From: Pieter Lexis Date: Tue, 12 Jan 2021 14:35:16 +0000 (+0100) Subject: auth: Serve NSEC3PARAM when asked without DO X-Git-Tag: rec-4.5.0-alpha1~2^2 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=refs%2Fpull%2F9958%2Fhead;p=thirdparty%2Fpdns.git auth: Serve NSEC3PARAM when asked without DO Closes #9877 --- diff --git a/pdns/packethandler.cc b/pdns/packethandler.cc index fd04e9f4a2..6ec607c94e 100644 --- a/pdns/packethandler.cc +++ b/pdns/packethandler.cc @@ -1362,7 +1362,7 @@ std::unique_ptr PacketHandler::doQuestion(DNSPacket& p) goto sendit; } } - if(d_dnssec && p.qtype.getCode() == QType::NSEC3PARAM) + if(p.qtype.getCode() == QType::NSEC3PARAM) { if(addNSEC3PARAM(p,r)) goto sendit; diff --git a/regression-tests/tests/direct-nsec3param/command b/regression-tests/tests/direct-nsec3param/command index e03b139e17..798c2e28e2 100755 --- a/regression-tests/tests/direct-nsec3param/command +++ b/regression-tests/tests/direct-nsec3param/command @@ -1,2 +1,3 @@ #!/bin/sh cleandig example.com NSEC3PARAM dnssec +cleandig example.com NSEC3PARAM diff --git a/regression-tests/tests/direct-nsec3param/expected_result b/regression-tests/tests/direct-nsec3param/expected_result index 6f4bef5154..8a0c13611e 100644 --- a/regression-tests/tests/direct-nsec3param/expected_result +++ b/regression-tests/tests/direct-nsec3param/expected_result @@ -2,3 +2,6 @@ 2 . IN OPT 32768 Rcode: 0 (No Error), RD: 0, QR: 1, TC: 0, AA: 1, opcode: 0 Reply to question for qname='example.com.', qtype=NSEC3PARAM +1 example.com. IN SOA 86400 ns1.example.com. ahu.example.com. 2847484148 28800 7200 604800 86400 +Rcode: 0 (No Error), RD: 0, QR: 1, TC: 0, AA: 1, opcode: 0 +Reply to question for qname='example.com.', qtype=NSEC3PARAM diff --git a/regression-tests/tests/direct-nsec3param/expected_result.dnssec b/regression-tests/tests/direct-nsec3param/expected_result.dnssec index 368bf82230..9a45f88526 100644 --- a/regression-tests/tests/direct-nsec3param/expected_result.dnssec +++ b/regression-tests/tests/direct-nsec3param/expected_result.dnssec @@ -5,3 +5,6 @@ 2 . IN OPT 32768 Rcode: 0 (No Error), RD: 0, QR: 1, TC: 0, AA: 1, opcode: 0 Reply to question for qname='example.com.', qtype=NSEC3PARAM +1 example.com. IN SOA 86400 ns1.example.com. ahu.example.com. 2847484148 28800 7200 604800 86400 +Rcode: 0 (No Error), RD: 0, QR: 1, TC: 0, AA: 1, opcode: 0 +Reply to question for qname='example.com.', qtype=NSEC3PARAM diff --git a/regression-tests/tests/direct-nsec3param/expected_result.narrow b/regression-tests/tests/direct-nsec3param/expected_result.narrow index 3b601e08d2..f86656c93b 100644 --- a/regression-tests/tests/direct-nsec3param/expected_result.narrow +++ b/regression-tests/tests/direct-nsec3param/expected_result.narrow @@ -3,3 +3,6 @@ 2 . IN OPT 32768 Rcode: 0 (No Error), RD: 0, QR: 1, TC: 0, AA: 1, opcode: 0 Reply to question for qname='example.com.', qtype=NSEC3PARAM +0 example.com. IN NSEC3PARAM 86400 1 0 1 abcd +Rcode: 0 (No Error), RD: 0, QR: 1, TC: 0, AA: 1, opcode: 0 +Reply to question for qname='example.com.', qtype=NSEC3PARAM diff --git a/regression-tests/tests/direct-nsec3param/expected_result.nsec3 b/regression-tests/tests/direct-nsec3param/expected_result.nsec3 index 3b601e08d2..f86656c93b 100644 --- a/regression-tests/tests/direct-nsec3param/expected_result.nsec3 +++ b/regression-tests/tests/direct-nsec3param/expected_result.nsec3 @@ -3,3 +3,6 @@ 2 . IN OPT 32768 Rcode: 0 (No Error), RD: 0, QR: 1, TC: 0, AA: 1, opcode: 0 Reply to question for qname='example.com.', qtype=NSEC3PARAM +0 example.com. IN NSEC3PARAM 86400 1 0 1 abcd +Rcode: 0 (No Error), RD: 0, QR: 1, TC: 0, AA: 1, opcode: 0 +Reply to question for qname='example.com.', qtype=NSEC3PARAM