Don't preserve cache entries if new TTL is smaller than existing

Under certain circumstances, cache entries with equivalent rdataset
might not get replaced.  Previously such entry would get preserved
regardless of the new TTL and expire time on the existing header would
get updated when the expire time was less than the expire time on the
existing header.  Change the logic to preserve the existing header only
if the new expire time is larger than the existing one and replace the
existing cache entry when the new expire time is less than the existing
one.

Co-authored-by: Jinmei Tatuya <jtatuya@infoblox.com>
(cherry picked from commit 9f7ba584cf46ffbb17c0793d19a334533914aba8)

diff --git a/lib/dns/rbtdb.c b/lib/dns/rbtdb.c
index 2ec9b9394149daea0fc827af503121e42bce3fd5..54363c0319efddca1e86d7b62c45d2da8ca1c7e9 100644 (file)
--- a/lib/dns/rbtdb.c
+++ b/lib/dns/rbtdb.c
@@ -6595,29 +6595,23 @@ find_header:
                        }
                }
                /*
-                * Don't replace existing NS, A and AAAA RRsets in the
-                * cache if they are already exist. This prevents named
-                * being locked to old servers. Don't lower trust of
-                * existing record if the update is forced. Nothing
-                * special to be done w.r.t stale data; it gets replaced
-                * normally further down.
+                * Don't replace existing NS in the cache if they already exist
+                * and replacing the existing one would increase the TTL. This
+                * prevents named being locked to old servers. Don't lower trust
+                * of existing record if the update is forced. Nothing special
+                * to be done w.r.t stale data; it gets replaced normally
+                * further down.
                 */
                if (IS_CACHE(rbtdb) && ACTIVE(header, now) &&
                    header->type == dns_rdatatype_ns && !header_nx &&
                    !newheader_nx && header->trust >= newheader->trust &&
+                   header->rdh_ttl < newheader->rdh_ttl &&
                    dns_rdataslab_equalx((unsigned char *)header,
                                         (unsigned char *)newheader,
                                         (unsigned int)(sizeof(*newheader)),
                                         rbtdb->common.rdclass,
                                         (dns_rdatatype_t)header->type))
                {
-                       /*
-                        * Honour the new ttl if it is less than the
-                        * older one.
-                        */
-                       if (header->rdh_ttl > newheader->rdh_ttl) {
-                               set_ttl(rbtdb, header, newheader->rdh_ttl);
-                       }
                        if (header->last_used != now) {
                                update_header(rbtdb, header, now);
                        }
@@ -6667,17 +6661,11 @@ find_header:
                     header->type == RBTDB_RDATATYPE_SIGDS) &&
                    !header_nx && !newheader_nx &&
                    header->trust >= newheader->trust &&
+                   header->rdh_ttl < newheader->rdh_ttl &&
                    dns_rdataslab_equal((unsigned char *)header,
                                        (unsigned char *)newheader,
                                        (unsigned int)(sizeof(*newheader))))
                {
-                       /*
-                        * Honour the new ttl if it is less than the
-                        * older one.
-                        */
-                       if (header->rdh_ttl > newheader->rdh_ttl) {
-                               set_ttl(rbtdb, header, newheader->rdh_ttl);
-                       }
                        if (header->last_used != now) {
                                update_header(rbtdb, header, now);
                        }