From: Pieter Lexis Date: Tue, 25 Oct 2016 15:25:19 +0000 (+0200) Subject: Handle CNAME at secure zone apex to secure zone X-Git-Tag: rec-4.0.4~11^2~1 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=d8baf17df357dd6d132ed67fd01bc1e23c79d58f;p=thirdparty%2Fpdns.git Handle CNAME at secure zone apex to secure zone Closes #4466 --- diff --git a/pdns/syncres.cc b/pdns/syncres.cc index a3455f0571..0cc1ca247d 100644 --- a/pdns/syncres.cc +++ b/pdns/syncres.cc @@ -443,7 +443,7 @@ int SyncRes::doResolve(const DNSName &qname, const QType &qtype, vector& srcmask, LWResult* res); static void doEDNSDumpAndClose(int fd); @@ -371,6 +376,7 @@ public: bool d_wasVariable{false}; bool d_wasOutOfBand{false}; bool d_wantsRPZ{true}; + bool d_skipCNAMECheck{false}; typedef multi_index_container < NegCacheEntry, diff --git a/pdns/validate-recursor.cc b/pdns/validate-recursor.cc index 5819cfe7a9..12a9984d6d 100644 --- a/pdns/validate-recursor.cc +++ b/pdns/validate-recursor.cc @@ -19,6 +19,8 @@ public: vector ret; sr.d_doDNSSEC=true; + if (qtype == QType::DS || qtype == QType::DNSKEY || qtype == QType::NS) + sr.setSkipCNAMECheck(true); sr.beginResolve(qname, QType(qtype), 1, ret); d_queries += sr.d_outqueries; return ret;