From: Remi Gacogne <remi.gacogne@powerdns.com>
Date: Tue, 3 May 2016 08:10:04 +0000 (+0200)
Subject: auth: Add TTL settings for DNSSECKeeper's caches (key, medatada)
X-Git-Tag: rec-4.0.0-alpha3~13^2~2
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=25b81ed742f8a56c63a77d3586cc3a3dc2e9c494;p=thirdparty%2Fpdns.git

auth: Add TTL settings for DNSSECKeeper's caches (key, medatada)
---

diff --git a/docs/markdown/authoritative/settings.md b/docs/markdown/authoritative/settings.md
index e5720049ff..7c6955ae04 100644
--- a/docs/markdown/authoritative/settings.md
+++ b/docs/markdown/authoritative/settings.md
@@ -287,6 +287,12 @@ Number of Distributor (backend) threads to start per receiver thread. See
 Synthesise CNAME records from DNAME records as required. This approximately
 doubles query load. **Do not combine with DNSSEC!**
 
+## `dns-key-cache-ttl`
+* Integer
+* Default: 30
+
+Seconds to store domain DNS keys in cache.
+
 ## `dnsupdate`
 * Boolean
 * Default: no
@@ -300,6 +306,12 @@ Enable/Disable DNS update (RFC2136) support.
 Perform AAAA additional processing. This sends AAAA records in the ADDITIONAL
 section when sending a referral.
 
+## `domain-metadata-cache-ttl`
+* Integer
+* Default: 60
+
+Seconds to store domain metadata in cache.
+
 ## `edns-subnet-option-number`
 * Integer
 * Removed in 3.4.
diff --git a/pdns/common_startup.cc b/pdns/common_startup.cc
index f6bb460696..6a76cd671f 100644
--- a/pdns/common_startup.cc
+++ b/pdns/common_startup.cc
@@ -149,6 +149,8 @@ void declareArguments()
   ::arg().set("soa-expire-default","Default SOA expire")="604800";
   ::arg().set("default-soa-edit","Default SOA-EDIT value")="";
   ::arg().set("default-soa-edit-signed","Default SOA-EDIT value for signed zones")="";
+  ::arg().set("dns-key-cache-ttl","Seconds to store domain DNS keys in cache")="30";
+  ::arg().set("domain-metadata-cache-ttl","Seconds to store domain metadata in cache")="60";
 
   ::arg().set("trusted-notification-proxy", "IP address of incoming notification proxy")="";
   ::arg().set("slave-renotify", "If we should send out notifications for slaved updates")="no";
diff --git a/pdns/dbdnsseckeeper.cc b/pdns/dbdnsseckeeper.cc
index 5f430d4002..c583367dec 100644
--- a/pdns/dbdnsseckeeper.cc
+++ b/pdns/dbdnsseckeeper.cc
@@ -206,7 +206,7 @@ void DNSSECKeeper::getFromMeta(const DNSName& zname, const std::string& key, std
     
   METACacheEntry nce;
   nce.d_domain=zname;
-  nce.d_ttd = now+60;
+  nce.d_ttd = now + ::arg().asNum("domain-metadata-cache-ttl");
   nce.d_key= key;
   nce.d_value = value;
   { 
@@ -460,7 +460,7 @@ DNSSECKeeper::keyset_t DNSSECKeeper::getKeys(const DNSName& zone, bool useCache)
   KeyCacheEntry kce;
   kce.d_domain=zone;
   kce.d_keys = retkeyset;
-  kce.d_ttd = now + 30;
+  kce.d_ttd = now + ::arg().asNum("dns-key-cache-ttl");
   {
     WriteLock l(&s_keycachelock);
     replacing_insert(s_keycache, kce);
diff --git a/pdns/pdns.conf-dist b/pdns/pdns.conf-dist
index 888396f92c..f14bf5055c 100644
--- a/pdns/pdns.conf-dist
+++ b/pdns/pdns.conf-dist
@@ -184,6 +184,11 @@
 #
 # dname-processing=no
 
+#################################
+# dns-key-cache-ttl	Seconds to store domain DNS keys in cache
+#
+# dns-key-cache-ttl=30
+
 #################################
 # dnsupdate	Enable/Disable DNS update (RFC2136) support. Default is no.
 #
@@ -194,6 +199,11 @@
 #
 # do-ipv6-additional-processing=yes
 
+#################################
+# domain-metadata-cache-ttl	Seconds to store domain metadata in cache
+#
+# domain-metadata-cache-ttl=60
+
 #################################
 # edns-subnet-processing	If we should act on EDNS Subnet options
 #
diff --git a/pdns/pdnsutil.cc b/pdns/pdnsutil.cc
index fbe6e955b1..4fce2a46aa 100644
--- a/pdns/pdnsutil.cc
+++ b/pdns/pdnsutil.cc
@@ -120,6 +120,8 @@ void loadMainConfig(const std::string& configdir)
   ::arg().set("soa-expire-default","Default SOA expire")="604800";
   ::arg().set("soa-minimum-ttl","Default SOA minimum ttl")="3600";    
   ::arg().set("chroot","Switch to this chroot jail")="";
+  ::arg().set("dns-key-cache-ttl","Seconds to store domain DNS keys in cache")="30";
+  ::arg().set("domain-metadata-cache-ttl","Seconds to store domain metadata in cache")="60";
 
   // Keep this line below all ::arg().set() statements
   if (! ::arg().laxFile(configname.c_str()))