From: Otto Moerbeek Date: Wed, 16 Nov 2022 12:58:04 +0000 (+0100) Subject: Also consider recursive forward in the "forwarded DS should not end up in negCache... X-Git-Tag: dnsdist-1.8.0-rc1~236^2 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=refs%2Fpull%2F12199%2Fhead;p=thirdparty%2Fpdns.git Also consider recursive forward in the "forwarded DS should not end up in negCache code." With @rgacogne and @phonedph1 Fixes #12189 --- diff --git a/pdns/syncres.cc b/pdns/syncres.cc index 7dd8648c5f..eaa10788fd 100644 --- a/pdns/syncres.cc +++ b/pdns/syncres.cc @@ -1029,7 +1029,7 @@ bool SyncRes::isRecursiveForwardOrAuth(const DNSName &qname) const { bool SyncRes::isForwardOrAuth(const DNSName &qname) const { DNSName authname(qname); domainmap_t::const_iterator iter = getBestAuthZone(&authname); - return iter != t_sstorage.domainmap->end() && (iter->second.isAuth() || !iter->second.shouldRecurse()); + return iter != t_sstorage.domainmap->end(); } // Will be needed in the future @@ -4725,16 +4725,16 @@ bool SyncRes::processRecords(const std::string& prefix, const DNSName& qname, co continue; } } - const bool negCacheIndiction = rec.d_place == DNSResourceRecord::AUTHORITY && rec.d_type == QType::SOA && + const bool negCacheIndication = rec.d_place == DNSResourceRecord::AUTHORITY && rec.d_type == QType::SOA && lwr.d_rcode == RCode::NXDomain && qname.isPartOf(rec.d_name) && rec.d_name.isPartOf(auth); bool putInNegCache = true; - if (negCacheIndiction && qtype == QType::DS && isForwardOrAuth(qname)) { + if (negCacheIndication && qtype == QType::DS && isForwardOrAuth(qname)) { // #10189, a NXDOMAIN to a DS query for a forwarded or auth domain should not NXDOMAIN the whole domain putInNegCache = false; } - if (negCacheIndiction) { + if (negCacheIndication) { LOG(prefix<