plugin/cache: fix TTL for negative DNS responses (#2197)

2018-10-19 21:10:08 +03:00 · 2018-10-19 21:10:08 +03:00 · dbc2efc49a
commit dbc2efc49a
parent 54df160aa4
3 changed files with 14 additions and 35 deletions
--- a/plugin/cache/README.md
+++ b/plugin/cache/README.md
@ -24,7 +24,6 @@ cache [TTL] [ZONES...]
 * **ZONES** zones it should cache for. If empty, the zones from the configuration block are used.

 Each element in the cache is cached according to its TTL (with **TTL** as the max).
-For the negative cache, the SOA's MinTTL value is used. A TTL of zero is not allowed.
 A cache is divided into 256 shards, each holding up to 512 items by default - for a total size
 of 256 * 512 = 131,072 items.

@ -101,4 +100,4 @@ Enable caching for all zones, keep a positive cache size of 5000 and a negative
         denial 2500
    }
 }
- ~~~
+ ~~~
--- a/plugin/pkg/dnsutil/ttl.go
+++ b/plugin/pkg/dnsutil/ttl.go
@ -14,34 +14,21 @@ func MinimalTTL(m *dns.Msg, mt response.Type) time.Duration {
 		return MinimalDefaultTTL
 	}

-	// No data to examine, return a short ttl as a fail safe.
-	if len(m.Answer)+len(m.Ns)+len(m.Extra) == 0 {
+	// No records or OPT is the only record, return a short ttl as a fail safe.
+	if len(m.Answer)+len(m.Ns) == 0 &&
+		(len(m.Extra) == 0 || (len(m.Extra) == 1 && m.Extra[0].Header().Rrtype == dns.TypeOPT)) {
 		return MinimalDefaultTTL
 	}

 	minTTL := MaximumDefaulTTL
 	for _, r := range m.Answer {
-		switch mt {
-		case response.NameError, response.NoData:
-			if r.Header().Rrtype == dns.TypeSOA {
-				minTTL = time.Duration(r.(*dns.SOA).Minttl) * time.Second
-			}
-		case response.NoError, response.Delegation:
-			if r.Header().Ttl < uint32(minTTL.Seconds()) {
-				minTTL = time.Duration(r.Header().Ttl) * time.Second
-			}
+		if r.Header().Ttl < uint32(minTTL.Seconds()) {
+			minTTL = time.Duration(r.Header().Ttl) * time.Second
 		}
 	}
 	for _, r := range m.Ns {
-		switch mt {
-		case response.NameError, response.NoData:
-			if r.Header().Rrtype == dns.TypeSOA {
-				minTTL = time.Duration(r.(*dns.SOA).Minttl) * time.Second
-			}
-		case response.NoError, response.Delegation:
-			if r.Header().Ttl < uint32(minTTL.Seconds()) {
-				minTTL = time.Duration(r.Header().Ttl) * time.Second
-			}
+		if r.Header().Ttl < uint32(minTTL.Seconds()) {
+			minTTL = time.Duration(r.Header().Ttl) * time.Second
 		}
 	}

@ -50,15 +37,8 @@ func MinimalTTL(m *dns.Msg, mt response.Type) time.Duration {
 			// OPT records use TTL field for extended rcode and flags
 			continue
 		}
-		switch mt {
-		case response.NameError, response.NoData:
-			if r.Header().Rrtype == dns.TypeSOA {
-				minTTL = time.Duration(r.(*dns.SOA).Minttl) * time.Second
-			}
-		case response.NoError, response.Delegation:
-			if r.Header().Ttl < uint32(minTTL.Seconds()) {
-				minTTL = time.Duration(r.Header().Ttl) * time.Second
-			}
+		if r.Header().Ttl < uint32(minTTL.Seconds()) {
+			minTTL = time.Duration(r.Header().Ttl) * time.Second
 		}
 	}
 	return minTTL
--- a/plugin/pkg/dnsutil/ttl_test.go
+++ b/plugin/pkg/dnsutil/ttl_test.go
@ -26,8 +26,8 @@ func TestMinimalTTL(t *testing.T) {
 		t.Fatalf("Expected type to be response.NoData, got %s", mt)
 	}
 	dur := MinimalTTL(m, mt) // minTTL on msg is 3600 (neg. ttl on SOA)
-	if dur != time.Duration(3600*time.Second) {
-		t.Fatalf("Expected minttl duration to be %d, got %d", 3600, dur)
+	if dur != time.Duration(1800*time.Second) {
+		t.Fatalf("Expected minttl duration to be %d, got %d", 1800, dur)
 	}

 	m.Rcode = dns.RcodeNameError
@ -36,8 +36,8 @@ func TestMinimalTTL(t *testing.T) {
 		t.Fatalf("Expected type to be response.NameError, got %s", mt)
 	}
 	dur = MinimalTTL(m, mt) // minTTL on msg is 3600 (neg. ttl on SOA)
-	if dur != time.Duration(3600*time.Second) {
-		t.Fatalf("Expected minttl duration to be %d, got %d", 3600, dur)
+	if dur != time.Duration(1800*time.Second) {
+		t.Fatalf("Expected minttl duration to be %d, got %d", 1800, dur)
 	}
 }