From: Otto Date: Tue, 5 Oct 2021 09:20:24 +0000 (+0200) Subject: Use packetcache-servfail-ttl for all packet cache entries considered an error reply. X-Git-Tag: dnsdist-1.7.0-alpha2~19^2~5 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=9f3937016b719ed2441068679197ee34e6151a3d;p=thirdparty%2Fpdns.git Use packetcache-servfail-ttl for all packet cache entries considered an error reply. The "this is an error" test is: no answer records and rcode not equal to NoError. This needs to be validated. Fixes #9135. --- diff --git a/pdns/pdns_recursor.cc b/pdns/pdns_recursor.cc index 280f936744..214a20d5d5 100644 --- a/pdns/pdns_recursor.cc +++ b/pdns/pdns_recursor.cc @@ -2299,8 +2299,11 @@ static void startDoResolve(void *p) g_stats.variableResponses++; } if (!SyncRes::s_nopacketcache && !variableAnswer && !sr.wasVariable()) { - minTTL = min(minTTL, pw.getHeader()->rcode == RCode::ServFail ? SyncRes::s_packetcacheservfailttl : - SyncRes::s_packetcachettl); + const auto& hdr = pw.getHeader(); + if (hdr->ancount == 0 && hdr->rcode != RCode::NoError) { + minTTL = min(minTTL, SyncRes::s_packetcacheservfailttl); + } + minTTL = min(minTTL, SyncRes::s_packetcachettl); t_packetCache->insertResponsePacket(dc->d_tag, dc->d_qhash, std::move(dc->d_query), dc->d_mdp.d_qname, dc->d_mdp.d_qtype, dc->d_mdp.d_qclass, string((const char*)&*packet.begin(), packet.size()), diff --git a/pdns/recursordist/docs/settings.rst b/pdns/recursordist/docs/settings.rst index eab06acac5..b7433d9dda 100644 --- a/pdns/recursordist/docs/settings.rst +++ b/pdns/recursordist/docs/settings.rst @@ -1413,7 +1413,7 @@ Maximum number of seconds to cache an item in the packet cache, no matter what t - Integer - Default: 60 -Maximum number of seconds to cache a 'server failure' answer in the packet cache. +Maximum number of seconds to cache a 'server failure' and other answers signalling an error in the packet cache. .. versionchanged:: 4.0.0