layer/validate: improvement in processing answers containing CNAME

diff --git a/lib/layer/validate.c b/lib/layer/validate.c
index 8cf8808ab4c69b42b98779761c7638c272aa8a87..2726d858235777b89457c788e86bea53fba722b4 100644 (file)
--- a/lib/layer/validate.c
+++ b/lib/layer/validate.c
@@ -705,6 +705,16 @@ static int check_signer(kr_layer_t *ctx, knot_pkt_t *pkt)
                if (qry->stype != KNOT_RRTYPE_DS) {
                        /* zone cut matches, but DS/DNSKEY doesn't => refetch. */
                        VERBOSE_MSG(qry, ">< cut changed, needs revalidation\n");
+                       if (qry->flags & QUERY_FORWARD) {
+                               struct kr_rplan *rplan = &req->rplan;
+                               struct kr_query *next = kr_rplan_push(rplan, qry, signer, qry->sclass, KNOT_RRTYPE_DS);
+                               if (!next) {
+                                       return KR_STATE_FAIL;
+                               }
+                               kr_zonecut_set(&next->zone_cut, qry->zone_cut.name);
+                               kr_zonecut_copy_trust(&next->zone_cut, &qry->zone_cut);
+                               next->flags |= QUERY_DNSSEC_WANT;
+                       }
                        return KR_STATE_YIELD;
                }
        }

diff --git a/lib/resolve.c b/lib/resolve.c
index 0dee8c461366b2d1b816a842bc1764d02c272a0b..3dc4383f9e66986aa4e2d0449d4514f47a433153 100644 (file)
--- a/lib/resolve.c
+++ b/lib/resolve.c
@@ -980,6 +980,10 @@ static int forward_trust_chain_check(struct kr_request *request, struct kr_query
                return KR_STATE_DONE;
        }
 
+       if (qry->parent == NULL && (qry->flags & QUERY_CNAME)) {
+               return KR_STATE_PRODUCE;
+       }
+
        bool nods = false;
        bool ds_req = false;
        bool ns_req = false;