Merge pull request #9329 from omoerbeek/backport-9297-to-rec-4.3.x

rec: Backport 9297 to rec 4.3.x: Ignore cache-only for DNSKEYs and DS retrieval

diff --cc pdns/syncres.cc
index c41161660e46cc05a706b510e34fe74def1f597a,34e8f68cbef7ea813124894cd90ef8499f08c624..6deca297ede11243d17d90660b7295724dab01fd
--- 1/pdns/syncres.cc
--- 2/pdns/syncres.cc
+++ b/pdns/syncres.cc
@@@ -2052,13 -2052,11 +2052,15 @@@ vState SyncRes::getDSRecords(const DNSN
    std::vector<DNSRecord> dsrecords;
  
    vState state = Indeterminate;
+   const bool oldCacheOnly = setCacheOnly(false);
    int rcode = doResolve(zone, QType(QType::DS), dsrecords, depth + 1, beenthere, state);
    d_skipCNAMECheck = oldSkipCNAME;
+   setCacheOnly(oldCacheOnly);
  
 +  if (rcode == RCode::ServFail) {
 +    throw ImmediateServFailException("Server Failure while retrieving DS records for " + zone.toLogString());
 +  }
 +
    if (rcode == RCode::NoError || (rcode == RCode::NXDomain && !bogusOnNXD)) {
      uint8_t bestDigestType = 0;
  
@@@ -2333,13 -2332,11 +2336,15 @@@ vState SyncRes::getDNSKeys(const DNSNam
    /* following CNAME might lead to us to the wrong DNSKEY */
    bool oldSkipCNAME = d_skipCNAMECheck;
    d_skipCNAMECheck = true;
+   const bool oldCacheOnly = setCacheOnly(false);
    int rcode = doResolve(signer, QType(QType::DNSKEY), records, depth + 1, beenthere, state);
    d_skipCNAMECheck = oldSkipCNAME;
+   setCacheOnly(oldCacheOnly);
  
 +  if (rcode == RCode::ServFail) {
 +    throw ImmediateServFailException("Server Failure while retrieving DNSKEY records for " + signer.toLogString());
 +  }
 +
    if (rcode == RCode::NoError) {
      if (state == Secure) {
        for (const auto& key : records) {