From edae0ad9547fff8291577b3c807db354ca57e9fb Mon Sep 17 00:00:00 2001
From: Wouter Wijngaards <wouter@nlnetlabs.nl>
Date: Tue, 30 Jun 2009 13:20:02 +0000
Subject: [PATCH] More lenient.

git-svn-id: file:///svn/unbound/trunk@1692 be551aaa-1e26-0410-a405-d3ace91eadb9
---
 validator/val_utils.c | 15 +++++++++++++++
 1 file changed, 15 insertions(+)

diff --git a/validator/val_utils.c b/validator/val_utils.c
index b10084b4c..829f93f68 100644
--- a/validator/val_utils.c
+++ b/validator/val_utils.c
@@ -663,6 +663,21 @@ val_check_nonsecure(struct val_env* ve, struct reply_info* rep)
 			 * But this rrset did not verify.
 			 * Therefore the message is bogus.
 			 */
+
+			/* check if authority consists of only an NS record
+			 * which is bad, and there is an answer section with
+			 * data.  In that case, delete NS and additional to 
+			 * be lenient and make a minimal response */
+			if(rep->an_numrrsets != 0 && rep->ns_numrrsets == 1 &&
+				ntohs(rep->rrsets[i]->rk.type) 
+				== LDNS_RR_TYPE_NS) {
+				verbose(VERB_ALGO, "truncate to minimal");
+				rep->ns_numrrsets = 0;
+				rep->ar_numrrsets = 0;
+				rep->rrset_count = rep->an_numrrsets;
+				return;
+			}
+
 			log_nametypeclass(VERB_QUERY, "message is bogus, "
 				"non secure rrset",
 				rep->rrsets[i]->rk.dname,