Pi-Hole/dnsmasq
1
0
Fork 0
mirror of https://github.com/pi-hole/dnsmasq.git synced 2025-12-19 18:28:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

Always force AD bit to zero in authoritative DNS answers.

Browse Source
This commit is contained in:
Simon Kelley
2019-08-20 23:17:27 +01:00
parent 240da59f73
commit dc6a57ffb8
1 changed files with 3 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
src/auth.c
View File

@@ -836,6 +836,9 @@ size_t answer_auth(struct dns_header *header, char *limit, size_t qlen, time_t n
header->hb4 &= ~HB4_RA;
}
/* data is never DNSSEC signed. */
header->hb4 &= ~HB4_AD;
/* authoritative */
if (auth)
header->hb3 |= HB3_AA;