rec: Add NSEC records on nx-trust cache hits

author Remi Gacogne <remi.gacogne@powerdns.com>

Tue, 5 Sep 2017 14:27:03 +0000 (16:27 +0200)

committer Remi Gacogne <remi.gacogne@powerdns.com>

Tue, 5 Sep 2017 14:27:03 +0000 (16:27 +0200)
author Remi Gacogne <remi.gacogne@powerdns.com>
Tue, 5 Sep 2017 14:27:03 +0000 (16:27 +0200)
committer Remi Gacogne <remi.gacogne@powerdns.com>
Tue, 5 Sep 2017 14:27:03 +0000 (16:27 +0200)
diff --git a/pdns/syncres.cc b/pdns/syncres.cc

index 7a9c781c07286030ac149dda2dbc7cab7ab09226..a4c0fdb63f93a51a2e4c228705e956a29f44ccfc 100644 (file)
--- a/pdns/syncres.cc
+++ b/pdns/syncres.cc
@@ -960,17 +960,16 @@ bool SyncRes::doCacheCheck(const DNSName &qname, const QType &qtype, vector<DNSR
        LOG(prefix<<qname<<": Entire name '"<<qname<<"', is negatively cached via '"<<ne.d_auth<<"' for another "<<sttl<<" seconds"<<endl);
        res = RCode::NXDomain;
      }
-    if(d_doDNSSEC) {
-      addTTLModifiedRecords(ne.DNSSECRecords.records, sttl, ret);
-      addTTLModifiedRecords(ne.DNSSECRecords.signatures, sttl, ret);
-    }
    }
  
    if (giveNegative) {
      // Transplant SOA to the returned packet
      addTTLModifiedRecords(ne.authoritySOA.records, sttl, ret);
-    if(d_doDNSSEC)
+    if(d_doDNSSEC) {
        addTTLModifiedRecords(ne.authoritySOA.signatures, sttl, ret);
+      addTTLModifiedRecords(ne.DNSSECRecords.records, sttl, ret);
+      addTTLModifiedRecords(ne.DNSSECRecords.signatures, sttl, ret);
+    }
  
      LOG(prefix<<qname<<": updating validation state with negative cache content for "<<qname<<" to "<<vStates[cachedState]<<endl);
      state = cachedState;
author	Remi Gacogne <remi.gacogne@powerdns.com>
	Tue, 5 Sep 2017 14:27:03 +0000 (16:27 +0200)
committer	Remi Gacogne <remi.gacogne@powerdns.com>
	Tue, 5 Sep 2017 14:27:03 +0000 (16:27 +0200)