Don't ignore auth zones when in serve-stale mode

When serve-stale is enabled and recursive resolution fails, the fallback
to lookup stale data always happens in the cache database. Any
authoritative data is ignored, and only information learned through
recursive resolution is examined.

If there is data in the cache that could lead to an answer, and this can
be just the root delegation, the resolver will iterate further, getting
closer to the answer that can be found by recursing down the root, and
eventually puts the final response in the cache.

Change the fallback to serve-stale to use 'query_getdb()', that finds
out the best matching database for the given query.

(cherry picked from commit 2322425016298a39d2e48153285aefdfecc9a510)

diff --git a/lib/ns/query.c b/lib/ns/query.c
index 62b5ea846315418609c6285523b8ab3497fb7b24..9d09a2176ba89f8b2ce9797abc91f72dd48ebbd3 100644 (file)
--- a/lib/ns/query.c
+++ b/lib/ns/query.c
@@ -7319,8 +7319,19 @@ query_usestale(query_ctx_t *qctx, isc_result_t result) {
        qctx_freedata(qctx);
 
        if (dns_view_staleanswerenabled(qctx->client->view)) {
-               dns_db_attach(qctx->client->view->cachedb, &qctx->db);
-               qctx->version = NULL;
+               isc_result_t ret;
+               ret = query_getdb(qctx->client, qctx->client->query.qname,
+                                 qctx->client->query.qtype, qctx->options,
+                                 &qctx->zone, &qctx->db, &qctx->version,
+                                 &qctx->is_zone);
+               if (ret != ISC_R_SUCCESS) {
+                       /*
+                        * Failed to get the database, unexpected, but let us
+                        * at least abandon serve-stale.
+                        */
+                       return (false);
+               }
+
                qctx->client->query.dboptions |= DNS_DBFIND_STALEOK;
                if (qctx->client->query.fetch != NULL) {
                        dns_resolver_destroyfetch(&qctx->client->query.fetch);