policy: fix generated SOA RR so it can be cached

RFC 6303 section 3 explains that

   The SOA RR is needed to support negative caching [RFC2308] of name
   error responses and to point clients to the primary master for DNS
   dynamic updates.

Now SOA RR owner name matches query name so it can be cached.
Using zone name as owner would be more difficult so it is left for
further optimizations.

I've verified that nsupdate correctly determines that master name
does not exist and stops update process.

diff --git a/modules/policy/policy.lua b/modules/policy/policy.lua
index 552731ed0ffc8404ff361ec3a2ce7409740d36e7..21209b88af8ebd3003bf1c9a2425fc7f3fbf40c9 100644 (file)
--- a/modules/policy/policy.lua
+++ b/modules/policy/policy.lua
@@ -287,8 +287,8 @@ local function mkauth_soa(answer, dname, mname)
        if mname == nil then
                mname = dname
        end
-       return answer:put(dname, 900, answer:qclass(), kres.type.SOA,
-               mname .. '\6nobody\7invalid\0\0\0\0\0\0\0\14\16\0\0\3\132\0\9\58\128\0\0\3\132')
+       return answer:put(dname, 10800, answer:qclass(), kres.type.SOA,
+               mname .. '\6nobody\7invalid\0\0\0\0\1\0\0\14\16\0\0\4\176\0\9\58\128\0\0\42\48')
 end
 
 local dname_localhost = todname('localhost.')
@@ -475,10 +475,10 @@ function policy.DENY_MSG(msg)
                ffi.C.kr_pkt_make_auth_header(answer)
                answer:rcode(kres.rcode.NXDOMAIN)
                answer:begin(kres.section.AUTHORITY)
-               mkauth_soa(answer, '\7blocked\0')
+               mkauth_soa(answer, answer:qname())
                if msg then
                        answer:begin(kres.section.ADDITIONAL)
-                       answer:put('\11explanation\7invalid', 900, answer:qclass(), kres.type.TXT,
+                       answer:put('\11explanation\7invalid', 10800, answer:qclass(), kres.type.TXT,
                                   string.char(#msg) .. msg)
 
                end