-(dnsforward): fix handling RRSIG records

This commit is contained in:
Andrey Meshkov 2020-05-14 18:08:47 +03:00
parent ae51de9335
commit 5d7b3fb7d5
1 changed files with 29 additions and 27 deletions

View File

@ -165,37 +165,39 @@ func processDNSSECAfterResponse(ctx *dnsContext) int {
return resultDone return resultDone
} }
optResp := d.Res.IsEdns0() if !ctx.origReqDNSSEC {
if !ctx.origReqDNSSEC && optResp != nil && optResp.Do() { optResp := d.Res.IsEdns0()
return resultDone if optResp != nil && !optResp.Do() {
} return resultDone
// Remove RRSIG records from response
// because there is no DO flag in the original request from client,
// but we have EnableDNSSEC set, so we have set DO flag ourselves,
// and now we have to clean up the DNS records our client didn't ask for.
answers := []dns.RR{}
for _, a := range d.Res.Answer {
switch a.(type) {
case *dns.RRSIG:
log.Debug("Removing RRSIG record from response: %v", a)
default:
answers = append(answers, a)
} }
}
d.Res.Answer = answers
answers = []dns.RR{} // Remove RRSIG records from response
for _, a := range d.Res.Ns { // because there is no DO flag in the original request from client,
switch a.(type) { // but we have EnableDNSSEC set, so we have set DO flag ourselves,
case *dns.RRSIG: // and now we have to clean up the DNS records our client didn't ask for.
log.Debug("Removing RRSIG record from response: %v", a)
default: answers := []dns.RR{}
answers = append(answers, a) for _, a := range d.Res.Answer {
switch a.(type) {
case *dns.RRSIG:
log.Debug("Removing RRSIG record from response: %v", a)
default:
answers = append(answers, a)
}
} }
d.Res.Answer = answers
answers = []dns.RR{}
for _, a := range d.Res.Ns {
switch a.(type) {
case *dns.RRSIG:
log.Debug("Removing RRSIG record from response: %v", a)
default:
answers = append(answers, a)
}
}
d.Res.Ns = answers
} }
d.Res.Ns = answers
return resultDone return resultDone
} }