diff --git a/bin/named/main.c b/bin/named/main.c index db6e1e9a68..98fd1aa3e9 100644 --- a/bin/named/main.c +++ b/bin/named/main.c @@ -120,6 +120,9 @@ extern unsigned int dns_zone_mkey_hour; extern unsigned int dns_zone_mkey_day; extern unsigned int dns_zone_mkey_month; +extern unsigned int dns_adb_entrywindow; +extern unsigned int dns_adb_cachemin; + static bool want_stats = false; static char program_name[NAME_MAX] = "named"; static char absolute_conffile[PATH_MAX]; @@ -802,6 +805,10 @@ parse_T_opt(char *option) { transferstuck = true; } else if (!strncmp(option, "tat=", 4)) { named_g_tat_interval = atoi(option + 4); + } else if (!strncmp(option, "adbentrywindow=", 15)) { + dns_adb_entrywindow = atoi(option + 15); + } else if (!strncmp(option, "adbcachemin=", 12)) { + dns_adb_cachemin = atoi(option + 12); } else { fprintf(stderr, "unknown -T flag '%s'\n", option); } diff --git a/lib/dns/adb.c b/lib/dns/adb.c index 20ff62c792..dc910cddae 100644 --- a/lib/dns/adb.c +++ b/lib/dns/adb.c @@ -60,12 +60,8 @@ /*! * For type 3 negative cache entries, we will remember that the address is * broken for this long. XXXMLG This is also used for actual addresses, too. - * The intent is to keep us from constantly asking about A/AAAA records - * if the zone has extremely low TTLs. */ -#define ADB_CACHE_MINIMUM 10 /*%< seconds */ #define ADB_CACHE_MAXIMUM 86400 /*%< seconds (86400 = 24 hours) */ -#define ADB_ENTRY_WINDOW 60 /*%< seconds */ #ifndef ADB_HASH_BITS #define ADB_HASH_BITS 12 @@ -264,6 +260,12 @@ ISC_REFCOUNT_TRACE_DECL(dns_adbentry); ISC_REFCOUNT_DECL(dns_adbentry); #endif +/* + * ADB settings that can be tweaked with named -T option + */ +unsigned int dns_adb_entrywindow = 60; +unsigned int dns_adb_cachemin = 10; + /* * Internal functions (and prototypes). */ @@ -446,10 +448,10 @@ enum { * Due to the ttlclamp(), the TTL is never 0 unless the trust is ultimate, * in which case we need to set the expiration to have immediate effect. */ -#define ADJUSTED_EXPIRE(expire, now, ttl) \ - ((ttl != 0) \ - ? ISC_MIN(expire, ISC_MAX(now + ADB_ENTRY_WINDOW, now + ttl)) \ - : INT_MAX) +#define ADJUSTED_EXPIRE(expire, now, ttl) \ + ((ttl != 0) ? ISC_MIN(expire, \ + ISC_MAX(now + dns_adb_entrywindow, now + ttl)) \ + : INT_MAX) /* * Error states. @@ -522,8 +524,12 @@ inc_adbstats(dns_adb_t *adb, isc_statscounter_t counter) { static dns_ttl_t ttlclamp(dns_ttl_t ttl) { - if (ttl < ADB_CACHE_MINIMUM) { - ttl = ADB_CACHE_MINIMUM; + if (ttl < dns_adb_cachemin) { + /* + * Avoid to constantly ask about A/AAAA records if the zone has + * extremely low TTLs. + */ + ttl = dns_adb_cachemin; } if (ttl > ADB_CACHE_MAXIMUM) { ttl = ADB_CACHE_MAXIMUM; @@ -555,7 +561,7 @@ import_rdataset(dns_adbname_t *adbname, dns_rdataset_t *rdataset, switch (rdataset->trust) { case dns_trust_glue: case dns_trust_additional: - rdataset->ttl = ADB_CACHE_MINIMUM; + rdataset->ttl = dns_adb_cachemin; break; case dns_trust_ultimate: rdataset->ttl = 0; @@ -1059,7 +1065,7 @@ new_adbentry(dns_adb_t *adb, const isc_sockaddr_t *addr, isc_stdtime_t now) { .quota = adb->quota, .references = ISC_REFCOUNT_INITIALIZER(1), .adb = dns_adb_ref(adb), - .expires = now + ADB_ENTRY_WINDOW, + .expires = now + dns_adb_entrywindow, .magic = DNS_ADBENTRY_MAGIC, }; @@ -1320,7 +1326,7 @@ get_attached_and_locked_name(dns_adb_t *adb, const dns_name_t *name, dns_adbname_ref(adbname); LOCK(&adbname->lock); /* Must be unlocked by the caller */ - if (adbname->last_used + ADB_CACHE_MINIMUM <= last_update) { + if (adbname->last_used + dns_adb_cachemin <= last_update) { adbname->last_used = now; } if (locktype == isc_rwlocktype_write) { @@ -1429,7 +1435,7 @@ get_attached_and_locked_entry(dns_adb_t *adb, isc_stdtime_t now, } /* Did enough time pass to update the LRU? */ - if (adbentry->last_used + ADB_CACHE_MINIMUM <= last_update) { + if (adbentry->last_used + dns_adb_cachemin <= last_update) { adbentry->last_used = now; if (locktype == isc_rwlocktype_write) { ISC_LIST_UNLINK(adb->entries_lru, adbentry, link);