policy.STUB: avoid copying +dnssec flag from client to upstream

I can't see any motivation for the copying behavior,
and it made caching non-deterministic.

diff --git a/NEWS b/NEWS
index 4d0b009d0e4a0174f84ac6a26b717f9d01770753..46cfe27e03659bae7c0cf32a169dfe4885335d14 100644 (file)
--- a/NEWS
+++ b/NEWS
@@ -5,6 +5,7 @@ Improvements
 ------------
 - depend on jemalloc, preferably, to improve memory usage (!1353)
 - policy.STUB: avoid applying aggressive DNSSEC denial proofs (!1364)
+- policy.STUB: avoid copying +dnssec flag from client to upstream (!1364)
 
 Bugfixes
 --------

diff --git a/lib/resolve.c b/lib/resolve.c
index 877b078a3270f65a044285676cc44eaa188f2058..bd38a5f5d03a1d40eb197771422987e283bddbd2 100644 (file)
--- a/lib/resolve.c
+++ b/lib/resolve.c
@@ -619,11 +619,8 @@ static int query_finalize(struct kr_request *request, struct kr_query *qry, knot
        ret = edns_create(pkt, request);
        if (ret) return ret;
        if (qry->flags.STUB) {
-               /* Stub resolution (ask for +rd and +do) */
+               /* Stub resolution */
                knot_wire_set_rd(pkt->wire);
-               if (knot_pkt_has_dnssec(request->qsource.packet)) {
-                       knot_edns_set_do(pkt->opt_rr);
-               }
                if (knot_wire_get_cd(request->qsource.packet->wire)) {
                        knot_wire_set_cd(pkt->wire);
                }