Skip to content

Commit

Permalink
Merge pull request #5834 from rgacogne/rec-dont-cache-nsec3
Browse files Browse the repository at this point in the history 
rec: Don't directly store NSEC3 records in the positive cache
  • Loading branch information
@aerique
aerique committed Oct 24, 2017
2 parents 8b7645d + 005b4b9 commit 85b88ec
Showing 1 changed file with 8 additions and 1 deletion.
9 changes: 8 additions & 1 deletion pdns/syncres.cc
View file
Expand Up @@ -1918,7 +1918,14 @@ RCode::rcodes_ SyncRes::updateCacheFromRecords(unsigned int depth, LWResult& lwr
}
}

t_RC->replace(d_now.tv_sec, i->first.name, QType(i->first.type), i->second.records, i->second.signatures, authorityRecs, isAA, i->first.place == DNSResourceRecord::ANSWER ? ednsmask : boost::none, recordState);
/* We don't need to store NSEC3 records in the positive cache because:
- we don't allow direct NSEC3 queries
- denial of existence proofs in wildcard expanded positive responses are stored in authorityRecs
- denial of existence proofs for negative responses are stored in the negative cache
*/
if (i->first.type != QType::NSEC3) {
t_RC->replace(d_now.tv_sec, i->first.name, QType(i->first.type), i->second.records, i->second.signatures, authorityRecs, isAA, i->first.place == DNSResourceRecord::ANSWER ? ednsmask : boost::none, recordState);
}

if(i->first.place == DNSResourceRecord::ANSWER && ednsmask)
d_wasVariable=true;
Expand Down

0 comments on commit 85b88ec

Please sign in to comment.