Invalid CLASS reported for repeated rr_type + answers

[jasontant]

If DNS responses for the same answer value and record type have different CLASS values, the first CLASS value seen will be reproduced for all subsequent occurrences of that (rr_type, answer) pair. In high-volume environments, we have observed this behavior incorrectly reporting CLASS values for later DNS responses.

Example (timestamps replaced, IP addresses omitted):

1111111111.000000||XXX.XXX.XXX.XXX||XXX.XXX.XXX.XXX||32769||.||NS||j.root-servers.net.||518400||1 1111111112.000000||XXX.XXX.XXX.XXX||XXX.XXX.XXX.XXX||32769||.||NS||j.root-servers.net.||518400||1 1111111113.000000||XXX.XXX.XXX.XXX||XXX.XXX.XXX.XXX||32769||.||NS||j.root-servers.net.||518400||1 1111111114.000000||XXX.XXX.XXX.XXX||XXX.XXX.XXX.XXX||32769||.||NS||j.root-servers.net.||518400||1

The above data was generated from packet capture where only the first response at time 1111111111.000000 had CLASS 32769, and all subsequent responses had class IN.

Simply updating the CLASS value for a given (rr_type, answer) pair is likely to be the simplest solution, however this would break cache timing for (rr_type, answer) pairs with legitimately different CLASS values. Based on the DNS spec, records with different CLASS values are actually different records. They should probably be tracked entirely separately.