Commit b2597ce8 authored by Evan Hunt's avatar Evan Hunt
Browse files

[master] ignore cache when sending 5011 refresh queries

4771.	[bug]		When sending RFC 5011 refresh queries, disregard
			cached DNSKEY rrsets. [RT #46251]
parent 800fbdfc
4771. [bug] When sending RFC 5011 refresh queries, disregard
cached DNSKEY rrsets. [RT #46251]
4770. [bug] Cache additional data from priming queries as glue.
Previously they were ignored as unsigned
non-answer data from a secure zone, and never
......
......@@ -97,6 +97,7 @@ typedef enum {
#define DNS_FETCHOPT_PREFETCH 0x100 /*%< Do prefetch */
#define DNS_FETCHOPT_NOCDFLAG 0x200 /*%< Don't set CD flag. */
#define DNS_FETCHOPT_NONTA 0x400 /*%< Ignore NTA table. */
#define DNS_FETCHOPT_NOCACHED 0x800 /*%< Force cache update. */
/* Reserved in use by adb.c 0x00400000 */
#define DNS_FETCHOPT_EDNSVERSIONSET 0x00800000
......
......@@ -5863,6 +5863,11 @@ cache_name(fetchctx_t *fctx, dns_name_t *name, dns_adbaddrinfo_t *addrinfo,
{
options = DNS_DBADD_PREFETCH;
}
if ((fctx->options &
DNS_FETCHOPT_NOCACHED) != 0)
{
options |= DNS_DBADD_FORCE;
}
addedrdataset = ardataset;
result = dns_db_addrdataset(fctx->cache, node,
NULL, now, rdataset,
......
......@@ -9754,11 +9754,21 @@ zone_refreshkeys(dns_zone_t *zone) {
namebuf);
}
/*
* Use of DNS_FETCHOPT_NOCACHED is essential here. If it is
* not set and the cache still holds a non-expired, validated
* version of the RRset being queried for by the time the
* response is received, the cached RRset will be passed to
* keyfetch_done() instead of the one received in the response
* as the latter will have a lower trust level due to not being
* validated until keyfetch_done() is called.
*/
result = dns_resolver_createfetch(zone->view->resolver,
kname, dns_rdatatype_dnskey,
NULL, NULL, NULL,
DNS_FETCHOPT_NOVALIDATE|
DNS_FETCHOPT_UNSHARED,
DNS_FETCHOPT_UNSHARED|
DNS_FETCHOPT_NOCACHED,
zone->task,
keyfetch_done, kfetch,
&kfetch->dnskeyset,
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment