From: Kees Monshouwer <mind04@monshouwer.org>
Date: Fri, 18 Sep 2015 11:52:44 +0000 (+0200)
Subject: improve SOA caching for DS queries
X-Git-Tag: dnsdist-1.0.0-alpha1~24^2~2
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=76f9ce2022d81d375e397295f7620032560458ad;p=pdns

improve SOA caching for DS queries
---

diff --git a/pdns/dnsbackend.cc b/pdns/dnsbackend.cc
index d4e78d168..a072133c0 100644
--- a/pdns/dnsbackend.cc
+++ b/pdns/dnsbackend.cc
@@ -38,7 +38,7 @@ bool DNSBackend::getAuth(DNSPacket *p, SOAData *sd, const DNSName &target, const
   bool found=false;
   DNSName subdomain(target);
   do {
-    if( best_match_len >= (int)subdomain.toString().length() )
+    if( best_match_len >= (int)subdomain.toString().length() && p->qtype != QType::DS )
       break;
 
     map<DNSName,int>::iterator it = negCacheMap.find(subdomain);
@@ -46,14 +46,17 @@ bool DNSBackend::getAuth(DNSPacket *p, SOAData *sd, const DNSName &target, const
 
     if(! negCached && this->getSOA( subdomain, *sd, p ) ) {
       sd->qname = subdomain;
+      if (found) // Second SOA found, we are done
+        return true;
 
       if(p->qtype.getCode() == QType::DS && subdomain==target) {
         // Found authoritative zone but look for parent zone with 'DS' record.
-        negCacheMap[subdomain]=2;
         found=true;
       } else
         return true;
     }
+    if (found)
+      negCacheMap[subdomain]=2; // don't cache SOA's during our quest for a parent zone
   }
   while( subdomain.chopOff() );   // 'www.powerdns.org' -> 'powerdns.org' -> 'org' -> ''
 
diff --git a/pdns/ueberbackend.cc b/pdns/ueberbackend.cc
index 1d10c4565..d91c7c816 100644
--- a/pdns/ueberbackend.cc
+++ b/pdns/ueberbackend.cc
@@ -256,7 +256,7 @@ bool UeberBackend::getAuth(DNSPacket *p, SOAData *sd, const DNSName &target)
   // If not special case of caching explicitly disabled (sd->db = -1), first
   // find the best match from the cache. If DS then we need to find parent so
   // dont bother with caching as it confuses matters.
-  if( sd->db != (DNSBackend *)-1 && d_cache_ttl && p->qtype != QType::DS ) {
+  if( sd->db != (DNSBackend *)-1 && d_cache_ttl ) {
       DNSName subdomain(target);
       int cstat, loops = 0;
       do {
@@ -275,13 +275,14 @@ bool UeberBackend::getAuth(DNSPacket *p, SOAData *sd, const DNSName &target)
           //L<<Logger::Error<<"Best cache match: " << sd->qname << " itteration " << loops <<endl;
 
           // Found first time round this must be the best match
-          if( loops == 0 )
+          if( loops == 0  && p->qtype != QType::DS)
             return true;
 
           from_cache = true;
           best_match_len = sd->qname.countLabels();
 
-          break;
+          if ( p->qtype != QType::DS || best_match_len < (int)target.countLabels())
+            break;
         } else if (cstat==0) {
           negCacheMap[subdomain]=1;
         } else
@@ -292,14 +293,14 @@ bool UeberBackend::getAuth(DNSPacket *p, SOAData *sd, const DNSName &target)
   }
 
   for(vector<DNSBackend *>::const_iterator i=backends.begin(); i!=backends.end();++i) {
+    // Shortcut for the case that we got a direct hit - no need to go
+    // through the other backends then.
+    if( best_match_len == (int)target.countLabels() && p->qtype != QType::DS )
+      goto auth_found;
+
     if((*i)->getAuth(p, sd, target, best_match_len, negCacheMap)) {
         best_match_len = sd->qname.countLabels(); // FIXME400
         from_cache = false;
-
-        // Shortcut for the case that we got a direct hit - no need to go
-        // through the other backends then.
-        if( best_match_len == (int)target.countLabels() )
-            goto auth_found;
     }
   }