From 8bcba7f4883c33764ddcf55a3927fe526cb395f7 Mon Sep 17 00:00:00 2001
From: Paul Radford <51978854+paul-internetnz@users.noreply.github.com>
Date: Thu, 1 Aug 2024 17:04:11 +1200
Subject: [PATCH] Make IPv6 DNSSEC tracing work, and revert to previous
 behaviour otherwise

If drill is executed without "-6", the previous behavior continues, with only A records being used.
---
 drill/securetrace.c | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/drill/securetrace.c b/drill/securetrace.c
index 90014b4e..dcd5c773 100644
--- a/drill/securetrace.c
+++ b/drill/securetrace.c
@@ -291,7 +291,12 @@ do_secure_trace(ldns_resolver *local_res, ldns_rdf *name, ldns_rr_type t,
 				/* trust glue? */
 				new_ns_addr = NULL;
 				if (ldns_dname_is_subdomain(pop, labels[i])) {
-					new_ns_addr = ldns_pkt_rr_list_by_name_and_type(local_p, pop, LDNS_RR_TYPE_A, LDNS_SECTION_ADDITIONAL);
+					if (ldns_resolver_ip6(res) == LDNS_RESOLV_INET6) {
+						new_ns_addr = ldns_pkt_rr_list_by_name_and_type(local_p, pop, LDNS_RR_TYPE_AAAA, LDNS_SECTION_ADDITIONAL);
+					} else {
+						/* If IPv4 is specified, or no IP version is specified, default to A record and use IPv4 */
+						new_ns_addr = ldns_pkt_rr_list_by_name_and_type(local_p, pop, LDNS_RR_TYPE_A, LDNS_SECTION_ADDITIONAL);
+					}
 				}
 				if (!new_ns_addr || ldns_rr_list_rr_count(new_ns_addr) == 0) {
 					new_ns_addr = ldns_get_rr_list_addr_by_name(res, pop, c, 0);