Skip to content
Snippets Groups Projects
Commit de6f492e authored by Marek Vavruša's avatar Marek Vavruša
Browse files

lib/resolve: AD flag is set only for secure answers 

if the final query isn’t satisfied with DNSSEC on,
then the answer counts as insecure
parent 2a9ed2ef
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
Showing
with 6 additions and 2 deletions
lib/resolve.c
+ 6
2
View file @ de6f492e
......@@ -191,8 +191,12 @@ static int answer_finalize(struct kr_request *request, int state)
}
}
/* Set AD=1 if succeeded and requested secured answer. */
if (state == KNOT_STATE_DONE && (request->options & QUERY_DNSSEC_WANT)) {
knot_wire_set_ad(answer->wire);
struct kr_rplan *rplan = &request->rplan;
if (state == KNOT_STATE_DONE && !EMPTY_LIST(rplan->resolved)) {
struct kr_query *last = TAIL(rplan->resolved);
if (last->flags & QUERY_DNSSEC_WANT) {
knot_wire_set_ad(answer->wire);
}
}
return kr_ok();
}
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment