Unify the expiration time handling for all ADB expiration

author Ondřej Surý <ondrej@isc.org>

Wed, 3 Apr 2024 09:51:58 +0000 (11:51 +0200)

committer Ondřej Surý <ondrej@isc.org>

Mon, 22 Apr 2024 08:36:36 +0000 (10:36 +0200)
author Ondřej Surý <ondrej@isc.org>
Wed, 3 Apr 2024 09:51:58 +0000 (11:51 +0200)
committer Ondřej Surý <ondrej@isc.org>
Mon, 22 Apr 2024 08:36:36 +0000 (10:36 +0200)
diff --git a/lib/dns/adb.c b/lib/dns/adb.c

index c7b2123a94563aa211c38546e08f2c69b7ddce16..2d115d9ba427fc53e6914ffd559d29df599665db 100644 (file)
--- a/lib/dns/adb.c
+++ b/lib/dns/adb.c
@@ -441,6 +441,15 @@ enum {
         ((r) == DNS_R_NCACHENXDOMAIN || (r) == DNS_R_NCACHENXRRSET)
  #define AUTH_NX(r) ((r) == DNS_R_NXDOMAIN || (r) == DNS_R_NXRRSET)
  
+/*
+ * Due to the ttlclamp(), the TTL is never 0 unless the trust is ultimate,
+ * in which case we need to set the expiration to have immediate effect.
+ */
+#define ADJUSTED_EXPIRE(expire, now, ttl)                                      \
+       ((ttl != 0)                                                            \
+                ? ISC_MIN(expire, ISC_MAX(now + ADB_ENTRY_WINDOW, now + ttl)) \
+                : INT_MAX)
+
  /*
   * Error states.
   */
@@ -613,22 +622,14 @@ import_rdataset(dns_adbname_t *adbname, dns_rdataset_t *rdataset,
  
         switch (rdtype) {
         case dns_rdatatype_a:
-               adbname->expire_v4 =
-                       (rdataset->ttl != 0)
-                               ? ISC_MIN(adbname->expire_v4,
-                                         ISC_MAX(now + ADB_ENTRY_WINDOW,
-                                                 now + rdataset->ttl))
-                               : INT_MAX;
+               adbname->expire_v4 = ADJUSTED_EXPIRE(adbname->expire_v4, now,
+                                                    rdataset->ttl);
                 DP(NCACHE_LEVEL, "expire_v4 set to %u import_rdataset",
                    adbname->expire_v4);
                 break;
         case dns_rdatatype_aaaa:
-               adbname->expire_v6 =
-                       (rdataset->ttl != 0)
-                               ? ISC_MIN(adbname->expire_v6,
-                                         ISC_MAX(now + ADB_ENTRY_WINDOW,
-                                                 now + rdataset->ttl))
-                               : INT_MAX;
+               adbname->expire_v6 = ADJUSTED_EXPIRE(adbname->expire_v6, now,
+                                                    rdataset->ttl);
                 DP(NCACHE_LEVEL, "expire_v6 set to %u import_rdataset",
                    adbname->expire_v6);
                 break;
@@ -2738,7 +2739,8 @@ dbfind_name(dns_adbname_t *adbname, isc_stdtime_t now, dns_rdatatype_t rdtype) {
                         result = DNS_R_ALIAS;
                         DP(NCACHE_LEVEL, "adb name %p: caching alias target",
                            adbname);
-                       adbname->expire_target = rdataset.ttl + now;
+                       adbname->expire_target = ADJUSTED_EXPIRE(
+                               adbname->expire_target, now, rdataset.ttl);
                 }
                 if (rdtype == dns_rdatatype_a) {
                         adbname->fetch_err = FIND_ERR_SUCCESS;
@@ -2820,12 +2822,12 @@ fetch_callback(void *arg) {
         if (NCACHE_RESULT(resp->result)) {
                 resp->rdataset->ttl = ttlclamp(resp->rdataset->ttl);
                 if (address_type == DNS_ADBFIND_INET) {
+                       name->expire_v4 = ADJUSTED_EXPIRE(name->expire_v4, now,
+                                                         resp->rdataset->ttl);
                         DP(NCACHE_LEVEL,
                            "adb fetch name %p: "
                            "caching negative entry for A (ttl %u)",
-                          name, resp->rdataset->ttl);
-                       name->expire_v4 = ISC_MIN(name->expire_v4,
-                                                 resp->rdataset->ttl + now);
+                          name, name->expire_v4);
                         if (resp->result == DNS_R_NCACHENXDOMAIN) {
                                 name->fetch_err = FIND_ERR_NXDOMAIN;
                         } else {
@@ -2833,12 +2835,12 @@ fetch_callback(void *arg) {
                         }
                         inc_resstats(adb, dns_resstatscounter_gluefetchv4fail);
                 } else {
+                       name->expire_v6 = ADJUSTED_EXPIRE(name->expire_v6, now,
+                                                         resp->rdataset->ttl);
                         DP(NCACHE_LEVEL,
                            "adb fetch name %p: "
                            "caching negative entry for AAAA (ttl %u)",
-                          name, resp->rdataset->ttl);
-                       name->expire_v6 = ISC_MIN(name->expire_v6,
-                                                 resp->rdataset->ttl + now);
+                          name, name->expire_v6);
                         if (resp->result == DNS_R_NCACHENXDOMAIN) {
                                 name->fetch6_err = FIND_ERR_NXDOMAIN;
                         } else {
@@ -2861,7 +2863,8 @@ fetch_callback(void *arg) {
                 if (result == ISC_R_SUCCESS) {
                         DP(NCACHE_LEVEL,
                            "adb fetch name %p: caching alias target", name);
-                       name->expire_target = resp->rdataset->ttl + now;
+                       name->expire_target = ADJUSTED_EXPIRE(
+                               name->expire_target, now, resp->rdataset->ttl);
                 }
                 goto check_result;
         }
author	Ondřej Surý <ondrej@isc.org>
	Wed, 3 Apr 2024 09:51:58 +0000 (11:51 +0200)
committer	Ondřej Surý <ondrej@isc.org>
	Mon, 22 Apr 2024 08:36:36 +0000 (10:36 +0200)