ping On Mon, Jul 25, 2011 at 11:00 PM, bert hubert <[email protected]>wrote:
> On Mon, Jul 25, 2011 at 02:00:02PM -0700, Zane Thomas wrote: > > Sorry about that, will be sure to note use of my own backend in the > future. > > I suggest we move this discussion to pdns-dev. > > > This following code is setting weHaveUnauth to true because sd.qname != > > rr.qname > > > > // the line below fakes 'unauth NS' for delegations for non-DNSSEC > > backends. > > if((rr.qtype == p->qtype && !rr.auth) || (rr.qtype.getCode() == > > QType::NS && (!rr.auth || !pdns_iequals(sd.qname, rr.qname)))) > > weHaveUnauth=1; > > > > > > When that code executes, subsequent to the NS record returned above, > > sd.qname is bar.com and rr.qname is foo.bar.com. > > This only hits if you have actually delegated foo.bar.com, in which > queries > for anything foo.bar.com should indeed drop the aa bit. > > Bert > _______________________________________________ > Pdns-users mailing list > [email protected] > http://mailman.powerdns.com/mailman/listinfo/pdns-users > > > > _______________________________________________ > Pdns-dev mailing list > [email protected] > http://mailman.powerdns.com/mailman/listinfo/pdns-dev > -- Nullius addictus jurare in verba magistri.
_______________________________________________ Pdns-dev mailing list [email protected] http://mailman.powerdns.com/mailman/listinfo/pdns-dev
