DLOG(g_log<<"After first ANY query for '"<<target<<"', id="<<sd.domain_id<<": weDone="<<weDone<<", weHaveUnauth="<<weHaveUnauth<<", weRedirected="<<weRedirected<<", haveAlias='"<<haveAlias<<"'"<<endl);
- if(p->qtype.getCode() == QType::DS && weHaveUnauth && !weDone && !weRedirected && d_dk.isSecuredZone(sd.qname)) {
- DLOG(g_log<<"Q for DS of a name for which we do have NS, but for which we don't have on a zone with DNSSEC need to provide an AUTH answer that proves we don't"<<endl);
+ if(p->qtype.getCode() == QType::DS && weHaveUnauth && !weDone && !weRedirected) {
+ DLOG(g_log<<"Q for DS of a name for which we do have NS, but for which we don't have DS; need to provide an AUTH answer that shows we don't"<<endl);
makeNOError(p, r, target, DNSName(), sd, 1);
goto sendit;
}
-1 example.com. IN RRSIG 86400 SOA 13 2 100000 [expiry] [inception] [keytag] example.com. ...
1 example.com. IN SOA 86400 ns1.example.com. ahu.example.com. 2847484148 28800 7200 604800 86400
-1 usa.example.com. IN NSEC 86400 *.w1.example.com. NS RRSIG NSEC
-1 usa.example.com. IN RRSIG 86400 NSEC 13 3 86400 [expiry] [inception] [keytag] example.com. ...
2 . IN OPT 32768
Rcode: 0 (No Error), RD: 0, QR: 1, TC: 0, AA: 1, opcode: 0
Reply to question for qname='usa.example.com.', qtype=DS
--- /dev/null
+1 example.com. IN RRSIG 86400 SOA 13 2 100000 [expiry] [inception] [keytag] example.com. ...
+1 example.com. IN SOA 86400 ns1.example.com. ahu.example.com. 2847484148 28800 7200 604800 86400
+1 usa.example.com. IN NSEC 86400 *.w1.example.com. NS RRSIG NSEC
+1 usa.example.com. IN RRSIG 86400 NSEC 13 3 86400 [expiry] [inception] [keytag] example.com. ...
+2 . IN OPT 32768
+Rcode: 0 (No Error), RD: 0, QR: 1, TC: 0, AA: 1, opcode: 0
+Reply to question for qname='usa.example.com.', qtype=DS
-1 delegated.dnssec-parent.com. IN NSEC 86400 ns1.dnssec-parent.com. NS RRSIG NSEC
-1 delegated.dnssec-parent.com. IN RRSIG 86400 NSEC 13 3 86400 [expiry] [inception] [keytag] dnssec-parent.com. ...
-1 dnssec-parent.com. IN RRSIG 3600 SOA 13 2 3600 [expiry] [inception] [keytag] dnssec-parent.com. ...
1 dnssec-parent.com. IN SOA 3600 ns1.dnssec-parent.com. ahu.example.com. 2005092501 28800 7200 604800 86400
2 . IN OPT 32768
Rcode: 0 (No Error), RD: 0, QR: 1, TC: 0, AA: 1, opcode: 0
--- /dev/null
+1 delegated.dnssec-parent.com. IN NSEC 86400 ns1.dnssec-parent.com. NS RRSIG NSEC
+1 delegated.dnssec-parent.com. IN RRSIG 86400 NSEC 13 3 86400 [expiry] [inception] [keytag] dnssec-parent.com. ...
+1 dnssec-parent.com. IN RRSIG 3600 SOA 13 2 3600 [expiry] [inception] [keytag] dnssec-parent.com. ...
+1 dnssec-parent.com. IN SOA 3600 ns1.dnssec-parent.com. ahu.example.com. 2005092501 28800 7200 604800 86400
+2 . IN OPT 32768
+Rcode: 0 (No Error), RD: 0, QR: 1, TC: 0, AA: 1, opcode: 0
+Reply to question for qname='delegated.dnssec-parent.com.', qtype=DS
projects / thirdparty / pdns.git / commitdiff
