New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
rec: If serving stale, wipe CNAME records from cache when we get a NODATA negative response for them #13353
Conversation
…negative response for them PR PowerDNS#12395 already did that for the NXDOMAIN case.
3a5c6b0
to
f1bebdb
Compare
Pull Request Test Coverage Report for Build 6483780494
💛 - Coveralls |
0dd7d3e
to
db263dd
Compare
@@ -4747,7 +4747,7 @@ dState SyncRes::getDenialValidationState(const NegCache::NegCacheEntry& ne, cons | |||
return getDenial(csp, ne.d_name, ne.d_qtype.getCode(), referralToUnsigned, expectedState == dState::NXQTYPE, LogObject(prefix)); | |||
} | |||
|
|||
bool SyncRes::processRecords(const std::string& prefix, const DNSName& qname, const QType qtype, const DNSName& auth, LWResult& lwr, const bool sendRDQuery, vector<DNSRecord>& ret, set<DNSName>& nsset, DNSName& newtarget, DNSName& newauth, bool& realreferral, bool& negindic, vState& state, const bool needWildcardProof, const bool gatherWildcardProof, const unsigned int wildcardLabelsCount, int& rcode, bool& negIndicHasSignatures, unsigned int depth) | |||
bool SyncRes::processRecords(const std::string& prefix, const DNSName& qname, const QType qtype, const DNSName& auth, LWResult& lwr, const bool sendRDQuery, vector<DNSRecord>& ret, set<DNSName>& nsset, DNSName& newtarget, DNSName& newauth, bool& realreferral, bool& negindic, vState& state, const bool needWildcardProof, const bool gatherWildcardProof, const unsigned int wildcardLabelsCount, int& rcode, bool& negIndicHasSignatures, unsigned int depth) // NOLINT(readability-function-cognitive-complexity) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
If it's unaffected by the CI clang-tidy
I'd rather remove the // NOLINT
here and (potentially at a later point) fix the function implementation.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
If it's unaffected by the CI
clang-tidy
I'd rather remove the// NOLINT
here and (potentially at a later point) fix the function implementation.
I'll remove it and see if it's filtered out.
// serve-stale is active. Avoid that by explicitly zapping that CNAME record. | ||
if (qtype == QType::CNAME && MemRecursorCache::s_maxServedStaleExtensions > 0) { | ||
g_recCache->doWipeCache(qname, false, qtype); | ||
} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Do we need to also wipe the cache line 4999? I guess we do not because for DS we take care of doing a lookup for the exact type (positive and negative) first, before looking at a possible CNAME, but it feels a bit weird to have a different behaviour in that case.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yes, that was my reasoning. It would not hurt though, I believe.
….yml to .gitignore
Followup to #13353, missed the suggested change; add recursor.yml to .gitignore
PR #12395 already did that for the NXDOMAIN case.
Short description
Checklist
I have: