From: Marek VavruĊĦa Date: Tue, 22 Sep 2015 16:11:30 +0000 (+0200) Subject: lib/validate: prevent caching of answers needing revalidation X-Git-Tag: v1.0.0-beta1~53^2~35 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=d183e016e3ef70ee27842fb02f93d12a287d6f07;p=thirdparty%2Fknot-resolver.git lib/validate: prevent caching of answers needing revalidation --- diff --git a/lib/layer/iterate.c b/lib/layer/iterate.c index 5ab6887c3..631f19e0e 100644 --- a/lib/layer/iterate.c +++ b/lib/layer/iterate.c @@ -274,7 +274,7 @@ static int process_authority(knot_pkt_t *pkt, struct kr_request *req) /* SOA below cut in authority indicates different authority, but same NS set. */ if (knot_dname_is_sub(rr->owner, qry->zone_cut.name)) { qry->zone_cut.name = knot_dname_copy(rr->owner, &req->pool); - if (knot_pkt_has_dnssec(pkt)) { /* Treat as a referral */ + if (qry->flags & QUERY_DNSSEC_WANT) { /* Treat as a referral */ return KNOT_STATE_DONE; } } diff --git a/lib/layer/pktcache.c b/lib/layer/pktcache.c index c4a50d079..8c866e4ec 100644 --- a/lib/layer/pktcache.c +++ b/lib/layer/pktcache.c @@ -100,8 +100,8 @@ static int peek(knot_layer_t *ctx, knot_pkt_t *pkt) if (!qry || ctx->state & (KNOT_STATE_DONE|KNOT_STATE_FAIL)) { return ctx->state; /* Already resolved/failed */ } - if (!(qry->flags & QUERY_AWAIT_CUT)) { - return ctx->state; /* Only lookup on first iteration */ + if (qry->ns.addr.ip.sa_family != AF_UNSPEC) { + return ctx->state; /* Only lookup before asking a query */ } if (knot_pkt_qclass(pkt) != KNOT_CLASS_IN) { return ctx->state; /* Only IN class */ diff --git a/lib/layer/validate.c b/lib/layer/validate.c index 201ec0ed9..f6d08351e 100644 --- a/lib/layer/validate.c +++ b/lib/layer/validate.c @@ -395,6 +395,7 @@ static int validate(knot_layer_t *ctx, knot_pkt_t *pkt) const knot_dname_t *sig_name = first_rrsig_signer_name(pkt); if (key_own && sig_name && !knot_dname_is_equal(key_own, sig_name)) { DEBUG_MSG(qry, ">< cut changed, needs revalidation\n"); + knot_wire_set_rcode(pkt->wire, KNOT_RCODE_SERVFAIL); /* Prevent caching */ qry->flags &= ~QUERY_RESOLVED; return KNOT_STATE_CONSUME; }