Saving progress
diff --git a/src/dns-protocol.h b/src/dns-protocol.h
index 023be5f..07cc768 100644
--- a/src/dns-protocol.h
+++ b/src/dns-protocol.h
@@ -82,6 +82,8 @@
 #define HB4_RCODE    0x0f
 
 #define OPCODE(x)          (((x)->hb3 & HB3_OPCODE) >> 3)
+#define SET_OPCODE(x, code) (x)->hb3 = ((x)->hb3 & ~HB3_OPCODE) | code
+
 #define RCODE(x)           ((x)->hb4 & HB4_RCODE)
 #define SET_RCODE(x, code) (x)->hb4 = ((x)->hb4 & ~HB4_RCODE) | code
   
diff --git a/src/dnsmasq.h b/src/dnsmasq.h
index 7991dd0..bde72e2 100644
--- a/src/dnsmasq.h
+++ b/src/dnsmasq.h
@@ -511,9 +511,8 @@
 #define FREC_NOREBIND           1
 #define FREC_CHECKING_DISABLED  2
 #define FREC_HAS_SUBNET         4
-#define FREC_DNSSEC_QUERY       8
-#define FREC_DNSKEY_QUERY      16
-#define FREC_DS_QUERY          32
+#define FREC_DNSKEY_QUERY       8
+#define FREC_DS_QUERY          16
 
 struct frec {
   union mysockaddr source;
diff --git a/src/forward.c b/src/forward.c
index ca4c118..97f8800 100644
--- a/src/forward.c
+++ b/src/forward.c
@@ -677,7 +677,16 @@
 #ifdef HAVE_DNSSEC
       if (option_bool(OPT_DNSSEC_VALID) && !(forward->flags & FREC_CHECKING_DISABLED))
 	{
-	  int status = dnssec_validate(forward->flags, header, n);
+	  int status;
+	  char rrbitmap[256/8];
+	  int class; 
+
+	  if (forward->flags && FREC_DNSSKEY_QUERY)
+	    status = dnssec_validate_by_ds(header, n, daemon->namebuff, &class);
+	  else if (forward->flags && FREC_DS_QUERY)
+	    status = dnssec_validate_dnskey(header, n, daemon->namebuff, &class);
+	  else
+	    status = dnssec_validate_reply(&rrbitmap, header, n, daemon->namebuff, &class);
 	  
 	  /* Can't validate, as we're missing key data. Put this
 	     answer aside, whilst we get that. */     
@@ -687,26 +696,29 @@
 	      if ((forward->stash = blockdata_alloc((char *)header, n)))
 		{
 		  forward->stash_len = n;
-	      
-		  /* Now formulate a query for the missing data. */
-		  nn = dnssec_generate_query(header, status);
-		  new = get_new_frec(now, NULL, 1);
-		  		  
-		  if (new)
+		  
+		  if ((new = get_new_frec(now, NULL, 1)))
 		    {
 		      int fd;
-
+		      
 		      new = forward; /* copy everything, then overwrite */
 		      new->dependent = forward; /* to find query awaiting new one. */
 		      forward->blocking_query = new; /* for garbage cleaning */
-		      new->flags |= FREC_DNSSEC_QUERY;
+		      /* validate routines leave name of required record in daemon->namebuff */
 		      if (status == STAT_NEED_KEY)
-			new->flags |= FREC_DNSKEY_QUERY; /* So we verify differently */
+			{
+			  new->flags |= FREC_DNSKEY_QUERY; 
+			  nn = dnssec_generate_query(header, daemon->namebuff, class, T_DNSKEY);
+			}
 		      else if (status == STAT_NEED_DS)
-			new->flags |= FREC_DS_QUERY;
+			{
+			  new->flags |= FREC_DS_QUERY;
+			  nn = dnssec_generate_query(header, daemon->namebuff, class, T_DS);
+			}
 		      new->crc = questions_crc(header, nn, daemon->namebuff);
 		      new->new_id = get_id(new->crc);
-		      
+		      header->id = htons(new->id);
+
 		      /* Don't resend this. */
 		      daemon->srv_save = NULL;
 	
@@ -714,19 +726,19 @@
 			fd = server->sfd->fd;
 		      else
 #ifdef HAVE_IPV6
-		       /* Note that we use the same random port for the DNSSEC stuff */
-		      if (server->addr.sa.sa_family == AF_INET6)
-			{
-			  fd = new->rfd6->fd;
-			  new->rfd6->refcount++;
-			}
-		      else
+			/* Note that we use the same random port for the DNSSEC stuff */
+			if (server->addr.sa.sa_family == AF_INET6)
+			  {
+			    fd = new->rfd6->fd;
+			    new->rfd6->refcount++;
+			  }
+			else
 #endif
-			{
-			  fd = new->rfd4->fd;
-			  new->rfd4->refcount++;
-			}
-
+			  {
+			    fd = new->rfd4->fd;
+			    new->rfd4->refcount++;
+			  }
+		      
 		      /* Send DNSSEC query to same server as original query */
 		      while (sendto(fd, (char *)header, nn, 0, &server->addr.sa, sa_len(&server->addr)) == -1 && retry_send());
 		    }