From: Bert Hubert <bert.hubert@netherlabs.nl>
Date: Tue, 11 Jan 2011 20:08:46 +0000 (+0000)
Subject: restore NSEC generation & signatures for AXFR.
X-Git-Tag: auth-3.0~376
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=5f5221b4e717566af0b834ea96acc03b6e3dc20d;p=pdns

restore NSEC generation & signatures for AXFR.


git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@1871 d19b8d6e-7fed-0310-83ef-9ca221ded41b
---

diff --git a/pdns/dnsbackend.cc b/pdns/dnsbackend.cc
index 82acf3d29..00fd295f3 100644
--- a/pdns/dnsbackend.cc
+++ b/pdns/dnsbackend.cc
@@ -208,7 +208,7 @@ vector<DNSBackend *>BackendMakerClass::all(bool skipBIND)
 bool DNSBackend::getSOA(const string &domain, SOAData &sd, DNSPacket *p)
 {
   this->lookup(QType(QType::SOA),domain,p);
-
+  
   DNSResourceRecord rr;
   rr.auth = true; 
 
@@ -223,7 +223,7 @@ bool DNSBackend::getSOA(const string &domain, SOAData &sd, DNSPacket *p)
 
   if(!hits)
     return false;
-
+  sd.qname = domain;
   if(sd.nameserver.empty())
     sd.nameserver=arg()["default-soa-name"];
   
diff --git a/pdns/tcpreceiver.cc b/pdns/tcpreceiver.cc
index 0d2f92f01..2f493be16 100644
--- a/pdns/tcpreceiver.cc
+++ b/pdns/tcpreceiver.cc
@@ -432,7 +432,7 @@ int TCPNameserver::doAXFR(const string &target, shared_ptr<DNSPacket> q, int out
       s_P=new PacketHandler;
     }
 
-    if(!s_P->getBackend()->getSOA(target,sd)) {
+    if(!s_P->getBackend()->getSOA(target, sd)) {
       L<<Logger::Error<<"AXFR of domain '"<<target<<"' failed: not authoritative"<<endl;
       outpacket->setRcode(9); // 'NOTAUTH'
       sendPacket(outpacket,outsock);
@@ -484,8 +484,7 @@ int TCPNameserver::doAXFR(const string &target, shared_ptr<DNSPacket> q, int out
   //  sendPacket(outpacket, outsock);
   typedef map<string, NSECEntry, CanonicalCompare> nsecrepo_t;
   nsecrepo_t nsecrepo;
-  // this is where the DNSKEYs go
-  
+  // this is where the DNSKEYs go  
 
   DNSSECKeeper::keyset_t keys = dk.getKeys(target);
   BOOST_FOREACH(const DNSSECKeeper::keyset_t::value_type& value, keys) {
@@ -499,7 +498,6 @@ int TCPNameserver::doAXFR(const string &target, shared_ptr<DNSPacket> q, int out
     ne.d_ttl = rr.ttl;
     outpacket->addRecord(rr);
   }
-
   /* now write all other records */
 
   int count=0;
@@ -536,10 +534,10 @@ int TCPNameserver::doAXFR(const string &target, shared_ptr<DNSPacket> q, int out
       // FIXME: Subsequent messages SHOULD NOT have a question section, though the final message MAY.
     }
   }
-
-  if(dk.haveActiveKSKFor(sd.qname)) {
+  
+  if(dk.haveActiveKSKFor(target)) {
     for(nsecrepo_t::const_iterator iter = nsecrepo.begin(); iter != nsecrepo.end(); ++iter) {
-      cerr<<"Adding for '"<<iter->first<<"'\n";
+  //    cerr<<"Adding for '"<<iter->first<<"'\n";
       NSECRecordContent nrc;
       nrc.d_set = iter->second.d_set;
       nrc.d_set.insert(QType::RRSIG);
@@ -556,6 +554,7 @@ int TCPNameserver::doAXFR(const string &target, shared_ptr<DNSPacket> q, int out
       rr.content = nrc.getZoneRepresentation();
       rr.qtype = QType::NSEC;
       rr.d_place = DNSResourceRecord::ANSWER;
+      rr.auth=true;
       outpacket->addRecord(rr);
       count++;
     }