Configurable dns cache-ttl

85% of the time, a cache entry is served as-is, unless its cache-ttl has
expired. The rest of the time, cache entry is served iff answer-ttl has
not expired. Default cache-ttl is 30m, whereas answer-ttl is determined by
upstream responses, but is always set to a minimum of 30s when lower than that.

run

@@ -14,7 +14,7 @@ banner() {
 runtime="${1:-node}";
 echo "run $runtime";
 
-if [ $runtime = "deno" ]; then
+if [ $runtime = "deno" ] || [ $runtime = "d" ]; then
   echo "using `which deno`";
   banner
   deno run --unstable \
@@ -23,11 +23,11 @@ if [ $runtime = "deno" ]; then
            --allow-read \
            --import-map=import_map.json \
            src/server-deno.ts;
-elif [ $runtime = "workers" ]; then
+elif [ $runtime = "workers" ] || [ $runtime = "w" ]; then
   echo "using `which wrangler`";
   banner
   wrangler dev;
-elif [ $runtime = "help" ]; then
+elif [ $runtime = "help" ] || [ $runtime = "h" ]; then
   echo "note: make sure node / deno / wrangler are in path";
   echo "usage: $0 [node|deno|workers]";
 else

src/commons/envutil.js

@@ -89,3 +89,8 @@ export function tlsKey() {
   if (!envManager) return "";
   return envManager.get("tlsKey") || "";
 }
+
+export function cacheTtl() {
+  if (!env) return 0;
+  return env.cacheTtl;
+}

src/commons/util.js

@@ -181,6 +181,12 @@ export function timeout(ms, callback) {
   return setTimeout(callback, ms);
 }
 
+export function rolldice() {
+  const max = 7; // exclusive
+  const min = 1; // inclusive
+  return Math.floor(Math.random() * (max - min)) + min;
+}
+
 // stackoverflow.com/a/8084248
 export function uid() {
   // ex: ".ww8ja208it"
@@ -222,6 +228,7 @@ export function microtaskBox(...fns) {
   enqueue(() => safeBox(...fns));
 }
 
+// TODO: safeBox for async fns with r.push(await f())?
 export function safeBox(...fns) {
   const r = [];
   for (const f of fns) {
@@ -294,7 +301,7 @@ export function concatObj(...args) {
   return Object.assign(...args);
 }
 
-// stackoverflow.com/a/32108184/402375
+// stackoverflow.com/a/32108184
 export function emptyObj(x) {
   // note: Object.keys type-errors when x is null / undefined
   if (!x) return true;

src/core/env.js

@@ -26,7 +26,7 @@ const _ENV_VAR_MAPPINGS = {
   runTime: {
     name: "RUNTIME",
     type: "string",
-    // No defaults, this is handled programmatically if missing.
+    // no defaults, since it is set programmatically
   },
   runTimeEnv: {
     name: {
@@ -73,11 +73,6 @@ const _ENV_VAR_MAPPINGS = {
     type: "string",
     default: "https://dns.google/dns-query",
   },
-  onInvalidFlagStopProcessing: {
-    name: "CF_ON_INVALID_FLAG_STOPPROCESSING",
-    type: "boolean",
-    default: "false",
-  },
   workerTimeout: {
     name: "WORKER_TIMEOUT",
     type: "number",
@@ -98,6 +93,11 @@ const _ENV_VAR_MAPPINGS = {
     type: "number",
     default: "2",
   },
+  cacheTtl: {
+    name: "CACHE_TTL",
+    type: "number",
+    default: "1800",
+  },
 };
 
 /**

src/plugins/cacheutil.js

@@ -9,9 +9,8 @@ import * as util from "../commons/util.js";
 import * as dnsutil from "../commons/dnsutil.js";
 import * as envutil from "../commons/envutil.js";
 
-const ttlGraceSec = 30; // 30s cache extra time
+const minTtlSec = 30; // 30s
 const cheader = "x-rdnscache-metadata";
-
 const _cacheurl = "https://caches.rethinkdns.com/";
 
 // Keep this method in-sync with plugin.js:dnsCacheCallBack
@@ -39,19 +38,19 @@ export function determineCacheExpiry(dnsPacket) {
     return expiresImmediately;
   }
 
-  // set min(ttl) among all answers, but at least ttlGraceSec
-  let minttl = 1 << 30; // some abnormally high ttl
+  // set min(ttl) among all answers, but at least minTtlSec
+  let ttl = 1 << 30; // some abnormally high ttl
 
   for (const a of dnsPacket.answers) {
-    minttl = Math.min(a.ttl || ttlGraceSec, minttl);
+    ttl = Math.min(a.ttl || minTtlSec, ttl);
   }
 
-  if (minttl === 1 << 30) {
+  if (ttl === 1 << 30) {
     return expiresImmediately;
   }
 
-  minttl = Math.max(minttl + ttlGraceSec, ttlGraceSec);
-  const expiry = Date.now() + minttl * 1000;
+  ttl += envutil.cacheTtl();
+  const expiry = Date.now() + ttl * 1000;
 
   return expiry;
 }
@@ -84,13 +83,13 @@ export function cacheValueOf(packet, stamps) {
   return makeCacheValue(packet, metadata);
 }
 
-export function updateTtl(decodedDnsPacket, end) {
+export function updateTtl(packet, end) {
   const now = Date.now();
   const outttl = Math.max(
-    Math.floor((end - now) / 1000) - ttlGraceSec,
-    ttlGraceSec
+    Math.floor((end - now) / 1000) - envutil.cacheTtl(),
+    minTtlSec
   );
-  for (const a of decodedDnsPacket.answers) {
+  for (const a of packet.answers) {
     if (!dnsutil.optAnswer(a)) a.ttl = outttl;
   }
 }
@@ -164,5 +163,14 @@ export function hasAnswer(v) {
 export function isAnswerFresh(m) {
   // when expiry is 0, c.dnsPacket is a question and not an ans
   // ref: determineCacheExpiry
-  return m.expiry > 0 && Date.now() <= m.expiry;
+  const now = Date.now();
+  const ttl = envutil.cacheTtl() * 1000;
+  const n = util.rolldice();
+  if (n % 6 === 0) {
+    // 1 in 6 (~15% of the time), fresh if answer-ttl hasn't expired
+    return m.expiry > 0 && now <= m.expiry - ttl;
+  } else {
+    // 5 in 6, fresh if cache-ttl hasn't expired, regardless of answer-ttl
+    return m.expiry > 0 && now <= m.expiry;
+  }
 }

wrangler.toml

@@ -18,6 +18,7 @@ CF_BLOCKLIST_URL = "https://cf.rethinkdns.com/blocklists/"
 CF_DNS_RESOLVER_URL = "https://cloudflare-dns.com/dns-query"
 CF_DNS_RESOLVER_URL_2 = "https://dns.google/dns-query"
 CF_LATEST_BLOCKLIST_TIMESTAMP = "1642484493505"
+CACHE_TTL = 1800
 TD_NODE_COUNT = 40212525
 TD_PARTS = 2
 
@@ -47,5 +48,6 @@ CF_BLOCKLIST_URL = "https://cf.rethinkdns.com/blocklists/"
 CF_DNS_RESOLVER_URL = "https://cloudflare-dns.com/dns-query"
 CF_DNS_RESOLVER_URL_2 = "https://dns.google/dns-query"
 CF_LATEST_BLOCKLIST_TIMESTAMP = "1642484493505"
+CACHE_TTL = 1800
 TD_NODE_COUNT = 40212525
 TD_PARTS = 2