Permalink
Browse files

fix for errata 3441 of RFC5155

  • Loading branch information...
1 parent e8bfa7b commit bbc0bc5aedc818dfb743b922bb3c47257c8e8a44 @mind04 mind04 committed with mind04 Feb 28, 2014
Showing with 8 additions and 6 deletions.
  1. +1 −1 pdns/backends/bind/bindbackend2.cc
  2. +7 −5 pdns/packethandler.cc
@@ -613,7 +613,7 @@ void Bind2Backend::doEmptyNonTerminals(shared_ptr<State> stage, int id, bool nse
while(chopOff(shorter))
{
- if(!qnames.count(shorter) && !nonterm.count(shorter))
+ if(!qnames.count(shorter))
{
if(!(maxent))
{
View
@@ -607,16 +607,18 @@ void PacketHandler::addNSEC3(DNSPacket *p, DNSPacket *r, const string& target, c
getNSEC3Hashes(narrow, sd.db, sd.domain_id, hashed, false, unhashed, before, after, mode);
- if (mode == 1 && (hashed != before)) {
- DLOG(L<<"No matching NSEC3 for DS, do closest (provable) encloser"<<endl);
+ if ((mode == 0 || mode == 1) && (hashed != before)) {
+ DLOG(L<<"No matching NSEC3, do closest (provable) encloser"<<endl);
+ bool doBreak = false;
DNSResourceRecord rr;
while( chopOff( closest ) && (closest != sd.qname)) { // stop at SOA
B.lookup(QType(QType::ANY), closest, p, sd.domain_id);
- if (B.get(rr)) {
- while(B.get(rr));
+ while(B.get(rr))
+ if (rr.auth)
+ doBreak = true;
+ if(doBreak)
break;
- }
}
doNextcloser = true;
unhashed=closest;

0 comments on commit bbc0bc5

Please sign in to comment.