From 9e79c2d4d0522e1f088eccdf6bf7dbb4bb851037 Mon Sep 17 00:00:00 2001 From: Remi Gacogne Date: Tue, 23 Aug 2016 15:51:11 +0200 Subject: [PATCH] auth: Don't look up the packet cache for TSIG-enabled queries We are rightfully careful about not caching responses for TSIG-enabled queries, but we would nevertheless happily serve cached entries for those. --- pdns/dnspacket.cc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pdns/dnspacket.cc b/pdns/dnspacket.cc index dd53ee7f05..21fa80617b 100644 --- a/pdns/dnspacket.cc +++ b/pdns/dnspacket.cc @@ -246,7 +246,7 @@ void DNSPacket::setCompress(bool compress) bool DNSPacket::couldBeCached() { - return d_ednsping.empty() && !d_wantsnsid && qclass==QClass::IN; + return d_ednsping.empty() && !d_wantsnsid && qclass==QClass::IN && !d_havetsig; } unsigned int DNSPacket::getMinTTL() -- 2.47.2