]> granicus.if.org Git - pdns/commitdiff
projects / pdns / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 15a35f4)
auth: fix, missing insecure zones in authSet #7785
authorKees Monshouwer <mind04@monshouwer.org>
Mon, 6 May 2019 21:56:13 +0000 (23:56 +0200)
committermind04 <mind04@monshouwer.org>
Tue, 7 May 2019 14:09:55 +0000 (16:09 +0200)
pdns/packethandler.cc patch | blob | history

diff --git a/pdns/packethandler.cc b/pdns/packethandler.cc
index 9d686a69fe80b2355285e660436f63faa147d50f..267b1344fdcbfe2c9b76cd02b5c177da5c20b3fc 100644 (file)
--- a/pdns/packethandler.cc
+++ b/pdns/packethandler.cc
@@ -1108,7 +1108,7 @@ DNSPacket *PacketHandler::doQuestion(DNSPacket *p)
   set<DNSName> authSet;
 
   vector<DNSZoneRecord> rrset;
-  bool weDone=0, weRedirected=0, weHaveUnauth=0;
+  bool weDone=0, weRedirected=0, weHaveUnauth=0, doSigs=0;
   DNSName haveAlias;
   uint8_t aliasScopeMask;
 
@@ -1274,10 +1274,9 @@ DNSPacket *PacketHandler::doQuestion(DNSPacket *p)
     }
     DLOG(g_log<<Logger::Error<<"We have authority, zone='"<<sd.qname<<"', id="<<sd.domain_id<<endl);
 
+    authSet.insert(sd.qname);
     d_dnssec=(p->d_dnssecOk && d_dk.isSecuredZone(sd.qname));
-    if(d_dnssec) {
-      authSet.insert(sd.qname);
-    }
+    doSigs |= d_dnssec;
 
     if(!retargetcount) r->qdomainzone=sd.qname;
 
@@ -1569,7 +1568,7 @@ DNSPacket *PacketHandler::doQuestion(DNSPacket *p)
         break;
       }
     }
-    if(authSet.size())
+    if(doSigs)
       addRRSigs(d_dk, B, authSet, r->getRRS());
       
     r->wrapup(); // needed for inserting in cache
Unnamed repository; edit this file 'description' to name the repository.