]> granicus.if.org Git - pdns/commitdiff
Merge branch 'nodnssecany' of github.com:mind04/pdns into mind04-nodnssecany
authorPeter van Dijk <peter.van.dijk@netherlabs.nl>
Tue, 14 May 2013 06:51:07 +0000 (08:51 +0200)
committerPeter van Dijk <peter.van.dijk@netherlabs.nl>
Tue, 14 May 2013 06:51:07 +0000 (08:51 +0200)
1  2 
pdns/packethandler.cc

index 9a28cf660f4ba984c8df1b7a8859ef05d41d80ff,79eb8128fbd6fab9abf1aa38b57963715c4e594d..b095254844d3f9731cd22d7c35a85ee0da2fa8f9
mode 100755,100644..100755
@@@ -1266,9 -1261,15 +1265,13 @@@ DNSPacket *PacketHandler::questionOrRec
      weDone = weRedirected = weHaveUnauth = 0;
      
      while(B.get(rr)) {
-       if (p->qtype.getCode() == QType::ANY && rr.qtype.getCode() == QType::RRSIG) // RRSIGS are added later any way.
-         continue; //TODO: this actually means addRRSig should check if the RRSig is already there.
+       if (p->qtype.getCode() == QType::ANY) {
+         if (rr.qtype.getCode() == QType::RRSIG) // RRSIGS are added later any way.
+           continue; // TODO: this actually means addRRSig should check if the RRSig is already there.
+         if (!p->d_dnssecOk && (rr.qtype.getCode() == QType:: DNSKEY || rr.qtype.getCode() == QType::NSEC3PARAM))
+           continue; // Don't send dnssec info to non validating resolvers.
+       }
  
 -      if(rr.qtype.getCode() == QType::DS)
 -        rr.auth = 1;
        // cerr<<"Auth: "<<rr.auth<<", "<<(rr.qtype == p->qtype)<<", "<<rr.qtype.getName()<<endl;
        if((p->qtype.getCode() == QType::ANY || rr.qtype == p->qtype) && rr.auth) 
          weDone=1;