From 8c0f5e0934608b9a791b3d9680269418fd252988 Mon Sep 17 00:00:00 2001
From: Pieter Lexis <pieter.lexis@powerdns.com>
Date: Fri, 11 Jan 2019 15:00:16 +0100
Subject: [PATCH] getFakeAAAARecords: strip AUTHORITY SOA on A in ANSWER

---
 pdns/lua-recursor4.cc | 14 ++++++++++++++
 1 file changed, 14 insertions(+)

diff --git a/pdns/lua-recursor4.cc b/pdns/lua-recursor4.cc
index ddf7722203..a914109cf6 100644
--- a/pdns/lua-recursor4.cc
+++ b/pdns/lua-recursor4.cc
@@ -86,6 +86,7 @@ static int getFakeAAAARecords(const DNSName& qname, const std::string& prefix, v
         }),
       ret.end());
 
+  bool seenA = false;
   for(DNSRecord& rr :  ret)
   {
     if(rr.d_type == QType::A && rr.d_place==DNSResourceRecord::ANSWER) {
@@ -98,8 +99,21 @@ static int getFakeAAAARecords(const DNSName& qname, const std::string& prefix, v
         rr.d_content = std::make_shared<AAAARecordContent>(prefixAddress);
         rr.d_type = QType::AAAA;
       }
+      seenA = true;
     }
   }
+
+  if (seenA) {
+    // We've seen an A in the ANSWER section, so there is no need to keep any
+    // SOA in the AUTHORITY section as this is not a NODATA response.
+    ret.erase(std::remove_if(
+          ret.begin(),
+          ret.end(),
+          [](DNSRecord& rr) {
+            return (rr.d_type == QType::SOA && rr.d_place==DNSResourceRecord::AUTHORITY);
+          }),
+        ret.end());
+  }
   return rcode;
 }
 
-- 
2.47.2