From f8d866c6efa4c9c2726f8ebcf2e66122198576c4 Mon Sep 17 00:00:00 2001 From: Matthijs Mekking Date: Wed, 20 Jul 2022 11:22:01 +0200 Subject: [PATCH 1/2] Fix rndc dumpdb -expired for stuck cache contents The command 'rndc dumpdb -expired' will include expired RRsets in the output, but only for the RBTDB_VIRTUAL time (of 5 minutes). This means that if there is a cache cleaning problem and contents are not cleaned up, the rndc command has little diagnostic value. Fix this by including all RRsets in the dumpdb output if the '-expired' flag is set. --- lib/dns/rbtdb.c | 43 +++++++------------------------------------ 1 file changed, 7 insertions(+), 36 deletions(-) diff --git a/lib/dns/rbtdb.c b/lib/dns/rbtdb.c index 2fd789cdca..f131902d36 100644 --- a/lib/dns/rbtdb.c +++ b/lib/dns/rbtdb.c @@ -8661,15 +8661,10 @@ rdatasetiter_first(dns_rdatasetiter_t *iterator) { dns_rbtnode_t *rbtnode = rbtiterator->common.node; rbtdb_version_t *rbtversion = rbtiterator->common.version; rdatasetheader_t *header, *top_next; - rbtdb_serial_t serial; - isc_stdtime_t now; + rbtdb_serial_t serial = 1; - if (IS_CACHE(rbtdb)) { - serial = 1; - now = rbtiterator->common.now; - } else { + if (!IS_CACHE(rbtdb)) { serial = rbtversion->serial; - now = 0; } NODE_LOCK(&rbtdb->node_locks[rbtnode->locknum].lock, @@ -8681,19 +8676,9 @@ rdatasetiter_first(dns_rdatasetiter_t *iterator) { if (header->serial <= serial && !IGNORE(header)) { /* * Is this a "this rdataset doesn't exist" - * record? Or is it too old in the cache? - * - * Note: unlike everywhere else, we - * check for now > header->rdh_ttl instead - * of ">=". This allows ANY and RRSIG - * queries for 0 TTL rdatasets to work. + * record? */ - if (NONEXISTENT(header) || - (now != 0 && - (now - RBTDB_VIRTUAL) > - header->rdh_ttl + - STALE_TTL(header, rbtdb))) - { + if (NONEXISTENT(header)) { header = NULL; } break; @@ -8725,22 +8710,17 @@ rdatasetiter_next(dns_rdatasetiter_t *iterator) { dns_rbtnode_t *rbtnode = rbtiterator->common.node; rbtdb_version_t *rbtversion = rbtiterator->common.version; rdatasetheader_t *header, *top_next; - rbtdb_serial_t serial; - isc_stdtime_t now; rbtdb_rdatatype_t type, negtype; dns_rdatatype_t rdtype, covers; + rbtdb_serial_t serial = 1; header = rbtiterator->current; if (header == NULL) { return (ISC_R_NOMORE); } - if (IS_CACHE(rbtdb)) { - serial = 1; - now = rbtiterator->common.now; - } else { + if (!IS_CACHE(rbtdb)) { serial = rbtversion->serial; - now = 0; } NODE_LOCK(&rbtdb->node_locks[rbtnode->locknum].lock, @@ -8766,17 +8746,8 @@ rdatasetiter_next(dns_rdatasetiter_t *iterator) { /* * Is this a "this rdataset doesn't * exist" record? - * - * Note: unlike everywhere else, we - * check for now > header->ttl instead - * of ">=". This allows ANY and RRSIG - * queries for 0 TTL rdatasets to work. */ - if (NONEXISTENT(header) || - (now != 0 && - (now - RBTDB_VIRTUAL) > - header->rdh_ttl)) - { + if (NONEXISTENT(header)) { header = NULL; } break; From 113dcd124e921573778a10b4eef917d48d3a92c8 Mon Sep 17 00:00:00 2001 From: Matthijs Mekking Date: Wed, 20 Jul 2022 11:33:32 +0200 Subject: [PATCH 2/2] Add change entry and release note for #3462 News worthy. --- CHANGES | 4 ++++ doc/notes/notes-current.rst | 4 ++++ 2 files changed, 8 insertions(+) diff --git a/CHANGES b/CHANGES index 92323f36b2..abedcfe7b3 100644 --- a/CHANGES +++ b/CHANGES @@ -1,3 +1,7 @@ +5932. [bug] Fix rndc dumpdb -expired and always include expired + RRsets, not just for RBTDB_VIRTUAL time window. + [GL #3462] + 5931. [bug] Fix DiG query error handling robustness in NSSEARCH mode by making sure that udp_ready(), tcp_connected(), and send_done() callbacks start the next query in chain diff --git a/doc/notes/notes-current.rst b/doc/notes/notes-current.rst index acbec4e529..bbc6fc35bf 100644 --- a/doc/notes/notes-current.rst +++ b/doc/notes/notes-current.rst @@ -58,3 +58,7 @@ Bug Fixes - Non-dynamic zones that inherit dnssec-policy from the view or options level were not marked as inline-signed, and thus were never scheduled to be re-signed. This is now fixed. :gl:`#3438` + +- Fix `rndc dumpdb -expired` to include expired RRsets, even if the cache + cleaning time window has passed. This will now show expired RRsets that are + stuck in the cache. :gl:`#3462`