fix direct-dnskey outgoing AXFR operation; enforce correct TTL in direct DNSKEY query...

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@2921 d19b8d6e-7fed-0310-83ef-9ca221ded41b

diff --git a/pdns/packethandler.cc b/pdns/packethandler.cc
index d2c8c29bb8c61868b82a670991221e58a50197e1..e86bbb21f1ebddfb5285e6ba729ef7ae690d28cf 100644 (file)
--- a/pdns/packethandler.cc
+++ b/pdns/packethandler.cc
@@ -225,6 +225,7 @@ bool PacketHandler::addDNSKEY(DNSPacket *p, DNSPacket *r, const SOAData& sd)
   if(::arg().mustDo("direct-dnskey")) {
     B.lookup(QType(QType::DNSKEY), p->qdomain, p, sd.domain_id);
     while(B.get(rr)) {
+      rr.ttl=sd.default_ttl;
       r->addRecord(rr);
       haveOne=true;
     }

diff --git a/pdns/tcpreceiver.cc b/pdns/tcpreceiver.cc
index d0cbbb221f67fb186a951182e84168bab635fa1c..68f50fcbff40bcde15d02c1ba9c81597da459a1c 100644 (file)
--- a/pdns/tcpreceiver.cc
+++ b/pdns/tcpreceiver.cc
@@ -607,6 +607,14 @@ int TCPNameserver::doAXFR(const string &target, shared_ptr<DNSPacket> q, int out
     csp.submit(rr);
   }
   
+  if(::arg().mustDo("direct-dnskey")) {
+    sd.db->lookup(QType(QType::DNSKEY), target, NULL, sd.domain_id);
+    while(sd.db->get(rr)) {
+      rr.ttl = sd.default_ttl;
+      csp.submit(rr);
+    }
+  }
+
   if(NSEC3Zone) { // now stuff in the NSEC3PARAM
     rr.qtype = QType(QType::NSEC3PARAM);
     ns3pr.d_flags = 0;
@@ -636,6 +644,12 @@ int TCPNameserver::doAXFR(const string &target, shared_ptr<DNSPacket> q, int out
   while(sd.db->get(rr)) {
     if (rr.qtype.getCode() == QType::RRSIG)
       continue;
+
+    // only skip the DNSKEY if direct-dnskey is enabled, to avoid changing behaviour
+    // when it is not enabled.
+    if(::arg().mustDo("direct-dnskey") && rr.qtype.getCode() == QType::DNSKEY)
+      continue;
+
     records++;
     if(securedZone && (rr.auth || (!NSEC3Zone && rr.qtype.getCode() == QType::NS) || rr.qtype.getCode() == QType::DS)) { // this is probably NSEC specific, NSEC3 is different
       if (NSEC3Zone || rr.qtype.getCode()) {