rec: Limit the TTL of RRSIG records as well

author Remi Gacogne <remi.gacogne@powerdns.com>

Fri, 5 Jun 2020 13:14:35 +0000 (15:14 +0200)

committer Otto Moerbeek <otto.moerbeek@open-xchange.com>

Tue, 16 Jun 2020 14:40:21 +0000 (16:40 +0200)
author Remi Gacogne <remi.gacogne@powerdns.com>
Fri, 5 Jun 2020 13:14:35 +0000 (15:14 +0200)
committer Otto Moerbeek <otto.moerbeek@open-xchange.com>
Tue, 16 Jun 2020 14:40:21 +0000 (16:40 +0200)
diff --git a/pdns/syncres.cc b/pdns/syncres.cc

index 3a27b2ace3999d099bcb86016f40170a7f0dccca..94e2a6c99e12e1c6d1534541dbd4f512eed95df7 100644 (file)
--- a/pdns/syncres.cc
+++ b/pdns/syncres.cc
@@ -2531,11 +2531,13 @@ RCode::rcodes_ SyncRes::updateCacheFromRecords(unsigned int depth, LWResult& lwr
    const unsigned int labelCount = qname.countLabels();
    bool isCNAMEAnswer = false;
    bool isDNAMEAnswer = false;
-  for(const auto& rec : lwr.d_records) {
-    if (rec.d_class != QClass::IN) {
+  for (auto& rec : lwr.d_records) {
+    if (rec.d_type == QType::OPT || rec.d_class != QClass::IN) {
        continue;
      }
  
+    rec.d_ttl = min(s_maxcachettl, rec.d_ttl);
+
      if(!isCNAMEAnswer && rec.d_place == DNSResourceRecord::ANSWER && rec.d_type == QType::CNAME && (!(qtype==QType(QType::CNAME))) && rec.d_name == qname && !isDNAMEAnswer) {
        isCNAMEAnswer = true;
      }
@@ -2558,7 +2560,7 @@ RCode::rcodes_ SyncRes::updateCacheFromRecords(unsigned int depth, LWResult& lwr
          }
        }
      }
-    if(rec.d_type == QType::RRSIG) {
+    if (rec.d_type == QType::RRSIG) {
        auto rrsig = getRR<RRSIGRecordContent>(rec);
        if (rrsig) {
          /* As illustrated in rfc4035's Appendix B.6, the RRSIG label
author	Remi Gacogne <remi.gacogne@powerdns.com>
	Fri, 5 Jun 2020 13:14:35 +0000 (15:14 +0200)
committer	Otto Moerbeek <otto.moerbeek@open-xchange.com>
	Tue, 16 Jun 2020 14:40:21 +0000 (16:40 +0200)