From: Otto Moerbeek <otto.moerbeek@open-xchange.com>
Date: Wed, 29 Nov 2023 15:47:01 +0000 (+0100)
Subject: rec: a single NSEC3 record covering everything is a special case
X-Git-Tag: rec-4.9.4~3^2~1
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=8e2f28ac28c25216b601c6e47e58a948564c43b2;p=thirdparty%2Fpdns.git

rec: a single NSEC3 record covering everything is a special case

Fixes #13542

(cherry picked from commit 257b23b4f55031a94b04c472489c3806ab57a244)
---

diff --git a/pdns/recursordist/aggressive_nsec.cc b/pdns/recursordist/aggressive_nsec.cc
index 16ea10e011..ce23362198 100644
--- a/pdns/recursordist/aggressive_nsec.cc
+++ b/pdns/recursordist/aggressive_nsec.cc
@@ -262,6 +262,10 @@ static bool commonPrefixIsLong(const string& one, const string& two, size_t boun
 bool AggressiveNSECCache::isSmallCoveringNSEC3(const DNSName& owner, const std::string& nextHash)
 {
   std::string ownerHash(fromBase32Hex(owner.getRawLabel(0)));
+  // Special case: empty zone, so the single NSEC3 covers everything. Prefix is long but we still want it cached.
+  if (ownerHash == nextHash) {
+    return false;
+  }
   return commonPrefixIsLong(ownerHash, nextHash, AggressiveNSECCache::s_maxNSEC3CommonPrefix);
 }