Skip to content

lib/resolve: cut fetching: don't use root hints if no keys fetched, but glue addresses found

Grigorii Demidov requested to merge nsfetch-nokey into master

In some circumstances kresd does unnecessary queries to parent zone. For example, if we ask kresd to resolve cz. NS right after successful root zone importing we will see this behavior

...
[63305][cach]   => NSEC sname: range search found stale or insecure entry
[63305][zcut]   found cut: cz. (return codes: DS 0, DNSKEY -2)
[63305][zcut]   found cut: . (return codes: DS -2, DNSKEY 0)
[63305][resl]   >< TA: '.'
[63305][resl]   => querying: '199.7.83.42' score: 10 zone cut: '.' qname: 'CZ.' qtype: 'NS' proto: 'udp'
[63305][iter]   <= answer received: 
...

i.e. despite that fact, that kresd have imported .cz zonecut, it queries l.root-servers.net instead of sending query to cz. nameservers.

Edited by Grigorii Demidov

Merge request reports