From af746aaf59a2e977bafabd5814635f59b01e5835 Mon Sep 17 00:00:00 2001 From: Otto Moerbeek Date: Wed, 16 Nov 2022 13:58:04 +0100 Subject: [PATCH] Also consider recursive forward in the "forwarded DS should not end up in negCache code." With @rgacogne and @phonedph1 Fixes #12189 --- pdns/syncres.cc | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/pdns/syncres.cc b/pdns/syncres.cc index 7dd8648c5f..eaa10788fd 100644 --- a/pdns/syncres.cc +++ b/pdns/syncres.cc @@ -1029,7 +1029,7 @@ bool SyncRes::isRecursiveForwardOrAuth(const DNSName &qname) const { bool SyncRes::isForwardOrAuth(const DNSName &qname) const { DNSName authname(qname); domainmap_t::const_iterator iter = getBestAuthZone(&authname); - return iter != t_sstorage.domainmap->end() && (iter->second.isAuth() || !iter->second.shouldRecurse()); + return iter != t_sstorage.domainmap->end(); } // Will be needed in the future @@ -4725,16 +4725,16 @@ bool SyncRes::processRecords(const std::string& prefix, const DNSName& qname, co continue; } } - const bool negCacheIndiction = rec.d_place == DNSResourceRecord::AUTHORITY && rec.d_type == QType::SOA && + const bool negCacheIndication = rec.d_place == DNSResourceRecord::AUTHORITY && rec.d_type == QType::SOA && lwr.d_rcode == RCode::NXDomain && qname.isPartOf(rec.d_name) && rec.d_name.isPartOf(auth); bool putInNegCache = true; - if (negCacheIndiction && qtype == QType::DS && isForwardOrAuth(qname)) { + if (negCacheIndication && qtype == QType::DS && isForwardOrAuth(qname)) { // #10189, a NXDOMAIN to a DS query for a forwarded or auth domain should not NXDOMAIN the whole domain putInNegCache = false; } - if (negCacheIndiction) { + if (negCacheIndication) { LOG(prefix<