diff options
Diffstat (limited to 'contrib/unbound/validator/val_neg.c')
-rw-r--r-- | contrib/unbound/validator/val_neg.c | 7 |
1 files changed, 6 insertions, 1 deletions
diff --git a/contrib/unbound/validator/val_neg.c b/contrib/unbound/validator/val_neg.c index 67699b1f7c1e..52bc68387260 100644 --- a/contrib/unbound/validator/val_neg.c +++ b/contrib/unbound/validator/val_neg.c @@ -43,7 +43,7 @@ */ #include "config.h" #ifdef HAVE_OPENSSL_SSL_H -#include "openssl/ssl.h" +#include <openssl/ssl.h> #define NSEC3_SHA_LEN SHA_DIGEST_LENGTH #else #define NSEC3_SHA_LEN 20 @@ -1407,6 +1407,11 @@ val_neg_getmsg(struct val_neg_cache* neg, struct query_info* qinfo, /* Matching NSEC, use to generate No Data answer. Not creating answers * yet for No Data proven using wildcard. */ if(nsec && nsec_proves_nodata(nsec, qinfo, &nodata_wc) && !nodata_wc) { + /* do not create nodata answers for qtype ANY, it is a query + * type, not an rrtype to disprove. Nameerrors are useful for + * qtype ANY, in the else branch. */ + if(qinfo->qtype == LDNS_RR_TYPE_ANY) + return NULL; if(!(msg = dns_msg_create(qinfo->qname, qinfo->qname_len, qinfo->qtype, qinfo->qclass, region, 2))) return NULL; |