summaryrefslogtreecommitdiff
path: root/sbin/unwind/unwind.h
diff options
context:
space:
mode:
authorFlorian Obser <florian@cvs.openbsd.org>2019-02-17 16:15:32 +0000
committerFlorian Obser <florian@cvs.openbsd.org>2019-02-17 16:15:32 +0000
commit0347adb9afb18cd919ec36dc58fc5830e4de2742 (patch)
treef91a6c7f83be97851b5eec731e4b6c4519720f2a /sbin/unwind/unwind.h
parenta8320d7756491baf78eb2c4453d30ff82251c478 (diff)
Since we do a naive string comparison to see if the trust anchor
changed we need to fix the TTL to the value we would get from the root for the ksk DNSKEY (currently 2 days). Otherwise we would interpret a lowerd TTL from a cache as changed trust anchor. Use the same define everywhere. (Considering the glacial speed with which the root ksk rotates this should be fine for the forseable future.)
Diffstat (limited to 'sbin/unwind/unwind.h')
-rw-r--r--sbin/unwind/unwind.h3
1 files changed, 2 insertions, 1 deletions
diff --git a/sbin/unwind/unwind.h b/sbin/unwind/unwind.h
index 4aabeda22d7..968d83740a1 100644
--- a/sbin/unwind/unwind.h
+++ b/sbin/unwind/unwind.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: unwind.h,v 1.9 2019/02/17 14:49:15 florian Exp $ */
+/* $OpenBSD: unwind.h,v 1.10 2019/02/17 16:15:31 florian Exp $ */
/*
* Copyright (c) 2018 Florian Obser <florian@openbsd.org>
@@ -35,6 +35,7 @@
#define OPT_VERBOSE2 0x00000002
#define OPT_NOACTION 0x00000004
+#define ROOT_DNSKEY_TTL 172800 /* TTL from authority */
#define KSK2017 ". 172800 IN DNSKEY 257 3 8 AwEAAaz/tAm8yTn4Mfeh5eyI96WSVexTBAvkMgJzkKTOiW1vkIbzxeF3+/4RgWOq7HrxRixHlFlExOLAJr5emLvN7SWXgnLh4+B5xQlNVz8Og8kvArMtNROxVQuCaSnIDdD5LKyWbRd2n9WGe2R8PzgCmr3EgVLrjyBxWezF0jLHwVN8efS3rCj/EWgvIWgb9tarpVUDK/b58Da+sqqls3eNbuv7pr+eoZG+SrDK6nWeL3c6H5Apxz7LjVc1uTIdsIXxuOLYA4/ilBmSVIzuDWfdRUfhHdY6+cn8HFRm+2hM8AnXGXws9555KrUB5qihylGa8subX2Nn6UwNR1AkUTV74bU="
enum {