granicus.if.org Git - pdns/commit

author	Remi Gacogne <remi.gacogne@powerdns.com>
	Fri, 12 May 2017 12:12:10 +0000 (14:12 +0200)
committer	Pieter Lexis <pieter.lexis@powerdns.com>
	Wed, 17 May 2017 08:10:41 +0000 (10:10 +0200)
commit	bdaa8adaac2618058d3a2a94b9ee00709a6df0f2
tree	14ee25d6755113f3d5e8c0576f6762764ac56283	tree \| snapshot
parent	59921a058f464442d4d647f3f644c23194bd46b8	commit \| diff

rec: Only check the netmask for subnet specific cache entries

We used to check the netmask for all entries for a qname
if at least one of them was a subnet specific one. Since an empty
`Netmask` doesn't match anything, we would effectively ignore every
non subnet specific entries if we had at least one subnet specific
one.
This caused a very hard to reproduce issue with for example
f.root-servers.net that includes an EDNS Client Subnet option in its
answer for `NS .` if the query has an EDNS Client Subnet option.
This caused the recursor to cache a subnet specific entry for `NS .`.
When that entry expired, we retrieved and cached a non subnet specific
one, but that new one was ignored as long as the subnet specific
was not expunged from the cache.
Under certain circumstances that could cause a root refresh loop
using a lot of stack memory.

(cherry picked from commit 65fdd185f4930f685b87340d29535f40d8b52fb3)