Use packetcache-servfail-ttl for all packet cache entries considered an error reply.

The "this is an error" test is: no answer records and rcode not equal to NoError. This needs to be validated.
Fixes #9135.

diff --git a/pdns/pdns_recursor.cc b/pdns/pdns_recursor.cc
index 280f93674442b25d9aee32354543d45021f38473..214a20d5d5e655e5f9ea0eeb5251a60643b479a2 100644 (file)
--- a/pdns/pdns_recursor.cc
+++ b/pdns/pdns_recursor.cc
@@ -2299,8 +2299,11 @@ static void startDoResolve(void *p)
       g_stats.variableResponses++;
     }
     if (!SyncRes::s_nopacketcache && !variableAnswer && !sr.wasVariable()) {
-      minTTL = min(minTTL, pw.getHeader()->rcode == RCode::ServFail ? SyncRes::s_packetcacheservfailttl :
-                   SyncRes::s_packetcachettl);
+      const auto& hdr = pw.getHeader();
+      if (hdr->ancount == 0 && hdr->rcode != RCode::NoError) {
+        minTTL = min(minTTL, SyncRes::s_packetcacheservfailttl);
+      }
+      minTTL = min(minTTL, SyncRes::s_packetcachettl);
       t_packetCache->insertResponsePacket(dc->d_tag, dc->d_qhash, std::move(dc->d_query), dc->d_mdp.d_qname,
                                           dc->d_mdp.d_qtype, dc->d_mdp.d_qclass,
                                           string((const char*)&*packet.begin(), packet.size()),

diff --git a/pdns/recursordist/docs/settings.rst b/pdns/recursordist/docs/settings.rst
index eab06acac582d56240571a256cab8b14d3463122..b7433d9ddaad12a357aee704bab9976fe88fcc7a 100644 (file)
--- a/pdns/recursordist/docs/settings.rst
+++ b/pdns/recursordist/docs/settings.rst
@@ -1413,7 +1413,7 @@ Maximum number of seconds to cache an item in the packet cache, no matter what t
 -  Integer
 -  Default: 60
 
-Maximum number of seconds to cache a 'server failure' answer in the packet cache.
+Maximum number of seconds to cache a 'server failure' and other answers signalling an error in the packet cache.
 
 .. versionchanged:: 4.0.0