The 'cache-ttl' and 'ncache-ttl' options now work
This commit is contained in:
Andreas Gustafsson
2
CHANGES
2
CHANGES
@@ -1,3 +1,5 @@
|
||||
216. [func] The 'cache-ttl' and 'ncache-ttl' options now work.
|
||||
|
||||
215. [bug] Failures at certain points in request processing
|
||||
could cause the assertion INSIST(client->lockview
|
||||
== NULL) to be triggered.
|
||||
|
||||
@@ -627,6 +627,31 @@ configure_view(dns_view_t *view, dns_c_ctx_t *cctx, dns_c_view_t *cview,
|
||||
dns_c_ctx_gettrustedkeys,
|
||||
&view->secroots));
|
||||
|
||||
{
|
||||
isc_uint32_t val;
|
||||
result = ISC_R_NOTFOUND;
|
||||
if (cview != NULL)
|
||||
result = dns_c_view_getmaxcachettl(cview, &val);
|
||||
if (result != ISC_R_SUCCESS)
|
||||
result = dns_c_ctx_getmaxcachettl(cctx, &val);
|
||||
if (result != ISC_R_SUCCESS)
|
||||
val = 30 * 24 * 3600;
|
||||
view->maxcachettl = val;
|
||||
}
|
||||
{
|
||||
isc_uint32_t val;
|
||||
result = ISC_R_NOTFOUND;
|
||||
if (cview != NULL)
|
||||
result = dns_c_view_getmaxncachettl(cview, &val);
|
||||
if (result != ISC_R_SUCCESS)
|
||||
result = dns_c_ctx_getmaxncachettl(cctx, &val);
|
||||
if (result != ISC_R_SUCCESS)
|
||||
val = 3 * 3600;
|
||||
if (val > 7 * 24 * 3600)
|
||||
val = 7 * 24 * 3600;
|
||||
view->maxncachettl = val;
|
||||
}
|
||||
|
||||
result = ISC_R_SUCCESS;
|
||||
|
||||
cleanup:
|
||||
|
||||
@@ -66,8 +66,8 @@ options {
|
||||
[ max-transfer-idle-in number; ] Yes*
|
||||
[ max-transfer-time-out number; ] Yes*
|
||||
[ max-transfer-idle-out number; ] Yes*
|
||||
[ max-cache-ttl number; ] No*
|
||||
[ max-ncache-ttl number; ] No
|
||||
[ max-cache-ttl number; ] Yes*
|
||||
[ max-ncache-ttl number; ] Yes
|
||||
[ min-roots number; ] No
|
||||
[ serial-queries number; ] No
|
||||
[ transfer-format ( one-answer | many-answers ); ] Yes
|
||||
@@ -195,7 +195,8 @@ view "view_name" [ ( in | hs | hesiod | chaos ) ] { Yes*
|
||||
[ lame-ttl number; ] No
|
||||
[ max-transfer-time-out number; ] Yes*
|
||||
[ max-transfer-idle-out number; ] Yes*
|
||||
[ max-ncache-ttl number; ] No
|
||||
[ max-cache-ttl number; ] Yes*
|
||||
[ max-ncache-ttl number; ] Yes
|
||||
[ min-roots number; ] No
|
||||
[ transfer-format ( one-answer | many-answers ); ] Yes
|
||||
[ transfer-source ip_addr; ] Yes
|
||||
|
||||
@@ -52,11 +52,12 @@ ISC_LANG_BEGINDECLS
|
||||
|
||||
isc_result_t
|
||||
dns_ncache_add(dns_message_t *message, dns_db_t *cache, dns_dbnode_t *node,
|
||||
dns_rdatatype_t covers, isc_stdtime_t now,
|
||||
dns_rdatatype_t covers, isc_stdtime_t now, dns_ttl_t maxttl,
|
||||
dns_rdataset_t *addedrdataset);
|
||||
/*
|
||||
* Convert the authority data from 'message' into a negative cache
|
||||
* rdataset, and store it in 'cache' at 'node'.
|
||||
* rdataset, and store it in 'cache' at 'node' with a TTL limited to
|
||||
* 'maxttl'.
|
||||
*
|
||||
* The 'covers' argument is the RR type whose nonexistence we are caching,
|
||||
* or dns_rdatatype_any when caching a NXDOMAIN response.
|
||||
|
||||
@@ -102,12 +102,15 @@ struct dns_view {
|
||||
dns_acl_t * recursionacl;
|
||||
isc_boolean_t requestixfr;
|
||||
isc_boolean_t provideixfr;
|
||||
dns_ttl_t maxcachettl;
|
||||
dns_ttl_t maxncachettl;
|
||||
|
||||
/*
|
||||
* Configurable data for server use only,
|
||||
* locked by server configuration lock.
|
||||
*/
|
||||
dns_acl_t * matchclients;
|
||||
|
||||
/* Locked by lock. */
|
||||
unsigned int references;
|
||||
unsigned int weakrefs;
|
||||
|
||||
@@ -83,7 +83,7 @@ copy_rdataset(dns_rdataset_t *rdataset, isc_buffer_t *buffer) {
|
||||
|
||||
isc_result_t
|
||||
dns_ncache_add(dns_message_t *message, dns_db_t *cache, dns_dbnode_t *node,
|
||||
dns_rdatatype_t covers, isc_stdtime_t now,
|
||||
dns_rdatatype_t covers, isc_stdtime_t now, dns_ttl_t maxttl,
|
||||
dns_rdataset_t *addedrdataset)
|
||||
{
|
||||
isc_result_t result;
|
||||
@@ -114,7 +114,7 @@ dns_ncache_add(dns_message_t *message, dns_db_t *cache, dns_dbnode_t *node,
|
||||
/*
|
||||
* First, build an ncache rdata in buffer.
|
||||
*/
|
||||
ttl = 0xffffffff;
|
||||
ttl = maxttl;
|
||||
trust = 0xffff;
|
||||
isc_buffer_init(&buffer, data, sizeof(data));
|
||||
result = dns_message_firstname(message, DNS_SECTION_AUTHORITY);
|
||||
|
||||
@@ -260,7 +260,7 @@ static isc_boolean_t fctx_destroy(fetchctx_t *fctx);
|
||||
static isc_result_t ncache_adderesult(dns_message_t *message,
|
||||
dns_db_t *cache, dns_dbnode_t *node,
|
||||
dns_rdatatype_t covers,
|
||||
isc_stdtime_t now,
|
||||
isc_stdtime_t now, dns_ttl_t maxttl,
|
||||
dns_rdataset_t *ardataset,
|
||||
isc_result_t *eresultp);
|
||||
|
||||
@@ -1484,7 +1484,7 @@ static inline void
|
||||
possibly_mark(fetchctx_t *fctx, dns_adbaddrinfo_t *addr)
|
||||
{
|
||||
isc_netaddr_t na;
|
||||
char buf[80];
|
||||
char buf[ISC_NETADDR_FORMATSIZE];
|
||||
isc_sockaddr_t *sa;
|
||||
|
||||
sa = addr->sockaddr;
|
||||
@@ -2270,7 +2270,9 @@ validated(isc_task_t *task, isc_event_t *event) {
|
||||
|
||||
result = ncache_adderesult(fctx->rmessage,
|
||||
fctx->res->view->cachedb, node,
|
||||
covers, now, ardataset, &eresult);
|
||||
covers, now,
|
||||
fctx->res->view->maxncachettl,
|
||||
ardataset, &eresult);
|
||||
if (result != ISC_R_SUCCESS)
|
||||
goto respond;
|
||||
|
||||
@@ -2407,6 +2409,13 @@ cache_name(fetchctx_t *fctx, dns_name_t *name, isc_stdtime_t now) {
|
||||
rdataset = ISC_LIST_NEXT(rdataset, link)) {
|
||||
if (!CACHE(rdataset))
|
||||
continue;
|
||||
|
||||
/*
|
||||
* Enforce the configure maximum cache TTL.
|
||||
*/
|
||||
if (rdataset->ttl > res->view->maxcachettl)
|
||||
rdataset->ttl = res->view->maxcachettl;
|
||||
|
||||
/*
|
||||
* If this rrset is in a secure domain, do DNSSEC validation
|
||||
* for it, unless it is glue.
|
||||
@@ -2618,12 +2627,13 @@ cache_message(fetchctx_t *fctx, isc_stdtime_t now) {
|
||||
*/
|
||||
static isc_result_t
|
||||
ncache_adderesult(dns_message_t *message, dns_db_t *cache, dns_dbnode_t *node,
|
||||
dns_rdatatype_t covers, isc_stdtime_t now,
|
||||
dns_rdatatype_t covers, isc_stdtime_t now, dns_ttl_t maxttl,
|
||||
dns_rdataset_t *ardataset,
|
||||
isc_result_t *eresultp)
|
||||
{
|
||||
isc_result_t result;
|
||||
result = dns_ncache_add(message, cache, node, covers, now, ardataset);
|
||||
result = dns_ncache_add(message, cache, node, covers, now,
|
||||
maxttl, ardataset);
|
||||
if (result == DNS_R_UNCHANGED) {
|
||||
/*
|
||||
* The data in the cache is better than the negative cache
|
||||
@@ -2733,7 +2743,8 @@ ncache_message(fetchctx_t *fctx, dns_rdatatype_t covers, isc_stdtime_t now) {
|
||||
goto unlock;
|
||||
|
||||
result = ncache_adderesult(fctx->rmessage, res->view->cachedb, node,
|
||||
covers, now, ardataset, &eresult);
|
||||
covers, now, res->view->maxncachettl,
|
||||
ardataset, &eresult);
|
||||
if (result != ISC_R_SUCCESS)
|
||||
goto unlock;
|
||||
|
||||
|
||||
@@ -142,6 +142,8 @@ dns_view_create(isc_mem_t *mctx, dns_rdataclass_t rdclass,
|
||||
view->recursionacl = NULL;
|
||||
view->requestixfr = ISC_TRUE;
|
||||
view->provideixfr = ISC_TRUE;
|
||||
view->maxcachettl = 30 * 24 * 3600;
|
||||
view->maxncachettl = 24 * 3600;
|
||||
|
||||
result = dns_peerlist_new(view->mctx, &view->peers);
|
||||
if (result != ISC_R_SUCCESS)
|
||||
|
||||
Reference in New Issue
Block a user