}
ldns_rr_set_type(rr, type);
ldns_rr_set_class(rr, ntohs(k->rk.rrset_class));
- ldns_rr_set_ttl(rr, d->rr_ttl[i] - now);
+ if(d->rr_ttl[i] < now)
+ ldns_rr_set_ttl(rr, 0);
+ else ldns_rr_set_ttl(rr, d->rr_ttl[i] - now);
pos = 0;
status = ldns_wire2dname(&rdf, k->rk.dname, k->rk.dname_len, &pos);
if(status != LDNS_STATUS_OK) {
+16 October 2008: Wouter
+ - Fixup negative TTL values appearing (reported by Attila Nagy).
+
15 October 2008: Wouter
- better documentation for 0x20; remove fallback TODO, it is done.
- harden-referral-path feature includes A, AAAA queries for glue,
}
/* update the cached rrset */
if(updata->security > cachedata->security) {
+ size_t i;
if(updata->trust > cachedata->trust)
cachedata->trust = updata->trust;
cachedata->security = updata->security;
cachedata->ttl = updata->ttl + now;
+ for(i=0; i<cachedata->count+cachedata->rrsig_count; i++)
+ cachedata->rr_ttl[i] = updata->rr_ttl[i]+now;
}
lock_rw_unlock(&e->lock);
}
}
if(cachedata->security > updata->security) {
updata->security = cachedata->security;
- if(cachedata->security == sec_status_bogus)
+ if(cachedata->security == sec_status_bogus) {
+ size_t i;
updata->ttl = cachedata->ttl - now;
+ for(i=0; i<cachedata->count+cachedata->rrsig_count; i++)
+ if(cachedata->rr_ttl[i] < now)
+ updata->rr_ttl[i] = 0;
+ else updata->rr_ttl[i] =
+ cachedata->rr_ttl[i]-now;
+ }
if(cachedata->trust > updata->trust)
updata->trust = cachedata->trust;
}
return r;
ldns_buffer_write(pkt, &key->rk.type, 2);
ldns_buffer_write(pkt, &key->rk.rrset_class, 2);
- ldns_buffer_write_u32(pkt, data->rr_ttl[i]-timenow);
+ if(data->rr_ttl[i] < timenow)
+ ldns_buffer_write_u32(pkt, 0);
+ else ldns_buffer_write_u32(pkt,
+ data->rr_ttl[i]-timenow);
if(c) {
if((r=compress_rdata(pkt, data->rr_data[i],
data->rr_len[i], region, tree, c))
}
ldns_buffer_write_u16(pkt, LDNS_RR_TYPE_RRSIG);
ldns_buffer_write(pkt, &key->rk.rrset_class, 2);
- ldns_buffer_write_u32(pkt, data->rr_ttl[i]-timenow);
+ if(data->rr_ttl[i] < timenow)
+ ldns_buffer_write_u32(pkt, 0);
+ else ldns_buffer_write_u32(pkt,
+ data->rr_ttl[i]-timenow);
/* rrsig rdata cannot be compressed, perform 100+ byte
* memcopy. */
ldns_buffer_write(pkt, data->rr_data[i],
ck->entry.data = d;
packed_rrset_ptr_fixup(d);
/* make TTLs relative - once per rrset */
- for(i=0; i<d->count + d->rrsig_count; i++)
- d->rr_ttl[i] -= now;
- d->ttl -= now;
+ for(i=0; i<d->count + d->rrsig_count; i++) {
+ if(d->rr_ttl[i] < now)
+ d->rr_ttl[i] = 0;
+ else d->rr_ttl[i] -= now;
+ }
+ if(d->ttl < now)
+ d->ttl = 0;
+ else d->ttl -= now;
return ck;
}
if(sec == sec_status_secure)
d->trust = rrset_trust_validated;
else if(sec == sec_status_bogus) {
+ size_t i;
/* update ttl for rrset to fixed value. */
d->ttl = ve->bogus_ttl;
+ for(i=0; i<d->count+d->rrsig_count; i++)
+ d->rr_ttl[i] = ve->bogus_ttl;
/* leave RR specific TTL: not used for determine
* if RRset timed out and clients see proper value. */
lock_basic_lock(&ve->bogus_lock);
projects / thirdparty / unbound.git / commitdiff
