Merge commit from fork

Instead of casting lease ID to uint32, fix the TTL() function to use etcd time-to-live API for determining TTL. Add configurable min-lease-ttl and max-lease-ttl options to prevent extreme TTL values. By default, lease records now go through bounds checking with 30s to 1d as the min/max. Added unit tests for validation and docs. Signed-off-by: Ville Vesilehto <ville@vesilehto.fi>
2025-10-27 08:14:18 -04:00 · 2025-09-05 03:14:27 +03:00
parent 066e51675c
commit e1768a5d27
6 changed files with 333 additions and 15 deletions
--- a/plugin/etcd/README.md
+++ b/plugin/etcd/README.md
@@ -55,6 +55,8 @@ etcd [ZONES...] {
    * three arguments - path to cert PEM file, path to client private key PEM file, path to CA PEM
      file - if the server certificate is not signed by a system-installed CA and client certificate
      is needed.
+* `min-lease-ttl` the minimum TTL for DNS records based on etcd lease duration. Accepts flexible time formats like '30', '30s', '5m', '1h', '2h30m'. Default: 30 seconds.
+* `max-lease-ttl` the maximum TTL for DNS records based on etcd lease duration. Accepts flexible time formats like '30', '30s', '5m', '1h', '2h30m'. Default: 24 hours.

 ## Special Behaviour

@@ -83,6 +85,8 @@ skydns.local {
    etcd {
        path /skydns
        endpoint http://localhost:2379
+        min-lease-ttl 60     # minimum 1 minute for lease-based records
+        max-lease-ttl 1h     # maximum 1 hour for lease-based records
    }
    prometheus
    cache