From: Vladimír Čunát <vladimir.cunat@nic.cz>
Date: Mon, 3 Apr 2017 11:50:39 +0000 (+0200)
Subject: rrcache: fix code that was missed by mistake
X-Git-Tag: v1.3.0~23^2~30
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=a14dbcb4073fbc813aed80143e1d695b1fd9b3be;p=thirdparty%2Fknot-resolver.git

rrcache: fix code that was missed by mistake
---

diff --git a/lib/layer/rrcache.c b/lib/layer/rrcache.c
index cd8b9f5e9..ac54db38c 100644
--- a/lib/layer/rrcache.c
+++ b/lib/layer/rrcache.c
@@ -243,26 +243,13 @@ static int commit_rr(const char *key, void *val, void *data)
 
 	/* Save RRSIG in a special cache. */
 	uint8_t rank = KEY_FLAG_RANK(key);
-	/* Non-authoritative NSs should never be trusted,
-	 * it may be present in an otherwise secure answer but it
-	 * is only a hint for local state. */
-	if (rr->type != KNOT_RRTYPE_NS || (rank & KR_RANK_AUTH)) {
-		if (baton->qry->flags & QUERY_DNSSEC_WANT &&
-		    rank != KR_RANK_BAD) {
-			rank |= KR_RANK_SECURE;
-		}
-	}
-	if (baton->qry->flags & QUERY_DNSSEC_INSECURE && rank != KR_RANK_BAD) {
-		rank &= ~KR_RANK_SECURE;
-		rank |= KR_RANK_INSECURE;
-	}
 	if (KEY_COVERING_RRSIG(key)) {
 		return commit_rrsig(baton, rank, KR_CACHE_FLAG_NONE, rr);
 	}
-	/* Accept only better rank (if not overriding) */
+	/* Accept only better or equal rank if not secure */
 	if (!(rank & KR_RANK_SECURE)) {
 		int cached_rank = kr_cache_peek_rank(baton->cache, KR_CACHE_RR, rr->owner, rr->type, baton->timestamp);
-		if (cached_rank >= rank) {
+		if (cached_rank > rank) {
 			return kr_ok();
 		}
 	}