From: Mark Andrews <marka@isc.org>
Date: Tue, 15 Nov 2022 05:35:32 +0000 (+1100)
Subject: Revert "Fix rndc dumpdb -expired for stuck cache contents"
X-Git-Tag: v9.19.8~7^2~6
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=90249e4aa574016b61fbd550bf038efcd85a5d15;p=thirdparty%2Fbind9.git

Revert "Fix rndc dumpdb -expired for stuck cache contents"

This reverts commit f8d866c6efa4c9c2726f8ebcf2e66122198576c4.
---

diff --git a/lib/dns/rbtdb.c b/lib/dns/rbtdb.c
index 15732ca87b2..de5d3b170c3 100644
--- a/lib/dns/rbtdb.c
+++ b/lib/dns/rbtdb.c
@@ -8839,11 +8839,16 @@ rdatasetiter_first(dns_rdatasetiter_t *iterator) {
 	dns_rbtnode_t *rbtnode = rbtiterator->common.node;
 	rbtdb_version_t *rbtversion = rbtiterator->common.version;
 	rdatasetheader_t *header, *top_next;
-	rbtdb_serial_t serial = 1;
+	rbtdb_serial_t serial;
+	isc_stdtime_t now;
 	isc_rwlocktype_t nlocktype = isc_rwlocktype_none;
 
-	if (!IS_CACHE(rbtdb)) {
+	if (IS_CACHE(rbtdb)) {
+		serial = 1;
+		now = rbtiterator->common.now;
+	} else {
 		serial = rbtversion->serial;
+		now = 0;
 	}
 
 	NODE_RDLOCK(&rbtdb->node_locks[rbtnode->locknum].lock, &nlocktype);
@@ -8854,9 +8859,19 @@ rdatasetiter_first(dns_rdatasetiter_t *iterator) {
 			if (header->serial <= serial && !IGNORE(header)) {
 				/*
 				 * Is this a "this rdataset doesn't exist"
-				 * record?
+				 * record?  Or is it too old in the cache?
+				 *
+				 * Note: unlike everywhere else, we
+				 * check for now > header->rdh_ttl instead
+				 * of ">=".  This allows ANY and RRSIG
+				 *  queries for 0 TTL rdatasets to work.
 				 */
-				if (NONEXISTENT(header)) {
+				if (NONEXISTENT(header) ||
+				    (now != 0 &&
+				     (now - RBTDB_VIRTUAL) >
+					     header->rdh_ttl +
+						     STALE_TTL(header, rbtdb)))
+				{
 					header = NULL;
 				}
 				break;
@@ -8887,9 +8902,10 @@ rdatasetiter_next(dns_rdatasetiter_t *iterator) {
 	dns_rbtnode_t *rbtnode = rbtiterator->common.node;
 	rbtdb_version_t *rbtversion = rbtiterator->common.version;
 	rdatasetheader_t *header, *top_next;
+	rbtdb_serial_t serial;
+	isc_stdtime_t now;
 	rbtdb_rdatatype_t type, negtype;
 	dns_rdatatype_t rdtype, covers;
-	rbtdb_serial_t serial = 1;
 	isc_rwlocktype_t nlocktype = isc_rwlocktype_none;
 
 	header = rbtiterator->current;
@@ -8897,8 +8913,12 @@ rdatasetiter_next(dns_rdatasetiter_t *iterator) {
 		return (ISC_R_NOMORE);
 	}
 
-	if (!IS_CACHE(rbtdb)) {
+	if (IS_CACHE(rbtdb)) {
+		serial = 1;
+		now = rbtiterator->common.now;
+	} else {
 		serial = rbtversion->serial;
+		now = 0;
 	}
 
 	NODE_RDLOCK(&rbtdb->node_locks[rbtnode->locknum].lock, &nlocktype);
@@ -8923,8 +8943,17 @@ rdatasetiter_next(dns_rdatasetiter_t *iterator) {
 					/*
 					 * Is this a "this rdataset doesn't
 					 * exist" record?
+					 *
+					 * Note: unlike everywhere else, we
+					 * check for now > header->ttl instead
+					 * of ">=".  This allows ANY and RRSIG
+					 * queries for 0 TTL rdatasets to work.
 					 */
-					if (NONEXISTENT(header)) {
+					if (NONEXISTENT(header) ||
+					    (now != 0 &&
+					     (now - RBTDB_VIRTUAL) >
+						     header->rdh_ttl))
+					{
 						header = NULL;
 					}
 					break;