From cbc5c674502fcb37024515dfc65bd1be61ed439c Mon Sep 17 00:00:00 2001
From: Chris Hofstaedtler <chris.hofstaedtler@deduktiva.com>
Date: Mon, 20 Nov 2023 14:44:49 +0100
Subject: [PATCH] auth api: flush all caches when flushing

So far we never flushed the DNSSEC caches, except when DELETEing a domain.
However clearly some operations can affect the DNSSEC settings, and then the
caches should go.

Also do this for the flush API, to be consistent, and for users writing to the
DNSSEC settings/data externally.
---
 pdns/ws-auth.cc | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/pdns/ws-auth.cc b/pdns/ws-auth.cc
index 058b91796d50..ca7b60c81ab3 100644
--- a/pdns/ws-auth.cc
+++ b/pdns/ws-auth.cc
@@ -2331,6 +2331,7 @@ static void patchZone(UeberBackend& B, const DNSName& zonename, DomainInfo& di,
 
   di.backend->commitTransaction();
 
+  DNSSECKeeper::clearCaches(zonename);
   purgeAuthCaches(zonename.toString() + "$");
 
   resp->body = "";
@@ -2459,6 +2460,7 @@ static void apiServerCacheFlush(HttpRequest* req, HttpResponse* resp) {
     }
   }
 
+  DNSSECKeeper::clearCaches(canon);
   // purge entire zone from cache, not just zone-level records.
   uint64_t count = purgeAuthCaches(canon.toString() + "$");
   resp->setJsonBody(Json::object {