From 3b2301dcbf2fcfd394d5a62819f347c5adddce77 Mon Sep 17 00:00:00 2001
From: Frank Denis <github@pureftpd.org>
Date: Sun, 24 Nov 2019 15:29:49 +0100
Subject: [PATCH] Allow serve_stale to be disabled

---
 example-encrypted-dns.toml | 6 ++++++
 src/config.rs              | 1 +
 src/globals.rs             | 1 +
 src/main.rs                | 2 ++
 src/resolver.rs            | 2 +-
 5 files changed, 11 insertions(+), 1 deletion(-)

diff --git a/example-encrypted-dns.toml b/example-encrypted-dns.toml
index bd13903..b2cc141 100644
--- a/example-encrypted-dns.toml
+++ b/example-encrypted-dns.toml
@@ -78,6 +78,12 @@ cache_ttl_min = 3600
 cache_ttl_max = 86400
 
 
+## Temporarily serve cached entries after their TTL expired
+## when servers are not responsive.
+
+serve_stale = true
+
+
 ## DNS cache: error TTL
 
 cache_ttl_error = 600
diff --git a/src/config.rs b/src/config.rs
index 49c36d3..7d334fb 100644
--- a/src/config.rs
+++ b/src/config.rs
@@ -64,6 +64,7 @@ pub struct Config {
     pub cache_ttl_min: u32,
     pub cache_ttl_max: u32,
     pub cache_ttl_error: u32,
+    pub serve_stale: Option<bool>,
     pub user: Option<String>,
     pub group: Option<String>,
     pub chroot: Option<String>,
diff --git a/src/globals.rs b/src/globals.rs
index 4d7eb36..f729935 100644
--- a/src/globals.rs
+++ b/src/globals.rs
@@ -41,6 +41,7 @@ pub struct Globals {
     pub cache: Cache,
     pub cert_cache: Cache,
     pub blacklist: Option<BlackList>,
+    pub serve_stale: bool,
     pub anonymized_dns_enabled: bool,
     pub anonymized_dns_allowed_ports: Vec<u16>,
     pub anonymized_dns_allow_non_reserved_ports: bool,
diff --git a/src/main.rs b/src/main.rs
index 007b0be..23fb52a 100644
--- a/src/main.rs
+++ b/src/main.rs
@@ -509,6 +509,7 @@ fn main() -> Result<(), Error> {
 
     let key_cache_capacity = config.dnscrypt.key_cache_capacity;
     let cache_capacity = config.cache_capacity;
+    let serve_stale = config.serve_stale.unwrap_or(true);
     let state_file = &config.state_file;
 
     if let Some(secret_key_path) = matches.value_of("import-from-dnscrypt-wrapper") {
@@ -656,6 +657,7 @@ fn main() -> Result<(), Error> {
         hasher,
         cache,
         cert_cache,
+        serve_stale,
         blacklist,
         anonymized_dns_enabled,
         anonymized_dns_allowed_ports,
diff --git a/src/resolver.rs b/src/resolver.rs
index 35fa122..005d858 100644
--- a/src/resolver.rs
+++ b/src/resolver.rs
@@ -129,7 +129,7 @@ pub async fn resolve(
     globals.varz.upstream_received.inc();
     if dns::rcode_servfail(&response) || dns::rcode_refused(&response) {
         trace!("SERVFAIL/REFUSED: {}", dns::rcode(&response));
-        if let Some(cached_response) = cached_response {
+        if let (true, Some(cached_response)) = (globals.serve_stale, cached_response) {
             trace!("Serving stale");
             #[cfg(feature = "metrics")]
             {