Remove out-of-zone-additional-processing

Closes #6461

diff --git a/docs/appendices/FAQ.rst b/docs/appendices/FAQ.rst
index 6abf0ac6df68a71b4b9d2df01d6cdd4443317d73..cc2c4b21c59085474368a9ea6713918fcd548fa9 100644 (file)
--- a/docs/appendices/FAQ.rst
+++ b/docs/appendices/FAQ.rst
@@ -37,12 +37,8 @@ Operational
 
 The ADDITIONAL is section different than BIND's answer, why?
 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
-My server is not answering with a verbose "ADDITIONAL SECTION" that includes A records for the namservers of the domain queried
-^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
 
 The PowerDNS Authoritative Server by default does not 'trust' other zones in its own database.
-You may want to add :ref:`setting-out-of-zone-additional-processing` to ``yes`` in your configuration to tell it to do so.
-If the domain your nameservers are in are known to the backend they will now be included in the additional section.
 
 PowerDNS does not give authoritative answers, how come?
 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

diff --git a/docs/settings.rst b/docs/settings.rst
index 0c6e3c85607c2cd6fc7617be115ba3bd9f4ffb96..441cd33681ff0ba9300d16e3c0c251757b8d368c 100644 (file)
--- a/docs/settings.rst
+++ b/docs/settings.rst
@@ -1107,6 +1107,9 @@ To notify all IP addresses apart from the 192.168.0.0/24 subnet use the followin
 ``out-of-zone-additional-processing``
 -------------------------------------
 
+.. versionchanged:: 4.2.0
+  This setting has been removed.
+
 -  Boolean
 -  Default: yes
 

diff --git a/pdns/common_startup.cc b/pdns/common_startup.cc
index 3cdfd32b7e0645417bace2b851b1cf523abfcb33..cd75fd223ace52c6d22de8d4bb161a36dd7a4ebd 100644 (file)
--- a/pdns/common_startup.cc
+++ b/pdns/common_startup.cc
@@ -150,7 +150,6 @@ void declareArguments()
   ::arg().set("webserver-password","Password required for accessing the webserver")="";
   ::arg().set("webserver-allow-from","Webserver/API access is only allowed from these subnets")="127.0.0.1,::1";
 
-  ::arg().setSwitch("out-of-zone-additional-processing","Do out of zone additional processing")="yes";
   ::arg().setSwitch("do-ipv6-additional-processing", "Do AAAA additional processing")="yes";
   ::arg().setSwitch("query-logging","Hint backends that queries should be logged")="no";
 

diff --git a/pdns/packethandler.cc b/pdns/packethandler.cc
index 415e283430d3303b86fdea0d54be5e0487dbf91a..48a0784f5461be7251cd4982a8e160271579ca5d 100644 (file)
--- a/pdns/packethandler.cc
+++ b/pdns/packethandler.cc
@@ -457,18 +457,17 @@ int PacketHandler::doAdditionalProcessingAndDropAA(DNSPacket *p, DNSPacket *r, c
         lookup = getRR<NSRecordContent>(i->dr)->getNS();
       else
         continue;
+
       B.lookup(QType(d_doIPv6AdditionalProcessing ? QType::ANY : QType::A), lookup, p);
 
       while(B.get(rr)) {
         if(rr.dr.d_type != QType::A && rr.dr.d_type!=QType::AAAA)
           continue;
-        if(rr.domain_id!=i->domain_id && ::arg()["out-of-zone-additional-processing"]=="no") {
-          DLOG(g_log<<Logger::Warning<<"Not including out-of-zone additional processing of "<<i->dr.d_name<<" ("<<rr.dr.d_name<<")"<<endl);
+        if(rr.domain_id!=i->domain_id || !rr.dr.d_name.isPartOf(soadata.qname)) {
+          // FIXME we might still pass on the record if it is occluded and the
+          // backend does not report a different ID
           continue; // not adding out-of-zone additional data
         }
-        
-        if(rr.auth && !rr.dr.d_name.isPartOf(soadata.qname)) // don't sign out of zone data using the main key 
-          rr.auth=false;
         rr.dr.d_place=DNSResourceRecord::ADDITIONAL;
         toAdd.push_back(rr);
       }