Mirrors/coredns
1
0
Fork 0
mirror of https://github.com/coredns/coredns.git synced 2025-10-28 00:34:24 -04:00
Code Issues Packages Projects Releases Wiki Activity

retain response AD bit if requestor's AD bit was set (#5191)

Browse Source 
Signed-off-by: Chris O'Haver <cohaver@infoblox.com>
This commit is contained in:
Chris O'Haver
2022-06-17 15:47:35 -04:00
committed by GitHub
parent d679f2e7d0
commit d60ce0c8d4
4 changed files with 14 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
plugin/cache/cache.go vendored
View File

@@ -109,6 +109,7 @@ type ResponseWriter struct {
server string // Server handling the request.
do bool // When true the original request had the DO bit set.
ad bool // When true the original request had the AD bit set.
prefetch bool // When true write nothing back to the client.
remoteAddr net.Addr
}
@@ -185,8 +186,10 @@ func (w *ResponseWriter) WriteMsg(res *dns.Msg) error {
res.Ns = filterRRSlice(res.Ns, ttl, w.do, false)
res.Extra = filterRRSlice(res.Extra, ttl, w.do, false)
if !w.do {
res.AuthenticatedData = false // unset AD bit if client is not OK with DNSSEC
if !w.do && !w.ad {
// unset AD bit if requester is not OK with DNSSEC
// But retain AD bit if requester set the AD bit in the request, per RFC6840 5.7-5.8
res.AuthenticatedData = false
}
return w.ResponseWriter.WriteMsg(res)