]> git.ipfire.org Git - thirdparty/pdns.git/blobdiff - pdns/packethandler.cc
projects / thirdparty / pdns.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
auth: fix, missing insecure zones in authSet #7785
[thirdparty/pdns.git] / pdns / packethandler.cc
diff --git a/pdns/packethandler.cc b/pdns/packethandler.cc
index 9d686a69fe80b2355285e660436f63faa147d50f..267b1344fdcbfe2c9b76cd02b5c177da5c20b3fc 100644 (file)
--- a/pdns/packethandler.cc
+++ b/pdns/packethandler.cc
@@ -1108,7 +1108,7 @@ DNSPacket *PacketHandler::doQuestion(DNSPacket *p)
   set<DNSName> authSet;
 
   vector<DNSZoneRecord> rrset;
-  bool weDone=0, weRedirected=0, weHaveUnauth=0;
+  bool weDone=0, weRedirected=0, weHaveUnauth=0, doSigs=0;
   DNSName haveAlias;
   uint8_t aliasScopeMask;
 
@@ -1274,10 +1274,9 @@ DNSPacket *PacketHandler::doQuestion(DNSPacket *p)
     }
     DLOG(g_log<<Logger::Error<<"We have authority, zone='"<<sd.qname<<"', id="<<sd.domain_id<<endl);
 
+    authSet.insert(sd.qname);
     d_dnssec=(p->d_dnssecOk && d_dk.isSecuredZone(sd.qname));
-    if(d_dnssec) {
-      authSet.insert(sd.qname);
-    }
+    doSigs |= d_dnssec;
 
     if(!retargetcount) r->qdomainzone=sd.qname;
 
@@ -1569,7 +1568,7 @@ DNSPacket *PacketHandler::doQuestion(DNSPacket *p)
         break;
       }
     }
-    if(authSet.size())
+    if(doSigs)
       addRRSigs(d_dk, B, authSet, r->getRRS());
       
     r->wrapup(); // needed for inserting in cache
Unnamed repository; edit this file 'description' to name the repository.