]> git.ipfire.org Git - thirdparty/pdns.git/commitdiff
projects / thirdparty / pdns.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw (from parent 1: 0673455)
Merge pull request #8779 from Habbie/empty-ixfr-soa-rrsig
authorPeter van Dijk <peter.van.dijk@powerdns.com>
Fri, 14 Feb 2020 12:46:54 +0000 (13:46 +0100)
committerGitHub <noreply@github.com>
Fri, 14 Feb 2020 12:46:54 +0000 (13:46 +0100)
IXFR: only sign SOA in empty response for +DO queries

pdns/tcpreceiver.cc patch | blob | blame | history

diff --git a/pdns/tcpreceiver.cc b/pdns/tcpreceiver.cc
index 94843022aeac434327a835adf9ea14bd6cbbb550..1f3e5f2bc568dc63933e52b129ea7ba010604686 100644 (file)
--- a/pdns/tcpreceiver.cc
+++ b/pdns/tcpreceiver.cc
@@ -1168,7 +1168,7 @@ int TCPNameserver::doIXFR(std::unique_ptr<DNSPacket>& q, int outsock)
     DLOG(g_log<<"Sending out SOA"<<endl);
     DNSZoneRecord soa = makeEditedDNSZRFromSOAData(dk, sd);
     outpacket->addRecord(soa);
-    if(securedZone) {
+    if(securedZone && outpacket->d_dnssecOk) {
       set<DNSName> authSet;
       authSet.insert(target);
       addRRSigs(dk, signatureDB, authSet, outpacket->getRRS());
Unnamed repository; edit this file 'description' to name the repository.