Ensure non-zero minimum TTL for the domain in egress network policy

Ravi Sankar Penta · Ravi Sankar Penta · commit f6cf2ff60476 · 2018-06-08T10:25:38.000-07:00
diff --git a/pkg/network/common/dns.go b/pkg/network/common/dns.go
@@ -154,8 +154,13 @@ func (d *DNS) getIPsAndMinTTL(domain string) ([]net.IP, time.Duration, error) {
 				case *dns.A:
 					ips = append(ips, t.A)
 
-					if minTTL == 0 || t.Hdr.Ttl < minTTL {
-						minTTL = t.Hdr.Ttl
+					// We could potentially get zero TTL as we try to query the DNS
+					// server at the end of the TTL value for the domain.
+					// Adding 1 sec will ensure non zero minTTL
+					ttl := t.Hdr.Ttl + 1
+
+					if minTTL == 0 || ttl < minTTL {
+						minTTL = ttl
 					}
 				}
 			}

Original file line number	Diff line number	Diff line change
`@@ -154,8 +154,13 @@ func (d *DNS) getIPsAndMinTTL(domain string) ([]net.IP, time.Duration, error) {`
`154`	`154`	`case *dns.A:`
`155`	`155`	`ips = append(ips, t.A)`
`156`	`156`
`157`		`- if minTTL == 0 \|\| t.Hdr.Ttl < minTTL {`
`158`		`- minTTL = t.Hdr.Ttl`
	`157`	`+ // We could potentially get zero TTL as we try to query the DNS`
	`158`	`+ // server at the end of the TTL value for the domain.`
	`159`	`+ // Adding 1 sec will ensure non zero minTTL`
	`160`	`+ ttl := t.Hdr.Ttl + 1`
	`161`	`+`
	`162`	`+ if minTTL == 0 \|\| ttl < minTTL {`
	`163`	`+ minTTL = ttl`
`159`	`164`	`}`
`160`	`165`	`}`
`161`	`166`	`}`