plugin/cache: Unset AD flag when DO is not set for cache miss (#4736)

* unset AD bit when client DO is 0 Signed-off-by: Chris O'Haver <cohaver@infoblox.com> * add flag check to existing tests Signed-off-by: Chris O'Haver <cohaver@infoblox.com>
author: Chris O'Haver <cohaver@infoblox.com> 2021-07-09 04:53:50 -0400
committer: GitHub <noreply@github.com> 2021-07-09 10:53:50 +0200
commit: 002b748ccd6b7cc2e3a65f1bd71509f80b95d342 (patch)
tree: dbc9050c25f40f0e211904c3c1851b8ae680e688 /plugin/cache/cache.go
parent: bfb6972d300fc7ff5db319aea228271896278cab (diff)
download: coredns-002b748ccd6b7cc2e3a65f1bd71509f80b95d342.tar.gz
coredns-002b748ccd6b7cc2e3a65f1bd71509f80b95d342.tar.zst
coredns-002b748ccd6b7cc2e3a65f1bd71509f80b95d342.zip
1 files changed, 4 insertions, 0 deletions
diff --git a/plugin/cache/cache.go b/plugin/cache/cache.go
index 5673cc948..54e5e4db3 100644
--- a/plugin/cache/cache.go
+++ b/plugin/cache/cache.go
@@ -181,6 +181,10 @@ func (w *ResponseWriter) WriteMsg(res *dns.Msg) error {
 	res.Ns = filterRRSlice(res.Ns, ttl, w.do, false)
 	res.Extra = filterRRSlice(res.Extra, ttl, w.do, false)
 
+	if !w.do {
+		res.AuthenticatedData = false // unset AD bit if client is not OK with DNSSEC
+	}
+
 	return w.ResponseWriter.WriteMsg(res)
 }
author	Chris O'Haver <cohaver@infoblox.com>	2021-07-09 04:53:50 -0400
committer	GitHub <noreply@github.com>	2021-07-09 10:53:50 +0200
commit	002b748ccd6b7cc2e3a65f1bd71509f80b95d342 (patch)
tree	dbc9050c25f40f0e211904c3c1851b8ae680e688 /plugin/cache/cache.go
parent	bfb6972d300fc7ff5db319aea228271896278cab (diff)
download	coredns-002b748ccd6b7cc2e3a65f1bd71509f80b95d342.tar.gz coredns-002b748ccd6b7cc2e3a65f1bd71509f80b95d342.tar.zst coredns-002b748ccd6b7cc2e3a65f1bd71509f80b95d342.zip