From 357331f8865693ba618918c1ba767695bdcdad7a Mon Sep 17 00:00:00 2001 From: Aram Sargsyan Date: Mon, 30 Mar 2026 12:11:46 +0000 Subject: [PATCH] Revert NTA flush on expire Flushing the name when NTA expires causes problems for the ongoing resolving process. Do not flush the name from the cache. Instead, the resolver should do the flushing (this is planned to be merged next). --- bin/tests/system/nta/tests_nta.py | 7 ------- lib/dns/nta.c | 6 ------ 2 files changed, 13 deletions(-) diff --git a/bin/tests/system/nta/tests_nta.py b/bin/tests/system/nta/tests_nta.py index 828c04822b6..ece8db67295 100644 --- a/bin/tests/system/nta/tests_nta.py +++ b/bin/tests/system/nta/tests_nta.py @@ -147,13 +147,6 @@ def test_nta_behavior(servers): isctest.check.noerror(res) isctest.check.noadflag(res) - # Expiry should also trigger a cache flush, so even if a.secure.example A - # was cached when its NTA was active, cached data should not be returned. - m = isctest.query.create("a.secure.example", "A") - res = isctest.query.tcp(m, "10.53.0.4") - isctest.check.noerror(res) - isctest.check.adflag(res) - # bogus.example was set to expire in 20s, so at t=13 # it should still be NTA'd, but badds.example used the default # lifetime of 12s, so it should revert to SERVFAIL now. diff --git a/lib/dns/nta.c b/lib/dns/nta.c index a1593120a97..b56325acd51 100644 --- a/lib/dns/nta.c +++ b/lib/dns/nta.c @@ -414,7 +414,6 @@ dns_ntatable_covered(dns_ntatable_t *ntatable, isc_stdtime_t now, bool answer = false; dns_qpread_t qpr; void *pval = NULL; - bool flushnode = false; REQUIRE(VALID_NTATABLE(ntatable)); REQUIRE(dns_name_isabsolute(name)); @@ -454,7 +453,6 @@ dns_ntatable_covered(dns_ntatable_t *ntatable, isc_stdtime_t now, /* NTA is expired */ dns__nta_ref(nta); dns_ntatable_ref(nta->ntatable); - flushnode = true; isc_async_run(nta->loop, delete_expired, nta); goto done; } @@ -462,10 +460,6 @@ dns_ntatable_covered(dns_ntatable_t *ntatable, isc_stdtime_t now, answer = true; done: dns_qpread_destroy(table, &qpr); - - if (nta != NULL && flushnode) { - dns_view_flushnode(view, &nta->name, true); - } unlock: rcu_read_unlock(); -- 2.47.3