From: Mark Andrews Date: Thu, 17 Feb 2022 06:11:26 +0000 (+1100) Subject: Skip calling find_coveringnsec if we found a DNAME X-Git-Tag: v9.19.0~60^2~1 X-Git-Url: http://git.ipfire.org/gitweb/?a=commitdiff_plain;h=9fcc028f5c222faf8ff2f7026816e4ba3debaef3;p=thirdparty%2Fbind9.git Skip calling find_coveringnsec if we found a DNAME This is an optimisation as we can skip a lot of pointless work when we know there is a DNAME there. When we have a partial match and a DNAME above the QNAME, the closest encloser has the same owner as the DNAME, will have the DNAME bit set in the type map, and we wouldn't use it as we would return the DNAME + RRSIG(DNAME) instead. So there is no point in looking for it nor in attempting to check that it is valid for the QNAME. --- diff --git a/lib/dns/rbtdb.c b/lib/dns/rbtdb.c index 94b557fc05a..e2af9a4ea2e 100644 --- a/lib/dns/rbtdb.c +++ b/lib/dns/rbtdb.c @@ -3101,6 +3101,10 @@ setup_delegation(rbtdb_search_t *search, dns_dbnode_t **nodep, rbtdb_rdatatype_t type; dns_rbtnode_t *node; + REQUIRE(search != NULL); + REQUIRE(search->zonecut != NULL); + REQUIRE(search->zonecut_rdataset != NULL); + /* * The caller MUST NOT be holding any node locks. */ @@ -4914,6 +4918,8 @@ cache_find(dns_db_t *db, const dns_name_t *name, dns_dbversion_t *version, search.need_cleanup = false; search.wild = false; search.zonecut = NULL; + search.zonecut_rdataset = NULL; + search.zonecut_sigrdataset = NULL; dns_fixedname_init(&search.zonecut_name); dns_rbtnodechain_init(&search.chain); search.now = now; @@ -4932,7 +4938,14 @@ cache_find(dns_db_t *db, const dns_name_t *name, dns_dbversion_t *version, cache_zonecut_callback, &search); if (result == DNS_R_PARTIALMATCH) { - if ((search.options & DNS_DBFIND_COVERINGNSEC) != 0) { + /* + * If dns_rbt_findnode discovered a covering DNAME skip + * looking for a covering NSEC. + */ + if ((search.options & DNS_DBFIND_COVERINGNSEC) != 0 && + (search.zonecut_rdataset == NULL || + search.zonecut_rdataset->type != dns_rdatatype_dname)) + { result = find_coveringnsec(&search, name, nodep, now, foundname, rdataset, sigrdataset);