dnsx,xdns: 1s ttl for block/alg responses

ignoramous · ignoramous · commit 2fe28bd0bd64 · 2025-03-11T19:04:58.000+05:30
diff --git a/intra/dnsx/alg.go b/intra/dnsx/alg.go
@@ -27,13 +27,18 @@ import (
 )
 
 const (
-	timeout     = 15 * time.Second
-	ttl2m       = 2 * time.Minute // 2m ttl for alg/nat ip
-	algttl      = 15              // 15s ttl for alg dns
-	key4        = ":a"
-	key6        = ":aaaa"
+	timeout = 15 * time.Second
+	ttl2m   = 2 * time.Minute // 2m ttl for alg/nat ip
+
+	algXlatTtl     = xdns.BlockTTL
+	algFixedAnsTtl = xdns.AnsTTL
+
+	key4 = ":a"
+	key6 = ":aaaa"
+
 	notransport = "NoTransport"
-	maxiter     = 100 // max number alg/nat evict iterations
+
+	maxiter = 100 // max number alg/nat evict iterations
 )
 
 type iptype int
@@ -668,19 +673,19 @@ func (t *dnsgateway) q(t1, t2 Transport, preset []netip.Addr, network string, q
 	ansout := ansin.Copy()
 	// TODO: substitute ips in additional section
 	if algip4hints.IsValid() {
-		substok4 = xdns.SubstSVCBRecordIPs( /*out*/ ansout, dns.SVCB_IPV4HINT, algip4hints, algttl) || substok4
+		substok4 = xdns.SubstSVCBRecordIPs( /*out*/ ansout, dns.SVCB_IPV4HINT, algip4hints, algXlatTtl) || substok4
 		mustsubst = true
 	}
 	if algip6hints.IsValid() {
-		substok6 = xdns.SubstSVCBRecordIPs( /*out*/ ansout, dns.SVCB_IPV6HINT, algip6hints, algttl) || substok6
+		substok6 = xdns.SubstSVCBRecordIPs( /*out*/ ansout, dns.SVCB_IPV6HINT, algip6hints, algXlatTtl) || substok6
 		mustsubst = true
 	}
 	if algip4s.IsValid() {
-		substok4 = xdns.SubstARecords( /*out*/ ansout, algip4s, algttl) || substok4
+		substok4 = xdns.SubstARecords( /*out*/ ansout, algip4s, algXlatTtl) || substok4
 		mustsubst = true
 	}
 	if algip6s.IsValid() {
-		substok6 = xdns.SubstAAAARecords( /*out*/ ansout, algip6s, algttl) || substok6
+		substok6 = xdns.SubstAAAARecords( /*out*/ ansout, algip6s, algXlatTtl) || substok6
 		mustsubst = true
 	}
 
@@ -1337,13 +1342,12 @@ func synthesizeOrQuery(preset []netip.Addr, tr Transport, msg *dns.Msg, network
 			return nil, errNoAnswer
 		}
 		var ok4, ok6 bool
-		ttl := int(xdns.AnsTTL)
 		ip4s, ip6s := splitIPFamilies(preset)
 		if len(ip4s) > 0 {
-			ok4 = xdns.SubstSVCBRecordIPs( /*out*/ ans, dns.SVCB_IPV4HINT, ip4s[0], ttl)
+			ok4 = xdns.SubstSVCBRecordIPs( /*out*/ ans, dns.SVCB_IPV4HINT, ip4s[0], algXlatTtl)
 		}
 		if len(ip6s) > 0 {
-			ok6 = xdns.SubstSVCBRecordIPs( /*out*/ ans, dns.SVCB_IPV6HINT, ip6s[0], ttl)
+			ok6 = xdns.SubstSVCBRecordIPs( /*out*/ ans, dns.SVCB_IPV6HINT, ip6s[0], algXlatTtl)
 		}
 
 		withPresetSummary(smm, true /*req sent?*/, fixed)
diff --git a/intra/xdns/common.go b/intra/xdns/common.go
@@ -44,13 +44,16 @@ const (
 )
 
 var (
-	CertMagic               = [4]byte{0x44, 0x4e, 0x53, 0x43}
-	ServerMagic             = [8]byte{0x72, 0x36, 0x66, 0x6e, 0x76, 0x57, 0x6a, 0x38}
+	CertMagic   = [4]byte{0x44, 0x4e, 0x53, 0x43}
+	ServerMagic = [8]byte{0x72, 0x36, 0x66, 0x6e, 0x76, 0x57, 0x6a, 0x38}
+)
+
+const (
 	MinDNSPacketSize        = 12 + 5
 	MaxDNSPacketSize        = 4096
 	MaxDNSUDPPacketSize     = 4096
 	MaxDNSUDPSafePacketSize = 1252
-	BlockTTL                = uint32(5)
+	BlockTTL                = uint32(1)
 	AnsTTL                  = uint32(60)
 	MaxMTU                  = 0xffff // 65k, ought to be enough for everybody
 )
diff --git a/intra/xdns/dnsutil.go b/intra/xdns/dnsutil.go
@@ -717,7 +717,7 @@ func HasAAAAAnswer(msg *dns.Msg) bool {
 	return false
 }
 
-func SubstAAAARecords(out *dns.Msg, subip6s netip.Addr, ttl int) bool {
+func SubstAAAARecords(out *dns.Msg, subip6s netip.Addr, ttl uint32) bool {
 	if out == nil || !subip6s.IsValid() {
 		return false
 	}
@@ -751,7 +751,7 @@ func SubstAAAARecords(out *dns.Msg, subip6s netip.Addr, ttl int) bool {
 	return len(touched) > 0
 }
 
-func SubstARecords(out *dns.Msg, subip4s netip.Addr, ttl int) bool {
+func SubstARecords(out *dns.Msg, subip4s netip.Addr, ttl uint32) bool {
 	if out == nil || !subip4s.IsValid() {
 		return false
 	}
@@ -809,7 +809,7 @@ func httpsstr(r *dns.HTTPS) (s string) {
 	return strings.TrimSpace(s)
 }
 
-func SubstSVCBRecordIPs(out *dns.Msg, x dns.SVCBKey, subiphints netip.Addr, ttl int) bool {
+func SubstSVCBRecordIPs(out *dns.Msg, x dns.SVCBKey, subiphints netip.Addr, ttl uint32) bool {
 	if out == nil || !subiphints.IsValid() {
 		return false
 	}
@@ -825,13 +825,13 @@ func SubstSVCBRecordIPs(out *dns.Msg, x dns.SVCBKey, subiphints netip.Addr, ttl
 					rec.Value[j] = &dns.SVCBIPv6Hint{
 						Hint: []net.IP{subiphints.AsSlice()},
 					}
-					rec.Hdr.Ttl = uint32(ttl)
+					rec.Hdr.Ttl = ttl
 					i++
 				} else if k == x && x == dns.SVCB_IPV4HINT {
 					rec.Value[j] = &dns.SVCBIPv4Hint{
 						Hint: []net.IP{subiphints.AsSlice()},
 					}
-					rec.Hdr.Ttl = uint32(ttl)
+					rec.Hdr.Ttl = ttl
 					i++
 				}
 			}
@@ -848,13 +848,13 @@ func SubstSVCBRecordIPs(out *dns.Msg, x dns.SVCBKey, subiphints netip.Addr, ttl
 					rec.Value[j] = &dns.SVCBIPv6Hint{
 						Hint: []net.IP{subiphints.AsSlice()},
 					}
-					rec.Hdr.Ttl = uint32(ttl)
+					rec.Hdr.Ttl = ttl
 					i++
 				} else if k == x && x == dns.SVCB_IPV4HINT {
 					rec.Value[j] = &dns.SVCBIPv4Hint{
 						Hint: []net.IP{subiphints.AsSlice()},
 					}
-					rec.Hdr.Ttl = uint32(ttl)
+					rec.Hdr.Ttl = ttl
 					i++
 				}
 			}
@@ -1043,11 +1043,10 @@ func HasHTTPQuestion(msg *dns.Msg) (ok bool) {
 	return
 }
 
-func MakeARecord(name string, ip4 string, expiry int) *dns.A {
+func MakeARecord(name string, ip4 string, ttl uint32) *dns.A {
 	if len(ip4) <= 0 || len(name) <= 0 {
 		return nil
 	}
-	ttl := uint32(expiry)
 
 	b := net.ParseIP(ip4)
 	if len(b) <= 0 {
@@ -1065,11 +1064,10 @@ func MakeARecord(name string, ip4 string, expiry int) *dns.A {
 	return rec
 }
 
-func MakeAAAARecord(name string, ip6 string, expiry int) *dns.AAAA {
+func MakeAAAARecord(name string, ip6 string, ttl uint32) *dns.AAAA {
 	if len(ip6) <= 0 || len(name) <= 0 {
 		return nil
 	}
-	ttl := uint32(expiry)
 
 	b := net.ParseIP(ip6)
 	if len(b) <= 0 {

Original file line number	Diff line number	Diff line change
`@@ -717,7 +717,7 @@ func HasAAAAAnswer(msg *dns.Msg) bool {`
`717`	`717`	`return false`
`718`	`718`	`}`
`719`	`719`
`720`		`-func SubstAAAARecords(out *dns.Msg, subip6s netip.Addr, ttl int) bool {`
	`720`	`+func SubstAAAARecords(out *dns.Msg, subip6s netip.Addr, ttl uint32) bool {`
`721`	`721`	`if out == nil \|\| !subip6s.IsValid() {`
`722`	`722`	`return false`
`723`	`723`	`}`
`@@ -751,7 +751,7 @@ func SubstAAAARecords(out *dns.Msg, subip6s netip.Addr, ttl int) bool {`
`751`	`751`	`return len(touched) > 0`
`752`	`752`	`}`
`753`	`753`
`754`		`-func SubstARecords(out *dns.Msg, subip4s netip.Addr, ttl int) bool {`
	`754`	`+func SubstARecords(out *dns.Msg, subip4s netip.Addr, ttl uint32) bool {`
`755`	`755`	`if out == nil \|\| !subip4s.IsValid() {`
`756`	`756`	`return false`
`757`	`757`	`}`
`@@ -809,7 +809,7 @@ func httpsstr(r *dns.HTTPS) (s string) {`
`809`	`809`	`return strings.TrimSpace(s)`
`810`	`810`	`}`
`811`	`811`
`812`		`-func SubstSVCBRecordIPs(out *dns.Msg, x dns.SVCBKey, subiphints netip.Addr, ttl int) bool {`
	`812`	`+func SubstSVCBRecordIPs(out *dns.Msg, x dns.SVCBKey, subiphints netip.Addr, ttl uint32) bool {`
`813`	`813`	`if out == nil \|\| !subiphints.IsValid() {`
`814`	`814`	`return false`
`815`	`815`	`}`
`@@ -825,13 +825,13 @@ func SubstSVCBRecordIPs(out *dns.Msg, x dns.SVCBKey, subiphints netip.Addr, ttl`
`825`	`825`	`rec.Value[j] = &dns.SVCBIPv6Hint{`
`826`	`826`	`Hint: []net.IP{subiphints.AsSlice()},`
`827`	`827`	`}`
`828`		`- rec.Hdr.Ttl = uint32(ttl)`
	`828`	`+ rec.Hdr.Ttl = ttl`
`829`	`829`	`i++`
`830`	`830`	`} else if k == x && x == dns.SVCB_IPV4HINT {`
`831`	`831`	`rec.Value[j] = &dns.SVCBIPv4Hint{`
`832`	`832`	`Hint: []net.IP{subiphints.AsSlice()},`
`833`	`833`	`}`
`834`		`- rec.Hdr.Ttl = uint32(ttl)`
	`834`	`+ rec.Hdr.Ttl = ttl`
`835`	`835`	`i++`
`836`	`836`	`}`
`837`	`837`	`}`
`@@ -848,13 +848,13 @@ func SubstSVCBRecordIPs(out *dns.Msg, x dns.SVCBKey, subiphints netip.Addr, ttl`
`848`	`848`	`rec.Value[j] = &dns.SVCBIPv6Hint{`
`849`	`849`	`Hint: []net.IP{subiphints.AsSlice()},`
`850`	`850`	`}`
`851`		`- rec.Hdr.Ttl = uint32(ttl)`
	`851`	`+ rec.Hdr.Ttl = ttl`
`852`	`852`	`i++`
`853`	`853`	`} else if k == x && x == dns.SVCB_IPV4HINT {`
`854`	`854`	`rec.Value[j] = &dns.SVCBIPv4Hint{`
`855`	`855`	`Hint: []net.IP{subiphints.AsSlice()},`
`856`	`856`	`}`
`857`		`- rec.Hdr.Ttl = uint32(ttl)`
	`857`	`+ rec.Hdr.Ttl = ttl`
`858`	`858`	`i++`
`859`	`859`	`}`
`860`	`860`	`}`
`@@ -1043,11 +1043,10 @@ func HasHTTPQuestion(msg *dns.Msg) (ok bool) {`
`1043`	`1043`	`return`
`1044`	`1044`	`}`
`1045`	`1045`
`1046`		`-func MakeARecord(name string, ip4 string, expiry int) *dns.A {`
	`1046`	`+func MakeARecord(name string, ip4 string, ttl uint32) *dns.A {`
`1047`	`1047`	`if len(ip4) <= 0 \|\| len(name) <= 0 {`
`1048`	`1048`	`return nil`
`1049`	`1049`	`}`
`1050`		`- ttl := uint32(expiry)`
`1051`	`1050`
`1052`	`1051`	`b := net.ParseIP(ip4)`
`1053`	`1052`	`if len(b) <= 0 {`
`@@ -1065,11 +1064,10 @@ func MakeARecord(name string, ip4 string, expiry int) *dns.A {`
`1065`	`1064`	`return rec`
`1066`	`1065`	`}`
`1067`	`1066`
`1068`		`-func MakeAAAARecord(name string, ip6 string, expiry int) *dns.AAAA {`
	`1067`	`+func MakeAAAARecord(name string, ip6 string, ttl uint32) *dns.AAAA {`
`1069`	`1068`	`if len(ip6) <= 0 \|\| len(name) <= 0 {`
`1070`	`1069`	`return nil`
`1071`	`1070`	`}`
`1072`		`- ttl := uint32(expiry)`
`1073`	`1071`
`1074`	`1072`	`b := net.ParseIP(ip6)`
`1075`	`1073`	`if len(b) <= 0 {`