lib/resolve creation of first query: fix a rare possible bug

qname here wasn't lower-cased, so the match might not be correct.
Still, practically all deployments use either root TA or none,
and these can't be affected.

diff --git a/lib/resolve.c b/lib/resolve.c
index 44fbef5889cb5b8af69c6354bb7267b0ac8b872a..0cef2f97c41ca16f587aeb5edfa5bf01a9ed2de6 100644 (file)
--- a/lib/resolve.c
+++ b/lib/resolve.c
@@ -776,7 +776,7 @@ static int resolve_query(struct kr_request *request, const knot_pkt_t *packet)
                qry->flags.AWAIT_CUT = true;
                /* Want DNSSEC if it's posible to secure this name (e.g. is covered by any TA) */
                if ((knot_wire_get_ad(packet->wire) || knot_pkt_has_dnssec(packet)) &&
-                   kr_ta_covers_qry(request->ctx, qname, qtype)) {
+                   kr_ta_covers_qry(request->ctx, qry->sname, qtype)) {
                        qry->flags.DNSSEC_WANT = true;
                }
        }