From 21b76ee598c937c6736cbc7ab69684bb3332428a Mon Sep 17 00:00:00 2001 From: Mark Andrews Date: Thu, 18 May 2006 00:51:02 +0000 Subject: [PATCH] 2022. [bug] If dnssec validation is disabled only assert CD if CD was requested. [RT #16037] 2021. [bug] dnssec-enable no; triggered a REQUIRE. [RT #16037] --- CHANGES | 5 +++++ lib/dns/resolver.c | 9 +++++---- 2 files changed, 10 insertions(+), 4 deletions(-) diff --git a/CHANGES b/CHANGES index 75f8a448e7..d38b343d82 100644 --- a/CHANGES +++ b/CHANGES @@ -1,3 +1,8 @@ +2022. [bug] If dnssec validation is disabled only assert CD if + CD was requested. [RT #16037] + +2021. [bug] dnssec-enable no; triggered a REQUIRE. [RT #16037] + 2020. [bug] rdataset_setadditional() could leak memory. [RT #16034] 2019. [tuning] Reduce the amount of work performed per quantum diff --git a/lib/dns/resolver.c b/lib/dns/resolver.c index 191552b4f2..d8075a57db 100644 --- a/lib/dns/resolver.c +++ b/lib/dns/resolver.c @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: resolver.c,v 1.330 2006/03/09 23:21:54 marka Exp $ */ +/* $Id: resolver.c,v 1.331 2006/05/18 00:51:02 marka Exp $ */ /*! \file */ @@ -1284,7 +1284,9 @@ resquery_send(resquery_t *query) { * Set CD if the client says don't validate or the question is * under a secure entry point. */ - if ((query->options & DNS_FETCHOPT_NOVALIDATE) == 0) { + if ((query->options & DNS_FETCHOPT_NOVALIDATE) != 0) { + fctx->qmessage->flags |= DNS_MESSAGEFLAG_CD; + } else if (res->view->enablevalidation) { result = dns_keytable_issecuredomain(res->view->secroots, &fctx->name, &secure_domain); @@ -1294,8 +1296,7 @@ resquery_send(resquery_t *query) { secure_domain = ISC_TRUE; if (secure_domain) fctx->qmessage->flags |= DNS_MESSAGEFLAG_CD; - } else - fctx->qmessage->flags |= DNS_MESSAGEFLAG_CD; + } /* * We don't have to set opcode because it defaults to query.