1 files changed, 32 insertions, 4 deletions

diff --git a/src/forward.c b/src/forward.c
index adc4a0f..26a7863 100644
--- a/src/forward.c
+++ b/src/forward.c
@@ -848,6 +848,9 @@ void receive_query(struct listener *listen, time_t now)
   if (extract_request(header, (size_t)n, daemon->namebuff, &type))
     {
       char types[20];
+#ifdef HAVE_AUTH
+      struct auth_zone *zone;
+#endif
 
       querystr(auth_dns ? "auth" : "query", types, type);
 
@@ -859,15 +862,28 @@ void receive_query(struct listener *listen, time_t now)
 	log_query(F_QUERY | F_IPV6 | F_FORWARD, daemon->namebuff, 
 		  (struct all_addr *)&source_addr.in6.sin6_addr, types);
 #endif
-    }
 
 #ifdef HAVE_AUTH
+      /* find queries for zones we're authoritative for, and answer them directly */
+      for (zone = daemon->auth_zones; zone; zone = zone->next)
+	if (in_zone(zone, daemon->namebuff, NULL))
+	  {
+	    auth_dns = 1;
+	    break;
+	  }
+#endif
+    }
+  
+#ifdef HAVE_AUTH
   if (auth_dns)
     {
       m = answer_auth(header, ((char *) header) + PACKETSZ, (size_t)n, now, &source_addr);
       if (m >= 1)
-	send_from(listen->fd, option_bool(OPT_NOWILD) || option_bool(OPT_CLEVERBIND),
-		  (char *)header, m, &source_addr, &dst_addr, if_index);
+	{
+	  send_from(listen->fd, option_bool(OPT_NOWILD) || option_bool(OPT_CLEVERBIND),
+		    (char *)header, m, &source_addr, &dst_addr, if_index);
+	  daemon->auth_answer++;
+	}
     }
   else
 #endif
@@ -939,7 +955,9 @@ unsigned char *tcp_request(int confd, time_t now,
       if ((gotname = extract_request(header, (unsigned int)size, daemon->namebuff, &qtype)))
 	{
 	  char types[20];
-	  
+#ifdef HAVE_AUTH
+	  struct auth_zone *zone;
+#endif
 	  querystr(auth_dns ? "auth" : "query", types, qtype);
 	  
 	  if (peer_addr.sa.sa_family == AF_INET) 
@@ -950,6 +968,16 @@ unsigned char *tcp_request(int confd, time_t now,
 	    log_query(F_QUERY | F_IPV6 | F_FORWARD, daemon->namebuff, 
 		      (struct all_addr *)&peer_addr.in6.sin6_addr, types);
 #endif
+	  
+#ifdef HAVE_AUTH
+	  /* find queries for zones we're authoritative for, and answer them directly */
+	  for (zone = daemon->auth_zones; zone; zone = zone->next)
+	    if (in_zone(zone, daemon->namebuff, NULL))
+	      {
+		auth_dns = 1;
+		break;
+	      }
+#endif
 	}
       
       if (local_addr->sa.sa_family == AF_INET)