Changeset 543

Timestamp:

12/10/13 16:22:10 (10 years ago)

Author:

Kris Deugau

Message:

/trunk

Implement most of the UI and back end for handling scheduled changes
to records. See #40.

This turned out to be most of what I had vaguely imagined; only SOA
records can't sanely be set for scheduled changes yet (can't think of
a scenario where this would even be useful) and there's only a small
dusting of UI chrome left for another time.

Bumped up from projected 1.4 to 1.2 per request from Reid Sutherland.

Location:

trunk

Files:

• DNSDB.pm (modified) (17 diffs)
• dns-1.0-1.2.sql (modified) (1 diff)
• dns-rpc.cgi (modified) (3 diffs)
• dns.cgi (modified) (6 diffs)
• dns.sql (modified) (1 diff)
• templates/dns.css (modified) (1 diff)
• templates/reclist.tmpl (modified) (2 diffs)
• templates/record.tmpl (modified) (2 diffs)
• tiny-import.pl (modified) (30 diffs)

trunk/DNSDB.pm

@@ -31 +31 @@
 use POSIX;
 use Fcntl qw(:flock);
+use Time::TAI64 qw(:tai64);
 
 use vars qw($VERSION @ISA @EXPORT @EXPORT_OK %EXPORT_TAGS);
@@ -3536 +3537 @@
   my $id = shift;
 
+##fixme: do we need a knob to twist to switch between unix epoch and postgres time string?
   my $sql = "SELECT record_id,host,type,val,ttl".
         ($defrec eq 'n' ? ',location' : '').
         ($revrec eq 'n' ? ',distance,weight,port' : '').
-        (($defrec eq 'y') ? ',group_id FROM ' : ',domain_id,rdns_id FROM ').
+        (($defrec eq 'y') ? ',group_id FROM ' : ',domain_id,rdns_id,stamp,stamp < now() AS ispast,expires,stampactive FROM ').
         _rectable($defrec,$revrec)." WHERE record_id=?";
   my $ret = $dbh->selectrow_hashref($sql, undef, ($id) );
@@ -3608 +3610 @@
   $newsort =~ s/^,//;
 
+##fixme:  do we need a knob to twist to switch from unix epoch to postgres time string?
   my $sql = "SELECT r.record_id,r.host,r.type,r.val,r.ttl";
-  $sql .= ",l.description AS locname" if $args{defrec} eq 'n';
+  $sql .= ",l.description AS locname,stamp,r.stamp < now() AS ispast,r.expires,r.stampactive"
+        if $args{defrec} eq 'n';
   $sql .= ",r.distance,r.weight,r.port" if $args{revrec} eq 'n';
   $sql .= " FROM "._rectable($args{defrec},$args{revrec})." r ";
@@ -3627 +3631 @@
   my $ret = $dbh->selectall_arrayref($sql, { Slice => {} }, (@bindvars) );
   $errstr = "Error retrieving records: ".$dbh->errstr if !$ret;
+
   return $ret;
 } # end getRecList()
@@ -3685 +3690 @@
   my $location = shift;
   $location  = '' if !$location;
+
+  my $expires = shift;
+  $expires = 1 if $expires eq 'until';  # Turn some special values into the appropriate booleans.
+  $expires = 0 if $expires eq 'after';
+  my $stamp = shift;
+  $stamp = '' if !$stamp;        # Timestamp should be a string at this point.
 
   # Spaces are evil.
@@ -3745 +3756 @@
   push @vallist, ($$host,$$rectype,$$val,$ttl,$id);
 
-  # locations are not for default records, silly coder!
   if ($defrec eq 'n') {
+    # locations are not for default records, silly coder!
     $fields .= ",location";
     push @vallist, $location;
-  }
+    # timestamps are rare.
+    if ($stamp) {
+      $fields .= ",stamp,expires,stampactive";
+      push @vallist, $stamp, $expires, 'y';
+    } else {
+      $fields .= ",stampactive";
+      push @vallist, 'n';
+    }
+  }
+
+  # a little magic to get the right number of ? placeholders based on how many values we're providing
   my $vallen = '?'.(',?'x$#vallist);
 
@@ -3777 +3798 @@
   $logdata{entry} .= "', TTL $ttl";
   $logdata{entry} .= ", location ".$self->getLoc($location)->{description} if $location;
+  $logdata{entry} .= ($expires eq 'after' ? ', valid after ' : ', expires at ').$stamp if $stamp;
 
   # Allow transactions, and raise an exception on errors so we can catch it later.
@@ -3830 +3852 @@
   $location  = '' if !$location;
 
+  my $expires = shift;
+  $expires = 1 if $expires eq 'until';  # Turn some special values into the appropriate booleans.
+  $expires = 0 if $expires eq 'after';
+  my $stamp = shift;
+  $stamp = '' if !$stamp;        # Timestamp should be a string at this point.
+
   # just set it to an empty string;  failures will be caught later.
   $$host = '' if !$$host;
@@ -3901 +3929 @@
         ($defrec eq 'y' ? $oldrec->{group_id} : ($revrec eq 'n' ? $oldrec->{domain_id} : $oldrec->{rdns_id})) );
 
-  # locations are not for default records, silly coder!
   if ($defrec eq 'n') {
+    # locations are not for default records, silly coder!
     $fields .= ",location";
     push @vallist, $location;
+    # timestamps are rare.
+    if ($stamp) {
+      $fields .= ",stamp,expires,stampactive";
+      push @vallist, $stamp, $expires, 'y';
+    } else {
+      $fields .= ",stampactive";
+      push @vallist, 'n';
+    }
   }
 
@@ -3958 +3994 @@
   $logdata{entry} .= "', TTL $oldrec->{ttl}";
   $logdata{entry} .= ", location ".$self->getLoc($oldrec->{location})->{description} if $oldrec->{location};
+  $logdata{entry} .= ($oldrec->{expires} ? ', expires at ' : ', valid after ').$oldrec->{stamp}
+        if $oldrec->{stampactive};
   $logdata{entry} .= "\nto\n";
   # More NS special
@@ -3969 +4007 @@
   $logdata{entry} .= "', TTL $ttl";
   $logdata{entry} .= ", location ".$self->getLoc($location)->{description} if $location;
+  $logdata{entry} .= ($expires eq 'after' ? ', valid after ' : ', expires at ').$stamp if $stamp;
 
   local $dbh->{AutoCommit} = 0;
@@ -4975 +5014 @@
   my $soasth = $dbh->prepare("SELECT host,type,val,distance,weight,port,ttl,record_id,location ".
         "FROM records WHERE rdns_id=? AND type=6");
-  my $recsth = $dbh->prepare("SELECT host,type,val,distance,weight,port,ttl,record_id,location ".
+  my $recsth = $dbh->prepare("SELECT host,type,val,distance,weight,port,ttl,record_id,location,extract(epoch from stamp),expires,stampactive ".
         "FROM records WHERE rdns_id=? AND not type=6 ".
         "ORDER BY masklen(CAST(val AS inet)) DESC, CAST(val AS inet)");
@@ -5008 +5047 @@
 
         $recsth->execute($revid);
-        while (my ($host,$type,$val,$dist,$weight,$port,$ttl,$recid,$loc) = $recsth->fetchrow_array) {
+        while (my ($host,$type,$val,$dist,$weight,$port,$ttl,$recid,$loc,$stamp,$expires,$stampactive) = $recsth->fetchrow_array) {
           next if $recflags{$recid};
 
-          $loc = '' if !$loc;   # de-nullify - just in case
-##fixme:  handle case of record-with-location-that-doesn't-exist better.
-# note this currently fails safe (tested) - records with a location that
-# doesn't exist will not be sent to any client
-#       $loc = '' if !$lochash->{$loc};
-
-##fixme:  record validity timestamp. tinydns supports fiddling with timestamps.
-# note $ttl must be set to 0 if we want to use tinydns's auto-expiring timestamps.
-# timestamps are TAI64
-# ~~ 2^62 + time()
-          my $stamp = '';
-
-          # support tinydns' auto-TTL
-          $ttl = '' if $ttl == -1;
+# not sure this is necessary for revzones.
+#         # Spaces are evil.
+#         $val =~ s/^\s+//;
+#         $val =~ s/\s+$//;
+#         if ($typemap{$type} ne 'TXT') {
+#           # Leading or trailng spaces could be legit in TXT records.
+#           $host =~ s/^\s+//;
+#           $host =~ s/\s+$//;
+#         }
 
           _printrec_tiny(*ZONECACHE, 'y', \%recflags, $revzone,
-            $host, $type, $val, $dist, $weight, $port, $ttl, $loc, $stamp)
+            $host, $type, $val, $dist, $weight, $port, $ttl, $loc, $stamp, $expires, $stampactive)
                 if *ZONECACHE;
 
@@ -5062 +5096 @@
 
   my $domsth = $dbh->prepare("SELECT domain_id,domain,status,changed FROM domains WHERE status=1");
-  $recsth = $dbh->prepare("SELECT host,type,val,distance,weight,port,ttl,record_id,location ".
+  $recsth = $dbh->prepare("SELECT host,type,val,distance,weight,port,ttl,record_id,location,extract(epoch from stamp),expires,stampactive ".
         "FROM records WHERE domain_id=?");      # Just exclude all types relating to rDNS
 #       "FROM records WHERE domain_id=? AND type < 65280");     # Just exclude all types relating to rDNS
@@ -5083 +5117 @@
 
         $recsth->execute($domid);
-        while (my ($host,$type,$val,$dist,$weight,$port,$ttl,$recid,$loc) = $recsth->fetchrow_array) {
+        while (my ($host,$type,$val,$dist,$weight,$port,$ttl,$recid,$loc,$stamp,$expires,$stampactive) = $recsth->fetchrow_array) {
           next if $recflags{$recid};
-
-          $loc = '' if !$loc;   # de-nullify - just in case
-##fixme:  handle case of record-with-location-that-doesn't-exist better.
-# note this currently fails safe (tested) - records with a location that
-# doesn't exist will not be sent to any client
-#       $loc = '' if !$lochash->{$loc};
-
-##fixme:  record validity timestamp. tinydns supports fiddling with timestamps.
-# note $ttl must be set to 0 if we want to use tinydns's auto-expiring timestamps.
-# timestamps are TAI64
-# ~~ 2^62 + time()
-          my $stamp = '';
-
-          # support tinydns' auto-TTL
-          $ttl = '' if $ttl == -1;
 
           # Spaces are evil.
@@ -5111 +5130 @@
 
           _printrec_tiny(*ZONECACHE, 'n', \%recflags,
-                $dom, $host, $type, $val, $dist, $weight, $port, $ttl, $loc, $stamp)
+                $dom, $host, $type, $val, $dist, $weight, $port, $ttl, $loc, $stamp, $expires, $stampactive)
                 if *ZONECACHE;
 
@@ -5150 +5169 @@
 # Utility sub for __export_tiny above
 sub _printrec_tiny {
-  my ($datafile,$revrec,$recflags,$zone,$host,$type,$val,$dist,$weight,$port,$ttl,$loc,$stamp) = @_;
+  my ($datafile,$revrec,$recflags,$zone,$host,$type,$val,$dist,$weight,$port,$ttl,$loc,$stamp,$expires,$stampactive) = @_;
+
+  $loc = '' if !$loc;   # de-nullify - just in case
+##fixme:  handle case of record-with-location-that-doesn't-exist better.
+# note this currently fails safe (tested) - records with a location that
+# doesn't exist will not be sent to any client
+#       $loc = '' if !$lochash->{$loc};
+
+
+## Records that are valid only before or after a set time
+
+# record due to expire sometime is the complex case.  we don't want to just
+# rely on tinydns' auto-adjusting TTLs, because the default TTL in that case
+# is one day instead of the SOA minttl as BIND might do.
+
+# consider the case where a record is set to expire a week ahead, but the next
+# day later you want to change it NOW (or as NOWish as you get with your DNS
+# management practice).  but now you're stuck, because someone, somewhere, 
+# has just done a lookup before your latest change was published, and they'll
+# be caching that old, broken record for 1 day instead of your zone default
+# TTL.
+
+# $stamp-$ttl is the *latest* we can publish the record with the defined TTL
+# to still have the expiry happen as scheduled, but we need to find some
+# *earlier* point.  We can maybe guess, and 2x TTL is probably reasonable,
+# but we need info on the export frequency.
+
+# export the normal, non-expiring record up until $stamp-<guesstimate>, then
+# switch to exporting a record with the TAI64 stamp and a 0 TTL so tinydns
+# takes over TTL management.
+
+  if ($stampactive) {
+    if ($expires) {
+      # record expires at $stamp;  decide if we need to keep the TTL and ignore
+      # the stamp for a time or if we need to change the TTL to 0 and convert
+      # $stamp to TAI64 so tinydns can use $stamp to autoadjust the TTL on the fly.
+# extra hack, optimally needs more knowledge of data export frequency
+# smack the idiot customer who insists on 0 TTLs;  they can suck up and
+# deal with a 10-minute TTL.  especially on scheduled changes.  note this
+# should be (export freq * 2), but we don't know the actual export frequency.
+$ttl = 300 if $ttl == 0;        #hack phtui
+      my $ahead = (86400 < $ttl*2 ? 86400 : $ttl*2);
+      if ((time() + $ahead) < $stamp) {
+        # more than 2x TTL OR more than one day (whichever is less) from expiry time;  publish normal record
+        $stamp = '';
+      } else {
+        # less than 2x TTL from expiry time, let tinydns take over TTL management and publish the TAI64 stamp.
+        $ttl = 0;
+        $stamp = unixtai64($stamp);
+        $stamp =~ s/\@//;
+      }
+    } else {
+      # record is "active after";  convert epoch from database to TAI64, publish, and collect $200.
+      $stamp = unixtai64($stamp);
+      $stamp =~ s/\@//;
+    }
+  } else {
+    # flag for active timestamp is false;  don't actually put a timestamp in the output
+    $stamp = '';
+  }
+
+  # support tinydns' auto-TTL
+  $ttl = '' if $ttl == -1;
+# these are WAY FREAKING HIGH - higher even than most TLD registry TTLs!
+# NS          259200  => 3d
+# all others   86400  => 1d
 
   if ($revrec eq 'y') {

trunk/dns-1.0-1.2.sql

@@ -72 +72 @@
 ALTER TABLE records ADD COLUMN rdns_id INTEGER DEFAULT 0 NOT NULL;
 ALTER TABLE records ADD COLUMN location character varying (4) DEFAULT '' NOT NULL;
+-- Scheduled changes.
+ALTER TABLE records ADD COLUMN stamp TIMESTAMP WITH TIME ZONE DEFAULT 'epoch' NOT NULL;
+ALTER TABLE records ADD COLUMN expires boolean DEFAULT 'n' NOT NULL;
+ALTER TABLE records ADD COLUMN stampactive boolean DEFAULT 'n' NOT NULL;
 
 -- ~120s -> 75s performance boost on 100K records when always exporting all records

trunk/dns-rpc.cgi

@@ -475 +475 @@
 
   my @recargs = ($args{defrec}, $args{revrec}, $args{parent_id},
-        \$args{name}, \$args{type}, \$args{address}, $args{ttl}, $args{location});
+        \$args{name}, \$args{type}, \$args{address}, $args{ttl}, $args{location},
+        $args{expires}, $args{stamp});
   if ($args{type} == $DNSDB::reverse_typemap{MX} or $args{type} == $DNSDB::reverse_typemap{SRV}) {
     push @recargs, $args{distance};
@@ -497 +498 @@
   _reccheck(\%args);
 
+  # put some caller-friendly names in their rightful DB column places
+  $args{val} = $args{address};
+  $args{host} = $args{name};
+
   # get old line, so we can update only the bits that the caller passed to change
-  # note we subbed address for val since it's a little more caller-friendly
   my $oldrec = $dnsdb->getRecLine($args{defrec}, $args{revrec}, $args{id});
-  foreach my $field (qw(name type address ttl location distance weight port)) {
+  foreach my $field (qw(host type val ttl location expires distance weight port)) {
     $args{$field} = $oldrec->{$field} if !$args{$field} && defined($oldrec->{$field});
   }
+  # stamp has special handling when blank or 0.  "undefined" from the caller should mean "don't change"
+  $args{stamp} = $oldrec->{stamp} if !defined($args{stamp}) && defined($oldrec->{stamp});
 
   # allow passing text types rather than DNS integer IDs
@@ -510 +516 @@
   # parent_id is the "primary" zone we're updating;  necessary for forward/reverse voodoo
   my ($code, $msg) = $dnsdb->updateRec($args{defrec}, $args{revrec}, $args{id}, $args{parent_id},
-        \$args{name}, \$args{type}, \$args{address}, $args{ttl}, $args{location},
+        \$args{host}, \$args{type}, \$args{val}, $args{ttl}, $args{location},
+        $args{expires}, $args{stamp},
         $args{distance}, $args{weight}, $args{port});
 

trunk/dns.cgi

@@ -30 +30 @@
 use Net::DNS;
 use DBI;
+
 use Data::Dumper;
 
@@ -721 +722 @@
 
     my @recargs = ($webvar{defrec}, $webvar{revrec}, $webvar{parentid},
-        \$webvar{name}, \$webvar{type}, \$webvar{address}, $webvar{ttl}, $webvar{location});
+        \$webvar{name}, \$webvar{type}, \$webvar{address}, $webvar{ttl}, $webvar{location},
+        $webvar{expires}, $webvar{stamp});
     if ($webvar{type} == $reverse_typemap{MX} or $webvar{type} == $reverse_typemap{SRV}) {
       push @recargs, $webvar{distance};
@@ -769 +771 @@
     $page->param(ttl            => $recdata->{ttl});
     $page->param(typelist       => $dnsdb->getTypelist($webvar{revrec}, $recdata->{type}));
-
+    if ($recdata->{stampactive}) {
+      $page->param(stamp => $recdata->{stamp});
+      $page->param(stamp_until => $recdata->{expires});
+    }
     if ($webvar{defrec} eq 'n') {
       fill_loclist($curgroup, $recdata->{location});
@@ -785 +790 @@
     my ($code,$msg) = $dnsdb->updateRec($webvar{defrec}, $webvar{revrec}, $webvar{id}, $webvar{parentid},
         \$webvar{name}, \$webvar{type}, \$webvar{address}, $webvar{ttl}, $webvar{location},
+        $webvar{expires}, $webvar{stamp},
         $webvar{distance}, $webvar{weight}, $webvar{port});
 
@@ -2002 +2008 @@
     $rec->{record_delete} = ($permissions{admin} || $permissions{record_delete});
     $rec->{locname} = '' unless ($permissions{admin} || $permissions{location_view});
+# Timestamps
+    if ($rec->{expires}) {
+      $rec->{stamptype} = $rec->{ispast} ? 'expired at' : 'expires at';
+    } else {
+      $rec->{stamptype} = 'valid after';
+    }
+    # strip seconds and timezone?  no, not yet.  could probably offer a config knob on this display at some point.
+#    $rec->{stamp} =~ s/:\d\d-\d+$//;
+    delete $rec->{expires};
+    delete $rec->{ispast};
   }
   $page->param(reclist => $foo2);
@@ -2032 +2048 @@
   my $soa = $dnsdb->getSOA($webvar{defrec}, $webvar{revrec}, $webvar{parentid});
   $page->param(ttl      => ($webvar{ttl} ? $webvar{ttl} : $soa->{minttl}));
+  $page->param(stamp_until => ($webvar{expires} eq 'until'));
+  $page->param(stamp => $webvar{stamp});
 }
 

trunk/dns.sql

@@ -166 +166 @@
     description text,
     rdns_id integer NOT NULL DEFAULT 0,
-    location character varying (4) DEFAULT '' NOT NULL
+    location character varying (4) DEFAULT '' NOT NULL,
+    stamp TIMESTAMP WITH TIME ZONE DEFAULT 'epoch' NOT NULL,
+    expires boolean DEFAULT 'n' NOT NULL,
+    stampactive boolean DEFAULT 'n' NOT NULL
 );
 CREATE INDEX rec_domain_index ON records USING btree (domain_id);

trunk/templates/dns.css

@@ -165 +165 @@
         text-align: center;
         padding: 5px;
-        width: 50%;
+        width: 55%;
 }
 .warning {

trunk/templates/reclist.tmpl

@@ -61 +61 @@
 <tr class="row<TMPL_IF __odd__>0<TMPL_ELSE>1</TMPL_IF>">
 <TMPL_IF fwdzone>
-        <td><TMPL_IF record_edit><a href="<TMPL_VAR NAME=script_self>&amp;page=record&amp;parentid=<TMPL_VAR NAME=id>&amp;defrec=<TMPL_VAR NAME=defrec>&amp;revrec=<TMPL_VAR NAME=revrec>&amp;recact=edit&amp;id=<TMPL_VAR NAME=record_id>"><TMPL_VAR NAME=host></a><TMPL_IF locname> (<TMPL_VAR NAME=locname>)</TMPL_IF><TMPL_ELSE><TMPL_VAR NAME=host><TMPL_IF locname> (<TMPL_VAR NAME=locname>)</TMPL_IF></TMPL_IF></td>
+        <td><TMPL_IF record_edit><a href="<TMPL_VAR NAME=script_self>&amp;page=record&amp;parentid=<TMPL_VAR
+ NAME=id>&amp;defrec=<TMPL_VAR NAME=defrec>&amp;revrec=<TMPL_VAR NAME=revrec>&amp;recact=edit&amp;id=<TMPL_VAR
+ NAME=record_id>"><TMPL_VAR NAME=host></a><TMPL_IF locname> (<TMPL_VAR
+ NAME=locname>)</TMPL_IF><TMPL_ELSE><TMPL_VAR NAME=host><TMPL_IF locname> (<TMPL_VAR
+ NAME=locname>)</TMPL_IF></TMPL_IF><TMPL_IF stampactive><br />(<TMPL_VAR NAME=stamptype> <TMPL_VAR
+ NAME=stamp>)</TMPL_IF></td>
         <td><TMPL_VAR NAME=type></td>
         <td><TMPL_VAR NAME=val></td>
@@ -68 +73 @@
         <td><TMPL_VAR NAME=port></td>
 <TMPL_ELSE>
-        <td><TMPL_IF record_edit><a href="<TMPL_VAR NAME=script_self>&amp;page=record&amp;parentid=<TMPL_VAR NAME=id>&amp;defrec=<TMPL_VAR NAME=defrec>&amp;revrec=<TMPL_VAR NAME=revrec>&amp;recact=edit&amp;id=<TMPL_VAR NAME=record_id>"><TMPL_VAR NAME=val></a><TMPL_IF locname> (<TMPL_VAR NAME=locname>)</TMPL_IF><TMPL_ELSE><TMPL_VAR NAME=val><TMPL_IF locname> (<TMPL_VAR NAME=locname>)</TMPL_IF></TMPL_IF></td>
+        <td><TMPL_IF record_edit><a href="<TMPL_VAR NAME=script_self>&amp;page=record&amp;parentid=<TMPL_VAR
+ NAME=id>&amp;defrec=<TMPL_VAR NAME=defrec>&amp;revrec=<TMPL_VAR NAME=revrec>&amp;recact=edit&amp;id=<TMPL_VAR
+ NAME=record_id>"><TMPL_VAR NAME=val></a><TMPL_IF locname> (<TMPL_VAR
+ NAME=locname>)</TMPL_IF><TMPL_ELSE><TMPL_VAR NAME=val><TMPL_IF locname> (<TMPL_VAR
+ NAME=locname>)</TMPL_IF></TMPL_IF><TMPL_IF stampactive><br />(<TMPL_VAR NAME=stamptype> <TMPL_VAR
+ NAME=stamp>)</TMPL_IF></td>
         <td><TMPL_VAR NAME=type></td>
         <td><TMPL_VAR NAME=host></td>

trunk/templates/record.tmpl

@@ -18 +18 @@
 <input type="hidden" name="recact" value="<TMPL_VAR NAME=recact>" />
 
-<table class="container" width="450">
+<table class="container" width="520">
 <tr><td>
 
@@ -81 +81 @@
         </tr>
 </TMPL_IF>
+<TMPL_UNLESS is_default>
+        <tr class="datalinelight">
+                <td>Timestamp<br />(blank or 0 disables timestamp)</td>
+                <td>Valid <input type="radio" name="expires" value="until"<TMPL_IF stamp_until> checked="checked"</TMPL_IF>>until
+                <input type="radio" name="expires" value="after"<TMPL_UNLESS stamp_until> checked="checked"</TMPL_UNLESS>>after:
+                <input type="text" name="stamp" value="<TMPL_VAR NAME=stamp>" />
+                </td>
+        </tr>
+</TMPL_UNLESS>
         <tr class="datalinelight">
                 <td colspan="2" align="center"><input type="submit" value=" <TMPL_VAR NAME=todo> " /></td>

trunk/tiny-import.pl

@@ -25 +25 @@
 use strict;
 use warnings;
+use POSIX;
+use Time::TAI64 qw(:tai);
 
 use lib '.';    ##uselib##
@@ -125 +127 @@
   }
 
-  our $recsth = $dbh->prepare("INSERT INTO records (domain_id,rdns_id,host,type,val,distance,weight,port,ttl,location) ".
-        " VALUES (?,?,?,?,?,?,?,?,?,?)");
+  our $recsth = $dbh->prepare("INSERT INTO records (domain_id,rdns_id,host,type,val,distance,weight,port,ttl,location,stamp,expires,stampactive) ".
+        " VALUES (?,?,?,?,?,?,?,?,?,?,?,?,?)");
 
   my %deleg;
@@ -248 +250 @@
   }
 
+  sub calcstamp {
+    my $stampin = shift;
+    my $ttl = shift;
+    my $pzone = shift;
+    my $revrec = shift;
+
+    return ($ttl, 'n', 'n', '1970-01-01 00:00:00 -0') if !$stampin;
+
+##fixme  Yes, this fails for records in 2038 sometime.  No, I'm not going to care for a while.
+    $stampin = "\@$stampin";    # Time::TAI64 needs the leading @.  Feh.
+    my $u = tai2unix($stampin);
+    $stampin = strftime("%Y-%m-%d %H:%M:%S %z", localtime($u));
+    my $expires = 'n';
+    if ($ttl) {
+      # TTL can stay put.
+    } else {
+      # TTL on import is 0, almost certainly wrong.  Get the parent zone's SOA and use the minttl.
+      my $soa = $dnsdb->getSOA('n', $revrec, $pzone);
+      $ttl = $soa->{minttl};
+      $expires = 'y';
+    } 
+    return ($ttl, 'y', $expires, $stampin);
+  }
 
   sub recslurp {
@@ -274 +299 @@
       my $fparent = $dnsdb->_hostparent($host);
       my ($rparent) = $dbh->selectrow_array("SELECT rdns_id FROM revzones WHERE revnet >> ?", undef, ($ip));
+
+      my $stampactive = 'n';
+      my $expires = 'n';
+
+      # can't set a timestamp on an orphaned record.  we'll actually fail import of this record a little later.
+      if ($fparent || $rparent) {
+        if ($fparent) {
+          ($ttl, $stampactive, $expires, $stamp) = calcstamp($stamp, $ttl, $fparent, 'n');
+        } else {
+          ($ttl, $stampactive, $expires, $stamp) = calcstamp($stamp, $ttl, $rparent, 'y');
+        }
+      }
+
       if ($fparent && $rparent) {
-        $recsth->execute($fparent, $rparent, $host, 65280, $ip, 0, 0, 0, $ttl, $loc);
+        $recsth->execute($fparent, $rparent, $host, 65280, $ip, 0, 0, 0, $ttl, $loc, $stamp, $expires, $stampactive);
       } else {
         if ($importcfg{legacy}) {
@@ -282 +320 @@
           $rparent = 0 if !$rparent;
           if ($fparent || $rparent) {
-            $recsth->execute($fparent, $rparent, $host, 65280, $ip, 0, 0, 0, $ttl, $loc);
+            $recsth->execute($fparent, $rparent, $host, 65280, $ip, 0, 0, 0, $ttl, $loc, $stamp, $expires, $stampactive);
           } else {
             # No parents found, cowardly refusing to add a dangling record
@@ -290 +328 @@
         } elsif ($importcfg{conv}) {
           # downconvert A+PTR if forward zone is not found
-          $recsth->execute(0, $rparent, $host, 12, $ip, 0, 0, 0, $ttl, $loc);
+          $recsth->execute(0, $rparent, $host, 12, $ip, 0, 0, 0, $ttl, $loc, $stamp, $expires, $stampactive);
           $converted++;
         } else {
@@ -310 +348 @@
       $loc = '' if !$loc;
       $loc = '' if $loc =~ /^:+$/;
+
+      my $stampactive = 'n';
+      my $expires = 'n';
+
       if ($host =~ /\.arpa$/) {
         ($code,$msg) = DNSDB::_zone2cidr($host);
         my ($rparent) = $dbh->selectrow_array("SELECT rdns_id FROM revzones WHERE revnet >> ?", undef, ($msg));
-        $recsth->execute(0, $rparent, $targ, 5, $msg->addr, 0, 0, 0, $ttl, $loc);
+        if ($rparent) {
+          ($ttl, $stampactive, $expires, $stamp) = calcstamp($stamp, $ttl, $rparent, 'y');
+          $recsth->execute(0, $rparent, $targ, 5, $msg->addr, 0, 0, 0, $ttl, $loc, $stamp, $expires, $stampactive);
+        } else {
+          push @deferred, $rec unless $nodefer;
+          $impok = 0;
+          #  print "$tmporig deferred;  can't find parent zone\n";
+        }
 
 ##fixme:  automagically convert manually maintained sub-/24 delegations
@@ -324 +373 @@
         my $fparent = $dnsdb->_hostparent($host);
         if ($fparent) {
-          $recsth->execute($fparent, 0, $host, 5, $targ, 0, 0, 0, $ttl, $loc);
+          ($ttl, $stampactive, $expires, $stamp) = calcstamp($stamp, $ttl, $fparent, 'n');
+          $recsth->execute($fparent, 0, $host, 5, $targ, 0, 0, 0, $ttl, $loc, $stamp, $expires, $stampactive);
         } else {
           push @deferred, $rec unless $nodefer;
@@ -344 +394 @@
       $loc = '' if !$loc;
       $loc = '' if $loc =~ /^:+$/;
+
+      my $stampactive = 'n';
+      my $expires = 'n';
+
       if ($zone =~ /\.arpa$/) {
         ($code,$msg) = DNSDB::_zone2cidr($zone);
@@ -352 +406 @@
 #       if !$rparent;
         if ($rparent) {
-          $recsth->execute(0, $rparent, $ns, 2, $msg, 0, 0, 0, $ttl, $loc);
+          ($ttl, $stampactive, $expires, $stamp) = calcstamp($stamp, $ttl, $rparent, 'y');
+          $recsth->execute(0, $rparent, $ns, 2, $msg, 0, 0, 0, $ttl, $loc, $stamp, $expires, $stampactive);
         } else {
           push @deferred, $rec unless $nodefer;
@@ -360 +415 @@
         my $fparent = $dnsdb->_hostparent($zone);
         if ($fparent) {
-          $recsth->execute($fparent, 0, $zone, 2, $ns, 0, 0, 0, $ttl, $loc);
-          $recsth->execute($fparent, 0, $ns, 2, $ip, 0, 0, 0, $ttl, $loc) if $ip;
+          ($ttl, $stampactive, $expires, $stamp) = calcstamp($stamp, $ttl, $fparent, 'n');
+          $recsth->execute($fparent, 0, $zone, 2, $ns, 0, 0, 0, $ttl, $loc, $stamp, $expires, $stampactive);
+          $recsth->execute($fparent, 0, $ns, 2, $ip, 0, 0, 0, $ttl, $loc, $stamp, $expires, $stampactive) if $ip;
         } else {
           push @deferred, $rec unless $nodefer;
@@ -378 +434 @@
       $loc = '' if !$loc;
       $loc = '' if $loc =~ /^:+$/;
+
+      my $stampactive = 'n';
+      my $expires = 'n';
+
       my $rparent;
       if (my ($i, $z) = ($rip =~ /^(\d+)\.(\d+-(?:\d+\.){4}in-addr.arpa)$/) ) {
@@ -392 +452 @@
       }
       if ($rparent) {
-        $recsth->execute(0, $rparent, $host, 12, $msg->addr, 0, 0, 0, $ttl, $loc);
+        ($ttl, $stampactive, $expires, $stamp) = calcstamp($stamp, $ttl, $rparent, 'y');
+        $recsth->execute(0, $rparent, $host, 12, $msg->addr, 0, 0, 0, $ttl, $loc, $stamp, $expires, $stampactive);
       } else {
         push @deferred, $rec unless $nodefer;
@@ -410 +471 @@
       $loc = '' if $loc =~ /^:+$/;
 
+      my $stampactive = 'n';
+      my $expires = 'n';
+
       my $domid = $dnsdb->_hostparent($host);
       if ($domid) {
-        $recsth->execute($domid, 0, $host, 1, $ip, 0, 0, 0, $ttl, $loc);
+        ($ttl, $stampactive, $expires, $stamp) = calcstamp($stamp, $ttl, $domid, 'n');
+        $recsth->execute($domid, 0, $host, 1, $ip, 0, 0, 0, $ttl, $loc, $stamp, $expires, $stampactive);
       } else {
         push @deferred, $rec unless $nodefer;
@@ -430 +495 @@
       $loc = '' if !$loc;
       $loc = '' if $loc =~ /^:+$/;
+
+      my $stampactive = 'n';
+      my $expires = 'n';
+
+##fixme er... what do we do with an SOA with a timestamp?  O_o
+# fail for now, since there's no clean way I can see to handle this (yet)
+# maybe (ab)use the -l flag to import as-is?
+      if ($stamp) {
+        push @deferred, $rec unless $nodefer;
+        return 0;
+      }
+
+##fixme: need more magic on TTL, so we can decide whether to use the minttl or newttl
+#      my $newttl;
+#      ($newttl, $stampactive, $expires, $stamp) = calcstamp($stamp, $minttl, 0, 'n');
+#      $ttl = $newttl if !$ttl;
+
       if ($zone =~ /\.arpa$/) {
         ($code,$msg) = DNSDB::_zone2cidr($zone);
@@ -435 +517 @@
                 undef, ($msg, $loc));
         my ($rdns) = $dbh->selectrow_array("SELECT currval('revzones_rdns_id_seq')");
-        $recsth->execute(0, $rdns, "$contact:$master", 6, "$refresh:$retry:$expire:$minttl", 0, 0, 0, $ttl, $loc);
+        my $newttl;
+        ($newttl, $stampactive, $expires, $stamp) = calcstamp($stamp, $minttl, 0, 'y');
+        $ttl = $newttl if !$ttl;
+        $recsth->execute(0, $rdns, "$contact:$master", 6, "$refresh:$retry:$expire:$minttl", 0, 0, 0, $ttl,
+                $loc, $stamp, $expires, $stampactive);
       } else {
         $dbh->do("INSERT INTO domains (domain,group_id,status,default_location) VALUES (?,1,1,?)",
                 undef, ($zone, $loc));
         my ($domid) = $dbh->selectrow_array("SELECT currval('domains_domain_id_seq')");
-        $recsth->execute($domid, 0, "$contact:$master", 6, "$refresh:$retry:$expire:$minttl", 0, 0, 0, $ttl, $loc);
+        my $newttl;
+        ($newttl, $stampactive, $expires, $stamp) = calcstamp($stamp, $minttl, 0, 'n');
+        $ttl = $newttl if !$ttl;
+        $recsth->execute($domid, 0, "$contact:$master", 6, "$refresh:$retry:$expire:$minttl", 0, 0, 0, $ttl,
+                $loc, $stamp, $expires, $stampactive);
       }
 
@@ -457 +547 @@
       $loc = '' if $loc =~ /^:+$/;
 
+      my $stampactive = 'n';
+      my $expires = 'n';
+
 # note we don't check for reverse domains here, because MX records don't make any sense in reverse zones.
 # if this really ever becomes an issue for someone it can be expanded to handle those weirdos
@@ -463 +556 @@
       my $domid = $dnsdb->_hostparent($zone);
       if ($domid) {
-        $recsth->execute($domid, 0, $zone, 15, $host, $dist, 0, 0, $ttl, $loc);
-        $recsth->execute($domid, 0, $host, 1, $ip, 0, 0, 0, $ttl, $loc) if $ip;
+        ($ttl, $stampactive, $expires, $stamp) = calcstamp($stamp, $ttl, $domid, 'n');
+        $recsth->execute($domid, 0, $zone, 15, $host, $dist, 0, 0, $ttl, $loc, $stamp, $expires, $stampactive);
+        $recsth->execute($domid, 0, $host, 1, $ip, 0, 0, 0, $ttl, $loc, $stamp, $expires, $stampactive) if $ip;
       } else {
         push @deferred, $rec unless $nodefer;
@@ -482 +576 @@
       $loc = '' if $loc =~ /^:+$/;
 
+      my $stampactive = 'n';
+      my $expires = 'n';
+
       if ($fqdn =~ /\.arpa$/) {
         ($code,$msg) = DNSDB::_zone2cidr($fqdn);
         my ($rparent) = $dbh->selectrow_array("SELECT rdns_id FROM revzones WHERE revnet >> ?", undef, ($msg));
-        $recsth->execute(0, $rparent, $rdata, 16, "$msg", 0, 0, 0, $ttl, $loc);
+        ($ttl, $stampactive, $expires, $stamp) = calcstamp($stamp, $ttl, $rparent, 'y');
+        $recsth->execute(0, $rparent, $rdata, 16, "$msg", 0, 0, 0, $ttl, $loc, $stamp, $expires, $stampactive);
       } else {
         my $domid = $dnsdb->_hostparent($fqdn);
         if ($domid) {
-          $recsth->execute($domid, 0, $fqdn, 16, $rdata, 0, 0, 0, $ttl, $loc);
+          ($ttl, $stampactive, $expires, $stamp) = calcstamp($stamp, $ttl, $domid, 'n');
+          $recsth->execute($domid, 0, $fqdn, 16, $rdata, 0, 0, 0, $ttl, $loc, $stamp, $expires, $stampactive);
         } else {
           push @deferred, $rec unless $nodefer;
@@ -508 +607 @@
       $loc = '' if !$loc;
       $loc = '' if $loc =~ /^:+$/;
+
+      my $stampactive = 'n';
+      my $expires = 'n';
+
+##fixme er... what do we do with an SOA with a timestamp?  O_o
+# fail for now, since there's no clean way I can see to handle this (yet)
+# maybe (ab)use the -l flag to import as-is?
+      if ($stamp) {
+        push @deferred, $rec unless $nodefer;
+        return 0;
+      }
+
+##fixme: need more magic on TTL, so we can decide whether to use the minttl or newttl
+#      my $newttl;
+#      ($newttl, $stampactive, $expires, $stamp) = calcstamp($stamp, $minttl, 0, 'n');
 
       if ($fqdn =~ /\.arpa$/) {
@@ -517 +631 @@
                 undef, ($msg, $loc));
           ($rdns) = $dbh->selectrow_array("SELECT currval('revzones_rdns_id_seq')");
+          ($ttl, $stampactive, $expires, $stamp) = calcstamp($stamp, 2560, 0, 'y');
 # this would probably make a lot more sense to do hostmaster.$config{admindomain}
-          $recsth->execute(0, $rdns, "hostmaster.$fqdn:$ns", 6, "16384:2048:1048576:2560", 0, 0, 0, "2560", $loc);
-        }
-        $recsth->execute(0, $rdns, $ns, 2, "$msg", 0, 0, 0, $ttl, $loc);
+# otherwise, it's as per the tinydns defaults that work tolerably well on a small scale
+# serial -> modtime of data file, ref -> 16384, ret -> 2048, exp -> 1048576, min -> 2560
+          $recsth->execute(0, $rdns, "hostmaster.$fqdn:$ns", 6, "16384:2048:1048576:2560", 0, 0, 0, "2560",
+                $loc, $stamp, $expires, $stampactive);
+        }
+        ($ttl, $stampactive, $expires, $stamp) = calcstamp($stamp, 2560, $rdns, 'y') if !$stamp;
+        $recsth->execute(0, $rdns, $ns, 2, "$msg", 0, 0, 0, $ttl, $loc, $stamp, $expires, $stampactive);
 ##fixme:  (?)  implement full conversion of tinydns . records?
 # -> problem:  A record for NS must be added to the appropriate *forward* zone, not the reverse
-#$recsth->execute(0, $rdns, $ns, 1, $ip, 0, 0, 0, $ttl)
+#$recsth->execute(0, $rdns, $ns, 1, $ip, 0, 0, 0, $ttl, $stamp, $expires, $stampactive)
 # ...  auto-A-record simply does not make sense in reverse zones.  Functionally
 # I think it would work, sort of, but it's a nasty mess and anyone hosting reverse
@@ -537 +656 @@
                 undef, ($fqdn, $loc));
           ($domid) = $dbh->selectrow_array("SELECT currval('domains_domain_id_seq')");
-          $recsth->execute($domid, 0, "hostmaster.$fqdn:$ns", 6, "16384:2048:1048576:2560", 0, 0, 0, "2560", $loc);
-        }
-        $recsth->execute($domid, 0, $fqdn, 2, $ns, 0, 0, 0, $ttl, $loc);
-        $recsth->execute($domid, 0, $ns, 1, $ip, 0, 0, 0, $ttl, $loc) if $ip;
+          ($ttl, $stampactive, $expires, $stamp) = calcstamp($stamp, 2560, 0, 'n');
+          $recsth->execute($domid, 0, "hostmaster.$fqdn:$ns", 6, "16384:2048:1048576:2560", 0, 0, 0, "2560",
+                $loc, $stamp, $expires, $stampactive);
+        }
+        ($ttl, $stampactive, $expires, $stamp) = calcstamp($stamp, $ttl, $domid, 'n') if !$stamp;
+        $recsth->execute($domid, 0, $fqdn, 2, $ns, 0, 0, 0, $ttl, $loc, $stamp, $expires, $stampactive);
+        $recsth->execute($domid, 0, $ns, 1, $ip, 0, 0, 0, $ttl, $loc, $stamp, $expires, $stampactive) if $ip;
       }
 
@@ -576 +698 @@
       $loc = '' if !$loc;
       $loc = '' if $loc =~ /^:+$/;
+
+      my $stampactive = 'n';
+      my $expires = 'n';
 
       if ($type == 33) {
@@ -604 +729 @@
         my $domid = $dnsdb->_hostparent($fqdn);
         if ($domid) {
-          $recsth->execute($domid, 0, $fqdn, 33, $target, $prio, $weight, $port, $ttl, $loc) if $domid;
+          ($ttl, $stampactive, $expires, $stamp) = calcstamp($stamp, $ttl, $domid, 'n');
+          $recsth->execute($domid, 0, $fqdn, 33, $target, $prio, $weight, $port, $ttl, $loc, $stamp, $expires, $stampactive) if $domid;
         } else {
           push @deferred, $rec unless $nodefer;
@@ -621 +747 @@
 
         my $fparent = $dnsdb->_hostparent($fqdn);
+
         if ($fparent) {
-          $recsth->execute($fparent, 0, $fqdn, 28, $val->addr, 0, 0, 0, $ttl, $loc);
+          ($ttl, $stampactive, $expires, $stamp) = calcstamp($stamp, $ttl, $fparent, 'n');
+          $recsth->execute($fparent, 0, $fqdn, 28, $val->addr, 0, 0, 0, $ttl, $loc, $stamp, $expires, $stampactive);
         } else {
           push @deferred, $rec unless $nodefer;
@@ -636 +764 @@
           my ($rparent) = $dbh->selectrow_array("SELECT rdns_id FROM revzones WHERE revnet >> ?", undef, ($msg));
           if ($rparent) {
-            $recsth->execute(0, $rparent, $txtstring, 16, "$msg", 0, 0, 0, $ttl, $loc);
+            ($ttl, $stampactive, $expires, $stamp) = calcstamp($stamp, $ttl, $rparent, 'y');
+            $recsth->execute(0, $rparent, $txtstring, 16, "$msg", 0, 0, 0, $ttl, $loc, $stamp, $expires, $stampactive);
           } else {
             push @deferred, $rec unless $nodefer;
@@ -644 +773 @@
           my $domid = $dnsdb->_hostparent($fqdn);
           if ($domid) {
-            $recsth->execute($domid, 0, $fqdn, 16, $txtstring, 0, 0, 0, $ttl, $loc);
+            ($ttl, $stampactive, $expires, $stamp) = calcstamp($stamp, $ttl, $domid, 'n');
+            $recsth->execute($domid, 0, $fqdn, 16, $txtstring, 0, 0, 0, $ttl, $loc, $stamp, $expires, $stampactive);
           } else {
             push @deferred, $rec unless $nodefer;
@@ -664 +794 @@
           my ($rparent) = $dbh->selectrow_array("SELECT rdns_id FROM revzones WHERE revnet >> ?", undef, ($msg));
           if ($rparent) {
-            $recsth->execute(0, $rparent, "$email $txtrec", 17, "$msg", 0, 0, 0, $ttl, $loc);
+            ($ttl, $stampactive, $expires, $stamp) = calcstamp($stamp, $ttl, $rparent, 'y');
+            $recsth->execute(0, $rparent, "$email $txtrec", 17, "$msg", 0, 0, 0, $ttl, $loc, $stamp, $expires, $stampactive );
           } else {
             push @deferred, $rec unless $nodefer;
@@ -672 +803 @@
           my $domid = $dnsdb->_hostparent($fqdn);
           if ($domid) {
-            $recsth->execute($domid, 0, $fqdn, 17, "$email $txtrec", 0, 0, 0, $ttl, $loc);
+            ($ttl, $stampactive, $expires, $stamp) = calcstamp($stamp, $ttl, $domid, 'n');
+            $recsth->execute($domid, 0, $fqdn, 17, "$email $txtrec", 0, 0, 0, $ttl, $loc, $stamp, $expires, $stampactive);
           } else {
             push @deferred, $rec unless $nodefer;
@@ -688 +820 @@
         my $domid = $dnsdb->_hostparent($fqdn);
         if ($domid) {
-          $recsth->execute($domid, 0, $fqdn, 44, $sshfp, 0, 0, 0, $ttl, $loc);
+          ($ttl, $stampactive, $expires, $stamp) = calcstamp($stamp, $ttl, $domid, 'n');
+          $recsth->execute($domid, 0, $fqdn, 44, $sshfp, 0, 0, 0, $ttl, $loc, $stamp, $expires, $stampactive);
         } else {
           push @deferred, $rec unless $nodefer;