]> git.ipfire.org Git - thirdparty/pdns.git/commitdiff
projects / thirdparty / pdns.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 4896530)
Update pdns/packethandler.cc 15451/head
authorMiod Vallat <miod.vallat@powerdns.com>
Wed, 23 Apr 2025 13:18:27 +0000 (15:18 +0200)
committerGitHub <noreply@github.com>
Wed, 23 Apr 2025 13:18:27 +0000 (15:18 +0200)
No need to complain about the lack of DNSSEC if NSEC3 narrow mode.

Co-authored-by: Peter van Dijk <peter.van.dijk@powerdns.com>
pdns/packethandler.cc patch | blob | blame | history

diff --git a/pdns/packethandler.cc b/pdns/packethandler.cc
index 035a091780dba31bc4d8afce5506ca9c773264d1..c3c6215842a9fb312d56023bce383958d1d3ca03 100644 (file)
--- a/pdns/packethandler.cc
+++ b/pdns/packethandler.cc
@@ -885,7 +885,7 @@ void PacketHandler::addNSEC3(DNSPacket& p, std::unique_ptr<DNSPacket>& r, const
     }
   }
 
-  if (!d_sd.db->doesDNSSEC()) {
+  if (!d_sd.db->doesDNSSEC() && !narrow) {
     // We are in a configuration where the zone is primarily served by a
     // non-DNSSEC-capable backend, but DNSSEC keys have been added to the
     // zone in a second, DNSSEC-capable backend, which caused d_dnssec to
Unnamed repository; edit this file 'description' to name the repository.