From 53cc00ee3f8d0497049e92a3ae96cc3430fb21fc Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ond=C5=99ej=20Sur=C3=BD?= Date: Wed, 3 Apr 2024 11:36:54 +0200 Subject: [PATCH] Fix the expire_v4 and expire_v6 logic Correct the logic to set the expiration period of expire_{v4,v6} as follows: 1. If the trust is ultimate (local entry), immediately set the entry as expired, so the changes to the local zones have immediate effect. 3. If the expiration is already set and smaller than the new value, then leave the expiration value as it is. 2. Otherwise pick larger of `now + ADB_ENTRY_WINDOW` and `now + TTL` as the new expiration value. --- lib/dns/adb.c | 42 ++++++++++++++++++++++++++++-------------- 1 file changed, 28 insertions(+), 14 deletions(-) diff --git a/lib/dns/adb.c b/lib/dns/adb.c index 937748e305..c7b2123a94 100644 --- a/lib/dns/adb.c +++ b/lib/dns/adb.c @@ -542,6 +542,18 @@ import_rdataset(dns_adbname_t *adbname, dns_rdataset_t *rdataset, rdtype = rdataset->type; + switch (rdataset->trust) { + case dns_trust_glue: + case dns_trust_additional: + rdataset->ttl = ADB_CACHE_MINIMUM; + break; + case dns_trust_ultimate: + rdataset->ttl = 0; + break; + default: + rdataset->ttl = ttlclamp(rdataset->ttl); + } + REQUIRE(rdtype == dns_rdatatype_a || rdtype == dns_rdatatype_aaaa); for (result = dns_rdataset_first(rdataset); result == ISC_R_SUCCESS; @@ -601,22 +613,24 @@ import_rdataset(dns_adbname_t *adbname, dns_rdataset_t *rdataset, switch (rdtype) { case dns_rdatatype_a: - DP(NCACHE_LEVEL, - "expire_v4 set to MIN(%u,%u,%u) import_rdataset", - adbname->expire_v4, now + ADB_ENTRY_WINDOW, - now + rdataset->ttl); - adbname->expire_v4 = ISC_MIN( - adbname->expire_v4, - ISC_MIN(now + ADB_ENTRY_WINDOW, now + rdataset->ttl)); + adbname->expire_v4 = + (rdataset->ttl != 0) + ? ISC_MIN(adbname->expire_v4, + ISC_MAX(now + ADB_ENTRY_WINDOW, + now + rdataset->ttl)) + : INT_MAX; + DP(NCACHE_LEVEL, "expire_v4 set to %u import_rdataset", + adbname->expire_v4); break; case dns_rdatatype_aaaa: - DP(NCACHE_LEVEL, - "expire_v6 set to MIN(%u,%u,%u) import_rdataset", - adbname->expire_v6, now + ADB_ENTRY_WINDOW, - now + rdataset->ttl); - adbname->expire_v6 = ISC_MIN( - adbname->expire_v6, - ISC_MIN(now + ADB_ENTRY_WINDOW, now + rdataset->ttl)); + adbname->expire_v6 = + (rdataset->ttl != 0) + ? ISC_MIN(adbname->expire_v6, + ISC_MAX(now + ADB_ENTRY_WINDOW, + now + rdataset->ttl)) + : INT_MAX; + DP(NCACHE_LEVEL, "expire_v6 set to %u import_rdataset", + adbname->expire_v6); break; default: UNREACHABLE();