Skip to content

WIP: configurable extension for RRSIG expiry#17321

Draft
Habbie wants to merge 3 commits into
PowerDNS:masterfrom
Habbie:rrsig-expiry-extend
Draft

WIP: configurable extension for RRSIG expiry#17321
Habbie wants to merge 3 commits into
PowerDNS:masterfrom
Habbie:rrsig-expiry-extend

Conversation

@Habbie
Copy link
Copy Markdown
Member

@Habbie Habbie commented May 11, 2026

Short description

This goes well with #17281 but can exist separately.

Checklist

I have:

  • read the CONTRIBUTING.md document
  • read and accepted the Developer Certificate of Origin document, including the AI Policy, and added a "Signed-off-by" to my commits
  • compiled this code
  • tested this code
  • included documentation (including possible behaviour changes)
  • documented the code
  • added or modified regression test(s)
  • added or modified unit test(s)
  • checked that this code was merged to master

miodvallat
miodvallat reviewed May 11, 2026
View reviewed changes
Comment thread pdns/auth-main.cc Outdated
pieterlexis
pieterlexis reviewed May 11, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

@pieterlexis pieterlexis left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please add documentation.

@miodvallat
Copy link
Copy Markdown
Contributor

miodvallat commented May 11, 2026

Would it be worth limiting the values to a reasonable range of seconds? Something like [minus one week; one year] maybe.

@Habbie Habbie force-pushed the rrsig-expiry-extend branch from dadbe20 to b1d5faa Compare May 11, 2026 14:17
@Habbie
Copy link
Copy Markdown
Member Author

Habbie commented May 11, 2026

Would it be worth limiting the values to a reasonable range of seconds? Something like [minus one week; one year] maybe.

Yes: users will regret anything over minus one or two weeks.

No: it's just rope. We don't do the hanging.

That all said, generating a value before Inception is invalid anyway, so a -3 week lower bound makes sense to me.

@coveralls
Copy link
Copy Markdown

coveralls commented May 11, 2026
edited
Loading

Coverage Report for CI Build 25757017830

Warning

Build has drifted: This PR's base is out of sync with its target branch, so coverage data may include unrelated changes.
Quick fix: rebase this PR. Learn more →

Coverage increased (+0.2%) to 66.388%

Details

  • Coverage increased (+0.2%) from the base build.
  • Patch coverage: No coverable lines changed in this PR.
  • 9548 coverage regressions across 119 files.

Uncovered Changes

No uncovered changes found.

Coverage Regressions

9548 previously-covered lines in 119 files lost coverage.

Top 10 Files by Coverage Loss Lines Losing Coverage Coverage
pdns/recursordist/pdns_recursor.cc 1102 28.77%
pdns/recursordist/lua-recursor4.cc 681 0.0%
pdns/recursordist/rec-tcp.cc 589 5.19%
pdns/recursordist/rec-main.cc 518 44.96%
pdns/recursordist/lwres.cc 409 17.99%
pdns/recursordist/rec_channel_rec.cc 391 15.49%
pdns/recursordist/rec-lua-conf.cc 347 2.49%
pdns/recursordist/rec-rust-lib/cxxsupport.cc 341 48.68%
pdns/recursordist/syncres.cc 339 72.57%
pdns/recursordist/rpzloader.cc 291 29.88%

Coverage Stats

Coverage Status
Relevant Lines: 132431
Covered Lines: 97424
Line Coverage: 73.57%
Relevant Branches: 63938
Covered Branches: 32942
Branch Coverage: 51.52%
Branches in Coverage %: Yes
Coverage Strength: 3851132.83 hits per line
💛 - Coveralls

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@pieterlexis pieterlexis pieterlexis left review comments

@miodvallat miodvallat miodvallat left review comments

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@Habbie @miodvallat @coveralls @pieterlexis