mirror of
https://github.com/isc-projects/bind9.git
synced 2026-05-22 10:10:14 -04:00
3704cf42eb
Previously, when answering from the cache, and when minimal-responses was not set, we added the best known zone cut to the authority section of the response message, using dns_db_findzonecut() to look it up in the DNS cache. Since the DNS cache will no longer be used to store parent-side NS RRsets, it will now be possible for an ancestor node to be used as the zone cut, leading to the wrong NS record being included. There are various ways we could correct this: 1. Use dns_deleg_lookup() instead of dns_db_findzonecut() to find the zone cut. But currently, the deleg database stores only the server addresses for the delegation, not the full NS RRset; this would need to be changed. 2. Look up <name>/NS whenever we cache a referral; that way we'll get the child-side NS RRset and cache that, and we can retrieve it when building the response. But the solution chosen here is simply not to look up the NS record when answering from the cache, effectively making "minimal-responses yes;" mandatory for queries answered from the cache. System tests have been updated as needed, so they no longer expect NS RRsets in the authority section of recursive responses. |
||
|---|---|---|
| .. | ||
| arm | ||
| changelog | ||
| design | ||
| dev | ||
| dnssec-guide | ||
| doxygen | ||
| man | ||
| misc | ||
| notes | ||
| meson.build | ||