auth: do not set ordername during rectify of non-dnssec zones

diff --git a/pdns/dbdnsseckeeper.cc b/pdns/dbdnsseckeeper.cc
index 7303b038380270c9a058493257920f15e3016b8e..f985cc3266e115b53ca91c9747affd705bff8304 100644 (file)
--- a/pdns/dbdnsseckeeper.cc
+++ b/pdns/dbdnsseckeeper.cc
@@ -667,11 +667,13 @@ bool DNSSECKeeper::rectifyZone(const DNSName& zone, string& error, string& info,
   }
 
   NSEC3PARAMRecordContent ns3pr;
-  bool narrow;
-  bool haveNSEC3 = getNSEC3PARAM(zone, &ns3pr, &narrow);
-  bool isOptOut = (haveNSEC3 && ns3pr.d_flags);
+  bool securedZone = isSecuredZone(zone);
+  bool haveNSEC3 = false, isOptOut = false, narrow = false;
+
+  if(securedZone) {
+    haveNSEC3 = getNSEC3PARAM(zone, &ns3pr, &narrow);
+    isOptOut = (haveNSEC3 && ns3pr.d_flags);
 
-  if(isSecuredZone(zone)) {
     if(!haveNSEC3) {
       infostream<<"Adding NSEC ordering information ";
     }
@@ -749,7 +751,7 @@ bool DNSSECKeeper::rectifyZone(const DNSName& zone, string& error, string& info,
       } else if(!realrr)
         auth=false;
     }
-    else if (realrr) // NSEC
+    else if (realrr && securedZone) // NSEC
       ordername=qname.makeRelative(zone);
 
     sd.db->updateDNSSECOrderNameAndAuth(sd.domain_id, qname, ordername, auth);