]> git.ipfire.org Git - thirdparty/knot-resolver.git/commitdiff
lib/validate: prevent caching of answers needing revalidation
authorMarek Vavruša <marek.vavrusa@nic.cz>
Tue, 22 Sep 2015 16:11:30 +0000 (18:11 +0200)
committerMarek Vavruša <marek.vavrusa@nic.cz>
Tue, 22 Sep 2015 16:11:30 +0000 (18:11 +0200)
lib/layer/iterate.c
lib/layer/pktcache.c
lib/layer/validate.c

index 5ab6887c30f909eba8ffa8a0167eb1a768519fce..631f19e0e2be710381f367f4faec02040daed894 100644 (file)
@@ -274,7 +274,7 @@ static int process_authority(knot_pkt_t *pkt, struct kr_request *req)
                        /* SOA below cut in authority indicates different authority, but same NS set. */
                        if (knot_dname_is_sub(rr->owner, qry->zone_cut.name)) {
                                qry->zone_cut.name = knot_dname_copy(rr->owner, &req->pool);
-                               if (knot_pkt_has_dnssec(pkt)) { /* Treat as a referral */
+                               if (qry->flags & QUERY_DNSSEC_WANT) { /* Treat as a referral */
                                        return KNOT_STATE_DONE;
                                }
                        }
index c4a50d0797a4a80c1ca2dbd052f6deb0f9484c9f..8c866e4ec3cd9679a5b0aabdfb07f770f9265f71 100644 (file)
@@ -100,8 +100,8 @@ static int peek(knot_layer_t *ctx, knot_pkt_t *pkt)
        if (!qry || ctx->state & (KNOT_STATE_DONE|KNOT_STATE_FAIL)) {
                return ctx->state; /* Already resolved/failed */
        }
-       if (!(qry->flags & QUERY_AWAIT_CUT)) {
-               return ctx->state; /* Only lookup on first iteration */
+       if (qry->ns.addr.ip.sa_family != AF_UNSPEC) {
+               return ctx->state; /* Only lookup before asking a query */
        }
        if (knot_pkt_qclass(pkt) != KNOT_CLASS_IN) {
                return ctx->state; /* Only IN class */
index 201ec0ed9b674fdfdd76816e94c1394f4efeaa7f..f6d08351ed173150f4fc3dbf5e0a02021273fc08 100644 (file)
@@ -395,6 +395,7 @@ static int validate(knot_layer_t *ctx, knot_pkt_t *pkt)
        const knot_dname_t *sig_name = first_rrsig_signer_name(pkt);
        if (key_own && sig_name && !knot_dname_is_equal(key_own, sig_name)) {
                DEBUG_MSG(qry, ">< cut changed, needs revalidation\n");
+               knot_wire_set_rcode(pkt->wire, KNOT_RCODE_SERVFAIL); /* Prevent caching */
                qry->flags &= ~QUERY_RESOLVED;
                return KNOT_STATE_CONSUME;
        }