Uploaded image for project: 'EJBCA'
  1. EJBCA
  2. ECA-6129

Introduce DNS lookup caching for multiple SANs in the CAA Validator

    Details

    • Type: Improvement
    • Status: Closed
    • Priority: Critical
    • Resolution: Fixed
    • Affects Version/s: EJBCA 6.9.0.6
    • Fix Version/s: EJBCA 6.9.1
    • Component/s: None
    • Labels:

      Description

      CAA DNS lookups with multiple SANs currently perform one lookup for each SAN even though the same domain has already been resolved. This could be fixed with a simple cache holding the responses for all the previous lookups.

      Example:
      foo1.example.com
      foo2.example.com
      foo3.example.com

      If CAA records were found for example.com in the first lookup, there's no need to requery for foo2 & foo3.

        Attachments

          Activity

            People

            • Assignee:
              hsunmark Henrik Sunmark
              Reporter:
              mikek Mike Agrenius Kushner
            • Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved:

                Time Tracking

                Estimated:
                Original Estimate - 4 days
                4d
                Remaining:
                Time Spent - 2 hours, 30 minutes Remaining Estimate - 3 days, 5 hours, 30 minutes
                3d 5h 30m
                Logged:
                Time Spent - 2 hours, 30 minutes Remaining Estimate - 3 days, 5 hours, 30 minutes
                2h 30m