Permalink
Browse files

NSEC3 and related RRSIGS are not part of the dnstree

  • Loading branch information...
1 parent 5bbd868 commit d768d7f2ad094b089e4f99aa4f9a20271da9b40b @mind04 mind04 committed with mind04 Mar 12, 2015
Showing with 4 additions and 6 deletions.
  1. +4 −6 pdns/packethandler.cc
View
@@ -1159,12 +1159,10 @@ DNSPacket *PacketHandler::questionOrRecurse(DNSPacket *p, bool *shouldRecurse)
weDone = weRedirected = weHaveUnauth = 0;
while(B.get(rr)) {
- if (p->qtype.getCode() == QType::ANY) {
- if (rr.qtype.getCode() == QType::RRSIG) // RRSIGS are added later any way.
- continue; // TODO: this actually means addRRSig should check if the RRSig is already there.
- if (!p->d_dnssecOk && (rr.qtype.getCode() == QType:: DNSKEY || rr.qtype.getCode() == QType::NSEC3PARAM))
- continue; // Don't send dnssec info to non validating resolvers.
- }
+ if (p->qtype.getCode() == QType::ANY && !p->d_dnssecOk && (rr.qtype.getCode() == QType:: DNSKEY || rr.qtype.getCode() == QType::NSEC3PARAM))
+ continue; // Don't send dnssec info to non validating resolvers.
+ if (rr.qtype.getCode() == QType::RRSIG) // RRSIGS are added later any way.
+ continue; // TODO: this actually means addRRSig should check if the RRSig is already there
// cerr<<"Auth: "<<rr.auth<<", "<<(rr.qtype == p->qtype)<<", "<<rr.qtype.getName()<<endl;
if((p->qtype.getCode() == QType::ANY || rr.qtype == p->qtype) && rr.auth)

0 comments on commit d768d7f

Please sign in to comment.