From: Remi Gacogne <remi.gacogne@powerdns.com>
Date: Tue, 12 Mar 2019 11:05:56 +0000 (+0100)
Subject: rec: Move the ECS cache limit check to the SyncRes
X-Git-Tag: dnsdist-1.4.0-alpha1~37^2~5^2~3
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=bdceeb7e8c0e25dfe86f0300fb83d1cdaee3422c;p=thirdparty%2Fpdns.git

rec: Move the ECS cache limit check to the SyncRes
---

diff --git a/pdns/recursor_cache.cc b/pdns/recursor_cache.cc
index d3563ab80b..7e0bf054ce 100644
--- a/pdns/recursor_cache.cc
+++ b/pdns/recursor_cache.cc
@@ -238,12 +238,6 @@ int32_t MemRecursorCache::get(time_t now, const DNSName &qname, const QType& qt,
 
 void MemRecursorCache::replace(time_t now, const DNSName &qname, const QType& qt, const vector<DNSRecord>& content, const vector<shared_ptr<RRSIGRecordContent>>& signatures, const std::vector<std::shared_ptr<DNSRecord>>& authorityRecs, bool auth, boost::optional<Netmask> ednsmask, vState state)
 {
-  if(ednsmask) {
-    if(ednsmask->isIpv4() && ednsmask->getBits() > SyncRes::s_ecsipv4cachelimit)
-      return;
-    if(ednsmask->isIpv6() && ednsmask->getBits() > SyncRes::s_ecsipv6cachelimit)
-      return;
-  }
   d_cachecachevalid = false;
   //  cerr<<"Replacing "<<qname<<" for "<< (ednsmask ? ednsmask->toString() : "everyone") << endl;
   auto key = boost::make_tuple(qname, qt.getCode(), ednsmask ? *ednsmask : Netmask());
diff --git a/pdns/recursordist/test-syncres_cc.cc b/pdns/recursordist/test-syncres_cc.cc
index 67876a2727..78efd41af6 100644
--- a/pdns/recursordist/test-syncres_cc.cc
+++ b/pdns/recursordist/test-syncres_cc.cc
@@ -130,6 +130,8 @@ static void init(bool debug=false)
   SyncRes::s_doIPv6 = true;
   SyncRes::s_ecsipv4limit = 24;
   SyncRes::s_ecsipv6limit = 56;
+  SyncRes::s_ecsipv4cachelimit = 24;
+  SyncRes::s_ecsipv6cachelimit = 56;
   SyncRes::s_rootNXTrust = true;
   SyncRes::s_minimumTTL = 0;
   SyncRes::s_minimumECSTTL = 0;
@@ -2070,6 +2072,8 @@ BOOST_AUTO_TEST_CASE(test_skip_negcache_for_variable_response) {
         addRecordToLW(res, "powerdns.com.", QType::NS, "pdns-public-ns1.powerdns.com.", DNSResourceRecord::AUTHORITY, 172800);
         addRecordToLW(res, "pdns-public-ns1.powerdns.com.", QType::A, "192.0.2.1", DNSResourceRecord::ADDITIONAL, 3600);
 
+        srcmask = boost::none;
+
         return 1;
       } else if (ip == ComboAddress("192.0.2.1:53")) {
         if (domain == target) {
diff --git a/pdns/syncres.cc b/pdns/syncres.cc
index f01ed298d3..04d9499e00 100644
--- a/pdns/syncres.cc
+++ b/pdns/syncres.cc
@@ -2418,7 +2418,12 @@ RCode::rcodes_ SyncRes::updateCacheFromRecords(unsigned int depth, LWResult& lwr
        - NS, A and AAAA (used for infra queries)
     */
     if (i->first.type != QType::NSEC3 && (i->first.type == QType::DS || i->first.type == QType::NS || i->first.type == QType::A || i->first.type == QType::AAAA || isAA || wasForwardRecurse)) {
-      t_RC->replace(d_now.tv_sec, i->first.name, QType(i->first.type), i->second.records, i->second.signatures, authorityRecs, i->first.type == QType::DS ? true : isAA, i->first.place == DNSResourceRecord::ANSWER ? ednsmask : boost::none, recordState);
+      if (i->first.place != DNSResourceRecord::ANSWER ||
+          !ednsmask ||
+          (ednsmask->isIpv4() && ednsmask->getBits() <= SyncRes::s_ecsipv4cachelimit) ||
+          (ednsmask->isIpv6() && ednsmask->getBits() <= SyncRes::s_ecsipv6cachelimit)) {
+        t_RC->replace(d_now.tv_sec, i->first.name, QType(i->first.type), i->second.records, i->second.signatures, authorityRecs, i->first.type == QType::DS ? true : isAA, i->first.place == DNSResourceRecord::ANSWER ? ednsmask : boost::none, recordState);
+      }
     }
 
     if(i->first.place == DNSResourceRecord::ANSWER && ednsmask)