]> git.ipfire.org Git - thirdparty/pdns.git/commitdiff
projects / thirdparty / pdns.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: afe362f)
IXFR: only sign SOA in empty response for +DO queries 8779/head
authorPeter van Dijk <peter.van.dijk@powerdns.com>
Tue, 4 Feb 2020 08:15:58 +0000 (09:15 +0100)
committerPeter van Dijk <peter.van.dijk@powerdns.com>
Tue, 4 Feb 2020 08:15:58 +0000 (09:15 +0100)
pdns/tcpreceiver.cc patch | blob | blame | history

diff --git a/pdns/tcpreceiver.cc b/pdns/tcpreceiver.cc
index 18739a92bef399877396a37990137c0ee720a818..e5ac77c4c8b41adc21a05392d23e3f07af1aaf5b 100644 (file)
--- a/pdns/tcpreceiver.cc
+++ b/pdns/tcpreceiver.cc
@@ -1168,7 +1168,7 @@ int TCPNameserver::doIXFR(std::unique_ptr<DNSPacket>& q, int outsock)
     DLOG(g_log<<"Sending out SOA"<<endl);
     DNSZoneRecord soa = makeEditedDNSZRFromSOAData(dk, sd);
     outpacket->addRecord(soa);
-    if(securedZone) {
+    if(securedZone && outpacket->d_dnssecOk) {
       set<DNSName> authSet;
       authSet.insert(target);
       addRRSigs(dk, signatureDB, authSet, outpacket->getRRS());
Unnamed repository; edit this file 'description' to name the repository.