Please see my off-list reply. -- PowerDNS Website: http://www.powerdns.com/ PowerDNS Community Website: http://wiki.powerdns.com/
On Mon, Aug 01, 2011 at 07:45:28AM -0700, Zane Thomas wrote: > ping > > On Mon, Jul 25, 2011 at 11:00 PM, bert hubert > <[email protected]>wrote: > > > On Mon, Jul 25, 2011 at 02:00:02PM -0700, Zane Thomas wrote: > > > Sorry about that, will be sure to note use of my own backend in the > > future. > > > > I suggest we move this discussion to pdns-dev. > > > > > This following code is setting weHaveUnauth to true because sd.qname != > > > rr.qname > > > > > > // the line below fakes 'unauth NS' for delegations for non-DNSSEC > > > backends. > > > if((rr.qtype == p->qtype && !rr.auth) || (rr.qtype.getCode() == > > > QType::NS && (!rr.auth || !pdns_iequals(sd.qname, rr.qname)))) > > > weHaveUnauth=1; > > > > > > > > > When that code executes, subsequent to the NS record returned above, > > > sd.qname is bar.com and rr.qname is foo.bar.com. > > > > This only hits if you have actually delegated foo.bar.com, in which > > queries > > for anything foo.bar.com should indeed drop the aa bit. > > > > Bert > > _______________________________________________ > > Pdns-users mailing list > > [email protected] > > http://mailman.powerdns.com/mailman/listinfo/pdns-users > > > > > > > > _______________________________________________ > > Pdns-dev mailing list > > [email protected] > > http://mailman.powerdns.com/mailman/listinfo/pdns-dev > > > > > > -- > Nullius addictus jurare in verba magistri. > _______________________________________________ > Pdns-users mailing list > [email protected] > http://mailman.powerdns.com/mailman/listinfo/pdns-users > _______________________________________________ > Pdns-dev mailing list > [email protected] > http://mailman.powerdns.com/mailman/listinfo/pdns-dev _______________________________________________ Pdns-dev mailing list [email protected] http://mailman.powerdns.com/mailman/listinfo/pdns-dev
