#endif
unsigned int gotname = extract_request(header, plen, daemon->namebuff, NULL);
- /* RFC 4035: sect 4.6 para 2 */
- header->hb4 &= ~HB4_AD;
-
/* may be no servers available. */
if (!daemon->servers)
forward = NULL;
if ((checking_disabled = header->hb4 & HB4_CD))
no_cache_dnssec = 1;
- /* RFC 4035: sect 4.6 para 2 */
- header->hb4 &= ~HB4_AD;
-
if ((gotname = extract_request(header, (unsigned int)size, daemon->namebuff, &qtype)))
{
#ifdef HAVE_AUTH
struct mx_srv_record *rec;
size_t len;
- /* Don't return AD set even for local data if checking disabled. */
+ /* Don't return AD set if checking disabled. */
if (header->hb4 & HB4_CD)
sec_data = 0;
header->ancount = htons(anscount);
header->nscount = htons(0);
header->arcount = htons(addncount);
+
+ /* RFC 6840 5.7 */
+ if (header->hb4 & HB4_AD)
+ sec_reqd = 1;
header->hb4 &= ~HB4_AD;
+
len = ansp - (unsigned char *)header;
if (have_pseudoheader)
- {
- len = add_pseudoheader(header, len, (unsigned char *)limit, 0, NULL, 0, sec_reqd);
- if (sec_reqd && sec_data)
- header->hb4 |= HB4_AD;
-
- }
+ len = add_pseudoheader(header, len, (unsigned char *)limit, 0, NULL, 0, sec_reqd);
+
+ if (sec_reqd && sec_data)
+ header->hb4 |= HB4_AD;
return len;
}