Changeset 891


Ignore:
Timestamp:
06/25/25 17:27:31 (5 days ago)
Author:
Kris Deugau
Message:

/trunk

Fill in most bits of record "expiry"/"valid-after" for BIND-style zone
export, including a config option for the small TTL records will be set
to when actually preparing to "expire"

Location:
trunk
Files:
3 edited

Legend:

Unmodified
Added
Removed
  • trunk/DNSDB.pm

    r888 r891  
    209209                bind_export_conf_path   => 'zones.conf',
    210210                bind_export_shortlines  => 0,
     211                bind_export_autoexpire_ttl      => 15,
    211212
    212213                # Session params
     
    22032204      $cfg->{bind_export_zone_path}   = $1 if m{^bind_export_zone_path\s*=\s*([a-z0-9/_.%-]+)}i;
    22042205      $cfg->{bind_export_shortlines}  = $1 if /^bind_export_shortlines\s*=\s*([a-z01]+)/i;
     2206      $cfg->{bind_export_autoexpire_ttl} = $1 if /^bind_export_autoexpire_ttl\s*=\s*(\d+);
    22052207      $cfg->{force_refresh}     = $1 if /^force_refresh\s*=\s*([a-z01]+)/i;
    22062208      $cfg->{lowercase}         = $1 if /^lowercase\s*=\s*([a-z01]+)/i;
  • trunk/DNSDB/ExportBIND.pm

    r882 r891  
    462462  $loc = '' if !$loc;
    463463
     464  ## Records that are valid only before or after a set time
     465  # Note that BIND-style zone files fundamentally don't support this directly
     466  # unlike tinydns, as it's not a native feature/function.  Dropping TTLs to
     467  # 15s or so is the best we can do for expiry.  "Valid-after" is only as good
     468  # as the export cron job timing.
     469  if ($stampactive) {
     470    my $now = time();
     471    if ($expires) {
     472      # record expires at $stamp;  decide if we need to keep the TTL on file
     473      # or set it to 15 so the record falls out of caches quickly sometime
     474      # around the nominal expiry time.
     475
     476      # For weirdos who set huge TTLs, cap the TTL at one day.  30+ years ago
     477      # long TTLs made sense when even DNS had a measurable cost in small
     478      # networks;  today DNS is below the noise floor in all but the largest
     479      # networks and systems.
     480      my $ahead = (86400 < $ttl*2 ? 86400 : $ttl*2);
     481      if (($now + $ahead) < $stamp) {
     482        # more than 2x TTL OR more than one day (whichever is less) from expiry time;  publish normal record
     483      } elsif ($now > $stamp) {
     484        # record has expired;  return early as we don't need to publish anything
     485        return;
     486      } else {
     487        # less than 2x TTL from expiry time, set a short TTL
     488        $ttl = $dnsdb->{bind_export_autoexpire_ttl};
     489      }
     490    } else {
     491      # record is "active after";  return unless it's now after the nominal validity timestamp.
     492      return unless $now >= $stamp;
     493    }
     494  } # if $stampactive
     495
    464496  ## And now to the records!
    465497
  • trunk/dnsdb.conf

    r857 r891  
    3737# export all hostnames as full dot-terminated FQDNs?
    3838#bind_export_fqdn = 1
     39# Short TTL for "autoexpiry" of records.  Values between 1 and 10 or so may
     40# result in unresolveable names.  0 may be arbitrarily clamped to some saner
     41# value by third party caches.
     42#bind_export_autoexpire_ttl = 15
    3943
    4044## DNS data template options
Note: See TracChangeset for help on using the changeset viewer.