Test the DS/DNSKEY condition at the proper spot.

diff --git a/pdns/syncres.cc b/pdns/syncres.cc
index 8d032a19b5f971ba2ecc81f752adb7adfa12b819..19eaa418a4d0658889fe128c68a75090ba9ca011 100644 (file)
--- a/pdns/syncres.cc
+++ b/pdns/syncres.cc
@@ -1237,10 +1237,6 @@ bool SyncRes::doCNAMECacheCheck(const DNSName &qname, const QType &qtype, vector
     LOG(prefix<<qname<<": No CNAME or DNAME cache hit of '"<< qname <<"' found"<<endl);
     return false;
   }
-
-  if (qtype == QType::DS || qtype == QType::DNSKEY) {
-    return true;
-  }
   
   for(auto const &record : cset) {
     if (record.d_class != QClass::IN) {
@@ -1336,6 +1332,11 @@ bool SyncRes::doCNAMECacheCheck(const DNSName &qname, const QType &qtype, vector
         return true;
       }
 
+      if (qtype == QType::DS || qtype == QType::DNSKEY) {
+        res = 0;
+        return true;
+      }
+
       // We have a DNAME _or_ CNAME cache hit and the client wants something else than those two.
       // Let's find the answer!
       if (foundQT == QType::CNAME) {
@@ -3402,8 +3403,8 @@ bool SyncRes::processAnswer(unsigned int depth, LWResult& lwr, const DNSName& qn
       return true;
     }
 
-    if (qtype == QType::DS) {
-      LOG(prefix<<qname<<": status=got a CNAME referral, but we are looking for a DS"<<endl);
+    if (qtype == QType::DS || qtype == QType::DNSKEY) {
+      LOG(prefix<<qname<<": status=got a CNAME referral, but we are looking for a DS or DNSKEY"<<endl);
 
       if(d_doDNSSEC)
         addNXNSECS(ret, lwr.d_records);