From 34293979139da9db267a6ca5da437c3ed35290ee Mon Sep 17 00:00:00 2001 From: Marcin Rataj Date: Fri, 31 Jan 2025 20:19:16 +0100 Subject: [PATCH] fix: adjust TTLs - increase generated ones - decrease acme one to avoid caching-related failures and retries --- acme/reader.go | 3 ++- e2e_test.go | 6 +++--- ipparser/plugin.go | 4 +++- zones/libp2p.direct | 5 +---- 4 files changed, 9 insertions(+), 9 deletions(-) diff --git a/acme/reader.go b/acme/reader.go index 3e6eb41..1ca3f12 100644 --- a/acme/reader.go +++ b/acme/reader.go @@ -17,7 +17,8 @@ type acmeReader struct { Datastore datastore.Datastore } -const ttl = 1 * time.Hour +// The TTL for the _acme-challenge TXT record is as short as possible, typically 60 seconds or less. +const ttl = 60 * time.Second // ServeDNS implements the plugin.Handler interface. func (p acmeReader) ServeDNS(ctx context.Context, w dns.ResponseWriter, r *dns.Msg) (int, error) { diff --git a/e2e_test.go b/e2e_test.go index b6354ee..d681395 100644 --- a/e2e_test.go +++ b/e2e_test.go @@ -262,7 +262,7 @@ func TestSetACMEChallenge(t *testing.T) { if r.Rcode != dns.RcodeSuccess || len(r.Answer) == 0 { t.Fatalf("Expected successful reply, got %s", dns.RcodeToString[r.Rcode]) } - expectedAnswer := fmt.Sprintf(`%s 3600 IN TXT "%s"`, m.Question[0].Name, testChallenge) + expectedAnswer := fmt.Sprintf(`%s 60 IN TXT "%s"`, m.Question[0].Name, testChallenge) if r.Answer[0].String() != expectedAnswer { t.Fatalf("Expected %s reply, got %s", expectedAnswer, r.Answer[0].String()) } @@ -363,7 +363,7 @@ func TestIPv4Lookup(t *testing.T) { return } - expectedAnswer := fmt.Sprintf(`%s 86400 IN A %s`, m.Question[0].Name, tt.expectedAddress) + expectedAnswer := fmt.Sprintf(`%s 604800 IN A %s`, m.Question[0].Name, tt.expectedAddress) if r.Answer[0].String() != expectedAnswer { t.Fatalf("Expected %s reply, got %s", expectedAnswer, r.Answer[0].String()) } @@ -480,7 +480,7 @@ func TestIPv6Lookup(t *testing.T) { return } - expectedAnswer := fmt.Sprintf(`%s 86400 IN AAAA %s`, m.Question[0].Name, tt.expectedAddress) + expectedAnswer := fmt.Sprintf(`%s 604800 IN AAAA %s`, m.Question[0].Name, tt.expectedAddress) if r.Answer[0].String() != expectedAnswer { t.Fatalf("Expected %s reply, got %s", expectedAnswer, r.Answer[0].String()) } diff --git a/ipparser/plugin.go b/ipparser/plugin.go index c24ad27..ad2b399 100644 --- a/ipparser/plugin.go +++ b/ipparser/plugin.go @@ -45,7 +45,9 @@ type ipParser struct { ForgeDomain string } -const ttl = 24 * time.Hour +// The TTL for self-referential ip.peerid.etld A/AAAA records can be as long as possible. +// We will be increasing this over time, as infrastructure ossifies. +const ttl = 7 * 24 * time.Hour // ServeDNS implements the plugin.Handler interface. func (p ipParser) ServeDNS(ctx context.Context, w dns.ResponseWriter, r *dns.Msg) (int, error) { diff --git a/zones/libp2p.direct b/zones/libp2p.direct index 50f9f16..366cf77 100644 --- a/zones/libp2p.direct +++ b/zones/libp2p.direct @@ -3,7 +3,7 @@ $ORIGIN libp2p.direct. ;; SOA Records @ 86400 IN SOA aws1.libp2p.direct. domains.ipshipyard.com. ( - 2025011601 ; serial + 2025020101 ; serial 86400 ; refresh 2400 ; retry 604800 ; expire @@ -42,9 +42,6 @@ ns1.libp2p.direct. 86400 IN AAAA 2604:2dc0:101:100::265 ns2.libp2p.direct. 86400 IN A 15.204.28.76 ns2.libp2p.direct. 86400 IN AAAA 2604:2dc0:202:200::64e -;; TODO: ns3 was renamed to aws1, fine to remove once we migrate away from ns1 as primary -ns3.libp2p.direct. 86400 IN CNAME aws1.libp2p.direct. - ;; Limit allowed CAs to Let's Encrypt, we discussed feasibility with them and no concerns were raised: ;; https://community.letsencrypt.org/t/feedback-on-raising-certificates-per-registered-domain-to-enable-peer-to-peer-networking/223003 libp2p.direct. 86400 IN CAA 0 issue "letsencrypt.org"