From fe965ba1e477ed9f5933d01771ae1174aafb8359 Mon Sep 17 00:00:00 2001 From: Simon Kelley Date: Mon, 20 Mar 2023 15:16:29 +0000 Subject: [PATCH] Improve cache use with --filter-A and --filter-AAAA If --filter-AAAA is set and we have cached entry for the domain in question fpr any RR type that allows us to return a NODATA reply when --filter-AAAA is set without going upstream. Similarly for --filter-A. (cherry picked from commit 5a9eae429a7d0680d606f03f2759d7dde0bbe3f0) --- src/rfc1035.c | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) diff --git a/src/rfc1035.c b/src/rfc1035.c index 0e251c7..dd8b549 100644 --- a/src/rfc1035.c +++ b/src/rfc1035.c @@ -1741,6 +1741,25 @@ size_t answer_request(struct dns_header *header, char *limit, size_t qlen, anscount++; } } + else if (((flag & F_IPV4) && option_bool(OPT_FILTER_A)) || ((flag & F_IPV6) && option_bool(OPT_FILTER_AAAA))) + { + /* We don't have a cached answer and when we get an answer from upstream we're going to + filter it anyway. If we have a cached answer for the domain for another RRtype then + that may be enough to tell us if the answer should be NODATA and save the round trip. + Cached NXDOMAIN has already been handled, so here we look for any record for the domain, + since its existence allows us to return a NODATA answer. Note that we never set the AD flag, + since we didn't authentucate the record. We do set the AA flag since this answer comes from + local config. */ + + if (cache_find_by_name(NULL, name, now, F_IPV4 | F_IPV6 | F_SRV)) + { + ans = 1; + sec_data = 0; + + if (!dryrun) + log_query(F_NEG | F_CONFIG | flag, name, NULL, 0); + } + } } if (qtype == T_MX || qtype == T_ANY) @@ -1751,6 +1770,7 @@ size_t answer_request(struct dns_header *header, char *limit, size_t qlen, { ans = found = 1; sec_data = 0; + if (!dryrun) { int offset; -- 2.50.1