diff options
| author | Nick Mathewson <nickm@torproject.org> | 2017-01-02 14:55:39 -0500 |
|---|---|---|
| committer | Nick Mathewson <nickm@torproject.org> | 2017-01-18 08:55:57 -0500 |
| commit | 609065f165a8e145f404e55e01e8f5ac5c013bc3 (patch) | |
| tree | ed8b9f428dff2ba3491e85c52caee3ec80eb2ba1 /src/or/dns.h | |
| parent | c27ae62adefb9fcdf468eef43e8a33ae3657a6bf (diff) | |
| download | tor-609065f165a8e145f404e55e01e8f5ac5c013bc3.tar.gz tor-609065f165a8e145f404e55e01e8f5ac5c013bc3.zip | |
DefecTor countermeasure: change server- and client-side DNS TTL clipping
The server-side clipping now clamps to one of two values, both
for what to report, and how long to cache.
Additionally, we move some defines to dns.h, and give them better
names.
Diffstat (limited to 'src/or/dns.h')
| -rw-r--r-- | src/or/dns.h | 14 |
1 files changed, 12 insertions, 2 deletions
diff --git a/src/or/dns.h b/src/or/dns.h index b14f7dd29c..951a2a3467 100644 --- a/src/or/dns.h +++ b/src/or/dns.h @@ -12,6 +12,18 @@ #ifndef TOR_DNS_H #define TOR_DNS_H +/** Lowest value for DNS ttl that a server will give. */ +#define MIN_DNS_TTL_AT_EXIT (5*60) +/** Highest value for DNS ttl that a server will give. */ +#define MAX_DNS_TTL_AT_EXIT (60*60) + +/** How long do we keep DNS cache entries before purging them (regardless of + * their TTL)? */ +#define MAX_DNS_ENTRY_AGE (3*60*60) +/** How long do we cache/tell clients to cache DNS records when no TTL is + * known? */ +#define DEFAULT_DNS_TTL (30*60) + int dns_init(void); int has_dns_init_failed(void); void dns_free_all(void); @@ -31,8 +43,6 @@ void dump_dns_mem_usage(int severity); #ifdef DNS_PRIVATE #include "dns_structs.h" -STATIC uint32_t dns_get_expiry_ttl(uint32_t ttl); - MOCK_DECL(STATIC int,dns_resolve_impl,(edge_connection_t *exitconn, int is_resolve,or_circuit_t *oncirc, char **hostname_out, int *made_connection_pending_out, cached_resolve_t **resolve_out)); |