don't synthesise an NSEC for NSEC3 zones when queried directly for NSEC

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@1808 d19b8d6e-7fed-0310-83ef-9ca221ded41b

diff --git a/pdns/packethandler.cc b/pdns/packethandler.cc
index dcebf846102600320f1ab01c363e6e4b76ff207e..00bcae3538feb01961c909374286ef87ded1b86a 100644 (file)
--- a/pdns/packethandler.cc
+++ b/pdns/packethandler.cc
@@ -1199,7 +1199,7 @@ DNSPacket *PacketHandler::questionOrRecurse(DNSPacket *p, bool *shouldRecurse)
     }
 
     // this TRUMPS a cname!
-    if(p->qtype.getCode() == QType::NSEC && p->d_dnssecOk) {
+    if(p->qtype.getCode() == QType::NSEC && p->d_dnssecOk && !d_dk.getNSEC3PARAM(sd.qname, 0)) {
       addNSEC(p, r, target, sd.qname, 2); // only NSEC please
       goto sendit;
     }