From: Ondřej Surý Date: Wed, 3 Apr 2024 09:36:54 +0000 (+0200) Subject: Fix the expire_v4 and expire_v6 logic X-Git-Tag: v9.19.24~18^2~2 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=53cc00ee3f8d0497049e92a3ae96cc3430fb21fc;p=thirdparty%2Fbind9.git Fix the expire_v4 and expire_v6 logic Correct the logic to set the expiration period of expire_{v4,v6} as follows: 1. If the trust is ultimate (local entry), immediately set the entry as expired, so the changes to the local zones have immediate effect. 3. If the expiration is already set and smaller than the new value, then leave the expiration value as it is. 2. Otherwise pick larger of `now + ADB_ENTRY_WINDOW` and `now + TTL` as the new expiration value. --- diff --git a/lib/dns/adb.c b/lib/dns/adb.c index 937748e3059..c7b2123a945 100644 --- a/lib/dns/adb.c +++ b/lib/dns/adb.c @@ -542,6 +542,18 @@ import_rdataset(dns_adbname_t *adbname, dns_rdataset_t *rdataset, rdtype = rdataset->type; + switch (rdataset->trust) { + case dns_trust_glue: + case dns_trust_additional: + rdataset->ttl = ADB_CACHE_MINIMUM; + break; + case dns_trust_ultimate: + rdataset->ttl = 0; + break; + default: + rdataset->ttl = ttlclamp(rdataset->ttl); + } + REQUIRE(rdtype == dns_rdatatype_a || rdtype == dns_rdatatype_aaaa); for (result = dns_rdataset_first(rdataset); result == ISC_R_SUCCESS; @@ -601,22 +613,24 @@ import_rdataset(dns_adbname_t *adbname, dns_rdataset_t *rdataset, switch (rdtype) { case dns_rdatatype_a: - DP(NCACHE_LEVEL, - "expire_v4 set to MIN(%u,%u,%u) import_rdataset", - adbname->expire_v4, now + ADB_ENTRY_WINDOW, - now + rdataset->ttl); - adbname->expire_v4 = ISC_MIN( - adbname->expire_v4, - ISC_MIN(now + ADB_ENTRY_WINDOW, now + rdataset->ttl)); + adbname->expire_v4 = + (rdataset->ttl != 0) + ? ISC_MIN(adbname->expire_v4, + ISC_MAX(now + ADB_ENTRY_WINDOW, + now + rdataset->ttl)) + : INT_MAX; + DP(NCACHE_LEVEL, "expire_v4 set to %u import_rdataset", + adbname->expire_v4); break; case dns_rdatatype_aaaa: - DP(NCACHE_LEVEL, - "expire_v6 set to MIN(%u,%u,%u) import_rdataset", - adbname->expire_v6, now + ADB_ENTRY_WINDOW, - now + rdataset->ttl); - adbname->expire_v6 = ISC_MIN( - adbname->expire_v6, - ISC_MIN(now + ADB_ENTRY_WINDOW, now + rdataset->ttl)); + adbname->expire_v6 = + (rdataset->ttl != 0) + ? ISC_MIN(adbname->expire_v6, + ISC_MAX(now + ADB_ENTRY_WINDOW, + now + rdataset->ttl)) + : INT_MAX; + DP(NCACHE_LEVEL, "expire_v6 set to %u import_rdataset", + adbname->expire_v6); break; default: UNREACHABLE();