Make DNS cache TTLs configurable

5 years ago · ba96f014ef
parent 267a260801
commit ba96f014ef
5 changed files with 66 additions and 11 deletions
--- a/encrypted-dns.toml
+++ b/encrypted-dns.toml
@ -56,6 +56,21 @@ tcp_max_active_connections = 100
 cache_capacity = 10000


+## DNS cache: minimum TTL
+
+cache_ttl_min = 600
+
+
+## DNS cache: max TTL
+
+cache_ttl_max = 86400
+
+
+## DNS cache: error TTL
+
+cache_ttl_error = 600
+
+
 ## User name to drop privileges to, when started as root.

 # user = "nobody"
--- a/src/cache.rs
+++ b/src/cache.rs
@ -1,6 +1,9 @@
 use crate::dns;

+use clockpro_cache::ClockProCache;
 use coarsetime::{Duration, Instant};
+use parking_lot::{Mutex, MutexGuard};
+use std::sync::Arc;

 #[derive(Clone, Debug)]
 pub struct CachedResponse {
@ -9,8 +12,9 @@ pub struct CachedResponse {
 }

 impl CachedResponse {
-    pub fn new(response: Vec<u8>) -> Self {
-        let ttl = dns::min_ttl(&response, 1, 86400, 3600).unwrap_or(3600);
+    pub fn new(cache: &Cache, response: Vec<u8>) -> Self {
+        let ttl = dns::min_ttl(&response, cache.ttl_min, cache.ttl_max, cache.ttl_error)
+            .unwrap_or(cache.ttl_error);
        let expiry = Instant::recent() + Duration::from_secs(u64::from(ttl));
        CachedResponse { response, expiry }
    }
@ -27,3 +31,34 @@ impl CachedResponse {
        Instant::recent() > self.expiry
    }
 }
+
+#[derive(Clone, Derivative)]
+#[derivative(Debug)]
+pub struct Cache {
+    #[derivative(Debug = "ignore")]
+    cache: Arc<Mutex<ClockProCache<u128, CachedResponse>>>,
+    ttl_min: u32,
+    ttl_max: u32,
+    ttl_error: u32,
+}
+
+impl Cache {
+    pub fn new(
+        clockpro_cache: ClockProCache<u128, CachedResponse>,
+        ttl_min: u32,
+        ttl_max: u32,
+        ttl_error: u32,
+    ) -> Self {
+        Cache {
+            cache: Arc::new(Mutex::new(clockpro_cache)),
+            ttl_min,
+            ttl_max,
+            ttl_error,
+        }
+    }
+
+    #[inline]
+    pub fn lock(&self) -> MutexGuard<ClockProCache<u128, CachedResponse>> {
+        self.cache.lock()
+    }
+}
--- a/src/config.rs
+++ b/src/config.rs
@ -31,6 +31,9 @@ pub struct Config {
    pub udp_max_active_connections: u32,
    pub tcp_max_active_connections: u32,
    pub cache_capacity: usize,
+    pub cache_ttl_min: u32,
+    pub cache_ttl_max: u32,
+    pub cache_ttl_error: u32,
    pub user: Option<String>,
    pub group: Option<String>,
    pub chroot: Option<String>,
--- a/src/globals.rs
+++ b/src/globals.rs
@ -2,7 +2,6 @@ use crate::cache::*;
 use crate::crypto::*;
 use crate::dnscrypt_certs::*;

-use clockpro_cache::ClockProCache;
 use parking_lot::{Mutex, RwLock};
 use siphasher::sip128::SipHasher13;
 use std::collections::vec_deque::VecDeque;
@ -14,8 +13,7 @@ use std::time::Duration;
 use tokio::runtime::Runtime;
 use tokio::sync::oneshot;

-#[derive(Derivative)]
-#[derivative(Debug)]
+#[derive(Debug, Clone)]
 pub struct Globals {
    pub runtime: Arc<Runtime>,
    pub state_file: PathBuf,
@ -36,6 +34,5 @@ pub struct Globals {
    pub tcp_active_connections: Arc<Mutex<VecDeque<oneshot::Sender<()>>>>,
    pub key_cache_capacity: usize,
    pub hasher: SipHasher13,
-    #[derivative(Debug = "ignore")]
-    pub cache: Arc<Mutex<ClockProCache<u128, CachedResponse>>>,
+    pub cache: Cache,
 }
--- a/src/main.rs
+++ b/src/main.rs
@ -222,7 +222,7 @@ async fn resolve(globals: &Globals, mut packet: &mut Vec<u8>) -> Result<Vec<u8>,
            return Ok(cached_response.into_response());
        }
    } else {
-        let cached_response = CachedResponse::new(response.clone());
+        let cached_response = CachedResponse::new(&globals.cache, response.clone());
        globals.cache.lock().insert(packet_hash, cached_response);
    }
    dns::set_tid(&mut response, original_tid);
@ -537,8 +537,13 @@ fn main() -> Result<(), Error> {
    let (sh_k0, sh_k1) = rand::thread_rng().gen();
    let hasher = SipHasher13::new_with_keys(sh_k0, sh_k1);

-    let cache = ClockProCache::new(cache_capacity)
-        .map_err(|e| format_err!("Unable to create the DNS cache: [{}]", e))?;
+    let cache = Cache::new(
+        ClockProCache::new(cache_capacity)
+            .map_err(|e| format_err!("Unable to create the DNS cache: [{}]", e))?,
+        config.cache_ttl_min,
+        config.cache_ttl_max,
+        config.cache_ttl_error,
+    );

    let globals = Arc::new(Globals {
        runtime: runtime.clone(),
@ -566,7 +571,7 @@ fn main() -> Result<(), Error> {
        ))),
        key_cache_capacity,
        hasher,
-        cache: Arc::new(Mutex::new(cache)),
+        cache,
    });
    let updater = DNSCryptEncryptionParamsUpdater::new(globals.clone());
    if !state_is_new {