From d0fd9cbe3b0455d0db04b5afe67b7edc44e55965 Mon Sep 17 00:00:00 2001 From: Evan Hunt Date: Mon, 24 Feb 2025 14:30:39 -0800 Subject: [PATCH] Fix a logic error in cache_name() A change in 6aba56ae8 (checking whether a rejected RRset was identical to the data it would have replaced, so that we could still cache a signature) inadvertently introduced cases where processing of a response would continue when previously it would have been skipped. --- lib/dns/resolver.c | 27 ++++++++++++++------------- 1 file changed, 14 insertions(+), 13 deletions(-) diff --git a/lib/dns/resolver.c b/lib/dns/resolver.c index f12d6ef508..9655bfc85c 100644 --- a/lib/dns/resolver.c +++ b/lib/dns/resolver.c @@ -6103,7 +6103,8 @@ cache_name(fetchctx_t *fctx, dns_name_t *name, dns_message_t *message, if (result == DNS_R_UNCHANGED) { result = ISC_R_SUCCESS; if (!need_validation && - ardataset != NULL) + ardataset != NULL && + NEGATIVE(ardataset)) { /* * The answer in the @@ -6117,12 +6118,17 @@ cache_name(fetchctx_t *fctx, dns_name_t *name, dns_message_t *message, if (NXDOMAIN(ardataset)) { eresult = DNS_R_NCACHENXDOMAIN; - } else if (NEGATIVE(ardataset)) - { + } else { eresult = DNS_R_NCACHENXRRSET; } - + continue; + } else if (!need_validation && + ardataset != NULL && + sigrdataset != NULL && + !dns_rdataset_equals( + rdataset, ardataset)) + { /* * The cache wasn't updated * because something was @@ -6130,16 +6136,11 @@ cache_name(fetchctx_t *fctx, dns_name_t *name, dns_message_t *message, * data was the same as what * we were trying to add, * then sigrdataset might - * still be useful. If - * not, move on. + * still be useful, and we + * should carry on caching + * it. Otherwise, move on. */ - if (sigrdataset != NULL && - !dns_rdataset_equals( - rdataset, - addedrdataset)) - { - continue; - } + continue; } } if (result != ISC_R_SUCCESS) {