auth: #9496 was incomplete, ignore cryptokeys in emitNSEC() and emitNSEC3()

author Kees Monshouwer <mind04@monshouwer.org>

Tue, 10 Nov 2020 19:12:06 +0000 (20:12 +0100)

committer mind04 <mind04@monshouwer.org>

Wed, 18 Nov 2020 11:14:55 +0000 (12:14 +0100)
author Kees Monshouwer <mind04@monshouwer.org>
Tue, 10 Nov 2020 19:12:06 +0000 (20:12 +0100)
committer mind04 <mind04@monshouwer.org>
Wed, 18 Nov 2020 11:14:55 +0000 (12:14 +0100)
diff --git a/pdns/packethandler.cc b/pdns/packethandler.cc

index 1cdb4470b88417fc91568f376cd6903facfa9bf5..333d05df15efbcb0a4206e0ca94bc43e8e3cbff4 100644 (file)
--- a/pdns/packethandler.cc
+++ b/pdns/packethandler.cc
@@ -564,19 +564,21 @@ void PacketHandler::emitNSEC(std::unique_ptr<DNSPacket>& r, const SOAData& sd, c
    nrc.set(QType::RRSIG);
    if(sd.qname == name) {
      nrc.set(QType::SOA); // 1dfd8ad SOA can live outside the records table
-    auto keyset = d_dk.getKeys(name);
-    for(const auto& value: keyset) {
-      if (value.second.published) {
-        nrc.set(QType::DNSKEY);
-        string publishCDNSKEY;
-        d_dk.getPublishCDNSKEY(name, publishCDNSKEY);
-        if (! publishCDNSKEY.empty())
-          nrc.set(QType::CDNSKEY);
-        string publishCDS;
-        d_dk.getPublishCDS(name, publishCDS);
-        if (! publishCDS.empty())
-          nrc.set(QType::CDS);
-        break;
+    if(!d_dk.isPresigned(sd.qname)) {
+      auto keyset = d_dk.getKeys(name);
+      for(const auto& value: keyset) {
+        if (value.second.published) {
+          nrc.set(QType::DNSKEY);
+          string publishCDNSKEY;
+          d_dk.getPublishCDNSKEY(name, publishCDNSKEY);
+          if (! publishCDNSKEY.empty())
+            nrc.set(QType::CDNSKEY);
+          string publishCDS;
+          d_dk.getPublishCDS(name, publishCDS);
+          if (! publishCDS.empty())
+            nrc.set(QType::CDS);
+          break;
+        }
        }
      }
    }
@@ -619,19 +621,21 @@ void PacketHandler::emitNSEC3(std::unique_ptr<DNSPacket>& r, const SOAData& sd,
      if (sd.qname == name) {
        n3rc.set(QType::SOA); // 1dfd8ad SOA can live outside the records table
        n3rc.set(QType::NSEC3PARAM);
-      auto keyset = d_dk.getKeys(name);
-      for(const auto& value: keyset) {
-        if (value.second.published) {
-          n3rc.set(QType::DNSKEY);
-          string publishCDNSKEY;
-          d_dk.getPublishCDNSKEY(name, publishCDNSKEY);
-          if (! publishCDNSKEY.empty())
-            n3rc.set(QType::CDNSKEY);
-          string publishCDS;
-          d_dk.getPublishCDS(name, publishCDS);
-          if (! publishCDS.empty())
-            n3rc.set(QType::CDS);
-          break;
+      if(!d_dk.isPresigned(sd.qname)) {
+        auto keyset = d_dk.getKeys(name);
+        for(const auto& value: keyset) {
+          if (value.second.published) {
+            n3rc.set(QType::DNSKEY);
+            string publishCDNSKEY;
+            d_dk.getPublishCDNSKEY(name, publishCDNSKEY);
+            if (! publishCDNSKEY.empty())
+              n3rc.set(QType::CDNSKEY);
+            string publishCDS;
+            d_dk.getPublishCDS(name, publishCDS);
+            if (! publishCDS.empty())
+              n3rc.set(QType::CDS);
+            break;
+          }
          }
        }
      }
author	Kees Monshouwer <mind04@monshouwer.org>
	Tue, 10 Nov 2020 19:12:06 +0000 (20:12 +0100)
committer	mind04 <mind04@monshouwer.org>
	Wed, 18 Nov 2020 11:14:55 +0000 (12:14 +0100)