From 233e144b940be9559f88009157d47bd132b653d3 Mon Sep 17 00:00:00 2001
From: bert hubert <bert.hubert@powerdns.com>
Date: Fri, 12 May 2017 12:34:44 +0200
Subject: [PATCH] when (re)priming the root, we do so with auth=0. We'll only
 set auth=1 after we have an answer from the roots. This however opens up a
 small race condition in which the root is expired (ttl=0), but still auth=1
 in the cache. Our attempt to replace it with auth=0 dta fails at that point.
 This is probably due to some fencepost error somewhere. To not be subtle
 about this, explicitly nuke the root when we reprime.

(cherry picked from commit 0d032a66afe508cc86a25eef26fc9be0867a117e)
---
 pdns/reczones.cc | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/pdns/reczones.cc b/pdns/reczones.cc
index ccffdf454b..be47bb6075 100644
--- a/pdns/reczones.cc
+++ b/pdns/reczones.cc
@@ -94,7 +94,9 @@ void primeHints(void)
       }
     }
   }
-  t_RC->replace(time(0), DNSName("."), QType(QType::NS), nsset, vector<std::shared_ptr<RRSIGRecordContent>>(), false); // and stuff in the cache (auth)
+  DNSName rootdnsname(".");
+  t_RC->doWipeCache(rootdnsname, false, QType::NS);
+  t_RC->replace(time(0), rootdnsname, QType(QType::NS), nsset, vector<std::shared_ptr<RRSIGRecordContent>>(), false); // and stuff in the cache (auth)
 }
 
 static void makeNameToIPZone(SyncRes::domainmap_t* newMap, const DNSName& hostname, const string& ip)
-- 
2.47.2