mirror of
https://github.com/isc-projects/bind9.git
synced 2026-05-23 10:37:43 -04:00
764625ee5b
When the validator needs a DS RRset and the cache does not have it, get_dsset() falls back to creating a fresh fetch. Without a hint, the resolver picks the closest known zone cut for the DS query, and in the parent-centric resolver that can land on a delegation at the DS owner name itself (the child side). This can happens when the parent delegation is expired, or if the zonecut of the parent doesn't match the labels in the name. Querying the child for its own DS records yields NODATA from the apex of the zone, which sends the resolver into the "chase DS servers" recovery path and costs two extra round trips for a parent delegation we already had cached in the delegation database. Look up the parent zone in the delegation database before kicking off the fetch, and pass any usable delegation to the resolver as a hint. When the hint is present, the resolver sends the DS query straight to the parent's nameservers and the chase path is avoided entirely. To support this, create_fetch() now takes optional 'domain' and 'delegset' parameters that are forwarded to dns_resolver_createfetch(). All other call sites pass NULL. |
||
|---|---|---|
| .. | ||
| dns | ||
| isc | ||
| isccc | ||
| isccfg | ||
| ns | ||
| .gitignore | ||
| meson.build | ||