upstream/bind9
1
0
Fork 0
mirror of https://github.com/isc-projects/bind9.git synced 2026-06-08 20:32:06 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions

add RRSIG if required as soon as they are found

Browse source 
When EDNS DO flag (`dig +dnssec`) flag is set, an rdataset is allocated
to hold the RRSIG of an RR, if present in DB. However, this allocation
is not done if the zone DB is not considered as secure
(`dns_db_issecure() == false`). Changes this behaviour by allocating the
rdataset anyway, so the RRSIG can be associated in the answer section of
the response as soon it is found from the DB.
This commit is contained in:
Colin Vidal 2025-12-02 16:53:40 +01:00
parent 93fa62c3e0
commit 3048b2a578
1 changed files with 1 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
lib/ns/query.c
View file

@ -5843,9 +5843,7 @@ qctx_prepare_buffers(query_ctx_t *qctx, isc_buffer_t *buffer) {
qctx->fname = ns_client_newname(qctx->client, qctx->dbuf, buffer);
qctx->rdataset = ns_client_newrdataset(qctx->client);
if ((WANTDNSSEC(qctx->client) || qctx->findcoveringnsec) &&
(!qctx->is_zone || dns_db_issecure(qctx->db)))
{
if (WANTDNSSEC(qctx->client) || qctx->findcoveringnsec) {
qctx->sigrdataset = ns_client_newrdataset(qctx->client);
}