AD bit in queries handled as RFC6840 p5.7

2025-12-19 10:18:25 +00:00 · 2014-02-06 18:14:09 +00:00
parent da4f372271
commit e243c072b5
2 changed files with 10 additions and 13 deletions
--- a/src/rfc1035.c
+++ b/src/rfc1035.c
@@ -1468,7 +1468,7 @@ size_t answer_request(struct dns_header *header, char *limit, size_t qlen,
  struct mx_srv_record *rec;
  size_t len;
 
-  /* Don't return AD set even for local data if checking disabled. */
+  /* Don't return AD set if checking disabled. */
  if (header->hb4 & HB4_CD)
    sec_data = 0;

@@ -2260,17 +2260,20 @@ size_t answer_request(struct dns_header *header, char *limit, size_t qlen,
  header->ancount = htons(anscount);
  header->nscount = htons(0);
  header->arcount = htons(addncount);
+
+  /* RFC 6840 5.7 */
+  if (header->hb4 & HB4_AD)
+    sec_reqd = 1;
  
  header->hb4 &= ~HB4_AD;
+  
  len = ansp - (unsigned char *)header;
  
  if (have_pseudoheader)
-    {
-      len = add_pseudoheader(header, len, (unsigned char *)limit, 0, NULL, 0, sec_reqd);
-      if (sec_reqd && sec_data)
-	header->hb4 |= HB4_AD;
-
-    }
+    len = add_pseudoheader(header, len, (unsigned char *)limit, 0, NULL, 0, sec_reqd);
+  
+  if (sec_reqd && sec_data)
+    header->hb4 |= HB4_AD;
  
  return len;
 }