From 0fd13c7aca8533fbc86e4c7aa326cc828844b9b5 Mon Sep 17 00:00:00 2001
From: Andreas Gustafsson <source@isc.org>
Date: Thu, 18 May 2000 01:40:56 +0000
Subject: [PATCH] reversed previous change: data that is neither secure not
 pending is assumed to be from insecure zones and therefore should have AD set
 per server policy

---
 lib/dns/message.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/dns/message.c b/lib/dns/message.c
index 006b7ed517..bf3b4a6486 100644
--- a/lib/dns/message.c
+++ b/lib/dns/message.c
@@ -1664,7 +1664,7 @@ dns_message_rendersection(dns_message_t *msg, dns_section_t sectionid,
 				 * If we have rendered pending data, ensure
 				 * that the AD bit is not set.
 				 */
-				if (rdataset->trust < dns_trust_secure &&
+				if (rdataset->trust == dns_trust_pending &&
 				    (sectionid == DNS_SECTION_ANSWER ||
 				     sectionid == DNS_SECTION_AUTHORITY))
 					msg->flags &= ~DNS_MESSAGEFLAG_AD;