From 1e0209137159d4e16e4459cc8e804d657aad1af1 Mon Sep 17 00:00:00 2001
From: Mark Andrews <marka@isc.org>
Date: Tue, 26 Aug 2008 06:09:18 +0000
Subject: [PATCH] 2427.   [func]          Treat DNSKEY queries as if
 "minimal-response yes;"                         was set. [RT #18528]

---
 CHANGES           | 3 +++
 bin/named/query.c | 9 ++++++++-
 2 files changed, 11 insertions(+), 1 deletion(-)

diff --git a/CHANGES b/CHANGES
index c0a40085ed..36ee0d9b86 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,3 +1,6 @@
+2427.	[func]		Treat DNSKEY queries as if "minimal-response yes;"
+			was set. [RT #18528]
+
 2426.	[bug]		libbind: inet_net_pton() can sometimes return the
 			wrong value if excessively large netmasks are
 			supplied. [RT #18512]
diff --git a/bin/named/query.c b/bin/named/query.c
index ccd4a036fb..1f1b052f2c 100644
--- a/bin/named/query.c
+++ b/bin/named/query.c
@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: query.c,v 1.307 2008/04/29 00:54:28 marka Exp $ */
+/* $Id: query.c,v 1.308 2008/08/26 06:09:18 marka Exp $ */
 
 /*! \file */
 
@@ -4609,6 +4609,13 @@ ns_query_start(ns_client_t *client) {
 		}
 	}
 
+	/*
+	 * Turn on minimal response for DNSKEY queries.
+	 */
+	if (qtype == dns_rdatatype_dnskey)
+		client->query.attributes |= (NS_QUERYATTR_NOAUTHORITY |
+					     NS_QUERYATTR_NOADDITIONAL);
+
 	/*
 	 * If the client has requested that DNSSEC checking be disabled,
 	 * allow lookups to return pending data and instruct the resolver