From: Pieter Lexis Date: Mon, 10 Apr 2017 08:07:01 +0000 (+0200) Subject: rec negcache: Use single iterator in getRootNXTrust X-Git-Tag: rec-4.1.0-alpha1~166^2~5 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=2509f3599433c4a9a098f12fb60bde9a36a21993;p=thirdparty%2Fpdns.git rec negcache: Use single iterator in getRootNXTrust --- diff --git a/pdns/recursordist/negcache.cc b/pdns/recursordist/negcache.cc index 4588d671e6..736d24560c 100644 --- a/pdns/recursordist/negcache.cc +++ b/pdns/recursordist/negcache.cc @@ -24,7 +24,8 @@ #include "cachecleaner.hh" /*! - * Set ne to the NegCacheEntry for the last label in qname and return true + * Set ne to the NegCacheEntry for the last label in qname and return true if there + * was one. * * \param qname The name to look up (only the last label is used) * \param now A timeval with the current time, to check if an entry is expired @@ -32,20 +33,27 @@ * \return true if ne was filled out, false otherwise */ bool NegCache::getRootNXTrust(const DNSName& qname, const struct timeval& now, NegCacheEntry& ne) { + // Never deny the root. + if (qname.isRoot()) + return false; + // An 'ENT' QType entry, used as "whole name" in the neg-cache context. static const QType qtnull(0); - pair range; DNSName lastLabel = qname.getLastLabel(); - range.first = d_negcache.find(tie(lastLabel, qtnull)); + negcache_t::const_iterator ni = d_negcache.find(tie(lastLabel, qtnull)); - if (range.first != d_negcache.end() && - range.first->d_auth.isRoot()) { - if ((uint32_t)now.tv_sec < range.first->d_ttd) { - ne = *range.first; - moveCacheItemToBack(d_negcache, range.first); + while (ni != d_negcache.end() && + ni->d_name == lastLabel && + ni->d_auth.isRoot() && + ni->d_qtype == qtnull) { + // We have something + if ((uint32_t)now.tv_sec < ni->d_ttd) { + ne = *ni; + moveCacheItemToBack(d_negcache, ni); return true; } - moveCacheItemToFront(d_negcache, range.first); + moveCacheItemToFront(d_negcache, ni); + ni++; } return false; }