Commit 01bfc58e authored by Grigorii Demidov's avatar Grigorii Demidov Committed by Vladimír Čunát

layer/iterate: forwarding mode - treat CNAME'ed NS&DS answers as proof of zonecut nonexistance

parent 2db2b2e9
......@@ -635,6 +635,12 @@ static int process_answer(knot_pkt_t *pkt, struct kr_request *req)
if (state != kr_ok()) {
return state;
}
} else if ((query->flags & QUERY_FORWARD) &&
((query->stype == KNOT_RRTYPE_DS) ||
(query->stype == KNOT_RRTYPE_NS))) {
/* CNAME'ed answer for DS or NS subquery.
* Treat it as proof of zonecut nonexistance. */
return KR_STATE_DONE;
}
VERBOSE_MSG("<= cname chain, following\n");
/* Check if the same query was followed in the same CNAME chain. */
......
......@@ -1044,6 +1044,10 @@ static int forward_trust_chain_check(struct kr_request *request, struct kr_query
if (qry->flags & QUERY_DNSSEC_NODS) {
nods = true;
}
if (qry->flags & QUERY_CNAME) {
nods = true;
ns_req = true;
}
if (!(q->flags & QUERY_DNSSEC_OPTOUT)) {
int ret = kr_dnssec_matches_name_and_type(&request->auth_selected, q->uid,
wanted_name, KNOT_RRTYPE_NS);
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment