Pull request 405: 7903-fix-ttl-override

Updates AdguardTeam/AdGuardHome#7903.

Squashed commit of the following:

commit 0b10ece
Author: Ainar Garipov <[email protected]>
Date:   Tue Jul 1 14:20:02 2025 +0300

    proxy: imp docs

commit 6b2c460
Author: Ainar Garipov <[email protected]>
Date:   Tue Jul 1 14:09:07 2025 +0300

    proxy: fix ttl override

Author: ainar-g

proxy/cache.go

@@ -21,6 +21,8 @@ import (
 const defaultCacheSize = 64 * 1024
 
 // cache is used to cache requests and used upstreams.
+//
+// TODO(a.garipov):  Add [timeutil.Clock] and make tests less flaky.
 type cache struct {
 	// itemsLock protects requests cache.
 	itemsLock *sync.RWMutex

proxy/proxy.go

@@ -426,7 +426,7 @@ func (p *Proxy) Shutdown(ctx context.Context) (err error) {
 	return nil
 }
 
-// closeListeners closes all acrive listeners and returns the occurred errors.
+// closeListeners closes all active listeners and returns the occurred errors.
 //
 // TODO(e.burkov):  Remove the argument if it remains unused.
 func (p *Proxy) closeListeners(errs []error) (res []error) {
@@ -642,15 +642,22 @@ func (p *Proxy) replyFromUpstream(d *DNSContext) (ok bool, err error) {
 	unwrapped, stats := collectQueryStats(p.UpstreamMode, u, wrapped, wrappedFallbacks)
 	d.queryStatistics = stats
 
-	p.handleExchangeResult(d, req, resp, unwrapped)
+	ctx := context.TODO()
+	p.handleExchangeResult(ctx, d, req, resp, unwrapped)
 
 	return resp != nil, err
 }
 
 // handleExchangeResult handles the result after the upstream exchange.  It sets
-// the response to d and sets the upstream that have resolved the request.  If
-// the response is nil, it generates a server failure response.
-func (p *Proxy) handleExchangeResult(d *DNSContext, req, resp *dns.Msg, u upstream.Upstream) {
+// resp and the upstream that has resolved the request in d.  If resp is nil, it
+// generates a server failure response.  req must not be nil.
+func (p *Proxy) handleExchangeResult(
+	ctx context.Context,
+	d *DNSContext,
+	req *dns.Msg,
+	resp *dns.Msg,
+	u upstream.Upstream,
+) {
 	if resp == nil {
 		d.Res = p.messages.NewMsgSERVFAIL(req)
 		d.hasEDNS0 = false
@@ -661,7 +668,7 @@ func (p *Proxy) handleExchangeResult(d *DNSContext, req, resp *dns.Msg, u upstre
 	d.Upstream = u
 	d.Res = resp
 
-	p.setMinMaxTTL(resp)
+	p.setMinMaxTTL(ctx, resp)
 	if len(req.Question) > 0 && len(resp.Question) == 0 {
 		// Explicitly construct the question section since some upstreams may
 		// respond with invalidly constructed messages which cause out-of-range

proxy/server.go

@@ -8,7 +8,9 @@ import (
 	"net"
 	"time"
 
+	"github.com/AdguardTeam/golibs/container"
 	"github.com/AdguardTeam/golibs/errors"
+	"github.com/AdguardTeam/golibs/logutil/optslog"
 	"github.com/AdguardTeam/golibs/logutil/slogutil"
 	"github.com/AdguardTeam/golibs/netutil"
 	"github.com/miekg/dns"
@@ -227,15 +229,38 @@ func (p *Proxy) respond(d *DNSContext) {
 	}
 }
 
-// Set TTL value of all records according to our settings
-func (p *Proxy) setMinMaxTTL(r *dns.Msg) {
-	for _, rr := range r.Answer {
-		originalTTL := rr.Header().Ttl
-		newTTL := respectTTLOverrides(originalTTL, p.CacheMinTTL, p.CacheMaxTTL)
-
-		if originalTTL != newTTL {
-			p.logger.Debug("ttl overwritten", "old", originalTTL, "new", newTTL)
-			rr.Header().Ttl = newTTL
+// setMinMaxTTL sets the TTL values of all records according to the proxy
+// settings.  r must not be nil.
+func (p *Proxy) setMinMaxTTL(ctx context.Context, r *dns.Msg) {
+	rrSets := container.KeyValues[string, []dns.RR]{{
+		Key:   "answer",
+		Value: r.Answer,
+	}, {
+		Key:   "extra",
+		Value: r.Extra,
+	}, {
+		Key:   "ns",
+		Value: r.Ns,
+	}}
+
+	for _, rrSet := range rrSets {
+		for _, rr := range rrSet.Value {
+			original := rr.Header().Ttl
+			overridden := respectTTLOverrides(original, p.CacheMinTTL, p.CacheMaxTTL)
+
+			if original == overridden {
+				continue
+			}
+
+			optslog.Trace3(
+				ctx,
+				p.logger,
+				"ttl overwritten",
+				"section", rrSet.Key,
+				"old", original,
+				"new", overridden,
+			)
+			rr.Header().Ttl = overridden
 		}
 	}
 }