]> git.ipfire.org Git - thirdparty/unbound.git/commitdiff
projects / thirdparty / unbound.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 9af29c3)
Apply cache TTL policy to DNAME and synthesized CNAME on wire path (#1418)
authorArunabha Das <arunabhadas3@gmail.com>
Mon, 9 Mar 2026 12:53:52 +0000 (18:23 +0530)
committerGitHub <noreply@github.com>
Mon, 9 Mar 2026 12:53:52 +0000 (13:53 +0100)
When the scrubber synthesizes a CNAME from a DNAME (authority omits CNAME),
apply cache-min-ttl/cache-max-ttl to both DNAME and synthesized CNAME in
msg_parse so they stay equal and respect config (RFC 6672).

- iterator/iter_scrub.c: In synth_cname_rrset(), clamp TTL to [MIN_TTL,
  MAX_TTL] when !SERVE_ORIGINAL_TTL and write back to both synth CNAME
  and DNAME rrset. Removes FIXME.

iterator/iter_scrub.c patch | blob | blame | history

diff --git a/iterator/iter_scrub.c b/iterator/iter_scrub.c
index a4b98375b0c06a7cd03b85a8bef554978c70746c..147b1f05cf7ce5d05da0528dc17d1b416b5a12fa 100644 (file)
--- a/iterator/iter_scrub.c
+++ b/iterator/iter_scrub.c
@@ -285,6 +285,17 @@ synth_cname_rrset(uint8_t** sname, size_t* snamelen, uint8_t* alias,
                return NULL;
        memmove(cn->rr_first->ttl_data, rrset->rr_first->ttl_data,
                sizeof(uint32_t)); /* RFC6672: synth CNAME TTL == DNAME TTL */
+       /* Apply cache TTL policy so DNAME and synthesized CNAME stay equal
+        * and respect cache-min-ttl/cache-max-ttl (same as rdata_copy path). */
+       if(!SERVE_ORIGINAL_TTL) {
+               uint32_t ttl = sldns_read_uint32(cn->rr_first->ttl_data);
+               time_t ttl_t = (time_t)ttl;
+               if(ttl_t < MIN_TTL) ttl_t = MIN_TTL;
+               if(ttl_t > MAX_TTL) ttl_t = MAX_TTL;
+               ttl = (uint32_t)ttl_t;
+               sldns_write_uint32(cn->rr_first->ttl_data, ttl);
+               sldns_write_uint32(rrset->rr_first->ttl_data, ttl);
+       }
        sldns_write_uint16(cn->rr_first->ttl_data+4, aliaslen);
        memmove(cn->rr_first->ttl_data+6, alias, aliaslen);
        cn->rr_first->size = sizeof(uint16_t)+aliaslen;
@@ -502,8 +513,6 @@ scrub_normalize(sldns_buffer* pkt, struct msg_parse* msg,
                                log_err("out of memory synthesizing CNAME");
                                return 0;
                        }
-                       /* FIXME: resolve the conflict between synthesized 
-                        * CNAME ttls and the cache. */
                        rrset = nx;
                        continue;
 
Mirror of https://github.com/NLnetLabs/unbound.git