Fix the expire_v4 and expire_v6 logic

Correct the logic to set the expiration period of expire_{v4,v6} as
follows:

1. If the trust is ultimate (local entry), immediately set the entry as
   expired, so the changes to the local zones have immediate effect.

3. If the expiration is already set and smaller than the new value, then
   leave the expiration value as it is.

2. Otherwise pick larger of `now + ADB_ENTRY_WINDOW` and `now + TTL` as
   the new expiration value.

diff --git a/lib/dns/adb.c b/lib/dns/adb.c
index 937748e305912b3af0e28d053a2c3fb71be25436..c7b2123a94563aa211c38546e08f2c69b7ddce16 100644 (file)
--- a/lib/dns/adb.c
+++ b/lib/dns/adb.c
@@ -542,6 +542,18 @@ import_rdataset(dns_adbname_t *adbname, dns_rdataset_t *rdataset,
 
        rdtype = rdataset->type;
 
+       switch (rdataset->trust) {
+       case dns_trust_glue:
+       case dns_trust_additional:
+               rdataset->ttl = ADB_CACHE_MINIMUM;
+               break;
+       case dns_trust_ultimate:
+               rdataset->ttl = 0;
+               break;
+       default:
+               rdataset->ttl = ttlclamp(rdataset->ttl);
+       }
+
        REQUIRE(rdtype == dns_rdatatype_a || rdtype == dns_rdatatype_aaaa);
 
        for (result = dns_rdataset_first(rdataset); result == ISC_R_SUCCESS;
@@ -601,22 +613,24 @@ import_rdataset(dns_adbname_t *adbname, dns_rdataset_t *rdataset,
 
        switch (rdtype) {
        case dns_rdatatype_a:
-               DP(NCACHE_LEVEL,
-                  "expire_v4 set to MIN(%u,%u,%u) import_rdataset",
-                  adbname->expire_v4, now + ADB_ENTRY_WINDOW,
-                  now + rdataset->ttl);
-               adbname->expire_v4 = ISC_MIN(
-                       adbname->expire_v4,
-                       ISC_MIN(now + ADB_ENTRY_WINDOW, now + rdataset->ttl));
+               adbname->expire_v4 =
+                       (rdataset->ttl != 0)
+                               ? ISC_MIN(adbname->expire_v4,
+                                         ISC_MAX(now + ADB_ENTRY_WINDOW,
+                                                 now + rdataset->ttl))
+                               : INT_MAX;
+               DP(NCACHE_LEVEL, "expire_v4 set to %u import_rdataset",
+                  adbname->expire_v4);
                break;
        case dns_rdatatype_aaaa:
-               DP(NCACHE_LEVEL,
-                  "expire_v6 set to MIN(%u,%u,%u) import_rdataset",
-                  adbname->expire_v6, now + ADB_ENTRY_WINDOW,
-                  now + rdataset->ttl);
-               adbname->expire_v6 = ISC_MIN(
-                       adbname->expire_v6,
-                       ISC_MIN(now + ADB_ENTRY_WINDOW, now + rdataset->ttl));
+               adbname->expire_v6 =
+                       (rdataset->ttl != 0)
+                               ? ISC_MIN(adbname->expire_v6,
+                                         ISC_MAX(now + ADB_ENTRY_WINDOW,
+                                                 now + rdataset->ttl))
+                               : INT_MAX;
+               DP(NCACHE_LEVEL, "expire_v6 set to %u import_rdataset",
+                  adbname->expire_v6);
                break;
        default:
                UNREACHABLE();