From 62f9c0d47099f46cac941ce0ea103921999d244f Mon Sep 17 00:00:00 2001
From: Simon Kelley <simon@thekelleys.org.uk>
Date: Sun, 19 Feb 2017 23:07:01 +0000
Subject: [PATCH] Fix CNAME wildcard in auth-mode.

A domain can only have a CNAME if it has not other records.

Don't return a CNAME when there are records of other types on the name.
---
 src/auth.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/src/auth.c b/src/auth.c
index 709b8d5..cf06609 100644
--- a/src/auth.c
+++ b/src/auth.c
@@ -518,7 +518,8 @@ size_t answer_auth(struct dns_header *header, char *limit, size_t qlen, time_t n
 	      } while ((crecp = cache_find_by_name(crecp, name, now, F_IPV4 | F_IPV6)));
 	}
       
-      if (!found)
+      /* Only supply CNAME if no record for any type is known. */
+      if (nxdomain)
 	{
 	  /* Check for possible wildcard match against *.domain 
 	     return length of match, to get longest.