From: Robin Geuze <robing@transip.nl>
Date: Fri, 13 Mar 2020 12:09:10 +0000 (+0100)
Subject: Fix it so NSEC and NSEC3 records will not include DNSKEY in the typemap if there... 
X-Git-Tag: auth-4.3.0-rc2^2~1
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=768394b0838e2354c76c593d8eb43f37ee8e8255;p=thirdparty%2Fpdns.git

Fix it so NSEC and NSEC3 records will not include DNSKEY in the typemap if there are no published DNSKEY records

(cherry picked from commit b8f6caa13c261a9994a3bb50a27dfae3a96c7d84)
---

diff --git a/pdns/packethandler.cc b/pdns/packethandler.cc
index 580039217b..2fca6494f4 100644
--- a/pdns/packethandler.cc
+++ b/pdns/packethandler.cc
@@ -504,7 +504,10 @@ void PacketHandler::emitNSEC(std::unique_ptr<DNSPacket>& r, const SOAData& sd, c
   nrc.set(QType::RRSIG);
   if(sd.qname == name) {
     nrc.set(QType::SOA); // 1dfd8ad SOA can live outside the records table
-    nrc.set(QType::DNSKEY);
+    auto keyset = d_dk.getKeys(name);
+    if (!keyset.empty()) {
+      nrc.set(QType::DNSKEY);
+    }
     string publishCDNSKEY;
     d_dk.getPublishCDNSKEY(name, publishCDNSKEY);
     if (publishCDNSKEY == "1")
@@ -553,7 +556,10 @@ void PacketHandler::emitNSEC3(std::unique_ptr<DNSPacket>& r, const SOAData& sd,
     if (sd.qname == name) {
       n3rc.set(QType::SOA); // 1dfd8ad SOA can live outside the records table
       n3rc.set(QType::NSEC3PARAM);
-      n3rc.set(QType::DNSKEY);
+      auto keyset = d_dk.getKeys(name);
+      if (!keyset.empty()) {
+        n3rc.set(QType::DNSKEY);
+      }
       string publishCDNSKEY;
       d_dk.getPublishCDNSKEY(name, publishCDNSKEY);
       if (publishCDNSKEY == "1")