Section 4 of RFC 7706 suggests that responses sourced from a local copy
of a zone should not have the AA bit set. Follow that recommendation by
setting 'qctx->authoritative' to ISC_FALSE when a response to a query is
coming from a mirror zone.
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
+n=`expr $n + 1`
+echo_i "checking flags set in a response sourced from a mirror zone ($n)"
+ret=0
+$DIG $DIGOPTS @10.53.0.3 . DNSKEY > dig.out.ns3.test$n 2>&1 || ret=1
+# Check response code and flags in the answer.
+grep "NOERROR" dig.out.ns3.test$n > /dev/null || ret=1
+grep "flags:.* aa" dig.out.ns3.test$n > /dev/null && ret=1
+if [ $ret != 0 ]; then echo_i "failed"; fi
+status=`expr $status + $ret`
+
echo_i "exit status: $status"
[ $status -eq 0 ] || exit 1
qctx->is_staticstub_zone = ISC_FALSE;
if (qctx->is_zone) {
qctx->authoritative = ISC_TRUE;
- if (qctx->zone != NULL &&
- dns_zone_gettype(qctx->zone) == dns_zone_staticstub)
- {
- qctx->is_staticstub_zone = ISC_TRUE;
+ if (qctx->zone != NULL) {
+ if (dns_zone_ismirror(qctx->zone)) {
+ qctx->authoritative = ISC_FALSE;
+ }
+ if (dns_zone_gettype(qctx->zone) ==
+ dns_zone_staticstub)
+ {
+ qctx->is_staticstub_zone = ISC_TRUE;
+ }
}
}