rec: apply specific minimum TTL for root NS records

This is to prevent hammering the root servers.
Only relevant to weird setups with silly root records.

diff --git a/pdns/recursordist/syncres.cc b/pdns/recursordist/syncres.cc
index 61a923d1057a45e8005fb2bc492b73b56278afe3..87792085f4be21ab256754452b243defb542ec9d 100644 (file)
--- a/pdns/recursordist/syncres.cc
+++ b/pdns/recursordist/syncres.cc
@@ -5766,7 +5766,12 @@ bool SyncRes::processAnswer(unsigned int depth, const string& prefix, LWResult&
 {
   if (s_minimumTTL != 0) {
     for (auto& rec : lwr.d_records) {
-      rec.d_ttl = max(rec.d_ttl, s_minimumTTL);
+      rec.d_ttl = std::max(rec.d_ttl, s_minimumTTL);
+      if (d_updatingRootNS && rec.d_type == QType::NS && rec.d_name.isRoot()) {
+        // Enforce a higher minimum for root records with a silly TTL (only relevant in setups with
+        // questionable root records).
+        rec.d_ttl = std::max(rec.d_ttl, 3600U);
+      }
     }
   }