From 17d64d95b05715635980e14241368725c1922aaf Mon Sep 17 00:00:00 2001
From: =?utf8?q?Vladim=C3=ADr=20=C4=8Cun=C3=A1t?= <vladimir.cunat@nic.cz>
Date: Fri, 8 Oct 2021 09:40:26 +0200
Subject: [PATCH] modules/detect_time_skew: avoid cached `NS .`

Cache is persistent (in principle) and it might not have accurate data
for whatever reason.  Let's not bring caching complications into this.
It's cheap: just a single query to root server(s) on resolver start.
---
 modules/detect_time_skew/detect_time_skew.lua | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/modules/detect_time_skew/detect_time_skew.lua b/modules/detect_time_skew/detect_time_skew.lua
index 6eb2ab0e5..346d48322 100644
--- a/modules/detect_time_skew/detect_time_skew.lua
+++ b/modules/detect_time_skew/detect_time_skew.lua
@@ -59,9 +59,9 @@ local function check_time_callback(pkt, req)
 	end
 end
 
--- Make priming query and check time validty of RRSIGs.
+-- Do uncached priming query and check time validty of RRSIGs.
 local function check_time()
-	resolve(".", kres.type.NS, kres.class.IN, {"DNSSEC_WANT", "DNSSEC_CD"},
+	resolve(".", kres.type.NS, kres.class.IN, {"DNSSEC_WANT", "DNSSEC_CD", "NO_CACHE"},
                 check_time_callback)
 end
 
-- 
2.47.3