Ticket #460 (closed defect: fixed)
PowerDNS does not return RRSIG records for wildcard records in presigned zones
|Reported by:||anon||Owned by:||ahu|
When running a presigned zone with DNSSEC enabled, PowerDNS does not return an RRSIG record for 'wildcard' DNS records of the form *.domain.com. Instead it just returns the matching wildcard record and the correct NSEC3 records denying the existence of an exact match. For live signing or non-wildcard records the behaviour is as expected (an RRSIG for the wildcard + NSEC3s).
I believe this can be fixed by changing line 87 in function addSignature in dnssecsigner.cc from:
dk.getPreRRSIGs(db, signer, signQName, QType(signQType), signPlace, outsigned); // does it all
dk.getPreRRSIGs(db, signer, wildcardname.empty() ? signQName : wildcardname, QType(signQType), signPlace, outsigned); // does it all
which is similar to the line below that code pertaining to the live-signing case.