From: Otto Moerbeek Date: Mon, 18 Sep 2023 09:38:10 +0000 (+0200) Subject: Prevent lookups for unsupported qtypes or rcode != 0 to submit refresh tasks X-Git-Tag: rec-5.0.0-alpha2~52^2~3 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=11c65aeda2aef3aabeeff9aa1491bc84954ed905;p=thirdparty%2Fpdns.git Prevent lookups for unsupported qtypes or rcode != 0 to submit refresh tasks --- diff --git a/pdns/recursordist/rec-taskqueue.cc b/pdns/recursordist/rec-taskqueue.cc index 29cc6d75c8..8526e8d4c9 100644 --- a/pdns/recursordist/rec-taskqueue.cc +++ b/pdns/recursordist/rec-taskqueue.cc @@ -336,3 +336,8 @@ uint64_t getResolveTaskExceptions() { return s_almost_expired_tasks.exceptions; } + +bool taskQTypeIsSupported(QType qtype) +{ + return !SyncRes::isUnsupported(qtype); +} diff --git a/pdns/recursordist/rec-taskqueue.hh b/pdns/recursordist/rec-taskqueue.hh index 425cb55ac0..73eedeeced 100644 --- a/pdns/recursordist/rec-taskqueue.hh +++ b/pdns/recursordist/rec-taskqueue.hh @@ -23,6 +23,7 @@ #include #include +#include class DNSName; union ComboAddress; @@ -54,3 +55,6 @@ uint64_t getResolveTaskExceptions(); uint64_t getAlmostExpiredTasksPushed(); uint64_t getAlmostExpiredTasksRun(); uint64_t getAlmostExpiredTaskExceptions(); + +bool taskQTypeIsSupported(QType qtype); + diff --git a/pdns/recursordist/recpacketcache.cc b/pdns/recursordist/recpacketcache.cc index 184555ebd8..77dc63e1e1 100644 --- a/pdns/recursordist/recpacketcache.cc +++ b/pdns/recursordist/recpacketcache.cc @@ -126,12 +126,16 @@ bool RecursorPacketCache::checkResponseMatches(MapCombo::LockedContent& shard, s *age = static_cast(now - iter->d_creation); // we know ttl is > 0 auto ttl = static_cast(iter->d_ttd - now); - if (s_refresh_ttlperc > 0 && !iter->d_submitted) { - const uint32_t deadline = iter->getOrigTTL() * s_refresh_ttlperc / 100; - const bool almostExpired = ttl <= deadline; - if (almostExpired) { - iter->d_submitted = true; - pushAlmostExpiredTask(qname, qtype, iter->d_ttd, Netmask()); + if (s_refresh_ttlperc > 0 && !iter->d_submitted && taskQTypeIsSupported(qtype)) { + const dnsheader_aligned header(iter->d_packet.data()); + const auto* headerPtr = header.get(); + if (headerPtr->rcode == RCode::NoError) { + const uint32_t deadline = iter->getOrigTTL() * s_refresh_ttlperc / 100; + const bool almostExpired = ttl <= deadline; + if (almostExpired) { + iter->d_submitted = true; + pushAlmostExpiredTask(qname, qtype, iter->d_ttd, Netmask()); + } } } *responsePacket = iter->d_packet; @@ -244,7 +248,7 @@ void RecursorPacketCache::insertResponsePacket(unsigned int tag, uint32_t qhash, seq_idx.erase(seq_idx.begin()); map.d_entriesCount--; } - assert(map.d_entriesCount == shard->d_map.size()); // XXX + assert(map.d_entriesCount == shard->d_map.size()); // NOLINT(cppcoreguidelines-pro-bounds-array-to-pointer-decay): clib implementation } void RecursorPacketCache::doPruneTo(size_t maxSize) diff --git a/pdns/recursordist/recpacketcache.hh b/pdns/recursordist/recpacketcache.hh index 5ff974fefd..2e847687a1 100644 --- a/pdns/recursordist/recpacketcache.hh +++ b/pdns/recursordist/recpacketcache.hh @@ -208,7 +208,7 @@ private: } static bool qrMatch(const packetCache_t::index::type::iterator& iter, const std::string& queryPacket, const DNSName& qname, uint16_t qtype, uint16_t qclass); - bool checkResponseMatches(MapCombo::LockedContent& shard, std::pair::type::iterator, packetCache_t::index::type::iterator> range, const std::string& queryPacket, const DNSName& qname, uint16_t qtype, uint16_t qclass, time_t now, std::string* responsePacket, uint32_t* age, vState* valState, OptPBData* pbdata); + static bool checkResponseMatches(MapCombo::LockedContent& shard, std::pair::type::iterator, packetCache_t::index::type::iterator> range, const std::string& queryPacket, const DNSName& qname, uint16_t qtype, uint16_t qclass, time_t now, std::string* responsePacket, uint32_t* age, vState* valState, OptPBData* pbdata); void setShardSizes(size_t shardSize);