- Fix TTL of SOA so negative TTL is separately cached from normal TTL.

git-svn-id: file:///svn/unbound/trunk@2416 be551aaa-1e26-0410-a405-d3ace91eadb9

diff --git a/daemon/remote.c b/daemon/remote.c
index a5e10b4ff6e3a543593f0d84fd80ea744fe5feff..2f842be5078e0ab089f4e4c17e5bd445b79864c9 100644 (file)
--- a/daemon/remote.c
+++ b/daemon/remote.c
@@ -1063,6 +1063,9 @@ do_cache_remove(struct worker* worker, uint8_t* nm, size_t nmlen,
        hashvalue_t h;
        struct query_info k;
        rrset_cache_remove(worker->env.rrset_cache, nm, nmlen, t, c, 0);
+       if(t == LDNS_RR_TYPE_SOA)
+               rrset_cache_remove(worker->env.rrset_cache, nm, nmlen, t, c,
+                       PACKED_RRSET_SOA_NEG);
        k.qname = nm;
        k.qname_len = nmlen;
        k.qtype = t;

diff --git a/doc/Changelog b/doc/Changelog
index 2c02111048ae81dc29d56fdf0506f9956a748d6e..547fcbd018c82b937bf337ff8e90e65f6ddc59c1 100644 (file)
--- a/doc/Changelog
+++ b/doc/Changelog
@@ -3,6 +3,7 @@
          and reduces install size significantly.
        - feature, ignore-cd-flag: yesno to provide dnssec to legacy servers.
        - iana portlist updated.
+       - Fix TTL of SOA so negative TTL is separately cached from normal TTL.
 
 14 April 2011: Wouter
        - configure created with newer autoconf 2.66.

diff --git a/testdata/iter_soamin.rpl b/testdata/iter_soamin.rpl
new file mode 100644 (file)
index 0000000..42eb808
--- /dev/null
+++ b/testdata/iter_soamin.rpl
@@ -0,0 +1,208 @@
+; config options
+server:
+       target-fetch-policy: "0 0 0 0 0"
+
+stub-zone:
+       name: "."
+       stub-addr: 193.0.14.129         # K.ROOT-SERVERS.NET.
+CONFIG_END
+
+SCENARIO_BEGIN Test cache of SOA with minimum ttl and normal ttl.
+
+; K.ROOT-SERVERS.NET.
+RANGE_BEGIN 0 100
+       ADDRESS 193.0.14.129 
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+. IN NS
+SECTION ANSWER
+. IN NS        K.ROOT-SERVERS.NET.
+SECTION ADDITIONAL
+K.ROOT-SERVERS.NET.    IN      A       193.0.14.129
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode subdomain
+ADJUST copy_id copy_query
+REPLY QR NOERROR
+SECTION QUESTION
+com. IN NS
+SECTION AUTHORITY
+com.   IN NS   a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.    IN      A       192.5.6.30
+ENTRY_END
+RANGE_END
+
+; a.gtld-servers.net.
+RANGE_BEGIN 0 100
+       ADDRESS 192.5.6.30
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+com. IN NS
+SECTION ANSWER
+com.   IN NS   a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.    IN      A       192.5.6.30
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode subdomain
+ADJUST copy_id copy_query
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN NS
+SECTION AUTHORITY
+example.com.   IN NS   ns.example.com.
+SECTION ADDITIONAL
+ns.example.com.                IN      A       1.2.3.4
+ENTRY_END
+RANGE_END
+
+; ns.example.com.
+RANGE_BEGIN 0 100
+       ADDRESS 1.2.3.4
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN NS
+SECTION ANSWER
+example.com.   IN NS   ns.example.com.
+SECTION ADDITIONAL
+ns.example.com.                IN      A       1.2.3.4
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.example.com. IN A
+SECTION ANSWER
+www.example.com. IN A  10.20.30.40
+SECTION AUTHORITY
+example.com.   IN NS   ns.example.com.
+SECTION ADDITIONAL
+ns.example.com.                IN      A       1.2.3.4
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR AA NOERROR
+SECTION QUESTION
+example.com. IN SOA
+SECTION ANSWER
+example.com. 86400 IN SOA dns1.icann.org. hostmaster.icann.org. 2010074630 7200 3600 1209600 3600
+SECTION AUTHORITY
+example.com. 3600 IN NS        ns.example.com.
+SECTION ADDITIONAL
+ns.example.com.        3600 IN         A       1.2.3.4
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR AA NXDOMAIN
+SECTION QUESTION
+nx.example.com. IN A
+SECTION AUTHORITY
+example.com. 3600 IN SOA dns1.icann.org. hostmaster.icann.org. 2010074630 7200 3600 1209600 3600
+ENTRY_END
+
+RANGE_END
+
+; put both queries with SOA records into the cache and then query them from
+; the cache.
+; first the nxdomain, so that the positive SOA answer later overrides the
+; SOA from the authority section from that nxdomain.
+
+STEP 1 QUERY
+ENTRY_BEGIN
+REPLY RD
+SECTION QUESTION
+nx.example.com. IN A
+ENTRY_END
+
+; recursion happens here.
+STEP 10 CHECK_ANSWER
+ENTRY_BEGIN
+MATCH all ttl
+REPLY QR RD RA NXDOMAIN
+SECTION QUESTION
+nx.example.com. IN A
+SECTION AUTHORITY
+example.com. 3600 IN SOA dns1.icann.org. hostmaster.icann.org. 2010074630 7200 3600 1209600 3600
+ENTRY_END
+
+STEP 20 QUERY
+ENTRY_BEGIN
+REPLY RD
+SECTION QUESTION
+example.com. IN SOA
+ENTRY_END
+
+; recursion happens here.
+STEP 30 CHECK_ANSWER
+ENTRY_BEGIN
+MATCH all ttl
+REPLY QR RD RA NOERROR
+SECTION QUESTION
+example.com. IN SOA
+SECTION ANSWER
+example.com. 86400 IN SOA dns1.icann.org. hostmaster.icann.org. 2010074630 7200 3600 1209600 3600
+SECTION AUTHORITY
+example.com. 3600 IN NS        ns.example.com.
+SECTION ADDITIONAL
+ns.example.com.        3600 IN         A       1.2.3.4
+ENTRY_END
+
+; now check them from the cache (no seconds elapsed).
+
+STEP 110 QUERY
+ENTRY_BEGIN
+REPLY RD
+SECTION QUESTION
+nx.example.com. IN A
+ENTRY_END
+
+STEP 120 CHECK_ANSWER
+ENTRY_BEGIN
+MATCH all ttl
+REPLY QR RD RA NXDOMAIN
+SECTION QUESTION
+nx.example.com. IN A
+SECTION AUTHORITY
+example.com. 3600 IN SOA dns1.icann.org. hostmaster.icann.org. 2010074630 7200 3600 1209600 3600
+ENTRY_END
+
+STEP 130 QUERY
+ENTRY_BEGIN
+REPLY RD
+SECTION QUESTION
+example.com. IN SOA
+ENTRY_END
+
+STEP 140 CHECK_ANSWER
+ENTRY_BEGIN
+MATCH all ttl
+REPLY QR RD RA NOERROR
+SECTION QUESTION
+example.com. IN SOA
+SECTION ANSWER
+example.com. 86400 IN SOA dns1.icann.org. hostmaster.icann.org. 2010074630 7200 3600 1209600 3600
+SECTION AUTHORITY
+example.com. 3600 IN NS        ns.example.com.
+SECTION ADDITIONAL
+ns.example.com.        3600 IN         A       1.2.3.4
+ENTRY_END
+
+SCENARIO_END

diff --git a/testdata/val_negcache_dssoa.rpl b/testdata/val_negcache_dssoa.rpl
index b312a9f132e6aadff7ccb16322848463dca8290f..7040af8302a0215ebce149b12a510303539e302f 100644 (file)
--- a/testdata/val_negcache_dssoa.rpl
+++ b/testdata/val_negcache_dssoa.rpl
@@ -140,12 +140,16 @@ ENTRY_END
 ENTRY_BEGIN
 MATCH opcode qtype qname
 ADJUST copy_id
-REPLY QR AA NOERROR
+REPLY QR AA NXDOMAIN
 SECTION QUESTION
-example.com. IN SOA
-SECTION ANSWER
-example.com.   IN      SOA ns.example.com. h.example.com. 2007090504 1800 1800 2419200 7200
-example.com.    3600    IN      RRSIG   SOA 3 2 3600 20070926134150 20070829134150 2854 example.com. MCwCFC5uwIHSehZtetK2CMNXttSFUB0XAhROFDAgy/FaxR8zFXJzyPdpQG93Sw== ;{id = 2854}
+nx.example.com. IN A
+SECTION AUTHORITY
+example.com.   7200 IN SOA ns.example.com. h.example.com. 2007090504 1800 1800 2419200 7200
+example.com.    7200 IN      RRSIG   SOA 3 2 3600 20070926134150 20070829134150 2854 example.com. MCwCFC5uwIHSehZtetK2CMNXttSFUB0XAhROFDAgy/FaxR8zFXJzyPdpQG93Sw== ;{id = 2854}
+nw.example.com.        7200    IN      NSEC    ny.example.com. A RRSIG 
+nw.example.com.        7200    IN      RRSIG   NSEC 3 3 3600 20070926134150 20070829134150 2854 example.com. AHMp+sqWyR3JL6P0LhJ10fufMFSkW9+DM3QghOokyqgbRu54Q1XrHoE= ;{id = 2854}
+!.example.com. 7200 IN NSEC +.example.com. A RRSIG
+!.example.com. 7200    IN      RRSIG   NSEC 3 3 7200 20070926134150 20070829134150 2854 example.com. AJsNy2VkFTJEMShfEcvIkBe+UViVYDJbNNuGnwf/QecOrhONaVpIXy4= ;{id = 2854}
 ENTRY_END
 
 RANGE_END
@@ -204,19 +208,23 @@ STEP 14 QUERY
 ENTRY_BEGIN
 REPLY RD DO
 SECTION QUESTION
-example.com. IN SOA
+nx.example.com. IN A
 ENTRY_END
 
 STEP 15 CHECK_ANSWER
 ENTRY_BEGIN
 MATCH all
-REPLY QR RD RA AD NOERROR
+REPLY QR RD RA AD NXDOMAIN
 SECTION QUESTION
-example.com. IN SOA
+nx.example.com. IN A
 SECTION ANSWER
-example.com.   IN      SOA ns.example.com. h.example.com. 2007090504 1800 1800 2419200 7200
-example.com.    3600    IN      RRSIG   SOA 3 2 3600 20070926134150 20070829134150 2854 example.com. MCwCFC5uwIHSehZtetK2CMNXttSFUB0XAhROFDAgy/FaxR8zFXJzyPdpQG93Sw== ;{id = 2854}
 SECTION AUTHORITY
+example.com.   7200 IN SOA ns.example.com. h.example.com. 2007090504 1800 1800 2419200 7200
+example.com.    7200    IN      RRSIG   SOA 3 2 3600 20070926134150 20070829134150 2854 example.com. MCwCFC5uwIHSehZtetK2CMNXttSFUB0XAhROFDAgy/FaxR8zFXJzyPdpQG93Sw== ;{id = 2854}
+nw.example.com.        7200    IN      NSEC    ny.example.com. A RRSIG 
+nw.example.com.        7200    IN      RRSIG   NSEC 3 3 3600 20070926134150 20070829134150 2854 example.com. AHMp+sqWyR3JL6P0LhJ10fufMFSkW9+DM3QghOokyqgbRu54Q1XrHoE= ;{id = 2854}
+!.example.com. 7200 IN NSEC +.example.com. A RRSIG
+!.example.com. 7200    IN      RRSIG   NSEC 3 3 7200 20070926134150 20070829134150 2854 example.com. AJsNy2VkFTJEMShfEcvIkBe+UViVYDJbNNuGnwf/QecOrhONaVpIXy4= ;{id = 2854}
 SECTION ADDITIONAL
 ENTRY_END
 
@@ -238,8 +246,8 @@ SECTION ANSWER
 SECTION AUTHORITY
 sub.example.com. IN    NSEC www.example.com. NS RRSIG NSEC
 sub.example.com.        3600    IN      RRSIG   NSEC 3 3 3600 20070926134150 20070829134150 2854 example.com. MCwCFDCaiDM6G+glwNW276HWdH+McmjgAhRSwF5OfimNQCqkWgnYotLOwUghKQ== ;{id = 2854}
-example.com.   IN      SOA ns.example.com. h.example.com. 2007090504 1800 1800 2419200 7200
-example.com.    3600    IN      RRSIG   SOA 3 2 3600 20070926134150 20070829134150 2854 example.com. MCwCFC5uwIHSehZtetK2CMNXttSFUB0XAhROFDAgy/FaxR8zFXJzyPdpQG93Sw== ;{id = 2854}
+example.com.   7200 IN SOA ns.example.com. h.example.com. 2007090504 1800 1800 2419200 7200
+example.com.    7200 IN RRSIG   SOA 3 2 3600 20070926134150 20070829134150 2854 example.com. MCwCFC5uwIHSehZtetK2CMNXttSFUB0XAhROFDAgy/FaxR8zFXJzyPdpQG93Sw== ;{id = 2854}
 ENTRY_END
 
 SCENARIO_END

diff --git a/util/data/msgparse.c b/util/data/msgparse.c
index 68ca4ebab9c2f026ddf923d2d8b9cda99c440ef5..db5f4147ed23ea9224b27c49c2bd6d3f7a357243 100644 (file)
--- a/util/data/msgparse.c
+++ b/util/data/msgparse.c
@@ -145,11 +145,13 @@ nsec_at_apex(ldns_buffer* pkt)
 
 /** Calculate rrset flags */
 static uint32_t
-pkt_rrset_flags(ldns_buffer* pkt, uint16_t type)
+pkt_rrset_flags(ldns_buffer* pkt, uint16_t type, ldns_pkt_section sec)
 {
        uint32_t f = 0;
        if(type == LDNS_RR_TYPE_NSEC && nsec_at_apex(pkt)) {
                f |= PACKED_RRSET_NSEC_AT_APEX;
+       } else if(type == LDNS_RR_TYPE_SOA && sec == LDNS_SECTION_AUTHORITY) {
+               f |= PACKED_RRSET_SOA_NEG;
        }
        return f;
 }
@@ -482,7 +484,7 @@ find_rrset(struct msg_parse* msg, ldns_buffer* pkt, uint8_t* dname,
                }
        }
        /* find by hashing and lookup in hashtable */
-       *rrset_flags = pkt_rrset_flags(pkt, type);
+       *rrset_flags = pkt_rrset_flags(pkt, type, section);
        
        /* if rrsig - try to lookup matching data set first */
        if(type == LDNS_RR_TYPE_RRSIG && pkt_rrsig_covered(pkt, 

diff --git a/util/data/packed_rrset.h b/util/data/packed_rrset.h
index 2171ecbb054e1fcbf0b70f6ac950dc98abc51e7c..f2dd6e877eeaf68ef65bd626dcc01fb48385f403 100644 (file)
--- a/util/data/packed_rrset.h
+++ b/util/data/packed_rrset.h
@@ -54,6 +54,10 @@ typedef uint64_t rrset_id_t;
 #define PACKED_RRSET_NSEC_AT_APEX 0x1
 /** this rrset is A/AAAA and is in-zone-glue (from parent side of zonecut) */
 #define PACKED_RRSET_PARENT_SIDE 0x2
+/** this rrset is SOA and has the negative ttl (from nxdomain or nodata),
+ * this is set on SOA rrsets in the authority section, to keep its TTL separate
+ * from the SOA in the answer section from a direct SOA query or ANY query. */
+#define PACKED_RRSET_SOA_NEG 0x4
 
 /**
  * The identifying information for an RRset.
@@ -73,6 +77,7 @@ struct packed_rrset_key {
         * Flags. 32bit to be easy for hashing:
         *      o PACKED_RRSET_NSEC_AT_APEX
         *      o PACKED_RRSET_PARENT_SIDE
+        *      o PACKED_RRSET_SOA_NEG
         */
        uint32_t flags;
        /** the rrset type in network format */

diff --git a/validator/val_neg.c b/validator/val_neg.c
index e58cfbdc66d0d7e2769307f214c66a2e0a601c33..60434db0338585713c1b80e670c9f72a2f63f479 100644 (file)
--- a/validator/val_neg.c
+++ b/validator/val_neg.c
@@ -1371,7 +1371,7 @@ static int add_soa(struct rrset_cache* rrset_cache, uint32_t now,
                        return 0;
        }
        soa = rrset_cache_lookup(rrset_cache, nm, nmlen, LDNS_RR_TYPE_SOA, 
-               dclass, 0, now, 0);
+               dclass, PACKED_RRSET_SOA_NEG, now, 0);
        if(!soa)
                return 0;
        if(!dns_msg_authadd(msg, region, soa, now)) {