auth: Add TTL settings for DNSSECKeeper's caches (key, medatada)

diff --git a/docs/markdown/authoritative/settings.md b/docs/markdown/authoritative/settings.md
index e5720049ffb0098dda72658c4bbb47d9fe7c2e5c..7c6955ae04722d544d3402221249917f05ae6190 100644 (file)
--- a/docs/markdown/authoritative/settings.md
+++ b/docs/markdown/authoritative/settings.md
@@ -287,6 +287,12 @@ Number of Distributor (backend) threads to start per receiver thread. See
 Synthesise CNAME records from DNAME records as required. This approximately
 doubles query load. **Do not combine with DNSSEC!**
 
+## `dns-key-cache-ttl`
+* Integer
+* Default: 30
+
+Seconds to store domain DNS keys in cache.
+
 ## `dnsupdate`
 * Boolean
 * Default: no
@@ -300,6 +306,12 @@ Enable/Disable DNS update (RFC2136) support.
 Perform AAAA additional processing. This sends AAAA records in the ADDITIONAL
 section when sending a referral.
 
+## `domain-metadata-cache-ttl`
+* Integer
+* Default: 60
+
+Seconds to store domain metadata in cache.
+
 ## `edns-subnet-option-number`
 * Integer
 * Removed in 3.4.

diff --git a/pdns/common_startup.cc b/pdns/common_startup.cc
index f6bb4606960820899c615bd253e43f532fc4d508..6a76cd671f9ee34f6fbe63e1c418d024f00616f6 100644 (file)
--- a/pdns/common_startup.cc
+++ b/pdns/common_startup.cc
@@ -149,6 +149,8 @@ void declareArguments()
   ::arg().set("soa-expire-default","Default SOA expire")="604800";
   ::arg().set("default-soa-edit","Default SOA-EDIT value")="";
   ::arg().set("default-soa-edit-signed","Default SOA-EDIT value for signed zones")="";
+  ::arg().set("dns-key-cache-ttl","Seconds to store domain DNS keys in cache")="30";
+  ::arg().set("domain-metadata-cache-ttl","Seconds to store domain metadata in cache")="60";
 
   ::arg().set("trusted-notification-proxy", "IP address of incoming notification proxy")="";
   ::arg().set("slave-renotify", "If we should send out notifications for slaved updates")="no";

diff --git a/pdns/dbdnsseckeeper.cc b/pdns/dbdnsseckeeper.cc
index 5f430d40021445be8f01efec6b9bc27f9d8549fd..c583367dec53e61d99290f6865978500fba792d3 100644 (file)
--- a/pdns/dbdnsseckeeper.cc
+++ b/pdns/dbdnsseckeeper.cc
@@ -206,7 +206,7 @@ void DNSSECKeeper::getFromMeta(const DNSName& zname, const std::string& key, std
     
   METACacheEntry nce;
   nce.d_domain=zname;
-  nce.d_ttd = now+60;
+  nce.d_ttd = now + ::arg().asNum("domain-metadata-cache-ttl");
   nce.d_key= key;
   nce.d_value = value;
   { 
@@ -460,7 +460,7 @@ DNSSECKeeper::keyset_t DNSSECKeeper::getKeys(const DNSName& zone, bool useCache)
   KeyCacheEntry kce;
   kce.d_domain=zone;
   kce.d_keys = retkeyset;
-  kce.d_ttd = now + 30;
+  kce.d_ttd = now + ::arg().asNum("dns-key-cache-ttl");
   {
     WriteLock l(&s_keycachelock);
     replacing_insert(s_keycache, kce);

diff --git a/pdns/pdns.conf-dist b/pdns/pdns.conf-dist
index 888396f92c42b9357ec0b126639e1fb8c75b210f..f14bf5055cfb9ca4cda10eae78e15e84b217aafb 100644 (file)
--- a/pdns/pdns.conf-dist
+++ b/pdns/pdns.conf-dist
@@ -184,6 +184,11 @@
 #
 # dname-processing=no
 
+#################################
+# dns-key-cache-ttl    Seconds to store domain DNS keys in cache
+#
+# dns-key-cache-ttl=30
+
 #################################
 # dnsupdate    Enable/Disable DNS update (RFC2136) support. Default is no.
 #
@@ -194,6 +199,11 @@
 #
 # do-ipv6-additional-processing=yes
 
+#################################
+# domain-metadata-cache-ttl    Seconds to store domain metadata in cache
+#
+# domain-metadata-cache-ttl=60
+
 #################################
 # edns-subnet-processing       If we should act on EDNS Subnet options
 #

diff --git a/pdns/pdnsutil.cc b/pdns/pdnsutil.cc
index fbe6e955b1934b2a20bc323156b0ef6ee801cd0c..4fce2a46aa3f6f7f83252f7d56197967afd6c4b1 100644 (file)
--- a/pdns/pdnsutil.cc
+++ b/pdns/pdnsutil.cc
@@ -120,6 +120,8 @@ void loadMainConfig(const std::string& configdir)
   ::arg().set("soa-expire-default","Default SOA expire")="604800";
   ::arg().set("soa-minimum-ttl","Default SOA minimum ttl")="3600";    
   ::arg().set("chroot","Switch to this chroot jail")="";
+  ::arg().set("dns-key-cache-ttl","Seconds to store domain DNS keys in cache")="30";
+  ::arg().set("domain-metadata-cache-ttl","Seconds to store domain metadata in cache")="60";
 
   // Keep this line below all ::arg().set() statements
   if (! ::arg().laxFile(configname.c_str()))