Resolve #2854: DoH: Assign HTTP responses freshness lifetime according to the smallest TTL found in the Answer section (!5493) · Merge requests · ISC Open Source Projects / BIND

Artem Boldariev requested to merge 2854-cache-control-max-age into main Oct 13, 2021

This merge request makes BIND assign HTTP responses freshness lifetime according to the smallest TTL found in the Answer section by setting the max-age value in the Cache-Control header when appropriate. The recommendations regarding this are given in the section 5.1 of the specification, in particular:

In particular, DoH servers SHOULD assign an explicit HTTP freshness lifetime (see Section 4.2 of [RFC7234]) so that the DoH client is more likely to use fresh DNS data. This requirement is due to HTTP caches being able to assign their own heuristic freshness (such as that described in Section 4.2.2 of [RFC7234]), which would take control of the cache contents out of the hands of the DoH server.

The assigned freshness lifetime of a DoH HTTP response MUST be less than or equal to the smallest TTL in the Answer section of the DNS response. A freshness lifetime equal to the smallest TTL in the Answer section is RECOMMENDED. For example, if a HTTP response carries three RRsets with TTLs of 30, 600, and 300, the HTTP freshness lifetime should be 30 seconds (which could be specified as "Cache-Control: max-age=30"). This requirement helps prevent expired RRsets in messages in an HTTP cache from unintentionally being served.

For example:

That is the only part of the specification which has been unimplemented.

Closes #2854 (closed)

Edited Nov 05, 2021 by Artem Boldariev

Resolve #2854: DoH: Assign HTTP responses freshness lifetime according to the smallest TTL found in the Answer section

Merge request reports