1
0
mirror of https://github.com/mail-in-a-box/mailinabox.git synced 2024-12-24 07:37:04 +00:00

short TTL for DNS entries if config file set

This commit is contained in:
github@kiekerjan.isdronken.nl 2021-05-18 13:28:09 +02:00
parent 61e4eb6436
commit 8b13a3b177

View File

@ -470,19 +470,35 @@ def write_nsd_zone(domain, zonefile, records, env, force):
zone = """ zone = """
$ORIGIN {domain}. $ORIGIN {domain}.
$TTL 86400 ; default time to live $TTL {defttl} ; default time to live
@ IN SOA ns1.{primary_domain}. hostmaster.{primary_domain}. ( @ IN SOA ns1.{primary_domain}. hostmaster.{primary_domain}. (
__SERIAL__ ; serial number __SERIAL__ ; serial number
7200 ; Refresh (secondary nameserver update interval) {refresh} ; Refresh (secondary nameserver update interval)
86400 ; Retry (when refresh fails, how often to try again) {retry} ; Retry (when refresh fails, how often to try again)
1209600 ; Expire (when refresh fails, how long secondary nameserver will keep records around anyway) {expire} ; Expire (when refresh fails, how long secondary nameserver will keep records around anyway)
86400 ; Negative TTL (how long negative responses are cached) {negttl} ; Negative TTL (how long negative responses are cached)
) )
""" """
# Default ttl values
p_defttl = 86400
p_refresh = 7200
p_retry = 3600
p_expire = 1209600
p_negttl = 86400
# Shorten dns ttl if file exists. Use just before moving domains, changin secondary dns servers etc
if os.path.exists("/etc/forceshortdnsttl"):
p_defttl = 300
p_refresh = 3600
p_retry = 1800
p_expire = 43200
p_negttl = 3600
# Replace replacement strings. # Replace replacement strings.
zone = zone.format(domain=domain, primary_domain=env["PRIMARY_HOSTNAME"]) zone = zone.format(domain=domain, primary_domain=env["PRIMARY_HOSTNAME"], defttl=p_defttl,
refresh=p_refresh, retry=p_retry, expire=p_expire, negttl=p_negttl)
# Add records. # Add records.
for subdomain, querytype, value, explanation in records: for subdomain, querytype, value, explanation in records:
@ -620,7 +636,7 @@ def dnssec_choose_algo(domain, env):
# A variety of algorithms are supported for .fund. This # A variety of algorithms are supported for .fund. This
# is preferred. # is preferred.
# Gandi tells me that .be does not support RSASHA1-NSEC3-SHA1 # Gandi tells me that .be does not support RSASHA1-NSEC3-SHA1
# Nic.lv does not support RSASHA1-NSEC3-SHA1 for .lv tld's # Nic.lv does not support RSASHA1-NSEC3-SHA1 for .lv tld's
return "RSASHA256" return "RSASHA256"
# For any domain we were able to sign before, don't change the algorithm # For any domain we were able to sign before, don't change the algorithm