diff options
Diffstat (limited to 'plugin/dnssec/dnssec.go')
| -rw-r--r-- | plugin/dnssec/dnssec.go | 10 |
1 files changed, 10 insertions, 0 deletions
diff --git a/plugin/dnssec/dnssec.go b/plugin/dnssec/dnssec.go index 83e034e6c..e071c5c18 100644 --- a/plugin/dnssec/dnssec.go +++ b/plugin/dnssec/dnssec.go @@ -131,6 +131,15 @@ func (d Dnssec) set(key uint32, sigs []dns.RR) { func (d Dnssec) get(key uint32) ([]dns.RR, bool) { if s, ok := d.cache.Get(key); ok { + // we sign for 8 days, check if a signature in the cache reached 3/4 of that + is75 := time.Now().UTC().Add(sixDays) + for _, rr := range s.([]dns.RR) { + if !rr.(*dns.RRSIG).ValidityPeriod(is75) { + cacheMisses.Inc() + return nil, false + } + } + cacheHits.Inc() return s.([]dns.RR), true } @@ -146,5 +155,6 @@ func incepExpir(now time.Time) (uint32, uint32) { const ( eightDays = 8 * 24 * time.Hour + sixDays = 6 * 24 * time.Hour defaultCap = 10000 // default capacity of the cache. ) |