From cd6310a82cb7834a7f890e5cf10e85e55f6fbae6 Mon Sep 17 00:00:00 2001
From: bert hubert <bert.hubert@netherlabs.nl>
Date: Fri, 6 Feb 2015 09:10:35 +0100
Subject: [PATCH] turn off root-nx-trust by default, cleanups

---
 pdns/pdns_recursor.cc |  2 +-
 pdns/syncres.cc       | 18 ++++++++++--------
 2 files changed, 11 insertions(+), 9 deletions(-)

diff --git a/pdns/pdns_recursor.cc b/pdns/pdns_recursor.cc
index fe08faaae..e07e9afd0 100644
--- a/pdns/pdns_recursor.cc
+++ b/pdns/pdns_recursor.cc
@@ -2313,7 +2313,7 @@ int main(int argc, char **argv)
     ::arg().setSwitch( "disable-edns", "Disable EDNS - EXPERIMENTAL, LEAVE DISABLED" )= ""; 
     ::arg().setSwitch( "disable-packetcache", "Disable packetcache" )= "no"; 
     ::arg().setSwitch( "pdns-distributes-queries", "If PowerDNS itself should distribute queries over threads")="";
-    ::arg().setSwitch( "root-nx-trust", "If set, believe that an NXDOMAIN from the root means the TLD does not exist")="";
+    ::arg().setSwitch( "root-nx-trust", "If set, believe that an NXDOMAIN from the root means the TLD does not exist")="no";
     ::arg().setSwitch( "any-to-tcp","Answer ANY queries with tc=1, shunting to TCP" )="no";
     ::arg().set("udp-truncation-threshold", "Maximum UDP response size before we truncate")="1680";
     ::arg().set("minimum-ttl-override", "Set under adverse conditions, a minimum TTL")="0";
diff --git a/pdns/syncres.cc b/pdns/syncres.cc
index b59826718..8a478ae9c 100644
--- a/pdns/syncres.cc
+++ b/pdns/syncres.cc
@@ -678,10 +678,12 @@ bool SyncRes::doCNAMECacheCheck(const string &qname, const QType &qtype, vector<
   return false;
 }
 
-
+// accepts . terminated names, www.powerdns.com. -> com.
 static const string getLastLabel(const std::string& qname)
 {
-  string ret=qname.substr(0, qname.length()-1);
+  if(qname.empty())
+    return qname;
+  string ret=qname.substr(0, qname.length()-1); // strip .
 
   string::size_type pos = ret.rfind('.');
   if(pos != string::npos) {
@@ -707,14 +709,14 @@ bool SyncRes::doCacheCheck(const string &qname, const QType &qtype, vector<DNSRe
   
   pair<negcache_t::const_iterator, negcache_t::const_iterator> range;
   QType qtnull(0);
-  range.first=t_sstorage->negcache.find(tie(getLastLabel(qname), qtnull));
-  //  cerr<< "eq: "<<(range.first != t_sstorage->negcache.end() )<<endl;
-  if(s_rootNXTrust && range.first != t_sstorage->negcache.end() 
-	   && range.first->d_qname=="." && (uint32_t)d_now.tv_sec < range.first->d_ttd ) {
+  
+  if(s_rootNXTrust && 
+     (range.first=t_sstorage->negcache.find(tie(getLastLabel(qname), qtnull))) != t_sstorage->negcache.end() && 
+      range.first->d_qname=="." && (uint32_t)d_now.tv_sec < range.first->d_ttd ) {
     sttl=range.first->d_ttd - d_now.tv_sec;
     
-    cerr<<prefix<<qname<<": Entire record '"<<qname<<"', is negatively cached via '"<<range.first->d_name<<"' & '"<<range.first->d_qname<<"' for another "<<sttl<<" seconds"<<endl;
-    res= RCode::NXDomain; 
+    LOG(prefix<<qname<<": Entire record '"<<qname<<"', is negatively cached via '"<<range.first->d_name<<"' & '"<<range.first->d_qname<<"' for another "<<sttl<<" seconds"<<endl);
+    res = RCode::NXDomain; 
     sqname=range.first->d_qname;
     sqt=QType::SOA;
     moveCacheItemToBack(t_sstorage->negcache, range.first);
-- 
2.50.1