- AA flag was being incorrectly set on queries for subzone/NS

- changed QueryTask.qname from Name& to Name (forcing a copy)
  because it was possible for names to be deallocated before the
  task was serviced


git-svn-id: svn://bind10.isc.org/svn/bind10/trunk@1136 e5f2f494-b856-4b98-b285-d166d9295462

src/lib/auth/data_source.cc

@@ -163,6 +163,9 @@ copyAuth(Query& q, RRsetList& auth)
         if (rrset->getType() == RRType::DNAME()) {
             continue;
         }
+        if (rrset->getType() == RRType::DS() && !q.wantDnssec()) {
+            continue;
+        }
         q.message().addRRset(Section::AUTHORITY(), rrset, q.wantDnssec());
         getAdditional(q, rrset);
     }
@@ -351,9 +354,10 @@ DataSrc::doQuery(Query& q)
         // Find the closest enclosing zone for which we are authoritative,
         // and the concrete data source which is authoritative for it.
         // (Note that RRtype DS queries need to go to the parent.)
-        NameMatch match(task->qtype == RRType::DS() ?
-                        task->qname.split(1, task->qname.getLabelCount() - 1) :
-                        task->qname);
+        Name matchname(task->qtype == RRType::DS() ?
+                       task->qname.split(1, task->qname.getLabelCount() - 1) :
+                       task->qname);
+        NameMatch match(matchname);
         findClosestEnclosure(match);
         const DataSrc* datasource = match.bestDataSrc();
         const Name* zonename = match.closestName();
@@ -382,10 +386,9 @@ DataSrc::doQuery(Query& q)
 
             // Query found a referral; let's find out if that was expected--
             // i.e., if an NS was at the zone apex, or if we were querying
-            // specifically for the NS, DS or DNAME record.
+            // specifically for the DS or DNAME record.
             if ((task->flags & REFERRAL) != 0 &&
                 (zonename->getLabelCount() == task->qname.getLabelCount() ||
-                 task->qtype == RRType::NS() ||
                  task->qtype == RRType::DS() ||
                  task->qtype == RRType::DNAME())) {
                 task->flags &= ~REFERRAL;
@@ -473,14 +476,11 @@ DataSrc::doQuery(Query& q)
                     return;
                 }
                 BOOST_FOREACH (RRsetPtr rrset, auth) {
-                    if (rrset->getType() == RRType::DNAME()) {
-                        continue;
-                    }
-                    if (rrset->getType() == RRType::DS() &&
-                        task->qtype == RRType::DS()) {
+                    if (rrset->getType() == task->qtype) {
                         m.addRRset(Section::ANSWER(), rrset, q.wantDnssec());
-                    } else {
-                        m.addRRset(Section::AUTHORITY(), rrset, q.wantDnssec());
+                    } else if (rrset->getType() == RRType::DS() &&
+                               q.wantDnssec()) {
+                        m.addRRset(Section::AUTHORITY(), rrset, true);
                     }
                     getAdditional(q, rrset);
                 }

src/lib/auth/data_source_sqlite3.cc

@@ -157,13 +157,15 @@ Sqlite3DataSrc::findRecords(const Name& name, const RRType& rdtype,
 
         RRType rt(sigtype ? sigtype : type);
 
-        // looking for something else but found NS; we need to inform
-        // the caller that this is a referral, but we do not return the
-        // NS RRset to the caller.
-        if (rdtype != RRType::NS() && !any && rt == RRType::NS()) {
+        // found an NS; we need to inform the caller that this might be a
+        // referral, but we do not return the NS RRset to the caller
+        // unless asked for it.
+        if (rt == RRType::NS() && !any) {
             flags |= REFERRAL;
-            rc = sqlite3_step(query);
-            continue;
+            if (rdtype != RRType::NS()) {
+                rc = sqlite3_step(query);
+                continue;
+            }
         }
 
         ++rows;

src/lib/auth/query.h

@@ -44,7 +44,7 @@ public:
 
     // The standard query tuple: qname/qclass/qtype.
     // Note that qtype is ignored in the GLUE_QUERY/NOGLUE_QUERY case.
-    const isc::dns::Name& qname;
+    const isc::dns::Name qname;
     const isc::dns::RRClass& qclass;
     const isc::dns::RRType& qtype;