From: Vladimír Čunát <vladimir.cunat@nic.cz>
Date: Tue, 29 Nov 2022 10:40:09 +0000 (+0100)
Subject: policy.STUB: avoid copying +dnssec flag from client to upstream
X-Git-Tag: v5.6.0~9^2
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=fab10d1ea09ba781393ec7e0e7f401c8b391a598;p=thirdparty%2Fknot-resolver.git

policy.STUB: avoid copying +dnssec flag from client to upstream

I can't see any motivation for the copying behavior,
and it made caching non-deterministic.
---

diff --git a/NEWS b/NEWS
index 4d0b009d0..46cfe27e0 100644
--- a/NEWS
+++ b/NEWS
@@ -5,6 +5,7 @@ Improvements
 ------------
 - depend on jemalloc, preferably, to improve memory usage (!1353)
 - policy.STUB: avoid applying aggressive DNSSEC denial proofs (!1364)
+- policy.STUB: avoid copying +dnssec flag from client to upstream (!1364)
 
 Bugfixes
 --------
diff --git a/lib/resolve.c b/lib/resolve.c
index 877b078a3..bd38a5f5d 100644
--- a/lib/resolve.c
+++ b/lib/resolve.c
@@ -619,11 +619,8 @@ static int query_finalize(struct kr_request *request, struct kr_query *qry, knot
 	ret = edns_create(pkt, request);
 	if (ret) return ret;
 	if (qry->flags.STUB) {
-		/* Stub resolution (ask for +rd and +do) */
+		/* Stub resolution */
 		knot_wire_set_rd(pkt->wire);
-		if (knot_pkt_has_dnssec(request->qsource.packet)) {
-			knot_edns_set_do(pkt->opt_rr);
-		}
 		if (knot_wire_get_cd(request->qsource.packet->wire)) {
 			knot_wire_set_cd(pkt->wire);
 		}