rec: Don't cache non-AA records that we won't use

author Remi Gacogne <remi.gacogne@powerdns.com>

Wed, 16 Jan 2019 08:32:35 +0000 (09:32 +0100)

committer Remi Gacogne <remi.gacogne@powerdns.com>

Mon, 21 Jan 2019 15:39:00 +0000 (16:39 +0100)
author Remi Gacogne <remi.gacogne@powerdns.com>
Wed, 16 Jan 2019 08:32:35 +0000 (09:32 +0100)
committer Remi Gacogne <remi.gacogne@powerdns.com>
Mon, 21 Jan 2019 15:39:00 +0000 (16:39 +0100)
diff --git a/pdns/syncres.cc b/pdns/syncres.cc

index a513bf3576c516345906c747f898bc6c6e441c93..52d3e1b659e2eb24b02f732346f2d7de8937e843 100644 (file)
--- a/pdns/syncres.cc
+++ b/pdns/syncres.cc
@@ -2370,8 +2370,12 @@ RCode::rcodes_ SyncRes::updateCacheFromRecords(unsigned int depth, LWResult& lwr
         - we don't allow direct NSEC3 queries
         - denial of existence proofs in wildcard expanded positive responses are stored in authorityRecs
         - denial of existence proofs for negative responses are stored in the negative cache
+       We also don't want to cache non-authoritative data except for:
+       - records coming from non forward-recurse servers (those will never be AA)
+       - DS (special case)
+       - NS, A and AAAA (used for infra queries)
      */
-    if (i->first.type != QType::NSEC3) {
+    if (i->first.type != QType::NSEC3 && (i->first.type == QType::DS || i->first.type == QType::NS || i->first.type == QType::A || i->first.type == QType::AAAA || isAA || wasForwardRecurse)) {
        t_RC->replace(d_now.tv_sec, i->first.name, QType(i->first.type), i->second.records, i->second.signatures, authorityRecs, i->first.type == QType::DS ? true : isAA, i->first.place == DNSResourceRecord::ANSWER ? ednsmask : boost::none, recordState);
      }
author	Remi Gacogne <remi.gacogne@powerdns.com>
	Wed, 16 Jan 2019 08:32:35 +0000 (09:32 +0100)
committer	Remi Gacogne <remi.gacogne@powerdns.com>
	Mon, 21 Jan 2019 15:39:00 +0000 (16:39 +0100)