auth: Rectify for ent records in narrow zones was slightly wrong.

author Kees Monshouwer <mind04@monshouwer.org>

Thu, 14 Mar 2019 22:51:23 +0000 (23:51 +0100)

committer Erik Winkels <erik.winkels@powerdns.com>

Thu, 21 Mar 2019 11:42:01 +0000 (12:42 +0100)
author Kees Monshouwer <mind04@monshouwer.org>
Thu, 14 Mar 2019 22:51:23 +0000 (23:51 +0100)
committer Erik Winkels <erik.winkels@powerdns.com>
Thu, 21 Mar 2019 11:42:01 +0000 (12:42 +0100)
diff --git a/pdns/dbdnsseckeeper.cc b/pdns/dbdnsseckeeper.cc

index 1af88637d24fd1ef0f39e0d00929a30b0ed8e9b0..b9fe4483411030f18ef13f2dee0e09796a69fcdd 100644 (file)
--- a/pdns/dbdnsseckeeper.cc
+++ b/pdns/dbdnsseckeeper.cc
@@ -691,7 +691,7 @@ bool DNSSECKeeper::rectifyZone(const DNSName& zone, string& error, string& info,
    }
  
    set<DNSName> nsec3set;
-  if (haveNSEC3 && !narrow) {
+  if (haveNSEC3) {
      for (auto &loopRR: rrs) {
        bool skip=false;
        DNSName shorter = loopRR.qname;
@@ -742,12 +742,12 @@ bool DNSSECKeeper::rectifyZone(const DNSName& zone, string& error, string& info,
  
      if(haveNSEC3) // NSEC3
      {
-      if(!narrow && nsec3set.count(qname)) {
-        ordername=DNSName(toBase32Hex(hashQNameWithSalt(ns3pr, qname)));
-        if(!realrr)
+      if(nsec3set.count(qname)) {
+        if(!narrow)
+          ordername=DNSName(toBase32Hex(hashQNameWithSalt(ns3pr, qname)));
+        if(!realrr && !isOptOut)
            auth=true;
-      } else if(!realrr)
-        auth=false;
+      }
      }
      else if (realrr) // NSEC
        ordername=qname.makeRelative(zone);
author	Kees Monshouwer <mind04@monshouwer.org>
	Thu, 14 Mar 2019 22:51:23 +0000 (23:51 +0100)
committer	Erik Winkels <erik.winkels@powerdns.com>
	Thu, 21 Mar 2019 11:42:01 +0000 (12:42 +0100)