check for two days of remaining validity (#4606)

Signed-off-by: Keith C <keith@fraudmarc.com>

check for two days of remaining validity (#4606)
Signed-off-by: Keith C <keith@fraudmarc.com>
184d5e52 · Keith Coleman · GitHub · 7b43d042 · 184d5e52 · 184d5e52
Commit 184d5e52 authored May 14, 2021 by Keith Coleman Committed by GitHub May 14, 2021
Hide whitespace changes
Inline Side-by-side

Showing with 3 additions and 3 deletions

plugin/dnssec/cache.go plugin/dnssec/cache.go +1 -1

plugin/dnssec/dnssec.go plugin/dnssec/dnssec.go +2 -2

No files found.
--- a/plugin/dnssec/cache.go
+++ b/plugin/dnssec/cache.go
@@ -31,7 +31,7 @@ func periodicClean(c *cache.Cache, stop <-chan struct{}) {
 		case <-tick.C:
 			// we sign for 8 days, check if a signature in the cache reached 75% of that (i.e. 6), if found delete
 			// the signature
-			is75 := time.Now().UTC().Add(sixDays)
+			is75 := time.Now().UTC().Add(twoDays)
 			c.Walk(func(items map[uint64]interface{}, key uint64) bool {
 				for _, rr := range items[key].([]dns.RR) {
 					if !rr.(*dns.RRSIG).ValidityPeriod(is75) {

--- a/plugin/dnssec/dnssec.go
+++ b/plugin/dnssec/dnssec.go
@@ -131,7 +131,7 @@ func (d Dnssec) set(key uint64, sigs []dns.RR) { d.cache.Add(key, sigs) }
 func (d Dnssec) get(key uint64, server string) ([]dns.RR, bool) {
 	if s, ok := d.cache.Get(key); ok {
 		// we sign for 8 days, check if a signature in the cache reached 3/4 of that
-		is75 := time.Now().UTC().Add(sixDays)
+		is75 := time.Now().UTC().Add(twoDays)
 		for _, rr := range s.([]dns.RR) {
 			if !rr.(*dns.RRSIG).ValidityPeriod(is75) {
 				cacheMisses.WithLabelValues(server).Inc()
@@ -154,6 +154,6 @@ func incepExpir(now time.Time) (uint32, uint32) {
 const (
 	eightDays  = 8 * 24 * time.Hour
-	sixDays    = 6 * 24 * time.Hour
+	twoDays    = 2 * 24 * time.Hour
 	defaultCap = 10000 // default capacity of the cache.
 )