From: Ondřej Surý Date: Thu, 14 Aug 2025 06:41:05 +0000 (+0200) Subject: Always delete the cached results on broken chain X-Git-Tag: v9.21.12~46^2 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=2b269fd0a441d40396f990937a2a0fed4f672741;p=thirdparty%2Fbind9.git Always delete the cached results on broken chain The logic to delete records from the cache was relying on the contents of the validation answer. Change the logic to always delete the contents of the cache on the broken chain result. --- diff --git a/lib/dns/resolver.c b/lib/dns/resolver.c index 546a6ee2e84..186b68206f8 100644 --- a/lib/dns/resolver.c +++ b/lib/dns/resolver.c @@ -5289,23 +5289,19 @@ cache_rrset(fetchctx_t *fctx, isc_stdtime_t now, dns_name_t *name, } static void -delete_rrset(fetchctx_t *fctx, dns_name_t *name, dns_rdatatype_t type, - bool delrrsig) { +delete_rrset(fetchctx_t *fctx, dns_name_t *name, dns_rdatatype_t type) { isc_result_t result; dns_dbnode_t *node = NULL; result = dns_db_findnode(fctx->cache, name, false, &node); - if (result == ISC_R_SUCCESS) { - dns_db_deleterdataset(fctx->cache, node, NULL, type, 0); - if (delrrsig) { - dns_db_deleterdataset(fctx->cache, node, NULL, - dns_rdatatype_rrsig, type); - } + if (result != ISC_R_SUCCESS) { + return; } - if (node != NULL) { - dns_db_detachnode(&node); - } + dns_db_deleterdataset(fctx->cache, node, NULL, type, 0); + dns_db_deleterdataset(fctx->cache, node, NULL, dns_rdatatype_rrsig, + type); + dns_db_detachnode(&node); } static void @@ -5437,10 +5433,7 @@ validated(void *arg) { fctx->valfail++; result = fctx->vresult = val->result; if (result != DNS_R_BROKENCHAIN) { - if (val->rdataset != NULL) { - delete_rrset(fctx, val->name, val->type, - val->sigrdataset != NULL); - } + delete_rrset(fctx, val->name, val->type); } else if (!negative) { /* * Cache the data as pending for later validation.