From 8f52c7a1bd628ee9d4d6f0b864c7e7fde81f08dc Mon Sep 17 00:00:00 2001
From: Chris Hofstaedtler <chris.hofstaedtler@deduktiva.com>
Date: Mon, 20 Nov 2023 14:44:49 +0100
Subject: [PATCH] auth api: flush all caches when flushing

So far we never flushed the DNSSEC caches, except when DELETEing a domain.
However clearly some operations can affect the DNSSEC settings, and then the
caches should go.

Also do this for the flush API, to be consistent, and for users writing to the
DNSSEC settings/data externally.
---
 pdns/ws-auth.cc | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/pdns/ws-auth.cc b/pdns/ws-auth.cc
index 9612f75362b69..49e6acca68a68 100644
--- a/pdns/ws-auth.cc
+++ b/pdns/ws-auth.cc
@@ -2044,6 +2044,7 @@ static void apiServerZoneDetail(HttpRequest* req, HttpResponse* resp) {
     updateDomainSettingsFromDocument(B, di, zonename, document, zoneWasModified);
     di.backend->commitTransaction();
 
+    DNSSECKeeper::clearCaches(zonename);
     purgeAuthCaches(zonename.toString() + "$");
 
     resp->body = "";
@@ -2369,6 +2370,7 @@ static void patchZone(UeberBackend& B, HttpRequest* req, HttpResponse* resp)  //
 
   di.backend->commitTransaction();
 
+  DNSSECKeeper::clearCaches(zonename);
   purgeAuthCaches(zonename.toString() + "$");
 
   resp->body = "";
@@ -2503,6 +2505,7 @@ static void apiServerCacheFlush(HttpRequest* req, HttpResponse* resp) {
     }
   }
 
+  DNSSECKeeper::clearCaches(canon);
   // purge entire zone from cache, not just zone-level records.
   uint64_t count = purgeAuthCaches(canon.toString() + "$");
   resp->setJsonBody(Json::object {