Revert NTA flush on expire

Flushing the name when NTA expires causes problems for the ongoing
resolving process. Do not flush the name from the cache. Instead,
the resolver should do the flushing (this is planned to be merged
next).

bin/tests/system/nta/tests_nta.py

@@ -147,13 +147,6 @@ def test_nta_behavior(servers):
     isctest.check.noerror(res)
     isctest.check.noadflag(res)
 
-    # Expiry should also trigger a cache flush, so even if a.secure.example A
-    # was cached when its NTA was active, cached data should not be returned.
-    m = isctest.query.create("a.secure.example", "A")
-    res = isctest.query.tcp(m, "10.53.0.4")
-    isctest.check.noerror(res)
-    isctest.check.adflag(res)
-
     # bogus.example was set to expire in 20s, so at t=13
     # it should still be NTA'd, but badds.example used the default
     # lifetime of 12s, so it should revert to SERVFAIL now.

lib/dns/nta.c

@@ -414,7 +414,6 @@ dns_ntatable_covered(dns_ntatable_t *ntatable, isc_stdtime_t now,
 	bool answer = false;
 	dns_qpread_t qpr;
 	void *pval = NULL;
-	bool flushnode = false;
 
 	REQUIRE(VALID_NTATABLE(ntatable));
 	REQUIRE(dns_name_isabsolute(name));
@@ -454,7 +453,6 @@ dns_ntatable_covered(dns_ntatable_t *ntatable, isc_stdtime_t now,
 		/* NTA is expired */
 		dns__nta_ref(nta);
 		dns_ntatable_ref(nta->ntatable);
-		flushnode = true;
 		isc_async_run(nta->loop, delete_expired, nta);
 		goto done;
 	}
@@ -462,10 +460,6 @@ dns_ntatable_covered(dns_ntatable_t *ntatable, isc_stdtime_t now,
 	answer = true;
 done:
 	dns_qpread_destroy(table, &qpr);
-
-	if (nta != NULL && flushnode) {
-		dns_view_flushnode(view, &nta->name, true);
-	}
 unlock:
 	rcu_read_unlock();