From: Grigorii Demidov <grigorii.demidov@nic.cz>
Date: Wed, 7 Jun 2017 10:31:39 +0000 (+0200)
Subject: lib/resolve: clear AD flag if there are CNAMEs synthesized from wildcard covered... 
X-Git-Tag: v1.3.0~5^2
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=527577dd2251247ec05704519bfa6a095ab9f4fe;p=thirdparty%2Fknot-resolver.git

lib/resolve: clear AD flag if there are CNAMEs synthesized from wildcard covered by optouted NSEC3
---

diff --git a/lib/resolve.c b/lib/resolve.c
index 3dc4383f9..d24b6c1c9 100644
--- a/lib/resolve.c
+++ b/lib/resolve.c
@@ -636,6 +636,17 @@ static int answer_finalize(struct kr_request *request, int state)
 		knot_wire_clear_ad(answer->wire);
 	}
 
+	if (last) {
+		struct kr_query *cname_parent = last->cname_parent;
+		while (cname_parent != NULL) {
+			if (cname_parent->flags & QUERY_DNSSEC_OPTOUT) {
+				knot_wire_clear_ad(answer->wire);
+				break;
+			}
+			cname_parent = cname_parent->cname_parent;
+		}
+	}
+
 	return ret;
 }