- Fix #533: Negative responses get cached even when setting

  cache-max-negative-ttl: 1

diff --git a/doc/Changelog b/doc/Changelog
index ef467c1296b94fffb380de79af256b3c66113c1f..2758e9c5223ec9e180eb003c630b922e0e319fa0 100644 (file)
--- a/doc/Changelog
+++ b/doc/Changelog
@@ -1,3 +1,7 @@
+27 August 2021: Wouter
+       - Fix #533: Negative responses get cached even when setting
+         cache-max-negative-ttl: 1
+
 25 August 2021: Wouter
        - Merge #401: RPZ triggers. This add additional RPZ triggers,
          unbound supports a full set of rpz triggers, and this now

diff --git a/util/data/msgreply.c b/util/data/msgreply.c
index 4f6d3398b881c42b71211a0919396a6ac6ebe8ee..16441a79de14ed99e6d40b73f60ca674a0a1fe7e 100644 (file)
--- a/util/data/msgreply.c
+++ b/util/data/msgreply.c
@@ -222,13 +222,17 @@ rdata_copy(sldns_buffer* pkt, struct packed_rrset_data* data, uint8_t* to,
                 * minimum-ttl in the rdata of the SOA record */
                if(*rr_ttl > soa_find_minttl(rr))
                        *rr_ttl = soa_find_minttl(rr);
-               if(*rr_ttl > MAX_NEG_TTL)
-                       *rr_ttl = MAX_NEG_TTL;
        }
        if(!SERVE_ORIGINAL_TTL && (*rr_ttl < MIN_TTL))
                *rr_ttl = MIN_TTL;
        if(!SERVE_ORIGINAL_TTL && (*rr_ttl > MAX_TTL))
                *rr_ttl = MAX_TTL;
+       if(type == LDNS_RR_TYPE_SOA && section == LDNS_SECTION_AUTHORITY) {
+               /* max neg ttl overrides the min and max ttl of everything
+                * else, it is for a more specific record */
+               if(*rr_ttl > MAX_NEG_TTL)
+                       *rr_ttl = MAX_NEG_TTL;
+       }
        if(*rr_ttl < data->ttl)
                data->ttl = *rr_ttl;