From: Grigorii Demidov <grigorii.demidov@nic.cz>
Date: Thu, 22 Jun 2017 12:56:52 +0000 (+0200)
Subject: lib/resolve: bugfixes for forwarding mode
X-Git-Tag: v1.3.1^2~1
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=f9b2e2b1c6f678f033825ad2385334dd9b632407;p=thirdparty%2Fknot-resolver.git

lib/resolve: bugfixes for forwarding mode

unecessary queries in some circumstances; some minor bugfixes
---

diff --git a/lib/layer/validate.c b/lib/layer/validate.c
index 66e16f08c..0fa41ab90 100644
--- a/lib/layer/validate.c
+++ b/lib/layer/validate.c
@@ -316,7 +316,7 @@ static int update_parent_keys(struct kr_request *req, uint16_t answer_type)
 					mark_insecure_parents(qry);
 				}
 			}
-		} else if ((qry->flags & (QUERY_DNSSEC_NODS | QUERY_FORWARD | QUERY_DNSSEC_OPTOUT)) ==
+		} else if ((qry->flags & (QUERY_DNSSEC_NODS | QUERY_FORWARD)) ==
 			   (QUERY_DNSSEC_NODS | QUERY_FORWARD)) {
 			int ret = kr_dnssec_matches_name_and_type(&req->auth_selected, qry->uid,
 								  qry->sname, KNOT_RRTYPE_NS);
diff --git a/lib/resolve.c b/lib/resolve.c
index ac6f731c7..3b2c008c7 100644
--- a/lib/resolve.c
+++ b/lib/resolve.c
@@ -1007,10 +1007,6 @@ static int forward_trust_chain_check(struct kr_request *request, struct kr_query
 		return KR_STATE_DONE;
 	}
 
-	if (qry->parent == NULL && (qry->flags & QUERY_CNAME)) {
-		return KR_STATE_PRODUCE;
-	}
-
 	bool nods = false;
 	bool ds_req = false;
 	bool ns_req = false;
@@ -1041,19 +1037,22 @@ static int forward_trust_chain_check(struct kr_request *request, struct kr_query
 			    knot_dname_is_equal(q->sname, wanted_name)) {
 				if (q->stype == KNOT_RRTYPE_DS) {
 					ds_req = true;
-					if (qry->flags & QUERY_DNSSEC_NODS) {
+					if (q->flags & QUERY_DNSSEC_NODS) {
 						nods = true;
 					}
-					if (qry->flags & QUERY_CNAME) {
+					if (q->flags & QUERY_CNAME) {
 						nods = true;
-						ns_req = true;
-					}
-					if (!(q->flags & QUERY_DNSSEC_OPTOUT)) {
+						ns_exist = false;
+					} else if (!(q->flags & QUERY_DNSSEC_OPTOUT)) {
 						int ret = kr_dnssec_matches_name_and_type(&request->auth_selected, q->uid,
 											  wanted_name, KNOT_RRTYPE_NS);
 						ns_exist = (ret == kr_ok());
 					}
 				} else {
+					if (q->flags & QUERY_CNAME) {
+						nods = true;
+						ns_exist = false;
+					}
 					ns_req = true;
 				}
 			}
@@ -1068,6 +1067,11 @@ static int forward_trust_chain_check(struct kr_request *request, struct kr_query
 			return KR_STATE_DONE;
 		}
 
+		if (qry->parent == NULL && (qry->flags & QUERY_CNAME) &&
+		    ds_req && ns_req) {
+			return KR_STATE_PRODUCE;
+		}
+
 		if ((qry->stype == KNOT_RRTYPE_DS) &&
 	            knot_dname_is_equal(wanted_name, qry->sname)) {
 			nods = true;