diff options
| author | Lennart Poettering <lennart@poettering.net> | 2015-12-28 00:30:56 +0100 |
|---|---|---|
| committer | Lennart Poettering <lennart@poettering.net> | 2015-12-28 14:46:39 +0100 |
| commit | ee3d6aff9bd73c1b23e29d1fa1fa6f7a1ef0533b (patch) | |
| tree | 15ac562f0720d647d4c518a9b43949c4157edba4 /src/resolve/resolved-dns-cache.c | |
| parent | f535705a457f9bee976a45baf20272b7228d0c65 (diff) | |
resolved: use RRSIG expiry and original TTL for cache management
When we verified a signature, fix up the RR's TTL to the original TTL
mentioned in the signature, and store the signature expiry information
in the RR, too. Then, use that when adding RRs to the cache.
Diffstat (limited to 'src/resolve/resolved-dns-cache.c')
| -rw-r--r-- | src/resolve/resolved-dns-cache.c | 28 |
1 files changed, 26 insertions, 2 deletions
diff --git a/src/resolve/resolved-dns-cache.c b/src/resolve/resolved-dns-cache.c index 49d5090d36..413e1080d9 100644 --- a/src/resolve/resolved-dns-cache.c +++ b/src/resolve/resolved-dns-cache.c @@ -272,6 +272,30 @@ static DnsCacheItem* dns_cache_get(DnsCache *c, DnsResourceRecord *rr) { return NULL; } +static usec_t calculate_until(DnsResourceRecord *rr, usec_t timestamp) { + usec_t ttl; + + assert(rr); + + ttl = rr->ttl * USEC_PER_SEC; + + if (ttl > CACHE_TTL_MAX_USEC) + ttl = CACHE_TTL_MAX_USEC; + + if (rr->expiry != USEC_INFINITY) { + usec_t left; + + /* Make use of the DNSSEC RRSIG expiry info, if we have it */ + + left = LESS_BY(rr->expiry, now(CLOCK_REALTIME)); + + if (ttl > left) + ttl = left; + } + + return timestamp + ttl; +} + static void dns_cache_item_update_positive( DnsCache *c, DnsCacheItem *i, @@ -302,7 +326,7 @@ static void dns_cache_item_update_positive( dns_resource_key_unref(i->key); i->key = dns_resource_key_ref(rr->key); - i->until = timestamp + MIN(rr->ttl * USEC_PER_SEC, CACHE_TTL_MAX_USEC); + i->until = calculate_until(rr, timestamp); i->authenticated = authenticated; i->shared_owner = shared_owner; @@ -383,7 +407,7 @@ static int dns_cache_put_positive( i->type = DNS_CACHE_POSITIVE; i->key = dns_resource_key_ref(rr->key); i->rr = dns_resource_record_ref(rr); - i->until = timestamp + MIN(i->rr->ttl * USEC_PER_SEC, CACHE_TTL_MAX_USEC); + i->until = calculate_until(rr, timestamp); i->authenticated = authenticated; i->shared_owner = shared_owner; i->owner_family = owner_family; |