From: bert hubert <bert.hubert@powerdns.com>
Date: Fri, 2 Oct 2015 13:29:43 +0000 (+0200)
Subject: fix double RRSIGs on CNAMEs on first query
X-Git-Tag: dnsdist-1.0.0-alpha1~248^2~21
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=8ed7b45ed5625af6349fdd2f9b3aba6ec82a583e;p=pdns

fix double RRSIGs on CNAMEs on first query
---

diff --git a/pdns/syncres.cc b/pdns/syncres.cc
index d8e6683c1..e967d76bd 100644
--- a/pdns/syncres.cc
+++ b/pdns/syncres.cc
@@ -1204,7 +1204,8 @@ int SyncRes::doResolveAt(set<DNSName> nameservers, DNSName auth, bool flawedNSSe
           newtarget=DNSName(rec.d_content->getZoneRepresentation());
         }
 	else if(d_doDNSSEC && (rec.d_type==QType::RRSIG || rec.d_type==QType::NSEC || rec.d_type==QType::NSEC3) && rec.d_place==DNSRecord::Answer){
-	  ret.push_back(rec); // enjoy your DNSSEC
+	  if(rec.d_type != QType::RRSIG || rec.d_name == qname)
+	    ret.push_back(rec); // enjoy your DNSSEC
 	}
         // for ANY answers we *must* have an authoritative answer, unless we are forwarding recursively
         else if(rec.d_place==DNSRecord::Answer && rec.d_name == qname &&