QM can get confused by expiring infra records, so be a bit more lenient

author Otto Moerbeek <otto.moerbeek@open-xchange.com>

Fri, 28 Oct 2022 10:06:27 +0000 (12:06 +0200)

committer Otto Moerbeek <otto.moerbeek@open-xchange.com>

Wed, 2 Nov 2022 08:40:22 +0000 (09:40 +0100)
author Otto Moerbeek <otto.moerbeek@open-xchange.com>
Fri, 28 Oct 2022 10:06:27 +0000 (12:06 +0200)
committer Otto Moerbeek <otto.moerbeek@open-xchange.com>
Wed, 2 Nov 2022 08:40:22 +0000 (09:40 +0100)
diff --git a/pdns/recursor_cache.cc b/pdns/recursor_cache.cc

index 9caf9a187fd6a1f0d40252abe5e33ce5b679b446..c2ef9ce34b1c9a2eda5fb0f4848ddf9231f44d3d 100644 (file)
--- a/pdns/recursor_cache.cc
+++ b/pdns/recursor_cache.cc
@@ -490,7 +490,10 @@ time_t MemRecursorCache::get(time_t now, const DNSName& qname, const QType qt, F
  bool MemRecursorCache::CacheEntry::shouldReplace(time_t now, bool auth, vState state, bool refresh)
  {
    if (!auth && d_auth) { // unauth data came in, we have some auth data, but is it fresh?
-    if (d_ttd > now) { // we still have valid data, ignore unauth data
+    // an auth entry that is going to expire while we are resolving can hurt, as it prevents infra
+    // records (which might be unauth) to be updated. So apply a safety margin.
+    const time_t margin = 5;
+    if (d_ttd - margin > now) { // we still have valid data, ignore unauth data
        return false;
      }
      d_auth = false; // new data won't be auth
author	Otto Moerbeek <otto.moerbeek@open-xchange.com>
	Fri, 28 Oct 2022 10:06:27 +0000 (12:06 +0200)
committer	Otto Moerbeek <otto.moerbeek@open-xchange.com>
	Wed, 2 Nov 2022 08:40:22 +0000 (09:40 +0100)