]> git.ipfire.org Git - thirdparty/knot-resolver.git/commitdiff
projects / thirdparty / knot-resolver.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: df31c43)
lib/resolve: worked around bug with multiple TAs
authorMarek Vavrusa <marek@vavrusa.com>
Thu, 10 Mar 2016 17:52:49 +0000 (17:52 +0000)
committerMarek Vavrusa <marek@vavrusa.com>
Thu, 10 Mar 2016 17:52:49 +0000 (17:52 +0000)
lib/resolve.c patch | blob | blame | history

diff --git a/lib/resolve.c b/lib/resolve.c
index 6e27de2935bd4d617d5b1a987b059cdf88ef5503..9b7416d2e5f68348fc77696d92c37430f8ece17d 100644 (file)
--- a/lib/resolve.c
+++ b/lib/resolve.c
@@ -322,11 +322,13 @@ static int answer_finalize(struct kr_request *request, int state)
                }
        }
        /* Set AD=1 if succeeded and requested secured answer. */
+       const bool has_ad = knot_wire_get_ad(answer->wire);
+       knot_wire_clear_ad(answer->wire);
        if (state == KNOT_STATE_DONE && rplan->resolved.len > 0) {
                struct kr_query *last = array_tail(rplan->resolved);
                /* Do not set AD for RRSIG query, as we can't validate it. */
-               const bool dnssec_ok = (last->flags & QUERY_DNSSEC_WANT) && !(last->flags & QUERY_DNSSEC_INSECURE);
-               if (dnssec_ok && knot_pkt_qtype(answer) != KNOT_RRTYPE_RRSIG) {
+               const bool secure = (last->flags & QUERY_DNSSEC_WANT) && !(last->flags & QUERY_DNSSEC_INSECURE);
+               if (has_ad && secure && knot_pkt_qtype(answer) != KNOT_RRTYPE_RRSIG) {
                        knot_wire_set_ad(answer->wire);
                }
        }
@@ -404,6 +406,9 @@ static int resolve_query(struct kr_request *request, const knot_pkt_t *packet)
        knot_wire_clear_aa(answer->wire);
        knot_wire_set_ra(answer->wire);
        knot_wire_set_rcode(answer->wire, KNOT_RCODE_NOERROR);
+       if (qry->flags & QUERY_DNSSEC_WANT) {
+               knot_wire_set_ad(answer->wire);
+       }
 
        /* Expect answer, pop if satisfied immediately */
        ITERATE_LAYERS(request, qry, begin, request);
Mirror of https://gitlab.nic.cz/knot/knot-resolver.git