From: Vladimír Čunát <vladimir.cunat@nic.cz>
Date: Mon, 28 Feb 2022 18:21:04 +0000 (+0100)
Subject: cache.max_ttl(): lower the default from six days to one day
X-Git-Tag: v5.6.0~6^2~2
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=bb6e2de2195914c791d76fa56828050468349337;p=thirdparty%2Fknot-resolver.git

cache.max_ttl(): lower the default from six days to one day

Allowing too much seems to have more risk than benefit.  For example,
the 2-day TTL on DS records in .com zone (e.g. Slack issue months ago).
---

diff --git a/daemon/bindings/cache.rst b/daemon/bindings/cache.rst
index f27b9d7b0..6cab99305 100644
--- a/daemon/bindings/cache.rst
+++ b/daemon/bindings/cache.rst
@@ -221,7 +221,7 @@ Configuration reference
 
 .. function:: cache.max_ttl([ttl])
 
-  :param number ttl: maximum cache TTL in seconds (default: 6 days)
+  :param number ttl: maximum cache TTL in seconds (default: 1 day)
 
   .. KR_CACHE_DEFAULT_TTL_MAX ^^
 
diff --git a/lib/defines.h b/lib/defines.h
index 156ff6188..0d678416e 100644
--- a/lib/defines.h
+++ b/lib/defines.h
@@ -66,7 +66,7 @@ static inline int KR_COLD kr_error(int x) {
 #define KR_EDNS_VERSION 0
 #define KR_EDNS_PAYLOAD 1232 /* Default UDP payload; see https://www.dnsflagday.net/2020/ */
 #define KR_CACHE_DEFAULT_TTL_MIN (5) /* avoid bursts of queries */
-#define KR_CACHE_DEFAULT_TTL_MAX (6 * 24 * 3600) /* 6 days, like the root NS TTL */
+#define KR_CACHE_DEFAULT_TTL_MAX (1 * 24 * 3600) /* one day seems enough; fits prefill module */
 
 #define KR_DNAME_STR_MAXLEN (KNOT_DNAME_TXT_MAXLEN + 1)
 #define KR_RRTYPE_STR_MAXLEN (16 + 1)