diff options
| author | Simon Kelley <simon@thekelleys.org.uk> | 2014-02-13 16:42:02 +0000 |
|---|---|---|
| committer | Simon Kelley <simon@thekelleys.org.uk> | 2014-02-13 16:42:02 +0000 |
| commit | 2ecd9bd5c0cdbad8ad2560596f0b16c252b75607 (patch) | |
| tree | b03d450eaec274a05632181f5d53c788b4eb453c | |
| parent | a0ab18f6ebd48dddf46cbb2ac064d1e9817a7a98 (diff) | |
| download | dnsmasq-2ecd9bd5c0cdbad8ad2560596f0b16c252b75607.tar.gz | |
No CD in forwarded queries unless dnssec-debug for TCP too.
| -rw-r--r-- | src/forward.c | 5 |
1 files changed, 4 insertions, 1 deletions
diff --git a/src/forward.c b/src/forward.c index 27f619b..1b6f80e 100644 --- a/src/forward.c +++ b/src/forward.c @@ -1431,7 +1431,10 @@ unsigned char *tcp_request(int confd, time_t now, if (option_bool(OPT_DNSSEC_VALID)) { size = add_do_bit(header, size, ((char *) header) + 65536); - header->hb4 |= HB4_CD; + /* For debugging, set Checking Disabled, otherwise, have the upstream check too, + this allows it to select auth servers when one is returning bad data. */ + if (option_bool(OPT_DNSSEC_DEBUG)) + header->hb4 |= HB4_CD; } #endif |