From 28364e4b7f88ccabd976037154395b6220301100 Mon Sep 17 00:00:00 2001 From: Remi Gacogne Date: Wed, 11 Apr 2018 17:59:01 +0200 Subject: [PATCH] rec: Don't copy entries when retrieving from the negative cache --- pdns/recursordist/negcache.cc | 8 +-- pdns/recursordist/negcache.hh | 4 +- pdns/recursordist/test-negcache_cc.cc | 94 +++++++++++++-------------- pdns/recursordist/test-syncres_cc.cc | 94 +++++++++++++-------------- pdns/syncres.cc | 79 +++++++++++----------- pdns/syncres.hh | 6 +- 6 files changed, 141 insertions(+), 144 deletions(-) diff --git a/pdns/recursordist/negcache.cc b/pdns/recursordist/negcache.cc index 13fbf619fe..6552486b7f 100644 --- a/pdns/recursordist/negcache.cc +++ b/pdns/recursordist/negcache.cc @@ -35,7 +35,7 @@ * \param ne A NegCacheEntry that is filled when there is a cache entry * \return true if ne was filled out, false otherwise */ -bool NegCache::getRootNXTrust(const DNSName& qname, const struct timeval& now, NegCacheEntry& ne) { +bool NegCache::getRootNXTrust(const DNSName& qname, const struct timeval& now, const NegCacheEntry** ne) { // Never deny the root. if (qname.isRoot()) return false; @@ -51,7 +51,7 @@ bool NegCache::getRootNXTrust(const DNSName& qname, const struct timeval& now, N ni->d_qtype == qtnull) { // We have something if ((uint32_t)now.tv_sec < ni->d_ttd) { - ne = *ni; + *ne = &(*ni); moveCacheItemToBack(d_negcache, ni); return true; } @@ -70,7 +70,7 @@ bool NegCache::getRootNXTrust(const DNSName& qname, const struct timeval& now, N * \param ne A NegCacheEntry that is filled when there is a cache entry * \return true if ne was filled out, false otherwise */ -bool NegCache::get(const DNSName& qname, const QType& qtype, const struct timeval& now, NegCacheEntry& ne, bool typeMustMatch) { +bool NegCache::get(const DNSName& qname, const QType& qtype, const struct timeval& now, const NegCacheEntry** ne, bool typeMustMatch) { const auto& idx = d_negcache.get<2>(); auto range = idx.equal_range(qname); auto ni = range.first; @@ -83,7 +83,7 @@ bool NegCache::get(const DNSName& qname, const QType& qtype, const struct timeva if((uint32_t) now.tv_sec < ni->d_ttd) { // Not expired - ne = *ni; + *ne = &(*ni); moveCacheItemToBack(d_negcache, firstIndexIterator); return true; } diff --git a/pdns/recursordist/negcache.hh b/pdns/recursordist/negcache.hh index 2bc41da620..b78951e21d 100644 --- a/pdns/recursordist/negcache.hh +++ b/pdns/recursordist/negcache.hh @@ -60,8 +60,8 @@ class NegCache : public boost::noncopyable { void add(const NegCacheEntry& ne); void updateValidationStatus(const DNSName& qname, const QType& qtype, const vState newState); - bool get(const DNSName& qname, const QType& qtype, const struct timeval& now, NegCacheEntry& ne, bool typeMustMatch=false); - bool getRootNXTrust(const DNSName& qname, const struct timeval& now, NegCacheEntry& ne); + bool get(const DNSName& qname, const QType& qtype, const struct timeval& now, const NegCacheEntry** ne, bool typeMustMatch=false); + bool getRootNXTrust(const DNSName& qname, const struct timeval& now, const NegCacheEntry** ne); uint64_t count(const DNSName& qname) const; uint64_t count(const DNSName& qname, const QType qtype) const; void prune(unsigned int maxEntries); diff --git a/pdns/recursordist/test-negcache_cc.cc b/pdns/recursordist/test-negcache_cc.cc index 77418c9a50..aba53fa263 100644 --- a/pdns/recursordist/test-negcache_cc.cc +++ b/pdns/recursordist/test-negcache_cc.cc @@ -57,13 +57,13 @@ BOOST_AUTO_TEST_CASE(test_get_entry) { BOOST_CHECK_EQUAL(cache.size(), 1); - NegCache::NegCacheEntry ne; - bool ret = cache.get(qname, QType(1), now, ne); + const NegCache::NegCacheEntry* ne = nullptr; + bool ret = cache.get(qname, QType(1), now, &ne); BOOST_CHECK(ret); - BOOST_CHECK_EQUAL(ne.d_name, qname); - BOOST_CHECK_EQUAL(ne.d_qtype.getName(), QType(0).getName()); - BOOST_CHECK_EQUAL(ne.d_auth, auth); + BOOST_CHECK_EQUAL(ne->d_name, qname); + BOOST_CHECK_EQUAL(ne->d_qtype.getName(), QType(0).getName()); + BOOST_CHECK_EQUAL(ne->d_auth, auth); } BOOST_AUTO_TEST_CASE(test_get_entry_exact_type) { @@ -81,10 +81,11 @@ BOOST_AUTO_TEST_CASE(test_get_entry_exact_type) { BOOST_CHECK_EQUAL(cache.size(), 1); - NegCache::NegCacheEntry ne; - bool ret = cache.get(qname, QType(1), now, ne, true); + const NegCache::NegCacheEntry* ne = nullptr; + bool ret = cache.get(qname, QType(1), now, &ne, true); BOOST_CHECK_EQUAL(ret, false); + BOOST_CHECK(ne == nullptr); } BOOST_AUTO_TEST_CASE(test_get_NODATA_entry) { @@ -99,17 +100,18 @@ BOOST_AUTO_TEST_CASE(test_get_NODATA_entry) { BOOST_CHECK_EQUAL(cache.size(), 1); - NegCache::NegCacheEntry ne; - bool ret = cache.get(qname, QType(1), now, ne); + const NegCache::NegCacheEntry* ne = nullptr; + bool ret = cache.get(qname, QType(1), now, &ne); BOOST_CHECK(ret); - BOOST_CHECK_EQUAL(ne.d_name, qname); - BOOST_CHECK_EQUAL(ne.d_qtype.getName(), QType(1).getName()); - BOOST_CHECK_EQUAL(ne.d_auth, auth); + BOOST_CHECK_EQUAL(ne->d_name, qname); + BOOST_CHECK_EQUAL(ne->d_qtype.getName(), QType(1).getName()); + BOOST_CHECK_EQUAL(ne->d_auth, auth); - NegCache::NegCacheEntry ne2; - ret = cache.get(qname, QType(16), now, ne2); + const NegCache::NegCacheEntry* ne2 = nullptr; + ret = cache.get(qname, QType(16), now, &ne2); BOOST_CHECK_EQUAL(ret, false); + BOOST_CHECK(ne2 == nullptr); } BOOST_AUTO_TEST_CASE(test_getRootNXTrust_entry) { @@ -124,13 +126,13 @@ BOOST_AUTO_TEST_CASE(test_getRootNXTrust_entry) { BOOST_CHECK_EQUAL(cache.size(), 1); - NegCache::NegCacheEntry ne; - bool ret = cache.getRootNXTrust(qname, now, ne); + const NegCache::NegCacheEntry* ne = nullptr; + bool ret = cache.getRootNXTrust(qname, now, &ne); BOOST_CHECK(ret); - BOOST_CHECK_EQUAL(ne.d_name, qname); - BOOST_CHECK_EQUAL(ne.d_qtype.getName(), QType(0).getName()); - BOOST_CHECK_EQUAL(ne.d_auth, auth); + BOOST_CHECK_EQUAL(ne->d_name, qname); + BOOST_CHECK_EQUAL(ne->d_qtype.getName(), QType(0).getName()); + BOOST_CHECK_EQUAL(ne->d_auth, auth); } BOOST_AUTO_TEST_CASE(test_add_and_get_expired_entry) { @@ -146,15 +148,13 @@ BOOST_AUTO_TEST_CASE(test_add_and_get_expired_entry) { BOOST_CHECK_EQUAL(cache.size(), 1); - NegCache::NegCacheEntry ne; + const NegCache::NegCacheEntry* ne = nullptr; now.tv_sec += 1000; - bool ret = cache.get(qname, QType(1), now, ne); + bool ret = cache.get(qname, QType(1), now, &ne); BOOST_CHECK_EQUAL(ret, false); - BOOST_CHECK_EQUAL(ne.d_name, DNSName()); - BOOST_CHECK_EQUAL(ne.d_auth, DNSName()); - BOOST_CHECK(ne.authoritySOA.records.empty()); + BOOST_CHECK(ne == nullptr); } BOOST_AUTO_TEST_CASE(test_getRootNXTrust_expired_entry) { @@ -170,15 +170,13 @@ BOOST_AUTO_TEST_CASE(test_getRootNXTrust_expired_entry) { BOOST_CHECK_EQUAL(cache.size(), 1); - NegCache::NegCacheEntry ne; + const NegCache::NegCacheEntry* ne = nullptr; now.tv_sec += 1000; - bool ret = cache.getRootNXTrust(qname, now, ne); + bool ret = cache.getRootNXTrust(qname, now, &ne); BOOST_CHECK_EQUAL(ret, false); - BOOST_CHECK_EQUAL(ne.d_name, DNSName()); - BOOST_CHECK_EQUAL(ne.d_auth, DNSName()); - BOOST_CHECK(ne.authoritySOA.records.empty()); + BOOST_CHECK(ne == nullptr); } BOOST_AUTO_TEST_CASE(test_add_updated_entry) { @@ -196,12 +194,12 @@ BOOST_AUTO_TEST_CASE(test_add_updated_entry) { BOOST_CHECK_EQUAL(cache.size(), 1); - NegCache::NegCacheEntry ne; - bool ret = cache.get(qname, QType(1), now, ne); + const NegCache::NegCacheEntry* ne = nullptr; + bool ret = cache.get(qname, QType(1), now, &ne); BOOST_CHECK(ret); - BOOST_CHECK_EQUAL(ne.d_name, qname); - BOOST_CHECK_EQUAL(ne.d_auth, auth2); + BOOST_CHECK_EQUAL(ne->d_name, qname); + BOOST_CHECK_EQUAL(ne->d_auth, auth2); } BOOST_AUTO_TEST_CASE(test_getRootNXTrust) { @@ -217,12 +215,12 @@ BOOST_AUTO_TEST_CASE(test_getRootNXTrust) { cache.add(genNegCacheEntry(qname, auth, now)); cache.add(genNegCacheEntry(qname2, auth2, now)); - NegCache::NegCacheEntry ne; - bool ret = cache.getRootNXTrust(qname, now, ne); + const NegCache::NegCacheEntry* ne = nullptr; + bool ret = cache.getRootNXTrust(qname, now, &ne); BOOST_CHECK(ret); - BOOST_CHECK_EQUAL(ne.d_name, qname2); - BOOST_CHECK_EQUAL(ne.d_auth, auth2); + BOOST_CHECK_EQUAL(ne->d_name, qname2); + BOOST_CHECK_EQUAL(ne->d_auth, auth2); } BOOST_AUTO_TEST_CASE(test_getRootNXTrust_full_domain_only) { @@ -238,10 +236,11 @@ BOOST_AUTO_TEST_CASE(test_getRootNXTrust_full_domain_only) { cache.add(genNegCacheEntry(qname, auth, now)); cache.add(genNegCacheEntry(qname2, auth2, now, 1)); // Add the denial for COM|A - NegCache::NegCacheEntry ne; - bool ret = cache.getRootNXTrust(qname, now, ne); + const NegCache::NegCacheEntry* ne = nullptr; + bool ret = cache.getRootNXTrust(qname, now, &ne); BOOST_CHECK_EQUAL(ret, false); + BOOST_CHECK(ne == nullptr); } BOOST_AUTO_TEST_CASE(test_prune) { @@ -288,22 +287,20 @@ BOOST_AUTO_TEST_CASE(test_wipe_single) { cache.wipe(auth); BOOST_CHECK_EQUAL(cache.size(), 400); - NegCache::NegCacheEntry ne2; - bool ret = cache.get(auth, QType(1), now, ne2); + const NegCache::NegCacheEntry* ne2 = nullptr; + bool ret = cache.get(auth, QType(1), now, &ne2); BOOST_CHECK_EQUAL(ret, false); - BOOST_CHECK_EQUAL(ne2.d_auth, DNSName()); - BOOST_CHECK_EQUAL(ne2.d_name, DNSName()); + BOOST_CHECK(ne2 == nullptr); cache.wipe(DNSName("1.powerdns.com")); BOOST_CHECK_EQUAL(cache.size(), 399); - NegCache::NegCacheEntry ne3; - ret = cache.get(auth, QType(1), now, ne3); + const NegCache::NegCacheEntry* ne3 = nullptr; + ret = cache.get(auth, QType(1), now, &ne3); BOOST_CHECK_EQUAL(ret, false); - BOOST_CHECK_EQUAL(ne3.d_auth, DNSName()); - BOOST_CHECK_EQUAL(ne3.d_name, DNSName()); + BOOST_CHECK(ne3 == nullptr); } BOOST_AUTO_TEST_CASE(test_wipe_subtree) { @@ -369,8 +366,7 @@ BOOST_AUTO_TEST_CASE(test_dumpToFile) { cache.add(genNegCacheEntry(DNSName("www1.powerdns.com"), DNSName("powerdns.com"), now)); cache.add(genNegCacheEntry(DNSName("www2.powerdns.com"), DNSName("powerdns.com"), now)); - FILE* fp; - fp = tmpfile(); + FILE* fp = tmpfile(); if (!fp) BOOST_FAIL("Temporary file could not be opened"); diff --git a/pdns/recursordist/test-syncres_cc.cc b/pdns/recursordist/test-syncres_cc.cc index 3a157279e2..a9293f2520 100644 --- a/pdns/recursordist/test-syncres_cc.cc +++ b/pdns/recursordist/test-syncres_cc.cc @@ -9003,15 +9003,15 @@ BOOST_AUTO_TEST_CASE(test_dnssec_rrsig_negcache_validity) { BOOST_CHECK_EQUAL(queriesCount, 4); /* check that the entry has not been negatively cached for longer than the RRSIG validity */ - NegCache::NegCacheEntry ne; + const NegCache::NegCacheEntry* ne = nullptr; BOOST_CHECK_EQUAL(SyncRes::t_sstorage.negcache.size(), 1); - BOOST_REQUIRE_EQUAL(SyncRes::t_sstorage.negcache.get(target, QType(QType::A), sr->getNow(), ne), true); - BOOST_CHECK_EQUAL(ne.d_ttd, now + 1); - BOOST_CHECK_EQUAL(ne.d_validationState, Secure); - BOOST_CHECK_EQUAL(ne.authoritySOA.records.size(), 1); - BOOST_CHECK_EQUAL(ne.authoritySOA.signatures.size(), 1); - BOOST_CHECK_EQUAL(ne.DNSSECRecords.records.size(), 1); - BOOST_CHECK_EQUAL(ne.DNSSECRecords.signatures.size(), 1); + BOOST_REQUIRE_EQUAL(SyncRes::t_sstorage.negcache.get(target, QType(QType::A), sr->getNow(), &ne), true); + BOOST_CHECK_EQUAL(ne->d_ttd, now + 1); + BOOST_CHECK_EQUAL(ne->d_validationState, Secure); + BOOST_CHECK_EQUAL(ne->authoritySOA.records.size(), 1); + BOOST_CHECK_EQUAL(ne->authoritySOA.signatures.size(), 1); + BOOST_CHECK_EQUAL(ne->DNSSECRecords.records.size(), 1); + BOOST_CHECK_EQUAL(ne->DNSSECRecords.signatures.size(), 1); /* again, to test the cache */ ret.clear(); @@ -9639,14 +9639,14 @@ BOOST_AUTO_TEST_CASE(test_dnssec_validation_from_negcache_secure) { BOOST_REQUIRE_EQUAL(ret.size(), 4); BOOST_CHECK_EQUAL(queriesCount, 1); /* check that the entry has not been negatively cached */ - NegCache::NegCacheEntry ne; + const NegCache::NegCacheEntry* ne = nullptr; BOOST_CHECK_EQUAL(SyncRes::t_sstorage.negcache.size(), 1); - BOOST_REQUIRE_EQUAL(SyncRes::t_sstorage.negcache.get(target, QType(QType::A), sr->getNow(), ne), true); - BOOST_CHECK_EQUAL(ne.d_validationState, Indeterminate); - BOOST_CHECK_EQUAL(ne.authoritySOA.records.size(), 1); - BOOST_CHECK_EQUAL(ne.authoritySOA.signatures.size(), 1); - BOOST_CHECK_EQUAL(ne.DNSSECRecords.records.size(), 1); - BOOST_CHECK_EQUAL(ne.DNSSECRecords.signatures.size(), 1); + BOOST_REQUIRE_EQUAL(SyncRes::t_sstorage.negcache.get(target, QType(QType::A), sr->getNow(), &ne), true); + BOOST_CHECK_EQUAL(ne->d_validationState, Indeterminate); + BOOST_CHECK_EQUAL(ne->authoritySOA.records.size(), 1); + BOOST_CHECK_EQUAL(ne->authoritySOA.signatures.size(), 1); + BOOST_CHECK_EQUAL(ne->DNSSECRecords.records.size(), 1); + BOOST_CHECK_EQUAL(ne->DNSSECRecords.signatures.size(), 1); ret.clear(); /* second one _does_ require validation */ @@ -9657,12 +9657,12 @@ BOOST_AUTO_TEST_CASE(test_dnssec_validation_from_negcache_secure) { BOOST_REQUIRE_EQUAL(ret.size(), 4); BOOST_CHECK_EQUAL(queriesCount, 4); BOOST_CHECK_EQUAL(SyncRes::t_sstorage.negcache.size(), 1); - BOOST_REQUIRE_EQUAL(SyncRes::t_sstorage.negcache.get(target, QType(QType::A), sr->getNow(), ne), true); - BOOST_CHECK_EQUAL(ne.d_validationState, Secure); - BOOST_CHECK_EQUAL(ne.authoritySOA.records.size(), 1); - BOOST_CHECK_EQUAL(ne.authoritySOA.signatures.size(), 1); - BOOST_CHECK_EQUAL(ne.DNSSECRecords.records.size(), 1); - BOOST_CHECK_EQUAL(ne.DNSSECRecords.signatures.size(), 1); + BOOST_REQUIRE_EQUAL(SyncRes::t_sstorage.negcache.get(target, QType(QType::A), sr->getNow(), &ne), true); + BOOST_CHECK_EQUAL(ne->d_validationState, Secure); + BOOST_CHECK_EQUAL(ne->authoritySOA.records.size(), 1); + BOOST_CHECK_EQUAL(ne->authoritySOA.signatures.size(), 1); + BOOST_CHECK_EQUAL(ne->DNSSECRecords.records.size(), 1); + BOOST_CHECK_EQUAL(ne->DNSSECRecords.signatures.size(), 1); } BOOST_AUTO_TEST_CASE(test_dnssec_validation_from_negcache_secure_ds) { @@ -9775,14 +9775,14 @@ BOOST_AUTO_TEST_CASE(test_dnssec_validation_from_negcache_insecure) { BOOST_REQUIRE_EQUAL(ret.size(), 1); BOOST_CHECK_EQUAL(queriesCount, 1); /* check that the entry has not been negatively cached */ - NegCache::NegCacheEntry ne; + const NegCache::NegCacheEntry* ne = nullptr; BOOST_CHECK_EQUAL(SyncRes::t_sstorage.negcache.size(), 1); - BOOST_REQUIRE_EQUAL(SyncRes::t_sstorage.negcache.get(target, QType(QType::A), sr->getNow(), ne), true); - BOOST_CHECK_EQUAL(ne.d_validationState, Indeterminate); - BOOST_CHECK_EQUAL(ne.authoritySOA.records.size(), 1); - BOOST_CHECK_EQUAL(ne.authoritySOA.signatures.size(), 0); - BOOST_CHECK_EQUAL(ne.DNSSECRecords.records.size(), 0); - BOOST_CHECK_EQUAL(ne.DNSSECRecords.signatures.size(), 0); + BOOST_REQUIRE_EQUAL(SyncRes::t_sstorage.negcache.get(target, QType(QType::A), sr->getNow(), &ne), true); + BOOST_CHECK_EQUAL(ne->d_validationState, Indeterminate); + BOOST_CHECK_EQUAL(ne->authoritySOA.records.size(), 1); + BOOST_CHECK_EQUAL(ne->authoritySOA.signatures.size(), 0); + BOOST_CHECK_EQUAL(ne->DNSSECRecords.records.size(), 0); + BOOST_CHECK_EQUAL(ne->DNSSECRecords.signatures.size(), 0); ret.clear(); /* second one _does_ require validation */ @@ -9792,12 +9792,12 @@ BOOST_AUTO_TEST_CASE(test_dnssec_validation_from_negcache_insecure) { BOOST_CHECK_EQUAL(sr->getValidationState(), Insecure); BOOST_REQUIRE_EQUAL(ret.size(), 1); BOOST_CHECK_EQUAL(queriesCount, 1); - BOOST_REQUIRE_EQUAL(SyncRes::t_sstorage.negcache.get(target, QType(QType::A), sr->getNow(), ne), true); - BOOST_CHECK_EQUAL(ne.d_validationState, Insecure); - BOOST_CHECK_EQUAL(ne.authoritySOA.records.size(), 1); - BOOST_CHECK_EQUAL(ne.authoritySOA.signatures.size(), 0); - BOOST_CHECK_EQUAL(ne.DNSSECRecords.records.size(), 0); - BOOST_CHECK_EQUAL(ne.DNSSECRecords.signatures.size(), 0); + BOOST_REQUIRE_EQUAL(SyncRes::t_sstorage.negcache.get(target, QType(QType::A), sr->getNow(), &ne), true); + BOOST_CHECK_EQUAL(ne->d_validationState, Insecure); + BOOST_CHECK_EQUAL(ne->authoritySOA.records.size(), 1); + BOOST_CHECK_EQUAL(ne->authoritySOA.signatures.size(), 0); + BOOST_CHECK_EQUAL(ne->DNSSECRecords.records.size(), 0); + BOOST_CHECK_EQUAL(ne->DNSSECRecords.signatures.size(), 0); } BOOST_AUTO_TEST_CASE(test_dnssec_validation_from_negcache_bogus) { @@ -9852,14 +9852,14 @@ BOOST_AUTO_TEST_CASE(test_dnssec_validation_from_negcache_bogus) { BOOST_CHECK_EQUAL(sr->getValidationState(), Indeterminate); BOOST_REQUIRE_EQUAL(ret.size(), 2); BOOST_CHECK_EQUAL(queriesCount, 1); - NegCache::NegCacheEntry ne; + const NegCache::NegCacheEntry* ne = nullptr; BOOST_CHECK_EQUAL(SyncRes::t_sstorage.negcache.size(), 1); - BOOST_REQUIRE_EQUAL(SyncRes::t_sstorage.negcache.get(target, QType(QType::A), sr->getNow(), ne), true); - BOOST_CHECK_EQUAL(ne.d_validationState, Indeterminate); - BOOST_CHECK_EQUAL(ne.authoritySOA.records.size(), 1); - BOOST_CHECK_EQUAL(ne.authoritySOA.signatures.size(), 1); - BOOST_CHECK_EQUAL(ne.DNSSECRecords.records.size(), 0); - BOOST_CHECK_EQUAL(ne.DNSSECRecords.signatures.size(), 0); + BOOST_REQUIRE_EQUAL(SyncRes::t_sstorage.negcache.get(target, QType(QType::A), sr->getNow(), &ne), true); + BOOST_CHECK_EQUAL(ne->d_validationState, Indeterminate); + BOOST_CHECK_EQUAL(ne->authoritySOA.records.size(), 1); + BOOST_CHECK_EQUAL(ne->authoritySOA.signatures.size(), 1); + BOOST_CHECK_EQUAL(ne->DNSSECRecords.records.size(), 0); + BOOST_CHECK_EQUAL(ne->DNSSECRecords.signatures.size(), 0); ret.clear(); /* second one _does_ require validation */ @@ -9869,12 +9869,12 @@ BOOST_AUTO_TEST_CASE(test_dnssec_validation_from_negcache_bogus) { BOOST_CHECK_EQUAL(sr->getValidationState(), Bogus); BOOST_REQUIRE_EQUAL(ret.size(), 2); BOOST_CHECK_EQUAL(queriesCount, 4); - BOOST_REQUIRE_EQUAL(SyncRes::t_sstorage.negcache.get(target, QType(QType::A), sr->getNow(), ne), true); - BOOST_CHECK_EQUAL(ne.d_validationState, Bogus); - BOOST_CHECK_EQUAL(ne.authoritySOA.records.size(), 1); - BOOST_CHECK_EQUAL(ne.authoritySOA.signatures.size(), 1); - BOOST_CHECK_EQUAL(ne.DNSSECRecords.records.size(), 0); - BOOST_CHECK_EQUAL(ne.DNSSECRecords.signatures.size(), 0); + BOOST_REQUIRE_EQUAL(SyncRes::t_sstorage.negcache.get(target, QType(QType::A), sr->getNow(), &ne), true); + BOOST_CHECK_EQUAL(ne->d_validationState, Bogus); + BOOST_CHECK_EQUAL(ne->authoritySOA.records.size(), 1); + BOOST_CHECK_EQUAL(ne->authoritySOA.signatures.size(), 1); + BOOST_CHECK_EQUAL(ne->DNSSECRecords.records.size(), 0); + BOOST_CHECK_EQUAL(ne->DNSSECRecords.signatures.size(), 0); } BOOST_AUTO_TEST_CASE(test_lowercase_outgoing) { diff --git a/pdns/syncres.cc b/pdns/syncres.cc index b4d9824158..431b5be513 100644 --- a/pdns/syncres.cc +++ b/pdns/syncres.cc @@ -1024,7 +1024,7 @@ static void addTTLModifiedRecords(const vector& records, const uint32 } } -void SyncRes::computeNegCacheValidationStatus(NegCache::NegCacheEntry& ne, const DNSName& qname, const QType& qtype, const int res, vState& state, unsigned int depth) +void SyncRes::computeNegCacheValidationStatus(const NegCache::NegCacheEntry* ne, const DNSName& qname, const QType& qtype, const int res, vState& state, unsigned int depth) { DNSName subdomain(qname); /* if we are retrieving a DS, we only care about the state of the parent zone */ @@ -1034,10 +1034,10 @@ void SyncRes::computeNegCacheValidationStatus(NegCache::NegCacheEntry& ne, const computeZoneCuts(subdomain, g_rootdnsname, depth); tcache_t tcache; - reapRecordsFromNegCacheEntryForValidation(tcache, ne.authoritySOA.records); - reapRecordsFromNegCacheEntryForValidation(tcache, ne.authoritySOA.signatures); - reapRecordsFromNegCacheEntryForValidation(tcache, ne.DNSSECRecords.records); - reapRecordsFromNegCacheEntryForValidation(tcache, ne.DNSSECRecords.signatures); + reapRecordsFromNegCacheEntryForValidation(tcache, ne->authoritySOA.records); + reapRecordsFromNegCacheEntryForValidation(tcache, ne->authoritySOA.signatures); + reapRecordsFromNegCacheEntryForValidation(tcache, ne->DNSSECRecords.records); + reapRecordsFromNegCacheEntryForValidation(tcache, ne->DNSSECRecords.signatures); for (const auto& entry : tcache) { // this happens when we did store signatures, but passed on the records themselves @@ -1065,13 +1065,14 @@ void SyncRes::computeNegCacheValidationStatus(NegCache::NegCacheEntry& ne, const } if (state == Secure) { + vState neValidationState = ne->d_validationState; dState expectedState = res == RCode::NXDomain ? NXDOMAIN : NXQTYPE; - dState denialState = getDenialValidationState(ne, state, expectedState, false); - updateDenialValidationState(ne, state, denialState, expectedState, qtype == QType::DS); + dState denialState = getDenialValidationState(*ne, state, expectedState, false); + updateDenialValidationState(neValidationState, ne->d_name, state, denialState, expectedState, qtype == QType::DS); } if (state != Indeterminate) { /* validation succeeded, let's update the cache entry so we don't have to validate again */ - t_sstorage.negcache.updateValidationStatus(ne.d_name, ne.d_qtype, state); + t_sstorage.negcache.updateValidationStatus(ne->d_name, ne->d_qtype, state); } } @@ -1091,36 +1092,36 @@ bool SyncRes::doCacheCheck(const DNSName &qname, const DNSName& authname, bool w uint32_t sttl=0; // cout<<"Lookup for '"< "<d_auth.isRoot() && !(wasForwardedOrAuthZone && !authname.isRoot())) { // when forwarding, the root may only neg-cache if it was forwarded to. - sttl = ne.d_ttd - d_now.tv_sec; - LOG(prefix<d_ttd - d_now.tv_sec; + LOG(prefix<d_auth<<"' & '"<d_name<<"' for another "<d_validationState; } - else if (t_sstorage.negcache.get(qname, qtype, d_now, ne) && - !(wasForwardedOrAuthZone && ne.d_auth != authname)) { // Only the authname nameserver can neg cache entries + else if (t_sstorage.negcache.get(qname, qtype, d_now, &ne) && + !(wasForwardedOrAuthZone && ne->d_auth != authname)) { // Only the authname nameserver can neg cache entries /* If we are looking for a DS, discard NXD if auth == qname and ask for a specific denial instead */ - if (qtype != QType::DS || ne.d_qtype.getCode() || ne.d_auth != qname || - t_sstorage.negcache.get(qname, qtype, d_now, ne, true)) + if (qtype != QType::DS || ne->d_qtype.getCode() || ne->d_auth != qname || + t_sstorage.negcache.get(qname, qtype, d_now, &ne, true)) { res = 0; - sttl = ne.d_ttd - d_now.tv_sec; + sttl = ne->d_ttd - d_now.tv_sec; giveNegative = true; - cachedState = ne.d_validationState; - if(ne.d_qtype.getCode()) { - LOG(prefix<d_validationState; + if(ne->d_qtype.getCode()) { + LOG(prefix<d_auth<<"' for another "<d_auth<<"' for another "<authoritySOA.records, sttl, ret); if(d_doDNSSEC) { - addTTLModifiedRecords(ne.authoritySOA.signatures, sttl, ret); - addTTLModifiedRecords(ne.DNSSECRecords.records, sttl, ret); - addTTLModifiedRecords(ne.DNSSECRecords.signatures, sttl, ret); + addTTLModifiedRecords(ne->authoritySOA.signatures, sttl, ret); + addTTLModifiedRecords(ne->DNSSECRecords.records, sttl, ret); + addTTLModifiedRecords(ne->DNSSECRecords.signatures, sttl, ret); } LOG(prefix<