From: Bert Hubert <bert.hubert@netherlabs.nl>
Date: Mon, 27 Dec 2010 21:53:37 +0000 (+0000)
Subject: fix up (not) signing SOA queries every once in a while, plus caching DNSSEC answers... 
X-Git-Tag: auth-3.0~484
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=d24589bc8ea7d65843316076ad8a65fbc815f72a;p=pdns

fix up (not) signing SOA queries every once in a while, plus caching DNSSEC answers for non-DNSSEC questions during TCP operations


git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@1763 d19b8d6e-7fed-0310-83ef-9ca221ded41b
---

diff --git a/pdns/common_startup.cc b/pdns/common_startup.cc
index 123889034..6b99dc694 100644
--- a/pdns/common_startup.cc
+++ b/pdns/common_startup.cc
@@ -280,7 +280,6 @@ void *qthread(void *number)
   return 0;
 }
 
-
 void mainthread()
 {
   Utility::srandom(time(0));
diff --git a/pdns/dnspacket.cc b/pdns/dnspacket.cc
index 9b86bffdc..d3b42c897 100644
--- a/pdns/dnspacket.cc
+++ b/pdns/dnspacket.cc
@@ -387,12 +387,13 @@ void DNSPacket::wrapup(void)
 	  if(pos->d_place == DNSResourceRecord::ANSWER) {
 	    cerr<<"Set TC bit"<<endl;
 	    pw.getHeader()->tc=1;
-      }
+	  }
 	  goto noCommit;
 
 	  break;
 	}
       }
+      // I assume this is some dirty hack to prevent us from signing the last SOA record in an AXFR.. XXX FIXME
       if(d_dnssecOk && !(d_tcp && d_rrs.rbegin()->qtype.getCode() == QType::SOA && d_rrs.rbegin()->priority == 1234)) {
 	// cerr<<"Last signature.. "<<d_tcp<<", "<<d_rrs.rbegin()->priority<<", "<<d_rrs.rbegin()->qtype.getCode()<<", "<< d_rrs.size()<<endl;
 	addSignature(::arg()["key-repository"], signQName, wildcardQName, signQType, signTTL, signPlace, toSign, pw);
diff --git a/pdns/packethandler.cc b/pdns/packethandler.cc
index e3c4dcd8c..82fdf2a3e 100644
--- a/pdns/packethandler.cc
+++ b/pdns/packethandler.cc
@@ -1185,6 +1185,7 @@ DNSPacket *PacketHandler::questionOrRecurse(DNSPacket *p, bool *shouldRecurse)
       rr.ttl=sd.ttl;
       rr.domain_id=sd.domain_id;
       rr.d_place=DNSResourceRecord::ANSWER;
+      rr.auth = true;
       r->addRecord(rr);
       goto sendit;
     }
diff --git a/pdns/tcpreceiver.cc b/pdns/tcpreceiver.cc
index 83c40115b..eed2895de 100644
--- a/pdns/tcpreceiver.cc
+++ b/pdns/tcpreceiver.cc
@@ -282,7 +282,7 @@ void *TCPNameserver::doConnection(void *data)
       shared_ptr<DNSPacket> reply; 
       shared_ptr<DNSPacket> cached= shared_ptr<DNSPacket>(new DNSPacket);
 
-      if(!packet->d.rd && (PC.get(packet.get(), cached.get()))) { // short circuit - does the PacketCache recognize this question?
+      if(!packet->d.rd && !packet->d_dnssecOk && packet->couldBeCached() && PC.get(packet.get(), cached.get())) { // short circuit - does the PacketCache recognize this question?
         cached->setRemote(&packet->remote);
         cached->d.id=packet->d.id;
         cached->d.rd=packet->d.rd; // copy in recursion desired bit