process_query: don't try to evaluate automatic ACL if disabled

diff --git a/src/knot/nameserver/process_query.c b/src/knot/nameserver/process_query.c
index faa7e4e17fd4208086402159e580394c6de4b0a4..b8dd17757fffa21f75ea8744435ea3678772dbfe 100644 (file)
--- a/src/knot/nameserver/process_query.c
+++ b/src/knot/nameserver/process_query.c
@@ -723,7 +723,7 @@ bool process_query_acl_check(conf_t *conf, acl_action_t action,
        default:                     tls_session = NULL;
        }
 
-       if (action != ACL_ACTION_UPDATE) {
+       if (conf->cache.srv_auto_acl && action != ACL_ACTION_UPDATE) {
                // ACL_ACTION_QUERY is used for SOA/refresh query.
                assert(action == ACL_ACTION_QUERY || action == ACL_ACTION_NOTIFY ||
                       action == ACL_ACTION_TRANSFER);