From: Lennart Poettering <lennart@poettering.net>
Date: Mon, 14 Dec 2015 20:22:40 +0000 (+0100)
Subject: resolved: always consider NSEC/NSEC3 RRs as "primary"
X-Git-Tag: v229~206^2~4
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=24a5b982cf5aac97488eb94dba18d71e8b2b411a;p=thirdparty%2Fsystemd.git

resolved: always consider NSEC/NSEC3 RRs as "primary"

It's not OK to drop these for our proof of non-existance checks.
---

diff --git a/src/resolve/resolved-dns-transaction.c b/src/resolve/resolved-dns-transaction.c
index 82b49c14405..045627340b6 100644
--- a/src/resolve/resolved-dns-transaction.c
+++ b/src/resolve/resolved-dns-transaction.c
@@ -1288,7 +1288,10 @@ static int dns_transaction_is_primary_response(DnsTransaction *t, DnsResourceRec
 
         /* Check if the specified RR is the "primary" response,
          * i.e. either matches the question precisely or is a
-         * CNAME/DNAME for it */
+         * CNAME/DNAME for it, or is any kind of NSEC/NSEC3 RR */
+
+        if (IN_SET(rr->key->type, DNS_TYPE_NSEC, DNS_TYPE_NSEC3))
+                return 1;
 
         r = dns_resource_key_match_rr(t->key, rr, NULL);
         if (r != 0)