auth: add back isPartOf check in additional processing

Some backends (e.g. the LDAP backend, and the remote backend when the
operator does not provide an id) do not have an id per zone. This would
still add out of zone data to the additional section.

diff --git a/pdns/packethandler.cc b/pdns/packethandler.cc
index 2ad9f567af7b1626264325bfcd66f853b43ee9c5..b82abb926ae63286770f8efa391673fe77be5740 100644 (file)
--- a/pdns/packethandler.cc
+++ b/pdns/packethandler.cc
@@ -463,6 +463,11 @@ int PacketHandler::doAdditionalProcessingAndDropAA(DNSPacket *p, DNSPacket *r, c
       while(B.get(rr)) {
         if(rr.dr.d_type != QType::A && rr.dr.d_type!=QType::AAAA)
           continue;
+        if(!rr.dr.d_name.isPartOf(soadata.qname)) {
+          // FIXME we might still pass on the record if it is occluded and the
+          // backend uses a single id for all zones
+          continue;
+        }
         rr.dr.d_place=DNSResourceRecord::ADDITIONAL;
         toAdd.push_back(rr);
       }