From: Pieter Lexis <pieter.lexis@powerdns.com>
Date: Fri, 15 Apr 2016 09:55:40 +0000 (+0200)
Subject: Always validate on 'validate' and 'log-fail'
X-Git-Tag: dnsdist-1.0.0~12^2
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=refs%2Fpull%2F3710%2Fhead;p=thirdparty%2Fpdns.git

Always validate on 'validate' and 'log-fail'

Closes #3709

Also add a comment in the code regarding another DNSSEC ticket
---

diff --git a/pdns/pdns_recursor.cc b/pdns/pdns_recursor.cc
index 86fc88598d..3cee6bde20 100644
--- a/pdns/pdns_recursor.cc
+++ b/pdns/pdns_recursor.cc
@@ -925,7 +925,9 @@ void startDoResolve(void *p)
     else {
       pw.getHeader()->rcode=res;
 
-      if(haveEDNS) {
+      // FIXME: haveEDNS is not the way to handle initiation of validation, we
+      // should look for the AD bit in the header, see #3682
+      if(haveEDNS || g_dnssecmode == DNSSECMode::ValidateAll || g_dnssecmode==DNSSECMode::ValidateForLog) {
 	if(g_dnssecmode != DNSSECMode::Off && ((edo.d_Z & EDNSOpts::DNSSECOK) || g_dnssecmode == DNSSECMode::ValidateAll || g_dnssecmode==DNSSECMode::ValidateForLog)) {
           if(sr.doLog()) {
             L<<Logger::Warning<<"Starting validation of answer to "<<dc->d_mdp.d_qname<<" for "<<dc->d_remote.toStringWithPort()<<endl;