From fc8ed1ad6e818a386f8142c9085e34a849db5c9e Mon Sep 17 00:00:00 2001 From: Kees Monshouwer Date: Thu, 2 May 2019 20:01:30 +0200 Subject: [PATCH] auth: always add DS for secure zones, broken since #7523 --- pdns/packethandler.cc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pdns/packethandler.cc b/pdns/packethandler.cc index f626ff95f..9d686a69f 100644 --- a/pdns/packethandler.cc +++ b/pdns/packethandler.cc @@ -1031,7 +1031,7 @@ bool PacketHandler::tryReferral(DNSPacket *p, DNSPacket*r, SOAData& sd, const DN if(!retargeted) r->setA(false); - if(d_dnssec && !addDSforNS(p, r, sd, rrset.begin()->dr.d_name)) { + if(d_dk.isSecuredZone(sd.qname) && !addDSforNS(p, r, sd, rrset.begin()->dr.d_name) && d_dnssec) { addNSECX(p, r, rrset.begin()->dr.d_name, DNSName(), sd.qname, 1); } -- 2.40.0