AD bit handling when doing validation.

author Simon Kelley <simon@thekelleys.org.uk>

Wed, 8 Jan 2014 18:11:55 +0000 (18:11 +0000)

committer Simon Kelley <simon@thekelleys.org.uk>

Wed, 8 Jan 2014 18:11:55 +0000 (18:11 +0000)
author Simon Kelley <simon@thekelleys.org.uk>
Wed, 8 Jan 2014 18:11:55 +0000 (18:11 +0000)
committer Simon Kelley <simon@thekelleys.org.uk>
Wed, 8 Jan 2014 18:11:55 +0000 (18:11 +0000)
diff --git a/src/forward.c b/src/forward.c

index 5c2d1a0ba33f07aa0d136a666617a79aa30da003..8167229d160da29fa8bf5711e6908d17332b391f 100644 (file)
--- a/src/forward.c
+++ b/src/forward.c
@@ -461,7 +461,6 @@ static size_t process_reply(struct dns_header *header, time_t now, struct server
    char **sets = 0;
    int munged = 0, is_sign;
    size_t plen; 
-  int squash_ad = 0;
  
  #ifdef HAVE_IPSET
    /* Similar algorithm to search_servers. */
@@ -506,19 +505,16 @@ static size_t process_reply(struct dns_header *header, time_t now, struct server
        
    /* RFC 4035 sect 4.6 para 3 */
    if (!is_sign && !option_bool(OPT_DNSSEC_PROXY))
-    squash_ad = 1;
+     header->hb4 &= ~HB4_AD;
    
  #ifdef HAVE_DNSSEC
    if (option_bool(OPT_DNSSEC_VALID))
-    squash_ad = no_cache;
-
+    header->hb4 &= ~HB4_AD;
+  
    if (cache_secure)
      header->hb4 |= HB4_AD;
  #endif
    
-  if (squash_ad)
-    header->hb4 &= ~HB4_AD;
-  
    if (OPCODE(header) != QUERY || (RCODE(header) != NOERROR && RCODE(header) != NXDOMAIN))
      return n;
author	Simon Kelley <simon@thekelleys.org.uk>
	Wed, 8 Jan 2014 18:11:55 +0000 (18:11 +0000)
committer	Simon Kelley <simon@thekelleys.org.uk>
	Wed, 8 Jan 2014 18:11:55 +0000 (18:11 +0000)