From: Otto Moerbeek <otto.moerbeek@open-xchange.com>
Date: Mon, 25 Sep 2023 10:38:34 +0000 (+0200)
Subject: Don't chace CNAMEs for NS queries
X-Git-Tag: rec-5.0.0-alpha2~18^2~1
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=ca2609e6cc32f0bdb89356a8c6c269bdcecf5a29;p=thirdparty%2Fpdns.git

Don't chace CNAMEs for NS queries

Also, if we encouter a NS record without associated address records,
wipe it from cache. This latest part is not well tested yet and might have
bad side effects.
---

diff --git a/pdns/recursordist/syncres.cc b/pdns/recursordist/syncres.cc
index 2a5b46ae4e..0e4822bede 100644
--- a/pdns/recursordist/syncres.cc
+++ b/pdns/recursordist/syncres.cc
@@ -2078,7 +2078,7 @@ vector<ComboAddress> SyncRes::getAddrs(const DNSName& qname, unsigned int depth,
   const unsigned int startqueries = d_outqueries;
   d_requireAuthData = false;
   d_DNSSECValidationRequested = false;
-  d_followCNAME = true;
+  d_followCNAME = false;
 
   MemRecursorCache::Flags flags = MemRecursorCache::None;
   if (d_serveStale) {
@@ -2269,6 +2269,7 @@ void SyncRes::getBestNSFromCache(const DNSName& qname, const QType qtype, vector
           else {
             *flawedNSSet = true;
             LOG(prefix << qname << ": NS in cache for '" << subdomain << "', but needs glue (" << nrr->getNS() << ") which we miss or is expired" << endl);
+            g_recCache->doWipeCache(subdomain, false, QType::NS);
           }
         }
       }