Don't preserve cache entries if new TTL is smaller than existing

Under certain circumstances, cache entries with equivalent rdataset
might not get replaced.  Previously such entry would get preserved
regardless of the new TTL and expire time on the existing header would
get updated when the expire time was less than the expire time on the
existing header.  Change the logic to preserve the existing header only
if the new expire time is larger than the existing one and replace the
existing cache entry when the new expire time is less than the existing
one.

Co-authored-by: Jinmei Tatuya <jtatuya@infoblox.com>

diff --git a/lib/dns/qpcache.c b/lib/dns/qpcache.c
index ecb2b11eac1454481e54353a58d86c2ae751a66e..56682966d27c3929be561cfad7028eafaeb10182 100644 (file)
--- a/lib/dns/qpcache.c
+++ b/lib/dns/qpcache.c
@@ -2734,29 +2734,22 @@ find_header:
                }
 
                /*
-                * Don't replace existing NS, A and AAAA RRsets in the
-                * cache if they already exist. This prevents named
-                * being locked to old servers. Don't lower trust of
-                * existing record if the update is forced. Nothing
-                * special to be done w.r.t stale data; it gets replaced
-                * normally further down.
+                * Don't replace existing NS in the cache if they already exist
+                * and replacing the existing one would increase the TTL. This
+                * prevents named being locked to old servers. Don't lower trust
+                * of existing record if the update is forced. Nothing special
+                * to be done w.r.t stale data; it gets replaced normally
+                * further down.
                 */
                if (ACTIVE(header, now) &&
                    top->typepair == DNS_TYPEPAIR(dns_rdatatype_ns) &&
                    EXISTS(header) && EXISTS(newheader) &&
                    header->trust >= newheader->trust &&
+                   header->expire < newheader->expire &&
                    dns_rdataslab_equalx(header, newheader,
                                         qpdb->common.rdclass,
                                         DNS_TYPEPAIR_TYPE(top->typepair)))
                {
-                       /*
-                        * Honour the new ttl if it is less than the
-                        * older one.
-                        */
-                       if (header->expire > newheader->expire) {
-                               setttl(header, newheader->expire);
-                       }
-
                        qpcache_hit(qpdb, header);
 
                        if (header->noqname == NULL &&
@@ -2806,16 +2799,9 @@ find_header:
                     top->typepair == DNS_SIGTYPEPAIR(dns_rdatatype_ds)) &&
                    EXISTS(header) && EXISTS(newheader) &&
                    header->trust >= newheader->trust &&
+                   header->expire < newheader->expire &&
                    dns_rdataslab_equal(header, newheader))
                {
-                       /*
-                        * Honour the new ttl if it is less than the
-                        * older one.
-                        */
-                       if (header->expire > newheader->expire) {
-                               setttl(header, newheader->expire);
-                       }
-
                        qpcache_hit(qpdb, header);
 
                        if (header->noqname == NULL &&