check for two days of remaining validity (#4606)

Signed-off-by: Keith C <keith@fraudmarc.com>

2 files changed, 3 insertions, 3 deletions

diff --git a/plugin/dnssec/cache.go b/plugin/dnssec/cache.go
index 877f8ef52..2acfe72a5 100644
--- a/plugin/dnssec/cache.go
+++ b/plugin/dnssec/cache.go
@@ -31,7 +31,7 @@ func periodicClean(c *cache.Cache, stop <-chan struct{}) {
 		case <-tick.C:
 			// we sign for 8 days, check if a signature in the cache reached 75% of that (i.e. 6), if found delete
 			// the signature
-			is75 := time.Now().UTC().Add(sixDays)
+			is75 := time.Now().UTC().Add(twoDays)
 			c.Walk(func(items map[uint64]interface{}, key uint64) bool {
 				for _, rr := range items[key].([]dns.RR) {
 					if !rr.(*dns.RRSIG).ValidityPeriod(is75) {
diff --git a/plugin/dnssec/dnssec.go b/plugin/dnssec/dnssec.go
index 6f943ec88..9e050f590 100644
--- a/plugin/dnssec/dnssec.go
+++ b/plugin/dnssec/dnssec.go
@@ -131,7 +131,7 @@ func (d Dnssec) set(key uint64, sigs []dns.RR) { d.cache.Add(key, sigs) }
 func (d Dnssec) get(key uint64, server string) ([]dns.RR, bool) {
 	if s, ok := d.cache.Get(key); ok {
 		// we sign for 8 days, check if a signature in the cache reached 3/4 of that
-		is75 := time.Now().UTC().Add(sixDays)
+		is75 := time.Now().UTC().Add(twoDays)
 		for _, rr := range s.([]dns.RR) {
 			if !rr.(*dns.RRSIG).ValidityPeriod(is75) {
 				cacheMisses.WithLabelValues(server).Inc()
@@ -154,6 +154,6 @@ func incepExpir(now time.Time) (uint32, uint32) {
 
 const (
 	eightDays  = 8 * 24 * time.Hour
-	sixDays    = 6 * 24 * time.Hour
+	twoDays    = 2 * 24 * time.Hour
 	defaultCap = 10000 // default capacity of the cache.
 )