From 0d032a66afe508cc86a25eef26fc9be0867a117e Mon Sep 17 00:00:00 2001
From: bert hubert <bert.hubert@powerdns.com>
Date: Fri, 12 May 2017 12:34:44 +0200
Subject: [PATCH] when (re)priming the root, we do so with auth=0. We'll only
 set auth=1 after we have an answer from the roots. This however opens up a
 small race condition in which the root is expired (ttl=0), but still auth=1
 in the cache. Our attempt to replace it with auth=0 dta fails at that point.
 This is probably due to some fencepost error somewhere. To not be subtle
 about this, explicitly nuke the root when we reprime.

---
 pdns/reczones.cc | 1 +
 1 file changed, 1 insertion(+)

diff --git a/pdns/reczones.cc b/pdns/reczones.cc
index 5a97903bea..845155b775 100644
--- a/pdns/reczones.cc
+++ b/pdns/reczones.cc
@@ -93,6 +93,7 @@ void primeHints(void)
       }
     }
   }
+  t_RC->doWipeCache(g_rootdnsname, false, QType::NS);
   t_RC->replace(time(0), g_rootdnsname, QType(QType::NS), nsset, vector<std::shared_ptr<RRSIGRecordContent>>(), false); // and stuff in the cache
 }
 
-- 
2.47.2