rec: Ignore cache-only for DNSKEYs retrieval

When the DNSKEYs are needed for validation, the initial RD flag
should not prevent us from going to the network.

diff --git a/pdns/syncres.cc b/pdns/syncres.cc
index 19eaa418a4d0658889fe128c68a75090ba9ca011..820efea01b9491f7ed6d5284285c7a1612bf7342 100644 (file)
--- a/pdns/syncres.cc
+++ b/pdns/syncres.cc
@@ -2330,7 +2330,9 @@ vState SyncRes::getDNSKeys(const DNSName& signer, skeyset_t& keys, unsigned int
   LOG(d_prefix<<"Retrieving DNSKeys for "<<signer<<endl);
 
   vState state = Indeterminate;
+  const bool oldCacheOnly = setCacheOnly(false);
   int rcode = doResolve(signer, QType(QType::DNSKEY), records, depth + 1, beenthere, state);
+  setCacheOnly(oldCacheOnly);
 
   if (rcode == RCode::NoError) {
     if (state == Secure) {