From: Otto Moerbeek Date: Fri, 20 Jan 2023 13:14:00 +0000 (+0100) Subject: Be a bit more conservative, only clean specific (neg)cache entries if needed X-Git-Tag: dnsdist-1.8.0-rc1~93^2~5 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=6b36620f4075aa2c624d760ccff5d9baece78713;p=thirdparty%2Fpdns.git Be a bit more conservative, only clean specific (neg)cache entries if needed *and* server-stale is active --- diff --git a/pdns/recursordist/syncres.cc b/pdns/recursordist/syncres.cc index 4f951a3d5d..542afc0c7c 100644 --- a/pdns/recursordist/syncres.cc +++ b/pdns/recursordist/syncres.cc @@ -4640,7 +4640,9 @@ RCode::rcodes_ SyncRes::updateCacheFromRecords(unsigned int depth, LWResult& lwr // Delete potential negcache entry. When a record recovers with serve-stale the negcache entry can cause the wrong entry to // served, as negcache entries are checked before record cache entries - g_negCache->wipe(i->first.name, i->first.type); + if (NegCache::s_maxServedStaleExtensions > 0) { + g_negCache->wipe(i->first.name, i->first.type); + } if (g_aggressiveNSECCache && needWildcardProof && recordState == vState::Secure && i->first.place == DNSResourceRecord::ANSWER && i->first.name == qname && !i->second.signatures.empty() && !d_routingTag && !ednsmask) { /* we have an answer synthesized from a wildcard and aggressive NSEC is enabled, we need to store the @@ -4809,7 +4811,7 @@ bool SyncRes::processRecords(const std::string& prefix, const DNSName& qname, co g_negCache->add(ne); // doCNAMECacheCheck() checks record cache and does not look into negcache. That means that and old record might be found if // serve-stale is active. Avoid that by explicitly zapping that CNAME record. - if (qtype == QType::CNAME) { + if (qtype == QType::CNAME && MemRecursorCache::s_maxServedStaleExtensions > 0) { g_recCache->doWipeCache(qname, false, qtype); } if (s_rootNXTrust && ne.d_auth.isRoot() && auth.isRoot() && lwr.d_aabit) {