NSEC3 and related RRSIGS are not part of the dnstree

author Kees Monshouwer <mind04@monshouwer.org>

Thu, 12 Mar 2015 16:38:51 +0000 (17:38 +0100)

committer mind04 <mind04@monshouwer.org>

Thu, 30 Apr 2015 22:12:18 +0000 (00:12 +0200)
author Kees Monshouwer <mind04@monshouwer.org>
Thu, 12 Mar 2015 16:38:51 +0000 (17:38 +0100)
committer mind04 <mind04@monshouwer.org>
Thu, 30 Apr 2015 22:12:18 +0000 (00:12 +0200)
diff --git a/pdns/packethandler.cc b/pdns/packethandler.cc

index 12760ec8b025dc065095cb2feec4035fc02c72ce..2a85cdfed2af331a3f4e5144475750d26f940824 100644 (file)
--- a/pdns/packethandler.cc
+++ b/pdns/packethandler.cc
@@ -1159,12 +1159,10 @@ DNSPacket *PacketHandler::questionOrRecurse(DNSPacket *p, bool *shouldRecurse)
      weDone = weRedirected = weHaveUnauth = 0;
      
      while(B.get(rr)) {
-      if (p->qtype.getCode() == QType::ANY) {
-        if (rr.qtype.getCode() == QType::RRSIG) // RRSIGS are added later any way.
-          continue; // TODO: this actually means addRRSig should check if the RRSig is already there.
-        if (!p->d_dnssecOk && (rr.qtype.getCode() == QType:: DNSKEY || rr.qtype.getCode() == QType::NSEC3PARAM))
-          continue; // Don't send dnssec info to non validating resolvers.
-      }
+      if (p->qtype.getCode() == QType::ANY && !p->d_dnssecOk && (rr.qtype.getCode() == QType:: DNSKEY || rr.qtype.getCode() == QType::NSEC3PARAM))
+        continue; // Don't send dnssec info to non validating resolvers.
+      if (rr.qtype.getCode() == QType::RRSIG) // RRSIGS are added later any way.
+        continue; // TODO: this actually means addRRSig should check if the RRSig is already there
  
        // cerr<<"Auth: "<<rr.auth<<", "<<(rr.qtype == p->qtype)<<", "<<rr.qtype.getName()<<endl;
        if((p->qtype.getCode() == QType::ANY || rr.qtype == p->qtype) && rr.auth)
author	Kees Monshouwer <mind04@monshouwer.org>
	Thu, 12 Mar 2015 16:38:51 +0000 (17:38 +0100)
committer	mind04 <mind04@monshouwer.org>
	Thu, 30 Apr 2015 22:12:18 +0000 (00:12 +0200)