upstream/bind9
1
0
Fork 0
mirror of https://github.com/isc-projects/bind9.git synced 2026-06-11 10:50:00 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

Fix the expire_v4 and expire_v6 logic

Browse source 
Correct the logic to set the expiration period of expire_{v4,v6} as
follows:

1. If the trust is ultimate (local entry), immediately set the entry as
   expired, so the changes to the local zones have immediate effect.

3. If the expiration is already set and smaller than the new value, then
   leave the expiration value as it is.

2. Otherwise pick larger of `now + ADB_ENTRY_WINDOW` and `now + TTL` as
   the new expiration value.
This commit is contained in:
Ondřej Surý 2024-04-03 11:36:54 +02:00
parent 932665410d
commit 53cc00ee3f
No known key found for this signature in database
GPG key ID: 2820F37E873DEA41
1 changed files with 28 additions and 14 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

42
lib/dns/adb.c
View file

@ -542,6 +542,18 @@ import_rdataset(dns_adbname_t *adbname, dns_rdataset_t *rdataset,
rdtype = rdataset->type;
switch (rdataset->trust) {
case dns_trust_glue:
case dns_trust_additional:
rdataset->ttl = ADB_CACHE_MINIMUM;
break;
case dns_trust_ultimate:
rdataset->ttl = 0;
break;
default:
rdataset->ttl = ttlclamp(rdataset->ttl);
}
REQUIRE(rdtype == dns_rdatatype_a || rdtype == dns_rdatatype_aaaa);
for (result = dns_rdataset_first(rdataset); result == ISC_R_SUCCESS;
@ -601,22 +613,24 @@ import_rdataset(dns_adbname_t *adbname, dns_rdataset_t *rdataset,
switch (rdtype) {
case dns_rdatatype_a:
DP(NCACHE_LEVEL,
"expire_v4 set to MIN(%u,%u,%u) import_rdataset",
adbname->expire_v4, now + ADB_ENTRY_WINDOW,
now + rdataset->ttl);
adbname->expire_v4 = ISC_MIN(
adbname->expire_v4,
ISC_MIN(now + ADB_ENTRY_WINDOW, now + rdataset->ttl));
adbname->expire_v4 =
(rdataset->ttl != 0)
? ISC_MIN(adbname->expire_v4,
ISC_MAX(now + ADB_ENTRY_WINDOW,
now + rdataset->ttl))
: INT_MAX;
DP(NCACHE_LEVEL, "expire_v4 set to %u import_rdataset",
adbname->expire_v4);
break;
case dns_rdatatype_aaaa:
DP(NCACHE_LEVEL,
"expire_v6 set to MIN(%u,%u,%u) import_rdataset",
adbname->expire_v6, now + ADB_ENTRY_WINDOW,
now + rdataset->ttl);
adbname->expire_v6 = ISC_MIN(
adbname->expire_v6,
ISC_MIN(now + ADB_ENTRY_WINDOW, now + rdataset->ttl));
adbname->expire_v6 =
(rdataset->ttl != 0)
? ISC_MIN(adbname->expire_v6,
ISC_MAX(now + ADB_ENTRY_WINDOW,
now + rdataset->ttl))
: INT_MAX;
DP(NCACHE_LEVEL, "expire_v6 set to %u import_rdataset",
adbname->expire_v6);
break;
default:
UNREACHABLE();