On (re-)priming, fetch the root NS records

PowerDNS · Nov 11, 2016 · 3beb3b2 · 3beb3b2
1 parent af72359
commit 3beb3b2
Show file tree

Hide file tree

Showing 4 changed files with 46 additions and 30 deletions.
diff --git a/pdns/pdns_recursor.cc b/pdns/pdns_recursor.cc
@@ -1937,35 +1937,9 @@ static void houseKeeping(void *)
     }
 
     if(now.tv_sec - last_rootupdate > 7200) {
-      SyncRes sr(now);
-      sr.setDoEDNS0(true);
-      vector<DNSRecord> ret;
-
-      sr.setNoCache();
-      int res=-1;
-      try {
-	res=sr.beginResolve(DNSName("."), QType(QType::NS), 1, ret);
-      }
-      catch(PDNSException& e)
-	{
-	  L<<Logger::Error<<"Failed to update . records, got an exception: "<<e.reason<<endl;
-	}
-
-      catch(std::exception& e)
-	{
-	  L<<Logger::Error<<"Failed to update . records, got an exception: "<<e.what()<<endl;
-	}
-
-      catch(...)
-	{
-	  L<<Logger::Error<<"Failed to update . records, got an exception"<<endl;
-	}
-      if(!res) {
-	L<<Logger::Notice<<"Refreshed . records"<<endl;
-	last_rootupdate=now.tv_sec;
-      }
-      else
-	L<<Logger::Error<<"Failed to update . records, RCODE="<<res<<endl;
+      int res = getRootNS();
+      if (!res)
+        last_rootupdate=now.tv_sec;
     }
 
     if(!t_id) {
@@ -3145,3 +3119,42 @@ int main(int argc, char **argv)
 
   return ret;
 }
+
+int getRootNS(void) {
+  SyncRes sr(g_now);
+  sr.setDoEDNS0(true);
+  sr.setNoCache();
+  sr.d_doDNSSEC = (g_dnssecmode != DNSSECMode::Off);
+
+  vector<DNSRecord> ret;
+  int res=-1;
+  try {
+    res=sr.beginResolve(DNSName("."), QType(QType::NS), 1, ret);
+    if (g_dnssecmode != DNSSECMode::Off && g_dnssecmode != DNSSECMode::ProcessNoValidate) {
+      auto state = validateRecords(ret);
+      if (state == Bogus)
+        throw PDNSException("Got Bogus validation result for .|NS");
+    }
+    return res;
+  }
+  catch(PDNSException& e)
+  {
+    L<<Logger::Error<<"Failed to update . records, got an exception: "<<e.reason<<endl;
+  }
+
+  catch(std::exception& e)
+  {
+    L<<Logger::Error<<"Failed to update . records, got an exception: "<<e.what()<<endl;
+  }
+
+  catch(...)
+  {
+    L<<Logger::Error<<"Failed to update . records, got an exception"<<endl;
+  }
+  if(!res) {
+    L<<Logger::Notice<<"Refreshed . records"<<endl;
+  }
+  else
+    L<<Logger::Error<<"Failed to update . records, RCODE="<<res<<endl;
+  return res;
+}
diff --git a/pdns/reczones.cc b/pdns/reczones.cc
@@ -94,7 +94,7 @@ void primeHints(void)
       }
     }
   }
-  t_RC->replace(time(0), DNSName("."), QType(QType::NS), nsset, vector<std::shared_ptr<RRSIGRecordContent>>(), true); // and stuff in the cache (auth)
+  t_RC->replace(time(0), DNSName("."), QType(QType::NS), nsset, vector<std::shared_ptr<RRSIGRecordContent>>(), false); // and stuff in the cache (auth)
 }
 
 static void makeNameToIPZone(SyncRes::domainmap_t* newMap, const DNSName& hostname, const string& ip)

diff --git a/pdns/syncres.cc b/pdns/syncres.cc
@@ -632,8 +632,10 @@ void SyncRes::getBestNSFromCache(const DNSName &qname, const QType& qtype, vecto
     LOG(prefix<<qname<<": no valid/useful NS in cache for '"<<subdomain<<"'"<<endl);
     ;
     if(subdomain.isRoot() && !brokeloop) {
+      // We lost the root NS records
       primeHints();
       LOG(prefix<<qname<<": reprimed the root"<<endl);
+      getRootNS();
     }
   }while(subdomain.chopOff());
 }

diff --git a/pdns/syncres.hh b/pdns/syncres.hh
@@ -50,6 +50,7 @@
 #include "filterpo.hh"
 
 void primeHints(void);
+int getRootNS(void);
 class RecursorLua4;
 
 struct BothRecordsAndSignatures