On (re-)priming, fetch the root NS records

diff --git a/pdns/pdns_recursor.cc b/pdns/pdns_recursor.cc
index 079ca11a02c699831dbf77d8fe36b42e25c6d53e..91110054cdea74e3778dfa3a1ce09ff3100b4d3a 100644 (file)
--- a/pdns/pdns_recursor.cc
+++ b/pdns/pdns_recursor.cc
@@ -1937,35 +1937,9 @@ static void houseKeeping(void *)
     }
 
     if(now.tv_sec - last_rootupdate > 7200) {
-      SyncRes sr(now);
-      sr.setDoEDNS0(true);
-      vector<DNSRecord> ret;
-
-      sr.setNoCache();
-      int res=-1;
-      try {
-       res=sr.beginResolve(DNSName("."), QType(QType::NS), 1, ret);
-      }
-      catch(PDNSException& e)
-       {
-         L<<Logger::Error<<"Failed to update . records, got an exception: "<<e.reason<<endl;
-       }
-
-      catch(std::exception& e)
-       {
-         L<<Logger::Error<<"Failed to update . records, got an exception: "<<e.what()<<endl;
-       }
-
-      catch(...)
-       {
-         L<<Logger::Error<<"Failed to update . records, got an exception"<<endl;
-       }
-      if(!res) {
-       L<<Logger::Notice<<"Refreshed . records"<<endl;
-       last_rootupdate=now.tv_sec;
-      }
-      else
-       L<<Logger::Error<<"Failed to update . records, RCODE="<<res<<endl;
+      int res = getRootNS();
+      if (!res)
+        last_rootupdate=now.tv_sec;
     }
 
     if(!t_id) {
@@ -3145,3 +3119,42 @@ int main(int argc, char **argv)
 
   return ret;
 }
+
+int getRootNS(void) {
+  SyncRes sr(g_now);
+  sr.setDoEDNS0(true);
+  sr.setNoCache();
+  sr.d_doDNSSEC = (g_dnssecmode != DNSSECMode::Off);
+
+  vector<DNSRecord> ret;
+  int res=-1;
+  try {
+    res=sr.beginResolve(DNSName("."), QType(QType::NS), 1, ret);
+    if (g_dnssecmode != DNSSECMode::Off && g_dnssecmode != DNSSECMode::ProcessNoValidate) {
+      auto state = validateRecords(ret);
+      if (state == Bogus)
+        throw PDNSException("Got Bogus validation result for .|NS");
+    }
+    return res;
+  }
+  catch(PDNSException& e)
+  {
+    L<<Logger::Error<<"Failed to update . records, got an exception: "<<e.reason<<endl;
+  }
+
+  catch(std::exception& e)
+  {
+    L<<Logger::Error<<"Failed to update . records, got an exception: "<<e.what()<<endl;
+  }
+
+  catch(...)
+  {
+    L<<Logger::Error<<"Failed to update . records, got an exception"<<endl;
+  }
+  if(!res) {
+    L<<Logger::Notice<<"Refreshed . records"<<endl;
+  }
+  else
+    L<<Logger::Error<<"Failed to update . records, RCODE="<<res<<endl;
+  return res;
+}

diff --git a/pdns/reczones.cc b/pdns/reczones.cc
index a2ac7b3c6a0f29d3cdf1cf7d3146312ce4d63e50..21021e185b730df3216a5acfd36010257c07be27 100644 (file)
--- a/pdns/reczones.cc
+++ b/pdns/reczones.cc
@@ -94,7 +94,7 @@ void primeHints(void)
       }
     }
   }
-  t_RC->replace(time(0), DNSName("."), QType(QType::NS), nsset, vector<std::shared_ptr<RRSIGRecordContent>>(), true); // and stuff in the cache (auth)
+  t_RC->replace(time(0), DNSName("."), QType(QType::NS), nsset, vector<std::shared_ptr<RRSIGRecordContent>>(), false); // and stuff in the cache (auth)
 }
 
 static void makeNameToIPZone(SyncRes::domainmap_t* newMap, const DNSName& hostname, const string& ip)

diff --git a/pdns/syncres.cc b/pdns/syncres.cc
index a3455f057119ccfecdbfdc8acd2c4c473f08e8cc..0754e5a822232c53d7db57e9ee85cb6b9f8699b8 100644 (file)
--- a/pdns/syncres.cc
+++ b/pdns/syncres.cc
@@ -632,8 +632,10 @@ void SyncRes::getBestNSFromCache(const DNSName &qname, const QType& qtype, vecto
     LOG(prefix<<qname<<": no valid/useful NS in cache for '"<<subdomain<<"'"<<endl);
     ;
     if(subdomain.isRoot() && !brokeloop) {
+      // We lost the root NS records
       primeHints();
       LOG(prefix<<qname<<": reprimed the root"<<endl);
+      getRootNS();
     }
   }while(subdomain.chopOff());
 }

diff --git a/pdns/syncres.hh b/pdns/syncres.hh
index 8820d359680ff424f60e1e31738893beec57d7a1..be734ba2a0b2754ea4e291e62bcd6e7c8d37438e 100644 (file)
--- a/pdns/syncres.hh
+++ b/pdns/syncres.hh
@@ -50,6 +50,7 @@
 #include "filterpo.hh"
 
 void primeHints(void);
+int getRootNS(void);
 class RecursorLua4;
 
 struct BothRecordsAndSignatures