Hello Sirs,
I am Sukmoon Lee, a software developer and network engineer in South Korea.
Recently, most clients(smart phone) have a local DNS cache.
The Cache DNS TTL affects the client cache expiration time domain. So many
clients have caused a burst DNS traffic.
In order to solve this issue made the following patches for 9.9.9-P2 ISC BIND.
It was modified so as not to affect the original code as much as possible.
This function is working using '--enable-cache-ttl' option.
So cache DNS responses a stored cache TTL.
My question is wondering whether to require this function.
So, please check code that there are no problems.
Thank you.
Sukmoon Lee
diff -Nur bind-9.9.9-P2/bin/named/query.c bind-9.9.9-P2-ttl/bin/named/query.c
--- bind-9.9.9-P2/bin/named/query.c 2016-07-14 08:54:33.000000000 +0900
+++ bind-9.9.9-P2-ttl/bin/named/query.c 2016-07-27 11:05:46.414020726 +0900
@@ -2302,11 +2302,15 @@
dns_rdatalist_init(dns64_rdatalist);
dns64_rdatalist->rdclass = dns_rdataclass_in;
dns64_rdatalist->type = dns_rdatatype_aaaa;
+#ifdef USE_CACHE_STORED_TTL
+ dns64_rdatalist->ttl = rdataset->base_ttl;
+#else
if (client->query.dns64_ttl != ISC_UINT32_MAX)
dns64_rdatalist->ttl = ISC_MIN(rdataset->ttl,
client->query.dns64_ttl);
else
dns64_rdatalist->ttl = ISC_MIN(rdataset->ttl, 600);
+#endif
if (RECURSIONOK(client))
flags |= DNS_DNS64_RECURSIVE;
@@ -2360,6 +2364,9 @@
result = dns_rdatalist_tordataset(dns64_rdatalist, dns64_rdataset);
if (result != ISC_R_SUCCESS)
goto cleanup;
+#ifdef USE_CACHE_STORED_TTL
+ dns64_rdataset->base_ttl = rdataset->base_ttl;
+#endif
client->query.attributes |= NS_QUERYATTR_NOADDITIONAL;
dns64_rdataset->trust = rdataset->trust;
query_addrdataset(client, mname, dns64_rdataset);
@@ -5456,7 +5463,11 @@
dns_rdataset_current(&rdataset, &rdata);
result = dns_rdata_tostruct(&rdata, &soa, NULL);
RUNTIME_CHECK(result == ISC_R_SUCCESS);
+#ifdef USE_CACHE_STORED_TTL
+ ttl = ISC_MIN(rdataset.base_ttl, soa.minimum);
+#else
ttl = ISC_MIN(rdataset.ttl, soa.minimum);
+#endif
cleanup:
if (dns_rdataset_isassociated(&rdataset))
@@ -6984,10 +6995,14 @@
* decremented to zero or if there was no negative cache
* ttl in the answer.
*/
+#ifdef USE_CACHE_STORED_TTL
+ client->query.dns64_ttl = rdataset->base_ttl;
+#else
if (rdataset->ttl != 0)
client->query.dns64_ttl = rdataset->ttl;
else if (dns_rdataset_first(rdataset) == ISC_R_SUCCESS)
client->query.dns64_ttl = 0;
+#endif
query_releasename(client, &fname);
dns_db_detachnode(db, &node);
rdataset = NULL;
@@ -7510,7 +7525,11 @@
*/
client->query.dns64_aaaa = rdataset;
client->query.dns64_sigaaaa = sigrdataset;
+#ifdef USE_CACHE_STORED_TTL
+ client->query.dns64_ttl = rdataset->base_ttl;
+#else
client->query.dns64_ttl = rdataset->ttl;
+#endif
query_releasename(client, &fname);
dns_db_detachnode(db, &node);
rdataset = NULL;
diff -Nur bind-9.9.9-P2/config.h.in bind-9.9.9-P2-ttl/config.h.in
--- bind-9.9.9-P2/config.h.in 2016-07-14 08:54:33.000000000 +0900
+++ bind-9.9.9-P2-ttl/config.h.in 2016-07-27 08:35:55.669404673 +0900
@@ -159,6 +159,9 @@
/* Define to enable the "filter-aaaa-on-v4" option. */
#undef ALLOW_FILTER_AAAA_ON_V4
+/* Define to enable the "cache-ttl" option. */
+#undef USE_CACHE_STORED_TTL
+
/* define if ATF unit tests are to be built. */
#undef ATF_TEST
diff -Nur bind-9.9.9-P2/configure bind-9.9.9-P2-ttl/configure
--- bind-9.9.9-P2/configure 2016-07-14 08:54:33.000000000 +0900
+++ bind-9.9.9-P2-ttl/configure 2016-07-27 08:33:08.743618406 +0900
@@ -1024,6 +1024,7 @@
with_dlz_stub
with_make_clean
enable_full_report
+enable_cache_ttl
'
ac_precious_vars='build_alias
host_alias
@@ -1690,6 +1691,7 @@
[default=no]
--enable-querytrace enable very verbose query trace logging [default=no]
--enable-full-report report values of all configure options
+ --enable-cache-ttl use response a stored cache ttl [default=no]
Optional Packages:
--with-PACKAGE[=ARG] use PACKAGE [ARG=yes]
@@ -11442,6 +11444,7 @@
test "${enable_fetchlimit+set}" = set || enable_fetchlimit=yes
test "${enable_warn_error+set}" = set || enable_warn_error=yes
test "${enable_warn_shadow+set}" = set || enable_warn_shadow=yes
+ test "${enable_cache_ttl+set}" = set || enable_cache_ttl=yes
;;
esac
#
@@ -13211,6 +13214,26 @@
#
+# check if we want Stored Cache TTL
+#
+# Check whether --enable-cache-ttl was given.
+if test "${enable_cache_ttl+set}" = set; then :
+ enableval=$enable_cache_ttl;
+fi
+
+case "$enable_cache_ttl" in
+yes)
+
+$as_echo "#define USE_CACHE_STORED_TTL 1" >>confdefs.h
+
+ ;;
+*)
+ ;;
+esac
+
+
+
+#
# check if we have kqueue
#
# Check whether --enable-kqueue was given.
@@ -23531,6 +23554,8 @@
test "$want_querytrace" = "yes" && \
echo " Very verbose query trace logging (--enable-querytrace)"
test "$atf" = "no" || echo " Automated Testing Framework (--with-atf)"
+test "$enable_cache_ttl" = "yes" && \
+ echo " Stored cache TTL (--enable-cacht-ttl)"
# these lines are only printed if run with --enable-full-report
if test "$enable_full_report" = "yes"; then
@@ -23590,6 +23615,8 @@
echo " ECDSA algorithm support (--with-ecdsa)"
test "X$PYTHON" = "X" && echo " Python tools (--with-python)"
test "X$libxml2_libs" = "X" && echo " XML statistics (--with-libxml2)"
+test "$enable_cacht_ttl" = "yes" || \
+ echo " Stored cache TTL (--enable-cache-ttl)"
if test "X$ac_unrecognized_opts" != "X"; then
echo
diff -Nur bind-9.9.9-P2/lib/dns/include/dns/rdataset.h
bind-9.9.9-P2-ttl/lib/dns/include/dns/rdataset.h
--- bind-9.9.9-P2/lib/dns/include/dns/rdataset.h 2016-07-14
08:54:33.000000000 +0900
+++ bind-9.9.9-P2-ttl/lib/dns/include/dns/rdataset.h 2016-07-27
08:33:28.849073731 +0900
@@ -137,6 +137,9 @@
dns_rdataclass_t rdclass;
dns_rdatatype_t type;
dns_ttl_t ttl;
+#ifdef USE_CACHE_STORED_TTL
+ dns_ttl_t base_ttl;
+#endif
dns_trust_t trust;
dns_rdatatype_t covers;
/*
diff -Nur bind-9.9.9-P2/lib/dns/rbtdb.c bind-9.9.9-P2-ttl/lib/dns/rbtdb.c
--- bind-9.9.9-P2/lib/dns/rbtdb.c 2016-07-14 08:54:33.000000000 +0900
+++ bind-9.9.9-P2-ttl/lib/dns/rbtdb.c 2016-07-27 08:33:49.981554223 +0900
@@ -342,6 +342,9 @@
*/
rbtdb_serial_t serial;
dns_ttl_t rdh_ttl;
+#ifdef USE_CACHE_STORED_TTL
+ dns_ttl_t base_ttl;
+#endif
rbtdb_rdatatype_t type;
isc_uint16_t attributes;
dns_trust_t trust;
@@ -2948,6 +2951,9 @@
rdataset->type = RBTDB_RDATATYPE_BASE(header->type);
rdataset->covers = RBTDB_RDATATYPE_EXT(header->type);
rdataset->ttl = header->rdh_ttl - now;
+#ifdef USE_CACHE_STORED_TTL
+ rdataset->base_ttl = header->base_ttl;
+#endif
rdataset->trust = header->trust;
if (NEGATIVE(header))
rdataset->attributes |= DNS_RDATASETATTR_NEGATIVE;
@@ -6676,6 +6682,13 @@
newheader = (rdatasetheader_t *)region.base;
init_rdataset(rbtdb, newheader);
set_ttl(rbtdb, newheader, rdataset->ttl + now);
+#ifdef USE_CACHE_STORED_TTL
+ if (rdataset->type==0) { // ncache for dns64
+ newheader->base_ttl = rdataset->ttl;
+ } else {
+ newheader->base_ttl = rdataset->base_ttl;
+ }
+#endif
newheader->type = RBTDB_RDATATYPE_VALUE(rdataset->type,
rdataset->covers);
newheader->attributes = 0;
@@ -6862,6 +6875,13 @@
newheader = (rdatasetheader_t *)region.base;
init_rdataset(rbtdb, newheader);
set_ttl(rbtdb, newheader, rdataset->ttl);
+#ifdef USE_CACHE_STORED_TTL
+ if (rdataset->type==0) { // ncache for dns64
+ newheader->base_ttl = rdataset->ttl;
+ } else {
+ newheader->base_ttl = rdataset->base_ttl;
+ }
+#endif
newheader->type = RBTDB_RDATATYPE_VALUE(rdataset->type,
rdataset->covers);
newheader->attributes = 0;
diff -Nur bind-9.9.9-P2/lib/dns/rdataset.c bind-9.9.9-P2-ttl/lib/dns/rdataset.c
--- bind-9.9.9-P2/lib/dns/rdataset.c 2016-07-14 08:54:33.000000000 +0900
+++ bind-9.9.9-P2-ttl/lib/dns/rdataset.c 2016-07-27 10:49:36.011035374
+0900
@@ -70,6 +70,9 @@
rdataset->rdclass = 0;
rdataset->type = 0;
rdataset->ttl = 0;
+#ifdef USE_CACHE_STORED_TTL
+ rdataset->base_ttl = 0;
+#endif
rdataset->trust = 0;
rdataset->covers = 0;
rdataset->attributes = 0;
@@ -99,6 +102,9 @@
rdataset->rdclass = 0;
rdataset->type = 0;
rdataset->ttl = 0;
+#ifdef USE_CACHE_STORED_TTL
+ rdataset->base_ttl = 0;
+#endif
rdataset->trust = 0;
rdataset->covers = 0;
rdataset->attributes = 0;
@@ -126,6 +132,9 @@
rdataset->rdclass = 0;
rdataset->type = 0;
rdataset->ttl = 0;
+#ifdef USE_CACHE_STORED_TTL
+ rdataset->base_ttl = 0;
+#endif
rdataset->trust = 0;
rdataset->covers = 0;
rdataset->attributes = 0;
@@ -488,7 +497,15 @@
isc_buffer_putuint16(target, rdataset->type);
isc_buffer_putuint16(target, rdataset->rdclass);
if (!question) {
+#ifdef USE_CACHE_STORED_TTL
+ if (rdataset->type==dns_rdatatype_a ||
rdataset->type==dns_rdatatype_aaaa) {
+ isc_buffer_putuint32(target,
rdataset->base_ttl);
+ } else {
+ isc_buffer_putuint32(target, rdataset->ttl);
+ }
+#else
isc_buffer_putuint32(target, rdataset->ttl);
+#endif
/*
* Save space for rdlen.
diff -Nur bind-9.9.9-P2/lib/dns/resolver.c bind-9.9.9-P2-ttl/lib/dns/resolver.c
--- bind-9.9.9-P2/lib/dns/resolver.c 2016-07-14 08:54:33.000000000 +0900
+++ bind-9.9.9-P2-ttl/lib/dns/resolver.c 2016-07-27 10:46:42.692031770
+0900
@@ -5119,6 +5119,13 @@
if (rdataset->ttl > res->view->maxcachettl)
rdataset->ttl = res->view->maxcachettl;
+#ifdef USE_CACHE_STORED_TTL
+ /*
+ * Save a stored cache TTL.
+ */
+ rdataset->base_ttl = rdataset->ttl;
+
+#endif
/*
* Find the SIG for this rdataset, if we have it.
*/
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
