Struct TickerConfig 

pub struct TickerConfig {

    pub interval: Duration,
    pub policy: Option<DnsRefreshPolicy>,
    pub rebinding_policy: Option<DnsRebindingPolicy>,
    pub resolvers: Vec<DnsResolver>,
    pub hostnames: Vec<String>,
    pub keyset_id: Option<String>,
    pub issuer_kid: Option<String>,
    pub policy_digest: Option<String>,
    pub correlation_id: Option<String>,
    pub source: String,
    pub cell_id: String,
    pub run_id: String,
    pub dnssec_policy: Option<DnsResolverDnssecPolicy>,
    pub trust_anchors: Option<TrustAnchors>,
    pub validated_resolver: Option<SharedValidatedResolverFn>,
}

Owned, owned-string configuration for one ticker — built by the supervisor in async context and moved into the spawned task. All borrowing-from-spec is resolved before spawn so the task’s lifetime is 'static.

Fields

interval: Duration

Inter-tick interval. Resolved by the supervisor — typically min(refreshPolicy.minTtlSeconds, 60).max(5) — with a hard floor of 5s applied at the call site so a misconfigured spec cannot burn CPU here.

policy: Option<DnsRefreshPolicy>

Refresh policy carried by the spec (spec.authority.dnsAuthority. refreshPolicy). None means “no floor / no ceiling, ttl-honor strategy”, same as the startup tick.

rebinding_policy: Option<DnsRebindingPolicy>

SEC-21 Phase 3e — rebinding mitigation policy carried by the spec (spec.authority.dnsAuthority.rebindingPolicy). None means “no per-hostname response-IP tracking” — the ticker emits only the standard dns_authority_drift events. When Some, the ticker owns a per-cell RebindingState across ticks and emits dns_authority_rebind_threshold / dns_authority_rebind_rejected events as the operator-declared cap / allowlist is breached.

resolvers: Vec<DnsResolver>

Declared resolvers. The first entry’s resolverId is stamped into every emitted event.

hostnames: Vec<String>

Hostnames the ticker may refresh — typically the dnsAuthority.hostnameAllowlist ∪ egress-rule hosts, resolved by the supervisor at predicate time so the ticker has nothing to re-derive.

keyset_id: Option<String>

Optional keysetId to stamp into emitted events.

issuer_kid: Option<String>

Optional issuerKid to stamp into emitted events.

policy_digest: Option<String>

Optional policy-bundle digest (sha256:<hex>).

correlation_id: Option<String>

Optional pass-through correlation id.

source: String

CloudEvent source field.

cell_id: String

Cell id for event payloads.

run_id: String

Run id for event payloads.

dnssec_policy: Option<DnsResolverDnssecPolicy>

SEC-21 Phase 3h — opt-in DNSSEC validation policy. None preserves P3a/P3e behaviour exactly: the ticker calls the plain SharedResolverFn and never emits dns_authority_dnssec_failed events. When Some, the ticker uses Self::validated_resolver (which MUST also be set) and tags dnssec_status on every emitted dns_authority_drift event. Carries the EFFECTIVE per-tick policy — supervisors with a heterogeneous dnsAuthority.resolvers[] set today pick a single policy (the first opt-in resolver’s) per ticker; multi-policy per-resolver routing is a future slice.

trust_anchors: Option<TrustAnchors>

Trust anchors loaded from env / spec / IANA-default. Used purely for stamping the source descriptor into dns_authority_dnssec_failed event payloads. Hickory 0.24 limitation: the resolver does not accept custom anchors via public API; see super::dnssec.

validated_resolver: Option<SharedValidatedResolverFn>

SEC-21 Phase 3h — DNSSEC-validating resolver closure. MUST be set when dnssec_policy is Some; ignored otherwise. The supervisor wires this to super::resolve_with_ttl_validated in production; tests pass synthetic closures.