limit mode 0 closest provable encloser to optout

author Kees Monshouwer <mind04@monshouwer.org>

Fri, 28 Feb 2014 08:58:33 +0000 (09:58 +0100)

committer mind04 <mind04@monshouwer.org>

Fri, 28 Feb 2014 08:58:33 +0000 (09:58 +0100)
author Kees Monshouwer <mind04@monshouwer.org>
Fri, 28 Feb 2014 08:58:33 +0000 (09:58 +0100)
committer mind04 <mind04@monshouwer.org>
Fri, 28 Feb 2014 08:58:33 +0000 (09:58 +0100)
diff --git a/pdns/packethandler.cc b/pdns/packethandler.cc

index e970a649c85523c8081b840216aa533604bf7f4f..68a299541fabb000ae442bc397341f8995b63c5d 100644 (file)
--- a/pdns/packethandler.cc
+++ b/pdns/packethandler.cc
@@ -618,7 +618,7 @@ void PacketHandler::addNSEC3(DNSPacket *p, DNSPacket *r, const string& target, c
  
      getNSEC3Hashes(narrow, sd.db, sd.domain_id,  hashed, false, unhashed, before, after, mode);
  
-    if ((mode == 0 ||  mode == 1) && (hashed != before)) {
+    if (((mode == 0 && ns3rc.d_flags) ||  mode == 1) && (hashed != before)) {
        DLOG(L<<"No matching NSEC3, do closest (provable) encloser"<<endl);
  
        bool doBreak = false;
author	Kees Monshouwer <mind04@monshouwer.org>
	Fri, 28 Feb 2014 08:58:33 +0000 (09:58 +0100)
committer	mind04 <mind04@monshouwer.org>
	Fri, 28 Feb 2014 08:58:33 +0000 (09:58 +0100)