]> git.ipfire.org Git - thirdparty/knot-resolver.git/commitdiff
projects / thirdparty / knot-resolver.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 1c85bc9)
always clear AD flag in forwarding mode
authorVladimír Čunát <vladimir.cunat@nic.cz>
Tue, 17 Jan 2017 13:38:28 +0000 (14:38 +0100)
committerVladimír Čunát <vladimir.cunat@nic.cz>
Tue, 17 Jan 2017 13:38:28 +0000 (14:38 +0100)
It's perhaps questionable to pass AD through, but we were setting it by
mistake (!).  Fixes #98.

lib/resolve.c patch | blob | blame | history

diff --git a/lib/resolve.c b/lib/resolve.c
index fdc3a8d283b952b33e4171a7484e29c0e687ace9..a8d47f8ae2bf81a9d129fa0adb23918a9a46ad07 100644 (file)
--- a/lib/resolve.c
+++ b/lib/resolve.c
@@ -525,7 +525,9 @@ static int answer_finalize(struct kr_request *request, int state)
                /* Do not set AD for RRSIG query, as we can't validate it. */
                const bool secure = (last->flags & QUERY_DNSSEC_WANT) &&
                                   !(last->flags & QUERY_DNSSEC_INSECURE);
-               if (has_ad && secure && knot_pkt_qtype(answer) != KNOT_RRTYPE_RRSIG) {
+               if (!(last->flags & QUERY_STUB) /* Never set AD if forwarding. */
+                   && has_ad && secure
+                   && knot_pkt_qtype(answer) != KNOT_RRTYPE_RRSIG) {
                        knot_wire_set_ad(answer->wire);
                }
        }
Mirror of https://gitlab.nic.cz/knot/knot-resolver.git