plugin/cache: Unset AD flag when DO is not set for cache miss (#4736)
* unset AD bit when client DO is 0 Signed-off-by: Chris O'Haver <cohaver@infoblox.com> * add flag check to existing tests Signed-off-by: Chris O'Haver <cohaver@infoblox.com>
This commit is contained in:
Chris O'Haver
GitHub
parent
bfb6972d30
commit
002b748ccd
3 changed files with 19 additions and 9 deletions
4
plugin/cache/cache.go
vendored
4
plugin/cache/cache.go
vendored
|
|
@ -181,6 +181,10 @@ func (w *ResponseWriter) WriteMsg(res *dns.Msg) error {
|
|||
res.Ns = filterRRSlice(res.Ns, ttl, w.do, false)
|
||||
res.Extra = filterRRSlice(res.Extra, ttl, w.do, false)
|
||||
|
||||
if !w.do {
|
||||
res.AuthenticatedData = false // unset AD bit if client is not OK with DNSSEC
|
||||
}
|
||||
|
||||
return w.ResponseWriter.WriteMsg(res)
|
||||
}
|
||||
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue