New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

rec: Disable validation for infra queries, validate entries from the negcache #5835

Merged
merged 3 commits into from Oct 25, 2017

Conversation

Projects
None yet
2 participants
@rgacogne
Member

rgacogne commented Oct 20, 2017

Short description

We don't need to validate the answers to the "infrastructure" queries, for example to retrieve NS records and authoritative servers addresses.
We do however need to validate entries retrieved from our negative cache if the initial query did not ask for validation but the current one does.

Checklist

I have:

  • read the CONTRIBUTING.md document
  • compiled and tested this code
  • included documentation (including possible behaviour changes)
  • documented the code
  • added or modified regression test(s)
  • added or modified unit test(s)

@rgacogne rgacogne added the rec label Oct 20, 2017

@rgacogne rgacogne added this to the rec-4.1.0 milestone Oct 20, 2017

@rgacogne rgacogne requested a review from pieterlexis Oct 20, 2017

@aerique aerique requested a review from Habbie Oct 24, 2017

rgacogne added some commits Oct 19, 2017

rec: Don't validate infrastructure queries
Also require authoritative answer when looking for a cut, since we
use `DS` queries and not `NS` queries anymore.
rec: Validate entries retrieved from the negcache if needed
This happens if validation was not requested during the first query
but is requested when we retrieve a negatively cached entry.
This is useful when running with dnssec=process, and also especially
so now that we don't validate infra queries anymore.
@ahupowerdns

I would suggest a namespace {} block around CacheEntry and CacheKey since these are rather generic names. Otherwise the C++ looks great, and I think only actual testing will tell us if we hit the jackpot with this one.

@ahupowerdns ahupowerdns merged commit 0e9a0d5 into PowerDNS:master Oct 25, 2017

1 check passed

continuous-integration/travis-ci/pr The Travis CI build passed
Details

@rgacogne rgacogne deleted the rgacogne:rec-disable-validation-for-infra branch Oct 25, 2017

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment