middleware/cache: don't cache expired RRSIGs (#641)

Check message for expired sig and don't cache those. Aside: This hack of caching entire messages is probably something we should stop doing at some point in the future and do this on a per RRset basis. Fixes #367 #635
2025-11-01 10:43:17 -04:00 · 2017-04-29 15:06:42 +01:00
parent 1f63e639e4
commit 7d39c2ba51
7 changed files with 172 additions and 62 deletions
--- a/middleware/dnssec/dnssec.go
+++ b/middleware/dnssec/dnssec.go
@@ -41,7 +41,7 @@ func New(zones []string, keys []*DNSKEY, next middleware.Handler, cache *lru.Cac
 func (d Dnssec) Sign(state request.Request, zone string, now time.Time) *dns.Msg {
 	req := state.Req

-	mt, _ := response.Typify(req) // TODO(miek): need opt record here?
+	mt, _ := response.Typify(req, time.Now().UTC()) // TODO(miek): need opt record here?
 	if mt == response.Delegation {
 		return req
 	}