No CD in forwarded queries unless dnssec-debug for TCP too.

commit: 2ecd9bd5c0cdbad8ad2560596f0b16c252b75607 [log] [tgz]
author: Simon Kelley <simon@thekelleys.org.uk> Thu Feb 13 16:42:02 2014 +0000
committer: Simon Kelley <simon@thekelleys.org.uk> Thu Feb 13 16:42:02 2014 +0000
tree: b03d450eaec274a05632181f5d53c788b4eb453c
parent: a0ab18f6ebd48dddf46cbb2ac064d1e9817a7a98 [diff]
diff --git a/src/forward.c b/src/forward.c
index 27f619b..1b6f80e 100644
--- a/src/forward.c
+++ b/src/forward.c

@@ -1431,7 +1431,10 @@
 			  if (option_bool(OPT_DNSSEC_VALID))
 			    {
 			      size = add_do_bit(header, size, ((char *) header) + 65536);
-			      header->hb4 |= HB4_CD;
+			      /* For debugging, set Checking Disabled, otherwise, have the upstream check too,
+				 this allows it to select auth servers when one is returning bad data. */
+			      if (option_bool(OPT_DNSSEC_DEBUG))
+				header->hb4 |= HB4_CD;
 			    }
 #endif
commit	2ecd9bd5c0cdbad8ad2560596f0b16c252b75607	[log] [tgz]
author	Simon Kelley <simon@thekelleys.org.uk>	Thu Feb 13 16:42:02 2014 +0000
committer	Simon Kelley <simon@thekelleys.org.uk>	Thu Feb 13 16:42:02 2014 +0000
tree	b03d450eaec274a05632181f5d53c788b4eb453c
parent	a0ab18f6ebd48dddf46cbb2ac064d1e9817a7a98 [diff]