From: bert hubert Date: Fri, 2 Oct 2015 13:09:45 +0000 (+0200) Subject: make sure we also add RRSIGs for CNAME records when retrieving from the cache X-Git-Tag: dnsdist-1.0.0-alpha1~248^2~23 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=1f77f4791dc5a5a7e9f7366bd79a5f996dc09437;p=thirdparty%2Fpdns.git make sure we also add RRSIGs for CNAME records when retrieving from the cache --- diff --git a/pdns/syncres.cc b/pdns/syncres.cc index dce3f8186d..d8e6683c18 100644 --- a/pdns/syncres.cc +++ b/pdns/syncres.cc @@ -651,7 +651,8 @@ bool SyncRes::doCNAMECacheCheck(const DNSName &qname, const QType &qtype, vector LOG(prefix< cset; - if(t_RC->get(d_now.tv_sec, qname,QType(QType::CNAME),&cset) > 0) { + vector> signatures; + if(t_RC->get(d_now.tv_sec, qname,QType(QType::CNAME), &cset, &signatures) > 0) { for(auto j=cset.cbegin() ; j != cset.cend() ; ++j) { if(j->d_ttl>(unsigned int) d_now.tv_sec) { @@ -659,6 +660,18 @@ bool SyncRes::doCNAMECacheCheck(const DNSName &qname, const QType &qtype, vector DNSRecord dr=*j; dr.d_ttl-=d_now.tv_sec; ret.push_back(dr); + + for(const auto& signature : signatures) { + DNSRecord dr; + dr.d_type=QType::RRSIG; + dr.d_name=qname; + dr.d_ttl=j->d_ttl - d_now.tv_sec; + dr.d_content=signature; + dr.d_place=DNSRecord::Answer; + dr.d_class=1; + ret.push_back(dr); + } + if(!(qtype==QType(QType::CNAME))) { // perhaps they really wanted a CNAME! setbeenthere; res=doResolve(std::dynamic_pointer_cast(j->d_content)->getTarget(), qtype, ret, depth+1, beenthere); @@ -1087,7 +1100,7 @@ int SyncRes::doResolveAt(set nameservers, DNSName auth, bool flawedNSSe // reap all answers from this packet that are acceptable for(auto& rec : lwr.d_records) { if(rec.d_type == QType::OPT) { - LOG(prefix<getZoneRepresentation()<<"' from '"<