From 9a037bfa9444444d5b8a6e6bc04cc2a2521fe3a4 Mon Sep 17 00:00:00 2001
From: Kees Monshouwer <mind04@monshouwer.org>
Date: Fri, 7 Jun 2019 14:46:03 +0200
Subject: [PATCH] auth: completely disable the packet when cache-ttl=0 This was
 inspired by #7802 but is more in line with the current query cache behaviour

closes #7802
---
 docs/settings.rst        |  3 ++-
 pdns/auth-packetcache.cc | 17 ++++++++++++++---
 pdns/auth-packetcache.hh |  6 +++++-
 pdns/common_startup.cc   |  4 ++--
 pdns/packethandler.cc    |  3 +--
 pdns/tcpreceiver.cc      | 25 +++++++++++++------------
 6 files changed, 37 insertions(+), 21 deletions(-)

diff --git a/docs/settings.rst b/docs/settings.rst
index 50fa520f0..77338f473 100644
--- a/docs/settings.rst
+++ b/docs/settings.rst
@@ -180,7 +180,8 @@ Also AXFR a zone from a master with a lower serial.
 -  Integer
 -  Default: 20
 
-Seconds to store packets in the :ref:`packet-cache`.
+Seconds to store packets in the :ref:`packet-cache`. A value of 0 will disable
+the cache.
 
 .. _setting-carbon-instance:
 
diff --git a/pdns/auth-packetcache.cc b/pdns/auth-packetcache.cc
index 7bb0ff32b..b36325d8b 100644
--- a/pdns/auth-packetcache.cc
+++ b/pdns/auth-packetcache.cc
@@ -65,13 +65,12 @@ AuthPacketCache::~AuthPacketCache()
 
 bool AuthPacketCache::get(DNSPacket *p, DNSPacket *cached)
 {
-  cleanupIfNeeded();
-
   if(!d_ttl) {
-    (*d_statnummiss)++;
     return false;
   }
 
+  cleanupIfNeeded();
+
   uint32_t hash = canHashPacket(p->getString());
   p->setHash(hash);
 
@@ -113,6 +112,10 @@ bool AuthPacketCache::entryMatches(cmap_t::index<HashTag>::type::iterator& iter,
 
 void AuthPacketCache::insert(DNSPacket *q, DNSPacket *r, unsigned int maxTTL)
 {
+  if(!d_ttl) {
+    return;
+  }
+
   cleanupIfNeeded();
 
   if (ntohs(q->d.qdcount) != 1) {
@@ -192,6 +195,10 @@ bool AuthPacketCache::getEntryLocked(cmap_t& map, const std::string& query, uint
 /* clears the entire cache. */
 uint64_t AuthPacketCache::purge()
 {
+  if(!d_ttl) {
+    return 0;
+  }
+
   d_statnumentries->store(0);
 
   return purgeLockedCollectionsVector(d_maps);
@@ -210,6 +217,10 @@ uint64_t AuthPacketCache::purgeExact(const DNSName& qname)
 /* purges entries from the packetcache. If match ends on a $, it is treated as a suffix */
 uint64_t AuthPacketCache::purge(const string &match)
 {
+  if(!d_ttl) {
+    return 0;
+  }
+
   uint64_t delcount = 0;
 
   if(ends_with(match, "$")) {
diff --git a/pdns/auth-packetcache.hh b/pdns/auth-packetcache.hh
index 934869d2b..157ad34ad 100644
--- a/pdns/auth-packetcache.hh
+++ b/pdns/auth-packetcache.hh
@@ -70,7 +70,11 @@ public:
   void setTTL(uint32_t ttl)
   {
     d_ttl = ttl;
-  }  
+  }
+  bool enabled()
+  {
+    return (d_ttl > 0);
+  }
 private:
 
   struct CacheEntry
diff --git a/pdns/common_startup.cc b/pdns/common_startup.cc
index 07d78c1cd..016a77aa7 100644
--- a/pdns/common_startup.cc
+++ b/pdns/common_startup.cc
@@ -437,7 +437,7 @@ try
       g_log<<": ";
     }
 
-    if((P->d.opcode != Opcode::Notify && P->d.opcode != Opcode::Update) && P->couldBeCached()) {
+    if(PC.enabled() && (P->d.opcode != Opcode::Notify && P->d.opcode != Opcode::Update) && P->couldBeCached()) {
       bool haveSomething=PC.get(P, &cached); // does the PacketCache recognize this question?
       if (haveSomething) {
         if(logDNSQueries)
@@ -463,7 +463,7 @@ try
       continue;
     }
         
-    if(logDNSQueries) 
+    if(PC.enabled() && logDNSQueries)
       g_log<<"packetcache MISS"<<endl;
 
     try {
diff --git a/pdns/packethandler.cc b/pdns/packethandler.cc
index 9a5ff2297..7b1176d88 100644
--- a/pdns/packethandler.cc
+++ b/pdns/packethandler.cc
@@ -1546,8 +1546,7 @@ DNSPacket *PacketHandler::doQuestion(DNSPacket *p)
     if(doSigs)
       addRRSigs(d_dk, B, authSet, r->getRRS());
       
-    r->wrapup(); // needed for inserting in cache
-    if(!noCache && p->couldBeCached())
+    if(PC.enabled() && !noCache && p->couldBeCached())
       PC.insert(p, r, r->getMinTTL()); // in the packet cache
   }
   catch(DBException &e) {
diff --git a/pdns/tcpreceiver.cc b/pdns/tcpreceiver.cc
index f78229196..acdfbb1b7 100644
--- a/pdns/tcpreceiver.cc
+++ b/pdns/tcpreceiver.cc
@@ -358,20 +358,21 @@ void *TCPNameserver::doConnection(void *data)
         "', do = " <<packet->d_dnssecOk <<", bufsize = "<< packet->getMaxReplyLen()<<": ";
       }
 
-
-      if(packet->couldBeCached() && PC.get(packet.get(), cached.get())) { // short circuit - does the PacketCache recognize this question?
+      if(PC.enabled()) {
+        if(packet->couldBeCached() && PC.get(packet.get(), cached.get())) { // short circuit - does the PacketCache recognize this question?
+          if(logDNSQueries)
+            g_log<<"packetcache HIT"<<endl;
+          cached->setRemote(&packet->d_remote);
+          cached->d.id=packet->d.id;
+          cached->d.rd=packet->d.rd; // copy in recursion desired bit
+          cached->commitD(); // commit d to the packet                        inlined
+
+          sendPacket(cached, fd); // presigned, don't do it again
+          continue;
+        }
         if(logDNSQueries)
-          g_log<<"packetcache HIT"<<endl;
-        cached->setRemote(&packet->d_remote);
-        cached->d.id=packet->d.id;
-        cached->d.rd=packet->d.rd; // copy in recursion desired bit 
-        cached->commitD(); // commit d to the packet                        inlined
-
-        sendPacket(cached, fd); // presigned, don't do it again
-        continue;
+            g_log<<"packetcache MISS"<<endl;
       }
-      if(logDNSQueries)
-          g_log<<"packetcache MISS"<<endl;  
       {
         Lock l(&s_plock);
         if(!s_P) {
-- 
2.40.0