rec: Move the ECS cache limit check to the SyncRes

diff --git a/pdns/recursor_cache.cc b/pdns/recursor_cache.cc
index d3563ab80b5c8d6d9069686c4a9fd14a478502e2..7e0bf054ce2b5c4193c5bdd03cdd289492588fce 100644 (file)
--- a/pdns/recursor_cache.cc
+++ b/pdns/recursor_cache.cc
@@ -238,12 +238,6 @@ int32_t MemRecursorCache::get(time_t now, const DNSName &qname, const QType& qt,
 
 void MemRecursorCache::replace(time_t now, const DNSName &qname, const QType& qt, const vector<DNSRecord>& content, const vector<shared_ptr<RRSIGRecordContent>>& signatures, const std::vector<std::shared_ptr<DNSRecord>>& authorityRecs, bool auth, boost::optional<Netmask> ednsmask, vState state)
 {
-  if(ednsmask) {
-    if(ednsmask->isIpv4() && ednsmask->getBits() > SyncRes::s_ecsipv4cachelimit)
-      return;
-    if(ednsmask->isIpv6() && ednsmask->getBits() > SyncRes::s_ecsipv6cachelimit)
-      return;
-  }
   d_cachecachevalid = false;
   //  cerr<<"Replacing "<<qname<<" for "<< (ednsmask ? ednsmask->toString() : "everyone") << endl;
   auto key = boost::make_tuple(qname, qt.getCode(), ednsmask ? *ednsmask : Netmask());

diff --git a/pdns/recursordist/test-syncres_cc.cc b/pdns/recursordist/test-syncres_cc.cc
index 67876a27276557b8e740dda6cb5ada15213a9b05..78efd41af6601d2cf0b301d76ded2a82997bd82c 100644 (file)
--- a/pdns/recursordist/test-syncres_cc.cc
+++ b/pdns/recursordist/test-syncres_cc.cc
@@ -130,6 +130,8 @@ static void init(bool debug=false)
   SyncRes::s_doIPv6 = true;
   SyncRes::s_ecsipv4limit = 24;
   SyncRes::s_ecsipv6limit = 56;
+  SyncRes::s_ecsipv4cachelimit = 24;
+  SyncRes::s_ecsipv6cachelimit = 56;
   SyncRes::s_rootNXTrust = true;
   SyncRes::s_minimumTTL = 0;
   SyncRes::s_minimumECSTTL = 0;
@@ -2070,6 +2072,8 @@ BOOST_AUTO_TEST_CASE(test_skip_negcache_for_variable_response) {
         addRecordToLW(res, "powerdns.com.", QType::NS, "pdns-public-ns1.powerdns.com.", DNSResourceRecord::AUTHORITY, 172800);
         addRecordToLW(res, "pdns-public-ns1.powerdns.com.", QType::A, "192.0.2.1", DNSResourceRecord::ADDITIONAL, 3600);
 
+        srcmask = boost::none;
+
         return 1;
       } else if (ip == ComboAddress("192.0.2.1:53")) {
         if (domain == target) {

diff --git a/pdns/syncres.cc b/pdns/syncres.cc
index f01ed298d384c20aac3b4f2775924caf57646383..04d9499e00f66d5ab5b2147cc104e161c5b7433f 100644 (file)
--- a/pdns/syncres.cc
+++ b/pdns/syncres.cc
@@ -2418,7 +2418,12 @@ RCode::rcodes_ SyncRes::updateCacheFromRecords(unsigned int depth, LWResult& lwr
        - NS, A and AAAA (used for infra queries)
     */
     if (i->first.type != QType::NSEC3 && (i->first.type == QType::DS || i->first.type == QType::NS || i->first.type == QType::A || i->first.type == QType::AAAA || isAA || wasForwardRecurse)) {
-      t_RC->replace(d_now.tv_sec, i->first.name, QType(i->first.type), i->second.records, i->second.signatures, authorityRecs, i->first.type == QType::DS ? true : isAA, i->first.place == DNSResourceRecord::ANSWER ? ednsmask : boost::none, recordState);
+      if (i->first.place != DNSResourceRecord::ANSWER ||
+          !ednsmask ||
+          (ednsmask->isIpv4() && ednsmask->getBits() <= SyncRes::s_ecsipv4cachelimit) ||
+          (ednsmask->isIpv6() && ednsmask->getBits() <= SyncRes::s_ecsipv6cachelimit)) {
+        t_RC->replace(d_now.tv_sec, i->first.name, QType(i->first.type), i->second.records, i->second.signatures, authorityRecs, i->first.type == QType::DS ? true : isAA, i->first.place == DNSResourceRecord::ANSWER ? ednsmask : boost::none, recordState);
+      }
     }
 
     if(i->first.place == DNSResourceRecord::ANSWER && ednsmask)