Evict the RRSIG when adding negative header

Formerly, we've evicted the RRSIG(type) only when we were changing
existing header from positive to negative.  Move the eviction routine
for the RRSIG to a common path, so the RRSIG also gets evicted when we
are adding new negative header for a specific type.

diff --git a/lib/dns/qpcache.c b/lib/dns/qpcache.c
index 219795917439bd8ae52e7bbfce903b23a5c87918..fe69818f547454b4ce9ecab743aa8c7cf2848dca 100644 (file)
--- a/lib/dns/qpcache.c
+++ b/lib/dns/qpcache.c
@@ -2912,15 +2912,7 @@ add(qpcache_t *qpdb, qpcnode_t *qpnode, dns_slabheader_t *newheader,
 
                mark_ancient(oldheader);
 
-               if (EXISTS(newheader) && NEGATIVE(newheader) &&
-                   !dns_rdatatype_issig(rdtype))
-               {
-                       if (oldtop->related != NULL) {
-                               dns_slabheader_t *oldsigheader =
-                                       first_header(oldtop->related);
-                               mark_ancient(oldsigheader);
-                       }
-               }
+               INSIST(oldtop->related == related);
        } else if (!EXISTS(newheader)) {
                /*
                 * The type already doesn't exist; no point trying
@@ -2975,6 +2967,18 @@ add(qpcache_t *qpdb, qpcnode_t *qpnode, dns_slabheader_t *newheader,
                }
        }
 
+       /*
+        * We've added a proof that a rdtype doesn't exist.
+        *
+        * Mark the related rrsig in the cache as ancient.
+        */
+       if (EXISTS(newheader) && NEGATIVE(newheader) &&
+           !dns_rdatatype_issig(rdtype) && related != NULL)
+       {
+               dns_slabheader_t *oldsigheader = first_header(oldtop->related);
+               mark_ancient(oldsigheader);
+       }
+
        bindrdataset(qpdb, qpnode, newheader, now, nlocktype, tlocktype,
                     addedrdataset DNS__DB_FLARG_PASS);