Commit 9f04390d authored by Vladimír Čunát's avatar Vladimír Čunát

Merge !149: always clear AD flag in forwarding mode

Closes #98.
parents 1c85bc9b 5c720573
......@@ -525,7 +525,9 @@ static int answer_finalize(struct kr_request *request, int state)
/* Do not set AD for RRSIG query, as we can't validate it. */
const bool secure = (last->flags & QUERY_DNSSEC_WANT) &&
!(last->flags & QUERY_DNSSEC_INSECURE);
if (has_ad && secure && knot_pkt_qtype(answer) != KNOT_RRTYPE_RRSIG) {
if (!(last->flags & QUERY_STUB) /* Never set AD if forwarding. */
&& has_ad && secure
&& knot_pkt_qtype(answer) != KNOT_RRTYPE_RRSIG) {
knot_wire_set_ad(answer->wire);
}
}
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment