rec: Skip looking for cuts once we are Insecure or Bogus, just (N)TA

diff --git a/pdns/syncres.cc b/pdns/syncres.cc
index 455e329b097b311125f2d942479ed2cafade5cde..b7c7682590434ede37dbfd8028950a4520ae6c8e 100644 (file)
--- a/pdns/syncres.cc
+++ b/pdns/syncres.cc
@@ -1519,10 +1519,35 @@ void SyncRes::computeZoneCuts(const DNSName& begin, const DNSName& end, unsigned
     if (cutIt != d_cutStates.cend()) {
       if (cutIt->second != Indeterminate) {
         LOG(d_prefix<<": - Cut already known at "<<qname<<endl);
+        cutState = cutIt->second;
         continue;
       }
     }
 
+    /* no need to look for NS and DS if we are already insecure or bogus,
+       just look for (N)TA
+    */
+    if (cutState == Insecure || cutState == Bogus) {
+      dsmap_t ds;
+      vState newState = getDSRecords(qname, ds, true, depth);
+      if (newState == Indeterminate) {
+        continue;
+      }
+
+      LOG(d_prefix<<": New state for "<<qname<<" is "<<vStates[newState]<<endl);
+      if (newState == TA) {
+        newState = Secure;
+      }
+      else if (newState == NTA) {
+        newState = Insecure;
+      }
+      cutState = newState;
+
+      d_cutStates[qname] = cutState;
+
+      continue;
+    }
+
     vState newState = Indeterminate;
     /* temporarily mark as Indeterminate, so that we won't enter an endless loop
        trying to determine that zone cut again. */