From ef8092521f151d0338cc2d3035c3259bff1338ca Mon Sep 17 00:00:00 2001 From: Kees Monshouwer Date: Fri, 18 Sep 2015 13:52:44 +0200 Subject: [PATCH] improve SOA caching for DS queries --- pdns/dnsbackend.cc | 7 +++++-- pdns/ueberbackend.cc | 18 ++++++++++-------- 2 files changed, 15 insertions(+), 10 deletions(-) diff --git a/pdns/dnsbackend.cc b/pdns/dnsbackend.cc index 09e02e47d..47351ed16 100644 --- a/pdns/dnsbackend.cc +++ b/pdns/dnsbackend.cc @@ -49,7 +49,7 @@ bool DNSBackend::getAuth(DNSPacket *p, SOAData *sd, const string &target, int *z bool found=false; string subdomain(target); do { - if( best_match_len >= (int)subdomain.length() ) + if( best_match_len >= (int)subdomain.length() && p->qtype != QType::DS ) break; map::iterator it = negCacheMap.find(subdomain); @@ -59,14 +59,17 @@ bool DNSBackend::getAuth(DNSPacket *p, SOAData *sd, const string &target, int *z sd->qname = subdomain; if(zoneId) *zoneId = sd->domain_id; + if(found) // Second SOA found, we are done + return true; if(p->qtype.getCode() == QType::DS && pdns_iequals(subdomain, target)) { // Found authoritative zone but look for parent zone with 'DS' record. - negCacheMap[subdomain]=2; found=true; } else return true; } + if (found) + negCacheMap[subdomain]=2; // don't cache SOA's during our quest for a parent zone } while( chopOff( subdomain ) ); // 'www.powerdns.org' -> 'powerdns.org' -> 'org' -> '' diff --git a/pdns/ueberbackend.cc b/pdns/ueberbackend.cc index 8ddfa981a..0a3d4f2ca 100644 --- a/pdns/ueberbackend.cc +++ b/pdns/ueberbackend.cc @@ -283,7 +283,7 @@ bool UeberBackend::getAuth(DNSPacket *p, SOAData *sd, const string &target, int // If not special case of caching explicitly disabled (sd->db = -1), first // find the best match from the cache. If DS then we need to find parent so // dont bother with caching as it confuses matters. - if( sd->db != (DNSBackend *)-1 && d_cache_ttl && p->qtype != QType::DS ) { + if( sd->db != (DNSBackend *)-1 && d_cache_ttl ) { string subdomain(target); int cstat, loops = 0; do { @@ -302,13 +302,14 @@ bool UeberBackend::getAuth(DNSPacket *p, SOAData *sd, const string &target, int //L<qname << " itteration " << loops <qtype != QType::DS) return true; from_cache = true; best_match_len = sd->qname.length(); - break; + if ( p->qtype != QType::DS || best_match_len < (int)target.length()) + break; } else if (cstat==0) { negCacheMap[subdomain]=1; } else @@ -319,14 +320,15 @@ bool UeberBackend::getAuth(DNSPacket *p, SOAData *sd, const string &target, int } for(vector::const_iterator i=backends.begin(); i!=backends.end();++i) { + + // Shortcut for the case that we got a direct hit - no need to go + // through the other backends then. + if( best_match_len == (int)target.length() && p->qtype != QType::DS ) + goto auth_found; + if((*i)->getAuth(p, sd, target, zoneId, best_match_len, negCacheMap)) { best_match_len = sd->qname.length(); from_cache = false; - - // Shortcut for the case that we got a direct hit - no need to go - // through the other backends then. - if( best_match_len == (int)target.length() ) - goto auth_found; } } -- 2.40.0