From: Pieter Lexis Date: Tue, 25 Oct 2016 15:25:19 +0000 (+0200) Subject: Handle CNAME at secure zone apex to secure zone X-Git-Tag: dnsdist-1.1.0-beta2~62^2~1 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=a672e9de73899ad036fc4f392243b5b21fe0cbbd;p=thirdparty%2Fpdns.git Handle CNAME at secure zone apex to secure zone Closes #4466 --- diff --git a/pdns/syncres.cc b/pdns/syncres.cc index 3b20a1693b..4a18ae7475 100644 --- a/pdns/syncres.cc +++ b/pdns/syncres.cc @@ -443,7 +443,7 @@ int SyncRes::doResolve(const DNSName &qname, const QType &qtype, vector& srcmask, LWResult* res); static void doEDNSDumpAndClose(int fd); @@ -371,6 +376,7 @@ public: bool d_wasVariable{false}; bool d_wasOutOfBand{false}; bool d_wantsRPZ{true}; + bool d_skipCNAMECheck{false}; typedef multi_index_container < NegCacheEntry, diff --git a/pdns/validate-recursor.cc b/pdns/validate-recursor.cc index 9da1c7847e..e6b6406442 100644 --- a/pdns/validate-recursor.cc +++ b/pdns/validate-recursor.cc @@ -19,6 +19,8 @@ public: sr.setId(MT->getTid()); vector ret; sr.d_doDNSSEC=true; + if (qtype == QType::DS || qtype == QType::DNSKEY || qtype == QType::NS) + sr.setSkipCNAMECheck(true); sr.beginResolve(qname, QType(qtype), 1, ret); d_queries += sr.d_outqueries; return ret;