Fix 'bogus proof of DS non-existence' for non-existant DS records in the cache

diff --git a/lib/layer/rrcache.c b/lib/layer/rrcache.c
index d254d9afc65142acffccecd62601747b1f712fd9..8c33b4f84d4fcb1b3fb7dbe803540c9c57ede7e3 100644 (file)
--- a/lib/layer/rrcache.c
+++ b/lib/layer/rrcache.c
@@ -183,8 +183,9 @@ static int commit_rr(const char *key, void *val, void *data)
        if (rr->type != KNOT_RRTYPE_NS || (rank & KR_RANK_AUTH)) {
                if (baton->qry->flags & QUERY_DNSSEC_WANT)
                        rank |= KR_RANK_SECURE;
-               if (baton->qry->flags & QUERY_DNSSEC_INSECURE)
-                       rank |= KR_RANK_INSECURE;
+       }
+       if (baton->qry->flags & QUERY_DNSSEC_INSECURE) {
+               rank |= KR_RANK_INSECURE;
        }
        if (KEY_COVERING_RRSIG(key)) {
                return commit_rrsig(baton, rank, rr);