From: Remi Gacogne <remi.gacogne@powerdns.com>
Date: Mon, 18 Sep 2017 13:01:39 +0000 (+0200)
Subject: rec: Handle direct NSEC queries
X-Git-Tag: rec-4.1.0-rc1~25^2
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=refs%2Fpull%2F5715%2Fhead;p=thirdparty%2Fpdns.git

rec: Handle direct NSEC queries
---

diff --git a/pdns/syncres.cc b/pdns/syncres.cc
index f6a959e939..665c150eca 100644
--- a/pdns/syncres.cc
+++ b/pdns/syncres.cc
@@ -1935,10 +1935,6 @@ bool SyncRes::processRecords(const std::string& prefix, const DNSName& qname, co
         newtarget=content->getTarget();
       }
     }
-    else if((rec.d_type==QType::RRSIG || rec.d_type==QType::NSEC || rec.d_type==QType::NSEC3) && rec.d_place==DNSResourceRecord::ANSWER) {
-      if(rec.d_type != QType::RRSIG || rec.d_name == qname)
-        ret.push_back(rec); // enjoy your DNSSEC
-    }
     else if(needWildcardProof && (rec.d_type==QType::RRSIG || rec.d_type==QType::NSEC || rec.d_type==QType::NSEC3) && rec.d_place==DNSResourceRecord::AUTHORITY) {
       ret.push_back(rec); // enjoy your DNSSEC
     }
@@ -1954,6 +1950,10 @@ bool SyncRes::processRecords(const std::string& prefix, const DNSName& qname, co
       done=true;
       ret.push_back(rec);
     }
+    else if((rec.d_type==QType::RRSIG || rec.d_type==QType::NSEC || rec.d_type==QType::NSEC3) && rec.d_place==DNSResourceRecord::ANSWER) {
+      if(rec.d_type != QType::RRSIG || rec.d_name == qname)
+        ret.push_back(rec); // enjoy your DNSSEC
+    }
     else if(rec.d_place==DNSResourceRecord::AUTHORITY && rec.d_type==QType::NS && qname.isPartOf(rec.d_name)) {
       if(moreSpecificThan(rec.d_name,auth)) {
         newauth=rec.d_name;