No CD in forwarded queries unless dnssec-debug for TCP too.

author Simon Kelley <simon@thekelleys.org.uk>

Thu, 13 Feb 2014 16:42:02 +0000 (16:42 +0000)

committer Simon Kelley <simon@thekelleys.org.uk>

Thu, 13 Feb 2014 16:42:02 +0000 (16:42 +0000)
author Simon Kelley <simon@thekelleys.org.uk>
Thu, 13 Feb 2014 16:42:02 +0000 (16:42 +0000)
committer Simon Kelley <simon@thekelleys.org.uk>
Thu, 13 Feb 2014 16:42:02 +0000 (16:42 +0000)
diff --git a/src/forward.c b/src/forward.c

index 27f619b2f47780e9c1d6ac3a257f403cffc495ef..1b6f80eda37cfcea24927b88d730a3d899f27771 100644 (file)
--- a/src/forward.c
+++ b/src/forward.c
@@ -1431,7 +1431,10 @@ unsigned char *tcp_request(int confd, time_t now,
                           if (option_bool(OPT_DNSSEC_VALID))
                             {
                               size = add_do_bit(header, size, ((char *) header) + 65536);
-                             header->hb4 |= HB4_CD;
+                             /* For debugging, set Checking Disabled, otherwise, have the upstream check too,
+                                this allows it to select auth servers when one is returning bad data. */
+                             if (option_bool(OPT_DNSSEC_DEBUG))
+                               header->hb4 |= HB4_CD;
                             }
  #endif
author	Simon Kelley <simon@thekelleys.org.uk>
	Thu, 13 Feb 2014 16:42:02 +0000 (16:42 +0000)
committer	Simon Kelley <simon@thekelleys.org.uk>
	Thu, 13 Feb 2014 16:42:02 +0000 (16:42 +0000)