if(pos->d_place == DNSResourceRecord::ANSWER) {
cerr<<"Set TC bit"<<endl;
pw.getHeader()->tc=1;
- }
+ }
goto noCommit;
break;
}
}
+ // I assume this is some dirty hack to prevent us from signing the last SOA record in an AXFR.. XXX FIXME
if(d_dnssecOk && !(d_tcp && d_rrs.rbegin()->qtype.getCode() == QType::SOA && d_rrs.rbegin()->priority == 1234)) {
// cerr<<"Last signature.. "<<d_tcp<<", "<<d_rrs.rbegin()->priority<<", "<<d_rrs.rbegin()->qtype.getCode()<<", "<< d_rrs.size()<<endl;
addSignature(::arg()["key-repository"], signQName, wildcardQName, signQType, signTTL, signPlace, toSign, pw);
shared_ptr<DNSPacket> reply;
shared_ptr<DNSPacket> cached= shared_ptr<DNSPacket>(new DNSPacket);
- if(!packet->d.rd && (PC.get(packet.get(), cached.get()))) { // short circuit - does the PacketCache recognize this question?
+ if(!packet->d.rd && !packet->d_dnssecOk && packet->couldBeCached() && PC.get(packet.get(), cached.get())) { // short circuit - does the PacketCache recognize this question?
cached->setRemote(&packet->remote);
cached->d.id=packet->d.id;
cached->d.rd=packet->d.rd; // copy in recursion desired bit
projects / pdns / commitdiff