Permalink
Browse files

when (re)priming the root, we do so with auth=0. We'll only set auth=…

…1 after we have an answer from the roots. This however opens up a small race condition in which the root is expired (ttl=0), but still auth=1 in the cache. Our attempt to replace it with auth=0 dta fails at that point. This is probably due to some fencepost error somewhere. To not be subtle about this, explicitly nuke the root when we reprime.

(cherry picked from commit 0d032a6)
  • Loading branch information...
ahupowerdns authored and pieterlexis committed May 12, 2017
1 parent 95ae014 commit 233e144b940be9559f88009157d47bd132b653d3
Showing with 3 additions and 1 deletion.
  1. +3 −1 pdns/reczones.cc
View
@@ -94,7 +94,9 @@ void primeHints(void)
}
}
}
- t_RC->replace(time(0), DNSName("."), QType(QType::NS), nsset, vector<std::shared_ptr<RRSIGRecordContent>>(), false); // and stuff in the cache (auth)
+ DNSName rootdnsname(".");
+ t_RC->doWipeCache(rootdnsname, false, QType::NS);
+ t_RC->replace(time(0), rootdnsname, QType(QType::NS), nsset, vector<std::shared_ptr<RRSIGRecordContent>>(), false); // and stuff in the cache (auth)
}
static void makeNameToIPZone(SyncRes::domainmap_t* newMap, const DNSName& hostname, const string& ip)

0 comments on commit 233e144

Please sign in to comment.