From a1d6b0c22ccb5b200bc24de2646b8235aad3786c Mon Sep 17 00:00:00 2001 From: Peter van Dijk Date: Fri, 24 May 2013 16:11:23 +0200 Subject: [PATCH] send extra NSEC3 because old BIND9 needs it, closes #814 --- pdns/packethandler.cc | 6 ++++-- .../any-wildcard-dnssec/expected_result.narrow | 2 ++ .../any-wildcard-dnssec/expected_result.nsec3 | 2 ++ .../cname-wildcard-chain/expected_result.narrow | 10 ++++++++++ .../cname-wildcard-chain/expected_result.nsec3 | 10 ++++++++++ .../ent-wildcard-below-ent/expected_result.narrow | 2 ++ .../ent-wildcard-below-ent/expected_result.nsec3 | 2 ++ .../expected_result.narrow | 2 ++ .../expected_result.nsec3 | 2 ++ .../five-levels-wildcard/expected_result.narrow | 2 ++ .../five-levels-wildcard/expected_result.nsec3 | 2 ++ 11 files changed, 40 insertions(+), 2 deletions(-) diff --git a/pdns/packethandler.cc b/pdns/packethandler.cc index ba5165768..549cac397 100644 --- a/pdns/packethandler.cc +++ b/pdns/packethandler.cc @@ -601,7 +601,9 @@ void PacketHandler::addNSEC3(DNSPacket *p, DNSPacket *r, const string& target, c } // add matching NSEC3 RR - if (mode != 3) { + // we used to skip this one for mode 3, but old BIND needs it + // see https://github.com/PowerDNS/pdns/issues/814 + // if (mode != 3) { unhashed=(mode == 0 || mode == 5) ? target : closest; hashed=hashQNameWithSalt(ns3rc.d_iterations, ns3rc.d_salt, unhashed); @@ -610,7 +612,7 @@ void PacketHandler::addNSEC3(DNSPacket *p, DNSPacket *r, const string& target, c getNSEC3Hashes(narrow, sd.db, sd.domain_id, hashed, false, unhashed, before, after); DLOG(L<<"Done calling for matching, hashed: '"<