From: Grigorii Demidov <grigorii.demidov@nic.cz>
Date: Thu, 1 Jun 2017 12:13:47 +0000 (+0200)
Subject: layer/validate: improvement in processing answers containing CNAME
X-Git-Tag: 1.3.0-rc1~3
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=9f1890d4197aa6fb84efe7509648ed116d2c25ba;p=thirdparty%2Fknot-resolver.git

layer/validate: improvement in processing answers containing CNAME
---

diff --git a/lib/layer/validate.c b/lib/layer/validate.c
index 8cf8808ab..2726d8582 100644
--- a/lib/layer/validate.c
+++ b/lib/layer/validate.c
@@ -705,6 +705,16 @@ static int check_signer(kr_layer_t *ctx, knot_pkt_t *pkt)
 		if (qry->stype != KNOT_RRTYPE_DS) {
 			/* zone cut matches, but DS/DNSKEY doesn't => refetch. */
 			VERBOSE_MSG(qry, ">< cut changed, needs revalidation\n");
+			if (qry->flags & QUERY_FORWARD) {
+				struct kr_rplan *rplan = &req->rplan;
+				struct kr_query *next = kr_rplan_push(rplan, qry, signer, qry->sclass, KNOT_RRTYPE_DS);
+				if (!next) {
+					return KR_STATE_FAIL;
+				}
+				kr_zonecut_set(&next->zone_cut, qry->zone_cut.name);
+				kr_zonecut_copy_trust(&next->zone_cut, &qry->zone_cut);
+				next->flags |= QUERY_DNSSEC_WANT;
+			}
 			return KR_STATE_YIELD;
 		}
 	}
diff --git a/lib/resolve.c b/lib/resolve.c
index 0dee8c461..3dc4383f9 100644
--- a/lib/resolve.c
+++ b/lib/resolve.c
@@ -980,6 +980,10 @@ static int forward_trust_chain_check(struct kr_request *request, struct kr_query
 		return KR_STATE_DONE;
 	}
 
+	if (qry->parent == NULL && (qry->flags & QUERY_CNAME)) {
+		return KR_STATE_PRODUCE;
+	}
+
 	bool nods = false;
 	bool ds_req = false;
 	bool ns_req = false;