From: Otto Moerbeek Date: Tue, 15 Sep 2020 10:17:49 +0000 (+0200) Subject: Shared & sharded NegCache X-Git-Tag: rec-4.5.0-alpha0^2~6 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=a0c1d047a71dda616f9e380c22bf81b8b6c1031f;p=thirdparty%2Fpdns.git Shared & sharded NegCache --- diff --git a/pdns/cachecleaner.hh b/pdns/cachecleaner.hh index 5b2ff3d6fc..2bca3b3f78 100644 --- a/pdns/cachecleaner.hh +++ b/pdns/cachecleaner.hh @@ -249,13 +249,13 @@ template uint64_t purgeExactLockedCollection(T& mc, con } template -std::pair -lruReplacingInsert(Index& i,const typename Index::value_type& x) +bool lruReplacingInsert(Index& i, const typename Index::value_type& x) { - std::pair res = i.insert(x); - if (!res.second) { - moveCacheItemToBack(i, res.first); - res.second = i.replace(res.first, x); + auto inserted = i.insert(x); + if (!inserted.second) { + moveCacheItemToBack(i, inserted.first); + i.replace(inserted.first, x); + return false; } - return res; + return true; } diff --git a/pdns/pdns_recursor.cc b/pdns/pdns_recursor.cc index 58450d1a7d..67aeb173b0 100644 --- a/pdns/pdns_recursor.cc +++ b/pdns/pdns_recursor.cc @@ -131,6 +131,7 @@ static thread_local uint64_t t_frameStreamServersGeneration; thread_local std::unique_ptr MT; // the big MTasker std::unique_ptr s_RC; +std::unique_ptr s_negcache; thread_local std::unique_ptr t_packetCache; thread_local FDMultiplexer* t_fdm{nullptr}; @@ -3229,7 +3230,6 @@ static void houseKeeping(void *) past.tv_sec -= 5; if (last_prune < past) { t_packetCache->doPruneTo(g_maxPacketCacheEntries / g_numWorkerThreads); - SyncRes::pruneNegCache(g_maxCacheEntries / (g_numWorkerThreads * 10)); time_t limit; if(!((cleanCounter++)%40)) { // this is a full scan! @@ -3247,6 +3247,7 @@ static void houseKeeping(void *) if(isHandlerThread()) { if (now.tv_sec - last_RC_prune > 5) { s_RC->doPrune(g_maxCacheEntries); + s_negcache->prune(g_maxCacheEntries / 10); last_RC_prune = now.tv_sec; } // XXX !!! global @@ -5285,6 +5286,7 @@ int main(int argc, char **argv) } s_RC = std::unique_ptr(new MemRecursorCache(::arg().asNum("record-cache-shards"))); + s_negcache = std::unique_ptr(new NegCache(::arg().asNum("record-cache-shards"))); Logger::Urgency logUrgency = (Logger::Urgency)::arg().asNum("loglevel"); diff --git a/pdns/rec_channel_rec.cc b/pdns/rec_channel_rec.cc index b84a203f2d..0d09a5f6f3 100644 --- a/pdns/rec_channel_rec.cc +++ b/pdns/rec_channel_rec.cc @@ -199,21 +199,21 @@ string static doGetParameter(T begin, T end) } -static uint64_t dumpNegCache(NegCache& negcache, int fd) +static uint64_t dumpNegCache(int fd) { auto fp = std::unique_ptr(fdopen(dup(fd), "w"), fclose); if(!fp) { // dup probably failed return 0; } uint64_t ret; - fprintf(fp.get(), "; negcache dump from thread follows\n;\n"); - ret = negcache.dumpToFile(fp.get()); + fprintf(fp.get(), "; negcache dump follows\n;\n"); + ret = s_negcache->dumpToFile(fp.get()); return ret; } static uint64_t* pleaseDump(int fd) { - return new uint64_t(dumpNegCache(SyncRes::t_sstorage.negcache, fd) + t_packetCache->doDump(fd)); + return new uint64_t(t_packetCache->doDump(fd)); } static uint64_t* pleaseDumpEDNSMap(int fd) @@ -281,7 +281,7 @@ static string doDumpCache(T begin, T end) return "Error opening dump file for writing: "+stringerror()+"\n"; uint64_t total = 0; try { - total = s_RC->doDump(fd) + broadcastAccFunction([=]{ return pleaseDump(fd); }); + total = s_RC->doDump(fd) + dumpNegCache(fd) + broadcastAccFunction([=]{ return pleaseDump(fd); }); } catch(...){} @@ -407,7 +407,7 @@ uint64_t* pleaseWipePacketCache(const DNSName& canon, bool subtree, uint16_t qty uint64_t* pleaseWipeAndCountNegCache(const DNSName& canon, bool subtree) { - uint64_t ret = SyncRes::wipeNegCache(canon, subtree); + uint64_t ret = s_negcache->wipe(canon, subtree); return new uint64_t(ret); } @@ -907,7 +907,7 @@ static uint64_t getThrottleSize() uint64_t* pleaseGetNegCacheSize() { - uint64_t tmp=(SyncRes::getNegCacheSize()); + uint64_t tmp = s_negcache->size(); return new uint64_t(tmp); } diff --git a/pdns/recursordist/negcache.cc b/pdns/recursordist/negcache.cc index e512579dca..fd9b58e6f2 100644 --- a/pdns/recursordist/negcache.cc +++ b/pdns/recursordist/negcache.cc @@ -26,6 +26,32 @@ #include "cachecleaner.hh" #include "utility.hh" +NegCache::NegCache(size_t mapsCount) : d_maps(mapsCount) +{ +} + +NegCache::~NegCache() +{ + try { + typedef std::unique_ptr lock_t; + vector locks; + for (auto& map : d_maps) { + locks.push_back(lock_t(new lock(map))); + } + } + catch(...) { + } +} + +size_t NegCache::size() +{ + size_t count = 0; + for (auto& map : d_maps) { + count += map.d_entriesCount; + } + return count; +} + /*! * Set ne to the NegCacheEntry for the last label in qname and return true if there * was one. @@ -44,16 +70,20 @@ bool NegCache::getRootNXTrust(const DNSName& qname, const struct timeval& now, N // An 'ENT' QType entry, used as "whole name" in the neg-cache context. static const QType qtnull(0); DNSName lastLabel = qname.getLastLabel(); - negcache_t::const_iterator ni = d_negcache.find(tie(lastLabel, qtnull)); - while (ni != d_negcache.end() && ni->d_name == lastLabel && ni->d_auth.isRoot() && ni->d_qtype == qtnull) { + auto& map = getMap(lastLabel); + const lock l(map); + + negcache_t::const_iterator ni = map.d_map.find(tie(lastLabel, qtnull)); + + while (ni != map.d_map.end() && ni->d_name == lastLabel && ni->d_auth.isRoot() && ni->d_qtype == qtnull) { // We have something - if ((uint32_t)now.tv_sec < ni->d_ttd) { + if (now.tv_sec < ni->d_ttd) { ne = *ni; - moveCacheItemToBack(d_negcache, ni); + moveCacheItemToBack(map.d_map, ni); return true; } - moveCacheItemToFront(d_negcache, ni); + moveCacheItemToFront(map.d_map, ni); ++ni; } return false; @@ -70,7 +100,10 @@ bool NegCache::getRootNXTrust(const DNSName& qname, const struct timeval& now, N */ bool NegCache::get(const DNSName& qname, const QType& qtype, const struct timeval& now, NegCacheEntry& ne, bool typeMustMatch) { - const auto& idx = d_negcache.get<2>(); + auto& map = getMap(qname); + const lock l(map); + + const auto& idx = map.d_map.get<2>(); auto range = idx.equal_range(qname); auto ni = range.first; @@ -78,16 +111,16 @@ bool NegCache::get(const DNSName& qname, const QType& qtype, const struct timeva // We have an entry if ((!typeMustMatch && ni->d_qtype.getCode() == 0) || ni->d_qtype == qtype) { // We match the QType or the whole name is denied - auto firstIndexIterator = d_negcache.project<0>(ni); + auto firstIndexIterator = map.d_map.project<0>(ni); - if ((uint32_t)now.tv_sec < ni->d_ttd) { + if (now.tv_sec < ni->d_ttd) { // Not expired ne = *ni; - moveCacheItemToBack(d_negcache, firstIndexIterator); + moveCacheItemToBack(map.d_map, firstIndexIterator); return true; } // expired - moveCacheItemToFront(d_negcache, firstIndexIterator); + moveCacheItemToFront(map.d_map, firstIndexIterator); } ++ni; } @@ -101,7 +134,12 @@ bool NegCache::get(const DNSName& qname, const QType& qtype, const struct timeva */ void NegCache::add(const NegCacheEntry& ne) { - lruReplacingInsert(d_negcache, ne); + auto& map = getMap(ne.d_name); + const lock l(map); + bool inserted = lruReplacingInsert(map.d_map, ne); + if (inserted) { + map.d_entriesCount++; + } } /*! @@ -111,9 +149,11 @@ void NegCache::add(const NegCacheEntry& ne) * \param qtype The type of the entry to replace * \param newState The new validation state */ -void NegCache::updateValidationStatus(const DNSName& qname, const QType& qtype, const vState newState, boost::optional capTTD) +void NegCache::updateValidationStatus(const DNSName& qname, const QType& qtype, const vState newState, boost::optional capTTD) { - auto range = d_negcache.equal_range(tie(qname, qtype)); + auto& map = getMap(qname); + const lock l(map); + auto range = map.d_map.equal_range(tie(qname, qtype)); if (range.first != range.second) { range.first->d_validationState = newState; @@ -128,9 +168,11 @@ void NegCache::updateValidationStatus(const DNSName& qname, const QType& qtype, * * \param qname The name of the entries to be counted */ -uint64_t NegCache::count(const DNSName& qname) const +size_t NegCache::count(const DNSName& qname) { - return d_negcache.count(tie(qname)); + auto& map = getMap(qname); + const lock l(map); + return map.d_map.count(tie(qname)); } /*! @@ -139,9 +181,11 @@ uint64_t NegCache::count(const DNSName& qname) const * \param qname The name of the entries to be counted * \param qtype The type of the entries to be counted */ -uint64_t NegCache::count(const DNSName& qname, const QType qtype) const +size_t NegCache::count(const DNSName& qname, const QType qtype) { - return d_negcache.count(tie(qname, qtype)); + auto& map = getMap(qname); + const lock l(map); + return map.d_map.count(tie(qname, qtype)); } /*! @@ -151,22 +195,32 @@ uint64_t NegCache::count(const DNSName& qname, const QType qtype) const * \param name The DNSName of the entries to wipe * \param subtree Should all entries under name be removed? */ -uint64_t NegCache::wipe(const DNSName& name, bool subtree) +size_t NegCache::wipe(const DNSName& name, bool subtree) { - uint64_t ret(0); + size_t ret = 0; if (subtree) { - for (auto i = d_negcache.lower_bound(tie(name)); i != d_negcache.end();) { - if (!i->d_name.isPartOf(name)) - break; - i = d_negcache.erase(i); - ret++; + for (auto& m : d_maps) { + const lock l(m); + for (auto i = m.d_map.lower_bound(tie(name)); i != m.d_map.end();) { + if (!i->d_name.isPartOf(name)) + break; + i = m.d_map.erase(i); + ret++; + m.d_entriesCount--; + } } return ret; } - ret = count(name); - auto range = d_negcache.equal_range(tie(name)); - d_negcache.erase(range.first, range.second); + auto& map = getMap(name); + const lock l(map); + auto range = map.d_map.equal_range(tie(name)); + auto i = range.first; + while (i != range.second) { + i = map.d_map.erase(i); + ret++; + map.d_entriesCount--; + } return ret; } @@ -175,7 +229,11 @@ uint64_t NegCache::wipe(const DNSName& name, bool subtree) */ void NegCache::clear() { - d_negcache.clear(); + for (auto& m : d_maps) { + const lock l(m); + m.d_map.clear(); + m.d_entriesCount = 0; + } } /*! @@ -185,7 +243,8 @@ void NegCache::clear() */ void NegCache::prune(size_t maxEntries) { - pruneCollection(*this, d_negcache, maxEntries, 200); + size_t cacheSize = size(); + pruneMutexCollectionsVector(*this, d_maps, maxEntries, cacheSize); } /*! @@ -193,27 +252,30 @@ void NegCache::prune(size_t maxEntries) * * \param fp A pointer to an open FILE object */ -uint64_t NegCache::dumpToFile(FILE* fp) +size_t NegCache::dumpToFile(FILE* fp) { - uint64_t ret(0); + size_t ret(0); struct timeval now; Utility::gettimeofday(&now, nullptr); - negcache_sequence_t& sidx = d_negcache.get(); - for (const NegCacheEntry& ne : sidx) { - ret++; - fprintf(fp, "%s %" PRId64 " IN %s VIA %s ; (%s)\n", ne.d_name.toString().c_str(), static_cast(ne.d_ttd - now.tv_sec), ne.d_qtype.getName().c_str(), ne.d_auth.toString().c_str(), vStateToString(ne.d_validationState).c_str()); - for (const auto& rec : ne.authoritySOA.records) { - fprintf(fp, "%s %" PRId64 " IN %s %s ; (%s)\n", rec.d_name.toString().c_str(), static_cast(ne.d_ttd - now.tv_sec), DNSRecordContent::NumberToType(rec.d_type).c_str(), rec.d_content->getZoneRepresentation().c_str(), vStateToString(ne.d_validationState).c_str()); - } - for (const auto& sig : ne.authoritySOA.signatures) { - fprintf(fp, "%s %" PRId64 " IN RRSIG %s ;\n", sig.d_name.toString().c_str(), static_cast(ne.d_ttd - now.tv_sec), sig.d_content->getZoneRepresentation().c_str()); - } - for (const auto& rec : ne.DNSSECRecords.records) { - fprintf(fp, "%s %" PRId64 " IN %s %s ; (%s)\n", rec.d_name.toString().c_str(), static_cast(ne.d_ttd - now.tv_sec), DNSRecordContent::NumberToType(rec.d_type).c_str(), rec.d_content->getZoneRepresentation().c_str(), vStateToString(ne.d_validationState).c_str()); - } - for (const auto& sig : ne.DNSSECRecords.signatures) { - fprintf(fp, "%s %" PRId64 " IN RRSIG %s ;\n", sig.d_name.toString().c_str(), static_cast(ne.d_ttd - now.tv_sec), sig.d_content->getZoneRepresentation().c_str()); + for (auto& m : d_maps) { + const lock l(m); + auto& sidx = m.d_map.get(); + for (const NegCacheEntry& ne : sidx) { + ret++; + fprintf(fp, "%s %" PRId64 " IN %s VIA %s ; (%s)\n", ne.d_name.toString().c_str(), static_cast(ne.d_ttd - now.tv_sec), ne.d_qtype.getName().c_str(), ne.d_auth.toString().c_str(), vStateToString(ne.d_validationState).c_str()); + for (const auto& rec : ne.authoritySOA.records) { + fprintf(fp, "%s %" PRId64 " IN %s %s ; (%s)\n", rec.d_name.toString().c_str(), static_cast(ne.d_ttd - now.tv_sec), DNSRecordContent::NumberToType(rec.d_type).c_str(), rec.d_content->getZoneRepresentation().c_str(), vStateToString(ne.d_validationState).c_str()); + } + for (const auto& sig : ne.authoritySOA.signatures) { + fprintf(fp, "%s %" PRId64 " IN RRSIG %s ;\n", sig.d_name.toString().c_str(), static_cast(ne.d_ttd - now.tv_sec), sig.d_content->getZoneRepresentation().c_str()); + } + for (const auto& rec : ne.DNSSECRecords.records) { + fprintf(fp, "%s %" PRId64 " IN %s %s ; (%s)\n", rec.d_name.toString().c_str(), static_cast(ne.d_ttd - now.tv_sec), DNSRecordContent::NumberToType(rec.d_type).c_str(), rec.d_content->getZoneRepresentation().c_str(), vStateToString(ne.d_validationState).c_str()); + } + for (const auto& sig : ne.DNSSECRecords.signatures) { + fprintf(fp, "%s %" PRId64 " IN RRSIG %s ;\n", sig.d_name.toString().c_str(), static_cast(ne.d_ttd - now.tv_sec), sig.d_content->getZoneRepresentation().c_str()); + } } } return ret; diff --git a/pdns/recursordist/negcache.hh b/pdns/recursordist/negcache.hh index adb0202008..91b37178ba 100644 --- a/pdns/recursordist/negcache.hh +++ b/pdns/recursordist/negcache.hh @@ -47,36 +47,36 @@ typedef struct class NegCache : public boost::noncopyable { public: + + NegCache(size_t mapsCount = 1024); + ~NegCache(); + struct NegCacheEntry { - DNSName d_name; // The denied name - QType d_qtype; // The denied type - DNSName d_auth; // The denying name (aka auth) - mutable uint32_t d_ttd; // Timestamp when this entry should die recordsAndSignatures authoritySOA; // The upstream SOA record and RRSIGs recordsAndSignatures DNSSECRecords; // The upstream NSEC(3) and RRSIGs + DNSName d_name; // The denied name + DNSName d_auth; // The denying name (aka auth) + mutable time_t d_ttd; // Timestamp when this entry should die mutable vState d_validationState{vState::Indeterminate}; - uint32_t getTTD() const + QType d_qtype; // The denied type + time_t getTTD() const { return d_ttd; }; }; void add(const NegCacheEntry& ne); - void updateValidationStatus(const DNSName& qname, const QType& qtype, const vState newState, boost::optional capTTD); + void updateValidationStatus(const DNSName& qname, const QType& qtype, const vState newState, boost::optional capTTD); bool get(const DNSName& qname, const QType& qtype, const struct timeval& now, NegCacheEntry& ne, bool typeMustMatch = false); bool getRootNXTrust(const DNSName& qname, const struct timeval& now, NegCacheEntry& ne); - uint64_t count(const DNSName& qname) const; - uint64_t count(const DNSName& qname, const QType qtype) const; + size_t count(const DNSName& qname); + size_t count(const DNSName& qname, const QType qtype); void prune(size_t maxEntries); void clear(); - uint64_t dumpToFile(FILE* fd); - uint64_t wipe(const DNSName& name, bool subtree = false); - - uint64_t size() - { - return d_negcache.size(); - }; + size_t dumpToFile(FILE* fd); + size_t wipe(const DNSName& name, bool subtree = false); + size_t size(); void preRemoval(const NegCacheEntry& entry) { @@ -104,9 +104,40 @@ private: member>>> negcache_t; - // Required for the cachecleaner - typedef negcache_t::nth_index<1>::type negcache_sequence_t; + struct MapCombo + { + MapCombo() {} + MapCombo(const MapCombo &) = delete; + MapCombo & operator=(const MapCombo &) = delete; + negcache_t d_map; + std::mutex mutex; + std::atomic d_entriesCount{0}; + uint64_t d_contended_count{0}; + uint64_t d_acquired_count{0}; + bool d_cachecachevalid{false}; // XXX + }; + + vector d_maps; + + MapCombo& getMap(const DNSName &qname) + { + return d_maps[qname.hash() % d_maps.size()]; + } +public: + struct lock { + lock(MapCombo& map) : m(map.mutex) + { + if (!m.try_lock()) { + m.lock(); + map.d_contended_count++; + } + map.d_acquired_count++; + } + ~lock() { + m.unlock(); + } + private: + std::mutex &m; + }; - // Stores the negative cache entries - negcache_t d_negcache; }; diff --git a/pdns/recursordist/test-negcache_cc.cc b/pdns/recursordist/test-negcache_cc.cc index babb3bbd19..507ddfeb3b 100644 --- a/pdns/recursordist/test-negcache_cc.cc +++ b/pdns/recursordist/test-negcache_cc.cc @@ -414,7 +414,7 @@ BOOST_AUTO_TEST_CASE(test_clear) BOOST_AUTO_TEST_CASE(test_dumpToFile) { - NegCache cache; + NegCache cache(1); vector expected; expected.push_back("www1.powerdns.com. 600 IN TYPE0 VIA powerdns.com. ; (Indeterminate)\n"); expected.push_back("powerdns.com. 600 IN SOA ns1. hostmaster. 1 2 3 4 5 ; (Indeterminate)\n"); diff --git a/pdns/recursordist/test-syncres_cc.cc b/pdns/recursordist/test-syncres_cc.cc index 3a6ab013d4..ce5f875dd0 100644 --- a/pdns/recursordist/test-syncres_cc.cc +++ b/pdns/recursordist/test-syncres_cc.cc @@ -11,6 +11,7 @@ GlobalStateHolder g_luaconfs; GlobalStateHolder g_dontThrottleNames; GlobalStateHolder g_dontThrottleNetmasks; std::unique_ptr s_RC{nullptr}; +std::unique_ptr s_negcache{nullptr}; unsigned int g_numThreads = 1; bool g_lowercaseOutgoing = false; @@ -54,6 +55,8 @@ bool primeHints(void) vector nsset; if (!s_RC) s_RC = std::unique_ptr(new MemRecursorCache()); + if (!s_negcache) + s_negcache = std::unique_ptr(new NegCache()); DNSRecord arr, aaaarr, nsrr; nsrr.d_name = g_rootdnsname; @@ -112,6 +115,7 @@ void initSR(bool debug) } s_RC = std::unique_ptr(new MemRecursorCache()); + s_negcache = std::unique_ptr(new NegCache()); SyncRes::s_maxqperq = 50; SyncRes::s_maxnsaddressqperq = 10; @@ -198,7 +202,7 @@ void initSR(std::unique_ptr& sr, bool dnssec, bool debug, time_t fakeNo sr->setLogMode(debug == false ? SyncRes::LogNone : SyncRes::Log); SyncRes::setDomainMap(std::make_shared()); - SyncRes::clearNegCache(); + s_negcache->clear(); } void setDNSSECValidation(std::unique_ptr& sr, const DNSSECMode& mode) diff --git a/pdns/recursordist/test-syncres_cc2.cc b/pdns/recursordist/test-syncres_cc2.cc index 28f43c21b2..ae76f0e9fb 100644 --- a/pdns/recursordist/test-syncres_cc2.cc +++ b/pdns/recursordist/test-syncres_cc2.cc @@ -315,7 +315,7 @@ BOOST_AUTO_TEST_CASE(test_root_nx_trust) BOOST_CHECK_EQUAL(res, RCode::NXDomain); BOOST_CHECK_EQUAL(ret.size(), 1U); /* one for target1 and one for the entire TLD */ - BOOST_CHECK_EQUAL(SyncRes::getNegCacheSize(), 2U); + BOOST_CHECK_EQUAL(s_negcache->size(), 2U); ret.clear(); res = sr->beginResolve(target2, QType(QType::A), QClass::IN, ret); @@ -323,7 +323,7 @@ BOOST_AUTO_TEST_CASE(test_root_nx_trust) BOOST_REQUIRE_EQUAL(ret.size(), 1U); BOOST_CHECK_LE(ret[0].d_ttl, SyncRes::s_maxnegttl); /* one for target1 and one for the entire TLD */ - BOOST_CHECK_EQUAL(SyncRes::getNegCacheSize(), 2U); + BOOST_CHECK_EQUAL(s_negcache->size(), 2U); /* we should have sent only one query */ BOOST_CHECK_EQUAL(queriesCount, 1U); @@ -380,7 +380,7 @@ BOOST_AUTO_TEST_CASE(test_root_nx_trust_specific) /* even with root-nx-trust on and a NX answer from the root, we should not have cached the entire TLD this time. */ - BOOST_CHECK_EQUAL(SyncRes::t_sstorage.negcache.size(), 1U); + BOOST_CHECK_EQUAL(s_negcache->size(), 1U); ret.clear(); res = sr->beginResolve(target2, QType(QType::A), QClass::IN, ret); @@ -390,7 +390,7 @@ BOOST_AUTO_TEST_CASE(test_root_nx_trust_specific) BOOST_REQUIRE(ret[0].d_type == QType::A); BOOST_CHECK(getRR(ret[0])->getCA() == ComboAddress("192.0.2.2")); - BOOST_CHECK_EQUAL(SyncRes::t_sstorage.negcache.size(), 1U); + BOOST_CHECK_EQUAL(s_negcache->size(), 1U); BOOST_CHECK_EQUAL(queriesCount, 3U); } @@ -442,14 +442,14 @@ BOOST_AUTO_TEST_CASE(test_root_nx_dont_trust) BOOST_CHECK_EQUAL(res, RCode::NXDomain); BOOST_CHECK_EQUAL(ret.size(), 1U); /* one for target1 */ - BOOST_CHECK_EQUAL(SyncRes::getNegCacheSize(), 1U); + BOOST_CHECK_EQUAL(s_negcache->size(), 1U); ret.clear(); res = sr->beginResolve(target2, QType(QType::A), QClass::IN, ret); BOOST_CHECK_EQUAL(res, RCode::NoError); BOOST_CHECK_EQUAL(ret.size(), 1U); /* one for target1 */ - BOOST_CHECK_EQUAL(SyncRes::getNegCacheSize(), 1U); + BOOST_CHECK_EQUAL(s_negcache->size(), 1U); /* we should have sent three queries */ BOOST_CHECK_EQUAL(queriesCount, 3U); @@ -492,28 +492,28 @@ BOOST_AUTO_TEST_CASE(test_rfc8020_nothing_underneath) BOOST_CHECK_EQUAL(res, RCode::NXDomain); BOOST_CHECK_EQUAL(ret.size(), 1U); BOOST_CHECK_EQUAL(queriesCount, 2U); - BOOST_CHECK_EQUAL(SyncRes::getNegCacheSize(), 1U); + BOOST_CHECK_EQUAL(s_negcache->size(), 1U); ret.clear(); res = sr->beginResolve(target2, QType(QType::A), QClass::IN, ret); BOOST_CHECK_EQUAL(res, RCode::NXDomain); BOOST_CHECK_EQUAL(ret.size(), 1U); BOOST_CHECK_EQUAL(queriesCount, 2U); - BOOST_CHECK_EQUAL(SyncRes::getNegCacheSize(), 1U); + BOOST_CHECK_EQUAL(s_negcache->size(), 1U); ret.clear(); res = sr->beginResolve(target3, QType(QType::A), QClass::IN, ret); BOOST_CHECK_EQUAL(res, RCode::NXDomain); BOOST_CHECK_EQUAL(ret.size(), 1U); BOOST_CHECK_EQUAL(queriesCount, 2U); - BOOST_CHECK_EQUAL(SyncRes::getNegCacheSize(), 1U); + BOOST_CHECK_EQUAL(s_negcache->size(), 1U); ret.clear(); res = sr->beginResolve(target4, QType(QType::A), QClass::IN, ret); BOOST_CHECK_EQUAL(res, RCode::NXDomain); BOOST_CHECK_EQUAL(ret.size(), 1U); BOOST_CHECK_EQUAL(queriesCount, 2U); - BOOST_CHECK_EQUAL(SyncRes::getNegCacheSize(), 1U); + BOOST_CHECK_EQUAL(s_negcache->size(), 1U); // Now test without RFC 8020 to see the cache and query count grow SyncRes::s_hardenNXD = SyncRes::HardenNXD::No; @@ -524,7 +524,7 @@ BOOST_AUTO_TEST_CASE(test_rfc8020_nothing_underneath) BOOST_CHECK_EQUAL(res, RCode::NXDomain); BOOST_CHECK_EQUAL(ret.size(), 1U); BOOST_CHECK_EQUAL(queriesCount, 2U); - BOOST_CHECK_EQUAL(SyncRes::getNegCacheSize(), 1U); + BOOST_CHECK_EQUAL(s_negcache->size(), 1U); // New query ret.clear(); @@ -532,21 +532,21 @@ BOOST_AUTO_TEST_CASE(test_rfc8020_nothing_underneath) BOOST_CHECK_EQUAL(res, RCode::NXDomain); BOOST_CHECK_EQUAL(ret.size(), 1U); BOOST_CHECK_EQUAL(queriesCount, 3U); - BOOST_CHECK_EQUAL(SyncRes::getNegCacheSize(), 2U); + BOOST_CHECK_EQUAL(s_negcache->size(), 2U); ret.clear(); res = sr->beginResolve(target3, QType(QType::A), QClass::IN, ret); BOOST_CHECK_EQUAL(res, RCode::NXDomain); BOOST_CHECK_EQUAL(ret.size(), 1U); BOOST_CHECK_EQUAL(queriesCount, 4U); - BOOST_CHECK_EQUAL(SyncRes::getNegCacheSize(), 3U); + BOOST_CHECK_EQUAL(s_negcache->size(), 3U); ret.clear(); res = sr->beginResolve(target4, QType(QType::A), QClass::IN, ret); BOOST_CHECK_EQUAL(res, RCode::NXDomain); BOOST_CHECK_EQUAL(ret.size(), 1U); BOOST_CHECK_EQUAL(queriesCount, 5U); - BOOST_CHECK_EQUAL(SyncRes::getNegCacheSize(), 4U); + BOOST_CHECK_EQUAL(s_negcache->size(), 4U); // reset SyncRes::s_hardenNXD = SyncRes::HardenNXD::DNSSEC; @@ -658,7 +658,7 @@ BOOST_AUTO_TEST_CASE(test_rfc8020_nothing_underneath_dnssec) BOOST_CHECK_EQUAL(sr->getValidationState(), vState::Secure); BOOST_CHECK_EQUAL(ret.size(), 6U); BOOST_CHECK_EQUAL(queriesCount, 9U); - BOOST_CHECK_EQUAL(SyncRes::getNegCacheSize(), 1U); + BOOST_CHECK_EQUAL(s_negcache->size(), 1U); ret.clear(); res = sr->beginResolve(target2, QType(QType::A), QClass::IN, ret); @@ -666,7 +666,7 @@ BOOST_AUTO_TEST_CASE(test_rfc8020_nothing_underneath_dnssec) BOOST_CHECK_EQUAL(sr->getValidationState(), vState::Secure); BOOST_CHECK_EQUAL(ret.size(), 6U); BOOST_CHECK_EQUAL(queriesCount, 9U); - BOOST_CHECK_EQUAL(SyncRes::getNegCacheSize(), 1U); + BOOST_CHECK_EQUAL(s_negcache->size(), 1U); ret.clear(); res = sr->beginResolve(target3, QType(QType::A), QClass::IN, ret); @@ -674,7 +674,7 @@ BOOST_AUTO_TEST_CASE(test_rfc8020_nothing_underneath_dnssec) BOOST_CHECK_EQUAL(sr->getValidationState(), vState::Secure); BOOST_CHECK_EQUAL(ret.size(), 6U); BOOST_CHECK_EQUAL(queriesCount, 9U); - BOOST_CHECK_EQUAL(SyncRes::getNegCacheSize(), 1U); + BOOST_CHECK_EQUAL(s_negcache->size(), 1U); ret.clear(); res = sr->beginResolve(target4, QType(QType::A), QClass::IN, ret); @@ -682,7 +682,7 @@ BOOST_AUTO_TEST_CASE(test_rfc8020_nothing_underneath_dnssec) BOOST_CHECK_EQUAL(sr->getValidationState(), vState::Secure); BOOST_CHECK_EQUAL(ret.size(), 6U); BOOST_CHECK_EQUAL(queriesCount, 9U); - BOOST_CHECK_EQUAL(SyncRes::getNegCacheSize(), 1U); + BOOST_CHECK_EQUAL(s_negcache->size(), 1U); // Now test without RFC 8020 to see the cache and query count grow SyncRes::s_hardenNXD = SyncRes::HardenNXD::No; @@ -694,7 +694,7 @@ BOOST_AUTO_TEST_CASE(test_rfc8020_nothing_underneath_dnssec) BOOST_CHECK_EQUAL(sr->getValidationState(), vState::Secure); BOOST_CHECK_EQUAL(ret.size(), 6U); BOOST_CHECK_EQUAL(queriesCount, 9U); - BOOST_CHECK_EQUAL(SyncRes::getNegCacheSize(), 1U); + BOOST_CHECK_EQUAL(s_negcache->size(), 1U); // New query ret.clear(); @@ -703,7 +703,7 @@ BOOST_AUTO_TEST_CASE(test_rfc8020_nothing_underneath_dnssec) BOOST_CHECK_EQUAL(sr->getValidationState(), vState::Secure); BOOST_CHECK_EQUAL(ret.size(), 6U); BOOST_CHECK_EQUAL(queriesCount, 11U); - BOOST_CHECK_EQUAL(SyncRes::getNegCacheSize(), 2U); + BOOST_CHECK_EQUAL(s_negcache->size(), 2U); ret.clear(); res = sr->beginResolve(target3, QType(QType::A), QClass::IN, ret); @@ -711,7 +711,7 @@ BOOST_AUTO_TEST_CASE(test_rfc8020_nothing_underneath_dnssec) BOOST_CHECK_EQUAL(sr->getValidationState(), vState::Secure); BOOST_CHECK_EQUAL(ret.size(), 6U); BOOST_CHECK_EQUAL(queriesCount, 13U); - BOOST_CHECK_EQUAL(SyncRes::getNegCacheSize(), 3U); + BOOST_CHECK_EQUAL(s_negcache->size(), 3U); ret.clear(); res = sr->beginResolve(target4, QType(QType::A), QClass::IN, ret); @@ -719,7 +719,7 @@ BOOST_AUTO_TEST_CASE(test_rfc8020_nothing_underneath_dnssec) BOOST_CHECK_EQUAL(sr->getValidationState(), vState::Secure); BOOST_CHECK_EQUAL(ret.size(), 6U); BOOST_CHECK_EQUAL(queriesCount, 15U); - BOOST_CHECK_EQUAL(SyncRes::getNegCacheSize(), 4U); + BOOST_CHECK_EQUAL(s_negcache->size(), 4U); // reset SyncRes::s_hardenNXD = SyncRes::HardenNXD::DNSSEC; @@ -775,28 +775,28 @@ BOOST_AUTO_TEST_CASE(test_rfc8020_nodata) BOOST_CHECK_EQUAL(res, RCode::NoError); BOOST_CHECK_EQUAL(ret.size(), 1U); BOOST_CHECK_EQUAL(queriesCount, 2U); - BOOST_CHECK_EQUAL(SyncRes::getNegCacheSize(), 1U); + BOOST_CHECK_EQUAL(s_negcache->size(), 1U); ret.clear(); res = sr->beginResolve(target1, QType(QType::A), QClass::IN, ret); BOOST_CHECK_EQUAL(res, RCode::NoError); BOOST_CHECK_EQUAL(ret.size(), 1U); BOOST_CHECK_EQUAL(queriesCount, 3U); - BOOST_CHECK_EQUAL(SyncRes::getNegCacheSize(), 1U); + BOOST_CHECK_EQUAL(s_negcache->size(), 1U); ret.clear(); res = sr->beginResolve(target2, QType(QType::A), QClass::IN, ret); BOOST_CHECK_EQUAL(res, RCode::NXDomain); BOOST_CHECK_EQUAL(ret.size(), 1U); BOOST_CHECK_EQUAL(queriesCount, 4U); - BOOST_CHECK_EQUAL(SyncRes::getNegCacheSize(), 2U); + BOOST_CHECK_EQUAL(s_negcache->size(), 2U); ret.clear(); res = sr->beginResolve(target3, QType(QType::A), QClass::IN, ret); BOOST_CHECK_EQUAL(res, RCode::NXDomain); BOOST_CHECK_EQUAL(ret.size(), 1U); BOOST_CHECK_EQUAL(queriesCount, 4U); - BOOST_CHECK_EQUAL(SyncRes::getNegCacheSize(), 2U); + BOOST_CHECK_EQUAL(s_negcache->size(), 2U); } BOOST_AUTO_TEST_CASE(test_rfc8020_nodata_bis) @@ -849,28 +849,28 @@ BOOST_AUTO_TEST_CASE(test_rfc8020_nodata_bis) BOOST_CHECK_EQUAL(res, RCode::NoError); BOOST_CHECK_EQUAL(ret.size(), 1U); BOOST_CHECK_EQUAL(queriesCount, 2U); - BOOST_CHECK_EQUAL(SyncRes::getNegCacheSize(), 1U); + BOOST_CHECK_EQUAL(s_negcache->size(), 1U); ret.clear(); res = sr->beginResolve(target1, QType(QType::A), QClass::IN, ret); BOOST_CHECK_EQUAL(res, RCode::NoError); BOOST_CHECK_EQUAL(ret.size(), 1U); BOOST_CHECK_EQUAL(queriesCount, 3U); - BOOST_CHECK_EQUAL(SyncRes::getNegCacheSize(), 1U); + BOOST_CHECK_EQUAL(s_negcache->size(), 1U); ret.clear(); res = sr->beginResolve(target2, QType(QType::TXT), QClass::IN, ret); BOOST_CHECK_EQUAL(res, RCode::NXDomain); BOOST_CHECK_EQUAL(ret.size(), 1U); BOOST_CHECK_EQUAL(queriesCount, 4U); - BOOST_CHECK_EQUAL(SyncRes::getNegCacheSize(), 2U); + BOOST_CHECK_EQUAL(s_negcache->size(), 2U); ret.clear(); res = sr->beginResolve(target3, QType(QType::TXT), QClass::IN, ret); BOOST_CHECK_EQUAL(res, RCode::NXDomain); BOOST_CHECK_EQUAL(ret.size(), 1U); BOOST_CHECK_EQUAL(queriesCount, 4U); - BOOST_CHECK_EQUAL(SyncRes::getNegCacheSize(), 2U); + BOOST_CHECK_EQUAL(s_negcache->size(), 2U); } BOOST_AUTO_TEST_CASE(test_skip_negcache_for_variable_response) @@ -927,7 +927,7 @@ BOOST_AUTO_TEST_CASE(test_skip_negcache_for_variable_response) BOOST_CHECK_EQUAL(res, RCode::NXDomain); BOOST_CHECK_EQUAL(ret.size(), 2U); /* no negative cache entry because the response was variable */ - BOOST_CHECK_EQUAL(SyncRes::getNegCacheSize(), 0U); + BOOST_CHECK_EQUAL(s_negcache->size(), 0U); } BOOST_AUTO_TEST_CASE(test_ecs_cache_limit_allowed) diff --git a/pdns/recursordist/test-syncres_cc4.cc b/pdns/recursordist/test-syncres_cc4.cc index 5971b9163b..d81acb73f1 100644 --- a/pdns/recursordist/test-syncres_cc4.cc +++ b/pdns/recursordist/test-syncres_cc4.cc @@ -928,7 +928,7 @@ BOOST_AUTO_TEST_CASE(test_dnssec_bogus_dnskey_doesnt_match_ds) /* === first without validation, then with (just-in-time validation) === */ /* clear the caches */ s_RC = std::unique_ptr(new MemRecursorCache()); - SyncRes::clearNegCache(); + s_negcache = std::unique_ptr(new NegCache()); sr->setDNSSECValidationRequested(false); primeHints(); diff --git a/pdns/recursordist/test-syncres_cc8.cc b/pdns/recursordist/test-syncres_cc8.cc index ccddd4cf01..3a91b924c2 100644 --- a/pdns/recursordist/test-syncres_cc8.cc +++ b/pdns/recursordist/test-syncres_cc8.cc @@ -682,8 +682,8 @@ BOOST_AUTO_TEST_CASE(test_dnssec_rrsig_negcache_validity) /* check that the entry has not been negatively cached for longer than the RRSIG validity */ NegCache::NegCacheEntry ne; - BOOST_CHECK_EQUAL(SyncRes::t_sstorage.negcache.size(), 1U); - BOOST_REQUIRE_EQUAL(SyncRes::t_sstorage.negcache.get(target, QType(QType::A), sr->getNow(), ne), true); + BOOST_CHECK_EQUAL(s_negcache->size(), 1U); + BOOST_REQUIRE_EQUAL(s_negcache->get(target, QType(QType::A), sr->getNow(), ne), true); BOOST_CHECK_EQUAL(ne.d_ttd, fixedNow + 1); BOOST_CHECK_EQUAL(ne.d_validationState, vState::Secure); BOOST_CHECK_EQUAL(ne.authoritySOA.records.size(), 1U); @@ -753,8 +753,8 @@ BOOST_AUTO_TEST_CASE(test_dnssec_rrsig_negcache_bogus_validity) /* check that the entry has been negatively cached but not longer than s_maxbogusttl */ NegCache::NegCacheEntry ne; - BOOST_CHECK_EQUAL(SyncRes::t_sstorage.negcache.size(), 1U); - BOOST_REQUIRE_EQUAL(SyncRes::t_sstorage.negcache.get(target, QType(QType::A), sr->getNow(), ne), true); + BOOST_CHECK_EQUAL(s_negcache->size(), 1U); + BOOST_REQUIRE_EQUAL(s_negcache->get(target, QType(QType::A), sr->getNow(), ne), true); BOOST_CHECK_EQUAL(ne.d_ttd, fixedNow + SyncRes::s_maxbogusttl); BOOST_CHECK_EQUAL(ne.d_validationState, vState::Bogus); BOOST_CHECK_EQUAL(ne.authoritySOA.records.size(), 1U); diff --git a/pdns/recursordist/test-syncres_cc9.cc b/pdns/recursordist/test-syncres_cc9.cc index 6339951e27..de8a6a4028 100644 --- a/pdns/recursordist/test-syncres_cc9.cc +++ b/pdns/recursordist/test-syncres_cc9.cc @@ -388,8 +388,8 @@ BOOST_AUTO_TEST_CASE(test_dnssec_validation_from_negcache_secure) BOOST_CHECK_EQUAL(queriesCount, 1U); /* check that the entry has been negatively cached */ NegCache::NegCacheEntry ne; - BOOST_CHECK_EQUAL(SyncRes::t_sstorage.negcache.size(), 1U); - BOOST_REQUIRE_EQUAL(SyncRes::t_sstorage.negcache.get(target, QType(QType::A), sr->getNow(), ne), true); + BOOST_CHECK_EQUAL(s_negcache->size(), 1U); + BOOST_REQUIRE_EQUAL(s_negcache->get(target, QType(QType::A), sr->getNow(), ne), true); BOOST_CHECK_EQUAL(ne.d_validationState, vState::Indeterminate); BOOST_CHECK_EQUAL(ne.authoritySOA.records.size(), 1U); BOOST_CHECK_EQUAL(ne.authoritySOA.signatures.size(), 1U); @@ -404,8 +404,8 @@ BOOST_AUTO_TEST_CASE(test_dnssec_validation_from_negcache_secure) BOOST_CHECK_EQUAL(sr->getValidationState(), vState::Secure); BOOST_REQUIRE_EQUAL(ret.size(), 4U); BOOST_CHECK_EQUAL(queriesCount, 4U); - BOOST_CHECK_EQUAL(SyncRes::t_sstorage.negcache.size(), 1U); - BOOST_REQUIRE_EQUAL(SyncRes::t_sstorage.negcache.get(target, QType(QType::A), sr->getNow(), ne), true); + BOOST_CHECK_EQUAL(s_negcache->size(), 1U); + BOOST_REQUIRE_EQUAL(s_negcache->get(target, QType(QType::A), sr->getNow(), ne), true); BOOST_CHECK_EQUAL(ne.d_validationState, vState::Secure); BOOST_CHECK_EQUAL(ne.authoritySOA.records.size(), 1U); BOOST_CHECK_EQUAL(ne.authoritySOA.signatures.size(), 1U); @@ -526,8 +526,8 @@ BOOST_AUTO_TEST_CASE(test_dnssec_validation_from_negcache_insecure) BOOST_CHECK_EQUAL(queriesCount, 1U); /* check that the entry has not been negatively cached */ NegCache::NegCacheEntry ne; - BOOST_CHECK_EQUAL(SyncRes::t_sstorage.negcache.size(), 1U); - BOOST_REQUIRE_EQUAL(SyncRes::t_sstorage.negcache.get(target, QType(QType::A), sr->getNow(), ne), true); + BOOST_CHECK_EQUAL(s_negcache->size(), 1U); + BOOST_REQUIRE_EQUAL(s_negcache->get(target, QType(QType::A), sr->getNow(), ne), true); BOOST_CHECK_EQUAL(ne.d_validationState, vState::Indeterminate); BOOST_CHECK_EQUAL(ne.authoritySOA.records.size(), 1U); BOOST_CHECK_EQUAL(ne.authoritySOA.signatures.size(), 0U); @@ -542,7 +542,7 @@ BOOST_AUTO_TEST_CASE(test_dnssec_validation_from_negcache_insecure) BOOST_CHECK_EQUAL(sr->getValidationState(), vState::Insecure); BOOST_REQUIRE_EQUAL(ret.size(), 1U); BOOST_CHECK_EQUAL(queriesCount, 1U); - BOOST_REQUIRE_EQUAL(SyncRes::t_sstorage.negcache.get(target, QType(QType::A), sr->getNow(), ne), true); + BOOST_REQUIRE_EQUAL(s_negcache->get(target, QType(QType::A), sr->getNow(), ne), true); BOOST_CHECK_EQUAL(ne.d_validationState, vState::Insecure); BOOST_CHECK_EQUAL(ne.authoritySOA.records.size(), 1U); BOOST_CHECK_EQUAL(ne.authoritySOA.signatures.size(), 0U); @@ -613,8 +613,8 @@ BOOST_AUTO_TEST_CASE(test_dnssec_validation_from_negcache_bogus) } BOOST_CHECK_EQUAL(queriesCount, 1U); NegCache::NegCacheEntry ne; - BOOST_CHECK_EQUAL(SyncRes::t_sstorage.negcache.size(), 1U); - BOOST_REQUIRE_EQUAL(SyncRes::t_sstorage.negcache.get(target, QType(QType::A), sr->getNow(), ne), true); + BOOST_CHECK_EQUAL(s_negcache->size(), 1U); + BOOST_REQUIRE_EQUAL(s_negcache->get(target, QType(QType::A), sr->getNow(), ne), true); BOOST_CHECK_EQUAL(ne.d_validationState, vState::Indeterminate); BOOST_CHECK_EQUAL(ne.authoritySOA.records.size(), 1U); BOOST_CHECK_EQUAL(ne.authoritySOA.signatures.size(), 1U); @@ -633,7 +633,7 @@ BOOST_AUTO_TEST_CASE(test_dnssec_validation_from_negcache_bogus) BOOST_CHECK_EQUAL(record.d_ttl, SyncRes::s_maxbogusttl); } BOOST_CHECK_EQUAL(queriesCount, 4U); - BOOST_REQUIRE_EQUAL(SyncRes::t_sstorage.negcache.get(target, QType(QType::A), sr->getNow(), ne), true); + BOOST_REQUIRE_EQUAL(s_negcache->get(target, QType(QType::A), sr->getNow(), ne), true); BOOST_CHECK_EQUAL(ne.d_validationState, vState::Bogus); BOOST_CHECK_EQUAL(ne.authoritySOA.records.size(), 1U); BOOST_CHECK_EQUAL(ne.authoritySOA.signatures.size(), 1U); @@ -653,7 +653,7 @@ BOOST_AUTO_TEST_CASE(test_dnssec_validation_from_negcache_bogus) BOOST_CHECK_EQUAL(record.d_ttl, SyncRes::s_maxbogusttl); } BOOST_CHECK_EQUAL(queriesCount, 4U); - BOOST_REQUIRE_EQUAL(SyncRes::t_sstorage.negcache.get(target, QType(QType::A), sr->getNow(), ne), true); + BOOST_REQUIRE_EQUAL(s_negcache->get(target, QType(QType::A), sr->getNow(), ne), true); BOOST_CHECK_EQUAL(ne.d_validationState, vState::Bogus); BOOST_CHECK_EQUAL(ne.authoritySOA.records.size(), 1U); BOOST_CHECK_EQUAL(ne.authoritySOA.signatures.size(), 1U); diff --git a/pdns/syncres.cc b/pdns/syncres.cc index 07cd25c03d..b6b8ccf4a8 100644 --- a/pdns/syncres.cc +++ b/pdns/syncres.cc @@ -1608,11 +1608,11 @@ void SyncRes::computeNegCacheValidationStatus(const NegCache::NegCacheEntry& ne, } if (state != vState::Indeterminate) { /* validation succeeded, let's update the cache entry so we don't have to validate again */ - boost::optional capTTD = boost::none; + boost::optional capTTD = boost::none; if (state == vState::Bogus) { capTTD = d_now.tv_sec + s_maxbogusttl; } - t_sstorage.negcache.updateValidationStatus(ne.d_name, ne.d_qtype, state, capTTD); + s_negcache->updateValidationStatus(ne.d_name, ne.d_qtype, state, capTTD); } } @@ -1635,7 +1635,7 @@ bool SyncRes::doCacheCheck(const DNSName &qname, const DNSName& authname, bool w NegCache::NegCacheEntry ne; if(s_rootNXTrust && - t_sstorage.negcache.getRootNXTrust(qname, d_now, ne) && + s_negcache->getRootNXTrust(qname, d_now, ne) && ne.d_auth.isRoot() && !(wasForwardedOrAuthZone && !authname.isRoot())) { // when forwarding, the root may only neg-cache if it was forwarded to. sttl = ne.d_ttd - d_now.tv_sec; @@ -1643,11 +1643,11 @@ bool SyncRes::doCacheCheck(const DNSName &qname, const DNSName& authname, bool w res = RCode::NXDomain; giveNegative = true; cachedState = ne.d_validationState; - } else if (t_sstorage.negcache.get(qname, qtype, d_now, ne)) { + } else if (s_negcache->get(qname, qtype, d_now, ne)) { /* If we are looking for a DS, discard NXD if auth == qname and ask for a specific denial instead */ if (qtype != QType::DS || ne.d_qtype.getCode() || ne.d_auth != qname || - t_sstorage.negcache.get(qname, qtype, d_now, ne, true)) + s_negcache->get(qname, qtype, d_now, ne, true)) { res = RCode::NXDomain; sttl = ne.d_ttd - d_now.tv_sec; @@ -1666,7 +1666,7 @@ bool SyncRes::doCacheCheck(const DNSName &qname, const DNSName& authname, bool w negCacheName.prependRawLabel(labels.back()); labels.pop_back(); while(!labels.empty()) { - if (t_sstorage.negcache.get(negCacheName, QType(0), d_now, ne, true)) { + if (s_negcache->get(negCacheName, QType(0), d_now, ne, true)) { if (ne.d_validationState == vState::Indeterminate && validationEnabled()) { // LOG(prefix << negCacheName << " negatively cached and vState::Indeterminate, trying to validate NXDOMAIN" << endl); // ... @@ -3271,10 +3271,10 @@ bool SyncRes::processRecords(const std::string& prefix, const DNSName& qname, co We have a regression test making sure we do exactly that. */ if(!wasVariable() && newtarget.empty()) { - t_sstorage.negcache.add(ne); + s_negcache->add(ne); if(s_rootNXTrust && ne.d_auth.isRoot() && auth.isRoot() && lwr.d_aabit) { ne.d_name = ne.d_name.getLastLabel(); - t_sstorage.negcache.add(ne); + s_negcache->add(ne); } } @@ -3419,7 +3419,7 @@ bool SyncRes::processRecords(const std::string& prefix, const DNSName& qname, co LOG(prefix<add(ne); } if (qname == newauth && qtype == QType::DS) { @@ -3462,7 +3462,7 @@ bool SyncRes::processRecords(const std::string& prefix, const DNSName& qname, co if(!wasVariable()) { if(qtype.getCode()) { // prevents us from blacking out a whole domain - t_sstorage.negcache.add(ne); + s_negcache->add(ne); } } diff --git a/pdns/syncres.hh b/pdns/syncres.hh index 95a9aace06..6724f8a68b 100644 --- a/pdns/syncres.hh +++ b/pdns/syncres.hh @@ -255,6 +255,8 @@ private: cont_t d_cont; }; +extern std::unique_ptr s_negcache; + class SyncRes : public boost::noncopyable { public: @@ -400,7 +402,6 @@ public: }; struct ThreadLocalStorage { - NegCache negcache; nsspeeds_t nsSpeeds; throttle_t throttle; ednsstatus_t ednsstatus; @@ -552,32 +553,10 @@ public: { return t_sstorage.fails.value(server); } - - static void clearNegCache() - { - t_sstorage.negcache.clear(); - } - - static uint64_t getNegCacheSize() - { - return t_sstorage.negcache.size(); - } - - static void pruneNegCache(unsigned int maxEntries) - { - t_sstorage.negcache.prune(maxEntries); - } - - static uint64_t wipeNegCache(const DNSName& name, bool subtree = false) - { - return t_sstorage.negcache.wipe(name, subtree); - } - static void setDomainMap(std::shared_ptr newMap) { t_sstorage.domainmap = newMap; } - static const std::shared_ptr getDomainMap() { return t_sstorage.domainmap;