC_R_FAILURE;`
		27025e	`+ if (result == ISC_R_SUCCESS)`
		27025e	`+ result = ISC_R_FAILURE;`
		27025e	`}`
		27025e	`}`
		27025e	`}`
		b9f8ff	`@@ -1330,7 +1341,8 @@ check_options(const cfg_obj_t options, isc_log_t logctx, isc_mem_t *mctx,`
		27025e	`cfg_obj_log(obj, logctx, ISC_LOG_ERROR,`
		27025e	`"disable-empty-zone: invalid name '%s'",`
		27025e	`str);`
		27025e	`- result = ISC_R_FAILURE;`
		27025e	`+ if (result == ISC_R_SUCCESS)`
		27025e	`+ result = ISC_R_FAILURE;`
		27025e	`}`
		27025e	`}`
		27025e
		b9f8ff	`@@ -1344,11 +1356,12 @@ check_options(const cfg_obj_t options, isc_log_t logctx, isc_mem_t *mctx,`
		27025e	`strlen(cfg_obj_asstring(obj)) > 1024U) {`
		27025e	`cfg_obj_log(obj, logctx, ISC_LOG_ERROR,`
		27025e	`"'server-id' too big (>1024 bytes)");`
		27025e	`- result = ISC_R_FAILURE;`
		27025e	`+ if (result == ISC_R_SUCCESS)`
		27025e	`+ result = ISC_R_FAILURE;`
		27025e	`}`
		27025e
		27025e	`tresult = check_dscp(options, logctx);`
		27025e	`- if (tresult != ISC_R_SUCCESS)`
		27025e	`+ if (result == ISC_R_SUCCESS && tresult != ISC_R_SUCCESS)`
		27025e	`result = tresult;`
		27025e
		27025e	`obj = NULL;`
		b9f8ff	`@@ -1358,11 +1371,13 @@ check_options(const cfg_obj_t options, isc_log_t logctx, isc_mem_t *mctx,`
		27025e	`if (lifetime > 604800) { /* 7 days */`
		27025e	`cfg_obj_log(obj, logctx, ISC_LOG_ERROR,`
		27025e	`"'nta-lifetime' cannot exceed one week");`
		27025e	`- result = ISC_R_RANGE;`
		27025e	`+ if (result == ISC_R_SUCCESS)`
		27025e	`+ result = ISC_R_RANGE;`
		27025e	`} else if (lifetime == 0) {`
		27025e	`cfg_obj_log(obj, logctx, ISC_LOG_ERROR,`
		27025e	`"'nta-lifetime' may not be zero");`
		27025e	`- result = ISC_R_RANGE;`
		27025e	`+ if (result == ISC_R_SUCCESS)`
		27025e	`+ result = ISC_R_RANGE;`
		27025e	`}`
		27025e	`}`
		27025e
		b9f8ff	`@@ -1373,7 +1388,8 @@ check_options(const cfg_obj_t options, isc_log_t logctx, isc_mem_t *mctx,`
		27025e	`if (recheck > 604800) { /* 7 days */`
		27025e	`cfg_obj_log(obj, logctx, ISC_LOG_ERROR,`
		27025e	`"'nta-recheck' cannot exceed one week");`
		27025e	`- result = ISC_R_RANGE;`
		27025e	`+ if (result == ISC_R_SUCCESS)`
		27025e	`+ result = ISC_R_RANGE;`
		27025e	`}`
		27025e
		27025e	`if (recheck > lifetime)`
		b9f8ff	`@@ -1391,7 +1407,8 @@ check_options(const cfg_obj_t options, isc_log_t logctx, isc_mem_t *mctx,`
		27025e	`if (strcasecmp(ccalg, "aes") == 0) {`
		27025e	`cfg_obj_log(obj, logctx, ISC_LOG_ERROR,`
		27025e	`"cookie-algorithm: '%s' not supported", ccalg);`
		27025e	`- result = ISC_R_NOTIMPLEMENTED;`
		27025e	`+ if (result == ISC_R_SUCCESS)`
		27025e	`+ result = ISC_R_NOTIMPLEMENTED;`
		27025e	`}`
		27025e	`#endif`
		27025e
		b9f8ff	`@@ -1480,7 +1497,8 @@ check_options(const cfg_obj_t options, isc_log_t logctx, isc_mem_t *mctx,`
		27025e	`cfg_obj_log(obj, logctx, ISC_LOG_ERROR,`
		27025e	`"%s out of range (%u < %u)",`
		27025e	`fstrm[i].name, value, fstrm[i].min);`
		27025e	`- result = ISC_R_RANGE;`
		27025e	`+ if (result == ISC_R_SUCCESS)`
		27025e	`+ result = ISC_R_RANGE;`
		27025e	`}`
		27025e
		27025e	`if (strcmp(fstrm[i].name, "fstrm-set-input-queue-size") == 0) {`
		b9f8ff	`@@ -1494,7 +1512,8 @@ check_options(const cfg_obj_t options, isc_log_t logctx, isc_mem_t *mctx,`
		27025e	`"%s '%u' not a power-of-2",`
		27025e	`fstrm[i].name,`
		27025e	`cfg_obj_asuint32(obj));`
		27025e	`- result = ISC_R_RANGE;`
		27025e	`+ if (result == ISC_R_SUCCESS)`
		27025e	`+ result = ISC_R_RANGE;`
		27025e	`}`
		27025e	`}`
		27025e	`}`
		b9f8ff	`@@ -1512,7 +1531,8 @@ check_options(const cfg_obj_t options, isc_log_t logctx, isc_mem_t *mctx,`
		27025e	`"%" PRId64 "' "`
		27025e	`"is too small",`
		27025e	`mapsize);`
		27025e	`- return (ISC_R_RANGE);`
		27025e	`+ if (result == ISC_R_SUCCESS)`
		27025e	`+ result = ISC_R_RANGE;`
		27025e	`} else if (mapsize > (1ULL << 40)) { /* 1 terabyte */`
		27025e	`cfg_obj_log(obj, logctx,`
		27025e	`ISC_LOG_ERROR,`
		b9f8ff	`@@ -1520,10 +1540,20 @@ check_options(const cfg_obj_t options, isc_log_t logctx, isc_mem_t *mctx,`
		27025e	`"%" PRId64 "' "`
		27025e	`"is too large",`
		27025e	`mapsize);`
		27025e	`- return (ISC_R_RANGE);`
		27025e	`+ if (result == ISC_R_SUCCESS)`
		27025e	`+ result = ISC_R_RANGE;`
		27025e	`}`
		27025e	`}`
		27025e
		27025e	`+ obj = NULL;`
		27025e	`+ (void)cfg_map_get(options, "resolver-nonbackoff-tries", &obj);`
		27025e	`+ if (obj != NULL && cfg_obj_asuint32(obj) == 0U) {`
		27025e	`+ cfg_obj_log(obj, logctx, ISC_LOG_ERROR,`
		27025e	`+ "'resolver-nonbackoff-tries' must be >= 1");`
		27025e	`+ if (result == ISC_R_SUCCESS)`
		27025e	`+ result = ISC_R_RANGE;`
		27025e	`+ }`
		27025e	`+`
		27025e	`return (result);`
		27025e	`}`
		27025e
		27025e	`diff --git a/lib/dns/cache.c b/lib/dns/cache.c`
		eb7207	`index 2965a4f..617737a 100644`
		27025e	`--- a/lib/dns/cache.c`
		27025e	`+++ b/lib/dns/cache.c`
		27025e	`@@ -138,6 +138,7 @@ struct dns_cache {`
		27025e	`int db_argc;`
		27025e	`char **db_argv;`
		27025e	`size_t size;`
		27025e	`+ dns_ttl_t serve_stale_ttl;`
		27025e	`isc_stats_t *stats;`
		27025e
		27025e	`/* Locked by 'filelock'. */`
		27025e	`@@ -167,9 +168,13 @@ overmem_cleaning_action(isc_task_t task, isc_event_t event);`
		27025e
		27025e	`static inline isc_result_t`
		27025e	`cache_create_db(dns_cache_t cache, dns_db_t *db) {`
		27025e	`- return (dns_db_create(cache->mctx, cache->db_type, dns_rootname,`
		27025e	`- dns_dbtype_cache, cache->rdclass,`
		27025e	`- cache->db_argc, cache->db_argv, db));`
		27025e	`+ isc_result_t result;`
		27025e	`+ result = dns_db_create(cache->mctx, cache->db_type, dns_rootname,`
		27025e	`+ dns_dbtype_cache, cache->rdclass,`
		27025e	`+ cache->db_argc, cache->db_argv, db);`
		27025e	`+ if (result == ISC_R_SUCCESS)`
		27025e	`+ dns_db_setservestalettl(*db, cache->serve_stale_ttl);`
		27025e	`+ return (result);`
		27025e	`}`
		27025e
		27025e	`isc_result_t`
		27025e	`@@ -238,6 +243,7 @@ dns_cache_create3(isc_mem_t cmctx, isc_mem_t hmctx, isc_taskmgr_t *taskmgr,`
		27025e	`cache->references = 1;`
		27025e	`cache->live_tasks = 0;`
		27025e	`cache->rdclass = rdclass;`
		27025e	`+ cache->serve_stale_ttl = 0;`
		27025e
		27025e	`cache->stats = NULL;`
		27025e	`result = isc_stats_create(cmctx, &cache->stats,`
		27025e	`@@ -1092,6 +1098,32 @@ dns_cache_getcachesize(dns_cache_t *cache) {`
		27025e	`return (size);`
		27025e	`}`
		27025e
		27025e	`+void`
		27025e	`+dns_cache_setservestalettl(dns_cache_t *cache, dns_ttl_t ttl) {`
		27025e	`+ REQUIRE(VALID_CACHE(cache));`
		27025e	`+`
		27025e	`+ LOCK(&cache->lock);`
		27025e	`+ cache->serve_stale_ttl = ttl;`
		27025e	`+ UNLOCK(&cache->lock);`
		27025e	`+`
		27025e	`+ (void)dns_db_setservestalettl(cache->db, ttl);`
		27025e	`+}`
		27025e	`+`
		27025e	`+dns_ttl_t`
		27025e	`+dns_cache_getservestalettl(dns_cache_t *cache) {`
		27025e	`+ dns_ttl_t ttl;`
		27025e	`+ isc_result_t result;`
		27025e	`+`
		27025e	`+ REQUIRE(VALID_CACHE(cache));`
		27025e	`+`
		27025e	`+ /*`
		27025e	`+ * Could get it straight from the dns_cache_t, but use db`
		27025e	`+ * to confirm the value that the db is really using.`
		27025e	`+ */`
		27025e	`+ result = dns_db_getservestalettl(cache->db, &ttl);`
		27025e	`+ return result == ISC_R_SUCCESS ? ttl : 0;`
		27025e	`+}`
		27025e	`+`
		27025e	`/*`
		27025e	`* The cleaner task is shutting down; do the necessary cleanup.`
		27025e	`*/`
		27025e	`diff --git a/lib/dns/db.c b/lib/dns/db.c`
		eb7207	`index a28a566..c581646 100644`
		27025e	`--- a/lib/dns/db.c`
		27025e	`+++ b/lib/dns/db.c`
		27025e	`@@ -1130,3 +1130,25 @@ dns_db_nodefullname(dns_db_t db, dns_dbnode_t node, dns_name_t *name) {`
		27025e	`return (ISC_R_NOTIMPLEMENTED);`
		27025e	`return ((db->methods->nodefullname)(db, node, name));`
		27025e	`}`
		27025e	`+`
		27025e	`+isc_result_t`
		27025e	`+dns_db_setservestalettl(dns_db_t *db, dns_ttl_t ttl)`
		27025e	`+{`
		27025e	`+ REQUIRE(DNS_DB_VALID(db));`
		27025e	`+ REQUIRE((db->attributes & DNS_DBATTR_CACHE) != 0);`
		27025e	`+`
		27025e	`+ if (db->methods->setservestalettl != NULL)`
		27025e	`+ return ((db->methods->setservestalettl)(db, ttl));`
		27025e	`+ return (ISC_R_NOTIMPLEMENTED);`
		27025e	`+}`
		27025e	`+`
		27025e	`+isc_result_t`
		27025e	`+dns_db_getservestalettl(dns_db_t db, dns_ttl_t ttl)`
		27025e	`+{`
		27025e	`+ REQUIRE(DNS_DB_VALID(db));`
		27025e	`+ REQUIRE((db->attributes & DNS_DBATTR_CACHE) != 0);`
		27025e	`+`
		27025e	`+ if (db->methods->getservestalettl != NULL)`
		27025e	`+ return ((db->methods->getservestalettl)(db, ttl));`
		27025e	`+ return (ISC_R_NOTIMPLEMENTED);`
		27025e	`+}`
		27025e	`diff --git a/lib/dns/ecdb.c b/lib/dns/ecdb.c`
		eb7207	`index fc94ccf..76d0417 100644`
		27025e	`--- a/lib/dns/ecdb.c`
		27025e	`+++ b/lib/dns/ecdb.c`
		27025e	`@@ -588,7 +588,9 @@ static dns_dbmethods_t ecdb_methods = {`
		27025e	`NULL, /* setcachestats */`
		27025e	`NULL, /* hashsize */`
		27025e	`NULL, /* nodefullname */`
		27025e	`- NULL /* getsize */`
		27025e	`+ NULL, /* getsize */`
		27025e	`+ NULL, /* setservestalettl */`
		27025e	`+ NULL /* getservestalettl */`
		27025e	`};`
		27025e
		27025e	`static isc_result_t`
		27025e	`diff --git a/lib/dns/include/dns/cache.h b/lib/dns/include/dns/cache.h`
		eb7207	`index ab4b0b5..e158014 100644`
		27025e	`--- a/lib/dns/include/dns/cache.h`
		27025e	`+++ b/lib/dns/include/dns/cache.h`
		27025e	`@@ -260,6 +260,27 @@ dns_cache_getcachesize(dns_cache_t *cache);`
		27025e	`* Get the maximum cache size.`
		27025e	`*/`
		27025e
		27025e	`+void`
		27025e	`+dns_cache_setservestalettl(dns_cache_t *cache, dns_ttl_t ttl);`
		27025e	`+/*%<`
		27025e	`+ * Sets the maximum length of time that cached answers may be retained`
		27025e	`+ * past their normal TTL. Default value for the library is 0, disabling`
		27025e	`+ * the use of stale data.`
		27025e	`+ *`
		27025e	`+ * Requires:`
		27025e	`+ *\li 'cache' to be valid.`
		27025e	`+ */`
		27025e	`+`
		27025e	`+dns_ttl_t`
		27025e	`+dns_cache_getservestalettl(dns_cache_t *cache);`
		27025e	`+/*%<`
		27025e	`+ * Gets the maximum length of time that cached answers may be kept past`
		27025e	`+ * normal expiry.`
		27025e	`+ *`
		27025e	`+ * Requires:`
		27025e	`+ *\li 'cache' to be valid.`
		27025e	`+ */`
		27025e	`+`
		27025e	`isc_result_t`
		27025e	`dns_cache_flush(dns_cache_t *cache);`
		27025e	`/*%<`
		27025e	`diff --git a/lib/dns/include/dns/db.h b/lib/dns/include/dns/db.h`
		eb7207	`index 96f3a8f..452770f 100644`
		27025e	`--- a/lib/dns/include/dns/db.h`
		27025e	`+++ b/lib/dns/include/dns/db.h`
		b9f8ff	`@@ -195,6 +195,8 @@ typedef struct dns_dbmethods {`
		27025e	`dns_name_t *name);`
		27025e	`isc_result_t (getsize)(dns_db_t db, dns_dbversion_t *version,`
		27025e	`uint64_t records, uint64_t bytes);`
		27025e	`+ isc_result_t (setservestalettl)(dns_db_t db, dns_ttl_t ttl);`
		27025e	`+ isc_result_t (getservestalettl)(dns_db_t db, dns_ttl_t *ttl);`
		27025e	`} dns_dbmethods_t;`
		27025e
		27025e	`typedef isc_result_t`
		b9f8ff	`@@ -253,6 +255,7 @@ struct dns_dbonupdatelistener {`
		27025e	`#define DNS_DBFIND_FORCENSEC3 0x0080`
		27025e	`#define DNS_DBFIND_ADDITIONALOK 0x0100`
		27025e	`#define DNS_DBFIND_NOZONECUT 0x0200`
		27025e	`+#define DNS_DBFIND_STALEOK 0x0400`
		27025e	`/@}/`
		27025e
		27025e	`/@{/`
		b9f8ff	`@@ -1683,6 +1686,38 @@ dns_db_nodefullname(dns_db_t db, dns_dbnode_t node, dns_name_t *name);`
		27025e	`* \li 'db' is a valid database`
		27025e	`* \li 'node' and 'name' are not NULL`
		27025e	`*/`
		27025e	`+`
		27025e	`+isc_result_t`
		27025e	`+dns_db_setservestalettl(dns_db_t *db, dns_ttl_t ttl);`
		27025e	`+/*%<`
		27025e	`+ * Sets the maximum length of time that cached answers may be retained`
		27025e	`+ * past their normal TTL. Default value for the library is 0, disabling`
		27025e	`+ * the use of stale data.`
		27025e	`+ *`
		27025e	`+ * Requires:`
		27025e	`+ * \li 'db' is a valid cache database.`
		27025e	`+ * \li 'ttl' is the number of seconds to retain data past its normal expiry.`
		27025e	`+ *`
		27025e	`+ * Returns:`
		27025e	`+ * \li #ISC_R_SUCCESS`
		27025e	`+ * \li #ISC_R_NOTIMPLEMENTED - Not supported by this DB implementation.`
		27025e	`+ */`
		27025e	`+`
		27025e	`+isc_result_t`
		27025e	`+dns_db_getservestalettl(dns_db_t db, dns_ttl_t ttl);`
		27025e	`+/*%<`
		27025e	`+ * Gets maximum length of time that cached answers may be kept past`
		27025e	`+ * normal TTL expiration.`
		27025e	`+ *`
		27025e	`+ * Requires:`
		27025e	`+ * \li 'db' is a valid cache database.`
		27025e	`+ * \li 'ttl' is the number of seconds to retain data past its normal expiry.`
		27025e	`+ *`
		27025e	`+ * Returns:`
		27025e	`+ * \li #ISC_R_SUCCESS`
		27025e	`+ * \li #ISC_R_NOTIMPLEMENTED - Not supported by this DB implementation.`
		27025e	`+ */`
		27025e	`+`
		27025e	`ISC_LANG_ENDDECLS`
		27025e
		27025e	`#endif /* DNS_DB_H */`
		27025e	`diff --git a/lib/dns/include/dns/rdataset.h b/lib/dns/include/dns/rdataset.h`
		eb7207	`index ed9119a..710e97c 100644`
		27025e	`--- a/lib/dns/include/dns/rdataset.h`
		27025e	`+++ b/lib/dns/include/dns/rdataset.h`
		27025e	`@@ -128,6 +128,7 @@ struct dns_rdataset {`
		27025e	`unsigned int magic; /* XXX ? */`
		27025e	`dns_rdatasetmethods_t * methods;`
		27025e	`ISC_LINK(dns_rdataset_t) link;`
		27025e	`+`
		27025e	`/*`
		27025e	`* XXX do we need these, or should they be retrieved by methods?`
		27025e	`* Leaning towards the latter, since they are not frequently required`
		27025e	`@@ -136,12 +137,19 @@ struct dns_rdataset {`
		27025e	`dns_rdataclass_t rdclass;`
		27025e	`dns_rdatatype_t type;`
		27025e	`dns_ttl_t ttl;`
		27025e	`+ /*`
		27025e	`+ * Stale ttl is used to see how long this RRset can still be used`
		27025e	`+ * to serve to clients, after the TTL has expired.`
		27025e	`+ */`
		27025e	`+ dns_ttl_t stale_ttl;`
		27025e	`dns_trust_t trust;`
		27025e	`dns_rdatatype_t covers;`
		27025e	`+`
		27025e	`/*`
		27025e	`* attributes`
		27025e	`*/`
		27025e	`unsigned int attributes;`
		27025e	`+`
		27025e	`/*%`
		27025e	`* the counter provides the starting point in the "cyclic" order.`
		27025e	`* The value UINT32_MAX has a special meaning of "picking up a`
		27025e	`@@ -149,11 +157,13 @@ struct dns_rdataset {`
		27025e	`* increment the counter.`
		27025e	`*/`
		27025e	`uint32_t count;`
		27025e	`+`
		27025e	`/*`
		27025e	`* This RRSIG RRset should be re-generated around this time.`
		27025e	`* Only valid if DNS_RDATASETATTR_RESIGN is set in attributes.`
		27025e	`*/`
		27025e	`isc_stdtime_t resign;`
		27025e	`+`
		27025e	`/@{/`
		27025e	`/*%`
		27025e	`* These are for use by the rdataset implementation, and MUST NOT`
		27025e	`@@ -206,6 +216,7 @@ struct dns_rdataset {`
		27025e	`#define DNS_RDATASETATTR_OPTOUT 0x00100000 /%< OPTOUT proof /`
		27025e	`#define DNS_RDATASETATTR_NEGATIVE 0x00200000`
		27025e	`#define DNS_RDATASETATTR_PREFETCH 0x00400000`
		27025e	`+#define DNS_RDATASETATTR_STALE 0x01000000`
		27025e
		27025e	`/*%`
		27025e	`* _OMITDNSSEC:`
		27025e	`diff --git a/lib/dns/include/dns/resolver.h b/lib/dns/include/dns/resolver.h`
		eb7207	`index 7b3c047..bd7d225 100644`
		27025e	`--- a/lib/dns/include/dns/resolver.h`
		27025e	`+++ b/lib/dns/include/dns/resolver.h`
		27025e	`@@ -547,9 +547,12 @@ dns_resolver_getmustbesecure(dns_resolver_t resolver, dns_name_t name);`
		27025e
		27025e
		27025e	`void`
		27025e	`-dns_resolver_settimeout(dns_resolver_t *resolver, unsigned int seconds);`
		27025e	`+dns_resolver_settimeout(dns_resolver_t *resolver, unsigned int timeout);`
		27025e	`/*%<`
		27025e	`- * Set the length of time the resolver will work on a query, in seconds.`
		27025e	`+ * Set the length of time the resolver will work on a query, in milliseconds.`
		27025e	`+ *`
		27025e	`+ * 'timeout' was originally defined in seconds, and later redefined to be in`
		27025e	`+ * milliseconds. Values less than or equal to 300 are treated as seconds.`
		27025e	`*`
		27025e	`* If timeout is 0, the default timeout will be applied.`
		27025e	`*`
		27025e	`@@ -560,7 +563,8 @@ dns_resolver_settimeout(dns_resolver_t *resolver, unsigned int seconds);`
		27025e	`unsigned int`
		27025e	`dns_resolver_gettimeout(dns_resolver_t *resolver);`
		27025e	`/*%<`
		27025e	`- * Get the current length of time the resolver will work on a query, in seconds.`
		27025e	`+ * Get the current length of time the resolver will work on a query,`
		27025e	`+ * in milliseconds.`
		27025e	`*`
		27025e	`* Requires:`
		27025e	`* \li resolver to be valid.`
		27025e	`@@ -582,6 +586,39 @@ dns_resolver_getzeronosoattl(dns_resolver_t *resolver);`
		27025e	`void`
		27025e	`dns_resolver_setzeronosoattl(dns_resolver_t *resolver, bool state);`
		27025e
		27025e	`+unsigned int`
		27025e	`+dns_resolver_getretryinterval(dns_resolver_t *resolver);`
		27025e	`+`
		27025e	`+void`
		27025e	`+dns_resolver_setretryinterval(dns_resolver_t *resolver, unsigned int interval);`
		27025e	`+/*%<`
		27025e	`+ * Sets the amount of time, in millseconds, that is waited for a reply`
		27025e	`+ * to a server before another server is tried. Interacts with the`
		27025e	`+ * value of dns_resolver_getnonbackofftries() by trying that number of times`
		27025e	`+ * at this interval, before doing exponential backoff and doubling the interval`
		27025e	`+ * on each subsequent try, to a maximum of 10 seconds. Defaults to 800 ms;`
		27025e	`+ * silently capped at 2000 ms.`
		27025e	`+ *`
		27025e	`+ * Requires:`
		27025e	`+ * \li resolver to be valid.`
		27025e	`+ * \li interval > 0.`
		27025e	`+ */`
		27025e	`+`
		27025e	`+unsigned int`
		27025e	`+dns_resolver_getnonbackofftries(dns_resolver_t *resolver);`
		27025e	`+`
		27025e	`+void`
		27025e	`+dns_resolver_setnonbackofftries(dns_resolver_t *resolver, unsigned int tries);`
		27025e	`+/*%<`
		27025e	`+ * Sets the number of failures of getting a reply from remote servers for`
		27025e	`+ * a query before backing off by doubling the retry interval for each`
		27025e	`+ * subsequent request sent. Defaults to 3.`
		27025e	`+ *`
		27025e	`+ * Requires:`
		27025e	`+ * \li resolver to be valid.`
		27025e	`+ * \li tries > 0.`
		27025e	`+ */`
		27025e	`+`
		27025e	`unsigned int`
		27025e	`dns_resolver_getoptions(dns_resolver_t *resolver);`
		27025e
		27025e	`diff --git a/lib/dns/include/dns/types.h b/lib/dns/include/dns/types.h`
		eb7207	`index 2468e3c..934a641 100644`
		27025e	`--- a/lib/dns/include/dns/types.h`
		27025e	`+++ b/lib/dns/include/dns/types.h`
		eb7207	`@@ -390,6 +390,12 @@ typedef struct {`
		eb7207	`size_t count;`
		eb7207	`} dns_indent_t;`
		27025e
		27025e	`+typedef enum {`
		27025e	`+ dns_stale_answer_no,`
		27025e	`+ dns_stale_answer_yes,`
		27025e	`+ dns_stale_answer_conf`
		27025e	`+} dns_stale_answer_t;`
		27025e	`+`
		27025e	`/*`
		27025e	`* Functions.`
		27025e	`*/`
		27025e	`diff --git a/lib/dns/include/dns/view.h b/lib/dns/include/dns/view.h`
		eb7207	`index 53f1db1..96148c7 100644`
		27025e	`--- a/lib/dns/include/dns/view.h`
		27025e	`+++ b/lib/dns/include/dns/view.h`
		27025e	`@@ -229,6 +229,9 @@ struct dns_view {`
		27025e	`dns_dtenv_t dtenv; / Dnstap environment */`
		27025e	`dns_dtmsgtype_t dttypes; /* Dnstap message types`
		27025e	`to log */`
		27025e	`+ dns_ttl_t staleanswerttl;`
		27025e	`+ dns_stale_answer_t staleanswersok; /* rndc setting */`
		27025e	`+ bool staleanswersenable; /* named.conf setting */`
		27025e	`};`
		27025e
		27025e	`#define DNS_VIEW_MAGIC ISC_MAGIC('V','i','e','w')`
		27025e	`diff --git a/lib/dns/master.c b/lib/dns/master.c`
		eb7207	`index 7d26b81..36999b5 100644`
		27025e	`--- a/lib/dns/master.c`
		27025e	`+++ b/lib/dns/master.c`
		27025e	`@@ -1948,12 +1948,18 @@ load_text(dns_loadctx_t *lctx) {`
		27025e
		27025e	`if ((lctx->options & DNS_MASTER_AGETTL) != 0) {`
		27025e	`/*`
		27025e	`- * Adjust the TTL for $DATE. If the RR has already`
		27025e	`- * expired, ignore it.`
		27025e	`+ * Adjust the TTL for $DATE. If the RR has`
		27025e	`+ * already expired, set its TTL to 0. This`
		27025e	`+ * should be okay even if the TTL stretching`
		27025e	`+ * feature is not in effect, because it will`
		27025e	`+ * just be quickly expired by the cache, and the`
		27025e	`+ * way this was written before the patch it`
		27025e	`+ * could potentially add 0 TTLs anyway.`
		27025e	`*/`
		27025e	`if (lctx->ttl < ttl_offset)`
		27025e	`- continue;`
		27025e	`- lctx->ttl -= ttl_offset;`
		27025e	`+ lctx->ttl = 0;`
		27025e	`+ else`
		27025e	`+ lctx->ttl -= ttl_offset;`
		27025e	`}`
		27025e
		27025e	`/*`
		27025e	`diff --git a/lib/dns/masterdump.c b/lib/dns/masterdump.c`
		eb7207	`index fa839a0..91b3cab 100644`
		27025e	`--- a/lib/dns/masterdump.c`
		27025e	`+++ b/lib/dns/masterdump.c`
		27025e	`@@ -81,6 +81,9 @@ struct dns_master_style {`
		27025e	`*/`
		27025e	`#define DNS_TOTEXT_LINEBREAK_MAXLEN 100`
		27025e
		27025e	`+/% Does the rdataset 'r' contain a stale answer? /`
		27025e	`+#define STALE(r) (((r)->attributes & DNS_RDATASETATTR_STALE) != 0)`
		27025e	`+`
		27025e	`/*%`
		27025e	`* Context structure for a masterfile dump in progress.`
		27025e	`*/`
		27025e	`@@ -94,6 +97,7 @@ typedef struct dns_totext_ctx {`
		27025e	`dns_fixedname_t origin_fixname;`
		27025e	`uint32_t current_ttl;`
		27025e	`bool current_ttl_valid;`
		27025e	`+ dns_ttl_t serve_stale_ttl;`
		27025e	`} dns_totext_ctx_t;`
		27025e
		27025e	`LIBDNS_EXTERNAL_DATA const dns_master_style_t`
		27025e	`@@ -382,6 +386,7 @@ totext_ctx_init(const dns_master_style_t style, dns_totext_ctx_t ctx) {`
		27025e	`ctx->neworigin = NULL;`
		27025e	`ctx->current_ttl = 0;`
		27025e	`ctx->current_ttl_valid = false;`
		27025e	`+ ctx->serve_stale_ttl = 0;`
		27025e
		27025e	`return (ISC_R_SUCCESS);`
		27025e	`}`
		27025e	`@@ -1028,6 +1033,11 @@ dump_rdatasets_text(isc_mem_t mctx, dns_name_t name,`
		27025e	`(ctx->style.flags & DNS_STYLEFLAG_NCACHE) == 0) {`
		27025e	`/* Omit negative cache entries */`
		27025e	`} else {`
		27025e	`+ if (STALE(rds)) {`
		27025e	`+ fprintf(f, "; stale (for %u more seconds)\n",`
		27025e	`+ (rds->stale_ttl -`
		27025e	`+ ctx->serve_stale_ttl));`
		27025e	`+ }`
		27025e	`isc_result_t result =`
		27025e	`dump_rdataset(mctx, name, rds, ctx,`
		27025e	`buffer, f);`
		27025e	`@@ -1496,6 +1506,16 @@ dumpctx_create(isc_mem_t mctx, dns_db_t db, dns_dbversion_t *version,`
		27025e	`dns_db_attach(db, &dctx->db);`
		27025e
		27025e	`dctx->do_date = dns_db_iscache(dctx->db);`
		27025e	`+ if (dctx->do_date) {`
		27025e	`+ /*`
		27025e	`+ * Adjust the date backwards by the serve-stale TTL, if any.`
		27025e	`+ * This is so the TTL will be loaded correctly when next`
		27025e	`+ * started.`
		27025e	`+ */`
		27025e	`+ (void)dns_db_getservestalettl(dctx->db,`
		27025e	`+ &dctx->tctx.serve_stale_ttl);`
		27025e	`+ dctx->now -= dctx->tctx.serve_stale_ttl;`
		27025e	`+ }`
		27025e
		27025e	`if (dctx->format == dns_masterformat_text &&`
		27025e	`(dctx->tctx.style.flags & DNS_STYLEFLAG_REL_OWNER) != 0) {`
		27025e	`@@ -1555,6 +1575,9 @@ writeheader(dns_dumpctx_t *dctx) {`
		27025e	`* it in the zone case.`
		27025e	`*/`
		27025e	`if (dctx->do_date) {`
		27025e	`+ fprintf(dctx->f,`
		27025e	`+ "; using a %d second stale ttl\n",`
		27025e	`+ dctx->tctx.serve_stale_ttl);`
		27025e	`result = dns_time32_totext(dctx->now, &buffer);`
		27025e	`RUNTIME_CHECK(result == ISC_R_SUCCESS);`
		27025e	`isc_buffer_usedregion(&buffer, &r);`
		27025e	`diff --git a/lib/dns/rbtdb.c b/lib/dns/rbtdb.c`
		eb7207	`index 3a60bcf..8ea4d47 100644`
		27025e	`--- a/lib/dns/rbtdb.c`
		27025e	`+++ b/lib/dns/rbtdb.c`
		eb7207	`@@ -511,6 +511,7 @@ typedef ISC_LIST(rdatasetheader_t) rdatasetheaderlist_t;`
		27025e	`typedef ISC_LIST(dns_rbtnode_t) rbtnodelist_t;`
		27025e
		27025e	`#define RDATASET_ATTR_NONEXISTENT 0x0001`
		27025e	`+/%< May be potentially served as stale data. /`
		27025e	`#define RDATASET_ATTR_STALE 0x0002`
		27025e	`#define RDATASET_ATTR_IGNORE 0x0004`
		27025e	`#define RDATASET_ATTR_RETAIN 0x0008`
		eb7207	`@@ -523,6 +524,8 @@ typedef ISC_LIST(dns_rbtnode_t) rbtnodelist_t;`
		27025e	`#define RDATASET_ATTR_CASESET 0x0400`
		27025e	`#define RDATASET_ATTR_ZEROTTL 0x0800`
		27025e	`#define RDATASET_ATTR_CASEFULLYLOWER 0x1000`
		27025e	`+/%< Ancient - awaiting cleanup. /`
		27025e	`+#define RDATASET_ATTR_ANCIENT 0x2000`
		27025e
		27025e	`typedef struct acache_cbarg {`
		27025e	`dns_rdatasetadditional_t type;`
		eb7207	`@@ -573,6 +576,8 @@ struct acachectl {`
		27025e	`(((header)->attributes & RDATASET_ATTR_ZEROTTL) != 0)`
		27025e	`#define CASEFULLYLOWER(header) \`
		27025e	`(((header)->attributes & RDATASET_ATTR_CASEFULLYLOWER) != 0)`
		27025e	`+#define ANCIENT(header) \`
		27025e	`+ (((header)->attributes & RDATASET_ATTR_ANCIENT) != 0)`
		27025e
		27025e
		27025e	`#define ACTIVE(header, now) \`
		eb7207	`@@ -632,6 +637,12 @@ typedef enum {`
		27025e	`expire_flush`
		27025e	`} expire_t;`
		27025e
		27025e	`+typedef enum {`
		27025e	`+ rdataset_ttl_fresh,`
		27025e	`+ rdataset_ttl_stale,`
		27025e	`+ rdataset_ttl_ancient`
		27025e	`+} rdataset_ttl_t;`
		27025e	`+`
		27025e	`typedef struct rbtdb_version {`
		27025e	`/* Not locked */`
		27025e	`rbtdb_serial_t serial;`
		eb7207	`@@ -699,6 +710,12 @@ struct dns_rbtdb {`
		27025e	`dns_dbnode_t *soanode;`
		27025e	`dns_dbnode_t *nsnode;`
		27025e
		27025e	`+ /*`
		27025e	`+ * Maximum length of time to keep using a stale answer past its`
		27025e	`+ * normal TTL expiry.`
		27025e	`+ */`
		27025e	`+ dns_ttl_t serve_stale_ttl;`
		27025e	`+`
		27025e	`/*`
		27025e	`* This is a linked list used to implement the LRU cache. There will`
		27025e	`* be node_lock_count linked lists here. Nodes in bucket 1 will be`
		eb7207	`@@ -742,6 +759,8 @@ struct dns_rbtdb {`
		27025e	`#define RBTDB_ATTR_LOADED 0x01`
		27025e	`#define RBTDB_ATTR_LOADING 0x02`
		27025e
		27025e	`+#define KEEPSTALE(rbtdb) ((rbtdb)->serve_stale_ttl > 0)`
		27025e	`+`
		27025e	`/*%`
		27025e	`* Search Context`
		27025e	`*/`
		eb7207	`@@ -1816,15 +1835,15 @@ rollback_node(dns_rbtnode_t *node, rbtdb_serial_t serial) {`
		27025e	`}`
		27025e
		27025e	`static inline void`
		27025e	`-mark_stale_header(dns_rbtdb_t rbtdb, rdatasetheader_t header) {`
		27025e	`+mark_header_ancient(dns_rbtdb_t rbtdb, rdatasetheader_t header) {`
		27025e
		27025e	`/*`
		27025e	`- * If we are already stale there is nothing to do.`
		27025e	`+ * If we are already ancient there is nothing to do.`
		27025e	`*/`
		27025e	`- if ((header->attributes & RDATASET_ATTR_STALE) != 0)`
		27025e	`+ if (ANCIENT(header))`
		27025e	`return;`
		27025e
		27025e	`- header->attributes \|= RDATASET_ATTR_STALE;`
		27025e	`+ header->attributes \|= RDATASET_ATTR_ANCIENT;`
		27025e	`header->node->dirty = 1;`
		27025e
		27025e	`/*`
		eb7207	`@@ -1865,8 +1884,8 @@ clean_cache_node(dns_rbtdb_t rbtdb, dns_rbtnode_t node) {`
		27025e	`/*`
		27025e	`* If current is nonexistent or stale, we can clean it up.`
		27025e	`*/`
		27025e	`- if ((current->attributes &`
		27025e	`- (RDATASET_ATTR_NONEXISTENT\|RDATASET_ATTR_STALE)) != 0) {`
		27025e	`+ if (NONEXISTENT(current) \|\| ANCIENT(current) \|\|`
		27025e	`+ (STALE(current) && ! KEEPSTALE(rbtdb))) {`
		27025e	`if (top_prev != NULL)`
		27025e	`top_prev->next = current->next;`
		27025e	`else`
		eb7207	`@@ -2111,6 +2130,80 @@ delete_node(dns_rbtdb_t rbtdb, dns_rbtnode_t node) {`
		27025e	`}`
		27025e	`}`
		27025e
		27025e	`+#if 0`
		27025e	`+static void`
		27025e	`+clean_now_or_later(dns_rbtnode_t node, dns_rbtdb_t rbtdb,`
		27025e	`+ rdatasetheader_t header, rdatasetheader_t *header_prevp)`
		27025e	`+{`
		27025e	`+ if (dns_rbtnode_refcurrent(node) == 0) {`
		27025e	`+ isc_mem_t *mctx;`
		27025e	`+`
		27025e	`+ /*`
		27025e	`+ * header->down can be non-NULL if the refcount has just`
		27025e	`+ * decremented to 0 but decrement_reference() has not performed`
		27025e	`+ * clean_cache_node(), in which case we need to purge the stale`
		27025e	`+ * headers first.`
		27025e	`+ */`
		27025e	`+ mctx = rbtdb->common.mctx;`
		27025e	`+ clean_stale_headers(rbtdb, mctx, header);`
		27025e	`+ if (*header_prevp != NULL)`
		27025e	`+ (*header_prevp)->next = header->next;`
		27025e	`+ else`
		27025e	`+ node->data = header->next;`
		27025e	`+ free_rdataset(rbtdb, mctx, header);`
		27025e	`+ } else {`
		27025e	`+ header->attributes \|= RDATASET_ATTR_STALE \|`
		27025e	`+ RDATASET_ATTR_ANCIENT;`
		27025e	`+ node->dirty = 1;`
		27025e	`+ *header_prevp = header;`
		27025e	`+ }`
		27025e	`+}`
		27025e	`+`
		27025e	`+static rdataset_ttl_t`
		27025e	`+check_ttl(dns_rbtnode_t node, rbtdb_search_t search,`
		27025e	`+ rdatasetheader_t header, rdatasetheader_t *header_prevp,`
		27025e	`+ nodelock_t lock, isc_rwlocktype_t locktype)`
		27025e	`+{`
		27025e	`+ dns_rbtdb_t *rbtdb = search->rbtdb;`
		27025e	`+`
		27025e	`+ if (header->rdh_ttl > search->now)`
		27025e	`+ return rdataset_ttl_fresh;`
		27025e	`+`
		27025e	`+ /*`
		27025e	`+ * This rdataset is stale, but perhaps still usable.`
		27025e	`+ */`
		27025e	`+ if (KEEPSTALE(rbtdb) &&`
		27025e	`+ header->rdh_ttl + rbtdb->serve_stale_ttl > search->now) {`
		27025e	`+ header->attributes \|= RDATASET_ATTR_STALE;`
		27025e	`+ /* Doesn't set dirty because it doesn't need removal. */`
		27025e	`+ return rdataset_ttl_stale;`
		27025e	`+ }`
		27025e	`+`
		27025e	`+ /*`
		27025e	`+ * This rdataset is so stale it is no longer usable, even with`
		27025e	`+ * KEEPSTALE. If no one else is using the node, we can clean it up`
		27025e	`+ * right now, otherwise we mark it as ancient, and the node as dirty,`
		27025e	`+ * so it will get cleaned up later.`
		27025e	`+ */`
		27025e	`+ if ((header->rdh_ttl <= search->now - RBTDB_VIRTUAL) &&`
		27025e	`+ (*locktype == isc_rwlocktype_write \|\|`
		27025e	`+ NODE_TRYUPGRADE(lock) == ISC_R_SUCCESS)) {`
		27025e	`+ /*`
		27025e	`+ * We update the node's status only when we can get write`
		27025e	`+ * access; otherwise, we leave others to this work. Periodical`
		27025e	`+ * cleaning will eventually take the job as the last resort.`
		27025e	`+ * We won't downgrade the lock, since other rdatasets are`
		27025e	`+ * probably stale, too.`
		27025e	`+ */`
		27025e	`+ *locktype = isc_rwlocktype_write;`
		27025e	`+ clean_now_or_later(node, rbtdb, header, header_prevp);`
		27025e	`+ } else`
		27025e	`+ *header_prevp = header;`
		27025e	`+`
		27025e	`+ return rdataset_ttl_ancient;`
		27025e	`+}`
		27025e	`+#endif`
		27025e	`+`
		27025e	`/*`
		27025e	`* Caller must be holding the node lock.`
		27025e	`*/`
		eb7207	`@@ -3343,6 +3436,12 @@ bind_rdataset(dns_rbtdb_t rbtdb, dns_rbtnode_t node, rdatasetheader_t *header,`
		27025e	`rdataset->attributes \|= DNS_RDATASETATTR_OPTOUT;`
		27025e	`if (PREFETCH(header))`
		27025e	`rdataset->attributes \|= DNS_RDATASETATTR_PREFETCH;`
		27025e	`+ if (STALE(header)) {`
		27025e	`+ rdataset->attributes \|= DNS_RDATASETATTR_STALE;`
		27025e	`+ rdataset->stale_ttl =`
		27025e	`+ (rbtdb->serve_stale_ttl + header->rdh_ttl) - now;`
		27025e	`+ rdataset->ttl = 0;`
		27025e	`+ }`
		27025e	`rdataset->private1 = rbtdb;`
		27025e	`rdataset->private2 = node;`
		27025e	`raw = (unsigned char )header + sizeof(header);`
		eb7207	`@@ -4698,6 +4797,19 @@ check_stale_header(dns_rbtnode_t node, rdatasetheader_t header,`
		27025e	`#endif`
		27025e
		27025e	`if (!ACTIVE(header, search->now)) {`
		27025e	`+ dns_ttl_t stale = header->rdh_ttl +`
		27025e	`+ search->rbtdb->serve_stale_ttl;`
		27025e	`+ /*`
		27025e	`+ * If this data is in the stale window keep it and if`
		27025e	`+ * DNS_DBFIND_STALEOK is not set we tell the caller to`
		27025e	`+ * skip this record.`
		27025e	`+ */`
		27025e	`+ if (KEEPSTALE(search->rbtdb) && stale > search->now) {`
		27025e	`+ header->attributes \|= RDATASET_ATTR_STALE;`
		27025e	`+ *header_prev = header;`
		27025e	`+ return ((search->options & DNS_DBFIND_STALEOK) == 0);`
		27025e	`+ }`
		27025e	`+`
		27025e	`/*`
		27025e	`* This rdataset is stale. If no one else is using the`
		27025e	`* node, we can clean it up right now, otherwise we mark`
		eb7207	`@@ -4737,7 +4849,7 @@ check_stale_header(dns_rbtnode_t node, rdatasetheader_t header,`
		27025e	`node->data = header->next;`
		27025e	`free_rdataset(search->rbtdb, mctx, header);`
		27025e	`} else {`
		27025e	`- mark_stale_header(search->rbtdb, header);`
		27025e	`+ mark_header_ancient(search->rbtdb, header);`
		27025e	`*header_prev = header;`
		27025e	`}`
		27025e	`} else`
		eb7207	`@@ -5178,7 +5290,7 @@ cache_find(dns_db_t db, dns_name_t name, dns_dbversion_t *version,`
		27025e	`&locktype, lock, &search,`
		27025e	`&header_prev)) {`
		27025e	`/* Do nothing. */`
		27025e	`- } else if (EXISTS(header) && (!STALE(header))) {`
		27025e	`+ } else if (EXISTS(header) && !ANCIENT(header)) {`
		27025e	`/*`
		27025e	`* We now know that there is at least one active`
		27025e	`* non-stale rdataset at this node.`
		eb7207	`@@ -5661,7 +5773,7 @@ expirenode(dns_db_t db, dns_dbnode_t node, isc_stdtime_t now) {`
		27025e	`* refcurrent(rbtnode) must be non-zero. This is so`
		27025e	`* because 'node' is an argument to the function.`
		27025e	`*/`
		27025e	`- mark_stale_header(rbtdb, header);`
		27025e	`+ mark_header_ancient(rbtdb, header);`
		27025e	`if (log)`
		27025e	`isc_log_write(dns_lctx, category, module,`
		27025e	`level, "overmem cache: stale %s",`
		eb7207	`@@ -5669,7 +5781,7 @@ expirenode(dns_db_t db, dns_dbnode_t node, isc_stdtime_t now) {`
		27025e	`} else if (force_expire) {`
		27025e	`if (! RETAIN(header)) {`
		27025e	`set_ttl(rbtdb, header, 0);`
		27025e	`- mark_stale_header(rbtdb, header);`
		27025e	`+ mark_header_ancient(rbtdb, header);`
		27025e	`} else if (log) {`
		27025e	`isc_log_write(dns_lctx, category, module,`
		27025e	`level, "overmem cache: "`
		eb7207	`@@ -5928,9 +6040,9 @@ cache_findrdataset(dns_db_t db, dns_dbnode_t node, dns_dbversion_t *version,`
		27025e	`* non-zero. This is so because 'node' is an`
		27025e	`* argument to the function.`
		27025e	`*/`
		27025e	`- mark_stale_header(rbtdb, header);`
		27025e	`+ mark_header_ancient(rbtdb, header);`
		27025e	`}`
		27025e	`- } else if (EXISTS(header) && (!STALE(header))) {`
		27025e	`+ } else if (EXISTS(header) && !ANCIENT(header)) {`
		27025e	`if (header->type == matchtype)`
		27025e	`found = header;`
		27025e	`else if (header->type == RBTDB_RDATATYPE_NCACHEANY \|\|`
		eb7207	`@@ -6232,7 +6344,7 @@ add32(dns_rbtdb_t rbtdb, dns_rbtnode_t rbtnode, rbtdb_version_t *rbtversion,`
		27025e	`topheader = topheader->next)`
		27025e	`{`
		27025e	`set_ttl(rbtdb, topheader, 0);`
		27025e	`- mark_stale_header(rbtdb, topheader);`
		27025e	`+ mark_header_ancient(rbtdb, topheader);`
		27025e	`}`
		27025e	`goto find_header;`
		27025e	`}`
		eb7207	`@@ -6293,7 +6405,7 @@ add32(dns_rbtdb_t rbtdb, dns_rbtnode_t rbtnode, rbtdb_version_t *rbtversion,`
		27025e	`* ncache entry.`
		27025e	`*/`
		27025e	`set_ttl(rbtdb, topheader, 0);`
		27025e	`- mark_stale_header(rbtdb, topheader);`
		27025e	`+ mark_header_ancient(rbtdb, topheader);`
		27025e	`topheader = NULL;`
		27025e	`goto find_header;`
		27025e	`}`
		eb7207	`@@ -6331,8 +6443,11 @@ add32(dns_rbtdb_t rbtdb, dns_rbtnode_t rbtnode, rbtdb_version_t *rbtversion,`
		27025e	`}`
		27025e
		27025e	`/*`
		27025e	`- * Trying to add an rdataset with lower trust to a cache DB`
		27025e	`- * has no effect, provided that the cache data isn't stale.`
		27025e	`+ * Trying to add an rdataset with lower trust to a cache`
		27025e	`+ * DB has no effect, provided that the cache data isn't`
		27025e	`+ * stale. If the cache data is stale, new lower trust`
		27025e	`+ * data will supersede it below. Unclear what the best`
		27025e	`+ * policy is here.`
		27025e	`*/`
		27025e	`if (rbtversion == NULL && trust < header->trust &&`
		27025e	`(ACTIVE(header, now) \|\| header_nx)) {`
		eb7207	`@@ -6362,6 +6477,10 @@ add32(dns_rbtdb_t rbtdb, dns_rbtnode_t rbtnode, rbtdb_version_t *rbtversion,`
		27025e
		27025e	`if ((options & DNS_DBADD_EXACT) != 0)`
		27025e	`flags \|= DNS_RDATASLAB_EXACT;`
		27025e	`+ /*`
		27025e	`+ * TTL use here is irrelevant to the cache;`
		27025e	`+ * merge is only done with zonedbs.`
		27025e	`+ */`
		27025e	`if ((options & DNS_DBADD_EXACTTTL) != 0 &&`
		27025e	`newheader->rdh_ttl != header->rdh_ttl)`
		27025e	`result = DNS_R_NOTEXACT;`
		eb7207	`@@ -6405,11 +6524,12 @@ add32(dns_rbtdb_t rbtdb, dns_rbtnode_t rbtnode, rbtdb_version_t *rbtversion,`
		27025e	`}`
		27025e	`}`
		27025e	`/*`
		27025e	`- * Don't replace existing NS, A and AAAA RRsets`
		27025e	`- * in the cache if they are already exist. This`
		27025e	`- * prevents named being locked to old servers.`
		27025e	`- * Don't lower trust of existing record if the`
		27025e	`- * update is forced.`
		27025e	`+ * Don't replace existing NS, A and AAAA RRsets in the`
		27025e	`+ * cache if they are already exist. This prevents named`
		27025e	`+ * being locked to old servers. Don't lower trust of`
		27025e	`+ * existing record if the update is forced. Nothing`
		27025e	`+ * special to be done w.r.t stale data; it gets replaced`
		27025e	`+ * normally further down.`
		27025e	`*/`
		27025e	`if (IS_CACHE(rbtdb) && ACTIVE(header, now) &&`
		27025e	`header->type == dns_rdatatype_ns &&`
		eb7207	`@@ -6582,10 +6702,10 @@ add32(dns_rbtdb_t rbtdb, dns_rbtnode_t rbtnode, rbtdb_version_t *rbtversion,`
		27025e	`changed->dirty = true;`
		27025e	`if (rbtversion == NULL) {`
		27025e	`set_ttl(rbtdb, header, 0);`
		27025e	`- mark_stale_header(rbtdb, header);`
		27025e	`+ mark_header_ancient(rbtdb, header);`
		27025e	`if (sigheader != NULL) {`
		27025e	`set_ttl(rbtdb, sigheader, 0);`
		27025e	`- mark_stale_header(rbtdb, sigheader);`
		27025e	`+ mark_header_ancient(rbtdb, sigheader);`
		27025e	`}`
		27025e	`}`
		27025e	`if (rbtversion != NULL && !header_nx) {`
		eb7207	`@@ -8436,6 +8556,30 @@ nodefullname(dns_db_t db, dns_dbnode_t node, dns_name_t *name) {`
		27025e	`return (result);`
		27025e	`}`
		27025e
		27025e	`+static isc_result_t`
		27025e	`+setservestalettl(dns_db_t *db, dns_ttl_t ttl) {`
		27025e	`+ dns_rbtdb_t rbtdb = (dns_rbtdb_t )db;`
		27025e	`+`
		27025e	`+ REQUIRE(VALID_RBTDB(rbtdb));`
		27025e	`+ REQUIRE(IS_CACHE(rbtdb));`
		27025e	`+`
		27025e	`+ /* currently no bounds checking. 0 means disable. */`
		27025e	`+ rbtdb->serve_stale_ttl = ttl;`
		27025e	`+ return ISC_R_SUCCESS;`
		27025e	`+}`
		27025e	`+`
		27025e	`+static isc_result_t`
		27025e	`+getservestalettl(dns_db_t db, dns_ttl_t ttl) {`
		27025e	`+ dns_rbtdb_t rbtdb = (dns_rbtdb_t )db;`
		27025e	`+`
		27025e	`+ REQUIRE(VALID_RBTDB(rbtdb));`
		27025e	`+ REQUIRE(IS_CACHE(rbtdb));`
		27025e	`+`
		27025e	`+ *ttl = rbtdb->serve_stale_ttl;`
		27025e	`+ return ISC_R_SUCCESS;`
		27025e	`+}`
		27025e	`+`
		27025e	`+`
		27025e	`static dns_dbmethods_t zone_methods = {`
		27025e	`attach,`
		27025e	`detach,`
		eb7207	`@@ -8481,7 +8625,9 @@ static dns_dbmethods_t zone_methods = {`
		27025e	`NULL,`
		27025e	`hashsize,`
		27025e	`nodefullname,`
		27025e	`- getsize`
		27025e	`+ getsize,`
		27025e	`+ NULL,`
		27025e	`+ NULL`
		27025e	`};`
		27025e
		27025e	`static dns_dbmethods_t cache_methods = {`
		eb7207	`@@ -8529,7 +8675,9 @@ static dns_dbmethods_t cache_methods = {`
		27025e	`setcachestats,`
		27025e	`hashsize,`
		27025e	`nodefullname,`
		27025e	`- NULL`
		27025e	`+ NULL,`
		27025e	`+ setservestalettl,`
		27025e	`+ getservestalettl`
		27025e	`};`
		27025e
		27025e	`isc_result_t`
		eb7207	`@@ -8800,7 +8948,7 @@ dns_rbtdb_create`
		27025e	`rbtdb->rpzs = NULL;`
		27025e	`rbtdb->load_rpzs = NULL;`
		27025e	`rbtdb->rpz_num = DNS_RPZ_INVALID_NUM;`
		27025e	`-`
		27025e	`+ rbtdb->serve_stale_ttl = 0;`
		27025e	`/*`
		27025e	`* Version Initialization.`
		27025e	`*/`
		eb7207	`@@ -9218,7 +9366,8 @@ rdatasetiter_first(dns_rdatasetiter_t *iterator) {`
		27025e	`* rdatasets to work.`
		27025e	`*/`
		27025e	`if (NONEXISTENT(header) \|\|`
		27025e	`- (now != 0 && now > header->rdh_ttl))`
		27025e	`+ (now != 0 && now > header->rdh_ttl`
		27025e	`+ + rbtdb->serve_stale_ttl))`
		27025e	`header = NULL;`
		27025e	`break;`
		27025e	`} else`
		eb7207	`@@ -10427,7 +10576,7 @@ static inline bool`
		27025e	`need_headerupdate(rdatasetheader_t *header, isc_stdtime_t now) {`
		27025e	`if ((header->attributes &`
		27025e	`(RDATASET_ATTR_NONEXISTENT \|`
		27025e	`- RDATASET_ATTR_STALE \|`
		27025e	`+ RDATASET_ATTR_ANCIENT \|`
		27025e	`RDATASET_ATTR_ZEROTTL)) != 0)`
		27025e	`return (false);`
		27025e
		eb7207	`@@ -10533,7 +10682,7 @@ expire_header(dns_rbtdb_t rbtdb, rdatasetheader_t header,`
		27025e	`bool tree_locked, expire_t reason)`
		27025e	`{`
		27025e	`set_ttl(rbtdb, header, 0);`
		27025e	`- mark_stale_header(rbtdb, header);`
		27025e	`+ mark_header_ancient(rbtdb, header);`
		27025e
		27025e	`/*`
		27025e	`* Caller must hold the node (write) lock.`
		27025e	`diff --git a/lib/dns/resolver.c b/lib/dns/resolver.c`
		eb7207	`index 49ec49c..2de70a6 100644`
		27025e	`--- a/lib/dns/resolver.c`
		27025e	`+++ b/lib/dns/resolver.c`
		27025e	`@@ -141,16 +141,17 @@`
		27025e	`#endif /* WANT_QUERYTRACE */`
		27025e
		27025e	`#define US_PER_SEC 1000000U`
		27025e	`+#define US_PER_MSEC 1000U`
		27025e	`/*`
		27025e	`* The maximum time we will wait for a single query.`
		27025e	`*/`
		27025e	`-#define MAX_SINGLE_QUERY_TIMEOUT 9U`
		27025e	`-#define MAX_SINGLE_QUERY_TIMEOUT_US (MAX_SINGLE_QUERY_TIMEOUT*US_PER_SEC)`
		27025e	`+#define MAX_SINGLE_QUERY_TIMEOUT 9000U`
		27025e	`+#define MAX_SINGLE_QUERY_TIMEOUT_US (MAX_SINGLE_QUERY_TIMEOUT*US_PER_MSEC)`
		27025e
		27025e	`/*`
		27025e	`* We need to allow a individual query time to complete / timeout.`
		27025e	`*/`
		27025e	`-#define MINIMUM_QUERY_TIMEOUT (MAX_SINGLE_QUERY_TIMEOUT + 1U)`
		27025e	`+#define MINIMUM_QUERY_TIMEOUT (MAX_SINGLE_QUERY_TIMEOUT + 1000U)`
		27025e
		27025e	`/* The default time in seconds for the whole query to live. */`
		27025e	`#ifndef DEFAULT_QUERY_TIMEOUT`
		27025e	`@@ -159,7 +160,7 @@`
		27025e
		27025e	`/* The maximum time in seconds for the whole query to live. */`
		27025e	`#ifndef MAXIMUM_QUERY_TIMEOUT`
		27025e	`-#define MAXIMUM_QUERY_TIMEOUT 30`
		27025e	`+#define MAXIMUM_QUERY_TIMEOUT 30000`
		27025e	`#endif`
		27025e
		27025e	`/* The default maximum number of recursions to follow before giving up. */`
		eb7207	`@@ -529,6 +530,11 @@ struct dns_resolver {`
		b9f8ff	`dns_fetch_t * primefetch;`
		b9f8ff	`/* Locked by nlock. */`
		b9f8ff	`unsigned int nfctx;`
		b9f8ff	`+`
		b9f8ff	`+ /* Unlocked. Additions for serve-stale feature. */`
		27025e	`+ unsigned int retryinterval; /* in milliseconds */`
		27025e	`+ unsigned int nonbackofftries;`
		27025e	`+`
		b9f8ff	`};`
		b9f8ff
		b9f8ff	`#define RES_MAGIC ISC_MAGIC('R', 'e', 's', '!')`
		eb7207	`@@ -1650,14 +1656,12 @@ fctx_setretryinterval(fetchctx_t *fctx, unsigned int rtt) {`
		27025e	`unsigned int seconds;`
		27025e	`unsigned int us;`
		27025e
		27025e	`+ us = fctx->res->retryinterval * 1000;`
		27025e	`/*`
		27025e	`- * We retry every .8 seconds the first two times through the address`
		27025e	`- * list, and then we do exponential back-off.`
		27025e	`+ * Exponential backoff after the first few tries.`
		27025e	`*/`
		27025e	`- if (fctx->restarts < 3)`
		27025e	`- us = 800000;`
		27025e	`- else`
		27025e	`- us = (800000 << (fctx->restarts - 2));`
		27025e	`+ if (fctx->restarts >= fctx->res->nonbackofftries)`
		27025e	`+ us <<= (fctx->restarts - fctx->res->nonbackofftries - 1);`
		27025e
		27025e	`/*`
		27025e	`* Add a fudge factor to the expected rtt based on the current`
		eb7207	`@@ -4542,7 +4546,8 @@ fctx_create(dns_resolver_t res, dns_name_t name, dns_rdatatype_t type,`
		27025e	`/*`
		27025e	`* Compute an expiration time for the entire fetch.`
		27025e	`*/`
		27025e	`- isc_interval_set(&interval, res->query_timeout, 0);`
		27025e	`+ isc_interval_set(&interval, res->query_timeout / 1000,`
		27025e	`+ res->query_timeout % 1000 * 1000000);`
		27025e	`iresult = isc_time_nowplusinterval(&fctx->expires, &interval);`
		27025e	`if (iresult != ISC_R_SUCCESS) {`
		27025e	`UNEXPECTED_ERROR(__FILE__, __LINE__,`
		eb7207	`@@ -9105,6 +9110,8 @@ dns_resolver_create(dns_view_t *view,`
		27025e	`res->spillattimer = NULL;`
		27025e	`res->zspill = 0;`
		27025e	`res->zero_no_soa_ttl = false;`
		27025e	`+ res->retryinterval = 30000;`
		27025e	`+ res->nonbackofftries = 3;`
		27025e	`res->query_timeout = DEFAULT_QUERY_TIMEOUT;`
		27025e	`res->maxdepth = DEFAULT_RECURSION_DEPTH;`
		27025e	`res->maxqueries = DEFAULT_MAX_QUERIES;`
		eb7207	`@@ -10439,17 +10446,20 @@ dns_resolver_gettimeout(dns_resolver_t *resolver) {`
		27025e	`}`
		27025e
		27025e	`void`
		27025e	`-dns_resolver_settimeout(dns_resolver_t *resolver, unsigned int seconds) {`
		27025e	`+dns_resolver_settimeout(dns_resolver_t *resolver, unsigned int timeout) {`
		27025e	`REQUIRE(VALID_RESOLVER(resolver));`
		27025e
		27025e	`- if (seconds == 0)`
		27025e	`- seconds = DEFAULT_QUERY_TIMEOUT;`
		27025e	`- if (seconds > MAXIMUM_QUERY_TIMEOUT)`
		27025e	`- seconds = MAXIMUM_QUERY_TIMEOUT;`
		27025e	`- if (seconds < MINIMUM_QUERY_TIMEOUT)`
		27025e	`- seconds = MINIMUM_QUERY_TIMEOUT;`
		27025e	`+ if (timeout <= 300)`
		27025e	`+ timeout *= 1000;`
		27025e	`+`
		27025e	`+ if (timeout == 0)`
		27025e	`+ timeout = DEFAULT_QUERY_TIMEOUT;`
		27025e	`+ if (timeout > MAXIMUM_QUERY_TIMEOUT)`
		27025e	`+ timeout = MAXIMUM_QUERY_TIMEOUT;`
		27025e	`+ if (timeout < MINIMUM_QUERY_TIMEOUT)`
		27025e	`+ timeout = MINIMUM_QUERY_TIMEOUT;`
		27025e
		27025e	`- resolver->query_timeout = seconds;`
		27025e	`+ resolver->query_timeout = timeout;`
		27025e	`}`
		27025e
		27025e	`void`
		eb7207	`@@ -10546,3 +10556,34 @@ dns_resolver_getquotaresponse(dns_resolver_t *resolver, dns_quotatype_t which)`
		27025e
		27025e	`return (resolver->quotaresp[which]);`
		27025e	`}`
		27025e	`+`
		27025e	`+unsigned int`
		27025e	`+dns_resolver_getretryinterval(dns_resolver_t *resolver) {`
		27025e	`+ REQUIRE(VALID_RESOLVER(resolver));`
		27025e	`+`
		27025e	`+ return (resolver->retryinterval);`
		27025e	`+}`
		27025e	`+`
		27025e	`+void`
		27025e	`+dns_resolver_setretryinterval(dns_resolver_t *resolver, unsigned int interval)`
		27025e	`+{`
		27025e	`+ REQUIRE(VALID_RESOLVER(resolver));`
		27025e	`+ REQUIRE(interval > 0);`
		27025e	`+`
		27025e	`+ resolver->retryinterval = ISC_MIN(interval, 2000);`
		27025e	`+}`
		27025e	`+`
		27025e	`+unsigned int`
		27025e	`+dns_resolver_getnonbackofftries(dns_resolver_t *resolver) {`
		27025e	`+ REQUIRE(VALID_RESOLVER(resolver));`
		27025e	`+`
		27025e	`+ return (resolver->nonbackofftries);`
		27025e	`+}`
		27025e	`+`
		27025e	`+void`
		27025e	`+dns_resolver_setnonbackofftries(dns_resolver_t *resolver, unsigned int tries) {`
		27025e	`+ REQUIRE(VALID_RESOLVER(resolver));`
		27025e	`+ REQUIRE(tries > 0);`
		27025e	`+`
		27025e	`+ resolver->nonbackofftries = tries;`
		27025e	`+}`
		27025e	`diff --git a/lib/dns/sdb.c b/lib/dns/sdb.c`
		eb7207	`index 477bb74..09cf932 100644`
		27025e	`--- a/lib/dns/sdb.c`
		27025e	`+++ b/lib/dns/sdb.c`
		eb7207	`@@ -1370,7 +1370,9 @@ static dns_dbmethods_t sdb_methods = {`
		27025e	`NULL, /* setcachestats */`
		27025e	`NULL, /* hashsize */`
		27025e	`NULL, /* nodefullname */`
		27025e	`- NULL /* getsize */`
		27025e	`+ NULL, /* getsize */`
		27025e	`+ NULL, /* setservestalettl */`
		27025e	`+ NULL /* getservestalettl */`
		27025e	`};`
		27025e
		27025e	`static isc_result_t`
		27025e	`diff --git a/lib/dns/sdlz.c b/lib/dns/sdlz.c`
		eb7207	`index 037d74a..9218fed 100644`
		27025e	`--- a/lib/dns/sdlz.c`
		27025e	`+++ b/lib/dns/sdlz.c`
		27025e	`@@ -1336,7 +1336,9 @@ static dns_dbmethods_t sdlzdb_methods = {`
		27025e	`NULL, /* setcachestats */`
		27025e	`NULL, /* hashsize */`
		27025e	`NULL, /* nodefullname */`
		27025e	`- NULL /* getsize */`
		27025e	`+ NULL, /* getsize */`
		27025e	`+ NULL, /* setservestalettl */`
		27025e	`+ NULL /* getservestalettl */`
		27025e	`};`
		27025e
		27025e	`/*`
		27025e	`diff --git a/lib/dns/tests/db_test.c b/lib/dns/tests/db_test.c`
		eb7207	`index bc1cc3f..60fdb81 100644`
		27025e	`--- a/lib/dns/tests/db_test.c`
		27025e	`+++ b/lib/dns/tests/db_test.c`
		27025e	`@@ -28,8 +28,9 @@`
		27025e
		27025e	`#include <dns/db.h>`
		27025e	`#include <dns/dbiterator.h>`
		27025e	`-#include <dns/name.h>`
		27025e	`#include <dns/journal.h>`
		27025e	`+#include <dns/name.h>`
		27025e	`+#include <dns/rdatalist.h>`
		27025e
		27025e	`#include "dnstest.h"`
		27025e
		27025e	`@@ -76,7 +77,7 @@ getoriginnode_test(void **state) {`
		27025e	`assert_int_equal(result, ISC_R_SUCCESS);`
		27025e
		27025e	`result = dns_db_create(mymctx, "rbt", dns_rootname, dns_dbtype_zone,`
		27025e	`- dns_rdataclass_in, 0, NULL, &db);`
		27025e	`+ dns_rdataclass_in, 0, NULL, &db);`
		27025e	`assert_int_equal(result, ISC_R_SUCCESS);`
		27025e
		27025e	`result = dns_db_getoriginnode(db, &node);`
		27025e	`@@ -91,6 +92,197 @@ getoriginnode_test(void **state) {`
		27025e	`isc_mem_detach(&mymctx);`
		27025e	`}`
		27025e
		27025e	`+/* test getservestalettl and setservestalettl */`
		27025e	`+static void`
		27025e	`+getsetservestalettl_test(void **state) {`
		27025e	`+ dns_db_t *db = NULL;`
		27025e	`+ isc_mem_t *mymctx = NULL;`
		27025e	`+ isc_result_t result;`
		27025e	`+ dns_ttl_t ttl;`
		27025e	`+`
		27025e	`+ UNUSED(state);`
		27025e	`+`
		27025e	`+ result = isc_mem_create(0, 0, &mymctx);`
		27025e	`+ assert_int_equal(result, ISC_R_SUCCESS);`
		27025e	`+`
		27025e	`+ result = dns_db_create(mymctx, "rbt", dns_rootname, dns_dbtype_cache,`
		27025e	`+ dns_rdataclass_in, 0, NULL, &db);`
		27025e	`+ assert_int_equal(result, ISC_R_SUCCESS);`
		27025e	`+`
		27025e	`+ ttl = 5000;`
		27025e	`+ result = dns_db_getservestalettl(db, &ttl);`
		27025e	`+ assert_int_equal(result, ISC_R_SUCCESS);`
		27025e	`+ assert_int_equal(ttl, 0);`
		27025e	`+`
		27025e	`+ ttl = 6 * 3600;`
		27025e	`+ result = dns_db_setservestalettl(db, ttl);`
		27025e	`+ assert_int_equal(result, ISC_R_SUCCESS);`
		27025e	`+`
		27025e	`+ ttl = 5000;`
		27025e	`+ result = dns_db_getservestalettl(db, &ttl);`
		27025e	`+ assert_int_equal(result, ISC_R_SUCCESS);`
		27025e	`+ assert_int_equal(ttl, 6 * 3600);`
		27025e	`+`
		27025e	`+ dns_db_detach(&db);`
		27025e	`+ isc_mem_detach(&mymctx);`
		27025e	`+}`
		27025e	`+`
		27025e	`+/* check DNS_DBFIND_STALEOK works */`
		27025e	`+static void`
		27025e	`+dns_dbfind_staleok_test(void **state) {`
		27025e	`+ dns_db_t *db = NULL;`
		27025e	`+ dns_dbnode_t *node = NULL;`
		27025e	`+ dns_fixedname_t example_fixed;`
		27025e	`+ dns_fixedname_t found_fixed;`
		27025e	`+ dns_name_t *example;`
		27025e	`+ dns_name_t *found;`
		27025e	`+ dns_rdatalist_t rdatalist;`
		27025e	`+ dns_rdataset_t rdataset;`
		27025e	`+ int count;`
		27025e	`+ int pass;`
		27025e	`+ isc_mem_t *mymctx = NULL;`
		27025e	`+ isc_result_t result;`
		27025e	`+ unsigned char data[] = { 0x0a, 0x00, 0x00, 0x01 };`
		27025e	`+`
		27025e	`+ UNUSED(state);`
		27025e	`+`
		27025e	`+ result = isc_mem_create(0, 0, &mymctx);`
		27025e	`+ assert_int_equal(result, ISC_R_SUCCESS);`
		27025e	`+`
		27025e	`+ result = dns_db_create(mymctx, "rbt", dns_rootname, dns_dbtype_cache,`
		27025e	`+ dns_rdataclass_in, 0, NULL, &db);`
		27025e	`+ assert_int_equal(result, ISC_R_SUCCESS);`
		27025e	`+`
		27025e	`+ example = dns_fixedname_initname(&example_fixed);`
		27025e	`+ found = dns_fixedname_initname(&found_fixed);`
		27025e	`+`
		27025e	`+ result = dns_name_fromstring(example, "example", 0, NULL);`
		27025e	`+ assert_int_equal(result, ISC_R_SUCCESS);`
		27025e	`+`
		27025e	`+ /*`
		27025e	`+ * Pass 0: default; no stale processing permitted.`
		27025e	`+ * Pass 1: stale processing for 1 second.`
		27025e	`+ * Pass 2: stale turned off after being on.`
		27025e	`+ */`
		27025e	`+ for (pass = 0; pass < 3; pass++) {`
		27025e	`+ dns_rdata_t rdata = DNS_RDATA_INIT;`
		27025e	`+`
		27025e	`+ /* 10.0.0.1 */`
		27025e	`+ rdata.data = data;`
		27025e	`+ rdata.length = 4;`
		27025e	`+ rdata.rdclass = dns_rdataclass_in;`
		27025e	`+ rdata.type = dns_rdatatype_a;`
		27025e	`+`
		27025e	`+ dns_rdatalist_init(&rdatalist);`
		27025e	`+ rdatalist.ttl = 2;`
		27025e	`+ rdatalist.type = dns_rdatatype_a;`
		27025e	`+ rdatalist.rdclass = dns_rdataclass_in;`
		27025e	`+ ISC_LIST_APPEND(rdatalist.rdata, &rdata, link);`
		27025e	`+`
		27025e	`+ switch (pass) {`
		27025e	`+ case 0:`
		27025e	`+ /* default: stale processing off */`
		27025e	`+ break;`
		27025e	`+ case 1:`
		27025e	`+ /* turn on stale processing */`
		27025e	`+ result = dns_db_setservestalettl(db, 1);`
		27025e	`+ assert_int_equal(result, ISC_R_SUCCESS);`
		27025e	`+ break;`
		27025e	`+ case 2:`
		27025e	`+ /* turn off stale processing */`
		27025e	`+ result = dns_db_setservestalettl(db, 0);`
		27025e	`+ assert_int_equal(result, ISC_R_SUCCESS);`
		27025e	`+ break;`
		27025e	`+ }`
		27025e	`+`
		27025e	`+ dns_rdataset_init(&rdataset);`
		27025e	`+ result = dns_rdatalist_tordataset(&rdatalist, &rdataset);`
		27025e	`+ assert_int_equal(result, ISC_R_SUCCESS);`
		27025e	`+`
		27025e	`+ result = dns_db_findnode(db, example, true, &node);`
		27025e	`+ assert_int_equal(result, ISC_R_SUCCESS);`
		27025e	`+`
		27025e	`+ result = dns_db_addrdataset(db, node, NULL, 0, &rdataset, 0,`
		27025e	`+ NULL);`
		27025e	`+ assert_int_equal(result, ISC_R_SUCCESS);`
		27025e	`+`
		27025e	`+ dns_db_detachnode(db, &node);`
		27025e	`+ dns_rdataset_disassociate(&rdataset);`
		27025e	`+`
		27025e	`+ result = dns_db_find(db, example, NULL, dns_rdatatype_a,`
		27025e	`+ 0, 0, &node, found, &rdataset, NULL);`
		27025e	`+ assert_int_equal(result, ISC_R_SUCCESS);`
		27025e	`+`
		27025e	`+ /*`
		27025e	`+ * May loop for up to 2 seconds performing non stale lookups.`
		27025e	`+ */`
		27025e	`+ count = 0;`
		27025e	`+ do {`
		27025e	`+ count++;`
		27025e	`+ assert_in_range(count, 0, 20); /* loop sanity */`
		27025e	`+ assert_int_equal(rdataset.attributes &`
		27025e	`+ DNS_RDATASETATTR_STALE, 0);`
		27025e	`+ assert_true(rdataset.ttl > 0);`
		27025e	`+ dns_db_detachnode(db, &node);`
		27025e	`+ dns_rdataset_disassociate(&rdataset);`
		27025e	`+`
		27025e	`+ usleep(100000); /* 100 ms */`
		27025e	`+`
		27025e	`+ result = dns_db_find(db, example, NULL,`
		27025e	`+ dns_rdatatype_a, 0, 0,`
		27025e	`+ &node, found, &rdataset, NULL);`
		27025e	`+ } while (result == ISC_R_SUCCESS);`
		27025e	`+`
		27025e	`+ assert_int_equal(result, ISC_R_NOTFOUND);`
		27025e	`+`
		27025e	`+ /*`
		27025e	`+ * Check whether we can get stale data.`
		27025e	`+ */`
		27025e	`+ result = dns_db_find(db, example, NULL, dns_rdatatype_a,`
		27025e	`+ DNS_DBFIND_STALEOK, 0,`
		27025e	`+ &node, found, &rdataset, NULL);`
		27025e	`+ switch (pass) {`
		27025e	`+ case 0:`
		27025e	`+ assert_int_equal(result, ISC_R_NOTFOUND);`
		27025e	`+ break;`
		27025e	`+ case 1:`
		27025e	`+ /*`
		27025e	`+ * Should loop for 1 second with stale lookups then`
		27025e	`+ * stop.`
		27025e	`+ */`
		27025e	`+ count = 0;`
		27025e	`+ do {`
		27025e	`+ count++;`
		27025e	`+ assert_in_range(count, 0, 49); /* loop sanity */`
		27025e	`+ assert_int_equal(result, ISC_R_SUCCESS);`
		27025e	`+ assert_int_equal(rdataset.ttl, 0);`
		27025e	`+ assert_int_equal(rdataset.attributes &`
		27025e	`+ DNS_RDATASETATTR_STALE,`
		27025e	`+ DNS_RDATASETATTR_STALE);`
		27025e	`+ dns_db_detachnode(db, &node);`
		27025e	`+ dns_rdataset_disassociate(&rdataset);`
		27025e	`+`
		27025e	`+ usleep(100000); /* 100 ms */`
		27025e	`+`
		27025e	`+ result = dns_db_find(db, example, NULL,`
		27025e	`+ dns_rdatatype_a,`
		27025e	`+ DNS_DBFIND_STALEOK,`
		27025e	`+ 0, &node, found,`
		27025e	`+ &rdataset, NULL);`
		27025e	`+ } while (result == ISC_R_SUCCESS);`
		27025e	`+ assert_in_range(count, 1, 10);`
		27025e	`+ assert_int_equal(result, ISC_R_NOTFOUND);`
		27025e	`+ break;`
		27025e	`+ case 2:`
		27025e	`+ assert_int_equal(result, ISC_R_NOTFOUND);`
		27025e	`+ break;`
		27025e	`+ }`
		27025e	`+ }`
		27025e	`+`
		27025e	`+ dns_db_detach(&db);`
		27025e	`+ isc_mem_detach(&mymctx);`
		27025e	`+}`
		27025e	`+`
		27025e	`/* database class */`
		27025e	`static void`
		27025e	`class_test(void **state) {`
		27025e	`@@ -213,6 +405,8 @@ int`
		27025e	`main(void) {`
		27025e	`const struct CMUnitTest tests[] = {`
		27025e	`cmocka_unit_test(getoriginnode_test),`
		27025e	`+ cmocka_unit_test(getsetservestalettl_test),`
		27025e	`+ cmocka_unit_test(dns_dbfind_staleok_test),`
		27025e	`cmocka_unit_test_setup_teardown(class_test,`
		27025e	`_setup, _teardown),`
		27025e	`cmocka_unit_test_setup_teardown(dbtype_test,`
		27025e	`diff --git a/lib/dns/view.c b/lib/dns/view.c`
		eb7207	`index a7ba613..a644c5f 100644`
		27025e	`--- a/lib/dns/view.c`
		27025e	`+++ b/lib/dns/view.c`
		27025e	`@@ -229,6 +229,9 @@ dns_view_create(isc_mem_t *mctx, dns_rdataclass_t rdclass,`
		27025e	`view->flush = false;`
		27025e	`view->dlv = NULL;`
		27025e	`view->maxudp = 0;`
		27025e	`+ view->staleanswerttl = 1;`
		27025e	`+ view->staleanswersok = dns_stale_answer_conf;`
		27025e	`+ view->staleanswersenable = false;`
		27025e	`view->nocookieudp = 0;`
		27025e	`view->maxbits = 0;`
		27025e	`view->v4_aaaa = dns_aaaa_ok;`
		27025e	`diff --git a/lib/isccfg/namedconf.c b/lib/isccfg/namedconf.c`
		eb7207	`index 212194e..b562f95 100644`
		27025e	`--- a/lib/isccfg/namedconf.c`
		27025e	`+++ b/lib/isccfg/namedconf.c`
		27025e	`@@ -1778,6 +1778,7 @@ view_clauses[] = {`
		27025e	`{ "max-ncache-ttl", &cfg_type_uint32, 0 },`
		27025e	`{ "max-recursion-depth", &cfg_type_uint32, 0 },`
		27025e	`{ "max-recursion-queries", &cfg_type_uint32, 0 },`
		27025e	`+ { "max-stale-ttl", &cfg_type_ttlval, 0 },`
		27025e	`{ "max-udp-size", &cfg_type_uint32, 0 },`
		27025e	`{ "message-compression", &cfg_type_boolean, 0 },`
		27025e	`{ "min-roots", &cfg_type_uint32, CFG_CLAUSEFLAG_NOTIMP },`
		27025e	`@@ -1806,7 +1807,9 @@ view_clauses[] = {`
		27025e	`{ "request-nsid", &cfg_type_boolean, 0 },`
		27025e	`{ "request-sit", &cfg_type_boolean, CFG_CLAUSEFLAG_OBSOLETE },`
		27025e	`{ "require-server-cookie", &cfg_type_boolean, 0 },`
		27025e	`+ { "resolver-nonbackoff-tries", &cfg_type_uint32, 0 },`
		27025e	`{ "resolver-query-timeout", &cfg_type_uint32, 0 },`
		27025e	`+ { "resolver-retry-interval", &cfg_type_uint32, 0 },`
		27025e	`{ "response-policy", &cfg_type_rpz, 0 },`
		27025e	`{ "rfc2308-type1", &cfg_type_boolean, CFG_CLAUSEFLAG_NYI },`
		27025e	`{ "root-delegation-only", &cfg_type_optional_exclude, 0 },`
		27025e	`@@ -1815,6 +1818,8 @@ view_clauses[] = {`
		27025e	`{ "send-cookie", &cfg_type_boolean, 0 },`
		27025e	`{ "servfail-ttl", &cfg_type_ttlval, 0 },`
		27025e	`{ "sortlist", &cfg_type_bracketed_aml, 0 },`
		27025e	`+ { "stale-answer-enable", &cfg_type_boolean, 0 },`
		27025e	`+ { "stale-answer-ttl", &cfg_type_ttlval, 0 },`
		27025e	`{ "suppress-initial-notify", &cfg_type_boolean, CFG_CLAUSEFLAG_NYI },`
		27025e	`{ "topology", &cfg_type_bracketed_aml, CFG_CLAUSEFLAG_NOTIMP },`
		27025e	`{ "transfer-format", &cfg_type_transferformat, 0 },`
		27025e	`--`
		eb7207	`2.26.2`
		27025e

rpms / bind

Source Code

Blame SOURCES/bind-9.11-serve-stale.patch