/*
PowerDNS Versatile Database Driven Nameserver
- Copyright (C) 2005 PowerDNS.COM BV
+ Copyright (C) 2005 - 2010 PowerDNS.COM BV
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License version 2
S.ringAccount("queries", P->qdomain+"/"+P->qtype.getName());
S.ringAccount("remotes",P->getRemote());
- if((P->d.opcode != Opcode::Notify) && P->couldBeCached() && PC.get(P, &cached)) { // short circuit - does the PacketCache recognize this question?
+ if((P->d.opcode != Opcode::Notify) && !P->d_dnssecOk && P->couldBeCached() && PC.get(P, &cached)) { // short circuit - does the PacketCache recognize this question?
cached.setRemote(&P->remote); // inlined
cached.setSocket(P->getSocket()); // inlined
cached.setMaxReplyLen(P->getMaxReplyLen());
while(B.get(rr)) {
rr.d_place=DNSResourceRecord::ANSWER;
if(splitField(rr.content, ' ').first==i->qtype.getName())
- r->addRecord(rr);
+ r->addRecord(rr);
}
}
}
if(rr.qtype.getCode()==QType::DS && p->qtype.getCode() == QType::NS && p->d_dnssecOk) {
- sawDS = true;
- r->addRecord(rr);
+ sawDS = true;
+ r->addRecord(rr);
}
if(rr.qtype.getCode()!=QType::NS || p->qtype.getCode()==QType::NS)
target=rr.content; // for retargeting
}
if(shortcut && !found && rr.qtype==p->qtype) {
- if(!rr.auth) {
-
- }
+ if(!rr.auth) {
+ // no idea why this if is here
+ }
rfound=true;
r->addRecord(rr);
if(!rr.auth)
continue;
- // this needs to deal with the 'prio' mismatch!
+ // this deals with the 'prio' mismatch!
if(rr.qtype.getCode()==QType::MX || rr.qtype.getCode() == QType::SRV) {
rr.content = lexical_cast<string>(rr.priority) + " " + rr.content;
}
nrc.d_set.insert(rr.qtype.getCode());
}
- // now get the fucking NSEC too..
+ // now get the fucking NSEC too (since we must sign it!)
SOAData sd;
sd.db=(DNSBackend *)-1; // force uncached answer
rr.content=rrc.getZoneRepresentation();
r->addRecord(rr);
if(iter.first != QType::DNSKEY)
- break;
+ break;
}
}
}
void PacketHandler::completeANYRecords(DNSPacket *p, DNSPacket*r, SOAData& sd, const string &target)
{
if(!p->d_dnssecOk)
- cerr<<"Need to add all the RRSIGs too for '"<<target<<"'"<<endl;
+ cerr<<"Need to add all the RRSIGs too for '"<<target<<"', should do this manually since DNSSEC was not requested"<<endl;
// cerr<<"Need to add all the NSEC too.."<<endl; /// XXX FIXME THE ABOVE IF IS WEIRD
addNSEC(p, r, target, sd.qname, 2);
}
r->setRcode(RCode::ServFail);
return r;
}
-
- bool found=false;
string target=p->qdomain;
bool noCache=false;
// this TRUMPS a cname!
if(p->qtype.getCode() == QType::NSEC && p->d_dnssecOk) {
addNSEC(p, r, target, "", 2); // only NSEC please
- goto sendit;
+ goto sendit;
}
// this TRUMPS a cname!
if(p->qtype.getCode() == QType::RRSIG && p->d_dnssecOk) {
synthesiseRRSIGs(p, r);
- goto sendit;
- }
+ goto sendit;
+ }
// see what we get..
B.lookup(QType(QType::ANY), target, p, sd.domain_id);
projects / pdns / commitdiff