From 237b62138eb142a82625db4e89a2cf0590ac5ede Mon Sep 17 00:00:00 2001 From: artin Date: Wed, 3 Dec 2025 04:30:35 +0800 Subject: [PATCH] ALIDNS: Enforce TTL constraints --- integrationTest/integration_test.go | 3 --- providers/alidns/aliDnsProvider.go | 11 ----------- providers/alidns/auditrecords.go | 12 ++++++++++++ 3 files changed, 12 insertions(+), 14 deletions(-) diff --git a/integrationTest/integration_test.go b/integrationTest/integration_test.go index 67203e20c..2211b8aaa 100644 --- a/integrationTest/integration_test.go +++ b/integrationTest/integration_test.go @@ -216,7 +216,6 @@ func makeTests() []*TestGroup { testgroup("Attl", not("LINODE"), // Linode does not support arbitrary TTLs: both are rounded up to 3600. - not("ALIDNS"), // ALIDNS auto-adjusts TTL to 600-86400 range. tc("Create Arc", ttl(a("testa", "1.1.1.1"), 333)), tc("Change TTL", ttl(a("testa", "1.1.1.1"), 999)), ), @@ -224,7 +223,6 @@ func makeTests() []*TestGroup { testgroup("TTL", not("NETCUP"), // NETCUP does not support TTLs. not("LINODE"), // Linode does not support arbitrary TTLs: 666 and 1000 are both rounded up to 3600. - not("ALIDNS"), // ALIDNS auto-adjusts TTL to 600-86400 range. tc("Start", ttl(a("@", "8.8.8.8"), 666), a("www", "1.2.3.4"), a("www", "5.6.7.8")), tc("Change a ttl", ttl(a("@", "8.8.8.8"), 1000), a("www", "1.2.3.4"), a("www", "5.6.7.8")), tc("Change single target from set", ttl(a("@", "8.8.8.8"), 1000), a("www", "2.2.2.2"), a("www", "5.6.7.8")), @@ -247,7 +245,6 @@ func makeTests() []*TestGroup { // Next we add an additional record at the same label AND change // the TTL of the existing record. testgroup("add to label and change orig ttl", - not("ALIDNS"), // ALIDNS auto-adjusts TTL to 600-86400 range. tc("Setup", ttl(a("www", "5.6.7.8"), 400)), tc("Add at same label, new ttl", ttl(a("www", "5.6.7.8"), 700), ttl(a("www", "1.2.3.4"), 700)), ), diff --git a/providers/alidns/aliDnsProvider.go b/providers/alidns/aliDnsProvider.go index c3a40cecd..c5dd2997e 100644 --- a/providers/alidns/aliDnsProvider.go +++ b/providers/alidns/aliDnsProvider.go @@ -110,17 +110,6 @@ func (a *aliDnsDsp) GetZoneRecords(domain string, meta map[string]string) (model } func (a *aliDnsDsp) GetZoneRecordsCorrections(dc *models.DomainConfig, existingRecords models.Records) ([]*models.Correction, int, error) { - // Alibaba Cloud DNS requires TTL to be in the range of 600 to 86400 seconds. - // Adjust TTL values to fit within this range. - for _, r := range dc.Records { - if r.TTL < 600 { - r.TTL = 600 - } - if r.TTL > 86400 { - r.TTL = 86400 - } - } - keysToUpdate, toReport, actualChangeCount, err := diff.NewCompat(dc).ChangedGroups(existingRecords) if err != nil { return nil, 0, err diff --git a/providers/alidns/auditrecords.go b/providers/alidns/auditrecords.go index b1079acf2..351ce85f3 100644 --- a/providers/alidns/auditrecords.go +++ b/providers/alidns/auditrecords.go @@ -41,6 +41,17 @@ func targetConstraint(rc *models.RecordConfig) error { return nil } +// ttlConstraint checks that TTL is within Alibaba Cloud's allowed range (600-86400 seconds). +func ttlConstraint(rc *models.RecordConfig) error { + if rc.TTL < 600 { + return errors.New("TTL must be at least 600 seconds") + } + if rc.TTL > 86400 { + return errors.New("TTL must not exceed 86400 seconds (24 hours)") + } + return nil +} + // AuditRecords returns a list of errors corresponding to the records // that aren't supported by this provider. If all records are // supported, an empty list is returned. @@ -54,6 +65,7 @@ func AuditRecords(records []*models.RecordConfig) []error { a.Add("TXT", rejectif.TxtHasTrailingSpace) // Last verified at 2025-12-03: Alibaba strips trailing spaces a.Add("TXT", rejectif.TxtHasUnpairedBackslash) // Last verified at 2025-12-03: Alibaba mishandles odd backslashes a.Add("*", labelConstraint) // Last verified at 2025-12-03: Alibaba only allows ASCII + Chinese, rejects other Unicode + a.Add("*", ttlConstraint) // Last verified at 2025-12-03: Alibaba requires TTL 600-86400 a.Add("CNAME", targetConstraint) // Last verified at 2025-12-03: CNAME target must be ASCII or Chinese a.Add("SRV", rejectif.SrvHasNullTarget) // Last verified at 2025-12-03: SRV target must not be null a.Add("SRV", rejectif.SrvHasEmptyTarget) // Last verified at 2025-12-03: SRV target must not be empty