Browse Source

fix(api): reduce SOA refresh/retry to 1d for automatic RRSIG rollover

Currently, nsmaster only receives zone updates on record changes,
but not on RRSIG rollovers. This change makes nsmaster ask for
updates once a day.
Peter Thomassen 5 years ago
parent
commit
13133732f9
2 changed files with 3 additions and 4 deletions
  1. 2 3
      api/desecapi/pdns_change_tracker.py
  2. 1 1
      api/desecapi/tests/base.py

+ 2 - 3
api/desecapi/pdns_change_tracker.py

@@ -100,12 +100,11 @@ class PDNSChangeTracker:
                         # SOA RRset TTL: 300 (used as TTL for negative replies including NSEC3 records)
                         # SOA RRset TTL: 300 (used as TTL for negative replies including NSEC3 records)
                         'ttl': 300,
                         'ttl': 300,
                         'records': [{
                         'records': [{
-                            # SOA refresh: 2 weeks (our replication doesn't rely on this, and a high value keeps our
-                            #   frontends from asking all the time)
+                            # SOA refresh: 1 day (only needed for nslord --> nsmaster replication after RRSIG rotation)
                             # SOA retry = refresh
                             # SOA retry = refresh
                             # SOA expire: 4 weeks (all signatures will have expired anyways)
                             # SOA expire: 4 weeks (all signatures will have expired anyways)
                             # SOA minimum: 3600 (for CDS, CDNSKEY, DNSKEY, NSEC3PARAM)
                             # SOA minimum: 3600 (for CDS, CDNSKEY, DNSKEY, NSEC3PARAM)
-                            'content': 'set.an.example. get.desec.io. 1 1209600 1209600 2419200 3600',
+                            'content': 'set.an.example. get.desec.io. 1 86400 86400 2419200 3600',
                             'disabled': False
                             'disabled': False
                         }],
                         }],
                     }],
                     }],

+ 1 - 1
api/desecapi/tests/base.py

@@ -769,7 +769,7 @@ class DesecTestCase(MockPDNSTestCase):
 
 
     @classmethod
     @classmethod
     def requests_desec_domain_creation(cls, name=None):
     def requests_desec_domain_creation(cls, name=None):
-        soa_content = 'set.an.example. get.desec.io. 1 1209600 1209600 2419200 3600'
+        soa_content = 'set.an.example. get.desec.io. 1 86400 86400 2419200 3600'
         return [
         return [
             cls.request_pdns_zone_create(ns='LORD', payload=soa_content),
             cls.request_pdns_zone_create(ns='LORD', payload=soa_content),
             cls.request_pdns_zone_create(ns='MASTER'),
             cls.request_pdns_zone_create(ns='MASTER'),