3981. [bug] Cache DS/NXDOMAIN independently of other query types.

[RT #37467] (cherry picked from commit 72775a79fe)
2026-06-11 15:39:59 -04:00 · 2014-10-18 13:09:09 +11:00 · 2014-10-18 13:09:09 +11:00 · f2b44f6586
commit f2b44f6586
parent 7b4063bd24
5 changed files with 38 additions and 2 deletions
--- a/3
+++ b/3
@ -1,3 +1,6 @@
+3981.	[bug]		Cache DS/NXDOMAIN independently of other query types.
+			[RT #37467]
+
 3978.	[test]		Added a unit test for Diffie-Hellman key
 			computation, completing change #3974. [RT #37477]

--- a/bin/tests/system/forward/ns2/named.conf
+++ b/bin/tests/system/forward/ns2/named.conf
@ -55,6 +55,11 @@ zone "example4." {
 	file "example.db";
 };

+zone "grafted." {
+	type master;
+	file "example.db";
+};
+
 zone "1.0.10.in-addr.arpa." {
 	type master;
 	file "example.db";
--- a/bin/tests/system/forward/ns4/named.conf
+++ b/bin/tests/system/forward/ns4/named.conf
@ -56,3 +56,9 @@ zone "1.0.10.in-addr.arpa" {
 	forward only;
 	forwarders { 10.53.0.2; };
 };
+
+zone "grafted" {
+	type forward;
+	forward only;
+	forwarders { 10.53.0.2; };
+};
--- a/bin/tests/system/forward/tests.sh
+++ b/bin/tests/system/forward/tests.sh
@ -110,5 +110,18 @@ grep "status: NXDOMAIN" dig.out.f2 > /dev/null || ret=1
 if [ $ret != 0 ]; then echo "I:failed"; fi
 status=`expr $status + $ret`

+echo "I:checking that DS lookups for grafting forward zones are isolated"
+ret=0
+$DIG grafted A @10.53.0.4 -p 5300 > dig.out.q1
+$DIG grafted DS @10.53.0.4 -p 5300 > dig.out.q2
+$DIG grafted A @10.53.0.4 -p 5300 > dig.out.q3
+$DIG grafted AAAA @10.53.0.4 -p 5300 > dig.out.q4
+grep "status: NOERROR" dig.out.q1 > /dev/null || ret=1
+grep "status: NXDOMAIN" dig.out.q2 > /dev/null || ret=1
+grep "status: NOERROR" dig.out.q3 > /dev/null || ret=1
+grep "status: NOERROR" dig.out.q4 > /dev/null || ret=1
+if [ $ret != 0 ]; then echo "I:failed"; fi
+status=`expr $status + $ret`
+
 echo "I:exit status: $status"
 exit $status
--- a/lib/dns/resolver.c
+++ b/lib/dns/resolver.c
@ -4192,7 +4192,11 @@ validated(isc_task_t *task, isc_event_t *event) {

 		inc_stats(res, dns_resstatscounter_valnegsuccess);

-		if (fctx->rmessage->rcode == dns_rcode_nxdomain)
+		/*
+		 * Cache DS NXDOMAIN seperately to other types.
+		 */
+		if (fctx->rmessage->rcode == dns_rcode_nxdomain &&
+		    fctx->type != dns_rdatatype_ds)
 			covers = dns_rdatatype_any;
 		else
 			covers = fctx->type;
@ -7425,7 +7429,12 @@ resquery_response(isc_task_t *task, isc_event_t *event) {
 	 */
 	if (WANTNCACHE(fctx)) {
 		dns_rdatatype_t covers;
-		if (message->rcode == dns_rcode_nxdomain)
+
+		/*
+		 * Cache DS NXDOMAIN seperately to other types.
+		 */
+		if (message->rcode == dns_rcode_nxdomain &&
+		    fctx->type != dns_rdatatype_ds)
 			covers = dns_rdatatype_any;
 		else
 			covers = fctx->type;