Add an cache.maxttl option to limit caching overly long RRs (helps with GHOST domains too) and cache.minttl too

There should be an option to limit maximum TTL on all RRs similar to:

       cache-max-ttl: <seconds>
              Time to live maximum for  RRsets  and  messages  in  the  cache.
              Default  is  86400  seconds  (1  day).  If the maximum kicks in,
              responses to clients still get decrementing TTLs  based  on  the
              original  (larger)  values.   When the internal TTL expires, the
              cache item has expired.  Can be set lower to force the  resolver
              to query for data often, and not trust (very large) TTL values.

and

       cache-min-ttl: <seconds>
              Time  to  live  minimum  for  RRsets  and messages in the cache.
              Default is 0.  If the minimum kicks in, the data is  cached  for
              longer than the domain owner intended, and thus less queries are
              made to look up the data.  Zero makes sure the data in the cache
              is  as the domain owner intended, higher values, especially more
              than an hour or so, can lead to trouble as the data in the cache
              does not match up with the actual data any more.

To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information

Admin message

Admin message

Add an cache.maxttl option to limit caching overly long RRs (helps with GHOST domains too) and cache.minttl too