From: Robin Geuze <robing@transip.nl>
Date: Fri, 13 Mar 2020 12:09:10 +0000 (+0100)
Subject: Fix it so NSEC and NSEC3 records will not include DNSKEY in the typemap if there... 
X-Git-Tag: dnsdist-1.5.0-alpha1~14^2~1
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=b8f6caa13c261a9994a3bb50a27dfae3a96c7d84;p=thirdparty%2Fpdns.git

Fix it so NSEC and NSEC3 records will not include DNSKEY in the typemap if there are no published DNSKEY records
---

diff --git a/pdns/packethandler.cc b/pdns/packethandler.cc
index 197bab40a5..b37ca9d83c 100644
--- a/pdns/packethandler.cc
+++ b/pdns/packethandler.cc
@@ -506,7 +506,10 @@ void PacketHandler::emitNSEC(std::unique_ptr<DNSPacket>& r, const SOAData& sd, c
   nrc.set(QType::RRSIG);
   if(sd.qname == name) {
     nrc.set(QType::SOA); // 1dfd8ad SOA can live outside the records table
-    nrc.set(QType::DNSKEY);
+    auto keyset = d_dk.getKeys(name);
+    if (!keyset.empty()) {
+      nrc.set(QType::DNSKEY);
+    }
     string publishCDNSKEY;
     d_dk.getPublishCDNSKEY(name, publishCDNSKEY);
     if (publishCDNSKEY == "1")
@@ -555,7 +558,10 @@ void PacketHandler::emitNSEC3(std::unique_ptr<DNSPacket>& r, const SOAData& sd,
     if (sd.qname == name) {
       n3rc.set(QType::SOA); // 1dfd8ad SOA can live outside the records table
       n3rc.set(QType::NSEC3PARAM);
-      n3rc.set(QType::DNSKEY);
+      auto keyset = d_dk.getKeys(name);
+      if (!keyset.empty()) {
+        n3rc.set(QType::DNSKEY);
+      }
       string publishCDNSKEY;
       d_dk.getPublishCDNSKEY(name, publishCDNSKEY);
       if (publishCDNSKEY == "1")