Changeset 891

Timestamp:

06/25/25 17:27:31 (4 weeks ago)

Author:

Kris Deugau

Message:

/trunk

Fill in most bits of record "expiry"/"valid-after" for BIND-style zone
export, including a config option for the small TTL records will be set
to when actually preparing to "expire"

Location:

trunk

Files:

• DNSDB.pm (modified) (2 diffs)
• DNSDB/ExportBIND.pm (modified) (1 diff)
• dnsdb.conf (modified) (1 diff)

trunk/DNSDB.pm

@@ -209 +209 @@
                 bind_export_conf_path   => 'zones.conf',
                 bind_export_shortlines  => 0,
+                bind_export_autoexpire_ttl      => 15,
 
                 # Session params
@@ -2203 +2204 @@
       $cfg->{bind_export_zone_path}   = $1 if m{^bind_export_zone_path\s*=\s*([a-z0-9/_.%-]+)}i;
       $cfg->{bind_export_shortlines}  = $1 if /^bind_export_shortlines\s*=\s*([a-z01]+)/i;
+      $cfg->{bind_export_autoexpire_ttl} = $1 if /^bind_export_autoexpire_ttl\s*=\s*(\d+);
       $cfg->{force_refresh}     = $1 if /^force_refresh\s*=\s*([a-z01]+)/i;
       $cfg->{lowercase}         = $1 if /^lowercase\s*=\s*([a-z01]+)/i;

trunk/DNSDB/ExportBIND.pm

@@ -462 +462 @@
   $loc = '' if !$loc;
 
+  ## Records that are valid only before or after a set time
+  # Note that BIND-style zone files fundamentally don't support this directly
+  # unlike tinydns, as it's not a native feature/function.  Dropping TTLs to
+  # 15s or so is the best we can do for expiry.  "Valid-after" is only as good
+  # as the export cron job timing.
+  if ($stampactive) {
+    my $now = time();
+    if ($expires) {
+      # record expires at $stamp;  decide if we need to keep the TTL on file
+      # or set it to 15 so the record falls out of caches quickly sometime
+      # around the nominal expiry time.
+
+      # For weirdos who set huge TTLs, cap the TTL at one day.  30+ years ago
+      # long TTLs made sense when even DNS had a measurable cost in small
+      # networks;  today DNS is below the noise floor in all but the largest
+      # networks and systems.
+      my $ahead = (86400 < $ttl*2 ? 86400 : $ttl*2);
+      if (($now + $ahead) < $stamp) {
+        # more than 2x TTL OR more than one day (whichever is less) from expiry time;  publish normal record
+      } elsif ($now > $stamp) {
+        # record has expired;  return early as we don't need to publish anything
+        return;
+      } else {
+        # less than 2x TTL from expiry time, set a short TTL
+        $ttl = $dnsdb->{bind_export_autoexpire_ttl};
+      }
+    } else {
+      # record is "active after";  return unless it's now after the nominal validity timestamp.
+      return unless $now >= $stamp;
+    }
+  } # if $stampactive
+
   ## And now to the records!
 

trunk/dnsdb.conf

@@ -37 +37 @@
 # export all hostnames as full dot-terminated FQDNs?
 #bind_export_fqdn = 1
+# Short TTL for "autoexpiry" of records.  Values between 1 and 10 or so may
+# result in unresolveable names.  0 may be arbitrarily clamped to some saner
+# value by third party caches.
+#bind_export_autoexpire_ttl = 15
 
 ## DNS data template options