void PacketHandler::completeANYRecords(DNSPacket *p, DNSPacket*r, SOAData& sd, const string &target)
{
if(!p->d_dnssecOk)
- ; // cerr<<"Need to add all the RRSIGs too for '"<<target<<"', should do this manually since DNSSEC was not requested"<<endl;
- // cerr<<"Need to add all the NSEC too.."<<endl; /// XXX FIXME THE ABOVE IF IS WEIRD
+ return; // Don't send dnssec info to non validating resolvers.
if(!d_dk.isSecuredZone(sd.qname))
return;
weDone = weRedirected = weHaveUnauth = 0;
while(B.get(rr)) {
- if (p->qtype.getCode() == QType::ANY && rr.qtype.getCode() == QType::RRSIG) // RRSIGS are added later any way.
- continue; //TODO: this actually means addRRSig should check if the RRSig is already there.
+ if (p->qtype.getCode() == QType::ANY) {
+ if (rr.qtype.getCode() == QType::RRSIG) // RRSIGS are added later any way.
+ continue; // TODO: this actually means addRRSig should check if the RRSig is already there.
+ if (!p->d_dnssecOk && (rr.qtype.getCode() == QType:: DNSKEY || rr.qtype.getCode() == QType::NSEC3PARAM))
+ continue; // Don't send dnssec info to non validating resolvers.
+ }
if(rr.qtype.getCode() == QType::DS)
rr.auth = 1;
+++ /dev/null
-0 example.com. IN DNSKEY 86400 256 3 8 ...
-0 example.com. IN DNSKEY 86400 256 3 8 ...
-0 example.com. IN DNSKEY 86400 257 3 8 ...
-0 example.com. IN MX 120 10 smtp-servers.example.com.
-0 example.com. IN MX 120 15 smtp-servers.test.com.
-0 example.com. IN NS 120 ns1.example.com.
-0 example.com. IN NS 120 ns2.example.com.
-0 example.com. IN SOA 100000 ns1.example.com. ahu.example.com. 2000081501 28800 7200 604800 86400
-2 . IN OPT 0
-2 ns1.example.com. IN A 120 192.168.1.1
-2 ns2.example.com. IN A 120 192.168.1.2
-2 smtp-servers.example.com. IN A 120 192.168.0.2
-2 smtp-servers.example.com. IN A 120 192.168.0.3
-2 smtp-servers.example.com. IN A 120 192.168.0.4
-Rcode: 0, RD: 0, QR: 1, TC: 0, AA: 1, opcode: 0
-Reply to question for qname='example.com.', qtype=ANY
+++ /dev/null
-0 example.com. IN DNSKEY 86400 256 3 8 ...
-0 example.com. IN DNSKEY 86400 256 3 8 ...
-0 example.com. IN DNSKEY 86400 257 3 8 ...
-0 example.com. IN MX 120 10 smtp-servers.example.com.
-0 example.com. IN MX 120 15 smtp-servers.test.com.
-0 example.com. IN NS 120 ns1.example.com.
-0 example.com. IN NS 120 ns2.example.com.
-0 example.com. IN NSEC3PARAM 86400 1 0 1 abcd
-0 example.com. IN SOA 100000 ns1.example.com. ahu.example.com. 2000081501 28800 7200 604800 86400
-2 . IN OPT 0
-2 ns1.example.com. IN A 120 192.168.1.1
-2 ns2.example.com. IN A 120 192.168.1.2
-2 smtp-servers.example.com. IN A 120 192.168.0.2
-2 smtp-servers.example.com. IN A 120 192.168.0.3
-2 smtp-servers.example.com. IN A 120 192.168.0.4
-Rcode: 0, RD: 0, QR: 1, TC: 0, AA: 1, opcode: 0
-Reply to question for qname='example.com.', qtype=ANY
+++ /dev/null
-0 example.com. IN DNSKEY 86400 256 3 8 ...
-0 example.com. IN DNSKEY 86400 256 3 8 ...
-0 example.com. IN DNSKEY 86400 257 3 8 ...
-0 example.com. IN MX 120 10 smtp-servers.example.com.
-0 example.com. IN MX 120 15 smtp-servers.test.com.
-0 example.com. IN NS 120 ns1.example.com.
-0 example.com. IN NS 120 ns2.example.com.
-0 example.com. IN NSEC3PARAM 86400 1 0 1 abcd
-0 example.com. IN SOA 100000 ns1.example.com. ahu.example.com. 2000081501 28800 7200 604800 86400
-2 . IN OPT 0
-2 ns1.example.com. IN A 120 192.168.1.1
-2 ns2.example.com. IN A 120 192.168.1.2
-2 smtp-servers.example.com. IN A 120 192.168.0.2
-2 smtp-servers.example.com. IN A 120 192.168.0.3
-2 smtp-servers.example.com. IN A 120 192.168.0.4
-Rcode: 0, RD: 0, QR: 1, TC: 0, AA: 1, opcode: 0
-Reply to question for qname='example.com.', qtype=ANY
projects / thirdparty / pdns.git / commitdiff
