From: Vladimír Čunát <vladimir.cunat@nic.cz>
Date: Tue, 30 Jan 2018 08:23:35 +0000 (+0100)
Subject: resolve: always send DO bit when iterating or forwarding
X-Git-Tag: v4.0.0~22^2~1
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=bfc8511bda59c06d6aa395378ab78fa7bd4d5072;p=thirdparty%2Fknot-resolver.git

resolve: always send DO bit when iterating or forwarding
---

diff --git a/NEWS b/NEWS
index ce7588b92..7c2a17c41 100644
--- a/NEWS
+++ b/NEWS
@@ -19,6 +19,7 @@ Improvements
 - policy module: policy.rpz() will watch the file for changes by default
 - packaging: lua cqueues added to default dependencies where available
 - systemd: service is no longer auto-restarted on configuration errors
+- always send DO+CD flags upstream, even in insecure zones
 
 Bugfixes
 --------
diff --git a/lib/resolve.c b/lib/resolve.c
index 1d4541d3d..c2c902875 100644
--- a/lib/resolve.c
+++ b/lib/resolve.c
@@ -698,13 +698,12 @@ static int query_finalize(struct kr_request *request, struct kr_query *qry, knot
 					knot_wire_set_cd(pkt->wire);
 				}
 			/* Full resolution (ask for +cd and +do) */
-			} else if (qry->flags.FORWARD) {
-				knot_wire_set_rd(pkt->wire);
-				knot_edns_set_do(pkt->opt_rr);
-				knot_wire_set_cd(pkt->wire);
-			} else if (qry->flags.DNSSEC_WANT) {
+			} else {
 				knot_edns_set_do(pkt->opt_rr);
 				knot_wire_set_cd(pkt->wire);
+				if (qry->flags.FORWARD) {
+					knot_wire_set_rd(pkt->wire);
+				}
 			}
 		}
 	}