From 41a1cff0ae033e535131a214d79aae610a0ebe9d Mon Sep 17 00:00:00 2001
From: Ward Vandewege <cure@users.noreply.github.com>
Date: Thu, 7 Feb 2019 02:13:47 -0500
Subject: [PATCH] When appending the SOA for authoritative NXDOMAIN responses,
 it needs to go in (#151)

the Authoritative section, not the Answer section.

This fixes the acme-dns validation for the lego Let's Encrypt client.
---
 dns.go      | 2 +-
 dns_test.go | 8 ++++----
 2 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/dns.go b/dns.go
index ba3746f..3ca0753 100644
--- a/dns.go
+++ b/dns.go
@@ -104,7 +104,7 @@ func (d *DNSServer) readQuery(m *dns.Msg) {
 	m.MsgHdr.Authoritative = authoritative
 	if authoritative {
 		if m.MsgHdr.Rcode == dns.RcodeNameError {
-			m.Answer = append(m.Answer, d.SOA)
+			m.Ns = append(m.Ns, d.SOA)
 		}
 	}
 
diff --git a/dns_test.go b/dns_test.go
index 7826b27..044e9a0 100644
--- a/dns_test.go
+++ b/dns_test.go
@@ -140,11 +140,11 @@ func TestAuthoritative(t *testing.T) {
 	if answer.Rcode != dns.RcodeNameError {
 		t.Errorf("Was expecing NXDOMAIN rcode, but got [%s] instead.", dns.RcodeToString[answer.Rcode])
 	}
-	if len(answer.Answer) != 1 {
-		t.Errorf("Was expecting exactly one answer (SOA) for invalid subdomain, but got %d", len(answer.Answer))
+	if len(answer.Ns) != 1 {
+		t.Errorf("Was expecting exactly one answer (SOA) for invalid subdomain, but got %d", len(answer.Ns))
 	}
-	if answer.Answer[0].Header().Rrtype != dns.TypeSOA {
-		t.Errorf("Was expecting SOA record as answer for NXDOMAIN but got [%s]", dns.TypeToString[answer.Answer[0].Header().Rrtype])
+	if answer.Ns[0].Header().Rrtype != dns.TypeSOA {
+		t.Errorf("Was expecting SOA record as answer for NXDOMAIN but got [%s]", dns.TypeToString[answer.Ns[0].Header().Rrtype])
 	}
 	if !answer.MsgHdr.Authoritative {
 		t.Errorf("Was expecting authoritative bit to be set")
-- 
GitLab