Be a bit more conservative, only clean specific (neg)cache entries if needed

*and* server-stale is active

diff --git a/pdns/recursordist/syncres.cc b/pdns/recursordist/syncres.cc
index 4f951a3d5d06c9bc160d41b35d6f6b0ed2da58e0..542afc0c7c068593a1f7c3d02e3c75e97ea3d92b 100644 (file)
--- a/pdns/recursordist/syncres.cc
+++ b/pdns/recursordist/syncres.cc
@@ -4640,7 +4640,9 @@ RCode::rcodes_ SyncRes::updateCacheFromRecords(unsigned int depth, LWResult& lwr
 
         // Delete potential negcache entry. When a record recovers with serve-stale the negcache entry can cause the wrong entry to
         // served, as negcache entries are checked before record cache entries
-        g_negCache->wipe(i->first.name, i->first.type);
+        if (NegCache::s_maxServedStaleExtensions > 0) {
+          g_negCache->wipe(i->first.name, i->first.type);
+        }
 
         if (g_aggressiveNSECCache && needWildcardProof && recordState == vState::Secure && i->first.place == DNSResourceRecord::ANSWER && i->first.name == qname && !i->second.signatures.empty() && !d_routingTag && !ednsmask) {
           /* we have an answer synthesized from a wildcard and aggressive NSEC is enabled, we need to store the
@@ -4809,7 +4811,7 @@ bool SyncRes::processRecords(const std::string& prefix, const DNSName& qname, co
         g_negCache->add(ne);
         // doCNAMECacheCheck() checks record cache and does not look into negcache. That means that and old record might be found if
         // serve-stale is active. Avoid that by explicitly zapping that CNAME record.
-        if (qtype == QType::CNAME) {
+        if (qtype == QType::CNAME && MemRecursorCache::s_maxServedStaleExtensions > 0) {
           g_recCache->doWipeCache(qname, false, qtype);
         }
         if (s_rootNXTrust && ne.d_auth.isRoot() && auth.isRoot() && lwr.d_aabit) {