From 0d6e7d9d31dcb56d2f596ae0774ae0a09bc27349 Mon Sep 17 00:00:00 2001
From: =?utf8?q?Marek=20Vavru=C5=A1a?= <mvavrusa@cloudflare.com>
Date: Wed, 1 Aug 2018 16:16:30 -0700
Subject: [PATCH] layer/iterate: do not change delegation on qname minimization
 failure

Before a server could change delegation when there was an NS record
for different name in the answer section. e.g.:

```
QNAME: test.example.com
ANSWER: else.example.com NS somewhere
```

The zone cut would change to else.example.com.
---
 daemon/network.h    | 1 -
 lib/layer/iterate.c | 3 ++-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/daemon/network.h b/daemon/network.h
index a47564fbc..548d61a23 100644
--- a/daemon/network.h
+++ b/daemon/network.h
@@ -55,7 +55,6 @@ struct network {
 	struct tls_session_ticket_ctx *tls_session_ticket_ctx;
 	struct net_tcp_param tcp;
     int tcp_backlog;
-	struct net_tcp_param tcp;
 };
 
 void network_init(struct network *net, uv_loop_t *loop, int tcp_backlog);
diff --git a/lib/layer/iterate.c b/lib/layer/iterate.c
index 0f032957f..02b17855a 100644
--- a/lib/layer/iterate.c
+++ b/lib/layer/iterate.c
@@ -453,7 +453,8 @@ static int process_authority(knot_pkt_t *pkt, struct kr_request *req)
 		for (unsigned i = 0; i < an->count; ++i) {
 			const knot_rrset_t *rr = knot_pkt_rr(an, i);
 			if (rr->type == KNOT_RRTYPE_NS
-			    && knot_dname_in_bailiwick(rr->owner, qry->zone_cut.name) > 0) {
+			    && knot_dname_in_bailiwick(rr->owner, qry->zone_cut.name) > 0
+			    && knot_dname_in_bailiwick(rr->owner, qry->sname) >= 0) {
 				/* NS below cut in authority indicates different authority,
 				 * but same NS set. */
 				qry->zone_cut.name = knot_dname_copy(rr->owner, &req->pool);
-- 
2.47.2