From: Otto Moerbeek <otto.moerbeek@open-xchange.com>
Date: Wed, 10 Aug 2022 11:30:24 +0000 (+0200)
Subject: Clear the caches *after* loading authzones.
X-Git-Tag: rec-4.8.0-alpha1~68^2
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=refs%2Fpull%2F11843%2Fhead;p=thirdparty%2Fpdns.git

Clear the caches *after* loading authzones.
---

diff --git a/pdns/reczones.cc b/pdns/reczones.cc
index a4b24972cc..a7516a7905 100644
--- a/pdns/reczones.cc
+++ b/pdns/reczones.cc
@@ -311,15 +311,18 @@ string reloadZoneConfiguration()
       }
     }
 
-    for (const auto& i : oldAndNewDomains) {
-      wipeCaches(i, true, 0xffff);
-    }
-
     // these explicitly-named captures should not be necessary, as lambda
     // capture of tuple-like structured bindings is permitted, but some
     // compilers still don't allow it
     broadcastFunction([dm = newDomainMap] { return pleaseUseNewSDomainsMap(dm); });
     broadcastFunction([ns = newNotifySet] { return pleaseSupplantAllowNotifyFor(ns); });
+
+    // Wipe the caches *after* the new auth domain info has been set
+    // up, as a query during setting up might fill the caches
+    // again. Old code did the clear before, exposing a race.
+    for (const auto& i : oldAndNewDomains) {
+      wipeCaches(i, true, 0xffff);
+    }
     return "ok\n";
   }
   catch (const std::exception& e) {