rec: Cap max-cache-ttl to 15 seconds

Having no cache makes no sense and anything below a few seconds will
lead to SERVFAILs on recursors that have a low query load.

Closes #4634

diff --git a/docs/markdown/recursor/settings.md b/docs/markdown/recursor/settings.md
index 95f4b57aa598f8883c330ad77eabc58825ea62f3..c1c41d85f17f1bef1f70211b68f89e66320346dc 100644 (file)
--- a/docs/markdown/recursor/settings.md
+++ b/docs/markdown/recursor/settings.md
@@ -584,6 +584,8 @@ for most installations.
 
 Maximum number of seconds to cache an item in the DNS cache, no matter what the
 original TTL specified.
+Since PowerDNS Recursor 4.1.0, the minimum value of this setting is 15.
+i.e. setting this to lower than 15 will make this value 15.
 
 ## `max-mthreads`
 * Integer

diff --git a/pdns/pdns_recursor.cc b/pdns/pdns_recursor.cc
index 16c11466733ad0669b10c54379d5585a9428fb16..565f9242fe789393f46950f6275203481e250b51 100644 (file)
--- a/pdns/pdns_recursor.cc
+++ b/pdns/pdns_recursor.cc
@@ -2750,7 +2750,7 @@ int serviceMain(int argc, char*argv[])
   SyncRes::s_nopacketcache = ::arg().mustDo("disable-packetcache");
 
   SyncRes::s_maxnegttl=::arg().asNum("max-negative-ttl");
-  SyncRes::s_maxcachettl=::arg().asNum("max-cache-ttl");
+  SyncRes::s_maxcachettl=max(::arg().asNum("max-cache-ttl"), 15);
   SyncRes::s_packetcachettl=::arg().asNum("packetcache-ttl");
   // Cap the packetcache-servfail-ttl to the packetcache-ttl
   uint32_t packetCacheServFailTTL = ::arg().asNum("packetcache-servfail-ttl");