On (re-)priming, fetch the root NS records

diff --git a/pdns/pdns_recursor.cc b/pdns/pdns_recursor.cc
index 4435bab3f9d04b37f640b2af4323200c373ebcec..9ce09f8fe91f2c2ab4b23f23d5d97fd440bba2ef 100644 (file)
--- a/pdns/pdns_recursor.cc
+++ b/pdns/pdns_recursor.cc
@@ -1950,35 +1950,9 @@ static void houseKeeping(void *)
     }
 
     if(now.tv_sec - last_rootupdate > 7200) {
-      SyncRes sr(now);
-      sr.setDoEDNS0(true);
-      vector<DNSRecord> ret;
-
-      sr.setNoCache();
-      int res=-1;
-      try {
-       res=sr.beginResolve(g_rootdnsname, QType(QType::NS), 1, ret);
-      }
-      catch(PDNSException& e)
-       {
-         L<<Logger::Error<<"Failed to update . records, got an exception: "<<e.reason<<endl;
-       }
-
-      catch(std::exception& e)
-       {
-         L<<Logger::Error<<"Failed to update . records, got an exception: "<<e.what()<<endl;
-       }
-
-      catch(...)
-       {
-         L<<Logger::Error<<"Failed to update . records, got an exception"<<endl;
-       }
-      if(!res) {
-       L<<Logger::Notice<<"Refreshed . records"<<endl;
-       last_rootupdate=now.tv_sec;
-      }
-      else
-       L<<Logger::Error<<"Failed to update . records, RCODE="<<res<<endl;
+      int res = getRootNS();
+      if (!res)
+        last_rootupdate=now.tv_sec;
     }
 
     if(!t_id) {
@@ -3159,3 +3133,42 @@ int main(int argc, char **argv)
 
   return ret;
 }
+
+int getRootNS(void) {
+  SyncRes sr(g_now);
+  sr.setDoEDNS0(true);
+  sr.setNoCache();
+  sr.d_doDNSSEC = (g_dnssecmode != DNSSECMode::Off);
+
+  vector<DNSRecord> ret;
+  int res=-1;
+  try {
+    res=sr.beginResolve(g_rootdnsname, QType(QType::NS), 1, ret);
+    if (g_dnssecmode != DNSSECMode::Off && g_dnssecmode != DNSSECMode::ProcessNoValidate) {
+      auto state = validateRecords(ret);
+      if (state == Bogus)
+        throw PDNSException("Got Bogus validation result for .|NS");
+    }
+    return res;
+  }
+  catch(PDNSException& e)
+  {
+    L<<Logger::Error<<"Failed to update . records, got an exception: "<<e.reason<<endl;
+  }
+
+  catch(std::exception& e)
+  {
+    L<<Logger::Error<<"Failed to update . records, got an exception: "<<e.what()<<endl;
+  }
+
+  catch(...)
+  {
+    L<<Logger::Error<<"Failed to update . records, got an exception"<<endl;
+  }
+  if(!res) {
+    L<<Logger::Notice<<"Refreshed . records"<<endl;
+  }
+  else
+    L<<Logger::Error<<"Failed to update . records, RCODE="<<res<<endl;
+  return res;
+}

diff --git a/pdns/reczones.cc b/pdns/reczones.cc
index c5b17034f4c819027df3c5634ffe04ecdeb4ad75..ad165c4366fa2aab508647b23775b0c7f814de54 100644 (file)
--- a/pdns/reczones.cc
+++ b/pdns/reczones.cc
@@ -94,7 +94,7 @@ void primeHints(void)
       }
     }
   }
-  t_RC->replace(time(0), g_rootdnsname, QType(QType::NS), nsset, vector<std::shared_ptr<RRSIGRecordContent>>(), true); // and stuff in the cache (auth)
+  t_RC->replace(time(0), g_rootdnsname, QType(QType::NS), nsset, vector<std::shared_ptr<RRSIGRecordContent>>(), false); // and stuff in the cache
 }
 
 static void makeNameToIPZone(SyncRes::domainmap_t* newMap, const DNSName& hostname, const string& ip)

diff --git a/pdns/syncres.cc b/pdns/syncres.cc
index 4a18ae7475425b1ab55833738f3a86ae517e6b2c..c5e9d46a0bacdf3bceb930d59dcbba72a4a3c6bb 100644 (file)
--- a/pdns/syncres.cc
+++ b/pdns/syncres.cc
@@ -632,8 +632,10 @@ void SyncRes::getBestNSFromCache(const DNSName &qname, const QType& qtype, vecto
     LOG(prefix<<qname<<": no valid/useful NS in cache for '"<<subdomain<<"'"<<endl);
     ;
     if(subdomain.isRoot() && !brokeloop) {
+      // We lost the root NS records
       primeHints();
       LOG(prefix<<qname<<": reprimed the root"<<endl);
+      getRootNS();
     }
   }while(subdomain.chopOff());
 }

diff --git a/pdns/syncres.hh b/pdns/syncres.hh
index 1763052b3efa198b54cb93da3897741e68a5a2f9..e8520a99f5eb8e5b93f8f24d903a8cfe4693db04 100644 (file)
--- a/pdns/syncres.hh
+++ b/pdns/syncres.hh
@@ -50,6 +50,7 @@
 #include "filterpo.hh"
 
 void primeHints(void);
+int getRootNS(void);
 class RecursorLua4;
 
 struct BothRecordsAndSignatures