sign: add expiration jitter (#3588)

* add expiration jitter Signed-off-by: Miek Gieben <miek@miek.nl> * sign: add expiration jitter This PR adds a expiration jitter to spread out zone re-signing even more. The max is 5 extra days added when creating the signer for a specific zone. Also make the duration* constants private to clean up the godoc for this plugin. Signed-off-by: Miek Gieben <miek@miek.nl>
2025-11-02 02:03:13 -05:00 · 2020-01-12 13:56:57 +01:00
parent d6669dee80
commit 2221b6160c
4 changed files with 32 additions and 29 deletions
--- a/plugin/sign/setup.go
+++ b/plugin/sign/setup.go
@@ -23,7 +23,7 @@ func setup(c *caddy.Controller) error {
 	c.OnStartup(sign.OnStartup)
 	c.OnStartup(func() error {
 		for _, signer := range sign.signers {
-			go signer.refresh(DurationRefreshHours)
+			go signer.refresh(durationRefreshHours)
 		}
 		return nil
 	})
@@ -64,12 +64,13 @@ func parse(c *caddy.Controller) (*Sign, error) {
 		signers := make([]*Signer, len(origins))
 		for i := range origins {
 			signers[i] = &Signer{
-				dbfile:     dbfile,
-				origin:     plugin.Host(origins[i]).Normalize(),
-				jitter:     time.Duration(float32(DurationJitter) * rand.Float32()),
-				directory:  "/var/lib/coredns",
-				stop:       make(chan struct{}),
-				signedfile: fmt.Sprintf("db.%ssigned", origins[i]), // origins[i] is a fqdn, so it ends with a dot, hence %ssigned.
+				dbfile:      dbfile,
+				origin:      plugin.Host(origins[i]).Normalize(),
+				jitterIncep: time.Duration(float32(durationInceptionJitter) * rand.Float32()),
+				jitterExpir: time.Duration(float32(durationExpirationDayJitter) * rand.Float32()),
+				directory:   "/var/lib/coredns",
+				stop:        make(chan struct{}),
+				signedfile:  fmt.Sprintf("db.%ssigned", origins[i]), // origins[i] is a fqdn, so it ends with a dot, hence %ssigned.
 			}
 		}