Hi David, I was recently working on validating the recent fixes in cifs.ko and key.dns_resolver. However, I've stumbled on a different issue now. The call to dns_query from cifs initially upcalls into userspace and key.dns_resolver seems to resolve the name to IPv4 address. This comes back with an expiry value of 5 sec; so the key is set a timeout of 5s. However, at some later point, the IPv4 address changes for this DNS name. The resolution in userspace happens just fine, and I get the new IP address. However, I can see that the dns_query call from cifs is not upcalling to userspace anymore. And the dns_query calls are returning -127 (EKEYEXPIRED). I also tried to "keyctl describe KEY", and it also says "Key has expired". 1. How can I debug this further? 2. Is this a known issue? If so, what's the issue? 3. I see that afs.ko calls dns_query with invalidate passed in as true. What was the reason for not using the dns cache in the kernel keyring? Was it once used and later changed? If so, can you please explain why? cifs.ko does not set invalidate=true during dns_query calls today. I'd like to understand if there are any risks associated with this? -- Regards, Shyam
