From: Remi Gacogne <remi.gacogne@powerdns.com>
Date: Wed, 24 Feb 2021 17:20:30 +0000 (+0100)
Subject: rec: Skip the aggressive NSEC cache for internal and forward zones
X-Git-Tag: dnsdist-1.6.0-alpha2~12^2
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=refs%2Fpull%2F10047%2Fhead;p=thirdparty%2Fpdns.git

rec: Skip the aggressive NSEC cache for internal and forward zones
---

diff --git a/pdns/syncres.cc b/pdns/syncres.cc
index 122d71ff9b..3af286e4a4 100644
--- a/pdns/syncres.cc
+++ b/pdns/syncres.cc
@@ -1944,7 +1944,7 @@ bool SyncRes::doCacheCheck(const DNSName &qname, const DNSName& authname, bool w
   }
 
   /* let's check if we have a NSEC covering that record */
-  if (g_aggressiveNSECCache) {
+  if (g_aggressiveNSECCache && !wasForwardedOrAuthZone) {
     if (g_aggressiveNSECCache->getDenial(d_now.tv_sec, qname, qtype, ret, res, d_cacheRemote, d_routingTag, d_doDNSSEC)) {
       state = vState::Secure;
       return true;