auth: Don't look up the packet cache for TSIG-enabled queries

We are rightfully careful about not caching responses for TSIG-enabled
queries, but we would nevertheless happily serve cached entries for those.

diff --git a/pdns/dnspacket.cc b/pdns/dnspacket.cc
index dd53ee7f0548f63777081cf7e7aecdd1027408d5..21fa80617b2cf747350a0d12af8d71780485131f 100644 (file)
--- a/pdns/dnspacket.cc
+++ b/pdns/dnspacket.cc
@@ -246,7 +246,7 @@ void DNSPacket::setCompress(bool compress)
 
 bool DNSPacket::couldBeCached()
 {
-  return d_ednsping.empty() && !d_wantsnsid && qclass==QClass::IN;
+  return d_ednsping.empty() && !d_wantsnsid && qclass==QClass::IN && !d_havetsig;
 }
 
 unsigned int DNSPacket::getMinTTL()