From d8baf17df357dd6d132ed67fd01bc1e23c79d58f Mon Sep 17 00:00:00 2001 From: Pieter Lexis Date: Tue, 25 Oct 2016 17:25:19 +0200 Subject: [PATCH] Handle CNAME at secure zone apex to secure zone Closes #4466 --- pdns/syncres.cc | 2 +- pdns/syncres.hh | 6 ++++++ pdns/validate-recursor.cc | 2 ++ 3 files changed, 9 insertions(+), 1 deletion(-) diff --git a/pdns/syncres.cc b/pdns/syncres.cc index a3455f057..0cc1ca247 100644 --- a/pdns/syncres.cc +++ b/pdns/syncres.cc @@ -443,7 +443,7 @@ int SyncRes::doResolve(const DNSName &qname, const QType &qtype, vector& srcmask, LWResult* res); static void doEDNSDumpAndClose(int fd); @@ -371,6 +376,7 @@ public: bool d_wasVariable{false}; bool d_wasOutOfBand{false}; bool d_wantsRPZ{true}; + bool d_skipCNAMECheck{false}; typedef multi_index_container < NegCacheEntry, diff --git a/pdns/validate-recursor.cc b/pdns/validate-recursor.cc index 5819cfe7a..12a9984d6 100644 --- a/pdns/validate-recursor.cc +++ b/pdns/validate-recursor.cc @@ -19,6 +19,8 @@ public: vector ret; sr.d_doDNSSEC=true; + if (qtype == QType::DS || qtype == QType::DNSKEY || qtype == QType::NS) + sr.setSkipCNAMECheck(true); sr.beginResolve(qname, QType(qtype), 1, ret); d_queries += sr.d_outqueries; return ret; -- 2.40.0