From 205ac90f9ec130d99c145204e40b3dbd48568070 Mon Sep 17 00:00:00 2001
From: Peter van Dijk <peter.van.dijk@powerdns.com>
Date: Tue, 17 Apr 2018 22:50:04 +0200
Subject: [PATCH] correctly apply min(ttl,minimum) on SOA TTL for negative
 responses

---
 tdns/tdns.cc | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/tdns/tdns.cc b/tdns/tdns.cc
index 93a2d1a..fcf7beb 100644
--- a/tdns/tdns.cc
+++ b/tdns/tdns.cc
@@ -133,7 +133,9 @@ bool processQuestion(const DNSNode& zones, DNSMessageReader& dm, const ComboAddr
         response.dh.rcode = (int)RCode::Nxdomain;
 
       const auto& rrset = bestzone->rrsets[DNSType::SOA]; // fetch the SOA record to indicate NXDOMAIN ttl
-      response.putRR(DNSSection::Authority, zonename, DNSType::SOA, rrset.ttl, rrset.contents[0]);
+      auto ttl = min(rrset.ttl, dynamic_cast<SOAGen*>(rrset.contents[0].get())->d_minimum); // 2308 3
+
+      response.putRR(DNSSection::Authority, zonename, DNSType::SOA, ttl, rrset.contents[0]);
     }
     else {
       cout<<"\tFound node in zone '"<<zonename<<"' for lhs '"<<qname<<"', searchname now '"<<searchname<<"', lastnode '"<<lastnode<<"', passedZonecut="<<passedZonecut<<endl;
@@ -179,7 +181,9 @@ bool processQuestion(const DNSNode& zones, DNSMessageReader& dm, const ComboAddr
       else {
         cout<<"\tNode exists, qtype doesn't, NOERROR situation, inserting SOA"<<endl;
         const auto& rrset = bestzone->rrsets[DNSType::SOA];
-        response.putRR(DNSSection::Authority, zonename, DNSType::SOA, rrset.ttl, rrset.contents[0]);
+        auto ttl = min(rrset.ttl, dynamic_cast<SOAGen*>(rrset.contents[0].get())->d_minimum); // 2308 3
+
+        response.putRR(DNSSection::Authority, zonename, DNSType::SOA, ttl, rrset.contents[0]);
       }
       addAdditional(bestzone, zonename, additional, response);
     }