reversed previous change: data that is neither secure not pending

is assumed to be from insecure zones and therefore should have AD set per server policy
2025-08-31 14:35:26 +00:00 · 2000-05-18 01:40:56 +00:00
parent 88e216c7b4
commit 0fd13c7aca
1 changed files with 1 additions and 1 deletions
--- a/lib/dns/message.c
+++ b/lib/dns/message.c
@@ -1664,7 +1664,7 @@ dns_message_rendersection(dns_message_t *msg, dns_section_t sectionid,
 				 * If we have rendered pending data, ensure
 				 * that the AD bit is not set.
 				 */
-				if (rdataset->trust < dns_trust_secure &&
+				if (rdataset->trust == dns_trust_pending &&
 				    (sectionid == DNS_SECTION_ANSWER ||
 				     sectionid == DNS_SECTION_AUTHORITY))
 					msg->flags &= ~DNS_MESSAGEFLAG_AD;