From 87c261bcddd25cea34885c4b49bb88641ed24c9e Mon Sep 17 00:00:00 2001 From: Pieter Lexis Date: Wed, 14 Nov 2018 13:11:24 +0100 Subject: [PATCH] auth: add back isPartOf check in additional processing Some backends (e.g. the LDAP backend, and the remote backend when the operator does not provide an id) do not have an id per zone. This would still add out of zone data to the additional section. --- pdns/packethandler.cc | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/pdns/packethandler.cc b/pdns/packethandler.cc index 2ad9f567a..b82abb926 100644 --- a/pdns/packethandler.cc +++ b/pdns/packethandler.cc @@ -463,6 +463,11 @@ int PacketHandler::doAdditionalProcessingAndDropAA(DNSPacket *p, DNSPacket *r, c while(B.get(rr)) { if(rr.dr.d_type != QType::A && rr.dr.d_type!=QType::AAAA) continue; + if(!rr.dr.d_name.isPartOf(soadata.qname)) { + // FIXME we might still pass on the record if it is occluded and the + // backend uses a single id for all zones + continue; + } rr.dr.d_place=DNSResourceRecord::ADDITIONAL; toAdd.push_back(rr); } -- 2.40.0