improve dnssec record skipping for non dnssec queries

author Kees Monshouwer <mind04@monshouwer.org>

Sat, 9 Jul 2016 16:50:38 +0000 (18:50 +0200)

committer mind04 <mind04@monshouwer.org>

Sat, 9 Jul 2016 16:50:38 +0000 (18:50 +0200)
author Kees Monshouwer <mind04@monshouwer.org>
Sat, 9 Jul 2016 16:50:38 +0000 (18:50 +0200)
committer mind04 <mind04@monshouwer.org>
Sat, 9 Jul 2016 16:50:38 +0000 (18:50 +0200)
diff --git a/pdns/pdns_recursor.cc b/pdns/pdns_recursor.cc

index 2f2f4048292b492a526965392ee913f3d4f7551d..4043131f94b22ccacfab4c855e1d906a70a01488 100644 (file)
--- a/pdns/pdns_recursor.cc
+++ b/pdns/pdns_recursor.cc
@@ -952,8 +952,20 @@ void startDoResolve(void *p)
  
        bool needCommit = false;
        for(auto i=ret.cbegin(); i!=ret.cend(); ++i) {
-        if(!DNSSECOK && (i->d_type == QType::RRSIG || i->d_type==QType::NSEC || i->d_type==QType::NSEC3))
+        if( ! DNSSECOK &&
+            ( i->d_type == QType::NSEC3 ||
+              (
+                ( i->d_type == QType::RRSIG || i->d_type==QType::NSEC ) &&
+                (
+                  ( dc->d_mdp.d_qtype != i->d_type &&  dc->d_mdp.d_qtype != QType::ANY ) ||
+                  i->d_place != DNSResourceRecord::ANSWER
+                )
+              )
+            )
+          ) {
            continue;
+        }
+
         pw.startRecord(i->d_name, i->d_type, i->d_ttl, i->d_class, i->d_place);
         if(i->d_type != QType::OPT) // their TTL ain't real
           minTTL = min(minTTL, i->d_ttl);
author	Kees Monshouwer <mind04@monshouwer.org>
	Sat, 9 Jul 2016 16:50:38 +0000 (18:50 +0200)
committer	mind04 <mind04@monshouwer.org>
	Sat, 9 Jul 2016 16:50:38 +0000 (18:50 +0200)