Fix bug when resulted in NXDOMAIN answers instead of NODATA. check_for_local_domain() was broken due to new code matching F_* bits in cache entries for DNSSEC. Because F_DNSKEY | F_DS is used to match RRSIG entries, cache_find_by_name() insists on an exact match of those bits. So adding F_DS to the bits that check_for_local_domain() sends to cache_find_by_name() won't result in DS records as well as the others, it results in only DS records. Add a new bit, F_NSIGMATCH which suitably changes the behaviour of cache_find_by_name().

commit: 288df49c96bb736a0cce203c7cbf7a1408dc99d6 [log] [tgz]
author: Simon Kelley <simon@thekelleys.org.uk> Thu Sep 18 21:48:51 2014 +0100
committer: Simon Kelley <simon@thekelleys.org.uk> Thu Sep 18 21:55:27 2014 +0100
tree: eb05a5ec6da14c6479910fef987cdfc4c3dcde5a
parent: 10cfc0ddb35d8e7d19bdb86240a49004980b1ff8 [diff] [blame]
diff --git a/CHANGELOG b/CHANGELOG
index a499107..00f0480 100644
--- a/CHANGELOG
+++ b/CHANGELOG

@@ -31,6 +31,9 @@
 	    --conf-dir=/etc/dnsmasq.d,\*.conf
 	    will load all the files in /etc/dnsmasq.d which end in .conf
  
+            Fix bug when resulted in NXDOMAIN answers instead of NODATA in
+            some circumstances.
+	    
 
 version 2.71
             Subtle change to error handling to help DNSSEC validation
commit	288df49c96bb736a0cce203c7cbf7a1408dc99d6	[log] [tgz]
author	Simon Kelley <simon@thekelleys.org.uk>	Thu Sep 18 21:48:51 2014 +0100
committer	Simon Kelley <simon@thekelleys.org.uk>	Thu Sep 18 21:55:27 2014 +0100
tree	eb05a5ec6da14c6479910fef987cdfc4c3dcde5a
parent	10cfc0ddb35d8e7d19bdb86240a49004980b1ff8 [diff] [blame]