From bdceeb7e8c0e25dfe86f0300fb83d1cdaee3422c Mon Sep 17 00:00:00 2001 From: Remi Gacogne Date: Tue, 12 Mar 2019 12:05:56 +0100 Subject: [PATCH] rec: Move the ECS cache limit check to the SyncRes --- pdns/recursor_cache.cc | 6 ------ pdns/recursordist/test-syncres_cc.cc | 4 ++++ pdns/syncres.cc | 7 ++++++- 3 files changed, 10 insertions(+), 7 deletions(-) diff --git a/pdns/recursor_cache.cc b/pdns/recursor_cache.cc index d3563ab80..7e0bf054c 100644 --- a/pdns/recursor_cache.cc +++ b/pdns/recursor_cache.cc @@ -238,12 +238,6 @@ int32_t MemRecursorCache::get(time_t now, const DNSName &qname, const QType& qt, void MemRecursorCache::replace(time_t now, const DNSName &qname, const QType& qt, const vector& content, const vector>& signatures, const std::vector>& authorityRecs, bool auth, boost::optional ednsmask, vState state) { - if(ednsmask) { - if(ednsmask->isIpv4() && ednsmask->getBits() > SyncRes::s_ecsipv4cachelimit) - return; - if(ednsmask->isIpv6() && ednsmask->getBits() > SyncRes::s_ecsipv6cachelimit) - return; - } d_cachecachevalid = false; // cerr<<"Replacing "<toString() : "everyone") << endl; auto key = boost::make_tuple(qname, qt.getCode(), ednsmask ? *ednsmask : Netmask()); diff --git a/pdns/recursordist/test-syncres_cc.cc b/pdns/recursordist/test-syncres_cc.cc index 67876a272..78efd41af 100644 --- a/pdns/recursordist/test-syncres_cc.cc +++ b/pdns/recursordist/test-syncres_cc.cc @@ -130,6 +130,8 @@ static void init(bool debug=false) SyncRes::s_doIPv6 = true; SyncRes::s_ecsipv4limit = 24; SyncRes::s_ecsipv6limit = 56; + SyncRes::s_ecsipv4cachelimit = 24; + SyncRes::s_ecsipv6cachelimit = 56; SyncRes::s_rootNXTrust = true; SyncRes::s_minimumTTL = 0; SyncRes::s_minimumECSTTL = 0; @@ -2070,6 +2072,8 @@ BOOST_AUTO_TEST_CASE(test_skip_negcache_for_variable_response) { addRecordToLW(res, "powerdns.com.", QType::NS, "pdns-public-ns1.powerdns.com.", DNSResourceRecord::AUTHORITY, 172800); addRecordToLW(res, "pdns-public-ns1.powerdns.com.", QType::A, "192.0.2.1", DNSResourceRecord::ADDITIONAL, 3600); + srcmask = boost::none; + return 1; } else if (ip == ComboAddress("192.0.2.1:53")) { if (domain == target) { diff --git a/pdns/syncres.cc b/pdns/syncres.cc index f01ed298d..04d9499e0 100644 --- a/pdns/syncres.cc +++ b/pdns/syncres.cc @@ -2418,7 +2418,12 @@ RCode::rcodes_ SyncRes::updateCacheFromRecords(unsigned int depth, LWResult& lwr - NS, A and AAAA (used for infra queries) */ if (i->first.type != QType::NSEC3 && (i->first.type == QType::DS || i->first.type == QType::NS || i->first.type == QType::A || i->first.type == QType::AAAA || isAA || wasForwardRecurse)) { - t_RC->replace(d_now.tv_sec, i->first.name, QType(i->first.type), i->second.records, i->second.signatures, authorityRecs, i->first.type == QType::DS ? true : isAA, i->first.place == DNSResourceRecord::ANSWER ? ednsmask : boost::none, recordState); + if (i->first.place != DNSResourceRecord::ANSWER || + !ednsmask || + (ednsmask->isIpv4() && ednsmask->getBits() <= SyncRes::s_ecsipv4cachelimit) || + (ednsmask->isIpv6() && ednsmask->getBits() <= SyncRes::s_ecsipv6cachelimit)) { + t_RC->replace(d_now.tv_sec, i->first.name, QType(i->first.type), i->second.records, i->second.signatures, authorityRecs, i->first.type == QType::DS ? true : isAA, i->first.place == DNSResourceRecord::ANSWER ? ednsmask : boost::none, recordState); + } } if(i->first.place == DNSResourceRecord::ANSWER && ednsmask) -- 2.49.0