if(rr.qtype.getCode() == QType::CNAME && p->qtype.getCode() != QType::CNAME)
weRedirected=1;
-
- if(rr.qtype.getCode() == QType::SOA && pdns_iequals(rr.qname, sd.qname)) { // fix up possible SOA adjustments for this zone
- rr.content=serializeSOAData(sd);
- rr.ttl=sd.ttl;
- rr.domain_id=sd.domain_id;
- rr.auth = true;
- }
-
+
+ // Filter out all SOA's and add them in later
+ if(rr.qtype.getCode() == QType::SOA)
+ continue;
+
rrset.push_back(rr);
}
+ /* Add in SOA if required */
+ if( pdns_iequals( target, sd.qname ) ) {
+ rr.qtype = QType::SOA;
+ rr.content = serializeSOAData(sd);
+ rr.qname = sd.qname;
+ rr.ttl = sd.ttl;
+ rr.domain_id = sd.domain_id;
+ rr.auth = true;
+ rrset.push_back(rr);
+ }
+
DLOG(L<<"After first ANY query for '"<<target<<"', id="<<sd.domain_id<<": weDone="<<weDone<<", weHaveUnauth="<<weHaveUnauth<<", weRedirected="<<weRedirected<<endl);
if(p->qtype.getCode() == QType::DS && weHaveUnauth && !weDone && !weRedirected && d_dk.isSecuredZone(sd.qname)) {
DLOG(L<<"Q for DS of a name for which we do have NS, but for which we don't have on a zone with DNSSEC need to provide an AUTH answer that proves we don't"<<endl);
projects / pdns / commitdiff