From a0ab18f6ebd48dddf46cbb2ac064d1e9817a7a98 Mon Sep 17 00:00:00 2001
From: Simon Kelley <simon@thekelleys.org.uk>
Date: Thu, 13 Feb 2014 16:38:23 +0000
Subject: [PATCH] Don't mess with the TTL of DNSSEC RRs.

---
 src/cache.c | 12 +++++++-----
 1 file changed, 7 insertions(+), 5 deletions(-)

diff --git a/src/cache.c b/src/cache.c
index 93865d9..dd393c4 100644
--- a/src/cache.c
+++ b/src/cache.c
@@ -448,12 +448,14 @@ struct crec *cache_insert(char *name, struct all_addr *addr,
   int freed_all = flags & F_REVERSE;
   int free_avail = 0;
 
-  if (daemon->max_cache_ttl != 0 && daemon->max_cache_ttl < ttl)
-    ttl = daemon->max_cache_ttl;
-
-  /* Don't log keys here, done elsewhere */
+  /* Don't log DNSSEC records here, done elsewhere */
   if (flags & (F_IPV4 | F_IPV6 | F_CNAME))
-    log_query(flags | F_UPSTREAM, name, addr, NULL);
+    {
+      log_query(flags | F_UPSTREAM, name, addr, NULL);
+      /* Don;t mess with TTL for DNSSEC records. */
+      if (daemon->max_cache_ttl != 0 && daemon->max_cache_ttl < ttl)
+	ttl = daemon->max_cache_ttl;
+    }
 
   /* if previous insertion failed give up now. */
   if (insert_error)