From 32d24117b6f4a76a57231e175505c09811d36e5a Mon Sep 17 00:00:00 2001 From: Peter van Dijk Date: Tue, 4 Sep 2018 21:45:11 +0200 Subject: [PATCH] respond correctly to DS query at delegation in unsigned zone --- pdns/packethandler.cc | 4 ++-- .../tests/ds-at-unsecure-delegation/expected_result | 3 --- .../tests/ds-at-unsecure-delegation/expected_result.dnssec | 7 +++++++ .../tests/ds-at-unsecure-delegation/skip.nodnssec | 0 .../tests/ds-at-unsecure-zone-cut/expected_result | 3 --- .../tests/ds-at-unsecure-zone-cut/expected_result.dnssec | 7 +++++++ .../tests/ds-at-unsecure-zone-cut/skip.nodnssec | 0 7 files changed, 16 insertions(+), 8 deletions(-) create mode 100644 regression-tests/tests/ds-at-unsecure-delegation/expected_result.dnssec delete mode 100644 regression-tests/tests/ds-at-unsecure-delegation/skip.nodnssec create mode 100644 regression-tests/tests/ds-at-unsecure-zone-cut/expected_result.dnssec delete mode 100644 regression-tests/tests/ds-at-unsecure-zone-cut/skip.nodnssec diff --git a/pdns/packethandler.cc b/pdns/packethandler.cc index 36ad75e2ef..1299407cee 100644 --- a/pdns/packethandler.cc +++ b/pdns/packethandler.cc @@ -1435,8 +1435,8 @@ DNSPacket *PacketHandler::doQuestion(DNSPacket *p) DLOG(g_log<<"After first ANY query for '"<qtype.getCode() == QType::DS && weHaveUnauth && !weDone && !weRedirected && d_dk.isSecuredZone(sd.qname)) { - DLOG(g_log<<"Q for DS of a name for which we do have NS, but for which we don't have on a zone with DNSSEC need to provide an AUTH answer that proves we don't"<qtype.getCode() == QType::DS && weHaveUnauth && !weDone && !weRedirected) { + DLOG(g_log<<"Q for DS of a name for which we do have NS, but for which we don't have DS; need to provide an AUTH answer that shows we don't"<