From 2322425016298a39d2e48153285aefdfecc9a510 Mon Sep 17 00:00:00 2001 From: Matthijs Mekking Date: Mon, 30 Oct 2023 19:33:19 +0100 Subject: [PATCH] Don't ignore auth zones when in serve-stale mode When serve-stale is enabled and recursive resolution fails, the fallback to lookup stale data always happens in the cache database. Any authoritative data is ignored, and only information learned through recursive resolution is examined. If there is data in the cache that could lead to an answer, and this can be just the root delegation, the resolver will iterate further, getting closer to the answer that can be found by recursing down the root, and eventually puts the final response in the cache. Change the fallback to serve-stale to use 'query_getdb()', that finds out the best matching database for the given query. --- lib/ns/query.c | 15 +++++++++++++-- 1 file changed, 13 insertions(+), 2 deletions(-) diff --git a/lib/ns/query.c b/lib/ns/query.c index 712bee0871..ff8856127f 100644 --- a/lib/ns/query.c +++ b/lib/ns/query.c @@ -7653,8 +7653,19 @@ query_usestale(query_ctx_t *qctx, isc_result_t result) { qctx_freedata(qctx); if (dns_view_staleanswerenabled(qctx->client->view)) { - dns_db_attach(qctx->client->view->cachedb, &qctx->db); - qctx->version = NULL; + isc_result_t ret; + ret = query_getdb(qctx->client, qctx->client->query.qname, + qctx->client->query.qtype, qctx->options, + &qctx->zone, &qctx->db, &qctx->version, + &qctx->is_zone); + if (ret != ISC_R_SUCCESS) { + /* + * Failed to get the database, unexpected, but let us + * at least abandon serve-stale. + */ + return (false); + } + qctx->client->query.dboptions |= DNS_DBFIND_STALEOK; if (FETCH_RECTYPE_NORMAL(qctx->client) != NULL) { dns_resolver_destroyfetch(