Abandon caching RRSIGs and returning them from cache.

The list of exceptions to being able to locally answer cached data for validated records when DNSSEC data is requested was getting too long, so don't ever do that. This means that the cache no longer has to hold RRSIGS and allows us to lose lots of code. Note that cached validated answers are still returned as long as do=0
2025-12-19 10:18:25 +00:00 · 2015-12-15 12:04:40 +00:00
parent 9a31b68b59
commit 93be5b1e02
4 changed files with 42 additions and 297 deletions
--- a/src/dnsmasq.h
+++ b/src/dnsmasq.h
@@ -398,14 +398,9 @@ struct crec {
      unsigned char algo;
      unsigned char digest; 
    } ds; 
-    struct {
-      struct blockdata *keydata;
-      unsigned short keylen, type_covered, keytag;
-      char algo;
-    } sig;
  } addr;
  time_t ttd; /* time to die */
-  /* used as class if DNSKEY/DS/RRSIG, index to source for F_HOSTS */
+  /* used as class if DNSKEY/DS, index to source for F_HOSTS */
  unsigned int uid; 
  unsigned short flags;
  union {
@@ -445,8 +440,7 @@ struct crec {
 #define F_SECSTAT   (1u<<24)
 #define F_NO_RR     (1u<<25)
 #define F_IPSET     (1u<<26)
-#define F_NSIGMATCH (1u<<27)
-#define F_NOEXTRA   (1u<<28)
+#define F_NOEXTRA   (1u<<27)

 /* Values of uid in crecs with F_CONFIG bit set. */
 #define SRC_INTERFACE 0