From 50c18a313cc0cb0e8f521a490b1d1853a5f38afd Mon Sep 17 00:00:00 2001 From: Otto Moerbeek Date: Wed, 16 Nov 2022 13:58:04 +0100 Subject: [PATCH] Also consider recursive forward in the "forwarded DS should not end up in negCache code." With @rgacogne and @phonedph1 Fixes #12189 (cherry picked from commit af746aaf59a2e977bafabd5814635f59b01e5835) --- pdns/syncres.cc | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/pdns/syncres.cc b/pdns/syncres.cc index 4caac3b62d..7e7834ae0d 100644 --- a/pdns/syncres.cc +++ b/pdns/syncres.cc @@ -424,7 +424,7 @@ bool SyncRes::isRecursiveForwardOrAuth(const DNSName &qname) const { bool SyncRes::isForwardOrAuth(const DNSName &qname) const { DNSName authname(qname); domainmap_t::const_iterator iter = getBestAuthZone(&authname); - return iter != t_sstorage.domainmap->end() && (iter->second.isAuth() || !iter->second.shouldRecurse()); + return iter != t_sstorage.domainmap->end(); } uint64_t SyncRes::doEDNSDump(int fd) @@ -3607,16 +3607,16 @@ bool SyncRes::processRecords(const std::string& prefix, const DNSName& qname, co continue; } } - const bool negCacheIndiction = rec.d_place == DNSResourceRecord::AUTHORITY && rec.d_type == QType::SOA && + const bool negCacheIndication = rec.d_place == DNSResourceRecord::AUTHORITY && rec.d_type == QType::SOA && lwr.d_rcode == RCode::NXDomain && qname.isPartOf(rec.d_name) && rec.d_name.isPartOf(auth); bool putInNegCache = true; - if (negCacheIndiction && qtype == QType::DS && isForwardOrAuth(qname)) { + if (negCacheIndication && qtype == QType::DS && isForwardOrAuth(qname)) { // #10189, a NXDOMAIN to a DS query for a forwarded or auth domain should not NXDOMAIN the whole domain putInNegCache = false; } - if (negCacheIndiction) { + if (negCacheIndication) { LOG(prefix<