during SOA-check response processing make sure to only accept SOA records

if their label is identical to the requested domain.

diff --git a/pdns/resolver.cc b/pdns/resolver.cc
index 2d274bff7fe8544b7dd58a548bc33bf09a71c3a3..ab3dcad0cee6498e348cede08aa68780ec80aab8 100644 (file)
--- a/pdns/resolver.cc
+++ b/pdns/resolver.cc
@@ -277,14 +277,14 @@ bool Resolver::tryGetSOASerial(DNSName *domain, ComboAddress* remote, uint32_t *
   *theirInception = *theirExpire = 0;
   bool gotSOA=false;
   for(const MOADNSParser::answers_t::value_type& drc :  mdp.d_answers) {
-    if(drc.first.d_type == QType::SOA) {
+    if(drc.first.d_type == QType::SOA && drc.first.d_name == *domain) {
       shared_ptr<SOARecordContent> src=getRR<SOARecordContent>(drc.first);
       if (src) {
         *theirSerial=src->d_st.serial;
         gotSOA = true;
       }
     }
-    if(drc.first.d_type == QType::RRSIG) {
+    if(drc.first.d_type == QType::RRSIG && drc.first.d_name == *domain) {
       shared_ptr<RRSIGRecordContent> rrc=getRR<RRSIGRecordContent>(drc.first);
       if(rrc && rrc->d_type == QType::SOA) {
         *theirInception= std::max(*theirInception, rrc->d_siginception);