d_cachecachevalid=false;
tuple<string, uint16_t> key=make_tuple(qname, qt.getCode());
cache_t::iterator stored=d_cache.find(key);
+ uint32_t maxTTD=UINT_MAX;
bool isNew=false;
if(stored == d_cache.end()) {
}
}
+ // limit TTL of auth->auth NSset update if needed, except for root
+ if(ce.d_auth && auth && qt.getCode()==QType::NS && !((qname.length()==1 && qname[0]=='.'))) {
+ // cerr<<"\tLimiting TTL of auth->auth NS set replace"<<endl;
+ vector<StoredRecord>::iterator j;
+ for(j = ce.d_records.begin() ; j != ce.d_records.end(); ++j) {
+ maxTTD=min(maxTTD, j->d_ttd);
+ }
+ }
+
// make sure that we CAN refresh the root
if(auth && ((qname.length()==1 && qname[0]=='.') || !attemptToRefreshNSTTL(qt, content, ce) ) ) {
- // cerr<<"\tGot auth data, and it was not refresh attempt of an NS record, nuking storage"<<endl;
+ // cerr<<"\tGot auth data, and it was not refresh attempt of an unchanged NS set, nuking storage"<<endl;
ce.d_records.clear(); // clear non-auth data
ce.d_auth = true;
isNew=true; // data should be sorted again
// cerr<<"\tHave "<<content.size()<<" records to store\n";
for(set<DNSResourceRecord>::const_iterator i=content.begin(); i != content.end(); ++i) {
- // cerr<<"To store: "<<i->content<<endl;
- dr.d_ttd=i->ttl;
+ // cerr<<"To store: "<<i->content<<" with ttl/ttd "<<i->ttl<<endl;
+ dr.d_ttd=min(maxTTD, i->ttl);
dr.d_string=DNSRR2String(*i);
if(isNew)
--- /dev/null
+#!/bin/sh
+. vars
+rm configs/$PREFIX.17/drop-1
+cleandig a.www.1.ghost.example.net a | sed 's/\(.*\tIN\t[A-Z0-9]\+\t\)\([0-9]\+\)/\13600/'
+sleep 5
+touch configs/$PREFIX.17/drop-1
+cleandig b.www.1.ghost.example.net a | sed 's/\(.*\tIN\t[A-Z0-9]\+\t\)\([0-9]\+\)/\13600/'
+sleep 5
+cleandig c.www.1.ghost.example.net a | sed 's/\(.*\tIN\t[A-Z0-9]\+\t\)\([0-9]\+\)/\13600/'
+sleep 5
+cleandig d.www.1.ghost.example.net a | sed 's/\(.*\tIN\t[A-Z0-9]\+\t\)\([0-9]\+\)/\13600/'
+sleep 5
+cleandig e.www.1.ghost.example.net a | sed 's/\(.*\tIN\t[A-Z0-9]\+\t\)\([0-9]\+\)/\13600/'
--- /dev/null
+Extended ghost domain test - delegation is removed and receiver tries very
+hard to stay alive, by changing the NSset on every request.
--- /dev/null
+0 a.www.1.ghost.example.net. IN A 3600 192.0.2.7
+Rcode: 0, RD: 1, QR: 1, TC: 0, AA: 0, opcode: 0
+Reply to question for qname='a.www.1.ghost.example.net.', qtype=A
+0 b.www.1.ghost.example.net. IN A 3600 192.0.2.7
+Rcode: 0, RD: 1, QR: 1, TC: 0, AA: 0, opcode: 0
+Reply to question for qname='b.www.1.ghost.example.net.', qtype=A
+0 c.www.1.ghost.example.net. IN A 3600 192.0.2.7
+Rcode: 0, RD: 1, QR: 1, TC: 0, AA: 0, opcode: 0
+Reply to question for qname='c.www.1.ghost.example.net.', qtype=A
+1 ghost.example.net. IN SOA 3600 ns.example.net. hostmaster.example.net. 1 3600 1800 1209600 300
+Rcode: 3, RD: 1, QR: 1, TC: 0, AA: 0, opcode: 0
+Reply to question for qname='d.www.1.ghost.example.net.', qtype=A
+1 ghost.example.net. IN SOA 3600 ns.example.net. hostmaster.example.net. 1 3600 1800 1209600 300
+Rcode: 3, RD: 1, QR: 1, TC: 0, AA: 0, opcode: 0
+Reply to question for qname='e.www.1.ghost.example.net.', qtype=A
projects / pdns / commitdiff