cache.max_ttl(): lower the default from six days to one day

Allowing too much seems to have more risk than benefit.  For example,
the 2-day TTL on DS records in .com zone (e.g. Slack issue months ago).

diff --git a/daemon/bindings/cache.rst b/daemon/bindings/cache.rst
index f27b9d7b0981e21bc23cee4477d7a2cfe5991ab8..6cab99305c0afe88f5a18556d8eee1b1c2a505cb 100644 (file)
--- a/daemon/bindings/cache.rst
+++ b/daemon/bindings/cache.rst
@@ -221,7 +221,7 @@ Configuration reference
 
 .. function:: cache.max_ttl([ttl])
 
-  :param number ttl: maximum cache TTL in seconds (default: 6 days)
+  :param number ttl: maximum cache TTL in seconds (default: 1 day)
 
   .. KR_CACHE_DEFAULT_TTL_MAX ^^
 

diff --git a/lib/defines.h b/lib/defines.h
index 156ff6188a5d7704ed6ed634862c710b7c4aff77..0d678416e283cb8a34a64de1aba2036324d4ddae 100644 (file)
--- a/lib/defines.h
+++ b/lib/defines.h
@@ -66,7 +66,7 @@ static inline int KR_COLD kr_error(int x) {
 #define KR_EDNS_VERSION 0
 #define KR_EDNS_PAYLOAD 1232 /* Default UDP payload; see https://www.dnsflagday.net/2020/ */
 #define KR_CACHE_DEFAULT_TTL_MIN (5) /* avoid bursts of queries */
-#define KR_CACHE_DEFAULT_TTL_MAX (6 * 24 * 3600) /* 6 days, like the root NS TTL */
+#define KR_CACHE_DEFAULT_TTL_MAX (1 * 24 * 3600) /* one day seems enough; fits prefill module */
 
 #define KR_DNAME_STR_MAXLEN (KNOT_DNAME_TXT_MAXLEN + 1)
 #define KR_RRTYPE_STR_MAXLEN (16 + 1)