From c9438ee2e0ffb2d3187ea0222c6057965eda161d Mon Sep 17 00:00:00 2001 From: Mark Andrews Date: Tue, 24 Oct 2017 09:54:25 +1100 Subject: [PATCH] 4779. [bug] Expire NTA at the start of the second. Don't update the expiry value if the record has already expired after a successful check. [RT #46368] --- CHANGES | 4 ++++ lib/dns/nta.c | 11 ++++++----- 2 files changed, 10 insertions(+), 5 deletions(-) diff --git a/CHANGES b/CHANGES index 4a3278cebe..2949650e82 100644 --- a/CHANGES +++ b/CHANGES @@ -1,3 +1,7 @@ +4779. [bug] Expire NTA at the start of the second. Don't update + the expiry value if the record has already expired + after a successful check. [RT #46368] + 4778. [test] Improve synth-from-dnssec testing. [RT #46352] 4777. [cleanup] Removed a redundant call to configure_view_acl(). diff --git a/lib/dns/nta.c b/lib/dns/nta.c index 6b55b6f278..6823a525d2 100644 --- a/lib/dns/nta.c +++ b/lib/dns/nta.c @@ -227,7 +227,8 @@ fetch_done(isc_task_t *task, isc_event_t *event) { case DNS_R_NXDOMAIN: case DNS_R_NCACHENXRRSET: case DNS_R_NXRRSET: - nta->expiry = now; + if (nta->expiry > now) + nta->expiry = now; break; default: break; @@ -458,7 +459,7 @@ dns_ntatable_covered(dns_ntatable_t *ntatable, isc_stdtime_t now, } if (result == ISC_R_SUCCESS) { nta = (dns_nta_t *) node->data; - answer = ISC_TF(nta->expiry >= now); + answer = ISC_TF(nta->expiry > now); } /* Deal with expired NTA */ @@ -551,7 +552,7 @@ dns_ntatable_totext(dns_ntatable_t *ntatable, isc_buffer_t **buf) { snprintf(obuf, sizeof(obuf), "%s%s: %s %s", first ? "" : "\n", nbuf, - n->expiry < now ? "expired" : "expiry", + n->expiry <= now ? "expired" : "expiry", tbuf); first = ISC_FALSE; result = putstr(buf, obuf); @@ -605,7 +606,7 @@ dns_ntatable_dump(dns_ntatable_t *ntatable, FILE *fp) { isc_time_set(&t, n->expiry, 0); isc_time_formattimestamp(&t, tbuf, sizeof(tbuf)); fprintf(fp, "%s: %s %s\n", nbuf, - n->expiry < now ? "expired" : "expiry", + n->expiry <= now ? "expired" : "expiry", tbuf); } result = dns_rbtnodechain_next(&chain, NULL, NULL); @@ -672,7 +673,7 @@ dns_ntatable_save(dns_ntatable_t *ntatable, FILE *fp) { dns_rbtnodechain_current(&chain, NULL, NULL, &node); if (node->data != NULL) { dns_nta_t *n = (dns_nta_t *) node->data; - if (now <= n->expiry) { + if (n->expiry > now) { isc_buffer_t b; char nbuf[DNS_NAME_FORMATSIZE + 1], tbuf[80]; dns_fixedname_t fn;